last executing test programs: 9m14.628936091s ago: executing program 3 (id=3625): socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x621240, 0x0) ioctl$auto_KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r3 = openat$auto_snd_mixer_oss_f_ops_mixer_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer1\x00', 0x180, 0x0) sendmsg$auto_ETHTOOL_MSG_RSS_GET(r2, &(0x7f0000000380)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000340)={&(0x7f00000004c0)=ANY=[@ANYBLOB="b8000000", @ANYRES16=0x0, @ANYBLOB="040026bd7000fcdbdf252600000048000180080003000b0000001400020076657468300000000000000000000000080003000000000008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="08000100a1276d0fd24efff27e756aaccd126ac413d3e2d4cbf5cdb94b08cc5015d636f4db3f773e11929e449e310beb4f41f45f9dccd027962258822cbeef068ded2b632734d1715d64c77310480f97cc9dc4122fdca69e40b9b762f1018d502e5c025013aef825c810d342be31d213b292f2898c24efb052ac0690a9600d2693b1b684c53c3ddbed634ac2e3ef99bcd10fe244cf4235cd93f1c5868281b3d23f661736be9de07f04718f472a1a6335db76c73ed9e8198b948e19e0af500c2d86c042", @ANYRES32=0x0, @ANYBLOB="0800030003000000080002000400000008000200000000000800070005000000180001801400020069703667726530000000000000000000240001800800030036040000080003000a00000008000100", @ANYRES32=0x0, @ANYBLOB="08000300060000000800070001000000"], 0xb8}, 0x1, 0x0, 0x0, 0x4000844}, 0x4) ioctl$auto_OSS_ALSAEMULVER(r3, 0x40086602, &(0x7f0000000100)) write$auto(r1, &(0x7f0000000400)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9a\xcb\xea\xd4l\x0f8\x04F;H\x15N\x1aw\xfab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY\xb8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x01\x00\x00\x00\x00\x00\x00\x00K\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb', 0x10004) open(&(0x7f0000000100)='.\x00', 0x708d795266ee1355, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x62240, 0x154) execveat$auto(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x2) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/gre0/flags\x00', 0x20681, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r5, &(0x7f0000000200)='5', 0x1) syz_genetlink_get_family_id$auto_nl80211(0x0, r4) mmap$auto(0x2002000, 0x1, 0xdf, 0x9b72, 0x2, 0xc) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) syz_genetlink_get_family_id$auto_ovs_packet(0x0, 0xffffffffffffffff) ioctl$auto_SNDCTL_DSP_SETTRIGGER(0xffffffffffffffff, 0x40045010, &(0x7f0000000080)) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x688000, 0x0) keyctl$auto(0x8, 0x0, 0x0, 0x0, 0x3ff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket(0x28, 0xa, 0x0) io_uring_setup$auto(0x999, 0x0) ustat$auto(0x801, 0x0) 9m13.919319082s ago: executing program 3 (id=3628): openat$auto_uhid_fops_uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2800, 0x0) mmap$auto(0x0, 0x400008, 0x5f, 0x9b72, 0x2, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) mq_notify$auto(r0, &(0x7f0000000280)={@sival_ptr=&(0x7f00000002c0)="45f59bbae3a90cc394009b4b4f90b40b373fd611fd9a5a375c1a1529773b62c6ad9be9c8e0f546a54bb5268afa48e16eb947fbd2cae738643c615acb777e3c64b28e7b8ee7f6d34014036c600bac736626bf0a221fd353db4d3665b562340ca465ffb61298622e644e44b9a700560383c4372e7eaf77682022c730da8143105ec445ad93b374f9280f95e5ecfdc523d21511c04fd32c09dfba755ff261339a48404e74ddc0c10b5a75ca74473fe1322764b86fa46c1ec4a8dbc9cd425c2e05402b26ac2da77bd68e", @raw=0x7, 0xffffffff, @_tid}) r1 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r1, 0xc004743e, 0x0) ioctl$auto_PPPIOCSPASS(r1, 0x40107447, &(0x7f0000000040)={0x6, 0x0}) ioctl$auto_PPPIOCSPASS(r1, 0x40107447, &(0x7f00000000c0)={0x9, &(0x7f0000000000)={0x28, 0x8, 0xb0, @raw=0xfffff01c}}) close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x0, 0x0) r2 = epoll_create$auto(0x3e) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mtdblock0\x00', 0x14f602, 0x0) mmap$auto(0x0, 0xe982, 0x9, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x86a7, 0x11, 0xfffffffe, 0x6, 0x30000000, 0x9, 0xffffffffffffffff, [0x0, 0x200, 0xffff], {0x6, 0x10001, 0x20000b, 0x2e1, 0x504, 0x2, 0x101, 0x6, 0x5}, {0xfff7ffff, 0x2, 0x52, 0x5, 0x10001, 0x440, 0x76c5, 0x8, 0x8000000000040003}}) r3 = getpid() process_vm_readv$auto(r3, &(0x7f0000000000)={0x0, 0xfff}, 0x800000002, &(0x7f0000000280)={&(0x7f0000000040), 0x1ffffffff}, 0x6, 0x0) r4 = socket(0xa, 0x3, 0x3a) ioctl$auto(r4, 0x890c, 0x1) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/bus/pci/rescan\x00', 0x20681, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r5, &(0x7f0000000200)='5', 0x1) unshare$auto(0x821) getsockopt$auto_SO_MEMINFO(r2, 0xf, 0x37, 0x0, 0x0) socket(0xf, 0x3, 0xfffffffc) getsockopt$auto(r1, 0x2, 0x81, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) r6 = socket(0x10, 0x2, 0xc) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) mmap$auto(0x4, 0x40009, 0xdf, 0x111, r6, 0x3) socket(0x21, 0x3, 0x87) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "00800000ffefffffff0200000001"}, 0x55) 9m13.450611949s ago: executing program 3 (id=3631): mmap$auto(0x0, 0x202000c, 0x1, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_RPC_STATUS_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, r1, 0x309, 0x70bd2d, 0x25dedbfc}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x20000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x1ac}}, 0x40000) r2 = socket(0x10, 0x2, 0xc) r3 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000000c0), 0xffffffffffffffff) io_uring_setup$auto(0xa, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000003180), r4) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'veth0_to_bridge\x00', 0x0}) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r7) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, 0x0) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x28, r8, 0xd0d58b333228212f, 0x70bd2c, 0x25dfdbf4, {}, [@NL80211_ATTR_IFINDEX={0x8}, @NL80211_ATTR_SCAN_FREQUENCIES={0xc, 0x2c, 0x0, 0x1, [@typed={0xfffffffffffffefa, 0x14b, 0x0, 0x0, @fd}]}]}, 0x28}}, 0x4000000) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000001500), r9) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000001540)={'netdevsim0\x00', 0x0}) sendmsg$auto_NET_SHAPER_CMD_GROUP(r9, &(0x7f0000001600)={0x0, 0x0, &(0x7f00000015c0)={&(0x7f0000000080)={0x1c, r10, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@NET_SHAPER_A_IFINDEX={0x8, 0x8, r11}]}, 0x1c}, 0x1, 0x0, 0x0, 0x44000}, 0x14) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'veth1_macvtap\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_RSS_GET(r2, &(0x7f0000000480)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0xfc, r5, 0x1, 0x70bd27, 0x25dfdbfc, {}, [@ETHTOOL_A_RSS_CONTEXT={0x8, 0x2, 0x4}, @ETHTOOL_A_RSS_HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x5}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3e}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x43c}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x6}]}, @ETHTOOL_A_RSS_START_CONTEXT={0x8, 0x7, 0x85ad}, @ETHTOOL_A_RSS_START_CONTEXT={0x8, 0x7, 0x20000}, @ETHTOOL_A_RSS_HEADER={0x58, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macsec0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bridge\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_virt_wifi\x00'}]}, @ETHTOOL_A_RSS_HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r11}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6erspan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}]}, @ETHTOOL_A_RSS_START_CONTEXT={0x8, 0x7, 0x45e}, @ETHTOOL_A_RSS_CONTEXT={0x8, 0x2, 0x80}]}, 0xfc}, 0x1, 0x0, 0x0, 0x4}, 0x48001) sendmsg$auto_CTRL_CMD_GETPOLICY(r2, &(0x7f00000002c0)={0x0, 0xf5, &(0x7f0000000180)={&(0x7f0000000240)={0x14, r3, 0x1f5, 0x70bd28, 0x25dfdbfb, {0xa, 0x0, 0xa00}}, 0xfdef}, 0x1, 0x0, 0x0, 0x20000000}, 0x2000000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x4, 0x300000000000) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r13 = socket$nl_generic(0x10, 0x3, 0x10) r14 = syz_genetlink_get_family_id$auto_ila(&(0x7f0000000440), 0xffffffffffffffff) sendmsg$auto_ILA_CMD_ADD(r13, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r14, 0x1, 0x70bd2d, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x20044040}, 0x8000) 9m12.93130291s ago: executing program 3 (id=3635): r0 = openat$auto_hpet_fops_hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0) io_uring_register$auto_IORING_REGISTER_PERSONALITY(r0, 0x9, &(0x7f00000001c0)="a2bacbea908cd9cab23a6447ca09877abe5d03f4fe5067d212bb9781f04f14b75782de8620779ff381cd90107394a96dee3177db803b839a87818f021f42e20c46e197edac8a97dcb8ffefb45222d96cb2e3cf8ddd43bf08c0934eb4c6ae77a15beec467fd3937be5777c0d42a31a01d29e41f62abaeecc14b7570fd5e50308b6f2ff2c8f10b19283b3a4c3cfe2723fd17d57fdb278a16734d8f01ea76f4c7d87e51afa3576dc0d0f6379b1e80e86ab577277b19b5766c4464900a75af", 0x3) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r1, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f0000004300)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\v'], 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x810) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), r1) read$auto(r1, &(0x7f0000000000)='\x00', 0x91e2) openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/events/vmalloc/filter\x00', 0x2000, 0x0) socket(0x2, 0x1, 0x106) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000000)='/dev/usbmon7\x00', 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) r3 = socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) r4 = socket(0x10, 0x2, 0xc) write$auto(0xca, &(0x7f0000000040)='\x04\x92K\xfa8j\xf0L3\x9b<\xe9\'\xa7H\xef\x9bOa\rVwx\xbfZp\xd55>h6~Dz\xe4\x00}\xf1\x1d\x00.R\xd5\x89|d\v', 0x10) bpf$auto(0x5, &(0x7f0000000000)=@test={0x9, 0x1, 0xa93f, 0x9, 0x3, 0x3, 0x3da1, 0x0, 0xb4, 0x5, 0x140000000000, 0x0, 0x7fffffff, 0x9, 0x1}, 0x171) r5 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYBLOB='i\x00Q'], 0x1ac}, 0x1, 0x0, 0x0, 0x40814}, 0x2004c0c4) sendmmsg$auto(r5, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYRES8=r4, @ANYBLOB="18000000", @ANYRES8=r2], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x40000f0) write$auto(r3, &(0x7f0000000000)='-\x00', 0xfdef) r6 = openat$auto_nsim_dev_max_vfs_fops_dev(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim4/max_vfs\x00', 0x250402, 0x0) write$auto_nsim_dev_max_vfs_fops_dev(r6, &(0x7f00000000c0)="0e1710f579c709c9dce05850fab3d3410ec5d18a924ac12d5571bb2dcda524e4421d0be634401633dad84edf6ae0c447441fe97b52a2320498994dfd144c29d70c70a832c8e92b17cdeaebf435aaa32e37dda8e743914ce0795f847f6675214ba4818f2c19c5737c3b959b44a92d1c8e6ce4870ab33f50a5e327c095757f4fe0076d45d43d514ac85f82edb9848f331970493fbe04445cec628c2585db3600e20e5832f6e01a15ae98e4c671de5eb23b760e6c57836fd8e7ea3d20cc0c985f7af417194f5cfcdbd501827bb8552a8e54e1890d314976708b9b0091d93c6c52f28ba6b489b8903ce2adfd3b6ecbd969f1811b091ce978999bd27c3e3b8a0d", 0xfe) r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/misc/hw_random/rng_current\x00', 0x129302, 0x0) sendfile$auto(r7, r7, 0x0, 0x7cc) fcntl$auto_F_GETOWN(0xffffffffffffffff, 0x9, 0x100000001) 9m11.990397414s ago: executing program 3 (id=3641): mmap$auto(0x5, 0x40000c, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x10001) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/fail-nth\x00', 0x2d41, 0x0) writev$auto(r1, &(0x7f0000000240)={0x0, 0x7}, 0xf) mmap$auto(0x0, 0x400008, 0x36, 0x1009b72, 0x2, 0x8000) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_taskstats(&(0x7f0000000140), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000580), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000016c0)={0x0, 0x0, &(0x7f0000001680)={&(0x7f00000005c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="010025bd7000fbdbdf25040000000400190004001a"], 0x1c}, 0x1, 0x0, 0x0, 0x4000094}, 0x4004044) sendmsg$auto_TASKSTATS_CMD_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc001}, 0x40d4) sendmmsg$auto(r2, &(0x7f0000000080)={{0x0, 0x80002, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x6, 0x9}, 0x7f}, 0x803, 0x0) mmap$auto(0x0, 0xffff, 0x100000a, 0x9b71, 0xffffffffffffffff, 0x28000) timer_create$auto(0x0, 0x0, &(0x7f0000000280)=0x10001) timer_settime$auto(0x0, 0x9, &(0x7f0000000080)={{0x7, 0x1}, {0xb}}, 0x0) getsockopt$auto(r1, 0x0, 0x7fff, 0x0, &(0x7f00000000c0)=0x44) 9m11.361095753s ago: executing program 3 (id=3643): r0 = openat$auto_trace_options_fops_trace(0xffffffffffffff9c, &(0x7f0000002a40)='/sys/kernel/tracing/options/test_nop_refuse\x00', 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = socket(0x29, 0x2, 0x0) r2 = socket(0x5, 0x2, 0x0) sendmsg$auto_ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x2000000}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) recvmmsg$auto(r2, &(0x7f0000000140)={{0x0, 0xfffffffe, 0x0, 0x5, 0x0, 0x200002, 0x8}, 0x7fd}, 0xfffffff9, 0x10, 0x0) ioctl$auto(r1, 0x8937, 0x24) read$auto_trace_options_fops_trace(r0, 0x0, 0x0) socket(0x72b023b65585996e, 0x5, 0x84) r3 = socket(0xa, 0x3, 0x4) r4 = getsockopt$auto(r3, 0xff, 0x7, 0x0, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) clock_nanosleep$auto(0x1, 0x200, 0x0, 0x0) preadv2$auto(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x9}, 0x6, 0x3, 0x4, 0x2a) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/pci0000:00/0000:00:01.3/enable\x00', 0x20f01, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000200)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\xca\xef\xceK\x1c\xc7k\x9f\x009\xdd\x00\x00\x00\x00\xbb\x9f\x13\x83\xd8\x9b-\x02+}AOs\xefBf\x10\v\xd4\x96\x1d\xde\xe0\xd3\xdc=+B\x8e\a0\xba1\xd9\x9f\xa4\x9d;\xc7\xef\xd2\x13\xc1{2W.{\xeb\x19\xa6\xab\x12P=\xb7\xd1\xf7\xd2}\x8b\f9M\x88\x9a\x8cf\x99Q2Qf\xe9\x83\x97\t-\xbf2i\xf5\xb0\'\x94\xbd\xbc\xaa\x8c\xa7W\xbc[#\x19\xb8\xa4\xf3$\xb2\x19\xcdx\xdd\x0054\xd8\xdb\xefO', 0x91) personality$auto(0xffffffffffffffff) clone3$auto(&(0x7f0000000180)={0x64, 0x7fffffff, 0x4, 0x1, 0x2700aae0, 0x5, 0x7, 0x9, 0x5, 0x4, 0x1}, 0x200) prctl$auto_SECCOMP_MODE_STRICT(0x0, 0x1, 0x0, 0x80000001, 0x100000000) mmap$auto(0x400000000000003, 0x810004, 0x2000000000000ff8, 0x2008000000008012, 0xffffffffffffffff, 0x7ffc) ioctl$auto_FIFREEZE(0xffffffffffffffff, 0xc0045878, 0x2) mprotect$auto(0x1000, 0x401000, 0x4) mmap$auto(0xffffffffffffffff, 0x202000a, 0xf, 0xfffffffffffffffb, 0xfffffffffffffffa, 0x5) mmap$auto(0xffffffffffffffbd, 0x80000a0002a, 0x4, 0x100000000040eb1, 0x602, 0x300000000000) openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000001e00)='/sys/kernel/debug/tracing/set_event\x00', 0x4a800, 0x0) pread64$auto(r0, &(0x7f0000000100), 0x40000002, 0x8) ioctl$auto_USBDEVFS_DISCSIGNAL(0xffffffffffffffff, 0x8010550e, 0x0) unshare$auto(0x40000080) mmap$auto(0x3, 0x1000, 0x100000000003, 0x17, r4, 0x8000) 8m56.305425785s ago: executing program 32 (id=3643): r0 = openat$auto_trace_options_fops_trace(0xffffffffffffff9c, &(0x7f0000002a40)='/sys/kernel/tracing/options/test_nop_refuse\x00', 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = socket(0x29, 0x2, 0x0) r2 = socket(0x5, 0x2, 0x0) sendmsg$auto_ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x2000000}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) recvmmsg$auto(r2, &(0x7f0000000140)={{0x0, 0xfffffffe, 0x0, 0x5, 0x0, 0x200002, 0x8}, 0x7fd}, 0xfffffff9, 0x10, 0x0) ioctl$auto(r1, 0x8937, 0x24) read$auto_trace_options_fops_trace(r0, 0x0, 0x0) socket(0x72b023b65585996e, 0x5, 0x84) r3 = socket(0xa, 0x3, 0x4) r4 = getsockopt$auto(r3, 0xff, 0x7, 0x0, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) clock_nanosleep$auto(0x1, 0x200, 0x0, 0x0) preadv2$auto(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x9}, 0x6, 0x3, 0x4, 0x2a) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/pci0000:00/0000:00:01.3/enable\x00', 0x20f01, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000200)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\xca\xef\xceK\x1c\xc7k\x9f\x009\xdd\x00\x00\x00\x00\xbb\x9f\x13\x83\xd8\x9b-\x02+}AOs\xefBf\x10\v\xd4\x96\x1d\xde\xe0\xd3\xdc=+B\x8e\a0\xba1\xd9\x9f\xa4\x9d;\xc7\xef\xd2\x13\xc1{2W.{\xeb\x19\xa6\xab\x12P=\xb7\xd1\xf7\xd2}\x8b\f9M\x88\x9a\x8cf\x99Q2Qf\xe9\x83\x97\t-\xbf2i\xf5\xb0\'\x94\xbd\xbc\xaa\x8c\xa7W\xbc[#\x19\xb8\xa4\xf3$\xb2\x19\xcdx\xdd\x0054\xd8\xdb\xefO', 0x91) personality$auto(0xffffffffffffffff) clone3$auto(&(0x7f0000000180)={0x64, 0x7fffffff, 0x4, 0x1, 0x2700aae0, 0x5, 0x7, 0x9, 0x5, 0x4, 0x1}, 0x200) prctl$auto_SECCOMP_MODE_STRICT(0x0, 0x1, 0x0, 0x80000001, 0x100000000) mmap$auto(0x400000000000003, 0x810004, 0x2000000000000ff8, 0x2008000000008012, 0xffffffffffffffff, 0x7ffc) ioctl$auto_FIFREEZE(0xffffffffffffffff, 0xc0045878, 0x2) mprotect$auto(0x1000, 0x401000, 0x4) mmap$auto(0xffffffffffffffff, 0x202000a, 0xf, 0xfffffffffffffffb, 0xfffffffffffffffa, 0x5) mmap$auto(0xffffffffffffffbd, 0x80000a0002a, 0x4, 0x100000000040eb1, 0x602, 0x300000000000) openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000001e00)='/sys/kernel/debug/tracing/set_event\x00', 0x4a800, 0x0) pread64$auto(r0, &(0x7f0000000100), 0x40000002, 0x8) ioctl$auto_USBDEVFS_DISCSIGNAL(0xffffffffffffffff, 0x8010550e, 0x0) unshare$auto(0x40000080) mmap$auto(0x3, 0x1000, 0x100000000003, 0x17, r4, 0x8000) 2m50.442507187s ago: executing program 2 (id=4948): bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_fd, 0xffffffffffffffff, 0x4, 0x1ff, 0xffffffffffffffff, @relative_id=0x13, 0xe600}, 0xf) sysfs$auto(0x2, 0x0, 0x2) shutdown$auto(0x200000003, 0x2) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00'}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0x4000011}, 0x48c0) sendmsg$auto_NL80211_CMD_GET_PROTOCOL_FEATURES(0xffffffffffffffff, 0x0, 0x40) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000001c0)=ANY=[@ANYBLOB="300000003a03db7bf1205cebd271b0bd07ea88d11598", @ANYRES16=r2, @ANYBLOB="010031bd7000fddbdf250c000000040003801800018014000200776c616e3000"/42], 0x30}}, 0x24048084) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/all/forwarding\x00', 0x42a81, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/bdi/43:288/max_ratio_fine\x00', 0x10b142, 0x0) sendfile$auto(r3, r4, 0x0, 0x1000200) r5 = socket(0x11, 0x80003, 0x300) recvmmsg$auto(r5, 0x0, 0x10001, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) ioperm$auto(0x4, 0xbc6, 0x81) mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000) mount$auto(0x0, 0x0, 0x0, 0xf, 0x0) madvise$auto(0x0, 0x2003f2, 0x15) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) mmap$auto(0x0, 0xfff, 0xdf, 0x9b72, 0x400, 0x28000) statx$auto(0x2, 0x0, 0x1000, 0xbdfa, 0x0) 2m48.361745092s ago: executing program 2 (id=4953): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) madvise$auto(0x0, 0xffffffffffff0005, 0x17) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x4e20, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@isdn={0x22, 0x7, 0x2, 0x42, 0x4}, 0xfff) io_uring_setup$auto(0x5b, &(0x7f0000000080)={0x7fffffff, 0xe, 0x2, 0x6, 0x5, 0x8, 0xffffffffffffffff, [], {0xd74c, 0x10000, 0x1, 0x29f, 0x100, 0xfff, 0x101, 0x6, 0x2}, {0xfb, 0x1, 0x10001, 0x7, 0x1, 0x40, 0x176c5, 0x400005, 0x100000005}}) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000140)='/dev/input/event1\x00', 0x40000, 0x0) (async) mmap$auto(0x0, 0x402200d, 0xdf, 0xeb1, 0x401, 0x8000) (async) close_range$auto(0x2, 0x8, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/nbd3\x00', 0x0, 0x0) (async) socket(0xa, 0x801, 0x84) openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/trace\x00', 0x2, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) (async) statx$auto(0xffffff9c, 0x0, 0x1000, 0x803, 0x0) close_range$auto(0x2, 0x8000, 0x0) (async) r1 = openat$auto_iommufd_fops_main(0xffffffffffffff9c, &(0x7f0000001240), 0x40, 0x0) ioctl$auto(r1, 0x3b8e, r0) (async) readv$auto(0x3, 0x0, 0x1) (async) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x0, 0x0) (async) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) (async) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) ioctl$auto_USBDEVFS_CONTROL(r2, 0xc0185500, &(0x7f0000000280)={0x4, 0xfc, 0x6, 0x3, 0x7f, 0x80, 0x0}) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) (async) ioctl$auto_USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0185500, 0x0) (async) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) (async) ioctl$auto_USBDEVFS_REAPURBNDELAY32(r2, 0x4004550d, &(0x7f0000000000)=0x100) (async) mlockall$auto(0x454) (async) close_range$auto(0x2, 0x8, 0x0) (async) mmap$auto(0xfffffffffffffffd, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) 2m46.834837518s ago: executing program 2 (id=4956): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x9) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x23, 0x1, 0x106) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r1 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x3, 0x9) mmap$auto(0x0, 0x7, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TCFLSH2(r2, 0x5453, 0x0) write$auto(r2, 0x0, 0x81) r3 = socket(0x2, 0x1, 0x106) setsockopt$auto(r3, 0x200000, 0xc, &(0x7f00000000c0)='l]U(\x01\t=\x1e\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00$\xa9\t{&\xc0\x14D\n\xa2\xad\xde\xb1\xd2\xadL\xa8\xf8\xcc\xea]d\v5\x0fr\xfc\a0\xe5\x1b\x81\xf3%6\x1f\xe8\rM\xc4\x0e\x1a\x12{\v\x1dTRL$\x02\xf3\xf0\x1eO\xb9^\xcdC\x13\xc6\x1b\xbd\xa37x\xa7.\xb1\x17', 0x4000fff) sendmsg$auto_NLBL_CALIPSO_C_REMOVE(r0, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00024abd7000fddbdf254200000000000000000000060800030000000000"], 0x24}, 0x1, 0x0, 0x0, 0x40001}, 0x41014) mmap$auto(0x0, 0x5, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000280)='/proc/sys/net/ipv6/conf/gretap0/router_probe_interval\x00', 0x46c02, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_RESUME(r1, 0x4147, 0x0) read$auto(r4, 0x0, 0x1ff) r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x8002, 0x0) writev$auto(r5, &(0x7f0000000200)={0x0, 0x81}, 0x5) mmap$auto(0x7, 0xe983, 0x1, 0xeb1, 0x401, 0x8000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/card2/midi0\x00', 0x4a500, 0x0) write$auto_kmsg_fops_printk(0xffffffffffffffff, 0x0, 0x0) r6 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r6, &(0x7f0000000180)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8\xa6\xb6\xaa\x96/OX\xba\x02\xc5\xc6B\x1d}Y\xbc@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf\xd6f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8', 0x100000a3d6) close_range$auto(0x2, 0xa, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyec\x00', 0x258103, 0x0) socket(0x2, 0x5, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000002000)='/dev/sequencer2\x00', 0x101040, 0x0) 2m45.731797334s ago: executing program 2 (id=4960): r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_fd=r0, 0xffffffffffffffff, 0x4, 0x1ff, 0xffffffffffffffff, @relative_id=0x13, 0xe600}, 0xf) sysfs$auto(0x2, 0x0, 0x2) shutdown$auto(0x200000003, 0x2) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'wlan0\x00'}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0x4000011}, 0x48c0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000001c0)=ANY=[@ANYBLOB="300000003a03db7bf1205cebd271b0bd07ea88d11598", @ANYRES16=r3, @ANYBLOB="010031bd7000fddbdf250c000000040003801800018014000200776c616e3000"/42], 0x30}}, 0x24048084) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/all/forwarding\x00', 0x42a81, 0x0) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/bdi/43:288/max_ratio_fine\x00', 0x10b142, 0x0) sendfile$auto(r4, r5, 0x0, 0x1000200) r6 = socket(0x11, 0x80003, 0x300) recvmmsg$auto(r6, 0x0, 0x10001, 0x1, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) ioperm$auto(0x4, 0xbc6, 0x81) mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000) mount$auto(0x0, 0x0, 0x0, 0xf, 0x0) madvise$auto(0x0, 0x2003f2, 0x15) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) mmap$auto(0x0, 0xfff, 0xdf, 0x9b72, 0x400, 0x28000) statx$auto(0x2, 0x0, 0x1000, 0xbdfa, 0x0) 2m44.521503424s ago: executing program 2 (id=4963): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x6) socket(0x2, 0x1, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) socketpair$auto(0x10401e, 0x5, 0xfffffffc, 0x0) r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x100, 0x0) r1 = pidfd_open$auto(0x1, 0x0) setns(r1, 0x60020000) umount2$auto(&(0x7f0000000080)='.