last executing test programs: 22m15.963189898s ago: executing program 3 (id=4): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000002940)='/dev/fb0\x00', 0x841, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x2242, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_IPVS_CMD_DEL_DAEMON(r2, 0x0, 0x24008040) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x942, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) newfstatat$auto(r1, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)={0x80, 0x6, 0x2, 0x3, 0xee01, 0xee00, 0x0, 0x5, 0x4, 0x2, 0x6bef1532, 0x1ff, 0x1, 0x2, 0x80000000, 0x7, 0x8}, 0x3) msgctl$auto_IPC_SET(0x0, 0x1, &(0x7f0000000200)={{0x9f, 0xee00, 0xee01, 0xc6, 0x0, 0x8, 0x5}, &(0x7f0000000180)=0x6, &(0x7f00000001c0)=0x4, 0x3, 0x5, 0x0, 0x5, 0x8000, 0x309, 0xd, 0x32e, @inferred=0xffffffffffffffff, @raw=0x683}) r7 = setfsuid$auto(0xee00) capget$auto(&(0x7f0000000280)={0xfffffff8, 0xffffffffffffffff}, &(0x7f0000000340)={0xb, 0x48, 0xfcb2}) r9 = setfsuid$auto(0xee00) setresuid$auto(r9, 0x0, r9) sendmsg$auto_TIPC_NL_KEY_FLUSH(r4, &(0x7f00000003c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000380)={&(0x7f0000002980)={0x28c4, 0x0, 0x1, 0x70bd26, 0x25dfdbfe, {}, [@TIPC_NLA_NAME_TABLE={0x1499, 0x8, 0x0, 0x1, [@nested={0x8, 0x3f, 0x0, 0x1, [@nested={0x4, 0x9b}]}, @nested={0x8, 0x74, 0x0, 0x1, [@typed={0x4, 0x3c}]}, @nested={0xc9, 0x2, 0x0, 0x1, [@nested={0x4, 0x87}, @typed={0x8, 0x78, 0x0, 0x0, @uid=r5}, @generic="3bd671bd210f2d9ff49c380d6d4ea902af2cb4ce208b9719d57cf2904acb272fd60ecee8cfb5", @generic="576b63b2957560666bd76993ccfeb64e10349ab7832011a14253cd10170aed3da7d4009672c4560ed287bdb17997f8efaca7b0f537656e68ce5f288c19074e87867dade3410a1a91a69923f02c02c4e1fd9943af0dc8bae4e48118b891e5e8d163fd19234327dbe0008162e4f3b7e23d8d63c5dd31d33a0af165e96511b7e9b3b8629f458058200bdf90956d592e149c81f4b8"]}, @nested={0x128b, 0x99, 0x0, 0x1, [@generic="c4b5aae1c89bab332cdeecf4ff74622801cdcaa7c2b3f11e6eb4c43f4f6aa281186f0e503ae770a3f36dfcf853d4dab3072751bd1a29428be3430f97856e5b3e8622149636d949607450327830dd02ee829295d2ed57842a63d47093a141cf3603f7b273b01f6da6858763a2feb198030f62401a", @generic="99d69bac7e5f2eb186fc9c951fdb4f4cf5882f58947ad28dbcb59ba3da6463bf5391a96f1463048b514c671639e1cfa79d495d9b5e00a1702bc8b49cc5b809f0f1e084c9532c4a1e2478a0c7d3bd719269b678a52c2f9a83e353be1174a97fb47de028a2", @generic="f4641b6f6ed94f50dbbcb8a8eec794653724ad3f178ab092b4ff10e04b1649f9a01b1d627d519f3ffc834117c0500f99c932d242f0cfb5c439a8d7a86f52e2280117cb2154085db0fa40a7da9576351be455ca7e6aae46107bdcfc48ca1a59d0e9a8f805e085a6d6f58452fae32d4905b0a29b38e00832f57ca73e56471a10f6187bffc02f1822512e6a99cf659cbd3acfacfcb732008f68f136ff29671246d319a19ab208c67c09090c529ae7d9555409feeb4d44a6451725bdb2aa3f85346f6ec6c922ea4cdc13907421b234072e38807de197323d68b7dd758518134a1b94f8dc8f7b4912261f75c75b7451c8097a5a52bf3024e7e55fb4e637", @generic="196d4158e4ea30d6cbb7523b3a91a13a457ea89b1510a6d347b71e3ae445c2f6161cebb5d1918021a442394e23000d4dda2af7395ecd6f450b83247d9cf9a9a539e0fcc64bf58617aa95c5bb0abc9b263520b664dca852274368a15f290cec4d5fe9d346f50ffec2cf52f00b7169a2f92ff651dd60c1ab5c69fc6a3fbef10e35b805797558451aa9a4de28a9852b4b478f731f1a49c967f1cc14709d1e5e0fb40660bbe81c0b076de8000be4a3fc21ba", @nested={0x4, 0xa4}, @generic="62326d47b192902000e37a808f779a0ee5227062375df0585ff5d7a4603ef4489145d649fd6e8474940ae35dd55e63fde9bb11fcb397073ecf95f2a68ab94b6207f2b0f6bb0056ee544f003731543c168f5b0a82a629f6f387c4943a8b0be4e4aaa5043ed1d0f4032b4987a2ee55679880a3c2978647b3696e57392a953319d2ed543998f84f6fda25a02db79eeddaf64125d940bdc350855d6a30975f12a5e3ac082a212985d2d44b82a2771e24590818d480b2960e81850c99af55835100ecbd7febf2cf116f40dd134a9b6580ab577f411dce81374bb84915cf6edd860052f47d2e70908aea3b9ed2c5a1c6551777b4d445d0eab5866687b94e7d63dc072d6e167a8bd1c97e26a97215f8e542e7e7328f7b72f8542dc801081670fc36b6f1550033667bb35cb188771828d2cbd7c4ae2d031018aa6b3ca7949a4b4e0b5d8c64fc01e4155432ba469511fcaf970be64ae0480400baeca332fb95185cee07e655159079f16df319ddd4a0a8caff2c9619b1d33dbf4fb18c3669b13f8064db7fabcabe579062d62eb3817d59a05c8e8e24b55db3f34a0ea0fe0d868d6b8425a186f23e468215a83bb53436e8ea9a4c3785e64ea8c9c59ae27a1fc95a9658099eca0eea9c9d4bdf13062e3ef18ed27501f90b5a16e9086f3cb0231ecebfe31ca401257afecb4783413e61bf64339890bcee1bb24e26f567938ec5152d43257f246302332fa431aa96644a88a06e6f4e71cf674670dcaf2940d105dc12622501d8f5674780eb6dac73e2abadf498a6bbe13c9d8fa78696fc261979432c996fe935d3623463cc00c67643157d9a5732af59ad1fe4226a361d1f296985d0919be66e18b728f99790daec87ad7b248ff7fcec09c578c7d7e1c5520fb47801e6bf48bedcf0fad1ac43c4469619c6879de462c43bbdc672ee97a1a5c4a6270812ecbf9680d4ac19b44a3963f0fe44b7e1a89bb4fd9174e56f79082fff4a6ec1f3ce7ff6dd8a252078bec8c52c02c2b8affdf089428da671e451b54e6a3f59d324a7a5625533a3526659e295dddddabdbc9ada5ec9da6537c21ccce1ac6ff81f76d97c3cc5183cdcd3f9c9b215303d34529d2e97f9e4b4ca3d26b6b730139f0cf26e5b0bf1bb5a15824cef07531ca142920e7c80191336c8b83725f688b2198b7a99f8b05f6b0d203170d29af8de1b0981b0e79e0919321f1952674e309293e0775f5f1d7028aab5ebe95dc6913f626a12798219fd9429204ec559dcf59d1e775b46e852ec3d2cf47b33924dc927dd4bccbd83f6ebdf01137c177f6bda31651493fa70c6c03ca1dcc62152e73bd6a3d69f1ed20976c8d9acd3a0ed6c5e8616a1a6e98ff1c98e0b65526292e604a0f239c01f6499a8b0c7e46f2a4aff2ede41421d8a7d9c5400e436d4bb8069cfe799f930b336c918b3e7969d74fae1a3636a4642e13b60500820e74c6a578215e357e2b9c310012214c106a26edc44d2de8bd48d5b3bf8a6e38152161c39bce56e052dde687055164bd1441ef2889f2a72ea6125afb27ea5941102103c79645748164d240a55e6cc12b93416990461600d0c5e2f01d54ba03d48d650c4e8cb98b8330150c5d02e85b699876414292fcc6d52c48f135178814514158dfa383c87a292b61d172725ef7ce4b28a775aabc70d5376bbb6f356582043cd13438ec38058cbbc4642541ee6a45e0c13e4407b51c0a63572858cebc09fc2703dae8c751ad9aba699a2d698b64156e24718b4a19b7da1d9f809dd4089a28273283370e118f466df267f4fb8591b72d3ce7561450ff6eface5ef49b69ec5cc9be0d6d8eadfe81b4ceedd9539f1c5ee9060559a56cc83a54ab139b9ed8b48343ac56a33084794973ad17ee47d864d5566a4cb6ba3fc3e4229d584cbc588ba9e379e0087667c052fa7fbff0d7c590bccd41edd1d26d34f678c26a0471afe09ee8d2de04c19919e425ffb5d98ce30550886fc067c18df37c52670acd0c1eae0cc1bd3531b7d4b6dafe5d20c946a8cb80ecd4db2f0c1eea12d0c5016c78690fc9d16235d12528ae217d527a255fc708b3f5d207a91be561339431ba660c447905949f570abd1bbb32ab9aef59f8a7feabf1035978a8113385106ec81f5c3d6e336d116da667ec878c86e967bffc9208ab5fe8ba79f4b127d09f9da97460ff4fbf739f5205d9c1cb2cd8fcab7f8c07f7871a03bce423670f689c1367dce5fc7fc2a40f3f33b9ef7bfbc666a15d2629e522ca365106a62e789d7b4c54e1a397e6b83292124343a8b953872dd0b4de37870503bac98e12bcae74b718837605e847af3183e755f32092a32214f37a16a2fc00f90fb09251ef81d72cfba37563fb2b1a81ea336c26187e465a48ee001e70dbb24ea0d5bf246ef36cfd594858a39ff9dba1e09c717480a04ef5116a5fc94984a31b3af27be7360974146d6fdeef53ab96290210846297789158908ecd4e67be018be5e1fa0773f0d78bacdff6e20cf93004d0b6ed31224a5ef6f1d14a7e43fba95c14970862d8b1cef832489d258ea6357c9411a6b20a4de3a4f3b2eb62cb453080a1e359cae5dc3e8401557a2b95f41e9af4ec8445c101b9d22640c1685a11ddf7258a794d61c9998b56f48565c0421c654d6d6f282574d69fe3314077454f13f529f826a44307b421d6226c2eca9450b31118482c113e5343a4f1e705223720a546ed9cc2cb6ae75e35b09242db263fbd5fb2f126cb38f58444d9fb5dd8c07174ce90edabfa0ca0e3a2859a58aa1abf3c2ea95c26f4b1fddcad5a201e345cb72d8fb27edea97719115f25ec0fb9d87d75e93fc415012a2f63da46fcb1e4b423f5f979d2126613daf8535d9adbec647fceb117a9cebe5eff24bc6616afad9dd614e00fc2fc2b452b13f85e59a37e1dcd0b91e5bc21010a2f11726798642e329c07844d2d9c134dd2155f69bf3fdbd0e9dfe7bc9075861887c9635b4e222a31e521e46d94a589562218aa459cfec68d7eef54cbf265d4fe4072f306e1176e6ba1f52fc76220500604643957924fb704b2a3472fc1e86f7fe0a0dd55ae642641ae5470054bbf3b89ca66ab81d7d374f4eb3fd47aa78c3ec7314dff92d6bc37fde0660e56591f9f68a441d9367d83448103139711e486555d83deb46763d1efaf2e6a05accc08c57979166013601855d38e4b14e5b5af715ca93e04c93c8efbcac18d267b81b3a6d8571b174fbaf7ecff360e2955affa90bc6e23d6537c1bb7aeb310a4704c18c22b4c587d0509a6a9793fc6b1517443ac6a3a4c8e482793381129080e0ddcf22a852e9c814146fc1fc45bae2808bfc514a49662a41cb826fded5ccfb1d1b414665d9424996a3d5b1b5a46b5d8d1aec6ffd84d23f9e4b3d0fa6fe983765d2ecb17a3f682bb902c6fcda3e84616d6896c6e33ab082714ca6d84f785649690fab7b49df3e2064781445834dca331045b0cc0e56bf0a77cea31f542ec10ca5dc80945c852884284f8970e44633dd36d7e8e8475f8877329adc2c258862d0bbdb6279e197f69f120963e6630624f825dd8ed3718bd2e084718825f8688c528a1b8810a68badeeea71c07a52b78213027925cecac5c9bf502ad83b85e73f4af06f19a0731a010a970bc162676eae1c9f09740cab007f9a29d134df350a6cf8920301dcac58b99627a57e16bb5970237c222ee2c59e8f8e38e032ba043ba55180a2b15d8eface9b04ef8a48b6dac0de76ba072736582408aa009dae8f17f26b5abddca0c1afc3582439831fec77b8b79328e3fd546c568ea44045aa259bb6c9344729caa30590a61e654a63e7ec76d11271670c04c67574d4469ab864d66c110d5b9d452f30e0646347ba0cf742240ecbcc3ad07964b559f23ac6702b0499305358dde8488ea31ef157964c7850bcd5cdda625977eca4cbfaf84bc801484d254ce1d0477018f68afe02a9d773ab66d4fc02df7484bb6aa71c553440595917687993731b580ee35c27295e214bb720b06939d56e79b0064881d529bc554d0f09e95f95cba43c6681d02a57921819bbbb53ecfa17a63f39062aef953ac3d32cd8db985c9c67374f0489e75e02ae641e3aab804bbc24703834d2c5ab0433e8e408e2374629dcfbe0f559456a35428b8207839ef7a3436578a8da9d6d04317cf79995634b8b4f3e346ba2140242f0e07d3754319874130930d171a0d42839b3e894ed54b8cde6460f0b18aaf8505cd034f92bf9ca9aca016f7eafa156610a907989e1b87db40fe18f6e5cb936a1aeb0650798ea1ec023f910146a9730e5c5ce9926e47856ab39b60c08430e3ecf16cb7b5e6afcaddf9d30226e58a122fd0635b70cb07d963cf9ad3f93f6a5c618878c364e40627bbb7be18516f7035584a9ae88dc8cccb2b6056f501851e5bb8cc3794534e678330757761cebf3584f4ffaa56c45d6dcfda1a2542e2377eb69e8f145e72e520166266231f6a02e6222e4e9edaf0fa9c420bed7257bcf3f94281273e10584115644f2295c9609c68e25a03fae83140a857aa3fbfdfb9f4e58b4285ea29f74bbc345102adecc6c4bd4cf067d9531fed9068e276ee2a534c1fbe88b03fa915e4ef47bee260b4fba0cb55888674e3c8eb708998b4a8d5994b832c143d9c2470db2c4b5d220656f34afa1635c3c64799a4ec2b4c1c6b39f2e7ab4fa17d13ba0ac974b855a71ae2ae14fddc6a3a583dd89b90742dd107d9486b513ad19402a4383d8eb4e10a0af0632cdbd15f21c21bd8aa61d4bc4491eff776d8d50ced4658356b6ee262aa2a93a4a119cadbdd4119e9115b7bfa41f4e001aee9c30c3fb60796948b550825c0dfb4a79ac2bc24109ad61c1c61dbf34458d1dc98d836e9b0a9e18487f32996fdd6dfda468517d5f82eaeee4a721e82e90dd66341e203dbafb69d701059c20e33403268ee39377fb8a7a7b0d1760ac477ae25653a9d67d6a9cd0dc7e24c3b298a71677fa6c001c74e8027396951e58ea0600a9ff77eb9b13e956bf2caeabddf1c23634312537f2bfd15bdd70fd50041055d11148b1e3543cba9bcecbe737c8cbf78510ce4fdd33cab9d08e0050186ba081ba428b482d2374d97c088283a20cde80fc44280c75b8a9bab4243b569f5df12f1d62eb035ec4a282295675c5de6ebd5a336a0e9e72159c6d8c67ce0d9a5fe0afb27d594f6bc489506f098ec3975cd441bc59bc109a36f9b36c2ae7dff14a2f9ba0f2f03fc4b34f7857eec33d8198a0ba5c85201f112c1c23e62ae5fa353808bff5bee260f414f7a5b6d16617ae795f4b7bd0bf846e1be2264040b3ffa63f7511587a11f8cb84bde3b8cd7c733dc2de3d1a11b8768dc06a1aab79a19ee39ad81476550c227e73fe796c14cada8748b48010c73725182b4997fe6144a752a7daed62848de64d95955e4617a1b50d7be3ddc11ce517b761e96db975d45a0ea6aa702c460cb7dae12d5c181e837c3e3e77f03cc6f8e4d09472b06734101c0fec9a3814b477e94f4e7bf1c766e9f028c0c36064cd044f5f9b291b1d77182987a4225d88ae1e09b543513d1a24b254670c0d0b90025b20f3114766d92810d1a0a7da69c8726d692ada613c36451535ef92f935cd6daf0532e1d50d03fe0b0e01cbb79f31ca1270ede6929f7a9d190b25d8e1430a065b901ec9259636cc8926bccdc760666a6df048697c5c9088f50481024c705bd1263dbb0d8d6a447a93993272086b5ae39f3be529ca0933f4f9d338527745111bbd5da0def6e96851bbecc3b5d891e645e55863d226b36fff66e1c835dcdd13f167205d491f0fda532e016255f5c63315c5bc9422"]}, @generic="0da64dc0e826b30cd34fc930d0aeb4a1d4294577993c3ee47fe47ec87094e2bcfa00afd06c46d9aedc0e20d7ce37643af539159471ac7ee7a39b55c5eae95e50f2539ca86d57fdfc3c80fd21cb1a74cbc0088dc84d1c4a884367ebc46f5cabb2dd7f28d7adf17fe221d3941560719bb593e0c21797b9710dcad464fe6378c3e97dbf25eb093f6884868a541f0748aab36a058893c06456", @nested={0x2c, 0x15c, 0x0, 0x1, [@nested={0x4, 0x8b}, @nested={0x4, 0xfb}, @typed={0x8, 0x138, 0x0, 0x0, @uid=r6}, @nested={0x4, 0x100}, @typed={0x14, 0x82, 0x0, 0x0, @ipv6=@local}]}, @nested={0x8, 0x71, 0x0, 0x1, [@nested={0x4, 0x12b}]}, @generic="c475574026e49b09d0a8f3f081767ca24b8ea01cad9928481ec8d7c76e43b99d12bf781019961c8449d89b0ef3bcb09630c85df9d8f6278ca5e2877e532e9cad567a48e66c5b115143cdc61889e36417b9e0e9725e2e03ecf097faa1c74f4d231307"]}, @TIPC_NLA_PUBL={0x99, 0x3, 0x0, 0x1, [@typed={0x8, 0x14b, 0x0, 0x0, @uid=r7}, @generic="715270f0f9dfccacedf37726717c46096f9d2cbe0fcfa92bccdfd351e90f77bb3187ff864df1c21a909a2429c428367deb7c9196036a3fb20103bc1b8a70648148b91d714fc6aa9e49ed7613595848475246d4555113435dabeea287e227a69aacc4f4f06bdc4fae9206cd2a81009b7e88e7da3b72bb4e48248366d3b7dd51739393e08457", @typed={0x8, 0x5, 0x0, 0x0, @u32}]}, @TIPC_NLA_SOCK={0x1378, 0x2, 0x0, 0x1, [@nested={0x10ef, 0x5c, 0x0, 0x1, [@generic="405e35e1a5c8b1c45f7d4f686374aff035a7c9760aae79769ddfc5c95141363c5f7d26cc1f1c1831c47b01a74d947805d47c9e9787727aeb1aa810f9008e198f814581ca27da42952ccf7f096477b547b13d8a39d7bd53dad9280256d17631af5b10ee186b52b0c618de790a8522cd0c309d68f6288e73c9f83d878c5bca50e21630c15c86c38293247600f169ec70f2177d3664779d0b229d710e7b9eb640b0740b25edefc0a49d3c5e9f808a359059ba763479ca8f5995f17b3d1c518737ce0773a037d408b4f0dddf474d2fdaf485a4ed6367243a4b7c18a83d230f9f47a9619c1eb08d18284bb862038151392f14629c0a979acd3a740cf298af41c23162f23704136f02f07bdb38e11f6b8f941417cfa537fcc27ec91758fdc82302ec672dc1cca4453b4b3ed21929278dc798776244192f9dc70f08b33bf7a3f3dc3595b36ea5e7b5504941595d62ad0cc0062aa81761061400765188e97f163a2cd5af1fa86417dfb945d22d07c5afad4cbe171bb722405b3818c84ffb4290c3660c3f6b5fa055e6c0891591478aaba062b8d5ff8a9047f7015bb14d9ebaf516a119f45ad64ccd76358dadac8c5b36fbae24ee537a8a879230f4290e8fcf8f7a69013d46aded5beb47d662048fa8fc2b2131629be747f221e37f702265dece9a219d0e153f118d2c4d70c868943ad32679defaab6458393afe7caa93727f74d118e4cd5d4f131df1f21582c753c6ee0155068e0ee1da8cf597a98b289f2dd28b48de43a61e9dd0b8fd5efd51fe33383adf51348bb1279f5b228dbfd166f9ad7f8b52832935a89ddc09c6c7e21f0fc33892077d1fb805c96d541641d4e215e80a270e4788def807cfc5c4d6ced751e28aea1d0b56e91e6fc55830e2b1f3d116f1e4881e954283415c736add4351a390253c6be1bc09f628c760aba3bea1418b39baf2391a8154b8213a968780cda81e6dcce9cb32e50f248aca0f66d6aee32cac2c5d7fff4192f6d942f60c08889955b2477631daafa316ea5e10cea08c1c03c77c0347925c43cdb6a377a3e6225648ba0b14b48c4ca3892b386f0d3a770fd889672a5305d05148fade9bb90832f209aa61729e4492c9dead4a8807fe056f177638230d02ae19ae94aa88866a6fec5cac7fce83300a86c10a047976a68f2242d78289b2d0aa61b5b7836e4621d5e84be7ae9fb42033cd426a177ed3ba7bce518669f4f9b524cb74cc5dcff17ab60281779f3b26162d15f5c94e8fdc2ecb9f75e576514bcc228d63ab109603fcda1a5edd895bea62ae7121096c7b1e183bf4966d5bd11f4f61f1ab7911a20501204e4d4c3fe49a507c8868b9978b1f7000e3e24b437b097497fcefddcf9c3d6e9b5e90796b4479362182ee2ff20a45084b195dbbbe87e1907b048ad67373a2152b37bd667f5103d122a33bcf1155c441a1186dead4ff6e8ad8191abeb8e51b9a95ad0a87ad567dcd9058e478ee08aa49d8c26d72ab9fb84c31eeb42584ad8c97a6029b38a79abef54aa03b91131baaeb493d877e498ee3c34197b20e7bcde20ae06249bcb67c341729e49bb3342e02b8a04ab964cc7cfd033451be34809a46268169cfa68cf802db8fb0c10b75e8f890a7898dc956e2e244b3fdcef2284be1db6104da5536aaddfcf4c2e88639cf686af58899ea300d85200a4c4e2acf345e3d28fe2c2874d9f1d7542b5e008f5377e7170958755a866c784983582e7e6d5af6c2e36ecc684ed2f29306c1470eb24e303fb24f75018ad9bbba62de6299d04e97acdc3f9a27a043eb87a4ccea8117314356b6707758b86b8525dbc5756699d592e9bf8539d3a031539afda3e5cd1fbcca7dc25a37e52d55bf608632266efb1133e32d74b4e8dd7968f047d81336524d19b4aac9173cee2d1b391856df09b602cd4291f89392fe1a3066cac3ea7e8907591ab8ecb1e70981056871df7a4eee3735aaaaf41bd66ac08fcc12ff09bc88984b9699df07ca9afab1f53d446c94fb53677d04350c97da12ecca7508d26c9ff170fda3dc5ddee97b875da97a6cf57ff03d5241704889e42eb9ed4db665a9a2eed90b7a85961d6e8e15a3c9f7bcd080cd2dea9980f8b0809d9a8e3e4da6bd5a9b259638c8e51eb41af57ff7b1d1dd11ae294a9e90d9d0eced882ddb6b4bdeb7e9898b42499a6b47f0a5dc331ddd8d87195291a403b05bf309e80d8e945c008509d676cc0bc8b5dc14c95089db73820a8d57280e3bc67c5e6377414eb52531b4045c4c40e9333cca6ef56c7a1e4c87d8687851711149683fc050be74e76834cdf8a3e5af7bcd920188f34981897cd09a239c0725409a0764d7125d4de9cd82f9370ff7181c9fba8fb7f27d813783b7491f3e4e31d287a2898f445230cf58883ee79ca505827f9b7b9d54847c8384a04eaad2d2466093d91200a46cf95cae9af73791870ca63cc587e8620bac813700efc86f43db20118e1f491ec665d56ca4c81175b67763d7da93c450985c3175f19e35fc2a718dff8ffbb00eb7687deaa1457ba4b2e488c0e6560cf8d47c063b7f3cf51288b86bbd735d1e44d03a33ac31046f305cea195e37c86c526b65bd12ca5a7cccb9e499741687cea7cf11d0e926d03bcd0a78833c50551a1dd920b04ff67f4bb0388cda10d380b5f59939649f63b81bbf2fc1e96a02d4c4e62b83e94e010960e2636ae94e6dc45523f0ed67569b8c64a15e615c25c75d2437988f7358c9942c1a3c6ccd057d34f7a73a56946dd60463d3e918490e76cfa4c95da80fd80f8a0c2a2d9e98157eb5ab041f4767020da7a7c48bbff7479c5b1769164b73ab9dd12ce23b7c277ca78516b4740ab63ebf983b5e0922e3ebac88d13f5c0bd26968f8308f7aec84fab1ed808ec6a12f9d15e30f33a007ce6be90b830eb832d572699282cee6222d12a4140ffa458be2b0dd6d15018c0d4e882b0273c20ec8f6032dff3259c9dde2cadfd463fa91b90b7a6c6580130481c9b728317d4e9f80e3aefad5fa866b9a5154283dde48f9456b8e07df08d7f281264657c4259128b717f1277d0bad633272445d0bbcd275bfe0ead40adfd6ae6e339e2b828da5adcc61e96129e48daf9a28d9832bd466864db5a50dcdf0785b269f09cfeb2a632158a21b463e7cb445fa61b24e361f633d451143a6072df1d9a96b2b1607a9f585a8c3389c3044aee9cb59ffac746e75b6ff19f6a4d4e124fa581ce20b5e789436ac8d6d88dfd78990dbaa85743ccd236f2c635aa85094d594fc6c1f764e41040b4925cfebbfb5e27a019aa87de9afef0714e1706aa1230ada8c5ff2998c761aa7c6c2e29fa6dd58dcad1fdca875213928e3349bcb3f74e9d12cb4bd5da325fc57c22ffd19a262ab84918159b3d84034b71c6b85f4767aac6af35b37aa3535b2c40081eacafcf1908f5e3f9aa47608f6cc5b6448f696ad67987d90a90dc95e283832d1aa4450d699bb47e24a26f92a5db67eb587ba9cf7ee0533d6792e9e49ae86369dab24587e29043536738a85e0c49d86f806d461feac762e646386131d4ae72793124d06ea905cc2f8d9f06b2a9ae2edfe5fc500d2a31046f0215dd1ab06052a57e28ad0ee1e90c75e99170205b2ebca1a6372ebb3c0a1d9e9205418052bcc7f0473e4b47ac1742c11ead52252604c734c3277938440a1714937049553c53a7abf7e4297835f8602090678b041eb255e05827adb05e67bbf98cb6579b47d45fa4c9d93fbceeed5552766aadd32eb9d875f44e029d503b253fc6a6436e6f8678c8fd517774461cf9806004cba2f7b3da6b05e58e0fd7e9edee66a9d173917bec35f924728ef77447a47707e70c4f0e144ac3e10c564db1b84ff0a7ba348c9de9a2cb05db42362895787ffb70de642f3f2c5a48a2d3071aa2b7c8e37b016097bb4781f83e00f62dee873c26f43e5920ac711671d2ddd98ff8f61235b7e10d76643d66089a98e823d391f744c31373154bacf64b07b48494430d12e844166270a8de660a2ee9ff8bb038b3857747b4270ddc3ab7b12a5546bdf5728f17e17d80910ace863bb426d0bfb71f5ab720a09c55471635223bb7eb7a2e51464f0457798b2cb8e61516495c126440c07339c24a9a955f5ed28d162eb42759eb4ece23e35c2574b03950b4f044cfc7a541426ed0d48fdfa763b811fed2e8a9f8cc3d5d641008950053539da2bbdbb8ee0bf5162faf35f2bd1bc11c0a4f938a513a36d1bb21041c6e07270e96c9cdeb2e3bcd8ffe6491f2026d7618e56e48f3234edbfab4374dc90a07cbdc0cfe9c6210540a6e365e0fc6eb63148a7e06f92808cce6c1ec4db7256b8f4c798e0e1d9871c85dbc7551bcb91fd809894b513b24e1295dfbd68f165f4bd2ea44d7f7aa45cb3650603ad0394bac2a19b16271f66124b74be636903ef11b265a3011763b847931c19fac5086f71e9355e53b4fc1ccec757790f341d36fb3441414c46163bfc166aa23042b3163d791412066fab4699240c5e68a4ae1c3aa968ea458ffd2d4ac1074d2eb281f5cede87d6adc14d83010fa7da6168cdc63f91fa9a0821f634024fceaefa344782032b0b1cb599c3882107943c965d4791f3269fabe716cc5fe282468f0aa2125521efb676223c680743e9cab43f8c761e37976b3830265ce4dbec6368fd52f4d335709efb5b9eb55463383e5865a7c4724496a6a98d2227df11f150be4d62711a821b1ccfe21ddfec552b644fb96282cc284620e221eb3c13695bf9d8d3b02d95f021ed9f4f79fc09dc0cca6e81b72522189ad2047afe9ae2d6553107c82b7b6b0c3f8ffda291788614c6a4f37f3e9c68f91a77b79b8cd3706900fe89cec90382e7777c8a867d1844c03e7d92adbe2814b92c190dcd09fae49e0da04fcf45675a974c4ebc5525e6251ec9d8df563e5e6a588a20f5e2a833432f7419b0a0b5da3119634d7852ab070b99f3954647ad00d5e45590a1dedbdecf8f55a4b9e640b23c7f1bf80296298b6a14cf6585c5cdf95d59b7fb067a6e39e25b5810b8c28789709572198a265eb0fc719ec23aa9fddb44d96aaa7826195a4434228aa0525906ef4300a7674d865accf3b55e6c715ea338faf58b053b7efb92d0110464350381a3f2ffa7ae39067a6f47561ba41b488cbd366ddead6e393f1d0e1db3add461b494d949e379e4e9911b6fa4c24fcca49dd124000627de846b00a39aa16b499b092d6679b20c6daf3e2283fee0bcf1bf2ff740151bca0a012174f72644803fb152e3d65ac72f34ed6f0d2f13cc03b9d335790cfcf050d3b8de2eb93be2d3a55eaecf538ee873a9dec5010a86ee28e5bdecd5655aa59abf68e703220496c589fac33e4ff96796108a2277f49cb40d5d955cece5e7053e919456d52b1b1c933746c2c83ce18da8c7c8f23bf2023371218f4ec8028f0d22ac1c93b34b404dbc6ff180de6fe4875f11eaa17b4cc95f21fd9aeafa16e3ab8e7d1ae63d4f3a44690f83b3c428b16bad42a4863f7c9ac643f0ab21b83b5e38d8d495ea565babbe18f70f1cc12ed4683a4c248da3564d75185598d3f82b7ff2709b0bc9a20dc0620fb13ebf20ec41cfe845be71c02b08e95bcdcb673174875cd4f7aac3a87e7dd7b36c1f551f192eb56a43060afe80c194c63865d36a7ea85e412ecfcf4562611a952f343e41b89cfa93e14c3ff2f45d2f621141c7a7eacb4684007d4f2e01080fbcf1e940d34ce1e42b17d7aca7429f964383b10e7d6a6806349f0b6ec08595eb8353c5eff43934a45a6478ba759f04fb73d296b11b525dd66f50fa0c21b00bb3d327fbc0672b4f085fcdb3282ca6e18694", @generic="6434ff85653bf0b931d1f0824661b0d769150fe542b80885fa0cb4bf093609e10d7c23b7e61c7c86e1978c5388cb791bb62b54e85e3785915cf41de66816d254f62cd84d8f53a768c2c6e0edc8725c8817f8d2e640f6f6d8bd576c2cd46e5576b91577460b67405041d22f6c1e5e4f6e5a311c3595da72190aff9922f3fcf8dc8c8cf8dc24a38224191b336f6828ecfaacb46122422bbfeb3eea25b0e73acc056342bec4d9174d4de28c96c978fd1a6f2d209dd7b3343fa0d22de2c5017c20e080e968acef2c39", @nested={0x4, 0xd4}, @typed={0x8, 0x8c, 0x0, 0x0, @fd=r3}, @typed={0x14, 0x9c, 0x0, 0x0, @ipv6=@local}, @nested={0x4, 0xd6}]}, @typed={0x14, 0xb1, 0x0, 0x0, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @typed={0x5, 0x58, 0x0, 0x0, @str='\x00'}, @nested={0xaa, 0xa, 0x0, 0x1, [@typed={0x8, 0x95, 0x0, 0x0, @pid=r8}, @generic="faa461635bdc3328f89cd53c5822199e6b812589afed7fcddc99735cca7f08aab86af40a2ac5c875b6beb2190319ba0b61f532284930267b66914cc401fbe5252ca7d1bd4ef562f8ff4c356225f9ecf1a412a70997890e78ea76f19744644be4b47d71ce5df7e71e4f04953120d240faae9fd2eff63638cc65624d583bc840138e3674c60bf1557bfeefe7c8d895caf698ecbd66c452359bd1dfe3e9e299"]}, @nested={0x1ba, 0x13e, 0x0, 0x1, [@generic="e71e07a6fc019f745bf9e9c78029c29dab197e64cf35a15d1eed43b90851a4cab3d7f1f576b2ef90847eb5109c1a8d0214247bc4791b79ba2f6784969e256fd8816d6d4e984349a3f7dfbe23d645c521fae5c46019734f3226f3a50d6c639b3ac56cade0e61a6ce0d640ddb8a60c45392f95c12267410536cf17592f223fd6e63633fea1c82b90bc22bc939c26c8eb570fe7e3ae8486cfb1f3ec5b5459be218913def812e8c8b427b3ba652b21a3b79cb30269eb1d0f49e8cbe0a857954fe7b3be7d00ea124c417701e7b872f7922afd5e", @typed={0x8, 0x49, 0x0, 0x0, @uid=r9}, @nested={0x4, 0x147}, @generic="ab37fff9e21278b8c3a0d29a70d47b51d2f334489c903261901382ee5b041d87a9e0c85da2c834107dbcc93c5f92676b895e135ca9d2b1f1d170b9dbc6c57459160b95100b605e367c6e918b84e9a727ed967b18436260cab35a0857fc311ef80e0ee301e098cc2c61a20ba215b4cc5a1a425e983ece23cb0cec6c850a624a9b10198f37af35fade2f22fe34ccb85d90ef8cb393191687e8bb75ac6bd30d3794b52113a9c458bab89ba7a17a3ebceee8fca4cf8c55fbb0b82490d8d4d6c5651f87ef5ccc34bad65952b78035d36c5f8713c7afc3bd", @nested={0x4, 0x9f}]}]}]}, 0x28c4}, 0x1, 0x0, 0x0, 0x24000000}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x8000000000001fd, 0x20000000007, 0x4, 0xbc3, 0x800, 0x3, 0x8, 0x10001, 0x400000000003, 0x3, 0xfffffffffffffffc, 0xfffffffffffffffe, 0x6, 0x9, 0xffffdfffffffff81, 0x4]}, 0x0) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) 22m14.926655892s ago: executing program 3 (id=9): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001340), 0xffffffffffffffff) r2 = openat$auto_rts_threshold_ops_(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/ieee80211/phy2/rts_threshold\x00', 0x163000, 0x0) pread64$auto(r2, 0x0, 0x440, 0xf25) r3 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) r4 = socket(0x23, 0x80805, 0x0) getsockopt$auto(r4, 0x40000000113, 0x1, 0xfffffffffffffffc, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r5 = openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/net/bond0/queues/rx-9/rps_cpus\x00', 0x2002, 0x0) sendfile$auto(r6, r6, 0x0, 0x2e9) read$auto_rng_chrdev_ops_core(r5, &(0x7f0000000040)=""/4096, 0xfffffe82) keyctl$auto(0x2000000000000016, 0x0, 0xfffffffe, 0x400040, 0xa8) r7 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/keys\x00', 0x8340, 0x0) keyctl$auto(0x5, 0xee01, 0x107, 0x803, 0x800000000000b) pread64$auto(r7, 0x0, 0x8, 0xfffd) r8 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000003fc0), 0xffffffffffffffff) sendmsg$auto_CTRL_CMD_GETFAMILY2(r3, &(0x7f00000040c0)={0x0, 0x0, &(0x7f0000004080)={&(0x7f0000004000)=ANY=[@ANYBLOB="0801", @ANYRES16=r8, @ANYBLOB="01002cbd7000fddbdf25030000000f00020076657468305f766c616e0000"], 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x4000050) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f0000001400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002bbd7000fcdbdf2504"], 0x20}}, 0x18800) 22m13.789641839s ago: executing program 3 (id=12): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000002940)='/dev/fb0\x00', 0x841, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) shmctl$auto(0x5062c3f5, 0x6, &(0x7f0000000180)={{0x3, 0x0, 0xee00, 0x5, 0x2, 0xfffffff7, 0x5}, 0x947, 0xd7, 0x9, 0x9, @raw, @raw=0x5, 0x8, 0x0, &(0x7f00000000c0)="e5578b4c71d3e92eee", &(0x7f0000000100)="d37c325b9d09a1fbf821a98f5e60e7b5816e4f0abcdda5f3b3592482ec55047c80d9bda578ba1e8c21e2e6fd2c6401e38118817199dfe2d696bad3e158c89f1423d181d697787076318791245965d83300192b1d0a63e3e5c1551f0f9be956a5577c6da88cac"}) socket(0x10, 0x3, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) fstat$auto(0xffffffffffffffff, &(0x7f0000000000)={0x6, 0x80000001, 0x0, 0x100, 0xee01, 0x0, 0x0, 0xffffffffffffff91, 0xfd3, 0x2, 0x2, 0x4, 0x80000000081, 0x8, 0x3, 0xfffffffffffffff8}) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x40000) r3 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f000001f300), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYRES32=r3], 0x1ac}}, 0x40000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x1d, 0x0) r4 = fsopen$auto(0x0, 0x1) fsconfig$auto(r4, 0x8, 0x0, 0x0, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), r5) sendmsg$auto_SMC_PNETID_ADD(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000440)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r6, @ANYBLOB="010029bd7000fcdbdf2502000000050001000000000057c81489023c4ed0e3425602325ad24ca345250e0000000000000048323e20632d06f58d0ce457743c97326181c21831d26be05a0541c502503dd352d974c4b2c87628b18652784fceecc123f193fc0100000095fafd6845575377a7c8c68a0923247c05f62d28d553a7fea92890338acbc01f85b0659003f6fee794e663fa265d9efa7f058dff4e7a72c217c62f817fed3899bf12165b3418e65af40f9d473814cb7446fac1015c0c40b2a4846e0db7be8e82b8e1fa5dc55e2c9b1994027b12241f2e69f54e789640374c665b9f0e1359d67ebb21a97a7460cb51845224cd0c4f58d799c2f87c81edb4cfcebac10a1e57cedf870509ee3433f233b6b487afc3b76d2507fe66626a668dc24f7cc7c6eeec34d844b4c6123e2fd53ff4265ffd3635355c73128816fd16605a93227fd255ab471f08d1b4d6389c630cf238cc7482032213af2baa1fd55d342d73e0757c16"], 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x44c0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) sendmsg$auto_IPVS_CMD_GET_SERVICE(r1, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000240)={&(0x7f0000000340)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16, @ANYBLOB="100025bd7000fecbdf2504001f000c00028008002d00bb54abeb90a1bfe1", @ANYRES32=r2, @ANYBLOB], 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x4008010) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x942, 0x0) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x0, 0x1, 0x3, 0x9, 0x15f4da07, 0x6, 0x10, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0x2, 0x8]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x8000000000001fd, 0x20000000007, 0x4, 0x19d5, 0x800, 0x10, 0x8, 0x10001, 0x400000000003, 0x3, 0xfffffffffffffffc, 0xfffffffffffffffe, 0x6, 0x9, 