last executing test programs: 23m30.225088037s ago: executing program 1 (id=1441): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) socketpair$auto(0x1, 0x3, 0xfffffffe, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x54) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r0 = openat$auto_dmaengine_summary_fops_(0xffffffffffffff9c, &(0x7f0000000080), 0x80100, 0x0) read$auto_dmaengine_summary_fops_(r0, &(0x7f00000001c0)=""/4096, 0x1000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$auto(0x3, 0x800c6f40, r1) 23m30.186662789s ago: executing program 1 (id=1442): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000180)='/dev/input/event0\x00', 0x8000, 0x0) socket(0x10, 0x2, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x2000, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x1eb343, 0x100) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D3\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/dev/audio1\x00', 0x100000a3d9) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x3, 0x0, 0xfffffffffffffffc, 0x696b}, 0xed7138c}, 0x2, 0x9) r2 = socket(0xa, 0x5, 0x84) sendto$auto(r2, 0x0, 0x401, 0x7f, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fe80000700"}, 0x1c) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/asound/card1/pcm1p/sub5/hw_params\x00', 0x81000, 0x0) read$auto_proc_reg_file_ops_compat_inode(r3, 0x0, 0xfffffe36) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getrlimit$auto(0x9, 0x0) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) ioctl$auto_BLKZEROOUT(r4, 0x127f, 0x0) ioctl$auto_BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000140)={"2252f65ca1b92f72a92538725b0694521629e8c3e6ba91c62e2e9d42cf4aef15", 0x4, 0x3, 0x8004, 0x6, 0xff}) ioctl$auto_EVIOCGEFFECTS(r0, 0x80044584, 0x0) syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000bc0), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) fadvise64$auto(r6, 0x0, 0xffffffff80000001, 0x8) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000000c0)={'batadv0\x00'}) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/platform/dummy_hcd.1/usb2/2-0:1.0/usb2-port1/disable\x00', 0x102, 0x0) sendfile$auto(r7, r7, 0x0, 0x7) 23m29.003804882s ago: executing program 1 (id=1444): r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty17\x00', 0x1, 0x0) eventfd$auto(0x100) preadv2$auto(r0, 0x0, 0x10006, 0x8, 0x80000000007, 0x2e) write$auto_tty_fops_tty_io(r0, 0x0, 0x0) mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000) ioctl$auto(0xffffffffffffffff, 0x8912, 0x38) ustat$auto(0x801, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x5) writev$auto(0xffffffffffffffff, 0x0, 0x8) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) madvise$auto(0x0, 0x2003f0, 0x15) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0xda) write$auto(0xca, &(0x7f0000000400)='\x04>\x00\x1d\xa4\xd2\xc3\xec&9\v\xbc\xdein\xe1G8\x02\x18\x00\x00\xd3b\x01\xbd\x9b@\xb0\x00\x00\x00\x84\xa2\\\x15\xc4>\xa9\x82,\x95\xeeH\xf8}v\xb3\xcb(\xa90Abe\xc3\x8c\xcc\xe7\xb8\x00F\x89#\xb4\xf0F\xa1GH\xb5\x8f\x9dZ~\xea\xa3\x93\xc2\x04\xe1;b\x99\x97}Z\x7f\x0f\x90\xce\x85-e\xb6n\xbc\xc6=\xf8\xce\xe7\x1e]\x85|\xce\xd7L\x9b\xd3lb\xc5\xee\xdb\xcb\xbb\xd8\xd9\xd3\xf8 \xe9e\xe5\x80\x1c7B+]\\!\xcej}H\x03x\x83Z\x98\xb8\t\xde\xd4\xf5\xf32\xccR\xaa\xdd\x16\xab\xd8\x1d\"\xc7\xa5\xe1k\x1d\xd9k\xc6\xb2\xa7\x97\x9a\xf6\xfe\xef\x1a\xbd\xcb\xb8*\x8b9\x00R\xe9)?Em\xb2\xac\xd1\xf6\xff\xc1\xc7\xbdl\xa2+tI\xa3\xa8\xabVe\x87\xa9\xae9\x82\xd2.SCt\xcc\x8c7\x7f\xdc\xc3\xfb\x94\xfc\xdfc+\x04\xfb\xf5$\xecO1@\x99l;\xd3X\xd5\"\xec\x17hR\xc5\x99\x8b\x9f\xf3\xf48%\xfa\xf2\x1d\xc5\x10T\x83p0\xd7]\x83{\x81\xdei\xd2\xfc\xfd=3K\xc3\xfe\x12\x98\x8b\xbe\xd1+\xc4r\x7f\x8f5\xcc\xa6\xd8>k\xcc\xee\xe0\x9bW\x0e\xc63\x84^\xde`\xd2\xe8\xfc\x02\xef\xa4\xdc\xd0A\xd5`?9D\x1c\x1b\x1b\xd5\xcb\xfb\x03I\xc9\x97\xac#\x0ee\xc8ltL\x88\x17m~aA%\xd3\xaf\xaa6hf\x9b\x83\x02A\xb0\xf6\x14\xb3\x18B\xfd\x9ai\xf8j \a\x1es\xa3U\x98sqq,\xd2A4?l\xa2\x9c\xc9\x9fa\xe8\x99qw\xf3\x18\x12R+(%x\xb6\xf8\x92\xa5\xe4\xdd\xe9\xf2\x0e\xc8', 0x100) bpf$auto(0x5, 0x0, 0x102) r2 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000164c0), 0xffffffffffffffff) read$auto(r2, 0x0, 0xb4d3) write$auto(0x3, 0x0, 0xffd8) ioprio_get$auto_IOPRIO_WHO_PGRP(0x2, 0x0) 23m27.95571989s ago: executing program 1 (id=1448): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/neigh/syz_tun/mcast_resolicit\x00', 0x163041, 0x0) write$auto_proc_sys_file_operations_proc_sysctl(r0, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)={0x28, r2, 0x1, 0x70bd2a, 0x25dfdbfb, {}, [@ETHTOOL_A_COALESCE_TX_AGGR_TIME_USECS={0x8, 0x1c, 0x8}, @ETHTOOL_A_COALESCE_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x810) r4 = socket(0xa, 0x1, 0x84) r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r5, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) prlimit64$auto(0x0, 0x7, &(0x7f0000000cc0)={0xfff, 0xf1c6}, 0x0) poll$auto(&(0x7f00000001c0)={0xffffffffffffffff, 0xa06}, 0x89d, 0x20) r6 = socket(0x10, 0x2, 0x0) splice$auto(r6, 0x0, r6, &(0x7f0000000100)=0x8, 0x100, 0x2) setsockopt$auto(r4, 0x0, 0x40, 0x0, 0x10000) 23m26.746565428s ago: executing program 1 (id=1451): mmap$auto(0x4, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ila(&(0x7f0000000040), 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/dummy0/carrier\x00', 0xc2061, 0x0) write$auto(r0, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x4, 0x15) fchdir$auto(0xffffffffffffffff) pselect6$auto(0x3, &(0x7f0000000040)={[0x1000, 0x0, 0x8, 0x7, 0x5, 0x1, 0x3, 0x6, 0x0, 0xc, 0x8, 0x4, 0x9, 0x6, 0x1, 0x100000001]}, &(0x7f00000000c0)={[0x2, 0x8, 0x2, 0x5, 0xa, 0xc53, 0x7, 0xac8, 0x8, 0xe4, 0x8, 0x4, 0x6, 0x0, 0x1, 0xa]}, &(0x7f0000000140)={[0xca, 0xfffffffffffffffd, 0x4006, 0x6, 0x3, 0x20, 0xbb, 0x0, 0x800, 0x0, 0x12, 0xa, 0x100000000, 0x1, 0x7fe]}, &(0x7f0000000200)={0x40000000000000, 0x20000000002}, &(0x7f0000000240)="76e10d367d2415435f9a38b9c677dec5da964230172cee43529184032e73f06c39eb73d788c449a95e534c88ce7d6d741ed9e816e606dbda8724c0dd52d2d1719326642ed1665c73c18753c92d0404d0a65a4bd9c32222b8ccfca69e92f3a322da9421254d089bba40e01e0d4691bc01e16e4d5a0603ac0375a038c39649b96baed3172ab5138e152667aee1187261f35669cd6b4031a9d314590dad61b3bce9b0b020177a875b7e7f249bb4eb839e4c75b3528f16875021f4a647768c121f1cde19467816caf08e1c74627f97e375854cd53d841209be982702144b2612587c20f56a91c8d4c0fd8df21b0212699f") mkdir$auto(0x0, 0x6) r1 = bpf$auto(0x0, 0x0, 0x6f3) arch_prctl$auto_ARCH_REQ_XCOMP_PERM(0x1023, 0x7) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x6, 0x0) tkill$auto(0x1, 0x7) keyctl$auto_KEYCTL_SESSION_TO_PARENT(0x12, 0x0, 0x0, 0x0, 0x48eafc79) sendmsg$auto_TIPC_NL_BEARER_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x24004044}, 0x10000000) io_uring_register$auto(0x2, 0x22, &(0x7f0000000100), 0x4) r2 = socket(0xa, 0x2, 0x88) r3 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/cgroup\x00', 0x420, 0x0) read$auto_proc_single_file_operations_base(r3, &(0x7f00000003c0)=""/9, 0x9) ioctl$auto_USB_RAW_IOCTL_EP_WRITE(r1, 0x40085507, &(0x7f0000000340)={0x5, 0x8, 0x4, "a4cc8d4df580d9e94392f4dae021d6fe496641758443e7cdfc848b9bd2557c0b70948e9cd86d35f999bb13ab08bbf215c47a86a8dee7057561bcffc01fdbf0ec59276003eaaad9538a"}) bpf$auto(0x0, 0x0, 0xa3) mmap$auto(0x5, 0x4020008, 0x1001, 0xeb1, r2, 0x8003) madvise$auto(0x0, 0xffffffffffff0005, 0x2) socket(0x23, 0x4, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) 23m24.972691056s ago: executing program 1 (id=1460): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x2, 0x801, 0x106) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x1d, 0x2, 0x2) connect$auto(0x5, 0x0, 0x9) read$auto_ppp_device_fops_ppp_generic(0xffffffffffffffff, 0x0, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=ANY=[@ANYRES32=r0, @ANYRESHEX, @ANYRES16=r0, @ANYRESOCT, @ANYBLOB="fc959fc988"], 0x38}, 0x1, 0x0, 0x0, 0x2c050811}, 0x10) close_range$auto(0x2, 0xa, 0x0) 23m24.614450919s ago: executing program 32 (id=1460): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x2, 0x801, 0x106) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x1d, 0x2, 0x2) connect$auto(0x5, 0x0, 0x9) read$auto_ppp_device_fops_ppp_generic(0xffffffffffffffff, 0x0, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=ANY=[@ANYRES32=r0, @ANYRESHEX, @ANYRES16=r0, @ANYRESOCT, @ANYBLOB="fc959fc988"], 0x38}, 0x1, 0x0, 0x0, 0x2c050811}, 0x10) close_range$auto(0x2, 0xa, 0x0) 21m2.62104741s ago: executing program 3 (id=2008): mmap$auto(0x0, 0x2020009, 0x8000000003, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x1, 0x0) r0 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82400, 0x0) ioctl$auto_SG_SCSI_RESET(r0, 0x2284, 0x0) acct$auto(&(0x7f0000000040)='/dev/sda1\x00') 21m2.435338599s ago: executing program 3 (id=2009): mmap$auto(0x0, 0x10005, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001d00), r0) r1 = openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/pcmC0D0p\x00', 0x101000, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_TTSTAMP(r1, 0x40044103, &(0x7f0000000080)=0xb) openat$auto_snapshot_fops_user(0xffffffffffffff9c, 0x0, 0x180b01, 0x0) mmap$auto(0x0, 0x400008, 0x3, 0x9b72, 0x2, 0x8000) recvfrom$auto(0x3, 0x0, 0x800000000e, 0xa00, 0x0, 0xfffffffffffffffd) write$auto_proc_reg_file_ops_compat_inode(0xffffffffffffffff, 0x0, 0x0) unshare$auto(0x40000080) socket(0x6, 0xa, 0x5ffd) socket(0x9, 0x2, 0xfffffffe) statmount$auto(0x0, 0x0, 0x1fe, 0xd) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_PHY_GET(0xffffffffffffffff, &(0x7f0000003200)={0x0, 0x0, &(0x7f00000031c0)={&(0x7f0000000180)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010326bd7000ffdbdf252d"], 0x20}, 0x1, 0x0, 0x0, 0x2404c012}, 0x80) r3 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) get_robust_list$auto(0x0, 0x0, 0x0) io_uring_setup$auto(0x1, 0x0) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r4, 0x5423, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x0, 0x0) 21m1.148495437s ago: executing program 3 (id=2017): mmap$auto(0xfffffffffffffbff, 0x202000c, 0x3, 0xebd, 0xffffffffffffffff, 0x8010) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @empty}, 0x51) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) madvise$auto(0x9, 0x2003f0, 0x15) write$auto(r0, 0x0, 0x4000000000) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002f00), r1) sendmsg$auto_NFSD_CMD_THREADS_SET(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x1c}}, 0x40010) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_binder_features_fops_(0xffffffffffffff9c, &(0x7f0000000100)='/dev/binderfs/features/freeze_notification\x00', 0x40000, 0x0) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/maps\x00', 0x1a1000, 0x0) ioctl$auto_NS_GET_TGID_IN_PIDNS(0xffffffffffffffff, 0x8004b709, &(0x7f0000000000)=0x3) prctl$auto(0x2, 0x8000000000000001, 0x0, 0x1, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB="5e0027b4839f3015398d3b", @ANYRES32, @ANYRES32, @ANYRES64], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'veth0\x00'}) bpf$auto(0x0, 0x0, 0x6f4) close_range$auto(0x0, 0xffffffffffffffff, 0x2) socket(0xa, 0x2, 0x0) r2 = socket(0x18, 0xa, 0x1) connect$auto(r2, &(0x7f0000000000)=@in={0x2, 0x100}, 0x26) capset$auto(&(0x7f0000000100)={0x10001, 0xffffffffffffffff}, &(0x7f0000000140)={0x6291d0b4, 0xe9e, 0xffff}) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff) 20m59.767789623s ago: executing program 3 (id=2025): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4ea2, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0x101}, 0x8}, 0x7, 0x20020000) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) r1 = openat$auto_ima_ascii_measurements_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000300), 0x80, 0x0) fadvise64$auto_POSIX_FADV_NORMAL(r1, 0x7, 0xd, 0x0) write$auto(0x3, 0x0, 0x7fffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r4 = ioctl$auto_NS_GET_TGID_IN_PIDNS(0xffffffffffffffff, 0x8004b709, &(0x7f00000002c0)=0xfffffe01) prctl$auto(0x1, 0x1, r4, 0x1, 0x0) write$auto(r3, 0x0, 0x100000a3d9) sendmsg$auto_NL80211_CMD_PROBE_MESH_LINK(r0, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000000ba336245b6b48a9153f3e1bd6948cafdef67d273f211e", @ANYRES16=r2, @ANYBLOB="000326bd7000ffdbdf2588000000"], 0x14}, 0x1, 0x0, 0x0, 0x2400c040}, 0x400c080) sendmsg$auto_KSMBD_EVENT_LOGIN_RESPONSE(r0, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, 0x0, 0x200, 0x70bd2d, 0x25dfdbfb, {}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4000010}, 0x4001) read$auto_ima_measure_policy_ops_ima_fs(0xffffffffffffffff, &(0x7f0000000440)=""/163, 0xa3) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) 20m58.63947875s ago: executing program 3 (id=2032): madvise$auto(0x0, 0x2000040080000004, 0xe) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0x0, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon35\x00', 0x18b902, 0x0) mmap$auto(0x0, 0x9, 0x3, 0x8012, 0x3, 0x8000) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x0, 0x200007, 0x19) syslog$auto(0x3, 0x0, 0x1013) poll$auto(0x0, 0x7f, 0x9) socket(0x25, 0x5, 0x6) r1 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cec2\x00', 0x101000, 0x0) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r1, 0xc05c6104, &(0x7f00000000c0)={"58f99464", 0x8, 0x6, 0x1, 0x3, 0x5, "4bb69ec4b3f4c14539898e4c5682f5", "347f00", "a630df9d", "a0ed9959", ["cd9196b8fe1a8a7eb90401a9", "2f9c30017721de33c560b95a", "d3fe6c55a78d6932211c9b69", "ea334f1f1e5e27a1320d6edb"]}) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) ioctl$auto_SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, &(0x7f0000000180)) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='\x00 \x00\x00', @ANYRES16=0x0, @ANYBLOB="000326bd7000fedbdf2502000000"], 0x14}, 0x1, 0x0, 0x0, 0x4c894}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' \x00\''], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x8002, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x9}, 0x3, 0x0) select$auto(0x4, 0x0, &(0x7f0000000100)={[0x9, 0x7, 0xfffffffffffffff9, 0x9, 0x7ff, 0x3, 0x6, 0x2, 0x9, 0xffff, 0x1ff, 0xd, 0x3, 0x200000201, 0x7, 0x6]}, 0x0, 0x0) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3) 20m57.36717405s ago: executing program 3 (id=2038): openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000980)='/proc/self/pagemap\x00', 0x2, 0x0) (async) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) socket(0x1d, 0x1, 0x8001) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) bind$auto(0x3, &(0x7f00000000c0)=@sco={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x6e) (async) sendmsg$auto_SMC_NETLINK_REMOVE_UEID(0xffffffffffffffff, 0x0, 0x4000080) (async) r0 = socket(0x2, 0x3, 0xa) (async) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) (async) prctl$auto(0x7fff, 0x1, 0x0, 0xfffffffffff7ffff, 0x0) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) sendfile$auto(0x1, r0, 0x0, 0x7ffff001) (async) recvmmsg$auto(0xffffffffffffffff, 0x0, 0x9, 0x7, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) (async) mmap$auto(0x0, 0xffffffff, 0x4000000000df, 0x40eb5, 0x401, 0x300000000000) prctl$auto(0x16, 0x2, 0x2, 0x4000000d, 0x100) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/adsp1\x00', 0x1, 0x0) ioctl$auto_SNDCTL_DSP_GETODELAY(r1, 0x80045017, &(0x7f0000000c00)) (async) io_uring_setup$auto(0x6, 0x0) openat$auto_split_huge_pages_fops_huge_memory(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0) mmap$auto(0x6, 0x400008, 0x1, 0x9b72, 0x2, 0x40000008000) (async) sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x2404c800) (async) kexec_load$auto(0x5, 0x2, &(0x7f0000000040)={@kbuf=0x0, 0x800c000, 0x4800c000, 0x800c000}, 0x4) (async) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000140), 0x800, 0x0) (async) mmap$auto(0x0, 0x2020009, 0xffffffffffffffff, 0x20000000000eb2, 0xfffffffffffffffa, 0x7fff) close_range$auto(0x2, 0x8, 0x200000) (async) socket$nl_generic(0x10, 0x3, 0x10) 20m42.183109543s ago: executing program 33 (id=2038): openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000980)='/proc/self/pagemap\x00', 0x2, 0x0) (async) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) socket(0x1d, 0x1, 0x8001) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) bind$auto(0x3, &(0x7f00000000c0)=@sco={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x6e) (async) sendmsg$auto_SMC_NETLINK_REMOVE_UEID(0xffffffffffffffff, 0x0, 0x4000080) (async) r0 = socket(0x2, 0x3, 0xa) (async) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) (async) prctl$auto(0x7fff, 0x1, 0x0, 0xfffffffffff7ffff, 0x0) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) sendfile$auto(0x1, r0, 0x0, 0x7ffff001) (async) recvmmsg$auto(0xffffffffffffffff, 0x0, 0x9, 0x7, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) (async) mmap$auto(0x0, 0xffffffff, 0x4000000000df, 0x40eb5, 0x401, 0x300000000000) prctl$auto(0x16, 0x2, 0x2, 0x4000000d, 0x100) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/adsp1\x00', 0x1, 0x0) ioctl$auto_SNDCTL_DSP_GETODELAY(r1, 0x80045017, &(0x7f0000000c00)) (async) io_uring_setup$auto(0x6, 0x0) openat$auto_split_huge_pages_fops_huge_memory(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0) mmap$auto(0x6, 0x400008, 0x1, 0x9b72, 0x2, 0x40000008000) (async) sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x2404c800) (async) kexec_load$auto(0x5, 0x2, &(0x7f0000000040)={@kbuf=0x0, 0x800c000, 0x4800c000, 0x800c000}, 0x4) (async) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000140), 0x800, 0x0) (async) mmap$auto(0x0, 0x2020009, 0xffffffffffffffff, 0x20000000000eb2, 0xfffffffffffffffa, 0x7fff) close_range$auto(0x2, 0x8, 0x200000) (async) socket$nl_generic(0x10, 0x3, 0x10) 6.411959973s ago: executing program 4 (id=6799): r0 = openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cmdline\x00', 0x20500, 0x0) (async) r1 = openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/ieee80211/phy0/netdev:wlan0/active_links\x00', 0xc00, 0x0) close_range$auto(r0, r1, 0x4539678a) (async) setresuid$auto(0x60, 0x1000, 0x8000) (async) ioctl$auto(0xc8, 0x54e3, 0x5c8d) mprotect$auto(0x1ffffffff000, 0x100018, 0x4) (async) lsm_get_self_attr$auto(0x64, 0x0, &(0x7f00000000c0)=0x1fb, 0x0) (async, rerun: 64) r2 = prctl$auto_PR_SCHED_CORE_CREATE(0x8, 0x1, 0xffffffffffffffff, 0x3, 0x1ff) (async, rerun: 64) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x20009, 0xdb, 0xeb1, 0x40000000000a5, 0x8000) (async, rerun: 64) socket(0x2, 0x1, 0x0) (async, rerun: 64) sendmsg$auto_ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="d4000000", @ANYRES16=0x0, @ANYRES8=r2, @ANYRES32=0x0, @ANYBLOB="0400b3800000003d003b800400a4800c009a00008000000000000004008680c16ab1b1b39dcaa14b6af7dcc011b43cf706e562811c62b28a702b72e0a87126700294f2350000000c"], 0xd4}, 0x1, 0x0, 0x0, 0xe9c7fb4543e904f8}, 0x20008000) (async, rerun: 64) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)=ANY=[@ANYBLOB='\"\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01032dbd7000ffdbdf251100fffc"], 0x14}}, 0x400c0) (async, rerun: 64) close_range$auto(0x2, 0x8, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event0\x00', 0x2000, 0x0) (async) ioctl$auto(0x3, 0x80004506, r3) (async, rerun: 32) r4 = socket(0x10, 0x2, 0x4) (rerun: 32) sendmsg$auto_NL80211_CMD_GET_REG(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="12"], 0x1ac}}, 0x40000) (async) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) (async) shutdown$auto(0x200000003, 0x2) (async, rerun: 64) setsockopt$auto(0x3, 0x1, 0x2e, 0x0, 0x9) (async, rerun: 64) syz_clone(0x4100000, 0x0, 0x0, 0x0, 0x0, 0x0) (async, rerun: 64) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (rerun: 64) close_range$auto(0x2, 0x8, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/memory/memory3/online\x00', 0x2062, 0x0) (async) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) (async) syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000080), r2) 5.227656096s ago: executing program 2 (id=6801): r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) statmount$auto(&(0x7f0000000000)={0x1f, @raw, 0x80000007, 0x1ff, 0x6}, 0x0, 0x7ffffffff000, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0x40, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek$auto(r3, 0x0, 0x2) readv$auto(r3, &(0x7f0000000a80)={0x0, 0x5b54}, 0x1) close_range$auto(0x0, 0x5, 0x2) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/pcmC1D1p\x00', 0x0, 0x0) write$auto(0xca, &(0x7f0000000000)='\x04\x01\x04\x00\x00\x00\xf1\xff\x00\xb6', 0x8) fanotify_mark$auto(0xffffffffffffffff, 0x2, 0x0, 0xffffffffffffffff, 0x0) sendmsg$auto_TIPC_NL_NET_SET(0xffffffffffffffff, &(0x7f00000079c0)={0x0, 0x0, &(0x7f0000007980)={&(0x7f0000000040)={0x20, 0x0, 0x1, 0x70bd2c, 0x25dfdbff, {}, [@TIPC_NLA_NET={0xc, 0x7, 0x0, 0x1, [@typed={0x8, 0x2, 0x0, 0x0, @uid=0xee00}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x40010}, 0x2) sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r0, @ANYBLOB="010025bd7000fedbdf256700000008000300", @ANYRES32=r2], 0x1c}, 0x1, 0x0, 0x0, 0xc1}, 0x90) 4.554548992s ago: executing program 4 (id=6803): unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_proc_gid_map_operations_base(0xffffffffffffff9c, &(0x7f0000001480)='/proc/thread-self/gid_map\x00', 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x37}}, 0x6e) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x9, 0x20000000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) r1 = socket(0x2b, 0x1, 0x1) socketpair$auto(0xfffffffe, 0x1, 0x8000000000000000, 0x0) ioctl$auto(r1, 0x89a0, 0x4) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) sendmsg$auto_NL80211_CMD_GET_REG(r0, 0x0, 0x8) unshare$auto(0x40000080) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/afs/cells\x00', 0x4a801, 0x0) sendto$auto(0x3, 0x0, 0x100000000, 0x40000008, 0x0, 0x19) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) lstat$auto(&(0x7f0000000100)='./file0\x00', &(0x7f0000000440)={0x4, 0x8000000000000001, 0x21, 0x2, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x9, 0xdae, 0x9, 0x1000, 0xffffffffffffffff, 0x7, 0x9, 0xff, 0x3}) 4.22346241s ago: executing program 2 (id=6805): madvise$auto(0x0, 0x2000040080000004, 0xe) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0x0, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x1, 0x7) madvise$auto(0x3, 0xffffffefffff0006, 0x19) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon35\x00', 0x18b902, 0x0) mmap$auto(0x0, 0x9, 0x3, 0x8012, 0x3, 0x8000) madvise$auto(0x0, 0x2003f2, 0x15) mmap$auto(0xffffffffffffff80, 0x20000a00004, 0x400002, 0x16, 0x602, 0x300000000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0xa, 0x0) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x3f) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, 0x0, 0x96141, 0x0) r2 = socket(0x1f, 0x800, 0x76) write$auto(0xffffffffffffffff, &(0x7f0000000040)='//\xf2\x00', 0x80000000) getsockopt$auto_SO_RCVPRIORITY(r2, 0x2, 0x52, 0x0, &(0x7f0000000240)=0x7) socket(0x23, 0x2, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) getsockopt$auto(0x3, 0x200000000001, 0x1c, 0x0, 0x0) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, 0x0, 0x60e82, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000480)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)=ANY=[@ANYRES8=r1, @ANYRES16=0x0, @ANYBLOB="00082cbd7000fddbdf251f0000000e0600b5200700000008004000060000"], 0x28}, 0x1, 0x0, 0x0, 0x8010}, 0x200a00c5) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000380)='/dev/snd/midiC2D3\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) msgctl$auto_IPC_INFO(0x6, 0x3, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty29\x00', 0x800, 0x0) 3.578527288s ago: executing program 0 (id=6807): syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x200008, 0x19) syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000140), 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'batadv0\x00'}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket(0x1d, 0x2, 0x7) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'xfrm0\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_RINGS_GET(r1, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000140)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010039bd0f0003000c0001"], 0x20}, 0x1, 0x0, 0x0, 0x8004805}, 0x20004804) sendmsg$auto_MACSEC_CMD_DEL_TXSA(0xffffffffffffffff, 0x0, 0x40001) 3.468160851s ago: executing program 0 (id=6808): openat$auto_nsim_dev_trap_fa_cookie_fops_dev(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/netdevsim/netdevsim3/trap_flow_action_cookie\x00', 0x2002, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) set_mempolicy$auto(0x1, &(0x7f0000000080)=0x8003, 0x400021) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x80, 0x0) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) membarrier$auto(0x2, 0x0, 0x9) unshare$auto(0x40000080) socket(0xa, 0x5, 0x0) mmap$auto(0x1, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x401) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) msgctl$auto_IPC_RMID(0x4, 0x0, 0x0) ioctl$auto_KVM_HAS_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee3, &(0x7f00000002c0)={0x8, 0x0, 0x0, 0x33}) writev$auto(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x40}, 0x8) write$auto(r0, &(0x7f0000000440)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF>P\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8\x91\x97\xe3\xb3/cq\xb2\xe8f\x7fkN\xbc\xa6@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc\xc4\x9f\xad\x19\xba\xbe?