last executing test programs: 26m48.467230664s ago: executing program 1 (id=2): socket(0x1d, 0x2, 0x7) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0xfffffffffffffe11, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x200440c4}, 0x40048c5) r0 = socket(0xa, 0x2, 0x3a) mmap$auto(0x0, 0x2020009, 0xfffffffffffffffd, 0xeb1, 0xfffffffffffffffa, 0x8000) bpf$auto(0x5, &(0x7f0000000100)=@task_fd_query={0x2, r0, 0x3, 0x0, 0x85, 0x7, 0x9, 0x6, 0x8001}, 0x100) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x37, 0xfffffffffffffffe, 0x80000001, 0x0, 0x0, 0x0, 0x1000000009, 0x10001, 0x6, 0x400, 0x7ffffffb, 0x5, 0xdd79, 0x10000, 0x3, 0x104}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x89fc, &(0x7f0000000040)={'bridge0\x00'}) r2 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bus/usb/037/001\x00', 0x20882, 0x0) r3 = setfsgid$auto(0xee01) setresgid$auto(r3, 0x0, 0x0) ioctl$auto_USBDEVFS_CONTROL(r2, 0xc0185500, &(0x7f0000000240)={0x23, 0x3, 0x17, 0xfffd, 0x7ff, 0x7fb}) 26m48.161110274s ago: executing program 1 (id=5): mmap$auto(0x0, 0x9, 0x3, 0x800019b72, 0x9, 0x8000000000008000) prctl$auto(0x1000000003b, 0x1, 0x0, 0x5, 0x7) mincore$auto(0x0, 0x10000, 0x0) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) socket(0x2, 0x801, 0x106) io_uring_setup$auto(0x6, 0x0) setsockopt$auto(0x3, 0x0, 0x1, 0x0, 0x2) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/net/rpc/nfs4.idtoname/channel\x00', 0x8f3b7a51b80ebd01, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000002940)='/dev/fb0\x00', 0x841, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x2242, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_NEW_MPATH(r1, 0x0, 0x20080055) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x942, 0x0) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x0, 0x1, 0x948b, 0x9, 0x15f4da07, 0x6, 0x10, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0x2, 0x8]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x8000000000001fd, 0x20000000007, 0x4, 0xbc3, 0x800, 0x3, 0x8, 0x10001, 0x400000000003, 0x3, 0xfffffffffffffffc, 0xfffffffffffffffe, 0x6, 0x9, 0xffffdfffffffff81, 0x4]}, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = socketpair$auto(0x1, 0x6, 0x8000000000000000, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), r3) sendmsg$auto_IEEE802154_SCAN_REQ(r2, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x54, 0x0, 0x10, 0x70bd25, 0x25dfdbff, {}, [@IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0x7}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_COORD_HW_ADDR={0xc, 0x9, 0x77d}, @IEEE802154_ATTR_CHANNELS={0x8, 0x14, 0x6}, @IEEE802154_ATTR_COORD_HW_ADDR={0xc, 0x9, 0x8}, @IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5, 0x36, 0x9}, @IEEE802154_ATTR_CAPABILITY={0x5, 0x11, 0xf}]}, 0x54}}, 0x40844) 26m46.699423148s ago: executing program 1 (id=8): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) syz_clone3(&(0x7f0000001380)={0x40080, &(0x7f0000000000)=0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000080), {0x1d}, &(0x7f0000000280)=""/208, 0xd0, &(0x7f0000000380)=""/4096, &(0x7f00000000c0)=[0x0], 0x1}, 0x58) process_mrelease$auto(r0, 0x3) r1 = socket(0x10, 0x2, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000012c0)='/sys/devices/virtual/ptp/ptp0/n_vclocks\x00', 0x8502, 0x0) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/veth0/accept_ra_pinfo\x00', 0x2000, 0x0) read$auto(r3, 0x0, 0x1ff) writev$auto(0x3, &(0x7f00000000c0)={0x0, 0x710d}, 0x8) write$auto(r2, &(0x7f00000003c0)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x14\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3C\xf8B^`\xf8\xc2\x0e\xfc>\xa1\xc5\x1dc\xb5S\xb0eX\xba\xe2\xb8\x17\xd1?