0xffffdfffffffff81, 0x4]}, 0x0) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000004180)='/dev/snd/controlC1\x00', 0x28180, 0x0) 22m12.705148853s ago: executing program 3 (id=17): mmap$auto(0x0, 0x128009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)={0x28, 0x0, 0x1, 0x4070bd25, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x30000881}, 0xc040804) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB='R'], 0x1ac}}, 0x40000) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket(0x26, 0x4, 0x0) connect$auto(0x3, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x0, @my=0x1}, 0x55) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x44a700, 0x0) socket(0x2, 0x1, 0x106) openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/block/nbd11/hctx0/busy\x00', 0x60000, 0x0) r2 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000240)='/dev/binderfs/binder0\x00', 0x80000, 0x0) ppoll$auto(&(0x7f00000002c0)={r2, 0x101, 0x2}, 0x6, 0x0, 0x0, 0x8) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000440)='/dev/snd/midiC2D1\x00', 0x501a41, 0x0) write$auto(r4, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_UDMABUF_CREATE_LIST(r1, 0x40087543, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0x10001, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x5, 0x2, 0xfffffffffffffffe]}, 0x0) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xf, 0xfffffffffffffffe, 0x948b, 0x3, 0x4, 0x3, 0x1000, 0x200000000000005e, 0x4000008000001f, 0x17, 0x6d3e, 0x0, 0x2, 0x8000000000820]}, 0x0) close_range$auto(0x2, 0x8, 0x0) r5 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0xc0c01, 0x0) ioctl$auto_VHOST_SET_FEATURES2(r5, 0x4008af00, &(0x7f0000000040)=0xc) r6 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) r7 = syz_genetlink_get_family_id$auto_mac802154_hwsim(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_MAC802154_HWSIM_CMD_NEW_RADIO(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYRES32=r5, @ANYRES16=r4, @ANYBLOB="a8b9975d53e389b8400f9e71679fa495bc4c63ce1c16fe5507bcfa988259e5bea3e4de39334a241037cb5faf85815916d85de75dabfafbe575257140edec86b0bdfe88e85ac7223644342db083808c2044d52547ab7dbbb6eaff4184acd56b11a9e85f979ef72fa9ef3f7e79d0e210569ff70128c7eeddcb4bae58d5e137cac60e28e4528cb19e67adc2ce01151dc4fa2723cb34c2d65a9ca8d3a38cd900546ead656b932f51fa603357"], 0x18}, 0x1, 0x0, 0x0, 0x40008c2}, 0x8804) ioctl$auto_BLKTRACESETUP32(r3, 0xc0401273, &(0x7f0000000340)={"a9409f5834cae6c52826c5386318723cd961ed74aa8f0c662f5b4953d6283ffd", 0x6, 0x1000, 0x3, 0x1, 0xd8f, 0x0}) sendmsg$auto_MAC802154_HWSIM_CMD_NEW_EDGE(r1, &(0x7f0000000400)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000003c0)={&(0x7f0000002300)=ANY=[@ANYBLOB="fc100000", @ANYRES16=r7, @ANYBLOB="00012cbd7000fedbdf25080000000c00038008003c8004001380db10028004004d80de9d9cc873b35bc438824bb14f246644017beb3d359bec9076a142a503da5d684a7e6eae72cb374098556e0626f4671ee81732c36b05b385f4b9190c7b88238574ce57c493c17658269779fb7490ac99025e85f5f01901e0332d1377f2de7f0b7c7fb89a13a840726a2ae8169aded47a81e84452f7b70d4d35052125b61b263590ef6632ede1a6208385f63200008014003000fe8000000000000000000000000000bbf30a835b4cfbe2314a039b9915cc51fcc30d146b40ff4815c3b700001ac59a5efd0bd8dae4182ee5ca24c0b76497e07a8a86f6b90c3d8990e7eae8aad7d02dee05daa303af8bd94f55f51b48a7b008f45374f1cd2085df2d813ce404edb1e98fa9e25481d1e307cba94cdfa896965dfc3ba4b500bb6de2fa1f11e15d3978d044d577849e65b3f7082ef06a02cc62f435ca244497ef506b29fa6d556aa65444049eddbe02a20d15f9d425999d739e6318eafd11cee70679f87201ff0d9c84703ea3808600926407338539fe1cd488a0f82b06456285ca9636e385aeadcd1dc348306289a150c41a15d0faa4fdcbc0b939cd108efc108eefe243e5ff30e762b2ad6a7655c769f909c0b63808efc0983c12a83fb33f8ed1260033ff0f15ab46ea5388cdeb0620e2109fa1f4ac8019be090ce3980d018569112e762c258c2af88aa6ec811b8b56a0135d5912eff89192cdf458b14ac28bafc55113a8e26d756f9721db1f68c4a806c2af021dbbcff1939c152715cddff3827ea5c50afcb66a0db7dac419ccee2cf3426eb81bd9226e9b9f68d39a809016667f261ec5ff85ca432276da41959deeba38d30b76e4e27ef8f7bb907d7b5aca16c171bd0ca8e44fc3c3c95ceb79fd0b1ca16589e8a241b2a05fcea7edfff4ae042f3e731e8e6d22fb7d0716131e7726f0cf49bcd73fc8b949a6e6cea531e166e486916ef6911df8405166d3cf6e13f200a8f0c2771312a7d94032b8e7f60e627da24a332162f1065a76108d2a28f8928588334e6905303b6162118819bc51380ec3b6bf2579a3ab0f090043d56ecc7165f255e043b6bc744fffb5606fb6faf02d67ac3fbc2ce30315ee19f03ae295c62749db1d64a5a67b89dbd82023342c7c96a51dcfaa1ad6958cf29a2000efb2f7216748c986c1604e4a874261bad2d92cb5842958a0c6b0f29b89a442779e301cefb5d41c3a0da635d33776ebcc0eb623cde7b90ff07bd1936787a19ee4ff4c3dd1e26bbd9db43e7bacc0fe6e12ec346aed16c1776a46dcba82e434462b8c64a8a50d5d2fde205bcf1630482c5aab0ec89219cab71142e51cfe4e44c48ca7d4ee7bdd5bb6079405bc5b583b63e49d55196cf91af1c284af971818e4b23fe7887269b02883323d377aa652a217d28cadc228bb6cb8fd16d24efeaa927412bb0d16532393b0632245636548d611d2d17e5a6047363ae0739e1e26fd6a2cb5371ff4faee1ee447acec7b3f279659a37a7166ec277cdb2d7a50ed66dd64a60b2a550e8c3647127b2a34949e98d6332d02741c094fdd75ee12ec59d9f173c47c4629793f13de3c48995743bf90e1568d3929e0e141c97dffa78216cdf413965491b7bce67dead7cabf6c65307dafb66bc3f2cfbc77a775b9541f4c338784173b011928ac5ccfdd508cb5775aebb8cec6bca2ca27cc2c232e63eb9ef28d0b8ac2f89ac8006525419bf3c0de14b9dfc13fe771eab0ed9b675eece3c87f25b527dce1a972bbd282029404364ff6e6bfd1b234968da1a82446129f5f32f7ae69b63549b39d92717844f8c5d01cf4e57837a6f321f19de4928a42811a86b5cb1ca67fe5c47f025109ad4ef21a785f59b65122c3999c9644223f4738b247f150b4c0819b0cf7ef2076e6e05eb5b24f78667d625d6363d243f56c8c1fd6439e9fdcaba1f973d90f5e30202baa873b598f51e37a773657e1ec529a692b9d6d31d9801c3922005029bd5f2d22a5220cf1a51537ca800e4e62034d94f2a155f857ca9dafa51eba143605402d3719a269d375e83fea142dcfadd6b56fa3017f5101ff2e2f6df7d89280fce96630d499bed66878d898781c68b0ba7515bc6d872865b557c3c08c2443cc1baa391c9d678f887d94c814114b97897c49ed4971bfb9332b2deb5e16dc3c9bffd802676d6e766340dac461431245b75d298986dde2cf6b38aa05df7ae29dcff89b9a1e473d76def12f0044d5ff30781c43cc32fd8a3290430bf539ab36034cbec8547c7eb258999467874d2f5e34b35cd973fdb3acb45de2ec78397073b68766f4598ed2823b8c75b0af7d1f54d42145991094cac9ae39c3bc071a996c3045ffd09a4656a6dd94c8322496aa89ec78a6988ca8739388ea554b2061208e9b84a916c9bf2635f3912dfdcbb11a3ac363137a2f4023727c5a46396585138d6de38b13fd09fb453ee2e255bb6996d7bad34979e80eb3eb66b2e9fecd6a503502e59a9140d529d2b7a5156cc386b35be1ba7490638d3be99b160d95d0c92d3af8f358599a7affe919a4ebf9f4a701e00409c7220666520b61036fca9cbcfc0b12abdc9ec57c47bbf7884afae9ec5065938a6b60fa860110bc9c94180be2ed47bb02fb1fd7d0684c81195015bd2acf39d8ac7005daf3dcb1aa06034a9cd100cdf1a62ba0d139cecfa09ad51a936c5a61109b19f036dba9583706a81b3095419f56252bf3e703af422907ef14dfcbb4360275683e18d3f89d982d4988b4c0a3a1790cee8d78ea5d26e20150d3ae7ec48361de7a15a2e8956ad4936ed89ec525f34a229434a6dac75fcb0cac2ab3ddbc6b6f5936267c28a768771862fe8ede69e7017832769c8e31bfdd0bc720c94d789e9706322e83e12a222a8243c411e141c791e6fba2c87d30a5bd10ff4d80e4f7fce8cfa8c8fd9cf950ea18d21a67eb80936001f22e53dbff11e1ca7c486315d964bbcd20f25a32047021ade00dbb75119432ae35a47d97ee91983a315c2c1d2e84d0384ce969488f217fac473c74d4070bd4d884736c48625214eae1c7ace0e346844ed0b427ae1b9d3bd944dbf90e4ff8300936b30f7e1820372835a95f059471187368f725e48de2d36d13e54d8b01b783c13dbcba968550372c95d0d5e41ed855d5e6618a2b961283c5eec90c1ef17a0bc7d2d4a4746ad0f649431d55be19f91490bca4c870a476998fc8b3444d49ecb06e2ad06cd3cf84fc3f4a87953968565fa811bf1f1021baaa3357e882eadc1323401cfbedaa171db357800e762c1c052ba5612ae2ecf0ac00034a64d3947264df73e3a5d2f8e13832cd6e8d84fec33a66aa7adb3d06c665c4cbc94ab2b34adb49555f60c78405bc163619a3946ed1f24fa63f9831b88189a8a6d001255a5826772891e6636832a9c56ba63be475b40b149cfb8ad9bf54c45684b57d84a8ebf6f261ec95316e6a132585d42ec74973e3839b69313a118ed5bccb41418b4d4c5074139240c78e310efc2383d10f1dc4d963f4c618af974730573b7731a1d6b1107f8076b79a58fb37ad59df81366780021624b809af4ecca2d79f6574b2975d701f4083a3a878b3cd7d88a3a77ef9834b6118ad42a3657068b146c7ff4739dbe1634e3589a97c3704bbfa060566466d3df19d56bee38314ebb122301fd49c1f6627bfd90705aa4cbcb9ac2efd418fffe1be15995fce7960585095cbfd6cede5c4b2992117696ec6a4718beb93972a52e1e27c84e342f1a62f3e59fb2b85d63562d94a480715615e3e9aa7f350e51d5640f620f18f825db81cc298860d266408150c07cb4e65d9d0368ed3cc18925d0ca7c3125347c735df8cc006938fa3d8dea591b83fe6c928a22710ed276e5eb9d11d88c0fcfb8957b0b0ba435ff7a5162899b1e767326112e95c1a38022311841c365e4f349d66b6f53711f134d88f8660b10b4dd8c787c86e03cb0d48c579470875e38737a988365a863a906df1327fb0060d9fd568d829b6a89446169de3661130b749b0c0b5408fbbc9a9c4132458c17805c471fa334e540b35f44086ddee9634f6e364a278a921e54b815f734b8b7cb04fe8e606339dfd5d979b1c6136d543456dc45840288a2870d7c8746e7d743e7522fe78728d590f5a86be687257a2db60083b752bf4050e5e42e40cc6e5578236b3d9c6c3876495ebe930260a0be99f6fbf87e208542c3e9401581d7fccdd3956fc22731acbccf2f5c3d9aa28fd75cb2d4cd151719f4ab24bcee0ee4dc9b6e049461aa76063bb01761c607e446c59223d35ad7241f2b5d640e0d0b687ccfd7b0e974be4660cd0c91bbce51ffc220369e34d757e12d8169d2bcf0d4ed412c6977d8976c8ff37b94456a9bd617c0ef75914fbd3b784ff20590de30c78b873957690b02e004b18b1773c15a82bfa7aa45ad79dbdce2149fff12baa9a69f31d3b5eb5747a870c1a2b769e6dee29de6cced7dec9fd2a896ba405afa45f9b649a11b6a694a34d01bc5f8ee36bddcedbb4ebb22f1278bd5cf5a144c07cb7dd3c0f77090320e2437ad640c2c70a70e24e56e438404b4d39943ce8bce680b52d92f7f1ae5208e09f4b761bd1af20edebb5a91ebe1bd38105b50c72fb304ebe042ffe33d7a47895d967d2fd894cf3c131d46b1ff7d66937a929bd1cd7c30ea36ea5a8756f2f4501fbd81ac2ec6513ade849e5d8a43e21eb93ac9cec5d89215074c3d401a9fb9c8c5c473b7b3dae18f77cad8de4e3203d86715156e86aff9909b5069337900bfc62061897e87d7446e62f8a3d90ccd5e0e5cb66010de8892e4a81ba81db566625768455e9b703bd38f360e23a26b1423dac240f4275b1b12edbe05c5e1dd5e47d9e6503b3214c9af6bbfd7ecaac426eef446303424c1b588c2ff1f3337664b7f48473f0ab49ac79b5bd3dbb2ba5ab00e78484bb24f8250d486ae42dd9d294882931546c323a4654819d1764673b361b166020c7d69e8ba878955b6929e893e0194bf3930e1ccc82efb7315bd2da94e0dfeec1cd6de05bcc300088162bed55aab02ffb308d5208c0f434ad798e48e42fb6270950045956eebd302cb4261e2fa16195065e798ee12063cb7972389f2ef6ccedfefc92eec70b8f074545646d2e2a3ae5e6d50c585e8760184d2160b574c6b86ea4f8ce6d295e44fd6dfb88b89f6421c54cd837cb28a56e4d46a3beeabea3dca3895d6b87e3d2ca86c773a9d2a33ab805ab5cc987cc5b6f9057ee53b731d0b7352364240d2f30a76f737014403df29cef8f7bb5ba883000b72a6b988e4e0174c2a5bcef9c7557141eb05af7895b207b6e919fe79b9692fc724850fcb1b05d8654bbbf1038e9eab41c01b1761ee1cabf6462dd276482f78646701054dc17a659d7a8e93553dc4939cdf440d2dcdeb4c22269980d2fa8663d134edefb642da1f8e9c437194a38897622c7a56a3d9aed105673806bd60977dba9e6d6d3e4390222674a13d175bf30de67fb78a51044a78ba554d0fa1c3abacdc0dbb0645b449761e30ea3f2e31b6c2acebdf697d0e5bac8b346bfbbbad33c0b2d4652d42cf7c04fb472e8c494554af6e2111ba467e55b3038eac4d9a935fcc9463454588cf2e1c02a560244348766652497eb25e4c32d33be4eba4da1817616d6fab100e0161dd8685591899e43b67a8172ab46eef57377f9188e74f35aad4a7501ea80a8cc98cd9f7ed315994cc56edccea66dd1952efbeb576fe15dd3e0a5b19bcc5eb88dd10f2268a52a42bc0f267739a487b8930c2bccc75333e1cd920676891fe57edcc53947de8d90323cf1d0214028b18fed56d34c56f6715f9fba268d862fe0a159b04e301d491ff77e810c37120fbe67c5534e16fb592f9df8afe70fc3cd5239f024954d73c1b156e86bba56d7079dba06f4c75c149cf6faa410a1d7484c3e7cff9ce1d1044b1812a8906d38e16c7104ce59555513eb77a6b4b8156f5449bbd35eb2482e357cb3a0b5c4030f8c98c286b72dc6a700635aa2bbe77eb346f7a19aaa7b9bd8b61d2876ffc67384d2826a9f4537e324418c5cb243b104c02531960591d1160156841657c6243411e8aabd24e3849e78fb485be1f4bc55c5cb225e9ea24d631e507c7c118d7a08001600", @ANYRES32=r8, @ANYBLOB="08000700020000000400ea0000c3023bee0472f49db5db937b3a7d5639866bb1157b0221cf1f7fe339ebf24a32117a9eeda906fb351487f627f9258b76b32d4a8c48bf32e6"], 0x10fc}, 0x1, 0x0, 0x0, 0x4001}, 0x80) epoll_ctl$auto(0xffffffffffffffff, 0x1, r6, 0x0) 22m12.427675339s ago: executing program 3 (id=20): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x10, 0x0, 0x9) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) io_uring_setup$auto(0x1, 0x0) connect$auto(0x3, 0x0, 0x55) tkill$auto(0x1, 0xb) 22m11.849632725s ago: executing program 3 (id=26): r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$auto_BPF_MAP_UPDATE_ELEM(0x2, &(0x7f0000000040)=@bpf_attr_1={r0, 0xac, @next_key=0x8000000000000000, 0x9}, 0x9) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) mremap$auto(0x110c230000, 0x7, 0x101, 0x3, 0x862) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x88000, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) sysfs$auto(0x2, 0x100000000000038, 0x0) fsopen$auto(0x0, 0x1) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) r3 = ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) r4 = socket(0x10, 0xc080a, 0x10000003) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYRES32=r1], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYRES8=0x0, @ANYRES64=r3, @ANYRES32=r5], 0x1ac}, 0x1, 0x0, 0x0, 0x4040001}, 0x10040050) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x20000800) mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttynull\x00', 0x0, 0x0) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x22, &(0x7f0000000000), 0x1) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) recvmmsg$auto(r4, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={&(0x7f0000000040), 0xcb}, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\a\x00\x00'], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a00"], 0x1ac}}, 0x40000) 22m11.461629249s ago: executing program 32 (id=26): r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$auto_BPF_MAP_UPDATE_ELEM(0x2, &(0x7f0000000040)=@bpf_attr_1={r0, 0xac, @next_key=0x8000000000000000, 0x9}, 0x9) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) mremap$auto(0x110c230000, 0x7, 0x101, 0x3, 0x862) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x88000, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) sysfs$auto(0x2, 0x100000000000038, 0x0) fsopen$auto(0x0, 0x1) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) r3 = ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) r4 = socket(0x10, 0xc080a, 0x10000003) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYRES32=r1], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYRES8=0x0, @ANYRES64=r3, @ANYRES32=r5], 0x1ac}, 0x1, 0x0, 0x0, 0x4040001}, 0x10040050) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x20000800) mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttynull\x00', 0x0, 0x0) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x22, &(0x7f0000000000), 0x1) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) recvmmsg$auto(r4, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={&(0x7f0000000040), 0xcb}, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\a\x00\x00'], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a00"], 0x1ac}}, 0x40000) 5m1.937141627s ago: executing program 4 (id=4165): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_TSINFO_GET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="e3b72bbd7000fcdbdf2519000000180001801400020064756d6d7930f0ffffffffffffff2100"], 0x2c}, 0x1, 0x0, 0x0, 0x840}, 0x48000) 5m1.80085609s ago: executing program 4 (id=4166): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) socket(0x2, 0x2, 0x88) (async, rerun: 64) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) (async, rerun: 64) r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000003cc0)='/dev/bus/usb/016/001\x00', 0x1, 0x0) ioctl$auto_USBDEVFS_FREE_STREAMS(r0, 0x8008551d, &(0x7f0000000000)={0x2, 0x7, "81be"}) (async, rerun: 32) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) (async, rerun: 32) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x0, @rand_addr=0xfffffffe}, 0x55) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/ram10/queue/max_sectors_kb\x00', 0xe3102, 0x0) sendfile$auto(r1, r1, 0x0, 0x3) (async, rerun: 32) ioctl$auto(r0, 0x9, r1) (async, rerun: 32) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) fcntl$auto(0x3, 0x4, 0xa553) (async, rerun: 64) select$auto(0x7, 0x0, &(0x7f0000000080)={[0x209c, 0xe9e, 0x48, 0x15, 0x1000, 0x100000001, 0xc, 0xf, 0x0, 0x0, 0xe, 0xd59, 0x101, 0xff, 0x2, 0x1]}, 0x0, 0x0) (rerun: 64) 5m1.277652845s ago: executing program 2 (id=4169): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socket(0x10, 0x2, 0x4) r0 = socket(0x10, 0x2, 0x4) bind$auto(r0, 0x0, 0xe) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0xb, 0x0) socket(0xa, 0x2, 0x3a) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000200), 0x101001, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/platform/dummy_hcd.7/usb8/power/level\x00', 0x2881, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f00000002c0)="ddc4", 0x2) ioctl$auto_UI_DEV_SETUP(r1, 0x405c5503, 0x0) r3 = io_uring_setup$auto(0x52, 0x0) sendmsg$auto_NL802154_CMD_SET_SEC_PARAMS(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="05000000", @ANYRES16=0x0, @ANYRES16=0x0], 0xb5c}, 0x1, 0x0, 0x0, 0x20000000}, 0x20048080) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "abe6de3d6468fe8000"}, 0x55) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xffff}, 0x1, 0x0, 0x0, 0x9}, 0x100007}, 0x3, 0x0) 5m1.124226375s ago: executing program 2 (id=4170): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$auto(0x3, 0x8000ae41, 0xffffffffffffffff) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) clone$auto(0x0, 0x9, 0x0, 0x0, 0xdf00) 5m0.575388393s ago: executing program 4 (id=4173): mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x20002, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r0, 0xc0045002, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000000)="7f07d3") ioctl$auto_SNDCTL_DSP_SETFMT(r0, 0xc0045005, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x0, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x4, 0x4000000000df, 0x78, 0xffffffffffffffff, 0x300000000000) unshare$auto(0x20700) socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x54) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0x240007, 0x19) migrate_pages$auto(0x0, 0xa, &(0x7f0000000100)=0x5, &(0x7f0000000140)=0x2) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) sysfs$auto(0x2, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) madvise$auto(0x0, 0x2003f0, 0x1) madvise$auto(0x0, 0x200007, 0x19) lsm_list_modules$auto(&(0x7f0000000100)=0x1, 0x0, 0x2b7cb0f0) 4m59.667513132s ago: executing program 2 (id=4176): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f0000001400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)={0x18, r1, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@HWSIM_ATTR_NO_VIF={0x4}]}, 0x18}, 0x1, 0xfffffffd, 0x0, 0x24040000}, 0x40004) 4m58.902659046s ago: executing program 2 (id=4178): r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000001080)='/dev/v4l-touch5\x00', 0x103040, 0x0) read$auto_v4l2_fops_v4l2_dev(r0, &(0x7f00000010c0)=""/22, 0x16) socket(0x2, 0xa, 0x1) r1 = bpf$auto(0x0, 0x0, 0x10) mmap$auto(0x0, 0x2009, 0xfffffffffffffffa, 0x8000200008011, r1, 0x8000) mmap$auto(0x0, 0x8, 0xdf, 0xeb1, 0x0, 0x8000) r2 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000540), 0x20000, 0x0) mmap$auto(0x0, 0x2, 0xdf, 0xeb1, 0x401, 0x8000) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x147) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) unshare$auto(0x20000080) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) clone$auto(0xa, 0xffffffffffffff81, 0x0, 0x0, 0x6) move_pages$auto(0x1, 0x20007, 0x0, 0x0, 0x0, 0x8000000000000000) execve$auto(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20342, 0x0) r4 = openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000000), 0x400640, 0x0) r5 = open(&(0x7f00000000c0)='./cgroup\x00', 0x0, 0xb5d1af1605322df2) syz_clone3(&(0x7f00000003c0)={0x383201180, 0x0, 0x0, 0x0, {0x1a}, 0x0, 0x0, 0x0, 0x0, 0x0, {r5}}, 0x58) ioctl$auto_BTRFS_IOC_ENCODED_WRITE_32(r5, 0x40789440, &(0x7f0000000180)={0x2, 0x4, 0x1, 0x6, 0x800, 0x6611, 0x3, 0x393f, 0xdf22, "fb8a277999dffb6cad681cd118d3d6b5073a7694020de0b6c171d4b21e351d2add14b8e3b3ef644f8ece60e396f693b282fd82deddf82ee1646265c887f09a01"}) recvmmsg$auto(r4, &(0x7f0000000100)={{0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000008c0)="110a4bcb33695303dca0d8bfd38f3864f36a1503229bd3b9baad41ec8975c8d2227b6134657ffbe153caa1fd142e95953c9c36d7846c545e44a6942050519633960310d7eb1d0276813981a9ef2447cd6fd69d0b83ac42fadd939e54b1567257377f950d328544b13326fedac870dd0000003ceb786fbc472e68a866ec1e0718eba1643ce980ccb7220ff7a96a40bca1d61ff8f9c444bb6596614abacec733882a7a0a91e7b8f4c3c4478803440e29b8ad81ff48c3c7dcb75ff8cf8639fbc6a7aa16b63a3dcc1eaae9e1a9782100"/217, 0x4}, 0x227, &(0x7f00000003c0)="0f69fd6baf7dc6950e825518374365bb64dd459759ce670e9f1be19270c54a5d853bf3eb0ee9e76cdce32eaeb5329a49f47eab1ef181e84c8cd5d40f41a6ceec2b7ad83e7aee97b3f1e7a35c9d1fc0c33385f1cbe7baad1a7c542ba6db2b77dedcc5f5805f3b2b05b62dd095dee76c8560b441ef2c89f2644b1839573a9361f76991f222f49b858aff7b0699b59d2e97b2bfc072bf33fb4a7888bb991e3aa916f5232c9f298baf0d", 0x2, 0xfffffff4}, 0x7}, 0x5, 0x3, &(0x7f0000000480)={0x7, 0x4}) ioctl$auto_FS_IOC_FSSETXATTR(r3, 0x401c5820, 0xffffffffffff8000) ioctl$auto_SNDRV_TIMER_IOCTL_NEXT_DEVICE(r2, 0xc0145401, &(0x7f0000000580)={0x80000006, 0x0, 0xd12b, 0xfffffffd, 0x200a}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0xa, 0x3, 0x3a) setsockopt$auto(0x400000000000003, 0x29, 0xcd, 0x0, 0x567) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB='\\\x00\x00', @ANYRES16=r7, @ANYBLOB="01002dbd7000fbdbdf250100000007008000000008000900015a000008000a000800000014001f0000000000000000000000ffff0a01010014002000000000007c414bff956d9846ac1414aa00"/86], 0x5c}, 0x1, 0x0, 0x0, 0x40000}, 0x400c004) renameat$auto(r1, &(0x7f0000000040)='./cgroup\x00', 0xffffffffffffffff, &(0x7f0000000240)='./cgroup\x00') 4m55.161996259s ago: executing program 4 (id=4181): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$auto(0x3, 0x8000ae41, 0xffffffffffffffff) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) clone$auto(0x0, 0x9, 0x0, 0x0, 0xffffff7b) 4m54.984211944s ago: executing program 2 (id=4182): openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snd/controlC0\x00', 0x44200, 0x0) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x10ba02, 0x0) sendfile$auto(r0, 0x3, 0x0, 0x400000000006) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x4) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) (async) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) bind$auto(0xffffffffffffffff, &(0x7f0000000040)=@in={0x2, 0x5, @multicast2}, 0x6a) unshare$auto(0x40000080) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) close_range$auto(0x2, 0x8, 0x4) semctl$auto(0xa, 0x2, 0x13, 0xde) (async) semctl$auto(0xa, 0x2, 0x13, 0xde) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x80000401, 0x4000, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x5) (async) write$auto(0xffffffffffffffff, 0x0, 0x5) r1 = socket(0x11, 0xa, 0x9) bind$auto(r1, &(0x7f0000000140)=@in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x38}}, 0x9) mmap$auto(0x0, 0x20014, 0x7, 0xeb1, 0x404, 0xf) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) mprotect$auto(0x0, 0x806121, 0x8) (async) mprotect$auto(0x0, 0x806121, 0x8) mmap$auto(0x0, 0x20009, 0x10000008000df, 0xeb1, 0x401, 0x8000) socket(0xa, 0x801, 0x84) (async) socket(0xa, 0x801, 0x84) open(0x0, 0x0, 0x408) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, 0x0, 0x48402, 0x0) read$auto(r2, 0x0, 0x9a28) (async) read$auto(r2, 0x0, 0x9a28) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0) writev$auto(r3, 0x0, 0x3) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) (async) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) 4m49.096469896s ago: executing program 4 (id=4186): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r0 = io_uring_setup$auto(0x59, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = socket(0x2a, 0x2, 0x6) connect$auto(0x3, &(0x7f0000000180), 0x54) io_uring_setup$auto(0x6, 0x0) r2 = socket(0xa, 0x801, 0x84) mmap$auto(0x0, 0x2020009, 0x9, 0xeb1, r2, 0x8000) bind$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) setsockopt$auto(0x3, 0x10000000084, 0x81, 0x0, 0x8) read$auto(0x3, 0x0, 0x80) getsockname$auto(r1, 0x0, 0x0) close_range$auto(0x2, 0x8000, 0x0) ioctl$auto_SNDCTL_TMR_STOP(r0, 0x5403, &(0x7f0000000000)="d9ca531414b13222027eab02e80d3ee77ac4786eb7afd2df") ioctl$auto(0xffffffffffffffff, 0xc0046209, 0x9) close_range$auto(0x2, 0x8, 0x0) 4m46.169747174s ago: executing program 4 (id=4190): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nlctrl(0x0, 0xffffffffffffffff) r1 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000340), r0) sendmsg$auto_BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f0000000440)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x28, r1, 0x4, 0x70bd29, 0x25dfdbfb, {}, [@BATADV_ATTR_BLA_BACKBONE={0xa, 0x21, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, @BATADV_ATTR_BLA_VID={0x6, 0x20, 0xd1}]}, 0x28}, 0x1, 0x0, 0x0, 0x20008010}, 0x80) sendmsg$auto_CTRL_CMD_GETPOLICY(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c00", @ANYBLOB="01032cb57000fbdbdf250a004b4900000600010017000000"], 0x1c}, 0x1, 0x0, 0x0, 0x400c01d}, 0x0) r2 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000080), r0) sendmsg$auto_MACSEC_CMD_ADD_RXSC(0xffffffffffffffff, &(0x7f0000004100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)={0x14, r2, 0x1, 0x70bd26, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x20040801}, 0x4000040) unshare$auto(0x40000080) socket(0xa, 0x5, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/fs/cifs/mount_params\x00', 0x802, 0x0) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000640)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\xff\x7f\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc:\xfa\x01\xd1\xa3\xb5\xc2B\xa5\xac:woR^a\xb9}\xe7\xbd\xe1\xf77.\xa3\xd8\xc2T\x95\x13\x91\xb6p\xf3\xb2w\xe6\xd7\x94DW\x97\x90a\xe6c\xfb\x88x\xd5L\xa9\xe4\x82\x04\xb1\x8b\r\xcaP\\\x1aVP\xc9\xa4`\xfd\v\x94\f\xc1\x0fQ\xc9\xdcL\x03\x9c\xbfk\xa6\xb1\xb0\xa1\xeeJ\xd8\xef\xc8t\x9d\x1e=J\x91W\xc6AuJ\xb9Q\xed\xd1\a\x05\x9d\x85\xb7b#r\xcd\xaf\xb7\x9f\xf7\xd2\xae\x0f\x98\xa9&\xb6~\xd4\xbd\xbbr\xb9\xc3\xacH!\xc1\x90K2\x05K@\xee\xac\xe8\xc7\t\xab\xbf\xa3\xedb\xd7\xb5\xd7\x83&\x95\xb2?