\x02\xb7\x84\xb3\xac\xc0K\xf1\x87:\xc33\xaa\xad\x15NA\x8eK\x84|\xfd\xd7\x03\xb2;[_', 0x61) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x109401, 0x0) ioctl$auto(r2, 0x540a, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0x2100dd, 0x1f, 0x2, 0x6) madvise$auto(0x0, 0x2003f0, 0x15) mmap$auto(0x0, 0x2a, 0xdf, 0x9b72, 0x1000, 0x28000) madvise$auto(0x2009, 0x7, 0xf) socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x20a000, 0x0) read$auto(r3, 0x0, 0xb4d3) write$auto(0x3, 0x0, 0xffd8) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, 0x0, 0x24000044) msgctl$auto_MSG_STAT(0x92, 0xb, &(0x7f0000000240)={{0x100, 0x0, r1, 0x10000, 0x6e15, 0x3, 0x4}, &(0x7f00000001c0)=0xc, &(0x7f0000000200)=0x1, 0x5, 0x100000000, 0x590, 0x0, 0xac2, 0x400, 0x81, 0xfffa, @raw=0x8, @raw=0x100}) waitid$auto_P_PGID(0x2, 0xffffffffffffffff, &(0x7f0000000300)={@_si_pad}, 0x1, 0x0) 3.443816046s ago: executing program 2 (id=6809): openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/usb/usbmon/9t\x00', 0xa00, 0x0) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000004400)='/dev/dsp1\x00', 0x1, 0x0) ioctl$auto_SNDCTL_DSP_GETTRIGGER(r1, 0x80045010, &(0x7f0000004440)) ioctl$auto_VHOST_SET_LOG_FD2(r0, 0x4004af07, &(0x7f00000001c0)=r0) r3 = open_by_handle_at$auto(r0, &(0x7f00000002c0)={0x1a, 0x136a, "8f42b1077e737d4629d7867bca48102625b1c2c21fa15504a19b"}, 0x7d) setsockopt$auto(r3, 0x1, 0x1021, 0x0, 0xd) mmap$auto(0x3, 0x8, 0x9, 0x9b72, r3, 0x8000) geteuid() sendmsg$auto_OVS_CT_LIMIT_CMD_GET(0xffffffffffffffff, &(0x7f0000001ac0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000001a80)={&(0x7f0000000500)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4040840}, 0x200000c0) mmap$auto(0x100000000, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) mremap$auto(0x1ff000, 0x100008, 0x843, 0x3, 0xfffff000) process_vm_readv$auto(0x0, &(0x7f0000000000)={0x0, 0x1002}, 0x1, &(0x7f0000000280)={0x0, 0x401}, 0x6, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8002, 0x0) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000001b00)=ANY=[@ANYBLOB="20010000", @ANYRES16=r4, @ANYBLOB="010025bd7000fedbdf257e000000000066004e21000000002680000002000400000000000200000000000000010009000000000001000400000000000200070000000000980006000000000014010f000021000007001f5198dea666bad033b7aea5d7529adf1ae5607ef3d022c60a57cd1649952c00000080004dec6ee46088e64587adba9ba7537f79f056fbd60490f11a3498560bfa783badf6fa39e3aa9815705e629beb9573271a53f5c4ee3859bf0313d7dad665a019c4e908768bb5b896533bbd3b39e4768150289646864a302e8ded90a5b83ada85575e6657023fb727d3723ff97af53540e2fbc15e85a0c6a5644432b997ba3bdc423b0be181bf0d501cf098551e7b2ce99ac721bf9145ebc91fe7c9230b30f9b88ac5b2c404ddfac531ea9fcaf6d514daf8c13a9f382059488c3280a13754303b49d3eddff53520086a38cbb1075e09f556c208c26f727717e52ad91b929b37df820ffca5a077087bc540d3c30fa84b5986b17605e72c7af63bd4264355ec1e043e6ae397fd5b925bc6ee277f7e42b305fbe861e8e9974efb062206bd7fef4b13f19f926c090b1367e4599ea549d1e97c1c2b214d06c5de3e7dc0bae99b9030f72ae011f303fa7ea798a612fd252f9e9c238f07ccc755d8c4aff22798a08e567e0b8f3975fc1b30522f1b82ed37fecc8927a2f8265cb2423f4272359a5b097f54bdb65f51f0911ca880641493cce6f3f00edfefe3d7f007bc5c57214dde959740b9e0a70b28d191e10eb5c3eccfdf045407c80e026f4e9fe766eca822b77df002210db69f60480ae2e21fced2bf22dde077e0ccbe2e05f58ba0db3d9f6469382574a23009202a928c2e7a67623eeeb3976036936871d6056bca11541ed5d795853e233149c9ea3e3d478b5e35cf5e551002a79ac8a33d81b60fde70ccbf125c4b4243160db218068b7a2db851b3dfad23f584b6db1b9ec1428635f27d4bb08cb9b0d4d9c725595fbd59622038dc6cb2f70282ae273c9927dfc884b8e99578c897e90ffeec2c4f3b1e4c5cadc23ff40dd06e618b0f798c0d4a87c7728de7b03a7a8021dcdbd1f4c8b29ea50d2130cf3099a8b37a4d894a5020bc583feaf86c00b8d917567b988f875af819935a325517e76850262d5558ff1fcf9f5b7b26a9645bb26d20104227757359a6e52317edbdd2fde26c3b3f26ee6e2714d9668cfafe1f1c83c24d7e3b55127b38315b1b9053d3ed9561c14e0cf3b173f89e739337a63e5d13fb97466b9b36556adb4af4e9b18d4778c369692333cb70c72d968aff999fe3f08690fdc345eceedb90782bc907b20d4a06867f2930ebb553494aeceabf2f33f1295753241986835af90226970a126a27d9c1f3a04f9b917fa57524fb70f161e619ab83cff4edceef04362c497dc4804af7e7837a4b4241521a2cb28a08fe7001ce941a8cf3f2a4266dbc5fd02c56a5a16fe2a0af334673588ea9b161c65b7ab9a67e4808f1e8c6cf55641a97082348e1e31ed07154364d1fb134e988d32277a2c5224985ab2e3b518c927af3338cfeab947dc38466b8e58f40402d97417a895d335dcd5ccf6ed33ba8a54c80ea0cfe0c66993e86f8b2699d860ff1b2d00db394a18a92e0ed026737e46d52978bae076c156be5e6530222fe8c93c8e4ecd29bfd1823b2730515eb3e99ecb867e0117fafafb495f34fe5c82c7af4e163ef7c543d5327b011b65e661db58838a0821f66c65a9b2d598fe497d778ced9bb1c48369c70a3ab32dd9626f0b575d47a0b7398fcaebce8048504cc3ebcc4498894bf079758aa008906c570f9a4ce0c5faefd8326dde933dccf7a2896a3b86ceb8add2b7f69943b006c8ca893916b156458c9dd28e1e21770e7ba6d7fb8ebdde22ff23346cd0f6d0c90a093fae2f128f759418402b13fae56d033f6adde7442b46db3aedb8665718b37055df3b0710f5e31ea2e04abbca71d7c8cc71325a1124d38c4245587ff29c5e0f1cbfdf7b865099a395dd9c2f7e29200bda2c2b20b17b7f33e1c277c57925b59aca80821a48085b7eab507385849a0e22c2ac4a526e7b786fd9442fd2df0eb05cb1df98795853536dc12b6fea234a4c32a57059049c0dedee032615da106c88fe54e73226cb88b4863c1f905dac6dffd4e5e53873f746e19ee631e8cab802ef174df5cb6e88e513aa10a0e1dd7d43075bc19b94491b9cb8fe1efac7d300e4c6253d42198c94f76fef50405405c348b9bfe0c4e09b6668655baaff6d464b20c5db5aa72b6e5345aa6af3c2b2e508ab94ed2f3ae27947c30f6c9435396cccca249745963693d456f0b13551ebd2714a5d2aa5eec9d61d2d6b9aba3d482f4c49906435b1d783f381a7180a5077358717dfc2e117d31e141382b11db23fb0c7d8ec13b0e2e542cfe4b44f2e9b0a440dcf9143f3be9494f3bc2004047e86405b4190fb667d269f2a7d1c48509fbdc3bb3e99d6f68a309ffff000006007347b9c70c7a48913b05957bbb9826fc681df1b98ace4a88eebe405b8400e41aa87a86c1aca27323448d0dfed2b28ecfa7d65c7264311080712e8fa3874f7ee38b02120b885602b84d954479702f51ac45a331dfe2ef76c45014c84415189885b9c9613c2acb7a41c6ace876ee5af4fc50407fc3361a128a2e59e60f11b47277c9a5f3cbe0424d3886a3a3a0f40c5ef46d2b331ca3d83f2f444bc6998d06926c6a1cb162ef14fb7ab2ee731fdc7f0fc553a3c07226a2160d350ed7f300003601"], 0x120}, 0x1, 0x68, 0x0, 0x24000000}, 0x140) sendmsg$auto_NL80211_CMD_GET_KEY(r2, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB="1c000000", @ANYRESOCT], 0x1c}, 0x1, 0x0, 0x0, 0x21}, 0x51) 3.226328156s ago: executing program 4 (id=6810): openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/neigh/veth0_to_bond/delay_first_probe_time\x00', 0x8a042, 0x0) r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x82000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snd/pcmC0D0c\x00', 0x100, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_HW_PARAMS_OLD2(r1, 0xc1004111, 0x0) getsockopt$auto_SO_RCVPRIORITY(0xffffffffffffffff, 0x2, 0x52, 0x0, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) pread64$auto(r0, 0x0, 0x7fb, 0x400) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x0, 0x0) r4 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0x8, 0x8fd6, 0x8, 0x3, 0x15f4da09, 0x3, 0x3, 0x62, 0x5, 0x3, 0x1, 0x9, 0x4, 0xfffffffffffffffe]}, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xd, 0x0, &(0x7f0000000100)={[0x20000000000d, 0x203, 0x0, 0xc, 0x5, 0x3, 0xff, 0x2000000000000002, 0x9, 0x8, 0x103, 0xa, 0x4, 0xaab, 0x5, 0x4006]}, 0x0, 0x0) move_mount$auto(0xffffffffffffffff, 0x0, r4, &(0x7f0000000440)='./file0\x00', 0xfffff000) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0xb, 0xd, 0x1, 0x3, 0x3, 0x8, 0x3, 0x3, 0x1ff, 0x8000001f, 0x8, 0x6d3e, 0x9, 0x4, 0x6]}, 0x0) inotify_init1$auto(0x403) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0xa, 0x0) io_uring_register$auto(0x2, 0x1, &(0x7f0000000000), 0x3) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) getsockopt$auto(0xffffffffffffffff, 0x84, 0x3, 0x0, &(0x7f0000000080)=0x9b) r5 = accept$auto(r3, &(0x7f0000000280)=@hci={0x1f, 0x3, 0x3}, &(0x7f0000000340)=0xe6f2) pread64$auto(r5, 0x0, 0x8, 0xffff) readv$auto(0x3, 0x0, 0x1) 2.63509114s ago: executing program 0 (id=6811): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nbd8\x00', 0x0, 0x0) ioctl$auto(r0, 0xab0a, 0xffffffffffffffff) madvise$auto(0x0, 0xfffffffffff70001, 0x1) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram11\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, r1, 0x8000) ioctl$auto_BLKFLSBUF(r1, 0x1261, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) rseq$auto(0x0, 0x5, 0x0, 0x5) semget$auto(0xb, 0xe, 0xe0000) openat$auto_vhost_net_fops_net(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x9, 0x8000, 0xe238, 0x602, 0x5) rseq$auto(0x0, 0x6, 0x3, 0xff) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r3 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYRESHEX, @ANYRES32=r2], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40) timer_create$auto(0x0, &(0x7f0000000080)={@sival_ptr=&(0x7f0000000440)="58b5583242b238a0986d2c21b27d1e02658639fd16307087f7ef789e7bbb7f29f19515cff9ee3637b4dc9dd1aa4d428acef9ab6815ba836a6e3c092b0dbf7484fdea36c980b22fd7e1d06a4e2991bfb41946610d572317de769cf98cbd16e51ab8c30a6fd7432f0d17f6c291803dc3761dbcad8a54b9ea6aefc3c998806f822df85ae2f45c9d1e554453a7520eed8c16649074afeed136d1e52a0600b2b85926563bad31233a10518998e1b406c8d29dddf9a2d1fcf43c98ae74418b2187036f9c5c3654d52050bcc7b0824979d4295547d28a7421d1011eb3372e1472be45255b77507454cbb78c", @raw=0x4, 0x6, @_tid=0xffffffffffffffff}, &(0x7f0000000100)=0x7) clock_gettime$auto(0xa, 0x0) recvmmsg$auto(r2, &(0x7f0000000180)={{0x0, 0x1, &(0x7f00000000c0)={&(0x7f0000000340), 0xfff}, 0x6, 0x0, 0x8, 0x7}, 0x7}, 0x5, 0x66a6, 0x0) mmap$auto(0x1, 0x40009, 0xdf, 0x13, r2, 0x10001) msync$auto(0x1ffff000, 0x10, 0x400000004) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) openat$auto_proc_page_owner_threshold_(0xffffffffffffff9c, &(0x7f0000000000), 0x109280, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, 0x0, 0x0) close_range$auto(r1, r2, 0x402a6) r4 = gettid() kcmp$auto_KCMP_FILES(r4, r4, 0x2, 0x800, 0x1) 2.274993149s ago: executing program 2 (id=6812): sigaltstack$auto(&(0x7f0000000180)={0x0, 0x80000001, 0x40b4}, 0x0) sigaltstack$auto(&(0x7f0000000080)={0x0, 0x2, 0x4}, 0x0) close_range$auto(0x2, 0x8, 0x0) semctl$auto(0x9, 0x9, 0x939, 0x100000000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/pci/00/01.3\x00', 0x100, 0x0) pread64$auto(r0, 0x0, 0x40000000f42c, 0x2) io_uring_setup$auto(0x6, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) syz_clone3(&(0x7f0000000400)={0x1045100, 0x0, 0x0, 0x0, {0x31}, 0x0, 0x0, 0x0, 0x0}, 0x58) r1 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000980)='/proc/self/pagemap\x00', 0x2, 0x0) read$auto(r1, 0x0, 0x39b8) 2.20557744s ago: executing program 5 (id=6813): r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) statmount$auto(&(0x7f0000000000)={0x1f, @raw, 0x80000007, 0x1ff, 0x6}, 0x0, 0x7ffffffff000, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0x40, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek$auto(r3, 0x0, 0x2) readv$auto(r3, &(0x7f0000000a80)={0x0, 0x5b54}, 0x1) close_range$auto(0x0, 0x5, 0x2) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/pcmC1D1p\x00', 0x0, 0x0) write$auto(0xca, &(0x7f0000000000)='\x04\x01\x04\x00\x00\x00\xf1\xff\x00\xb6', 0x8) fanotify_mark$auto(0xffffffffffffffff, 0x2, 0x0, 0xffffffffffffffff, 0x0) sendmsg$auto_TIPC_NL_NET_SET(0xffffffffffffffff, &(0x7f00000079c0)={0x0, 0x0, &(0x7f0000007980)={&(0x7f0000000040)={0x20, 0x0, 0x1, 0x70bd2c, 0x25dfdbff, {}, [@TIPC_NLA_NET={0xc, 0x7, 0x0, 0x1, [@typed={0x8, 0x2, 0x0, 0x0, @uid=0xee00}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x40010}, 0x2) sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r0, @ANYBLOB="010025bd7000fedbdf256700000008000300", @ANYRES32=r2], 0x1c}, 0x1, 0x0, 0x0, 0xc1}, 0x90) 2.036302223s ago: executing program 4 (id=6814): sendmsg$auto_VDPA_CMD_DEV_VSTATS_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000800}, 0x4048000) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x6) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x81a4, 0xf) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, 0x0, 0x283f4, 0x0) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, 0x0, 0xc0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4c084}, 0x51) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/rpc/nfs4.nametoid/content\x00', 0x2000, 0x0) read$auto_proc_reg_file_ops_compat_inode(r1, &(0x7f0000000100)=""/135, 0x87) socketpair$auto(0x1e, 0x3, 0xfffffffe, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x3}, 0x7}, 0x3, 0xcad7) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) write$auto(0x3, 0x0, 0x100085) 1.631610928s ago: executing program 0 (id=6815): openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/usb/usbmon/9t\x00', 0xa00, 0x0) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000004400)='/dev/dsp1\x00', 0x1, 0x0) ioctl$auto_SNDCTL_DSP_GETTRIGGER(r1, 0x80045010, &(0x7f0000004440)) ioctl$auto_VHOST_SET_LOG_FD2(r0, 0x4004af07, &(0x7f00000001c0)=r0) r3 = open_by_handle_at$auto(r0, &(0x7f00000002c0)={0x1a, 0x136a, "8f42b1077e737d4629d7867bca48102625b1c2c21fa15504a19b"}, 0x7d) setsockopt$auto(r3, 0x1, 0x1021, 0x0, 0xd) mmap$auto(0x3, 0x8, 0x9, 0x9b72, r3, 0x8000) geteuid() sendmsg$auto_OVS_CT_LIMIT_CMD_GET(0xffffffffffffffff, &(0x7f0000001ac0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000001a80)={&(0x7f0000000500)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4040840}, 0x200000c0) mmap$auto(0x100000000, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) mremap$auto(0x1ff000, 0x100008, 0x843, 0x3, 0xfffff000) process_vm_readv$auto(0x0, &(0x7f0000000000)={0x0, 0x1002}, 0x1, &(0x7f0000000280)={0x0, 0x401}, 0x6, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8002, 0x0) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000001b00)=ANY=[@ANYBLOB="20010000", @ANYRES16=r4, @ANYBLOB="010025bd7000fedbdf257e000000000066004e21000000002680000002000400000000000200000000000000010009000000000001000400000000000200070000000000980006000000000014010f000021000007001f5198dea666bad033b7aea5d7529adf1ae5607ef3d022c60a57cd1649952c00000080004dec6ee46088e64587adba9ba7537f79f056fbd60490f11a3498560bfa783badf6fa39e3aa9815705e629beb9573271a53f5c4ee3859bf0313d7dad665a019c4e908768bb5b896533bbd3b39e4768150289646864a302e8ded90a5b83ada85575e6657023fb727d3723ff97af53540e2fbc15e85a0c6a5644432b997ba3bdc423b0be181bf0d501cf098551e7b2ce99ac721bf9145ebc91fe7c9230b30f9b88ac5b2c404ddfac531ea9fcaf6d514daf8c13a9f382059488c3280a13754303b49d3eddff53520086a38cbb1075e09f556c208c26f727717e52ad91b929b37df820ffca5a077087bc540d3c30fa84b5986b17605e72c7af63bd4264355ec1e043e6ae397fd5b925bc6ee277f7e42b305fbe861e8e9974efb062206bd7fef4b13f19f926c090b1367e4599ea549d1e97c1c2b214d06c5de3e7dc0bae99b9030f72ae011f303fa7ea798a612fd252f9e9c238f07ccc755d8c4aff22798a08e567e0b8f3975fc1b30522f1b82ed37fecc8927a2f8265cb2423f4272359a5b097f54bdb65f51f0911ca880641493cce6f3f00edfefe3d7f007bc5c57214dde959740b9e0a70b28d191e10eb5c3eccfdf045407c80e026f4e9fe766eca822b77df002210db69f60480ae2e21fced2bf22dde077e0ccbe2e05f58ba0db3d9f6469382574a23009202a928c2e7a67623eeeb3976036936871d6056bca11541ed5d795853e233149c9ea3e3d478b5e35cf5e551002a79ac8a33d81b60fde70ccbf125c4b4243160db218068b7a2db851b3dfad23f584b6db1b9ec1428635f27d4bb08cb9b0d4d9c725595fbd59622038dc6cb2f70282ae273c9927dfc884b8e99578c897e90ffeec2c4f3b1e4c5cadc23ff40dd06e618b0f798c0d4a87c7728de7b03a7a8021dcdbd1f4c8b29ea50d2130cf3099a8b37a4d894a5020bc583feaf86c00b8d917567b988f875af819935a325517e76850262d5558ff1fcf9f5b7b26a9645bb26d20104227757359a6e52317edbdd2fde26c3b3f26ee6e2714d9668cfafe1f1c83c24d7e3b55127b38315b1b9053d3ed9561c14e0cf3b173f89e739337a63e5d13fb97466b9b36556adb4af4e9b18d4778c369692333cb70c72d968aff999fe3f08690fdc345eceedb90782bc907b20d4a06867f2930ebb553494aeceabf2f33f1295753241986835af90226970a126a27d9c1f3a04f9b917fa57524fb70f161e619ab83cff4edceef04362c497dc4804af7e7837a4b4241521a2cb28a08fe7001ce941a8cf3f2a4266dbc5fd02c56a5a16fe2a0af334673588ea9b161c65b7ab9a67e4808f1e8c6cf55641a97082348e1e31ed07154364d1fb134e988d32277a2c5224985ab2e3b518c927af3338cfeab947dc38466b8e58f40402d97417a895d335dcd5ccf6ed33ba8a54c80ea0cfe0c66993e86f8b2699d860ff1b2d00db394a18a92e0ed026737e46d52978bae076c156be5e6530222fe8c93c8e4ecd29bfd1823b2730515eb3e99ecb867e0117fafafb495f34fe5c82c7af4e163ef7c543d5327b011b65e661db58838a0821f66c65a9b2d598fe497d778ced9bb1c48369c70a3ab32dd9626f0b575d47a0b7398fcaebce8048504cc3ebcc4498894bf079758aa008906c570f9a4ce0c5faefd8326dde933dccf7a2896a3b86ceb8add2b7f69943b006c8ca893916b156458c9dd28e1e21770e7ba6d7fb8ebdde22ff23346cd0f6d0c90a093fae2f128f759418402b13fae56d033f6adde7442b46db3aedb8665718b37055df3b0710f5e31ea2e04abbca71d7c8cc71325a1124d38c4245587ff29c5e0f1cbfdf7b865099a395dd9c2f7e29200bda2c2b20b17b7f33e1c277c57925b59aca80821a48085b7eab507385849a0e22c2ac4a526e7b786fd9442fd2df0eb05cb1df98795853536dc12b6fea234a4c32a57059049c0dedee032615da106c88fe54e73226cb88b4863c1f905dac6dffd4e5e53873f746e19ee631e8cab802ef174df5cb6e88e513aa10a0e1dd7d43075bc19b94491b9cb8fe1efac7d300e4c6253d42198c94f76fef50405405c348b9bfe0c4e09b6668655baaff6d464b20c5db5aa72b6e5345aa6af3c2b2e508ab94ed2f3ae27947c30f6c9435396cccca249745963693d456f0b13551ebd2714a5d2aa5eec9d61d2d6b9aba3d482f4c49906435b1d783f381a7180a5077358717dfc2e117d31e141382b11db23fb0c7d8ec13b0e2e542cfe4b44f2e9b0a440dcf9143f3be9494f3bc2004047e86405b4190fb667d269f2a7d1c48509fbdc3bb3e99d6f68a309ffff000006007347b9c70c7a48913b05957bbb9826fc681df1b98ace4a88eebe405b8400e41aa87a86c1aca27323448d0dfed2b28ecfa7d65c7264311080712e8fa3874f7ee38b02120b885602b84d954479702f51ac45a331dfe2ef76c45014c84415189885b9c9613c2acb7a41c6ace876ee5af4fc50407fc3361a128a2e59e60f11b47277c9a5f3cbe0424d3886a3a3a0f40c5ef46d2b331ca3d83f2f444bc6998d06926c6a1cb162ef14fb7ab2ee731fdc7f0fc553a3c07226a2160d350ed7f300003601"], 0x120}, 0x1, 0x68, 0x0, 0x24000000}, 0x140) sendmsg$auto_NL80211_CMD_GET_KEY(r2, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB="1c000000", @ANYRESOCT], 0x1c}, 0x1, 0x0, 0x0, 0x21}, 0x51) 1.488098332s ago: executing program 5 (id=6816): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto_PR_SET_VMA(0x53564d41, 0x0, 0x0, 0x400000000000002, 0x2) madvise$auto_MADV_GUARD_INSTALL(0x5, 0x8000000000000000, 0x66) r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000000), 0x2902, 0x0) mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) close_range$auto(0x2, 0x8, 0x0) r1 = socket(0x2, 0x5, 0x0) close_range$auto(0x2, 0xa, 0x0) bind$auto(0xffffffffffffffff, 0x0, 0x68) bind$auto(0x3, 0x0, 0x6a) clock_nanosleep$auto(0x8, 0x0, 0x0, 0x0) io_uring_setup$auto(0x1, 0x0) ioctl$auto_TIOCSETD2(0xffffffffffffffff, 0x5423, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r1, 0x4b4c, r2) ioctl$auto_PPPIOCSMRU(r0, 0x40047452, &(0x7f0000000040)=0x3) 1.375095899s ago: executing program 5 (id=6817): syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x200008, 0x19) syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000140), 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'batadv0\x00'}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket(0x1d, 0x2, 0x7) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'xfrm0\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_RINGS_GET(r1, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000140)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010039bd0f0009000c0001"], 0x20}, 0x1, 0x0, 0x0, 0x8004805}, 0x20004804) sendmsg$auto_MACSEC_CMD_DEL_TXSA(0xffffffffffffffff, 0x0, 0x40001) 1.351065163s ago: executing program 2 (id=6818): mmap$auto(0x1, 0x2020008, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x2400, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000000)={{@raw=0x9, 0x0, 0x8000, 0x8, "3112d585005a614d19e22af9ffb683dbede3d0bf828bbfba40f035f4be6b7fe5e2f94bd90484b0755015e48d"}, 0x3, 0x5, 0x4, @raw=0x2, @integer={0x6, 0x3, 0x5}, "7a9fc199a16a2311eacf2fc7ae1da978dc3e8090334fdd73340238d212b6debe0ada55bdd70925450e24e87212f0bcab84a16f7ce8cbce0bb32777702b8d7c2d"}) socket(0x23, 0x5, 0x0) mmap$auto(0x0, 0x40000c, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r1 = openat$auto_ocfs2_control_fops_stack_user(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) write$auto(r1, 0x0, 0x2) listen$auto(0x3, 0x81) r2 = accept$auto(0x3, 0xffffffffffffffff, 0xffffffffffffffff) mmap$auto(0x41, 0x202000b, 0x3, 0x1a, r1, 0x2) close_range$auto(0x2, r2, 0x6) socket(0x2, 0x80002, 0x73) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) r3 = openat$auto_urandom_fops_random(0xffffffffffffff9c, &(0x7f0000004000), 0x40, 0x0) ioctl$auto_RNDADDENTROPY2(r3, 0x40085203, 0x0) r4 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/030/001\x00', 0x42082, 0x0) ioctl$auto_USBDEVFS_RELEASEINTERFACE(r4, 0x80045510, &(0x7f0000000200)=0x200000) close_range$auto(0x2, 0x8, 0x0) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xae00, 0x0) ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0) madvise$auto(0x0, 0x400053, 0x9) setfsuid$auto(0x401) write$auto_force_devcoredump_fops_hci_vhci(r2, &(0x7f0000000140)="9fbb5dba61c7eda7535ae7c3bff66aa923a3c49a3fe7351e93472646802527db2296edfd3ffd4de28444e0", 0x2b) setregid$auto(0x0, 0x6) openat$auto_ftrace_set_event_notrace_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/set_event_notrace_pid\x00', 0x40000, 0x0) keyctl$auto(0x5, 0xfffffffd, 0x101, 0x1, 0x9) 1.276241008s ago: executing program 5 (id=6819): close_range$auto(0x0, 0xfffffffffffff000, 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000300)='/proc/mtrr\x00', 0x8f3b7a51b80ebd01, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) pwritev2$auto(0x0, 0x0, 0xe, 0xffffffffffffffff, 0x100004239, 0xf) write$auto(0x3, 0x0, 0xffd8) 1.217487627s ago: executing program 5 (id=6820): r0 = socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x54) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) setresuid$auto(0x0, 0x8, 0x0) r2 = setfsuid$auto(0x0) r3 = socket(0x9, 0x7, 0x0) getsockopt$auto(r3, 0x107, 0x1, 0x0, 0x0) setuid$auto(r2) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, 0x0, 