\x00\x17\xe7\xcbK\x17\xa2\xa0\x9a\xf6\x81\xee\xbfB\x9d\x8cL\xc9 \f\xd5\x1f\xf5\xd0\xe2\xfb\x1bG[\x0e\v\xbcq\xa1(Gz\xd7\x02Viw@\x8c9 \xee\x8a\x04\xe7\xd6\xc5\xc6_\xb2\ndUsI\xd8o\x00\x00\x00\xff\xe4\xed^0\xed\xc5\tg\x91\x87\xb5\xa9\xcd\xde\xf2L\x10VL$\xb3\xd4\x89\x01Y@%v\xa2\a\x98G\xf1\x0eMg\xe1p5u\xb3E\xfc\x1c\xd2-\xe4\\;nQJ', 0x8) pidfd_open$auto(0x1, 0x0) writev$auto(0xffffffffffffffff, 0x0, 0x3) r2 = prctl$auto_PR_SCHED_CORE_CREATE(0x4, 0x1, 0xffffffffffffffff, 0xff, 0x3) ioctl$auto_PAGEMAP_SCAN(r2, 0xc0606610, &(0x7f0000000100)={0xd0, 0x6, 0x5, 0x7, 0x8, 0x8000000000000000, 0x80000000, 0x0, 0xfc00000000000000, 0x0, 0x3, 0xd5a8}) writev$auto(0x3, 0x0, 0x6) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x80802, 0x0) ioctl$auto_SNDCTL_SEQ_OUTOFBAND(r0, 0x40085112, 0x0) 2m44.13785654s ago: executing program 2 (id=4964): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x80, 0x0) socket(0x15, 0x1, 0x4000000) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) r1 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/032/001\x00', 0x80202, 0x0) ioctl$auto_USBDEVFS_CONTROL(r1, 0xc0185500, &(0x7f0000000000)={0x0, 0x3, 0x5, 0x8c73, 0x0, 0x5, 0x0}) bpf$auto(0x0, &(0x7f0000000380)=@task_fd_query={0x12, 0x3, 0x4, 0xae30, 0x8, 0xfff, 0xffffffffffffffff, 0x2e, 0x7ff}, 0x6f4) (async) bpf$auto(0x1, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0x4, 0x0, 0x3}, 0x1) (async) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) (async) r4 = prctl$auto(0x1000000003b, 0x1, 0xffffffffffffffff, 0x5, 0x7) (async, rerun: 32) prctl$auto(0x1000000003b, 0x1, 0x4, 0x8, 0x7) (async, rerun: 32) mseal$auto(0x0, 0x7dda, 0x0) (async) r5 = socket$nl_generic(0x10, 0x3, 0x10) (async) r6 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_SMC_NETLINK_ADD_UEID(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r6, 0x1, 0x70bd26, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x20000004}, 0x0) (async) r7 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nbd0\x00', 0x1eb680, 0x0) ioctl$auto_SG_GET_RESERVED_SIZE(r7, 0x4c09, 0x0) (async) r8 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000280), r3) (async) r9 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="01002dbd7000fddbdf250800030008000300", @ANYRES32=r10], 0x24}, 0x1, 0x0, 0x0, 0x5c5fd097d751f33e}, 0x80) bpf$auto_BPF_LINK_CREATE(0x1c, &(0x7f00000000c0)=@bpf_attr_3={0x5ad, 0x5, 0x80000001, 0x6, 0x7fff, 0x8e2a, 0xfffffffffffffff8, 0x2, 0x80, "6ec492378067bd7ebb8d641165907825", r10, 0x4, r4, 0x6df, 0x3, 0xb, 0x9, 0x9, 0x3, 0x3, @attach_btf_obj_fd=r2, 0x7, 0xaeb, 0x293b, 0x6, 0x7fffffff, r0, r3}, 0x1) 2m34.778608834s ago: executing program 4 (id=4993): r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_fd=r0, 0xffffffffffffffff, 0x4, 0x1ff, 0xffffffffffffffff, @relative_id=0x13, 0xe600}, 0xf) sysfs$auto(0x2, 0x0, 0x2) shutdown$auto(0x200000003, 0x2) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'wlan0\x00'}) sendmsg$auto_NL80211_CMD_GET_PROTOCOL_FEATURES(0xffffffffffffffff, 0x0, 0x40) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000001c0)=ANY=[@ANYBLOB="300000003a03db7bf1205cebd271b0bd07ea88d11598", @ANYRES16=r3, @ANYBLOB="010031bd7000fddbdf250c000000040003801800018014000200776c616e3000"/42], 0x30}}, 0x24048084) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/all/forwarding\x00', 0x42a81, 0x0) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/bdi/43:288/max_ratio_fine\x00', 0x10b142, 0x0) sendfile$auto(r4, r5, 0x0, 0x1000200) r6 = socket(0x11, 0x80003, 0x300) recvmmsg$auto(r6, 0x0, 0x10001, 0x1, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) ioperm$auto(0x4, 0xbc6, 0x81) mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000) mount$auto(0x0, 0x0, 0x0, 0xf, 0x0) madvise$auto(0x0, 0x2003f2, 0x15) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) mmap$auto(0x0, 0xfff, 0xdf, 0x9b72, 0x400, 0x28000) statx$auto(0x2, 0x0, 0x1000, 0xbdfa, 0x0) 2m33.448339249s ago: executing program 4 (id=4999): sendmsg$auto_ETHTOOL_MSG_PSE_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="18000000", @ANYRES16=0x0, @ANYBLOB="01002702000015dbdf252400000004000180"], 0x18}, 0x1, 0x0, 0x0, 0x4000050}, 0x40d8) (async) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) (async) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB='1\x00-'], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x240080c0) (async) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) (async) preadv$auto(0xffffffffffffffff, 0x0, 0x9, 0xff, 0x1) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) syz_genetlink_get_family_id$auto_ipvs(0x0, 0xffffffffffffffff) (async) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) (async) mmap$auto(0x0, 0x810004, 0x2000000efb, 0x8000000008011, r0, 0x8000) (async) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0) ioctl$auto_BLKRRPART(r0, 0x125f, 0x0) (async) madvise$auto(0x0, 0x400053, 0x9) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="f0bcc1af5618adfb2191b6013c46e51c1ee27ebd39e19e8dd4c4f6882664e840552e0e4a4d86d356a6bceddcf2d9785261952fd75fff06d09b5cbc8ce8cc122938fdb96c6ad9ca69423cf23cb39790a7248882c95b6e7c6e024dbcf489553e46959a", @ANYBLOB="eade2ff262dd9962077f396a28d97fa8d2babeb7d3f9c76fd2f52b22e294b364042a85d91640471ba9e1514b227e9fd5e586b6f64f10bc6bfea9a895e8587f929a1afcad3218dbe6a714b8fae5a0b0c2d982c59095f53e6fcc"], 0x1ac}, 0x1, 0x0, 0x0, 0x44080}, 0x40000) (async) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) close_range$auto(0x2, 0x8, 0x0) (async) socket(0x2, 0x80802, 0x0) (async) r1 = socket(0x2b, 0x1, 0x0) r2 = socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) (async) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) (async) readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x7fffffffefff}, 0x7) (async) write$auto(r2, &(0x7f0000000040)='\x00', 0x5) (async) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x11}}, 0x6a) r3 = openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000500)='/dev/snd/pcmC1D1p\x00', 0x1, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_PREPARE(r3, 0x4140, 0x0) (async) openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcsa1\x00', 0x101041, 0x0) (async) lseek$auto(0x3, 0x8000000000000004, 0x1) (async) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x3, 0x20000000) 2m32.186990323s ago: executing program 4 (id=5000): openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/platform/vhci_hcd.2/usb13/descriptors\x00', 0x0, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x1eba02, 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x82001, 0x0) r1 = openat$auto_fops_u16_(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim1/psample/out_tc\x00', 0x101002, 0x0) write$auto(r1, &(0x7f0000000140)='7\x00\\\xa0\x04|\x03\xcb\x03\x00\x00\x00\xc7\xd9\x88t?$\xe4W\x88Q\xe6e\xb2\xa5\xbbZ$\xc9\xa4@\xfb\xca|I\xb9\xdf\xb9\x81K\x02\xcb\t\x9f\x80\x187\xab\b\xd22\x14\xacj\x11\xd0\xa5E\x14\xc4n\xb7\xa4C\xb2C\x02\xb5L!\xc9_8\xe0r\xa8\a\x1d\x03/\xb0x\x83\xd8\x1d\xd3\x1e\xd0\xdd\x131\xca\x98\x96\xbc`\x06\a,\x88\x9dhT\xc6\x88\xa1\xd7\xe0\xb7\n\xbc\xbc\xf3\xd6\xf4g&\xed\xc2n\xee\x89\xfc\xf7F@\xf2\xddW;/%@\x185\x1ab\xf4*\xb8\x9a`D\xa3\xd0\xc3\x10\xff>\x87(\xba\xb4\xa0\x84\x89n9\x85\xa1\x8a\xce\x00'/176, 0x100081) write$auto_seq_oss_f_ops_seq_oss(r0, &(0x7f0000000040)="5f74ab2fc43781e047140a5cbc3ac5229b90633d9cddda9efb1f2c3d5d1e63f3fb5acf079b9336319d009cb514679a42eaca52b81c166d19625d173c26ece6542f2fb29712f4fb9072fc432b4cf3e6f5a7f3c9f91ee88ba5fa11d48fd3658e8f44f8423b4cd02bbec912ed34f9f4b19b03d4c62b24ede44c0c76c34edf7bde061903c2ee4c64110ac668239fa53ba42933ae74c3d173663248ff0945dd2e405e0d378b5a8e4643a7bc3b35a7248431450ca8901467ea6dc5d86de1e90f869f6a04ac10043676f3b2c7f1339b2d7468133fb8447d17846b6b78079ecc31d7d0f74caa4a3db1ac4d312bfdb34bd331f1f771a2396108561a52153d63a7b2a3a077a7e4c1a22bcb23e1f3e511fee310baa67904d2aad4d6671e8b77c7720e37e84e0efecb60a35f188cbe8b8b2fb3967b78aa482aabb103f23083baa9b2ae653731d5993db4054233dea4af25795e12eb4d6b046bdeea6adce8626e0def15dd32b0ec16a85d93e1dea980794033f4b46973062c64c0209f9d3efc6ea7704c8e8dfea8cdfbe2cb1e367bf634a1952190e0660994f79f0c622d47ee8f93ce1c2852db907ae68a29bcc960b26e0e634173287fd012c4bb3063c41d35c92e896b44080bc5a98e90907cd1d01cc0708019cc1c93c71f29bfe841c873ad2aa0565dfaeb86c8b8e58ea2075de2a562ba1b5dc4ca452df21f25453b7c7f9a3e31547f4e803cefbac3b94715f2ab1f9fc66570244472f2f29deb9bdf6dc5b18d54e3c2264f9598f2ea749d170a66d351acf003c3f37fe74a09a8a964ce2818e4b4efd1eb0e3bca5dfd2a053eeb5735b96d282d2e03866bd6581b5e5e541c74f0b92b932b234ac117342f156b4b23fc6dcbc92ada00ce404f54443b6e7fdac9acb79e5258a865ced633ff5356d13a3e9923bcd8e6d177c9fb8618f9393798d90d70c78207e40f95bb2b0a9308f29f4331bbdfc1021dface5a740473b462c47286fee1c9d0036c78134e108b5b218d3022fd277e1cdf0cdf8cd4b37d74c8dd47e00e50fcf8d336978a0e7624f94b8fdcd1c9459201231f343c7cb602083aa5", 0x2f8) ioctl$auto_SNDCTL_SEQ_SYNC(r0, 0x5101, 0x0) unshare$auto(0x40000080) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xbc\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d5) socket(0xb, 0x2, 0x3) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x2003f2, 0x15) close_range$auto(0x2, 0x8, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000340)='/dev/snd/midiC2D0\x00', 0x200201, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/input/event1\x00', 0x34d802, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000180), 0x109802, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r4) ioctl$auto_KVM_GET_MSRS(r3, 0xc008ae88, &(0x7f0000000400)={0x7, 0x0, [{0xc0000103, 0x2, 0x3}]}) openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/cec22\x00', 0xeb80, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000400), r6) sendmsg$auto_NFSD_CMD_VERSION_SET(r6, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000500)=ANY=[@ANYBLOB="14000000fbc19e3cb161193e15add7e72c2bdccfbdbdc187137cb5b64de0745fb6fc8427e4b7d0b0252fc090a03fb66cf3a498e9a441b11639a312a5540e0ca9e5a58d257efd8ab718d5ad0df62f9f4d208ef17b5290bd944ee42714b6c31c11b02482326da5f8afec89f1f4c114dec5fff0d595fa79980f5f87bd861c5c5e337558398dd6a908921fd236db374582b66b973a35b6bb6d3167622bc48d469f4fea928eb8ce4ee052032a14118379b77e9736abc51f0dc56368295bce081535ce284dde204036862d53fedb9be2f00e78c4f8fb35189f401b3398bee63c786f1181008000006cd0283cca5288a2898992875daef45224b25175765c0a46bc99b3dfc102f86bd9f50cfa032ca68987dd2df91f5a498fa746d7d896ad06966f16420ca765679b9d116ebada826fb94d00c8a6d1c571786b5dba0e", @ANYRES16=r7, @ANYBLOB="010025bd7000fbdbdf2504000000"], 0x14}, 0x1, 0x0, 0x0, 0x24000005}, 0x4004840) 2m29.384371858s ago: executing program 4 (id=5006): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/gre0/flags\x00', 0x20681, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000200)='5', 0x1) 2m29.135563891s ago: executing program 4 (id=5007): setresuid$auto(0xffffffffffffffff, 0x8, 0x8000) setfsuid$auto(0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r0, 0x4bfb, 0xffffffffffffffff) fadvise64$auto_POSIX_FADV_WILLNEED(r0, 0x400, 0x5, 0x3) 2m28.954192544s ago: executing program 4 (id=5008): socket(0x10, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bind$auto(0x3, &(0x7f0000000000)=@generic={0x10, "a500acb75c9cedd1b5e9a0d76293"}, 0x68) r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2, 0x0) write$auto_seq_oss_f_ops_seq_oss(r0, &(0x7f0000000040)="f6e6812018deadf7e88f819e30236ce79200e01532f2ed0d", 0x18) r1 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/devices/virtual/net/bond0/bonding/arp_ip_target\x00', 0xa0002, 0x0) write$auto_ocfs2_control_fops_stack_user(r2, &(0x7f0000003900)='\t', 0x1) write$auto(r1, &(0x7f0000000080)=')@-!\x00', 0x1e1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff) sendmsg$auto_NBD_CMD_CONNECT(r3, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000000200)={0x34, r4, 0x1, 0x703d25, 0x25dfdbfd, {}, [@NBD_ATTR_SOCKETS={0x14, 0x7, 0x0, 0x1, [@nested={0xc, 0x1, 0x0, 0x1, [@nested={0x8, 0x1, 0x0, 0x1, [@generic='\x00\x00\x00\x00']}]}, @nested={0x4, 0x89}]}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x6}]}, 0x34}, 0x1, 0x0, 0x0, 0x804}, 0x8880) statmount$auto(0x0, &(0x7f0000000180)={0xa, 0x1, 0x44f, 0x7, 0x5, 0x1007181, 0x8a0d, 0x7, 0x7, 0x7ff, 0x89, 0x26, 0x4, 0x200000000001, 0x384, 0xfffffffffffffffa, 0x8, 0x0, 0x30, 0x0, 0x864, 0xe, 0x22000, 0x9, 0x0, 0x84}, 0x9, 0xd) r5 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) ioctl$auto__ctl_fops_dm_ioctl(r5, 0x2, &(0x7f0000000380)="dcbb5fd7054bed139fb7f9fb1dca8fe1d88f65ee057c0e6faac40d106e4f0d52edf6e31c48e8d983ae3431fa707225c2c387e1a200b38759ba8e9187200e6d044ef46a534de751b1436f20ed7071b254509700aa726ea003a1b7b9ce2313756dc84bc4556ddac694c4553d72ed13a885176712c9cff968f74bd1d14ff734ad08e60cf7e7a7dd07d2b6ca9cb21ddaae68d2969afcf6c734f6ee1c63b1c93abf32264f9ec022b64c903276298739ee8ae7ac1fe14534ad54004f39ea1b99964702554c1494e1742baeae527cf3007d50fc92e924f73b6288e5d9fd071d2fba76b2fabd3faf5229f4c3168226346e3087026d3d2c8aed398d4988971e05ff0ab9f5f2328e7f51d5061584b44581a4c83e413718d3a82f87daf87d1d5a2c32fbaa58f095fbf34ccc603b632155c27289cb5598049a7c9160dfe8a01d5a1983408082941eb39db2a09c5a34dc876dfa58a589687aa0cf6be7b5b084a8f753758332896ec3adad7a79b751908ee2b3d25131f44185a0ed8d20e9b6b8a1ed11402b02e544b67caf3177eda039e64aaf295eca7953c165fa73afca96d7750663711101c6e14e44817c6ad4b1474132dd441ca5c9d7776c871ffacbd96910496cad7010b9b526135e84") ioctl$auto__ctl_fops_dm_ioctl(r5, 0xfffffff7effffd05, &(0x7f00000001c0)) r6 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20b42, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r6, 0xc0045002, 0x0) r7 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) setrlimit$auto(0x1000000007, 0x0) socket(0x15, 0x5, 0x0) ioctl$auto_KVM_CREATE_VM(r7, 0xae01, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, &(0x7f0000000600)='/proc/thread-self/clear_refs\x00', 0x2, 0x0) r8 = socket(0x1a, 0x1, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}}, 0x40000) 2m13.886607545s ago: executing program 33 (id=5008): socket(0x10, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bind$auto(0x3, &(0x7f0000000000)=@generic={0x10, "a500acb75c9cedd1b5e9a0d76293"}, 0x68) r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2, 0x0) write$auto_seq_oss_f_ops_seq_oss(r0, &(0x7f0000000040)="f6e6812018deadf7e88f819e30236ce79200e01532f2ed0d", 0x18) r1 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/devices/virtual/net/bond0/bonding/arp_ip_target\x00', 0xa0002, 0x0) write$auto_ocfs2_control_fops_stack_user(r2, &(0x7f0000003900)='\t', 0x1) write$auto(r1, &(0x7f0000000080)=')@-!\x00', 0x1e1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff) sendmsg$auto_NBD_CMD_CONNECT(r3, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000000200)={0x34, r4, 0x1, 0x703d25, 0x25dfdbfd, {}, [@NBD_ATTR_SOCKETS={0x14, 0x7, 0x0, 0x1, [@nested={0xc, 0x1, 0x0, 0x1, [@nested={0x8, 0x1, 0x0, 0x1, [@generic='\x00\x00\x00\x00']}]}, @nested={0x4, 0x89}]}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x6}]}, 0x34}, 0x1, 0x0, 0x0, 0x804}, 0x8880) statmount$auto(0x0, &(0x7f0000000180)={0xa, 0x1, 0x44f, 0x7, 0x5, 0x1007181, 0x8a0d, 0x7, 0x7, 0x7ff, 0x89, 0x26, 0x4, 0x200000000001, 0x384, 0xfffffffffffffffa, 0x8, 0x0, 0x30, 0x0, 0x864, 0xe, 0x22000, 0x9, 0x0, 0x84}, 0x9, 0xd) r5 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) ioctl$auto__ctl_fops_dm_ioctl(r5, 0x2, &(0x7f0000000380)="dcbb5fd7054bed139fb7f9fb1dca8fe1d88f65ee057c0e6faac40d106e4f0d52edf6e31c48e8d983ae3431fa707225c2c387e1a200b38759ba8e9187200e6d044ef46a534de751b1436f20ed7071b254509700aa726ea003a1b7b9ce2313756dc84bc4556ddac694c4553d72ed13a885176712c9cff968f74bd1d14ff734ad08e60cf7e7a7dd07d2b6ca9cb21ddaae68d2969afcf6c734f6ee1c63b1c93abf32264f9ec022b64c903276298739ee8ae7ac1fe14534ad54004f39ea1b99964702554c1494e1742baeae527cf3007d50fc92e924f73b6288e5d9fd071d2fba76b2fabd3faf5229f4c3168226346e3087026d3d2c8aed398d4988971e05ff0ab9f5f2328e7f51d5061584b44581a4c83e413718d3a82f87daf87d1d5a2c32fbaa58f095fbf34ccc603b632155c27289cb5598049a7c9160dfe8a01d5a1983408082941eb39db2a09c5a34dc876dfa58a589687aa0cf6be7b5b084a8f753758332896ec3adad7a79b751908ee2b3d25131f44185a0ed8d20e9b6b8a1ed11402b02e544b67caf3177eda039e64aaf295eca7953c165fa73afca96d7750663711101c6e14e44817c6ad4b1474132dd441ca5c9d7776c871ffacbd96910496cad7010b9b526135e84") ioctl$auto__ctl_fops_dm_ioctl(r5, 0xfffffff7effffd05, &(0x7f00000001c0)) r6 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20b42, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r6, 0xc0045002, 0x0) r7 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) setrlimit$auto(0x1000000007, 0x0) socket(0x15, 0x5, 0x0) ioctl$auto_KVM_CREATE_VM(r7, 0xae01, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, &(0x7f0000000600)='/proc/thread-self/clear_refs\x00', 0x2, 0x0) r8 = socket(0x1a, 0x1, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}}, 0x40000) 7.303557572s ago: executing program 1 (id=5326): mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xffffffffffffffff, 0x8000) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101c40, 0x0) r1 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r0, 0x560a, r1) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, 0x0, 0x48084) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) connect$auto(0x3, 0x0, 0x54) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) r2 = openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/usb/usbmon/9t\x00', 0x0, 0x0) pread64$auto(r2, 0x0, 0x101, 0x103) unshare$auto(0x40000080) clock_nanosleep$auto(0x2, 0x6, &(0x7f0000000840)={0x0, 0xc025}, 0x0) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, 0x0, 0x400c800) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x1, 0x0) close_range$auto(r1, r1, 0x2) r3 = socket$nl_generic(0x10, 0x3, 0x10) fcntl$auto(0x8000000000000001, 0x7, 0x0) fcntl$auto(r3, 0x7, 0x4) close_range$auto(0x0, 0xfffffffffffff000, 0x2) 6.29252001s ago: executing program 1 (id=5329): mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xffffffffffffffff, 0x8000) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101c40, 0x0) r1 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r0, 0x560a, r1) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, 0x0, 0x48084) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) connect$auto(0x3, 0x0, 0x54) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) r2 = openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/usb/usbmon/9t\x00', 0x0, 0x0) pread64$auto(r2, 0x0, 0x101, 0x103) unshare$auto(0x40000080) clock_nanosleep$auto(0x2, 0x6, &(0x7f0000000840)={0x0, 0xc025}, 0x0) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, 0x0, 0x400c800) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x1, 0x0) close_range$auto(r1, r1, 0x2) r3 = socket$nl_generic(0x10, 0x3, 0x10) fcntl$auto(0x8000000000000001, 0x7, 0x0) fcntl$auto(r3, 0x7, 0x4) close_range$auto(0x0, 0xfffffffffffff000, 0x2) 4.295185974s ago: executing program 1 (id=5331): rename$auto(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00') r0 = socket(0x2, 0x1, 0x106) connect$auto(r0, &(0x7f00000001c0)=@in={0x2, 0x3}, 0x55) 4.111556996s ago: executing program 1 (id=5332): mmap$auto(0x0, 0x2020009, 0x9, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) r1 = openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, 0x0, 0x8042, 0x0) mmap$auto(0x2, 0x2020009, 0x3, 0xeb1, r1, 0x8000) r2 = socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x10, 0x0, 0x9) io_uring_setup$auto(0x8, 0x0) connect$auto(0x3, 0x0, 0x58) bind$auto(0x3, 0x0, 0x6a) ioctl$auto_SNDRV_PCM_IOCTL_WRITEN_FRAMES(r1, 0x40184152, &(0x7f0000000280)={0x10000, &(0x7f0000000240)=&(0x7f0000000140)="beb93fa080a16bf33a576b5dcfb5033cfa41bf25b475a515cc41b8199d1224974305e0d7c32868cf8c26b0ac5c234fc6f52a5e7fcde847ada639fa935c0b31b32f7d8da174eb2c82d03ae90654e200006093b5772308107ef0c9a35c9596bba80bec963f6b2bdd6c9f80f916320ce6511f97d4d38747c24b774813283abd043cd264374ce6d07039e9c155f7d6ea3f717f42ed3f1c1461cdea72ee291a1ba560e54496a8527b38ce60b3abac153b6050d729fb0517dfcaf522643286a0b7778778ff0beaca11d2c001bcfd0f3a198b77226cceebd7c4d454c8362e35822aa20e127d15a05693da", 0x7f}) r3 = pidfd_open$auto(0x1, 0x0) ftruncate$auto(r2, 0x5) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/platform/i8042/serio0/drvctl\x00', 0x28001, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f0000000080)='n', 0x1) r5 = socket(0x23, 0x80805, 0x0) write$auto(0x3, 0x0, 0xfdef) r6 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/xfs/xqm\x00', 0x1c9802, 0x0) pread64$auto(r6, 0x0, 0x100000001, 0x2000006) ioctl$auto(r3, 0x89ed, 0xffffffffffffffff) r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r7, 0x5607, r7) syz_clone3(&(0x7f000000dd80)={0x100000, 0x0, 0x0, 0x0, {0x13}, 0x0, 0x0, 0x0, 0x0}, 0x58) r8 = syz_clone3(&(0x7f000000dd80)={0x8000100, 0x0, 0x0, 0x0, {0x12}, 0x0, 0xffffffffffffff61, 0x0, 0x0}, 0x58) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f00000000c0), r0) r9 = socket$nl_generic(0x10, 0x3, 0x10) unshare$auto(0x40000080) write$auto(r4, &(0x7f0000000000)='\x04>\x01\x01\x00\x00\x00\x00\x01_\x9e\x99:R\xcc\x96\b\'\x02\xb0\x93l\xeb\x87\r\b\x87\x14\xf8e6\x9c%\xb6\x9a\\S\xa2(Q\xcc', 0x7f) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r9, &(0x7f0000004240)={0x0, 0x0, &(0x7f0000004200)={&(0x7f0000000480)=ANY=[@ANYBLOB="1c000000d51df4604ee1f535fc9e29a263550458442d82e5417cc0bac96af35830a94900400c4633d72ce2f227a32a7d71e50cd6c38c929566cdb00f98b5ccbfa9b1bce23879765840a888f57ead3a5adc61d6cce64e733dc86ebb9411e4b178f26bde58c939e28a0ae94ba01f7aec047d793024f2ce35fc361d365effbe4afbf9394a85c75acc16df622507dccc9e32a6db8ac09f27e9399b0184c0fd8acc674f0aa1c18992164c358bb504868cc1", @ANYRES64=r8, @ANYRESOCT=r5], 0x1c}, 0x1, 0x0, 0x0, 0x40cc}, 0x20040080) migrate_pages$auto(0x0, 0xa, &(0x7f0000000100)=0x5, &(0x7f0000000140)=0x2) 3.683404613s ago: executing program 0 (id=5333): syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x7) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x1, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x10001) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000240)={0x0, 0x7}, 0x2) bpf$auto(0x0, 0x0, 0x6f3) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/audio\x00', 0x501100, 0x0) open_by_handle_at$auto(0xffffffffffffffff, 0x0, 0x3) socket(0x11, 0x3, 0x9) openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, 0x0, 0x14900, 0x0) openat$auto_generic(0xffffffffffffff9c, 0x0, 0x20080, 0x0) poll$auto(&(0x7f0000000040)={0xffffffffffffffff, 0x1000, 0x1c9}, 0x4000002, 0x8) openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, 0x0, 0x82, 0x0) r2 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/binderfs/binder1\x00', 0x80280, 0x0) ioctl$auto_BINDER_GET_EXTENDED_ERROR(r2, 0xc00c6211, 0x0) mmap$auto_snd_pcm_f_ops_pcm1(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x7c1faaf70770f6d9, 0xffffffffffffffff, 0x100000001) socket(0x2a, 0x2, 0x1) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000000), 0xffffffffffffffff) mmap$auto(0xfffffffffffffffc, 0xa00006, 0x400002, 0x40eb1, 0x602, 0x800) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000001280)='/dev/v4l-subdev0\x00', 0x40201, 0x0) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/afs/sysname\x00', 0xaa102, 0x0) write$auto(r3, 0x0, 0x7ef) unshare$auto(0x40000080) mmap$auto(0x0, 0x402000d, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) 2.364268449s ago: executing program 0 (id=5334): openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x8100, 0x0) openat$auto_drm_edid_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/dri/vkms/Virtual-1/edid_override\x00', 0xc0a82, 0x0) r0 = fanotify_init$auto(0x5, 0x0) fanotify_mark$auto(r0, 0x205, 0xa, 0x4, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) close_range$auto(0x2, 0x8, 0xa00) 2.241375567s ago: executing program 0 (id=5335): r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_fd=r0, 0xffffffffffffffff, 0x4, 0x1ff, 0xffffffffffffffff, @relative_id=0x13, 0xe600}, 0xf) sysfs$auto(0x2, 0x0, 0x2) shutdown$auto(0x200000003, 0x2) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'wlan0\x00'}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0x4000011}, 0x48c0) sendmsg$auto_NL80211_CMD_GET_PROTOCOL_FEATURES(0xffffffffffffffff, 0x0, 0x40) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000001c0)=ANY=[@ANYBLOB="300000003a03db7bf1205cebd271b0bd07ea88d11598", @ANYRES16=r3, @ANYBLOB="010031bd7000fddbdf250c000000040003801800018014000200776c616e3000"/42], 0x30}}, 0x24048084) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/all/forwarding\x00', 0x42a81, 0x0) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/bdi/43:288/max_ratio_fine\x00', 0x10b142, 0x0) sendfile$auto(r4, r5, 0x0, 0x1000200) r6 = socket(0x11, 0x80003, 0x300) recvmmsg$auto(r6, 0x0, 0x10001, 0x1, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) ioperm$auto(0x4, 0xbc6, 0x81) mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000) mount$auto(0x0, 0x0, 0x0, 0xf, 0x0) madvise$auto(0x0, 0x2003f2, 0x15) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) mmap$auto(0x0, 0xfff, 0xdf, 0x9b72, 0x400, 0x28000) statx$auto(0x2, 0x0, 0x1000, 0xbdfa, 0x0) 1.011770118s ago: executing program 1 (id=5336): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) r0 = openat$auto_hwflags_ops_debugfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/ieee80211/phy1/hwflags\x00', 0x101741, 0x0) write$auto_hwflags_ops_debugfs(r0, &(0x7f0000000200)="f4d5", 0x2) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x10, 0x6, 0x2004) socket(0x10, 0x80003, 0x80300) openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cec2\x00', 0x40, 0x0) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) socket(0x2, 0x2, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x88b02, 0x0) socket(0x27, 0x6, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = socket(0x2, 0x1, 0x106) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x40001, 0x0) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto_TCFLSH2(r3, 0x80045439, 0x0) ioctl$auto_TIOCSETD2(r2, 0x5423, 0x0) ioctl$auto(r2, 0x8925, r1) poll$auto(&(0x7f0000000d40)={0x3, 0x500, 0xa}, 0x5, 0x400) writev$auto(0xffffffffffffffff, 0x0, 0xa) setsockopt$auto(0xffffffffffffffff, 0x1, 0x9, 0x0, 0xeb66) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x2a, 0x5, 0x8) 1.01017185s ago: executing program 0 (id=5342): close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000240)='/dev/snd/midiC2D0\x00', 0x2841, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_nsim_pp_hold_fops_netdev(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/netdevsim/netdevsim0/ports/1/pp_hold\x00', 0x204041, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x40, 0x0) openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, 0x0, 0x28c40, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x6a400, 0x0) socket(0x15, 0x5, 0x0) r0 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) fcntl$auto(r0, 0x400, 0x1) close_range$auto(0x2, 0xa, 0x0) unlink$auto(&(0x7f0000000380)='./file0\x00') socket$nl_generic(0x10, 0x3, 0x10) io_uring_setup$auto(0x7, 0x0) socketpair$auto(0x1, 0x5, 0x100000, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000002080)='/dev/ptyd8\x00', 0x480, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptyde\x00', 0xa0102, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) ioctl$auto(0x3, 0x80047456, 0xffffffffffffffff) socket(0x26, 0x80805, 0xffffffff) r2 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f0000004240)={0x0, 0x0, &(0x7f0000004200)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010065bd7000fcdbdf2505"], 0x1c}, 0x1, 0x0, 0x0, 0x40cc}, 0x20040080) 670.949315ms ago: executing program 0 (id=5337): sendmmsg$auto(0x3, &(0x7f0000000140)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0x20000c4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x43, 0x0) r0 = socket(0x23, 0x2, 0x7d6) ioctl$auto(0x4000000000000c8, 0x800454cf, 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) bpf$auto(0x1, &(0x7f0000000000)=@batch={0xfffffffffffffffb, 0x44, 0x2, 0x9, 0x81, r0, 0x2, 0x8}, 0x100000cf) r1 = socket(0x10, 0x2, 0x0) r2 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/v4l-subdev3\x00', 0x16ba00, 0x0) ioctl$auto(r2, 0x80885659, r2) r3 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f00000001c0), 0x40, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_NEXT_DEVICE(r3, 0xc0145401, &(0x7f0000000200)={0x6, 0x1ff, 0xc, 0x5}) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200"], 0x1ac}}, 0x40000) recvmmsg$auto(r1, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/system/machinecheck/machinecheck0/cmci_disabled\x00', 0x2062, 