last executing test programs: 22m55.980834737s ago: executing program 2 (id=52): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) move_pages$auto(0x0, 0x5, &(0x7f0000000380)=&(0x7f0000001180), &(0x7f00000003c0)=0x1, 0x0, 0x2) mmap$auto(0x0, 0x101, 0x4000000000df, 0xeb1, 0x200000401, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00F\x00', @ANYRES16=0x0, @ANYBLOB="01002cbd7000fbdbdf250a000000080001008000000008000200", @ANYRES32=r1], 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x20004080) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB='X'], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) mincore$auto(0x0, 0x5, 0x0) 22m54.971670902s ago: executing program 2 (id=56): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) r0 = pipe$auto(0x0) tee$auto(0xffffffffffffffff, r0, 0x5, 0x8) close_range$auto(0x2, 0x8, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x81) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/neigh/vlan1/base_reachable_time\x00', 0x40400, 0x0) read$auto(r1, 0x0, 0x1ff) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x8002, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) mknod$auto(&(0x7f0000000040)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00'/263, 0x1, 0x4) r3 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000400), r0) sendmsg$auto_TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000000700)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000740)={0x26c, r3, 0x400, 0x70bd25, 0x25dfdbfc, {}, [@TIPC_NLA_MEDIA={0x257, 0x5, 0x0, 0x1, [@generic="5a5913c49a72386f40618979", @nested={0xe6, 0x11a, 0x0, 0x1, [@typed={0x8, 0x14b, 0x0, 0x0, @fd=r2}, @generic="77fb2ccbf5473a007275dfa63673d58a9c0d83e8105026ce8d77c67e8184c9758e450e00324c3bd8c24e1c0fbc3ddeb01f19342e9ccad2e86c7d5b0f2a92dec7a6d14e7b854a4d9b755281fb79e2819d35a2699d55ceba53cf0528cdd7398fbc5ed2b4392a836b8413ea56688c844dd0dac6073c0a90606992e7f882aefae067d0f06114d6b8aa972c394c7170f399e0f2355766bffd132d6f2c1ed37c315c46613ea69f58ba6dea67b97a9ebf1f3e33da06aef8ec957df55d0edf0dba1d933d62cb569a61d0366bb52d4800"/218]}, @generic="eb94115d24ea51f76a7824ce0a90170d2ef83719e55212f946005c7300c06c507bc44de211f9a5fcb0f95963e7d889f8d52e384e5c60f7fd33246d32ba99590c62acb06e3971761cb8324c5c7f411a272e5a94f6a1850cb376df7e32277690f4ed013af0e75f8b3fcb509e8c14d26e205c79eb107144495411cd1c6662d132e022631ccbce2287f20bba45740a45900e17bc67fee4414bc2d13434af79f150877adf5da5541da804c5ffd8dddd30ac26c99b01", @typed={0xab, 0xa5, 0x0, 0x0, @binary="c77e5933ff6b143a186c1b13a722c7ca3e55d60e7571d8a96fdadfb4206b17c503c9ab6f15dba0d006ccd598ea784a35f7b6a8176804e4a86164197481544677984f07ab7668542493b4dab3896d743644cc74d5487fad8b4ff03b75e7cf15a4e6b754e901014b611c4f8bc7cc5767a9a6a65b84e972d139feec4ac35c2eeb76f08d9cef9eae94bd34788d3e0aec784c1c4d2ef05a38e4b4e869d913d744f380ad0df33a8b9541"}]}]}, 0x26c}, 0x1, 0x0, 0x0, 0x10000000}, 0x73dbdc1bb42eb804) sendmsg$auto_ETHTOOL_MSG_STATS_GET(r0, &(0x7f0000001680)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000001640)={&(0x7f00000003c0)={0x14, 0x0, 0x300, 0x70bd2b, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) close_range$auto(0x0, 0x5, 0x0) r4 = fsopen$auto(0x0, 0x1) fsconfig$auto(r4, 0x8, 0x0, 0x0, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_CREATE(r0, 0xc02054a5, &(0x7f0000000440)={0x13f3, r4, 0x9, "434622db96150de6a981cd7eaa1d5e03"}) rename$auto(&(0x7f0000000180)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00', &(0x7f0000000300)='v#\xd5\xaf>=\x14\xe6%\xf7\x8a\x8d\x9a\xae\x1a\xd6\xa8\xb8\x1d\xf5(\xb0\x1f\xbd\xcbV\n\"\xe3V\xfeP\xceN\xb2\xc32\xaf\xcc\x80\xfa\xf0\xd4\xd9|\xfe\x03y\xd16\x17\x99R\xca\xe5\xf4\xb4T\xfcv\xfc\xe6\x9cv\a\x00\xc2a\x16\xd1\x8a\x80\x90\x87\xa5s\x10\xed\x93\xd4\x15=\xc0\x1f\x0e\xb0\x18v}\x03!\xf0I\xe3}\x90\x9b\x92[\xfe2<7\xd3\x81\x9a~\xcd\r\x19\x9e\x10(5\xfd\x8b\x82\xd4\xc85\xc3\x93t\t\xd0\x9d\xca^n\xf3\xcb>\x1bO\xcej\xe0\xef\xf2\xd7\xc2}\x18\xd9`AO\x95<\x9aH\vu\xae\xd4\xea\x12\xb8\xd1\n\x01\x83r\x85\xbf*\x18\xa7 S:R\x14\x89Z3\x94\x8bP)') recvmmsg$auto(0xffffffffffffffff, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0) r5 = socket(0xa, 0x2, 0x0) sendto$auto(r5, 0x0, 0x402, 0xacf8, &(0x7f0000000040)=@generic={0xa, "e2e18340cba8fe8000"}, 0x1c) close_range$auto(0x2, 0x8, 0x0) 22m54.122675604s ago: executing program 2 (id=60): read$auto_proc_reg_file_ops_compat_inode(0xffffffffffffffff, 0x0, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0x1, 0xb9, 0xf, 0x7, 0x400004, 0xffffffffffffffff, 0xe7b, "00000000000000e3ffffffffffffff00", 0x0, 0xffffffffffffffff, 0x5, 0x7, 0xe5, 0x3}, 0x10) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ram7\x00', 0x42e0c0, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) sched_setscheduler$auto(0x0, 0x5, 0x0) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_OVS_FLOW_CMD_GET(0xffffffffffffffff, 0x0, 0x4) openat$auto_uprobe_events_ops_trace_uprobe(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/uprobe_events\x00', 0x183182, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/fail-nth\x00', 0x202002, 0x0) fanotify_init$auto(0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x202000a, 0xffffffff, 0xdc, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0x2003f2, 0x15) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) madvise$auto(0x0, 0x200007, 0x19) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x2c0501, 0x0) 22m52.649959994s ago: executing program 2 (id=65): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) bpf$auto_BPF_LINK_CREATE(0x1c, &(0x7f0000000100)=@bpf_attr_5={@target_ifindex, r0, 0x400, 0x0, r0, @relative_fd=r0, 0x6d83}, 0x6) bpf$auto_BPF_OBJ_PIN(0x6, &(0x7f00000001c0)=@bpf_attr_1={r1, 0x2, @value=0xc, 0x9}, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) setrlimit$auto(0x8, 0x0) rt_sigqueueinfo$auto(0x0, 0x7, 0x0) mmap$auto(0x0, 0x100, 0x4000000000df, 0x80000000eb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x5, 0x2000000000002) r2 = socket(0xa, 0x5, 0x0) fcntl$auto_F_GETOWNER_UIDS(r2, 0x11, 0x8) unshare$auto(0x40000080) r3 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000001900), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_MACSEC_CMD_GET_TXSC(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=ANY=[@ANYBLOB="14000000", @ANYRES16=r3, @ANYBLOB='{o'], 0x14}, 0x1, 0x0, 0x0, 0x200008d0}, 0x40080c4) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) 22m51.523495048s ago: executing program 2 (id=70): close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8a401, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x90}, 0x20000081) prlimit64$auto(0x0, 0x1, &(0x7f00000000c0)={0x6, 0x7}, &(0x7f0000000100)={0xfffffffffffffff8, 0x2e7}) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) r1 = openat$auto_check_wx_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0) read$auto_check_wx_fops_(r1, &(0x7f00000001c0)=""/186, 0xba) gettid() r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000540)='/proc/sys/kernel/kexec_load_limit_panic\x00', 0x40141, 0x0) write$auto_proc_sys_file_operations_proc_sysctl(r2, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = open(&(0x7f0000000000)='./file0\x00', 0x22240, 0x147) execve$auto(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) mmap$auto(0x0, 0x5, 0xdf, 0x9b72, 0x2, 0x8000) move_pages$auto(0x1, 0x20008, 0x0, 0x0, 0x0, 0x8000000000000000) r5 = socket(0xa, 0x801, 0x84) setsockopt$auto(r5, 0x10000000084, 0x0, 0x0, 0x10) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/neigh/vlan1/base_reachable_time\x00', 0x440, 0x0) r6 = openat$auto_check_wx_fops_(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) pread64$auto(r6, 0x0, 0x4, 0xc70d) setresuid$auto(0x60, 0x1000, 0x8000) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000000c0)={'syzkaller1\x00'}) utimensat$auto(r4, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100)={0x8, 0x1}, 0x6) r7 = openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/dri/vkms/gem_names\x00', 0x10881, 0x0) ioctl$auto(r1, 0x8, r7) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) bpf$auto_BPF_MAP_FREEZE(0x16, &(0x7f0000000280)=@bpf_attr_11={0x7614, 0x80, 0x0, 0x2, 0x8f4, 0xfc41, 0xfffff782, r1}, 0xd) 22m51.236171604s ago: executing program 3 (id=71): r0 = openat$auto_bm_entry_operations_binfmt_misc(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/fs/binfmt_misc/syz1\x00', 0x2, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/sys/vm/min_free_kbytes\x00', 0x141241, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) io_uring_setup$auto(0x2, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) readv$auto(0xffffffffffffffff, 0x0, 0x5) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) io_uring_setup$auto(0x1, 0x0) getsockopt$auto_SO_TXREHASH(0xffffffffffffffff, 0x1, 0x4a, 0x0, 0x0) fanotify_mark$auto(0xffffffffffffffff, 0x6cb7, 0x2, 0xffffffffffffff9c, 0x0) syz_genetlink_get_family_id$auto_ioam6(&(0x7f00000000c0), 0xffffffffffffffff) write$auto(0xffffffffffffffff, &(0x7f0000000300)='/sys/kernel/debug/tracing/available_events\x00', 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyS2\x00', 0x101f81, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = socket(0x2b, 0x1, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x6) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendmmsg$auto(r0, &(0x7f0000000100)={{&(0x7f0000000040), 0x12, 0x0, 0xb, 0x0, 0x4276f66b, 0x7}, 0x3}, 0x5, 0x4) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$auto_ecryptfs_miscdev_fops_miscdev(0xffffffffffffff9c, &(0x7f000000e680), 0x68182, 0x0) writev$auto(r4, &(0x7f0000000280)={0x0, 0x45}, 0xb) ioprio_set$auto(0x7d8, 0x0, 0x8) sendmsg$auto_TIPC_NL_MEDIA_GET(r3, 0x0, 0x10) setsockopt$auto(0x3, 0x1, 0x41, 0x0, 0x88) shmctl$auto_IPC_INFO(0x1, 0x3, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, r2) socket(0x2, 0x1, 0x106) fcntl$auto(0x3, 0x4, 0xa553) 22m50.409219106s ago: executing program 3 (id=73): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nbd15/queue/scheduler\x00', 0x103a42, 0x0) sendfile$auto(r0, r0, 0x0, 0x9) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000400)={{0x0, 0x5a7, &(0x7f0000000000)={&(0x7f0000000300)="669b0c0c4afa", 0x28}, 0x1, 0x0, 0x5, 0x100001}, 0x2}, 0x2, 0x8) close_range$auto(0x2, 0xa, 0x0) r1 = socket(0xa, 0x1, 0x84) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nbd15/queue/scheduler\x00', 0x103a42, 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) r2 = openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcsa1\x00', 0x101041, 0x0) poll$auto(&(0x7f0000000000)={0x3, 0x1, 0xa}, 0x5, 0x108) write$auto(r2, &(0x7f0000000000)='/sys/kernel/security/integrity/evm/evm_xattrs\x00', 0x20000003) lseek$auto(0x3, 0x7fffffffffffffff, 0x0) r3 = socket(0x2a, 0x2, 0x1) mmap$auto(0x0, 0x2020009, 0xffff, 0xeb1, 0xfffffffffffffffa, 0x8000) connect$auto(r3, &(0x7f0000000140)=@qipcrtr={0x2a, 0x1, 0x4000}, 0x57) write$auto(0x3, 0x0, 0x3f00) write$auto_fops_ulong_ro_(0xffffffffffffffff, 0x0, 0x0) io_uring_register$auto(0x2, 0x11, 0x0, 0x83) r4 = timerfd_create$auto(0x0, 0x0) close_range$auto(r1, r4, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r5 = socket(0x15, 0x5, 0x0) getsockopt$auto(r5, 0x114, 0x2716, 0xfffffffffffffffc, 0x0) ioctl$auto(0x1, 0x890c, 0x8) r6 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/netfilter/nf_hooks_lwtunnel\x00', 0x101001, 0x0) mmap$auto(0x0, 0x20009, 0xb17a, 0xeb1, 0x3fd, 0x8000) write$auto(r6, 0x0, 0x7) wait4$auto(0xffffffffffffffff, 0x0, 0x2, 0x0) r7 = openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) ioctl$auto_I2C_RDWR(r7, 0x707, &(0x7f0000000180)) 22m49.670378018s ago: executing program 3 (id=75): mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x1000000000008000) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) set_mempolicy$auto(0x2, &(0x7f0000000080)=0x7e, 0x4) mmap$auto(0x0, 0xd561, 0x10000000000df, 0xeb2, 0xffffffffffffffff, 0x8000) timer_settime$auto(0x0, 0x3, &(0x7f00000000c0)={{0x26b, 0x4}, {0x0, 0x83}}, 0x0) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/netfilter/nf_log/6\x00', 0xa0202, 0x0) sendfile$auto(r1, r1, 0x0, 0x7) r2 = setfsuid$auto(0xee00) r3 = setfsuid$auto(0xee01) setresuid$auto(r2, r3, r2) setresuid$auto(0xffffffffffffffff, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) r4 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000240)='/dev/usbmon32\x00', 0x80440, 0x0) ioctl$auto_MON_IOCX_GET(r4, 0x40189206, 0x0) ioctl$auto_MON_IOCQ_RING_SIZE(0xffffffffffffffff, 0x9205, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/bus/usb/032/001\x00', 0x8202, 0x0) 22m48.314360373s ago: executing program 3 (id=78): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x18, 0xa, 0x1) r0 = socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa}, 0x55) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002dbd7000fddbdf250800030008000300", @ANYRES32=r3], 0x24}, 0x1, 0x0, 0x0, 0x5c5fd097d751f33e}, 0x80) unshare$auto(0x40000080) unshare$auto(0x40000080) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x402, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) chdir$auto(&(0x7f0000000000)='}[,&*}\x00') getcwd$auto(0x0, 0xffffffffffffffff) unlinkat$auto(0xffffffffffffffff, 0x0, 0x200) getcwd$auto(0x0, 0x3) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x4044001) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x1, 0x0) socketpair$auto(0x7ff, 0x3, 0x101, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) gettid() openat2$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140)={0x418100, 0x103, 0x8}, 0x18) getuid() poll$auto(&(0x7f00000001c0)={r0, 0x9, 0x8}, 0xe4e97d58, 0x7) lstat$auto(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)={0xa9a, 0x1, 0x101, 0x9, 0xffffffffffffffff, 0xee01, 0x0, 0x3ab, 0x100000000, 0x4, 0x9, 0x1ff, 0x8, 0x3, 0x5, 0x2, 0x8000000000000000}) 22m47.239476446s ago: executing program 2 (id=79): socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) process_vm_writev$auto(0x0, &(0x7f00000011c0)={&(0x7f00000001c0)="42777dd1330b458d0b5c44ca32e94fc00cfbce962ee7d8f31c0f90c327830f55adfdceafcc0f7b5a21ea23bdf5344d47d49d60218e57bb33118d04fdd37f5fd17f96a318132a5dd282784244bd58b9a0c8adc60d2f8535b3", 0x8}, 0x7, 0x0, 0x7, 0xb5) r0 = socket(0x11, 0x3, 0x9) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48}) sendmmsg$auto(r0, &(0x7f00000006c0)={{&(0x7f0000000000), 0x5ac, &(0x7f0000000100)={&(0x7f0000000200)="4c0300000000000000a3677337f9eca9075f6bba441b", 0x49}, 0x5, 0x0, 0x8, 0x1}, 0x5}, 0x2, 0x100) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) shutdown$auto(0x200000003, 0x2) setsockopt$auto(0x3, 0x10000000084, 0xb, 0x0, 0xc) 22m46.104176004s ago: executing program 3 (id=80): openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000180)='/dev/bus/usb/039/001\x00', 0xa901, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/platform/mac802154_hwsim/ieee802154/phy1/net/wpan1/queues/tx-0/byte_queue_limits/limit_max\x00', 0x82942, 0x0) sendfile$auto(r0, r0, 0x0, 0x200) close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/config/target/core/alua/lu_gps/default_lu_gp/lu_gp_id\x00', 0x101000, 0x0) r1 = socket(0x11, 0xa, 0x9) sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="20fb5975959c000000", @ANYRES16=0x0, @ANYBLOB="010029bd7000fcdbdf25020000000b00010064756d6d79300000"], 0x20}, 0x1, 0x0, 0x0, 0x20041040}, 0x44c0) openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cpuinfo\x00', 0x8800, 0x0) ioctl$auto_SG_EMULATED_HOST2(0xffffffffffffffff, 0x2203, &(0x7f0000000300)="9d33dd93af72bb875a8bed991db895e6e24b8a297a741f9928ddf6ff2d23cef2d54d08a1ced88470ab9b99604cf0da85e30d005cf0903da996637985a4604059ea2f22869650e2057f36bc7fec1cccc90958961d932cedabf959be240126d8612463b887454020390ef784000924bae474e3a6459686522df2b466993bc2bcb6170f4fdae2aaabbd65aad13f80e43d4aff82c6dbb7dd2deb5c3f369d4c809056f266710d1ee46740abab") mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0xe97f, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x21, 0x2, 0x2) socket(0x2, 0x3, 0xa) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) ioctl$auto(0x3, 0x541b, 0x7f) fsopen$auto(0x0, 0x1) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer\x00', 0x787b06, 0x0) close_range$auto(0x2, 0x8, 0xffffffff) socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f00000001c0), r1) acct$auto(&(0x7f00000002c0)='/dev/rfkill\x00') fsopen$auto(&(0x7f0000000080)='!]u\x00', 0x6) mq_notify$auto(0xffffffffffffffff, &(0x7f00000000c0)={@sival_ptr=0x0, @inferred, 0x1, @_sigev_thread={0x0, 0x0}}) mprotect$auto(0x200000000003, 0xd, 0x8) fchmod$auto(0xffffffffffffffff, 0x0) 22m45.510766919s ago: executing program 3 (id=82): mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = io_uring_setup$auto(0x6, 0x0) r1 = getpgid(0x0) ioctl$auto_XFS_IOC_ALLOCSP64(r0, 0x40305824, &(0x7f0000000280)={0x6, 0x4, 0x9, 0x2, 0x80000008, r1}) capset$auto(&(0x7f00000002c0)={0x0, 0xffffffffffffffff}, &(0x7f0000000300)={0xe6, 0xad, 0x9}) socket(0xa, 0x801, 0x84) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) setsockopt$auto(0x3, 0x10000000084, 0xb, 0x0, 0xc) sendto$auto(0x3, 0x0, 0x2000f, 0x101, &(0x7f0000000000)=@in={0x2, 0x4e22, @loopback}, 0x1c) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto(0x10, r2, 0x1, 0x7ff) ptrace$auto(0xc, r2, 0x9, 0xfffffffffffff6de) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_802_15_4_mac(0x0, 0xffffffffffffffff) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket(0x11, 0xa, 0x9) sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x20, 0x0, 0x1, 0x70bd29, 0x25dfdbfc, {}, [@SMC_PNETID_NAME={0xb, 0x1, 'dummy0\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x20041040}, 0x44c0) unshare$auto(0x40000080) openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cpuinfo\x00', 0x8800, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x1c, 0x0) fsopen$auto(0x0, 0x1) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x787806, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) 22m32.05513128s ago: executing program 32 (id=79): socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) process_vm_writev$auto(0x0, &(0x7f00000011c0)={&(0x7f00000001c0)="42777dd1330b458d0b5c44ca32e94fc00cfbce962ee7d8f31c0f90c327830f55adfdceafcc0f7b5a21ea23bdf5344d47d49d60218e57bb33118d04fdd37f5fd17f96a318132a5dd282784244bd58b9a0c8adc60d2f8535b3", 0x8}, 0x7, 0x0, 0x7, 0xb5) r0 = socket(0x11, 0x3, 0x9) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48}) sendmmsg$auto(r0, &(0x7f00000006c0)={{&(0x7f0000000000), 0x5ac, &(0x7f0000000100)={&(0x7f0000000200)="4c0300000000000000a3677337f9eca9075f6bba441b", 0x49}, 0x5, 0x0, 0x8, 0x1}, 0x5}, 0x2, 0x100) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) shutdown$auto(0x200000003, 0x2) setsockopt$auto(0x3, 0x10000000084, 0xb, 0x0, 0xc) 22m29.992269286s ago: executing program 33 (id=82): mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = io_uring_setup$auto(0x6, 0x0) r1 = getpgid(0x0) ioctl$auto_XFS_IOC_ALLOCSP64(r0, 0x40305824, &(0x7f0000000280)={0x6, 0x4, 0x9, 0x2, 0x80000008, r1}) capset$auto(&(0x7f00000002c0)={0x0, 0xffffffffffffffff}, &(0x7f0000000300)={0xe6, 0xad, 0x9}) socket(0xa, 0x801, 0x84) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) setsockopt$auto(0x3, 0x10000000084, 0xb, 0x0, 0xc) sendto$auto(0x3, 0x0, 0x2000f, 0x101, &(0x7f0000000000)=@in={0x2, 0x4e22, @loopback}, 0x1c) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto(0x10, r2, 0x1, 0x7ff) ptrace$auto(0xc, r2, 0x9, 0xfffffffffffff6de) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_802_15_4_mac(0x0, 0xffffffffffffffff) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket(0x11, 0xa, 0x9) sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x20, 0x0, 0x1, 0x70bd29, 0x25dfdbfc, {}, [@SMC_PNETID_NAME={0xb, 0x1, 'dummy0\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x20041040}, 0x44c0) unshare$auto(0x40000080) openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cpuinfo\x00', 0x8800, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x1c, 0x0) fsopen$auto(0x0, 0x1) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x787806, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) 11m28.084586388s ago: executing program 1 (id=1967): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/block/nbd3/queue/discard_granularity\x00', 0x48000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000100)=""/253, 0xfd) 11m27.806139978s ago: executing program 1 (id=1968): openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f0000000080)={0x200000, 0x0, 0x24}, 0x18) (async) openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f0000000080)={0x200000, 0x0, 0x24}, 0x18) close_range$auto(0x0, 0xfffffffffffff000, 0x2) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x2, 0x4, 0x8201, 0x8, 0x0, 0xc, 0xe3, 0x4e, 0x3}, 0x6f4) bpf$auto_BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000180)=@bpf_attr_3={0x1, 0x200, 0x100000001, 0x9, 0x5, 0x2, 0x1, 0x6d, 0x7, "e250646a2cc3bcec67f2584daab5b34f", 0x0, 0x8, 0xffffffffffffffff, 0x5, 0x40, 0x3, 0x7, 0x101, 0x28, 0x6, @attach_btf_obj_fd, 0x8, 0x2, 0x0, 0x10000, 0xca, 0xffffffffffffffff, 0xffffffffffffffff}, 0x4) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/query\x00', 0x60a080, 0x0) (async) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/query\x00', 0x60a080, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$auto_KVM_HAS_DEVICE_ATTR(r1, 0x4018aee3, &(0x7f0000000240)={0xe1, 0xee00, 0xfffffffffffffffe, 0x5}) (async) ioctl$auto_KVM_HAS_DEVICE_ATTR(r1, 0x4018aee3, &(0x7f0000000240)={0xe1, 0xee00, 0xfffffffffffffffe, 0x5}) msgctl$auto(0x2, 0x7f7, &(0x7f0000000300)={{0x10000, 0x0, r2, 0x7, 0x4, 0xb620, 0x2}, &(0x7f0000000280)=0x80, &(0x7f00000002c0)=0xc, 0x800, 0x8, 0x0, 0xff6, 0x3, 0x5, 0xd, 0x4, @inferred=r0, @inferred=r0}) keyctl$auto(0x1c, r3, 0x6, r2, 0x3ff) (async) keyctl$auto(0x1c, r3, 0x6, r2, 0x3ff) r4 = socket(0x2, 0x5, 0x84) getsockopt$auto(r4, 0x84, 0x6d, 0x0, 0x0) socket(0x1e, 0x1, 0x0) (async) r5 = socket(0x1e, 0x1, 0x0) close_range$auto(0x0, 0x5, 0x0) (async) close_range$auto(0x0, 0x5, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), r6) r8 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_STOP_P2P_DEVICE(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r7, @ANYBLOB="01002bbd7000fcdbdf257400000008000300", @ANYRES32=r9], 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x4040004) sendmsg$auto_NL80211_CMD_UPDATE_CONNECT_PARAMS(r5, &(0x7f0000000580)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000540)={&(0x7f00000005c0)=ANY=[@ANYBLOB="d22d0000eadbd7df4c5994706218", @ANYRES16=r7, @ANYBLOB="000226bd7000fcdbdf257a0000006b0080007fd162b6e83a7c8c5dd7a516ceb0668f1f5d896aaa65d88de99c9b6d1d6c47a336801e264a62c626b175f0f7cc796e6ff023a240b88b297096354d0f29daf0093063d3cf5d132f7e772d53224fa9f01183e4cb69d98bd0255d269b38ec4a21b9aa6ac94f5b398400da02b980e6013280afd6928a7d36ed0faba866147147f2780bdd72666dd3bbf3bc5d3a240b9d2f777632e1db2204ac0f46162bb191cbe67ef1e5d0b33ae6ebaa658775cfd058baf1ab1712b9f1a28287e41b4eb6410b6a965b7f381936d7ac9eb2e0876f9ab06f56d12b3ff219c8e94fbb038d4b75465c84bde62bb1cfc9d959446a9d850bd5669b27e62f504af6de128362aea8eddb2cef85a2f6c4d4067da5e658f6e4f794d769dc31a4c5cfa6939f1c2a79ac00e40549ac553a62f85e63a56ae25ef6ea0dfe476e1f3cd0f228de4ba09d402530c3260025002f7379732f6b65726e656c2f73656375726974792f746f6d6f796f2f71756572790000000400bf804905b0e6f229c848e6c63f4298cd481888f7b702dbfa2617732979891d5aa405e78be54f502c4010a4c547142628e200e77e3338a59c224161eb2a870e9c9fdbce497d96c68bf1786bf4e9ae1addb2827884ca9868ca38d29587057992ae6c93c10ffa89d1ead600428f4fdd126ec0d7d0be5293eeecfe8e467107dc31914dfce5b732ffb4a2434543e596efb03b1e101096515b5296abe3b5c24a55b45f8d2633e6ca770e59b7fb1e65a1f1b94d30f691c0a8f20c09a38551ef0f9b38f9ae1adddfccd4971b9b82e754e567300debbc9e154f96428941aca78fdc8965ad8b3fcb47d5a86cd828c400003b6a2c34ce123cafb99b094281eb0ec9f3286276ac100500fa93e111e3d0d265f5a1d2e6a01e035f706c7e67e4658cfa946fcafee7afcf5468960797cbb941a884159b1dd9f5792a1d4a40089916713957607714d255884f8d33c546b694609a6dc539f5e5b68311adaa23d5bd380a53628f38d4ebdefb7a82564d10014309de8cc94297a1850708d8e5acebf6634f5a6039e3ae31b901c1a7f14ba3ac2be7cfc1c47218980d21b84e528c591148807c229c01f6660495398256483c3719260d1a7fd14bf88469b0dc3edf3ab45732c5b7c65110f9c129e3b6413832767f35e69b20cb4d359e07002d80fa9a0c00000006004f01080000003e004e012873bbd3f070cb158e2945582454b532738ea186e7674304aeebbd3adf8942a9c5c93975b1fffa4c11f685d72f4c733dc268cae20d4f47ebf07e0000"], 0x3a4}, 0x1, 0x0, 0x0, 0x20008001}, 0x4048) 11m27.345545454s ago: executing program 1 (id=1969): r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000001080), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r0, @ANYBLOB="810b25bd7000ffdbdf25110000000800", @ANYRES32=r2], 0x1c}, 0x1, 0x0, 0x0, 0x20000084}, 0x0) 11m27.063589989s ago: executing program 1 (id=1970): r0 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x182b02, 0x0) sendfile$auto(r1, r1, 0x0, 0x3) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000080)=""/200, 0xc8) ioctl$auto_IOCTL_VMCI_VERSION2(r0, 0x7a7, 0x0) 11m25.883494004s ago: executing program 1 (id=1973): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/block/nbd3/queue/discard_granularity\x00', 0x48000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000100)=""/253, 0xfd) (fail_nth: 3) 11m25.5649593s ago: executing program 1 (id=1974): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x1cb603, 0x0) statx$auto(0xffffffffffffff9c, 0x0, 0xbf, 0xfffffff9, &(0x7f00000001c0)={0x1, 0x8b65, 0x7, 0x10000, 0x0, 0xee00, 0x9, 0x2, 0x69, 0x3e, 0x8, 0x2, {0x3, 0x6}, {0xf, 0x200}, {0x7, 0x10001}, {0x40, 0x99f6}, 0x7, 0x7ff, 0x7df, 0x8, 0x2, 0x0, 0x3, 0x8000000000000001, 0x7, 0x40, 0xa, 0x8000, [0x5c7, 0x5, 0x28, 0x4000000000, 0x6, 0x0, 0x6, 0x3, 