0x84000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000000040), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nfc(&(0x7f0000000380), r0) sendmsg$auto_NFC_CMD_DEP_LINK_DOWN(r6, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x40010) sendmsg$auto_CTRL_CMD_GETPOLICY(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB="01032cb57000fbe0df250a00000006000100170000e22bbf3fcf4040e070d0a6c62bafb8b3938f741015ce0156a21b6f4cb954cc6997af8bcebab6f9750e9de4e13ad295a4a40b1f972a575ed0c60d2ad237fefa6f70376eea9faf614cb39a850102438891c057f9f18c9354443f0a2193218d9aedd7c184f02435d6ba18f1a094965b6c8bbcefedd757427b0f12fa88b487dc3caa09810b3d9975fe78a4e6b21c8b1fe8c72d133fc060265d076309551060c8b03837140c0faf0f3677128a290423d1c01c5628538c8b96dbb99fa36cee4be947c9d7e920f9bc9a592f51a3ec86f2856daa583df930493ccce21cdd2ac50277c5e4d4"], 0x1c}, 0x1, 0x0, 0x0, 0x400c01d}, 0x0) syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000080), r4) r7 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/controlC2\x00', 0xa02, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r7, 0xc1105517, &(0x7f00000001c0)={{@inferred, 0x100110d, 0x4, 0x5, "e927783f468fa2e92fe8ec7a46cbb766439daa1ee1aa00000000e1800000001f00000000040000660e070100", @raw=0x7}, 0x6, 0x0, 0x4, @raw=0x404, @integer64={0x20006, 0x8, 0x6}, "a4699d30a05edbe0d28473c399a7dc920b153e9b1675451d7de94b4123f970bedd3460c667373fcc59b584d81592f6ab606c276852295e00af49e6de6e768034"}) r8 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, 0x0, 0x40000, 0x0) read$auto(0x3, 0x0, 0x8) close_range$auto(r1, 0xffffffffffffffff, 0x3) getsockopt$auto_SO_GET_FILTER(r1, 0xa3, 0x1a, &(0x7f0000000000)='/dev/snd/controlC1\x00', &(0x7f0000000180)=0x7) migrate_pages$auto(0x0, 0xa, &(0x7f0000000100)=0x5, &(0x7f0000000140)=0x2) sendto$auto(r8, 0x0, 0xfffffffffffffdef, 0x8, 0x0, 0x20) 960.386808ms ago: executing program 4 (id=6821): r0 = socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x54) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) setresuid$auto(0x0, 0x8, 0x0) r2 = setfsuid$auto(0x0) r3 = socket(0x9, 0x7, 0x0) getsockopt$auto(r3, 0x107, 0x1, 0x0, 0x0) setuid$auto(r2) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, 0x0, 0x84000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000000040), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nfc(&(0x7f0000000380), r0) sendmsg$auto_NFC_CMD_DEP_LINK_DOWN(r6, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x40010) sendmsg$auto_CTRL_CMD_GETPOLICY(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB="01032cb57000fbe0df250a00000006000100170000e22bbf3fcf4040e070d0a6c62bafb8b3938f741015ce0156a21b6f4cb954cc6997af8bcebab6f9750e9de4e13ad295a4a40b1f972a575ed0c60d2ad237fefa6f70376eea9faf614cb39a850102438891c057f9f18c9354443f0a2193218d9aedd7c184f02435d6ba18f1a094965b6c8bbcefedd757427b0f12fa88b487dc3caa09810b3d9975fe78a4e6b21c8b1fe8c72d133fc060265d076309551060c8b03837140c0faf0f3677128a290423d1c01c5628538c8b96dbb99fa36cee4be947c9d7e920f9bc9a592f51a3ec86f2856daa583df930493ccce21cdd2ac50277c5e4d4"], 0x1c}, 0x1, 0x0, 0x0, 0x400c01d}, 0x0) syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000080), r4) r7 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/controlC2\x00', 0xa02, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r7, 0xc1105517, &(0x7f00000001c0)={{@inferred, 0x100110d, 0x4, 0x5, "e927783f468fa2e92fe8ec7a46cbb766439daa1ee1aa00000000e1800000002000000000040000660e070100", @raw=0x7}, 0x6, 0x0, 0x4, @raw=0x404, @integer64={0x20006, 0x8, 0x6}, "a4699d30a05edbe0d28473c399a7dc920b153e9b1675451d7de94b4123f970bedd3460c667373fcc59b584d81592f6ab606c276852295e00af49e6de6e768034"}) r8 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, 0x0, 0x40000, 0x0) read$auto(0x3, 0x0, 0x8) close_range$auto(r1, 0xffffffffffffffff, 0x3) getsockopt$auto_SO_GET_FILTER(r1, 0xa3, 0x1a, &(0x7f0000000000)='/dev/snd/controlC1\x00', &(0x7f0000000180)=0x7) migrate_pages$auto(0x0, 0xa, &(0x7f0000000100)=0x5, &(0x7f0000000140)=0x2) sendto$auto(r8, 0x0, 0xfffffffffffffdef, 0x8, 0x0, 0x20) 558.198928ms ago: executing program 0 (id=6822): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x20, r1, 0xd0d58b333228212f, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r2}, @NL80211_ATTR_SCAN_SSIDS={0x4}]}, 0x20}}, 0x4000500) 461.05375ms ago: executing program 0 (id=6823): unshare$auto(0x40000080) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) openat$auto_tracing_err_log_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/error_log\x00', 0xb01, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snd/midiC2D0\x00', 0x109302, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec29\x00', 0x900, 0x0) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r1, 0xc05c6104, &(0x7f0000000100)={"fda256c4", 0x2, 0x6, 0xe, 0x9b2, 0x5, "0800aafc241cd010c7543bfbca2ce1", "02000200", '\x00\x00 \x00', "2ff43123", ['\x00', "f8ffffffffffffff00000001", "0004154db00b0004000400", "5ff1c858612c4b353c022a92"]}) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL802154_CMD_NEW_SEC_KEY(r2, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000440)={0x2fc, 0x0, 0x100, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_IFNAME={0x14, 0x4, 'ip6gretap0\x00'}, @NL802154_ATTR_IFNAME={0x14, 0x4, 'veth0_macvtap\x00'}, @NL802154_ATTR_SCAN_DONE_REASON={0x5, 0x25, 0x81}, @NL802154_ATTR_MAX_CSMA_BACKOFFS={0x5, 0x12, 0x9}, @NL802154_ATTR_SCAN_DURATION={0x5, 0x24, 0xff}, @NL802154_ATTR_COORDINATOR={0x28f, 0x1e, 0x0, 0x1, [@nested={0x56, 0x69, 0x0, 0x1, [@generic="9c7a86a1581bcb3ab27c9202e8987c8066750014e43e0a3900776fa57d55083318026c18683897eadc7f3df6ae259ff574c579b749e3f88af2f6948faeb90355a7d46c2cba9b6ccf17daee60f60541b9da6a"]}, @nested={0x20, 0x5a, 0x0, 0x1, [@typed={0x8, 0x8b, 0x0, 0x0, @ipv4=@private=0xa010101}, @typed={0x14, 0x35, 0x0, 0x0, @ipv6=@remote}]}, @generic="de13ea25d421916bd1b232fe4c871b584f83dd19c8a2cfb1f168ba3b44d8e39d233fcfc5c1374b0c112a278d98576c5b029b3e6a62bd5e84b278fa5cdacee57b5e9e957fa5bbf877af86d18dbe8d661fd4f46aace7eec26c09d4f310cb9d0f1a8cf6df186d4739bab6771bf0f617e4a66b6a2f83b31fd1fd4bee215113fa3d6d9babae70f74fcb2370ef83b40c6f1727e23119ae1d96cf2b584dad876553f16db0f1416fa91961fe1f31cad51b0d19afe07723d51f9f4b3ca875f4367d34ba9a67f3953264038d9757a63ac44a2377d2cd66d4017a6488baef1a42f6ea527ef1894c53f854d7963e9313c32ee1132550ac3cab3e3570ca", @generic="6b0c0f190e3be54c02bc66d7fe2bbb52707e2384f58ca1c385aa1cc6c13f939eda478f44c4ec9a2098935ea6fb25911b6d5949fdd2b3a7abc2c338dc20f807bbd956e6ed395dfb83b8694102abe23ac40381c309f810a130439a1fc1c5dde15332f4c5a839f03583b75e5ce6782c2588ba8746b0382110cb59279265f4b7d36bc176fb75ef42b76868af23d4a787834175cde4901b2881c542e3b783721cfcc51e664f0cc3454467d4", @generic="20d621606d1669d4b0c0edfafb645b28", @generic="11eda095091ccbacc65362d1dab80731c85f286f8cda96139764d9728651a15afcf8d73fd1c4cfee99a0867d0c6671536b9ba86cea6663309485546fc47c13949b46db314e2c8d89432788bd72677959169edfd188d1571eddd7f4b2fb66ace4bea818"]}, @NL802154_ATTR_ACKREQ_DEFAULT={0x5, 0x1a, 0x3}, @NL802154_ATTR_SCAN_CHANNELS={0x8, 0x21, 0x8001}, @NL802154_ATTR_CCA_OPT={0x8}]}, 0x2fc}, 0x1, 0x0, 0x0, 0x4040}, 0x10) r3 = openat$auto_hsr_node_table_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x400000, 0x0) setsockopt$auto(r3, 0x0, 0x80000000, 0x0, 0x20000000) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/mm/numa/demotion_enabled\x00', 0xa001, 0x0) write$auto(r4, &(0x7f0000000040)='\x1a\xf8)\a\x93\xff\x01\xab\xf1\x90\xb4\xd9\x82#\xb7\xd4\xb7\x00\xfb&\xe84\xc0nB3^h(CBWX\xa4\v\x98\xdf\\\xe7\x0f\xd8Ft\xbb\xbf', 0xd4d0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f0000000140)={[0x1ff, 0x7, 0xc45d, 0x80, 0x6, 0x3, 0x2, 0x3, 0x3, 0x62, 0x80000022, 0x7, 0x6d3e, 0x2000000004000009, 0x2, 0x6]}, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0xeb1, 0x0, 0x8000) ioctl$auto_SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, 0x0) socket(0xa, 0x5, 0x94) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socket(0x2, 0x1, 0x106) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/workqueue/nf_ft_offload_stats/affinity_scope\x00', 0x2, 0x0) read$auto(0x3, 0x0, 0x20f34) write$auto(0x3, 0x0, 0xfffffdef) r5 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x1c1041, 0x0) write$auto_fuse_dev_operations_fuse_i(r5, &(0x7f0000000000)="1100000000000000001000000000000000", 0x11) 303.493702ms ago: executing program 5 (id=6824): prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0x2) r0 = socket(0x18, 0x1, 0x84) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) getsockopt$auto(r0, 0x84, 0x7d, 0x0, &(0x7f0000000100)=0x3) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x4000000080000001, 0x4000000008f0, 0xeb1, 0xd4, 0x8000) prctl$auto(0x10001, 0x2, 0x4, 0x6, 0x1009) socketcall$auto_SYS_ACCEPT4(0x12, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x4000000000000005, 0x2020009, 0x5, 0xf8, r1, 0x101) madvise$auto(0x0, 0x2000050080000008, 0xe) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) mbind$auto(0xf000, 0x8000000000000001, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r2, 0x0, 0x20) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto(0xffffffffffffffff, 0x8001, r2) close_range$auto(0x2, 0x8, 0x8) socket(0x22, 0x5, 0x0) statmount$auto(0x0, &(0x7f0000000380)={0x3, 0x1, 0x1ff, 0x7, 0x5, 0x7181, 0x1ffde, 0x7, 0x3, 0x9, 0x6, 0x80003, 0x4, 0x1ffffffffffd, 0xb4, 0xffffffffffffffff, 0x8, 0x10007, 0x80, 0x4, 0x9, 0xa, 0xffffffff, 0x7, 0x0, 0x84, 0x4000000000000, 0xfff, 0x8, 0x0, 0x2, [0x9a8, 0x6, 0x0, 0x0, 0x9da, 0xffffffffffffffff, 0x200, 0x696f, 0x0, 0x80000, 0x0, 0xfffffffffffffffc, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0, 0x8, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7ffd, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x2000000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000, 0x0, 0x0, 0x10000], "481ffee42e6d4251a6ea0c35f1bebbe8ef04a9ced403ec6a6ed88cfdae76d31e0a042974f01d7450841139df17d100d2a7e06abc1e3958154e4201c24ce46f2be85932244b2ba2953ddbd877d26d8bec8ac599ae4b"}, 0x1fe, 0xd) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x48140, 0x0) readv$auto(r4, 0x0, 0x3) ioctl$auto_TIOCVHANGUP2(r4, 0x5437, 0x0) openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) pwritev$auto(r3, &(0x7f00000000c0)={&(0x7f0000000040)="6e583621ce448f33cfac04610a50c18d02f12d", 0xfffffffffffffffe}, 0x0, 0xae2e, 0x7fffffffffffffff) 168.924223ms ago: executing program 2 (id=6825): r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) statmount$auto(&(0x7f0000000000)={0x1f, @raw, 0x80000007, 0x1ff, 0x6}, 0x0, 0x7ffffffff000, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0x40, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek$auto(r3, 0x0, 0x2) readv$auto(r3, &(0x7f0000000a80)={0x0, 0x5b54}, 0x1) close_range$auto(0x0, 0x5, 0x2) write$auto(0xca, &(0x7f0000000000)='\x04\x01\x04\x00\x00\x00\xf1\xff\x00\xb6', 0x8) fanotify_mark$auto(0xffffffffffffffff, 0x2, 0x0, 0xffffffffffffffff, 0x0) sendmsg$auto_TIPC_NL_NET_SET(0xffffffffffffffff, &(0x7f00000079c0)={0x0, 0x0, &(0x7f0000007980)={&(0x7f0000000040)={0x20, 0x0, 0x1, 0x70bd2c, 0x25dfdbff, {}, [@TIPC_NLA_NET={0xc, 0x7, 0x0, 0x1, [@typed={0x8, 0x2, 0x0, 0x0, @uid=0xee00}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x40010}, 0x2) sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r0, @ANYBLOB="010025bd7000fedbdf256700000008000300", @ANYRES32=r2], 0x1c}, 0x1, 0x0, 0x0, 0xc1}, 0x90) 0s ago: executing program 4 (id=6826): r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x80010, r0, 0x0) mmap$auto(0x0, 0x9, 0xfffffffffffffff5, 0x11, 0x3, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x2, 0x3, 0xa) clone3$auto(0x0, 0x9) socketpair$auto(0x1, 0x0, 0xfffffffc, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/sctp/remaddr\x00', 0x101d00, 0x0) socketpair$auto(0x1e, 0x0, 0x7, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttynull\x00', 0xa042, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0xc7f16bff2a10ba01, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sysfs$auto(0x2, 0x10000000000002f, 0x0) fsopen$auto(0x0, 0x1) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_TIOCSETD2(r2, 0x5423, 0x0) ioctl$auto_TIOCVHANGUP2(r2, 0x5437, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/ptp/ptp0/n_vclocks\x00', 0x8502, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/neigh/wlan1/mcast_solicit\x00', 0x2000, 0x0) setrlimit$auto(0x0, &(0x7f0000000000)={0x0, 0x3ff}) read$auto(r4, 0x0, 0x1ff) write$auto(r3, 0x0, 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) kernel console output (not intermixed with test programs): th: hci1: Opcode 0x0c1a failed: -4 [ 1594.709520][ T7978] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1594.737436][ T7978] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1594.757226][ T7978] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1596.017704][ T30] audit: type=1800 audit(4294967479.910:38): pid=8045 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.5894" name="discovery_nqn" dev="configfs" ino=120056 res=0 errno=0 [ 1596.717885][T25718] Bluetooth: hci2: command 0x0c1a tx timeout [ 1596.718154][T25720] Bluetooth: hci1: command 0x0c1a tx timeout [ 1596.795789][T25718] Bluetooth: hci3: command 0x0c1a tx timeout [ 1596.801948][T25720] Bluetooth: hci4: command 0x0c1a tx timeout [ 1599.133853][ T8091] netlink: 342 bytes leftover after parsing attributes in process `syz.2.5903'. [ 1599.603006][ T8099] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5905'. [ 1599.651747][ T8099] netlink: 354 bytes leftover after parsing attributes in process `syz.0.5905'. [ 1602.935247][ T8185] FAULT_INJECTION: forcing a failure. [ 1602.935247][ T8185] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1602.995780][ T8185] CPU: 1 UID: 0 PID: 8185 Comm: syz.2.5924 Not tainted syzkaller #0 PREEMPT(full) [ 1602.995816][ T8185] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1602.995829][ T8185] Call Trace: [ 1602.995837][ T8185] [ 1602.995847][ T8185] dump_stack_lvl+0x16c/0x1f0 [ 1602.995879][ T8185] should_fail_ex+0x512/0x640 [ 1602.995908][ T8185] get_futex_key+0x293/0x1560 [ 1602.995940][ T8185] ? __pfx_get_futex_key+0x10/0x10 [ 1602.995967][ T8185] ? __mutex_trylock_common+0xe9/0x250 [ 1602.996010][ T8185] futex_wake+0xea/0x530 [ 1602.996048][ T8185] ? __pfx_futex_wake+0x10/0x10 [ 1602.996099][ T8185] do_futex+0x1e3/0x350 [ 1602.996132][ T8185] ? __pfx_do_futex+0x10/0x10 [ 1602.996161][ T8185] ? __might_fault+0xe3/0x190 [ 1602.996194][ T8185] mm_release+0x24e/0x300 [ 1602.996223][ T8185] do_exit+0x68e/0x2bf0 [ 1602.996262][ T8185] ? __pfx_do_exit+0x10/0x10 [ 1602.996297][ T8185] ? do_raw_spin_lock+0x12c/0x2b0 [ 1602.996332][ T8185] ? find_held_lock+0x2b/0x80 [ 1602.996364][ T8185] do_group_exit+0xd3/0x2a0 [ 1602.996400][ T8185] get_signal+0x2671/0x26d0 [ 1602.996442][ T8185] ? __pfx_get_signal+0x10/0x10 [ 1602.996469][ T8185] ? do_futex+0x122/0x350 [ 1602.996502][ T8185] ? __pfx_do_futex+0x10/0x10 [ 1602.996537][ T8185] arch_do_signal_or_restart+0x8f/0x790 [ 1602.996569][ T8185] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1602.996610][ T8185] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1602.996648][ T8185] exit_to_user_mode_loop+0x85/0x130 [ 1602.996684][ T8185] do_syscall_64+0x426/0xfa0 [ 1602.996715][ T8185] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1602.996740][ T8185] RIP: 0033:0x7f5f8f78eec9 [ 1602.996762][ T8185] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1602.996791][ T8185] RSP: 002b:00007f5f905ce0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1602.996815][ T8185] RAX: fffffffffffffe00 RBX: 00007f5f8f9e5fa8 RCX: 00007f5f8f78eec9 [ 1602.996833][ T8185] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f5f8f9e5fa8 [ 1602.996848][ T8185] RBP: 00007f5f8f9e5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1602.996864][ T8185] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1602.996878][ T8185] R13: 00007f5f8f9e6038 R14: 00007ffede3dacc0 R15: 00007ffede3dada8 [ 1602.996914][ T8185] [ 1604.984650][ T8227] FAULT_INJECTION: forcing a failure. [ 1604.984650][ T8227] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1605.010065][ T8227] CPU: 1 UID: 0 PID: 8227 Comm: syz.2.5933 Not tainted syzkaller #0 PREEMPT(full) [ 1605.010092][ T8227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1605.010104][ T8227] Call Trace: [ 1605.010113][ T8227] [ 1605.010122][ T8227] dump_stack_lvl+0x16c/0x1f0 [ 1605.010145][ T8227] should_fail_ex+0x512/0x640 [ 1605.010166][ T8227] get_futex_key+0x293/0x1560 [ 1605.010188][ T8227] ? __pfx_get_futex_key+0x10/0x10 [ 1605.010205][ T8227] ? __mutex_trylock_common+0xe9/0x250 [ 1605.010231][ T8227] futex_wake+0xea/0x530 [ 1605.010254][ T8227] ? __pfx_futex_wake+0x10/0x10 [ 1605.010290][ T8227] do_futex+0x1e3/0x350 [ 1605.010309][ T8227] ? __pfx_do_futex+0x10/0x10 [ 1605.010326][ T8227] ? __might_fault+0xe3/0x190 [ 1605.010345][ T8227] mm_release+0x24e/0x300 [ 1605.010362][ T8227] do_exit+0x68e/0x2bf0 [ 1605.010385][ T8227] ? __pfx_do_exit+0x10/0x10 [ 1605.010403][ T8227] ? do_raw_spin_lock+0x12c/0x2b0 [ 1605.010425][ T8227] ? find_held_lock+0x2b/0x80 [ 1605.010442][ T8227] do_group_exit+0xd3/0x2a0 [ 1605.010462][ T8227] get_signal+0x2671/0x26d0 [ 1605.010485][ T8227] ? __pfx_get_signal+0x10/0x10 [ 1605.010501][ T8227] ? do_futex+0x122/0x350 [ 1605.010519][ T8227] ? __pfx_do_futex+0x10/0x10 [ 1605.010539][ T8227] arch_do_signal_or_restart+0x8f/0x790 [ 1605.010559][ T8227] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1605.010581][ T8227] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1605.010603][ T8227] exit_to_user_mode_loop+0x85/0x130 [ 1605.010625][ T8227] do_syscall_64+0x426/0xfa0 [ 1605.010642][ T8227] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1605.010656][ T8227] RIP: 0033:0x7f5f8f78eec9 [ 1605.010669][ T8227] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1605.010682][ T8227] RSP: 002b:00007f5f905ce0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1605.010696][ T8227] RAX: fffffffffffffe00 RBX: 00007f5f8f9e5fa8 RCX: 00007f5f8f78eec9 [ 1605.010706][ T8227] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f5f8f9e5fa8 [ 1605.010715][ T8227] RBP: 00007f5f8f9e5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1605.010723][ T8227] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1605.010732][ T8227] R13: 00007f5f8f9e6038 R14: 00007ffede3dacc0 R15: 00007ffede3dada8 [ 1605.010751][ T8227] [ 1605.564198][ T8238] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5937'. [ 1605.592739][ T8238] netlink: 354 bytes leftover after parsing attributes in process `syz.2.5937'. [ 1606.055088][ T8258] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5943'. [ 1606.943373][ T8272] FAULT_INJECTION: forcing a failure. [ 1606.943373][ T8272] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1606.971995][ T8272] CPU: 0 UID: 0 PID: 8272 Comm: syz.2.5946 Not tainted syzkaller #0 PREEMPT(full) [ 1606.972018][ T8272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1606.972026][ T8272] Call Trace: [ 1606.972032][ T8272] [ 1606.972038][ T8272] dump_stack_lvl+0x16c/0x1f0 [ 1606.972059][ T8272] should_fail_ex+0x512/0x640 [ 1606.972080][ T8272] get_futex_key+0x293/0x1560 [ 1606.972101][ T8272] ? __pfx_get_futex_key+0x10/0x10 [ 1606.972118][ T8272] ? __mutex_trylock_common+0xe9/0x250 [ 1606.972143][ T8272] futex_wake+0xea/0x530 [ 1606.972166][ T8272] ? __pfx_futex_wake+0x10/0x10 [ 1606.972195][ T8272] do_futex+0x1e3/0x350 [ 1606.972214][ T8272] ? __pfx_do_futex+0x10/0x10 [ 1606.972230][ T8272] ? __might_fault+0xe3/0x190 [ 1606.972249][ T8272] mm_release+0x24e/0x300 [ 1606.972265][ T8272] do_exit+0x68e/0x2bf0 [ 1606.972289][ T8272] ? __pfx_do_exit+0x10/0x10 [ 1606.972307][ T8272] ? do_raw_spin_lock+0x12c/0x2b0 [ 1606.972328][ T8272] ? find_held_lock+0x2b/0x80 [ 1606.972345][ T8272] do_group_exit+0xd3/0x2a0 [ 1606.972365][ T8272] get_signal+0x2671/0x26d0 [ 1606.972390][ T8272] ? __pfx_get_signal+0x10/0x10 [ 1606.972405][ T8272] ? do_futex+0x122/0x350 [ 1606.972424][ T8272] ? __pfx_do_futex+0x10/0x10 [ 1606.972443][ T8272] arch_do_signal_or_restart+0x8f/0x790 [ 1606.972470][ T8272] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1606.972493][ T8272] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1606.972516][ T8272] exit_to_user_mode_loop+0x85/0x130 [ 1606.972538][ T8272] do_syscall_64+0x426/0xfa0 [ 1606.972555][ T8272] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1606.972569][ T8272] RIP: 0033:0x7f5f8f78eec9 [ 1606.972582][ T8272] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1606.972595][ T8272] RSP: 002b:00007f5f905ce0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1606.972609][ T8272] RAX: fffffffffffffe00 RBX: 00007f5f8f9e5fa8 RCX: 00007f5f8f78eec9 [ 1606.972619][ T8272] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f5f8f9e5fa8 [ 1606.972627][ T8272] RBP: 00007f5f8f9e5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1606.972636][ T8272] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1606.972645][ T8272] R13: 00007f5f8f9e6038 R14: 00007ffede3dacc0 R15: 00007ffede3dada8 [ 1606.972664][ T8272] [ 1607.439971][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1607.446546][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1609.567411][ T8350] netlink: 206 bytes leftover after parsing attributes in process `syz.2.5954'. [ 1612.999822][ T8458] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1613.024301][ T8458] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1613.034087][ T8458] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1613.044895][ T8458] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1615.035765][T25720] Bluetooth: hci3: command 0x0c1a tx timeout [ 1615.041863][T25718] Bluetooth: hci2: command 0x0c1a tx timeout [ 1615.047985][T25718] Bluetooth: hci1: command 0x0c1a tx timeout [ 1615.120274][ T4242] Bluetooth: hci4: command 0x0c1a tx timeout [ 1617.552675][ T8602] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5986'. [ 1618.410877][ T8623] snd_virmidi snd_virmidi.0: control 16781581:4:5:'x?F/zF˷fC:7 is already present [ 1619.267534][ T8647] snd_virmidi snd_virmidi.0: control 16781581:4:5:'x?F/zF˷fC:7 is already present [ 1620.205109][ T8672] FAULT_INJECTION: forcing a failure. [ 1620.205109][ T8672] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1620.220224][ T8672] CPU: 1 UID: 0 PID: 8672 Comm: syz.2.6002 Not tainted syzkaller #0 PREEMPT(full) [ 1620.220258][ T8672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1620.220272][ T8672] Call Trace: [ 1620.220281][ T8672] [ 1620.220302][ T8672] dump_stack_lvl+0x16c/0x1f0 [ 1620.220335][ T8672] should_fail_ex+0x512/0x640 [ 1620.220368][ T8672] _copy_from_user+0x2e/0xd0 [ 1620.220401][ T8672] __sys_bpf+0x248/0x4980 [ 1620.220430][ T8672] ? __pfx___sys_bpf+0x10/0x10 [ 1620.220453][ T8672] ? find_held_lock+0x2b/0x80 [ 1620.220487][ T8672] ? find_held_lock+0x2b/0x80 [ 1620.220521][ T8672] ? __mutex_unlock_slowpath+0x161/0x7b0 [ 1620.220568][ T8672] ? fput+0x9b/0xd0 [ 1620.220599][ T8672] ? ksys_write+0x1ac/0x250 [ 1620.220625][ T8672] ? __pfx_ksys_write+0x10/0x10 [ 1620.220656][ T8672] __x64_sys_bpf+0x78/0xc0 [ 1620.220680][ T8672] ? lockdep_hardirqs_on+0x7c/0x110 [ 1620.220721][ T8672] do_syscall_64+0xcd/0xfa0 [ 1620.220751][ T8672] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1620.220777][ T8672] RIP: 0033:0x7f5f8f78eec9 [ 1620.220797][ T8672] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1620.220821][ T8672] RSP: 002b:00007f5f905ce038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1620.220845][ T8672] RAX: ffffffffffffffda RBX: 00007f5f8f9e5fa0 RCX: 00007f5f8f78eec9 [ 1620.220863][ T8672] RDX: 00000000000000a3 RSI: 0000200000000780 RDI: 0000000000000000 [ 1620.220877][ T8672] RBP: 