\x0e\x85\xaaIGu\xd6$\xeb\xb6\xdd\a\x121\a\xac\x1bx#\x87\xa9\x10\x9b\xf8YD\x04ZL\xca\x99]\x8f[\x90[\xa8\xbf\x98\xa6\xe50(zC\xe84*w\x13\x96\xd5\xd0\x877\x12\xbc\xa1\xd0h@|\xf9\xfa\x9b\x17\x94\xb9\xe7\xf3\x15\x05\x91\xe8\x98p\x7f:\xd7s\xd9wo\x82\xda\xec\x91\xb7\xd9;H\x8a\b\x00\x00\x00\x00\x00\x00\x00\x8aZ\x94\x14$X7\xaeW6=^I\x9fQ\r5c\x81\xca]\x97m\x89o\x8f\xd8}P>I\xd0\xb3\x88C\xd7', 0x100000a3d9) ioctl$auto(0xffffffffffffffff, 0x540a, 0x0) close_range$auto(0x2, r3, 0x4401) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x82000, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) ioctl$auto(0x3, 0xc0105303, 0x38) poll$auto(&(0x7f0000000180)={0xffffffffffffffff, 0xfff7, 0x9816}, 0x7f, 0x9) ioctl$auto_VHOST_SET_OWNER(r4, 0xaf01, 0x0) r5 = openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000000), 0x2400, 0x0) mmap$auto(0x0, 0xa00006, 0x2, 0x40eb1, 0x602, 0x300000000000) ioctl$auto_UBI_IOCDET(r5, 0x40046f41, 0x0) migrate_pages$auto(0x0, 0xa, &(0x7f00000000c0)=0x52a6, &(0x7f0000000140)=0x2) ioctl$auto_VHOST_SET_LOG_FD2(0xffffffffffffffff, 0x4004af07, &(0x7f00000003c0)) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) 4m42.6355586s ago: executing program 2 (id=4194): rseq$auto(&(0x7f0000000300)={0xe, 0x401, 0x0, 0x6, 0xffffffff, 0x2}, 0x8000, 0x0, 0x6) fsconfig$auto(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x20000000000000e2, 0xeb1, 0x405, 0x8000) socket(0xa, 0x2, 0x88) setsockopt$auto(0xffffffffffffffff, 0x1, 0x22, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8004) unshare$auto(0x40000080) r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x40e00, 0x0) ioctl$auto_PPPIOCSMRU(r0, 0xc004743e, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000380)='/sys/devices/virtual/tty/ptyd3/dev\x00', 0x7c1882, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_taskstats(&(0x7f0000000000), r1) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0x4, 0x9b73, 0xffffffffffffffff, 0x0) r2 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000080)=""/64, 0x40) ioctl$auto_VHOST_SET_MEM_TABLE(r2, 0x4001af84, 0x0) ioctl$auto_VHOST_SET_OWNER(r2, 0xaf01, 0x0) r3 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_MEM_TABLE(r3, 0x4001af84, 0x0) ioctl$auto_VHOST_SET_OWNER(r3, 0xaf01, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x0) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x891}, 0x10040) openat$auto_ima_measure_policy_ops_ima_fs(0xffffffffffffff9c, 0x0, 0x40001, 0x0) socket(0x2, 0x80802, 0x0) 4m30.798879119s ago: executing program 33 (id=4190): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nlctrl(0x0, 0xffffffffffffffff) r1 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000340), r0) sendmsg$auto_BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f0000000440)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x28, r1, 0x4, 0x70bd29, 0x25dfdbfb, {}, [@BATADV_ATTR_BLA_BACKBONE={0xa, 0x21, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, @BATADV_ATTR_BLA_VID={0x6, 0x20, 0xd1}]}, 0x28}, 0x1, 0x0, 0x0, 0x20008010}, 0x80) sendmsg$auto_CTRL_CMD_GETPOLICY(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c00", @ANYBLOB="01032cb57000fbdbdf250a004b4900000600010017000000"], 0x1c}, 0x1, 0x0, 0x0, 0x400c01d}, 0x0) r2 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000080), r0) sendmsg$auto_MACSEC_CMD_ADD_RXSC(0xffffffffffffffff, &(0x7f0000004100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)={0x14, r2, 0x1, 0x70bd26, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x20040801}, 0x4000040) unshare$auto(0x40000080) socket(0xa, 0x5, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/fs/cifs/mount_params\x00', 0x802, 0x0) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000640)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\xff\x7f\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc:\xfa\x01\xd1\xa3\xb5\xc2B\xa5\xac:woR^a\xb9}\xe7\xbd\xe1\xf77.\xa3\xd8\xc2T\x95\x13\x91\xb6p\xf3\xb2w\xe6\xd7\x94DW\x97\x90a\xe6c\xfb\x88x\xd5L\xa9\xe4\x82\x04\xb1\x8b\r\xcaP\\\x1aVP\xc9\xa4`\xfd\v\x94\f\xc1\x0fQ\xc9\xdcL\x03\x9c\xbfk\xa6\xb1\xb0\xa1\xeeJ\xd8\xef\xc8t\x9d\x1e=J\x91W\xc6AuJ\xb9Q\xed\xd1\a\x05\x9d\x85\xb7b#r\xcd\xaf\xb7\x9f\xf7\xd2\xae\x0f\x98\xa9&\xb6~\xd4\xbd\xbbr\xb9\xc3\xacH!\xc1\x90K2\x05K@\xee\xac\xe8\xc7\t\xab\xbf\xa3\xedb\xd7\xb5\xd7\x83&\x95\xb2?\x0e\x85\xaaIGu\xd6$\xeb\xb6\xdd\a\x121\a\xac\x1bx#\x87\xa9\x10\x9b\xf8YD\x04ZL\xca\x99]\x8f[\x90[\xa8\xbf\x98\xa6\xe50(zC\xe84*w\x13\x96\xd5\xd0\x877\x12\xbc\xa1\xd0h@|\xf9\xfa\x9b\x17\x94\xb9\xe7\xf3\x15\x05\x91\xe8\x98p\x7f:\xd7s\xd9wo\x82\xda\xec\x91\xb7\xd9;H\x8a\b\x00\x00\x00\x00\x00\x00\x00\x8aZ\x94\x14$X7\xaeW6=^I\x9fQ\r5c\x81\xca]\x97m\x89o\x8f\xd8}P>I\xd0\xb3\x88C\xd7', 0x100000a3d9) ioctl$auto(0xffffffffffffffff, 0x540a, 0x0) close_range$auto(0x2, r3, 0x4401) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x82000, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) ioctl$auto(0x3, 0xc0105303, 0x38) poll$auto(&(0x7f0000000180)={0xffffffffffffffff, 0xfff7, 0x9816}, 0x7f, 0x9) ioctl$auto_VHOST_SET_OWNER(r4, 0xaf01, 0x0) r5 = openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000000), 0x2400, 0x0) mmap$auto(0x0, 0xa00006, 0x2, 0x40eb1, 0x602, 0x300000000000) ioctl$auto_UBI_IOCDET(r5, 0x40046f41, 0x0) migrate_pages$auto(0x0, 0xa, &(0x7f00000000c0)=0x52a6, &(0x7f0000000140)=0x2) ioctl$auto_VHOST_SET_LOG_FD2(0xffffffffffffffff, 0x4004af07, &(0x7f00000003c0)) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) 4m27.201119471s ago: executing program 34 (id=4194): rseq$auto(&(0x7f0000000300)={0xe, 0x401, 0x0, 0x6, 0xffffffff, 0x2}, 0x8000, 0x0, 0x6) fsconfig$auto(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x20000000000000e2, 0xeb1, 0x405, 0x8000) socket(0xa, 0x2, 0x88) setsockopt$auto(0xffffffffffffffff, 0x1, 0x22, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8004) unshare$auto(0x40000080) r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x40e00, 0x0) ioctl$auto_PPPIOCSMRU(r0, 0xc004743e, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000380)='/sys/devices/virtual/tty/ptyd3/dev\x00', 0x7c1882, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_taskstats(&(0x7f0000000000), r1) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0x4, 0x9b73, 0xffffffffffffffff, 0x0) r2 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000080)=""/64, 0x40) ioctl$auto_VHOST_SET_MEM_TABLE(r2, 0x4001af84, 0x0) ioctl$auto_VHOST_SET_OWNER(r2, 0xaf01, 0x0) r3 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_MEM_TABLE(r3, 0x4001af84, 0x0) ioctl$auto_VHOST_SET_OWNER(r3, 0xaf01, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x0) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x891}, 0x10040) openat$auto_ima_measure_policy_ops_ima_fs(0xffffffffffffff9c, 0x0, 0x40001, 0x0) socket(0x2, 0x80802, 0x0) 4.061884819s ago: executing program 5 (id=5522): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) personality$auto(0xfffffffc) mmap$auto(0x0, 0x61, 0x100001000000003, 0x9b72, 0x2, 0x8000) r1 = io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x20009, 0x2, 0x13, r1, 0x8000) mprotect$auto(0x0, 0x7fffffff, 0x7) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/fs/netfs/volumes\x00', 0x40080, 0x0) pread64$auto(r3, 0x0, 0x8100000041, 0x413e) clock_nanosleep$auto(0xfffffff2, 0x5, 0x0, 0x0) mremap$auto(0x1ff000, 0x100005, 0x843, 0x3, 0x2) mremap$auto(0xfffff000, 0x4, 0x4, 0x7, 0x1001ff000) fsopen$auto(0x0, 0x1) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) madvise$auto(0xfffffffffffffffa, 0x9, 0x19) waitid$auto_P_PIDFD(0x3, r2, &(0x7f0000000040)={@siginfo_0_0={0x2, 0x4, 0x0, @_rt={0xffffffffffffffff, 0x0, @sival_ptr=&(0x7f0000000280)="79ca6170c72c9b5affac767c0127e58e38f3f407303ed544651fc514ea2bf3a8d8ec1b5efc99d62cbb8043d4582607afd440f400a4fdcd74a0d6cc759ee437d05a5a149e70f79615cb36ed421aea340b2fe64c6f0439d9294cee642b94067691cdb8738f2363b14d75159d50f1d2041552ec66151a9f701e52dbbc1da461754f08314b0d6bbb04733b1e75896aa1d04e8e80eeef31efb7c1d6d29923d10bb06fc202e8c6970da24c428b428a45a8146761b0799727aa98dee9a474d1ec2011619ef92795e56f01adc6944105d7bf5c917ab81c899a21ee50a5ef56db545f7c67b8077183bc65"}}}, 0x20f5, &(0x7f0000000440)={{0x0, 0x80}, {0x8, 0x3}, 0xc2, 0xfffffffffffffff1, 0x80000001, 0x9, 0x1, 0xffffffffffffffff, 0x101, 0x101, 0xffc, 0x0, 0x803, 0x9, 0x8, 0xfffffffffffffffa}) madvise$auto(0xfffffffffffffffd, 0x2003f2, 0x200) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x4, 0x4000000000df, 0x78, 0x4, 0x300000000000) socket(0x1d, 0x3, 0x1) ptrace$auto(0x4206, 0x1, 0x100000000, 0xe855) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x16520d0acfefc4f4, 0x0) sendfile$auto(r4, r4, 0x0, 0x3) madvise$auto(0x0, 0xffffffffffff0005, 0x3) 3.564587105s ago: executing program 6 (id=5525): r0 = socket(0xa, 0x2, 0x88) bpf$auto(0x0, &(0x7f0000000000)=@link_update={r0, @new_prog_fd=0x4, 0x4, @old_prog_fd=r0}, 0xa3) 3.357538136s ago: executing program 6 (id=5526): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000080), r0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000dc0)={&(0x7f0000000300)={0x18, r1, 0x1, 0x70bd2a, 0x25dfdbfd, {}, [@HWSIM_ATTR_MLO_SUPPORT={0x4}]}, 0x18}, 0x1, 0x0, 0x200000000000000, 0x48041}, 0x10) 3.162238947s ago: executing program 6 (id=5528): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) socket(0x10, 0x2, 0x0) connect$auto(0xffffffffffffffff, &(0x7f00000000c0), 0x55) getcwd$auto(0x0, 0xffffffffffffffff) open_tree$auto(0xffffffffffffffff, 0x0, 0x2) (fail_nth: 11) 2.66465074s ago: executing program 6 (id=5533): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_proc_page_owner_operations_page_owner(0xffffffffffffff9c, &(0x7f0000000040), 0x20200, 0x0) r1 = socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) (async) setsockopt$auto(0x3, 0x10000000084, 0x81, 0x0, 0x8) (async) getsockopt$auto(r1, 0x84, 0x16, 0x0, 0x0) (async) r2 = openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, &(0x7f0000000080), 0x8000, 0x0) ioctl$auto_I2C_SMBUS(r2, 0x720, 0xfffffffffffffffe) close_range$auto(r0, 0x8, 0x0) (async) r3 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) close_range$auto(0x0, 0x5, 0x0) (async) socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x8001, 0x3ff57696, 0x9b72, 0x2, 0x8000000000008000) (async) setsockopt$auto(0x3, 0x80, 0x6b, 0x0, 0x20) pipe$auto(0x0) (async) pipe$auto(0x0) (async) write$auto(0x3, 0x0, 0xfdf3) (async) tee$auto(0x2000000000000, 0x3, 0x402, 0xd) sysfs$auto(0xfff, 0x2, 0x7) close_range$auto(r3, r3, 0x0) r4 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x8000, 0x0) ioctl$auto_SNDCTL_SEQ_RESETSAMPLES(r4, 0x40045109, &(0x7f0000000040)) (async) socket(0x25, 0x801, 0x0) (async) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fb0\x00', 0x8002, 0x0) (async) ioctl$auto(0x3, 0xc0684608, 0x10000000000402) connect$auto(0x3, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x2711}, 0x51) (async) shutdown$auto(r3, 0x0) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/platform/dummy_hcd.0/usb1/power/autosuspend_delay_ms\x00', 0x40, 0x0) 2.601999809s ago: executing program 6 (id=5535): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0x20000000000e31, 0x40000000000a5, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0x0, 0xffffffffffff0006, 0x17) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xf, 0x3, 0x2) io_uring_setup$auto(0x2, 0x0) write$auto(0x3, 0x0, 0x81) syz_genetlink_get_family_id$auto_seg6(0xfffffffffffffffd, 0xffffffffffffffff) open(&(0x7f0000000800)='./file0\x00', 0x62240, 0x154) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_GTP_CMD_NEWPDP(r0, &(0x7f0000003080)={0x0, 0x0, &(0x7f0000003040)={&(0x7f0000000000)={0x2c, 0x0, 0x5, 0x70bd2b, 0x25dfdbfd, {}, [@GTPA_LINK={0x8, 0x1, 0x5}, @GTPA_VERSION={0x8, 0x2, 0x1}, @GTPA_I_TEI={0x8, 0x8, 0x6}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4c000}, 0x80) socket(0x10, 0x2, 0x0) userfaultfd$auto(0x1) socket(0xa, 0x801, 0x84) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1, 0x1, 0x1) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) socket(0x2, 0x801, 0x106) socket(0xa, 0x2, 0x0) socket(0xa, 0x2, 0x3a) bpf$auto(0x0, &(0x7f0000000000)=@link_update={0xffffffffffffffff, @new_prog_fd=0x4, 0x4}, 0xa3) 2.304630934s ago: executing program 6 (id=5538): unshare$auto(0x40000080) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/oom_adj\x00', 0x48402, 0x0) read$auto(r0, 0x0, 0x1f40) unshare$auto(0x97) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x8802, 0x0) writev$auto(r1, &(0x7f00000000c0)={0x0, 0xffffffff}, 0x6) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) r3 = prctl$auto_PR_SET_SECCOMP(0x16, 0x1, 0x6, 0x7ff, 0x9) read$auto_proc_single_file_operations_base(r3, &(0x7f0000000100)=""/236, 0xec) preadv2$auto(r2, &(0x7f0000000080)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x4, 0x2e) capset$auto(0x0, 0x0) futex$auto(&(0x7f0000000080)=0x2948, 0x9, 0x2948, 0x0, 0x0, 0x5) futex$auto(&(0x7f0000000000)=0xf0fe, 0x5, 0x4, 0x0, &(0x7f0000000080)=0x9, 0xfffffff9) 2.203030365s ago: executing program 0 (id=5539): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) (async) r2 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa507}, 0x800}, 0x7, 0x8) r3 = clone3$auto(&(0x7f0000000280)={0x8, 0x187a, 0x6, 0x32, 0x100, 0xc, 0x4, 0x7fffffff, 0xb, 0x7, 0x8cd2}, 0xfff) sendmsg$auto_NL80211_CMD_REMOVE_LINK_STA(r0, &(0x7f0000000500)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000340)={0x1b4, r1, 0x20, 0x70bd27, 0x25dfdbfb, {}, [@NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x1}, @NL80211_ATTR_KEY={0x18, 0x50, 0x0, 0x1, [@generic="b4065d2de40ec48c0d25460f", @typed={0x8, 0x143, 0x0, 0x0, @fd=r2}]}, @NL80211_ATTR_BSSID={0x7d, 0xf5, "f61bf14a82efd4217367185ea8fa5f8d062b35d1f6aa86950ec735e092547789eb6c1b16cac7966b9ab9e15b3911ec5de829c4a6701e363d5f8064ae2f9cd2bb5823db282692478dc0eea2ecb3839a0de819734ff34015a36a91751ce66fe8ea130315a1d24d0b2fd2b3c13aabca3619c78088044ae8f671ed"}, @NL80211_ATTR_PID={0x8, 0x52, r3}, @NL80211_ATTR_EHT_CAPABILITY={0xc9, 0x136, "188c0ff2e4526050cc1f1d69135982193c93d6ca29ed0d030da98e416ed1dba3b533c196ab998121f449a2aa7054daf8413c4963b6696204f3a86e44068e72e766ed23858f66e2cb09360b0cfecb1f98fb4df9a242d3fceb7497f6c3fd188315800a8bc1b2d86484030963f45479d70d4ddfd1dde14dba163fd297c82a0ed80a32e4d5730397bfdd6fbf644a965e374ced6dd899d180f0fa65baea9b777d6fe61715f994dd89dc1d5707eb71cc22465bc9287c06dbd822b4d8620ba92be18f7d3368b2f308"}, @NL80211_ATTR_MBSSID_CONFIG={0x14, 0x132, 0x0, 0x1, [@NL80211_MBSSID_CONFIG_ATTR_INDEX={0x5, 0x3, 0xff}, @NL80211_MBSSID_CONFIG_ATTR_INDEX={0x5, 0x3, 0xff}]}, @NL80211_ATTR_PUNCT_BITMAP={0x8, 0x142, 0x3d}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x6}, @NL80211_ATTR_WIPHY_NAME={0x8, 0x2, '#.#\x00'}]}, 0x1b4}, 0x1, 0x0, 0x0, 0x4042000}, 0x4000080) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0) (async, rerun: 32) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000336bd7000fedbdf25020000"], 0x24}, 0x1, 0x0, 0x0, 0xc005}, 0x4) (async, rerun: 32) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' \x00\''], 0x1ac}}, 0x40000) (async) r4 = socket(0x10, 0x2, 0x0) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000000), r4) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x44814}, 0x2004c0c4) sendmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa507}, 0x800}, 0x7, 0x8) 2.112369542s ago: executing program 1 (id=5540): mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x80000000000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x1, 0x0) io_uring_setup$auto(0x4, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x10, 0x2, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv6/conf/batadv_slave_0/proxy_ndp\x00', 0x382, 0x0) socket(0xa, 0x1, 0x84) socketpair$auto(0x3, 0x80001, 0x7d, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "abe6de3d6468fe800000000091ff"}, 0x1b) 2.034044234s ago: executing program 5 (id=5541): mmap$auto(0x3ff, 0x7ff, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_SESSION_MODIFY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14, r1, 0x41, 0x70bd25, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x40008840}, 0x0) socket(0x1e, 0x4, 0x0) r2 = openat$auto_proc_environ_operations_base(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/thread-self/environ\x00', 0x400000, 0x0) setsockopt$auto(r2, 0x10f, 0x81, 0x0, 0x8000001) mmap$auto(0x2, 0x400008, 0x40000000000000e0, 0x9b72, 0x2, 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x80000000000000a, 0x2, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/loop7/trace/act_mask\x00', 0x402, 0x0) write$auto(0x3, 0x0, 0xfffffdef) r3 = socket(0x15, 0x801, 0x5033d8e0) setsockopt$auto(r3, 0x10000000084, 0x3, 0x0, 0x3) r4 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/sg0\x00', 0x200, 0x0) ioctl$auto_BLKTRACESTOP2(r4, 0x1275, 0x0) r5 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/lapb3/threaded\x00', 0x8a801, 0x0) write$auto(r7, &(0x7f0000000000)='1\x00\x00%\xcc\x00\x00\x00\x00\x00\x00 \x00\x00', 0x81) r8 = openat$dir(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', 0x48400, 0x41) unlinkat$auto(r8, &(0x7f0000000100)='./file0\x00', 0x34e2) fchmod$auto(r8, 0x7439) setreuid$auto(0x4, 0x8) mkdir$auto(&(0x7f0000000040)='./file0\x00', 0xfee) r9 = set_tid_address$auto(&(0x7f00000000c0)=0x5) sendmsg$auto_MACSEC_CMD_ADD_TXSA(r3, &(0x7f0000001b00)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000001ac0)={&(0x7f0000001b40)=ANY=[@ANYBLOB="b4190000", @ANYRES16=r5, @ANYBLOB="100025bd7000fbdbdf2504000000761402808f019c8004004c8008004a000000000004001c804936be76b71d82fd078bb30b59eabe85509d0f7133101d5cbd571213c9a9fd7d215d17aabe8dea7469ba0c9dc6a841a68b7a6b0a0bd02211eaa6a9464171a6823411bf52fbaca23a7b292e9394d3dd464d21c124fe3832d80e0b69316f13cdcb238a2175778a8bc1a0b103d3fb088ad45504003c8004009080d3b41842f5fbc029cf1626973e9ad18f379dcb6ee92bee1d6bec0a606494b215efaa0bb8b1db16238a22c702f5e074de3dbc7b5ecc4b4a8eac672e9429b28e325e72bd3235aeb454ca702f4272e3ff0b18b76a186f53ef9eac9f6809e918bdc4bc8ff87d98939e374255c1ee6e114cc50005a355fa3f66b44ccff7ce2e0d48d84b903b660f23f09c3549e1903ddd80d1cd32d07386c9de7ec1d68c97b23fd9b37453f69ca02f7cbabf07455fe764e205b6515bf3a1fffe5298c341124a3b88a27e8760d84ce1f73dbaac5d9d1c1cf111fb24964ac21d4f1a01be41a55e3e92dfd9e084fe95e53786231c53203ab7da9060409837058f8cc946246126afcb0400468000b111678004001b8008009f00", @ANYRES32, @ANYRES64=r2, @ANYRES32=r6, @ANYBLOB="8e020980e3d39bcfb7af18c732b880b1882b04b54ef4907f32771df1906990df95c0fb7ab8428ee3a71d75a4f867f8d095e782295cef511cd575974c8523a1b307ce52167fbed6ffe53e71d97827da02123a3ce5731d1887695ebce1eb7f8fadcb2a4deb8255c108cd245c35520b0868b5c07182dae4150238b498eda482ced4746e0e619c8dd3f1426139bf0449561bcc6360d0373bb8fcf0aadb130124745c7f2f3b0caa3f15a498e42fd5bcdc346b76577e8b6776a695aa8b3be06d875d74799280f97fef9bd5c9fc7aa251dbfe2afffde2959cfb54b9b3d89e27642ff96c8a833a01c02a3174fd69398802429c22212e1820fbef276cb9e31c2a7720fdce40928d59cc679d8ac3df2d370226ea04375cd1bfbd0cfec5ca95c6e99aa515f847e254203287f1201ec5cfe263bc1c675144d3e0fabc4ce7c90be94e813e93db0881d823f7fbd3d493fca7e782b7419faec9d24dc2eb616cb110b67184dd5a2babd3acf76aa20eb2a8c806f91ec1e10647c2a52b527da357512277f3ae9edd8664b6447eed12f7026c0dbf4196fcce0d8a17017bec2908c9913bb30f36dfe5e8b0592de714ba39cd6e3d6d4a3080e89572d99d301a893236d461d4008d80090001005d272540000000000400d180dba4de00398a74f81f4818ec34ab10cdbfc9089fb30c3fbec9484e50fe294fae50c5f02b689ff1b9e0058fa5193ffbd51fbc445bbc809302f87327f97f099b529808001500", @ANYRES32=r9, @ANYBLOB="9e34ab698e4d370bc7a99b4aa23ce1b2385fe76fa48cd45ad5658add6e6679eb14f4a3e11e393cbb26d3d2ebabde4bcae9fb0b9e913e880174d6036feaefdf1bcf4ae59c28e709f91c0b8d2fa2392bdbcb733599b574db125816baa40d6f5572556550e2cca376eff4a9fdfe6f19b8eac9003a0400360000008f0209800700a2002c210000360100805f7917f241ada09e5ad4190ce4ca899cb82c48c1f08744393520872b1b82e55373d389316cb0ad23c9577025e78f8d8fc1010948001fba26f1587be8bcac4bc521e33894bf2313e860b824d0b23394f203f4280feeb8c4f89725b0195f2b619d63c6a0654caa78af2cc577dbdd3096ad19d6e9ab4fd2c3d780bf6ac2393f2536f813b96d76e423d6613ccc19ceffff7d51db1c2a636021ebbe903e55b4bdcfdad71c32aea712358a37b0e696b17b5c23d79e47c9965d5b5dc999b5696edfbd185eb6d202f38315facd4fd5a9d21c11238cd7b2e3908133867c17b91d6d446a507708c3e65d167cd0df588d4ed97dbd5878d095ca17e1bf3f5798c51a4f00e05f405daf4685c24e19cd89c3d56961478ed22c0f1cdd0ca50499f57a3c6339e846d2f4275ca6092d4c8d3851899b2004001c8000003fe3753b5f8c7a8df25d104890eab7f88b8c4e4d2514399d234d73d4b14418ca20c99d14c2e7d8f6577804d6e37961ae7c60c6b275f12a3dd6e14e1e7f58e16cd5afed14ab0968932d805713c263356039a43f936652fe24431bd1007a0144867af163c4a7b24f2e1f7c3e0e0800fe00070000000c0033000100000000000000d10c0198f03c303f3bce9f3b80871de7fb1e987543221983a85d8086a30c4c5f3a9b5ca5ebcd671099db6d883088045888cbae6a4b3ef3f41756113dd289a57335c591407beafbb243c3ca8832ef214b108e0cf48a5645c7dbb86fa0197c60324eb36730c7e6c84ba854775a8ac806863855c277db3891cafc2a03c1f415128394c82a856eca5d7c95383558c44931107ecefceec46e0db730323e5e4dfd4512e2ba2559fb1df87e839387bc36ed3537adcc765f98ba82aefbc8ddab0e03e3761e1b070fac2923ba1fd9d2007ee68cd3956b1426b7a1ee27227cf7f39435afe8d26b748e4ac3acafd9b96940466b6c6b5ebe1a4137f02d16af63f41ec3e5c66f0fd55f07a0789ab80980879b38d63ac2d8a4430542399c4cfd03f2484ac20339abe4283027137700a89a50beb10b"], 0x19b4}}, 0x840) socket(0x11, 0x3, 0x80000000) 1.975595482s ago: executing program 0 (id=5542): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) r0 = openat$auto_nsim_nexthop_bucket_activity_fops_fib(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/fib/nexthop_bucket_activity\x00', 0x1, 0x0) r1 = open(&(0x7f0000000480)='./cgroup.cpu/cgroup.procs\x00', 0x80a40, 0x9e) read$auto(r1, 0x0, 0x8004000000) write$auto(r0, 0x0, 0x6) 1.862660947s ago: executing program 1 (id=5543): setitimer$auto(0x1, &(0x7f0000000000)={{0x2, 0x4}, {0x5, 0x6}}, 0x0) close_range$auto(0x0, 0xffffffffffffffff, 0x2) socket(0xa, 0x2, 0x0) r0 = socket(0x18, 0x5, 0x1) connect$auto(r0, &(0x7f0000000000)=@in={0x2, 0x100}, 0x3a) r1 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x40, 0xcdf, 0x7, 0x3ff, r1, 0x2e) r2 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000100), r1) sendmsg$auto_L2TP_CMD_SESSION_GET(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001a80)=ANY=[@ANYBLOB="18100000", @ANYRES16=r2, @ANYBLOB="111329bd7000fcdbdf2508"], 0x1018}, 0x1, 0x0, 0x0, 0xefb7e034ab6a1498}, 0x24000084) 1.811195142s ago: executing program 5 (id=5544): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/block/ram9/make-it-fail\x00', 0x2002, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_nsim_nexthop_bucket_activity_fops_fib(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/fib/nexthop_bucket_activity\x00', 0x1, 0x0) r1 = open(&(0x7f0000000480)='./cgroup.cpu/cgroup.procs\x00', 0x80a40, 0x9e) read$auto(r1, 0x0, 0x8004000000) write$auto(r0, 0x0, 0x6) 1.462599119s ago: executing program 1 (id=5545): mmap$auto(0x0, 0x120009, 0x4000000000db, 0xeb1, 0x1, 0x8000) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0f0026"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) seccomp$auto(0x101, 0x4, &(0x7f00000003c0)="617bc1d2bc1f79487750685c198a07582a8e3f00a2966c2de9eb9fac7928f3531ab3a854e91a41cea12620eba2afc0563f217cc77dc8e1f8c7ec1c41eb1a54a81d3de6c980a69b82419699387c271a8d2a81dc6bdccce4547972388cbd21a83a60e7ed5296eff6d8903fdff6972063c831613779d3900d31073a3889c8b8416c66c868a9ce882629304750c24501bc2bf4748fe9dcaca9b2fadb5be4ba01cec3edc0a9bf8152a82f0598cc533c7690bfff748fd04fbe812dcfc4f3f711975d424fd84b1813358e39be0095322d") sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB='1'], 0x3c}, 0x1, 0x0, 0x0, 0x88010}, 0xc008081) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="13"], 0x1ac}}, 0x4004) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/ip_forward_update_priority\x00', 0x202, 0x0) sendfile$auto(r0, r0, 0x0, 0x7ffff000) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) r1 = socket(0x1d, 0x2, 0x7) r2 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(r1, &(0x7f0000000000)=@can={0x1d, r3}, 0x6a) connect$auto(0x3, &(0x7f00000018c0)=@can={0x1d, r4}, 0x18) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x3f0000f5) 1.214877587s ago: executing program 0 (id=5546): socket(0x11, 0x2, 0x6) openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/006/001\x00', 0x1, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f00000000c0), 0x222680, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/009/001\x00', 0xa101, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nlctrl(0x0, 0xffffffffffffffff) sendmsg$auto_CTRL_CMD_GETPOLICY(r0, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000001180)={&(0x7f0000001100)={0x1c, r1, 0x301, 0x70bd25, 0x25dfdbff, {}, [@CTRL_ATTR_FAMILY_NAME={0x8, 0x2, '${,\x00'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000800}, 0xc040810) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x80002, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/msr/parameters/allow_writes\x00', 0xa0302, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/tty45\x00', 0x201, 0x0) openat$auto_lowpan_enable_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x109500, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x11, 0x3, 0x2) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) socketpair$auto(0x4004, 0x8, 0x7, 0x0) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r3, 0x5423, 0x0) ioctl$auto_TCFLSH2(r2, 0x5408, 0x0) 1.079013598s ago: executing program 0 (id=5547): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0x20000000000e31, 0x40000000000a5, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0x0, 0xffffffffffff0006, 0x17) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xf, 0x3, 0x2) io_uring_setup$auto(0x2, 0x0) write$auto(0x3, 0x0, 0x81) syz_genetlink_get_family_id$auto_seg6(0xfffffffffffffffd, 0xffffffffffffffff) open(&(0x7f0000000800)='./file0\x00', 0x62240, 0x154) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_GTP_CMD_NEWPDP(r0, &(0x7f0000003080)={0x0, 0x0, &(0x7f0000003040)={&(0x7f0000000000)={0x2c, 0x0, 0x5, 0x70bd2b, 0x25dfdbfd, {}, [@GTPA_LINK={0x8, 0x1, 0x5}, @GTPA_VERSION={0x8, 0x2, 0x1}, @GTPA_I_TEI={0x8, 0x8, 0x6}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4c000}, 0x80) socket(0x10, 0x2, 0x0) userfaultfd$auto(0x1) socket(0xa, 0x801, 0x84) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1, 0x1, 0x1) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) socket(0x2, 0x801, 0x106) socket(0xa, 0x2, 0x0) socket(0xa, 0x2, 0x3a) bpf$auto(0x0, &(0x7f0000000000)=@link_update={0xffffffffffffffff, @new_prog_fd=0x4, 0x4}, 0xa3) 1.055728024s ago: executing program 1 (id=5548): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_IPVS_CMD_GET_SERVICE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x90}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x20006, 0x4, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000002940)='/dev/fb0\x00', 0x841, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/mdstat\x00', 0x0, 0x0) openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/trace_pipe\x00', 0x20c01, 0x0) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0xffffffffffffffff, 0x15f4da07, 0x6, 0x10, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0x2, 0x8]}, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x1, 0x84) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x2a742, 0x0) madvise$auto(0x0, 0x2000040080000004, 0xe) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) ioctl$auto(0x3, 0xae64, 0xffffffffffffffff) 999.927345ms ago: executing program 5 (id=5549): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x40001, 0x0) r2 = socket(0x10, 0x2, 0x4) bind$auto(r2, &(0x7f0000000040)=@nl=@proc={0x10, 0x0, 0x25dfdbff, 0x1}, 0xe) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) r4 = socketpair$auto(0x1f, 0x5, 0x8000000000000000, 0x0) ioctl$auto_TCFLSH2(r3, 0x80045439, 0x0) ioctl$auto_TIOCSETD2(r4, 0x5423, 0x0) ioctl$auto(r1, 0x89f0, r1) r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000003b00), r0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_EXTERNAL_AUTH(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000003bc0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB="010026f7dd46db2ead009500000008000300", @ANYRES32=r6], 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x180c0) r7 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r7, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000001c0)={&(0x7f0000000340)={0xf4, r5, 0x1, 0x70bd2b, 0x25dfdbfe, {}, [@NL80211_ATTR_PBSS={0x4}, @NL80211_ATTR_AP_SETTINGS_FLAGS={0x8, 0x135, 0x81}, @NL80211_ATTR_WIPHY_TX_POWER_SETTING={0x8, 0x61, 0x40}, @NL80211_ATTR_SSID={0x4}, @NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x2}, @NL80211_ATTR_MAC_MASK={0xbe, 0xd7, "ad6740eeb4574fe97c2518095e623dc6559071d2df5729a579a1083b545b0a505946a62f5a9508cda517bf2d072a2b1910447619c0db2cd109059643e5af8ea1ff2878acc27d1df9ec58ad6ed2c7ad342920f9f88314be93456971966bd7b0e138018dea9cef7442535627ddedced02fefd80b614354ecad04c1f0eb392c5cb26761bdcf47922b2741844d94799d08a8253a091afa252b690dd001223d25ee70b05506764a6a80dda1a228d7026e5adc1324643809cef27e35f1"}]}, 0xf4}, 0x1, 0x0, 0x0, 0x20004805}, 0x2000044) fadvise64$auto_POSIX_FADV_RANDOM(r7, 0x100, 0xfff, 0x1) sendmsg$auto_IPVS_CMD_GET_SERVICE(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)={0x6f0, 0x0, 0x4, 0x70bd26, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@nested={0x4, 0x116}, @typed={0x8, 0x5c, 0x0, 0x0, @fd=r7}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x9}, @IPVS_CMD_ATTR_DEST={0x6c4, 0x2, 0x0, 0x1, [@nested={0x6bd, 0xda, 0x0, 0x1, [@typed={0x31, 0x9f, 0x0, 