0x0) write$auto(r4, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) r5 = fcntl$auto_F_RDLCK(r1, 0x2, 0x0) bpf$auto_BPF_MAP_DELETE_BATCH(0x1b, &(0x7f0000000300)=@bpf_attr_11={0x6, 0x10001, 0x0, 0x7, 0x8, 0x7fffffff, 0x4d6, r5}, 0xd) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), r5) r9 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) wait4$auto(r9, 0x0, 0x8, 0x0) r10 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000003c0), r6) r11 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000002c80), r6) r12 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r13 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r13, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r13, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r12, @ANYBLOB="13002ebd7000dddbdf251500000008000300", @ANYRES32=r14], 0x24}, 0x1, 0x0, 0x0, 0x4c0d4}, 0x20040894) sendmsg$auto_NL802154_CMD_SET_LBT_MODE(r1, &(0x7f0000002d80)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000002d40)={&(0x7f0000002dc0)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r11, @ANYBLOB="010025bd7000fedbdf25120000001400040070696d3672656730000000000000000005001f002600007651de0007002c000100000005bde000480b1618efdc693133040000089091051f5726bc2102ab97a39aef3d92be3cb18931aa0f3f911bb39d7d2985e99a400de0f9b46d7b2f45dca085f61add5d2c661c14fb846f80e35493a6c8c35470bc66", @ANYRES32=r14, @ANYBLOB], 0x50}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000002c40)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000002c00)={&(0x7f00000007c0)={0x241c, r10, 0x100, 0x70bd26, 0x25dfdbfb, {}, [@NL80211_ATTR_MBSSID_ELEMS={0x23fa, 0x133, 0x0, 0x1, [@generic="368a61ece6a28844cc2f046906e1876cd58163adfcf75d5bb0740198a70f8497206bda396d57140f04a0cebb4eb09c728ff024c1af7a148bee54c93fd3bb8abab0fc60b323ac0f3dd3ac44b5950fde2f276b36dfdf2bd03f897fbad800a91da9a24fc576378c654c52a2583d9ccfe7a4ab85987c52f8295b79dd86b0827c412c1a10edd41533a4e76a855a1e29a24b03bdc331fe1bb1af61a8279c418bfad582b77af294cc3a61421b3fab59da98ae839255721117b6b6a54f2146920287fd730e5e6a1ff977d00c2133a2370a74", @nested={0x10c3, 0x117, 0x0, 0x1, [@typed={0x41, 0x102, 0x0, 0x0, @str='/sys/devices/system/machinecheck/machinecheck0/cmci_disabled\x00'}, @typed={0x8, 0xcc, 0x0, 0x0, @ipv4=@multicast2}, @generic="c90a5ba4e10c8235d68552192c21eabfd5cf1a4d8f408abcda45711bd321e45f784bcd0275188f934b0fc8b3a4172107616c0b0eb99c9f5ce4d246f0666ec787c23598c5d22b68cef6bfa534647b1134f41fddb933c5d9cebb8c125fa533c1f32a7d41ffd47c66fec2bef7197be38452e50a6a", @generic="73b9fb51efc1400cfb5bbe03cdb8632016a4047807c99493df5990de17f7c9c64def29fd1d48286416da43426edf7ae411fe85cb9cf565ae8860fc876d93e23742043e54bb7a0f40f0d5fe5923e1876497eb9fa1cc43d96c69f8aba775d4a576a8a509dbc031c08f21fe86f8b034c91eb150c9c5128e5f6f1af9a086387960b76b24d967a76b9a6cc0b6efda3478e8e713421f140310e22928d80eb2c47667b3f182f1a1a8a7c644fadf7a39e2826cbe17d9fcb2b4ae8be4e53342621cc62ba8245c04b073f8ef722725a61bc0110d2c5497a3957d7a4916debbf9713ccc59a1a27e34bd3877c9d3ec9a86c741d786449310591c78f9012d778e232fe648e05be83b7f256cf411d83f34c6e7a311f2b8a39324d68b5c19541b00fb8dbf1b69ff93a694293ab744a91ecead591eeab25381feec8ab040f438a2e98788f704ee59143969bcaa7b2036ed11e0b6606e3cffe1e45304cbf207758d43785696bfb16e094370381e1e3c03c8e2d63257f751e7a2c3b5f6afd66464768c83e117dad615216e13fbc32e3f0ed0c3213cc7c373353a239fcbfb73a6fbafdcf69a340e11966aa69892261ac798ce78fa5545c6fd6426ffe15bc0a11e96501b131c70edf734d20b2494f44e77f44e7a60aad4805e70b56e307d196f7d2cd5a59f8d0765dacca8358317d2828bb289a8c555161dd9dbd7780487d66499b392c26aa115d11810016d55cb384b1be68cf0d9f0325c6070ef344b48d8100b32dfa0a1d1f65dae921488666ac7f1cbe1dbdd3594529146d2ce89653a5e9e3356dd13ed8a1251af8c223c8affea5673b62ccd67c887cc805457d6f860d5265fa489d31c4b99947ab0b8dc3643c50bff03d04c46450ffae0c7120dbb7801b3b21b5c58c0ed2921be9ed7ccc1d33fd83b7b3ebacef2c091bfe813a73ab0f029dcc76fcd4b8ecfaafbb63978775a460bb497d1ad35197bbb73a8810a4765d5ff873090791f6f2aea3da60a30daa28c80304094d714c3503a0ba8849cd0362354bd91eeee0098243437ca958fd6d8e9b4db3ee3c480d306f04dee0fc84a8627b4abb38b985a8acb7ed0cb5dc819ac2e9ca893920dfb4d24828f2feafe200a79c32f0119ce52f5b75d0584ccf4e5be41c882335786bc62e30489022ab81de3e41008aa9dd54f7161ab32e85002479eb127711ff164da2f629995439c7c5902f8ec83eb444ffc4d1068276990d7fc6454e6ff9ed94fbbc05c8c4c1d43dcb3c19fdf5f1a03ccd9056079f9736da737f630465cd1e909b2ded7dc743f9dc35671133410dd65c542c6f6afead3217d63e52c1160cad94f84abfc0ca9dc9a8d7c424d4e8041da4903ccd92d2a7cebf242668411034f1267ab76667bd2df69c0268a78f1e5a6cc18b82b9e27502d179897946463638e550f2bc85c986a71ed345bd24b90af8a1bda5fb4e21786b794a75a71a0ef4c7a2c85eda051c8e3f6ca3f24da4d4d33f9afa52a6c3b1bb6613a0e921558f0b77d7b7a79277516cebaf2fd71fe2ebff557d9f613c4c7bed03238adcff0666fc39252632b668f3a870a60548a1e024bda04e15b05f0007aaa96b0f247914e14d210db1d402eaa70d8179edb1fd4746019df3f7b21b11d0b1f61a6aa467ab36bc13bf838602c97a74bc8fdd3e19594639c3ae4d794c42f8768977c27c241c787ea3daacc8ec992760342aa19de390c8cb6ea9ef59a1e4076bc61b9d0d1424e4c51518e218e13c6baf43c8aa76b4419362c5fa8d354d597241aa9ab2a936663b36d23609b0b79bc5d1064d4514988be402bd25ba19dfb73584ea4ea658fa1de0027803750f4da7055c008c1db0d2f70281fddf34bf4188b8e6eed26a5e1b05a7e8dc8d0c3697ba746c33bfe0b45b6691582a56c7c139e5cade0644ac9d55bb209fdd81c5aca1ab414ace0fa8333f7a412234e2aadedf6e45f06e5d37a01b8bbabde6d11dda9297290aa9494d1fcc1547d15ecdf2e12f78caff5a50b839a609df6947165fcdd05b6a70e4919c38e2b8bbb155e1148aac1d8c9909bcb447193bc06838d9ebf06f75ec5ca0513d52abb2d4b722f8ca6199f31bae09319a67e331f0b2b8f3959b6f7ab8c94003e6c927022ad67541d6727ef8cc02e62e4c19d9b8a760815695ab12bb10c64b76c029ca69a7490d2e9a3620128a73032e1383775991f0b0421e04d99081c34e83266a8dcf05e4202ca3b1dce089ad1acfa03429141747732449fc25b935d6ed8ad4d305aa240245ae089ee07a2f774dad4959fa919cca4d8b597457036c61ece99a59c21eb629419b37b0eac323bcc408755f4d4e7f18c4fd3184d3fbfc856d024f7544e05eea48e133b49e44528f2e4a327e654b20cfb91675955880e5a6ae8a37d81c81f924e6d6879c0a5c387da46f7e9b3f59b4e4e67c13caf3afc5fd4f1f0556374de970b65e9a4af0771085b7bf75b6778cf005c4e4cccd5c4100ad17e6f397bf29339ea6a0a5b0bd402caee3aab85e646dce3e9608d7d94be97d7882b36c55632fe26b0edecfd1fe1b31aa4e0de2f43642e85b13b9e786cf4782ceadb4cbf7143014f09a9fabbfe8d0fc47eedb903a9f62841afd023594fe388fcd75c5465475bc86dd3200599755980ae061a0340b3940e0f6485f5eb02ab65b35b482c1d1e5eea449e00795292b8c8846b093328477a2212e3cc69a7567f02f2438d1c958565fc06cf809bc830d8ce2db57d7606a8afcd93b675527db6f02b0864f0efe8dd4f6a35b2680d7af7b235eebfb4b179d834d21d6b6ac7329374ba7067d5ca2ae15807bf9c7814af3394990245a76bf10e1e1fbd051c4292ce21981b9cf04cf41cbcf6e5ed3c7c5fc4617405b0dc01099a18e827aa5066e760c17b111408fe39b07202f141faa9383f6d8827735370a859123881b44facf3f47da67d1fb8b609ea71b0a1b43ee1b8189eaf58c00481caf2914e2cdf4302b0b2aa1aa3c5bc5a4c74cba49096cd384b48dba3b65fbb1df201d2d1d1833c7ab7c52766e465731c9fe74e089fe14e2957ed2b5395e53d816393b87df648bfe0c6eb9ad4fc6d9d6fdb0437d86415ad0886755e19d49f3e915e26c6d9743914205d23c4353c0663cba7614aeff2ed97ff418559e89fe339868f92f61c0f0d67ff53ea2d7954bd595a4e9ac39766361ee5d6dfc5af86b1ef2abeffc84a940f709162eff25cf0d3699ec040140dc44c18588b76134a8a0040183249cfc9f2765495d2e8d2bcdeed535a83d1baaa379512c9278d244856580bf1b22e4cc05059033758723ccd5c1863a9d41c38aa43e79df45cfb668602f816131e81ba720cef010ab77c28a980d72f3dfdbc86ca3997ea9f0e84b57508de7041419250ae8df0244acc09dfb22ce295807324fff982be703a9a9878410ac543a2600416d3bada7fc6954c66573d7131fdf2a79507879f437bdf53fb5f52ea27a119d22d7888343906576afd5bf030f3a4d9baef33ac943ead96b7a4723c5609a47e3b6f595478e28302ecea0c43e71056a5ee7d3bba0f87b9920bb2b2e45df081a1c8bdd67a33a0c53b55e1b8f314cd84b023fccf1915aa38c23abd20126e4a7046700da7c43a9e950f7ca11cae7bf028f582b4047b5a84ce8c841dc17c939fcc32b8a4d815a15d455d9b4794af2b2236d30a360b5dc86eb36aed0c3e12038455b7f23cf5af60292fc37d938223f3440b30db77a05f486c60cf18f02e595dd938d815a5ae7589fed1ffcf00c78910dcaaf1b39541f088995c8a3a92062680523eda865d81add26a632f173ff560c27b4c8dd2b4b787f8bb38de34fbbf1741f2fbf084f5c2e7caa2f32e896e9f250f447415e476bd0e556d844f320eb4baab4de5a5ab8cc0b6e90ff572bd1d88d8af73a98ccc440e3ba2a13a712d4080f2806974ea5d6b73847af04ea52de0af1f82cdcc86d8a121eb283b273a996fb65831a62cab76fc70082d35075c8670fa267539f1d19160ff955c39df1a69644000e70280bbec9ec312e25ad7b9b9fe727ed5eded67f64f0a0f33873324234bcd459e56e0369b54ca1acd5ad0a25c49fc127ca24495cc000041c7b9b5a6d7c81e83630b7755ffa46916b3dd3f48a2d5cf1badb75c0a92c0dc448853255e2417561f95028ed83e73e59af4bff2cfc607ee1f892a275a1230a1684ac7c65f969d42ee77d699ce4845c1a7880373b407de7c96467fefb8764f2f5ad169b078e4fe767d96508506659304ae32a03a8e2fe53a96502cc10aa5a40e7e2724a98eeaff284d1c52d4aea2a0fee8bb683787d7847ef1237d5c1b8065f213c7f6d0a1a18d33994723e69eb4502a56252f929238f45fe64bd67fe79aaaa90546daccbe00f9ac503019b82d41ebb47778df3bcc0576a828103ea76e392759d3999cece36c6be2cf6f568eb524ccc93eaff9c28906dc3fe113220603326a6edfc4051c0b5f7c5b6a5cede8b4a374c53bdf5dc93148f47699738c01fa09031fc39b826ac466635163bb79ea14ae6bd57ea1cdb1c1a6b9c78241ccd5990e49d1ae08a729dfdb0519f2a3dee2199608e002927a8a44f319c0353383067446e8a40913e9d28ba53538da6f7f58055d25c5b959a3697f78ab88875a4042389ba7848c478f2b7420350bbbe98e0648672652e1e98a53c1cde05feac969e0a7625a27f7a4f3476b82969bc0e41f6de010434cbdb5bb24591041b242ddbb38cb14715f7fc3a97ec5a0ecaf0b34317b2b735a6192153c4d89dc88d15cc4daa685714f265618b250680c85682892852904d9acabd4c4e7411ac41b8b649d3bdd665746b8f179d7335cf8bd34718740ce7c00a3739b15cc61a37b59a3d1a44ebe7a15a2092174bf78329589f45e9cf347ed99cd15021e733c24c2d8e22650a8e1e064b97a0905d5f1d50d73ff65d8220271eed8639e08d9498628d8189694e774ae1a9749a8bb4721610c119c2440abd80519b0ff58e7523275617551e592cc89eac53a694d0d7f028d97cfca1e8ae81880ac8141784b395ef17b0f5595e510e81978098f9da8afeaea5f0fced7c0623729ec2301b0fa17a84f4aff2ce23fd4d7e430409d1d266533085887be499363c19e5e181f9220fe38adabdb83ff37f63c20d082d988b6bfca388804d6eeaf998848257038e2bf4f3927ed8a768ca6eea0aa69ccbf73ca9489e3a7f8b4d28883d991b7819ddd210c696c5058a3804707286827a9a8b976e18b619d27aad4eb5c7cff65c91a8100b08b7da93eb2059d43628015f3a1af9e0a56a890a4a8517ddf5e06ad2df72a02c75ef8b14c551288df2535dc5cb828a324e4a903844375837d9c1722dfd3290585786a5683ab10b041a5e10938739adb511699d8b2d80c5f7ce138559bb80b1abe41a8475e510cea5f8227c97d2f4a1f751939f79501f873c72a7f21590b211732f4dd032045025ac7d77d11912d159acda34d8482da9c6198d9350af5f9f7c190e5abb4e10e1989d59c5d45e2a567214b7259e3b6966d8d3e3ea4472263c2130a809818e8ef9f578f40eaa34d68ddd507bbbcbe894b5bab14ceb1edb689752eeeee99245a3a928dc04eee03160061879fd10a590063d8b2c2329bc3883cbef6c46b67ea6f846fae91e2ee4f8c1f3334511998021166448ac7473b2dc1c76596e0251bc31b09458d5b45b54c651f7101362456b5e5bddd53575c26d84ff8cef505c85f03a755e7c342f7b1ba2b0147e97eb80ef44ae24704f82f3eaf1f3a910d1775d971bbd929b5405c45f2d0a4bee00c934e1b46c42a2eedd170002d1c372369fc41120f2c96dfe77545176b01c668399400efa04486ad32"]}, @nested={0x17c, 0x43, 0x0, 0x1, [@typed={0x166, 0xbd, 0x0, 0x0, @str='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb'}, @nested={0x4, 0x132}, @nested={0x4, 0xd5}, @typed={0x8, 0xe8, 0x0, 0x0, @ipv4=@private=0xa010102}]}, @generic="5605bceb6b8b2f82f9fff18bd4b0db61f74720e3a3cef54f5fad0723a8215fc04d7ce5ddff9bcfeee3021e9d10f37dc0fcf36cc15d330937d9075e886edf836e790623799d0d322a71b108ed3491f920c3cc1378ee92c967ecfc36ea43407d6ba374ae596605e47bbf83d080096eaf80676587ae7b41443f425d7ad4ad02f874fc614ca6507f8b6679443150ced99c64bf057d1a0d570813460a73e9faa7853e05449b71594d095422adccb956bf5c0813ffc65584af147cff9825ea95064be1a3ea849bb0f5c75214d629a1abc4667f651bb79be2c7e94924d83a287f5dc5b76b64dbcc8beaf884c920c60ed27b66baba34836930bf42a9f67910b8f9d73e66dbf900edea1a77da0ccabe3bba972f99cbda879687cd2309b804f4ea829540c00dac282ffc2da492ada490ac8aca6cd11930337b4a8dda0d922b25815f23fefd5815dc5b61b4c34a217c55c66643e63e2a378f6ed4482201db5e6792636280e8bae7274e0a7c521755f013374bcbe04e75fc74123218c81717830b0c3fff331ae851d40b1e2ad2262d91e99a08e253110dff72b3ebda47d2a2a606f9b565b9c17f8321875f9ab24dc99370935afcdea995ba2a594eaca4657bfafdc5874bc5256717a71c3c48f10b2db9c426327e8504ef983566e3b5edf791c4f56433b9dcdc58d7d691c49808468f16a8dfe65f6a590687aba0f6bad7c9f5ca4de346f5e463fccc43af0010a7b8ee0ee5117f6110d367ca994473974d44cb3adba8502364729e8fb1ef03f0b8a6a8277837f1f8585e3d882b28c7fecffadb8c2beb9d2c4aa9bf81687ff6c80432c44002e48dd220f3dd00fd9b0b63437b77302153295bc13c44e723faf903cb1c00cde93b433ec4782fdacacb1c00cbb2c55c13bb59ab8b2dcb5ad974ad0107ab1a35201c00bcbf2f0e5413323f2761ac2e8c1a577a8b50cd17307810c11e05b883ab943a8aaf857c8e93fb0f1928019f4aff7db3d4d867811e4414905e332864e94b7b063436cc2c8aefc6225d81883369a88d71282af381653b3e85e66e1b663cc314c33dd01e9ce1d6f2e3e8cdab4f500200a3876c9e6f9ea1f804ed000ff977c283a4a2a3fef862c221c85f148ca65113f87a18cb42b4bdeb654a393be9621af4dc876db6a2ca8d552a93b7ec3add7ee250f794b6b0c4c31955b712c083991aa29bfe6604e604de43eb993f3971faabd5f8fbbbcc39fcecddede7b6823e4f46366cdcea59f48d17cc7eaac81c0d8420f4b86cd084ffd124580ac6f8c092795655099e86c57da55dffd62401870e9ad73fb7803ffeba1844eab074e6027183298453809b60ca7b05a79e4d59e31fe117eb3df79d0b984064b6e1058c6c40578f5d37c97fb427dd7e935646a9264b40e7f557ba056751b57e5ffbe44c2fa8b5c5524395537b3b0080d8ef2a602d40be0c42bcca29f7929e1f035e527e9b1b74e2c0965b9f6516342ac8fb47b192668af474870aef68c8650f09de5e105020ba5f15392af99dcf324cf35248ff27327b260f5910414992fba164e7ef2bbf32c9f327c23657fe10b64b6eb94b72e98a78636885e1f44b67e3d022f3eba9e7f2600891e6775dcc9fa1c68622607e03c7098a22debcff4fcb921cc8bc819b81c2b5ab982ba96429e23c595080d1c5c7bb6e068241a6cad06f3d26c67fcced05bad3dada23445260f297184286bbd72a7ee9b34ad77cdc5c9d0e6228a2975125ff20ae012681356184c81a2e81fd06581e06b3a21990740be2f23758080447b0d2657607115877c5965f0a91913a0caedbd742dfaabd21a4485331f9e8b04865e5c469a17c477aaf7321311a13787a7f3a657460746a3307e735783e59597bd9f64fd5707abb40bc945355d52c3be098848963ed876255ed1f346e8b7838b71b8d6e3e3ad396e05fe574d29447cfbdd70e82ccf3cb49a2f66eae574472a74c81e3013ae60c2884f244caa5f2ea5300368d4373010bfe43a0805d8d2cd05c9b6865e1fe66a94b72a21958e8475c736ed55e4198fb90c06014eda656ae0892924860d510a180a8abb1d54e801260bf065f0065a8d3d6df108c5cdf7506293c3e1679c51f1f27c2d5d0e9b4dae1d36ab45ea91f14666df7053432a82024f57abe99d1755cbd419f56f1b040f20d7c0a8c564baaa52d88515631dddb49ba05783d7e31045b9660451eeb1f4efacf4742936747fcb0a798195212efd7d712209fe4bbd6c9c3ac2af31f5ae465c8cf850380c71ade452d2b8022917113b250ba796b884e49dca783dadd90eea00c5db5d965f8d99ab1fa05fc8e73fd047830e6c66ad84cf142624e6aafb82a9876538c2339b30bd876c1f0fc904d5854d48451fba320f1ed58ad2c059c12d3cd50df75d083cee38bf05776ea95059ebbbccf368832a19f51685a32e8bf70cb39140ffa7a7c1cc1c33e968274f41294a67074fe09a6f9bf09f68e4b34abb02d23659767a83f051f04e7fedb2711a163057d96636eeb761355b84010d221e8718cf9a0f6ba427907d7f79d640c70c62ed70672da691046292584c872dbb248c9f61dd075dda2bb67e44f32123ca2bbf981769c6798679387f5fdd728ce7ad6da0a06591026f703c18a6cdd3c9eff014d1cbdd1d3cdb4532d90e65685a245b8f17ba4448bc627465f91298665a47f26e41f9af50dfe3e4bbd423b2d427fab01942e1f8ba86045a43dc152b7cd827196eea2d7d0ad08fd3002e148f07c31b925a0ad2a01c0319428a955dae00f81f2bc464159c9182ceb103d21c6c3ee574a7a7a704f049ff45f41246c4534a4d5de2d1e227e87b747fb5f1efbaa4bbe076638dd3a985bc7fe40333c330a028d8ed42c0dba4f36f30310a5e71e6b91494eca2bf94c4cd90ad14449b7ac51480171e70e8ec73a01338903a24f187878460fbd4614afe96631e1c810acd2f95ba883670f283efc470cb4f31c80870477f4e80c8b70d46249061bf710b39c5c6bce2d02ad7ffb2efbd4cfbfc8781d48ad7d9290b0413f2a3adb6023fffdd2be6ea7dcd422943b35aabcc844584bbb278acb84909e74deeee137a16585486de9d44794929ad96c413f2a8d1c1c6e016d7caaecdc55fcb7725cd42dcf170e470e73719fc32b3952fde47a2bb9e37286fc5ebbed12e05c539f0fa27e24c4aaee1cccbf7ccb477ff2a135ca09ccac3367cf949e538e08c595760babf1fa073894bd9a484f54be8db1beea576b1e322195e136072aa0a7fa5d9ac50677d1f331d775e27cde5468e6b61b83613d73e49b20068330c0e1b248a2d6357bafa6c4668eaefbed3a2252ec8523e770d7da8719a360448f533395328dd664ef4cba13206885e09e068a7091ee6bc5b8f1910b666bdd6c3def157439789b25b61649c7a070bbacb9ed58bf8748b105a3eba74d25829b304959249d19b20bab875f84ac3d9bed3ac66e3f8a20eb7a567a9f34ed7b464411a2c26b6da4e0c652652291dea7dadea91baaed2972b988462a8881fda8f49e9316b658b4a6dd9789aba17219749c0c62033a14f6fff649ad0de1c9e206e61c5e4c6b7e5f769e7d4a9610ae096d861e9c1610e97cab9d662313a821fde880853acc0175f46cb7b27e1beb93c887fc75f1b7f9e6e7e95327b2f1f1870f15f89b6339c659ced936bbba77c17e9751e054aa580eed00d5c62a8e7c770fc4c011d96d035373008d85e0ebe6b10b17bb24a5eed26480415082c3ca67fff1a1318cf9cf2e683183bcdec77597fc3b49b7b7b3dedd25fea33b737acfafb9b999e019e901bc77336d6e71afe3e66cfc531f1edd43b3b1694cdc16f917607b7b05344112e222d3f9b05e8334817171b0e88ad7b1123fa46feb68d3db9a2125eb0afbef885b3cac5a2e699cf363a64e877fcf6663466fead9ecefdc875451f0fabed49b26d8e693d889d4eed8804e7267124ff0ba63f3df0558ccb8dda8d7b32d1d0ada03c888f266e5331dfa3a51e3c03044f7f4f6d98f2cae47699c2daad5cf064e845a31dec9da433a8862c93016b532fd32c45bdf040ed8c17a6b86c4436eb2fe2074f3fee617b3964bd2d57f767f47587dac21bc571200b24b6f385604e32cad9c5aad19730b7a9eea47c94139f32379a76e75ae83d1183ad86229b20ae1d669be3ae49ebfd7464612a9f67e557d20278e15d63cdeca20f292591fbac1f416f680626c97e7469bdab27ae8641a8f9c6dba21b0e8ad438b9eca49ec72037c16536744ef025519a86404f991b06bed8b7bb79c4148956be2771ba1974f4d9bac026b96aca09487f39ffb880fb3d69c3759c2d5ec46261df8744f4452208360e25893015c265f4ca938930b43ca6891d5f7e8841f73751cd89fbb6324c2d2e16825e38b0aad3143d38cdef347ce1cef43a25be75d6bf3c0d93984356fabfaf8bc19199010c65d6485773fc40296734ddb381cbc8b03e762c350fc6ee67da17368c8deb77823324c7eb865ca8b24eacd6b28238d11a7ff5af5cdc69d39bbc948091b140ba83c0752aa4ef592daeb31a232b6be6992f38cc0ad0d70a0256e8e193e3101fc182ab0de57a5d37e3fd1c5d9af3a9c6f34d11828961d9d7de2e856bcc129678950191a3000696640e0e9ae4c34cd0745221400f9541cded4a84b6a04cda564b958b97c03da5426fe88034ca0bbcadfae4a5e09e164099813e98b2fdbd0786ba4f8bf40d77c7ba9d0b6c3d06beaba0aa64101954ab57d142d2d68b5738dc48044c1cbcda48675931f0a724a52b0cf8829fbf4861e33b014334437c8dac4dec934cdf1437c94c8120484e2120c48acd37d84efcbb6313e54e79cb5c49158b63be5457e69cd95e14b37bfc93ed1b860bcd590074fe094e854927460f3f11bef83546cdb8143957e3090cd5070fc453bdf6feaad4ae01325ba7b571e59e3a0522bb167790a3f56f8df451f9cedd572bbdd22b96f3cb190a3150cd544b4f2874c944988a8dd92c7806567bf1bdb79356897dd37d3ea336bd8cb90f2ebca84b6f208ebe4e2ec474066c5d452fdc98a2b5cba3af536839df56dad46b94af762973c2d4c4631a4a4bc17848177041acc498b991c8da503cb7546c49643ba40e7be51fff9a9961a3daeba76a6de985541ee4460c18c5637af1ba2162a6f570ef7541b6635c9907c79bd2f3923e61ad4ff3386b4b57bf40e3cf1e40d64250742f564dcae30a3e33c75eec44997b205469989413b5a58bb9a416d51446ffa92aaa7f69bebc682c24b236c73db9b619150369477d7e0bf5f9b5b7d19b39f3bc8482d155fccef354811d05752e9bc12cb6b351cbd0fb7b44fdbce905367c5c3c00f569d50725546ebbcbb69f56ea030c011201aaad9a6f08802d2608d1d9e228863e59449733f193f269581606ba57b248dfd3b745b9bde70a29955b007ea42e01707bb2c58d265a515da43c9ebed177e23a69d33ab621d5e593ac25994666acdc0dbf5b014ea35a8d60335dc86a580f10674b4c597210eaa906f5a8d8e1ef1489c23e652fdb87b0959110341a19f2ebbf8c9c234cab093d272e083564222ae16f6a5789f2bad75bbcb8bb79bb5c427f5732cb06e83ef32392ef1f203f276006878d45e0985fc26265f21b701704fe144e55b767fc5e6bb09e07fd380a620d3296c14155daba4d203dc30248f1e37814dd491d9e9dd51df01ff430eac3a8672d65cc4eb58a354351d1d71afdb8a278f0192c8b65a25035c95cb50a4bd88e20123b12d109dff468272cb9750901debee9384a92073b95eec642039ba3cdbc3c3d5072e4f6725c214e9b0f89235f6278730b689c2984f1242a156a67e58d5", @typed={0x8, 0x13d, 0x0, 0x0, @ipv4=@private=0xa010101}, @typed={0xdf, 0x26, 0x0, 0x0, @binary="41db016c79904b76bc66bdb17c04fbf2d0d51f62e11cbad2c87fa08df3effea74f7fb1875ae9251e9005ef8110e237772ef707d7ba27c9e33f3012bcb952798740d27c31f97e68dd327eaf682c864d76ddac69a9d00e56a96618beca12525dd67bc4cd2cdfa6ef3b3977dcb58f7737839eae0da48d3ba729a09aca132698e03fce1531f3433fc443396d881a80341b77ed075744ec8bb870e50526b3fc0fd05f8ac2f44b84ba3aa88964a120a8c6a7b938c37f59e974515a45a5e77ebfa61dce48b1043058b337c09a09ec63efa7fe34788ca4f9ed8e2f0a24ec5e"}]}, @NL80211_ATTR_BSS_DUMP_INCLUDE_USE_DATA={0x4}, @NL80211_ATTR_ACL_POLICY={0x8, 0xa5, 0x3}]}, 0x241c}, 0x1, 0x0, 0x0, 0x40}, 0x10) sendmsg$auto_NL80211_CMD_GET_REG(r7, &(0x7f0000000780)={&(0x7f00000000c0), 0xc, &(0x7f0000000740)={&(0x7f00000005c0)={0x16c, r8, 0x400, 0x70bd2d, 0x25dfdbff, {}, [@NL80211_ATTR_P2P_OPPPS={0x5, 0xa3, 0x48}, @NL80211_ATTR_KEY_DEFAULT_TYPES={0x14c, 0x6e, 0x0, 0x1, [@generic="6377a86bde0b62a151a096209fa12bf17c3522c8f4d342a68bed565cd01072d7e87408dd38afb04ad3d438cb9ad5bd794b77f2171a1890fcd6cddbd208d7a43880287b5d39a4304b", @generic="521fcb26a64a222733b2523f0be7deb0aeea9badfd02cb240260f286e775d5df2a3afc6e74052a6216d3f388eb59bee6c51ea3bbdc06fa00b2f82ce24eb736b61c84d5831162a816c2203466224be0b30bae0511239d3fcf966b600ac4529a636c5ef79caa0d3c91595675814cfbc46e04c661ad25c93eed", @typed={0x8, 0x48, 0x0, 0x0, @u32=0x7}, @nested={0x80, 0x31, 0x0, 0x1, [@generic="997e77eb8f8cbf3ce5bfc73ae7e2879f58c5fdb9720c3e3300b938047216b60b45d9704f244bf7c7443d7754f1073b77fa0a", @typed={0x8, 0x10d, 0x0, 0x0, @pid=r9}, @typed={0xc, 0x12e, 0x0, 0x0, @u64=0xfffffffffffffc00}, @generic="2d89fe3c1c0f76d0c755b2420558538e127421a796cd61c7a195aa2e7ad77c9192133c88b5d1c7f61dd5529035f20b11ee53d3dfcc1c"]}]}, @NL80211_ATTR_PRIVACY={0x4}]}, 0x16c}, 0x1, 0x0, 0x0, 0x1}, 0x20004001) ioctl$auto(r0, 0x89f3, 0x24) 121.940419ms ago: executing program 0 (id=5338): r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_fd=r0, 0xffffffffffffffff, 0x4, 0x1ff, 0xffffffffffffffff, @relative_id=0x13, 0xe600}, 0xf) sysfs$auto(0x2, 0x0, 0x2) shutdown$auto(0x200000003, 0x2) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'wlan0\x00'}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0x4000011}, 0x48c0) sendmsg$auto_NL80211_CMD_GET_PROTOCOL_FEATURES(0xffffffffffffffff, 0x0, 0x40) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r2, 0x0, 0x24048084) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/all/forwarding\x00', 0x42a81, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/bdi/43:288/max_ratio_fine\x00', 0x10b142, 0x0) sendfile$auto(r3, r4, 0x0, 0x1000200) r5 = socket(0x11, 0x80003, 0x300) recvmmsg$auto(r5, 0x0, 0x10001, 0x1, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) ioperm$auto(0x4, 0xbc6, 0x81) mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000) mount$auto(0x0, 0x0, 0x0, 0xf, 0x0) madvise$auto(0x0, 0x2003f2, 0x15) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) mmap$auto(0x0, 0xfff, 0xdf, 0x9b72, 0x400, 0x28000) statx$auto(0x2, 0x0, 0x1000, 0xbdfa, 0x0) 0s ago: executing program 1 (id=5339): mmap$auto(0x0, 0x4020009, 0xdf, 0x80000010, 0x401, 0x8000) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) r0 = socketpair$auto(0x10401e, 0x5, 0xfffffffc, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x2, 0xa, 0x1) ioctl$auto_NVRAM_INIT(r0, 0x7040, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x129800, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) fanotify_init$auto(0x65, 0x2) pipe$auto(0x0) dup2$auto(0x5, 0x4) splice$auto(0x4, 0x0, 0x2, 0x0, 0x80000001, 0x9) r1 = pidfd_open$auto(0x1, 0x0) setns(r1, 0x60020000) umount2$auto(&(0x7f0000000080)='.