00007f5f905ce090 R08: 0000000000000000 R09: 0000000000000000 [ 1620.220891][ T8672] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1620.220904][ T8672] R13: 00007f5f8f9e6038 R14: 00007f5f8f9e5fa0 R15: 00007ffede3dada8 [ 1620.220939][ T8672] [ 1620.826155][ T8695] random: crng reseeded on system resumption [ 1622.581377][T25718] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1622.596914][T25718] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1622.606306][T25718] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1622.636838][T25718] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1622.660464][T25718] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1622.991610][T25740] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1623.274843][T25740] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1623.590548][T25740] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1623.778754][T25740] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1623.886045][ T8781] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6016'. [ 1623.917446][ T8781] netlink: 354 bytes leftover after parsing attributes in process `syz.2.6016'. [ 1624.287434][T25740] bridge_slave_1: left allmulticast mode [ 1624.305806][T25740] bridge_slave_1: left promiscuous mode [ 1624.315110][T25740] bridge0: port 2(bridge_slave_1) entered disabled state [ 1624.352935][T25740] bridge_slave_0: left allmulticast mode [ 1624.364598][T25740] bridge_slave_0: left promiscuous mode [ 1624.378586][T25740] bridge0: port 1(bridge_slave_0) entered disabled state [ 1624.545236][ T30] audit: type=1800 audit(4294967508.430:39): pid=8912 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.6020" name="lu_gp_id" dev="configfs" ino=122361 res=0 errno=0 [ 1624.730978][T25718] Bluetooth: hci0: command tx timeout [ 1625.688004][T25740] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1625.766938][T25740] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1625.784494][T25740] bond0 (unregistering): Released all slaves [ 1625.930332][ T8725] chnl_net:caif_netlink_parms(): no params data found [ 1626.796875][T25718] Bluetooth: hci0: command tx timeout [ 1627.002814][ T8725] bridge0: port 1(bridge_slave_0) entered blocking state [ 1627.030616][ T8725] bridge0: port 1(bridge_slave_0) entered disabled state [ 1627.076035][ T8725] bridge_slave_0: entered allmulticast mode [ 1627.097172][ T8725] bridge_slave_0: entered promiscuous mode [ 1627.164754][ T8725] bridge0: port 2(bridge_slave_1) entered blocking state [ 1627.181640][ T8725] bridge0: port 2(bridge_slave_1) entered disabled state [ 1627.260136][ T8725] bridge_slave_1: entered allmulticast mode [ 1627.280391][ T8725] bridge_slave_1: entered promiscuous mode [ 1627.545885][ T8725] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1627.700190][ T8725] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1627.877672][ T8725] team0: Port device team_slave_0 added [ 1627.931354][ T8725] team0: Port device team_slave_1 added [ 1627.937962][ T9152] netlink: 342 bytes leftover after parsing attributes in process `syz.0.6029'. [ 1628.034212][ T9152] netlink: 342 bytes leftover after parsing attributes in process `syz.0.6029'. [ 1628.151226][ T8725] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1628.197849][ T8725] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1628.478380][ T8725] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1628.712745][ T8725] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1628.765743][ T8725] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1628.844870][ T8725] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1628.877707][T25718] Bluetooth: hci0: command tx timeout [ 1629.690280][ T8725] hsr_slave_0: entered promiscuous mode [ 1629.786078][ T8725] hsr_slave_1: entered promiscuous mode [ 1629.931530][T25740] hsr_slave_0: left promiscuous mode [ 1630.026297][T25740] hsr_slave_1: left promiscuous mode [ 1630.045578][T25740] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1630.084482][T25740] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1630.098455][T25740] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1630.110536][T25740] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1630.210129][T25740] veth1_macvtap: left promiscuous mode [ 1630.217608][T25740] veth0_macvtap: left promiscuous mode [ 1630.223721][T25740] veth1_vlan: left promiscuous mode [ 1630.229267][T25740] veth0_vlan: left promiscuous mode [ 1630.965969][T25718] Bluetooth: hci0: command tx timeout [ 1631.841259][T25740] team0 (unregistering): Port device team_slave_1 removed [ 1631.888683][T25740] team0 (unregistering): Port device team_slave_0 removed [ 1633.767245][ T9423] snd_virmidi snd_virmidi.0: control 16781581:4:5:'x?F/zF˷fC:7 is already present [ 1633.978099][ T9426] FAULT_INJECTION: forcing a failure. [ 1633.978099][ T9426] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1633.991384][ T9426] CPU: 1 UID: 0 PID: 9426 Comm: syz.0.6044 Not tainted syzkaller #0 PREEMPT(full) [ 1633.991412][ T9426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1633.991421][ T9426] Call Trace: [ 1633.991427][ T9426] [ 1633.991433][ T9426] dump_stack_lvl+0x16c/0x1f0 [ 1633.991454][ T9426] should_fail_ex+0x512/0x640 [ 1633.991475][ T9426] _copy_from_user+0x2e/0xd0 [ 1633.991494][ T9426] core_sys_select+0x35b/0xc20 [ 1633.991513][ T9426] ? __pfx_core_sys_select+0x10/0x10 [ 1633.991529][ T9426] ? proc_fail_nth_write+0x9f/0x220 [ 1633.991560][ T9426] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1633.991582][ T9426] kern_select+0x15d/0x1e0 [ 1633.991595][ T9426] ? __pfx_kern_select+0x10/0x10 [ 1633.991610][ T9426] ? __pfx_ksys_write+0x10/0x10 [ 1633.991628][ T9426] __x64_sys_select+0xbd/0x160 [ 1633.991641][ T9426] ? do_syscall_64+0x91/0xfa0 [ 1633.991655][ T9426] ? lockdep_hardirqs_on+0x7c/0x110 [ 1633.991671][ T9426] do_syscall_64+0xcd/0xfa0 [ 1633.991687][ T9426] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1633.991702][ T9426] RIP: 0033:0x7f03d1f8eec9 [ 1633.991715][ T9426] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1633.991728][ T9426] RSP: 002b:00007f03d2dc1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 1633.991742][ T9426] RAX: ffffffffffffffda RBX: 00007f03d21e6180 RCX: 00007f03d1f8eec9 [ 1633.991751][ T9426] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000e [ 1633.991760][ T9426] RBP: 00007f03d2dc1090 R08: 0000000000000000 R09: 0000000000000000 [ 1633.991768][ T9426] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001 [ 1633.991777][ T9426] R13: 00007f03d21e6218 R14: 00007f03d21e6180 R15: 00007fff049e2338 [ 1633.991796][ T9426] [ 1634.800679][ T8725] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1634.833538][ T8725] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1634.950018][ T8725] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1634.982959][ T8725] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1635.424895][ T8725] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1635.574010][ T8725] 8021q: adding VLAN 0 to HW filter on device team0 [ 1635.709475][T25740] bridge0: port 1(bridge_slave_0) entered blocking state [ 1635.716649][T25740] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1635.781820][T25740] bridge0: port 2(bridge_slave_1) entered blocking state [ 1635.789054][T25740] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1635.939127][ T8725] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1636.228483][ T9483] could not allocate digest TFM handle [ 1636.294453][ T9494] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6052'. [ 1636.308620][ T9494] netlink: 354 bytes leftover after parsing attributes in process `syz.2.6052'. [ 1636.722214][ T8725] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1637.989681][ T9549] snd_virmidi snd_virmidi.0: control 16781581:4:5:'x?F/zF˷fC:7 is already present [ 1638.135097][ T8725] veth0_vlan: entered promiscuous mode [ 1638.296580][ T8725] veth1_vlan: entered promiscuous mode [ 1638.379852][ T8725] veth0_macvtap: entered promiscuous mode [ 1638.402109][ T8725] veth1_macvtap: entered promiscuous mode [ 1638.639438][ T8725] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1638.688735][ T8725] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1638.759236][ T3535] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1638.836978][ T3535] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1639.064683][ T3535] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1639.142784][ T3535] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1639.429907][T14703] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1639.467367][T25654] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1639.476104][T25654] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1639.483608][T14703] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1642.429857][ T9701] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6073'. [ 1642.479170][ T9701] netlink: 354 bytes leftover after parsing attributes in process `syz.4.6073'. [ 1644.548666][ T9741] FAULT_INJECTION: forcing a failure. [ 1644.548666][ T9741] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1644.585852][ T9741] CPU: 1 UID: 0 PID: 9741 Comm: syz.5.6080 Not tainted syzkaller #0 PREEMPT(full) [ 1644.585886][ T9741] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1644.585898][ T9741] Call Trace: [ 1644.585903][ T9741] [ 1644.585910][ T9741] dump_stack_lvl+0x16c/0x1f0 [ 1644.585948][ T9741] should_fail_ex+0x512/0x640 [ 1644.585969][ T9741] _copy_to_user+0x32/0xd0 [ 1644.585989][ T9741] simple_read_from_buffer+0xcb/0x170 [ 1644.586014][ T9741] proc_fail_nth_read+0x197/0x240 [ 1644.586030][ T9741] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1644.586046][ T9741] ? rw_verify_area+0xcf/0x6c0 [ 1644.586073][ T9741] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1644.586087][ T9741] vfs_read+0x1e1/0xcf0 [ 1644.586105][ T9741] ? __pfx___mutex_lock+0x10/0x10 [ 1644.586122][ T9741] ? __pfx_vfs_read+0x10/0x10 [ 1644.586141][ T9741] ? __fget_files+0x20e/0x3c0 [ 1644.586153][ T9741] ? preempt_count_sub+0x100/0x160 [ 1644.586174][ T9741] ksys_read+0x12a/0x250 [ 1644.586188][ T9741] ? __pfx_ksys_read+0x10/0x10 [ 1644.586208][ T9741] do_syscall_64+0xcd/0xfa0 [ 1644.586225][ T9741] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1644.586240][ T9741] RIP: 0033:0x7f251df8d8dc [ 1644.586252][ T9741] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1644.586266][ T9741] RSP: 002b:00007f251ed80030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1644.586280][ T9741] RAX: ffffffffffffffda RBX: 00007f251e1e5fa0 RCX: 00007f251df8d8dc [ 1644.586290][ T9741] RDX: 000000000000000f RSI: 00007f251ed800a0 RDI: 0000000000000003 [ 1644.586298][ T9741] RBP: 00007f251ed80090 R08: 0000000000000000 R09: 0000000000000000 [ 1644.586307][ T9741] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1644.586316][ T9741] R13: 00007f251e1e6038 R14: 00007f251e1e5fa0 R15: 00007fff613c8968 [ 1644.586338][ T9741] [ 1644.778969][ C1] vkms_vblank_simulate: vblank timer overrun [ 1645.907452][ T9781] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1645.914012][ T9781] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1645.994471][ T9781] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1646.001209][ T9781] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1646.013498][ T9781] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1646.044978][ T9781] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1647.556944][ T9818] netlink: 12 bytes leftover after parsing attributes in process `syz.5.6091'. [ 1647.863016][ T9824] dyndbg: bad flag-op u, at start of u [ 1647.876085][ T9824] dyndbg: flags parse failed [ 1647.928110][ T4242] Bluetooth: hci2: command 0x0c1a tx timeout [ 1648.003659][ T4242] Bluetooth: hci4: command 0x0c1a tx timeout [ 1648.009822][T25718] Bluetooth: hci3: command 0x0c1a tx timeout [ 1648.075773][T25718] Bluetooth: hci0: command 0x0c1a tx timeout [ 1648.264862][ T9834] snd_virmidi snd_virmidi.0: control 16781581:4:5:'x?F/zF˷fC:7 is already present [ 1650.155745][T25718] Bluetooth: hci0: command 0x0c1a tx timeout [ 1652.237947][T25718] Bluetooth: hci0: command 0x0c1a tx timeout [ 1653.650249][T10057] snd_virmidi snd_virmidi.0: control 16781581:4:5:'x?F/zF˷fC:7 is already present [ 1654.836374][T10157] sp0: Synchronizing with TNC [ 1658.436132][T25718] Bluetooth: hci3: unexpected event 0x01 length: 5 > 1 [ 1659.568062][T10346] netlink: 342 bytes leftover after parsing attributes in process `syz.5.6130'. [ 1661.288724][T10450] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1661.320663][T10450] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1661.334597][T10450] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1661.343144][T10450] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1662.685187][T10481] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6144'. [ 1662.697613][T10481] netlink: 354 bytes leftover after parsing attributes in process `syz.2.6144'. [ 1663.355859][ T4242] Bluetooth: hci4: command 0x0c1a tx timeout [ 1663.355898][T25718] Bluetooth: hci3: command 0x0c1a tx timeout [ 1663.361934][ T4242] Bluetooth: hci2: command 0x0c1a tx timeout [ 1663.361982][ T4242] Bluetooth: hci0: command 0x0c1a tx timeout [ 1663.519236][T10507] FAULT_INJECTION: forcing a failure. [ 1663.519236][T10507] name failslab, interval 1, probability 0, space 0, times 0 [ 1663.583372][T10507] CPU: 0 UID: 0 PID: 10507 Comm: syz.5.6149 Not tainted syzkaller #0 PREEMPT(full) [ 1663.583407][T10507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1663.583422][T10507] Call Trace: [ 1663.583430][T10507] [ 1663.583440][T10507] dump_stack_lvl+0x16c/0x1f0 [ 1663.583474][T10507] should_fail_ex+0x512/0x640 [ 1663.583503][T10507] ? __kmalloc_noprof+0xca/0x880 [ 1663.583541][T10507] should_failslab+0xc2/0x120 [ 1663.583572][T10507] __kmalloc_noprof+0xdd/0x880 [ 1663.583608][T10507] ? copy_splice_read+0x1a8/0xc20 [ 1663.583650][T10507] ? copy_splice_read+0x1a8/0xc20 [ 1663.583685][T10507] copy_splice_read+0x1a8/0xc20 [ 1663.583737][T10507] ? __pfx_copy_splice_read+0x10/0x10 [ 1663.583778][T10507] ? look_up_lock_class+0x59/0x150 [ 1663.583811][T10507] ? lockdep_init_map_type+0x5c/0x280 [ 1663.583847][T10507] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 1663.583876][T10507] ? __pfx_copy_splice_read+0x10/0x10 [ 1663.583912][T10507] do_splice_read+0x282/0x370 [ 1663.583953][T10507] splice_direct_to_actor+0x2a1/0xa30 [ 1663.583994][T10507] ? __pfx_direct_splice_actor+0x10/0x10 [ 1663.584025][T10507] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1663.584061][T10507] ? get_pid_task+0xfc/0x250 [ 1663.584104][T10507] do_splice_direct+0x174/0x240 [ 1663.584143][T10507] ? __pfx_do_splice_direct+0x10/0x10 [ 1663.584181][T10507] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 1663.584221][T10507] ? bpf_lsm_file_permission+0x9/0x10 [ 1663.584267][T10507] ? security_file_permission+0x71/0x210 [ 1663.584293][T10507] ? rw_verify_area+0xcf/0x6c0 [ 1663.584337][T10507] do_sendfile+0xb06/0xe50 [ 1663.584368][T10507] ? __pfx_do_sendfile+0x10/0x10 [ 1663.584394][T10507] ? __fget_files+0x20e/0x3c0 [ 1663.584427][T10507] __x64_sys_sendfile64+0x1d8/0x220 [ 1663.584456][T10507] ? ksys_write+0x1ac/0x250 [ 1663.584482][T10507] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1663.584524][T10507] do_syscall_64+0xcd/0xfa0 [ 1663.584554][T10507] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1663.584579][T10507] RIP: 0033:0x7f251df8eec9 [ 1663.584600][T10507] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1663.584621][T10507] RSP: 002b:00007f251ed80038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1663.584645][T10507] RAX: ffffffffffffffda RBX: 00007f251e1e5fa0 RCX: 00007f251df8eec9 [ 1663.584662][T10507] RDX: 0000000000000000 RSI: 000000000000000e RDI: 000000000000000d [ 1663.584677][T10507] RBP: 00007f251ed80090 R08: 0000000000000000 R09: 0000000000000000 [ 1663.584698][T10507] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001 [ 1663.584713][T10507] R13: 00007f251e1e6038 R14: 00007f251e1e5fa0 R15: 00007fff613c8968 [ 1663.584749][T10507] [ 1664.178164][T10509] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 1664.786162][T10545] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1664.792974][T10545] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1664.800838][T10545] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1664.814508][T10545] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1666.798420][T25720] Bluetooth: hci2: command 0x0c1a tx timeout [ 1666.804562][ T4242] Bluetooth: hci3: command 0x0c1a tx timeout [ 1666.885773][T25720] Bluetooth: hci4: command 0x0c1a tx timeout [ 1666.891928][ T4242] Bluetooth: hci0: command 0x0c1a tx timeout [ 1667.417362][T10630] device-mapper: ioctl: Invalid ioctl structure: name , dev 8000010007 [ 1667.450638][T10630] Unable to find swap-space signature [ 1667.487198][T10632] random: crng reseeded on system resumption [ 1667.838735][T10638] snd_virmidi snd_virmidi.0: control 16781581:4:5:'x?F/zF˷fC:7 is already present [ 1668.880119][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1668.892479][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1669.324837][T10668] FAULT_INJECTION: forcing a failure. [ 1669.324837][T10668] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1669.338476][T10668] CPU: 0 UID: 0 PID: 10668 Comm: syz.2.6180 Not tainted syzkaller #0 PREEMPT(full) [ 1669.338497][T10668] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1669.338506][T10668] Call Trace: [ 1669.338511][T10668] [ 1669.338518][T10668] dump_stack_lvl+0x16c/0x1f0 [ 1669.338538][T10668] should_fail_ex+0x512/0x640 [ 1669.338559][T10668] should_fail_alloc_page+0xe7/0x130 [ 1669.338579][T10668] prepare_alloc_pages+0x3c2/0x610 [ 1669.338600][T10668] __alloc_frozen_pages_noprof+0x18b/0x2470 [ 1669.338616][T10668] ? stack_trace_save+0x8e/0xc0 [ 1669.338633][T10668] ? __pfx_stack_trace_save+0x10/0x10 [ 1669.338649][T10668] ? stack_depot_save_flags+0x29/0x9c0 [ 1669.338665][T10668] ? bpf_ksym_find+0x124/0x1c0 [ 1669.338684][T10668] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1669.338697][T10668] ? __kasan_kmalloc+0xaa/0xb0 [ 1669.338712][T10668] ? copy_splice_read+0x1a8/0xc20 [ 1669.338734][T10668] ? splice_direct_to_actor+0x2a1/0xa30 [ 1669.338755][T10668] ? do_splice_direct+0x174/0x240 [ 1669.338774][T10668] ? do_sendfile+0xb06/0xe50 [ 1669.338786][T10668] ? __x64_sys_sendfile64+0x1d8/0x220 [ 1669.338802][T10668] ? do_syscall_64+0xcd/0xfa0 [ 1669.338817][T10668] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1669.338845][T10668] alloc_pages_bulk_noprof+0x71c/0x1410 [ 1669.338865][T10668] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 1669.338887][T10668] ? copy_splice_read+0x1a8/0xc20 [ 1669.338912][T10668] copy_splice_read+0x1e1/0xc20 [ 1669.338938][T10668] ? __pfx_copy_splice_read+0x10/0x10 [ 1669.338961][T10668] ? look_up_lock_class+0x59/0x150 [ 1669.338979][T10668] ? lockdep_init_map_type+0x5c/0x280 [ 1669.339000][T10668] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 1669.339016][T10668] ? __pfx_copy_splice_read+0x10/0x10 [ 1669.339037][T10668] do_splice_read+0x282/0x370 [ 1669.339060][T10668] splice_direct_to_actor+0x2a1/0xa30 [ 1669.339083][T10668] ? __pfx_direct_splice_actor+0x10/0x10 [ 1669.339100][T10668] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1669.339121][T10668] ? get_pid_task+0xfc/0x250 [ 1669.339152][T10668] do_splice_direct+0x174/0x240 [ 1669.339175][T10668] ? __pfx_do_splice_direct+0x10/0x10 [ 1669.339197][T10668] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 1669.339219][T10668] ? bpf_lsm_file_permission+0x9/0x10 [ 1669.339235][T10668] ? security_file_permission+0x71/0x210 [ 1669.339249][T10668] ? rw_verify_area+0xcf/0x6c0 [ 1669.339273][T10668] do_sendfile+0xb06/0xe50 [ 1669.339299][T10668] ? __pfx_do_sendfile+0x10/0x10 [ 1669.339323][T10668] ? __fget_files+0x20e/0x3c0 [ 1669.339354][T10668] __x64_sys_sendfile64+0x1d8/0x220 [ 1669.339379][T10668] ? ksys_write+0x1ac/0x250 [ 1669.339393][T10668] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1669.339416][T10668] do_syscall_64+0xcd/0xfa0 [ 1669.339433][T10668] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1669.339446][T10668] RIP: 0033:0x7f5f8f78eec9 [ 1669.339458][T10668] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1669.339472][T10668] RSP: 002b:00007f5f905ce038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1669.339486][T10668] RAX: ffffffffffffffda RBX: 00007f5f8f9e5fa0 RCX: 00007f5f8f78eec9 [ 1669.339496][T10668] RDX: 0000000000000000 RSI: 000000000000000e RDI: 000000000000000d [ 1669.339504][T10668] RBP: 00007f5f905ce090 R08: 0000000000000000 R09: 0000000000000000 [ 1669.339512][T10668] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001 [ 1669.339520][T10668] R13: 00007f5f8f9e6038 R14: 00007f5f8f9e5fa0 R15: 00007ffede3dada8 [ 1669.339540][T10668] [ 1669.685198][ C0] vkms_vblank_simulate: vblank timer overrun [ 1671.951127][T10750] snd_virmidi snd_virmidi.0: control 16781581:4:5:'x?F/zF˷fC:7 is already present [ 1672.807328][ T4242] Bluetooth: hci2: unexpected event 0x01 length: 5 > 1 [ 1672.835421][T10768] tipc: Started in network mode [ 1672.864753][T10768] tipc: Node identity ee00, cluster identity 4711 [ 1672.871641][T10768] tipc: Node number set to 60928 [ 1673.581774][T10763] delete_channel: no stack [ 1674.163080][T10810] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1674.182492][T10810] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1674.189405][T10810] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1674.201006][T10810] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1676.245758][ T4242] Bluetooth: hci0: command 0x0c1a tx timeout [ 1676.251942][T25720] Bluetooth: hci4: command 0x0c1a tx timeout [ 1676.252861][T25718] Bluetooth: hci3: command 0x0c1a tx timeout [ 1676.258104][T25716] Bluetooth: hci2: command 0x0c1a tx timeout [ 1679.855842][T10970] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1679.879121][T10970] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1679.919371][T10970] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1679.925423][T10970] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1680.184051][T10995] vivid-003: ================= START STATUS ================= [ 1680.206165][T10995] vivid-003: Radio HW Seek Mode: Bounded [ 1680.212232][T10995] vivid-003: Radio Programmable HW Seek: false [ 1680.280467][T10995] vivid-003: RDS Rx I/O Mode: Block I/O [ 1680.318997][T10995] vivid-003: Generate RBDS Instead of RDS: false [ 1680.325561][T10995] vivid-003: RDS Reception: true [ 1680.331508][T10995] vivid-003: RDS Program Type: 0 inactive [ 1680.421993][T10995] vivid-003: RDS PS Name: inactive [ 1680.498624][T10995] vivid-003: RDS Radio Text: inactive [ 1680.524031][T10995] vivid-003: RDS Traffic Announcement: false inactive [ 1680.533581][T10995] vivid-003: RDS Traffic Program: false inactive [ 1680.541001][T10995] vivid-003: RDS Music: false inactive [ 1680.547729][T10995] vivid-003: ================== END STATUS ================== [ 1681.515711][T25720] Bluetooth: hci2: command 0x0c1a tx timeout [ 1681.919758][T25720] Bluetooth: hci3: command 0x0c1a tx timeout [ 1681.995734][T25720] Bluetooth: hci0: command 0x0c1a tx timeout [ 1682.001845][T25716] Bluetooth: hci4: command 0x0c1a tx timeout [ 1682.828435][T11048] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 1684.076043][T11114] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1684.117622][T11114] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1684.142175][T11114] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1684.170903][T11114] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1685.282603][T11135] FAULT_INJECTION: forcing a failure. [ 1685.282603][T11135] name failslab, interval 1, probability 0, space 0, times 0 [ 1685.349305][T11135] CPU: 0 UID: 0 PID: 11135 Comm: syz.0.6222 Not tainted syzkaller #0 PREEMPT(full) [ 1685.349341][T11135] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1685.349356][T11135] Call Trace: [ 1685.349365][T11135] [ 1685.349375][T11135] dump_stack_lvl+0x16c/0x1f0 [ 1685.349408][T11135] should_fail_ex+0x512/0x640 [ 1685.349437][T11135] ? __kvmalloc_node_noprof+0x12e/0x9c0 [ 1685.349470][T11135] should_failslab+0xc2/0x120 [ 1685.349502][T11135] __kvmalloc_node_noprof+0x141/0x9c0 [ 1685.349532][T11135] ? seq_read_iter+0x830/0x12d0 [ 1685.349566][T11135] ? alloc_pages_bulk_noprof+0xa67/0x1410 [ 1685.349598][T11135] ? seq_read_iter+0x830/0x12d0 [ 1685.349621][T11135] seq_read_iter+0x830/0x12d0 [ 1685.349642][T11135] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 1685.349662][T11135] kernfs_fop_read_iter+0x46c/0x610 [ 1685.349680][T11135] copy_splice_read+0x618/0xc20 [ 1685.349708][T11135] ? __pfx_copy_splice_read+0x10/0x10 [ 1685.349731][T11135] ? look_up_lock_class+0x59/0x150 [ 1685.349756][T11135] ? lockdep_init_map_type+0x5c/0x280 [ 1685.349778][T11135] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 1685.349794][T11135] ? __pfx_copy_splice_read+0x10/0x10 [ 1685.349815][T11135] do_splice_read+0x282/0x370 [ 1685.349838][T11135] splice_direct_to_actor+0x2a1/0xa30 [ 1685.349862][T11135] ? __pfx_direct_splice_actor+0x10/0x10 [ 1685.349879][T11135] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1685.349899][T11135] ? get_pid_task+0xfc/0x250 [ 1685.349924][T11135] do_splice_direct+0x174/0x240 [ 1685.349946][T11135] ? __pfx_do_splice_direct+0x10/0x10 [ 1685.349968][T11135] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 1685.349990][T11135] ? bpf_lsm_file_permission+0x9/0x10 [ 1685.350006][T11135] ? security_file_permission+0x71/0x210 [ 1685.350021][T11135] ? rw_verify_area+0xcf/0x6c0 [ 1685.350044][T11135] do_sendfile+0xb06/0xe50 [ 1685.350062][T11135] ? __pfx_do_sendfile+0x10/0x10 [ 1685.350076][T11135] ? __fget_files+0x20e/0x3c0 [ 1685.350094][T11135] __x64_sys_sendfile64+0x1d8/0x220 [ 1685.350111][T11135] ? ksys_write+0x1ac/0x250 [ 1685.350125][T11135] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1685.350148][T11135] do_syscall_64+0xcd/0xfa0 [ 1685.350165][T11135] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1685.350180][T11135] RIP: 0033:0x7f03d1f8eec9 [ 1685.350192][T11135] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1685.350206][T11135] RSP: 002b:00007f03d2e03038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1685.350220][T11135] RAX: ffffffffffffffda RBX: 00007f03d21e5fa0 RCX: 00007f03d1f8eec9 [ 1685.350230][T11135] RDX: 0000000000000000 RSI: 000000000000000e RDI: 000000000000000d [ 1685.350238][T11135] RBP: 00007f03d2e03090 R08: 0000000000000000 R09: 0000000000000000 [ 1685.350246][T11135] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001 [ 1685.350255][T11135] R13: 00007f03d21e6038 R14: 00007f03d21e5fa0 R15: 00007fff049e2338 [ 1685.350278][T11135] [ 1686.176143][T25716] Bluetooth: hci4: command 0x0c1a tx timeout [ 1686.176171][ T4242] Bluetooth: hci2: command 0x0c1a tx timeout [ 1686.201167][T25720] Bluetooth: hci3: command 0x0c1a tx timeout [ 1686.236401][T25720] Bluetooth: hci0: command 0x0c1a tx timeout [ 1687.100869][T11188] netlink: 12 bytes leftover after parsing attributes in process `syz.5.6226'. [ 1688.553681][T11252] random: crng reseeded on system resumption [ 1694.196171][T11405] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1694.243207][T11405] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1694.354602][T11405] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1694.380668][T11405] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1695.795532][T25720] Bluetooth: hci0: unexpected event 0x01 length: 5 > 1 [ 1695.834801][T11448] tipc: Started in network mode [ 1695.909010][T11448] tipc: Node identity ee00, cluster identity 4711 [ 1695.915486][T11448] tipc: Node number set to 60928 [ 1696.236593][T25720] Bluetooth: hci2: command 0x0c1a tx timeout [ 1696.277417][T11447] delete_channel: no stack [ 1696.316012][T25720] Bluetooth: hci3: command 0x0c1a tx timeout [ 1696.396065][T25720] Bluetooth: hci0: command 0x0c1a tx timeout [ 1696.396099][ T4242] Bluetooth: hci4: command 0x0c1a tx timeout [ 1697.126718][T11495] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1697.152719][T11495] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1697.159824][T11495] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1697.200689][T11495] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1699.195885][ T4242] Bluetooth: hci0: command 0x0c1a tx timeout [ 1699.201924][ T4242] Bluetooth: hci4: command 0x0c1a tx timeout [ 1699.208220][T25720] Bluetooth: hci3: command 0x0c1a tx timeout [ 1699.214338][T25720] Bluetooth: hci2: command 0x0c1a tx timeout [ 1701.754368][T25720] Bluetooth: hci4: unexpected event 0x01 length: 5 > 1 [ 1701.835131][T11621] tipc: Started in network mode [ 1701.933747][T11621] tipc: Node identity ee00, cluster identity 4711 [ 1701.985153][T11621] tipc: Node number set to 60928 [ 1702.255195][T11620] delete_channel: no stack [ 1706.257642][T11742] snd_virmidi snd_virmidi.0: control 16781581:4:5:'x?F/zF˷fC:7 is already present [ 1706.935089][T11747] netlink: 206 bytes leftover after parsing attributes in process `syz.2.6280'. [ 1708.606239][T11799] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1708.614246][T11799] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1708.621284][T11799] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1708.629196][T11799] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1710.635984][T25720] Bluetooth: hci0: command 0x0c1a tx timeout [ 1710.642275][ T4242] Bluetooth: hci4: command 0x0c1a tx timeout [ 1710.648357][T25718] Bluetooth: hci3: command 0x0c1a tx timeout [ 1710.654342][T25716] Bluetooth: hci2: command 0x0c1a tx timeout [ 1711.151075][T11870] netlink: 342 bytes leftover after parsing attributes in process `syz.4.6293'. [ 1717.604357][T12123] snd_virmidi snd_virmidi.0: control 16781581:4:5:'x?F/zF˷fC:7 is already present [ 1717.812427][T12122] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1717.835039][T12122] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1717.855582][T12122] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1717.869716][T12122] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1719.762520][T12148] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1719.809427][T12148] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1719.815590][T12148] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1719.829305][T12148] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1721.836488][T25720] Bluetooth: hci3: command 0x0c1a tx timeout [ 1721.842551][ T4242] Bluetooth: hci4: command 0x0c1a tx timeout [ 1721.842591][T25718] Bluetooth: hci2: command 0x0c1a tx timeout [ 1721.916066][ T4242] Bluetooth: hci0: command 0x0c1a tx timeout [ 1722.945932][T12269] FAULT_INJECTION: forcing a failure. [ 1722.945932][T12269] name failslab, interval 1, probability 0, space 0, times 0 [ 1722.969526][T12269] CPU: 0 UID: 0 PID: 12269 Comm: syz.0.6317 Not tainted syzkaller #0 PREEMPT(full) [ 1722.969559][T12269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1722.969574][T12269] Call Trace: [ 1722.969583][T12269] [ 1722.969593][T12269] dump_stack_lvl+0x16c/0x1f0 [ 1722.969626][T12269] should_fail_ex+0x512/0x640 [ 1722.969653][T12269] ? __kmalloc_noprof+0xca/0x880 [ 1722.969692][T12269] should_failslab+0xc2/0x120 [ 1722.969724][T12269] __kmalloc_noprof+0xdd/0x880 [ 1722.969760][T12269] ? iter_file_splice_write+0x1cc/0x12e0 [ 1722.969791][T12269] ? iter_file_splice_write+0x1cc/0x12e0 [ 1722.969814][T12269] iter_file_splice_write+0x1cc/0x12e0 [ 1722.969846][T12269] ? kfree+0x2b8/0x6d0 [ 1722.969876][T12269] ? copy_splice_read+0x897/0xc20 [ 1722.969918][T12269] ? copy_splice_read+0x897/0xc20 [ 1722.969950][T12269] ? copy_splice_read+0x89c/0xc20 [ 1722.969982][T12269] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1722.970012][T12269] ? __pfx_copy_splice_read+0x10/0x10 [ 1722.970050][T12269] ? look_up_lock_class+0x59/0x150 [ 1722.970085][T12269] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 1722.970112][T12269] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1722.970140][T12269] direct_splice_actor+0x18f/0x6c0 [ 1722.970168][T12269] splice_direct_to_actor+0x342/0xa30 [ 1722.970209][T12269] ? __pfx_direct_splice_actor+0x10/0x10 [ 1722.970240][T12269] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1722.970276][T12269] ? get_pid_task+0xfc/0x250 [ 1722.970319][T12269] do_splice_direct+0x174/0x240 [ 1722.970356][T12269] ? __pfx_do_splice_direct+0x10/0x10 [ 1722.970401][T12269] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 1722.970440][T12269] ? bpf_lsm_file_permission+0x9/0x10 [ 1722.970468][T12269] ? security_file_permission+0x71/0x210 [ 1722.970494][T12269] ? rw_verify_area+0xcf/0x6c0 [ 1722.970533][T12269] do_sendfile+0xb06/0xe50 [ 1722.970564][T12269] ? __pfx_do_sendfile+0x10/0x10 [ 1722.970590][T12269] ? __fget_files+0x20e/0x3c0 [ 1722.970624][T12269] __x64_sys_sendfile64+0x1d8/0x220 [ 1722.970654][T12269] ? ksys_write+0x1ac/0x250 [ 1722.970678][T12269] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1722.970720][T12269] do_syscall_64+0xcd/0xfa0 [ 1722.970750][T12269] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1722.970775][T12269] RIP: 0033:0x7f03d1f8eec9 [ 1722.970796][T12269] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1722.970820][T12269] RSP: 002b:00007f03d2e03038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1722.970844][T12269] RAX: ffffffffffffffda RBX: 00007f03d21e5fa0 RCX: 00007f03d1f8eec9 [ 1722.970861][T12269] RDX: 0000000000000000 RSI: 000000000000000e RDI: 000000000000000d [ 1722.970877][T12269] RBP: 00007f03d2e03090 R08: 0000000000000000 R09: 0000000000000000 [ 1722.970892][T12269] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001 [ 1722.970908][T12269] R13: 00007f03d21e6038 R14: 00007f03d21e5fa0 R15: 00007fff049e2338 [ 1722.970945][T12269] [ 1724.807358][T12316] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1724.813537][T12316] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1724.820360][T12316] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1724.837262][T12316] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1725.909226][T12343] FAULT_INJECTION: forcing a failure. [ 1725.909226][T12343] name failslab, interval 1, probability 0, space 0, times 0 [ 1725.960064][T12343] CPU: 1 UID: 0 PID: 12343 Comm: syz.0.6332 Not tainted syzkaller #0 PREEMPT(full) [ 1725.960090][T12343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1725.960100][T12343] Call Trace: [ 1725.960106][T12343] [ 1725.960113][T12343] dump_stack_lvl+0x16c/0x1f0 [ 1725.960134][T12343] should_fail_ex+0x512/0x640 [ 1725.960164][T12343] ? __kmalloc_noprof+0xca/0x880 [ 1725.960189][T12343] should_failslab+0xc2/0x120 [ 1725.960221][T12343] __kmalloc_noprof+0xdd/0x880 [ 1725.960259][T12343] ? drm_atomic_state_init+0xe4/0x320 [ 1725.960297][T12343] ? drm_atomic_state_init+0xe4/0x320 [ 1725.960326][T12343] drm_atomic_state_init+0xe4/0x320 [ 1725.960356][T12343] ? __kasan_kmalloc+0xaa/0xb0 [ 1725.960377][T12343] drm_atomic_state_alloc+0xd3/0x120 [ 1725.960394][T12343] drm_client_modeset_commit_atomic+0xcc/0x7e0 [ 1725.960412][T12343] ? __pfx___might_resched+0x10/0x10 [ 1725.960434][T12343] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 1725.960451][T12343] ? __mutex_lock+0x1c5/0x1060 [ 1725.960467][T12343] ? rcu_is_watching+0x12/0xc0 [ 1725.960504][T12343] drm_client_modeset_commit_locked+0x14d/0x580 [ 1725.960525][T12343] drm_client_modeset_commit+0x4f/0x80 [ 1725.960543][T12343] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 1725.960561][T12343] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 1725.960583][T12343] drm_fbdev_client_restore+0x2c/0x40 [ 1725.960604][T12343] drm_client_dev_restore+0x1f6/0x2a0 [ 1725.960624][T12343] drm_release+0x2c4/0x360 [ 1725.960642][T12343] ? __pfx_drm_release+0x10/0x10 [ 1725.960656][T12343] __fput+0x3ff/0xb70 [ 1725.960680][T12343] task_work_run+0x150/0x240 [ 1725.960702][T12343] ? __pfx_task_work_run+0x10/0x10 [ 1725.960724][T12343] ? __pfx___do_sys_close_range+0x10/0x10 [ 1725.960743][T12343] exit_to_user_mode_loop+0xec/0x130 [ 1725.960765][T12343] do_syscall_64+0x426/0xfa0 [ 1725.960782][T12343] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1725.960797][T12343] RIP: 0033:0x7f03d1f8eec9 [ 1725.960810][T12343] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1725.960824][T12343] RSP: 002b:00007f03d2e03038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1725.960842][T12343] RAX: 0000000000000000 RBX: 00007f03d21e5fa0 RCX: 00007f03d1f8eec9 [ 1725.960851][T12343] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 1725.960860][T12343] RBP: 00007f03d2011f91 R08: 0000000000000000 R09: 0000000000000000 [ 1725.960868][T12343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1725.960877][T12343] R13: 00007f03d21e6038 R14: 00007f03d21e5fa0 R15: 00007fff049e2338 [ 1725.960900][T12343] [ 1726.223374][ C1] vkms_vblank_simulate: vblank timer overrun [ 1726.886329][T25718] Bluetooth: hci0: command 0x0c1a tx timeout [ 1726.887008][ T4242] Bluetooth: hci4: command 0x0c1a tx timeout [ 1726.892386][T25718] Bluetooth: hci3: command 0x0c1a tx timeout [ 1726.898465][ T4242] Bluetooth: hci2: command 0x0c1a tx timeout [ 1727.407154][T12420] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1727.414699][T12420] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1727.446256][T12420] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1727.496043][T12420] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1728.171987][T12433] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1728.238738][T12433] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1728.256411][T12433] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1728.262969][T12433] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1730.292276][T12491] vivid-003: ================= START STATUS ================= [ 1730.318127][ T4242] Bluetooth: hci4: command 0x0c1a tx timeout [ 1730.318248][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1730.324224][T25718] Bluetooth: hci0: command 0x0c1a tx timeout [ 1730.330710][T25716] Bluetooth: hci3: command 0x0c1a tx timeout [ 1730.343703][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1730.373186][T12491] vivid-003: Radio HW Seek Mode: Bounded [ 1730.379768][T12491] vivid-003: Radio Programmable HW Seek: false [ 1730.388264][T12491] vivid-003: RDS Rx I/O Mode: Block I/O [ 1730.394175][T12491] vivid-003: Generate RBDS Instead of RDS: false [ 1730.404253][T12487] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1730.416942][T12487] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1730.433124][T12491] vivid-003: RDS Reception: true [ 1730.459662][T12487] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1730.478583][T12487] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1730.496146][T12491] vivid-003: RDS Program Type: 0 inactive [ 1730.502155][T12491] vivid-003: RDS PS Name: inactive [ 1730.522583][T12491] vivid-003: RDS Radio Text: inactive [ 1730.537241][T12491] vivid-003: RDS Traffic Announcement: false inactive [ 1730.555031][T12491] vivid-003: RDS Traffic Program: false inactive [ 1730.680571][T12491] vivid-003: RDS Music: false inactive [ 1730.801590][T12491] vivid-003: ================== END STATUS ================== [ 1731.836564][T25716] Bluetooth: hci2: command 0x0c1a tx timeout [ 1732.475795][T25716] Bluetooth: hci4: command 0x0c1a tx timeout [ 1732.478383][ T4242] Bluetooth: hci3: command 0x0c1a tx timeout [ 1732.556893][ T4242] Bluetooth: hci0: command 0x0c1a tx timeout [ 1732.604084][T12569] FAULT_INJECTION: forcing a failure. [ 1732.604084][T12569] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1732.656778][T12569] CPU: 0 UID: 0 PID: 12569 Comm: syz.5.6365 Not tainted syzkaller #0 PREEMPT(full) [ 1732.656808][T12569] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1732.656821][T12569] Call Trace: [ 1732.656829][T12569] [ 1732.656838][T12569] dump_stack_lvl+0x16c/0x1f0 [ 1732.656870][T12569] should_fail_ex+0x512/0x640 [ 1732.656902][T12569] get_futex_key+0x293/0x1560 [ 1732.656939][T12569] ? __pfx_get_futex_key+0x10/0x10 [ 1732.656970][T12569] ? __mutex_trylock_common+0xe9/0x250 [ 1732.657014][T12569] futex_wake+0xea/0x530 [ 1732.657052][T12569] ? __pfx_futex_wake+0x10/0x10 [ 1732.657101][T12569] do_futex+0x1e3/0x350 [ 1732.657134][T12569] ? __pfx_do_futex+0x10/0x10 [ 1732.657162][T12569] ? __might_fault+0xe3/0x190 [ 1732.657197][T12569] mm_release+0x24e/0x300 [ 1732.657226][T12569] do_exit+0x68e/0x2bf0 [ 1732.657265][T12569] ? __pfx_do_exit+0x10/0x10 [ 1732.657297][T12569] ? do_raw_spin_lock+0x12c/0x2b0 [ 1732.657332][T12569] ? find_held_lock+0x2b/0x80 [ 1732.657372][T12569] do_group_exit+0xd3/0x2a0 [ 1732.657407][T12569] get_signal+0x2671/0x26d0 [ 1732.657449][T12569] ? __pfx_get_signal+0x10/0x10 [ 1732.657476][T12569] ? do_futex+0x122/0x350 [ 1732.657508][T12569] ? __pfx_do_futex+0x10/0x10 [ 1732.657543][T12569] arch_do_signal_or_restart+0x8f/0x790 [ 1732.657574][T12569] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1732.657613][T12569] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1732.657653][T12569] exit_to_user_mode_loop+0x85/0x130 [ 1732.657685][T12569] do_syscall_64+0x426/0xfa0 [ 1732.657713][T12569] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1732.657738][T12569] RIP: 0033:0x7f251df8eec9 [ 1732.657758][T12569] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1732.657781][T12569] RSP: 002b:00007f251ed800e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1732.657806][T12569] RAX: fffffffffffffe00 RBX: 00007f251e1e5fa8 RCX: 00007f251df8eec9 [ 1732.657823][T12569] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f251e1e5fa8 [ 1732.657839][T12569] RBP: 00007f251e1e5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1732.657855][T12569] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1732.657870][T12569] R13: 00007f251e1e6038 R14: 00007fff613c8880 R15: 00007fff613c8968 [ 1732.657906][T12569] [ 1733.313497][T12609] ERROR: Out of memory at tomoyo_memory_ok. [ 1733.537309][ T4242] Bluetooth: hci2: unexpected event 0x01 length: 5 > 1 [ 1733.838905][T12644] snd_virmidi snd_virmidi.0: control 16781581:4:5:'x?F/zF˷fC:7 is already present [ 1733.889988][T12613] delete_channel: no stack [ 1734.238447][T12648] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1734.264394][T12654] usb usb2: usbfs: process 12654 (syz.0.6378) did not claim interface 4 before use [ 1734.286308][T12648] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1734.292736][T12648] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1734.299578][T12648] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1735.066424][T12665] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1735.074022][T12665] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1735.080683][T12665] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1735.087442][T12665] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1736.770009][T25716] Bluetooth: hci0: unexpected event 0x01 length: 5 > 1 [ 1736.791624][T25716] Bluetooth: hci2: unexpected event 0x01 length: 5 > 1 [ 1736.989126][T12733] delete_channel: no stack [ 1737.115897][T25716] Bluetooth: hci0: command 0x0c1a tx timeout [ 1737.122613][T25716] Bluetooth: hci4: command 0x0c1a tx timeout [ 1737.128763][ T4242] Bluetooth: hci3: command 0x0c1a tx timeout [ 1737.134809][ T4242] Bluetooth: hci2: command 0x0c1a tx timeout [ 1737.223917][T12732] delete_channel: no stack [ 1738.191439][T12837] snd_virmidi snd_virmidi.0: control 16781581:4:5:'x?F/zF˷fC:7 is already present [ 1739.078983][T12866] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1739.085779][T12866] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1739.092372][T12866] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1739.099204][T12866] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1739.183411][T12872] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6398'. [ 1740.530062][T12897] FAULT_INJECTION: forcing a failure. [ 1740.530062][T12897] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1740.543116][T12897] CPU: 1 UID: 0 PID: 12897 Comm: syz.2.6405 Not tainted syzkaller #0 PREEMPT(full) [ 1740.543137][T12897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1740.543145][T12897] Call Trace: [ 1740.543150][T12897] [ 1740.543156][T12897] dump_stack_lvl+0x16c/0x1f0 [ 1740.543177][T12897] should_fail_ex+0x512/0x640 [ 1740.543197][T12897] get_futex_key+0x293/0x1560 [ 1740.543218][T12897] ? __pfx_get_futex_key+0x10/0x10 [ 1740.543236][T12897] ? __mutex_trylock_common+0xe9/0x250 [ 1740.543261][T12897] futex_wake+0xea/0x530 [ 1740.543303][T12897] ? __pfx_futex_wake+0x10/0x10 [ 1740.543332][T12897] do_futex+0x1e3/0x350 [ 1740.543356][T12897] ? __pfx_do_futex+0x10/0x10 [ 1740.543373][T12897] ? __might_fault+0xe3/0x190 [ 1740.543392][T12897] mm_release+0x24e/0x300 [ 1740.543409][T12897] do_exit+0x68e/0x2bf0 [ 1740.543432][T12897] ? __pfx_do_exit+0x10/0x10 [ 1740.543450][T12897] ? do_raw_spin_lock+0x12c/0x2b0 [ 1740.543471][T12897] ? find_held_lock+0x2b/0x80 [ 1740.543488][T12897] do_group_exit+0xd3/0x2a0 [ 1740.543508][T12897] get_signal+0x2671/0x26d0 [ 1740.543532][T12897] ? __pfx_get_signal+0x10/0x10 [ 1740.543547][T12897] ? do_futex+0x122/0x350 [ 1740.543566][T12897] ? __pfx_do_futex+0x10/0x10 [ 1740.543585][T12897] arch_do_signal_or_restart+0x8f/0x790 [ 1740.543604][T12897] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1740.543627][T12897] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1740.543649][T12897] exit_to_user_mode_loop+0x85/0x130 [ 1740.543671][T12897] do_syscall_64+0x426/0xfa0 [ 1740.543688][T12897] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1740.543703][T12897] RIP: 0033:0x7f5f8f78eec9 [ 1740.543715][T12897] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1740.543728][T12897] RSP: 002b:00007f5f905ce0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1740.543742][T12897] RAX: fffffffffffffe00 RBX: 00007f5f8f9e5fa8 RCX: 00007f5f8f78eec9 [ 1740.543752][T12897] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f5f8f9e5fa8 [ 1740.543760][T12897] RBP: 00007f5f8f9e5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1740.543769][T12897] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1740.543777][T12897] R13: 00007f5f8f9e6038 R14: 00007ffede3dacc0 R15: 00007ffede3dada8 [ 1740.543796][T12897] [ 1740.771649][ C1] vkms_vblank_simulate: vblank timer overrun [ 1741.115960][T25716] Bluetooth: hci0: command 0x0c1a tx timeout [ 1741.116767][T25720] Bluetooth: hci3: command 0x0c1a tx timeout [ 1741.122489][T25716] Bluetooth: hci2: command 0x0c1a tx timeout [ 1741.128112][ T4242] Bluetooth: hci4: command 0x0c1a tx timeout [ 1741.382650][T12939] snd_virmidi snd_virmidi.0: control 16781581:4:5:'x?F/zF˷fC:7 is already present [ 1742.678589][ T30] audit: type=1800 audit(4294967389.060:40): pid=12977 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.6412" name="lu_gp_id" dev="configfs" ino=130732 res=0 errno=0 [ 