0x0, @binary="4d8b3c4267089464b4aa1bab29ba85b4292fed2f8b900e0101096d00fcf9c595552d54be4ebe3d547ff067f1a2"}, @generic="05e969299377c515fba1ec068cf4bc524696ccfa31f0636e86e9ead7a57c5dbae9d25916617bca2061dd5109486efe289114244d0c6b80caaf44760684e204b8876de8a0be5b0e17915bb92c238d19ec2ac1b15ac9c473387c78951f2e5681ea6de1c41585d4670d0462f20132d836b7c722958b98d3c6ca547a8d2a99f065c895a7a693ce1c31ee96b46349a872953f95a123cdd6b248acb46bfdee74435ae6960a7f9110d0ea3cea56807ee682aa3818fef4060a827c6c620eab5f613a328e5b19470fa68d3e826521934812845d14a26c47162bcf977874cd87d5daf11c6ddff26a7c90d36a2d49505279443e865f2beec2a52ff4647a39e8a9095099451761676eeef529b758e77058e60eee85cc1a11b8173bdc6390f34fe4b2d2b6aa970a1f910e17f15b76f23cebd2db9a666baa88a0af389db9d878b62228aabdb38027a0099eb28639daf5bd097fcb651bd20c6285ef1132bcd652c10d1a82e509664187f88d18fb34fece5cd402d2d44de461c8e4e245904bd84a5b84536f98bc99656e175bc70d347c1ae0db88bb8f8a83dc6ad41337219bf9a455fd49d08fa9e1510fd2bc9aa21cc0d2f0a7da678b1131e84cbb17f4bae6a4e1275a923da597227894408b42621463854c2413378da3ac87ee8a3e062eb7b848d75e2f8b7829def9cb40535f8692e425829e9ac0897f2bc69101b37560cf143836552c50503f4935b0da024cff0eb4c078717e8333a12d535fa892b66b83fb53d54fc86f2f35ec87270380abe8c87cacf9b19aec7ea950bd374ecefa9c64c1d9e607a6fd71a4192aa1ab0e56d7cf158926d30423efc5d623475976b104306eef14bde160ce0921bb758c1967d648b8783fc7990e3f3850fd0d81297d7b69bbe8b9337a7e308e36b7bade455e0fb1adb59c65ccc16ec14eae89bb24c748d7e4c191e75f6bbf4712f0c40a926f46382c545d8798866b9e5019ca6a9c810eda98396710d530e9767e13ac6140eb5bc7c62aed158d6b745d5f450e1fd95e082c68de1376bd039d5638542e82595b381c4d6cac2006a120b7be7f1d991705a7334750227013dd1b6f163545231183609cba6bb9b53baffb8957472ab6e485c86c71c26bd8d2b8b5c2fc479a6e4f1ff5eee91ce71d624ccc44d758ce3d2f5043603d4933cf8b8b09eb894227b4dea165c9ad122b5f4ce583d1cf08ed47da02bb5108fe332f239e6906273d91354e9f695d18df47fbcbd0e59a2432748dc7f5ca673b085cf19a4fb9d642708e1c991bd8f25cf7d48c0e14e59b39be576916e317e72a64d8c40f8a75eee9efb7276dab0122cda1ca10b2c48692537475b41bc52c1c8bee6278097e8fd1dfd711578397b50ca9f50d6ae3a97eced747f78fa7d137331221af418526280ec2cd5c69e7e793854749b99b314c8e2132a32841ba7af631c0a26af6f1954b0209ce52d933ba21680638f7fcd89eee4c5862f15d17cb6a047ee1c64cf2e1461d01eb88b5f847992cf1bde67e105f5b624aebd2d9757dd6ad37c07b16a9db75ab3ea399219cb5e32785bfe8cd8f150b35b21b44db2a3f707a02e46858b09d24cc077fe2f093da116f11816fb1b2573f975986e624ecba2365b0ed2f0f6afb05d1214b36f539afbe471335b9f7de18f909937abe5c17357f9acb42ff7b8980b8ffc6da6a65c0edb22d715137dce8fe4f4b1230482ed972db6f11e15fac7080cea74ec9008f1cf20de595cab5fb8649b6e0cfed593bd4ff0170f5622888e91338b48592253cedb683e4e9ae867c03f3e776bc4b8981312fbe7846d8301906f194a011f7aebbb100b222861e29027c5c349b1bd338ee5b4294baa16e49cd2dc2146d5f05c431487293312f6cf653b7673ea562100b61140074020b0533a382adb694b6786d2b34ae9a241ae3e181b8c992342a5b3cb02744e92a78a730fbaaab85216af83e555f8adb2ae5bb99a307ac267b133236c7755b468232ffff426a681a3cdef4f53643e1a90d82980b925c3740dd29f08965457c10fb9147044583e704834cbb2e4e3c69d1e74442e5609040be9dfd7dff2cadf6a24b600c518807b32144687c3fba2ba5805b7b51057788a46697ce43d0f34f59dd2b7d561bf2dac257c884e75a48edf1bc4f4b401ff9505d0af256adf15d68c9ee379cceae7173dcfb3c1f059eae48c172960678e2d0667473f62d32518c1911e9e2dd8d83e81587acca80dd1d3e10e89633800c2e13732d2bbb86104e3eafafd82c77ab90ecb456956b037fa6a553dead7c79e0750172bf7af249a785bb4cc4a065f010cee838deb927a52ae05ac784d9d21703cc9b027d35706a48acef6370a4089a99f7dd845b555621ca8e590cab"]}]}]}, 0x6f0}, 0x1, 0x0, 0x0, 0x90}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) recvmmsg$auto(r7, &(0x7f0000000000)={{0x0, 0x4, &(0x7f0000000080)={0x0, 0x803}, 0x5, 0x0, 0x7, 0x6}, 0x800}, 0x10a, 0x8, 0x0) sendmsg$auto_TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000016c0)={0x0, 0x0, &(0x7f0000001680)={&(0x7f0000000000)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="01002dbd7000fded6a7a28"], 0x14}, 0x1, 0x0, 0x0, 0x4000010}, 0xc050) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x400c000) r8 = socket(0x10, 0x2, 0x4) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000000), r9) sendmsg$auto_OVS_DP_CMD_SET(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r10, @ANYBLOB="010028bd7000fedbdf2504"], 0x1c}}, 0x0) write$auto(r8, &(0x7f0000000000)='\x16\x00', 0x2fb) r11 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r11, 0x4b49, 0x9) 549.15793ms ago: executing program 0 (id=5550): mmap$auto(0x6, 0x2020009, 0x0, 0xfffffffffffffffe, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000002dc0)='/dev/adsp1\x00', 0x2401, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/fail-nth\x00', 0x40, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/027/001\x00', 0x4a901, 0x0) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r0, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) close_range$auto(0x2, 0x8, 0x0) openat$auto_nsim_nexthop_bucket_activity_fops_fib(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/fib/nexthop_bucket_activity\x00', 0x1, 0x0) r1 = openat$auto_supply_map_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) read$auto_supply_map_fops_(r1, &(0x7f0000000080)=""/78, 0x4e) r2 = open(&(0x7f0000000480)='./cgroup.cpu/cgroup.procs\x00', 0x80a40, 0x9e) ioctl$auto_TUNGETIFF2(r2, 0x800454d2, &(0x7f0000000080)=0xe) read$auto(r2, 0x0, 0x8004000000) openat$auto_trace_options_core_fops_trace(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/tracing/options/trace_printk\x00', 0x195002, 0x0) r3 = fanotify_init$auto(0x5, 0x9) write$auto(r3, 0x0, 0x9) 533.271033ms ago: executing program 5 (id=5551): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0x20000000000e31, 0x40000000000a5, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0x0, 0xffffffffffff0006, 0x17) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) syz_genetlink_get_family_id$auto_seg6(0xfffffffffffffffd, 0xffffffffffffffff) open(&(0x7f0000000800)='./file0\x00', 0x62240, 0x154) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_GTP_CMD_NEWPDP(r0, &(0x7f0000003080)={0x0, 0x0, &(0x7f0000003040)={&(0x7f0000000000)={0x2c, 0x0, 0x5, 0x70bd2b, 0x25dfdbfd, {}, [@GTPA_LINK={0x8, 0x1, 0x5}, @GTPA_VERSION={0x8, 0x2, 0x1}, @GTPA_I_TEI={0x8, 0x8, 0x6}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4c000}, 0x80) socket(0x10, 0x2, 0x0) userfaultfd$auto(0x1) socket(0xa, 0x801, 0x84) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1, 0x1, 0x1) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) socket(0x2, 0x801, 0x106) socket(0xa, 0x2, 0x0) socket(0xa, 0x2, 0x3a) r1 = socket(0xa, 0x2, 0x88) bpf$auto(0x0, &(0x7f0000000000)=@link_update={r1, @new_prog_fd=0x4, 0x4, @old_prog_fd=r1}, 0xa3) 173.903087ms ago: executing program 1 (id=5552): mmap$auto(0x0, 0x200000420009, 0xdf, 0xfffffffffffffffa, 0x401, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x3, 0x5) lseek$auto(0x3, 0x0, 0x1) 117.048116ms ago: executing program 0 (id=5553): socket(0xa, 0x2, 0x0) mmap$auto(0x800000000000, 0x1, 0xda, 0xebe, 0x401, 0x8000) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/adsp1\x00', 0x240001, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000080)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94&\x81\xe2\x13\x8f\xea#\xf8F\xbbOO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\b\xc1\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(', 0xa) unshare$auto(0x40000080) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x202000a, 0xffffffff, 0xdc, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) r2 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x24048084) madvise$auto(0x0, 0x200007, 0x19) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x103003, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x101001, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000001c0), 0x101000, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) r4 = openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000340), 0x80200, 0x0) pread64$auto(r4, &(0x7f0000000240)='\x03W\x96l\x15\x00'/21, 0x100000002, 0x100000001) close_range$auto(0x0, 0xfffffffffffff000, 0x0) mq_notify$auto(0xffffffffffffffff, &(0x7f0000000180)={@sival_ptr=0x0, @inferred, 0x0, @_sigev_thread={0x0, 0x0}}) mq_timedsend$auto(r2, 0x0, 0x2, 0x9, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r0, 0xc0045002, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000000)="7f07d3") socket(0xa, 0x2, 0x0) 95.436742ms ago: executing program 5 (id=5554): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0x20000000000e31, 0x40000000000a5, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) madvise$auto(0x0, 0xffffffffffff0006, 0x17) socket(0xf, 0x3, 0x2) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) socket(0xa, 0x801, 0x84) socket(0xa, 0x2, 0x3a) socket(0xa, 0x2, 0x88) 0s ago: executing program 1 (id=5555): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1400, 0x0) mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x8e051, r0, 0x0) ioctl$auto_tracing_buffers_fops_trace(r0, 0x5220, 0x0) ioctl$auto(0xffffffffffffffff, 0xc0585611, 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x1e1) close_range$auto(0x0, 0xfffffffffffff000, 0x2) bpf$auto(0x0, &(0x7f0000000100)=@bpf_attr_5={@target_fd=0x5, 0x7f, 0x9c, 0x7b2, 0x1, @relative_fd=0x2, 0x80}, 0x96) bpf$auto(0x15, 0x0, 0x0) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/thread-self/net/wireless\x00', 0x400, 0x0) openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000000), 0xc3480, 0x0) pread64$auto(r1, &(0x7f0000000080)='\xd5u+~\xa7x\xe0VQ\x1a6\xcf\xce\xfa\xfbN\x19\b\xf64\r\x122i\xd6\x0e\xfa\x96\x9aV:\xe1G\x14\xb2\xd4N\x0e#jX:\xd0\xe4\xa9\xda\xaf\x98\x94G\xa8\xb4\xa7uPc\x1ang\xdb\xb4\xa7\xad\x1b\xcbonh\xd8\x99\x03\x10\xb0\xa5\xfey\xd5F,70\xecG\x8a\fz\x95\x7f\xb0Y{\xdd\xa1\xa3E\x03\xd4\xc67U\x93\n\xfc\xa4\x0e_\xf8\x94\xc3a\x00\xe6\xea4\xa2\x7ft\xeb\x8b$\x16\x0e\xe8j\xcaI\xe0c\x05\x12(\v\xef\xc5Z\xfb\xed\xa3\x01\x001\xa5\x18%\xae/\x1b6\xaa\xf5ysD\xa6\xee\xbf\xc0v\"\x93\x96\"\xcak.\x0e_\xb3\xf7\xac\x9e\xbd/w\xdf\xfc\xe24z\x0f\x8f\b\xbe\xda\xfb\xd0Jj\x97\xfa{\x9d\xfd\xfb\x14\x1f\xb0\xe7\b#\xb9\x01\xf7\xf5\x1c1\xfbNX\xd9\xf0\x97@\xff(\x99\x13M\xadM\b\xf5\xcd\xa3\xe1Q|\r\x18\xd5\xb4\x1c\xa5\xfd\xdf\x98\xd9\xa7\xf3u\xa8ak\xfaHS\xfa\x12\x85\x85\x14\b\x9c\x15\xc10\xb3\xd5.\x13\xc6\xb6\xbak:\xbf\x8f\xcd\x7f\a\xb8\x00\x00\x00', 0x202, 0x7) kernel console output (not intermixed with test programs): 5053] FAULT_INJECTION: forcing a failure. [ 1516.169069][T25053] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1516.250037][T25053] CPU: 0 UID: 0 PID: 25053 Comm: syz.0.4550 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1516.250065][T25053] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1516.250070][T25053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1516.250079][T25053] Call Trace: [ 1516.250084][T25053] [ 1516.250090][T25053] dump_stack_lvl+0x100/0x190 [ 1516.250116][T25053] should_fail_ex.cold+0x5/0xa [ 1516.250134][T25053] _copy_to_user+0x32/0xd0 [ 1516.250153][T25053] do_pages_stat+0x559/0x7f0 [ 1516.250181][T25053] ? __pfx_do_pages_stat+0x10/0x10 [ 1516.250206][T25053] ? find_held_lock+0x2b/0x80 [ 1516.250239][T25053] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1516.250257][T25053] ? lockdep_hardirqs_on+0x78/0x100 [ 1516.250275][T25053] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1516.250294][T25053] kernel_move_pages+0xecf/0x13f0 [ 1516.250312][T25053] ? __fget_files+0x215/0x3d0 [ 1516.250334][T25053] ? __pfx_kernel_move_pages+0x10/0x10 [ 1516.250349][T25053] ? __fget_files+0x21f/0x3d0 [ 1516.250371][T25053] ? fput+0x79/0x100 [ 1516.250384][T25053] ? ksys_write+0x1ac/0x250 [ 1516.250404][T25053] ? __pfx_ksys_write+0x10/0x10 [ 1516.250425][T25053] __x64_sys_move_pages+0xe0/0x1c0 [ 1516.250440][T25053] ? do_syscall_64+0x95/0xf80 [ 1516.250458][T25053] ? lockdep_hardirqs_on+0x78/0x100 [ 1516.250476][T25053] do_syscall_64+0x106/0xf80 [ 1516.250493][T25053] ? clear_bhb_loop+0x40/0x90 [ 1516.250511][T25053] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1516.250526][T25053] RIP: 0033:0x7fad8af9bf79 [ 1516.250538][T25053] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1516.250552][T25053] RSP: 002b:00007fad8bf0c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000117 [ 1516.250567][T25053] RAX: ffffffffffffffda RBX: 00007fad8b216090 RCX: 00007fad8af9bf79 [ 1516.250577][T25053] RDX: 0000000000000000 RSI: 0000000000001002 RDI: 0000000000000000 [ 1516.250585][T25053] RBP: 00007fad8bf0c090 R08: 0000000000000000 R09: 0000000000000002 [ 1516.250594][T25053] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1516.250602][T25053] R13: 00007fad8b216128 R14: 00007fad8b216090 R15: 00007ffc84516f18 [ 1516.250621][T25053] [ 1516.475405][T25047] FAULT_INJECTION: forcing a failure. [ 1516.475405][T25047] name failslab, interval 1, probability 0, space 0, times 0 [ 1516.488662][T25047] CPU: 0 UID: 0 PID: 25047 Comm: syz.6.4548 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1516.488691][T25047] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1516.488699][T25047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1516.488708][T25047] Call Trace: [ 1516.488715][T25047] [ 1516.488722][T25047] dump_stack_lvl+0x100/0x190 [ 1516.488748][T25047] should_fail_ex.cold+0x5/0xa [ 1516.488766][T25047] ? lsm_blob_alloc+0x68/0x90 [ 1516.488787][T25047] should_failslab+0xc2/0x120 [ 1516.488810][T25047] __kmalloc_noprof+0xe0/0x850 [ 1516.488829][T25047] ? trace_kmalloc+0x101/0x130 [ 1516.488853][T25047] lsm_blob_alloc+0x68/0x90 [ 1516.488874][T25047] security_sk_alloc+0x2d/0x290 [ 1516.488890][T25047] sk_prot_alloc+0x12a/0x2a0 [ 1516.488916][T25047] sk_alloc+0x36/0xe80 [ 1516.488949][T25047] __netlink_create+0x5e/0x2c0 [ 1516.488968][T25047] ? __wake_up+0x3f/0x60 [ 1516.488985][T25047] netlink_create+0x293/0x610 [ 1516.489003][T25047] ? __pfx_genl_bind+0x10/0x10 [ 1516.489023][T25047] ? __pfx_genl_unbind+0x10/0x10 [ 1516.489043][T25047] ? __pfx_genl_release+0x10/0x10 [ 1516.489067][T25047] __sock_create+0x339/0x860 [ 1516.489095][T25047] __sys_socket+0x14d/0x260 [ 1516.489109][T25047] ? exc_page_fault+0x6f/0xd0 [ 1516.489128][T25047] ? __pfx___sys_socket+0x10/0x10 [ 1516.489145][T25047] ? do_user_addr_fault+0x8d6/0x12f0 [ 1516.489170][T25047] __x64_sys_socket+0x72/0xb0 [ 1516.489185][T25047] ? lockdep_hardirqs_on+0x78/0x100 [ 1516.489204][T25047] do_syscall_64+0x106/0xf80 [ 1516.489222][T25047] ? clear_bhb_loop+0x40/0x90 [ 1516.489241][T25047] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1516.489257][T25047] RIP: 0033:0x7f4f1cf9d807 [ 1516.489272][T25047] Code: f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1516.489288][T25047] RSP: 002b:00007f4f1de64f98 EFLAGS: 00000286 ORIG_RAX: 0000000000000029 [ 1516.489303][T25047] RAX: ffffffffffffffda RBX: 00007f4f1d215fa0 RCX: 00007f4f1cf9d807 [ 1516.489314][T25047] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 1516.489323][T25047] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000 [ 1516.489332][T25047] R10: 0000200000000080 R11: 0000000000000286 R12: 0000000000000000 [ 1516.489342][T25047] R13: 00007f4f1d216038 R14: 00007f4f1d215fa0 R15: 00007ffd92b83e38 [ 1516.489362][T25047] [ 1519.910474][T25104] FAULT_INJECTION: forcing a failure. [ 1519.910474][T25104] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1519.978873][T25104] CPU: 0 UID: 0 PID: 25104 Comm: syz.0.4562 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1519.978904][T25104] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1519.978910][T25104] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1519.978919][T25104] Call Trace: [ 1519.978924][T25104] [ 1519.978930][T25104] dump_stack_lvl+0x100/0x190 [ 1519.978955][T25104] should_fail_ex.cold+0x5/0xa [ 1519.978973][T25104] _copy_from_user+0x2e/0xd0 [ 1519.978992][T25104] do_pages_stat+0x194/0x7f0 [ 1519.979020][T25104] ? __pfx_do_pages_stat+0x10/0x10 [ 1519.979045][T25104] ? find_held_lock+0x2b/0x80 [ 1519.979077][T25104] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1519.979095][T25104] ? lockdep_hardirqs_on+0x78/0x100 [ 1519.979114][T25104] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1519.979133][T25104] kernel_move_pages+0xecf/0x13f0 [ 1519.979151][T25104] ? __fget_files+0x215/0x3d0 [ 1519.979173][T25104] ? __pfx_kernel_move_pages+0x10/0x10 [ 1519.979188][T25104] ? __fget_files+0x21f/0x3d0 [ 1519.979210][T25104] ? fput+0x79/0x100 [ 1519.979223][T25104] ? ksys_write+0x1ac/0x250 [ 1519.979243][T25104] ? __pfx_ksys_write+0x10/0x10 [ 1519.979264][T25104] __x64_sys_move_pages+0xe0/0x1c0 [ 1519.979279][T25104] ? do_syscall_64+0x95/0xf80 [ 1519.979296][T25104] ? lockdep_hardirqs_on+0x78/0x100 [ 1519.979314][T25104] do_syscall_64+0x106/0xf80 [ 1519.979331][T25104] ? clear_bhb_loop+0x40/0x90 [ 1519.979348][T25104] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1519.979363][T25104] RIP: 0033:0x7fad8af9bf79 [ 1519.979376][T25104] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1519.979390][T25104] RSP: 002b:00007fad8bf0c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000117 [ 1519.979404][T25104] RAX: ffffffffffffffda RBX: 00007fad8b216090 RCX: 00007fad8af9bf79 [ 1519.979414][T25104] RDX: 0000000000000000 RSI: 0000000000001002 RDI: 0000000000000000 [ 1519.979422][T25104] RBP: 00007fad8bf0c090 R08: 0000000000000000 R09: 0000000000000002 [ 1519.979431][T25104] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1519.979439][T25104] R13: 00007fad8b216128 R14: 00007fad8b216090 R15: 00007ffc84516f18 [ 1519.979458][T25104] [ 1521.842435][T25127] vhci_hcd vhci_hcd.2: invalid port number 16 [ 1521.877904][T25127] vhci_hcd vhci_hcd.2: invalid port number 16 [ 1521.994750][T25131] vhci_hcd: not connected 4 [ 1522.844483][T25139] binder: 25137:25139 ioctl c018620c 0 returned -1 [ 1523.898402][T25172] futex_wake_op: syz.6.4579 tries to shift op by -2048; fix this program [ 1523.918282][T25163] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1524.013470][T25175] vhci_hcd vhci_hcd.2: invalid port number 16 [ 1524.028002][T25163] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1524.038593][T25175] vhci_hcd vhci_hcd.2: invalid port number 16 [ 1524.048071][T25172] size and base must be multiples of 4 kiB [ 1524.115827][T25163] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1524.126833][T25172] CPU: 0 UID: 0 PID: 25172 Comm: syz.6.4579 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1524.126862][T25172] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1524.126869][T25172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1524.126879][T25172] Call Trace: [ 1524.126884][T25172] [ 1524.126891][T25172] dump_stack_lvl+0x100/0x190 [ 1524.126918][T25172] mtrr_add.cold+0x74/0x87 [ 1524.126936][T25172] mtrr_ioctl+0x25a/0xcf0 [ 1524.126957][T25172] ? __pfx_mtrr_ioctl+0x10/0x10 [ 1524.126981][T25172] ? find_held_lock+0x2b/0x80 [ 1524.127009][T25172] ? __fget_files+0x21f/0x3d0 [ 1524.127031][T25172] ? __pfx_mtrr_ioctl+0x10/0x10 [ 1524.127050][T25172] proc_reg_unlocked_ioctl+0x229/0x320 [ 1524.127067][T25172] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 1524.127085][T25172] __x64_sys_ioctl+0x18e/0x210 [ 1524.127105][T25172] do_syscall_64+0x106/0xf80 [ 1524.127124][T25172] ? clear_bhb_loop+0x40/0x90 [ 1524.127142][T25172] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1524.127157][T25172] RIP: 0033:0x7f4f1cf9bf79 [ 1524.127171][T25172] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1524.127187][T25172] RSP: 002b:00007f4f1de66028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1524.127202][T25172] RAX: ffffffffffffffda RBX: 00007f4f1d215fa0 RCX: 00007f4f1cf9bf79 [ 1524.127213][T25172] RDX: 0000000000000000 RSI: 0000000040104d01 RDI: 0000000000000000 [ 1524.127222][T25172] RBP: 00007f4f1d0327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1524.127231][T25172] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1524.127240][T25172] R13: 00007f4f1d216038 R14: 00007f4f1d215fa0 R15: 00007ffd92b83e38 [ 1524.127259][T25172] [ 1524.377018][T25177] vhci_hcd: not connected 4 [ 1524.397147][T25163] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1524.428303][T25182] FAULT_INJECTION: forcing a failure. [ 1524.428303][T25182] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1524.441572][T25182] CPU: 0 UID: 0 PID: 25182 Comm: syz.5.4581 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1524.441599][T25182] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1524.441605][T25182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1524.441614][T25182] Call Trace: [ 1524.441621][T25182] [ 1524.441629][T25182] dump_stack_lvl+0x100/0x190 [ 1524.441654][T25182] should_fail_ex.cold+0x5/0xa [ 1524.441672][T25182] _copy_to_user+0x32/0xd0 [ 1524.441691][T25182] do_pages_stat+0x559/0x7f0 [ 1524.441720][T25182] ? __pfx_do_pages_stat+0x10/0x10 [ 1524.441745][T25182] ? find_held_lock+0x2b/0x80 [ 1524.441777][T25182] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1524.441795][T25182] ? lockdep_hardirqs_on+0x78/0x100 [ 1524.441814][T25182] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1524.441833][T25182] kernel_move_pages+0xecf/0x13f0 [ 1524.441850][T25182] ? __fget_files+0x215/0x3d0 [ 1524.441873][T25182] ? __pfx_kernel_move_pages+0x10/0x10 [ 1524.441888][T25182] ? __fget_files+0x21f/0x3d0 [ 1524.441910][T25182] ? fput+0x79/0x100 [ 1524.441924][T25182] ? ksys_write+0x1ac/0x250 [ 1524.441943][T25182] ? __pfx_ksys_write+0x10/0x10 [ 1524.441964][T25182] __x64_sys_move_pages+0xe0/0x1c0 [ 1524.441979][T25182] ? do_syscall_64+0x95/0xf80 [ 1524.441996][T25182] ? lockdep_hardirqs_on+0x78/0x100 [ 1524.442014][T25182] do_syscall_64+0x106/0xf80 [ 1524.442031][T25182] ? clear_bhb_loop+0x40/0x90 [ 1524.442049][T25182] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1524.442064][T25182] RIP: 0033:0x7f102679bf79 [ 1524.442079][T25182] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1524.442094][T25182] RSP: 002b:00007f102763c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000117 [ 1524.442108][T25182] RAX: ffffffffffffffda RBX: 00007f1026a16090 RCX: 00007f102679bf79 [ 1524.442118][T25182] RDX: 0000000000000000 RSI: 0000000000001002 RDI: 0000000000000000 [ 1524.442126][T25182] RBP: 00007f102763c090 R08: 0000000000000000 R09: 0000000000000002 [ 1524.442135][T25182] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1524.442144][T25182] R13: 00007f1026a16128 R14: 00007f1026a16090 R15: 00007ffee1ca0a08 [ 1524.442163][T25182] [ 1525.053197][T25185] futex_wake_op: syz.0.4582 tries to shift op by -2048; fix this program [ 1525.084412][T25185] futex_wake_op: syz.0.4582 tries to shift op by -2048; fix this program [ 1525.121320][T25185] 0x000000000001-0x000000020000 : "" [ 1525.159914][T25185] ftl_cs: FTL header corrupt! [ 1525.392932][T25187] Process accounting resumed [ 1525.976384][T23133] Bluetooth: hci1: command 0x0c1a tx timeout [ 1526.056894][T23133] Bluetooth: hci2: command 0x0c1a tx timeout [ 1526.136619][T23133] Bluetooth: hci5: command 0x0c1a tx timeout [ 1526.273722][T25225] FAULT_INJECTION: forcing a failure. [ 1526.273722][T25225] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1526.456959][T23133] Bluetooth: hci0: command 0x041b tx timeout [ 1526.475200][T25225] CPU: 0 UID: 0 PID: 25225 Comm: syz.6.4590 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1526.475230][T25225] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1526.475236][T25225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1526.475246][T25225] Call Trace: [ 1526.475252][T25225] [ 1526.475259][T25225] dump_stack_lvl+0x100/0x190 [ 1526.475286][T25225] should_fail_ex.cold+0x5/0xa [ 1526.475305][T25225] get_futex_key+0x1d2/0x1620 [ 1526.475324][T25225] ? __pfx_get_futex_key+0x10/0x10 [ 1526.475342][T25225] ? update_se+0x94/0x760 [ 1526.475363][T25225] futex_wait_setup+0x81/0x500 [ 1526.475391][T25225] __futex_wait+0x19f/0x300 [ 1526.475413][T25225] ? __pfx___futex_wait+0x10/0x10 [ 1526.475432][T25225] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1526.475449][T25225] ? lockdep_hardirqs_on+0x78/0x100 [ 1526.475470][T25225] ? __pfx_futex_wake_mark+0x10/0x10 [ 1526.475494][T25225] ? find_held_lock+0x2b/0x80 [ 1526.475515][T25225] ? futex_wake+0x456/0x530 [ 1526.475540][T25225] futex_wait+0xed/0x380 [ 1526.475561][T25225] ? __pfx_futex_wait+0x10/0x10 [ 1526.475585][T25225] ? __fget_files+0x215/0x3d0 [ 1526.475610][T25225] do_futex+0x1ef/0x350 [ 1526.475628][T25225] ? __pfx_do_futex+0x10/0x10 [ 1526.475644][T25225] ? fdget+0x18b/0x210 [ 1526.475664][T25225] ? __sys_sendmsg+0x18f/0x220 [ 1526.475684][T25225] __x64_sys_futex+0x34f/0x4d0 [ 1526.475704][T25225] ? __pfx___x64_sys_futex+0x10/0x10 [ 1526.475722][T25225] ? arch_syscall_is_vdso_sigreturn+0xb6/0x200 [ 1526.475741][T25225] ? syscall_user_dispatch+0x76/0x130 [ 1526.475765][T25225] do_syscall_64+0x106/0xf80 [ 1526.475784][T25225] ? clear_bhb_loop+0x40/0x90 [ 1526.475802][T25225] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1526.475818][T25225] RIP: 0033:0x7f4f1cf9bf79 [ 1526.475831][T25225] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1526.475846][T25225] RSP: 002b:00007f4f1de240e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1526.475861][T25225] RAX: ffffffffffffffda RBX: 00007f4f1d216188 RCX: 00007f4f1cf9bf79 [ 1526.475872][T25225] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f4f1d216188 [ 1526.475881][T25225] RBP: 00007f4f1d216180 R08: 0000000000000000 R09: 0000000000000000 [ 1526.475890][T25225] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1526.475899][T25225] R13: 00007f4f1d216218 R14: 00007ffd92b83d50 R15: 00007ffd92b83e38 [ 1526.475920][T25225] [ 1527.038586][T25233] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1527.052229][T25233] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1527.072764][T25233] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1527.100446][T25233] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1529.016707][T19005] Trying to write to read-only block-device sda1 [ 1529.106376][T23133] Bluetooth: hci5: command 0x0c1a tx timeout [ 1529.112396][T23133] Bluetooth: hci2: command 0x0c1a tx timeout [ 1529.118602][T24462] Bluetooth: hci1: command 0x0c1a tx timeout [ 1529.187090][T23133] Bluetooth: hci0: command 0x041b tx timeout [ 1529.320096][T25291] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4608'. [ 1529.432739][T25291] random: crng reseeded on system resumption [ 1529.913653][T25311] vhci_hcd vhci_hcd.2: invalid port number 16 [ 1529.934006][T25311] vhci_hcd vhci_hcd.2: invalid port number 16 [ 1530.028845][T25314] vhci_hcd vhci_hcd.2: invalid port number 16 [ 1530.052077][T25316] vhci_hcd: not connected 4 [ 1530.071897][T25314] vhci_hcd vhci_hcd.2: invalid port number 16 [ 1530.204666][T25318] vhci_hcd: not connected 4 [ 1530.479604][T25320] zswap: compressor not available [ 1530.519056][T25334] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1531.221952][T25353] vhci_hcd vhci_hcd.2: invalid port number 16 [ 1531.263968][T25353] vhci_hcd vhci_hcd.2: invalid port number 16 [ 1531.378095][T25353] vhci_hcd: not connected 4 [ 1531.440984][T25355] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1531.559577][T25355] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1531.565710][T25355] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1531.709989][T25366] net_ratelimit: 66 callbacks suppressed [ 1531.710006][T25366] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 1531.783127][T25355] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1531.875835][T25372] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1531.978677][T25372] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1532.024645][T25372] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1532.086076][T25372] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1532.123777][T25372] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1532.195033][T25372] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1532.238512][T25372] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1532.292624][T25372] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1532.384083][T25372] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1532.612907][T25395] FAULT_INJECTION: forcing a failure. [ 1532.612907][T25395] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1532.678869][T25395] CPU: 0 UID: 0 PID: 25395 Comm: syz.0.4630 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1532.678896][T25395] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1532.678902][T25395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1532.678911][T25395] Call Trace: [ 1532.678916][T25395] [ 1532.678922][T25395] dump_stack_lvl+0x100/0x190 [ 1532.678948][T25395] should_fail_ex.cold+0x5/0xa [ 1532.678965][T25395] _copy_to_user+0x32/0xd0 [ 1532.678984][T25395] do_pages_stat+0x559/0x7f0 [ 1532.679012][T25395] ? __pfx_do_pages_stat+0x10/0x10 [ 1532.679041][T25395] ? find_held_lock+0x2b/0x80 [ 1532.679073][T25395] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1532.679091][T25395] ? lockdep_hardirqs_on+0x78/0x100 [ 1532.679109][T25395] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1532.679129][T25395] kernel_move_pages+0xecf/0x13f0 [ 1532.679146][T25395] ? __fget_files+0x215/0x3d0 [ 1532.679168][T25395] ? __pfx_kernel_move_pages+0x10/0x10 [ 1532.679183][T25395] ? __fget_files+0x21f/0x3d0 [ 1532.679205][T25395] ? fput+0x79/0x100 [ 1532.679219][T25395] ? ksys_write+0x1ac/0x250 [ 1532.679238][T25395] ? __pfx_ksys_write+0x10/0x10 [ 1532.679260][T25395] __x64_sys_move_pages+0xe0/0x1c0 [ 1532.679274][T25395] ? do_syscall_64+0x95/0xf80 [ 1532.679292][T25395] ? lockdep_hardirqs_on+0x78/0x100 [ 1532.679309][T25395] do_syscall_64+0x106/0xf80 [ 1532.679326][T25395] ? clear_bhb_loop+0x40/0x90 [ 1532.679344][T25395] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1532.679359][T25395] RIP: 0033:0x7fad8af9bf79 [ 1532.679372][T25395] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1532.679386][T25395] RSP: 002b:00007fad8bf0c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000117 [ 1532.679400][T25395] RAX: ffffffffffffffda RBX: 00007fad8b216090 RCX: 00007fad8af9bf79 [ 1532.679410][T25395] RDX: 0000000000000000 RSI: 0000000000001002 RDI: 0000000000000000 [ 1532.679419][T25395] RBP: 00007fad8bf0c090 R08: 0000000000000000 R09: 0000000000000002 [ 1532.679427][T25395] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1532.679436][T25395] R13: 00007fad8b216128 R14: 00007fad8b216090 R15: 00007ffc84516f18 [ 1532.679454][T25395] [ 1533.486990][T25408] vhci_hcd: not connected 4 [ 1533.521656][ T5865] Bluetooth: hci1: command 0x0c1a tx timeout [ 1533.626395][ T5865] Bluetooth: hci5: command 0x0c1a tx timeout [ 1533.632799][ T5865] Bluetooth: hci2: command 0x0c1a tx timeout [ 1533.823996][T23133] Bluetooth: hci0: command 0x041b tx timeout [ 1534.303318][T25427] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4638'. [ 1534.441361][T25428] NFSD: Failed to start, no listeners configured. [ 1534.497689][T25427] hsr_slave_0: left promiscuous mode [ 1534.539113][T25427] hsr_slave_1: left promiscuous mode [ 1535.069555][T25435] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1535.119924][T25436] sp0: Synchronizing with TNC [ 1535.902816][T25457] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1536.942264][T25479] vhci_hcd vhci_hcd.2: invalid port number 16 [ 1536.964486][T25479] vhci_hcd vhci_hcd.2: invalid port number 16 [ 1537.127814][T25479] vhci_hcd: not connected 4 [ 1537.356088][T25486] queue_state_write: operation too long [ 1537.437457][T25486] queue_state_write: use 'run', 'start' or 'kick' [ 1538.050022][T25505] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1538.150251][T25505] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1538.386554][T25505] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1538.525783][T25505] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1539.487903][T25534] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1539.553196][T25534] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1539.722270][T25534] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1539.850777][T25534] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1540.639636][T25557] netlink: 504 bytes leftover after parsing attributes in process `syz.5.4671'. [ 1540.678135][T25558] netlink: 504 bytes leftover after parsing attributes in process `syz.5.4671'. [ 1540.736069][T25557] netlink: 350 bytes leftover after parsing attributes in process `syz.5.4671'. [ 1540.931283][T25565] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4673'. [ 1541.346726][ T5865] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1541.360825][ T5865] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1541.369330][ T5865] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1541.378881][ T5865] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1541.388262][ T5865] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1541.499711][ T5865] Bluetooth: hci1: command 0x0c1a tx timeout [ 1541.581636][ T5865] Bluetooth: hci2: command 0x0c1a tx timeout [ 1541.742192][ T5865] Bluetooth: hci5: command 0x0c1a tx timeout [ 1541.896338][ T5865] Bluetooth: hci0: command 0x041b tx timeout [ 1542.075283][T19003] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1542.280477][T19003] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1542.494592][T19003] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1542.745416][T19003] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1542.790948][T25575] chnl_net:caif_netlink_parms(): no params data found [ 1542.968119][T25607] vhci_hcd vhci_hcd.2: invalid port number 16 [ 1542.998157][T25607] vhci_hcd vhci_hcd.2: invalid port number 16 [ 1543.134316][T25607] vhci_hcd: not connected 4 [ 1543.332142][T25575] bridge0: port 1(bridge_slave_0) entered blocking state [ 1543.355465][T25575] bridge0: port 1(bridge_slave_0) entered disabled state [ 1543.380827][T25575] bridge_slave_0: entered allmulticast mode [ 1543.399217][T25575] bridge_slave_0: entered promiscuous mode [ 1543.418101][ T5865] Bluetooth: hci3: command tx timeout [ 1543.441787][T25575] bridge0: port 2(bridge_slave_1) entered blocking state [ 1543.486826][T25575] bridge0: port 2(bridge_slave_1) entered disabled state [ 1543.494019][T25575] bridge_slave_1: entered allmulticast mode [ 1543.590051][T25575] bridge_slave_1: entered promiscuous mode [ 1543.620691][T19003] bridge_slave_1: left allmulticast mode [ 1543.647763][T19003] bridge_slave_1: left promiscuous mode [ 1543.663910][T19003] bridge0: port 2(bridge_slave_1) entered disabled state [ 1543.698982][T19003] bridge_slave_0: left allmulticast mode [ 1543.704645][T19003] bridge_slave_0: left promiscuous mode [ 1543.759032][T19003] bridge0: port 1(bridge_slave_0) entered disabled state [ 1544.054931][T25640] FAULT_INJECTION: forcing a failure. [ 1544.054931][T25640] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1544.141007][T25640] CPU: 0 UID: 0 PID: 25640 Comm: syz.5.4689 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1544.141036][T25640] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1544.141042][T25640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1544.141052][T25640] Call Trace: [ 1544.141058][T25640] [ 1544.141064][T25640] dump_stack_lvl+0x100/0x190 [ 1544.141092][T25640] should_fail_ex.cold+0x5/0xa [ 1544.141112][T25640] get_futex_key+0x1d2/0x1620 [ 1544.141131][T25640] ? __pfx_get_futex_key+0x10/0x10 [ 1544.141150][T25640] ? __cgroup_account_cputime+0xd5/0x130 [ 1544.141169][T25640] futex_wait_setup+0x81/0x500 [ 1544.141195][T25640] __futex_wait+0x19f/0x300 [ 1544.141216][T25640] ? __pfx___futex_wait+0x10/0x10 [ 1544.141235][T25640] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1544.141254][T25640] ? lockdep_hardirqs_on+0x78/0x100 [ 1544.141275][T25640] ? __pfx_futex_wake_mark+0x10/0x10 [ 1544.141298][T25640] ? find_held_lock+0x2b/0x80 [ 1544.141320][T25640] ? futex_wake+0x456/0x530 [ 1544.141345][T25640] futex_wait+0xed/0x380 [ 1544.141366][T25640] ? __pfx_futex_wait+0x10/0x10 [ 1544.141390][T25640] ? __fget_files+0x215/0x3d0 [ 1544.141414][T25640] do_futex+0x1ef/0x350 [ 1544.141431][T25640] ? __pfx_do_futex+0x10/0x10 [ 1544.141448][T25640] ? fdget+0x18b/0x210 [ 1544.141467][T25640] ? __sys_sendmsg+0x18f/0x220 [ 1544.141488][T25640] __x64_sys_futex+0x34f/0x4d0 [ 1544.141508][T25640] ? __pfx___x64_sys_futex+0x10/0x10 [ 1544.141526][T25640] ? arch_syscall_is_vdso_sigreturn+0xb6/0x200 [ 1544.141555][T25640] ? syscall_user_dispatch+0x76/0x130 [ 1544.141578][T25640] do_syscall_64+0x106/0xf80 [ 1544.141598][T25640] ? clear_bhb_loop+0x40/0x90 [ 1544.141616][T25640] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1544.141632][T25640] RIP: 0033:0x7f102679bf79 [ 1544.141646][T25640] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1544.141662][T25640] RSP: 002b:00007f102761b0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1544.141678][T25640] RAX: ffffffffffffffda RBX: 00007f1026a16188 RCX: 00007f102679bf79 [ 1544.141688][T25640] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f1026a16188 [ 1544.141697][T25640] RBP: 00007f1026a16180 R08: 0000000000000000 R09: 0000000000000000 [ 1544.141706][T25640] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1544.141715][T25640] R13: 00007f1026a16218 R14: 00007ffee1ca0920 R15: 00007ffee1ca0a08 [ 1544.141735][T25640] [ 1544.465377][T19003] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1544.475788][T19003] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1544.487158][T19003] bond0 (unregistering): Released all slaves [ 1544.519615][T25575] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1544.531777][T25575] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1544.559310][T25575] team0: Port device team_slave_0 added [ 1544.566752][T25575] team0: Port device team_slave_1 added [ 1544.587605][T25575] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1544.594559][T25575] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1544.620946][T25575] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1544.632855][T25575] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1544.639847][T25575] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1544.666682][T25575] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1544.871674][T25575] hsr_slave_0: entered promiscuous mode [ 1544.892115][T25575] hsr_slave_1: entered promiscuous mode [ 1544.904612][T25575] debugfs: 'hsr0' already exists in 'hsr' [ 1544.926671][T25575] Cannot create hsr debugfs directory [ 1545.496838][ T5865] Bluetooth: hci3: command tx timeout [ 1545.527147][T25654] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1545.689346][T25660] FAULT_INJECTION: forcing a failure. [ 1545.689346][T25660] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1545.757311][T25660] CPU: 0 UID: 0 PID: 25660 Comm: syz.5.4693 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1545.757339][T25660] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1545.757344][T25660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1545.757354][T25660] Call Trace: [ 1545.757359][T25660] [ 1545.757366][T25660] dump_stack_lvl+0x100/0x190 [ 1545.757391][T25660] should_fail_ex.cold+0x5/0xa [ 1545.757408][T25660] _copy_to_user+0x32/0xd0 [ 1545.757427][T25660] do_pages_stat+0x559/0x7f0 [ 1545.757454][T25660] ? __pfx_do_pages_stat+0x10/0x10 [ 1545.757479][T25660] ? find_held_lock+0x2b/0x80 [ 1545.757511][T25660] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1545.757530][T25660] ? lockdep_hardirqs_on+0x78/0x100 [ 1545.757548][T25660] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1545.757567][T25660] kernel_move_pages+0xecf/0x13f0 [ 1545.757591][T25660] ? __fget_files+0x215/0x3d0 [ 1545.757613][T25660] ? __pfx_kernel_move_pages+0x10/0x10 [ 1545.757628][T25660] ? __fget_files+0x21f/0x3d0 [ 1545.757650][T25660] ? fput+0x79/0x100 [ 1545.757663][T25660] ? ksys_write+0x1ac/0x250 [ 1545.757682][T25660] ? __pfx_ksys_write+0x10/0x10 [ 1545.757704][T25660] __x64_sys_move_pages+0xe0/0x1c0 [ 1545.757718][T25660] ? do_syscall_64+0x95/0xf80 [ 1545.757736][T25660] ? lockdep_hardirqs_on+0x78/0x100 [ 1545.757753][T25660] do_syscall_64+0x106/0xf80 [ 1545.757770][T25660] ? clear_bhb_loop+0x40/0x90 [ 1545.757790][T25660] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1545.757807][T25660] RIP: 0033:0x7f102679bf79 [ 1545.757819][T25660] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1545.757833][T25660] RSP: 002b:00007f102763c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000117 [ 1545.757848][T25660] RAX: ffffffffffffffda RBX: 00007f1026a16090 RCX: 00007f102679bf79 [ 1545.757858][T25660] RDX: 0000000000000000 RSI: 0000000000001002 RDI: 0000000000000000 [ 1545.757867][T25660] RBP: 00007f102763c090 R08: 0000000000000000 R09: 0000000000000002 [ 1545.757876][T25660] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1545.757884][T25660] R13: 00007f1026a16128 R14: 00007f1026a16090 R15: 00007ffee1ca0a08 [ 1545.757903][T25660] [ 1546.079392][T25665] FAULT_INJECTION: forcing a failure. [ 1546.079392][T25665] name failslab, interval 1, probability 0, space 0, times 0 [ 1546.093205][T25665] CPU: 0 UID: 0 PID: 25665 Comm: syz.0.4694 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1546.093233][T25665] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1546.093240][T25665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1546.093250][T25665] Call Trace: [ 1546.093255][T25665] [ 1546.093277][T25665] dump_stack_lvl+0x100/0x190 [ 1546.093304][T25665] should_fail_ex.cold+0x5/0xa [ 1546.093322][T25665] should_failslab+0xc2/0x120 [ 1546.093345][T25665] __kmalloc_node_noprof+0xe6/0x850 [ 1546.093364][T25665] ? alloc_slab_obj_exts+0x4e/0x1c0 [ 1546.093379][T25665] ? find_held_lock+0x2b/0x80 [ 1546.093405][T25665] alloc_slab_obj_exts+0x4e/0x1c0 [ 1546.093422][T25665] __memcg_slab_post_alloc_hook+0x24a/0x9a0 [ 1546.093449][T25665] ? kasan_save_track+0x14/0x30 [ 1546.093470][T25665] kmem_cache_alloc_lru_noprof+0x592/0x6e0 [ 1546.093489][T25665] ? alloc_inode+0x183/0x250 [ 1546.093509][T25665] alloc_inode+0x183/0x250 [ 1546.093525][T25665] path_from_stashed+0x25b/0x750 [ 1546.093547][T25665] ? do_raw_spin_unlock+0x145/0x1e0 [ 1546.093575][T25665] ns_get_path+0x60/0x80 [ 1546.093598][T25665] proc_ns_get_link+0x121/0x230 [ 1546.093614][T25665] ? __pfx_proc_ns_get_link+0x10/0x10 [ 1546.093631][T25665] ? atime_needs_update+0x8b/0x6b0 [ 1546.093651][T25665] pick_link+0xd17/0x13c0 [ 1546.093669][T25665] ? __pfx_proc_ns_get_link+0x10/0x10 [ 1546.093686][T25665] step_into_slowpath+0x9ba/0xf90 [ 1546.093710][T25665] ? __pfx_step_into_slowpath+0x10/0x10 [ 1546.093728][T25665] ? find_held_lock+0x2b/0x80 [ 1546.093757][T25665] path_openat+0xf95/0x31a0 [ 1546.093784][T25665] ? __pfx_path_openat+0x10/0x10 [ 1546.093812][T25665] do_file_open+0x20e/0x430 [ 1546.093834][T25665] ? __pfx_do_file_open+0x10/0x10 [ 1546.093868][T25665] ? alloc_fd+0x476/0x790 [ 1546.093891][T25665] ? do_getname+0x191/0x390 [ 1546.093907][T25665] do_sys_openat2+0x10d/0x1e0 [ 1546.093924][T25665] ? __pfx_do_sys_openat2+0x10/0x10 [ 1546.093941][T25665] ? __fget_files+0x21f/0x3d0 [ 1546.093965][T25665] __x64_sys_openat+0x12d/0x210 [ 1546.093982][T25665] ? __pfx___x64_sys_openat+0x10/0x10 [ 1546.094005][T25665] do_syscall_64+0x106/0xf80 [ 1546.094024][T25665] ? clear_bhb_loop+0x40/0x90 [ 1546.094043][T25665] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1546.094059][T25665] RIP: 0033:0x7fad8af5c84e [ 1546.094074][T25665] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1546.094089][T25665] RSP: 002b:00007fad8bf2cec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1546.094104][T25665] RAX: ffffffffffffffda RBX: 00007fad8bf2d6c0 RCX: 00007fad8af5c84e [ 1546.094114][T25665] RDX: 0000000000000002 RSI: 00007fad8bf2cf90 RDI: ffffffffffffff9c [ 1546.094123][T25665] RBP: 00007fad8b0327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1546.094133][T25665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1546.094143][T25665] R13: 00007fad8b216038 R14: 00007fad8b215fa0 R15: 00007ffc84516f18 [ 1546.094163][T25665] [ 1546.413303][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1546.419748][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1547.085301][T25575] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1547.181829][T25575] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1547.199745][T25677] vhci_hcd vhci_hcd.2: invalid port number 16 [ 1547.235968][T25575] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1547.243111][T25677] vhci_hcd vhci_hcd.2: invalid port number 16 [ 1547.300184][T25575] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1547.355950][T25677] vhci_hcd: not connected 4 [ 1547.576985][ T5865] Bluetooth: hci3: command tx timeout [ 1548.015351][T25575] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1548.174079][T25575] 8021q: adding VLAN 0 to HW filter on device team0 [ 1548.343141][T19005] bridge0: port 1(bridge_slave_0) entered blocking state [ 1548.350311][T19005] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1548.433288][T19005] bridge0: port 2(bridge_slave_1) entered blocking state [ 1548.440559][T19005] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1549.420585][T19003] hsr_slave_0: left promiscuous mode [ 1549.521128][T25740] vhci_hcd vhci_hcd.2: invalid port number 16 [ 1549.547251][T19003] hsr_slave_1: left promiscuous mode [ 1549.558908][T25740] vhci_hcd vhci_hcd.2: invalid port number 16 [ 1549.587335][T19003] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1549.594738][T19003] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1549.657006][ T5865] Bluetooth: hci3: command tx timeout [ 1549.675394][T19003] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1549.701322][T19003] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1549.734275][T25754] vhci_hcd: not connected 4 [ 1549.760035][T19003] veth1_macvtap: left promiscuous mode [ 1549.780163][T19003] veth0_macvtap: left promiscuous mode [ 1549.793278][T19003] veth1_vlan: left promiscuous mode [ 1549.809987][T19003] veth0_vlan: left promiscuous mode [ 1550.140539][T19003] team0 (unregistering): Port device team_slave_1 removed [ 1550.576143][T25575] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1550.892940][T25575] veth0_vlan: entered promiscuous mode [ 1551.239521][T25782] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1551.494977][T25575] veth1_vlan: entered promiscuous mode [ 1551.695769][T25575] veth0_macvtap: entered promiscuous mode [ 1551.854129][T25575] veth1_macvtap: entered promiscuous mode [ 1552.007790][T25575] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1552.081177][T25575] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1552.159498][ T35] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1552.267247][ T35] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1552.300128][ T35] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1552.351504][ T35] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1552.583215][T19007] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1552.583233][T19007] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1552.804408][T19005] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1552.833938][T25816] validate_nla: 2 callbacks suppressed [ 1552.833955][T25816] netlink: 'syz.0.4717': attribute type 1 has an invalid length. [ 1552.862149][T19005] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1553.368464][T25827] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1553.489616][T25827] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1553.653229][T25827] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1553.845947][T25827] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1553.932499][T25827] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 1554.138325][T25827] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 1554.373643][T25853] Invalid ELF header magic: != ELF [ 1555.416733][ T5865] Bluetooth: hci2: command 0x0c1a tx timeout [ 1555.496356][ T5865] Bluetooth: hci5: command 0x0c1a tx timeout [ 1555.590013][T25887] netlink: 24 bytes leftover after parsing attributes in process `syz.5.4735'. [ 1555.659194][ T5865] Bluetooth: hci0: command 0x041b tx timeout [ 1555.896676][ T5865] Bluetooth: hci3: command 0x0c1a tx timeout [ 1557.015901][T25886] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1557.070759][T25886] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1557.105082][T25886] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1557.158605][T25886] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1557.578288][ T5865] Bluetooth: hci2: command 0x0c1a tx timeout [ 1557.698499][T25938] CIFS: VFS: Invalid SecurityFlags: [ 1557.733037][T25938] CIFS: VFS: Invalid SecurityFlags: [ 1557.860596][T25942] netlink: 334 bytes leftover after parsing attributes in process `syz.1.4748'. [ 1558.100604][T25954] FAULT_INJECTION: forcing a failure. [ 1558.100604][T25954] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1558.183844][T25954] CPU: 0 UID: 0 PID: 25954 Comm: syz.0.4752 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1558.183872][T25954] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1558.183878][T25954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1558.183887][T25954] Call Trace: [ 1558.183892][T25954] [ 1558.183898][T25954] dump_stack_lvl+0x100/0x190 [ 1558.183924][T25954] should_fail_ex.cold+0x5/0xa [ 1558.183942][T25954] _copy_to_user+0x32/0xd0 [ 1558.183960][T25954] do_pages_stat+0x559/0x7f0 [ 1558.183996][T25954] ? __pfx_do_pages_stat+0x10/0x10 [ 1558.184021][T25954] ? find_held_lock+0x2b/0x80 [ 1558.184054][T25954] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1558.184072][T25954] ? lockdep_hardirqs_on+0x78/0x100 [ 1558.184091][T25954] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1558.184114][T25954] kernel_move_pages+0xecf/0x13f0 [ 1558.184132][T25954] ? __fget_files+0x215/0x3d0 [ 1558.184154][T25954] ? __pfx_kernel_move_pages+0x10/0x10 [ 1558.184169][T25954] ? __fget_files+0x21f/0x3d0 [ 1558.184191][T25954] ? fput+0x79/0x100 [ 1558.184205][T25954] ? ksys_write+0x1ac/0x250 [ 1558.184228][T25954] ? __pfx_ksys_write+0x10/0x10 [ 1558.184250][T25954] __x64_sys_move_pages+0xe0/0x1c0 [ 1558.184264][T25954] ? do_syscall_64+0x95/0xf80 [ 1558.184288][T25954] ? lockdep_hardirqs_on+0x78/0x100 [ 1558.184306][T25954] do_syscall_64+0x106/0xf80 [ 1558.184323][T25954] ? clear_bhb_loop+0x40/0x90 [ 1558.184344][T25954] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1558.184358][T25954] RIP: 0033:0x7fad8af9bf79 [ 1558.184372][T25954] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1558.184387][T25954] RSP: 002b:00007fad8bf0c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000117 [ 1558.184401][T25954] RAX: ffffffffffffffda RBX: 00007fad8b216090 RCX: 00007fad8af9bf79 [ 1558.184412][T25954] RDX: 0000000000000000 RSI: 0000000000001002 RDI: 0000000000000000 [ 1558.184420][T25954] RBP: 00007fad8bf0c090 R08: 0000000000000000 R09: 0000000000000002 [ 1558.184429][T25954] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1558.184438][T25954] R13: 00007fad8b216128 R14: 00007fad8b216090 R15: 00007ffc84516f18 [ 1558.184457][T25954] [ 1559.097321][ T5865] Bluetooth: hci5: command 0x0c1a tx timeout [ 1559.177065][ T5865] Bluetooth: hci3: command 0x0c1a tx timeout [ 1559.183129][ T5865] Bluetooth: hci0: command 0x041b tx timeout [ 1559.291977][T25990] netlink: 334 bytes leftover after parsing attributes in process `syz.5.4760'. [ 1559.827587][T25993] FAULT_INJECTION: forcing a failure. [ 1559.827587][T25993] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1559.851724][T26002] vivid-007: ================= START STATUS ================= [ 1559.920846][T26002] vivid-007: Generate PTS: true [ 1559.935990][T25993] CPU: 0 UID: 0 PID: 25993 Comm: syz.0.4761 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1559.936019][T25993] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1559.936025][T25993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1559.936035][T25993] Call Trace: [ 1559.936040][T25993] [ 1559.936047][T25993] dump_stack_lvl+0x100/0x190 [ 1559.936073][T25993] should_fail_ex.cold+0x5/0xa [ 1559.936091][T25993] _copy_to_iter+0x1f3/0x1720 [ 1559.936111][T25993] ? chacha_block_generic+0x211/0x330 [ 1559.936131][T25993] ? __pfx__copy_to_iter+0x10/0x10 [ 1559.936151][T25993] ? __pfx___might_resched+0x10/0x10 [ 1559.936171][T25993] ? crng_make_state+0x2b0/0x6c0 [ 1559.936190][T25993] get_random_bytes_user+0x17b/0x3d0 [ 1559.936207][T25993] ? __pfx_get_random_bytes_user+0x10/0x10 [ 1559.936227][T25993] ? do_futex+0x192/0x350 [ 1559.936251][T25993] ? __pfx___might_resched+0x10/0x10 [ 1559.936271][T25993] ? blkcg_maybe_throttle_current+0x5df/0xeb0 [ 1559.936293][T25993] ? import_ubuf+0x1b6/0x220 [ 1559.936310][T25993] __x64_sys_getrandom+0x183/0x290 [ 1559.936327][T25993] ? __pfx___x64_sys_getrandom+0x10/0x10 [ 1559.936353][T25993] do_syscall_64+0x106/0xf80 [ 1559.936377][T25993] ? clear_bhb_loop+0x40/0x90 [ 1559.936396][T25993] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1559.936411][T25993] RIP: 0033:0x7fad8af9bf79 [ 1559.936425][T25993] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1559.936440][T25993] RSP: 002b:00007fad8bf2d028 EFLAGS: 00000246 ORIG_RAX: 000000000000013e [ 1559.936455][T25993] RAX: ffffffffffffffda RBX: 00007fad8b215fa0 RCX: 00007fad8af9bf79 [ 1559.936466][T25993] RDX: 0000000000000003 RSI: 0000000006000000 RDI: 0000000000000000 [ 1559.936475][T25993] RBP: 00007fad8b0327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1559.936484][T25993] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1559.936493][T25993] R13: 00007fad8b216038 R14: 00007fad8b215fa0 R15: 00007ffc84516f18 [ 1559.936512][T25993] [ 1560.142802][T26002] vivid-007: Generate SCR: true [ 1560.147772][T26002] tpg source WxH: 320x240 (Y'CbCr) [ 1560.152986][T26002] tpg field: 1 [ 1560.156396][T26002] tpg crop: (0,0)/320x240 [ 1560.160805][T26002] tpg compose: (0,0)/320x240 [ 1560.165545][T26002] tpg colorspace: 8 [ 1560.169476][T26002] tpg transfer function: 0/0 [ 1560.174065][T26002] tpg Y'CbCr encoding: 0/0 [ 1560.178580][T26002] tpg quantization: 0/0 [ 1560.182716][T26002] tpg RGB range: 0/2 [ 1560.186630][T26002] vivid-007: ================== END STATUS ================== [ 1560.547076][T26010] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1560.611964][T26010] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1560.786496][T26010] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1560.840454][T26000] bond0: option packets_per_slave: invalid value ( Xµn‘pæ) [ 1561.044913][T26010] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1561.065007][T26000] bond0: option packets_per_slave: allowed values 0 - 65535 [ 1561.557801][T26026] FAULT_INJECTION: forcing a failure. [ 1561.557801][T26026] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1561.612875][T26026] CPU: 0 UID: 0 PID: 26026 Comm: syz.6.4765 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1561.612902][T26026] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1561.612909][T26026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1561.612918][T26026] Call Trace: [ 1561.612923][T26026] [ 1561.612929][T26026] dump_stack_lvl+0x100/0x190 [ 1561.612964][T26026] should_fail_ex.cold+0x5/0xa [ 1561.612981][T26026] _copy_from_user+0x2e/0xd0 [ 1561.613000][T26026] do_pages_stat+0x194/0x7f0 [ 1561.613028][T26026] ? __pfx_do_pages_stat+0x10/0x10 [ 1561.613053][T26026] ? find_held_lock+0x2b/0x80 [ 1561.613085][T26026] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1561.613104][T26026] ? lockdep_hardirqs_on+0x78/0x100 [ 1561.613122][T26026] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1561.613141][T26026] kernel_move_pages+0xecf/0x13f0 [ 1561.613159][T26026] ? __fget_files+0x215/0x3d0 [ 1561.613181][T26026] ? __pfx_kernel_move_pages+0x10/0x10 [ 1561.613196][T26026] ? __fget_files+0x21f/0x3d0 [ 1561.613218][T26026] ? fput+0x79/0x100 [ 1561.613232][T26026] ? ksys_write+0x1ac/0x250 [ 1561.613251][T26026] ? __pfx_ksys_write+0x10/0x10 [ 1561.613272][T26026] __x64_sys_move_pages+0xe0/0x1c0 [ 1561.613286][T26026] ? do_syscall_64+0x95/0xf80 [ 1561.613305][T26026] ? lockdep_hardirqs_on+0x78/0x100 [ 1561.613322][T26026] do_syscall_64+0x106/0xf80 [ 1561.613339][T26026] ? clear_bhb_loop+0x40/0x90 [ 1561.613358][T26026] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1561.613372][T26026] RIP: 0033:0x7f4f1cf9bf79 [ 1561.613386][T26026] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1561.613400][T26026] RSP: 002b:00007f4f1de45028 EFLAGS: 00000246 ORIG_RAX: 0000000000000117 [ 1561.613415][T26026] RAX: ffffffffffffffda RBX: 00007f4f1d216090 RCX: 00007f4f1cf9bf79 [ 1561.613424][T26026] RDX: 0000000000000000 RSI: 0000000000001002 RDI: 0000000000000000 [ 1561.613433][T26026] RBP: 00007f4f1de45090 R08: 0000000000000000 R09: 0000000000000002 [ 1561.613442][T26026] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1561.613450][T26026] R13: 00007f4f1d216128 R14: 00007f4f1d216090 R15: 00007ffd92b83e38 [ 1561.613470][T26026] [ 1561.982629][T26033] input: jJǸ-¶š9ã%vø“ûJ86Ö‘ as /devices/virtual/input/input34 [ 1562.007388][T26035] FAULT_INJECTION: forcing a failure. [ 1562.007388][T26035] name failslab, interval 1, probability 0, space 0, times 0 [ 1562.020071][T26035] CPU: 0 UID: 0 PID: 26035 Comm: syz.0.4770 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1562.020101][T26035] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1562.020108][T26035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1562.020117][T26035] Call Trace: [ 1562.020124][T26035] [ 1562.020131][T26035] dump_stack_lvl+0x100/0x190 [ 1562.020158][T26035] should_fail_ex.cold+0x5/0xa [ 1562.020178][T26035] should_failslab+0xc2/0x120 [ 1562.020206][T26035] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 1562.020226][T26035] ? __d_alloc+0x34/0xa80 [ 1562.020254][T26035] __d_alloc+0x34/0xa80 [ 1562.020280][T26035] d_alloc_pseudo+0x1c/0xc0 [ 1562.020298][T26035] alloc_file_pseudo+0xcf/0x230 [ 1562.020315][T26035] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 1562.020337][T26035] __shmem_file_setup+0x1a3/0x330 [ 1562.020356][T26035] shmem_zero_setup+0x93/0x1b0 [ 1562.020377][T26035] __mmap_region+0x20b5/0x2760 [ 1562.020399][T26035] ? __pfx___mmap_region+0x10/0x10 [ 1562.020430][T26035] ? finish_task_switch.isra.0+0x205/0xb80 [ 1562.020446][T26035] ? lockdep_hardirqs_on+0x78/0x100 [ 1562.020465][T26035] ? finish_task_switch.isra.0+0x205/0xb80 [ 1562.020515][T26035] ? rcu_is_watching+0x12/0xc0 [ 1562.020536][T26035] ? cap_capable+0x107/0x460 [ 1562.020563][T26035] mmap_region+0x180/0x3e0 [ 1562.020585][T26035] do_mmap+0xc63/0x12f0 [ 1562.020612][T26035] ? __pfx_do_mmap+0x10/0x10 [ 1562.020634][T26035] ? __pfx_down_write_killable+0x10/0x10 [ 1562.020659][T26035] vm_mmap_pgoff+0x29e/0x470 [ 1562.020685][T26035] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1562.020713][T26035] ? __x64_sys_futex+0x34f/0x4d0 [ 1562.020729][T26035] ? __x64_sys_futex+0x358/0x4d0 [ 1562.020749][T26035] ksys_mmap_pgoff+0x7d/0x5b0 [ 1562.020774][T26035] __x64_sys_mmap+0x125/0x190 [ 1562.020797][T26035] do_syscall_64+0x106/0xf80 [ 1562.020815][T26035] ? clear_bhb_loop+0x40/0x90 [ 1562.020835][T26035] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1562.020852][T26035] RIP: 0033:0x7fad8af9bf79 [ 1562.020867][T26035] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1562.020883][T26035] RSP: 002b:00007fad8bf2d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1562.020899][T26035] RAX: ffffffffffffffda RBX: 00007fad8b215fa0 RCX: 00007fad8af9bf79 [ 1562.020910][T26035] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 1562.020919][T26035] RBP: 00007fad8b0327e0 R08: fffffffffffffffa R09: 0000000000008000 [ 1562.020929][T26035] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 1562.020938][T26035] R13: 00007fad8b216038 R14: 00007fad8b215fa0 R15: 00007ffc84516f18 [ 1562.020960][T26035] [ 1562.616651][ T5865] Bluetooth: hci5: command 0x0c1a tx timeout [ 1562.622814][ T5865] Bluetooth: hci2: command 0x0c1a tx timeout [ 1562.820677][T26045] openvswitch: netlink: Key type 261 is out of range max 32 [ 1562.857969][ T5865] Bluetooth: hci0: command 0x041b tx timeout [ 1563.096508][ T5865] Bluetooth: hci3: command 0x0c1a tx timeout [ 1564.792647][T26099] netlink: 3 bytes leftover after parsing attributes in process `syz.0.4788'. [ 1565.484069][ C0] vcan0: j1939_tp_rxtimer: 0xffff88813fe5a800: rx timeout, send abort [ 1565.494761][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88813fe5a800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1565.683318][T26122] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1565.806503][T26122] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1565.972604][T26122] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1566.064015][T26122] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1566.672714][T26151] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4800'. [ 1566.745947][T26151] vlan1: entered promiscuous mode [ 1566.778468][T26151] vlan1: entered allmulticast mode [ 1566.783611][T26151] veth0_vlan: entered allmulticast mode [ 1566.869129][T26146] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4800'. [ 1567.560962][T26168] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1567.644150][T26170] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1567.736396][ T5865] Bluetooth: hci2: command 0x0c1a tx timeout [ 1567.816387][ T5865] Bluetooth: hci5: command 0x0c1a tx timeout [ 1567.976917][ T5865] Bluetooth: hci0: command 0x041b tx timeout [ 1568.138613][ T5865] Bluetooth: hci3: command 0x0c1a tx timeout [ 1569.040077][T26185] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1569.063407][ C0] vcan0: j1939_tp_rxtimer: 0xffff888032962800: rx timeout, send abort [ 1569.072018][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888032962800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1569.180375][T26185] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1569.300828][T26185] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1569.376196][T26185] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1569.392647][T26191] vhci_hcd vhci_hcd.2: invalid port number 16 [ 1569.426518][T26191] vhci_hcd vhci_hcd.2: invalid port number 16 [ 1569.609497][T26195] vhci_hcd: not connected 4 [ 1570.929443][T26231] FAULT_INJECTION: forcing a failure. [ 1570.929443][T26231] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1571.003762][T26231] CPU: 0 UID: 0 PID: 26231 Comm: syz.0.4824 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1571.003789][T26231] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1571.003795][T26231] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1571.003803][T26231] Call Trace: [ 1571.003809][T26231] [ 1571.003815][T26231] dump_stack_lvl+0x100/0x190 [ 1571.003840][T26231] should_fail_ex.cold+0x5/0xa [ 1571.003858][T26231] _copy_to_user+0x32/0xd0 [ 1571.003877][T26231] do_pages_stat+0x559/0x7f0 [ 1571.003905][T26231] ? __pfx_do_pages_stat+0x10/0x10 [ 1571.003929][T26231] ? find_held_lock+0x2b/0x80 [ 1571.003962][T26231] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1571.003980][T26231] ? lockdep_hardirqs_on+0x78/0x100 [ 1571.003998][T26231] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1571.004018][T26231] kernel_move_pages+0xecf/0x13f0 [ 1571.004035][T26231] ? __fget_files+0x215/0x3d0 [ 1571.004057][T26231] ? __pfx_kernel_move_pages+0x10/0x10 [ 1571.004073][T26231] ? __fget_files+0x21f/0x3d0 [ 1571.004095][T26231] ? fput+0x79/0x100 [ 1571.004108][T26231] ? ksys_write+0x1ac/0x250 [ 1571.004127][T26231] ? __pfx_ksys_write+0x10/0x10 [ 1571.004157][T26231] __x64_sys_move_pages+0xe0/0x1c0 [ 1571.004171][T26231] ? do_syscall_64+0x95/0xf80 [ 1571.004189][T26231] ? lockdep_hardirqs_on+0x78/0x100 [ 1571.004207][T26231] do_syscall_64+0x106/0xf80 [ 1571.004224][T26231] ? clear_bhb_loop+0x40/0x90 [ 1571.004241][T26231] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1571.004255][T26231] RIP: 0033:0x7fad8af9bf79 [ 1571.004269][T26231] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1571.004284][T26231] RSP: 002b:00007fad8bf0c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000117 [ 1571.004299][T26231] RAX: ffffffffffffffda RBX: 00007fad8b216090 RCX: 00007fad8af9bf79 [ 1571.004308][T26231] RDX: 0000000000000000 RSI: 0000000000001002 RDI: 0000000000000000 [ 1571.004317][T26231] RBP: 00007fad8bf0c090 R08: 0000000000000000 R09: 0000000000000002 [ 1571.004326][T26231] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1571.004335][T26231] R13: 00007fad8b216128 R14: 00007fad8b216090 R15: 00007ffc84516f18 [ 1571.004354][T26231] [ 1571.425348][ T5865] Bluetooth: hci2: command 0x0c1a tx timeout [ 1571.431443][ T5865] Bluetooth: hci5: command 0x0c1a tx timeout [ 1571.437522][ T5865] Bluetooth: hci0: command 0x041b tx timeout [ 1571.443500][ T5865] Bluetooth: hci3: command 0x0c1a tx timeout [ 1572.922086][T26263] netlink: 334 bytes leftover after parsing attributes in process `syz.5.4830'. [ 1577.893585][T26373] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1577.947931][T26373] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1579.007033][T26390] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1579.108573][T26390] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1579.254971][T26390] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1579.329043][T26390] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1579.773158][T26414] FAULT_INJECTION: forcing a failure. [ 1579.773158][T26414] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1579.825985][T26414] CPU: 0 UID: 0 PID: 26414 Comm: syz.0.4871 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1579.826012][T26414] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1579.826017][T26414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1579.826026][T26414] Call Trace: [ 1579.826032][T26414] [ 1579.826038][T26414] dump_stack_lvl+0x100/0x190 [ 1579.826064][T26414] should_fail_ex.cold+0x5/0xa [ 1579.826082][T26414] _copy_from_user+0x2e/0xd0 [ 1579.826100][T26414] do_pages_stat+0x194/0x7f0 [ 1579.826128][T26414] ? __pfx_do_pages_stat+0x10/0x10 [ 1579.826153][T26414] ? find_held_lock+0x2b/0x80 [ 1579.826186][T26414] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1579.826204][T26414] ? lockdep_hardirqs_on+0x78/0x100 [ 1579.826223][T26414] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1579.826246][T26414] kernel_move_pages+0xecf/0x13f0 [ 1579.826263][T26414] ? __fget_files+0x215/0x3d0 [ 1579.826292][T26414] ? __pfx_kernel_move_pages+0x10/0x10 [ 1579.826307][T26414] ? __fget_files+0x21f/0x3d0 [ 1579.826330][T26414] ? fput+0x79/0x100 [ 1579.826343][T26414] ? ksys_write+0x1ac/0x250 [ 1579.826363][T26414] ? __pfx_ksys_write+0x10/0x10 [ 1579.826384][T26414] __x64_sys_move_pages+0xe0/0x1c0 [ 1579.826398][T26414] ? do_syscall_64+0x95/0xf80 [ 1579.826416][T26414] ? lockdep_hardirqs_on+0x78/0x100 [ 1579.826434][T26414] do_syscall_64+0x106/0xf80 [ 1579.826451][T26414] ? clear_bhb_loop+0x40/0x90 [ 1579.826469][T26414] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1579.826484][T26414] RIP: 0033:0x7fad8af9bf79 [ 1579.826497][T26414] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1579.826511][T26414] RSP: 002b:00007fad8bf0c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000117 [ 1579.826525][T26414] RAX: ffffffffffffffda RBX: 00007fad8b216090 RCX: 00007fad8af9bf79 [ 1579.826535][T26414] RDX: 0000000000000000 RSI: 0000000000001002 RDI: 0000000000000000 [ 1579.826543][T26414] RBP: 00007fad8bf0c090 R08: 0000000000000000 R09: 0000000000000002 [ 1579.826552][T26414] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1579.826561][T26414] R13: 00007fad8b216128 R14: 00007fad8b216090 R15: 00007ffc84516f18 [ 1579.826580][T26414] [ 1581.017147][T23133] Bluetooth: hci2: command 0x0c1a tx timeout [ 1581.177912][T23133] Bluetooth: hci0: command 0x041b tx timeout [ 1581.184021][ T5865] Bluetooth: hci5: command 0x0c1a tx timeout [ 1581.338959][T23133] Bluetooth: hci3: command 0x0c1a tx timeout [ 1581.590003][T26452] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1581.646574][T26468] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4880'. [ 1581.703544][T26452] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1581.758561][T26452] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1581.844512][T26452] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1582.330454][T26485] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1582.440120][T26485] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1582.552769][T26491] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4886'. [ 1582.616025][T26485] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1582.634785][T26491] vlan1: entered promiscuous mode [ 1582.658951][T26491] vlan1: entered allmulticast mode [ 1582.693561][T26491] veth0_vlan: entered allmulticast mode [ 1582.716082][T26485] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1583.044281][T26513] FAULT_INJECTION: forcing a failure. [ 1583.044281][T26513] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1583.106420][T26513] CPU: 0 UID: 0 PID: 26513 Comm: syz.5.4890 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1583.106448][T26513] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1583.106454][T26513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1583.106463][T26513] Call Trace: [ 1583.106468][T26513] [ 1583.106475][T26513] dump_stack_lvl+0x100/0x190 [ 1583.106501][T26513] should_fail_ex.cold+0x5/0xa [ 1583.106518][T26513] _copy_to_user+0x32/0xd0 [ 1583.106537][T26513] do_pages_stat+0x559/0x7f0 [ 1583.106565][T26513] ? __pfx_do_pages_stat+0x10/0x10 [ 1583.106589][T26513] ? find_held_lock+0x2b/0x80 [ 1583.106622][T26513] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1583.106639][T26513] ? lockdep_hardirqs_on+0x78/0x100 [ 1583.106657][T26513] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1583.106677][T26513] kernel_move_pages+0xecf/0x13f0 [ 1583.106694][T26513] ? __fget_files+0x215/0x3d0 [ 1583.106716][T26513] ? __pfx_kernel_move_pages+0x10/0x10 [ 1583.106734][T26513] ? __fget_files+0x21f/0x3d0 [ 1583.106757][T26513] ? fput+0x79/0x100 [ 1583.106770][T26513] ? ksys_write+0x1ac/0x250 [ 1583.106789][T26513] ? __pfx_ksys_write+0x10/0x10 [ 1583.106810][T26513] __x64_sys_move_pages+0xe0/0x1c0 [ 1583.106825][T26513] ? do_syscall_64+0x95/0xf80 [ 1583.106843][T26513] ? lockdep_hardirqs_on+0x78/0x100 [ 1583.106861][T26513] do_syscall_64+0x106/0xf80 [ 1583.106878][T26513] ? clear_bhb_loop+0x40/0x90 [ 1583.106896][T26513] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1583.106911][T26513] RIP: 0033:0x7f102679bf79 [ 1583.106925][T26513] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1583.106940][T26513] RSP: 002b:00007f102763c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000117 [ 1583.106955][T26513] RAX: ffffffffffffffda RBX: 00007f1026a16090 RCX: 00007f102679bf79 [ 1583.106965][T26513] RDX: 0000000000000000 RSI: 0000000000001002 RDI: 0000000000000000 [ 1583.106974][T26513] RBP: 00007f102763c090 R08: 0000000000000000 R09: 0000000000000002 [ 1583.106982][T26513] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1583.106991][T26513] R13: 00007f1026a16128 R14: 00007f1026a16090 R15: 00007ffee1ca0a08 [ 1583.107017][T26513] [ 1583.110236][ T29] audit: type=1804 audit(4294985958.753:43): pid=26506 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.6.4889" name="/newroot/166/file0" dev="tmpfs" ino=873 res=1 errno=0 [ 1584.106797][T26544] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1584.227524][T26544] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1584.233571][T26544] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1584.433121][ T29] audit: type=1804 audit(4294985959.003:44): pid=26507 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.6.4889" name="/newroot/166/file0" dev="tmpfs" ino=873 res=1 errno=0 [ 1584.539550][T26544] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1586.136912][T23133] Bluetooth: hci2: command 0x0c1a tx timeout [ 1586.296862][ T5865] Bluetooth: hci5: command 0x0c1a tx timeout [ 1586.302993][T23133] Bluetooth: hci0: command 0x041b tx timeout [ 1586.622507][T23133] Bluetooth: hci3: command 0x0c1a tx timeout [ 1586.737027][T26623] vhci_hcd vhci_hcd.2: invalid port number 16 [ 1586.765260][T26623] vhci_hcd vhci_hcd.2: invalid port number 16 [ 1589.361605][T26703] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1589.435915][T26703] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1589.545027][T26703] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1589.613361][T26703] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1591.218403][T26738] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1591.316757][T26738] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1591.576334][T23133] Bluetooth: hci0: command 0x041b tx timeout [ 1591.656388][T23133] Bluetooth: hci3: command 0x0c1a tx timeout [ 1591.694587][T26738] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1592.283240][T26738] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1593.257214][T23133] Bluetooth: hci2: command 0x0c1a tx timeout [ 1593.336566][T23133] Bluetooth: hci5: command 0x0c1a tx timeout [ 1593.737438][T23133] Bluetooth: hci0: command 0x041b tx timeout [ 1594.111760][T26767] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1594.220776][T26767] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1594.298136][T23133] Bluetooth: hci3: command 0x0c1a tx timeout [ 1594.348193][T26767] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1594.438453][T26767] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1594.457674][T26781] vhci_hcd vhci_hcd.2: invalid port number 16 [ 1594.497225][T26781] vhci_hcd vhci_hcd.2: invalid port number 16 [ 1594.845914][T26790] TCP: TCP_TX_DELAY enabled [ 1596.137472][T23133] Bluetooth: hci2: command 0x0c1a tx timeout [ 1596.216547][T23133] Bluetooth: hci5: command 0x0c1a tx timeout [ 1596.376477][T23133] Bluetooth: hci0: command 0x041b tx timeout [ 1596.456573][T23133] Bluetooth: hci3: command 0x0c1a tx timeout [ 1597.036412][T26830] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1597.110186][T26830] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1597.225860][T26830] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1597.256923][T26830] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1597.806836][T26849] page: refcount:22 mapcount:0 mapping:0000000000000000 index:0xffff88807fe06000 pfn:0x7fe00 [ 1597.914642][T26849] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1597.989459][T26849] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 1598.036702][T26849] raw: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 1598.092229][T26849] raw: ffff88807fe06000 0000000000000000 00000016ffffffff 0000000000000000 [ 1598.132210][T26849] head: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 1598.198758][T26849] head: ffff88807fe06000 0000000000000000 00000016ffffffff 0000000000000000 [ 1598.240967][T26849] head: 00fff00000000003 ffffea0001ff8001 00000000ffffffff 00000000ffffffff [ 1598.298710][T26849] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 1598.396370][T26849] page dumped because: unmovable page [ 1598.482549][T26849] page_owner tracks the page as allocated [ 1598.517398][T26849] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5852, tgid 5852 (syz-executor), ts 1590876058111, free_ts 1590749982450 [ 1598.632513][T26849] post_alloc_hook+0x153/0x170 [ 1598.650418][T26849] get_page_from_freelist+0x111d/0x3140 [ 1598.676703][T26849] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 1598.700552][T26849] alloc_pages_mpol+0x1fb/0x550 [ 1598.720493][T26849] alloc_pages_noprof+0x131/0x390 [ 1598.734126][T26849] skb_page_frag_refill+0x365/0x5b0 [ 1598.751950][T26849] try_fill_recv+0x7f1/0x2950 [ 1598.766400][T26849] virtnet_poll+0x1502/0x3a70 [ 1598.782260][T26849] __napi_poll.constprop.0+0xaf/0x450 [ 1598.801229][T26849] net_rx_action+0xa40/0xf20 [ 1598.815850][T26849] handle_softirqs+0x1eb/0x9e0 [ 1598.835259][T26849] do_softirq+0xac/0xe0 [ 1598.848786][T26849] __local_bh_enable_ip+0xf8/0x120 [ 1598.864114][T26849] __dev_queue_xmit+0x7f1/0x4750 [ 1598.875328][T26849] ip_finish_output2+0xf4a/0x24d0 [ 1598.888490][T26849] __ip_finish_output.part.0+0x444/0x6f0 [ 1598.900742][T26849] page last free pid 26718 tgid 26715 stack trace: [ 1598.914142][T26849] __free_frozen_pages+0x7ca/0x10a0 [ 1598.929550][T26849] qlist_free_all+0x47/0xe0 [ 1598.935539][T26814] kexec: Could not allocate control_code_buffer [ 1598.943312][T26849] kasan_quarantine_reduce+0x1a0/0x1f0 [ 1598.949315][T26849] __kasan_slab_alloc+0x69/0x90 [ 1598.954281][T26849] kmem_cache_alloc_node_noprof+0x25a/0x6f0 [ 1598.960742][T26849] __alloc_skb+0x140/0x710 [ 1598.965260][T26849] __ip6_append_data+0x36af/0x4de0 [ 1598.970803][T26849] ip6_append_data+0x10b/0x410 [ 1598.975687][T26849] rawv6_sendmsg+0x16a0/0x4750 [ 1598.980928][T26849] inet_sendmsg+0x11c/0x140 [ 1598.985503][T26849] ____sys_sendmsg+0x9ad/0xc30 [ 1598.990835][T26849] ___sys_sendmsg+0x190/0x1e0 [ 1598.995613][T26849] __sys_sendmmsg+0x205/0x430 [ 1599.001864][T26849] __x64_sys_sendmmsg+0x9c/0x100 [ 1599.007535][T26849] do_syscall_64+0x106/0xf80 [ 1599.012367][T26849] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1599.097418][T23133] Bluetooth: hci2: command 0x0c1a tx timeout [ 1599.177183][T23133] Bluetooth: hci5: command 0x0c1a tx timeout [ 1599.257933][T23133] Bluetooth: hci0: command 0x041b tx timeout [ 1599.336680][T23133] Bluetooth: hci3: command 0x0c1a tx timeout [ 1599.670038][T26852] page: refcount:22 mapcount:0 mapping:0000000000000000 index:0xffff88807fe06000 pfn:0x7fe00 [ 1599.694721][T26852] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1599.728838][T26852] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 1599.760581][T26852] raw: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 1599.783247][T26852] raw: ffff88807fe06000 0000000000000000 00000016ffffffff 0000000000000000 [ 1599.826187][T26852] head: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 1599.868599][T26852] head: ffff88807fe06000 0000000000000000 00000016ffffffff 0000000000000000 [ 1599.898828][T26852] head: 00fff00000000003 ffffea0001ff8001 00000000ffffffff 00000000ffffffff [ 1599.930383][T26852] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 1599.955328][T26852] page dumped because: unmovable page [ 1599.973818][T26852] page_owner tracks the page as allocated [ 1599.997893][T26852] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5852, tgid 5852 (syz-executor), ts 1590876058111, free_ts 1590749982450 [ 1600.054370][T26852] post_alloc_hook+0x153/0x170 [ 1600.066844][T26852] get_page_from_freelist+0x111d/0x3140 [ 1600.082694][T26852] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 1600.092824][T26852] alloc_pages_mpol+0x1fb/0x550 [ 1600.107516][T26852] alloc_pages_noprof+0x131/0x390 [ 1600.118731][T26852] skb_page_frag_refill+0x365/0x5b0 [ 1600.129666][T26852] try_fill_recv+0x7f1/0x2950 [ 1600.141928][T26852] virtnet_poll+0x1502/0x3a70 [ 1600.152013][T26852] __napi_poll.constprop.0+0xaf/0x450 [ 1600.169617][T26852] net_rx_action+0xa40/0xf20 [ 1600.179708][T26852] handle_softirqs+0x1eb/0x9e0 [ 1600.190050][T26852] do_softirq+0xac/0xe0 [ 1600.199777][T26852] __local_bh_enable_ip+0xf8/0x120 [ 1600.211635][T26852] __dev_queue_xmit+0x7f1/0x4750 [ 1600.223045][T26852] ip_finish_output2+0xf4a/0x24d0 [ 1600.228837][T26852] __ip_finish_output.part.0+0x444/0x6f0 [ 1600.240643][T26852] page last free pid 26718 tgid 26715 stack trace: [ 1600.257328][T26852] __free_frozen_pages+0x7ca/0x10a0 [ 1600.269617][T26852] qlist_free_all+0x47/0xe0 [ 1600.280217][T26852] kasan_quarantine_reduce+0x1a0/0x1f0 [ 1600.292553][T26852] __kasan_slab_alloc+0x69/0x90 [ 1600.302643][T26852] kmem_cache_alloc_node_noprof+0x25a/0x6f0 [ 1600.319879][T26852] __alloc_skb+0x140/0x710 [ 1600.334382][T26852] __ip6_append_data+0x36af/0x4de0 [ 1600.353119][T26852] ip6_append_data+0x10b/0x410 [ 1600.366332][T26852] rawv6_sendmsg+0x16a0/0x4750 [ 1600.377974][T26852] inet_sendmsg+0x11c/0x140 [ 1600.393209][T26852] ____sys_sendmsg+0x9ad/0xc30 [ 1600.405811][T26852] ___sys_sendmsg+0x190/0x1e0 [ 1600.415908][T26852] __sys_sendmmsg+0x205/0x430 [ 1600.427436][T26852] __x64_sys_sendmmsg+0x9c/0x100 [ 1600.443158][T26852] do_syscall_64+0x106/0xf80 [ 1600.463123][T26852] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1602.286205][T26916] netlink: 186 bytes leftover after parsing attributes in process `syz.0.4988'. [ 1602.888151][T26951] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 0 out of range (51000000..2150000000) [ 1602.965904][T26954] netlink: 'syz.1.5001': attribute type 1 has an invalid length. [ 1603.017946][T26954] FAULT_INJECTION: forcing a failure. [ 1603.017946][T26954] name failslab, interval 1, probability 0, space 0, times 0 [ 1603.089769][T26954] CPU: 0 UID: 0 PID: 26954 Comm: syz.1.5001 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1603.089817][T26954] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1603.089827][T26954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1603.089836][T26954] Call Trace: [ 1603.089842][T26954] [ 1603.089849][T26954] dump_stack_lvl+0x100/0x190 [ 1603.089877][T26954] should_fail_ex.cold+0x5/0xa [ 1603.089896][T26954] should_failslab+0xc2/0x120 [ 1603.089918][T26954] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 1603.089937][T26954] ? alloc_inode+0x183/0x250 [ 1603.089954][T26954] ? find_inode_fast+0x1fa/0x910 [ 1603.089974][T26954] alloc_inode+0x183/0x250 [ 1603.089991][T26954] iget_locked+0x1d9/0x6d0 [ 1603.090008][T26954] ? __pfx_iget_locked+0x10/0x10 [ 1603.090023][T26954] ? kernfs_root+0xee/0x2a0 [ 1603.090038][T26954] ? kernfs_root+0xee/0x2a0 [ 1603.090057][T26954] kernfs_get_inode+0x46/0x470 [ 1603.090072][T26954] kernfs_iop_lookup+0x1a7/0x2d0 [ 1603.090090][T26954] lookup_open.isra.0+0x631/0x11b0 [ 1603.090113][T26954] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 1603.090145][T26954] ? lookup_fast+0x2da/0x600 [ 1603.090166][T26954] path_openat+0xa98/0x31a0 [ 1603.090194][T26954] ? __pfx_path_openat+0x10/0x10 [ 1603.090222][T26954] do_file_open+0x20e/0x430 [ 1603.090245][T26954] ? __pfx_do_file_open+0x10/0x10 [ 1603.090281][T26954] ? alloc_fd+0x476/0x790 [ 1603.090304][T26954] ? do_getname+0x191/0x390 [ 1603.090321][T26954] do_sys_openat2+0x10d/0x1e0 [ 1603.090338][T26954] ? __pfx_do_sys_openat2+0x10/0x10 [ 1603.090362][T26954] __x64_sys_openat+0x12d/0x210 [ 1603.090379][T26954] ? __pfx___x64_sys_openat+0x10/0x10 [ 1603.090404][T26954] do_syscall_64+0x106/0xf80 [ 1603.090422][T26954] ? clear_bhb_loop+0x40/0x90 [ 1603.090441][T26954] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1603.090457][T26954] RIP: 0033:0x7f6eaa99bf79 [ 1603.090471][T26954] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1603.090487][T26954] RSP: 002b:00007f6eab7a1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1603.090503][T26954] RAX: ffffffffffffffda RBX: 00007f6eaac15fa0 RCX: 00007f6eaa99bf79 [ 1603.090513][T26954] RDX: 0000000000000000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 1603.090523][T26954] RBP: 00007f6eaaa327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1603.090539][T26954] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1603.090549][T26954] R13: 00007f6eaac16038 R14: 00007f6eaac15fa0 R15: 00007ffc60314f28 [ 1603.090571][T26954] [ 1603.440086][T26963] vhci_hcd vhci_hcd.2: invalid port number 16 [ 1603.446217][T26963] vhci_hcd