0x1]}) write$auto(0xca, &(0x7f00000000c0)='\x04>\x00\x02\x18\x00\x00\xd3b\x01\xbd\x9b@\xb0\x00\x00\x00\x84\xa2\\\x15\xc4>\xa9\x82,\xf9y\xc7p\xf1w\xbe\xde\xe8\xc3\x01#\xcc\tF\xb6\x95\xeeH\xf8}v\xb3\xcb(\xa90Abe\xc3\x8c\xcc\xe7\xb8\x00F\x89#\xb4\xf0F\xa1\xd5\x1e\x8f\t\x9dZ~\xea\xa3\x93\xc2\x04\xe1;b\x99\x85\x00\x00\x00\xe2E\x00\x00-a\xb6n\xbc\xb4=\xf8\xce\x01\x1f]\x85|\xce\xd7\xff\xff\xd3lb\xc5\xee\xdb\xcb\xbb\xd8\x00\x80\x00\x00\xe9e\xe5\x80\x1c\x02\"\xa7&8U\xfd\xdc\x15\xae\xfa5\xb8}\x0e\xb4:\x91\xbb5\xd3{\xb2\xd0\xc0\x93=\xf8E\xceO\x1e\xd5\x8f\xdf\xaa\x1c\xfd\xb0h\xd8\xbc\xecA\xa6\xde\xd1=\xfd)d\x8f\vk\x1c+\xf7, \xf8]\xb3\xe9B\x02\f\'\xcf0\x06', 0x1ff) r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyr1\x00', 0x80200, 0x0) r1 = openat$auto_ptdump_fops_(0xffffffffffffff9c, &(0x7f0000000080), 0x28000, 0x0) read$auto_ptdump_fops_(r1, &(0x7f0000000200)=""/105, 0x69) r2 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/set_event\x00', 0x121000, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001340), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000000040010"], 0x20}, 0x1, 0x0, 0x0, 0x24040000}, 0x18800) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000280)='/proc/thread-self/fail-nth\x00', 0x2, 0x0) write$auto(r5, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) unshare$auto(0x40000080) openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) madvise$auto(0x0, 0xff7fffffffff0001, 0x15) close_range$auto(r2, 0x8, 0x0) ioctl$auto_TIOCMGET(r0, 0x5415, &(0x7f0000000240)="8c138e73727869c37e2acac4cbc59e67e0a89f4da083ec710956a8173e9d7143ba1ecb9d37fd8722c3f8c176c1cd150b4f6f866a34e2520e27f58a19e206acd35cb910742d280916f3650bf401e1f2bdd73929a3210e1f216ce5179acff73330045a851373ef9915a21c09ce72ec04c574ca") openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000180)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8\xa6\xb6\xaa\x96/OX\xba\x02\xc5\xc6B\x1d}Y\xbc@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf\xd6f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8', 0x100000a3d6) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0x802, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) 11m10.09928678s ago: executing program 34 (id=1974): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x1cb603, 0x0) statx$auto(0xffffffffffffff9c, 0x0, 0xbf, 0xfffffff9, &(0x7f00000001c0)={0x1, 0x8b65, 0x7, 0x10000, 0x0, 0xee00, 0x9, 0x2, 0x69, 0x3e, 0x8, 0x2, {0x3, 0x6}, {0xf, 0x200}, {0x7, 0x10001}, {0x40, 0x99f6}, 0x7, 0x7ff, 0x7df, 0x8, 0x2, 0x0, 0x3, 0x8000000000000001, 0x7, 0x40, 0xa, 0x8000, [0x5c7, 0x5, 0x28, 0x4000000000, 0x6, 0x0, 0x6, 0x3, 0x1]}) write$auto(0xca, &(0x7f00000000c0)='\x04>\x00\x02\x18\x00\x00\xd3b\x01\xbd\x9b@\xb0\x00\x00\x00\x84\xa2\\\x15\xc4>\xa9\x82,\xf9y\xc7p\xf1w\xbe\xde\xe8\xc3\x01#\xcc\tF\xb6\x95\xeeH\xf8}v\xb3\xcb(\xa90Abe\xc3\x8c\xcc\xe7\xb8\x00F\x89#\xb4\xf0F\xa1\xd5\x1e\x8f\t\x9dZ~\xea\xa3\x93\xc2\x04\xe1;b\x99\x85\x00\x00\x00\xe2E\x00\x00-a\xb6n\xbc\xb4=\xf8\xce\x01\x1f]\x85|\xce\xd7\xff\xff\xd3lb\xc5\xee\xdb\xcb\xbb\xd8\x00\x80\x00\x00\xe9e\xe5\x80\x1c\x02\"\xa7&8U\xfd\xdc\x15\xae\xfa5\xb8}\x0e\xb4:\x91\xbb5\xd3{\xb2\xd0\xc0\x93=\xf8E\xceO\x1e\xd5\x8f\xdf\xaa\x1c\xfd\xb0h\xd8\xbc\xecA\xa6\xde\xd1=\xfd)d\x8f\vk\x1c+\xf7, \xf8]\xb3\xe9B\x02\f\'\xcf0\x06', 0x1ff) r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyr1\x00', 0x80200, 0x0) r1 = openat$auto_ptdump_fops_(0xffffffffffffff9c, &(0x7f0000000080), 0x28000, 0x0) read$auto_ptdump_fops_(r1, &(0x7f0000000200)=""/105, 0x69) r2 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/set_event\x00', 0x121000, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001340), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000000040010"], 0x20}, 0x1, 0x0, 0x0, 0x24040000}, 0x18800) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000280)='/proc/thread-self/fail-nth\x00', 0x2, 0x0) write$auto(r5, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) unshare$auto(0x40000080) openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) madvise$auto(0x0, 0xff7fffffffff0001, 0x15) close_range$auto(r2, 0x8, 0x0) ioctl$auto_TIOCMGET(r0, 0x5415, &(0x7f0000000240)="8c138e73727869c37e2acac4cbc59e67e0a89f4da083ec710956a8173e9d7143ba1ecb9d37fd8722c3f8c176c1cd150b4f6f866a34e2520e27f58a19e206acd35cb910742d280916f3650bf401e1f2bdd73929a3210e1f216ce5179acff73330045a851373ef9915a21c09ce72ec04c574ca") openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000180)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8\xa6\xb6\xaa\x96/OX\xba\x02\xc5\xc6B\x1d}Y\xbc@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf\xd6f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8', 0x100000a3d6) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0x802, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) 13.654532548s ago: executing program 5 (id=4282): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) shmctl$auto_IPC_INFO(0x8, 0x3, &(0x7f0000000200)={{0x5, 0xee00, 0x0, 0xc, 0x9, 0x3, 0x4}, 0x4, 0x7, 0x8, 0x100, @inferred, @inferred, 0x6373, 0x0, &(0x7f0000000080)="81788dc3d89f86e6fc45f7fc316e8f6d8af0287c5a05919d87f6182857a87807963834be87c5d7266446854d7da583cb9a1f052c99a3c2fbf81e0344499aec683092f6dd921d8cb7a08b92b4b746a5942fc72a25ec650416950b87b3f96cf9f939b51809aba48674f5ac56f5a58d60aff6ebc0c4273379594e344ba3e300b5", &(0x7f0000000100)="79ed1b664d8208728373574ae861e00a63bddb1dd32437eb67b34b5f03f91d89d4c4907fc978a00e2665d52e1f911794b194ecfd0980566b6701ed82320d440288f71190b8001163aef071cd69932d73049602ad7ecb50ea0846e9b89d7dbc9c27543e0ce7969de02ad0856d34e95f81b17a184f21538c7afdf1d0d790a5cf5eaa4db07871bd70b1cdbac381d0feace5a1df5d246074246ee155a10ed12e3f3689a4fbd19005afaf8a6ff53f51045543abac2837ec96e8aafc46bf6012da2c03a36da0e71b61ece4841ac0b0b2b22f"}) sendmsg$auto_NL80211_CMD_ADD_TX_TS(r0, &(0x7f0000000580)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000540)={&(0x7f0000000840)=ANY=[@ANYBLOB="88020000", @ANYRES16=r1, @ANYBLOB="000227bd7000ffdbdf2569000000720211806518cc567eff1c06233a28bd478a006517f1e0099bc7fa7ba0dd6875ee46dd1eedcb099fc4ef167e719aff2d88e79a835eacf9b9a40f0be23cc69c00208008004c00", @ANYRES32=r2, @ANYBLOB="7d0b3518df8720192dfb5a9319a49ce8928d42b32c6bab3d99e3e00d0f59aeca5d118b15a8a03fc03b5852939b5780571d2b89e60ab9ffc0303cce4014abb43f00554929d4712e3c3645c63a4e0bb2af2f5813be4936a5e68128cc548aaac434d4f8b6d71d973435b9aaaddc6f8a414095357890d227e74bd99b818714002800ff0100000000000000000000000000019801338008001d000b0000009126df1e755e37ac77447deea4adadbe96b0d9d7ecddd0ec18e0840a69bd94b48cdabd2243c66b254c7e91c7c4a6518457d8c5e675ec65e6d995b90a8bb2d361a4e1c2488f21afb0ddfc149735ac3c44887717b03975de3234a836792b58d9cc78c303314a4e168ea41d23d6ee1f353a7088a66b0ad4e4b3d4d2179e94d530d52fa496d9924e240b5b5a5d7e2c3e1a7b4f3c2ece30a4a667f1c233acd332386cdf8ce8fee01b17c36bfd70ec26b30fc8453ae0c7b7b62f9e1f3641d6ff2f303929804fab7caaf7e42ca46a7203a2039b8fca811c74d3dd101a53889ded619abd64ac420283da38c5e90064007925ae2601c4f25b20f09634351e90bc303f3f8a9be47595ad12be8e7ae253f827cda0a76b7cae003c8e7f5caebf2144a04aa55670fe601c7686b8e889e49f9420a6dbe04427c274d2cfd4ac3dee6482a84b53a9d6c4678a0fd159ac055fdba1d3921f20c77e0f8849c40fa769acf55532db310a748a17d58700000000fe3b5a19a43f1b7d56c42dc11fa77e25e4e9faf89bab5cd939f6807e3fd6000400e3000000aef98d4ab496f74bbc6b333c7e3706ca83fa21c619b08bd673940e4ce9939c48a2a09a13aed61773b1166e0a2c1143f59c14d1de5b59c35b530c83edbeafaa9b5b68091746"], 0x288}, 0x1, 0x0, 0x0, 0x4000004}, 0x80) setfsgid$auto(0xee01) setfsgid$auto(0xee01) r3 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) ioctl$auto_TIOCCONS(r3, 0x541d, 0x0) 13.467301503s ago: executing program 5 (id=4285): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x128009, 0x4, 0xeb1, 0x401, 0x8000) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000140), 0x80800, 0x0) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/cifs/SecurityFlags\x00', 0x101000, 0x0) read$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000080)=""/4096, 0x1000) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0xffffffffffffffff, 0x10001) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14f682, 0x0) syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000040), 0xffffffffffffffff) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D3\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/dev/audio1\x00', 0x100000a3d9) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x3, 0x0, 0xfffffffffffffffc, 0x696b}, 0xed7138c}, 0x2, 0x9) r3 = socket(0x2, 0x1, 0x106) getsockopt$auto(r3, 0x29, 0x4b, 0x0, 0x0) r4 = socket(0xa, 0x5, 0x84) sendto$auto(r4, 0x0, 0x401, 0x7f, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fe80000700"}, 0x1c) ioctl$auto_EVIOCGEFFECTS(0xffffffffffffffff, 0x80044584, 0x0) getsockopt$auto_SO_RXQ_OVFL(0xffffffffffffffff, 0x34, 0x28, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xe3, 0x9b76, r1, 0xa) syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000004680), 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0xa4e00, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x7, 0x800008000) socket(0xa, 0x801, 0x84) 12.332746849s ago: executing program 5 (id=4290): name_to_handle_at$auto(0xffffffffffffffff, &(0x7f00000003c0)='/proc/self/net/dev_snmp6/veth0_to_hsr\x00', &(0x7f0000000400)={0xc, 0x1, "7ba266e92bc849f45f630f02"}, &(0x7f0000000480), 0x200) (async) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/msr/perf_event_mux_interval_ms\x00', 0x982, 0x0) sendfile$auto(r0, r0, 0x0, 0x3) socketcall$auto(0x1, 0x0) (async, rerun: 64) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) (rerun: 64) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) (async) ioctl$auto(0x3, 0x8201, r0) openat$auto_ucma_fops_ucma(0xffffffffffffff9c, 0x0, 0x101002, 0x0) (async, rerun: 64) mmap$auto(0x0, 0x402000b, 0xdf, 0xeb1, 0x401, 0x8000) (rerun: 64) socket(0x10, 0x2, 0x0) (async, rerun: 32) name_to_handle_at$auto(0x1010, 0x0, 0x0, 0x0, 0x200) (rerun: 32) r2 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x8000, 0x0) read$auto(r2, 0x0, 0x7) (async) socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64) clone$auto(0x20003b4a, 0x8, 0x0, 0x0, 0x2) (rerun: 64) mmap$auto(0x8000000000000001, 0x2, 0x0, 0x13, r0, 0x8000000000000000) socket$nl_generic(0x10, 0x3, 0x10) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async, rerun: 32) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) (rerun: 32) prctl$auto(0xd, 0x1, 0x0, 0x1, 0x0) (async) write$auto(r3, 0x0, 0x100000a3d9) (async) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) (async) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) (async) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) socket(0x10, 0x3, 0x4) (async, rerun: 32) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4000894}, 0x800) (rerun: 32) bpf$auto(0x0, &(0x7f00000001c0)=@test={0xffffffffffffffff, 0xb, 0xfffff0b6, 0xffff, 0x84, 0x9, 0x2, 0x3624239c, 0xfffff5b2, 0x3bb, 0x8000007, 0xffff, 0x6, 0x81, 0x68198}, 0x6f3) (async, rerun: 64) sendmsg$auto_ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="d4000000", @ANYRES16=0x0, @ANYBLOB="100027bd7000fbdbdf2518000000200001800247eea41fac000014000200766574683100000000000000000000000800070063fbffff0500060001000000840002803d00488013b37090badc49d6dc93876646d25a4d297d01cd3b7da38d12889cc50d505f353dc42d0a3c0a14c7b46428910708003600", @ANYRES32=0x0, @ANYBLOB="0400b3800000003d003b800400a4800c009a00008000000000000004008680c16ab1b1b39dcaa14b6af7dcc011b43cf706e562811c62b28a702b72e0a87126700294f2350000000c000180080003"], 0xd4}, 0x1, 0x0, 0x0, 0x20000010}, 0x20008000) (rerun: 64) sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYBLOB="010027"], 0x2c}, 0x1, 0x0, 0x0, 0x4801}, 0x0) 9.683199479s ago: executing program 5 (id=4298): r0 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000100)='/dev/binderfs/binder1\x00', 0x0, 0x0) ioctl$auto_BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = landlock_create_ruleset$auto(&(0x7f0000000140)={0xdaa0, 0x1, 0x9}, 0x9, 0x0) landlock_restrict_self$auto(r1, 0xb) socket(0x1e, 0x5, 0x0) pread64$auto(0xffffffffffffffff, 0x0, 0x8, 0x9) syz_clone3(0x0, 0x0) socket(0xa, 0x2, 0x3a) openat$auto_console_fops_tty_io(0xffffffffffffff9c, 0x0, 0x102, 0x0) select$auto(0x5, 0x0, 0x0, 0x0, 0x0) 6.88219239s ago: executing program 5 (id=4303): unshare$auto(0x40000080) mmap$auto(0x0, 0x40009, 0x2000000000000df, 0x9b72, 0x7, 0x28000) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) ioperm$auto(0xaf, 0xe, 0x991b) r1 = memfd_create$auto(0x0, 0x7) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cuse\x00', 0x260a01, 0x0) r2 = openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000180), 0x40900, 0x0) ioctl$auto_UBI_IOCATT(r2, 0x40186f40, 0x0) ioctl$auto_UBI_IOCDET(r2, 0x40046f41, 0x0) ioctl$auto_UBI_IOCDET(r2, 0x40046f41, 0x0) ioctl$auto_BLKGETNRZONES(0xffffffffffffffff, 0x80041285, 0x0) r3 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card0\x00', 0x0, 0x0) ioprio_set$auto(0x3, 0x0, 0x4b34) sendmsg$auto_TIPC_NL_MEDIA_GET(0xffffffffffffffff, 0x0, 0x48010) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_GET_MPATH(r4, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000d40)={&(0x7f0000000000)={0x14, 0x0, 0x301, 0x70bd2d, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x4048090) r5 = syz_genetlink_get_family_id$auto_nl802154(0x0, r0) sendmsg$auto_NL802154_CMD_GET_SEC_LEVEL(r4, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000380)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="b0160000e737fd144d21cfa384849c915bbbe9004d375a8f26677d46980a49613b08411abc794cfc9a9aa9099070849edc060be9", @ANYRES16=r5, @ANYBLOB="000429bd7000fedbdf251f00000005001f0081000000080021000300000006000a0006e900000500250007000000c00019800800d68004005780b40013800e0003002f6465762f7474793000000008002900100000007c0e0a6a30094ad012955de26d6dd248fffe61517fae1d25b1e6c54c97c544c41927e8a8e8b253330ffe46867a18120dfedfc0c71427f8f53a6c49a9a56d111a14cfbe7ceaf797ee37273f4deec4f30e8bcc8066cdc5cab5200500fc53fe71bdfd8124007c7837812013c44ffa6c5a4597a6925e80a69a4021a02eff040076800600f1007b00000008009e00e000000108001b00", @ANYRES32=0x0, @ANYBLOB="091218809269c29281730530516eff691e6538447b1f43a9ac7095fac435b590d2c7c7c5fd50872d5b9c369d1da516c1cc038e3fdea2ad0fd50b60bcd2a56b2070b4e8dbcdf6ccdd68e2046862a3cf268adbf012b6910eba92663f4816ee81e7cab1bc86492e6e04182cdbff6ddddbf24f0ffb9eb122c3b508fe4424e63af95a3f1ee89d41836bb0b6ad119ab83f58d4a2f651bca3e6e794dd2993718aa9140f817fa15a3dcb91e21abf8d9ad7a17d8e3cc7676342cc7aabb6a3fb5caa4b68765e104bfcd33c2b216386bf8a9e643c0b8c30a5856f4a4b6fbeaba8b0b0a808dee506d917288c9c749bb8fd14acd0582343b36d62966d7de2f5ddab7c4a2e6d6ac27414050b933ff105b3173e76d654154cb5fe9eb0d98608742cda888719f00c107b804d4212de2f9bb676f95480a201516b5ffdc81013a2eeeef96cf6a1923abfd4dc969c9010f0b5b175cba29a337a41643ccd5b68ef193e774c06b17d5eb8fd05f2ed6cca4769a89e3801b51b2bc01e1cf996b00402a623d53c20546402caa8ec2e2ca7d5d5e58721f560a8c9e987482fee2ed735351acdfc3b6740228727d2b9f4940111e6a88dbb065778df2a163618ab36101273911ce2b51d650f7c7d19082c47334c5ad07e26bbc106fb9edabd62615d7012ff998d4b1af5f94b6a054890df3600751565d4d4dfac583ca7ca80e8d7d11fc85b9bf60d67db0ed4da5c07237955dc7f2d9548ba1d0ea315f14b9f7ec434aa0ec5a192d0cb332847c0f2d344d9a6d3bcb8591887b4e2246f5e71f49d2a6a81db47e65d4fd99f7ff4ccfe3549044a3da73fb8fce1dcb4621032f24ff68fea53bce9a25a7743f63ea7ca84e841cd5b3393ac6b398120f977467822eeb296c5b4349045b92fcb949decb9486534ddc69a3e43e049d0e5112cb520d570130d9ee08fb1a3dc54ff5e42ad314c2a18557909c748ebabdbb7cecd806b9e21897be216e8db9764140434c67cf756f1368588120362838dba94d8e01b177bc13dee66418e8b78b91c683e2cb7b24ceb571ba0b544b4f6ea4aef01dd8d289398b91a884b10f695062e11ab3d3b5767581ac0794eae0523035a503355b98b7e5764cec5bd52de3ee0448e5a3ac579770a2a1d2871b69bf5471740157e97066b9b83f581aeb2a2bf322fb0417f980b166f0849fac3a41efa54c0e6471d62eaa9a9b29333b7a86ab4cd01ed6ff45416e60a8d6c663e68089fa1f8271d7c471bf75f70c8e74b507eff5a28e9940229d6abc92b00d8d793632bfc30291f143fed0ab4c431a5d6aee132cf433ddcb2bef0e0a94daaaa2ff0806655511fa1f8752873b167e6b0e1f9e08662f8e2684c2c3968a31476e8ad5d5283369d15b950f23d1672ebcd358d14a98558c9dae83ce2e5c068f06a963c1774139aaf7c1007163efb7bda86f2d6eb5e81f326b12f2364b5fa4d8c4e1c9931b884500c86898b67518e7f0351d18cc23f2105b878b543d237a48684ab021118235d649b059555d89f36da6b888d3a704f2840620d3961e89c4efc7abaf6f7c418769312db097e26638bff47da69c31e401508bb9bf51bf7bef1cd22076fb2e53db26feb109085e59fb665cec21674040a9a6f6c2b50643c3aef3b39179ca404a996870f0b0e04619bcb48f49681b41e79c07bd5d0a814e03d2254b80f6e4d1666de14acf79fede5b03fd63938fd661893dadd99475e48c2fa10b47fc319448e64190782f159afc44e271a39d92a1d3da30cb30231b3a5093ba24a4fb16774d1f5f2563eda079e5db856d4758e4a25edbb5068990dbebe39626913d05390b91ed60a5daaf57faf8e02d683c96f640575c91d9854414d0682be42c4058c63d4ee45ccdb999158d15b4df9e275eaec909d91dd79ccda314c08258a8ef60c3dd1ef6739732f63eac6897b350816020506ed591ea5a5bd1944d58dbba6c0c12917c842446f58eff0afa67616569be7c5c291231ef6fd454a55ff5da9e082f633cd10f951b1af82aae76aa8d57231bbc64e46c3dcc637508aa70f770bd492ee5925d219cd80621ded0bfe8ae6d5e7ecc616b7ca34df011cebf303ccbbcc439f77656eb835d305b6c4a564ba5a817c660f69c28dbf41f117f382866f18531a12b0be81699f3ddc2245f29314ef677cf588155604c436931b8dc58e3d61a37e1fbd3ba65410a1883b0534e6ac13d0f98134899aa539023f1241abe9f7a5eafab11dc258f900baad0e923f4399302d913b1a787d749e96b682cd3bb71bb6e94c0b270404b12b8cf5dde1478b03a06414e8e32930715a60255f864f7b84c8c157339c37bf71aa2b2c2e488195630dbef7914deb57e948fde80e32c3e64bfc9a019ef9dde5ee87bafc939b23f4353815681031a41c383ab3bfe9e39284b9a44f2d27b28b66bc57eea140ceb00a9a7752aefbb27866e721891c5739e5c9f05709dc569eab5469391fef91a2d193b932898e5a147b700928a1ff551b00df53f69399180a13135915ce4d001b541d51b70ce99cc6cf3741e4750e85362630b668a876eb429e7c3418712d33087376cd139bdb7b86d6cf8132a9e8e684c82ff761929312c5c2eeb3adbcf398c205f91012dfc424cf5a6565ad02ec60b39b7ae6e480dff9afeb6d70cbdc70bd212af30def2b78973115bf541ac599b49b1aaaf41670b7a4a201ff3bce0555a40f155152089131bc391201dc0afe6d7935cb3fd727124b5b653c3124c5e18e40df8d11df2e7284ee2e976ec26854942ddfa3487ec42e22a6e2200b56ac6916a9b06d0db9c2bb51322e9fe48562fcacbb84a43ec5403713d8137bbaaa577a790c06df5be046f3f1a21930ce735f37653ae7a12f3c9ab580c2272474c1bbd824a93d86a9b4c6274e5f6750d7ef1f4d1fd7a72acc282549fa43c298e905c24792fb9135b1178b4f943d02f969b1141a8d19270b40319a573a53e1f48f04543760ac8ce8828978def8a37c8850adf59ed4e71b487511642df175e250c405a28a24325347b0694e6075670f06f032a65ff7fe83af6855b16d4b36d3d769cff6a2009ee981c7bec410f2eb2e3ca6393e0e179650f80df73d03434e7e910b0197b70c00b878657005b94d65d3e3b0cfba7c645c7c96a9c7c87b7dacf233489a4f5e3176756aa7e8e3d91705cf129166b6d1c99df82cf2d67b19eeee6aed118eb18e2bf53c1a074b8438c861c46b6502a73f88abcfec2b587a4891ea80ff1f562e5bca015ddbd7685202c5b166435dae757ac1083bc13f4d04f34f00ebce0d2edec18ded88b2c5437bd445adbb28800b8fde9ecbe15a26082168a633e85762a3d104ac2febbac572bb29b14fce51feb7a6548c7bad6c3c781c11f603b68fe1657c429eef3c39992d1e4ec9b8451a92a97ab00f5b5884fd1812c54cb8068c3b09a3d4920072fa7d7cf08de9d10ca2589c79de898466187829515822b7ae1cf054f632a7da9c4a091fd7012713a9e4f6b9048318c09b325f49f0e4b2fd5140547cac2b3985866fa498f34013afc1b288635fe812cc91205fbe599a7eba07cf4e606c0b75d8b34a7efb68add528006bc91b8d1f0760c17bf12f5ed0932e9df5902ae436806739e0cb5acaff37bf82eec287aac389aaa4a55a9b9775a9a7d1729909188c247176497b010856267da0d0546f2b8b7c1291c678067a8fad592876d2d88508eba5ab3d3b6cfb120abf63b7cbc2da373e93d11bf75f273bebd8734313b98fcafec9015621039f6b715e538d7f01b29b1a461a0862bf7719918b512e2054f00daca191099b8868a7024eb1703d4f2331eeba0bb32c17d32be0cbc69ca6add3d98b166de8a1f1074afb9e3ffecae6f2ca19c322115c6d4cc8770a636dea994328b56c074c9cada9664cc1034173fbdba42abd35efc555063f76e6862b827e055f86fb4e58de24ce4b86acf7ae088c6f83a1c6d0c042bcfeacfb54ba0c6c61d39a1fc0d926ebf7e8ab3567124ec44aa64992fcfee3a894d548ab2af3cb8811e5db39ff154c8e3e74ae7a78ba63d94fdae22a1c9d6820f71bf744906ab25f06fe5681b92c9912fc3e43f071c48d797a180eb4bb91d795b5b48cfd8abe820df91da5389c6ea8834962edec521cd1f2893350d33a8b41a325f7ef6c5d2c60bc5ec24089a2f8e04cdd94bcc64db3d13ab0338fd88dfbb712bdf00edbeba614130f54cf61d974d025e741847aaf1dc4534d0160543982a961be03fe4db22e2063462891b956fcbc3e7abc1680bc25f517644a53840ef10564af72f61e524d3f4a17cf6ea49db7b26bb6e3f0118388dfc7fb5d8fe4ed14c782307cf00235c9e802ffbe165e3d11dae019be26c0a538b1c571e5ec5bbbf3386fdcdb9ba986a866ca7176e0cf196ca27c9bd5e8f76cdc7b2ee8f9f8a8ca1f740ae7d8f269824808c3455a50badd671c6489a4f01f44fc34ceec2506b743351ec970ccd2728d6754b85db09875ed9c5d315fb4ec4c7f79800ab8bda750dd42c9431abe0b94bec4b5da0a1557c249830743ac7b1e6c0c2d81d0e8ea3f531b6970e6c66d4115eec386aac0b81e3484ca36240dcffbce3fa371d6ee46936232f46b304d222c5deef2307ee218002a568fa3ad0129755ca040ae2215e242d7d45f5e7cb5934ea1d1ea464a0771f6f415188d8dcd577545d0c28b8f6d48bd28b050e3ca3ee1c4bbd71f2f8c9ad5e9a551d5b5b8897a788f423394cef5c9d7d9804f6d482de235312313224a09999b5963078fe51942285dacc81b61a615a19d040831f882da4ccf7d975efa334880f4f623fe98d8335f9f6030519433c9fc178b9eaad96236a044da516995a18745c690692115b21c023a84db2c9f5ea7429574d144f207a860163f4a0292ef93f7a66529d007b8c939844e219e05b5ec3f7460b2a4fe5ea4c0afd6bf8c87ce3e6bf980b57c6d250a5db3da7c3d00c2ce6cdac65b60ecd99acd858dc1b16bf4947e30d1da77b5923a0f7f79c0e4b9b233eb3ab69733c9a4f096d28901fd0ce5566be5d0b4ab3c1072599b55a325f67e964a84f0cd2b4a7ddc3261ebe4d69ae33ca9979d8075cb0bc35c73d99c737c8efb2a2228fb3773bc87c72bbe6397dbf786822ed63d8ee8044362f156192a87955c1eaa4a686c3f5810607aaaec12323114b93e55b773e7dc73ebcf575c5e5a58c32c6d08bea62f15c93694694833505249273a28657ec39789f6467d8b16da7b8ee200b9c8d9fdf14dc589e2eaa69d153f765b01174de0c7f09fcdf2bb78ea8be73cc2c6da33b8e0ab32bccc57e5e36006a71ddc7c162da34ec304ab0a8d78acd4f5ae2e9e7eec3af77ceb1a2f349bb15b435a76248dc0a1c5e74cff0ecc69289be45c729b1e92749dcece432f9aeecf09f535bebddadf45c35ca3ff0ad1e5f625a9874e409b72a95188485fdc4ee5af9dcbce4f27f1391979aa71055dbbc4e1779fdc8c09b0c3ee38204b65091b55958e2580b1cca9389d31e4686c6c85adbd395e578d35b9447b52e534dc9d6432f88c5034c2d7f53a96ce55313d367b807bef3d698e3982b2c9a02fc3ef87e9f92f41697e43bd772fa98e5878c8fd1728192a23a88a95adaba5ccba1959a0d51f7416e7460849aef3401aaa7251fe4c4cb2b6dc7b63330fcfbb13bf1d6451b5ac320bdb33e5c5720ceb404b93ec1deb18ac5d1d33bb8655796344939d5614a02f00f29a86184fb430093c3100c746ce9342f3f0b82bbb16946801db279701a0bbfd1f424a8543a2d65bae211defe13550db0f7e55e762bc3883057232628b919f24621e293ccbadc07d070462c59cdd10b31b779129b013cad3e6fe3833b6c8b0585fa770b603be43fdfdb7990b49c3cd8980c8db17e5954e2834036d6969796a03291f2e0c3971c9b6d5ee3bd80193e2c943104101ee217316c830401613d05fbd2586daea04048d7526130860630477f4596392797a3133b671b917db5fd80eaf9c58fae5187eb2ef08be113384276a7c92c032ae75880703a194555e63317d616cf53233d71beb43a7e3177ac3ab0e705e78e4f18bf488d521d5b4db206d3e62d49745983a4aed03598a10296cee1bbee3f3544ef24da67ecfc514eb6de3e4d2b94ff1cf789bdd8507cecee210eb2ba339e10924b9fc83828d6aed75d5c59557832c5ad2fe905f87470a1d3def043e7319114cc8bab8e8b8f9f21e91f9378e6bf776edb6b770b48fbb33fd46ff1ff14c3dbb190cd49633e0cccbfbc9040076800400678026e7427f94116068f3273becc139359dd1d8b1d65c0112f2c6967178127cb999051ad9155e22b2cf659ad92583600d95470df3e62f9e5cfa04d43d9aae97b720f7ccc78309a4af1ed558d2d28bd9e4ac6d9ed6836bb58ae58b736ad39e63bdda4fd9dcbba168bb9d162e9a9eb1f2498668867c21db46e6f0babd73e4b0ff8c6231a629fb9efde58dc02941171237ba969bae35b325de4856f04425331f98bd1e377f6cc7ce97c5e7c4cd20570b60ee72f374b6e8e12878f4a31ae56031dd1f04300e9f2a9c7cebc125eafab965608c7a825bafa2a9cc4bd9b56be2cafee70000000500240007000000a7032f8014007a00fe8000000000000000000000000000aa08007900", @ANYRES32=0x0, @ANYRESHEX=r1, @ANYRES32=0x0, @ANYBLOB="ceb0a79c79b5b290eaa0f52993484d8ce4fb9ea7f1052022153e32dd2282a292d5e5ddf281304db655e9406c0b57ce6ecd97d98cacd5bf91bc78f922fa6820c1d0558fe4bfcf825fda6c807ddd6c5bbd70d5aaa6cabc8251ee40273c8385fa15746876bc99660587213b36babe0e0ffed2065c5c4f6309967c188d47ef3ce1cd0ec9ca79e8a2010ce8f6c8d60a1f490516a7b0009653fd040037800e00bf00795ff022b9d8144d1e1500007000740005c60f6137c9a33733efc0fe07d7c3ac96960a1ccf39c112db0d59832a83111f01eb0277e393d202101de1dfe00d6985735d649b9a1506b7595d98084adec3ba6744c041f6fc9fa3fac07f1487c24eb792cf156d59cd764ad2d24898795c2c0e971b93b32a0a1ccfa392699c0008007500640101001300658008af051714fb8a58503f09935d0ec7002b1b731ee4f13cb079f2799489f1818e269c3cef1f8ccb8a1dff3b145487c7f8da63913156afc3ffc4bfeac3a66a152b85c5a11bdeb04115c65168a923f0bb4cafc1b9a05c69e385e70d96e72ce0dbe90e67b200c11632999cbd621531f57b34dd9ddd67d9aa73b0a2d8638170070e1935bdf0b921c95825e6f08fe0154809687bb37761791c5ce99127efeca63912727d54d3fce271eed110b428f0996e71a5ae2404c685fa42210e2a645b4b907e9c1b735fd05b127c9ddbbde590bb87f88416f3cb267f9cbf1b2b813efd43150802f6edd74cc093d3530f3c6af25dfbd23a877f5af5a20a4ebb661d03b0db09f88c67a6d9263c0ab79bc2989aa60c3d8fd2a5dc2305320400cc2e15f4e124af4d9e16b0b9d619a2fb23c74bdedac1fa32f40b5eed24a516cad4faa610ffc11bd5ccb1f2260453e4848e6c2380d795a96331fdd84e85ecbc910debfa1231e2893346b3b5d0d1594280749b6f4d1b12a4cd75c1fe941d8ff6ec216bacae0e087cccdabe34e7733e2a8a7b648e58fed7ef40dc39be387009267d438d8b4b5b87a79aacd83636913e66b26dc92ea7611decdc44f5b61800108004003880080059002a7b3a000400198004001d806642155de6ca8fb162bca6ab9b880d1329f491b80c1f25f48f0ee478df86274b0209329c4d97b3f73831c385b718eaa314f23265c3e0560a80e4ffc2e9225b5c6853fc192d4e688cbb228855b934e4d72788944239f38c3e723a95d21f01b471076cab94b4cb84ec8eece45dfdfd512ba5f1814b4cbc14fd8cf0db41aee0bd954eca1f3b7500"], 0x16b0}, 0x1, 0x0, 0x0, 0x2004800c}, 0x4801) splice$auto(r3, &(0x7f00000001c0)=0x1, r1, &(0x7f0000000200), 0x0, 0x8000) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_TSINFO_GET(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="e5b724bd7000fbdbdf251900000018000180140002006e657464657673696d30000000000000caadbd93ca06f7731593b49f99d25c0568685f0964fd42b7f70ecddb19381c2dd8520a7660e287bfb5cd65d17b22111bd5d1a130e899b7c9057267c585435d568d7af2d788260ba4d23800bc9edb8eb24e7ce206a9dc3043281b38974c523b14cbaae2b1d3f9892cec9705d12a"], 