\x00\x17\xe7\xcbK\x17\xa2\xa0\x9a\xf6\x81\xee\xbfB\x9d\x8cL\xc9 \f\xd5\x1f\xf5\xd0\xe2\xfb\x1bG[\x0e\v\xbcq\xa1(Gz\xd7\x02Viw@\x8c9 \xee\x8a\x04\xe7\xd6\xc5\xc6_\xb2\ndUsI\xd8o\x00\x00\x00\xff\xe4\xed^0\xed\xc5\tg\x91\x87\xb5\xa9\xcd\xde\xf2L\x10VL$\xb3\xd4\x89\x01Y@%v\xa2\a\x98G\xf1\x0eMg\xe1p5u\xb3E\xfc\x1c\xd2-\xe4\\;nQJ', 0x8) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x4000804) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x46, 0x80000000fffffffd, 0xfbc, 0x0, 0x0, 0x0, 0x6, 0x8000d, 0x533, 0x5, 0x80000000, 0x0, 0xffffffff80000000, 0x5, 0x400000000061, 0x9}) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x89fc, &(0x7f0000000040)={'bridge0\x00'}) socket(0x2, 0x1, 0x106) socket(0xa, 0x1, 0x84) sendto$auto(0x3, 0x0, 0x2000f, 0x101, &(0x7f0000000000)=@in={0x2, 0x4e22, @rand_addr=0x64010100}, 0x1c) sendto$auto(0x3, 0x0, 0x2000f, 0xd7d, &(0x7f0000000000)=@nfc={0x27, 0x0, 0x0, 0x4}, 0x1d) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x80802, 0x0) kernel console output (not intermixed with test programs): call_64+0x115/0x840 [ 1110.248645][T25833] ? clear_bhb_loop+0x40/0x90 [ 1110.248663][T25833] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1110.248678][T25833] RIP: 0033:0x7f324bb5d68e [ 1110.248692][T25833] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1110.248706][T25833] RSP: 002b:00007f324cb1dec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1110.248721][T25833] RAX: ffffffffffffffda RBX: 00007f324cb1e6c0 RCX: 00007f324bb5d68e [ 1110.248732][T25833] RDX: 0000000000000002 RSI: 00007f324cb1df90 RDI: ffffffffffffff9c [ 1110.248742][T25833] RBP: 00007f324bc32d6f R08: 0000000000000000 R09: 0000000000000000 [ 1110.248751][T25833] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1110.248760][T25833] R13: 00007f324be16038 R14: 00007f324be15fa0 R15: 00007fffac1cf8a8 [ 1110.248781][T25833] [ 1110.569059][ T6156] Bluetooth: hci3: command 0x0c1a tx timeout [ 1110.854848][T16574] Bluetooth: hci2: command 0x0c1a tx timeout [ 1110.998597][T16574] Bluetooth: hci1: command 0x0c1a tx timeout [ 1111.190292][T25856] netlink: zone id is out of range [ 1111.195582][T16574] Bluetooth: hci0: command 0x0406 tx timeout [ 1112.601456][T16574] Bluetooth: hci3: command 0x0c1a tx timeout [ 1113.078293][T16574] Bluetooth: hci1: command 0x0c1a tx timeout [ 1113.155489][T25894] netlink: 208 bytes leftover after parsing attributes in process `syz.4.4531'. [ 1113.209188][T25902] futex_wake_op: syz.1.4532 tries to shift op by -2048; fix this program [ 1113.233304][T25894] FAULT_INJECTION: forcing a failure. [ 1113.233304][T25894] name failslab, interval 1, probability 0, space 0, times 0 [ 1113.248651][T16574] Bluetooth: hci0: command 0x0406 tx timeout [ 1113.365068][T25894] CPU: 0 UID: 0 PID: 25894 Comm: syz.4.4531 Tainted: G L syzkaller #0 PREEMPT(full) [ 1113.365095][T25894] Tainted: [L]=SOFTLOCKUP [ 1113.365101][T25894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1113.365111][T25894] Call Trace: [ 1113.365117][T25894] [ 1113.365123][T25894] dump_stack_lvl+0x100/0x190 [ 1113.365154][T25894] should_fail_ex.cold+0x5/0xa [ 1113.365174][T25894] ? kobject_get_path+0xcf/0x2c0 [ 1113.365197][T25894] should_failslab+0xc2/0x120 [ 1113.365216][T25894] __kmalloc_noprof+0xe0/0x850 [ 1113.365242][T25894] kobject_get_path+0xcf/0x2c0 [ 1113.365272][T25894] kobject_uevent_env+0x287/0x18b0 [ 1113.365292][T25894] ? bus_to_subsys+0x114/0x150 [ 1113.365322][T25894] device_add+0x116e/0x1950 [ 1113.365342][T25894] ? __pfx_device_add+0x10/0x10 [ 1113.365357][T25894] ? kfree_const+0x5a/0x70 [ 1113.365373][T25894] ? kfree+0x1dd/0x6c0 [ 1113.365399][T25894] device_create_groups_vargs+0x1f8/0x270 [ 1113.365420][T25894] device_create+0xed/0x130 [ 1113.365437][T25894] ? __pfx_device_create+0x10/0x10 [ 1113.365452][T25894] ? lockdep_init_map_type+0x5c/0x250 [ 1113.365477][T25894] ? timer_init_key+0x155/0x330 [ 1113.365500][T25894] ? ieee80211_roc_setup+0x136/0x270 [ 1113.365591][T25894] ? ieee80211_alloc_hw_nm+0x19f8/0x22e0 [ 1113.365617][T25894] mac80211_hwsim_new_radio+0x379/0x5aa0 [ 1113.365640][T25894] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1113.365667][T25894] ? rcu_is_watching+0x12/0xc0 [ 1113.365685][T25894] ? do_trace_netlink_extack+0x74/0x1f0 [ 1113.365704][T25894] ? __nla_validate_parse+0x1e7/0x28b0 [ 1113.365724][T25894] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1113.365750][T25894] hwsim_new_radio_nl+0xc5f/0x1370 [ 1113.365769][T25894] ? rcu_is_watching+0x12/0xc0 [ 1113.365787][T25894] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1113.365811][T25894] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1e5/0x2f0 [ 1113.365834][T25894] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1ef/0x2f0 [ 1113.365862][T25894] genl_family_rcv_msg_doit+0x214/0x300 [ 1113.365885][T25894] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1113.365906][T25894] ? genl_get_cmd+0x3e7/0x760 [ 1113.365931][T25894] ? bpf_lsm_capable+0x9/0x10 [ 1113.365947][T25894] ? security_capable+0x80/0x260 [ 1113.365962][T25894] ? ns_capable+0xd2/0xf0 [ 1113.365982][T25894] genl_rcv_msg+0x560/0x800 [ 1113.366005][T25894] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1113.366027][T25894] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1113.366052][T25894] netlink_rcv_skb+0x159/0x420 [ 1113.366071][T25894] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1113.366094][T25894] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1113.366121][T25894] ? netlink_deliver_tap+0x1ae/0xcc0 [ 1113.366142][T25894] genl_rcv+0x28/0x40 [ 1113.366161][T25894] netlink_unicast+0x585/0x850 [ 1113.366183][T25894] ? __pfx_netlink_unicast+0x10/0x10 [ 1113.366208][T25894] netlink_sendmsg+0x8b0/0xda0 [ 1113.366231][T25894] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1113.366249][T25894] ? __import_iovec+0x1d2/0x640 [ 1113.366272][T25894] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 1113.366291][T25894] ____sys_sendmsg+0x9e1/0xb70 [ 1113.366319][T25894] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1113.366341][T25894] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1113.366360][T25894] ? preempt_schedule_thunk+0x16/0x30 [ 1113.366387][T25894] ? try_to_wake_up+0x5f6/0x1900 [ 1113.366410][T25894] ___sys_sendmsg+0x190/0x1e0 [ 1113.366431][T25894] ? __pfx____sys_sendmsg+0x10/0x10 [ 1113.366451][T25894] ? futex_private_hash_put+0x107/0x1c0 [ 1113.366496][T25894] __sys_sendmsg+0x170/0x220 [ 1113.366511][T25894] ? __pfx___sys_sendmsg+0x10/0x10 [ 1113.366526][T25894] ? __x64_sys_futex+0x34f/0x4d0 [ 1113.366549][T25894] ? rcu_is_watching+0x12/0xc0 [ 1113.366568][T25894] do_syscall_64+0x115/0x840 [ 1113.366588][T25894] ? clear_bhb_loop+0x40/0x90 [ 1113.366607][T25894] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1113.366622][T25894] RIP: 0033:0x7f324bb9ce59 [ 1113.366637][T25894] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1113.366652][T25894] RSP: 002b:00007f324cb1e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1113.366668][T25894] RAX: ffffffffffffffda RBX: 00007f324be15fa0 RCX: 00007f324bb9ce59 [ 1113.366679][T25894] RDX: 0000000004048000 RSI: 0000200000004240 RDI: 0000000000000005 [ 1113.366688][T25894] RBP: 00007f324bc32d6f R08: 0000000000000000 R09: 0000000000000000 [ 1113.366698][T25894] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1113.366706][T25894] R13: 00007f324be16038 R14: 00007f324be15fa0 R15: 00007fffac1cf8a8 [ 1113.366727][T25894] [ 1114.377543][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 1114.384124][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 1114.722647][T16574] Bluetooth: hci3: command 0x0c1a tx timeout [ 1115.148601][T16574] Bluetooth: hci1: command 0x0c1a tx timeout [ 1115.795492][T16574] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 1116.655803][T25952] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4543'. [ 1116.748233][T25954] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4543'. [ 1118.536453][T25987] syz.0.4549 uses obsolete (PF_INET,SOCK_PACKET) [ 1118.933145][T25994] netlink: zone id is out of range [ 1119.152470][T16574] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 1119.160063][T16574] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 1122.663668][T26046] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4564'. [ 1122.764084][T16574] Bluetooth: hci3: Received unexpected HCI Event 0x00 [ 1123.470492][T26056] zswap: compressor û not available [ 1125.474373][T26107] cifs: Unknown parameter 'no+ 1§• Ö`ÑørêsFn)ÈøaõH†šÄ¿¡h`àØÝë9k¤A}€žŠ1\D@‹Ç.ÁäZÔCg^‚' [ 1125.514052][T26109] Invalid ELF header magic: != ELF [ 1128.229401][T26129] Process accounting paused [ 1130.433841][T26206] Invalid ELF header magic: != ELF [ 1130.836935][T26219] netlink: zone id is out of range [ 1131.194890][T26230] netlink: 'syz.4.4604': attribute type 1 has an invalid length. [ 1131.588105][T26223] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1131.629330][T26223] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1131.669734][T26223] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 1131.734201][T26223] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1131.767274][T26223] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1131.797041][T26223] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1131.835003][T26223] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1131.988989][T26223] Process accounting paused [ 1133.634268][ T6156] Bluetooth: hci4: command 0x0c1a tx timeout [ 1133.640759][T16574] Bluetooth: hci3: command 0x0c1a tx timeout [ 1133.781540][T16574] Bluetooth: hci1: command 0x0c1a tx timeout [ 1133.787699][ T6156] Bluetooth: hci2: command 0x0c1a tx timeout [ 1133.860604][T16574] Bluetooth: hci0: command 0x0406 tx timeout [ 1135.692086][T16574] Bluetooth: hci3: command 0x0c1a tx timeout [ 1135.704097][T26289] netlink: zone id is out of range [ 1135.747208][T26292] netlink: 'syz.4.4618': attribute type 11 has an invalid length. [ 1135.931052][T16574] Bluetooth: hci0: command 0x0406 tx timeout [ 1136.606139][T26305] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4620'. [ 1138.175225][T26334] ptrace attach of "ci-qemu-gce-upstream-auto/syz-executor exec"[22120] was attempted by "ci-qemu-gce-upstream-auto/syz-executor exec"[26334] [ 1138.266195][T26335] can: request_module (can-proto-3) failed. [ 1138.526389][T26343] Invalid ELF header magic: != ELF [ 1142.335253][T26409] KVM: debugfs: duplicate directory 26409-3 [ 1142.779895][T26432] FAULT_INJECTION: forcing a failure. [ 1142.779895][T26432] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1142.934005][T26432] CPU: 0 UID: 0 PID: 26432 Comm: syz.2.4646 Tainted: G L syzkaller #0 PREEMPT(full) [ 1142.934033][T26432] Tainted: [L]=SOFTLOCKUP [ 1142.934038][T26432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1142.934048][T26432] Call Trace: [ 1142.934054][T26432] [ 1142.934061][T26432] dump_stack_lvl+0x100/0x190 [ 1142.934091][T26432] should_fail_ex.cold+0x5/0xa [ 1142.934111][T26432] get_futex_key+0x1d2/0x1510 [ 1142.934137][T26432] ? __pfx_get_futex_key+0x10/0x10 [ 1142.934161][T26432] ? blk_finish_plug+0x83/0xa0 [ 1142.934268][T26432] ? madvise_do_behavior+0x1fc/0x510 [ 1142.934291][T26432] futex_wake+0xea/0x530 [ 1142.934308][T26432] ? madvise_unlock+0x154/0x220 [ 1142.934333][T26432] ? __pfx_futex_wake+0x10/0x10 [ 1142.934355][T26432] ? madvise_unlock+0xa9/0x220 [ 1142.934378][T26432] do_futex+0x32b/0x350 [ 1142.934394][T26432] ? __pfx_do_futex+0x10/0x10 [ 1142.934415][T26432] __x64_sys_futex+0x34f/0x4d0 [ 1142.934434][T26432] ? __pfx___x64_sys_futex+0x10/0x10 [ 1142.934453][T26432] ? rcu_is_watching+0x12/0xc0 [ 1142.934473][T26432] do_syscall_64+0x115/0x840 [ 1142.934493][T26432] ? clear_bhb_loop+0x40/0x90 [ 1142.934511][T26432] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1142.934527][T26432] RIP: 0033:0x7f96fcd9ce59 [ 1142.934541][T26432] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1142.934556][T26432] RSP: 002b:00007f96fdc480e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1142.934570][T26432] RAX: ffffffffffffffda RBX: 00007f96fd016188 RCX: 00007f96fcd9ce59 [ 1142.934581][T26432] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f96fd01618c [ 1142.934591][T26432] RBP: 00007f96fd016180 R08: 0000000000000001 R09: 0000000000000000 [ 1142.934601][T26432] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1142.934610][T26432] R13: 00007f96fd016218 R14: 00007ffc36a6c840 R15: 00007ffc36a6c928 [ 1142.934630][T26432] [ 1144.086826][T26454] netlink: zone id is out of range [ 1144.101757][T26454] netlink: zone id is out of range [ 1144.149481][T26454] netlink: zone id is out of range [ 1144.229149][T26454] netlink: zone id is out of range [ 1144.359386][T26454] netlink: zone id is out of range [ 1144.418077][T26454] netlink: zone id is out of range [ 1144.513032][T26454] netlink: zone id is out of range [ 1144.557533][T26454] netlink: zone id is out of range [ 1144.649353][T26454] netlink: zone id is out of range [ 1144.707666][T26454] netlink: zone id is out of range [ 1147.779022][T26507] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4662'. [ 1151.396197][T26560] vivid-007: ================= START STATUS ================= [ 1151.438272][T26560] vivid-007: Generate PTS: true [ 1151.461238][T26560] vivid-007: Generate SCR: true [ 1151.513515][T26560] tpg source WxH: 320x240 (Y'CbCr) [ 1151.545820][T26560] tpg field: 1 [ 1151.563125][T26560] tpg crop: (0,0)/320x240 [ 1151.600344][T26560] tpg compose: (0,0)/320x240 [ 1151.634470][T26560] tpg colorspace: 8 [ 1151.655413][T26560] tpg transfer function: 0/0 [ 1151.676542][T26560] tpg Y'CbCr encoding: 0/0 [ 1151.720128][T26560] tpg quantization: 0/0 [ 1151.763167][T26560] tpg RGB range: 0/2 [ 1151.812435][T26560] vivid-007: ================== END STATUS ================== [ 1153.838534][T26608] nvme_fabrics: missing parameter 'transport=%s' [ 1153.838568][T26608] nvme_fabrics: missing parameter 'nqn=%s' [ 1154.256998][T26624] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4685'. [ 1154.741071][T26632] net_ratelimit: 568 callbacks suppressed [ 1154.741089][T26632] netlink: zone id is out of range [ 1155.201398][T26636] futex_wake_op: syz.4.4688 tries to shift op by -2048; fix this program [ 1155.244242][T26636] futex_wake_op: syz.4.4688 tries to shift op by -2048; fix this program [ 1155.305036][T26636] 0x000000000001-0x000000020000 : "" [ 1155.380995][T26636] ftl_cs: FTL header corrupt! [ 1157.645606][T26689] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4698'. [ 1158.658649][T26701] Process accounting resumed [ 1159.954577][T26739] vivid-007: ================= START STATUS ================= [ 1160.007554][T26739] vivid-007: Generate PTS: true [ 1160.033832][T26739] vivid-007: Generate SCR: true [ 1160.084582][T26739] tpg source WxH: 320x240 (Y'CbCr) [ 1160.109068][T26739] tpg field: 1 [ 1160.214074][T26739] tpg crop: (0,0)/320x240 [ 1160.250955][T26739] tpg compose: (0,0)/320x240 [ 1160.318438][T26739] tpg colorspace: 8 [ 1160.390428][T26739] tpg transfer function: 0/0 [ 1160.434320][T26739] tpg Y'CbCr encoding: 0/0 [ 1160.503128][T26739] tpg quantization: 0/0 [ 1160.562371][T26739] tpg RGB range: 0/2 [ 1160.599663][T26739] vivid-007: ================== END STATUS ================== [ 1161.119834][ T6156] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1161.132037][ T6156] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1161.144208][ T6156] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1161.158596][ T6156] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1161.170475][ T6156] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1161.628378][ T30] audit: type=1800 audit(1780818800.257:32): pid=26773 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.4717" name="dbroot" dev="configfs" ino=137759 res=0 errno=0 [ 1162.565005][T26776] Process accounting resumed [ 1162.999061][ T7444] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1163.243414][ T6156] Bluetooth: hci5: command tx timeout [ 1163.594619][ T7444] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1163.941589][T26807] input: f¬ as /devices/virtual/input/input30 [ 1164.031779][ T7444] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1164.226442][T26814] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4723'. [ 1164.574172][ T7444] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1165.313156][ T6156] Bluetooth: hci5: command tx timeout [ 1165.668169][ T6156] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 1165.688160][T16574] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 1165.695965][T16574] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:0' [ 1165.705402][T16574] CPU: 0 UID: 0 PID: 16574 Comm: kworker/u11:2 Tainted: G L syzkaller #0 PREEMPT(full) [ 1165.705427][T16574] Tainted: [L]=SOFTLOCKUP [ 1165.705433][T16574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1165.705445][T16574] Workqueue: hci2 hci_rx_work [ 1165.705469][T16574] Call Trace: [ 1165.705475][T16574] [ 1165.705482][T16574] dump_stack_lvl+0x100/0x190 [ 1165.705511][T16574] sysfs_warn_dup.cold+0x1c/0x28 [ 1165.705533][T16574] sysfs_create_dir_ns+0x24b/0x2b0 [ 1165.705550][T16574] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 1165.705564][T16574] ? find_held_lock+0x2b/0x80 [ 1165.705583][T16574] ? kobject_add_internal+0x25f/0x930 [ 1165.705598][T16574] ? kobject_add_internal+0x25f/0x930 [ 1165.705615][T16574] ? do_raw_spin_unlock+0x145/0x1e0 [ 1165.705632][T16574] kobject_add_internal+0x2c8/0x930 [ 1165.705650][T16574] kobject_add+0x16a/0x1e0 [ 1165.705665][T16574] ? __pfx_kobject_add+0x10/0x10 [ 1165.705679][T16574] ? class_to_subsys+0x10f/0x150 [ 1165.705700][T16574] ? kobject_put+0xb9/0x640 [ 1165.705721][T16574] ? _raw_spin_unlock+0x28/0x50 [ 1165.705744][T16574] device_add+0x294/0x1950 [ 1165.705768][T16574] ? __pfx_dev_set_name+0x10/0x10 [ 1165.705789][T16574] ? __pfx_device_add+0x10/0x10 [ 1165.705806][T16574] ? mgmt_send_event_skb+0x2fb/0x460 [ 1165.705832][T16574] hci_conn_add_sysfs+0x1a3/0x260 [ 1165.705856][T16574] le_conn_complete_evt+0x11eb/0x1f60 [ 1165.705881][T16574] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 1165.705899][T16574] ? __pfx_bt_warn+0x10/0x10 [ 1165.705925][T16574] hci_le_conn_complete_evt+0x23c/0x3a0 [ 1165.705946][T16574] ? skb_pull_data+0x15f/0x1e0 [ 1165.705967][T16574] hci_le_meta_evt+0x34a/0x5f0 [ 1165.705987][T16574] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 1165.706009][T16574] hci_event_packet+0x51c/0xcd0 [ 1165.706028][T16574] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 1165.706048][T16574] ? __pfx_hci_event_packet+0x10/0x10 [ 1165.706069][T16574] ? kcov_remote_start+0x374/0x660 [ 1165.706089][T16574] ? lockdep_hardirqs_on+0x78/0x100 [ 1165.706114][T16574] hci_rx_work+0x451/0xfc0 [ 1165.706135][T16574] process_one_work+0xa0e/0x1980 [ 1165.706159][T16574] ? __pfx_process_one_work+0x10/0x10 [ 1165.706180][T16574] ? __pfx_hci_rx_work+0x10/0x10 [ 1165.706199][T16574] worker_thread+0x5ef/0xe50 [ 1165.706220][T16574] ? __pfx_worker_thread+0x10/0x10 [ 1165.706235][T16574] ? kthread+0x13a/0x450 [ 1165.706255][T16574] ? __pfx_worker_thread+0x10/0x10 [ 1165.706269][T16574] kthread+0x370/0x450 [ 1165.706290][T16574] ? __pfx_kthread+0x10/0x10 [ 1165.706313][T16574] ret_from_fork+0x72b/0xd50 [ 1165.706330][T16574] ? __pfx_ret_from_fork+0x10/0x10 [ 1165.706346][T16574] ? rcu_is_watching+0x12/0xc0 [ 1165.706363][T16574] ? __switch_to+0x800/0x1100 [ 1165.706382][T16574] ? __switch_to_asm+0x39/0x70 [ 1165.706401][T16574] ? __pfx_kthread+0x10/0x10 [ 1165.706423][T16574] ret_from_fork_asm+0x1a/0x30 [ 1165.706451][T16574] [ 1165.706470][T16574] kobject: kobject_add_internal failed for hci2:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 1166.033405][T16574] Bluetooth: hci2: failed to register connection device [ 1166.280204][T26844] can: request_module (can-proto-3) failed. [ 1166.699881][ T7444] bridge_slave_1: left allmulticast mode [ 1166.725633][ T7444] bridge_slave_1: left promiscuous mode [ 1166.749105][ T7444] bridge0: port 2(bridge_slave_1) entered disabled state [ 1166.809131][ T7444] bridge_slave_0: left allmulticast mode [ 1166.839668][ T7444] bridge_slave_0: left promiscuous mode [ 1166.869433][ T7444] bridge0: port 1(bridge_slave_0) entered disabled state [ 1167.385506][T16574] Bluetooth: hci5: command tx timeout [ 1167.607618][ T7444] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1167.644631][ T7444] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1167.689042][ T7444] bond0 (unregistering): Released all slaves [ 1167.702458][T16574] Bluetooth: hci2: command 0x0c1a tx timeout [ 1168.134117][ T5296] 8021q: adding VLAN 0 to HW filter on device eth1 [ 1168.251944][T26765] bridge0: port 1(bridge_slave_0) entered blocking state [ 1168.298332][T26765] bridge0: port 1(bridge_slave_0) entered disabled state [ 1168.325692][T26765] bridge_slave_0: entered allmulticast mode [ 1168.359546][T26765] bridge_slave_0: entered promiscuous mode [ 1168.475995][T26765] bridge0: port 2(bridge_slave_1) entered blocking state [ 1168.502766][T26765] bridge0: port 2(bridge_slave_1) entered disabled state [ 1168.531111][T26765] bridge_slave_1: entered allmulticast mode [ 1168.559005][T26765] bridge_slave_1: entered promiscuous mode [ 1168.884649][T26765] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1168.946077][T26765] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1169.312608][T26765] team0: Port device team_slave_0 added [ 1169.453932][T16574] Bluetooth: hci5: command tx timeout [ 1169.549293][T26765] team0: Port device team_slave_1 added [ 1169.675486][T26908] udc dummy_udc.6: soft-connect without a gadget driver [ 1169.773452][T16574] Bluetooth: hci2: command 0x0c1a tx timeout [ 1169.914707][T26765] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1169.970125][T26765] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1170.157962][T26765] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1170.245491][T26765] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1170.296054][T26765] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1170.462560][T26765] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1170.732966][ T5296] 8021q: adding VLAN 0 to HW filter on device eth2 [ 1171.156414][T26765] hsr_slave_0: entered promiscuous mode [ 1171.177015][T26765] hsr_slave_1: entered promiscuous mode [ 1171.202698][T26765] debugfs: 'hsr0' already exists in 'hsr' [ 1171.223689][T26765] Cannot create hsr debugfs directory [ 1171.561550][T26931] syz.2.4740 (26931): /proc/26930/oom_adj is deprecated, please use /proc/26930/oom_score_adj instead. [ 1171.660144][T26932] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4740'. [ 1171.715415][ T7444] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1171.760638][ T7444] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1171.805363][ T7444] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1171.833078][ T7444] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1171.842123][T16574] Bluetooth: hci2: command 0x0c1a tx timeout [ 1171.954184][ T7444] veth1_macvtap: left promiscuous mode [ 1171.980129][ T7444] veth0_macvtap: left promiscuous mode [ 1172.009967][ T7444] veth1_vlan: left promiscuous mode [ 1172.034129][ T7444] veth0_vlan: left promiscuous mode [ 1173.174262][T26932] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4740'. [ 1173.217525][ T5296] 8021q: adding VLAN 0 to HW filter on device eth3 [ 1173.915531][T16574] Bluetooth: hci2: command 0x0c1a tx timeout [ 1175.428089][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 1175.434460][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 1175.668931][T27000] nbd: illegal input index -1024 [ 1180.069725][T27046] netlink: zone id is out of range [ 1180.102210][T27046] netlink: get zone limit has 8 unknown bytes [ 1180.125220][T27040] qrtr: Invalid version 0 [ 1180.493093][T26765] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1180.547527][T26765] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 1180.623828][T26765] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1180.690998][T26765] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 1180.736932][T26765] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1180.816341][T26765] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 1180.866171][T26765] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1180.922123][T26765] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 1181.757913][T26765] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1181.919884][T27079] random: crng reseeded on system resumption [ 1181.962414][T26765] 8021q: adding VLAN 0 to HW filter on device team0 [ 1182.178775][ T7444] bridge0: port 1(bridge_slave_0) entered blocking state [ 1182.185971][ T7444] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1182.371450][T16969] bridge0: port 2(bridge_slave_1) entered blocking state [ 1182.378660][T16969] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1184.884118][T26765] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1185.141717][T26765] veth0_vlan: entered promiscuous mode [ 1185.215300][T26765] veth1_vlan: entered promiscuous mode [ 1185.723130][T26765] veth0_macvtap: entered promiscuous mode [ 1185.848599][T26765] veth1_macvtap: entered promiscuous mode [ 1186.193764][T27140] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4762'. [ 1186.337841][T26765] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1186.537426][T26765] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1186.629787][T16970] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1186.689447][T16970] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1187.138602][T16970] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1187.301543][T16970] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1188.023983][ T7444] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1188.071180][ T7444] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1188.179805][T16969] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1188.227125][T16969] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1188.413314][T26765] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 1188.458682][T27169] nbd: illegal input index -1024 [ 1188.556767][T27169] Process accounting paused [ 1189.866598][T27196] FAULT_INJECTION: forcing a failure. [ 1189.866598][T27196] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1189.894713][T27197] vivid-007: ================= START STATUS ================= [ 1189.975542][T27196] CPU: 0 UID: 0 PID: 27196 Comm: syz.1.4772 Tainted: G L syzkaller #0 PREEMPT(full) [ 1189.975570][T27196] Tainted: [L]=SOFTLOCKUP [ 1189.975575][T27196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1189.975586][T27196] Call Trace: [ 1189.975592][T27196] [ 1189.975598][T27196] dump_stack_lvl+0x100/0x190 [ 1189.975628][T27196] should_fail_ex.cold+0x5/0xa [ 1189.975648][T27196] get_futex_key+0x1d2/0x1510 [ 1189.975675][T27196] ? __pfx_get_futex_key+0x10/0x10 [ 1189.975698][T27196] ? is_bpf_text_address+0x94/0x1a0 [ 1189.975718][T27196] ? kernel_text_address+0x8d/0x100 [ 1189.975733][T27196] ? __kernel_text_address+0xd/0x30 [ 1189.975750][T27196] futex_wait_setup+0x83/0x510 [ 1189.975774][T27196] __futex_wait+0x19f/0x300 [ 1189.975796][T27196] ? __pfx___futex_wait+0x10/0x10 [ 1189.975813][T27196] ? stack_depot_save_flags+0x27/0x9d0 [ 1189.975840][T27196] ? __pfx_futex_wake_mark+0x10/0x10 [ 1189.975860][T27196] ? futex_hash+0x2ad/0x370 [ 1189.975883][T27196] ? futex_hash+0x141/0x370 [ 1189.975907][T27196] futex_wait+0xe6/0x370 [ 1189.975925][T27196] ? __pfx_futex_wait+0x10/0x10 [ 1189.975953][T27196] do_futex+0x1ef/0x350 [ 1189.975968][T27196] ? __pfx_do_futex+0x10/0x10 [ 1189.975982][T27196] ? lockdep_hardirqs_on+0x78/0x100 [ 1189.976008][T27196] __x64_sys_futex+0x34f/0x4d0 [ 1189.976024][T27196] ? putname+0xb6/0x110 [ 1189.976043][T27196] ? __pfx___x64_sys_futex+0x10/0x10 [ 1189.976059][T27196] ? ksys_write+0x1ac/0x250 [ 1189.976076][T27196] ? __pfx___x64_sys_chdir+0x10/0x10 [ 1189.976097][T27196] ? rcu_is_watching+0x12/0xc0 [ 1189.976117][T27196] do_syscall_64+0x115/0x840 [ 1189.976137][T27196] ? clear_bhb_loop+0x40/0x90 [ 1189.976155][T27196] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1189.976171][T27196] RIP: 0033:0x7f669719ce59 [ 1189.976192][T27196] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1189.976208][T27196] RSP: 002b:00007f6697fe10e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1189.976224][T27196] RAX: ffffffffffffffda RBX: 00007f6697416098 RCX: 00007f669719ce59 [ 1189.976235][T27196] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f6697416098 [ 1189.976245][T27196] RBP: 00007f6697416090 R08: 0000000000000000 R09: 0000000000000000 [ 1189.976254][T27196] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1189.976263][T27196] R13: 00007f6697416128 R14: 00007fff825b9e80 R15: 00007fff825b9f68 [ 1189.976287][T27196] [ 1190.263342][T27197] vivid-007: Enable Output Cropping: true [ 1190.274797][T27197] vivid-007: Enable Output Composing: true [ 1190.280774][T27197] vivid-007: Enable Output Scaler: true [ 1190.286377][T27197] vivid-007: Tx RGB Quantization Range: Automatic [ 1190.292962][T27197] vivid-007: Transmit Mode: HDMI [ 1190.299628][T27197] vivid-007: Hotplug Present: 0x00000000 [ 1190.305521][T27197] vivid-007: RxSense Present: 0x00000000 [ 1190.311191][T27197] vivid-007: EDID Present: 0x00000000 [ 1190.316731][T27197] vivid-007: ================== END STATUS ================== [ 1192.433870][T27221] ERROR: Out of memory at tomoyo_memory_ok. [ 1192.488082][T27221] ERROR: Domain ' /sbin/init /etc/init.d/rcS /etc/init.d/S50sshd /sbin/start-stop-daemon /usr/sbin/sshd /usr/libexec/sshd-session /bin/sh /root/ci-qemu-gce-upstream-auto/syz-executor /root/ci-qemu-gce-upstream-auto/syz-executor /newroot/272/file0' not defined. [ 1192.696845][ T6156] Bluetooth: hci0: unexpected event for opcode 0x7c89 [ 1194.947634][T27217] Process accounting paused [ 1197.664286][T27292] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 1199.246287][T27319] netlink: 504 bytes leftover after parsing attributes in process `syz.1.4793'. [ 1201.063665][T27348] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4799'. [ 1202.416169][T27374] netlink: 334 bytes leftover after parsing attributes in process `syz.2.4804'. [ 1202.671348][ T6156] Bluetooth: hci5: unexpected subevent 0x01 length: 123 > 18 [ 1204.547163][T27405] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4811'. [ 1204.809165][T27405] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4811'. [ 1204.851829][T27405] tc_dump_action: action bad kind [ 1204.900441][T27412] can0: slcan on ttyS2. [ 1205.245889][T27411] can0 (unregistered): slcan off ttyS2. [ 1211.916622][T27527] FAULT_INJECTION: forcing a failure. [ 1211.916622][T27527] name failslab, interval 1, probability 0, space 0, times 0 [ 1211.993567][T27527] CPU: 0 UID: 0 PID: 27527 Comm: syz.2.4831 Tainted: G L syzkaller #0 PREEMPT(full) [ 1211.993594][T27527] Tainted: [L]=SOFTLOCKUP [ 1211.993600][T27527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1211.993610][T27527] Call Trace: [ 1211.993617][T27527] [ 1211.993623][T27527] dump_stack_lvl+0x100/0x190 [ 1211.993657][T27527] should_fail_ex.cold+0x5/0xa [ 1211.993679][T27527] should_failslab+0xc2/0x120 [ 1211.993698][T27527] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1211.993720][T27527] ? proc_thread_self_get_link+0x1a6/0x210 [ 1211.993742][T27527] proc_thread_self_get_link+0x1a6/0x210 [ 1211.993762][T27527] pick_link+0xac2/0x13c0 [ 1211.993778][T27527] ? __pfx_proc_thread_self_get_link+0x10/0x10 [ 1211.993799][T27527] step_into_slowpath+0x9ba/0xf90 [ 1211.993818][T27527] ? __pfx_step_into_slowpath+0x10/0x10 [ 1211.993837][T27527] ? lookup_fast+0x2da/0x600 [ 1211.993854][T27527] path_openat+0xf95/0x31a0 [ 1211.993878][T27527] ? __pfx_path_openat+0x10/0x10 [ 1211.993903][T27527] do_file_open+0x20e/0x430 [ 1211.993931][T27527] ? __pfx_do_file_open+0x10/0x10 [ 1211.993963][T27527] ? alloc_fd+0x476/0x790 [ 1211.993983][T27527] ? do_getname+0x191/0x390 [ 1211.994006][T27527] do_sys_openat2+0x10d/0x1e0 [ 1211.994029][T27527] ? __pfx_do_sys_openat2+0x10/0x10 [ 1211.994060][T27527] __x64_sys_openat+0x12d/0x210 [ 1211.994083][T27527] ? __pfx___x64_sys_openat+0x10/0x10 [ 1211.994104][T27527] ? ksys_write+0x1ac/0x250 [ 1211.994123][T27527] ? rcu_is_watching+0x12/0xc0 [ 1211.994144][T27527] do_syscall_64+0x115/0x840 [ 1211.994165][T27527] ? clear_bhb_loop+0x40/0x90 [ 1211.994184][T27527] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1211.994200][T27527] RIP: 0033:0x7f96fcd5d68e [ 1211.994213][T27527] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1211.994229][T27527] RSP: 002b:00007f96fdc89ec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1211.994245][T27527] RAX: ffffffffffffffda RBX: 00007f96fdc8a6c0 RCX: 00007f96fcd5d68e [ 1211.994256][T27527] RDX: 0000000000000002 RSI: 00007f96fdc89f90 RDI: ffffffffffffff9c [ 1211.994266][T27527] RBP: 00007f96fce32d6f R08: 0000000000000000 R09: 0000000000000000 [ 1211.994276][T27527] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1211.994285][T27527] R13: 00007f96fd016038 R14: 00007f96fd015fa0 R15: 00007ffc36a6c928 [ 1211.994305][T27527] [ 1214.278362][T27512] kexec: Could not allocate control_code_buffer [ 1214.810448][T27558] can0: slcan on ttyS2. [ 1215.021915][T27557] can0 (unregistered): slcan off ttyS2. [ 1215.398652][T27563] can0: slcan on ttyS2. [ 1215.499709][T27562] can0 (unregistered): slcan off ttyS2. [ 1216.278010][T27569] FAULT_INJECTION: forcing a failure. [ 1216.278010][T27569] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1216.385337][T27569] CPU: 0 UID: 0 PID: 27569 Comm: syz.1.4841 Tainted: G L syzkaller #0 PREEMPT(full) [ 1216.385364][T27569] Tainted: [L]=SOFTLOCKUP [ 1216.385370][T27569] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1216.385383][T27569] Call Trace: [ 1216.385394][T27569] [ 1216.385401][T27569] dump_stack_lvl+0x100/0x190 [ 1216.385432][T27569] should_fail_ex.cold+0x5/0xa [ 1216.385452][T27569] get_futex_key+0x1d2/0x1510 [ 1216.385479][T27569] ? __pfx_get_futex_key+0x10/0x10 [ 1216.385499][T27569] ? futex_hash+0x2ad/0x370 [ 1216.385522][T27569] ? futex_hash+0x141/0x370 [ 1216.385546][T27569] futex_wake+0xea/0x530 [ 1216.385566][T27569] ? __pfx_futex_wake+0x10/0x10 [ 1216.385585][T27569] ? find_held_lock+0x2b/0x80 [ 1216.385603][T27569] ? do_sys_openat2+0x1b4/0x1e0 [ 1216.385629][T27569] do_futex+0x32b/0x350 [ 1216.385645][T27569] ? __pfx_do_futex+0x10/0x10 [ 1216.385665][T27569] __x64_sys_futex+0x34f/0x4d0 [ 1216.385682][T27569] ? fdget_pos+0x2c0/0x380 [ 1216.385700][T27569] ? __pfx___x64_sys_futex+0x10/0x10 [ 1216.385715][T27569] ? ksys_write+0x1ac/0x250 [ 1216.385731][T27569] ? __pfx_ksys_write+0x10/0x10 [ 1216.385749][T27569] ? rcu_is_watching+0x12/0xc0 [ 1216.385769][T27569] do_syscall_64+0x115/0x840 [ 1216.385788][T27569] ? clear_bhb_loop+0x40/0x90 [ 1216.385806][T27569] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1216.385822][T27569] RIP: 0033:0x7f669719ce59 [ 1216.385836][T27569] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1216.385851][T27569] RSP: 002b:00007f66980020e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1216.385866][T27569] RAX: ffffffffffffffda RBX: 00007f6697415fa8 RCX: 00007f669719ce59 [ 1216.385876][T27569] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f6697415fac [ 1216.385886][T27569] RBP: 00007f6697415fa0 R08: 0000000000000001 R09: 0000000000000000 [ 1216.385895][T27569] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 1216.385904][T27569] R13: 00007f6697416038 R14: 00007fff825b9e80 R15: 00007fff825b9f68 [ 1216.385924][T27569] [ 1217.210847][T27600] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4845'. [ 1218.710221][T27626] can0: slcan on ttyS2. [ 1218.792585][T27624] can0 (unregistered): slcan off ttyS2. [ 1219.037766][T27615] Process accounting resumed [ 1220.087149][T27642] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4 [ 1220.131897][T27642] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4 [ 1220.191580][T27642] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 1220.241875][T27644] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1220.270682][T27644] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1220.318864][T27644] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1220.395045][T27644] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1220.446290][T27644] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1220.525275][T27644] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 1220.607075][T27644] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 1220.697521][T27644] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 1221.970167][T27685] can0: slcan on ttyS2. [ 1222.117866][T27684] can0 (unregistered): slcan off ttyS2. [ 1222.245648][ T6156] Bluetooth: hci4: command 0x0c1a tx timeout [ 1222.325693][ T6156] Bluetooth: hci1: command 0x0c1a tx timeout [ 1222.333976][ T6156] Bluetooth: hci2: command 0x0c1a tx timeout [ 1222.404958][T27692] Bluetooth: hci0: command 0x0406 tx timeout [ 1222.421219][T27694] FAULT_INJECTION: forcing a failure. [ 1222.421219][T27694] name failslab, interval 1, probability 0, space 0, times 0 [ 1222.485622][T27692] Bluetooth: hci5: command 0x0c1a tx timeout [ 1222.600753][T27694] CPU: 0 UID: 0 PID: 27694 Comm: syz.1.4861 Tainted: G L syzkaller #0 PREEMPT(full) [ 1222.600781][T27694] Tainted: [L]=SOFTLOCKUP [ 1222.600787][T27694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1222.600797][T27694] Call Trace: [ 1222.600803][T27694] [ 1222.600810][T27694] dump_stack_lvl+0x100/0x190 [ 1222.600841][T27694] should_fail_ex.cold+0x5/0xa [ 1222.600861][T27694] should_failslab+0xc2/0x120 [ 1222.600881][T27694] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 1222.600904][T27694] ? shmem_alloc_inode+0x25/0x50 [ 1222.600932][T27694] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1222.600954][T27694] ? __pfx_shmem_alloc_inode+0x10/0x10 [ 1222.600974][T27694] shmem_alloc_inode+0x25/0x50 [ 1222.600992][T27694] alloc_inode+0x68/0x250 [ 1222.601015][T27694] new_inode+0x22/0x1c0 [ 1222.601038][T27694] shmem_get_inode+0x1e3/0xfb0 [ 1222.601060][T27694] ? __pfx_shmem_get_inode+0x10/0x10 [ 1222.601085][T27694] __shmem_file_setup+0x382/0x460 [ 1222.601106][T27694] ? __pfx___shmem_file_setup+0x10/0x10 [ 1222.601127][T27694] ? vm_area_alloc+0x1f/0x160 [ 1222.601150][T27694] shmem_zero_setup+0x96/0x1b0 [ 1222.601167][T27694] __mmap_region+0x2509/0x2dd0 [ 1222.601193][T27694] ? __pfx___mmap_region+0x10/0x10 [ 1222.601218][T27694] ? rcu_is_watching+0x12/0xc0 [ 1222.601235][T27694] ? trace_pelt_se_tp+0x13b/0x190 [ 1222.601262][T27694] ? do_raw_spin_lock+0x128/0x260 [ 1222.601281][T27694] ? __lock_acquire+0x4a5/0x2630 [ 1222.601304][T27694] ? do_raw_spin_unlock+0x145/0x1e0 [ 1222.601329][T27694] ? find_held_lock+0x2b/0x80 [ 1222.601347][T27694] ? rcu_is_watching+0x12/0xc0 [ 1222.601372][T27694] ? mark_held_locks+0x40/0x70 [ 1222.601393][T27694] ? finish_task_switch.isra.0+0x2cb/0x1010 [ 1222.601442][T27694] ? rcu_is_watching+0x12/0xc0 [ 1222.601463][T27694] mmap_region+0x35d/0x620 [ 1222.601478][T27694] ? rcu_is_watching+0x12/0xc0 [ 1222.601495][T27694] ? __pfx_mmap_region+0x10/0x10 [ 1222.601512][T27694] ? cap_mmap_addr+0x4b/0x120 [ 1222.601528][T27694] ? bpf_lsm_mmap_addr+0x9/0x30 [ 1222.601542][T27694] ? security_mmap_addr+0x71/0x1e0 [ 1222.601562][T27694] ? __get_unmapped_area+0x255/0x3e0 [ 1222.601583][T27694] do_mmap+0xc63/0x12f0 [ 1222.601605][T27694] ? __pfx_do_mmap+0x10/0x10 [ 1222.601623][T27694] ? __pfx_down_write_killable+0x10/0x10 [ 1222.601652][T27694] vm_mmap_pgoff+0x29e/0x470 [ 1222.601674][T27694] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1222.601694][T27694] ? do_futex+0x192/0x350 [ 1222.601710][T27694] ? __pfx_do_futex+0x10/0x10 [ 1222.601729][T27694] ksys_mmap_pgoff+0xe4/0x610 [ 1222.601747][T27694] ? __x64_sys_futex+0x358/0x4d0 [ 1222.601763][T27694] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 1222.601780][T27694] ? xfd_validate_state+0x129/0x190 [ 1222.601801][T27694] __x64_sys_mmap+0x125/0x190 [ 1222.601819][T27694] do_syscall_64+0x115/0x840 [ 1222.601839][T27694] ? clear_bhb_loop+0x40/0x90 [ 1222.601857][T27694] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1222.601873][T27694] RIP: 0033:0x7f669719ce59 [ 1222.601887][T27694] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1222.601903][T27694] RSP: 002b:00007f6697fe1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1222.601925][T27694] RAX: ffffffffffffffda RBX: 00007f6697416090 RCX: 00007f669719ce59 [ 1222.601936][T27694] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 1222.601945][T27694] RBP: 00007f6697232d6f R08: fffffffffffffffa R09: 0000000000008000 [ 1222.601955][T27694] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 1222.601965][T27694] R13: 00007f6697416128 R14: 00007f6697416090 R15: 00007fff825b9f68 [ 1222.601985][T27694] [ 1223.507197][T27702] random: crng reseeded on system resumption [ 1224.569689][T27692] Bluetooth: hci5: command 0x0c1a tx timeout [ 1225.087454][T27724] Process accounting resumed [ 1225.852527][T27755] can0: slcan on ttyS2. [ 1226.048911][T27754] can0 (unregistered): slcan off ttyS2. [ 1226.624896][T16574] Bluetooth: hci5: command 0x0c1a tx timeout [ 1226.981942][T27780] blktrace: Concurrent blktraces are not allowed on sda1 [ 1228.066694][ C0] vcan0: j1939_tp_rxtimer: 0xffff88809dfa8800: rx timeout, send abort [ 1228.079656][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88809dfa8800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1228.695080][T16574] Bluetooth: hci5: command 0x0c1a tx timeout [ 1229.547856][T27804] zswap: compressor not available [ 1229.867418][T27805] zswap: compressor not available [ 1231.142206][T27835] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4892'. [ 1231.436631][T27837] can0: slcan on ttyS2. [ 1231.593085][T27836] can0 (unregistered): slcan off ttyS2. [ 1236.578702][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 1236.585185][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 1237.423278][T27948] can0: slcan on ttyS2. [ 1237.534384][T27946] can0 (unregistered): slcan off ttyS2. [ 1237.885443][T27963] random: crng reseeded on system resumption [ 1238.211708][T27966] Invalid ELF header magic: != ELF [ 1238.329320][T27969] can0: slcan on ttyS2. [ 1238.489514][T27967] can0 (unregistered): slcan off ttyS2. [ 1240.097042][T28011] Console: switching to colour VGA+ 80x3 [ 1240.188990][ T30] audit: type=1800 audit(1780818879.197:33): pid=28019 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.4918" name="lu_gp_id" dev="configfs" ino=143258 res=0 errno=0 [ 1241.207542][T28041] Console: switching to colour frame buffer device 128x48 [ 1243.063904][T28064] ubi0: attaching mtd6 [ 1243.100493][T28064] ubi0 error: ubi_attach_mtd_dev: bad VID header (1) or data offsets (65) [ 1245.090654][T28097] FAULT_INJECTION: forcing a failure. [ 1245.090654][T28097] name failslab, interval 1, probability 0, space 0, times 0 [ 1245.186018][T28097] CPU: 0 UID: 0 PID: 28097 Comm: syz.1.4931 Tainted: G L syzkaller #0 PREEMPT(full) [ 1245.186046][T28097] Tainted: [L]=SOFTLOCKUP [ 1245.186052][T28097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1245.186062][T28097] Call Trace: [ 1245.186067][T28097] [ 1245.186074][T28097] dump_stack_lvl+0x100/0x190 [ 1245.186103][T28097] should_fail_ex.cold+0x5/0xa [ 1245.186123][T28097] should_failslab+0xc2/0x120 [ 1245.186141][T28097] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1245.186163][T28097] ? input_allocate_device+0xc5/0x350 [ 1245.186313][T28097] input_allocate_device+0xc5/0x350 [ 1245.186348][T28097] uinput_ioctl_handler.isra.0+0x3c8/0x1d20 [ 1245.186412][T28097] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 1245.186428][T28097] ? __pfx_uinput_ioctl_handler.isra.0+0x10/0x10 [ 1245.186451][T28097] ? find_held_lock+0x2b/0x80 [ 1245.186469][T28097] ? __fget_files+0x215/0x3d0 [ 1245.186496][T28097] ? __pfx_uinput_ioctl+0x10/0x10 [ 1245.186515][T28097] __x64_sys_ioctl+0x18e/0x210 [ 1245.186532][T28097] do_syscall_64+0x115/0x840 [ 1245.186552][T28097] ? clear_bhb_loop+0x40/0x90 [ 1245.186570][T28097] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1245.186586][T28097] RIP: 0033:0x7f669719ce59 [ 1245.186600][T28097] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1245.186615][T28097] RSP: 002b:00007f6698002028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1245.186630][T28097] RAX: ffffffffffffffda RBX: 00007f6697415fa0 RCX: 00007f669719ce59 [ 1245.186640][T28097] RDX: ffffffffffffffff RSI: 00000000ffffff41 RDI: 0000000000000005 [ 1245.186651][T28097] RBP: 00007f6697232d6f R08: 0000000000000000 R09: 0000000000000000 [ 1245.186660][T28097] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1245.186670][T28097] R13: 00007f6697416038 R14: 00007f6697415fa0 R15: 00007fff825b9f68 [ 1245.186690][T28097] [ 1249.376248][T28124] Process accounting paused [ 1252.445637][T28175] can0: slcan on ttyS2. [ 1252.672332][T28174] can0 (unregistered): slcan off ttyS2. [ 1252.768613][T28180] netlink: 164 bytes leftover after parsing attributes in process `syz.1.4952'. [ 1254.905395][T28231] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4959'. [ 1257.102709][T28270] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4964'. [ 1257.201933][T28231] Process accounting paused [ 1257.416975][T28277] netlink: 354 bytes leftover after parsing attributes in process `syz.1.4965'. [ 1258.129398][T16574] Bluetooth: hci0: unexpected event 0x0f length: 7 > 4 [ 1258.129428][T16574] Bluetooth: hci0: unexpected event for opcode 0x647c [ 1258.314613][T27692] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1258.333798][T27692] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1258.342790][T27692] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1258.358351][T27692] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1258.373815][T27692] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1259.391741][T28309] FAULT_INJECTION: forcing a failure. [ 1259.391741][T28309] name failslab, interval 1, probability 0, space 0, times 0 [ 1259.490860][T28309] CPU: 0 UID: 0 PID: 28309 Comm: syz.0.4973 Tainted: G L syzkaller #0 PREEMPT(full) [ 1259.490886][T28309] Tainted: [L]=SOFTLOCKUP [ 1259.490891][T28309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1259.490901][T28309] Call Trace: [ 1259.490906][T28309] [ 1259.490912][T28309] dump_stack_lvl+0x100/0x190 [ 1259.490941][T28309] should_fail_ex.cold+0x5/0xa [ 1259.490960][T28309] should_failslab+0xc2/0x120 [ 1259.490978][T28309] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1259.491000][T28309] ? ptlock_alloc+0x1f/0x70 [ 1259.491023][T28309] ? __pfx_filemap_map_pages+0x10/0x10 [ 1259.491044][T28309] ptlock_alloc+0x1f/0x70 [ 1259.491064][T28309] pte_alloc_one+0x82/0x3d0 [ 1259.491083][T28309] __do_fault+0x26c/0x440 [ 1259.491099][T28309] do_fault+0x2db/0x1750 [ 1259.491116][T28309] ? __pmd_alloc+0x3fb/0x950 [ 1259.491136][T28309] __handle_mm_fault+0x187d/0x2a00 [ 1259.491159][T28309] ? mt_find+0x45e/0x8e0 [ 1259.491181][T28309] ? __pfx___handle_mm_fault+0x10/0x10 [ 1259.491200][T28309] ? __pfx_mt_find+0x10/0x10 [ 1259.491230][T28309] ? find_vma+0xbf/0x140 [ 1259.491245][T28309] ? __pfx_find_vma+0x10/0x10 [ 1259.491262][T28309] handle_mm_fault+0x37b/0xa30 [ 1259.491286][T28309] do_user_addr_fault+0x74c/0x12f0 [ 1259.491305][T28309] ? trace_page_fault_kernel+0x7a/0x200 [ 1259.491323][T28309] exc_page_fault+0x6f/0xd0 [ 1259.491342][T28309] asm_exc_page_fault+0x26/0x30 [ 1259.491357][T28309] RIP: 0010:__put_user_4+0xd/0x20 [ 1259.491376][T28309] Code: 66 89 01 31 c9 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <89> 01 31 c9 0f 01 ca e9 47 d9 03 00 0f 1f 80 00 00 00 00 90 90 90 [ 1259.491391][T28309] RSP: 0018:ffffc90005b57e08 EFLAGS: 00050246 [ 1259.491404][T28309] RAX: 0000000000000008 RBX: 0000000000000000 RCX: 0000000000000000 [ 1259.491413][T28309] RDX: ffff88801e2cdd00 RSI: ffffffff8257f691 RDI: ffffffff8c1c4680 [ 1259.491422][T28309] RBP: 1ffff92000b6afc5 R08: 0000000000000001 R09: 00000000000001c5 [ 1259.491431][T28309] R10: 0000000000000200 R11: 0000000000000000 R12: 0000000000000008 [ 1259.491440][T28309] R13: 0000000000000009 R14: 0000000000000002 R15: dffffc0000000000 [ 1259.491455][T28309] ? __might_fault+0x111/0x140 [ 1259.491479][T28309] __sys_socketpair+0x120/0x5b0 [ 1259.491502][T28309] ? __pfx___sys_socketpair+0x10/0x10 [ 1259.491522][T28309] ? xfd_validate_state+0x129/0x190 [ 1259.491541][T28309] __x64_sys_socketpair+0x96/0x100 [ 1259.491560][T28309] ? lockdep_hardirqs_on+0x78/0x100 [ 1259.491579][T28309] do_syscall_64+0x115/0x840 [ 1259.491597][T28309] ? clear_bhb_loop+0x40/0x90 [ 1259.491614][T28309] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1259.491628][T28309] RIP: 0033:0x7f8ef079ce59 [ 1259.491640][T28309] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1259.491653][T28309] RSP: 002b:00007f8ef1656028 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 1259.491666][T28309] RAX: ffffffffffffffda RBX: 00007f8ef0a15fa0 RCX: 00007f8ef079ce59 [ 1259.491675][T28309] RDX: 8000000000000000 RSI: 0000000000000002 RDI: 0000000000000001 [ 1259.491684][T28309] RBP: 00007f8ef0832d6f R08: 0000000000000000 R09: 0000000000000000 [ 1259.491693][T28309] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1259.491701][T28309] R13: 00007f8ef0a16038 R14: 00007f8ef0a15fa0 R15: 00007ffdeaac5da8 [ 1259.491720][T28309] [ 1260.549819][T27692] Bluetooth: hci3: command tx timeout [ 1260.726367][T16998] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1261.445728][T16998] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1262.440263][T16998] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1262.616090][T27692] Bluetooth: hci3: command tx timeout [ 1262.939980][T16998] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1263.391365][T16998] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1263.904632][T28294] bridge0: port 1(bridge_slave_0) entered blocking state [ 1263.944340][T28294] bridge0: port 1(bridge_slave_0) entered disabled state [ 1263.986908][T28294] bridge_slave_0: entered allmulticast mode [ 1264.026057][T28294] bridge_slave_0: entered promiscuous mode [ 1264.102469][T28294] bridge0: port 2(bridge_slave_1) entered blocking state [ 1264.138008][T28294] bridge0: port 2(bridge_slave_1) entered disabled state [ 1264.169015][T28294] bridge_slave_1: entered allmulticast mode [ 1264.196412][T28294] bridge_slave_1: entered promiscuous mode [ 1264.343831][T28294] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1264.676079][T28294] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1264.686131][T27692] Bluetooth: hci3: command tx timeout [ 1265.110217][T28294] team0: Port device team_slave_0 added [ 1265.150167][T28294] team0: Port device team_slave_1 added [ 1265.379745][T16998] bridge_slave_1: left allmulticast mode [ 1265.408115][T16998] bridge_slave_1: left promiscuous mode [ 1265.453181][T16998] bridge0: port 2(bridge_slave_1) entered disabled state [ 1265.521417][T16998] bridge_slave_0: left allmulticast mode [ 1265.574012][T16998] bridge_slave_0: left promiscuous mode [ 1265.614373][T16998] bridge0: port 1(bridge_slave_0) entered disabled state [ 1266.615210][T16998] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1266.685489][T16998] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1266.737046][T16998] bond0 (unregistering): Released all slaves [ 1266.756033][T27692] Bluetooth: hci3: command tx timeout [ 1266.811138][T28294] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1266.863279][T28294] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1267.062259][T28294] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1267.205246][ T5296] 8021q: adding VLAN 0 to HW filter on device eth1 [ 1267.342079][T28421] netlink: 56 bytes leftover after parsing attributes in process `syz.1.4996'. [ 1267.476781][T28294] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1267.527732][T28294] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1267.666890][T28294] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1267.710175][T28433] random: crng reseeded on system resumption [ 1268.156152][T28294] hsr_slave_0: entered promiscuous mode [ 1268.187212][T28294] hsr_slave_1: entered promiscuous mode [ 1268.218054][T28294] debugfs: 'hsr0' already exists in 'hsr' [ 1268.246010][T28294] Cannot create hsr debugfs directory [ 1268.956327][T28454] random: crng reseeded on system resumption [ 1269.917819][ T5296] 8021q: adding VLAN 0 to HW filter on device eth2 [ 1271.438434][T28480] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 1272.372314][T28502] nbd: socks must be embedded in a SOCK_ITEM attr [ 1272.525468][T28504] device-mapper: ioctl: Unable to rename non-existent device, to uuid „ [ 1272.625523][T28502] block nbd0: shutting down sockets [ 1272.857003][T28497] bond0: invalid ARP target specified [ 1273.157415][T16998] hsr_slave_0: left promiscuous mode [ 1273.212233][T16998] hsr_slave_1: left promiscuous mode [ 1273.236190][T16998] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1273.277983][T16998] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1273.301968][T16998] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1273.330631][T16998] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1273.359677][T16998] veth1_macvtap: left promiscuous mode [ 1273.385013][T16998] veth0_macvtap: left promiscuous mode [ 1273.398564][T16998] veth1_vlan: left promiscuous mode [ 1273.417557][T16998] veth0_vlan: left promiscuous mode [ 1274.036147][T16998] team0 (unregistering): Port device team_slave_1 removed [ 1274.086794][T16998] team0 (unregistering): Port device team_slave_0 removed [ 1285.160587][T28666] workqueue: name exceeds WQ_NAME_LEN. Truncating to: 211!phy1!netdev:wlan1!rc_rateid [ 1285.286332][T28667] sysfs: cannot create duplicate filename '/class/ieee80211/211!phy1!netdev:wlan1!rc_rateidx_mcs_mask' [ 1285.365466][T28667] CPU: 0 UID: 0 PID: 28667 Comm: syz.0.5033 Tainted: G L syzkaller #0 PREEMPT(full) [ 1285.365493][T28667] Tainted: [L]=SOFTLOCKUP [ 1285.365499][T28667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1285.365509][T28667] Call Trace: [ 1285.365515][T28667] [ 1285.365522][T28667] dump_stack_lvl+0x100/0x190 [ 1285.365565][T28667] sysfs_warn_dup.cold+0x1c/0x28 [ 1285.365589][T28667] sysfs_do_create_link_sd+0x113/0x140 [ 1285.365608][T28667] sysfs_create_link+0x61/0xc0 [ 1285.365624][T28667] device_add+0x675/0x1950 [ 1285.365647][T28667] ? __pfx_device_add+0x10/0x10 [ 1285.365663][T28667] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1285.365686][T28667] ? ieee80211_set_bitrate_flags+0x41b/0x6b0 [ 1285.365715][T28667] wiphy_register+0x1edd/0x2d90 [ 1285.365733][T28667] ? __rtnl_unlock+0xb9/0xf0 [ 1285.365757][T28667] ? __pfx_wiphy_register+0x10/0x10 [ 1285.365775][T28667] ? __asan_memset+0x23/0x50 [ 1285.365797][T28667] ? minstrel_ht_alloc+0x5e6/0x7f0 [ 1285.365829][T28667] ieee80211_register_hw+0x3055/0x4570 [ 1285.365862][T28667] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 1285.365883][T28667] ? __pfx___debug_object_init+0x10/0x10 [ 1285.365908][T28667] ? find_held_lock+0x2b/0x80 [ 1285.365927][T28667] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1285.365948][T28667] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 1285.365972][T28667] ? __hrtimer_setup+0x208/0x330 [ 1285.365990][T28667] mac80211_hwsim_new_radio+0x2a01/0x5aa0 [ 1285.366023][T28667] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1285.366044][T28667] ? __asan_memcpy+0x3c/0x60 [ 1285.366075][T28667] hwsim_new_radio_nl+0xc5f/0x1370 [ 1285.366095][T28667] ? rcu_is_watching+0x12/0xc0 [ 1285.366113][T28667] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1285.366140][T28667] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1e5/0x2f0 [ 1285.366164][T28667] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1ef/0x2f0 [ 1285.366190][T28667] genl_family_rcv_msg_doit+0x214/0x300 [ 1285.366214][T28667] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1285.366235][T28667] ? genl_get_cmd+0x3e7/0x760 [ 1285.366260][T28667] ? bpf_lsm_capable+0x9/0x10 [ 1285.366276][T28667] ? security_capable+0x80/0x260 [ 1285.366292][T28667] ? ns_capable+0xd2/0xf0 [ 1285.366311][T28667] genl_rcv_msg+0x560/0x800 [ 1285.366334][T28667] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1285.366356][T28667] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1285.366381][T28667] netlink_rcv_skb+0x159/0x420 [ 1285.366401][T28667] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1285.366423][T28667] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1285.366450][T28667] ? netlink_deliver_tap+0x1ae/0xcc0 [ 1285.366471][T28667] genl_rcv+0x28/0x40 [ 1285.366490][T28667] netlink_unicast+0x585/0x850 [ 1285.366512][T28667] ? __pfx_netlink_unicast+0x10/0x10 [ 1285.366537][T28667] netlink_sendmsg+0x8b0/0xda0 [ 1285.366560][T28667] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1285.366578][T28667] ? __import_iovec+0x1d2/0x640 [ 1285.366601][T28667] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 1285.366621][T28667] ____sys_sendmsg+0x9e1/0xb70 [ 1285.366640][T28667] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1285.366661][T28667] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1285.366683][T28667] ? rcu_is_watching+0x12/0xc0 [ 1285.366699][T28667] ? ___sys_sendmsg+0x19d/0x1e0 [ 1285.366717][T28667] ? kfree+0x1dd/0x6c0 [ 1285.366740][T28667] ___sys_sendmsg+0x190/0x1e0 [ 1285.366762][T28667] ? __pfx____sys_sendmsg+0x10/0x10 [ 1285.366800][T28667] ? __pfx___might_resched+0x10/0x10 [ 1285.366823][T28667] __sys_sendmmsg+0x205/0x430 [ 1285.366842][T28667] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1285.366874][T28667] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1285.366898][T28667] ? kcov_ioctl+0x16a/0x720 [ 1285.366921][T28667] __x64_sys_sendmmsg+0x9c/0x100 [ 1285.366936][T28667] ? lockdep_hardirqs_on+0x78/0x100 [ 1285.366957][T28667] do_syscall_64+0x115/0x840 [ 1285.366977][T28667] ? clear_bhb_loop+0x40/0x90 [ 1285.366995][T28667] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1285.367011][T28667] RIP: 0033:0x7f8ef079ce59 [ 1285.367027][T28667] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1285.367049][T28667] RSP: 002b:00007f8ef1635028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1285.367069][T28667] RAX: ffffffffffffffda RBX: 00007f8ef0a16090 RCX: 00007f8ef079ce59 [ 1285.367080][T28667] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 1285.367091][T28667] RBP: 00007f8ef0832d6f R08: 0000000000000000 R09: 0000000000000000 [ 1285.367100][T28667] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1285.367109][T28667] R13: 00007f8ef0a16128 R14: 00007f8ef0a16090 R15: 00007ffdeaac5da8 [ 1285.367130][T28667] [ 1286.648690][T28675] random: crng reseeded on system resumption [ 1287.457982][T28668] Process accounting resumed [ 1287.634026][T16574] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1287.652062][T16574] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1287.661286][T16574] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1287.682661][T16574] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1287.691929][T16574] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1288.489315][T28706] random: crng reseeded on system resumption [ 1288.612682][T28709] random: crng reseeded on system resumption [ 1288.869413][T28712] can: request_module (can-proto-0) failed. [ 1289.767180][T16574] Bluetooth: hci2: command tx timeout [ 1290.238379][T28682] bridge0: port 1(bridge_slave_0) entered blocking state [ 1290.270508][T28682] bridge0: port 1(bridge_slave_0) entered disabled state [ 1290.304643][T28682] bridge_slave_0: entered allmulticast mode [ 1290.339099][T28682] bridge_slave_0: entered promiscuous mode [ 1290.547361][T28682] bridge0: port 2(bridge_slave_1) entered blocking state [ 1290.575768][T28682] bridge0: port 2(bridge_slave_1) entered disabled state [ 1290.597589][T28682] bridge_slave_1: entered allmulticast mode [ 1290.625661][T28682] bridge_slave_1: entered promiscuous mode [ 1290.749259][T28682] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1290.795768][T28682] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1290.933291][T28682] team0: Port device team_slave_0 added [ 1290.969283][T28682] team0: Port device team_slave_1 added [ 1291.109322][T28682] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1291.142110][T28682] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1291.265618][T28682] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1291.338258][T28682] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1291.393491][T28682] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1291.552231][T28682] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1291.836724][T16574] Bluetooth: hci2: command tx timeout [ 1291.938198][T28682] hsr_slave_0: entered promiscuous mode [ 1291.972967][T28682] hsr_slave_1: entered promiscuous mode [ 1292.006463][T28682] debugfs: 'hsr0' already exists in 'hsr' [ 1292.039475][T28682] Cannot create hsr debugfs directory [ 1293.120930][T28787] vivid-007: ================= START STATUS ================= [ 1293.153215][T28787] vivid-007: Generate PTS: true [ 1293.194021][T28787] vivid-007: Generate SCR: true [ 1293.216327][T28787] tpg source WxH: 320x240 (Y'CbCr) [ 1293.241844][T28787] tpg field: 1 [ 1293.256933][T28787] tpg crop: (0,0)/320x240 [ 1293.278490][T28787] tpg compose: (0,0)/320x240 [ 1293.307353][T28787] tpg colorspace: 8 [ 1293.326715][T28787] tpg transfer function: 0/0 [ 1293.355176][T28787] tpg Y'CbCr encoding: 0/0 [ 1293.376486][T28787] tpg quantization: 0/0 [ 1293.397432][T28787] tpg RGB range: 0/2 [ 1293.415790][T28787] vivid-007: ================== END STATUS ================== [ 1293.905894][T16574] Bluetooth: hci2: command tx timeout [ 1295.975475][T16574] Bluetooth: hci2: command tx timeout [ 1297.727275][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 1297.739148][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 1301.924382][T16574] Bluetooth: hci5: unexpected subevent 0x01 length: 123 > 18 [ 1302.254375][T28881] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5067'. [ 1302.867151][T28904] FAULT_INJECTION: forcing a failure. [ 1302.867151][T28904] name failslab, interval 1, probability 0, space 0, times 0 [ 1302.910954][T28904] CPU: 0 UID: 0 PID: 28904 Comm: syz.1.5071 Tainted: G L syzkaller #0 PREEMPT(full) [ 1302.910982][T28904] Tainted: [L]=SOFTLOCKUP [ 1302.910988][T28904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1302.910998][T28904] Call Trace: [ 1302.911003][T28904] [ 1302.911010][T28904] dump_stack_lvl+0x100/0x190 [ 1302.911042][T28904] should_fail_ex.cold+0x5/0xa [ 1302.911062][T28904] should_failslab+0xc2/0x120 [ 1302.911081][T28904] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1302.911103][T28904] ? drm_atomic_helper_setup_commit+0x56f/0x14f0 [ 1302.911218][T28904] ? drm_atomic_helper_check+0x10f/0x190 [ 1302.911242][T28904] drm_atomic_helper_setup_commit+0x56f/0x14f0 [ 1302.911277][T28904] drm_atomic_helper_commit+0xa9/0x380 [ 1302.911298][T28904] ? __pfx_drm_atomic_helper_commit+0x10/0x10 [ 1302.911319][T28904] drm_atomic_commit+0x230/0x300 [ 1302.911371][T28904] ? __pfx_drm_atomic_commit+0x10/0x10 [ 1302.911388][T28904] ? __pfx___drm_printfn_info+0x10/0x10 [ 1302.911416][T28904] ? drm_client_rotation+0x451/0x6a0 [ 1302.911441][T28904] drm_client_modeset_commit_atomic+0x6a6/0x7e0 [ 1302.911469][T28904] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 1302.911511][T28904] drm_client_modeset_commit_locked+0x14d/0x580 [ 1302.911536][T28904] drm_client_modeset_commit+0x4f/0x80 [ 1302.911558][T28904] __drm_fb_helper_restore_fbdev_mode_unlocked.part.0+0x137/0x160 [ 1302.911613][T28904] drm_fb_helper_restore_fbdev_mode_unlocked+0x93/0xc0 [ 1302.911637][T28904] drm_fbdev_client_restore+0x1b/0x30 [ 1302.911674][T28904] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 1302.911690][T28904] drm_client_dev_restore+0x205/0x2a0 [ 1302.911716][T28904] drm_release+0x2c6/0x360 [ 1302.911736][T28904] ? __pfx_drm_release+0x10/0x10 [ 1302.911756][T28904] __fput+0x3ff/0xb50 [ 1302.911781][T28904] task_work_run+0x150/0x240 [ 1302.911797][T28904] ? __pfx_task_work_run+0x10/0x10 [ 1302.911813][T28904] ? rcu_is_watching+0x12/0xc0 [ 1302.911833][T28904] exit_to_user_mode_loop+0x157/0x670 [ 1302.911856][T28904] ? rcu_is_watching+0x12/0xc0 [ 1302.911876][T28904] do_syscall_64+0x652/0x840 [ 1302.911897][T28904] ? clear_bhb_loop+0x40/0x90 [ 1302.911916][T28904] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1302.911932][T28904] RIP: 0033:0x7f669719ce59 [ 1302.911947][T28904] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1302.911962][T28904] RSP: 002b:00007f6698002028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1302.911978][T28904] RAX: 0000000000000000 RBX: 00007f6697415fa0 RCX: 00007f669719ce59 [ 1302.911989][T28904] RDX: 0000000000000000 RSI: 000000000000000a RDI: 0000000000000002 [ 1302.911998][T28904] RBP: 00007f6697232d6f R08: 0000000000000000 R09: 0000000000000000 [ 1302.912008][T28904] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1302.912017][T28904] R13: 00007f6697416038 R14: 00007f6697415fa0 R15: 00007fff825b9f68 [ 1302.912039][T28904] [ 1304.018439][T16574] Bluetooth: hci5: command 0x0c1a tx timeout [ 1306.083765][T27692] Bluetooth: hci5: command 0x0c1a tx timeout [ 1306.132538][T28943] netlink: 252 bytes leftover after parsing attributes in process `syz.0.5080'. [ 1306.292067][ T30] audit: type=1800 audit(1780818945.626:34): pid=28952 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.5080" name="dbroot" dev="configfs" ino=147847 res=0 errno=0 [ 1309.391660][T28989] FAULT_INJECTION: forcing a failure. [ 1309.391660][T28989] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1309.464649][T28989] CPU: 0 UID: 0 PID: 28989 Comm: syz.0.5088 Tainted: G L syzkaller #0 PREEMPT(full) [ 1309.464679][T28989] Tainted: [L]=SOFTLOCKUP [ 1309.464684][T28989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1309.464694][T28989] Call Trace: [ 1309.464699][T28989] [ 1309.464705][T28989] dump_stack_lvl+0x100/0x190 [ 1309.464733][T28989] should_fail_ex.cold+0x5/0xa [ 1309.464753][T28989] _copy_to_user+0x32/0xd0 [ 1309.464775][T28989] simple_read_from_buffer+0xcb/0x170 [ 1309.464794][T28989] proc_fail_nth_read+0x1af/0x230 [ 1309.464816][T28989] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1309.464839][T28989] ? rw_verify_area+0xce/0x6d0 [ 1309.464853][T28989] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1309.464874][T28989] vfs_read+0x1e4/0xb30 [ 1309.464893][T28989] ? __pfx_vfs_read+0x10/0x10 [ 1309.464908][T28989] ? __fget_files+0x215/0x3d0 [ 1309.464928][T28989] ? __fget_files+0x21f/0x3d0 [ 1309.464950][T28989] ksys_read+0x12a/0x250 [ 1309.464965][T28989] ? __pfx_ksys_read+0x10/0x10 [ 1309.464983][T28989] ? rcu_is_watching+0x12/0xc0 [ 1309.465002][T28989] do_syscall_64+0x115/0x840 [ 1309.465021][T28989] ? clear_bhb_loop+0x40/0x90 [ 1309.465039][T28989] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1309.465053][T28989] RIP: 0033:0x7f8ef075d68e [ 1309.465066][T28989] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1309.465080][T28989] RSP: 002b:00007f8ef1655fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1309.465095][T28989] RAX: ffffffffffffffda RBX: 00007f8ef16566c0 RCX: 00007f8ef075d68e [ 1309.465105][T28989] RDX: 000000000000000f RSI: 00007f8ef16560a0 RDI: 0000000000000004 [ 1309.465113][T28989] RBP: 00007f8ef1656090 R08: 0000000000000000 R09: 0000000000000000 [ 1309.465122][T28989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1309.465131][T28989] R13: 00007f8ef0a16038 R14: 00007f8ef0a15fa0 R15: 00007ffdeaac5da8 [ 1309.465150][T28989] [ 1313.780532][ T30] audit: type=1800 audit(1780818953.145:35): pid=29044 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.5099" name="file0" dev="tmpfs" ino=3479 res=0 errno=0 [ 1314.793627][T29065] random: crng reseeded on system resumption [ 1317.346330][T29086] Process accounting paused [ 1318.154345][T16574] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 1318.171911][T16574] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 1318.182780][T16574] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 1318.194103][T16574] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 1318.202785][T16574] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 1320.249199][T16574] Bluetooth: hci6: command tx timeout [ 1320.353339][T29100] bridge0: port 1(bridge_slave_0) entered blocking state [ 1320.385555][T29100] bridge0: port 1(bridge_slave_0) entered disabled state [ 1320.405845][T29100] bridge_slave_0: entered allmulticast mode [ 1320.429040][T29100] bridge_slave_0: entered promiscuous mode [ 1320.459237][T29100] bridge0: port 2(bridge_slave_1) entered blocking state [ 1320.492628][T29100] bridge0: port 2(bridge_slave_1) entered disabled state [ 1320.529331][T29100] bridge_slave_1: entered allmulticast mode [ 1320.575270][T29100] bridge_slave_1: entered promiscuous mode [ 1320.689127][T29141] netlink: 146 bytes leftover after parsing attributes in process `syz.1.5117'. [ 1320.845021][T29100] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1320.912667][T29141] netlink: 'syz.1.5117': attribute type 11 has an invalid length. [ 1320.969558][T29100] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1321.151915][T29100] team0: Port device team_slave_0 added [ 1321.204995][T29100] team0: Port device team_slave_1 added [ 1321.340000][T29100] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1321.365516][T29100] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1321.459573][T29100] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1321.526838][T29100] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1321.550148][T29100] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1321.616263][T29100] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1321.951404][T29100] hsr_slave_0: entered promiscuous mode [ 1321.990029][T29100] hsr_slave_1: entered promiscuous mode [ 1322.017586][T29100] debugfs: 'hsr0' already exists in 'hsr' [ 1322.045239][T29100] Cannot create hsr debugfs directory [ 1322.330461][T16574] Bluetooth: hci6: command tx timeout [ 1324.388400][T16574] Bluetooth: hci6: command tx timeout [ 1325.994952][T29213] vhci_hcd vhci_hcd.0: invalid port number 142 [ 1326.020254][T29213] vhci_hcd vhci_hcd.0: default hub control req: a049 vf161 i008e l0 [ 1326.073073][ T30] audit: type=1800 audit(1780818965.509:36): pid=29213 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.5131" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 1326.457007][T16574] Bluetooth: hci6: command tx timeout [ 1326.559138][T29220] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5132'. [ 1327.315218][T29221] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1327.332428][T29221] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1327.339758][T29221] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1327.355934][T29221] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1327.369298][T29221] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1327.382185][T29221] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 1327.416395][T29221] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 1327.431781][T29221] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1327.444271][T29221] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1327.460104][T29221] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1327.478276][T29221] Bluetooth: hci6: Opcode 0x0c1a failed: -4 [ 1327.492259][T29221] Bluetooth: hci6: Opcode 0x0406 failed: -4 [ 1327.508010][T29221] Bluetooth: hci6: Opcode 0x0406 failed: -4 [ 1328.606850][T16574] Bluetooth: hci4: command 0x0c1a tx timeout [ 1328.737121][T29247] random: crng reseeded on system resumption [ 1329.401165][T16574] Bluetooth: hci3: command 0x0c1a tx timeout [ 1329.407301][T27692] Bluetooth: hci5: command 0x0c1a tx timeout [ 1329.413573][T27692] Bluetooth: hci0: command 0x0406 tx timeout [ 1329.419568][T27692] Bluetooth: hci1: command 0x0c1a tx timeout [ 1329.481332][ T6156] Bluetooth: hci2: command 0x0c1a tx timeout [ 1329.487452][T29255] Bluetooth: hci6: command 0x0c1a tx timeout [ 1331.470522][T29255] Bluetooth: hci3: command 0x0c1a tx timeout [ 1331.548880][T29271] kexec: Could not allocate control_code_buffer [ 1331.557884][ T6156] Bluetooth: hci2: command 0x0c1a tx timeout [ 1331.564172][T29255] Bluetooth: hci6: command 0x0c1a tx timeout [ 1331.772584][T29293] FAULT_INJECTION: forcing a failure. [ 1331.772584][T29293] name failslab, interval 1, probability 0, space 0, times 0 [ 1331.850996][T29293] CPU: 0 UID: 0 PID: 29293 Comm: syz.1.5146 Tainted: G L syzkaller #0 PREEMPT(full) [ 1331.851023][T29293] Tainted: [L]=SOFTLOCKUP [ 1331.851029][T29293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1331.851039][T29293] Call Trace: [ 1331.851045][T29293] [ 1331.851052][T29293] dump_stack_lvl+0x100/0x190 [ 1331.851086][T29293] should_fail_ex.cold+0x5/0xa [ 1331.851107][T29293] should_failslab+0xc2/0x120 [ 1331.851127][T29293] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1331.851150][T29293] ? copy_fs_struct+0x49/0x340 [ 1331.851166][T29293] ? __pfx_do_futex+0x10/0x10 [ 1331.851186][T29293] copy_fs_struct+0x49/0x340 [ 1331.851203][T29293] ksys_unshare+0x33c/0xab0 [ 1331.851230][T29293] ? __pfx_ksys_unshare+0x10/0x10 [ 1331.851250][T29293] ? xfd_validate_state+0x129/0x190 [ 1331.851273][T29293] __x64_sys_unshare+0x31/0x40 [ 1331.851294][T29293] do_syscall_64+0x115/0x840 [ 1331.851315][T29293] ? clear_bhb_loop+0x40/0x90 [ 1331.851333][T29293] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1331.851349][T29293] RIP: 0033:0x7f669719ce59 [ 1331.851364][T29293] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1331.851378][T29293] RSP: 002b:00007f6697fe1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1331.851394][T29293] RAX: ffffffffffffffda RBX: 00007f6697416090 RCX: 00007f669719ce59 [ 1331.851403][T29293] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000008100000 [ 1331.851412][T29293] RBP: 00007f6697232d6f R08: 0000000000000000 R09: 0000000000000000 [ 1331.851421][T29293] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1331.851430][T29293] R13: 00007f6697416128 R14: 00007f6697416090 R15: 00007fff825b9f68 [ 1331.851450][T29293] [ 1332.345602][T29255] Bluetooth: hci5: unexpected subevent 0x01 length: 123 > 18 [ 1333.540693][ T6156] Bluetooth: hci3: command 0x0c1a tx timeout [ 1333.614046][T29321] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5151'. [ 1333.624539][ T6156] Bluetooth: hci6: command 0x0c1a tx timeout [ 1333.630584][T27692] Bluetooth: hci2: command 0x0c1a tx timeout [ 1334.093618][T29315] Process accounting resumed [ 1334.241222][T29331] ERROR: Out of memory at tomoyo_memory_ok. [ 1334.414970][ T6156] Bluetooth: hci5: command 0x0c1a tx timeout [ 1336.484109][ T6156] Bluetooth: hci5: command 0x0c1a tx timeout [ 1337.250055][T29373] sd 0:0:1:0: PR command failed: 1026 [ 1337.382773][T29373] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1337.527667][T29373] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1337.655386][T29373] sd 0:0:1:0: PR command failed: 1026 [ 1337.677552][T29373] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1337.739818][T29373] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1337.812938][T29373] sd 0:0:1:0: PR command failed: 1026 [ 1337.864258][T29373] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1337.938633][T29373] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1339.987524][T29412] FAULT_INJECTION: forcing a failure. [ 1339.987524][T29412] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1340.074096][T29412] CPU: 0 UID: 0 PID: 29412 Comm: syz.1.5166 Tainted: G L syzkaller #0 PREEMPT(full) [ 1340.074124][T29412] Tainted: [L]=SOFTLOCKUP [ 1340.074130][T29412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1340.074140][T29412] Call Trace: [ 1340.074147][T29412] [ 1340.074153][T29412] dump_stack_lvl+0x100/0x190 [ 1340.074184][T29412] should_fail_ex.cold+0x5/0xa [ 1340.074204][T29412] get_futex_key+0x1d2/0x1510 [ 1340.074230][T29412] ? __pfx_get_futex_key+0x10/0x10 [ 1340.074259][T29412] ? find_held_lock+0x2b/0x80 [ 1340.074278][T29412] ? futex_wake+0x456/0x530 [ 1340.074301][T29412] futex_wake+0xea/0x530 [ 1340.074319][T29412] ? __pfx_futex_wait+0x10/0x10 [ 1340.074337][T29412] ? __pfx_futex_wake+0x10/0x10 [ 1340.074364][T29412] do_futex+0x32b/0x350 [ 1340.074380][T29412] ? __pfx_do_futex+0x10/0x10 [ 1340.074395][T29412] ? fdget+0x18b/0x210 [ 1340.074412][T29412] ? __sys_sendmsg+0x18f/0x220 [ 1340.074431][T29412] __x64_sys_futex+0x34f/0x4d0 [ 1340.074449][T29412] ? __pfx___x64_sys_futex+0x10/0x10 [ 1340.074468][T29412] ? rcu_is_watching+0x12/0xc0 [ 1340.074488][T29412] do_syscall_64+0x115/0x840 [ 1340.074510][T29412] ? clear_bhb_loop+0x40/0x90 [ 1340.074528][T29412] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1340.074544][T29412] RIP: 0033:0x7f669719ce59 [ 1340.074557][T29412] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1340.074572][T29412] RSP: 002b:00007f6697fe10e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1340.074587][T29412] RAX: ffffffffffffffda RBX: 00007f6697416098 RCX: 00007f669719ce59 [ 1340.074597][T29412] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f669741609c [ 1340.074607][T29412] RBP: 00007f6697416090 R08: 0000000000000001 R09: 0000000000000000 [ 1340.074616][T29412] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 1340.074625][T29412] R13: 00007f6697416128 R14: 00007fff825b9e80 R15: 00007fff825b9f68 [ 1340.074646][T29412] [ 1347.321805][ T6156] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 1347.342882][ T6156] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 1347.352741][ T6156] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 1347.363293][ T6156] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 1347.382012][ T6156] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 1348.570338][T29554] ima: policy update failed [ 1348.671400][ T30] audit: type=1802 audit(1780818988.217:37): pid=29554 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.5185" res=0 errno=0 [ 1349.456740][ T6156] Bluetooth: hci7: command tx timeout [ 1350.663304][T29527] bridge0: port 1(bridge_slave_0) entered blocking state [ 1350.724198][T29527] bridge0: port 1(bridge_slave_0) entered disabled state [ 1350.748616][T29527] bridge_slave_0: entered allmulticast mode [ 1350.790771][T29527] bridge_slave_0: entered promiscuous mode [ 1351.156656][T29527] bridge0: port 2(bridge_slave_1) entered blocking state [ 1351.180702][T29527] bridge0: port 2(bridge_slave_1) entered disabled state [ 1351.205023][T29527] bridge_slave_1: entered allmulticast mode [ 1351.231566][T29527] bridge_slave_1: entered promiscuous mode [ 1351.369642][T29527] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1351.417737][T29527] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1351.525878][ T6156] Bluetooth: hci7: command tx timeout [ 1351.611802][T29527] team0: Port device team_slave_0 added [ 1351.682366][T29527] team0: Port device team_slave_1 added [ 1351.832276][T29527] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1351.854156][T29527] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1351.916321][T29527] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1351.965180][T29527] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1351.980814][T29527] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1352.043232][T29527] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1352.159537][T29527] hsr_slave_0: entered promiscuous mode [ 1352.194322][T29527] hsr_slave_1: entered promiscuous mode [ 1352.222505][T29527] debugfs: 'hsr0' already exists in 'hsr' [ 1352.245923][T29527] Cannot create hsr debugfs directory [ 1353.147011][T29603] FAULT_INJECTION: forcing a failure. [ 1353.147011][T29603] name failslab, interval 1, probability 0, space 0, times 0 [ 1353.245136][T29603] CPU: 0 UID: 0 PID: 29603 Comm: syz.1.5193 Tainted: G L syzkaller #0 PREEMPT(full) [ 1353.245162][T29603] Tainted: [L]=SOFTLOCKUP [ 1353.245169][T29603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1353.245179][T29603] Call Trace: [ 1353.245185][T29603] [ 1353.245191][T29603] dump_stack_lvl+0x100/0x190 [ 1353.245222][T29603] should_fail_ex.cold+0x5/0xa [ 1353.245243][T29603] should_failslab+0xc2/0x120 [ 1353.245262][T29603] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 1353.245285][T29603] ? alloc_inode+0x68/0x250 [ 1353.245308][T29603] ? simple_start_creating+0xb0/0x110 [ 1353.245326][T29603] ? __pfx_debugfs_alloc_inode+0x10/0x10 [ 1353.245355][T29603] alloc_inode+0x68/0x250 [ 1353.245377][T29603] new_inode+0x22/0x1c0 [ 1353.245401][T29603] __debugfs_create_file+0x105/0x4f0 [ 1353.245420][T29603] debugfs_create_file_full+0x41/0x60 [ 1353.245437][T29603] ref_tracker_dir_debugfs+0x19e/0x2e0 [ 1353.245455][T29603] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 1353.245486][T29603] ? lockdep_init_map_type+0x5c/0x250 [ 1353.245513][T29603] preinit_net.part.0+0x43b/0x920 [ 1353.245531][T29603] copy_net_ns+0x339/0x7c0 [ 1353.245551][T29603] create_new_namespaces+0x3ea/0xac0 [ 1353.245574][T29603] unshare_nsproxy_namespaces+0xf2/0x220 [ 1353.245595][T29603] ksys_unshare+0x438/0xab0 [ 1353.245617][T29603] ? __pfx_ksys_unshare+0x10/0x10 [ 1353.245636][T29603] ? xfd_validate_state+0x129/0x190 [ 1353.245650][T29603] ? ksys_write+0x1ac/0x250 [ 1353.245673][T29603] __x64_sys_unshare+0x31/0x40 [ 1353.245694][T29603] do_syscall_64+0x115/0x840 [ 1353.245714][T29603] ? clear_bhb_loop+0x40/0x90 [ 1353.245732][T29603] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1353.245749][T29603] RIP: 0033:0x7f669719ce59 [ 1353.245762][T29603] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1353.245778][T29603] RSP: 002b:00007f6697fe1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1353.245794][T29603] RAX: ffffffffffffffda RBX: 00007f6697416090 RCX: 00007f669719ce59 [ 1353.245804][T29603] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1353.245814][T29603] RBP: 00007f6697232d6f R08: 0000000000000000 R09: 0000000000000000 [ 1353.245824][T29603] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1353.245833][T29603] R13: 00007f6697416128 R14: 00007f6697416090 R15: 00007fff825b9f68 [ 1353.245859][T29603] [ 1353.556305][T29605] futex_wake_op: syz.1.5193 tries to shift op by -2048; fix this program [ 1353.565295][T29605] futex_wake_op: syz.1.5193 tries to shift op by -2048; fix this program [ 1353.574671][T29605] 0x000000000001-0x000000020000 : "" [ 1353.582610][T29603] debugfs: out of free dentries, can not create file 'net_notrefcnt@ffff888048ac82f8' [ 1353.731678][T29605] ftl_cs: FTL header corrupt! [ 1353.758206][ T6156] Bluetooth: hci7: command tx timeout [ 1353.982086][T29255] Bluetooth: hci5: unexpected subevent 0x01 length: 123 > 18 [ 1355.170212][T29630] FAULT_INJECTION: forcing a failure. [ 1355.170212][T29630] name (null), interval 1, probability 0, space 0, times 1 [ 1355.334691][T29630] CPU: 0 UID: 0 PID: 29630 Comm: syz.1.5198 Tainted: G L syzkaller #0 PREEMPT(full) [ 1355.334721][T29630] Tainted: [L]=SOFTLOCKUP [ 1355.334727][T29630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1355.334741][T29630] Call Trace: [ 1355.334747][T29630] [ 1355.334753][T29630] dump_stack_lvl+0x100/0x190 [ 1355.334785][T29630] should_fail_ex.cold+0x5/0xa [ 1355.334806][T29630] null_queue_rq+0x2ed/0xfb0 [ 1355.334944][T29630] null_queue_rqs+0xe9/0x2f0 [ 1355.334969][T29630] ? __pfx_null_queue_rqs+0x10/0x10 [ 1355.334998][T29630] __blk_mq_flush_list+0x9a/0xc0 [ 1355.335047][T29630] blk_mq_dispatch_queue_requests+0x184/0x7c0 [ 1355.335103][T29630] blk_mq_flush_plug_list+0x1f2/0x600 [ 1355.335130][T29630] ? __pfx_blk_mq_flush_plug_list+0x10/0x10 [ 1355.335160][T29630] __blk_flush_plug+0x2c4/0x4b0 [ 1355.335186][T29630] ? __pfx___blk_flush_plug+0x10/0x10 [ 1355.335206][T29630] ? folio_batch_move_lru+0x344/0x7d0 [ 1355.335221][T29630] ? __pfx_lru_add+0x10/0x10 [ 1355.335236][T29630] ? lock_acquire+0x1b1/0x370 [ 1355.335261][T29630] blk_finish_plug+0x5c/0xa0 [ 1355.335282][T29630] read_pages+0x5f7/0xdf0 [ 1355.335309][T29630] ? __pfx_read_pages+0x10/0x10 [ 1355.335339][T29630] page_cache_ra_order+0x76b/0xf10 [ 1355.335372][T29630] page_cache_async_ra+0x7bb/0xd30 [ 1355.335398][T29630] filemap_fault+0xf77/0x2e90 [ 1355.335418][T29630] ? __pfx_filemap_fault+0x10/0x10 [ 1355.335436][T29630] ? blk_cgroup_congested+0x136/0x270 [ 1355.335458][T29630] ? blk_cgroup_congested+0x136/0x270 [ 1355.335483][T29630] ? __pfx_filemap_map_pages+0x10/0x10 [ 1355.335505][T29630] __do_fault+0x10b/0x440 [ 1355.335522][T29630] do_fault+0xeb2/0x1750 [ 1355.335543][T29630] __handle_mm_fault+0x187d/0x2a00 [ 1355.335568][T29630] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1355.335586][T29630] ? __pfx___handle_mm_fault+0x10/0x10 [ 1355.335609][T29630] ? pte_offset_map_lock+0x174/0x320 [ 1355.335633][T29630] ? find_held_lock+0x2b/0x80 [ 1355.335659][T29630] ? follow_page_pte+0x4d0/0x13f0 [ 1355.335680][T29630] handle_mm_fault+0x37b/0xa30 [ 1355.335708][T29630] __get_user_pages+0x1178/0x32a0 [ 1355.335735][T29630] ? __pfx___get_user_pages+0x10/0x10 [ 1355.335758][T29630] populate_vma_page_range+0x267/0x3f0 [ 1355.335779][T29630] ? __pfx_populate_vma_page_range+0x10/0x10 [ 1355.335798][T29630] ? __pfx_find_vma_intersection+0x10/0x10 [ 1355.335821][T29630] __mm_populate+0x107/0x3a0 [ 1355.335840][T29630] ? __pfx___mm_populate+0x10/0x10 [ 1355.335861][T29630] ? up_write+0x3fd/0x4f0 [ 1355.335878][T29630] vm_mmap_pgoff+0x37f/0x470 [ 1355.335899][T29630] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1355.335916][T29630] ? __fget_files+0x215/0x3d0 [ 1355.335936][T29630] ? __fget_files+0x21f/0x3d0 [ 1355.335957][T29630] ksys_mmap_pgoff+0x3cb/0x610 [ 1355.335975][T29630] ? __x64_sys_futex+0x358/0x4d0 [ 1355.335992][T29630] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 1355.336009][T29630] ? xfd_validate_state+0x129/0x190 [ 1355.336029][T29630] __x64_sys_mmap+0x125/0x190 [ 1355.336047][T29630] do_syscall_64+0x115/0x840 [ 1355.336068][T29630] ? clear_bhb_loop+0x40/0x90 [ 1355.336087][T29630] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1355.336103][T29630] RIP: 0033:0x7f669719ce59 [ 1355.336117][T29630] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1355.336133][T29630] RSP: 002b:00007f6697f9f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1355.336149][T29630] RAX: ffffffffffffffda RBX: 00007f6697416270 RCX: 00007f669719ce59 [ 1355.336160][T29630] RDX: 0000000000000ffb RSI: 0000000000810004 RDI: 0000000000000000 [ 1355.336169][T29630] RBP: 00007f6697232d6f R08: 0000000000000005 R09: 0000000000008000 [ 1355.336179][T29630] R10: 0008000000008012 R11: 0000000000000246 R12: 0000000000000000 [ 1355.336188][T29630] R13: 00007f6697416308 R14: 00007f6697416270 R15: 00007fff825b9f68 [ 1355.336209][T29630] [ 1356.283439][ T6156] Bluetooth: hci7: command tx timeout [ 1358.849687][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 1358.861295][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 1359.868960][T29676] FAULT_INJECTION: forcing a failure. [ 1359.868960][T29676] name failslab, interval 1, probability 0, space 0, times 0 [ 1359.947119][T29676] CPU: 0 UID: 0 PID: 29676 Comm: syz.1.5208 Tainted: G L syzkaller #0 PREEMPT(full) [ 1359.947146][T29676] Tainted: [L]=SOFTLOCKUP [ 1359.947153][T29676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1359.947162][T29676] Call Trace: [ 1359.947168][T29676] [ 1359.947176][T29676] dump_stack_lvl+0x100/0x190 [ 1359.947206][T29676] should_fail_ex.cold+0x5/0xa [ 1359.947226][T29676] should_failslab+0xc2/0x120 [ 1359.947244][T29676] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1359.947269][T29676] ? copy_process+0x6c06/0x7ed0 [ 1359.947287][T29676] ? __raw_spin_lock_init+0x3a/0x110 [ 1359.947306][T29676] copy_process+0x6c06/0x7ed0 [ 1359.947324][T29676] ? __futex_wait+0x256/0x300 [ 1359.947352][T29676] ? __pfx_copy_process+0x10/0x10 [ 1359.947374][T29676] ? futex_hash+0x141/0x370 [ 1359.947400][T29676] kernel_clone+0x176/0x9e0 [ 1359.947418][T29676] ? __pfx_futex_wait+0x10/0x10 [ 1359.947437][T29676] ? __pfx_kernel_clone+0x10/0x10 [ 1359.947465][T29676] ? 0xffffffff81000000 [ 1359.947477][T29676] __do_sys_clone+0xd9/0x120 [ 1359.947497][T29676] ? __pfx___do_sys_clone+0x10/0x10 [ 1359.947517][T29676] ? 0xffffffff81000000 [ 1359.947537][T29676] ? rcu_is_watching+0x12/0xc0 [ 1359.947557][T29676] do_syscall_64+0x115/0x840 [ 1359.947578][T29676] ? clear_bhb_loop+0x40/0x90 [ 1359.947596][T29676] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1359.947612][T29676] RIP: 0033:0x7f669719ce59 [ 1359.947625][T29676] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1359.947640][T29676] RSP: 002b:00007f6698002028 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1359.947655][T29676] RAX: ffffffffffffffda RBX: 00007f6697415fa0 RCX: 00007f669719ce59 [ 1359.947666][T29676] RDX: 9999999999999999 RSI: 0000000080000007 RDI: 0000000000000021 [ 1359.947675][T29676] RBP: 00007f6697232d6f R08: 0000000000000006 R09: 0000000000000000 [ 1359.947685][T29676] R10: ffffffff81000000 R11: 0000000000000246 R12: 0000000000000000 [ 1359.947694][T29676] R13: 00007f6697416038 R14: 00007f6697415fa0 R15: 00007fff825b9f68 [ 1359.947708][T29676] ? 0xffffffff81000000 [ 1359.947736][T29676] [ 1364.728694][T29738] Process accounting paused [ 1365.154160][T29747] FAULT_INJECTION: forcing a failure. [ 1365.154160][T29747] name failslab, interval 1, probability 0, space 0, times 0 [ 1365.287204][T29747] CPU: 0 UID: 0 PID: 29747 Comm: syz.1.5221 Tainted: G L syzkaller #0 PREEMPT(full) [ 1365.287233][T29747] Tainted: [L]=SOFTLOCKUP [ 1365.287239][T29747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1365.287248][T29747] Call Trace: [ 1365.287254][T29747] [ 1365.287260][T29747] dump_stack_lvl+0x100/0x190 [ 1365.287304][T29747] should_fail_ex.cold+0x5/0xa [ 1365.287325][T29747] should_failslab+0xc2/0x120 [ 1365.287343][T29747] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 1365.287367][T29747] ? __d_alloc+0x34/0xa40 [ 1365.287384][T29747] ? lockdep_hardirqs_on+0x78/0x100 [ 1365.287406][T29747] ? ktime_get_coarse_real_ts64_mg+0x249/0x300 [ 1365.287425][T29747] __d_alloc+0x34/0xa40 [ 1365.287446][T29747] d_alloc_pseudo+0x1c/0xc0 [ 1365.287461][T29747] alloc_file_pseudo+0xcf/0x230 [ 1365.287483][T29747] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 1365.287504][T29747] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 1365.287526][T29747] create_pipe_files+0x360/0x970 [ 1365.287548][T29747] do_pipe2+0xbd/0x1e0 [ 1365.287565][T29747] ? __pfx_do_pipe2+0x10/0x10 [ 1365.287582][T29747] ? xfd_validate_state+0x129/0x190 [ 1365.287609][T29747] __x64_sys_pipe+0x33/0x50 [ 1365.287627][T29747] do_syscall_64+0x115/0x840 [ 1365.287648][T29747] ? clear_bhb_loop+0x40/0x90 [ 1365.287667][T29747] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1365.287683][T29747] RIP: 0033:0x7f669719ce59 [ 1365.287697][T29747] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1365.287712][T29747] RSP: 002b:00007f6697fc0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000016 [ 1365.287727][T29747] RAX: ffffffffffffffda RBX: 00007f6697416180 RCX: 00007f669719ce59 [ 1365.287738][T29747] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1365.287747][T29747] RBP: 00007f6697232d6f R08: 0000000000000000 R09: 0000000000000000 [ 1365.287756][T29747] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1365.287766][T29747] R13: 00007f6697416218 R14: 00007f6697416180 R15: 00007fff825b9f68 [ 1365.287785][T29747] [ 1369.824248][T29800] nvme_fabrics: unknown parameter or missing value 'û@è' in ctrl creation request [ 1374.561940][T29866] PM: Enabling pm_trace changes system date and time during resume. [ 1374.561940][T29866] PM: Correct system time has to be restored manually after resume. [ 1377.995051][ T6156] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 1378.018687][ T6156] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 1378.029174][ T6156] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 1378.038957][ T6156] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 1378.046500][ T6156] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 1378.939666][T29927] ksmbd: Unknown IPC event: 14, ignore. [ 1379.945205][T29942] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5262'. [ 1380.039154][T29912] bridge0: port 1(bridge_slave_0) entered blocking state [ 1380.083108][T29912] bridge0: port 1(bridge_slave_0) entered disabled state [ 1380.098497][ T6156] Bluetooth: hci8: command tx timeout [ 1380.130154][T29912] bridge_slave_0: entered allmulticast mode [ 1380.158880][T29912] bridge_slave_0: entered promiscuous mode [ 1380.188514][T29912] bridge0: port 2(bridge_slave_1) entered blocking state [ 1380.220374][T29912] bridge0: port 2(bridge_slave_1) entered disabled state [ 1380.251118][T29912] bridge_slave_1: entered allmulticast mode [ 1380.285184][T29912] bridge_slave_1: entered promiscuous mode [ 1380.478110][T29912] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1380.633680][T29912] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1380.844602][T29912] team0: Port device team_slave_0 added [ 1380.947294][T29912] team0: Port device team_slave_1 added [ 1381.086234][T29912] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1381.115325][T29912] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1381.287878][T29912] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1381.390862][T29912] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1381.433343][T29912] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1381.516771][T29947] unchecked MSR access error: WRMSR to 0x418 (tried to write 0x0000000000000322) at rIP: 0xffffffff81b0e09a (__mcheck_cpu_init_prepare_banks+0x18a/0x380) [ 1381.532595][T29947] Call Trace: [ 1381.535878][T29947] [ 1381.538795][T29947] ? __pfx___mcheck_cpu_init_prepare_banks+0x10/0x10 [ 1381.545461][T29947] ? __pfx___schedule+0x10/0x10 [ 1381.550298][T29947] ? irqentry_exit+0x24d/0x970 [ 1381.555054][T29947] mce_cpu_restart+0xd5/0x1f0 [ 1381.559720][T29947] ? __pfx_mce_cpu_restart+0x10/0x10 [ 1381.564993][T29947] smp_call_function_many_cond+0x13d4/0x1700 [ 1381.570969][T29947] ? __pfx_mce_cpu_restart+0x10/0x10 [ 1381.576244][T29947] ? _raw_spin_unlock_irqrestore+0x61/0x80 [ 1381.582061][T29947] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 1381.588379][T29947] ? __pfx___try_to_del_timer_sync+0x10/0x10 [ 1381.594356][T29947] ? __timer_delete_sync+0x151/0x1c0 [ 1381.599633][T29947] ? __pfx_mce_cpu_restart+0x10/0x10 [ 1381.604902][T29947] on_each_cpu_cond_mask+0x40/0x90 [ 1381.610005][T29947] set_bank+0x240/0x3a0 [ 1381.614144][T29947] ? __pfx_set_bank+0x10/0x10 [ 1381.618806][T29947] ? find_held_lock+0x2b/0x80 [ 1381.623474][T29947] ? sysfs_file_kobj+0xe4/0x290 [ 1381.628318][T29947] ? sysfs_file_kobj+0xe4/0x290 [ 1381.633158][T29947] ? __pfx_set_bank+0x10/0x10 [ 1381.637816][T29947] dev_attr_store+0x58/0x80 [ 1381.642306][T29947] ? __pfx_dev_attr_store+0x10/0x10 [ 1381.647575][T29947] sysfs_kf_write+0xf2/0x150 [ 1381.652160][T29947] kernfs_fop_write_iter+0x3e0/0x5f0 [ 1381.657434][T29947] ? __pfx_sysfs_kf_write+0x10/0x10 [ 1381.662628][T29947] vfs_write+0x6ac/0x1070 [ 1381.666951][T29947] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 1381.672749][T29947] ? __pfx_vfs_write+0x10/0x10 [ 1381.677509][T29947] ksys_write+0x12a/0x250 [ 1381.681830][T29947] ? __pfx_ksys_write+0x10/0x10 [ 1381.686679][T29947] ? rcu_is_watching+0x12/0xc0 [ 1381.691430][T29947] do_syscall_64+0x115/0x840 [ 1381.696012][T29947] ? clear_bhb_loop+0x40/0x90 [ 1381.700675][T29947] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1381.706551][T29947] RIP: 0033:0x7f669719ce59 [ 1381.710952][T29947] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1381.730559][T29947] RSP: 002b:00007f6697fe1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1381.738971][T29947] RAX: ffffffffffffffda RBX: 00007f6697416090 RCX: 00007f669719ce59 [ 1381.746930][T29947] RDX: 0000000000000003 RSI: 0000200000000240 RDI: 0000000000000009 [ 1381.754882][T29947] RBP: 00007f6697232d6f R08: 0000000000000000 R09: 0000000000000000 [ 1381.762854][T29947] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1381.770836][T29947] R13: 00007f6697416128 R14: 00007f6697416090 R15: 00007fff825b9f68 [ 1381.778809][T29947] [ 1381.836066][T29912] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1381.954057][T29912] hsr_slave_0: entered promiscuous mode [ 1382.003394][T29912] hsr_slave_1: entered promiscuous mode [ 1382.024062][T29912] debugfs: 'hsr0' already exists in 'hsr' [ 1382.048556][T29912] Cannot create hsr debugfs directory [ 1382.249345][ T6156] Bluetooth: hci8: command tx timeout [ 1384.316870][ T6156] Bluetooth: hci8: command tx timeout [ 1386.384561][ T6156] Bluetooth: hci8: command tx timeout [ 1394.531764][T30071] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5283'. [ 1394.561967][T30071] FAULT_INJECTION: forcing a failure. [ 1394.561967][T30071] name failslab, interval 1, probability 0, space 0, times 0 [ 1394.610369][T30071] CPU: 0 UID: 0 PID: 30071 Comm: syz.1.5283 Tainted: G L syzkaller #0 PREEMPT(full) [ 1394.610394][T30071] Tainted: [L]=SOFTLOCKUP [ 1394.610399][T30071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1394.610408][T30071] Call Trace: [ 1394.610414][T30071] [ 1394.610421][T30071] dump_stack_lvl+0x100/0x190 [ 1394.610448][T30071] should_fail_ex.cold+0x5/0xa [ 1394.610467][T30071] should_failslab+0xc2/0x120 [ 1394.610485][T30071] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 1394.610514][T30071] ? __alloc_skb+0x140/0x710 [ 1394.610533][T30071] __alloc_skb+0x140/0x710 [ 1394.610545][T30071] ? __alloc_skb+0x5b7/0x710 [ 1394.610558][T30071] ? __pfx___alloc_skb+0x10/0x10 [ 1394.610571][T30071] ? genl_rcv_msg+0x4be/0x800 [ 1394.610599][T30071] netlink_ack+0x117/0xb80 [ 1394.610623][T30071] netlink_rcv_skb+0x333/0x420 [ 1394.610641][T30071] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1394.610662][T30071] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1394.610687][T30071] ? netlink_deliver_tap+0x1ae/0xcc0 [ 1394.610708][T30071] genl_rcv+0x28/0x40 [ 1394.610726][T30071] netlink_unicast+0x585/0x850 [ 1394.610746][T30071] ? __pfx_netlink_unicast+0x10/0x10 [ 1394.610770][T30071] netlink_sendmsg+0x8b0/0xda0 [ 1394.610791][T30071] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1394.610808][T30071] ? __import_iovec+0x1d2/0x640 [ 1394.610831][T30071] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 1394.610851][T30071] ____sys_sendmsg+0x9e1/0xb70 [ 1394.610869][T30071] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1394.610889][T30071] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1394.610915][T30071] ___sys_sendmsg+0x190/0x1e0 [ 1394.610935][T30071] ? __pfx____sys_sendmsg+0x10/0x10 [ 1394.610976][T30071] __sys_sendmsg+0x170/0x220 [ 1394.610992][T30071] ? __pfx___sys_sendmsg+0x10/0x10 [ 1394.611015][T30071] ? rcu_is_watching+0x12/0xc0 [ 1394.611033][T30071] do_syscall_64+0x115/0x840 [ 1394.611053][T30071] ? clear_bhb_loop+0x40/0x90 [ 1394.611070][T30071] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1394.611085][T30071] RIP: 0033:0x7f669719ce59 [ 1394.611098][T30071] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1394.611112][T30071] RSP: 002b:00007f6698002028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1394.611126][T30071] RAX: ffffffffffffffda RBX: 00007f6697415fa0 RCX: 00007f669719ce59 [ 1394.611136][T30071] RDX: 0000000020040080 RSI: 0000200000004240 RDI: 0000000000000003 [ 1394.611145][T30071] RBP: 00007f6698002090 R08: 0000000000000000 R09: 0000000000000000 [ 1394.611154][T30071] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1394.611162][T30071] R13: 00007f6697416038 R14: 00007f6697415fa0 R15: 00007fff825b9f68 [ 1394.611181][T30071] [ 1394.888935][T30071] Process accounting resumed [ 1395.273496][T30073] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5284'. [ 1395.632786][T30075] ptrace attach of "ci-qemu-gce-upstream-auto/syz-executor exec"[17358] was attempted by ""[30075] [ 1395.803406][T30075] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5285'. [ 1397.315921][T30102] random: crng reseeded on system resumption [ 1397.992634][T30109] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5293'. [ 1398.110836][T30110] FAULT_INJECTION: forcing a failure. [ 1398.110836][T30110] name failslab, interval 1, probability 0, space 0, times 0 [ 1398.212633][T30110] CPU: 0 UID: 0 PID: 30110 Comm: syz.1.5293 Tainted: G L syzkaller #0 PREEMPT(full) [ 1398.212660][T30110] Tainted: [L]=SOFTLOCKUP [ 1398.212666][T30110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1398.212676][T30110] Call Trace: [ 1398.212682][T30110] [ 1398.212688][T30110] dump_stack_lvl+0x100/0x190 [ 1398.212719][T30110] should_fail_ex.cold+0x5/0xa [ 1398.212740][T30110] should_failslab+0xc2/0x120 [ 1398.212759][T30110] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 1398.212782][T30110] ? __d_alloc+0x34/0xa40 [ 1398.212807][T30110] __d_alloc+0x34/0xa40 [ 1398.212829][T30110] d_alloc+0x4a/0x1e0 [ 1398.212852][T30110] lookup_one_qstr_excl+0x171/0x250 [ 1398.212876][T30110] start_dirop+0x59/0xb0 [ 1398.212893][T30110] simple_start_creating+0xf9/0x110 [ 1398.212911][T30110] ? __pfx_simple_start_creating+0x10/0x10 [ 1398.212929][T30110] ? mntput+0x70/0xa0 [ 1398.212945][T30110] ? simple_pin_fs+0xa3/0x190 [ 1398.212961][T30110] debugfs_start_creating.part.0+0x82/0x170 [ 1398.212979][T30110] __debugfs_create_file+0xb3/0x4f0 [ 1398.212997][T30110] debugfs_create_file_full+0x41/0x60 [ 1398.213015][T30110] ref_tracker_dir_debugfs+0x19e/0x2e0 [ 1398.213031][T30110] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 1398.213045][T30110] ? ida_alloc_range+0x70d/0x830 [ 1398.213090][T30110] ? lockdep_init_map_type+0x5c/0x250 [ 1398.213118][T30110] preinit_net.part.0+0x252/0x920 [ 1398.213138][T30110] copy_net_ns+0x339/0x7c0 [ 1398.213157][T30110] create_new_namespaces+0x3ea/0xac0 [ 1398.213181][T30110] unshare_nsproxy_namespaces+0xf2/0x220 [ 1398.213201][T30110] ksys_unshare+0x438/0xab0 [ 1398.213223][T30110] ? __pfx_ksys_unshare+0x10/0x10 [ 1398.213242][T30110] ? xfd_validate_state+0x129/0x190 [ 1398.213256][T30110] ? ksys_write+0x1ac/0x250 [ 1398.213279][T30110] __x64_sys_unshare+0x31/0x40 [ 1398.213299][T30110] do_syscall_64+0x115/0x840 [ 1398.213318][T30110] ? clear_bhb_loop+0x40/0x90 [ 1398.213336][T30110] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1398.213352][T30110] RIP: 0033:0x7f669719ce59 [ 1398.213366][T30110] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1398.213380][T30110] RSP: 002b:00007f6697fe1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1398.213395][T30110] RAX: ffffffffffffffda RBX: 00007f6697416090 RCX: 00007f669719ce59 [ 1398.213406][T30110] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1398.213415][T30110] RBP: 00007f6697232d6f R08: 0000000000000000 R09: 0000000000000000 [ 1398.213424][T30110] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1398.213434][T30110] R13: 00007f6697416128 R14: 00007f6697416090 R15: 00007fff825b9f68 [ 1398.213454][T30110] [ 1400.900470][T30136] FAULT_INJECTION: forcing a failure. [ 1400.900470][T30136] name failslab, interval 1, probability 0, space 0, times 0 [ 1400.943688][T30136] CPU: 0 UID: 0 PID: 30136 Comm: syz.1.5299 Tainted: G L syzkaller #0 PREEMPT(full) [ 1400.943714][T30136] Tainted: [L]=SOFTLOCKUP [ 1400.943720][T30136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1400.943733][T30136] Call Trace: [ 1400.943739][T30136] [ 1400.943746][T30136] dump_stack_lvl+0x100/0x190 [ 1400.943786][T30136] should_fail_ex.cold+0x5/0xa [ 1400.943806][T30136] should_failslab+0xc2/0x120 [ 1400.943825][T30136] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1400.943847][T30136] ? sctp_endpoint_new+0xfc/0xb20 [ 1400.943864][T30136] ? __debug_object_init+0x2de/0x3d0 [ 1400.943887][T30136] sctp_endpoint_new+0xfc/0xb20 [ 1400.943905][T30136] ? __pfx_sctp_endpoint_new+0x10/0x10 [ 1400.943922][T30136] ? lockdep_init_map_type+0x5c/0x250 [ 1400.943946][T30136] ? lockdep_init_map_type+0x5c/0x250 [ 1400.943969][T30136] ? lockdep_init_map_type+0x5c/0x250 [ 1400.943994][T30136] sctp_init_sock+0xe2b/0x1300 [ 1400.944010][T30136] ? __pfx_sctp_v6_init_sock+0x10/0x10 [ 1400.944026][T30136] sctp_v6_init_sock+0x16/0x70 [ 1400.944039][T30136] ? __pfx_sctp_v6_init_sock+0x10/0x10 [ 1400.944054][T30136] inet6_create+0xb21/0x12b0 [ 1400.944076][T30136] ? inet6_create+0x7f/0x12b0 [ 1400.944096][T30136] __sock_create+0x339/0x860 [ 1400.944119][T30136] __sys_socket+0x14d/0x260 [ 1400.944139][T30136] ? __pfx___sys_socket+0x10/0x10 [ 1400.944158][T30136] ? ksys_write+0x1ac/0x250 [ 1400.944180][T30136] __x64_sys_socket+0x72/0xb0 [ 1400.944199][T30136] ? lockdep_hardirqs_on+0x78/0x100 [ 1400.944220][T30136] do_syscall_64+0x115/0x840 [ 1400.944239][T30136] ? clear_bhb_loop+0x40/0x90 [ 1400.944257][T30136] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1400.944273][T30136] RIP: 0033:0x7f669719ce59 [ 1400.944290][T30136] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1400.944305][T30136] RSP: 002b:00007f6698002028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 1400.944329][T30136] RAX: ffffffffffffffda RBX: 00007f6697415fa0 RCX: 00007f669719ce59 [ 1400.944340][T30136] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 000000000000000a [ 1400.944349][T30136] RBP: 00007f6697232d6f R08: 0000000000000000 R09: 0000000000000000 [ 1400.944360][T30136] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1400.944369][T30136] R13: 00007f6697416038 R14: 00007f6697415fa0 R15: 00007fff825b9f68 [ 1400.944389][T30136] [ 1401.518272][T30140] FAULT_INJECTION: forcing a failure. [ 1401.518272][T30140] name failslab, interval 1, probability 0, space 0, times 0 [ 1401.551919][T30140] CPU: 0 UID: 0 PID: 30140 Comm: syz.1.5299 Tainted: G L syzkaller #0 PREEMPT(full) [ 1401.551946][T30140] Tainted: [L]=SOFTLOCKUP [ 1401.551952][T30140] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1401.551962][T30140] Call Trace: [ 1401.551968][T30140] [ 1401.551975][T30140] dump_stack_lvl+0x100/0x190 [ 1401.552005][T30140] should_fail_ex.cold+0x5/0xa [ 1401.552025][T30140] should_failslab+0xc2/0x120 [ 1401.552044][T30140] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1401.552065][T30140] ? blk_mq_init_allocated_queue+0xcf/0x1440 [ 1401.552086][T30140] blk_mq_init_allocated_queue+0xcf/0x1440 [ 1401.552105][T30140] ? blk_alloc_queue+0x627/0x790 [ 1401.552125][T30140] ? blk_alloc_queue+0x1a3/0x790 [ 1401.552147][T30140] blk_mq_alloc_queue+0x1bd/0x290 [ 1401.552163][T30140] ? __pfx_blk_mq_alloc_queue+0x10/0x10 [ 1401.552189][T30140] ? blk_mq_alloc_tag_set+0xe2c/0x1330 [ 1401.552211][T30140] __blk_mq_alloc_disk+0x29/0x120 [ 1401.552227][T30140] loop_add+0x498/0xb60 [ 1401.552344][T30140] ? __pfx_loop_add+0x10/0x10 [ 1401.552376][T30140] ? find_held_lock+0x2b/0x80 [ 1401.552394][T30140] ? __fget_files+0x215/0x3d0 [ 1401.552415][T30140] loop_control_ioctl+0xae/0x620 [ 1401.552436][T30140] ? __pfx_loop_control_ioctl+0x10/0x10 [ 1401.552459][T30140] ? __pfx_loop_control_ioctl+0x10/0x10 [ 1401.552479][T30140] __x64_sys_ioctl+0x18e/0x210 [ 1401.552497][T30140] do_syscall_64+0x115/0x840 [ 1401.552517][T30140] ? clear_bhb_loop+0x40/0x90 [ 1401.552536][T30140] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1401.552552][T30140] RIP: 0033:0x7f669719ce59 [ 1401.552567][T30140] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1401.552582][T30140] RSP: 002b:00007f6697fc0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1401.552597][T30140] RAX: ffffffffffffffda RBX: 00007f6697416180 RCX: 00007f669719ce59 [ 1401.552608][T30140] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 000000000000000a [ 1401.552618][T30140] RBP: 00007f6697232d6f R08: 0000000000000000 R09: 0000000000000000 [ 1401.552627][T30140] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1401.552636][T30140] R13: 00007f6697416218 R14: 00007f6697416180 R15: 00007fff825b9f68 [ 1401.552657][T30140] [ 1402.743974][T30147] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5302'. [ 1404.190391][T30172] vivid-007: ================= START STATUS ================= [ 1404.224265][T30172] vivid-007: Generate PTS: true [ 1404.239327][T30172] vivid-007: Generate SCR: true [ 1404.254804][T30172] tpg source WxH: 320x240 (Y'CbCr) [ 1404.283032][T30172] tpg field: 1 [ 1404.307152][T30172] tpg crop: (0,0)/320x240 [ 1404.328038][T30172] tpg compose: (0,0)/320x240 [ 1404.384057][T30172] tpg colorspace: 8 [ 1404.404480][T30172] tpg transfer function: 0/0 [ 1404.434923][T30172] tpg Y'CbCr encoding: 0/0 [ 1404.476322][T30172] tpg quantization: 0/0 [ 