vhci_hcd.2: invalid port number 16 [ 1603.536503][T26963] vhci_hcd: not connected 4 [ 1604.849709][T27000] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5014'. [ 1604.975513][ T29] audit: type=1800 audit(4294985980.618:45): pid=27002 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.5016" name="dbroot" dev="configfs" ino=293517 res=0 errno=0 [ 1607.540025][T27062] vhci_hcd: not connected 4 [ 1607.595163][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1607.602259][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1608.172644][ T9] usb usb40-port2: attempt power cycle [ 1608.761752][ T9] usb usb40-port2: unable to enumerate USB device [ 1609.050972][T27083] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5034'. [ 1609.979686][T27100] FAULT_INJECTION: forcing a failure. [ 1609.979686][T27100] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1610.026154][T27100] CPU: 0 UID: 0 PID: 27100 Comm: syz.1.5040 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1610.026181][T27100] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1610.026187][T27100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1610.026196][T27100] Call Trace: [ 1610.026201][T27100] [ 1610.026208][T27100] dump_stack_lvl+0x100/0x190 [ 1610.026236][T27100] should_fail_ex.cold+0x5/0xa [ 1610.026253][T27100] _copy_to_user+0x32/0xd0 [ 1610.026273][T27100] simple_read_from_buffer+0xcb/0x170 [ 1610.026295][T27100] proc_fail_nth_read+0x1af/0x230 [ 1610.026317][T27100] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1610.026339][T27100] ? rw_verify_area+0xce/0x6d0 [ 1610.026356][T27100] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1610.026377][T27100] vfs_read+0x1e4/0xb30 [ 1610.026398][T27100] ? __pfx_vfs_read+0x10/0x10 [ 1610.026416][T27100] ? __fget_files+0x215/0x3d0 [ 1610.026440][T27100] ? __fget_files+0x21f/0x3d0 [ 1610.026464][T27100] ksys_read+0x12a/0x250 [ 1610.026483][T27100] ? __pfx_ksys_read+0x10/0x10 [ 1610.026507][T27100] do_syscall_64+0x106/0xf80 [ 1610.026525][T27100] ? clear_bhb_loop+0x40/0x90 [ 1610.026544][T27100] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1610.026558][T27100] RIP: 0033:0x7f6eaa95c84e [ 1610.026572][T27100] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1610.026667][T27100] RSP: 002b:00007f6eab77ffe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1610.026691][T27100] RAX: ffffffffffffffda RBX: 00007f6eab7806c0 RCX: 00007f6eaa95c84e [ 1610.026701][T27100] RDX: 000000000000000f RSI: 00007f6eab7800a0 RDI: 0000000000000004 [ 1610.026710][T27100] RBP: 00007f6eab780090 R08: 0000000000000000 R09: 0000000000000000 [ 1610.026718][T27100] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1610.026727][T27100] R13: 00007f6eaac16128 R14: 00007f6eaac16090 R15: 00007ffc60314f28 [ 1610.026750][T27100] [ 1610.623135][T27104] HfR: entered promiscuous mode [ 1610.650303][T27104] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5042'. [ 1610.693570][T27104] HfR: left promiscuous mode [ 1611.071793][T27111] vhci_hcd vhci_hcd.2: invalid port number 16 [ 1611.098706][T27111] vhci_hcd vhci_hcd.2: invalid port number 16 [ 1611.998755][T27129] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1612.048985][T27129] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1612.110151][T27129] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1612.151234][T27129] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1612.399008][T27143] vhci_hcd vhci_hcd.2: invalid port number 16 [ 1612.405110][T27143] vhci_hcd vhci_hcd.2: invalid port number 16 [ 1612.429171][T27148] netlink: 342 bytes leftover after parsing attributes in process `syz.5.5052'. [ 1612.467235][T27148] netlink: 342 bytes leftover after parsing attributes in process `syz.5.5052'. [ 1612.496517][T27147] netlink: 342 bytes leftover after parsing attributes in process `syz.5.5052'. [ 1612.542048][T27148] netlink: 342 bytes leftover after parsing attributes in process `syz.5.5052'. [ 1612.584829][T27148] netlink: 342 bytes leftover after parsing attributes in process `syz.5.5052'. [ 1612.599501][T27143] vhci_hcd: not connected 4 [ 1612.619682][T27148] netlink: 342 bytes leftover after parsing attributes in process `syz.5.5052'. [ 1612.659798][T27148] netlink: 342 bytes leftover after parsing attributes in process `syz.5.5052'. [ 1612.708941][T27148] netlink: 342 bytes leftover after parsing attributes in process `syz.5.5052'. [ 1613.379561][T27180] FAULT_INJECTION: forcing a failure. [ 1613.379561][T27180] name failslab, interval 1, probability 0, space 0, times 0 [ 1613.498362][T27180] CPU: 0 UID: 0 PID: 27180 Comm: syz.5.5062 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1613.498393][T27180] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1613.498400][T27180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1613.498409][T27180] Call Trace: [ 1613.498415][T27180] [ 1613.498422][T27180] dump_stack_lvl+0x100/0x190 [ 1613.498449][T27180] should_fail_ex.cold+0x5/0xa [ 1613.498468][T27180] should_failslab+0xc2/0x120 [ 1613.498491][T27180] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1613.498509][T27180] ? skb_clone+0x190/0x400 [ 1613.498532][T27180] skb_clone+0x190/0x400 [ 1613.498551][T27180] netlink_deliver_tap+0xaed/0xcc0 [ 1613.498576][T27180] netlink_unicast+0x650/0x870 [ 1613.498600][T27180] ? __pfx_netlink_unicast+0x10/0x10 [ 1613.498626][T27180] netlink_sendmsg+0x8b0/0xda0 [ 1613.498650][T27180] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1613.498673][T27180] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 1613.498701][T27180] __sys_sendto+0x4aa/0x520 [ 1613.498719][T27180] ? __pfx___sys_sendto+0x10/0x10 [ 1613.498742][T27180] ? count_memcg_events_mm.constprop.0+0xfa/0x2a0 [ 1613.498764][T27180] ? count_memcg_events_mm.constprop.0+0xfa/0x2a0 [ 1613.498798][T27180] __x64_sys_sendto+0xe0/0x1c0 [ 1613.498814][T27180] ? do_syscall_64+0x95/0xf80 [ 1613.498834][T27180] ? lockdep_hardirqs_on+0x78/0x100 [ 1613.498852][T27180] do_syscall_64+0x106/0xf80 [ 1613.498871][T27180] ? clear_bhb_loop+0x40/0x90 [ 1613.498889][T27180] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1613.498906][T27180] RIP: 0033:0x7f102675c84e [ 1613.498920][T27180] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1613.498935][T27180] RSP: 002b:00007f1027619e88 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 1613.498950][T27180] RAX: ffffffffffffffda RBX: 00007f102761b6c0 RCX: 00007f102675c84e [ 1613.498960][T27180] RDX: 0000000000000020 RSI: 00007f102761a000 RDI: 0000000000000009 [ 1613.498969][T27180] RBP: 0000000000000000 R08: 00007f1027619f04 R09: 000000000000000c [ 1613.498979][T27180] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009 [ 1613.498988][T27180] R13: 00007f1027619f58 R14: 00007f102761a000 R15: 0000000000000000 [ 1613.499009][T27180] [ 1614.036919][T23133] Bluetooth: hci2: command 0x0c1a tx timeout [ 1614.120296][T23133] Bluetooth: hci5: command 0x0c1a tx timeout [ 1614.186654][T23133] Bluetooth: hci0: command 0x041b tx timeout [ 1614.246844][T23133] Bluetooth: hci3: command 0x0c1a tx timeout [ 1616.962181][T27237] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1617.038647][T27237] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1617.137201][T27237] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1617.252024][T27237] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1618.696371][T23133] Bluetooth: hci2: command 0x0c1a tx timeout [ 1619.097931][T23133] Bluetooth: hci5: command 0x0c1a tx timeout [ 1619.177300][T23133] Bluetooth: hci0: command 0x041b tx timeout [ 1619.336718][T23133] Bluetooth: hci3: command 0x0c1a tx timeout [ 1622.553666][T27339] FAULT_INJECTION: forcing a failure. [ 1622.553666][T27339] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1622.620617][T27339] CPU: 0 UID: 0 PID: 27339 Comm: syz.1.5102 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1622.620645][T27339] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1622.620650][T27339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1622.620659][T27339] Call Trace: [ 1622.620665][T27339] [ 1622.620671][T27339] dump_stack_lvl+0x100/0x190 [ 1622.620696][T27339] should_fail_ex.cold+0x5/0xa [ 1622.620714][T27339] _copy_from_user+0x2e/0xd0 [ 1622.620732][T27339] do_tcp_setsockopt+0x73e/0x2ac0 [ 1622.620753][T27339] ? __pfx_do_tcp_setsockopt+0x10/0x10 [ 1622.620771][T27339] ? __pfx___might_resched+0x10/0x10 [ 1622.620795][T27339] ? aa_sk_perm+0x2de/0xb40 [ 1622.620812][T27339] ? ksys_write+0x190/0x250 [ 1622.620833][T27339] ? __pfx_aa_sk_perm+0x10/0x10 [ 1622.620851][T27339] ? find_held_lock+0x2b/0x80 [ 1622.620876][T27339] tcp_setsockopt+0xe2/0x100 [ 1622.620892][T27339] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 1622.620915][T27339] do_sock_setsockopt+0xf3/0x1d0 [ 1622.620938][T27339] __sys_setsockopt+0x119/0x190 [ 1622.620959][T27339] __x64_sys_setsockopt+0xbd/0x160 [ 1622.620976][T27339] ? do_syscall_64+0x95/0xf80 [ 1622.620994][T27339] ? lockdep_hardirqs_on+0x78/0x100 [ 1622.621012][T27339] do_syscall_64+0x106/0xf80 [ 1622.621029][T27339] ? clear_bhb_loop+0x40/0x90 [ 1622.621047][T27339] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1622.621062][T27339] RIP: 0033:0x7f6eaa99bf79 [ 1622.621076][T27339] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1622.621090][T27339] RSP: 002b:00007f6eab7a1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 1622.621105][T27339] RAX: ffffffffffffffda RBX: 00007f6eaac15fa0 RCX: 00007f6eaa99bf79 [ 1622.621114][T27339] RDX: 0000000000000025 RSI: 0000000000000006 RDI: 0000000000000003 [ 1622.621123][T27339] RBP: 00007f6eab7a1090 R08: 0000000000000007 R09: 0000000000000000 [ 1622.621132][T27339] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000001 [ 1622.621140][T27339] R13: 00007f6eaac16038 R14: 00007f6eaac15fa0 R15: 00007ffc60314f28 [ 1622.621159][T27339] [ 1625.904706][T27414] vhci_hcd vhci_hcd.2: invalid port number 16 [ 1625.953834][T27414] vhci_hcd vhci_hcd.2: invalid port number 16 [ 1626.189486][T27414] vhci_hcd: not connected 4 [ 1626.450565][T27427] FAULT_INJECTION: forcing a failure. [ 1626.450565][T27427] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1626.512582][T27427] CPU: 0 UID: 0 PID: 27427 Comm: syz.6.5125 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1626.512610][T27427] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1626.512616][T27427] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1626.512625][T27427] Call Trace: [ 1626.512631][T27427] [ 1626.512638][T27427] dump_stack_lvl+0x100/0x190 [ 1626.512664][T27427] should_fail_ex.cold+0x5/0xa [ 1626.512681][T27427] get_futex_key+0x1d2/0x1620 [ 1626.512699][T27427] ? __pfx_get_futex_key+0x10/0x10 [ 1626.512721][T27427] futex_wake_op+0x12d/0xdc0 [ 1626.512739][T27427] ? get_pid_task+0xfc/0x250 [ 1626.512760][T27427] ? __pfx_futex_wake_op+0x10/0x10 [ 1626.512777][T27427] ? proc_fail_nth_write+0x9f/0x220 [ 1626.512799][T27427] ? find_held_lock+0x2b/0x80 [ 1626.512825][T27427] ? ksys_write+0x190/0x250 [ 1626.512845][T27427] ? ksys_write+0x190/0x250 [ 1626.512867][T27427] do_futex+0x2f1/0x350 [ 1626.512883][T27427] ? __pfx_do_futex+0x10/0x10 [ 1626.512905][T27427] __x64_sys_futex+0x34f/0x4d0 [ 1626.512922][T27427] ? fput+0x79/0x100 [ 1626.512935][T27427] ? __pfx___x64_sys_futex+0x10/0x10 [ 1626.512951][T27427] ? ksys_write+0x1ac/0x250 [ 1626.512970][T27427] ? __pfx_ksys_write+0x10/0x10 [ 1626.512994][T27427] do_syscall_64+0x106/0xf80 [ 1626.513012][T27427] ? clear_bhb_loop+0x40/0x90 [ 1626.513030][T27427] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1626.513045][T27427] RIP: 0033:0x7f4f1cf9bf79 [ 1626.513058][T27427] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1626.513072][T27427] RSP: 002b:00007f4f1de45028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1626.513087][T27427] RAX: ffffffffffffffda RBX: 00007f4f1d216090 RCX: 00007f4f1cf9bf79 [ 1626.513097][T27427] RDX: 0000000000000004 RSI: 0000000000000005 RDI: 0000200000000000 [ 1626.513106][T27427] RBP: 00007f4f1de45090 R08: 0000200000000080 R09: 0000000004000000 [ 1626.513115][T27427] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1626.513123][T27427] R13: 00007f4f1d216128 R14: 00007f4f1d216090 R15: 00007ffd92b83e38 [ 1626.513143][T27427] [ 1627.046107][T27445] __nla_validate_parse: 28 callbacks suppressed [ 1627.046123][T27445] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5130'. [ 1629.441538][T27518] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1629.507213][T27518] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1629.639517][T27518] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1629.766470][T27518] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1631.497508][T23133] Bluetooth: hci2: command 0x0c1a tx timeout [ 1631.576369][T23133] Bluetooth: hci5: command 0x0c1a tx timeout [ 1631.656798][T23133] Bluetooth: hci0: command 0x041b tx timeout [ 1631.722334][T27569] FAULT_INJECTION: forcing a failure. [ 1631.722334][T27569] name failslab, interval 1, probability 0, space 0, times 0 [ 1631.776023][T27569] CPU: 0 UID: 0 PID: 27569 Comm: syz.6.5170 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1631.776050][T27569] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1631.776056][T27569] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1631.776065][T27569] Call Trace: [ 1631.776070][T27569] [ 1631.776077][T27569] dump_stack_lvl+0x100/0x190 [ 1631.776103][T27569] should_fail_ex.cold+0x5/0xa [ 1631.776121][T27569] should_failslab+0xc2/0x120 [ 1631.776142][T27569] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1631.776161][T27569] ? do_getname+0x35/0x390 [ 1631.776175][T27569] ? apparmor_capable+0x1d7/0x4e0 [ 1631.776193][T27569] do_getname+0x35/0x390 [ 1631.776209][T27569] vfs_open_tree+0x300/0x1500 [ 1631.776238][T27569] ? __print_lock_name+0x61/0x80 [ 1631.776259][T27569] ? __pfx_vfs_open_tree+0x10/0x10 [ 1631.776279][T27569] ? alloc_fd+0x476/0x790 [ 1631.776299][T27569] ? do_raw_spin_unlock+0x145/0x1e0 [ 1631.776319][T27569] ? _raw_spin_unlock+0x28/0x50 [ 1631.776336][T27569] ? alloc_fd+0x476/0x790 [ 1631.776359][T27569] ? __x64_sys_open_tree+0xa3/0x150 [ 1631.776381][T27569] __x64_sys_open_tree+0xa3/0x150 [ 1631.776411][T27569] do_syscall_64+0x106/0xf80 [ 1631.776430][T27569] ? clear_bhb_loop+0x40/0x90 [ 1631.776448][T27569] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1631.776462][T27569] RIP: 0033:0x7f4f1cf9bf79 [ 1631.776476][T27569] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1631.776490][T27569] RSP: 002b:00007f4f1de66028 EFLAGS: 00000246 ORIG_RAX: 00000000000001ac [ 1631.776505][T27569] RAX: ffffffffffffffda RBX: 00007f4f1d215fa0 RCX: 00007f4f1cf9bf79 [ 1631.776515][T27569] RDX: 0000000000000002 RSI: 0000000000000000 RDI: ffffffffffffffff [ 1631.776524][T27569] RBP: 00007f4f1de66090 R08: 0000000000000000 R09: 0000000000000000 [ 1631.776533][T27569] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1631.776541][T27569] R13: 00007f4f1d216038 R14: 00007f4f1d215fa0 R15: 00007ffd92b83e38 [ 1631.776560][T27569] [ 1632.228233][T23133] Bluetooth: hci3: command 0x0c1a tx timeout [ 1632.309135][T27575] FAULT_INJECTION: forcing a failure. [ 1632.309135][T27575] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1632.351495][T27575] CPU: 0 UID: 0 PID: 27575 Comm: syz.1.5172 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1632.351522][T27575] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1632.351528][T27575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1632.351537][T27575] Call Trace: [ 1632.351543][T27575] [ 1632.351549][T27575] dump_stack_lvl+0x100/0x190 [ 1632.351575][T27575] should_fail_ex.cold+0x5/0xa [ 1632.351592][T27575] get_futex_key+0x106f/0x1620 [ 1632.351611][T27575] ? __pfx_get_futex_key+0x10/0x10 [ 1632.351638][T27575] futex_wake_op+0x12d/0xdc0 [ 1632.351656][T27575] ? get_pid_task+0xfc/0x250 [ 1632.351678][T27575] ? __pfx_futex_wake_op+0x10/0x10 [ 1632.351695][T27575] ? proc_fail_nth_write+0x9f/0x220 [ 1632.351717][T27575] ? find_held_lock+0x2b/0x80 [ 1632.351744][T27575] ? ksys_write+0x190/0x250 [ 1632.351763][T27575] ? ksys_write+0x190/0x250 [ 1632.351785][T27575] do_futex+0x2f1/0x350 [ 1632.351802][T27575] ? __pfx_do_futex+0x10/0x10 [ 1632.351824][T27575] __x64_sys_futex+0x34f/0x4d0 [ 1632.351841][T27575] ? fput+0x79/0x100 [ 1632.351854][T27575] ? __pfx___x64_sys_futex+0x10/0x10 [ 1632.351870][T27575] ? ksys_write+0x1ac/0x250 [ 1632.351888][T27575] ? __pfx_ksys_write+0x10/0x10 [ 1632.351913][T27575] do_syscall_64+0x106/0xf80 [ 1632.351930][T27575] ? clear_bhb_loop+0x40/0x90 [ 1632.351948][T27575] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1632.351963][T27575] RIP: 0033:0x7f6eaa99bf79 [ 1632.351976][T27575] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1632.351991][T27575] RSP: 002b:00007f6eab780028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1632.352005][T27575] RAX: ffffffffffffffda RBX: 00007f6eaac16090 RCX: 00007f6eaa99bf79 [ 1632.352015][T27575] RDX: 0000000000000004 RSI: 0000000000000005 RDI: 0000200000000000 [ 1632.352024][T27575] RBP: 00007f6eab780090 R08: 0000200000000080 R09: 0000000004000000 [ 1632.352034][T27575] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1632.352042][T27575] R13: 00007f6eaac16128 R14: 00007f6eaac16090 R15: 00007ffc60314f28 [ 1632.352061][T27575] [ 1634.693671][ T5865] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 1634.702696][ T5865] Bluetooth: hci3: Invalid handle: 0x3a4a > 0x0eff [ 1636.816199][T27661] netlink: 50 bytes leftover after parsing attributes in process `syz.0.5197'. [ 1638.132810][T27703] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1638.218395][ T5865] Bluetooth: hci5: unexpected subevent 0x01 length: 123 > 18 [ 1638.229004][ T5865] Bluetooth: hci5: Invalid handle: 0x3a4a > 0x0eff [ 1639.284996][T27722] FAULT_INJECTION: forcing a failure. [ 1639.284996][T27722] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1639.359549][T27722] CPU: 0 UID: 0 PID: 27722 Comm: syz.6.5213 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1639.359576][T27722] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1639.359581][T27722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1639.359590][T27722] Call Trace: [ 1639.359596][T27722] [ 1639.359602][T27722] dump_stack_lvl+0x100/0x190 [ 1639.359628][T27722] should_fail_ex.cold+0x5/0xa [ 1639.359646][T27722] core_sys_select+0x938/0xbb0 [ 1639.359670][T27722] ? __pfx_core_sys_select+0x10/0x10 [ 1639.359688][T27722] ? get_pid_task+0xfc/0x250 [ 1639.359708][T27722] ? get_pid_task+0x106/0x250 [ 1639.359737][T27722] ? __mutex_unlock_slowpath+0x15c/0x790 [ 1639.359757][T27722] ? __fget_files+0x215/0x3d0 [ 1639.359777][T27722] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1639.359799][T27722] kern_select+0x20c/0x270 [ 1639.359819][T27722] ? __pfx_kern_select+0x10/0x10 [ 1639.359840][T27722] ? __pfx_ksys_write+0x10/0x10 [ 1639.359863][T27722] __x64_sys_select+0xbd/0x160 [ 1639.359881][T27722] ? do_syscall_64+0x95/0xf80 [ 1639.359899][T27722] ? lockdep_hardirqs_on+0x78/0x100 [ 1639.359917][T27722] do_syscall_64+0x106/0xf80 [ 1639.359933][T27722] ? clear_bhb_loop+0x40/0x90 [ 1639.359952][T27722] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1639.359966][T27722] RIP: 0033:0x7f4f1cf9bf79 [ 1639.359979][T27722] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1639.359993][T27722] RSP: 002b:00007f4f1de66028 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 1639.360019][T27722] RAX: ffffffffffffffda RBX: 00007f4f1d215fa0 RCX: 00007f4f1cf9bf79 [ 1639.360029][T27722] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000005 [ 1639.360038][T27722] RBP: 00007f4f1de66090 R08: 0000000000000000 R09: 0000000000000000 [ 1639.360047][T27722] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1639.360058][T27722] R13: 00007f4f1d216038 R14: 00007f4f1d215fa0 R15: 00007ffd92b83e38 [ 1639.360077][T27722] [ 1639.877965][T27725] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1639.896356][T27725] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1639.946801][T27725] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1639.952826][T27725] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1641.896369][T23133] Bluetooth: hci2: command 0x0c1a tx timeout [ 1641.957077][T27785] FAULT_INJECTION: forcing a failure. [ 1641.957077][T27785] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1641.979344][T23133] Bluetooth: hci3: command 0x0c1a tx timeout [ 1641.985454][ T5865] Bluetooth: hci0: command 0x041b tx timeout [ 1641.991557][ T5865] Bluetooth: hci5: command 0x0c1a tx timeout [ 1642.014796][T27788] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1642.024445][T27785] CPU: 0 UID: 0 PID: 27785 Comm: syz.5.5227 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1642.024475][T27785] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1642.024482][T27785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1642.024492][T27785] Call Trace: [ 1642.024498][T27785] [ 1642.024505][T27785] dump_stack_lvl+0x100/0x190 [ 1642.024532][T27785] should_fail_ex.cold+0x5/0xa [ 1642.024552][T27785] get_futex_key+0x1d2/0x1620 [ 1642.024571][T27785] ? __pfx_get_futex_key+0x10/0x10 [ 1642.024587][T27785] ? find_held_lock+0x2b/0x80 [ 1642.024610][T27785] ? is_bpf_text_address+0x8a/0x1a0 [ 1642.024630][T27785] ? is_bpf_text_address+0x8a/0x1a0 [ 1642.024650][T27785] ? bpf_ksym_find+0x124/0x1c0 [ 1642.024668][T27785] futex_wait_setup+0x81/0x500 [ 1642.024693][T27785] __futex_wait+0x19f/0x300 [ 1642.024715][T27785] ? __pfx___futex_wait+0x10/0x10 [ 1642.024756][T27785] ? __do_sys_setgroups+0x36f/0x4f0 [ 1642.024785][T27785] ? __pfx_futex_wake_mark+0x10/0x10 [ 1642.024809][T27785] ? futex_hash+0x2c5/0x380 [ 1642.024831][T27785] futex_wait+0xed/0x380 [ 1642.024852][T27785] ? __pfx_futex_wait+0x10/0x10 [ 1642.024883][T27785] do_futex+0x1ef/0x350 [ 1642.024901][T27785] ? __pfx_do_futex+0x10/0x10 [ 1642.024924][T27785] __x64_sys_futex+0x34f/0x4d0 [ 1642.024942][T27785] ? __do_sys_setgroups+0x36f/0x4f0 [ 1642.024960][T27785] ? kfree+0x1f6/0x6b0 [ 1642.024975][T27785] ? __pfx___x64_sys_futex+0x10/0x10 [ 1642.024999][T27785] do_syscall_64+0x106/0xf80 [ 1642.025021][T27785] ? clear_bhb_loop+0x40/0x90 [ 1642.025039][T27785] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1642.025055][T27785] RIP: 0033:0x7f102679bf79 [ 1642.025070][T27785] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1642.025086][T27785] RSP: 002b:00007f102765d0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1642.025101][T27785] RAX: ffffffffffffffda RBX: 00007f1026a15fa8 RCX: 00007f102679bf79 [ 1642.025112][T27785] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f1026a15fa8 [ 1642.025121][T27785] RBP: 00007f1026a15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1642.025130][T27785] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1642.025139][T27785] R13: 00007f1026a16038 R14: 00007ffee1ca0920 R15: 00007ffee1ca0a08 [ 1642.025160][T27785] [ 1642.257014][T27789] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1642.452217][T27797] FAULT_INJECTION: forcing a failure. [ 1642.452217][T27797] name failslab, interval 1, probability 0, space 0, times 0 [ 1642.465213][T27797] CPU: 0 UID: 0 PID: 27797 Comm: syz.1.5229 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1642.465241][T27797] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1642.465247][T27797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1642.465256][T27797] Call Trace: [ 1642.465263][T27797] [ 1642.465270][T27797] dump_stack_lvl+0x100/0x190 [ 1642.465296][T27797] should_fail_ex.cold+0x5/0xa [ 1642.465313][T27797] should_failslab+0xc2/0x120 [ 1642.465335][T27797] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 1642.465356][T27797] ? kstrdup_const+0x63/0x80 [ 1642.465379][T27797] kstrdup+0x51/0xe0 [ 1642.465398][T27797] kstrdup_const+0x63/0x80 [ 1642.465417][T27797] alloc_vfsmnt+0xe5/0x6a0 [ 1642.465434][T27797] clone_mnt+0x4b/0x930 [ 1642.465453][T27797] vfs_open_tree+0xb02/0x1500 [ 1642.465479][T27797] ? __pfx_vfs_open_tree+0x10/0x10 [ 1642.465499][T27797] ? alloc_fd+0x476/0x790 [ 1642.465520][T27797] ? do_raw_spin_unlock+0x145/0x1e0 [ 1642.465541][T27797] ? _raw_spin_unlock+0x28/0x50 [ 1642.465557][T27797] ? alloc_fd+0x476/0x790 [ 1642.465581][T27797] ? __x64_sys_open_tree+0xa3/0x150 [ 1642.465603][T27797] __x64_sys_open_tree+0xa3/0x150 [ 1642.465626][T27797] do_syscall_64+0x106/0xf80 [ 1642.465643][T27797] ? clear_bhb_loop+0x40/0x90 [ 1642.465662][T27797] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1642.465676][T27797] RIP: 0033:0x7f6eaa99bf79 [ 1642.465691][T27797] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1642.465705][T27797] RSP: 002b:00007f6eab7a1028 EFLAGS: 00000246 ORIG_RAX: 00000000000001ac [ 1642.465720][T27797] RAX: ffffffffffffffda RBX: 00007f6eaac15fa0 RCX: 00007f6eaa99bf79 [ 1642.465729][T27797] RDX: 0000000000000002 RSI: 0000000000000000 RDI: ffffffffffffffff [ 1642.465738][T27797] RBP: 00007f6eab7a1090 R08: 0000000000000000 R09: 0000000000000000 [ 1642.465747][T27797] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1642.465756][T27797] R13: 00007f6eaac16038 R14: 00007f6eaac15fa0 R15: 00007ffc60314f28 [ 1642.465775][T27797] [ 1643.307930][T27814] Kernel: The 'panic_print' parameter is now deprecated. Please use 'panic_sys_info' and 'panic_console_replay' instead. [ 1643.879289][T27829] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1643.965525][T27829] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1644.110654][T27829] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1644.250259][T27829] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1645.161679][T27856] FAULT_INJECTION: forcing a failure. [ 1645.161679][T27856] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1645.209613][T27856] CPU: 0 UID: 0 PID: 27856 Comm: syz.5.5243 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1645.209641][T27856] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1645.209647][T27856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1645.209656][T27856] Call Trace: [ 1645.209661][T27856] [ 1645.209667][T27856] dump_stack_lvl+0x100/0x190 [ 1645.209693][T27856] should_fail_ex.cold+0x5/0xa [ 1645.209711][T27856] _copy_to_user+0x32/0xd0 [ 1645.209730][T27856] simple_read_from_buffer+0xcb/0x170 [ 1645.209751][T27856] proc_fail_nth_read+0x1af/0x230 [ 1645.209774][T27856] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1645.209796][T27856] ? rw_verify_area+0xce/0x6d0 [ 1645.209813][T27856] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1645.209834][T27856] vfs_read+0x1e4/0xb30 [ 1645.209855][T27856] ? __pfx_vfs_read+0x10/0x10 [ 1645.209873][T27856] ? __fget_files+0x215/0x3d0 [ 1645.209896][T27856] ? __fget_files+0x21f/0x3d0 [ 1645.209920][T27856] ksys_read+0x12a/0x250 [ 1645.209939][T27856] ? __pfx_ksys_read+0x10/0x10 [ 1645.209963][T27856] do_syscall_64+0x106/0xf80 [ 1645.209981][T27856] ? clear_bhb_loop+0x40/0x90 [ 1645.209998][T27856] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1645.210013][T27856] RIP: 0033:0x7f102675c84e [ 1645.210026][T27856] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1645.210040][T27856] RSP: 002b:00007f102763bfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1645.210055][T27856] RAX: ffffffffffffffda RBX: 00007f102763c6c0 RCX: 00007f102675c84e [ 1645.210064][T27856] RDX: 000000000000000f RSI: 00007f102763c0a0 RDI: 0000000000000003 [ 1645.210073][T27856] RBP: 00007f102763c090 R08: 0000000000000000 R09: 0000000000000000 [ 1645.210082][T27856] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1645.210090][T27856] R13: 00007f1026a16128 R14: 00007f1026a16090 R15: 00007ffee1ca0a08 [ 1645.210109][T27856] [ 1645.916993][T23133] Bluetooth: hci2: command 0x0c1a tx timeout [ 1645.976773][T23133] Bluetooth: hci5: command 0x0c1a tx timeout [ 1646.138695][T23133] Bluetooth: hci0: command 