0x2c}, 0x1, 0x0, 0x0, 0x4010}, 0x4048800) mkdir$auto(0x0, 0x0) 6.023720414s ago: executing program 0 (id=4307): r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev6\x00', 0x169000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0x8, 0x8000) ioctl$auto(r0, 0x40085618, r0) 5.772906237s ago: executing program 0 (id=4308): r0 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000100)='/dev/binderfs/binder1\x00', 0x0, 0x0) iopl$auto(0x3) delete_module$auto(0x0, 0x3) ioctl$auto_BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = landlock_create_ruleset$auto(&(0x7f0000000140)={0xdaa0, 0x1, 0x9}, 0x9, 0x0) landlock_restrict_self$auto(r1, 0xb) socket(0x1e, 0x5, 0x0) pread64$auto(0xffffffffffffffff, 0x0, 0x8, 0x9) syz_clone3(0x0, 0x0) socket(0xa, 0x2, 0x3a) openat$auto_console_fops_tty_io(0xffffffffffffff9c, 0x0, 0x102, 0x0) select$auto(0x5, 0x0, 0x0, 0x0, 0x0) 5.572426732s ago: executing program 4 (id=4311): socket(0x2, 0x2, 0x0) mmap$auto(0x0, 0x6, 0x3, 0xeb1, 0x7, 0x8000) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp1\x00', 0x20342, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x3, @loopback}, 0x54) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)={0x1c, 0x0, 0x1, 0x70bd25, 0x25dfdc02, {}, [@OVS_FLOW_ATTR_KEY={0x4}, @OVS_FLOW_ATTR_PROBE={0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x200400f0}, 0x800) pidfd_open$auto(0x0, 0x1) read$auto(0x3, 0x0, 0x8080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/boot_params/data\x00', 0x2c40, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0xa) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x80000, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x101100, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/fs/cifs/open_files\x00', 0xd00, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x40001, 0x0) r2 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r1, 0x541c, r2) write$auto(0x3, 0x0, 0xffd8) readv$auto(0xffffffffffffffff, 0x0, 0x3) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x41, 0x1, 0x0, 0x0, 0x0) 4.804685107s ago: executing program 0 (id=4312): socket(0x2, 0x2, 0x0) mmap$auto(0x0, 0x6, 0x3, 0xeb1, 0x7, 0x8000) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp1\x00', 0x20342, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x3, @loopback}, 0x54) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)={0x1c, 0x0, 0x1, 0x70bd25, 0x25dfdc02, {}, [@OVS_FLOW_ATTR_KEY={0x4}, @OVS_FLOW_ATTR_PROBE={0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x200400f0}, 0x800) pidfd_open$auto(0x0, 0x1) read$auto(0x3, 0x0, 0x8080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/boot_params/data\x00', 0x2c40, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0xa) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x80000, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x101100, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/fs/cifs/open_files\x00', 0xd00, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x40001, 0x0) r2 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r1, 0x541c, r2) write$auto(0x3, 0x0, 0xffd8) readv$auto(0xffffffffffffffff, 0x0, 0x3) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x41, 0x1, 0x0, 0x0, 0x0) 3.619613765s ago: executing program 0 (id=4313): socket(0x2, 0x2, 0x0) mmap$auto(0x0, 0x6, 0x3, 0xeb1, 0x7, 0x8000) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp1\x00', 0x20342, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x3, @loopback}, 0x54) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)={0x1c, 0x0, 0x1, 0x70bd25, 0x25dfdc02, {}, [@OVS_FLOW_ATTR_KEY={0x4}, @OVS_FLOW_ATTR_PROBE={0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x200400f0}, 0x800) pidfd_open$auto(0x0, 0x1) read$auto(0x3, 0x0, 0x8080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/boot_params/data\x00', 0x2c40, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0xa) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x80000, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x101100, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/fs/cifs/open_files\x00', 0xd00, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x40001, 0x0) r2 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r1, 0x541c, r2) 3.619366446s ago: executing program 6 (id=4314): mmap$auto(0x0, 0x276, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) close_range$auto(0x0, 0xffffeffe, 0x2) r0 = memfd_create$auto(&(0x7f0000000040)='\x00', 0x3c5) r1 = syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$auto_SEG6_CMD_GET_TUNSRC(r0, &(0x7f0000000500)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000140)={0x14, r1, 0x400, 0x70bd28, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x20000800) r2 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) sendmsg$auto_ETHTOOL_MSG_PAUSE_SET(r0, 0x0, 0x40080c0) write$auto_console_fops_tty_io(r2, &(0x7f0000000000)="c80d1b5d399b3b", 0xfdef) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101c40, 0x0) mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/rpc/auth.unix.ip/flush\x00', 0x40d81, 0x0) write$auto_proc_reg_file_ops_compat_inode(r3, 0x0, 0x0) mmap$auto(0x0, 0x40006, 0xdf, 0x200009b72, 0x7, 0x20000) r4 = socket$nl_generic(0x10, 0x3, 0x10) fcntl$auto(r4, 0x8, 0x1) r5 = fcntl$auto(r4, 0x10, 0x2) r6 = socket(0x2, 0x1, 0x0) setsockopt$auto(r6, 0x0, 0x10, 0x0, 0x17) fstatfs$auto(0xffffffffffffffff, &(0x7f0000000140)={0x8001, 0x100000000000, 0x1, 0x9, 0x5d, 0x0, 0x75, {[0x80000000]}, 0x0, 0x7ff, 0x68a6, [0x5, 0x8, 0x5, 0x4]}) r7 = socket(0x2, 0x1, 0x106) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f00000003c0)=""/20, 0xfffffcc4) bind$auto(r7, &(0x7f0000000040)=@l2={0x1f, 0xa, @any, 0xfffe, 0x1}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) write$auto(0x3, 0x0, 0x1) mmap$auto(0x1, 0x2020009, 0xfffffffffffffffd, 0x17, r5, 0x8000) setsockopt$auto(r6, 0x1, 0xa, 0x0, 0x9) getpid() gettid() fsopen$auto(&(0x7f00000000c0)='./cgroup/cgroup.stat\x00', 0x1) 3.619153498s ago: executing program 4 (id=4315): mmap$auto(0x0, 0x276, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) close_range$auto(0x0, 0xffffeffe, 0x2) r0 = memfd_create$auto(&(0x7f0000000040)='\x00', 0x3c5) r1 = syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$auto_SEG6_CMD_GET_TUNSRC(r0, &(0x7f0000000500)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000140)={0x14, r1, 0x400, 0x70bd28, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x20000800) r2 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) sendmsg$auto_ETHTOOL_MSG_PAUSE_SET(r0, 0x0, 0x40080c0) write$auto_console_fops_tty_io(r2, &(0x7f0000000000)="c80d1b5d399b3b", 0xfdef) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101c40, 0x0) mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/rpc/auth.unix.ip/flush\x00', 0x40d81, 0x0) write$auto_proc_reg_file_ops_compat_inode(r3, 0x0, 0x0) mmap$auto(0x0, 0x40006, 0xdf, 0x200009b72, 0x7, 0x20000) r4 = socket$nl_generic(0x10, 0x3, 0x10) fcntl$auto(r4, 0x8, 0x1) r5 = fcntl$auto(r4, 0x10, 0x2) r6 = socket(0x2, 0x1, 0x0) setsockopt$auto(r6, 0x0, 0x10, 0x0, 0x17) fstatfs$auto(0xffffffffffffffff, &(0x7f0000000140)={0x8001, 0x100000000000, 0x1, 0x9, 0x5d, 0x0, 0x75, {[0x80000000]}, 0x0, 0x7ff, 0x68a6, [0x5, 0x8, 0x5, 0x4]}) r7 = socket(0x2, 0x1, 0x106) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f00000003c0)=""/20, 0xfffffcc4) bind$auto(r7, &(0x7f0000000040)=@l2={0x1f, 0xa, @any, 0xfffe, 0x1}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) write$auto(0x3, 0x0, 0x1) mmap$auto(0x1, 0x2020009, 0xfffffffffffffffd, 0x17, r5, 0x8000) setsockopt$auto(r6, 0x1, 0xa, 0x0, 0x9) getpid() gettid() fsopen$auto(&(0x7f00000000c0)='./cgroup/cgroup.stat\x00', 0x1) 3.274700409s ago: executing program 6 (id=4316): r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev6\x00', 0x169000, 0x0) r1 = openat$auto_l2cap_debugfs_fops_(0xffffffffffffff9c, &(0x7f00000000c0), 0x400000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r2 = socket(0x15, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmsg$auto(r2, &(0x7f0000000180)={&(0x7f0000000040), 0x7fc, 0x0, 0x8, 0x0, 0x1, 0x4}, 0x0) ioctl$auto(0x3, 0x89e0, 0x91) mmap$auto(0xfffffffffffffffc, 0x8, 0x1, 0xeb1, r1, 0x8000) ioctl$auto(r0, 0xc0285629, r0) getsockopt$auto_SO_PASSPIDFD(r0, 0x1, 0x4c, &(0x7f0000000040)=']+#.%{\'^*[\x00', &(0x7f0000000080)=0xbc9) 3.042529553s ago: executing program 4 (id=4317): mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0x29, 0x2, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000080)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94&\x81\xe2\x13\x8f\xea#\xf8F\xbbOO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\b\xc1\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(', 0xa) r1 = getpid() process_vm_readv$auto(r1, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000040)={&(0x7f0000000180)="600a84320f0a356fd6acc9c5d5feb5d7ebc9ad5b0f63061ec0dfd8143b5eea90d399e2ce870afcc24ac9869097360ece1be7f26861862046329d8900"/74, 0xffffffff}, 0x6, 0x0) r2 = openat$auto_cachefiles_daemon_fops_internal(0xffffffffffffff9c, &(0x7f0000000d00), 0x1, 0x0) pwrite64$auto(r2, 0x0, 0x4, 0x2) sendmmsg$auto(r2, 0x0, 0x5, 0xbf71) openat$auto_lowpan_control_fops_6lowpan(0xffffffffffffff9c, &(0x7f0000000240), 0x200, 0x0) socket(0x2, 0x1, 0x106) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x20000, 0x0) socket(0x9, 0x5, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video3\x00', 0x2aa01, 0x0) mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f00000001c0)='nfsd\x00\xee\x1a\x8f\xa2~?\xe2\x82fg\xb3G\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xe4\xafW\xcc\xa3\xce\tI\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd_\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xd1\x98\xe3T\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xfd\rw\xca1\x88|\xe5\x1e\x10\x89X\x01\xe9\xf6g\x95xx\xaf\xa9~m\x05\xe1\xa8\xda\x80\xc5\x8f\xb41\x81\xf0\xa3\xa2\xe4\x81\xb9\x92\xda\x13\xfe5\xfb\xc6\xd8>\x01\xd4\x14', 0x5, 0x0) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0xf, 0x3, 0x1, 0x948b, 0x9, 0x15f4da07, 0x6, 0x2, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0x2, 0xd8]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x8000000000001fd, 0x20000000007, 0x4, 0x1000000000000bc3, 0x800, 0x3, 0xff, 0x10001, 0x400000000003, 0x3, 0xfffffffffffffffc, 0xfffffffffffffffe, 0x80000000, 0x9, 0xffffdfffffffff81, 0x4]}, 0x0) openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000280), 0x408783, 0x0) ioctl$auto(r0, 0x1, r0) r4 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000200)='/dev/v4l-subdev6\x00', 0x159882, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0x8, 0x8000) ioctl$auto(r4, 0xc0285629, r4) 3.00064254s ago: executing program 6 (id=4318): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x128009, 0x4, 0xeb1, 0x401, 0x8000) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000140), 0x80800, 0x0) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/cifs/SecurityFlags\x00', 0x101000, 0x0) read$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000080)=""/4096, 0x1000) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0xffffffffffffffff, 0x10001) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14f682, 0x0) syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000040), 0xffffffffffffffff) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D3\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/dev/audio1\x00', 0x100000a3d9) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x3, 0x0, 0xfffffffffffffffc, 0x696b}, 0xed7138c}, 0x2, 0x9) r3 = socket(0x2, 0x1, 0x106) getsockopt$auto(r3, 0x29, 0x4b, 0x0, 0x0) r4 = socket(0xa, 0x5, 0x84) sendto$auto(r4, 0x0, 0x401, 0x7f, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fe80000700"}, 0x1c) ioctl$auto_EVIOCGEFFECTS(0xffffffffffffffff, 0x80044584, 0x0) getsockopt$auto_SO_RXQ_OVFL(0xffffffffffffffff, 0x34, 0x28, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xe3, 0x9b76, r1, 0xa) syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000004680), 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0xa4e00, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x7, 0x800008000) socket(0xa, 0x801, 0x84) 1.920552596s ago: executing program 4 (id=4319): openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/key-users\x00', 0x18b800, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x40000, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) (async) sendmsg$auto_ETHTOOL_MSG_RINGS_SET(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f0000001d80)={&(0x7f0000000000)={0x20, 0x0, 0x1, 0x70bd37, 0x25dfdbff, {}, [@ETHTOOL_A_RINGS_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x40010}, 0x80000) close_range$auto(0x2, r0, 0x0) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) (async) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyeb\x00', 0x40001, 0x0) (async) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) ioctl$auto_TIOCSETD2(r2, 0x5423, 0x0) (async) poll$auto(&(0x7f0000000040)={r2, 0x5, 0x2}, 0x7, 0x1) r3 = socket(0x10, 0x2, 0x4) (async) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket(0x2, 0x1, 0x106) (async) r4 = socket(0x2, 0x5, 0x0) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(r4, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x10000}, 0x7, 0x0, 0x5, 0xb}, 0xfff}, 0x8, 0x311) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x18dd01, 0x0) (async) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_map_fd=0x5, 0x4007, @old_prog_fd=0x13b}, 0xa3) (async) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) recvmmsg$auto(0x3, 0x0, 0x10000, 0x4ff, 0x0) r5 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r5, @ANYRES8=r1], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x0) (async) write$auto(r3, &(0x7f0000000000)='-\x00', 0xfdef) 1.423884188s ago: executing program 0 (id=4320): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) socket(0x2, 0x2, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x128009, 0x4, 0xeb1, 0x401, 0x8000) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000140), 0x80800, 0x0) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/cifs/SecurityFlags\x00', 0x101000, 0x0) read$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000080)=""/4096, 0x1000) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0xffffffffffffffff, 0x10001) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14f682, 0x0) syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000040), 0xffffffffffffffff) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D3\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/dev/audio1\x00', 0x100000a3d9) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x3, 0x0, 0xfffffffffffffffc, 0x696b}, 0xed7138c}, 0x2, 0x9) r3 = socket(0x2, 0x1, 0x106) getsockopt$auto(r3, 0x29, 0x4b, 0x0, 0x0) r4 = socket(0xa, 0x5, 0x84) sendto$auto(r4, 0x0, 0x401, 0x7f, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fe80000700"}, 0x1c) ioctl$auto_EVIOCGEFFECTS(0xffffffffffffffff, 0x80044584, 0x0) getsockopt$auto_SO_RXQ_OVFL(0xffffffffffffffff, 0x34, 0x28, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xe3, 0x9b76, r1, 0xa) syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000004680), 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0xa4e00, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x7, 0x800008000) socket(0xa, 0x801, 0x84) 1.393594363s ago: executing program 6 (id=4321): r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/input/event1\x00', 0x34d802, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000180), 0x109802, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) statmount$auto(&(0x7f0000000140)={0x0, @raw=0x8, 0x6, 0x200, 0xfffffffffffffffd}, &(0x7f00000001c0)={0x7f, 0x4, 0xfffffffff0000000, 0x1, 0x10000, 0x8, 0x7f, 0xaac, 0xffffffffffffffff, 0x2, 0x1, 0x0, 0x5, 0xa8, 0x66b, 0x8, 0x1, 0xe, 0x800, 0x1, 0xfffffffc, 0x5, 0x0, 0x2e17, 0x80000000, 0x0, 0x7ff, 0x4fa3, 0x4, 0x1000, 0x2, [0x5, 0x1, 0x6, 0x68, 0xacf, 0x3, 0xfffffffffffffffe, 0x9, 0x5, 0x6, 0x2, 0x5, 0x2, 0x401, 0x1, 0x8, 0x8f, 0x6, 0x4, 0x5, 0x4, 0x1, 0x8, 0x2, 0x3, 0x0, 0x7, 0x6, 0x7, 0x2, 0xff, 0x1, 0xfff, 0x2, 0x3, 0xd, 0x80000000, 0x6, 0x1, 0x10, 0x10000, 0xfffffffffffffff9, 0x5], "20e2285aa7168ae8a2ef10efa0a583"}, 0x8001, 0xb4c) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) r4 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000400)='/dev/cec6\x00', 0x400000, 0x0) ioctl$auto_CEC_ADAP_G_CONNECTOR_INFO(r4, 0x8044610a, &(0x7f0000001040)={0xfff, @drm={0x9, 0x4}}) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = fcntl$auto_F_WRLCK(r0, 0x6, 0x1) read$auto_minstrel_ht_stat_fops_rc80211_minstrel_ht_debugfs(r5, &(0x7f0000000000)=""/197, 0xc5) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_GET_MSRS(r1, 0xc008ae88, &(0x7f0000000500)={0x7, 0x0, [{0x40000002, 0x2, 0x6}]}) 1.169340528s ago: executing program 4 (id=4322): unshare$auto(0x40000080) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/mtdblock0\x00', 0x14fe02, 0x0) getsockopt$auto_SO_BSDCOMPAT(r0, 0x3, 0xe, &(0x7f00000000c0)='*\\\x00', &(0x7f0000000180)=0x40) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000040)={0x0, 0x1}, 0x6, 0xffffffffffffffff, 0x8000000000000, 0x2f) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) listen$auto(r0, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptyua\x00', 0x0, 0x0) close_range$auto(0xffffffffffffffff, 0xa, 0x0) futex$auto(0x0, 0x85, 0x38, 0x0, 0x0, 0x80800005) r1 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x68082, 0x0) ioctl$auto_BLKPG2(r1, 0x1269, 0x0) ioctl$auto_MEMGETINFO(r1, 0x80204d01, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r2 = openat$auto_tracing_fops_trace(0xffffffffffffff9c, 0x0, 0x40200, 0x0) mmap$auto(0x0, 0x402000b, 0x1, 0xeb1, 0x401, 0x5) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x2, 0x1, 0x0) setsockopt$auto(0x3, 0x1, 0x50, 0x0, 0x9) open(&(0x7f0000000000)='./file0\x00', 0x621c2, 0x84) read$auto(0x3, 0x0, 0xfffffdef) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000005bc0), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_ABORT_SCAN(r3, 0x0, 0x20000080) ppoll$auto(&(0x7f0000000100)={r2, 0x1}, 0x5, &(0x7f0000000200)={0x4c3, 0x3}, &(0x7f0000000240)={0x529a}, 0x8) r4 = socket(0x10, 0x2, 0x0) r5 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_REPORT_PMSR(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010926bd7000fbdbdf250b0000000800130007000000085bcd6d72ce4bc8ba0b0000"], 0x28}, 0x1, 0x0, 0x0, 0x24044095}, 0x4000000) mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x40001, 0x0) 990.522845ms ago: executing program 6 (id=4323): unshare$auto(0x40000080) mmap$auto(0x0, 0x40009, 0x2000000000000df, 0x9b72, 0x7, 0x28000) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) ioperm$auto(0xaf, 0xe, 0x991b) r1 = memfd_create$auto(0x0, 0x7) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cuse\x00', 0x260a01, 0x0) r2 = openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000180), 0x40900, 0x0) ioctl$auto_UBI_IOCATT(r2, 0x40186f40, 0x0) ioctl$auto_UBI_IOCDET(r2, 0x40046f41, 0x0) ioctl$auto_UBI_IOCDET(r2, 0x40046f41, 0x0) ioctl$auto_BLKGETNRZONES(0xffffffffffffffff, 0x80041285, 0x0) r3 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card0\x00', 0x0, 0x0) ioprio_set$auto(0x3, 0x0, 0x4b34) sendmsg$auto_TIPC_NL_MEDIA_GET(0xffffffffffffffff, 0x0, 0x48010) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_GET_MPATH(r4, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000d40)={0x0}, 0x1, 0x0, 0x0, 0x20000000}, 0x4048090) syz_genetlink_get_family_id$auto_nl802154(0x0, r0) sendmsg$auto_NL802154_CMD_GET_SEC_LEVEL(r4, 0x0, 0x4801) splice$auto(r3, 0x0, r1, &(0x7f0000000200), 0x0, 0x8000) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_TSINFO_GET(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="e5b724bd7000fbdbdf251900000018000180140002006e657464657673696d30000000000000caadbd93ca06f7731593b49f99d25c0568685f0964fd42b7f70ecddb19381c2dd8520a76"], 0x2c}, 0x1, 0x0, 0x0, 0x4010}, 0x4048800) mkdir$auto(0x0, 0x0) 480.070375ms ago: executing program 5 (id=4324): r0 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000100)='/dev/binderfs/binder1\x00', 0x0, 0x0) ioctl$auto_BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = landlock_create_ruleset$auto(&(0x7f0000000000)={0xdaa0, 0x1, 0x9}, 0x9, 0x0) landlock_restrict_self$auto(r1, 0xb) socket(0x1e, 0x5, 0x0) pread64$auto(0xffffffffffffffff, 0x0, 0x8, 0x9) syz_clone3(0x0, 0x0) socket(0xa, 0x2, 0x3a) openat$auto_console_fops_tty_io(0xffffffffffffff9c, 0x0, 0x102, 0x0) select$auto(0x5, 0x0, 0x0, 0x0, 0x0) 201.073911ms ago: executing program 0 (id=4325): unshare$auto(0x40000080) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/mtdblock0\x00', 0x14fe02, 0x0) getsockopt$auto_SO_BSDCOMPAT(r0, 0x3, 0xe, &(0x7f00000000c0)='*\\\x00', &(0x7f0000000180)=0x40) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000040)={0x0, 0x1}, 0x6, 0xffffffffffffffff, 0x8000000000000, 0x2f) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) listen$auto(r0, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptyua\x00', 0x0, 0x0) close_range$auto(0xffffffffffffffff, 0xa, 0x0) futex$auto(0x0, 0x85, 0x38, 0x0, 0x0, 0x80800005) r1 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x68082, 0x0) ioctl$auto_BLKPG2(r1, 0x1269, 0x0) (fail_nth: 8) ioctl$auto_MEMGETINFO(r1, 0x80204d01, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r2 = openat$auto_tracing_fops_trace(0xffffffffffffff9c, 0x0, 0x40200, 0x0) mmap$auto(0x0, 0x402000b, 0x4af, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x2, 0x1, 0x0) setsockopt$auto(0x3, 0x1, 0x50, 0x0, 0x9) open(&(0x7f0000000000)='./file0\x00', 0x621c2, 0x84) read$auto(0x3, 0x0, 0xfffffdef) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000005bc0), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_ABORT_SCAN(r3, 0x0, 0x20000080) ppoll$auto(&(0x7f0000000100)={r2, 0x1}, 0x5, &(0x7f0000000200)={0x4c3, 0x3}, &(0x7f0000000240)={0x529a}, 0x8) r4 = socket(0x10, 0x2, 0x0) r5 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_REPORT_PMSR(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010926bd7000fbdbdf250b0000000800130007000000085bcd6d72ce4bc8ba0b0000"], 0x28}, 0x1, 0x0, 0x0, 0x24044095}, 0x4000000) mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x40001, 0x0) 32.358828ms ago: executing program 4 (id=4326): unshare$auto(0x40000080) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/mtdblock0\x00', 0x14fe02, 0x0) getsockopt$auto_SO_BSDCOMPAT(r0, 0x3, 0xe, &(0x7f00000000c0)='*\\\x00', &(0x7f0000000180)=0x40) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000040)={0x0, 0x1}, 0x6, 0xffffffffffffffff, 0x8000000000000, 0x2f) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) listen$auto(r0, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptyua\x00', 0x0, 0x0) close_range$auto(0xffffffffffffffff, 0xa, 0x0) futex$auto(0x0, 0x85, 0x38, 0x0, 0x0, 0x80800005) ioctl$auto_BLKPG2(0xffffffffffffffff, 0x1269, 0x0) ioctl$auto_MEMGETINFO(0xffffffffffffffff, 0x80204d01, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_tracing_fops_trace(0xffffffffffffff9c, 0x0, 0x40200, 0x0) mmap$auto(0xa, 0x402000a, 0x4000000006, 0x10010, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x2, 0x1, 0x0) setsockopt$auto(0x3, 0x1, 0x50, 0x0, 0x9) open(&(0x7f0000000000)='./file0\x00', 0x621c2, 0x84) read$auto(0x3, 0x0, 0xfffffdef) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000005bc0), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_ABORT_SCAN(r2, 0x0, 0x20000080) ppoll$auto(&(0x7f0000000100)={r1, 0x1}, 0x5, &(0x7f0000000200)={0x4c3, 0x3}, &(0x7f0000000240)={0x529a}, 0x8) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000140), 0x80400, 0x0) r3 = socket(0x10, 0x2, 0x0) r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_REPORT_PMSR(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010926bd7000fbdbdf250b0000000800130007000000085bcd6d72ce4bc8ba0b0000"], 0x28}, 0x1, 0x0, 0x0, 0x24044095}, 0x4000000) mmap$auto(0x10, 0x5, 0x2, 0x240eb2, r2, 0xd3) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x40001, 0x0) 0s ago: executing program 6 (id=4327): mmap$auto(0x0, 0x20009, 0x5, 0xeb2, 0x8, 0x1008000) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000229bd70001cdddf250200020008000308"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="0700000000000000df250a"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) write$auto(0xffffffffffffffff, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB, @ANYBLOB="1800"], 0x1ac}, 0x1, 0x0, 0x0, 0x4000044}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc8}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x1f00) kernel console output (not intermixed with test programs): z.0.3642'. [ 1305.811876][T24250] netlink: 'syz.0.3642': attribute type 1 has an invalid length. [ 1306.364751][T24263] ubi0: attaching mtd0 [ 1306.411411][T24263] ubi0: scanning is finished [ 1306.441372][T24263] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1307.039021][T24263] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1307.837744][T24291] netlink: 342 bytes leftover after parsing attributes in process `syz.5.3650'. [ 1307.849258][T24291] IPv6: NLM_F_CREATE should be specified when creating new route [ 1307.902162][T24292] netlink: 342 bytes leftover after parsing attributes in process `syz.5.3650'. [ 1308.362186][T24303] futex_wake_op: syz.5.3651 tries to shift op by -2048; fix this program [ 1308.388804][T24303] futex_wake_op: syz.5.3651 tries to shift op by -2048; fix this program [ 1308.433805][T24303] 0x001c00000000-0x100002c00000200 : "" [ 1308.454925][T24303] mtd: partition "" is out of reach -- disabled [ 1308.502882][T24303] ftl_cs: FTL header not found. [ 1309.475629][T24318] busy [ 1310.360623][T24331] ubi0: attaching mtd0 [ 1310.385039][T24331] ubi0: scanning is finished [ 1310.394454][T24331] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1310.835722][T24331] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1311.350606][T24340] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 2, inode_bitmap = 139 [ 1311.395581][T24340] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz-executor: bg 1: bad block bitmap checksum [ 1311.715868][T24348] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1311.734016][T24348] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1311.745450][T24348] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1311.756878][T24348] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1311.764636][T24348] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1312.726929][T24371] netlink: 28 bytes leftover after parsing attributes in process `syz.6.3666'. [ 1313.848764][T24348] Bluetooth: hci0: command tx timeout [ 1313.993018][T24347] bridge0: port 1(bridge_slave_0) entered blocking state [ 1314.008612][T24347] bridge0: port 1(bridge_slave_0) entered disabled state [ 1314.025072][T24347] bridge_slave_0: entered allmulticast mode [ 1314.040592][T24347] bridge_slave_0: entered promiscuous mode [ 1314.061234][T24347] bridge0: port 2(bridge_slave_1) entered blocking state [ 1314.068718][T24347] bridge0: port 2(bridge_slave_1) entered disabled state [ 1314.088573][T24347] bridge_slave_1: entered allmulticast mode [ 1314.102961][T24347] bridge_slave_1: entered promiscuous mode [ 1314.291005][T24347] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1314.339541][T24347] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1314.425354][T24347] team0: Port device team_slave_0 added [ 1314.441827][T24347] team0: Port device team_slave_1 added [ 1314.529482][T24347] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1314.558746][T24347] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1314.599151][T24347] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1314.612943][T24347] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1314.631439][T24347] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1314.678785][T24347] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1314.805501][T24347] hsr_slave_0: entered promiscuous mode [ 1314.819787][T24347] hsr_slave_1: entered promiscuous mode [ 1314.829516][T24347] debugfs: 'hsr0' already exists in 'hsr' [ 1314.838532][T24347] Cannot create hsr debugfs directory [ 1315.387708][T24347] bridge0: port 3(netdevsim3) entered disabled state [ 1315.553260][T24347] netdevsim netdevsim0 netdevsim3 (unregistering): left allmulticast mode [ 1315.581266][T24347] netdevsim netdevsim0 netdevsim3 (unregistering): left promiscuous mode [ 1315.618134][T24347] bridge0: port 3(netdevsim3) entered disabled state [ 1315.744713][T24347] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1315.930248][T24348] Bluetooth: hci0: command tx timeout [ 1316.151964][T24347] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1316.360776][T24347] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1316.433309][T24410] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3670'. [ 1316.591154][T24347] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1316.630452][T24412] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3682'. [ 1317.184084][T24347] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1317.228068][T24347] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 1317.240499][T24347] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1317.300424][T24347] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 1317.366437][T24347] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1317.390843][T24347] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 1317.430619][T24347] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1317.487560][T24347] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 1317.797564][T24347] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1317.871387][T24347] 8021q: adding VLAN 0 to HW filter on device team0 [ 1317.909811][T22885] bridge0: port 1(bridge_slave_0) entered blocking state [ 1317.917014][T22885] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1317.974854][T22880] bridge0: port 2(bridge_slave_1) entered blocking state [ 1317.982089][T22880] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1318.019075][T24348] Bluetooth: hci0: command tx timeout [ 1318.648147][T24447] busy [ 1319.319669][T24347] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1319.415399][T24347] veth0_vlan: entered promiscuous mode [ 1319.466429][T24347] veth1_vlan: entered promiscuous mode [ 1319.684377][T24347] veth0_macvtap: entered promiscuous mode [ 1319.727774][T24347] veth1_macvtap: entered promiscuous mode [ 1319.839076][T24347] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1319.931087][T24347] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1320.034434][T22886] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1320.077546][T22886] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1320.092867][T24348] Bluetooth: hci0: command tx timeout [ 1320.161232][T22886] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1320.213958][T22886] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1320.476433][T22886] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1320.519356][T22886] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1320.600426][T22880] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1320.633633][T22880] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1321.225000][T24489] ubi0: attaching mtd0 [ 1321.264261][T24489] ubi0: scanning is finished [ 1321.287368][T24489] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1321.535636][T24489] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1321.885563][T24497] futex_wake_op: syz.4.3686 tries to shift op by -2048; fix this program [ 1321.921451][T24497] futex_wake_op: syz.4.3686 tries to shift op by -2048; fix this program [ 1321.999822][T24500] 0x001c00000000-0x100002c00000200 : "" [ 1322.016591][T24501] ubi0: attaching mtd0 [ 1322.041251][T24501] ubi0: scanning is finished [ 1322.050451][T24501] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1322.104806][T24500] mtd: partition "" is out of reach -- disabled [ 1322.304274][T24500] ftl_cs: FTL header not found. [ 1322.319706][T24501] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1324.233564][T24536] futex_wake_op: syz.6.3694 tries to shift op by -2048; fix this program [ 1324.252792][T24536] futex_wake_op: syz.6.3694 tries to shift op by -2048; fix this program [ 1324.275628][T24536] 0x001c00000000-0x100002c00000200 : "" [ 1324.283823][T24538] futex_wake_op: syz.0.3695 tries to shift op by -2048; fix this program [ 1324.295134][T24536] mtd: partition "" is out of reach -- disabled [ 1324.310836][T24538] futex_wake_op: syz.0.3695 tries to shift op by -2048; fix this program [ 1324.348901][T24536] ftl_cs: FTL header not found. [ 1325.275948][T24554] busy [ 1325.368837][T24557] busy [ 1325.771940][T24566] ubi0: attaching mtd0 [ 1325.801330][T24566] ubi0: scanning is finished [ 1325.821818][T24566] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1326.140724][T24566] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1327.836343][T24592] netlink: 28 bytes leftover after parsing attributes in process `syz.6.3705'. [ 1327.940646][T24584] netlink: 342 bytes leftover after parsing attributes in process `syz.6.3705'. [ 1328.886748][T24610] random: crng reseeded on system resumption [ 1330.815349][T24656] ubi0: attaching mtd0 [ 1330.831593][T24656] ubi0: scanning is finished [ 1330.842387][T24656] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1331.167625][T24656] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1331.232512][T24662] futex_wake_op: syz.0.3719 tries to shift op by -2048; fix this program [ 1331.253846][T24662] futex_wake_op: syz.0.3719 tries to shift op by -2048; fix this program [ 1331.297794][T24662] 0x001c00000000-0x100002c00000200 : "" [ 1331.323533][T24662] mtd: partition "" is out of reach -- disabled [ 1331.376312][T24662] ftl_cs: FTL header not found. [ 1331.509622][T24668] futex_wake_op: syz.5.3720 tries to shift op by -2048; fix this program [ 1331.549242][T24668] futex_wake_op: syz.5.3720 tries to shift op by -2048; fix this program [ 1333.226465][T24695] random: crng reseeded on system resumption [ 1333.273633][T24707] futex_wake_op: syz.0.3730 tries to shift op by -2048; fix this program [ 1333.309482][T24707] futex_wake_op: syz.0.3730 tries to shift op by -2048; fix this program [ 1333.334834][T24707] 0x001c00000000-0x100002c00000200 : "" [ 1333.342906][T24707] mtd: partition "" is out of reach -- disabled [ 1333.385258][T24707] ftl_cs: FTL header not found. [ 1334.579586][T24731] random: crng reseeded on system resumption [ 1335.305553][T24741] ubi0: attaching mtd0 [ 1335.320359][T24741] ubi0: scanning is finished [ 1335.333764][T24741] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1335.379211][T24745] futex_wake_op: syz.5.3735 tries to shift op by -2048; fix this program [ 1335.398618][T24745] futex_wake_op: syz.5.3735 tries to shift op by -2048; fix this program [ 1335.425315][T24747] futex_wake_op: syz.4.3734 tries to shift op by -2048; fix this program [ 1335.451582][T24747] futex_wake_op: syz.4.3734 tries to shift op by -2048; fix this program [ 1335.478198][T24747] 0x001c00000000-0x100002c00000200 : "" [ 1335.485403][T24747] mtd: partition "" is out of reach -- disabled [ 1335.522489][T24747] ftl_cs: FTL header not found. [ 1335.542442][T24741] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1336.657829][T12529] EXT4-fs (sda1): Delayed block allocation failed for inode 2035 at logical offset 855 with max blocks 49 with error 117 [ 1336.693567][T12529] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1336.693567][T12529] [ 1336.746304][T24782] ubi0: attaching mtd0 [ 1336.844178][T24782] ubi0: scanning is finished [ 1336.872795][T24782] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1337.111798][T24789] netlink: 334 bytes leftover after parsing attributes in process `syz.5.3744'. [ 1337.175137][T24785] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 1337.266120][T24782] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1337.306926][T24794] netlink: 342 bytes leftover after parsing attributes in process `syz.0.3745'. [ 1337.380719][T24795] netlink: 342 bytes leftover after parsing attributes in process `syz.0.3745'. [ 1337.626298][T24805] ubi0: attaching mtd0 [ 1337.653809][T24805] ubi0: scanning is finished [ 1337.664011][T24804] busy [ 1337.670607][T24805] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1337.954793][T24805] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1338.443069][T24820] netlink: 342 bytes leftover after parsing attributes in process `syz.5.3751'. [ 1338.493475][T24820] netlink: 342 bytes leftover after parsing attributes in process `syz.5.3751'. [ 1338.589034][T24826] futex_wake_op: syz.4.3750 tries to shift op by -2048; fix this program [ 1338.633196][T24826] futex_wake_op: syz.4.3750 tries to shift op by -2048; fix this program [ 1338.660023][T24827] futex_wake_op: syz.6.3758 tries to shift op by -2048; fix this program [ 1338.701274][T24826] 0x001c00000000-0x100002c00000200 : "" [ 1338.702978][T24827] futex_wake_op: syz.6.3758 tries to shift op by -2048; fix this program [ 1338.720552][T24826] mtd: partition "" is out of reach -- disabled [ 1338.776670][T24826] ftl_cs: FTL header not found. [ 1340.844218][T24862] busy [ 1343.186037][T24896] futex_wake_op: syz.5.3765 tries to shift op by -2048; fix this program [ 1343.215400][T24896] futex_wake_op: syz.5.3765 tries to shift op by -2048; fix this program [ 1343.245896][T24898] futex_wake_op: syz.0.3766 tries to shift op by -2048; fix this program [ 1343.262271][T24896] 0x001c00000000-0x100002c00000200 : "" [ 1343.274433][T24896] mtd: partition "" is out of reach -- disabled [ 1343.275286][T24898] futex_wake_op: syz.0.3766 tries to shift op by -2048; fix this program [ 1343.381550][T24896] ftl_cs: FTL header not found. [ 1343.825235][T24911] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3766'. [ 1344.828892][T24922] busy [ 1344.874441][T24925] futex_wake_op: syz.0.3779 tries to shift op by -2048; fix this program [ 1344.888067][T24925] futex_wake_op: syz.0.3779 tries to shift op by -2048; fix this program [ 1344.969610][T24925] 0x001c00000000-0x100002c00000200 : "" [ 1344.981006][T24925] mtd: partition "" is out of reach -- disabled [ 1345.083585][T24925] ftl_cs: FTL header not found. [ 1345.125188][T24929] busy [ 1345.328702][T24935] netlink: 342 bytes leftover after parsing attributes in process `syz.4.3773'. [ 1345.381387][T24936] netlink: 342 bytes leftover after parsing attributes in process `syz.4.3773'. [ 1345.505097][T24925] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3779'. [ 1345.695137][T24942] ubi0: attaching mtd0 [ 1345.719758][T24942] ubi0: scanning is finished [ 1345.761008][T24942] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1345.970680][T24942] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1345.987035][T24949] ubi0: attaching mtd0 [ 1346.003248][T24949] ubi0: scanning is finished [ 1346.019418][T24949] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1346.348131][T24949] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1350.185580][T25034] ubi0: attaching mtd0 [ 1350.216320][T25034] ubi0: scanning is finished [ 1350.237291][T25034] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1350.565834][T25034] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1351.172533][T25055] netlink: 342 bytes leftover after parsing attributes in process `syz.4.3797'. [ 1351.206183][T25055] netlink: 342 bytes leftover after parsing attributes in process `syz.4.3797'. [ 1354.108556][T25105] FAULT_INJECTION: forcing a failure. [ 1354.108556][T25105] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1354.193631][T25106] ubi0: attaching mtd0 [ 1354.217280][T25105] CPU: 0 UID: 0 PID: 25105 Comm: syz.0.3815 Tainted: G L syzkaller #0 PREEMPT(full) [ 1354.217318][T25105] Tainted: [L]=SOFTLOCKUP [ 1354.217327][T25105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1354.217341][T25105] Call Trace: [ 1354.217349][T25105] [ 1354.217358][T25105] dump_stack_lvl+0x100/0x190 [ 1354.217393][T25105] should_fail_ex.cold+0x5/0xa [ 1354.217419][T25105] ? prepare_alloc_pages+0x16d/0x5f0 [ 1354.217453][T25105] should_fail_alloc_page+0xeb/0x140 [ 1354.217484][T25105] prepare_alloc_pages+0x1f0/0x5f0 [ 1354.217515][T25105] ? tomoyo_check_open_permission+0x1a2/0x3c0 [ 1354.217547][T25105] __alloc_frozen_pages_noprof+0x19a/0x2bc0 [ 1354.217591][T25105] ? register_lock_class+0x40/0x560 [ 1354.217615][T25105] ? find_held_lock+0x2b/0x80 [ 1354.217646][T25105] ? ima_match_policy+0x8c4/0x2350 [ 1354.217673][T25105] ? ima_match_policy+0x8c4/0x2350 [ 1354.217704][T25105] ? __lock_acquire+0x4a5/0x2630 [ 1354.217731][T25105] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1354.217781][T25105] ? __lock_acquire+0x4a5/0x2630 [ 1354.217809][T25105] ? __lock_acquire+0x4a5/0x2630 [ 1354.217835][T25105] ? vma_is_special_huge+0x23f/0x2d0 [ 1354.217863][T25105] ? __pfx_vma_is_special_huge+0x10/0x10 [ 1354.217891][T25105] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1354.217928][T25105] ? policy_nodemask+0xed/0x4f0 [ 1354.217958][T25105] alloc_pages_mpol+0x1fb/0x540 [ 1354.217987][T25105] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1354.218049][T25105] ? __pfx___thp_vma_allowable_orders+0x10/0x10 [ 1354.218096][T25105] alloc_pages_noprof+0x1a/0x160 [ 1354.218129][T25105] __pmd_alloc+0x3b/0x950 [ 1354.218163][T25105] __handle_mm_fault+0xa9c/0x2a00 [ 1354.218202][T25105] ? mt_find+0x45e/0x8e0 [ 1354.218260][T25105] ? __pfx___handle_mm_fault+0x10/0x10 [ 1354.218307][T25105] ? __pfx_mt_find+0x10/0x10 [ 1354.218361][T25105] ? find_vma+0xbf/0x140 [ 1354.218396][T25105] ? __pfx_find_vma+0x10/0x10 [ 1354.218426][T25105] handle_mm_fault+0x36d/0xa20 [ 1354.218467][T25105] do_user_addr_fault+0x74c/0x12f0 [ 1354.218501][T25105] ? trace_page_fault_kernel+0x7a/0x200 [ 1354.218531][T25105] exc_page_fault+0x6f/0xd0 [ 1354.218568][T25105] asm_exc_page_fault+0x26/0x30 [ 1354.218591][T25105] RIP: 0010:__put_user_1+0xd/0x20 [ 1354.218626][T25105] Code: cc 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <88> 01 31 c9 0f 01 ca c3 cc cc cc cc 0f 1f 80 00 00 00 00 90 90 90 [ 1354.218655][T25105] RSP: 0018:ffffc90003647b38 EFLAGS: 00050202 [ 1354.218674][T25105] RAX: 0000000000000303 RBX: 0000000000000000 RCX: 0000000000000001 [ 1354.218690][T25105] RDX: ffff88802a6edc40 RSI: ffffffff8257ee31 RDI: ffffffff8c1c4180 [ 1354.218705][T25105] RBP: 0000000000000001 R08: 0000000000000001 R09: 00000000000001cb [ 1354.218719][T25105] R10: 0000000000000200 R11: 0000000000000000 R12: 0000000000000293 [ 1354.218736][T25105] R13: 0000000000000001 R14: 000000000000000b R15: 0000000000000001 [ 1354.218759][T25105] ? __might_fault+0x111/0x140 [ 1354.218799][T25105] vt_do_kdskled+0x20f/0x320 [ 1354.218828][T25105] vt_ioctl+0xc61/0x31a0 [ 1354.218860][T25105] ? __pfx_vt_ioctl+0x10/0x10 [ 1354.218887][T25105] ? clockevents_program_event+0x23e/0x820 [ 1354.218916][T25105] ? clockevents_program_event+0x23e/0x820 [ 1354.218949][T25105] ? ktime_get+0x9f/0x320 [ 1354.218983][T25105] ? ktime_get+0x1a4/0x320 [ 1354.219019][T25105] ? lapic_next_event+0x10/0x20 [ 1354.219045][T25105] ? clockevents_program_event+0x1ef/0x820 [ 1354.219077][T25105] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1354.219115][T25105] ? __pfx_vt_ioctl+0x10/0x10 [ 1354.219144][T25105] tty_ioctl+0x26a/0x1640 [ 1354.219183][T25105] ? __pfx_tty_ioctl+0x10/0x10 [ 1354.219219][T25105] ? rcu_is_watching+0x12/0xc0 [ 1354.219254][T25105] ? irqentry_exit+0x24d/0x7e0 [ 1354.219275][T25105] ? lockdep_hardirqs_on+0x78/0x100 [ 1354.219311][T25105] ? irqentry_exit+0x24d/0x7e0 [ 1354.219343][T25105] ? security_file_ioctl+0xde/0x230 [ 1354.219369][T25105] ? security_file_ioctl+0x29/0x230 [ 1354.219395][T25105] ? security_file_ioctl+0xe8/0x230 [ 1354.219420][T25105] ? __pfx_tty_ioctl+0x10/0x10 [ 1354.219459][T25105] __x64_sys_ioctl+0x18e/0x210 [ 1354.219485][T25105] do_syscall_64+0x10b/0xf80 [ 1354.219505][T25105] ? clear_bhb_loop+0x40/0x90 [ 1354.219534][T25105] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1354.219557][T25105] RIP: 0033:0x7fb91019ce59 [ 1354.219580][T25105] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1354.219604][T25105] RSP: 002b:00007fb910fd6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1354.219624][T25105] RAX: ffffffffffffffda RBX: 00007fb910415fa0 RCX: 00007fb91019ce59 [ 1354.219640][T25105] RDX: 0000000000000001 RSI: 0000000000004b64 RDI: 0000000000000003 [ 1354.219654][T25105] RBP: 00007fb910fd6090 R08: 0000000000000000 R09: 0000000000000000 [ 1354.219669][T25105] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1354.219682][T25105] R13: 00007fb910416038 R14: 00007fb910415fa0 R15: 00007fff30be9748 [ 1354.219712][T25105] [ 1354.764422][T25106] ubi0: scanning is finished [ 1354.769216][T25106] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1355.435288][T25106] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1357.101294][T25148] ubi0: attaching mtd0 [ 1357.121855][T25148] ubi0: scanning is finished [ 1357.129072][T25148] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1357.387243][T25148] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1357.863650][T25168] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3820'. [ 1357.887922][T25175] ubi0: attaching mtd0 [ 1357.905993][T25171] netlink: 'syz.0.3820': attribute type 1 has an invalid length. [ 1357.927961][T25175] ubi0: scanning is finished [ 1357.934868][T25175] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1357.994277][T25177] netlink: 342 bytes leftover after parsing attributes in process `syz.4.3823'. [ 1358.102004][T25184] netlink: 342 bytes leftover after parsing attributes in process `syz.4.3823'. [ 1358.274340][T25175] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1358.592331][T25195] netlink: 342 bytes leftover after parsing attributes in process `syz.0.3834'. [ 1358.632086][T25196] futex_wake_op: syz.4.3826 tries to shift op by -2048; fix this program [ 1358.667077][T25196] futex_wake_op: syz.4.3826 tries to shift op by -2048; fix this program [ 1358.692161][T25198] netlink: 342 bytes leftover after parsing attributes in process `syz.0.3834'. [ 1358.710694][T25196] 0x001c00000000-0x100002c00000200 : "" [ 1358.742659][T25196] mtd: partition "" is out of reach -- disabled [ 1358.812903][T25196] ftl_cs: FTL header not found. [ 1358.992103][ T29] audit: type=1807 audit(8277292852.670:139): UNKNOWN=0"û]$|Ë1jë0B|d™¹ýÓ‰OŸ¬+ö×/ÉéxÔóÈõWÓ¦–Ó^¸´gq%ḦrêOŽ res=0 [ 1359.029949][ T29] audit: type=1802 audit(8277292852.700:140): pid=25204 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=update_policy cause=invalid-policy comm="syz.5.3827" res=0 errno=0 [ 1359.307981][T25208] futex_wake_op: syz.6.3828 tries to shift op by -2048; fix this program [ 1359.323546][T25208] futex_wake_op: syz.6.3828 tries to shift op by -2048; fix this program [ 1359.361967][T25208] 0x001c00000000-0x100002c00000200 : "" [ 1359.374332][T25208] mtd: partition "" is out of reach -- disabled [ 1359.406513][T25208] ftl_cs: FTL header not found. [ 1359.474397][T25196] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3826'. [ 1359.695666][T25213] ubi0: attaching mtd0 [ 1359.792024][T25213] ubi0: scanning is finished [ 1359.806905][T25213] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1359.872397][T25202] ima: policy update failed [ 1359.892388][ T29] audit: type=1802 audit(8277292853.570:141): pid=25202 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.5.3827" res=0 errno=0 [ 1360.114312][T25212] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3828'. [ 1360.258885][T25213] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1361.138617][T25233] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3836'. [ 1361.168760][T25233] mac80211_hwsim hwsim33 wlan2: entered promiscuous mode [ 1361.190877][T25233] mac80211_hwsim hwsim33 wlan2: entered allmulticast mode [ 1361.769949][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 1361.776478][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 1362.059735][T25253] busy [ 1362.613259][T25262] blktrace: Concurrent blktraces are not allowed on loop2 [ 1363.006170][T25280] futex_wake_op: syz.0.3843 tries to shift op by -2048; fix this program [ 1363.035859][T25280] futex_wake_op: syz.0.3843 tries to shift op by -2048; fix this program [ 1363.099804][T25280] 0x001c00000000-0x100002c00000200 : "" [ 1363.106242][T25280] mtd: partition "" is out of reach -- disabled [ 1363.144893][T25280] ftl_cs: FTL header not found. [ 1363.184841][T25284] futex_wake_op: syz.5.3845 tries to shift op by -2048; fix this program [ 1363.219023][T25284] futex_wake_op: syz.5.3845 tries to shift op by -2048; fix this program [ 1363.596201][T25284] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3845'. [ 1363.606286][T25280] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3843'. [ 1364.124279][T25303] ubi0: attaching mtd0 [ 1364.161695][T25303] ubi0: scanning is finished [ 1364.176611][T25303] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1364.274358][T25308] tipc: Started in network mode [ 1364.291792][T25308] tipc: Node identity ee00, cluster identity 4711 [ 1364.319463][T25308] tipc: Node number set to 60928 [ 1364.509353][T25313] netlink: 354 bytes leftover after parsing attributes in process `syz.5.3853'. [ 1364.583071][T25303] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1365.262391][T25329] FAULT_INJECTION: forcing a failure. [ 1365.262391][T25329] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1365.278465][T25329] CPU: 1 UID: 0 PID: 25329 Comm: syz.0.3855 Tainted: G L syzkaller #0 PREEMPT(full) [ 1365.278515][T25329] Tainted: [L]=SOFTLOCKUP [ 1365.278526][T25329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1365.278545][T25329] Call Trace: [ 1365.278555][T25329] [ 1365.278568][T25329] dump_stack_lvl+0x100/0x190 [ 1365.278628][T25329] should_fail_ex.cold+0x5/0xa [ 1365.278671][T25329] get_futex_key+0x1d2/0x1510 [ 1365.278720][T25329] ? __pfx_get_futex_key+0x10/0x10 [ 1365.278756][T25329] ? putname+0xb1/0x110 [ 1365.278801][T25329] ? kasan_save_stack+0x3f/0x50 [ 1365.278835][T25329] ? kasan_save_stack+0x30/0x50 [ 1365.278868][T25329] ? kasan_save_track+0x14/0x30 [ 1365.278900][T25329] ? kasan_save_free_info+0x3b/0x70 [ 1365.278946][T25329] ? __kasan_slab_free+0x5f/0x80 [ 1365.278979][T25329] ? kmem_cache_free+0x127/0x6c0 [ 1365.279036][T25329] futex_wake+0xea/0x530 [ 1365.279084][T25329] ? __pfx_futex_wake+0x10/0x10 [ 1365.279166][T25329] do_futex+0x32b/0x350 [ 1365.279205][T25329] ? __pfx_do_futex+0x10/0x10 [ 1365.279256][T25329] __x64_sys_futex+0x34f/0x4d0 [ 1365.279301][T25329] ? __pfx___x64_sys_futex+0x10/0x10 [ 1365.279349][T25329] ? rcu_is_watching+0x12/0xc0 [ 1365.279397][T25329] do_syscall_64+0x10b/0xf80 [ 1365.279433][T25329] ? clear_bhb_loop+0x40/0x90 [ 1365.279476][T25329] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1365.279512][T25329] RIP: 0033:0x7fb91019ce59 [ 1365.279540][T25329] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1365.279576][T25329] RSP: 002b:00007fb910fb50e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1365.279610][T25329] RAX: ffffffffffffffda RBX: 00007fb910416098 RCX: 00007fb91019ce59 [ 1365.279634][T25329] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fb91041609c [ 1365.279656][T25329] RBP: 00007fb910416090 R08: 0000000000000001 R09: 0000000000000000 [ 1365.279677][T25329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1365.279697][T25329] R13: 00007fb910416128 R14: 00007fff30be9660 R15: 00007fff30be9748 [ 1365.279750][T25329] [ 1366.134766][T25350] futex_wake_op: syz.6.3860 tries to shift op by -2048; fix this program [ 1366.187393][T25353] busy [ 1366.202925][T25350] futex_wake_op: syz.6.3860 tries to shift op by -2048; fix this program [ 1366.237145][T25350] 0x001c00000000-0x100002c00000200 : "" [ 1366.262279][T25350] mtd: partition "" is out of reach -- disabled [ 1366.360508][T25350] ftl_cs: FTL header not found. [ 1366.997287][T25350] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3860'. [ 1367.282499][T25370] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3862'. [ 1369.137811][T25406] futex_wake_op: syz.0.3870 tries to shift op by -2048; fix this program [ 1369.154182][T25406] futex_wake_op: syz.0.3870 tries to shift op by -2048; fix this program [ 1369.190418][T25406] 0x001c00000000-0x100002c00000200 : "" [ 1369.213986][T25406] mtd: partition "" is out of reach -- disabled [ 1369.259566][T25406] ftl_cs: FTL header not found. [ 1369.924158][T25405] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3870'. [ 1370.583590][T25435] busy [ 1370.912796][T25443] netlink: 334 bytes leftover after parsing attributes in process `syz.4.3877'. [ 1373.296708][T25471] futex_wake_op: syz.5.3884 tries to shift op by -2048; fix this program [ 1373.307573][T25471] futex_wake_op: syz.5.3884 tries to shift op by -2048; fix this program [ 1373.344182][T25471] 0x001c00000000-0x100002c00000200 : "" [ 1373.357771][T25471] mtd: partition "" is out of reach -- disabled [ 1373.426733][T25471] ftl_cs: FTL header not found. [ 1373.438227][T25475] busy [ 1373.800165][T25485] ubi0: attaching mtd0 [ 1373.835793][T25485] ubi0: scanning is finished [ 1373.854441][T25485] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1373.948705][T25471] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3884'. [ 1374.162634][T25485] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1374.181017][T25493] ubi0: attaching mtd0 [ 1374.198955][T25493] ubi0: scanning is finished [ 1374.206970][T25493] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1374.378369][T25493] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1375.161671][T25514] netlink: 342 bytes leftover after parsing attributes in process `syz.4.3893'. [ 1375.198400][T25514] netlink: 342 bytes leftover after parsing attributes in process `syz.4.3893'. [ 1375.308144][T25519] ubi0: attaching mtd0 [ 1375.323071][T25519] ubi0: scanning is finished [ 1375.337948][T25519] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1375.394333][ T29] audit: type=1800 audit(8277292869.080:142): pid=25524 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.3898" name="dbroot" dev="configfs" ino=105868 res=0 errno=0 [ 1375.670950][T25519] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1375.927119][T25524] netlink: 1884 bytes leftover after parsing attributes in process `syz.6.3898'. [ 1376.346062][T25558] ubi0: attaching mtd0 [ 1376.372546][T25558] ubi0: scanning is finished [ 1376.394664][T25558] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1376.662655][T25558] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1377.165075][T25575] busy [ 1377.652872][T25581] netlink: 342 bytes leftover after parsing attributes in process `syz.6.3906'. [ 1377.685930][T25581] netlink: 342 bytes leftover after parsing attributes in process `syz.6.3906'. [ 1379.105164][T25599] ubi0: attaching mtd0 [ 1379.145191][T25599] ubi0: scanning is finished [ 1379.158098][T25599] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1379.422917][T25599] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1379.776971][T25619] ubi0: attaching mtd0 [ 1379.795942][T25619] ubi0: scanning is finished [ 1379.815259][T25619] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1379.857807][T25622] netlink: 342 bytes leftover after parsing attributes in process `syz.5.3915'. [ 1379.919966][T25622] netlink: 342 bytes leftover after parsing attributes in process `syz.5.3915'. [ 1380.086998][T25627] FAULT_INJECTION: forcing a failure. [ 1380.086998][T25627] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1380.106919][T25619] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1380.122160][T25627] CPU: 0 UID: 0 PID: 25627 Comm: syz.5.3916 Tainted: G L syzkaller #0 PREEMPT(full) [ 1380.122202][T25627] Tainted: [L]=SOFTLOCKUP [ 1380.122211][T25627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1380.122224][T25627] Call Trace: [ 1380.122232][T25627] [ 1380.122240][T25627] dump_stack_lvl+0x100/0x190 [ 1380.122271][T25627] should_fail_ex.cold+0x5/0xa [ 1380.122301][T25627] _copy_from_iter+0x1f4/0x1690 [ 1380.122333][T25627] ? __pfx__copy_from_iter+0x10/0x10 [ 1380.122362][T25627] ? __pfx___might_resched+0x10/0x10 [ 1380.122390][T25627] ? kfree+0x1dd/0x6c0 [ 1380.122432][T25627] file_tty_write.isra.0+0x45b/0x890 [ 1380.122476][T25627] redirected_tty_write+0xd4/0x120 [ 1380.122531][T25627] vfs_write+0x6ac/0x1070 [ 1380.122570][T25627] ? __pfx_redirected_tty_write+0x10/0x10 [ 1380.122608][T25627] ? __pfx_vfs_write+0x10/0x10 [ 1380.122631][T25627] ? find_held_lock+0x2b/0x80 [ 1380.122675][T25627] ksys_write+0x12a/0x250 [ 1380.122700][T25627] ? __pfx_ksys_write+0x10/0x10 [ 1380.122733][T25627] ? rcu_is_watching+0x12/0xc0 [ 1380.122763][T25627] do_syscall_64+0x10b/0xf80 [ 1380.122785][T25627] ? clear_bhb_loop+0x40/0x90 [ 1380.122811][T25627] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1380.122832][T25627] RIP: 0033:0x7f032719ce59 [ 1380.122849][T25627] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1380.122870][T25627] RSP: 002b:00007f0328007028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1380.122890][T25627] RAX: ffffffffffffffda RBX: 00007f0327415fa0 RCX: 00007f032719ce59 [ 1380.122907][T25627] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 0000000000000003 [ 1380.122920][T25627] RBP: 00007f0328007090 R08: 0000000000000000 R09: 0000000000000000 [ 1380.122933][T25627] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1380.122946][T25627] R13: 00007f0327416038 R14: 00007f0327415fa0 R15: 00007ffde661e358 [ 1380.122973][T25627] [ 1380.839245][T25636] ubi0: attaching mtd0 [ 1380.863384][T25636] ubi0: scanning is finished [ 1380.863428][T25636] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1381.972165][T25636] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1382.929015][T25661] ubi0: attaching mtd0 [ 1382.951428][T25661] ubi0: scanning is finished [ 1382.959584][T25661] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1383.276506][T25661] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1383.846618][T25674] ubi0: attaching mtd0 [ 1383.873400][T25674] ubi0: scanning is finished [ 1383.884986][T25674] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1384.150675][T25674] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1384.814716][T25690] ubi0: attaching mtd0 [ 1384.855600][T25690] ubi0: scanning is finished [ 1384.873109][T25690] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1385.143985][T25690] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1385.310969][T25697] futex_wake_op: syz.4.3928 tries to shift op by -2048; fix this program [ 1385.342273][T25697] futex_wake_op: syz.4.3928 tries to shift op by -2048; fix this program [ 1385.367819][T25697] 0x001c00000000-0x100002c00000200 : "" [ 1385.374360][T25697] mtd: partition "" is out of reach -- disabled [ 1385.404949][T25697] ftl_cs: FTL header not found. [ 1385.618051][T25702] futex_wake_op: syz.5.3929 tries to shift op by -2048; fix this program [ 1385.640419][T25702] futex_wake_op: syz.5.3929 tries to shift op by -2048; fix this program [ 1385.754210][T25702] 0x001c00000000-0x100002c00000200 : "" [ 1385.760215][T25705] busy [ 1385.820543][T25702] mtd: partition "" is out of reach -- disabled [ 1385.903891][T25702] ftl_cs: FTL header not found. [ 1386.100070][T25700] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3928'. [ 1386.564335][T25713] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3929'. [ 1387.163860][T25716] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3931'. [ 1390.371054][T25769] futex_wake_op: syz.0.3942 tries to shift op by -2048; fix this program [ 1390.415217][T25769] futex_wake_op: syz.0.3942 tries to shift op by -2048; fix this program [ 1390.453100][T25769] 0x001c00000000-0x100002c00000200 : "" [ 1390.494159][T25769] mtd: partition "" is out of reach -- disabled [ 1390.551817][T25769] ftl_cs: FTL header not found. [ 1391.169107][T25769] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3942'. [ 1391.714504][T25796] ubi0: attaching mtd0 [ 1391.739142][T25796] ubi0: scanning is finished [ 1391.744441][T25796] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1391.950521][T25796] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1392.719897][T25823] ubi0: attaching mtd0 [ 1392.731349][T25823] ubi0: scanning is finished [ 1392.731392][T25823] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1393.043634][T25823] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1393.498427][T25843] futex_wake_op: syz.6.3957 tries to shift op by -2048; fix this program [ 1393.534387][T25843] futex_wake_op: syz.6.3957 tries to shift op by -2048; fix this program [ 1393.580157][T25843] 0x001c00000000-0x100002c00000200 : "" [ 1393.609489][T25843] mtd: partition "" is out of reach -- disabled [ 1393.674049][T25843] ftl_cs: FTL header not found. [ 1394.174442][T25846] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3957'. [ 1395.132429][T25867] netlink: 342 bytes leftover after parsing attributes in process `syz.4.3962'. [ 1395.154140][T25867] netlink: 342 bytes leftover after parsing attributes in process `syz.4.3962'. [ 1395.621592][T25876] ubi0: attaching mtd0 [ 1395.642171][T25876] ubi0: scanning is finished [ 1395.674467][T25876] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1396.036937][T25876] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1396.237967][T25890] ubi0: attaching mtd0 [ 1396.260533][T25890] ubi0: scanning is finished [ 1396.276941][T25890] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1396.622342][T25890] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1396.922811][T25904] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1397.138835][T25917] ubi0: attaching mtd0 [ 1397.170081][T25917] ubi0: scanning is finished [ 1397.196065][T25917] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1397.619191][T25917] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1398.010861][T25922] FAULT_INJECTION: forcing a failure. [ 1398.010861][T25922] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1398.066481][T25922] CPU: 0 UID: 0 PID: 25922 Comm: syz.5.3979 Tainted: G L syzkaller #0 PREEMPT(full) [ 1398.066534][T25922] Tainted: [L]=SOFTLOCKUP [ 1398.066547][T25922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1398.066567][T25922] Call Trace: [ 1398.066578][T25922] [ 1398.066592][T25922] dump_stack_lvl+0x100/0x190 [ 1398.066640][T25922] should_fail_ex.cold+0x5/0xa [ 1398.066682][T25922] _copy_to_iter+0x1f3/0x1720 [ 1398.066723][T25922] ? show_sb_opts+0xb4/0xf0 [ 1398.066777][T25922] ? __pfx__copy_to_iter+0x10/0x10 [ 1398.066818][T25922] ? __up_read+0x2c1/0x6e0 [ 1398.066859][T25922] ? __pfx___up_read+0x10/0x10 [ 1398.066895][T25922] ? seq_read_iter+0xd33/0x1270 [ 1398.066932][T25922] ? seq_read_iter+0xd33/0x1270 [ 1398.066977][T25922] seq_read_iter+0xdab/0x1270 [ 1398.067027][T25922] ? __pfx_seq_read_iter+0x10/0x10 [ 1398.067067][T25922] vfs_read+0x825/0xb30 [ 1398.067112][T25922] ? __pfx_vfs_read+0x10/0x10 [ 1398.067176][T25922] ksys_read+0x12a/0x250 [ 1398.067214][T25922] ? __pfx_ksys_read+0x10/0x10 [ 1398.067256][T25922] ? rcu_is_watching+0x12/0xc0 [ 1398.067301][T25922] do_syscall_64+0x10b/0xf80 [ 1398.067351][T25922] ? clear_bhb_loop+0x40/0x90 [ 1398.067394][T25922] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1398.067430][T25922] RIP: 0033:0x7f032719ce59 [ 1398.067458][T25922] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1398.067493][T25922] RSP: 002b:00007f0328007028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1398.067525][T25922] RAX: ffffffffffffffda RBX: 00007f0327415fa0 RCX: 00007f032719ce59 [ 1398.067549][T25922] RDX: 0000000000001036 RSI: 0000200000000040 RDI: 0000000000000004 [ 1398.067570][T25922] RBP: 00007f0327232d6f R08: 0000000000000000 R09: 0000000000000000 [ 1398.067592][T25922] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1398.067612][T25922] R13: 00007f0327416038 R14: 00007f0327415fa0 R15: 00007ffde661e358 [ 1398.067659][T25922] [ 1398.478781][T25938] netlink: 342 bytes leftover after parsing attributes in process `syz.6.3980'. [ 1398.540576][T25938] netlink: 342 bytes leftover after parsing attributes in process `syz.6.3980'. [ 1399.391339][T25967] vivid-003: ================= START STATUS ================= [ 1399.437532][T25967] vivid-003: Radio HW Seek Mode: Bounded [ 1399.458634][T25968] FAULT_INJECTION: forcing a failure. [ 1399.458634][T25968] name failslab, interval 1, probability 0, space 0, times 0 [ 1399.472856][T25968] CPU: 0 UID: 0 PID: 25968 Comm: syz.5.3986 Tainted: G L syzkaller #0 PREEMPT(full) [ 1399.472904][T25968] Tainted: [L]=SOFTLOCKUP [ 1399.472916][T25968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1399.472935][T25968] Call Trace: [ 1399.472948][T25968] [ 1399.472961][T25968] dump_stack_lvl+0x100/0x190 [ 1399.473004][T25968] should_fail_ex.cold+0x5/0xa [ 1399.473049][T25968] should_failslab+0xc2/0x120 [ 1399.473089][T25968] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1399.473144][T25968] ? __send_signal_locked+0x155/0x12d0 [ 1399.473192][T25968] __send_signal_locked+0x155/0x12d0 [ 1399.473240][T25968] group_send_sig_info+0x2a4/0x300 [ 1399.473289][T25968] ? __pfx_group_send_sig_info+0x10/0x10 [ 1399.473360][T25968] ? kill_pid_info_type+0x1a/0x290 [ 1399.473399][T25968] kill_pid_info_type+0x92/0x290 [ 1399.473447][T25968] kill_proc_info+0x6f/0x1b0 [ 1399.473491][T25968] kill_something_info+0x2a0/0x310 [ 1399.473540][T25968] __x64_sys_kill+0x1c4/0x250 [ 1399.473587][T25968] ? __pfx___x64_sys_kill+0x10/0x10 [ 1399.473638][T25968] ? xfd_validate_state+0x129/0x190 [ 1399.473680][T25968] ? rcu_is_watching+0x12/0xc0 [ 1399.473737][T25968] do_syscall_64+0x10b/0xf80 [ 1399.473767][T25968] ? clear_bhb_loop+0x40/0x90 [ 1399.473827][T25968] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1399.473862][T25968] RIP: 0033:0x7f032719ce59 [ 1399.473890][T25968] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1399.473925][T25968] RSP: 002b:00007f0327fe6028 EFLAGS: 00000246 ORIG_RAX: 000000000000003e [ 1399.473956][T25968] RAX: ffffffffffffffda RBX: 00007f0327416090 RCX: 00007f032719ce59 [ 1399.473978][T25968] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 0000000000000580 [ 1399.474000][T25968] RBP: 00007f0327232d6f R08: 0000000000000000 R09: 0000000000000000 [ 1399.474021][T25968] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1399.474043][T25968] R13: 00007f0327416128 R14: 00007f0327416090 R15: 00007ffde661e358 [ 1399.474084][T25968] [ 1399.513060][T25967] vivid-003: Radio Programmable HW Seek: [ 1399.683595][T25970] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 1399.781351][T25967] false [ 1399.788465][T25967] vivid-003: RDS Rx I/O Mode: Block I/O [ 1399.804416][T25967] vivid-003: Generate RBDS Instead of RDS: false [ 1399.814651][T25967] vivid-003: RDS Reception: true [ 1399.824783][T25967] vivid-003: RDS Program Type: 0 inactive [ 1399.836416][T25967] vivid-003: RDS PS Name: inactive [ 1399.848382][T25967] vivid-003: RDS Radio Text: inactive [ 1399.861311][T25967] vivid-003: RDS Traffic Announcement: false inactive [ 1399.878433][T25967] vivid-003: RDS Traffic Program: false inactive [ 1399.899561][T25967] vivid-003: RDS Music: false inactive [ 1399.909927][T25967] vivid-003: ================== END STATUS ================== [ 1400.055018][T25976] ubi0: attaching mtd0 [ 1400.074434][T25976] ubi0: scanning is finished [ 1400.088396][T25976] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1400.349225][T25976] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1401.880786][T26016] netlink: 342 bytes leftover after parsing attributes in process `syz.4.3999'. [ 1401.901804][T26016] netlink: 342 bytes leftover after parsing attributes in process `syz.4.3999'. [ 1402.734390][T26035] futex_wake_op: syz.5.4004 tries to shift op by -2048; fix this program [ 1402.744436][T26035] futex_wake_op: syz.5.4004 tries to shift op by -2048; fix this program [ 1402.755107][T26035] 0x001c00000000-0x100002c00000200 : "" [ 1402.760951][T26035] mtd: partition "" is out of reach -- disabled [ 1402.776673][T26035] ftl_cs: FTL header not found. [ 1404.319361][T26064] ubi0: attaching mtd0 [ 1404.348977][T26064] ubi0: scanning is finished [ 1404.379685][T26064] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1404.720317][T26064] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1405.902794][T26102] futex_wake_op: syz.4.4016 tries to shift op by -2048; fix this program [ 1405.911471][T26102] futex_wake_op: syz.4.4016 tries to shift op by -2048; fix this program [ 1405.960939][T26102] 0x001c00000000-0x100002c00000200 : "" [ 1405.969634][T26102] mtd: partition "" is out of reach -- disabled [ 1405.995189][T26102] ftl_cs: FTL header not found. [ 1406.773883][T26115] futex_wake_op: syz.5.4018 tries to shift op by -2048; fix this program [ 1406.799603][T26115] futex_wake_op: syz.5.4018 tries to shift op by -2048; fix this program [ 1406.826642][T26115] 0x001c00000000-0x100002c00000200 : "" [ 1406.840731][T26115] mtd: partition "" is out of reach -- disabled [ 1406.913439][T26115] ftl_cs: FTL header not found. [ 1407.380452][T26128] ubi0: attaching mtd0 [ 1407.443895][T26128] ubi0: scanning is finished [ 1407.459286][T26115] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4018'. [ 1407.468541][T26128] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1407.779680][T26128] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1409.532403][T26170] ubi0: attaching mtd0 [ 1409.543903][T26170] ubi0: scanning is finished [ 1409.543964][T26170] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1409.806587][T26170] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1409.915863][T26180] futex_wake_op: syz.4.4029 tries to shift op by -2048; fix this program [ 1409.933207][T26180] futex_wake_op: syz.4.4029 tries to shift op by -2048; fix this program [ 1409.974488][T26181] ubi0: attaching mtd0 [ 1409.988909][T26180] 0x001c00000000-0x100002c00000200 : "" [ 1410.001133][T26181] ubi0: scanning is finished [ 1410.005894][T26181] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1410.026383][T26180] mtd: partition "" is out of reach -- disabled [ 1410.069787][T26180] ftl_cs: FTL header not found. [ 1410.300894][T26181] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1410.573542][T26194] ubi0: attaching mtd0 [ 1410.593588][T26194] ubi0: scanning is finished [ 1410.600123][T26194] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1410.966757][T26194] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1411.636396][T26215] busy [ 1413.466733][T26243] ubi0: attaching mtd0 [ 1413.513316][T26243] ubi0: scanning is finished [ 1413.522302][T26243] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1413.752184][T26247] vivid-003: ================= START STATUS ================= [ 1413.768338][T26247] vivid-003: Radio HW Seek Mode: Bounded [ 1413.788784][T26247] vivid-003: Radio Programmable HW Seek: false [ 1413.811647][T26243] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1413.815674][T26247] vivid-003: RDS Rx I/O Mode: Block I/O [ 1413.915018][T26247] vivid-003: Generate RBDS Instead of RDS: false [ 1413.921834][T26247] vivid-003: RDS Reception: true [ 1413.926886][T26247] vivid-003: RDS Program Type: 0 inactive [ 1413.933445][T26247] vivid-003: RDS PS Name: inactive [ 1413.939041][T26247] vivid-003: RDS Radio Text: inactive [ 1413.944711][T26247] vivid-003: RDS Traffic Announcement: false inactive [ 1413.952002][T26247] vivid-003: RDS Traffic Program: false inactive [ 1413.962802][T26247] vivid-003: RDS Music: false inactive [ 1413.968664][T26247] vivid-003: ================== END STATUS ================== [ 1414.016258][T26255] futex_wake_op: syz.6.4044 tries to shift op by -2048; fix this program [ 1414.052529][T26255] futex_wake_op: syz.6.4044 tries to shift op by -2048; fix this program [ 1414.065542][T26255] 0x001c00000000-0x100002c00000200 : "" [ 1414.072541][T26255] mtd: partition "" is out of reach -- disabled [ 1414.093609][T26255] ftl_cs: FTL header not found. [ 1415.542006][T26282] ubi0: attaching mtd0 [ 1415.566996][T26282] ubi0: scanning is finished [ 1415.605584][T26282] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1416.104815][T26282] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1417.761674][T26321] ubi0: attaching mtd0 [ 1417.797159][T26321] ubi0: scanning is finished [ 1417.834802][T26321] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1417.962213][T26325] netlink: 342 bytes leftover after parsing attributes in process `syz.6.4056'. [ 1418.019578][T26325] netlink: 342 bytes leftover after parsing attributes in process `syz.6.4056'. [ 1418.127249][T26321] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1418.942445][T26344] futex_wake_op: syz.4.4060 tries to shift op by -2048; fix this program [ 1418.953390][T26344] futex_wake_op: syz.4.4060 tries to shift op by -2048; fix this program [ 1418.981510][T26344] 0x001c00000000-0x100002c00000200 : "" [ 1418.987642][T26344] mtd: partition "" is out of reach -- disabled [ 1419.022632][T26344] ftl_cs: FTL header not found. [ 1420.646764][T26363] netlink: 342 bytes leftover after parsing attributes in process `syz.4.4066'. [ 1420.683037][T26363] netlink: 342 bytes leftover after parsing attributes in process `syz.4.4066'. [ 1420.770102][T26368] futex_wake_op: syz.5.4064 tries to shift op by -2048; fix this program [ 1420.784392][T26368] futex_wake_op: syz.5.4064 tries to shift op by -2048; fix this program [ 1420.815817][T26368] 0x001c00000000-0x100002c00000200 : "" [ 1420.854230][T26368] mtd: partition "" is out of reach -- disabled [ 1420.913292][T26368] ftl_cs: FTL header not found. [ 1421.639182][T26384] ubi0: attaching mtd0 [ 1421.657580][T26384] ubi0: scanning is finished [ 1421.672697][T26384] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1421.973493][T26384] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1422.465094][T26406] futex_wake_op: syz.6.4072 tries to shift op by -2048; fix this program [ 1422.483541][T26406] futex_wake_op: syz.6.4072 tries to shift op by -2048; fix this program [ 1422.508169][T26409] ubi0: attaching mtd0 [ 1422.514283][T26406] 0x001c00000000-0x100002c00000200 : "" [ 1422.536524][T26409] ubi0: scanning is finished [ 1422.540930][T26406] mtd: partition "" is out of reach -- disabled [ 1422.551290][T26409] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1422.598300][T26406] ftl_cs: FTL header not found. [ 1422.947159][T26409] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1422.992880][T26410] ubi0: attaching mtd0 [ 1423.027298][T26410] ubi0: scanning is finished [ 1423.037261][T26410] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1423.213724][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 1423.223384][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 1423.296764][T26410] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1424.481095][T26439] ubi0: attaching mtd0 [ 1424.523654][T26439] ubi0: scanning is finished [ 1424.531161][T26439] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1424.796222][T26439] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1425.329259][T26456] ubi0: attaching mtd0 [ 1425.355913][T26456] ubi0: scanning is finished [ 1425.372599][T26456] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1425.810665][T26456] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1426.152658][T26472] futex_wake_op: syz.5.4082 tries to shift op by -2048; fix this program [ 1426.165595][T26472] futex_wake_op: syz.5.4082 tries to shift op by -2048; fix this program [ 1426.254149][T26473] 0x001c00000000-0x100002c00000200 : "" [ 1426.269812][T26473] mtd: partition "" is out of reach -- disabled [ 1426.322318][T26473] ftl_cs: FTL header not found. [ 1427.065592][T26492] ubi0: attaching mtd0 [ 1427.077649][T26492] ubi0: scanning is finished [ 1427.088270][T26492] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1427.381845][T26492] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1427.830388][T26505] futex_wake_op: syz.5.4089 tries to shift op by -2048; fix this program [ 1427.851549][T26505] futex_wake_op: syz.5.4089 tries to shift op by -2048; fix this program [ 1427.874153][T26505] 0x001c00000000-0x100002c00000200 : "" [ 1427.879967][T26505] mtd: partition "" is out of reach -- disabled [ 1427.919500][T26505] ftl_cs: FTL header not found. [ 1428.241742][T26515] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4099'. [ 1428.304733][T26518] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4099'. [ 1428.380165][T26519] ubi0: attaching mtd0 [ 1428.392966][T26519] ubi0: scanning is finished [ 1428.422802][T26519] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1428.845244][T26519] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1429.041672][T26524] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4101'. [ 1429.523361][T26535] ubi0: attaching mtd0 [ 