1404.495156][T30172] tpg RGB range: 0/2 [ 1404.505023][T30163] Process accounting resumed [ 1404.527660][T30172] vivid-007: ================== END STATUS ================== [ 1407.140752][T29255] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 1407.168774][T29255] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 1407.179398][T29255] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 1407.197289][T29255] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 1407.206721][T29255] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 1407.314576][T30205] FAULT_INJECTION: forcing a failure. [ 1407.314576][T30205] name failslab, interval 1, probability 0, space 0, times 0 [ 1407.458482][T30205] CPU: 0 UID: 0 PID: 30205 Comm: syz.1.5313 Tainted: G L syzkaller #0 PREEMPT(full) [ 1407.458509][T30205] Tainted: [L]=SOFTLOCKUP [ 1407.458516][T30205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1407.458525][T30205] Call Trace: [ 1407.458530][T30205] [ 1407.458537][T30205] dump_stack_lvl+0x100/0x190 [ 1407.458568][T30205] should_fail_ex.cold+0x5/0xa [ 1407.458588][T30205] ? sk_prot_alloc+0x10b/0x2a0 [ 1407.458606][T30205] should_failslab+0xc2/0x120 [ 1407.458625][T30205] __kmalloc_noprof+0xe0/0x850 [ 1407.458652][T30205] sk_prot_alloc+0x10b/0x2a0 [ 1407.458672][T30205] sk_alloc+0x36/0xe80 [ 1407.458695][T30205] __netlink_create+0x5e/0x2c0 [ 1407.458710][T30205] ? __wake_up+0x3f/0x60 [ 1407.458732][T30205] netlink_create+0x29b/0x610 [ 1407.458749][T30205] ? __pfx_genl_bind+0x10/0x10 [ 1407.458767][T30205] ? __pfx_genl_unbind+0x10/0x10 [ 1407.458786][T30205] ? __pfx_genl_release+0x10/0x10 [ 1407.458808][T30205] __sock_create+0x339/0x860 [ 1407.458832][T30205] __sys_socket+0x14d/0x260 [ 1407.458852][T30205] ? __pfx___sys_socket+0x10/0x10 [ 1407.458877][T30205] __x64_sys_socket+0x72/0xb0 [ 1407.458896][T30205] ? lockdep_hardirqs_on+0x78/0x100 [ 1407.458917][T30205] do_syscall_64+0x115/0x840 [ 1407.458936][T30205] ? clear_bhb_loop+0x40/0x90 [ 1407.458955][T30205] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1407.458971][T30205] RIP: 0033:0x7f669719ce59 [ 1407.458984][T30205] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1407.458999][T30205] RSP: 002b:00007f6697f9f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 1407.459014][T30205] RAX: ffffffffffffffda RBX: 00007f6697416270 RCX: 00007f669719ce59 [ 1407.459025][T30205] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 1407.459034][T30205] RBP: 00007f6697232d6f R08: 0000000000000000 R09: 0000000000000000 [ 1407.459043][T30205] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1407.459052][T30205] R13: 00007f6697416308 R14: 00007f6697416270 R15: 00007fff825b9f68 [ 1407.459071][T30205] [ 1408.258882][T30213] futex_wake_op: syz.0.5315 tries to shift op by -2048; fix this program [ 1409.309477][T29255] Bluetooth: hci9: command tx timeout [ 1410.621609][T30201] bridge0: port 1(bridge_slave_0) entered blocking state [ 1410.652577][T30201] bridge0: port 1(bridge_slave_0) entered disabled state [ 1410.690768][T30201] bridge_slave_0: entered allmulticast mode [ 1410.722347][T30201] bridge_slave_0: entered promiscuous mode [ 1410.755469][T30201] bridge0: port 2(bridge_slave_1) entered blocking state [ 1410.780287][T30201] bridge0: port 2(bridge_slave_1) entered disabled state [ 1410.806856][T30201] bridge_slave_1: entered allmulticast mode [ 1410.833951][T30201] bridge_slave_1: entered promiscuous mode [ 1411.001894][T30201] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1411.086745][T30201] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1411.305058][T30201] team0: Port device team_slave_0 added [ 1411.372727][T30201] team0: Port device team_slave_1 added [ 1411.379148][T29255] Bluetooth: hci9: command tx timeout [ 1411.773983][T30201] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1411.834409][T30201] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1411.963844][T30201] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1412.038854][T30201] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1412.065162][T30201] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1412.192182][T30201] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1412.418800][T30201] hsr_slave_0: entered promiscuous mode [ 1412.441434][T30201] hsr_slave_1: entered promiscuous mode [ 1412.465005][T30201] debugfs: 'hsr0' already exists in 'hsr' [ 1412.505132][T30201] Cannot create hsr debugfs directory [ 1413.445754][T29255] Bluetooth: hci9: command tx timeout [ 1415.371448][T30293] FAULT_INJECTION: forcing a failure. [ 1415.371448][T30293] name failslab, interval 1, probability 0, space 0, times 0 [ 1415.417525][T30293] CPU: 0 UID: 0 PID: 30293 Comm: syz.0.5328 Tainted: G L syzkaller #0 PREEMPT(full) [ 1415.417552][T30293] Tainted: [L]=SOFTLOCKUP [ 1415.417558][T30293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1415.417567][T30293] Call Trace: [ 1415.417573][T30293] [ 1415.417579][T30293] dump_stack_lvl+0x100/0x190 [ 1415.417609][T30293] should_fail_ex.cold+0x5/0xa [ 1415.417630][T30293] should_failslab+0xc2/0x120 [ 1415.417649][T30293] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 1415.417666][T30293] ? kstrdup_const+0x63/0x80 [ 1415.417680][T30293] ? find_held_lock+0x2b/0x80 [ 1415.417698][T30293] ? is_bpf_text_address+0x8a/0x1a0 [ 1415.417721][T30293] kstrdup+0x51/0xe0 [ 1415.417737][T30293] kstrdup_const+0x63/0x80 [ 1415.417752][T30293] __kernfs_new_node+0x9b/0x9f0 [ 1415.417769][T30293] ? __kernel_text_address+0xd/0x30 [ 1415.417785][T30293] ? arch_stack_walk+0xa6/0xf0 [ 1415.417802][T30293] ? __pfx___kernfs_new_node+0x10/0x10 [ 1415.417824][T30293] ? find_held_lock+0x2b/0x80 [ 1415.417841][T30293] ? kernfs_root+0xee/0x2a0 [ 1415.417856][T30293] ? kernfs_root+0xee/0x2a0 [ 1415.417876][T30293] kernfs_new_node+0x11b/0x1a0 [ 1415.417899][T30293] kernfs_create_dir_ns+0x4c/0x1a0 [ 1415.417920][T30293] sysfs_create_dir_ns+0x13a/0x2b0 [ 1415.417936][T30293] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 1415.417951][T30293] ? find_held_lock+0x2b/0x80 [ 1415.417968][T30293] ? kobject_add_internal+0x25f/0x930 [ 1415.417984][T30293] ? kobject_add_internal+0x25f/0x930 [ 1415.418000][T30293] ? class_dir_child_ns_type+0xd/0x60 [ 1415.418019][T30293] kobject_add_internal+0x2c8/0x930 [ 1415.418038][T30293] kobject_add+0x16a/0x1e0 [ 1415.418053][T30293] ? __pfx_kobject_add+0x10/0x10 [ 1415.418072][T30293] ? kobject_put+0xb9/0x640 [ 1415.418099][T30293] device_add+0x294/0x1950 [ 1415.418118][T30293] ? __pfx_device_add+0x10/0x10 [ 1415.418141][T30293] nfc_register_device+0x41/0x3e0 [ 1415.418268][T30293] nci_register_device+0x7f1/0xb80 [ 1415.418310][T30293] ? __pfx_nci_register_device+0x10/0x10 [ 1415.418330][T30293] ? lockdep_init_map_type+0x5c/0x250 [ 1415.418357][T30293] virtual_ncidev_open+0x141/0x220 [ 1415.418403][T30293] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 1415.418419][T30293] misc_open+0x26d/0x450 [ 1415.418437][T30293] ? __pfx_misc_open+0x10/0x10 [ 1415.418452][T30293] chrdev_open+0x234/0x6a0 [ 1415.418471][T30293] ? __pfx_apparmor_file_open+0x10/0x10 [ 1415.418489][T30293] ? __pfx_chrdev_open+0x10/0x10 [ 1415.418508][T30293] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1415.418533][T30293] do_dentry_open+0x6ab/0x14d0 [ 1415.418551][T30293] ? __pfx_chrdev_open+0x10/0x10 [ 1415.418574][T30293] vfs_open+0x82/0x3f0 [ 1415.418597][T30293] path_openat+0x208c/0x31a0 [ 1415.418622][T30293] ? __pfx_path_openat+0x10/0x10 [ 1415.418648][T30293] do_file_open+0x20e/0x430 [ 1415.418668][T30293] ? __pfx_do_file_open+0x10/0x10 [ 1415.418700][T30293] ? alloc_fd+0x476/0x790 [ 1415.418720][T30293] ? do_getname+0x191/0x390 [ 1415.418743][T30293] do_sys_openat2+0x10d/0x1e0 [ 1415.418765][T30293] ? __pfx_do_sys_openat2+0x10/0x10 [ 1415.418794][T30293] __x64_sys_openat+0x12d/0x210 [ 1415.418816][T30293] ? __pfx___x64_sys_openat+0x10/0x10 [ 1415.418842][T30293] ? rcu_is_watching+0x12/0xc0 [ 1415.418864][T30293] do_syscall_64+0x115/0x840 [ 1415.418884][T30293] ? clear_bhb_loop+0x40/0x90 [ 1415.418903][T30293] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1415.418918][T30293] RIP: 0033:0x7f8ef079ce59 [ 1415.418933][T30293] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1415.418947][T30293] RSP: 002b:00007f8ef1635028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1415.418962][T30293] RAX: ffffffffffffffda RBX: 00007f8ef0a16090 RCX: 00007f8ef079ce59 [ 1415.418973][T30293] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 1415.418983][T30293] RBP: 00007f8ef0832d6f R08: 0000000000000000 R09: 0000000000000000 [ 1415.418993][T30293] R10: 000000000000003e R11: 0000000000000246 R12: 0000000000000000 [ 1415.419002][T30293] R13: 00007f8ef0a16128 R14: 00007f8ef0a16090 R15: 00007ffdeaac5da8 [ 1415.419023][T30293] [ 1416.229324][T30293] kobject: kobject_add_internal failed for nfc2 (error: -12 parent: nfc) [ 1416.335954][T29255] Bluetooth: hci9: command tx timeout [ 1417.465323][T30318] FAULT_INJECTION: forcing a failure. [ 1417.465323][T30318] name failslab, interval 1, probability 0, space 0, times 0 [ 1417.506547][T30318] CPU: 0 UID: 0 PID: 30318 Comm: syz.0.5333 Tainted: G L syzkaller #0 PREEMPT(full) [ 1417.506574][T30318] Tainted: [L]=SOFTLOCKUP [ 1417.506580][T30318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1417.506590][T30318] Call Trace: [ 1417.506596][T30318] [ 1417.506602][T30318] dump_stack_lvl+0x100/0x190 [ 1417.506633][T30318] should_fail_ex.cold+0x5/0xa [ 1417.506652][T30318] should_failslab+0xc2/0x120 [ 1417.506670][T30318] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1417.506693][T30318] ? skb_clone+0x190/0x400 [ 1417.506713][T30318] skb_clone+0x190/0x400 [ 1417.506728][T30318] netlink_deliver_tap+0xaed/0xcc0 [ 1417.506753][T30318] netlink_unicast+0x62b/0x850 [ 1417.506775][T30318] ? __pfx_netlink_unicast+0x10/0x10 [ 1417.506800][T30318] netlink_sendmsg+0x8b0/0xda0 [ 1417.506822][T30318] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1417.506844][T30318] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 1417.506863][T30318] __sys_sendto+0x468/0x4b0 [ 1417.506885][T30318] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1417.506905][T30318] ? __pfx___sys_sendto+0x10/0x10 [ 1417.506933][T30318] ? fd_install+0x223/0x580 [ 1417.506958][T30318] ? __pfx___sys_socket+0x10/0x10 [ 1417.506982][T30318] __x64_sys_sendto+0xe0/0x1c0 [ 1417.507004][T30318] ? do_syscall_64+0x90/0x840 [ 1417.507029][T30318] ? lockdep_hardirqs_on+0x78/0x100 [ 1417.507051][T30318] do_syscall_64+0x115/0x840 [ 1417.507070][T30318] ? clear_bhb_loop+0x40/0x90 [ 1417.507089][T30318] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1417.507105][T30318] RIP: 0033:0x7f8ef075d68e [ 1417.507120][T30318] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1417.507134][T30318] RSP: 002b:00007f8ef1654e88 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 1417.507149][T30318] RAX: ffffffffffffffda RBX: 00007f8ef16566c0 RCX: 00007f8ef075d68e [ 1417.507160][T30318] RDX: 0000000000000020 RSI: 00007f8ef1655000 RDI: 000000000000000a [ 1417.507170][T30318] RBP: 0000000000000000 R08: 00007f8ef1654f04 R09: 000000000000000c [ 1417.507179][T30318] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000a [ 1417.507188][T30318] R13: 00007f8ef1654f58 R14: 00007f8ef1655000 R15: 0000000000000000 [ 1417.507208][T30318] [ 1419.975055][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 1419.981680][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 1420.253874][T30333] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5342'. [ 1420.786301][T30340] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5337'. [ 1421.243557][ T31] INFO: task syz-executor:28294 blocked for more than 143 seconds. [ 1421.252058][ T31] Tainted: G L syzkaller #0 [ 1421.280566][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1421.335850][ T31] task:syz-executor state:D stack:24072 pid:28294 tgid:28294 ppid:1 task_flags:0x480140 flags:0x00080002 [ 1421.414986][ T31] Call Trace: [ 1421.442511][ T31] [ 1421.459432][ T31] __schedule+0x1295/0x67a0 [ 1421.498036][ T31] ? __pfx___schedule+0x10/0x10 [ 1421.532030][ T31] ? find_held_lock+0x2b/0x80 [ 1421.592486][ T31] ? schedule+0x2bf/0x390 [ 1421.640874][ T31] schedule+0xdd/0x390 [ 1421.672478][ T31] schedule_timeout+0x1b2/0x280 [ 1421.708806][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 1421.743551][ T31] ? mark_held_locks+0x40/0x70 [ 1421.769639][ T31] __wait_for_common+0x2e7/0x4c0 [ 1421.798554][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 1421.829285][ T31] ? __pfx___wait_for_common+0x10/0x10 [ 1421.862392][ T31] remove_one+0x312/0x420 [ 1421.885730][ T31] ? find_next_child+0x18f/0x280 [ 1421.913177][ T31] __simple_recursive_removal+0x148/0x5c0 [ 1421.944906][ T31] ? __pfx_remove_one+0x10/0x10 [ 1421.971203][ T31] debugfs_remove+0x5d/0x80 [ 1421.995830][ T31] nsim_dev_health_exit+0x3b/0xe0 [ 1422.024515][ T31] nsim_dev_reload_destroy+0x144/0x4a0 [ 1422.056008][ T31] nsim_drv_remove+0x52/0x1e0 [ 1422.079872][ T31] ? __pfx_nsim_bus_remove+0x10/0x10 [ 1422.105753][ T31] device_remove+0xcb/0x180 [ 1422.131293][ T31] device_release_driver_internal+0x44e/0x620 [ 1422.158491][ T31] bus_remove_device+0x2bc/0x560 [ 1422.175857][ T31] ? __pfx_bus_remove_device+0x10/0x10 [ 1422.202114][ T31] ? __pfx_device_remove_attrs+0x10/0x10 [ 1422.226894][ T31] device_del+0x376/0x9b0 [ 1422.246311][ T31] ? __pfx_device_del+0x10/0x10 [ 1422.272786][ T31] ? __lock_acquire+0x4a5/0x2630 [ 1422.295686][ T31] device_unregister+0x1d/0xe0 [ 1422.321968][ T31] del_device_store+0x346/0x480 [ 1422.340895][ T31] ? __pfx_del_device_store+0x10/0x10 [ 1422.365233][ T31] ? find_held_lock+0x2b/0x80 [ 1422.381666][ T31] ? sysfs_file_kobj+0xe4/0x290 [ 1422.399326][ T31] ? sysfs_file_kobj+0xe4/0x290 [ 1422.427058][ T31] ? __pfx_del_device_store+0x10/0x10 [ 1422.434625][ T31] bus_attr_store+0x74/0xb0 [ 1422.450049][ T31] ? __pfx_bus_attr_store+0x10/0x10 [ 1422.469201][ T31] sysfs_kf_write+0xf2/0x150 [ 1422.489032][ T31] kernfs_fop_write_iter+0x3e0/0x5f0 [ 1422.496143][ T31] ? __pfx_sysfs_kf_write+0x10/0x10 [ 1422.527059][ T31] vfs_write+0x6ac/0x1070 [ 1422.541736][ T31] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 1422.568476][ T31] ? __pfx_vfs_write+0x10/0x10 [ 1422.577832][ T31] ? __pfx_do_sys_openat2+0x10/0x10 [ 1422.593618][ T31] ksys_write+0x12a/0x250 [ 1422.609092][ T31] ? __pfx_ksys_write+0x10/0x10 [ 1422.628018][ T31] ? rcu_is_watching+0x12/0xc0 [ 1422.657492][ T31] do_syscall_64+0x115/0x840 [ 1422.662165][ T31] ? clear_bhb_loop+0x40/0x90 [ 1422.677924][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1422.695813][ T31] RIP: 0033:0x7f47bd55d68e [ 1422.709314][ T31] RSP: 002b:00007ffe38947bf8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1422.735162][ T31] RAX: ffffffffffffffda RBX: 000055556a028500 RCX: 00007f47bd55d68e [ 1422.763068][ T31] RDX: 0000000000000001 RSI: 00007ffe38947c80 RDI: 0000000000000005 [ 1422.795084][ T31] RBP: 00007f47bd6335f2 R08: 0000000000000000 R09: 0000000000000000 [ 1422.813621][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1422.837448][ T31] R13: 00007ffe38947c80 R14: 00007f47be344620 R15: 0000000000000003 [ 1422.854984][ T31] [ 1422.962527][ T31] INFO: task syz.4.5008:28500 blocked for more than 145 seconds. [ 1422.996576][ T31] Tainted: G L syzkaller #0 [ 1423.031191][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1423.074384][ T31] task:syz.4.5008 state:D stack:29032 pid:28500 tgid:28496 ppid:22120 task_flags:0x400040 flags:0x00080002 [ 1423.131662][ T31] Call Trace: [ 1423.150443][ T31] [ 1423.168639][ T31] __schedule+0x1295/0x67a0 [ 1423.188431][ T31] ? __pfx___schedule+0x10/0x10 [ 1423.207135][ T31] ? find_held_lock+0x2b/0x80 [ 1423.248152][ T31] ? schedule+0x2bf/0x390 [ 1423.254238][ T31] schedule+0xdd/0x390 [ 1423.269124][ T31] schedule_preempt_disabled+0x13/0x30 [ 1423.292521][ T31] __mutex_lock+0xced/0x1b10 [ 1423.316029][ T31] ? devlink_health_report+0x66c/0xb20 [ 1423.345666][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 1423.371240][ T31] ? devlink_recover_notify.constprop.0+0x1e3/0x550 [ 1423.408983][ T31] ? devlink_health_report+0x66c/0xb20 [ 1423.433243][ T31] devlink_health_report+0x66c/0xb20 [ 1423.461681][ T31] ? __pfx_devlink_health_report+0x10/0x10 [ 1423.477268][ T31] ? _copy_from_user+0x59/0xd0 [ 1423.493029][ T31] nsim_dev_health_break_write+0x166/0x210 [ 1423.501058][ T31] ? __pfx_nsim_dev_health_break_write+0x10/0x10 [ 1423.521850][ T31] full_proxy_write+0x135/0x1a0 [ 1423.526757][ T31] vfs_write+0x2aa/0x1070 [ 1423.541321][ T31] ? __pfx_full_proxy_write+0x10/0x10 [ 1423.546734][ T31] ? __pfx_vfs_write+0x10/0x10 [ 1423.571045][ T31] ? __fget_files+0x215/0x3d0 [ 1423.576826][ T31] ? __fget_files+0x21f/0x3d0 [ 1423.591559][ T31] ksys_write+0x12a/0x250 [ 1423.595929][ T31] ? __pfx_ksys_write+0x10/0x10 [ 1423.600787][ T31] ? kcov_ioctl+0x16a/0x720 [ 1423.616934][ T31] ? rcu_is_watching+0x12/0xc0 [ 1423.630021][ T31] do_syscall_64+0x115/0x840 [ 1423.640777][ T31] ? clear_bhb_loop+0x40/0x90 [ 1423.651080][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1423.662277][ T31] RIP: 0033:0x7f324bb9ce59 [ 1423.670706][ T31] RSP: 002b:00007f324cafd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1423.691038][ T31] RAX: ffffffffffffffda RBX: 00007f324be16090 RCX: 00007f324bb9ce59 [ 1423.710743][ T31] RDX: 00000000000001e1 RSI: 0000200000000080 RDI: 0000000000000006 [ 1423.730326][ T31] RBP: 00007f324bc32d6f R08: 0000000000000000 R09: 0000000000000000 [ 1423.741923][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1423.760299][ T31] R13: 00007f324be16128 R14: 00007f324be16090 R15: 00007fffac1cf8a8 [ 1423.777062][ T31] [ 1423.813498][ T31] [ 1423.813498][ T31] Showing all locks held in the system: [ 1423.862827][ T31] 1 lock held by khungtaskd/31: [ 1423.880956][ T31] #0: ffffffff8e7e5360 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184 [ 1423.899525][ T31] 3 locks held by kworker/0:5/5725: [ 1423.906157][ T31] #0: ffff88813fe57140 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x12d6/0x1980 [ 1423.940771][ T31] #1: ffff888076434008 (&____s->seqcount#13){.-.-}-{0:0}, at: trace_ignore_this_task+0x56/0x100 [ 1423.956393][ T31] #2: ffff888078af1250 (&data->fib_lock){+.+.}-{4:4}, at: nsim_fib_event_work+0x1b8/0x63b0 [ 1423.979027][ T31] 2 locks held by getty/15365: [ 1423.988487][ T31] #0: ffff8880385ff0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 1424.008783][ T31] #1: ffffc90006c852e8 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x419/0x14f0 [ 1424.029924][ T31] 2 locks held by syz.1.2671/17862: [ 1424.040397][ T31] #0: ffffffff90606c20 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x220 [ 1424.068462][ T31] #1: ffffffff8e7f0ea8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x19e/0x3c0 [ 1424.082681][ T31] 1 lock held by syz.3.3643/21902: [ 1424.098390][ T31] 7 locks held by syz-executor/28294: [ 1424.103778][ T31] #0: ffff8880365dc410 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1424.128181][ T31] #1: ffff8880641bdc80 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 1424.148039][ T31] #2: ffff88802b13be18 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 1424.167944][ T31] #3: ffffffff8fb87a80 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 1424.189585][ T31] #4: ffff888079d8a128 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xb2/0x620 [ 1424.217783][ T31] #5: ffff88807722e258 (&devlink->lock_key#8){+.+.}-{4:4}, at: nsim_drv_remove+0x4a/0x1e0 [ 1424.230965][ T31] #6: ffff8880979962f0 (&sb->s_type->i_mutex_key#9/2){+.+.}-{4:4}, at: __simple_recursive_removal+0xe0/0x5c0 [ 1424.257533][ T31] 3 locks held by syz.4.5008/28500: [ 1424.269260][ T31] #0: ffff88807c651970 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2aa/0x380 [ 1424.288164][ T31] #1: ffff888020292410 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1424.307290][ T31] #2: ffff88807722e258 (&devlink->lock_key#8){+.+.}-{4:4}, at: devlink_health_report+0x66c/0xb20 [ 1424.328988][ T31] 4 locks held by syz-executor/28682: [ 1424.347867][ T31] #0: ffff8880365dc410 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1424.363847][ T31] #1: ffff888053ca4480 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 1424.386868][ T31] #2: ffff88802b13be18 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 1424.406959][ T31] #3: ffffffff8fb87a80 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 1424.430590][ T31] 4 locks held by syz-executor/29100: [ 1424.446529][ T31] #0: ffff8880365dc410 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1424.465770][ T31] #1: ffff88806e52c880 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 1424.487967][ T31] #2: ffff88802b13be18 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 1424.506250][ T31] #3: ffffffff8fb87a80 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 1424.526146][ T31] 3 locks held by kworker/u10:0/29475: [ 1424.536052][ T31] #0: ffff88813fe94140 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x12d6/0x1980 [ 1424.565912][ T31] #1: ffffc9000472fd08 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x973/0x1980 [ 1424.595573][ T31] #2: ffffffff90606c20 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0x51/0xc0 [ 1424.615676][ T31] 4 locks held by syz-executor/29527: [ 1424.622512][ T31] #0: ffff8880365dc410 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1424.646018][ T31] #1: ffff88805c5c8880 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 1424.667078][ T31] #2: ffff88802b13be18 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 1424.685964][ T31] #3: ffffffff8fb87a80 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 1424.715144][ T31] 4 locks held by syz-executor/29912: [ 1424.720550][ T31] #0: ffff8880365dc410 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1424.745621][ T31] #1: ffff8880261c6c80 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 1424.764985][ T31] #2: ffff88802b13be18 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 1424.784757][ T31] #3: ffffffff8fb87a80 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 1424.804652][ T31] 4 locks held by syz-executor/30201: [ 1424.818356][ T31] #0: ffff8880365dc410 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1424.844400][ T31] #1: ffff8880464e3880 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 1424.864327][ T31] #2: ffff88802b13be18 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 1424.884410][ T31] #3: ffffffff8fb87a80 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 1424.904782][ T31] 1 lock held by syz.0.5338/30355: [ 1424.911333][ T31] #0: ffffffff90606c20 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x220 [ 1424.950829][ T31] [ 1424.959058][ T31] ============================================= [ 1424.959058][ T31] [ 1424.979294][T17862] EXT4-fs error (device sda1): ext4_discard_preallocations:5696: comm syz.1.2671: Error -117 reading block bitmap for 2 [ 1425.036498][ T31] NMI backtrace for cpu 0 [ 1425.036515][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full) [ 1425.036536][ T31] Tainted: [L]=SOFTLOCKUP [ 1425.036541][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1425.036550][ T31] Call Trace: [ 1425.036555][ T31] [ 1425.036562][ T31] dump_stack_lvl+0x100/0x190 [ 1425.036590][ T31] nmi_cpu_backtrace.cold+0x12d/0x151 [ 1425.036607][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1425.036623][ T31] nmi_trigger_cpumask_backtrace+0x1d7/0x230 [ 1425.036721][ T31] sys_info+0x141/0x190 [ 1425.036741][ T31] watchdog+0xcb1/0x1030 [ 1425.036763][ T31] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1425.036783][ T31] ? __pfx_watchdog+0x10/0x10 [ 1425.036802][ T31] ? __kthread_parkme+0x18c/0x230 [ 1425.036822][ T31] ? kthread+0x13a/0x450 [ 1425.036841][ T31] ? __pfx_watchdog+0x10/0x10 [ 1425.036858][ T31] kthread+0x370/0x450 [ 1425.036880][ T31] ? __pfx_kthread+0x10/0x10 [ 1425.036902][ T31] ret_from_fork+0x72b/0xd50 [ 1425.036917][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 1425.036933][ T31] ? __switch_to+0x800/0x1100 [ 1425.036951][ T31] ? __switch_to_asm+0x39/0x70 [ 1425.036968][ T31] ? __pfx_kthread+0x10/0x10 [ 1425.036989][ T31] ret_from_fork_asm+0x1a/0x30 [ 1425.037015][ T31] [ 1425.355889][T17862] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem [ 1425.407658][T17862] EXT4-fs error (device sda1): ext4_discard_preallocations:5696: comm syz.1.2671: Error -117 reading block bitmap for 1 [ 1425.467222][T17862] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem [ 1425.513808][T30355] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem [ 1425.600558][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 1425.607434][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full) [ 1425.618096][ T31] Tainted: [L]=SOFTLOCKUP [ 1425.622414][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1425.632450][ T31] Call Trace: [ 1425.635729][ T31] [ 1425.638646][ T31] dump_stack_lvl+0x100/0x190 [ 1425.643321][ T31] vpanic+0x552/0x970 [ 1425.647292][ T31] ? __pfx_vpanic+0x10/0x10 [ 1425.651778][ T31] ? nmi_trigger_cpumask_backtrace+0x182/0x230 [ 1425.657918][ T31] ? nmi_trigger_cpumask_backtrace+0x182/0x230 [ 1425.664075][ T31] panic+0xd1/0xe0 [ 1425.667780][ T31] ? __pfx_panic+0x10/0x10 [ 1425.672266][ T31] ? nmi_trigger_cpumask_backtrace+0x1b5/0x230 [ 1425.678402][ T31] ? nmi_trigger_cpumask_backtrace+0x1f6/0x230 [ 1425.684554][ T31] ? nmi_trigger_cpumask_backtrace+0x200/0x230 [ 1425.690722][ T31] ? watchdog.cold+0x1ec/0x234 [ 1425.695491][ T31] ? watchdog+0xcc1/0x1030 [ 1425.699903][ T31] watchdog.cold+0x1fd/0x234 [ 1425.704488][ T31] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1425.710287][ T31] ? __pfx_watchdog+0x10/0x10 [ 1425.714954][ T31] ? __kthread_parkme+0x18c/0x230 [ 1425.719969][ T31] ? kthread+0x13a/0x450 [ 1425.724201][ T31] ? __pfx_watchdog+0x10/0x10 [ 1425.728866][ T31] kthread+0x370/0x450 [ 1425.732926][ T31] ? __pfx_kthread+0x10/0x10 [ 1425.737527][ T31] ret_from_fork+0x72b/0xd50 [ 1425.742134][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 1425.747249][ T31] ? __switch_to+0x800/0x1100 [ 1425.751921][ T31] ? __switch_to_asm+0x39/0x70 [ 1425.756677][ T31] ? __pfx_kthread+0x10/0x10 [ 1425.761260][ T31] ret_from_fork_asm+0x1a/0x30 [ 1425.766022][ T31] [ 1425.769103][ T31] Kernel Offset: disabled [ 1425.773416][ T31] Rebooting in 86400 seconds..