\xec\xa3Rc2U\xc2OD\x1cl\xc6\xf0,4\x84A\x8f\xa0\xecJ\xb7\xfcnDO\n[^\xfc\xee\xf4\x98\xb3:K\x05\xd6ElP\xb1\xdc\xa2cg\xafENM\xb2\x1e\xfe\x0f}\xba\x83\x00\x81\x1at\xbf\x9ezF+x\xec\xe1`Qfm:\xfd\xeek\xa6#\xde\x16\x8f\xe9\xe9\xccbP\xb2z\xe1\xed\x97\x11\xaa\xea@\xee:\r\xb8\xe5\xd9CNG\x94\xe5\xcf\xfc3\xc7Z8\x03\x00\x00\x00\xc9\xe2ny\xa7\xd4\xb5A\x8e\xe2\x87\xf0\x17\x90%c\x1dE\xb1j2\x13\x10\xc2\x98\xeak\xa8\x10\xa0\x0f\xe8\x828\"9\xc1\xf2\xb6\x18\x9atD\xf13\xb2+$\x06q\xd6\x8e\xc18\x85\xd2\xd2\x1f\x97\x1d\xd7\x88\"\x01w\xaa\\\f\x98\xbf\xff\xeb\xceg\xa7\x8e\x84B\x7fn\xddu\xe0i\xd3\xf8\x8e\xf4\x111\x86\xfd\xcb\xa1\xd41\x8cI\xe0\xfa\xb3/(s\xd6\xd8\xcdCr\xf5MZ\xb8\xd4\x97\xae1\xc23ph\x84-@\xd4N_\n\xef\x86\x93T\\x\xf2\xce \xfe\v2E\xcatr\x00\xe5\xd7\xb2\x13\xe6\xd8\xd0\xe1|f\xaa\xadX@!\xc2]\xf9\x80\x9a\x1d\xcbt;\xfew\x14\x92\xc27\xbf\xad\x10\xa4\x93\xcd\xdc\x89\xa15\xe7r\x85\xcc\xd2p?\xf2\x0f`+\xb2\xcb\xf1\xddXw\xd2}Is%x\xbbJx\xebo{\x80\xc6o\x9e\xb2\"\x1c\vzL\"\x880|\v\xe0N\x8f\xd6\x8a\xaf', 0x80001) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB='-\x00\v'], 0x1ac}}, 0x40000) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x803}, 0x2004, 0x8) 26m46.179903876s ago: executing program 1 (id=10): mmap$auto(0x0, 0x2, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0xa, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x203, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) syz_clone(0x20011, 0x0, 0x0, 0x0, 0x0, 0x0) mprotect$auto(0x0, 0x806121, 0x6) msgctl$auto_IPC_INFO(0xa6, 0x3, &(0x7f0000000100)={{0x7, 0x0, 0x0, 0x0, 0x7, 0x9, 0x8}, 0x0, &(0x7f0000000040)=0xa, 0x3e, 0x7f, 0x7, 0x100000000, 0xffffffffffffffff, 0x2cf, 0x2}) r1 = openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000100), 0x80840, 0x0) readv$auto(r1, &(0x7f0000000a80)={0x0, 0x5b54}, 0x1) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000200)='/proc/kcore\x00', 0x28000, 0x0) lseek$auto(0x3, 0x0, 0x1) sendmmsg$auto(r0, &(0x7f0000000180)={{&(0x7f0000000040), 0xb8, 0x0, 0x0, 0x0, 0x4, 0x80000000}, 0xb}, 0x1, 0x3663f3c3) 26m45.043921715s ago: executing program 1 (id=12): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) write$auto(0x1, 0x0, 0x80000000) unshare$auto(0x40000080) r0 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0x0, 0x40009, 0x7, 0x9b72, 0x7, 0x28000) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, 0x0) sendmmsg$auto(r0, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x1a, 0x0, 0xfffffffffffffffc, 0x5}, 0x6}, 0x1, 0x401) r1 = socket(0xa, 0x5, 0x84) sendto$auto(r1, 0x0, 0x401, 0x6358c0, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fe8000"}, 0x1c) mmap$auto(0xfff, 0x9, 0xfffffffffffffffb, 0x200000eb0, 0x401, 0x701cf82a) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/mm/transparent_hugepage/hugepages-2048kB/enabled\x00', 0x22b42, 0x0) openat$auto_ptdump_fops_(0xffffffffffffff9c, &(0x7f0000000100), 0x84200, 0x0) r3 = openat$auto_ptdump_fops_(0xffffffffffffff9c, &(0x7f0000000380), 0x2000, 0x0) read$auto_ptdump_fops_(r3, &(0x7f0000000140)=""/43, 0x2b) sendfile$auto(r2, r2, 0x0, 0x6) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) select$auto(0x5, 0x0, 0x0, &(0x7f00000001c0)={[0x1ff, 0x0, 0x7, 0xfff, 0x948b, 0x0, 0x15f4da0a, 0x3, 0x402, 0x62, 0x4, 0x4, 0x6d41, 0x4, 0xa, 0xfffffffffffffdfa]}, 