1429.560466][T26535] ubi0: scanning is finished [ 1429.573200][T26535] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1429.828810][T26542] futex_wake_op: syz.6.4104 tries to shift op by -2048; fix this program [ 1429.855365][T26542] futex_wake_op: syz.6.4104 tries to shift op by -2048; fix this program [ 1429.885619][T26542] 0x001c00000000-0x100002c00000200 : "" [ 1429.898070][T26542] mtd: partition "" is out of reach -- disabled [ 1429.929989][T26535] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1429.958645][T26542] ftl_cs: FTL header not found. [ 1430.958401][T26561] futex_wake_op: syz.6.4097 tries to shift op by -2048; fix this program [ 1430.979547][T26561] futex_wake_op: syz.6.4097 tries to shift op by -2048; fix this program [ 1431.000341][T26561] 0x001c00000000-0x100002c00000200 : "" [ 1431.011292][T26561] mtd: partition "" is out of reach -- disabled [ 1431.060428][T26561] ftl_cs: FTL header not found. [ 1432.137696][T26583] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4103'. [ 1432.149989][T26583] FAULT_INJECTION: forcing a failure. [ 1432.149989][T26583] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1432.187315][T26583] CPU: 1 UID: 0 PID: 26583 Comm: syz.6.4103 Tainted: G L syzkaller #0 PREEMPT(full) [ 1432.187350][T26583] Tainted: [L]=SOFTLOCKUP [ 1432.187359][T26583] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1432.187373][T26583] Call Trace: [ 1432.187381][T26583] [ 1432.187389][T26583] dump_stack_lvl+0x100/0x190 [ 1432.187419][T26583] should_fail_ex.cold+0x5/0xa [ 1432.187448][T26583] _copy_to_iter+0x1f3/0x1720 [ 1432.187476][T26583] ? __pfx___skb_try_recv_datagram+0x10/0x10 [ 1432.187504][T26583] ? __pfx__copy_to_iter+0x10/0x10 [ 1432.187528][T26583] ? is_bpf_text_address+0x94/0x1a0 [ 1432.187566][T26583] ? __skb_recv_datagram+0x1b2/0x220 [ 1432.187595][T26583] simple_copy_to_iter+0x46/0x90 [ 1432.187654][T26583] __skb_datagram_iter+0x129/0x900 [ 1432.187704][T26583] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 1432.187756][T26583] skb_copy_datagram_iter+0xa5/0x270 [ 1432.187793][T26583] ? aa_sk_perm+0x309/0xaa0 [ 1432.187823][T26583] netlink_recvmsg+0x27e/0xa90 [ 1432.187861][T26583] ? __pfx_netlink_recvmsg+0x10/0x10 [ 1432.187899][T26583] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 1432.187938][T26583] ? __pfx_netlink_recvmsg+0x10/0x10 [ 1432.187978][T26583] sock_recvmsg+0x1a4/0x1f0 [ 1432.188014][T26583] sock_read_iter+0x2c6/0x3c0 [ 1432.188048][T26583] ? __pfx_sock_read_iter+0x10/0x10 [ 1432.188091][T26583] ? bpf_lsm_file_permission+0x9/0x10 [ 1432.188114][T26583] ? security_file_permission+0x76/0x210 [ 1432.188143][T26583] ? rw_verify_area+0xce/0x6d0 [ 1432.188166][T26583] ? __pfx_sock_read_iter+0x10/0x10 [ 1432.188218][T26583] vfs_read+0x957/0xb30 [ 1432.188261][T26583] ? __pfx_vfs_read+0x10/0x10 [ 1432.188298][T26583] ? __pfx_do_sys_openat2+0x10/0x10 [ 1432.188361][T26583] ksys_read+0x1f8/0x250 [ 1432.188388][T26583] ? __pfx_ksys_read+0x10/0x10 [ 1432.188416][T26583] ? rcu_is_watching+0x12/0xc0 [ 1432.188459][T26583] do_syscall_64+0x10b/0xf80 [ 1432.188479][T26583] ? clear_bhb_loop+0x40/0x90 [ 1432.188505][T26583] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1432.188527][T26583] RIP: 0033:0x7fd9a0f9ce59 [ 1432.188544][T26583] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1432.188566][T26583] RSP: 002b:00007fd9a1eee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1432.188587][T26583] RAX: ffffffffffffffda RBX: 00007fd9a1215fa0 RCX: 00007fd9a0f9ce59 [ 1432.188601][T26583] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000003 [ 1432.188613][T26583] RBP: 00007fd9a1eee090 R08: 0000000000000000 R09: 0000000000000000 [ 1432.188626][T26583] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1432.188639][T26583] R13: 00007fd9a1216038 R14: 00007fd9a1215fa0 R15: 00007ffead19e878 [ 1432.188665][T26583] [ 1432.614610][ T6328] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1432.634576][ T6328] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1432.644578][T26583] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4103'. [ 1432.656771][ T6328] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1432.672260][ T6328] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1432.683575][ T6328] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1433.089381][T26601] ubi0: attaching mtd0 [ 1433.111208][T26601] ubi0: scanning is finished [ 1433.130048][T26601] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1433.473623][T26601] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1433.753026][T22885] bridge0: port 3(netdevsim3) entered disabled state [ 1433.839790][T22885] netdevsim netdevsim4 netdevsim3 (unregistering): left allmulticast mode [ 1433.853843][T22885] netdevsim netdevsim4 netdevsim3 (unregistering): left promiscuous mode [ 1433.870412][T22885] bridge0: port 3(netdevsim3) entered disabled state [ 1433.906660][T22885] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1434.114648][T22885] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1434.240062][T22885] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1434.526369][T26637] futex_wake_op: syz.0.4114 tries to shift op by -2048; fix this program [ 1434.539515][T22885] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1434.560251][T26637] futex_wake_op: syz.0.4114 tries to shift op by -2048; fix this program [ 1434.605179][T26637] 0x001c00000000-0x100002c00000200 : "" [ 1434.616608][T26637] mtd: partition "" is out of reach -- disabled [ 1434.627870][T26637] ftl_cs: FTL header not found. [ 1434.729078][ T6328] Bluetooth: hci4: command tx timeout [ 1434.881825][T26587] bridge0: port 1(bridge_slave_0) entered blocking state [ 1434.896933][T26587] bridge0: port 1(bridge_slave_0) entered disabled state [ 1434.958957][T26587] bridge_slave_0: entered allmulticast mode [ 1434.981917][T26587] bridge_slave_0: entered promiscuous mode [ 1435.034956][T26587] bridge0: port 2(bridge_slave_1) entered blocking state [ 1435.050385][T26587] bridge0: port 2(bridge_slave_1) entered disabled state [ 1435.106812][T26587] bridge_slave_1: entered allmulticast mode [ 1435.114953][T26587] bridge_slave_1: entered promiscuous mode [ 1435.473162][T26587] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1435.533068][ T6328] Bluetooth: hci0: command 0x0406 tx timeout [ 1435.556087][T26587] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1435.752520][T26587] team0: Port device team_slave_0 added [ 1435.762973][T26587] team0: Port device team_slave_1 added [ 1435.797750][T22885] bridge_slave_1: left allmulticast mode [ 1435.803853][T22885] bridge_slave_1: left promiscuous mode [ 1435.810276][T22885] bridge0: port 2(bridge_slave_1) entered disabled state [ 1435.821629][T22885] bridge_slave_0: left allmulticast mode [ 1435.827340][T22885] bridge_slave_0: left promiscuous mode [ 1435.835527][T22885] bridge0: port 1(bridge_slave_0) entered disabled state [ 1435.890336][T26651] netlink: 342 bytes leftover after parsing attributes in process `syz.6.4123'. [ 1435.962940][T26654] netlink: 342 bytes leftover after parsing attributes in process `syz.6.4123'. [ 1436.128169][T22885] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1436.139832][T22885] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1436.151412][T22885] bond0 (unregistering): Released all slaves [ 1436.209255][T26587] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1436.228766][T26587] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1436.258501][T26587] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1436.269875][T22885] HfR: left promiscuous mode [ 1436.299944][T26587] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1436.313519][T26587] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1436.340056][T26587] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1436.374541][T22885] ovs_ÿþ: left promiscuous mode [ 1436.460011][T26587] hsr_slave_0: entered promiscuous mode [ 1436.466820][T26587] hsr_slave_1: entered promiscuous mode [ 1436.480575][T26587] debugfs: 'hsr0' already exists in 'hsr' [ 1436.498262][T26587] Cannot create hsr debugfs directory [ 1436.808818][T24348] Bluetooth: hci4: command tx timeout [ 1437.102067][T22885] hsr_slave_0: left promiscuous mode [ 1437.111917][T22885] hsr_slave_1: left promiscuous mode [ 1437.118178][T22885] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1437.125944][T22885] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1437.135333][T22885] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1437.143181][T22885] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1437.163332][T22885] veth1_macvtap: left promiscuous mode [ 1437.169012][T22885] veth0_macvtap: left promiscuous mode [ 1437.176721][T22885] veth1_vlan: left promiscuous mode [ 1437.182840][T22885] veth0_vlan: left promiscuous mode [ 1437.673863][T22885] team0 (unregistering): Port device team_slave_1 removed [ 1437.697269][T22885] team0 (unregistering): Port device team_slave_0 removed [ 1437.872498][T26682] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4122'. [ 1437.892467][ T5289] 8021q: adding VLAN 0 to HW filter on device eth1 [ 1438.888731][T24348] Bluetooth: hci4: command tx timeout [ 1439.259895][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 1439.895028][T26726] ubi0: attaching mtd0 [ 1439.926115][T26726] ubi0: scanning is finished [ 1439.939619][T26726] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1440.092640][T26728] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4129'. [ 1440.210712][T26726] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1440.290885][T26587] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1440.307217][T26587] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 1440.348169][T26587] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1440.371486][T26587] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 1440.389149][T26587] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1440.420297][T26587] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 1440.451967][T26587] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1440.490819][T26587] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 1440.968745][T24348] Bluetooth: hci4: command tx timeout [ 1441.417403][T26587] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1441.523006][T26587] 8021q: adding VLAN 0 to HW filter on device team0 [ 1441.551284][T12529] bridge0: port 1(bridge_slave_0) entered blocking state [ 1441.558502][T12529] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1441.602209][T12529] bridge0: port 2(bridge_slave_1) entered blocking state [ 1441.609359][T12529] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1442.475535][T26781] HfR: entered promiscuous mode [ 1442.561739][T26785] ubi0: attaching mtd0 [ 1442.602644][T26785] ubi0: scanning is finished [ 1442.614981][T26785] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1442.987863][T26785] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1443.776564][T26587] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1444.185791][T26833] futex_wake_op: syz.0.4138 tries to shift op by -2048; fix this program [ 1444.213552][T26833] futex_wake_op: syz.0.4138 tries to shift op by -2048; fix this program [ 1444.293939][T26833] 0x001c00000000-0x100002c00000200 : "" [ 1444.315361][T26833] mtd: partition "" is out of reach -- disabled [ 1444.400020][T26833] ftl_cs: FTL header not found. [ 1444.691470][T26846] busy [ 1444.849935][T26821] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1444.878409][T26821] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 1444.916809][T26821] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1444.936293][T26821] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1444.971338][T26821] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1444.983127][T26821] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1445.044762][T26587] veth0_vlan: entered promiscuous mode [ 1445.057895][T26821] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1445.079169][T26821] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 1445.099819][T26587] veth1_vlan: entered promiscuous mode [ 1445.102385][T26821] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 1445.182888][T26587] veth0_macvtap: entered promiscuous mode [ 1445.201400][T26587] veth1_macvtap: entered promiscuous mode [ 1445.251716][T26587] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1445.384553][T26587] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1445.441712][T12529] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1445.487289][T12529] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1445.497284][T12529] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1445.536774][T12529] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1445.857243][T12529] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1445.865350][T12529] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1445.941950][T22880] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1445.952765][T22880] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1446.281721][T26869] netlink: 342 bytes leftover after parsing attributes in process `syz.4.4143'. [ 1446.281761][T26869] IPv6: NLM_F_CREATE should be specified when creating new route [ 1446.281857][T26869] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1446.281960][T26869] IPv6: NLM_F_CREATE should be set when creating new route [ 1446.282000][T26869] IPv6: NLM_F_CREATE should be set when creating new route [ 1446.302494][T26869] netlink: 342 bytes leftover after parsing attributes in process `syz.4.4143'. [ 1446.302585][T26869] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1446.531475][T26878] bond0: invalid ARP target specified [ 1446.568582][T24348] Bluetooth: hci3: command 0x0406 tx timeout [ 1446.620860][T26878] nbd: socks must be embedded in a SOCK_ITEM attr [ 1446.621195][T26878] block nbd1: shutting down sockets [ 1446.677597][T26880] can: request_module (can-proto-5) failed. [ 1446.679547][T26878] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4145'. [ 1446.969495][T24348] Bluetooth: hci2: command 0x0406 tx timeout [ 1447.044734][T26888] futex_wake_op: syz.5.4147 tries to shift op by -2048; fix this program [ 1447.055068][T24348] Bluetooth: hci0: command 0x0406 tx timeout [ 1447.072425][T26888] futex_wake_op: syz.5.4147 tries to shift op by -2048; fix this program [ 1447.102553][T26888] 0x001c00000000-0x100002c00000200 : "" [ 1447.112837][T26888] mtd: partition "" is out of reach -- disabled [ 1447.129123][T24348] Bluetooth: hci4: command 0x0c1a tx timeout [ 1447.145212][T26888] ftl_cs: FTL header not found. [ 1447.271646][T26892] ubi0: attaching mtd0 [ 1447.296603][T26892] ubi0: scanning is finished [ 1447.309591][T26892] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1447.561112][T26892] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1447.665938][T26890] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4147'. [ 1448.226171][T26900] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4149'. [ 1448.250434][T26900] IPv6: NLM_F_CREATE should be specified when creating new route [ 1448.285308][T26900] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1448.292634][T26900] IPv6: NLM_F_CREATE should be set when creating new route [ 1448.299919][T26900] IPv6: NLM_F_CREATE should be set when creating new route [ 1448.311665][T26901] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4149'. [ 1448.453322][T26901] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1448.650392][T24348] Bluetooth: hci3: command 0x0406 tx timeout [ 1448.790267][T26916] FAULT_INJECTION: forcing a failure. [ 1448.790267][T26916] name failslab, interval 1, probability 0, space 0, times 0 [ 1448.838364][T26916] CPU: 1 UID: 0 PID: 26916 Comm: syz.5.4154 Tainted: G L syzkaller #0 PREEMPT(full) [ 1448.838427][T26916] Tainted: [L]=SOFTLOCKUP [ 1448.838440][T26916] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1448.838459][T26916] Call Trace: [ 1448.838470][T26916] [ 1448.838482][T26916] dump_stack_lvl+0x100/0x190 [ 1448.838522][T26916] should_fail_ex.cold+0x5/0xa [ 1448.838564][T26916] should_failslab+0xc2/0x120 [ 1448.838602][T26916] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1448.838654][T26916] ? security_inode_alloc+0x3b/0x2c0 [ 1448.838687][T26916] ? lockdep_init_map_type+0x5c/0x250 [ 1448.838726][T26916] security_inode_alloc+0x3b/0x2c0 [ 1448.838762][T26916] inode_init_always_gfp+0xcc0/0x1000 [ 1448.838808][T26916] alloc_inode+0x8e/0x250 [ 1448.838856][T26916] new_inode+0x22/0x1c0 [ 1448.838908][T26916] shmem_get_inode+0x1e3/0xfb0 [ 1448.838955][T26916] ? __pfx_shmem_get_inode+0x10/0x10 [ 1448.839009][T26916] __shmem_file_setup+0x168/0x460 [ 1448.839057][T26916] ? __pfx___shmem_file_setup+0x10/0x10 [ 1448.839113][T26916] newseg+0x3c0/0xed0 [ 1448.839235][T26916] ? __pfx_newseg+0x10/0x10 [ 1448.839275][T26916] ? find_held_lock+0x2b/0x80 [ 1448.839318][T26916] ? ipcget+0x8aa/0xf50 [ 1448.839388][T26916] ipcget+0x909/0xf50 [ 1448.839427][T26916] ? do_futex+0x192/0x350 [ 1448.839473][T26916] ? __pfx_ipcget+0x10/0x10 [ 1448.839515][T26916] ? __x64_sys_futex+0x34f/0x4d0 [ 1448.839550][T26916] ? __x64_sys_futex+0x358/0x4d0 [ 1448.839590][T26916] __x64_sys_shmget+0x13b/0x1b0 [ 1448.839633][T26916] ? __pfx___x64_sys_shmget+0x10/0x10 [ 1448.839677][T26916] ? rcu_is_watching+0x12/0xc0 [ 1448.839722][T26916] do_syscall_64+0x10b/0xf80 [ 1448.839758][T26916] ? clear_bhb_loop+0x40/0x90 [ 1448.839815][T26916] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1448.839851][T26916] RIP: 0033:0x7f032719ce59 [ 1448.839877][T26916] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1448.839912][T26916] RSP: 002b:00007f0327fe6028 EFLAGS: 00000246 ORIG_RAX: 000000000000001d [ 1448.839945][T26916] RAX: ffffffffffffffda RBX: 00007f0327416090 RCX: 00007f032719ce59 [ 1448.839968][T26916] RDX: 0000000000005300 RSI: 0000000000000001 RDI: 00000000000006a2 [ 1448.839988][T26916] RBP: 00007f0327232d6f R08: 0000000000000000 R09: 0000000000000000 [ 1448.840009][T26916] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1448.840029][T26916] R13: 00007f0327416128 R14: 00007f0327416090 R15: 00007ffde661e358 [ 1448.840074][T26916] [ 1449.108291][T24348] Bluetooth: hci2: command 0x0406 tx timeout [ 1449.138969][T24348] Bluetooth: hci0: command 0x0406 tx timeout [ 1449.208640][T24348] Bluetooth: hci4: command 0x0c1a tx timeout [ 1449.485842][T26931] netlink: 342 bytes leftover after parsing attributes in process `syz.5.4155'. [ 1449.512313][T26931] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1449.519669][T26931] IPv6: NLM_F_CREATE should be set when creating new route [ 1449.526958][T26931] IPv6: NLM_F_CREATE should be set when creating new route [ 1449.547308][T26933] netlink: 342 bytes leftover after parsing attributes in process `syz.5.4155'. [ 1449.591617][T26933] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1449.592635][T26932] futex_wake_op: syz.4.4163 tries to shift op by -2048; fix this program [ 1449.608172][T26932] futex_wake_op: syz.4.4163 tries to shift op by -2048; fix this program [ 1449.645975][T26932] 0x001c00000000-0x100002c00000200 : "" [ 1449.657209][T26932] mtd: partition "" is out of reach -- disabled [ 1449.701491][T26932] ftl_cs: FTL header not found. [ 1450.113822][T26947] futex_wake_op: syz.6.4157 tries to shift op by -2048; fix this program [ 1450.113876][T26947] futex_wake_op: syz.6.4157 tries to shift op by -2048; fix this program [ 1450.132280][T26947] 0x001c00000000-0x100002c00000200 : "" [ 1450.132301][T26947] mtd: partition "" is out of reach -- disabled [ 1450.172257][T26947] ftl_cs: FTL header not found. [ 1450.639487][T26954] ubi0: attaching mtd0 [ 1450.667730][T26954] ubi0: scanning is finished [ 1450.690871][T26954] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1450.779634][T26958] futex_wake_op: syz.4.4159 tries to shift op by -2048; fix this program [ 1450.792184][T26958] futex_wake_op: syz.4.4159 tries to shift op by -2048; fix this program [ 1450.826392][T26958] 0x001c00000000-0x100002c00000200 : "" [ 1450.833629][T26958] mtd: partition "" is out of reach -- disabled [ 1450.895605][T26958] ftl_cs: FTL header not found. [ 1451.014973][T26954] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1451.290690][T24348] Bluetooth: hci4: command 0x0c1a tx timeout [ 1451.499961][T26961] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4159'. [ 1452.232219][T26976] netlink: 342 bytes leftover after parsing attributes in process `syz.6.4162'. [ 1452.254207][T26976] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1452.279084][T26976] netlink: 342 bytes leftover after parsing attributes in process `syz.6.4162'. [ 1452.318580][T26976] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1452.915999][T26993] FAULT_INJECTION: forcing a failure. [ 1452.915999][T26993] name failslab, interval 1, probability 0, space 0, times 0 [ 1453.028370][T26993] CPU: 0 UID: 0 PID: 26993 Comm: syz.6.4169 Tainted: G L syzkaller #0 PREEMPT(full) [ 1453.028416][T26993] Tainted: [L]=SOFTLOCKUP [ 1453.028428][T26993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1453.028445][T26993] Call Trace: [ 1453.028456][T26993] [ 1453.028469][T26993] dump_stack_lvl+0x100/0x190 [ 1453.028531][T26993] should_fail_ex.cold+0x5/0xa [ 1453.028570][T26993] ? tomoyo_realpath_from_path+0xb6/0x690 [ 1453.028612][T26993] should_failslab+0xc2/0x120 [ 1453.028649][T26993] __kmalloc_noprof+0xe0/0x850 [ 1453.028677][T26993] ? kfree+0x1dd/0x6c0 [ 1453.028726][T26993] tomoyo_realpath_from_path+0xb6/0x690 [ 1453.028777][T26993] tomoyo_path_number_perm+0x23c/0x580 [ 1453.028811][T26993] ? tomoyo_path_number_perm+0x22e/0x580 [ 1453.028866][T26993] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1453.028943][T26993] ? find_held_lock+0x2b/0x80 [ 1453.028984][T26993] ? __fget_files+0x215/0x3d0 [ 1453.029021][T26993] ? hook_file_ioctl_common+0x149/0x410 [ 1453.029057][T26993] ? __fget_files+0x215/0x3d0 [ 1453.029102][T26993] ? __fget_files+0x21f/0x3d0 [ 1453.029148][T26993] security_file_ioctl+0xd3/0x230 [ 1453.029188][T26993] __x64_sys_ioctl+0xb7/0x210 [ 1453.029225][T26993] do_syscall_64+0x10b/0xf80 [ 1453.029255][T26993] ? clear_bhb_loop+0x40/0x90 [ 1453.029298][T26993] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1453.029332][T26993] RIP: 0033:0x7fd9a0f9ce59 [ 1453.029359][T26993] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1453.029391][T26993] RSP: 002b:00007fd9a1eee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1453.029423][T26993] RAX: ffffffffffffffda RBX: 00007fd9a1215fa0 RCX: 00007fd9a0f9ce59 [ 1453.029445][T26993] RDX: 0000000000000000 RSI: 000000000000541d RDI: 0000000000000003 [ 1453.029465][T26993] RBP: 00007fd9a1eee090 R08: 0000000000000000 R09: 0000000000000000 [ 1453.029499][T26993] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1453.029519][T26993] R13: 00007fd9a1216038 R14: 00007fd9a1215fa0 R15: 00007ffead19e878 [ 1453.029563][T26993] [ 1453.032154][T26993] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1453.403630][T26988] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 1453.799498][T27008] ubi0: attaching mtd0 [ 1453.820377][T27008] ubi0: scanning is finished [ 1453.827058][T27008] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1454.129766][T26995] ICMPv6: process `syz.4.4167' is using deprecated sysctl (syscall) net.ipv6.neigh.wg1.retrans_time - use net.ipv6.neigh.wg1.retrans_time_ms instead [ 1454.320779][T27008] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1454.796537][T27020] ubi0: attaching mtd0 [ 1454.814311][T27020] ubi0: scanning is finished [ 1454.834250][T27020] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1455.112623][T27020] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1455.133723][T27021] ubi0: attaching mtd0 [ 1455.152500][T27036] futex_wake_op: syz.4.4175 tries to shift op by -2048; fix this program [ 1455.161846][T27021] ubi0: scanning is finished [ 1455.167408][T27036] futex_wake_op: syz.4.4175 tries to shift op by -2048; fix this program [ 1455.177887][T27021] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1455.197661][T27036] 0x001c00000000-0x100002c00000200 : "" [ 1455.221087][T27036] mtd: partition "" is out of reach -- disabled [ 1455.257606][T27036] ftl_cs: FTL header not found. [ 1455.405908][T27021] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1455.435424][T27024] ubi0: attaching mtd0 [ 1455.462010][T27024] ubi0: scanning is finished [ 1455.469458][T27024] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1455.745675][T27024] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1455.942333][T27037] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4175'. [ 1456.050680][T27044] futex_wake_op: syz.5.4176 tries to shift op by -2048; fix this program [ 1456.062399][T27044] futex_wake_op: syz.5.4176 tries to shift op by -2048; fix this program [ 1456.085222][T27044] FAULT_INJECTION: forcing a failure. [ 1456.085222][T27044] name failslab, interval 1, probability 0, space 0, times 0 [ 1456.120578][T27044] CPU: 1 UID: 0 PID: 27044 Comm: syz.5.4176 Tainted: G L syzkaller #0 PREEMPT(full) [ 1456.120621][T27044] Tainted: [L]=SOFTLOCKUP [ 1456.120629][T27044] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1456.120644][T27044] Call Trace: [ 1456.120651][T27044] [ 1456.120660][T27044] dump_stack_lvl+0x100/0x190 [ 1456.120690][T27044] should_fail_ex.cold+0x5/0xa [ 1456.120719][T27044] ? tomoyo_realpath_from_path+0xb6/0x690 [ 1456.120751][T27044] should_failslab+0xc2/0x120 [ 1456.120778][T27044] __kmalloc_noprof+0xe0/0x850 [ 1456.120801][T27044] ? kfree+0x1dd/0x6c0 [ 1456.120838][T27044] tomoyo_realpath_from_path+0xb6/0x690 [ 