0x041b tx timeout [ 1646.296649][T23133] Bluetooth: hci3: command 0x0c1a tx timeout [ 1647.088777][T27903] FAULT_INJECTION: forcing a failure. [ 1647.088777][T27903] name failslab, interval 1, probability 0, space 0, times 0 [ 1647.148995][T27903] CPU: 0 UID: 0 PID: 27903 Comm: syz.5.5261 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1647.149024][T27903] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1647.149030][T27903] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1647.149039][T27903] Call Trace: [ 1647.149045][T27903] [ 1647.149051][T27903] dump_stack_lvl+0x100/0x190 [ 1647.149077][T27903] should_fail_ex.cold+0x5/0xa [ 1647.149095][T27903] should_failslab+0xc2/0x120 [ 1647.149117][T27903] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1647.149136][T27903] ? alloc_vfsmnt+0x23/0x6a0 [ 1647.149155][T27903] alloc_vfsmnt+0x23/0x6a0 [ 1647.149171][T27903] clone_mnt+0x4b/0x930 [ 1647.149190][T27903] vfs_open_tree+0xb02/0x1500 [ 1647.149217][T27903] ? __pfx_vfs_open_tree+0x10/0x10 [ 1647.149237][T27903] ? alloc_fd+0x476/0x790 [ 1647.149257][T27903] ? do_raw_spin_unlock+0x145/0x1e0 [ 1647.149278][T27903] ? _raw_spin_unlock+0x28/0x50 [ 1647.149295][T27903] ? alloc_fd+0x476/0x790 [ 1647.149319][T27903] ? __x64_sys_open_tree+0xa3/0x150 [ 1647.149340][T27903] __x64_sys_open_tree+0xa3/0x150 [ 1647.149370][T27903] do_syscall_64+0x106/0xf80 [ 1647.149388][T27903] ? clear_bhb_loop+0x40/0x90 [ 1647.149406][T27903] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1647.149421][T27903] RIP: 0033:0x7f102679bf79 [ 1647.149435][T27903] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1647.149449][T27903] RSP: 002b:00007f102765d028 EFLAGS: 00000246 ORIG_RAX: 00000000000001ac [ 1647.149464][T27903] RAX: ffffffffffffffda RBX: 00007f1026a15fa0 RCX: 00007f102679bf79 [ 1647.149473][T27903] RDX: 0000000000000002 RSI: 0000000000000000 RDI: ffffffffffffffff [ 1647.149482][T27903] RBP: 00007f102765d090 R08: 0000000000000000 R09: 0000000000000000 [ 1647.149491][T27903] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1647.149499][T27903] R13: 00007f1026a16038 R14: 00007f1026a15fa0 R15: 00007ffee1ca0a08 [ 1647.149518][T27903] [ 1647.639941][T27908] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1649.136364][T27911] kexec: Could not allocate control_code_buffer [ 1651.570681][T28039] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1652.154565][T28052] netlink: 342 bytes leftover after parsing attributes in process `syz.6.5298'. [ 1653.129816][T28078] random: crng reseeded on system resumption [ 1653.458412][T28088] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5312'. [ 1653.492177][T28068] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1654.807162][T28116] netlink: 144 bytes leftover after parsing attributes in process `syz.1.5319'. [ 1654.890803][T28114] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5319'. [ 1655.340186][T28132] blkio.reset_stats is deprecated [ 1656.112474][T28154] netlink: 144 bytes leftover after parsing attributes in process `syz.0.5331'. [ 1656.147108][T28154] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5331'. [ 1656.466572][T28166] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1656.466747][T28166] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1656.467133][T28166] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1656.473613][T28166] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1657.757164][T28189] GUP no longer grows the stack in syz.6.5341 (28189): 14000-18000 (4000) [ 1657.784219][T28190] netlink: 144 bytes leftover after parsing attributes in process `syz.0.5342'. [ 1657.798976][T28189] CPU: 0 UID: 0 PID: 28189 Comm: syz.6.5341 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1657.799005][T28189] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1657.799012][T28189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1657.799021][T28189] Call Trace: [ 1657.799027][T28189] [ 1657.799034][T28189] dump_stack_lvl+0x100/0x190 [ 1657.799062][T28189] gup_vma_lookup.cold+0x83/0x96 [ 1657.799087][T28189] __get_user_pages+0x241/0x34d0 [ 1657.799116][T28189] ? find_held_lock+0x2b/0x80 [ 1657.799139][T28189] ? mtree_load+0x311/0xa40 [ 1657.799158][T28189] ? __pfx___get_user_pages+0x10/0x10 [ 1657.799187][T28189] get_user_pages_remote+0x3d2/0xb10 [ 1657.799213][T28189] ? __pfx_get_user_pages_remote+0x10/0x10 [ 1657.799239][T28189] ? noop_dirty_folio+0x98/0x160 [ 1657.799265][T28189] __access_remote_vm+0x3ba/0xa70 [ 1657.799291][T28189] ? __pfx___access_remote_vm+0x10/0x10 [ 1657.799317][T28189] mem_rw+0x20a/0x640 [ 1657.799340][T28189] vfs_write+0x2aa/0x1070 [ 1657.799362][T28189] ? __pfx_mem_write+0x10/0x10 [ 1657.799384][T28189] ? __pfx_vfs_write+0x10/0x10 [ 1657.799414][T28189] ? __fget_files+0x215/0x3d0 [ 1657.799439][T28189] ? __fget_files+0x21f/0x3d0 [ 1657.799466][T28189] ksys_write+0x12a/0x250 [ 1657.799486][T28189] ? __pfx_ksys_write+0x10/0x10 [ 1657.799512][T28189] do_syscall_64+0x106/0xf80 [ 1657.799531][T28189] ? clear_bhb_loop+0x40/0x90 [ 1657.799550][T28189] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1657.799566][T28189] RIP: 0033:0x7f4f1cf9bf79 [ 1657.799580][T28189] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1657.799597][T28189] RSP: 002b:00007f4f1de66028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1657.799612][T28189] RAX: ffffffffffffffda RBX: 00007f4f1d215fa0 RCX: 00007f4f1cf9bf79 [ 1657.799622][T28189] RDX: 000000000000ffd8 RSI: 0000000000000000 RDI: 0000000000000003 [ 1657.799632][T28189] RBP: 00007f4f1d0327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1657.799642][T28189] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1657.799651][T28189] R13: 00007f4f1d216038 R14: 00007f4f1d215fa0 R15: 00007ffd92b83e38 [ 1657.799673][T28189] [ 1658.037902][T28189] netlink: 'syz.6.5341': attribute type 5 has an invalid length. [ 1658.045722][T28189] netlink: 'syz.6.5341': attribute type 1 has an invalid length. [ 1658.053503][T28189] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5341'. [ 1658.137105][T28190] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5342'. [ 1658.543039][T23133] Bluetooth: hci3: command 0x0c1a tx timeout [ 1658.550823][ T5865] Bluetooth: hci0: command 0x041b tx timeout [ 1658.556946][T24462] Bluetooth: hci5: command 0x0c1a tx timeout [ 1658.563168][T24462] Bluetooth: hci2: command 0x0c1a tx timeout [ 1660.310068][T28263] vhci_hcd vhci_hcd.2: invalid port number 16 [ 1660.334503][T28263] vhci_hcd vhci_hcd.2: invalid port number 16 [ 1661.415016][T28292] netlink: 144 bytes leftover after parsing attributes in process `syz.5.5372'. [ 1661.480847][T28292] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5372'. [ 1661.736078][T28304] netlink: 326 bytes leftover after parsing attributes in process `syz.5.5376'. [ 1661.792472][T28304] bridge0: port 2(bridge_slave_1) entered disabled state [ 1661.800211][T28304] bridge0: port 1(bridge_slave_0) entered disabled state [ 1661.831111][T28306] FAULT_INJECTION: forcing a failure. [ 1661.831111][T28306] name failslab, interval 1, probability 0, space 0, times 0 [ 1661.886095][T28306] CPU: 0 UID: 0 PID: 28306 Comm: syz.6.5375 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1661.886122][T28306] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1661.886128][T28306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1661.886138][T28306] Call Trace: [ 1661.886143][T28306] [ 1661.886149][T28306] dump_stack_lvl+0x100/0x190 [ 1661.886176][T28306] should_fail_ex.cold+0x5/0xa [ 1661.886193][T28306] ? tomoyo_realpath_from_path+0xb6/0x690 [ 1661.886213][T28306] should_failslab+0xc2/0x120 [ 1661.886239][T28306] __kmalloc_noprof+0xe0/0x850 [ 1661.886261][T28306] tomoyo_realpath_from_path+0xb6/0x690 [ 1661.886286][T28306] tomoyo_path_number_perm+0x23c/0x580 [ 1661.886308][T28306] ? tomoyo_path_number_perm+0x22e/0x580 [ 1661.886326][T28306] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1661.886361][T28306] ? find_held_lock+0x2b/0x80 [ 1661.886383][T28306] ? __fget_files+0x215/0x3d0 [ 1661.886402][T28306] ? hook_file_ioctl_common+0x146/0x410 [ 1661.886423][T28306] ? __fget_files+0x21f/0x3d0 [ 1661.886445][T28306] security_file_ioctl+0xd3/0x230 [ 1661.886463][T28306] __x64_sys_ioctl+0xb7/0x210 [ 1661.886482][T28306] do_syscall_64+0x106/0xf80 [ 1661.886501][T28306] ? clear_bhb_loop+0x40/0x90 [ 1661.886518][T28306] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1661.886533][T28306] RIP: 0033:0x7f4f1cf9bf79 [ 1661.886546][T28306] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1661.886560][T28306] RSP: 002b:00007f4f1de45028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1661.886575][T28306] RAX: ffffffffffffffda RBX: 00007f4f1d216090 RCX: 00007f4f1cf9bf79 [ 1661.886585][T28306] RDX: 0000000000000000 RSI: 000000000000540b RDI: 000000000000000f [ 1661.886593][T28306] RBP: 00007f4f1de45090 R08: 0000000000000000 R09: 0000000000000000 [ 1661.886602][T28306] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1661.886611][T28306] R13: 00007f4f1d216128 R14: 00007f4f1d216090 R15: 00007ffd92b83e38 [ 1661.886630][T28306] [ 1662.326570][T28317] netlink: 186 bytes leftover after parsing attributes in process `syz.5.5380'. [ 1662.443957][T28323] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5382'. [ 1662.849037][T28306] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1663.397450][T28348] netlink: 330 bytes leftover after parsing attributes in process `syz.0.5389'. [ 1663.461340][T28347] netlink: 330 bytes leftover after parsing attributes in process `syz.0.5389'. [ 1663.683693][T28348] erspan0: refused to change device tx_queue_len [ 1663.895766][T28347] erspan0: refused to change device tx_queue_len [ 1663.993042][T28363] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5392'. [ 1664.229921][T28364] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1664.384979][T28364] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1664.461368][T28364] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1664.541044][T28364] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1665.060089][T28383] netlink: 'syz.6.5396': attribute type 1 has an invalid length. [ 1665.930743][T28404] netlink: 144 bytes leftover after parsing attributes in process `syz.5.5403'. [ 1665.973401][T28404] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5403'. [ 1666.296535][T28209] Bluetooth: hci2: command 0x0c1a tx timeout [ 1666.458046][T28209] Bluetooth: hci5: command 0x0c1a tx timeout [ 1666.536538][T18587] Bluetooth: hci0: command 0x041b tx timeout [ 1666.542653][T28209] Bluetooth: hci3: command 0x0c1a tx timeout [ 1666.612230][T28415] netlink: 144 bytes leftover after parsing attributes in process `syz.1.5407'. [ 1666.660651][T28410] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1666.727482][T28415] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5407'. [ 1666.792825][T28410] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1666.894173][T28410] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1667.036530][T28410] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1667.697161][T28443] netlink: 144 bytes leftover after parsing attributes in process `syz.5.5413'. [ 1667.752940][T28443] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5413'. [ 1668.696433][T28209] Bluetooth: hci2: command 0x0c1a tx timeout [ 1668.856573][T28209] Bluetooth: hci5: command 0x0c1a tx timeout [ 1668.937322][T28209] Bluetooth: hci0: command 0x041b tx timeout [ 1669.022108][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1669.028537][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1669.106336][T28209] Bluetooth: hci3: command 0x0c1a tx timeout [ 1670.952372][T28500] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1670.966939][T28500] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1670.984801][T28500] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1671.014652][T28500] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1671.344289][T28526] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5439'. [ 1671.373081][T28526] netlink: 354 bytes leftover after parsing attributes in process `syz.0.5439'. [ 1672.298645][T28209] Bluetooth: hci2: command 0x0c1a tx timeout [ 1673.016417][T28209] Bluetooth: hci3: command 0x0c1a tx timeout [ 1673.022516][T18587] Bluetooth: hci0: command 0x041b tx timeout [ 1673.028637][T24462] Bluetooth: hci5: command 0x0c1a tx timeout [ 1674.421956][T28576] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5455'. [ 1676.112558][T28624] netlink: 144 bytes leftover after parsing attributes in process `syz.1.5467'. [ 1676.171810][T28624] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5467'. [ 1676.445018][T28612] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1676.461038][T28612] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1676.485227][T28612] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1676.502993][T28612] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1676.592887][T28635] netlink: 144 bytes leftover after parsing attributes in process `syz.1.5472'. [ 1676.760323][T28635] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5472'. [ 1676.965278][T28648] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(2) [ 1677.266169][T28650] Invalid ELF header magic: != ELF [ 1677.816357][T28209] Bluetooth: hci2: command 0x0c1a tx timeout [ 1678.042983][T28668] netlink: 144 bytes leftover after parsing attributes in process `syz.5.5481'. [ 1678.146841][T28666] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5481'. [ 1678.536609][T28209] Bluetooth: hci3: command 0x0c1a tx timeout [ 1678.542833][T18587] Bluetooth: hci0: command 0x041b tx timeout [ 1678.549279][T24462] Bluetooth: hci5: command 0x0c1a tx timeout [ 1682.964943][T28764] FAULT_INJECTION: forcing a failure. [ 1682.964943][T28764] name failslab, interval 1, probability 0, space 0, times 0 [ 1683.081474][T28764] CPU: 0 UID: 0 PID: 28764 Comm: syz.5.5507 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1683.081502][T28764] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1683.081508][T28764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1683.081517][T28764] Call Trace: [ 1683.081523][T28764] [ 1683.081530][T28764] dump_stack_lvl+0x100/0x190 [ 1683.081555][T28764] should_fail_ex.cold+0x5/0xa [ 1683.081572][T28764] should_failslab+0xc2/0x120 [ 1683.081595][T28764] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1683.081613][T28764] ? alloc_empty_file+0x55/0x1c0 [ 1683.081632][T28764] alloc_empty_file+0x55/0x1c0 [ 1683.081647][T28764] alloc_file_pseudo+0x13a/0x230 [ 1683.081663][T28764] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 1683.081684][T28764] __shmem_file_setup+0x1a3/0x330 [ 1683.081703][T28764] shmem_zero_setup+0x93/0x1b0 [ 1683.081724][T28764] __mmap_region+0x20b5/0x2760 [ 1683.081745][T28764] ? __pfx___mmap_region+0x10/0x10 [ 1683.081776][T28764] ? finish_task_switch.isra.0+0x205/0xb80 [ 1683.081791][T28764] ? lockdep_hardirqs_on+0x78/0x100 [ 1683.081810][T28764] ? finish_task_switch.isra.0+0x205/0xb80 [ 1683.081859][T28764] ? rcu_is_watching+0x12/0xc0 [ 1683.081880][T28764] ? cap_capable+0x107/0x460 [ 1683.081906][T28764] mmap_region+0x180/0x3e0 [ 1683.081928][T28764] do_mmap+0xc63/0x12f0 [ 1683.081953][T28764] ? __pfx_do_mmap+0x10/0x10 [ 1683.081975][T28764] ? __pfx_down_write_killable+0x10/0x10 [ 1683.082002][T28764] vm_mmap_pgoff+0x29e/0x470 [ 1683.082027][T28764] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1683.082053][T28764] ? __x64_sys_futex+0x34f/0x4d0 [ 1683.082069][T28764] ? __x64_sys_futex+0x358/0x4d0 [ 1683.082088][T28764] ksys_mmap_pgoff+0x7d/0x5b0 [ 1683.082118][T28764] __x64_sys_mmap+0x125/0x190 [ 1683.082141][T28764] do_syscall_64+0x106/0xf80 [ 1683.082159][T28764] ? clear_bhb_loop+0x40/0x90 [ 1683.082177][T28764] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1683.082191][T28764] RIP: 0033:0x7f102679bf79 [ 1683.082205][T28764] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1683.082218][T28764] RSP: 002b:00007f102765d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1683.082233][T28764] RAX: ffffffffffffffda RBX: 00007f1026a15fa0 RCX: 00007f102679bf79 [ 1683.082242][T28764] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 1683.082251][T28764] RBP: 00007f10268327e0 R08: fffffffffffffffa R09: 0000000000008000 [ 1683.082261][T28764] R10: 0000009000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 1683.082270][T28764] R13: 00007f1026a16038 R14: 00007f1026a15fa0 R15: 00007ffee1ca0a08 [ 1683.082289][T28764] [ 1686.201680][T28828] FAULT_INJECTION: forcing a failure. [ 1686.201680][T28828] name failslab, interval 1, probability 0, space 0, times 0 [ 1686.262637][T28828] CPU: 0 UID: 0 PID: 28828 Comm: syz.6.5528 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1686.262664][T28828] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1686.262670][T28828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1686.262679][T28828] Call Trace: [ 1686.262685][T28828] [ 1686.262691][T28828] dump_stack_lvl+0x100/0x190 [ 1686.262717][T28828] should_fail_ex.cold+0x5/0xa [ 1686.262734][T28828] should_failslab+0xc2/0x120 [ 1686.262756][T28828] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1686.262775][T28828] ? alloc_empty_file+0x55/0x1c0 [ 1686.262794][T28828] alloc_empty_file+0x55/0x1c0 [ 1686.262809][T28828] dentry_open+0x46/0xd0 [ 1686.262824][T28828] open_namespace_file+0xd7/0x130 [ 1686.262846][T28828] ? __pfx_open_namespace_file+0x10/0x10 [ 1686.262867][T28828] ? dput.part.0+0xdd/0x570 [ 1686.262885][T28828] vfs_open_tree+0x10dc/0x1500 [ 1686.262918][T28828] ? __pfx_vfs_open_tree+0x10/0x10 [ 1686.262937][T28828] ? alloc_fd+0x476/0x790 [ 1686.262958][T28828] ? do_raw_spin_unlock+0x145/0x1e0 [ 1686.262979][T28828] ? alloc_fd+0x476/0x790 [ 1686.263003][T28828] ? __x64_sys_open_tree+0xa3/0x150 [ 1686.263024][T28828] __x64_sys_open_tree+0xa3/0x150 [ 1686.263047][T28828] do_syscall_64+0x106/0xf80 [ 1686.263065][T28828] ? clear_bhb_loop+0x40/0x90 [ 1686.263083][T28828] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1686.263098][T28828] RIP: 0033:0x7f4f1cf9bf79 [ 1686.263111][T28828] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1686.263125][T28828] RSP: 002b:00007f4f1de66028 EFLAGS: 00000246 ORIG_RAX: 00000000000001ac [ 1686.263139][T28828] RAX: ffffffffffffffda RBX: 00007f4f1d215fa0 RCX: 00007f4f1cf9bf79 [ 1686.263149][T28828] RDX: 0000000000000002 RSI: 0000000000000000 RDI: ffffffffffffffff [ 1686.263158][T28828] RBP: 00007f4f1de66090 R08: 0000000000000000 R09: 0000000000000000 [ 1686.263167][T28828] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1686.263175][T28828] R13: 00007f4f1d216038 R14: 00007f4f1d215fa0 R15: 00007ffd92b83e38 [ 1686.263194][T28828] [ 1687.325364][T28866] FAULT_INJECTION: forcing a failure. [ 1687.325364][T28866] name failslab, interval 1, probability 0, space 0, times 0 [ 1687.519203][T28866] CPU: 0 UID: 0 PID: 28866 Comm: syz.6.5538 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1687.519232][T28866] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1687.519239][T28866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1687.519248][T28866] Call Trace: [ 1687.519254][T28866] [ 1687.519261][T28866] dump_stack_lvl+0x100/0x190 [ 1687.519289][T28866] should_fail_ex.cold+0x5/0xa [ 1687.519307][T28866] should_failslab+0xc2/0x120 [ 1687.519330][T28866] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 1687.519351][T28866] ? __alloc_skb+0x140/0x710 [ 1687.519372][T28866] __alloc_skb+0x140/0x710 [ 1687.519388][T28866] ? __alloc_skb+0x5b7/0x710 [ 1687.519405][T28866] ? __pfx___alloc_skb+0x10/0x10 [ 1687.519422][T28866] ? kmem_cache_alloc_noprof+0x292/0x6e0 [ 1687.519440][T28866] ? audit_log_start+0x29d/0x930 [ 1687.519459][T28866] ? lockdep_init_map_type+0x5c/0x250 [ 1687.519481][T28866] audit_log_start+0x350/0x930 [ 1687.519501][T28866] ? __pfx_audit_log_start+0x10/0x10 [ 1687.519521][T28866] ? arch_do_signal_or_restart+0x1f9/0x770 [ 1687.519540][T28866] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1687.519563][T28866] audit_seccomp+0x60/0x190 [ 1687.519578][T28866] ? exc_general_protection+0x12e/0x250 [ 1687.519603][T28866] __secure_computing+0x26d/0x2c0 [ 1687.519623][T28866] do_syscall_64+0x568/0xf80 [ 1687.519642][T28866] ? clear_bhb_loop+0x40/0x90 [ 1687.519660][T28866] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1687.519675][T28866] RIP: 0033:0x7f4f1cf9bf79 [ 1687.519690][T28866] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1687.519705][T28866] RSP: 002b:00007f4f1de23a38 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 1687.519720][T28866] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00007f4f1cf9bf79 [ 1687.519730][T28866] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 000000000000000b [ 1687.519739][T28866] RBP: 00007f4f1de24030 R08: 0000000000000000 R09: 000000000000000b [ 1687.519748][T28866] R10: 0000000000000009 R11: 0000000000000246 R12: 00000000000493fe [ 1687.519757][T28866] R13: 00007f4f1d216218 R14: 00007f4f1d216180 R15: 00007ffd92b83e38 [ 1687.519785][T28866] [ 1687.519805][T28866] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64 [ 1688.548082][T28893] netlink: 144 bytes leftover after parsing attributes in process `syz.5.5549'. [ 1688.603988][T28889] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5549'. [ 1688.853224][T28866] audit: out of memory in audit_log_start [ 1688.903349][T28862] futex_wake_op: syz.6.5538 tries to shift op by -1; fix this program [ 1689.393700][T28911] ------------[ cut here ]------------ [ 1689.399560][T28911] !reader [ 1689.399571][T28911] WARNING: kernel/trace/ring_buffer.c:7381 at ring_buffer_map_get_reader+0x659/0x880, CPU#0: syz.1.5555/28911 [ 1689.414175][T28911] Modules linked in: [ 1689.418361][T28911] CPU: 0 UID: 0 PID: 28911 Comm: syz.1.5555 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1689.429310][T28911] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1689.434491][T28911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1689.444916][T28911] RIP: 0010:ring_buffer_map_get_reader+0x659/0x880 [ 1689.451456][T28911] Code: ff e8 5b d7 fb ff 48 8d 3d 04 10 d1 0e 4c 89 fe 67 48 0f b9 3a e9 e0 fc ff ff 4c 8b 7c 24 58 4c 8b 74 24 60 e8 38 d7 fb ff 90 <0f> 0b 90 e8 2f d7 fb ff 48 89 df 31 db e8 25 12 fe ff 48 8b 74 24 [ 1689.471068][T28911] RSP: 0018:ffffc90004567d90 EFLAGS: 00010083 [ 1689.477133][T28911] RAX: 00000000000007b3 RBX: ffff88813fe9d000 RCX: ffffc9000f736000 [ 1689.485266][T28911] RDX: 0000000000080000 RSI: ffffffff820c20a8 RDI: ffff88806008dac0 [ 1689.493225][T28911] RBP: 0000000000000000 R08: 0000000000000007 R09: 0000000000000000 [ 1689.501183][T28911] R10: 0000000000000000 R11: ffff88813fe9d0b0 R12: ffff88813fe9d0b0 [ 1689.509141][T28911] R13: dffffc0000000000 R14: ffff88813fe9d190 R15: ffff88813fe9d018 [ 1689.517185][T28911] FS: 00007f6eab7a16c0(0000) GS:ffff88812435a000(0000) knlGS:0000000000000000 [ 1689.526128][T28911] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1689.532748][T28911] CR2: 0000001b32e16ff8 CR3: 000000009a856000 CR4: 00000000003526f0 [ 1689.540710][T28911] Call Trace: [ 1689.543982][T28911] [ 1689.546905][T28911] ? __pfx_ring_buffer_map_get_reader+0x10/0x10 [ 1689.553146][T28911] ? __fget_files+0x21f/0x3d0 [ 1689.557824][T28911] tracing_buffers_ioctl+0x30d/0x400 [ 1689.563115][T28911] ? __pfx_tracing_buffers_ioctl+0x10/0x10 [ 1689.568943][T28911] __x64_sys_ioctl+0x18e/0x210 [ 1689.573723][T28911] do_syscall_64+0x106/0xf80 [ 1689.578308][T28911] ? clear_bhb_loop+0x40/0x90 [ 1689.582978][T28911] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1689.588863][T28911] RIP: 0033:0x7f6eaa99bf79 [ 1689.593268][T28911] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1689.612866][T28911] RSP: 002b:00007f6eab7a1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1689.621268][T28911] RAX: ffffffffffffffda RBX: 00007f6eaac15fa0 RCX: 00007f6eaa99bf79 [ 1689.629238][T28911] RDX: 0000000000000000 RSI: 0000000000005220 RDI: 0000000000000002 [ 1689.637196][T28911] RBP: 00007f6eaaa327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1689.645238][T28911] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1689.653280][T28911] R13: 00007f6eaac16038 R14: 00007f6eaac15fa0 R15: 00007ffc60314f28 [ 1689.661259][T28911] [ 1689.664266][T28911] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1689.671531][T28911] CPU: 0 UID: 0 PID: 28911 Comm: syz.1.5555 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1689.682453][T28911] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1689.687631][T28911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1689.697667][T28911] Call Trace: [ 1689.700933][T28911] [ 1689.703939][T28911] dump_stack_lvl+0x100/0x190 [ 1689.708613][T28911] vpanic+0x552/0x970 [ 1689.712600][T28911] ? __pfx_vpanic+0x10/0x10 [ 1689.717096][T28911] panic+0xd1/0xe0 [ 1689.720818][T28911] ? __pfx_panic+0x10/0x10 [ 1689.725231][T28911] check_panic_on_warn.cold+0x19/0x34 [ 1689.730597][T28911] ? ring_buffer_map_get_reader+0x659/0x880 [ 1689.736481][T28911] __warn.cold+0x191/0x348 [ 1689.740885][T28911] __report_bug+0x296/0x3d0 [ 1689.745377][T28911] ? ring_buffer_map_get_reader+0x659/0x880 [ 1689.751438][T28911] ? __pfx___report_bug+0x10/0x10 [ 1689.756448][T28911] ? rcu_is_watching+0x12/0xc0 [ 1689.761388][T28911] ? trace_contention_end+0x140/0x180 [ 1689.766755][T28911] ? rb_set_head_page+0x1e6/0x2f0 [ 1689.771768][T28911] ? ring_buffer_map_get_reader+0x659/0x880 [ 1689.777654][T28911] report_bug+0xb2/0x220 [ 1689.781883][T28911] ? ring_buffer_map_get_reader+0x659/0x880 [ 1689.787768][T28911] handle_bug+0x166/0x2a0 [ 1689.792094][T28911] exc_invalid_op+0x17/0x50 [ 1689.796848][T28911] asm_exc_invalid_op+0x1a/0x20 [ 1689.801683][T28911] RIP: 0010:ring_buffer_map_get_reader+0x659/0x880 [ 1689.808180][T28911] Code: ff e8 5b d7 fb ff 48 8d 3d 04 10 d1 0e 4c 89 fe 67 48 0f b9 3a e9 e0 fc ff ff 4c 8b 7c 24 58 4c 8b 74 24 60 e8 38 d7 fb ff 90 <0f> 0b 90 e8 2f d7 fb ff 48 89 df 31 db e8 25 12 fe ff 48 8b 74 24 [ 1689.827863][T28911] RSP: 0018:ffffc90004567d90 EFLAGS: 00010083 [ 1689.833924][T28911] RAX: 00000000000007b3 RBX: ffff88813fe9d000 RCX: ffffc9000f736000 [ 1689.841880][T28911] RDX: 0000000000080000 RSI: ffffffff820c20a8 RDI: ffff88806008dac0 [ 1689.849836][T28911] RBP: 0000000000000000 R08: 0000000000000007 R09: 0000000000000000 [ 1689.858229][T28911] R10: 0000000000000000 R11: ffff88813fe9d0b0 R12: ffff88813fe9d0b0 [ 1689.866189][T28911] R13: dffffc0000000000 R14: ffff88813fe9d190 R15: ffff88813fe9d018 [ 1689.874163][T28911] ? ring_buffer_map_get_reader+0x658/0x880 [ 1689.880072][T28911] ? __pfx_ring_buffer_map_get_reader+0x10/0x10 [ 1689.886311][T28911] ? __fget_files+0x21f/0x3d0 [ 1689.890979][T28911] tracing_buffers_ioctl+0x30d/0x400 [ 1689.896252][T28911] ? __pfx_tracing_buffers_ioctl+0x10/0x10 [ 1689.902045][T28911] __x64_sys_ioctl+0x18e/0x210 [ 1689.906799][T28911] do_syscall_64+0x106/0xf80 [ 1689.911381][T28911] ? clear_bhb_loop+0x40/0x90 [ 1689.916047][T28911] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1689.922100][T28911] RIP: 0033:0x7f6eaa99bf79 [ 1689.926501][T28911] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1689.946124][T28911] RSP: 002b:00007f6eab7a1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1689.954797][T28911] RAX: ffffffffffffffda RBX: 00007f6eaac15fa0 RCX: 00007f6eaa99bf79 [ 1689.962754][T28911] RDX: 0000000000000000 RSI: 0000000000005220 RDI: 0000000000000002 [ 1689.970708][T28911] RBP: 00007f6eaaa327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1689.978665][T28911] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1689.986621][T28911] R13: 00007f6eaac16038 R14: 00007f6eaac15fa0 R15: 00007ffc60314f28 [ 1689.994588][T28911] [ 1689.997655][T28911] Kernel Offset: disabled [ 1690.001975][T28911] Rebooting in 86400 seconds..