0x0) write$auto(r4, &(0x7f0000000400), 0x100000a3d9) sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000001e40)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="010027bd7000fbdbdf2504000000080017000800000004001e"], 0x20}, 0x1, 0x0, 0x0, 0x220000c1}, 0xc0) setpriority$auto(0x2, 0x0, 0x80000) ioctl$auto_EXT4_IOC_SETVERSION_OLD(0xffffffffffffffff, 0x40087602, &(0x7f0000000280)="d5fe11b10faac2e41beb8dce6fbe442c9d14469b57d6defbfdd6bcc877acd73557fc74c6ed7ff4f02afe5f85291baf877400934d252b0a23e5976afbb730a822777f4881fd11b05ad1ad49f68bb850924b8ef83296fe46b500e2119f9b15a4cc94a12bfde33f0c64be955bb26593cea7761df9ab62ea97fed47f810822eb17edd4f514e9fdcfd5b8babef4b60883d3b877f263c2eddf7158082f51eb8e7afc2157e930bdf6a1ad6948f6457e1365437ec549e149d1d29eae85325e54e7878a9ecdd87fbac17f93a7800339026b46ba71a3c545b3d17012b32386152970eb3f967fd6a1ae7243cc184a81a16bc277362bfe43df") close_range$auto(0x2, r2, 0x400) mmap$auto(0x0, 0xec8, 0x2, 0x100000000009b72, 0xffffffffffffffff, 0x28000) madvise$auto(0x0, 0xffffffffffff0003, 0x15) r5 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/dev_snmp6/syz_tun\x00', 0x1cb422, 0x0) pread64$auto(r5, 0x0, 0x800003, 0x270) madvise$auto_MADV_SEQUENTIAL(0x8, 0x2, 0x2) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x3000, 0x6, 0x7, 0xa, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c48, 0x29b, 0x8, 0x82, 0x101, 0x6, 0x3}, {0x100, 0x1, 0x52, 0x5, 0x2, 0x1a7b870a, 0x76c4, 0x8, 0x100000000}}) select$auto(0xe, 0x0, 0x0, &(0x7f0000000200)={[0x8, 0xffffffffffffff49, 0x5, 0x1823, 0x800000000004, 0x1, 0x5, 0x19, 0x10, 0x5, 0x2002dde, 0x2, 0xfffffffffffffffa, 0xab, 0x0, 0x1]}, &(0x7f0000000040)={0x0, 0x7}) clock_nanosleep$auto(0x2, 0x1000, 0x0, 0x0) 26m29.718134465s ago: executing program 32 (id=12): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) write$auto(0x1, 0x0, 0x80000000) unshare$auto(0x40000080) r0 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0x0, 0x40009, 0x7, 0x9b72, 0x7, 0x28000) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, 0x0) sendmmsg$auto(r0, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x1a, 0x0, 0xfffffffffffffffc, 0x5}, 0x6}, 0x1, 0x401) r1 = socket(0xa, 0x5, 0x84) sendto$auto(r1, 0x0, 0x401, 0x6358c0, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fe8000"}, 0x1c) mmap$auto(0xfff, 0x9, 0xfffffffffffffffb, 0x200000eb0, 0x401, 0x701cf82a) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/mm/transparent_hugepage/hugepages-2048kB/enabled\x00', 0x22b42, 0x0) openat$auto_ptdump_fops_(0xffffffffffffff9c, &(0x7f0000000100), 0x84200, 0x0) r3 = openat$auto_ptdump_fops_(0xffffffffffffff9c, &(0x7f0000000380), 0x2000, 0x0) read$auto_ptdump_fops_(r3, &(0x7f0000000140)=""/43, 0x2b) sendfile$auto(r2, r2, 0x0, 0x6) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) select$auto(0x5, 0x0, 0x0, &(0x7f00000001c0)={[0x1ff, 0x0, 0x7, 0xfff, 0x948b, 0x0, 0x15f4da0a, 0x3, 0x402, 0x62, 0x4, 0x4, 0x6d41, 0x4, 0xa, 0xfffffffffffffdfa]}, 0x0) write$auto(r4, &(0x7f0000000400), 0x100000a3d9) sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000001e40)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="010027bd7000fbdbdf2504000000080017000800000004001e"], 0x20}, 0x1, 0x0, 0x0, 0x220000c1}, 0xc0) setpriority$auto(0x2, 0x0, 0x80000) ioctl$auto_EXT4_IOC_SETVERSION_OLD(0xffffffffffffffff, 