1456.120875][T27044] tomoyo_path_number_perm+0x23c/0x580 [ 1456.120900][T27044] ? tomoyo_path_number_perm+0x22e/0x580 [ 1456.120927][T27044] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1456.120980][T27044] ? find_held_lock+0x2b/0x80 [ 1456.121009][T27044] ? __fget_files+0x215/0x3d0 [ 1456.121035][T27044] ? hook_file_ioctl_common+0x149/0x410 [ 1456.121060][T27044] ? __fget_files+0x215/0x3d0 [ 1456.121091][T27044] ? __fget_files+0x21f/0x3d0 [ 1456.121123][T27044] security_file_ioctl+0xd3/0x230 [ 1456.121149][T27044] __x64_sys_ioctl+0xb7/0x210 [ 1456.121175][T27044] do_syscall_64+0x10b/0xf80 [ 1456.121196][T27044] ? clear_bhb_loop+0x40/0x90 [ 1456.121224][T27044] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1456.121247][T27044] RIP: 0033:0x7f032719ce59 [ 1456.121265][T27044] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1456.121294][T27044] RSP: 002b:00007f0327fe6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1456.121316][T27044] RAX: ffffffffffffffda RBX: 00007f0327416090 RCX: 00007f032719ce59 [ 1456.121331][T27044] RDX: 0000000000000000 RSI: 0000000000001269 RDI: 0000000000000004 [ 1456.121345][T27044] RBP: 00007f0327fe6090 R08: 0000000000000000 R09: 0000000000000000 [ 1456.121359][T27044] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1456.121372][T27044] R13: 00007f0327416128 R14: 00007f0327416090 R15: 00007ffde661e358 [ 1456.121401][T27044] [ 1456.121411][T27044] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1456.352673][T27044] 0x001c00000000-0x100002c00000200 : "" [ 1456.358764][T27044] mtd: partition "" is out of reach -- disabled [ 1456.470079][T27044] ftl_cs: FTL header not found. [ 1456.593800][T27048] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4176'. [ 1457.623262][T27070] futex_wake_op: syz.0.4182 tries to shift op by -2048; fix this program [ 1457.644440][T27077] FAULT_INJECTION: forcing a failure. [ 1457.644440][T27077] name failslab, interval 1, probability 0, space 0, times 0 [ 1457.658366][T27070] futex_wake_op: syz.0.4182 tries to shift op by -2048; fix this program [ 1457.675014][T27077] CPU: 1 UID: 0 PID: 27077 Comm: syz.4.4184 Tainted: G L syzkaller #0 PREEMPT(full) [ 1457.675060][T27077] Tainted: [L]=SOFTLOCKUP [ 1457.675071][T27077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1457.675089][T27077] Call Trace: [ 1457.675099][T27077] [ 1457.675111][T27077] dump_stack_lvl+0x100/0x190 [ 1457.675153][T27077] should_fail_ex.cold+0x5/0xa [ 1457.675193][T27077] ? tomoyo_encode2+0xfb/0x3c0 [ 1457.675232][T27077] should_failslab+0xc2/0x120 [ 1457.675269][T27077] __kmalloc_noprof+0xe0/0x850 [ 1457.675298][T27077] ? d_absolute_path+0x136/0x1b0 [ 1457.675337][T27077] tomoyo_encode2+0xfb/0x3c0 [ 1457.675383][T27077] tomoyo_encode+0x29/0x50 [ 1457.675424][T27077] tomoyo_realpath_from_path+0x18c/0x690 [ 1457.675485][T27077] tomoyo_path_number_perm+0x23c/0x580 [ 1457.675520][T27077] ? tomoyo_path_number_perm+0x22e/0x580 [ 1457.675559][T27077] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1457.675636][T27077] ? find_held_lock+0x2b/0x80 [ 1457.675679][T27077] ? __fget_files+0x215/0x3d0 [ 1457.675714][T27077] ? hook_file_ioctl_common+0x149/0x410 [ 1457.675750][T27077] ? __fget_files+0x215/0x3d0 [ 1457.675794][T27077] ? __fget_files+0x21f/0x3d0 [ 1457.675839][T27077] security_file_ioctl+0xd3/0x230 [ 1457.675876][T27077] __x64_sys_ioctl+0xb7/0x210 [ 1457.675914][T27077] do_syscall_64+0x10b/0xf80 [ 1457.675943][T27077] ? clear_bhb_loop+0x40/0x90 [ 1457.675983][T27077] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1457.676016][T27077] RIP: 0033:0x7f2e8b59ce59 [ 1457.676041][T27077] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1457.676072][T27077] RSP: 002b:00007f2e8c4e0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1457.676101][T27077] RAX: ffffffffffffffda RBX: 00007f2e8b815fa0 RCX: 00007f2e8b59ce59 [ 1457.676120][T27077] RDX: 0000000000000000 RSI: 000000000000541d RDI: 0000000000000003 [ 1457.676136][T27077] RBP: 00007f2e8c4e0090 R08: 0000000000000000 R09: 0000000000000000 [ 1457.676153][T27077] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1457.676169][T27077] R13: 00007f2e8b816038 R14: 00007f2e8b815fa0 R15: 00007ffc7532dc78 [ 1457.676204][T27077] [ 1457.676233][T27077] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1457.910510][T27078] 0x000000000000-0x100001000000200 : "" [ 1457.928106][T27078] mtd: partition "" extends beyond the end of device "mtdram test device" -- size truncated to 0x20000 [ 1457.931227][T27072] bond0: invalid ARP target specified [ 1458.014160][T27078] ftl_cs: FTL header not found. [ 1458.040751][T27072] netlink: 28 bytes leftover after parsing attributes in process `syz.6.4183'. [ 1458.074713][T27079] nbd: socks must be embedded in a SOCK_ITEM attr [ 1458.089619][T27079] block nbd1: shutting down sockets [ 1459.088816][T27106] futex_wake_op: syz.0.4191 tries to shift op by -2048; fix this program [ 1459.159158][T27106] futex_wake_op: syz.0.4191 tries to shift op by -2048; fix this program [ 1459.182140][T27106] 0x000000000000-0x100001000000200 : "" [ 1459.212670][T27106] mtd: partition "" extends beyond the end of device "mtdram test device" -- size truncated to 0x20000 [ 1459.418022][T27106] ftl_cs: FTL header not found. [ 1459.989031][T27115] ptrace attach of "ci-qemu-gce-upstream-auto/syz-executor exec"[18637] was attempted by "ci-qemu-gce-upstream-auto/syz-executor exec"[27115] [ 1460.105531][T27108] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4191'. [ 1460.677473][T27122] can: request_module (can-proto-5) failed. [ 1460.757593][T27131] futex_wake_op: syz.0.4194 tries to shift op by -2048; fix this program [ 1460.774531][T27131] futex_wake_op: syz.0.4194 tries to shift op by -2048; fix this program [ 1460.791621][T27131] FAULT_INJECTION: forcing a failure. [ 1460.791621][T27131] name failslab, interval 1, probability 0, space 0, times 0 [ 1460.804968][T27131] CPU: 0 UID: 0 PID: 27131 Comm: syz.0.4194 Tainted: G L syzkaller #0 PREEMPT(full) [ 1460.805012][T27131] Tainted: [L]=SOFTLOCKUP [ 1460.805023][T27131] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1460.805042][T27131] Call Trace: [ 1460.805053][T27131] [ 1460.805065][T27131] dump_stack_lvl+0x100/0x190 [ 1460.805117][T27131] should_fail_ex.cold+0x5/0xa [ 1460.805154][T27131] ? tomoyo_encode2+0xfb/0x3c0 [ 1460.805191][T27131] should_failslab+0xc2/0x120 [ 1460.805228][T27131] __kmalloc_noprof+0xe0/0x850 [ 1460.805254][T27131] ? d_absolute_path+0x136/0x1b0 [ 1460.805291][T27131] tomoyo_encode2+0xfb/0x3c0 [ 1460.805335][T27131] tomoyo_encode+0x29/0x50 [ 1460.805369][T27131] tomoyo_realpath_from_path+0x18c/0x690 [ 1460.805410][T27131] tomoyo_path_number_perm+0x23c/0x580 [ 1460.805443][T27131] ? tomoyo_path_number_perm+0x22e/0x580 [ 1460.805478][T27131] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1460.805546][T27131] ? find_held_lock+0x2b/0x80 [ 1460.805587][T27131] ? __fget_files+0x215/0x3d0 [ 1460.805620][T27131] ? hook_file_ioctl_common+0x149/0x410 [ 1460.805662][T27131] ? __fget_files+0x215/0x3d0 [ 1460.805705][T27131] ? __fget_files+0x21f/0x3d0 [ 1460.805747][T27131] security_file_ioctl+0xd3/0x230 [ 1460.805784][T27131] __x64_sys_ioctl+0xb7/0x210 [ 1460.805817][T27131] do_syscall_64+0x10b/0xf80 [ 1460.805846][T27131] ? clear_bhb_loop+0x40/0x90 [ 1460.805886][T27131] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1460.805918][T27131] RIP: 0033:0x7fb91019ce59 [ 1460.805942][T27131] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1460.805970][T27131] RSP: 002b:00007fb910fb5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1460.805998][T27131] RAX: ffffffffffffffda RBX: 00007fb910416090 RCX: 00007fb91019ce59 [ 1460.806019][T27131] RDX: 0000000000000000 RSI: 0000000000001269 RDI: 0000000000000005 [ 1460.806037][T27131] RBP: 00007fb910fb5090 R08: 0000000000000000 R09: 0000000000000000 [ 1460.806055][T27131] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1460.806073][T27131] R13: 00007fb910416128 R14: 00007fb910416090 R15: 00007fff30be9748 [ 1460.806131][T27131] [ 1461.044661][T27131] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1461.190522][T27131] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4194'. [ 1461.292541][T27137] FAULT_INJECTION: forcing a failure. [ 1461.292541][T27137] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1461.307739][T27137] CPU: 0 UID: 0 PID: 27137 Comm: syz.5.4196 Tainted: G L syzkaller #0 PREEMPT(full) [ 1461.307788][T27137] Tainted: [L]=SOFTLOCKUP [ 1461.307800][T27137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1461.307818][T27137] Call Trace: [ 1461.307829][T27137] [ 1461.307842][T27137] dump_stack_lvl+0x100/0x190 [ 1461.307883][T27137] should_fail_ex.cold+0x5/0xa [ 1461.307926][T27137] _copy_to_user+0x32/0xd0 [ 1461.307964][T27137] simple_read_from_buffer+0xcb/0x170 [ 1461.308008][T27137] proc_fail_nth_read+0x1af/0x230 [ 1461.308062][T27137] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1461.308117][T27137] ? rw_verify_area+0xce/0x6d0 [ 1461.308152][T27137] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1461.308207][T27137] vfs_read+0x1e4/0xb30 [ 1461.308250][T27137] ? __pfx_vfs_read+0x10/0x10 [ 1461.308287][T27137] ? __fget_files+0x215/0x3d0 [ 1461.308334][T27137] ? __fget_files+0x21f/0x3d0 [ 1461.308385][T27137] ksys_read+0x12a/0x250 [ 1461.308422][T27137] ? __pfx_ksys_read+0x10/0x10 [ 1461.308464][T27137] ? rcu_is_watching+0x12/0xc0 [ 1461.308509][T27137] do_syscall_64+0x10b/0xf80 [ 1461.308539][T27137] ? clear_bhb_loop+0x40/0x90 [ 1461.308580][T27137] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1461.308614][T27137] RIP: 0033:0x7f032715d68e [ 1461.308651][T27137] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1461.308683][T27137] RSP: 002b:00007f0328006fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1461.308713][T27137] RAX: ffffffffffffffda RBX: 00007f03280076c0 RCX: 00007f032715d68e [ 1461.308735][T27137] RDX: 000000000000000f RSI: 00007f03280070a0 RDI: 0000000000000004 [ 1461.308754][T27137] RBP: 00007f0328007090 R08: 0000000000000000 R09: 0000000000000000 [ 1461.308774][T27137] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1461.308793][T27137] R13: 00007f0327416038 R14: 00007f0327415fa0 R15: 00007ffde661e358 [ 1461.308835][T27137] [ 1462.749519][T27155] FAULT_INJECTION: forcing a failure. [ 1462.749519][T27155] name failslab, interval 1, probability 0, space 0, times 0 [ 1462.784435][T27155] CPU: 1 UID: 0 PID: 27155 Comm: syz.6.4199 Tainted: G L syzkaller #0 PREEMPT(full) [ 1462.784484][T27155] Tainted: [L]=SOFTLOCKUP [ 1462.784501][T27155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1462.784520][T27155] Call Trace: [ 1462.784531][T27155] [ 1462.784544][T27155] dump_stack_lvl+0x100/0x190 [ 1462.784584][T27155] should_fail_ex.cold+0x5/0xa [ 1462.784624][T27155] ? tomoyo_realpath_from_path+0xb6/0x690 [ 1462.784669][T27155] should_failslab+0xc2/0x120 [ 1462.784708][T27155] __kmalloc_noprof+0xe0/0x850 [ 1462.784737][T27155] ? kfree+0x1dd/0x6c0 [ 1462.784789][T27155] tomoyo_realpath_from_path+0xb6/0x690 [ 1462.784841][T27155] tomoyo_path_number_perm+0x23c/0x580 [ 1462.784877][T27155] ? tomoyo_path_number_perm+0x22e/0x580 [ 1462.784916][T27155] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1462.784993][T27155] ? find_held_lock+0x2b/0x80 [ 1462.785036][T27155] ? __fget_files+0x215/0x3d0 [ 1462.785073][T27155] ? hook_file_ioctl_common+0x149/0x410 [ 1462.785110][T27155] ? __fget_files+0x215/0x3d0 [ 1462.785154][T27155] ? __fget_files+0x21f/0x3d0 [ 1462.785201][T27155] security_file_ioctl+0xd3/0x230 [ 1462.785239][T27155] __x64_sys_ioctl+0xb7/0x210 [ 1462.785275][T27155] do_syscall_64+0x10b/0xf80 [ 1462.785305][T27155] ? clear_bhb_loop+0x40/0x90 [ 1462.785345][T27155] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1462.785378][T27155] RIP: 0033:0x7fd9a0f9ce59 [ 1462.785405][T27155] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1462.785436][T27155] RSP: 002b:00007fd9a1eee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1462.785467][T27155] RAX: ffffffffffffffda RBX: 00007fd9a1215fa0 RCX: 00007fd9a0f9ce59 [ 1462.785493][T27155] RDX: 0000000000000003 RSI: 00000000c0285629 RDI: 0000000000000003 [ 1462.785513][T27155] RBP: 00007fd9a1eee090 R08: 0000000000000000 R09: 0000000000000000 [ 1462.785532][T27155] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1462.785551][T27155] R13: 00007fd9a1216038 R14: 00007fd9a1215fa0 R15: 00007ffead19e878 [ 1462.785594][T27155] [ 1462.785607][T27155] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1463.012353][T27157] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4200'. [ 1463.035549][T27157] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4200'. [ 1464.223251][T27195] futex_wake_op: syz.0.4208 tries to shift op by -2048; fix this program [ 1464.232589][T27195] futex_wake_op: syz.0.4208 tries to shift op by -2048; fix this program [ 1464.251430][T27195] 0x001c00000000-0x100002c00000200 : "" [ 1464.262972][T27195] mtd: partition "" is out of reach -- disabled [ 1464.299898][T27195] ftl_cs: FTL header not found. [ 1465.077729][T27194] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4208'. [ 1465.645332][T27217] ubi0: attaching mtd0 [ 1465.655741][T27217] ubi0: scanning is finished [ 1465.661162][T27217] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1465.869674][T27224] lo: entered allmulticast mode [ 1465.887196][T27217] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1465.934187][T27226] futex_wake_op: syz.6.4215 tries to shift op by -2048; fix this program [ 1465.949771][T27226] futex_wake_op: syz.6.4215 tries to shift op by -2048; fix this program [ 1466.019131][T27226] FAULT_INJECTION: forcing a failure. [ 1466.019131][T27226] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1466.084709][T27226] CPU: 1 UID: 0 PID: 27226 Comm: syz.6.4215 Tainted: G L syzkaller #0 PREEMPT(full) [ 1466.084758][T27226] Tainted: [L]=SOFTLOCKUP [ 1466.084770][T27226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1466.084788][T27226] Call Trace: [ 1466.084799][T27226] [ 1466.084811][T27226] dump_stack_lvl+0x100/0x190 [ 1466.084853][T27226] should_fail_ex.cold+0x5/0xa [ 1466.084892][T27226] _copy_from_user+0x2e/0xd0 [ 1466.084924][T27226] mtdchar_ioctl+0x1648/0x1fd0 [ 1466.085003][T27226] ? __pfx_mtdchar_ioctl+0x10/0x10 [ 1466.085047][T27226] ? lock_acquire+0x1b1/0x370 [ 1466.085101][T27226] ? trace_contention_end+0x122/0x170 [ 1466.085136][T27226] ? mtdchar_unlocked_ioctl+0xa2/0xf0 [ 1466.085186][T27226] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 1466.085218][T27226] ? __pfx___mutex_lock+0x10/0x10 [ 1466.085253][T27226] ? find_held_lock+0x2b/0x80 [ 1466.085314][T27226] mtdchar_unlocked_ioctl+0xb0/0xf0 [ 1466.085357][T27226] ? __pfx_mtdchar_unlocked_ioctl+0x10/0x10 [ 1466.085411][T27226] __x64_sys_ioctl+0x18e/0x210 [ 1466.085449][T27226] do_syscall_64+0x10b/0xf80 [ 1466.085479][T27226] ? clear_bhb_loop+0x40/0x90 [ 1466.085520][T27226] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1466.085555][T27226] RIP: 0033:0x7fd9a0f9ce59 [ 1466.085575][T27226] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1466.085599][T27226] RSP: 002b:00007fd9a1ecd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1466.085647][T27226] RAX: ffffffffffffffda RBX: 00007fd9a1216090 RCX: 00007fd9a0f9ce59 [ 1466.085669][T27226] RDX: 0000000000000000 RSI: 0000000000001269 RDI: 0000000000000005 [ 1466.085689][T27226] RBP: 00007fd9a1ecd090 R08: 0000000000000000 R09: 0000000000000000 [ 1466.085710][T27226] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1466.085730][T27226] R13: 00007fd9a1216128 R14: 00007fd9a1216090 R15: 00007ffead19e878 [ 1466.085774][T27226] [ 1466.384193][T27228] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4215'. [ 1466.937634][T27245] ubi0: attaching mtd0 [ 1466.985291][T27245] ubi0: scanning is finished [ 1466.999341][T27245] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1467.164034][T27245] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1467.393275][T27227] lo: left allmulticast mode [ 1470.532145][T27300] netlink: 208 bytes leftover after parsing attributes in process `syz.5.4228'. [ 1470.644712][T27300] FAULT_INJECTION: forcing a failure. [ 1470.644712][T27300] name failslab, interval 1, probability 0, space 0, times 0 [ 1470.724880][T27300] CPU: 0 UID: 0 PID: 27300 Comm: syz.5.4228 Tainted: G L syzkaller #0 PREEMPT(full) [ 1470.724914][T27300] Tainted: [L]=SOFTLOCKUP [ 1470.724921][T27300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1470.724935][T27300] Call Trace: [ 1470.724942][T27300] [ 1470.724950][T27300] dump_stack_lvl+0x100/0x190 [ 1470.724978][T27300] should_fail_ex.cold+0x5/0xa [ 1470.725006][T27300] ? ieee80211_register_hw+0x16f1/0x4570 [ 1470.725090][T27300] should_failslab+0xc2/0x120 [ 1470.725116][T27300] __kmalloc_noprof+0xe0/0x850 [ 1470.725141][T27300] ieee80211_register_hw+0x16f1/0x4570 [ 1470.725167][T27300] ? mark_held_locks+0x1/0x70 [ 1470.725194][T27300] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 1470.725216][T27300] ? __pfx___debug_object_init+0x10/0x10 [ 1470.725242][T27300] ? find_held_lock+0x2b/0x80 [ 1470.725271][T27300] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1470.725304][T27300] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 1470.725391][T27300] ? __hrtimer_setup+0x208/0x330 [ 1470.725418][T27300] mac80211_hwsim_new_radio+0x2a01/0x5aa0 [ 1470.725474][T27300] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1470.725508][T27300] hwsim_new_radio_nl+0xc5f/0x1370 [ 1470.725534][T27300] ? rcu_is_watching+0x12/0xc0 [ 1470.725561][T27300] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1470.725594][T27300] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1e5/0x2f0 [ 1470.725618][T27300] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1ef/0x2f0 [ 1470.725647][T27300] genl_family_rcv_msg_doit+0x214/0x300 [ 1470.725672][T27300] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1470.725695][T27300] ? genl_get_cmd+0x3e7/0x760 [ 1470.725721][T27300] ? bpf_lsm_capable+0x9/0x10 [ 1470.725745][T27300] ? security_capable+0x80/0x260 [ 1470.725799][T27300] ? ns_capable+0xd2/0xf0 [ 1470.725830][T27300] genl_rcv_msg+0x560/0x800 [ 1470.725856][T27300] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1470.725880][T27300] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1470.725959][T27300] netlink_rcv_skb+0x159/0x420 [ 1470.726006][T27300] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1470.726040][T27300] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1470.726103][T27300] ? netlink_deliver_tap+0x1ae/0xcc0 [ 1470.726155][T27300] genl_rcv+0x28/0x40 [ 1470.726182][T27300] netlink_unicast+0x585/0x850 [ 1470.726233][T27300] ? __pfx_netlink_unicast+0x10/0x10 [ 1470.726288][T27300] netlink_sendmsg+0x8b0/0xda0 [ 1470.726348][T27300] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1470.726393][T27300] ? __import_iovec+0x1d2/0x640 [ 1470.726433][T27300] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 1470.726492][T27300] ____sys_sendmsg+0x9e1/0xb70 [ 1470.726537][T27300] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1470.726588][T27300] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1470.726642][T27300] ? __pfx_futex_wake_mark+0x10/0x10 [ 1470.726690][T27300] ___sys_sendmsg+0x190/0x1e0 [ 1470.726741][T27300] ? __pfx____sys_sendmsg+0x10/0x10 [ 1470.726831][T27300] __sys_sendmsg+0x170/0x220 [ 1470.726871][T27300] ? __pfx___sys_sendmsg+0x10/0x10 [ 1470.726908][T27300] ? __x64_sys_futex+0x34f/0x4d0 [ 1470.726956][T27300] ? rcu_is_watching+0x12/0xc0 [ 1470.726999][T27300] do_syscall_64+0x10b/0xf80 [ 1470.727028][T27300] ? clear_bhb_loop+0x40/0x90 [ 1470.727066][T27300] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1470.727100][T27300] RIP: 0033:0x7f032719ce59 [ 1470.727118][T27300] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1470.727140][T27300] RSP: 002b:00007f0328007028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1470.727160][T27300] RAX: ffffffffffffffda RBX: 00007f0327415fa0 RCX: 00007f032719ce59 [ 1470.727175][T27300] RDX: 0000000004048000 RSI: 0000200000004240 RDI: 0000000000000006 [ 1470.727189][T27300] RBP: 00007f0327232d6f R08: 0000000000000000 R09: 0000000000000000 [ 1470.727202][T27300] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1470.727215][T27300] R13: 00007f0327416038 R14: 00007f0327415fa0 R15: 00007ffde661e358 [ 1470.727242][T27300] [ 1471.232536][T27283] ICMPv6: process `syz.0.4225' is using deprecated sysctl (syscall) net.ipv6.neigh.wg1.retrans_time - use net.ipv6.neigh.wg1.retrans_time_ms instead [ 1471.484254][T27305] ubi0: attaching mtd0 [ 1471.500978][T27305] ubi0: scanning is finished [ 1471.507995][T27305] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1471.871897][T27305] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1472.718886][T27333] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4235'. [ 1472.746855][T27333] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4235'. [ 1474.671873][T27364] ubi0: attaching mtd0 [ 1474.762188][T27364] ubi0: scanning is finished [ 1474.773744][T27364] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1475.126624][T27364] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1475.137478][T27371] ubi0: attaching mtd0 [ 1475.155991][T27371] ubi0: scanning is finished [ 1475.171834][T27371] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1475.322020][T27371] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1475.526938][T27384] futex_wake_op: syz.0.4245 tries to shift op by -2048; fix this program [ 1475.555963][T27384] futex_wake_op: syz.0.4245 tries to shift op by -2048; fix this program [ 1475.566982][T27384] FAULT_INJECTION: forcing a failure. [ 1475.566982][T27384] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1475.590271][T27384] CPU: 0 UID: 0 PID: 27384 Comm: syz.0.4245 Tainted: G L syzkaller #0 PREEMPT(full) [ 1475.590315][T27384] Tainted: [L]=SOFTLOCKUP [ 1475.590325][T27384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1475.590342][T27384] Call Trace: [ 1475.590351][T27384] [ 1475.590362][T27384] dump_stack_lvl+0x100/0x190 [ 1475.590402][T27384] should_fail_ex.cold+0x5/0xa [ 1475.590438][T27384] _copy_from_user+0x2e/0xd0 [ 1475.590470][T27384] mtdchar_blkpg_ioctl+0xd7/0x250 [ 1475.590514][T27384] ? __pfx_mtdchar_blkpg_ioctl+0x10/0x10 [ 1475.590582][T27384] mtdchar_ioctl+0x1670/0x1fd0 [ 1475.590630][T27384] ? __pfx_mtdchar_ioctl+0x10/0x10 [ 1475.590676][T27384] ? lock_acquire+0x1b1/0x370 [ 1475.590715][T27384] ? trace_contention_end+0x122/0x170 [ 1475.590751][T27384] ? mtdchar_unlocked_ioctl+0xa2/0xf0 [ 1475.590797][T27384] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 1475.590831][T27384] ? __pfx___mutex_lock+0x10/0x10 [ 1475.590876][T27384] ? find_held_lock+0x2b/0x80 [ 1475.590935][T27384] mtdchar_unlocked_ioctl+0xb0/0xf0 [ 1475.591000][T27384] ? __pfx_mtdchar_unlocked_ioctl+0x10/0x10 [ 1475.591052][T27384] __x64_sys_ioctl+0x18e/0x210 [ 1475.591088][T27384] do_syscall_64+0x10b/0xf80 [ 1475.591117][T27384] ? clear_bhb_loop+0x40/0x90 [ 1475.591157][T27384] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1475.591190][T27384] RIP: 0033:0x7fb91019ce59 [ 1475.591216][T27384] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1475.591248][T27384] RSP: 002b:00007fb910fb5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1475.591279][T27384] RAX: ffffffffffffffda RBX: 00007fb910416090 RCX: 00007fb91019ce59 [ 1475.591300][T27384] RDX: 0000000000000000 RSI: 0000000000001269 RDI: 0000000000000005 [ 1475.591320][T27384] RBP: 00007fb910fb5090 R08: 0000000000000000 R09: 0000000000000000 [ 1475.591340][T27384] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1475.591360][T27384] R13: 00007fb910416128 R14: 00007fb910416090 R15: 00007fff30be9748 [ 1475.591403][T27384] [ 1475.882688][T27384] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4245'. [ 1477.026034][T27411] FAULT_INJECTION: forcing a failure. [ 1477.026034][T27411] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1477.039443][T27411] CPU: 0 UID: 0 PID: 27411 Comm: syz.0.4253 Tainted: G L syzkaller #0 PREEMPT(full) [ 1477.039478][T27411] Tainted: [L]=SOFTLOCKUP [ 1477.039486][T27411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1477.039500][T27411] Call Trace: [ 1477.039508][T27411] [ 1477.039517][T27411] dump_stack_lvl+0x100/0x190 [ 1477.039547][T27411] should_fail_ex.cold+0x5/0xa [ 1477.039576][T27411] _copy_from_user+0x2e/0xd0 [ 1477.039603][T27411] video_usercopy+0x9e0/0x1490 [ 1477.039695][T27411] ? __pfx_subdev_do_ioctl_lock+0x10/0x10 [ 1477.039774][T27411] ? __pfx_video_usercopy+0x10/0x10 [ 1477.039810][T27411] ? __fget_files+0x21f/0x3d0 [ 1477.039841][T27411] v4l2_ioctl+0x1bd/0x250 [ 1477.039883][T27411] ? __pfx_v4l2_ioctl+0x10/0x10 [ 1477.039909][T27411] __x64_sys_ioctl+0x18e/0x210 [ 1477.039936][T27411] do_syscall_64+0x10b/0xf80 [ 1477.039957][T27411] ? clear_bhb_loop+0x40/0x90 [ 1477.039986][T27411] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1477.040009][T27411] RIP: 0033:0x7fb91019ce59 [ 1477.040028][T27411] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1477.040052][T27411] RSP: 002b:00007fb910fd6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1477.040074][T27411] RAX: ffffffffffffffda RBX: 00007fb910415fa0 RCX: 00007fb91019ce59 [ 1477.040090][T27411] RDX: 0000000000000003 RSI: 00000000c0285629 RDI: 0000000000000003 [ 1477.040104][T27411] RBP: 00007fb910fd6090 R08: 0000000000000000 R09: 0000000000000000 [ 1477.040119][T27411] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1477.040145][T27411] R13: 00007fb910416038 R14: 00007fb910415fa0 R15: 00007fff30be9748 [ 1477.040175][T27411] [ 