1742.975779][T12990] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1742.986080][T12990] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1742.992462][T12990] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1742.998994][T12990] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1743.422695][T13010] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6415'. [ 1744.212971][T13038] FAULT_INJECTION: forcing a failure. [ 1744.212971][T13038] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1744.320834][T13038] CPU: 1 UID: 0 PID: 13038 Comm: syz.5.6419 Not tainted syzkaller #0 PREEMPT(full) [ 1744.320857][T13038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1744.320866][T13038] Call Trace: [ 1744.320872][T13038] [ 1744.320879][T13038] dump_stack_lvl+0x16c/0x1f0 [ 1744.320899][T13038] should_fail_ex+0x512/0x640 [ 1744.320920][T13038] _copy_to_user+0x32/0xd0 [ 1744.320940][T13038] simple_read_from_buffer+0xcb/0x170 [ 1744.320964][T13038] proc_fail_nth_read+0x197/0x240 [ 1744.320980][T13038] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1744.320996][T13038] ? rw_verify_area+0xcf/0x6c0 [ 1744.321018][T13038] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1744.321032][T13038] vfs_read+0x1e1/0xcf0 [ 1744.321050][T13038] ? __pfx___mutex_lock+0x10/0x10 [ 1744.321067][T13038] ? __pfx_vfs_read+0x10/0x10 [ 1744.321086][T13038] ? __fget_files+0x20e/0x3c0 [ 1744.321105][T13038] ksys_read+0x12a/0x250 [ 1744.321119][T13038] ? __pfx_ksys_read+0x10/0x10 [ 1744.321139][T13038] do_syscall_64+0xcd/0xfa0 [ 1744.321156][T13038] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1744.321171][T13038] RIP: 0033:0x7f251df8d8dc [ 1744.321183][T13038] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1744.321197][T13038] RSP: 002b:00007f251ed80030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1744.321212][T13038] RAX: ffffffffffffffda RBX: 00007f251e1e5fa0 RCX: 00007f251df8d8dc [ 1744.321222][T13038] RDX: 000000000000000f RSI: 00007f251ed800a0 RDI: 0000000000000004 [ 1744.321237][T13038] RBP: 00007f251ed80090 R08: 0000000000000000 R09: 0000000000000000 [ 1744.321246][T13038] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1744.321254][T13038] R13: 00007f251e1e6038 R14: 00007f251e1e5fa0 R15: 00007fff613c8968 [ 1744.321274][T13038] [ 1744.503973][ C1] vkms_vblank_simulate: vblank timer overrun [ 1745.045837][T25720] Bluetooth: hci4: command 0x0c1a tx timeout [ 1745.048131][T25716] Bluetooth: hci3: command 0x0c1a tx timeout [ 1745.051933][T25718] Bluetooth: hci2: command 0x0c1a tx timeout [ 1745.066057][ T4242] Bluetooth: hci0: command 0x0c1a tx timeout [ 1748.322602][T13112] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1748.387841][T13112] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1748.412898][T13112] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1748.428930][T13112] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1748.742103][T13126] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6434'. [ 1748.812427][T13126] netlink: 354 bytes leftover after parsing attributes in process `syz.5.6434'. [ 1749.492045][T13138] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1749.522417][T13138] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1749.536996][T13138] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1749.543343][T13138] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1750.599363][T13160] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6440'. [ 1751.516764][ T4242] Bluetooth: hci2: command 0x0c1a tx timeout [ 1751.606409][ T4242] Bluetooth: hci0: command 0x0c1a tx timeout [ 1751.607452][T25720] Bluetooth: hci4: command 0x0c1a tx timeout [ 1751.612470][ T4242] Bluetooth: hci3: command 0x0c1a tx timeout [ 1751.619544][T13197] FAULT_INJECTION: forcing a failure. [ 1751.619544][T13197] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1751.671146][T13197] CPU: 0 UID: 0 PID: 13197 Comm: syz.4.6446 Not tainted syzkaller #0 PREEMPT(full) [ 1751.671181][T13197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1751.671196][T13197] Call Trace: [ 1751.671206][T13197] [ 1751.671223][T13197] dump_stack_lvl+0x16c/0x1f0 [ 1751.671257][T13197] should_fail_ex+0x512/0x640 [ 1751.671293][T13197] get_futex_key+0x293/0x1560 [ 1751.671330][T13197] ? __pfx_get_futex_key+0x10/0x10 [ 1751.671361][T13197] ? __mutex_trylock_common+0xe9/0x250 [ 1751.671401][T13197] futex_wake+0xea/0x530 [ 1751.671438][T13197] ? __pfx_futex_wake+0x10/0x10 [ 1751.671488][T13197] do_futex+0x1e3/0x350 [ 1751.671521][T13197] ? __pfx_do_futex+0x10/0x10 [ 1751.671550][T13197] ? __might_fault+0xe3/0x190 [ 1751.671584][T13197] mm_release+0x24e/0x300 [ 1751.671613][T13197] do_exit+0x68e/0x2bf0 [ 1751.671652][T13197] ? __pfx_do_exit+0x10/0x10 [ 1751.671684][T13197] ? do_raw_spin_lock+0x12c/0x2b0 [ 1751.671720][T13197] ? find_held_lock+0x2b/0x80 [ 1751.671751][T13197] do_group_exit+0xd3/0x2a0 [ 1751.671786][T13197] get_signal+0x2671/0x26d0 [ 1751.671828][T13197] ? __pfx_get_signal+0x10/0x10 [ 1751.671856][T13197] ? do_futex+0x122/0x350 [ 1751.671886][T13197] ? __pfx_do_futex+0x10/0x10 [ 1751.671926][T13197] arch_do_signal_or_restart+0x8f/0x790 [ 1751.671960][T13197] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1751.672001][T13197] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1751.672040][T13197] exit_to_user_mode_loop+0x85/0x130 [ 1751.672078][T13197] do_syscall_64+0x426/0xfa0 [ 1751.672108][T13197] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1751.672134][T13197] RIP: 0033:0x7f900738eec9 [ 1751.672156][T13197] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1751.672179][T13197] RSP: 002b:00007f90082470e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1751.672204][T13197] RAX: fffffffffffffe00 RBX: 00007f90075e5fa8 RCX: 00007f900738eec9 [ 1751.672222][T13197] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f90075e5fa8 [ 1751.672238][T13197] RBP: 00007f90075e5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1751.672253][T13197] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1751.672267][T13197] R13: 00007f90075e6038 R14: 00007ffdbe6cbda0 R15: 00007ffdbe6cbe88 [ 1751.672303][T13197] [ 1751.796057][T13202] snd_virmidi snd_virmidi.0: control 16781581:4:5:'x?F/zF˷fC:7 is already present [ 1755.844215][T13295] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6460'. [ 1757.589401][T13373] snd_virmidi snd_virmidi.0: control 16781581:4:5:'x?F/zF˷fC:7 is already present [ 1759.840309][T13441] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6474'. [ 1760.902087][T13473] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1761.297838][T13491] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6483'. [ 1761.392356][T13491] netlink: 354 bytes leftover after parsing attributes in process `syz.5.6483'. [ 1762.272170][T13535] FAULT_INJECTION: forcing a failure. [ 1762.272170][T13535] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1762.289802][T13535] CPU: 0 UID: 0 PID: 13535 Comm: syz.4.6488 Not tainted syzkaller #0 PREEMPT(full) [ 1762.289824][T13535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1762.289833][T13535] Call Trace: [ 1762.289839][T13535] [ 1762.289845][T13535] dump_stack_lvl+0x16c/0x1f0 [ 1762.289866][T13535] should_fail_ex+0x512/0x640 [ 1762.289886][T13535] get_futex_key+0x293/0x1560 [ 1762.289907][T13535] ? __pfx_get_futex_key+0x10/0x10 [ 1762.289932][T13535] ? __mutex_trylock_common+0xe9/0x250 [ 1762.289958][T13535] futex_wake+0xea/0x530 [ 1762.289980][T13535] ? __pfx_futex_wake+0x10/0x10 [ 1762.290010][T13535] do_futex+0x1e3/0x350 [ 1762.290028][T13535] ? __pfx_do_futex+0x10/0x10 [ 1762.290045][T13535] ? __might_fault+0xe3/0x190 [ 1762.290064][T13535] mm_release+0x24e/0x300 [ 1762.290080][T13535] do_exit+0x68e/0x2bf0 [ 1762.290103][T13535] ? __pfx_do_exit+0x10/0x10 [ 1762.290122][T13535] ? do_raw_spin_lock+0x12c/0x2b0 [ 1762.290143][T13535] ? find_held_lock+0x2b/0x80 [ 1762.290160][T13535] do_group_exit+0xd3/0x2a0 [ 1762.290181][T13535] get_signal+0x2671/0x26d0 [ 1762.290204][T13535] ? __pfx_get_signal+0x10/0x10 [ 1762.290219][T13535] ? do_futex+0x122/0x350 [ 1762.290238][T13535] ? __pfx_do_futex+0x10/0x10 [ 1762.290258][T13535] arch_do_signal_or_restart+0x8f/0x790 [ 1762.290277][T13535] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1762.290300][T13535] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1762.290323][T13535] exit_to_user_mode_loop+0x85/0x130 [ 1762.290345][T13535] do_syscall_64+0x426/0xfa0 [ 1762.290362][T13535] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1762.290377][T13535] RIP: 0033:0x7f900738eec9 [ 1762.290389][T13535] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1762.290403][T13535] RSP: 002b:00007f90082470e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1762.290417][T13535] RAX: fffffffffffffe00 RBX: 00007f90075e5fa8 RCX: 00007f900738eec9 [ 1762.290426][T13535] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f90075e5fa8 [ 1762.290435][T13535] RBP: 00007f90075e5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1762.290444][T13535] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1762.290452][T13535] R13: 00007f90075e6038 R14: 00007ffdbe6cbda0 R15: 00007ffdbe6cbe88 [ 1762.290471][T13535] [ 1762.560477][T13529] random: crng reseeded on system resumption [ 1763.644562][T13571] snd_virmidi snd_virmidi.0: control 16781581:4:5:'x?F/zF˷fC:7 is already present [ 1765.282057][T13633] zram: Added device: zram2 [ 1769.132446][ T8900] netdevsim netdevsim15 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1769.358886][T13850] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6517'. [ 1774.027126][T14054] vhci_hcd: invalid port number 16 [ 1774.054286][T14054] vhci_hcd: invalid port number 16 [ 1775.167280][T14099] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 1775.200657][T14105] FAULT_INJECTION: forcing a failure. [ 1775.200657][T14105] name failslab, interval 1, probability 0, space 0, times 0 [ 1775.215060][T14105] CPU: 1 UID: 0 PID: 14105 Comm: syz.0.6540 Not tainted syzkaller #0 PREEMPT(full) [ 1775.215083][T14105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1775.215093][T14105] Call Trace: [ 1775.215098][T14105] [ 1775.215105][T14105] dump_stack_lvl+0x16c/0x1f0 [ 1775.215127][T14105] should_fail_ex+0x512/0x640 [ 1775.215146][T14105] ? __kmalloc_noprof+0xca/0x880 [ 1775.215171][T14105] should_failslab+0xc2/0x120 [ 1775.215191][T14105] __kmalloc_noprof+0xdd/0x880 [ 1775.215211][T14105] ? __kernel_text_address+0xd/0x40 [ 1775.215225][T14105] ? constrain_params_by_rules+0x175/0xca0 [ 1775.215251][T14105] ? constrain_params_by_rules+0x175/0xca0 [ 1775.215272][T14105] constrain_params_by_rules+0x175/0xca0 [ 1775.215299][T14105] ? stack_trace_save+0x8e/0xc0 [ 1775.215319][T14105] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 1775.215345][T14105] ? __kasan_kmalloc+0xaa/0xb0 [ 1775.215360][T14105] ? snd_pcm_oss_change_params_locked+0x247/0x3a30 [ 1775.215381][T14105] ? snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 1775.215401][T14105] ? snd_pcm_oss_sync+0x32e/0x840 [ 1775.215427][T14105] ? rcu_is_watching+0x12/0xc0 [ 1775.215442][T14105] ? snd_interval_refine+0x2fa/0x580 [ 1775.215467][T14105] snd_pcm_hw_refine+0x7de/0xad0 [ 1775.215492][T14105] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 1775.215523][T14105] ? __asan_memset+0x23/0x50 [ 1775.215537][T14105] ? _snd_pcm_hw_param_min+0x259/0x630 [ 1775.215561][T14105] snd_pcm_oss_change_params_locked+0x65e/0x3a30 [ 1775.215598][T14105] ? __mutex_lock+0x1c5/0x1060 [ 1775.215628][T14105] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 1775.215691][T14105] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 1775.215716][T14105] snd_pcm_oss_sync+0x32e/0x840 [ 1775.215739][T14105] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 1775.215760][T14105] snd_pcm_oss_release+0x28b/0x310 [ 1775.215783][T14105] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 1775.215803][T14105] __fput+0x3ff/0xb70 [ 1775.215826][T14105] task_work_run+0x150/0x240 [ 1775.215849][T14105] ? __pfx_task_work_run+0x10/0x10 [ 1775.215870][T14105] ? __pfx___do_sys_close_range+0x10/0x10 [ 1775.215891][T14105] exit_to_user_mode_loop+0xec/0x130 [ 1775.215913][T14105] do_syscall_64+0x426/0xfa0 [ 1775.215930][T14105] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1775.215944][T14105] RIP: 0033:0x7f03d1f8eec9 [ 1775.215957][T14105] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1775.215971][T14105] RSP: 002b:00007f03d2e03038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1775.215987][T14105] RAX: 0000000000000000 RBX: 00007f03d21e5fa0 RCX: 00007f03d1f8eec9 [ 1775.215997][T14105] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000000000002 [ 1775.216006][T14105] RBP: 00007f03d2011f91 R08: 0000000000000000 R09: 0000000000000000 [ 1775.216015][T14105] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1775.216024][T14105] R13: 00007f03d21e6038 R14: 00007f03d21e5fa0 R15: 00007fff049e2338 [ 1775.216045][T14105] [ 1775.752120][T14117] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6542'. [ 1776.051392][T14140] snd_virmidi snd_virmidi.0: control 16781581:4:5:'x?F/zF˷fC:7 is already present [ 1778.688819][T14255] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1778.701855][T14255] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1778.792870][T14255] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1778.802289][T14255] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1779.296012][T14302] netlink: 268 bytes leftover after parsing attributes in process `syz.0.6557'. [ 1780.065189][T14365] snd_virmidi snd_virmidi.0: control 16781581:4:5:'x?F/zF˷fC:7 is already present [ 1780.684955][T14413] snd_virmidi snd_virmidi.0: control 16781581:4:5:'x?F/zF˷fC:7 is already present [ 1780.728877][ T4242] Bluetooth: hci3: command 0x0c1a tx timeout [ 1780.734963][ T4242] Bluetooth: hci2: command 0x0c1a tx timeout [ 1780.795744][T25720] Bluetooth: hci4: command 0x0c1a tx timeout [ 1780.885652][T25720] Bluetooth: hci0: command 0x0c1a tx timeout [ 1781.786821][T14431] FAULT_INJECTION: forcing a failure. [ 1781.786821][T14431] name failslab, interval 1, probability 0, space 0, times 0 [ 1781.829857][T25720] Bluetooth: hci2: unexpected event 0x02 length: 726 > 260 [ 1781.843922][T14431] CPU: 1 UID: 0 PID: 14431 Comm: syz.0.6568 Not tainted syzkaller #0 PREEMPT(full) [ 1781.843963][T14431] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1781.843980][T14431] Call Trace: [ 1781.843991][T14431] [ 1781.844002][T14431] dump_stack_lvl+0x16c/0x1f0 [ 1781.844037][T14431] should_fail_ex+0x512/0x640 [ 1781.844067][T14431] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 1781.844098][T14431] should_failslab+0xc2/0x120 [ 1781.844132][T14431] kmem_cache_alloc_noprof+0x75/0x6e0 [ 1781.844167][T14431] ? prepare_creds+0x2c/0x7d0 [ 1781.844214][T14431] ? prepare_creds+0x2c/0x7d0 [ 1781.844249][T14431] prepare_creds+0x2c/0x7d0 [ 1781.844290][T14431] __sys_setregid+0x101/0x910 [ 1781.844317][T14431] ? rcu_is_watching+0x12/0xc0 [ 1781.844348][T14431] do_syscall_64+0xcd/0xfa0 [ 1781.844380][T14431] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1781.844406][T14431] RIP: 0033:0x7f03d1f8eec9 [ 1781.844427][T14431] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1781.844452][T14431] RSP: 002b:00007f03d2e03038 EFLAGS: 00000246 ORIG_RAX: 0000000000000072 [ 1781.844478][T14431] RAX: ffffffffffffffda RBX: 00007f03d21e5fa0 RCX: 00007f03d1f8eec9 [ 1781.844496][T14431] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000081 [ 1781.844512][T14431] RBP: 00007f03d2011f91 R08: 0000000000000000 R09: 0000000000000000 [ 1781.844529][T14431] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1781.844545][T14431] R13: 00007f03d21e6038 R14: 00007f03d21e5fa0 R15: 00007fff049e2338 [ 1781.844582][T14431] [ 1782.011980][ C1] vkms_vblank_simulate: vblank timer overrun [ 1782.380497][T25720] Bluetooth: hci3: unexpected event 0x01 length: 5 > 1 [ 1782.386241][T14464] tipc: Started in network mode [ 1782.398476][T14464] tipc: Node identity ee00, cluster identity 4711 [ 1782.405061][T14464] tipc: Node number set to 60928 [ 1782.489786][T14443] delete_channel: no stack [ 1783.677337][T14509] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1783.707354][T14509] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1783.746542][T14509] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1783.754093][T14509] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1784.088996][T14533] netlink: 268 bytes leftover after parsing attributes in process `syz.4.6577'. [ 1784.262795][T14538] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input33 [ 1785.380258][T25720] Bluetooth: hci2: command 0x0c1a tx timeout [ 1785.716249][T25720] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 1785.757633][ T4242] Bluetooth: hci0: command 0x0c1a tx timeout [ 1785.763707][ T4242] Bluetooth: hci4: command 0x0c1a tx timeout [ 1785.770231][ T4242] Bluetooth: hci3: command 0x0c1a tx timeout [ 1785.986552][T14643] netlink: 93 bytes leftover after parsing attributes in process `syz.0.6585'. [ 1786.094312][T14641] snd_virmidi snd_virmidi.0: control 16781581:4:5:'x?F/zF˷fC:7 is already present [ 1786.159006][T14651] kfence: disabled [ 1787.055881][T14690] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6588'. [ 1787.090933][T14690] netlink: 354 bytes leftover after parsing attributes in process `syz.4.6588'. [ 1787.836046][ T4242] Bluetooth: hci0: command 0x0c1a tx timeout [ 1789.099263][ T4242] Bluetooth: hci2: unexpected event 0x01 length: 5 > 1 [ 1789.415588][T14778] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1789.442251][T14767] delete_channel: no stack [ 1789.447273][T14778] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1789.468604][T14778] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1789.513419][T14778] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1789.521265][T14778] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1790.689037][T14841] netlink: 146 bytes leftover after parsing attributes in process `syz.4.6604'. [ 1791.445740][ T4242] Bluetooth: hci2: command 0x0c1a tx timeout [ 1791.516210][ T4242] Bluetooth: hci4: command 0x0c1a tx timeout [ 1791.516334][T25718] Bluetooth: hci3: command 0x0c1a tx timeout [ 1791.595862][T25718] Bluetooth: hci0: command 0x0c1a tx timeout [ 1791.730915][T14866] bond0: option packets_per_slave: invalid value ( Xnp) [ 1791.746007][T14866] bond0: option packets_per_slave: allowed values 0 - 65535 [ 1791.761162][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1791.771027][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1792.132642][T14870] FAULT_INJECTION: forcing a failure. [ 1792.132642][T14870] name failslab, interval 1, probability 0, space 0, times 0 [ 1792.176993][T14870] CPU: 0 UID: 0 PID: 14870 Comm: syz.5.6612 Not tainted syzkaller #0 PREEMPT(full) [ 1792.177023][T14870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1792.177033][T14870] Call Trace: [ 1792.177038][T14870] [ 1792.177046][T14870] dump_stack_lvl+0x16c/0x1f0 [ 1792.177068][T14870] should_fail_ex+0x512/0x640 [ 1792.177087][T14870] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 1792.177105][T14870] should_failslab+0xc2/0x120 [ 1792.177123][T14870] kmem_cache_alloc_noprof+0x75/0x6e0 [ 1792.177138][T14870] ? alloc_empty_file+0x55/0x1e0 [ 1792.177161][T14870] ? alloc_empty_file+0x55/0x1e0 [ 1792.177178][T14870] alloc_empty_file+0x55/0x1e0 [ 1792.177197][T14870] path_openat+0xda/0x2cb0 [ 1792.177219][T14870] ? __pfx_path_openat+0x10/0x10 [ 1792.177239][T14870] do_filp_open+0x20b/0x470 [ 1792.177254][T14870] ? __pfx_do_filp_open+0x10/0x10 [ 1792.177282][T14870] ? alloc_fd+0x471/0x7d0 [ 1792.177302][T14870] do_sys_openat2+0x11b/0x1d0 [ 1792.177321][T14870] ? __pfx_do_sys_openat2+0x10/0x10 [ 1792.177348][T14870] __x64_sys_openat+0x174/0x210 [ 1792.177368][T14870] ? __pfx___x64_sys_openat+0x10/0x10 [ 1792.177396][T14870] do_syscall_64+0xcd/0xfa0 [ 1792.177413][T14870] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1792.177428][T14870] RIP: 0033:0x7f251df8eec9 [ 1792.177440][T14870] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1792.177455][T14870] RSP: 002b:00007f251ed80038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1792.177468][T14870] RAX: ffffffffffffffda RBX: 00007f251e1e5fa0 RCX: 00007f251df8eec9 [ 1792.177478][T14870] RDX: 00000000000c0000 RSI: 0000200000000200 RDI: ffffffffffffff9c [ 1792.177487][T14870] RBP: 00007f251e011f91 R08: 0000000000000000 R09: 0000000000000000 [ 1792.177496][T14870] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1792.177505][T14870] R13: 00007f251e1e6038 R14: 00007f251e1e5fa0 R15: 00007fff613c8968 [ 1792.177525][T14870] [ 1792.379239][ C0] vkms_vblank_simulate: vblank timer overrun [ 1793.134630][ T30] audit: type=1326 audit(4294967439.510:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14932 comm="syz.4.6617" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f900738eec9 code=0x0 [ 1793.156305][ C0] vkms_vblank_simulate: vblank timer overrun [ 1793.676987][T25718] Bluetooth: hci0: command 0x0c1a tx timeout [ 1793.910007][T14959] netlink: 252 bytes leftover after parsing attributes in process `syz.2.6621'. [ 1793.991269][T14955] netlink: 252 bytes leftover after parsing attributes in process `syz.2.6621'. [ 1794.248080][T25718] Bluetooth: hci0: unexpected event 0x01 length: 5 > 1 [ 1794.905958][T14970] delete_channel: no stack [ 1795.649397][T15050] netlink: 268 bytes leftover after parsing attributes in process `syz.4.6630'. [ 1795.830229][T15054] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6631'. [ 1797.069492][T15100] snd_virmidi snd_virmidi.0: control 16781581:4:5:'x?F/zF˷fC:7 is already present [ 1800.536626][T15194] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1800.544622][T15194] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1800.553328][T15194] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1800.588000][ T4242] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1800.602733][ T4242] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1800.611819][ T4242] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1800.628673][ T4242] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1800.644400][ T4242] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1801.288214][ T3613] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1801.650632][ T3613] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1801.840437][ T3613] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1801.868358][T15197] chnl_net:caif_netlink_parms(): no params data found [ 1801.969203][ T3613] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1802.298698][T15197] bridge0: port 1(bridge_slave_0) entered blocking state [ 1802.309459][T15197] bridge0: port 1(bridge_slave_0) entered disabled state [ 1802.318910][T15197] bridge_slave_0: entered allmulticast mode [ 1802.327953][T15197] bridge_slave_0: entered promiscuous mode [ 1802.342564][T15197] bridge0: port 2(bridge_slave_1) entered blocking state [ 1802.354318][T15197] bridge0: port 2(bridge_slave_1) entered disabled state [ 1802.358400][T15329] delete_channel: no stack [ 1802.363013][T15197] bridge_slave_1: entered allmulticast mode [ 1802.374317][T15197] bridge_slave_1: entered promiscuous mode [ 1802.555852][T25718] Bluetooth: hci4: command 0x0c1a tx timeout [ 1802.565729][T25718] Bluetooth: hci3: command 0x0c1a tx timeout [ 1802.616020][T15197] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1802.636185][T25718] Bluetooth: hci0: command 0x0c1a tx timeout [ 1802.662905][T15197] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1802.715841][T25718] Bluetooth: hci1: command tx timeout [ 1802.741240][ T3613] bridge_slave_1: left allmulticast mode [ 1802.761278][ T3613] bridge_slave_1: left promiscuous mode [ 1802.768559][ T3613] bridge0: port 2(bridge_slave_1) entered disabled state [ 1802.794979][ T3613] bridge_slave_0: left allmulticast mode [ 1802.817706][ T3613] bridge_slave_0: left promiscuous mode [ 1802.844089][ T3613] bridge0: port 1(bridge_slave_0) entered disabled state [ 1804.259261][ T3613] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1804.271092][ T3613] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1804.282043][ T3613] bond0 (unregistering): Released all slaves [ 1804.408255][ T3613] HfR: left promiscuous mode [ 1804.430192][T15197] team0: Port device team_slave_0 added [ 1804.566856][ T3613] tipc: Left network mode [ 1804.578125][T15197] team0: Port device team_slave_1 added [ 1804.796655][T25718] Bluetooth: hci1: command tx timeout [ 1804.825443][T15197] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1804.839912][T15197] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1804.867656][T15197] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1804.911271][T15197] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1804.945749][T15197] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1804.975851][T15197] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1805.090050][ T3613] hsr_slave_0: left promiscuous mode [ 1805.150611][ T3613] hsr_slave_1: left promiscuous mode [ 1805.171687][ T3613] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1805.201792][ T3613] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1805.226561][ T3613] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1805.248263][ T3613] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1805.300929][ T3613] veth1_macvtap: left promiscuous mode [ 1805.306845][ T3613] veth0_macvtap: left promiscuous mode [ 1805.314915][ T3613] veth1_vlan: left promiscuous mode [ 1805.320577][ T3613] veth0_vlan: left promiscuous mode [ 1805.408065][T15607] snd_virmidi snd_virmidi.0: control 16781581:4:5:'x?F/zF˷fC:7 is already present [ 1805.732997][T15613] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6665'. [ 1806.305074][ T3613] team0 (unregistering): Port device team_slave_1 removed [ 1806.356592][ T3613] team0 (unregistering): Port device team_slave_0 removed [ 1806.876411][T25718] Bluetooth: hci1: command tx timeout [ 1807.825017][T15197] hsr_slave_0: entered promiscuous mode [ 1807.832363][T15197] hsr_slave_1: entered promiscuous mode [ 1807.839254][T15197] debugfs: 'hsr0' already exists in 'hsr' [ 1807.845003][T15197] Cannot create hsr debugfs directory [ 1807.853530][T15632] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1807.874499][T15632] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1807.888626][T15632] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1807.895197][T15632] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1807.928096][T15632] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1807.971179][T15632] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1808.413293][T15735] FAULT_INJECTION: forcing a failure. [ 1808.413293][T15735] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1808.482750][T15713] ima: policy update failed [ 1808.537114][T15735] CPU: 0 UID: 0 PID: 15735 Comm: syz.4.6672 Not tainted syzkaller #0 PREEMPT(full) [ 1808.537150][T15735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1808.537165][T15735] Call Trace: [ 1808.537174][T15735] [ 1808.537190][ T30] audit: type=1802 audit(4294967454.880:42): pid=15713 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.6671" res=0 errno=0 [ 1808.537183][T15735] dump_stack_lvl+0x16c/0x1f0 [ 1808.537220][T15735] should_fail_ex+0x512/0x640 [ 1808.537250][T15735] core_sys_select+0x4c5/0xc20 [ 1808.537281][T15735] ? __pfx_core_sys_select+0x10/0x10 [ 1808.537342][T15735] ? read_tsc+0x9/0x20 [ 1808.537370][T15735] ? ktime_get_ts64+0x256/0x400 [ 1808.537408][T15735] kern_select+0x15d/0x1e0 [ 1808.537431][T15735] ? __pfx_kern_select+0x10/0x10 [ 1808.537460][T15735] ? xfd_validate_state+0x61/0x180 [ 1808.537492][T15735] ? __pfx_ksys_write+0x10/0x10 [ 1808.537524][T15735] __x64_sys_select+0xbd/0x160 [ 1808.537555][T15735] ? do_syscall_64+0x91/0xfa0 [ 1808.537583][T15735] ? lockdep_hardirqs_on+0x7c/0x110 [ 1808.537612][T15735] do_syscall_64+0xcd/0xfa0 [ 1808.537643][T15735] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1808.537669][T15735] RIP: 0033:0x7f900738eec9 [ 1808.537690][T15735] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1808.537715][T15735] RSP: 002b:00007f9008247038 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 1808.537740][T15735] RAX: ffffffffffffffda RBX: 00007f90075e5fa0 RCX: 00007f900738eec9 [ 1808.537758][T15735] RDX: 00002000000005c0 RSI: 0000000000000000 RDI: 0000000000000005 [ 1808.537775][T15735] RBP: 00007f9007411f91 R08: 00002000000001c0 R09: 0000000000000000 [ 1808.537793][T15735] R10: 00002000000006c0 R11: 0000000000000246 R12: 0000000000000000 [ 1808.537809][T15735] R13: 00007f90075e6038 R14: 00007f90075e5fa0 R15: 00007ffdbe6cbe88 [ 1808.537848][T15735] [ 1809.917902][T25718] Bluetooth: hci1: command 0x0c1a tx timeout [ 1809.923973][ T4242] Bluetooth: hci0: command 0x0c1a tx timeout [ 1809.930042][ T4242] Bluetooth: hci4: command 0x0c1a tx timeout [ 1809.936097][T25718] Bluetooth: hci3: command 0x0c1a tx timeout [ 1810.934173][T15197] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1811.170753][T15197] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1811.226121][T15864] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1811.237880][T15864] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1811.274536][T15864] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1811.343959][T15197] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1811.355298][T15864] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1811.377056][T15197] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1811.699663][T25720] Bluetooth: hci4: unexpected event 0x3e length: 508 > 260 [ 1811.699699][T25720] Bluetooth: hci4: unexpected subevent 0x02 length: 507 > 260 [ 1811.715167][T25720] Bluetooth: hci4: Dropping invalid advertising data [ 1811.724139][T25720] Bluetooth: hci4: unknown advertising packet type: 0xe9 [ 1811.724178][T25720] Bluetooth: hci4: Dropping invalid advertising data [ 1811.740164][T25720] Bluetooth: hci4: unknown advertising packet type: 0x80 [ 1811.814865][T15197] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1811.925158][T15197] 8021q: adding VLAN 0 to HW filter on device team0 [ 1811.938156][T15911] FAULT_INJECTION: forcing a failure. [ 1811.938156][T15911] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1811.989058][ T8900] bridge0: port 1(bridge_slave_0) entered blocking state [ 1811.996281][ T8900] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1812.057506][T15911] CPU: 1 UID: 0 PID: 15911 Comm: syz.4.6680 Not tainted syzkaller #0 PREEMPT(full) [ 1812.057539][T15911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1812.057548][T15911] Call Trace: [ 1812.057554][T15911] [ 1812.057560][T15911] dump_stack_lvl+0x16c/0x1f0 [ 1812.057580][T15911] should_fail_ex+0x512/0x640 [ 1812.057601][T15911] _copy_from_user+0x2e/0xd0 [ 1812.057620][T15911] copy_msghdr_from_user+0x98/0x160 [ 1812.057642][T15911] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1812.057661][T15911] ? kfree+0x252/0x6d0 [ 1812.057686][T15911] ___sys_sendmsg+0xfe/0x1d0 [ 1812.057703][T15911] ? __pfx____sys_sendmsg+0x10/0x10 [ 1812.057736][T15911] ? __pfx___might_resched+0x10/0x10 [ 1812.057755][T15911] __sys_sendmmsg+0x200/0x420 [ 1812.057773][T15911] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1812.057794][T15911] ? __pfx_do_futex+0x10/0x10 [ 1812.057823][T15911] ? xfd_validate_state+0x61/0x180 [ 1812.057847][T15911] __x64_sys_sendmmsg+0x9c/0x100 [ 1812.057862][T15911] ? lockdep_hardirqs_on+0x7c/0x110 [ 1812.057878][T15911] do_syscall_64+0xcd/0xfa0 [ 1812.057894][T15911] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1812.057909][T15911] RIP: 0033:0x7f900738eec9 [ 1812.057921][T15911] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1812.057934][T15911] RSP: 002b:00007f9008226038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1812.057948][T15911] RAX: ffffffffffffffda RBX: 00007f90075e6090 RCX: 00007f900738eec9 [ 1812.057958][T15911] RDX: 00000000000009a6 RSI: 0000000000000000 RDI: 0000000000000004 [ 1812.057966][T15911] RBP: 00007f9007411f91 R08: 0000000000000000 R09: 0000000000000000 [ 1812.057975][T15911] R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000000 [ 1812.057983][T15911] R13: 00007f90075e6128 R14: 00007f90075e6090 R15: 00007ffdbe6cbe88 [ 1812.058002][T15911] [ 1812.250054][ C1] vkms_vblank_simulate: vblank timer overrun [ 1812.490212][T14703] bridge0: port 2(bridge_slave_1) entered blocking state [ 1812.497367][T14703] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1812.550804][T15197] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1812.604199][T15197] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1813.182560][T15197] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1813.281035][T25720] Bluetooth: hci4: command 0x0c1a tx timeout [ 1813.287152][ T4242] Bluetooth: hci3: command 0x0c1a tx timeout [ 1813.365828][T25720] Bluetooth: hci1: command 0x0c1a tx timeout [ 1813.371852][ T4242] Bluetooth: hci0: command 0x0c1a tx timeout [ 1813.888227][T25720] Bluetooth: hci4: unexpected event 0x01 length: 5 > 1 [ 1814.375248][T15197] veth0_vlan: entered promiscuous mode [ 1814.413857][T15971] delete_channel: no stack [ 1814.454057][T15197] veth1_vlan: entered promiscuous mode [ 1814.604183][T15197] veth0_macvtap: entered promiscuous mode [ 1814.681670][T15197] veth1_macvtap: entered promiscuous mode [ 1814.798171][T15197] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1814.845335][T15197] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1814.870626][ T8900] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1814.890970][ T8900] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1815.056820][ T8900] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1815.103201][ T8900] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1815.435902][T25720] Bluetooth: hci1: command 0x0c1a tx timeout [ 1815.560411][T25654] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1815.584162][T25654] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1815.978569][T16025] snd_virmidi snd_virmidi.0: control 16781581:4:5:'x?F/zF˷fC:7 is already present [ 1816.011873][T25654] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1816.030368][T25654] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1817.165890][T16066] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 1818.124297][T25720] Bluetooth: hci3: unexpected event 0x01 length: 5 > 1 [ 1818.550862][T25720] Bluetooth: hci1: unexpected event 0x01 length: 5 > 1 [ 1818.576235][T16106] delete_channel: no stack [ 1818.617403][T16095] delete_channel: no stack [ 1819.891406][T16137] FAULT_INJECTION: forcing a failure. [ 1819.891406][T16137] name failslab, interval 1, probability 0, space 0, times 0 [ 1819.904276][T16137] CPU: 1 UID: 0 PID: 16137 Comm: syz.4.6703 Not tainted syzkaller #0 PREEMPT(full) [ 1819.904310][T16137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1819.904323][T16137] Call Trace: [ 1819.904332][T16137] [ 1819.904341][T16137] dump_stack_lvl+0x16c/0x1f0 [ 1819.904371][T16137] should_fail_ex+0x512/0x640 [ 1819.904389][T16137] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 1819.904405][T16137] should_failslab+0xc2/0x120 [ 1819.904424][T16137] kmem_cache_alloc_noprof+0x75/0x6e0 [ 1819.904441][T16137] ? alloc_empty_file+0x55/0x1e0 [ 1819.904463][T16137] ? alloc_empty_file+0x55/0x1e0 [ 1819.904480][T16137] alloc_empty_file+0x55/0x1e0 [ 1819.904499][T16137] path_openat+0xda/0x2cb0 [ 1819.904520][T16137] ? __pfx_path_openat+0x10/0x10 [ 1819.904539][T16137] do_filp_open+0x20b/0x470 [ 1819.904554][T16137] ? __pfx_do_filp_open+0x10/0x10 [ 1819.904582][T16137] ? alloc_fd+0x471/0x7d0 [ 1819.904605][T16137] do_sys_openat2+0x11b/0x1d0 [ 1819.904626][T16137] ? __pfx_do_sys_openat2+0x10/0x10 [ 1819.904647][T16137] ? __fget_files+0x20e/0x3c0 [ 1819.904663][T16137] __x64_sys_openat+0x174/0x210 [ 1819.904683][T16137] ? __pfx___x64_sys_openat+0x10/0x10 [ 1819.904704][T16137] ? syscall_user_dispatch+0x78/0x140 [ 1819.904731][T16137] do_syscall_64+0xcd/0xfa0 [ 1819.904748][T16137] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1819.904763][T16137] RIP: 0033:0x7f900738eec9 [ 1819.904775][T16137] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1819.904789][T16137] RSP: 002b:00007f9008226038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1819.904803][T16137] RAX: ffffffffffffffda RBX: 00007f90075e6090 RCX: 00007f900738eec9 [ 1819.904813][T16137] RDX: 0000000000000400 RSI: 0000200000000200 RDI: ffffffffffffff9c [ 1819.904821][T16137] RBP: 00007f9008226090 R08: 0000000000000000 R09: 0000000000000000 [ 1819.904830][T16137] R10: 000000000000003f R11: 0000000000000246 R12: 0000000000000001 [ 1819.904839][T16137] R13: 00007f90075e6128 R14: 00007f90075e6090 R15: 00007ffdbe6cbe88 [ 1819.904863][T16137] [ 1820.109164][ C1] vkms_vblank_simulate: vblank timer overrun [ 1820.630698][T14703] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1820.777667][T14703] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1820.851835][T14703] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1820.984137][T14703] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1821.154978][T16160] netlink: 268 bytes leftover after parsing attributes in process `syz.4.6708'. [ 1821.461847][T14703] bridge_slave_1: left allmulticast mode [ 1821.501577][T14703] bridge_slave_1: left promiscuous mode [ 1821.518400][T14703] bridge0: port 2(bridge_slave_1) entered disabled state [ 1821.551053][T14703] bridge_slave_0: left allmulticast mode [ 1821.575825][T14703] bridge_slave_0: left promiscuous mode [ 1821.595499][T14703] bridge0: port 1(bridge_slave_0) entered disabled state [ 1821.760336][ T4242] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1821.774151][ T4242] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1821.792791][ T4242] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1821.808141][ T4242] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1821.831821][ T4242] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1822.261474][T16202] netlink: zone id is out of range [ 1822.353846][T16202] netlink: zone id is out of range [ 1822.359694][T16202] netlink: zone id is out of range [ 1822.402934][T16202] netlink: zone id is out of range [ 1822.462708][T16202] netlink: zone id is out of range [ 1822.498030][T16202] netlink: zone id is out of range [ 1822.503210][T16202] netlink: zone id is out of range [ 1822.508935][T16202] netlink: zone id is out of range [ 1822.514464][T16202] netlink: zone id is out of range [ 1822.521241][T16202] netlink: zone id is out of range [ 1823.238970][T14703] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1823.252414][T14703] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1823.280875][T14703] bond0 (unregistering): Released all slaves [ 1823.364911][T16224] FAULT_INJECTION: forcing a failure. [ 1823.364911][T16224] name failslab, interval 1, probability 0, space 0, times 0 [ 1823.385230][T16224] CPU: 0 UID: 0 PID: 16224 Comm: syz.0.6716 Not tainted syzkaller #0 PREEMPT(full) [ 1823.385263][T16224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1823.385273][T16224] Call Trace: [ 1823.385279][T16224] [ 1823.385285][T16224] dump_stack_lvl+0x16c/0x1f0 [ 1823.385308][T16224] should_fail_ex+0x512/0x640 [ 1823.385326][T16224] ? __kmalloc_noprof+0xca/0x880 [ 1823.385351][T16224] should_failslab+0xc2/0x120 [ 1823.385369][T16224] __kmalloc_noprof+0xdd/0x880 [ 1823.385390][T16224] ? __pfx_inc_ucount+0x10/0x10 [ 1823.385408][T16224] ? net_alloc_generic+0x1e/0x70 [ 1823.385429][T16224] ? net_alloc_generic+0x1e/0x70 [ 1823.385444][T16224] net_alloc_generic+0x1e/0x70 [ 1823.385461][T16224] copy_net_ns+0xc7/0x690 [ 1823.385478][T16224] ? copy_cgroup_ns+0x71/0x6b0 [ 1823.385504][T16224] create_new_namespaces+0x3ea/0xa90 [ 1823.385527][T16224] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 1823.385545][T16224] ksys_unshare+0x45b/0xa40 [ 1823.385565][T16224] ? __pfx_ksys_unshare+0x10/0x10 [ 1823.385585][T16224] ? xfd_validate_state+0x61/0x180 [ 1823.385628][T16224] __x64_sys_unshare+0x31/0x40 [ 1823.385660][T16224] do_syscall_64+0xcd/0xfa0 [ 1823.385690][T16224] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1823.385716][T16224] RIP: 0033:0x7f03d1f8eec9 [ 1823.385736][T16224] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1823.385761][T16224] RSP: 002b:00007f03d2e03038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1823.385787][T16224] RAX: ffffffffffffffda RBX: 00007f03d21e5fa0 RCX: 00007f03d1f8eec9 [ 1823.385805][T16224] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1823.385821][T16224] RBP: 00007f03d2011f91 R08: 0000000000000000 R09: 0000000000000000 [ 1823.385838][T16224] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1823.385854][T16224] R13: 00007f03d21e6038 R14: 00007f03d21e5fa0 R15: 00007fff049e2338 [ 1823.385891][T16224] [ 1823.904454][T16291] snd_virmidi snd_virmidi.0: control 16781581:4:5:'x?F/zF˷fC:7 is already present [ 1823.946074][ T4242] Bluetooth: hci1: command tx timeout [ 1824.329207][T16376] FAULT_INJECTION: forcing a failure. [ 1824.329207][T16376] name failslab, interval 1, probability 0, space 0, times 0 [ 1824.344601][T16376] CPU: 1 UID: 0 PID: 16376 Comm: syz.0.6718 Not tainted syzkaller #0 PREEMPT(full) [ 1824.344632][T16376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1824.344646][T16376] Call Trace: [ 1824.344655][T16376] [ 1824.344664][T16376] dump_stack_lvl+0x16c/0x1f0 [ 1824.344697][T16376] should_fail_ex+0x512/0x640 [ 1824.344726][T16376] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 1824.344743][T16376] should_failslab+0xc2/0x120 [ 1824.344761][T16376] kmem_cache_alloc_noprof+0x75/0x6e0 [ 1824.344775][T16376] ? security_file_alloc+0x34/0x2b0 [ 1824.344792][T16376] ? security_file_alloc+0x34/0x2b0 [ 1824.344804][T16376] security_file_alloc+0x34/0x2b0 [ 1824.344818][T16376] init_file+0x93/0x4c0 [ 1824.344838][T16376] alloc_empty_file+0x73/0x1e0 [ 1824.344857][T16376] path_openat+0xda/0x2cb0 [ 1824.344878][T16376] ? __pfx_path_openat+0x10/0x10 [ 1824.344897][T16376] do_filp_open+0x20b/0x470 [ 1824.344912][T16376] ? __pfx_do_filp_open+0x10/0x10 [ 1824.344940][T16376] ? alloc_fd+0x471/0x7d0 [ 1824.344958][T16376] do_sys_openat2+0x11b/0x1d0 [ 1824.344978][T16376] ? __pfx_do_sys_openat2+0x10/0x10 [ 1824.345000][T16376] ? __fget_files+0x20e/0x3c0 [ 1824.345016][T16376] __x64_sys_openat+0x174/0x210 [ 1824.345036][T16376] ? __pfx___x64_sys_openat+0x10/0x10 [ 1824.345056][T16376] ? syscall_user_dispatch+0x78/0x140 [ 1824.345084][T16376] do_syscall_64+0xcd/0xfa0 [ 1824.345100][T16376] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1824.345115][T16376] RIP: 0033:0x7f03d1f8eec9 [ 1824.345127][T16376] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1824.345174][T16376] RSP: 002b:00007f03d2de2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1824.345189][T16376] RAX: ffffffffffffffda RBX: 00007f03d21e6090 RCX: 00007f03d1f8eec9 [ 1824.345198][T16376] RDX: 0000000000000400 RSI: 0000200000000200 RDI: ffffffffffffff9c [ 1824.345207][T16376] RBP: 00007f03d2de2090 R08: 0000000000000000 R09: 0000000000000000 [ 1824.345216][T16376] R10: 000000000000003f R11: 0000000000000246 R12: 0000000000000001 [ 1824.345225][T16376] R13: 00007f03d21e6128 R14: 00007f03d21e6090 R15: 00007fff049e2338 [ 1824.345245][T16376] [ 1824.718718][T16181] chnl_net:caif_netlink_parms(): no params data found [ 1825.145388][T14703] hsr_slave_0: left promiscuous mode [ 1825.162315][T14703] hsr_slave_1: left promiscuous mode [ 1825.170700][T14703] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1825.191611][T14703] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1825.386577][T14703] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1825.394085][T14703] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1825.444966][T14703] veth1_macvtap: left promiscuous mode [ 1825.450655][T14703] veth0_macvtap: left promiscuous mode [ 1825.456410][T14703] veth1_vlan: left promiscuous mode [ 1825.461811][T14703] veth0_vlan: left promiscuous mode [ 1825.549413][ T30] audit: type=1326 audit(4294967304.700:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16413 comm="syz.4.6721" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f900738eec9 code=0x0 [ 1825.953649][T14703] team0 (unregistering): Port device team_slave_1 removed [ 1825.969616][T16403] ima: policy update failed [ 1825.980792][ T30] audit: type=1802 audit(4294967305.130:44): pid=16403 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.6720" res=0 errno=0 [ 1825.997857][ T4242] Bluetooth: hci1: command tx timeout [ 1826.024052][T14703] team0 (unregistering): Port device team_slave_0 removed [ 1826.497163][T16435] FAULT_INJECTION: forcing a failure. [ 1826.497163][T16435] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1826.515193][T16435] CPU: 0 UID: 0 PID: 16435 Comm: syz.4.6722 Not tainted syzkaller #0 PREEMPT(full) [ 1826.515228][T16435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1826.515242][T16435] Call Trace: [ 1826.515251][T16435] [ 1826.515260][T16435] dump_stack_lvl+0x16c/0x1f0 [ 1826.515292][T16435] should_fail_ex+0x512/0x640 [ 1826.515327][T16435] should_fail_alloc_page+0xe7/0x130 [ 1826.515362][T16435] prepare_alloc_pages+0x3c2/0x610 [ 1826.515400][T16435] __alloc_frozen_pages_noprof+0x18b/0x2470 [ 1826.515428][T16435] ? stack_trace_save+0x8e/0xc0 [ 1826.515457][T16435] ? __pfx_stack_trace_save+0x10/0x10 [ 1826.515487][T16435] ? stack_depot_save_flags+0x29/0x9c0 [ 1826.515514][T16435] ? trace_mm_page_alloc+0x11f/0x1a0 [ 1826.515551][T16435] ? kasan_save_stack+0x42/0x60 [ 1826.515579][T16435] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1826.515606][T16435] ? kmem_cache_alloc_noprof+0x250/0x6e0 [ 1826.515629][T16435] ? __handle_mm_fault+0xada/0x2aa0 [ 1826.515660][T16435] ? do_user_addr_fault+0x7a6/0x1370 [ 1826.515681][T16435] ? exc_page_fault+0x64/0xc0 [ 1826.515702][T16435] ? asm_exc_page_fault+0x26/0x30 [ 1826.515724][T16435] ? strnlen_user+0x63/0x1b0 [ 1826.515748][T16435] ? strndup_user+0x27/0xe0 [ 1826.515772][T16435] ? set_anon_vma_name+0xc9/0x4b0 [ 1826.515804][T16435] ? __do_sys_prctl+0xab0/0x2250 [ 1826.515856][T16435] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1826.515897][T16435] ? policy_nodemask+0xea/0x4e0 [ 1826.515932][T16435] alloc_pages_mpol+0x1fb/0x550 [ 1826.515966][T16435] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1826.516008][T16435] alloc_pages_noprof+0x131/0x390 [ 1826.516048][T16435] pte_alloc_one+0x1e/0x350 [ 1826.516076][T16435] do_pte_missing+0x1acf/0x3ba0 [ 1826.516113][T16435] ? __thp_vma_allowable_orders+0x1c8/0xcd0 [ 1826.516150][T16435] ? __pmd_alloc+0x64f/0x8b0 [ 1826.516185][T16435] __handle_mm_fault+0x1556/0x2aa0 [ 1826.516226][T16435] ? mt_find+0x3e2/0xa20 [ 1826.516257][T16435] ? __pfx___handle_mm_fault+0x10/0x10 [ 1826.516289][T16435] ? __pfx_mt_find+0x10/0x10 [ 1826.516338][T16435] ? find_vma+0xbf/0x140 [ 1826.516365][T16435] ? __pfx_find_vma+0x10/0x10 [ 1826.516397][T16435] handle_mm_fault+0x589/0xd10 [ 1826.516434][T16435] ? __pkru_allows_pkey+0x11/0xb0 [ 1826.516473][T16435] do_user_addr_fault+0x7a6/0x1370 [ 1826.516500][T16435] ? rcu_is_watching+0x12/0xc0 [ 1826.516531][T16435] exc_page_fault+0x64/0xc0 [ 1826.516558][T16435] asm_exc_page_fault+0x26/0x30 [ 1826.516581][T16435] RIP: 0010:strnlen_user+0x63/0x1b0 [ 1826.516606][T16435] Code: fc 48 b8 00 f0 ff ff ff 7f 00 00 49 39 c4 4c 0f 47 e0 0f 01 cb 4c 89 e0 49 83 e4 f8 83 e0 07 4c 8d 3c 18 48 89 44 24 08 31 db <49> 8b 04 24 31 ff 89 de 48 89 c5 e8 3d 18 e0 fc 85 db 0f 85 d5 00 [ 1826.516630][T16435] RSP: 0018:ffffc9000be87ce0 EFLAGS: 00050246 [ 1826.516651][T16435] RAX: 0000000000000002 RBX: 0000000000000000 RCX: ffffffff84dbb71c [ 1826.516666][T16435] RDX: ffff88802acd8000 RSI: ffffffff84dbb72a RDI: 0000000000000007 [ 1826.516683][T16435] RBP: 0000000000000050 R08: 0000000000000007 R09: 0000000000000000 [ 1826.516698][T16435] R10: 0000000000000050 R11: 0000000000000000 R12: 0000000000000000 [ 1826.516713][T16435] R13: 0000000000000002 R14: 0000000053564d41 R15: 0000000000000052 [ 1826.516737][T16435] ? strnlen_user+0x2c/0x1b0 [ 1826.516761][T16435] ? strnlen_user+0x3a/0x1b0 [ 1826.516798][T16435] strndup_user+0x27/0xe0 [ 1826.516825][T16435] set_anon_vma_name+0xc9/0x4b0 [ 1826.516862][T16435] ? __pfx_set_anon_vma_name+0x10/0x10 [ 1826.516897][T16435] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1826.516937][T16435] ? cap_task_prctl+0x2af/0xa80 [ 1826.516969][T16435] ? static_key_count+0x5a/0x70 [ 1826.516997][T16435] ? security_task_prctl+0x11c/0x160 [ 1826.517036][T16435] __do_sys_prctl+0xab0/0x2250 [ 1826.517074][T16435] ? __pfx___do_sys_prctl+0x10/0x10 [ 1826.517119][T16435] do_syscall_64+0xcd/0xfa0 [ 1826.517148][T16435] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1826.517172][T16435] RIP: 0033:0x7f900738eec9 [ 1826.517191][T16435] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1826.517214][T16435] RSP: 002b:00007f9008247038 EFLAGS: 00000246 ORIG_RAX: 000000000000009d [ 1826.517236][T16435] RAX: ffffffffffffffda RBX: 00007f90075e5fa0 RCX: 00007f900738eec9 [ 1826.517254][T16435] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000053564d41 [ 1826.517268][T16435] RBP: 00007f9008247090 R08: 0000000000000002 R09: 0000000000000000 [ 1826.517283][T16435] R10: 0400000000000002 R11: 0000000000000246 R12: 0000000000000001 [ 1826.517298][T16435] R13: 00007f90075e6038 R14: 00007f90075e5fa0 R15: 00007ffdbe6cbe88 [ 1826.517336][T16435] [ 1827.507509][T16181] bridge0: port 1(bridge_slave_0) entered blocking state [ 1827.514771][T16181] bridge0: port 1(bridge_slave_0) entered disabled state [ 1827.535164][T16181] bridge_slave_0: entered allmulticast mode [ 1827.543567][T16181] bridge_slave_0: entered promiscuous mode [ 1827.561075][T16181] bridge0: port 2(bridge_slave_1) entered blocking state [ 1827.569150][T16181] bridge0: port 2(bridge_slave_1) entered disabled state [ 1827.576641][T16181] bridge_slave_1: entered allmulticast mode [ 1827.584780][T16181] bridge_slave_1: entered promiscuous mode [ 1827.926890][T16181] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1827.965089][T16181] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1828.078199][ T4242] Bluetooth: hci1: command tx timeout [ 1828.136328][T16181] team0: Port device team_slave_0 added [ 1828.190055][T16181] team0: Port device team_slave_1 added [ 1828.706249][T16181] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1828.732977][T16181] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1828.854638][T16181] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1828.969925][T16181] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1828.995173][T16181] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1829.180189][T16181] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1829.356117][T16610] snd_virmidi snd_virmidi.0: control 16781581:4:5:'x?F/zF˷fC:7 is already present [ 1829.429471][T16181] hsr_slave_0: entered promiscuous mode [ 1829.436210][T16181] hsr_slave_1: entered promiscuous mode [ 1829.442195][T16181] debugfs: 'hsr0' already exists in 'hsr' [ 1829.448545][T16181] Cannot create hsr debugfs directory [ 1830.175547][ T4242] Bluetooth: hci1: command tx timeout [ 1832.804073][T16181] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1832.830892][T16181] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1832.849039][T16181] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1832.865135][T16181] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1833.092435][T16835] [U] [ 1833.095266][T16835] [U] [ 1833.097949][T16835] [U] [ 1833.100627][T16835] [U] [ 1833.156561][T16835] [U] [ 1833.159346][T16835] [U] [ 1833.162072][T16835] [U] [ 1833.164784][T16835] [U] [ 1833.222995][T16835] [U] [ 1833.225753][T16835] [U] [ 1833.228455][T16835] [U] [ 1833.231155][T16835] [U] [ 1833.244284][T16835] [U] [ 1833.247024][T16835] [U] [ 1833.249702][T16835] [U] [ 1833.252378][T16835] [U] [ 1833.289771][T16181] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1833.297236][T16835] [U] [ 1833.299983][T16835] [U] [ 1833.302698][T16835] [U] [ 1833.305417][T16835] [U] [ 1833.330563][T16835] [U] [ 1833.333327][T16835] [U] [ 1833.336066][T16835] [U] [ 1833.338794][T16835] [U] [ 1833.341788][T16835] [U] [ 1833.344508][T16835] [U] [ 1833.347227][T16835] [U] [ 1833.349941][T16835] [U] [ 1833.353034][T16835] [U] [ 1833.355766][T16835] [U] [ 1833.358480][T16835] [U] [ 1833.361202][T16835] [U] [ 1833.385227][T16835] [U] [ 1833.387964][T16835] [U] [ 1833.390662][T16835] [U] [ 1833.393349][T16835] [U] [ 1833.425151][T16181] 8021q: adding VLAN 0 to HW filter on device team0 [ 1833.426821][T16835] [U] [ 1833.434535][T16835] [U] [ 1833.437269][T16835] [U] [ 1833.439992][T16835] [U] [ 1833.448044][T16835] [U] [ 1833.450782][T16835] [U] [ 1833.453494][T16835] [U] [ 1833.456200][T16835] [U] [ 1833.472328][ T3510] bridge0: port 1(bridge_slave_0) entered blocking state [ 1833.479638][ T3510] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1833.505815][T16835] [U] [ 1833.508571][T16835] [U] [ 1833.511289][T16835] [U] [ 1833.513999][T16835] [U] [ 1833.521663][ T3510] bridge0: port 2(bridge_slave_1) entered blocking state [ 1833.528900][ T3510] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1833.606009][T16835] [U] [ 1833.608767][T16835] [U] [ 1833.611488][T16835] [U] [ 1833.614210][T16835] [U] [ 1833.636678][T16835] [U] [ 1833.639437][T16835] [U] [ 1833.642157][T16835] [U] [ 1833.644864][T16835] [U] [ 1833.675474][T16835] [U] [ 1833.678234][T16835] [U] [ 1833.680954][T16835] [U] [ 1833.683667][T16835] [U] [ 1833.715879][T16835] [U] [ 1833.718636][T16835] [U] [ 1833.721349][T16835] [U] [ 1833.724055][T16835] [U] [ 1833.759695][T16835] [U] [ 1833.762422][T16835] [U] [ 1833.765099][T16835] [U] [ 1833.767770][T16835] [U] [ 1833.878962][T16835] [U] [ 1834.360095][T16181] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1834.939369][T16915] snd_virmidi snd_virmidi.0: control 16781581:4:5:'x?F/zF˷fC:7 is already present [ 1835.162352][T16181] veth0_vlan: entered promiscuous mode [ 1835.320790][T16181] veth1_vlan: entered promiscuous mode [ 1835.425074][T16181] veth0_macvtap: entered promiscuous mode [ 1835.457027][T16181] veth1_macvtap: entered promiscuous mode [ 1835.494971][T16181] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1835.514165][T16181] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1835.554869][T14703] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1835.705065][T14703] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1835.792756][T14703] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1835.863887][T14703] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1835.959701][ T3510] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1836.018439][ T3510] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1836.121600][T25654] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1836.170123][T25654] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1836.612235][ T4242] Bluetooth: hci1: unexpected event 0x01 length: 5 > 1 [ 1836.907536][T16966] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6747'. [ 1836.959729][T16957] delete_channel: no stack [ 1836.966246][T16967] netlink: 268 bytes leftover after parsing attributes in process `syz.2.6746'. [ 1837.163585][T16972] netlink: 'syz.5.6748': attribute type 2 has an invalid length. [ 1837.220998][T16972] netlink: 16 bytes leftover after parsing attributes in process `syz.5.6748'. [ 1837.720978][T17002] netlink: 20 bytes leftover after parsing attributes in process `syz.5.6752'. [ 1837.784625][T17002] mac80211_hwsim hwsim70 wlan1: entered allmulticast mode [ 1838.488367][ T4242] Bluetooth: hci4: unexpected event 0x01 length: 5 > 1 [ 1839.095459][ T4242] Bluetooth: hci1: unexpected event 0x01 length: 5 > 1 [ 1839.108253][T17034] delete_channel: no stack [ 1840.497257][T17102] netlink: 12 bytes leftover after parsing attributes in process `syz.5.6764'. [ 1840.765765][T17111] FAULT_INJECTION: forcing a failure. [ 1840.765765][T17111] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1840.838289][T17111] CPU: 1 UID: 0 PID: 17111 Comm: syz.4.6768 Not tainted syzkaller #0 PREEMPT(full) [ 1840.838325][T17111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1840.838339][T17111] Call Trace: [ 1840.838349][T17111] [ 1840.838359][T17111] dump_stack_lvl+0x16c/0x1f0 [ 1840.838391][T17111] should_fail_ex+0x512/0x640 [ 1840.838426][T17111] get_futex_key+0x293/0x1560 [ 1840.838462][T17111] ? __pfx_get_futex_key+0x10/0x10 [ 1840.838492][T17111] ? __mutex_trylock_common+0xe9/0x250 [ 1840.838536][T17111] futex_wake+0xea/0x530 [ 1840.838576][T17111] ? __pfx_futex_wake+0x10/0x10 [ 1840.838627][T17111] do_futex+0x1e3/0x350 [ 1840.838659][T17111] ? __pfx_do_futex+0x10/0x10 [ 1840.838689][T17111] ? __might_fault+0xe3/0x190 [ 1840.838729][T17111] mm_release+0x24e/0x300 [ 1840.838763][T17111] do_exit+0x68e/0x2bf0 [ 1840.838806][T17111] ? __pfx_do_exit+0x10/0x10 [ 1840.838839][T17111] ? do_raw_spin_lock+0x12c/0x2b0 [ 1840.838874][T17111] ? find_held_lock+0x2b/0x80 [ 1840.838904][T17111] do_group_exit+0xd3/0x2a0 [ 1840.838944][T17111] get_signal+0x2671/0x26d0 [ 1840.838983][T17111] ? __pfx_get_signal+0x10/0x10 [ 1840.839011][T17111] ? do_futex+0x122/0x350 [ 1840.839043][T17111] ? __pfx_do_futex+0x10/0x10 [ 1840.839077][T17111] arch_do_signal_or_restart+0x8f/0x790 [ 1840.839110][T17111] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1840.839151][T17111] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1840.839193][T17111] exit_to_user_mode_loop+0x85/0x130 [ 1840.839231][T17111] do_syscall_64+0x426/0xfa0 [ 1840.839260][T17111] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1840.839286][T17111] RIP: 0033:0x7f900738eec9 [ 1840.839306][T17111] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1840.839329][T17111] RSP: 002b:00007f90082470e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1840.839351][T17111] RAX: fffffffffffffe00 RBX: 00007f90075e5fa8 RCX: 00007f900738eec9 [ 1840.839368][T17111] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f90075e5fa8 [ 1840.839384][T17111] RBP: 00007f90075e5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1840.839399][T17111] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1840.839413][T17111] R13: 00007f90075e6038 R14: 00007ffdbe6cbda0 R15: 00007ffdbe6cbe88 [ 1840.839449][T17111] [ 1841.071985][ C1] vkms_vblank_simulate: vblank timer overrun [ 1841.327128][T17127] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6770'. [ 1842.836634][T17200] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6778'. [ 1842.850862][T17200] netlink: 354 bytes leftover after parsing attributes in process `syz.4.6778'. [ 1842.964790][T17201] netlink: 268 bytes leftover after parsing attributes in process `syz.0.6777'. [ 1843.106582][ T4242] Bluetooth: hci0: unexpected event 0x01 length: 5 > 1 [ 1843.142296][T17217] netlink: 12 bytes leftover after parsing attributes in process `syz.5.6781'. [ 1843.833087][T17256] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6785'. [ 1843.925999][T17258] netlink: 354 bytes leftover after parsing attributes in process `syz.5.6785'. [ 1844.078705][T17236] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1844.095940][T17236] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1844.125555][T17236] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1844.199495][T17236] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1844.235147][T17236] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1844.365036][T17236] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1845.252756][ T4242] Bluetooth: hci1: unexpected event 0x01 length: 5 > 1 [ 1845.304802][T17337] ima: policy update failed [ 1845.384537][ T30] audit: type=1802 audit(4294967324.520:45): pid=17337 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.4.6789" res=0 errno=0 [ 1845.916821][ T4242] Bluetooth: hci3: command 0x0c1a tx timeout [ 1846.156151][ T4242] Bluetooth: hci0: command 0x0c1a tx timeout [ 1846.162188][ T4242] Bluetooth: hci4: command 0x0c1a tx timeout [ 1846.231261][T17372] FAULT_INJECTION: forcing a failure. [ 1846.231261][T17372] name failslab, interval 1, probability 0, space 0, times 0 [ 1846.245839][ T4242] Bluetooth: hci1: command 0x0c1a tx timeout [ 1846.326745][T17372] CPU: 0 UID: 0 PID: 17372 Comm: syz.0.6798 Not tainted syzkaller #0 PREEMPT(full) [ 1846.326778][T17372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1846.326793][T17372] Call Trace: [ 1846.326802][T17372] [ 1846.326811][T17372] dump_stack_lvl+0x16c/0x1f0 [ 1846.326841][T17372] should_fail_ex+0x512/0x640 [ 1846.326866][T17372] ? __kmalloc_noprof+0xca/0x880 [ 1846.326905][T17372] should_failslab+0xc2/0x120 [ 1846.326935][T17372] __kmalloc_noprof+0xdd/0x880 [ 1846.326967][T17372] ? anon_vma_name_alloc+0x56/0x110 [ 1846.327002][T17372] ? anon_vma_name_alloc+0x56/0x110 [ 1846.327032][T17372] anon_vma_name_alloc+0x56/0x110 [ 1846.327065][T17372] set_anon_vma_name+0x21b/0x4b0 [ 1846.327102][T17372] ? __pfx_set_anon_vma_name+0x10/0x10 [ 1846.327138][T17372] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1846.327177][T17372] ? cap_task_prctl+0x2af/0xa80 [ 1846.327211][T17372] ? static_key_count+0x5a/0x70 [ 1846.327242][T17372] ? security_task_prctl+0x11c/0x160 [ 1846.327274][T17372] __do_sys_prctl+0xab0/0x2250 [ 1846.327320][T17372] ? __pfx___do_sys_prctl+0x10/0x10 [ 1846.327362][T17372] do_syscall_64+0xcd/0xfa0 [ 1846.327390][T17372] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1846.327415][T17372] RIP: 0033:0x7f03d1f8eec9 [ 1846.327435][T17372] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1846.327457][T17372] RSP: 002b:00007f03d2e03038 EFLAGS: 00000246 ORIG_RAX: 000000000000009d [ 1846.327481][T17372] RAX: ffffffffffffffda RBX: 00007f03d21e5fa0 RCX: 00007f03d1f8eec9 [ 1846.327497][T17372] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000053564d41 [ 1846.327513][T17372] RBP: 00007f03d2e03090 R08: 0000000000000002 R09: 0000000000000000 [ 1846.327528][T17372] R10: 0400000000000002 R11: 0000000000000246 R12: 0000000000000001 [ 1846.327542][T17372] R13: 00007f03d21e6038 R14: 00007f03d21e5fa0 R15: 00007fff049e2338 [ 1846.327578][T17372] [ 1847.008427][ T30] audit: type=1800 audit(4294967326.160:46): pid=17424 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.6800" name="members" dev="configfs" ino=140232 res=0 errno=0 [ 1847.848884][ T4242] Bluetooth: hci4: unexpected event 0x01 length: 5 > 1 [ 1848.324683][ T4242] Bluetooth: hci1: command 0x0c1a tx timeout [ 1849.081522][T17517] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6807'. [ 1849.411208][T17537] netlink: 268 bytes leftover after parsing attributes in process `syz.2.6809'. [ 1850.396178][ T4242] Bluetooth: hci1: command 0x0c1a tx timeout [ 1850.618582][ T4242] Bluetooth: hci1: unexpected event 0x01 length: 5 > 1 [ 1851.053705][T17609] netlink: 268 bytes leftover after parsing attributes in process `syz.0.6815'. [ 1851.264613][T17614] netlink: 12 bytes leftover after parsing attributes in process `syz.5.6817'. [ 1851.538429][T17625] snd_virmidi snd_virmidi.0: control 16781581:4:5:'x?F/zF˷fC:7 is already present [ 1851.822309][T17630] snd_virmidi snd_virmidi.0: control 16781581:4:5:'x?F/zF˷fC:7 is already present [ 1852.575267][ T4242] Bluetooth: hci4: unexpected event 0x01 length: 5 > 1 [ 1852.713364][T17669] ------------[ cut here ]------------ [ 1852.726036][T17669] WARNING: CPU: 1 PID: 17669 at kernel/trace/trace.c:8604 tracing_buffers_mmap_close+0xdd/0x130 [ 1852.737204][T17669] Modules linked in: [ 1852.741905][T17669] CPU: 1 UID: 0 PID: 17669 Comm: syz.4.6826 Not tainted syzkaller #0 PREEMPT(full) [ 1852.751543][T17669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1852.761874][T17669] RIP: 0010:tracing_buffers_mmap_close+0xdd/0x130 [ 1852.768441][T17669] Code: 75 46 48 8b 7b 08 e8 d2 96 ff ff 31 ff 89 c3 89 c6 e8 37 4d fb ff 85 db 75 0a 48 83 c4 08 5b e9 e9 51 fb ff e8 e4 51 fb ff 90 <0f> 0b 90 48 83 c4 08 5b e9 d6 51 fb ff e8 71 d0 62 00 eb 87 e8 9a [ 1852.788719][T17669] RSP: 0018:ffffc9000d7777e8 EFLAGS: 00010287 [ 1852.794831][T17669] RAX: 00000000000002b7 RBX: 00000000ffffffed RCX: ffffc9000f883000 [ 1852.803371][T17669] RDX: 0000000000080000 RSI: ffffffff81c0827c RDI: 0000000000000005 [ 1852.811431][T17669] RBP: ffff8880327a1548 R08: 0000000000000005 R09: 0000000000000000 [ 1852.819485][T17669] R10: 00000000ffffffed R11: 0000000000000000 R12: dffffc0000000000 [ 1852.827524][T17669] R13: 0000000000000000 R14: 0000000000000000 R15: ffffffff81c081a0 [ 1852.835823][T17669] FS: 00007f90082476c0(0000) GS:ffff888124ae7000(0000) knlGS:0000000000000000 [ 1852.845219][T17669] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1852.851958][T17669] CR2: 0000001b2d31eff8 CR3: 000000006b762000 CR4: 00000000003526f0 [ 1852.860034][T17669] Call Trace: [ 1852.863315][T17669] [ 1852.866676][T17669] __mmap_region+0x6bc/0x27a0 [ 1852.871348][T17669] ? find_held_lock+0x2b/0x80 [ 1852.876271][T17669] ? __pfx___mmap_region+0x10/0x10 [ 1852.881589][T17669] ? finish_task_switch.isra.0+0x21c/0xc10 [ 1852.887772][T17669] ? rcu_is_watching+0x12/0xc0 [ 1852.892555][T17669] ? finish_task_switch.isra.0+0x221/0xc10 [ 1852.898397][T17669] ? lockdep_hardirqs_on+0x7c/0x110 [ 1852.903587][T17669] ? finish_task_switch.isra.0+0x221/0xc10 [ 1852.909453][T17669] ? __lock_acquire+0x62e/0x1ce0 [ 1852.914425][T17669] ? __pfx___schedule+0x10/0x10 [ 1852.919353][T17669] ? trace_cap_capable+0x18d/0x200 [ 1852.924465][T17669] mmap_region+0x1ab/0x3f0 [ 1852.928908][T17669] ? __get_unmapped_area+0x267/0x440 [ 1852.934336][T17669] do_mmap+0xa3e/0x1210 [ 1852.938733][T17669] ? __pfx_do_mmap+0x10/0x10 [ 1852.943351][T17669] ? __pfx_down_write_killable+0x10/0x10 [ 1852.949220][T17669] vm_mmap_pgoff+0x29e/0x470 [ 1852.953840][T17669] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1852.959265][T17669] ? __x64_sys_futex+0x1e0/0x4c0 [ 1852.965471][T17669] ? __x64_sys_futex+0x1e9/0x4c0 [ 1852.970485][T17669] ksys_mmap_pgoff+0x7d/0x5c0 [ 1852.975184][T17669] ? xfd_validate_state+0x61/0x180 [ 1852.980399][T17669] __x64_sys_mmap+0x125/0x190 [ 1852.985534][T17669] do_syscall_64+0xcd/0xfa0 [ 1852.990442][T17669] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1852.996388][T17669] RIP: 0033:0x7f900738eec9 [ 1853.000814][T17669] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1853.020511][T17669] RSP: 002b:00007f9008247038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1853.028992][T17669] RAX: ffffffffffffffda RBX: 00007f90075e5fa0 RCX: 00007f900738eec9 [ 1853.037348][T17669] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 1853.045561][T17669] RBP: 00007f9007411f91 R08: fffffffffffffffa R09: 0000000000008000 [ 1853.053623][T17669] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 1853.061849][T17669] R13: 00007f90075e6038 R14: 00007f90075e5fa0 R15: 00007ffdbe6cbe88 [ 1853.070079][T17669] [ 1853.073157][T17669] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1853.080440][T17669] CPU: 1 UID: 0 PID: 17669 Comm: syz.4.6826 Not tainted syzkaller #0 PREEMPT(full) [ 1853.089805][T17669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1853.099861][T17669] Call Trace: [ 1853.103134][T17669] [ 1853.106066][T17669] dump_stack_lvl+0x3d/0x1f0 [ 1853.110669][T17669] vpanic+0x640/0x6f0 [ 1853.114667][T17669] ? tracing_buffers_mmap_close+0xdd/0x130 [ 1853.120484][T17669] panic+0xca/0xd0 [ 1853.124220][T17669] ? __pfx_panic+0x10/0x10 [ 1853.128656][T17669] check_panic_on_warn+0xab/0xb0 [ 1853.133607][T17669] __warn+0xf6/0x3c0 [ 1853.137512][T17669] ? tracing_buffers_mmap_close+0xdd/0x130 [ 1853.143414][T17669] report_bug+0x3c3/0x580 [ 1853.147745][T17669] ? tracing_buffers_mmap_close+0xdd/0x130 [ 1853.153556][T17669] handle_bug+0x184/0x210 [ 1853.157889][T17669] exc_invalid_op+0x17/0x50 [ 1853.162402][T17669] asm_exc_invalid_op+0x1a/0x20 [ 1853.167249][T17669] RIP: 0010:tracing_buffers_mmap_close+0xdd/0x130 [ 1853.173669][T17669] Code: 75 46 48 8b 7b 08 e8 d2 96 ff ff 31 ff 89 c3 89 c6 e8 37 4d fb ff 85 db 75 0a 48 83 c4 08 5b e9 e9 51 fb ff e8 e4 51 fb ff 90 <0f> 0b 90 48 83 c4 08 5b e9 d6 51 fb ff e8 71 d0 62 00 eb 87 e8 9a [ 1853.193280][T17669] RSP: 0018:ffffc9000d7777e8 EFLAGS: 00010287 [ 1853.199361][T17669] RAX: 00000000000002b7 RBX: 00000000ffffffed RCX: ffffc9000f883000 [ 1853.207328][T17669] RDX: 0000000000080000 RSI: ffffffff81c0827c RDI: 0000000000000005 [ 1853.215295][T17669] RBP: ffff8880327a1548 R08: 0000000000000005 R09: 0000000000000000 [ 1853.223262][T17669] R10: 00000000ffffffed R11: 0000000000000000 R12: dffffc0000000000 [ 1853.231243][T17669] R13: 0000000000000000 R14: 0000000000000000 R15: ffffffff81c081a0 [ 1853.239216][T17669] ? __pfx_tracing_buffers_mmap_close+0x10/0x10 [ 1853.245474][T17669] ? tracing_buffers_mmap_close+0xdc/0x130 [ 1853.251304][T17669] ? tracing_buffers_mmap_close+0xdc/0x130 [ 1853.257559][T17669] __mmap_region+0x6bc/0x27a0 [ 1853.262239][T17669] ? find_held_lock+0x2b/0x80 [ 1853.266921][T17669] ? __pfx___mmap_region+0x10/0x10 [ 1853.272033][T17669] ? finish_task_switch.isra.0+0x21c/0xc10 [ 1853.277843][T17669] ? rcu_is_watching+0x12/0xc0 [ 1853.282605][T17669] ? finish_task_switch.isra.0+0x221/0xc10 [ 1853.288411][T17669] ? lockdep_hardirqs_on+0x7c/0x110 [ 1853.293609][T17669] ? finish_task_switch.isra.0+0x221/0xc10 [ 1853.299448][T17669] ? __lock_acquire+0x62e/0x1ce0 [ 1853.304394][T17669] ? __pfx___schedule+0x10/0x10 [ 1853.309448][T17669] ? trace_cap_capable+0x18d/0x200 [ 1853.314572][T17669] mmap_region+0x1ab/0x3f0 [ 1853.318983][T17669] ? __get_unmapped_area+0x267/0x440 [ 1853.324273][T17669] do_mmap+0xa3e/0x1210 [ 1853.328435][T17669] ? __pfx_do_mmap+0x10/0x10 [ 1853.333027][T17669] ? __pfx_down_write_killable+0x10/0x10 [ 1853.338670][T17669] vm_mmap_pgoff+0x29e/0x470 [ 1853.343271][T17669] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1853.348391][T17669] ? __x64_sys_futex+0x1e0/0x4c0 [ 1853.353330][T17669] ? __x64_sys_futex+0x1e9/0x4c0 [ 1853.358272][T17669] ksys_mmap_pgoff+0x7d/0x5c0 [ 1853.362946][T17669] ? xfd_validate_state+0x61/0x180 [ 1853.368068][T17669] __x64_sys_mmap+0x125/0x190 [ 1853.372754][T17669] do_syscall_64+0xcd/0xfa0 [ 1853.377263][T17669] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1853.383154][T17669] RIP: 0033:0x7f900738eec9 [ 1853.387559][T17669] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1853.407160][T17669] RSP: 002b:00007f9008247038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1853.415571][T17669] RAX: ffffffffffffffda RBX: 00007f90075e5fa0 RCX: 00007f900738eec9 [ 1853.423536][T17669] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 1853.431498][T17669] RBP: 00007f9007411f91 R08: fffffffffffffffa R09: 0000000000008000 [ 1853.439460][T17669] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 1853.447421][T17669] R13: 00007f90075e6038 R14: 00007f90075e5fa0 R15: 00007ffdbe6cbe88 [ 1853.455419][T17669] [ 1853.458688][T17669] Kernel Offset: disabled [ 1853.463004][T17669] Rebooting in 86400 seconds..