1477.236574][T27399] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1477.269351][T27399] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1477.287665][T27399] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1477.306149][T27399] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1477.868629][T27402] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1477.910407][T27402] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1477.949465][T27402] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1477.973702][T27402] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1479.371293][T27457] ubi0: attaching mtd0 [ 1479.393238][T27457] ubi0: scanning is finished [ 1479.408523][T27457] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1479.782329][T24348] Bluetooth: hci3: command 0x0406 tx timeout [ 1479.817659][T27457] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1479.929412][T24348] Bluetooth: hci2: command 0x0406 tx timeout [ 1480.008894][ T6328] Bluetooth: hci0: command 0x0406 tx timeout [ 1480.024432][T24348] Bluetooth: hci4: command 0x0c1a tx timeout [ 1481.081087][T27495] futex_wake_op: syz.0.4269 tries to shift op by -2048; fix this program [ 1481.133899][T27495] futex_wake_op: syz.0.4269 tries to shift op by -2048; fix this program [ 1481.200251][T27495] FAULT_INJECTION: forcing a failure. [ 1481.200251][T27495] name failslab, interval 1, probability 0, space 0, times 0 [ 1481.218522][T27495] CPU: 1 UID: 0 PID: 27495 Comm: syz.0.4269 Tainted: G L syzkaller #0 PREEMPT(full) [ 1481.218568][T27495] Tainted: [L]=SOFTLOCKUP [ 1481.218578][T27495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1481.218597][T27495] Call Trace: [ 1481.218608][T27495] [ 1481.218620][T27495] dump_stack_lvl+0x100/0x190 [ 1481.218661][T27495] should_fail_ex.cold+0x5/0xa [ 1481.218701][T27495] should_failslab+0xc2/0x120 [ 1481.218738][T27495] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1481.218784][T27495] ? allocate_partition+0x190/0x2a0 [ 1481.218837][T27495] allocate_partition+0x190/0x2a0 [ 1481.218892][T27495] mtd_add_partition+0x1bc/0x660 [ 1481.218939][T27495] ? __pfx_mtd_add_partition+0x10/0x10 [ 1481.218983][T27495] ? __might_fault+0xc5/0x140 [ 1481.219033][T27495] ? __might_fault+0xc5/0x140 [ 1481.219098][T27495] mtdchar_blkpg_ioctl+0x207/0x250 [ 1481.219146][T27495] ? __pfx_mtdchar_blkpg_ioctl+0x10/0x10 [ 1481.219228][T27495] mtdchar_ioctl+0x1670/0x1fd0 [ 1481.219282][T27495] ? __pfx_mtdchar_ioctl+0x10/0x10 [ 1481.219354][T27495] ? lock_acquire+0x1b1/0x370 [ 1481.219395][T27495] ? trace_contention_end+0x122/0x170 [ 1481.219436][T27495] ? mtdchar_unlocked_ioctl+0xa2/0xf0 [ 1481.219487][T27495] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 1481.219523][T27495] ? __pfx___mutex_lock+0x10/0x10 [ 1481.219562][T27495] ? find_held_lock+0x2b/0x80 [ 1481.219623][T27495] mtdchar_unlocked_ioctl+0xb0/0xf0 [ 1481.219667][T27495] ? __pfx_mtdchar_unlocked_ioctl+0x10/0x10 [ 1481.219712][T27495] __x64_sys_ioctl+0x18e/0x210 [ 1481.219748][T27495] do_syscall_64+0x10b/0xf80 [ 1481.219779][T27495] ? clear_bhb_loop+0x40/0x90 [ 1481.219819][T27495] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1481.219871][T27495] RIP: 0033:0x7fb91019ce59 [ 1481.219897][T27495] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1481.219930][T27495] RSP: 002b:00007fb910fb5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1481.219961][T27495] RAX: ffffffffffffffda RBX: 00007fb910416090 RCX: 00007fb91019ce59 [ 1481.219983][T27495] RDX: 0000000000000000 RSI: 0000000000001269 RDI: 0000000000000005 [ 1481.220002][T27495] RBP: 00007fb910fb5090 R08: 0000000000000000 R09: 0000000000000000 [ 1481.220022][T27495] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1481.220042][T27495] R13: 00007fb910416128 R14: 00007fb910416090 R15: 00007fff30be9748 [ 1481.220087][T27495] [ 1481.487505][T27501] futex_wake_op: syz.4.4271 tries to shift op by -2048; fix this program [ 1481.496069][T27501] futex_wake_op: syz.4.4271 tries to shift op by -2048; fix this program [ 1481.528342][T27495] memory allocation error while creating partitions for "mtdram test device" [ 1481.622513][T27505] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4271'. [ 1481.669588][T27494] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4269'. [ 1482.283944][T27516] Lens A: ================= START STATUS ================= [ 1482.322698][T27516] Lens A: Focus, Absolute: 0 [ 1482.374167][T27517] ubi0: attaching mtd0 [ 1482.379278][T27516] Lens A: ================== END STATUS ================== [ 1482.404544][T27517] ubi0: scanning is finished [ 1482.440911][T27517] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1482.639626][T27524] FAULT_INJECTION: forcing a failure. [ 1482.639626][T27524] name failslab, interval 1, probability 0, space 0, times 0 [ 1482.658874][T27525] netlink: 342 bytes leftover after parsing attributes in process `syz.5.4277'. [ 1482.750971][T27524] CPU: 0 UID: 0 PID: 27524 Comm: syz.0.4276 Tainted: G L syzkaller #0 PREEMPT(full) [ 1482.751020][T27524] Tainted: [L]=SOFTLOCKUP [ 1482.751032][T27524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1482.751050][T27524] Call Trace: [ 1482.751061][T27524] [ 1482.751073][T27524] dump_stack_lvl+0x100/0x190 [ 1482.751116][T27524] should_fail_ex.cold+0x5/0xa [ 1482.751156][T27524] ? tomoyo_realpath_from_path+0xb6/0x690 [ 1482.751201][T27524] should_failslab+0xc2/0x120 [ 1482.751241][T27524] __kmalloc_noprof+0xe0/0x850 [ 1482.751270][T27524] ? kfree+0x1dd/0x6c0 [ 1482.751321][T27524] tomoyo_realpath_from_path+0xb6/0x690 [ 1482.751375][T27524] tomoyo_path_number_perm+0x23c/0x580 [ 1482.751411][T27524] ? tomoyo_path_number_perm+0x22e/0x580 [ 1482.751450][T27524] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1482.751527][T27524] ? find_held_lock+0x2b/0x80 [ 1482.751571][T27524] ? __fget_files+0x215/0x3d0 [ 1482.751607][T27524] ? hook_file_ioctl_common+0x149/0x410 [ 1482.751644][T27524] ? __fget_files+0x215/0x3d0 [ 1482.751696][T27524] ? __fget_files+0x21f/0x3d0 [ 1482.751743][T27524] security_file_ioctl+0xd3/0x230 [ 1482.751781][T27524] __x64_sys_ioctl+0xb7/0x210 [ 1482.751819][T27524] do_syscall_64+0x10b/0xf80 [ 1482.751849][T27524] ? clear_bhb_loop+0x40/0x90 [ 1482.751887][T27524] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1482.751920][T27524] RIP: 0033:0x7fb91019ce59 [ 1482.751946][T27524] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1482.751977][T27524] RSP: 002b:00007fb910fd6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1482.752007][T27524] RAX: ffffffffffffffda RBX: 00007fb910415fa0 RCX: 00007fb91019ce59 [ 1482.752029][T27524] RDX: 0000000000000000 RSI: 0000000040046207 RDI: 0000000000000003 [ 1482.752047][T27524] RBP: 00007fb910fd6090 R08: 0000000000000000 R09: 0000000000000000 [ 1482.752067][T27524] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1482.752098][T27524] R13: 00007fb910416038 R14: 00007fb910415fa0 R15: 00007fff30be9748 [ 1482.752137][T27524] [ 1482.752314][T27524] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1482.991103][T27517] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1483.148865][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 1483.365991][T27534] netlink: 28 bytes leftover after parsing attributes in process `syz.6.4278'. [ 1484.650081][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 1484.656763][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 1485.162324][T27578] ubi0: attaching mtd0 [ 1485.174950][T27578] ubi0: scanning is finished [ 1485.212798][T27578] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1485.591205][T27578] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1485.816427][T27593] cgroup: fork rejected by pids controller in [ 1485.885417][T27625] futex_wake_op: syz.4.4292 tries to shift op by -2048; fix this program [ 1485.921842][T27593] /syz5 [ 1485.934690][T27625] futex_wake_op: syz.4.4292 tries to shift op by -2048; fix this program [ 1485.969626][T27625] FAULT_INJECTION: forcing a failure. [ 1485.969626][T27625] name failslab, interval 1, probability 0, space 0, times 0 [ 1486.002400][T27625] CPU: 1 UID: 0 PID: 27625 Comm: syz.4.4292 Tainted: G L syzkaller #0 PREEMPT(full) [ 1486.002448][T27625] Tainted: [L]=SOFTLOCKUP [ 1486.002460][T27625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1486.002479][T27625] Call Trace: [ 1486.002491][T27625] [ 1486.002503][T27625] dump_stack_lvl+0x100/0x190 [ 1486.002550][T27625] should_fail_ex.cold+0x5/0xa [ 1486.002591][T27625] should_failslab+0xc2/0x120 [ 1486.002632][T27625] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 1486.002669][T27625] ? allocate_partition+0x1bc/0x2a0 [ 1486.002725][T27625] kstrdup+0x51/0xe0 [ 1486.002762][T27625] allocate_partition+0x1bc/0x2a0 [ 1486.002822][T27625] mtd_add_partition+0x1bc/0x660 [ 1486.002874][T27625] ? __pfx_mtd_add_partition+0x10/0x10 [ 1486.002920][T27625] ? __might_fault+0xc5/0x140 [ 1486.002973][T27625] ? __might_fault+0xc5/0x140 [ 1486.003051][T27625] mtdchar_blkpg_ioctl+0x207/0x250 [ 1486.003100][T27625] ? __pfx_mtdchar_blkpg_ioctl+0x10/0x10 [ 1486.003182][T27625] mtdchar_ioctl+0x1670/0x1fd0 [ 1486.003236][T27625] ? __pfx_mtdchar_ioctl+0x10/0x10 [ 1486.003286][T27625] ? lock_acquire+0x1b1/0x370 [ 1486.003327][T27625] ? trace_contention_end+0x122/0x170 [ 1486.003366][T27625] ? mtdchar_unlocked_ioctl+0xa2/0xf0 [ 1486.003418][T27625] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 1486.003454][T27625] ? __pfx___mutex_lock+0x10/0x10 [ 1486.003492][T27625] ? find_held_lock+0x2b/0x80 [ 1486.003561][T27625] mtdchar_unlocked_ioctl+0xb0/0xf0 [ 1486.003610][T27625] ? __pfx_mtdchar_unlocked_ioctl+0x10/0x10 [ 1486.003662][T27625] __x64_sys_ioctl+0x18e/0x210 [ 1486.003700][T27625] do_syscall_64+0x10b/0xf80 [ 1486.003728][T27625] ? clear_bhb_loop+0x40/0x90 [ 1486.003769][T27625] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1486.003805][T27625] RIP: 0033:0x7f2e8b59ce59 [ 1486.003831][T27625] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1486.003863][T27625] RSP: 002b:00007f2e8c4bf028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1486.003893][T27625] RAX: ffffffffffffffda RBX: 00007f2e8b816090 RCX: 00007f2e8b59ce59 [ 1486.003914][T27625] RDX: 0000000000000000 RSI: 0000000000001269 RDI: 0000000000000005 [ 1486.003944][T27625] RBP: 00007f2e8c4bf090 R08: 0000000000000000 R09: 0000000000000000 [ 1486.003962][T27625] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1486.003979][T27625] R13: 00007f2e8b816128 R14: 00007f2e8b816090 R15: 00007ffc7532dc78 [ 1486.004018][T27625] [ 1486.007182][T27625] memory allocation error while creating partitions for "mtdram test device" [ 1486.494651][T27632] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4292'. [ 1486.767726][T27708] ubi0: attaching mtd0 [ 1486.854574][T27708] ubi0: scanning is finished [ 1486.887330][T27708] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1487.789759][T27708] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1490.549871][T27779] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1490.574484][T27779] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1490.589514][T27779] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1490.603540][T27779] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1491.183679][T27799] futex_wake_op: syz.6.4306 tries to shift op by -2048; fix this program [ 1491.205443][T27799] futex_wake_op: syz.6.4306 tries to shift op by -2048; fix this program [ 1491.515228][T27803] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4306'. [ 1492.142964][T27819] ubi0: attaching mtd0 [ 1492.177136][T27819] ubi0: scanning is finished [ 1492.193617][T27819] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1492.568832][T24348] Bluetooth: hci3: command 0x0406 tx timeout [ 1492.650122][T24348] Bluetooth: hci4: command 0x0c1a tx timeout [ 1492.656322][ T6328] Bluetooth: hci0: command 0x0406 tx timeout [ 1492.663002][T24348] Bluetooth: hci2: command 0x0406 tx timeout [ 1493.006103][T27820] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1493.024852][T27820] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1493.041053][T27820] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1493.055498][T27819] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1493.066926][T27820] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1493.850072][T27832] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1493.864555][T27832] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1493.876042][T27832] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1493.886676][T27832] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1495.608400][T27829] Bluetooth: hci3: command 0x0406 tx timeout [ 1495.891861][T27844] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1495.905882][T27844] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1495.920363][T27844] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1495.928342][T27829] Bluetooth: hci4: command 0x0c1a tx timeout [ 1495.939990][T27844] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1496.623620][T27873] futex_wake_op: syz.4.4322 tries to shift op by -2048; fix this program [ 1496.667151][T27873] futex_wake_op: syz.4.4322 tries to shift op by -2048; fix this program [ 1496.695799][T27873] 0x001c00000000-0x100002c00000200 : "" [ 1496.708476][T27873] mtd: partition "" is out of reach -- disabled [ 1496.728161][T27877] ubi0: attaching mtd0 [ 1496.748568][T27877] ubi0: scanning is finished [ 1496.763750][T27877] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1496.785736][T27873] ftl_cs: FTL header not found. [ 1497.133958][T27877] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1497.236014][T27873] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4322'. [ 1497.533675][T27888] futex_wake_op: syz.0.4325 tries to shift op by -2048; fix this program [ 1497.588982][T27888] futex_wake_op: syz.0.4325 tries to shift op by -2048; fix this program [ 1497.655441][T27888] 0x001c00000000-0x100002c00000200 : "" [ 1497.681981][T27888] mtd: partition "" is out of reach -- disabled [ 1497.693633][T27888] FAULT_INJECTION: forcing a failure. [ 1497.693633][T27888] name failslab, interval 1, probability 0, space 0, times 0 [ 1497.716371][T27888] CPU: 0 UID: 0 PID: 27888 Comm: syz.0.4325 Tainted: G L syzkaller #0 PREEMPT(full) [ 1497.716429][T27888] Tainted: [L]=SOFTLOCKUP [ 1497.716440][T27888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1497.716458][T27888] Call Trace: [ 1497.716486][T27888] [ 1497.716497][T27888] dump_stack_lvl+0x100/0x190 [ 1497.716539][T27888] should_fail_ex.cold+0x5/0xa [ 1497.716582][T27888] should_failslab+0xc2/0x120 [ 1497.716621][T27888] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1497.716669][T27888] ? device_add+0xd3a/0x1950 [ 1497.716714][T27888] ? __pfx___debug_object_init+0x10/0x10 [ 1497.716747][T27888] ? do_raw_spin_lock+0x128/0x260 [ 1497.716793][T27888] device_add+0xd3a/0x1950 [ 1497.716837][T27888] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1497.716892][T27888] ? lockdep_init_map_type+0x5c/0x250 [ 1497.716926][T27888] ? __pfx_device_add+0x10/0x10 [ 1497.716968][T27888] ? lockdep_init_map_type+0x5c/0x250 [ 1497.717002][T27888] ? __init_waitqueue_head+0xca/0x150 [ 1497.717053][T27888] add_mtd_device+0x928/0x17a0 [ 1497.717104][T27888] ? __pfx_add_mtd_device+0x10/0x10 [ 1497.717156][T27888] mtd_add_partition+0x30a/0x660 [ 1497.717205][T27888] ? __pfx_mtd_add_partition+0x10/0x10 [ 1497.717249][T27888] ? __might_fault+0xc5/0x140 [ 1497.717303][T27888] ? __might_fault+0xc5/0x140 [ 1497.717369][T27888] mtdchar_blkpg_ioctl+0x207/0x250 [ 1497.717418][T27888] ? __pfx_mtdchar_blkpg_ioctl+0x10/0x10 [ 1497.717503][T27888] mtdchar_ioctl+0x1670/0x1fd0 [ 1497.717558][T27888] ? __pfx_mtdchar_ioctl+0x10/0x10 [ 1497.717609][T27888] ? lock_acquire+0x1b1/0x370 [ 1497.717650][T27888] ? trace_contention_end+0x122/0x170 [ 1497.717694][T27888] ? mtdchar_unlocked_ioctl+0xa2/0xf0 [ 1497.717746][T27888] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 1497.717784][T27888] ? __pfx___mutex_lock+0x10/0x10 [ 1497.717841][T27888] ? find_held_lock+0x2b/0x80 [ 1497.717908][T27888] mtdchar_unlocked_ioctl+0xb0/0xf0 [ 1497.717955][T27888] ? __pfx_mtdchar_unlocked_ioctl+0x10/0x10 [ 1497.718008][T27888] __x64_sys_ioctl+0x18e/0x210 [ 1497.718043][T27888] do_syscall_64+0x10b/0xf80 [ 1497.718072][T27888] ? clear_bhb_loop+0x40/0x90 [ 1497.718113][T27888] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1497.718147][T27888] RIP: 0033:0x7fb91019ce59 [ 1497.718174][T27888] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1497.718206][T27888] RSP: 002b:00007fb910fb5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1497.718236][T27888] RAX: ffffffffffffffda RBX: 00007fb910416090 RCX: 00007fb91019ce59 [ 1497.718258][T27888] RDX: 0000000000000000 RSI: 0000000000001269 RDI: 0000000000000005 [ 1497.718277][T27888] RBP: 00007fb910fb5090 R08: 0000000000000000 R09: 0000000000000000 [ 1497.718296][T27888] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1497.718316][T27888] R13: 00007fb910416128 R14: 00007fb910416090 R15: 00007fff30be9748 [ 1497.718358][T27888] [ 1498.300624][T27829] Bluetooth: hci0: command 0x0406 tx timeout [ 1498.307963][T13584] Bluetooth: hci2: command 0x0406 tx timeout [ 1498.314056][T24348] Bluetooth: hci3: command 0x0406 tx timeout [ 1498.317127][T27888] ------------[ cut here ]------------ [ 1498.325650][T27888] !list_empty(&mtd->part.node) [ 1498.325662][T27888] WARNING: drivers/mtd/mtdpart.c:38 at release_mtd_partition+0x71/0x90, CPU#1: syz.0.4325/27888 [ 1498.329789][T24348] Bluetooth: hci4: command 0x0c1a tx timeout [ 1498.330619][T27888] Modules linked in: [ 1498.352365][T27888] CPU: 1 UID: 0 PID: 27888 Comm: syz.0.4325 Tainted: G L syzkaller #0 PREEMPT(full) [ 1498.363651][T27888] Tainted: [L]=SOFTLOCKUP [ 1498.368011][T27888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1498.378276][T27888] RIP: 0010:release_mtd_partition+0x71/0x90 [ 1498.384331][T27888] Code: 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 1e 48 8b 7b 38 e8 5f 5c d7 fb 48 89 df 5b 5d e9 55 5c d7 fb e8 50 64 76 fb 90 <0f> 0b 90 eb c2 e8 45 2e e3 fb eb db 48 89 ef e8 3b 2e e3 fb eb a5 [ 1498.404025][T27888] RSP: 0018:ffffc900043d7818 EFLAGS: 00010293 [ 1498.410458][T27888] RAX: 0000000000000000 RBX: ffff88805b79c000 RCX: ffffffff8b839d70 [ 1498.418644][T27888] RDX: ffff88802cd41ec0 RSI: ffffffff8691a830 RDI: ffff88805b79c000 [ 1498.426655][T27888] RBP: ffff88805b79c6a8 R08: 0000000000000001 R09: 0000000000000000 [ 1498.434806][T27888] R10: 000000000000001b R11: fffffffffffef690 R12: 0000000000000000 [ 1498.442873][T27888] R13: dffffc0000000000 R14: ffff8880760311a0 R15: 0000000000000000 [ 1498.450953][T27888] FS: 00007fb910fb56c0(0000) GS:ffff888124471000(0000) knlGS:0000000000000000 [ 1498.459950][T27888] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1498.466546][T27888] CR2: 00007f2e8c49ed58 CR3: 00000000a652c000 CR4: 00000000003526f0 [ 1498.474561][T27888] Call Trace: [ 1498.477851][T27888] [ 1498.480818][T27888] mtd_release+0xa0/0xd0 [ 1498.485160][T27888] ? __pfx_mtd_release+0x10/0x10 [ 1498.490225][T27888] device_release+0xd2/0x270 [ 1498.494893][T27888] kobject_put+0x1f7/0x640 [ 1498.499401][T27888] put_device+0x1f/0x30 [ 1498.503596][T27888] add_mtd_device+0xbd7/0x17a0 [ 1498.508451][T27888] ? __pfx_add_mtd_device+0x10/0x10 [ 1498.513722][T27888] mtd_add_partition+0x30a/0x660 [ 1498.518797][T27888] ? __pfx_mtd_add_partition+0x10/0x10 [ 1498.524324][T27888] ? __might_fault+0xc5/0x140 [ 1498.529112][T27888] ? __might_fault+0xc5/0x140 [ 1498.533876][T27888] mtdchar_blkpg_ioctl+0x207/0x250 [ 1498.539118][T27888] ? __pfx_mtdchar_blkpg_ioctl+0x10/0x10 [ 1498.544846][T27888] mtdchar_ioctl+0x1670/0x1fd0 [ 1498.549724][T27888] ? __pfx_mtdchar_ioctl+0x10/0x10 [ 1498.554889][T27888] ? lock_acquire+0x1b1/0x370 [ 1498.559761][T27888] ? trace_contention_end+0x122/0x170 [ 1498.565237][T27888] ? mtdchar_unlocked_ioctl+0xa2/0xf0 [ 1498.570713][T27888] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 1498.575784][T27888] ? __pfx___mutex_lock+0x10/0x10 [ 1498.580929][T27888] ? find_held_lock+0x2b/0x80 [ 1498.585697][T27888] mtdchar_unlocked_ioctl+0xb0/0xf0 [ 1498.591027][T27888] ? __pfx_mtdchar_unlocked_ioctl+0x10/0x10 [ 1498.597005][T27888] __x64_sys_ioctl+0x18e/0x210 [ 1498.601851][T27888] do_syscall_64+0x10b/0xf80 [ 1498.606473][T27888] ? clear_bhb_loop+0x40/0x90 [ 1498.611259][T27888] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1498.617204][T27888] RIP: 0033:0x7fb91019ce59 [ 1498.621654][T27888] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1498.641303][T27888] RSP: 002b:00007fb910fb5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1498.649797][T27888] RAX: ffffffffffffffda RBX: 00007fb910416090 RCX: 00007fb91019ce59 [ 1498.657806][T27888] RDX: 0000000000000000 RSI: 0000000000001269 RDI: 0000000000000005 [ 1498.665819][T27888] RBP: 00007fb910fb5090 R08: 0000000000000000 R09: 0000000000000000 [ 1498.673829][T27888] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1498.681847][T27888] R13: 00007fb910416128 R14: 00007fb910416090 R15: 00007fff30be9748 [ 1498.689905][T27888] [ 1498.692948][T27888] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1498.700250][T27888] CPU: 1 UID: 0 PID: 27888 Comm: syz.0.4325 Tainted: G L syzkaller #0 PREEMPT(full) [ 1498.711229][T27888] Tainted: [L]=SOFTLOCKUP [ 1498.715570][T27888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1498.725653][T27888] Call Trace: [ 1498.728952][T27888] [ 1498.731918][T27888] dump_stack_lvl+0x100/0x190 [ 1498.736628][T27888] vpanic+0x552/0x970 [ 1498.740637][T27888] ? __pfx_vpanic+0x10/0x10 [ 1498.745178][T27888] panic+0xd1/0xe0 [ 1498.748940][T27888] ? __pfx_panic+0x10/0x10 [ 1498.753402][T27888] ? check_panic_on_warn+0x1f/0x90 [ 1498.758557][T27888] check_panic_on_warn.cold+0x19/0x34 [ 1498.763971][T27888] ? release_mtd_partition+0x71/0x90 [ 1498.769317][T27888] __warn.cold+0x191/0x328 [ 1498.773778][T27888] __report_bug+0x296/0x3d0 [ 1498.778403][T27888] ? release_mtd_partition+0x71/0x90 [ 1498.783731][T27888] ? __pfx___report_bug+0x10/0x10 [ 1498.788805][T27888] ? dump_stack_lvl+0x16c/0x190 [ 1498.793687][T27888] ? dump_stack_lvl+0x176/0x190 [ 1498.798572][T27888] ? delete_node+0x20a/0x8f0 [ 1498.803210][T27888] ? release_mtd_partition+0x71/0x90 [ 1498.808546][T27888] report_bug+0xb2/0x220 [ 1498.812841][T27888] ? release_mtd_partition+0x71/0x90 [ 1498.818346][T27888] handle_bug+0x16a/0x2a0 [ 1498.822726][T27888] exc_invalid_op+0x17/0x50 [ 1498.827269][T27888] asm_exc_invalid_op+0x1a/0x20 [ 1498.832155][T27888] RIP: 0010:release_mtd_partition+0x71/0x90 [ 1498.838119][T27888] Code: 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 1e 48 8b 7b 38 e8 5f 5c d7 fb 48 89 df 5b 5d e9 55 5c d7 fb e8 50 64 76 fb 90 <0f> 0b 90 eb c2 e8 45 2e e3 fb eb db 48 89 ef e8 3b 2e e3 fb eb a5 [ 1498.857763][T27888] RSP: 0018:ffffc900043d7818 EFLAGS: 00010293 [ 1498.863862][T27888] RAX: 0000000000000000 RBX: ffff88805b79c000 RCX: ffffffff8b839d70 [ 1498.871862][T27888] RDX: ffff88802cd41ec0 RSI: ffffffff8691a830 RDI: ffff88805b79c000 [ 1498.879856][T27888] RBP: ffff88805b79c6a8 R08: 0000000000000001 R09: 0000000000000000 [ 1498.887851][T27888] R10: 000000000000001b R11: fffffffffffef690 R12: 0000000000000000 [ 1498.895849][T27888] R13: dffffc0000000000 R14: ffff8880760311a0 R15: 0000000000000000 [ 1498.903853][T27888] ? delete_node+0x70/0x8f0 [ 1498.908397][T27888] ? release_mtd_partition+0x70/0x90 [ 1498.913726][T27888] ? release_mtd_partition+0x70/0x90 [ 1498.919052][T27888] mtd_release+0xa0/0xd0 [ 1498.923351][T27888] ? __pfx_mtd_release+0x10/0x10 [ 1498.928354][T27888] device_release+0xd2/0x270 [ 1498.933003][T27888] kobject_put+0x1f7/0x640 [ 1498.937464][T27888] put_device+0x1f/0x30 [ 1498.941652][T27888] add_mtd_device+0xbd7/0x17a0 [ 1498.946464][T27888] ? __pfx_add_mtd_device+0x10/0x10 [ 1498.951713][T27888] mtd_add_partition+0x30a/0x660 [ 1498.956703][T27888] ? __pfx_mtd_add_partition+0x10/0x10 [ 1498.962199][T27888] ? __might_fault+0xc5/0x140 [ 1498.966920][T27888] ? __might_fault+0xc5/0x140 [ 1498.971666][T27888] mtdchar_blkpg_ioctl+0x207/0x250 [ 1498.976823][T27888] ? __pfx_mtdchar_blkpg_ioctl+0x10/0x10 [ 1498.982516][T27888] mtdchar_ioctl+0x1670/0x1fd0 [ 1498.987335][T27888] ? __pfx_mtdchar_ioctl+0x10/0x10 [ 1498.992487][T27888] ? lock_acquire+0x1b1/0x370 [ 1498.997198][T27888] ? trace_contention_end+0x122/0x170 [ 1499.002609][T27888] ? mtdchar_unlocked_ioctl+0xa2/0xf0 [ 1499.008025][T27888] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 1499.013091][T27888] ? __pfx___mutex_lock+0x10/0x10 [ 1499.018155][T27888] ? find_held_lock+0x2b/0x80 [ 1499.022897][T27888] mtdchar_unlocked_ioctl+0xb0/0xf0 [ 1499.028141][T27888] ? __pfx_mtdchar_unlocked_ioctl+0x10/0x10 [ 1499.034088][T27888] __x64_sys_ioctl+0x18e/0x210 [ 1499.038893][T27888] do_syscall_64+0x10b/0xf80 [ 1499.043508][T27888] ? clear_bhb_loop+0x40/0x90 [ 1499.048221][T27888] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1499.054150][T27888] RIP: 0033:0x7fb91019ce59 [ 1499.058619][T27888] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1499.078269][T27888] RSP: 002b:00007fb910fb5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1499.086734][T27888] RAX: ffffffffffffffda RBX: 00007fb910416090 RCX: 00007fb91019ce59 [ 1499.094737][T27888] RDX: 0000000000000000 RSI: 0000000000001269 RDI: 0000000000000005 [ 1499.102756][T27888] RBP: 00007fb910fb5090 R08: 0000000000000000 R09: 0000000000000000 [ 1499.110752][T27888] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1499.118759][T27888] R13: 00007fb910416128 R14: 00007fb910416090 R15: 00007fff30be9748 [ 1499.126787][T27888] [ 1499.130418][T27888] Kernel Offset: disabled [ 1499.134761][T27888] Rebooting in 86400 seconds..