0x40087602, &(0x7f0000000280)="d5fe11b10faac2e41beb8dce6fbe442c9d14469b57d6defbfdd6bcc877acd73557fc74c6ed7ff4f02afe5f85291baf877400934d252b0a23e5976afbb730a822777f4881fd11b05ad1ad49f68bb850924b8ef83296fe46b500e2119f9b15a4cc94a12bfde33f0c64be955bb26593cea7761df9ab62ea97fed47f810822eb17edd4f514e9fdcfd5b8babef4b60883d3b877f263c2eddf7158082f51eb8e7afc2157e930bdf6a1ad6948f6457e1365437ec549e149d1d29eae85325e54e7878a9ecdd87fbac17f93a7800339026b46ba71a3c545b3d17012b32386152970eb3f967fd6a1ae7243cc184a81a16bc277362bfe43df") close_range$auto(0x2, r2, 0x400) mmap$auto(0x0, 0xec8, 0x2, 0x100000000009b72, 0xffffffffffffffff, 0x28000) madvise$auto(0x0, 0xffffffffffff0003, 0x15) r5 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/dev_snmp6/syz_tun\x00', 0x1cb422, 0x0) pread64$auto(r5, 0x0, 0x800003, 0x270) madvise$auto_MADV_SEQUENTIAL(0x8, 0x2, 0x2) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x3000, 0x6, 0x7, 0xa, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c48, 0x29b, 0x8, 0x82, 0x101, 0x6, 0x3}, {0x100, 0x1, 0x52, 0x5, 0x2, 0x1a7b870a, 0x76c4, 0x8, 0x100000000}}) select$auto(0xe, 0x0, 0x0, &(0x7f0000000200)={[0x8, 0xffffffffffffff49, 0x5, 0x1823, 0x800000000004, 0x1, 0x5, 0x19, 0x10, 0x5, 0x2002dde, 0x2, 0xfffffffffffffffa, 0xab, 0x0, 0x1]}, &(0x7f0000000040)={0x0, 0x7}) clock_nanosleep$auto(0x2, 0x1000, 0x0, 0x0) 9m32.856355778s ago: executing program 0 (id=3710): socket(0x2, 0x1, 0x106) copy_file_range$auto(0xffffffffffffffff, &(0x7f0000000040)=0xfffffffffffffff9, 0xffffffffffffffff, 0x0, 0x2, 0x0) ioctl$auto_SNDCTL_SEQ_THRESHOLD(0xffffffffffffffff, 0x4004510d, 0x0) mmap$auto(0x0, 0x30009, 0x4000000000df, 0x4000eb1, 0x401, 0x8000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x40180, 0x0) close_range$auto(0x2, 0x8, 0x0) semctl$auto(0xa, 0x2, 0x13, 0xde) move_pages$auto(0xffffffffffffffff, 0x7, &(0x7f0000000080)=&(0x7f00000002c0), &(0x7f00000000c0)=0x6, &(0x7f0000000240)=0x5, 0x8) recvmmsg$auto(0x3, 0x0, 0x80000401, 0x4000, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000f40)={'batadv0\x00', 0x0}) sendmsg$auto_BATADV_CMD_SET_MESH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)={0x48, 0x0, 0x1, 0x70bd2c, 0x25dfdbfb, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r1}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x9}, @BATADV_ATTR_HARD_IFNAME={0x14, 0x7, 'netpci0\x00'}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000}, 0x140080e4) bind$auto(0xffffffffffffffff, 0x0, 0x9) sendmsg$auto_OVS_FLOW_CMD_SET(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x90}, 0x10) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f0000001040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x5c, 0x0, 0x1, 0x70bd25, 0x25dfdbf7, {0x1, 0x0, 0x3f00}, [@L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x58}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x5}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x8}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @mcast1}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @local}]}, 0x5c}, 0x1, 0x0, 0x0, 0x44000}, 0x0) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_OVS_FLOW_CMD_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x4000}, 0x40040) io_uring_setup$auto(0x6, 0x0) openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000000)='/proc/kpagecount\x00', 0x0, 0x0) readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x1000}, 0x100000007) 9m31.832838911s ago: executing program 0 (id=3712): socket(0x2, 0x1, 0x106) copy_file_range$auto(0xffffffffffffffff, &(0x7f0000000040)=0xfffffffffffffff9, 0xffffffffffffffff, 0x0, 0x2, 0x0) ioctl$auto_SNDCTL_SEQ_THRESHOLD(0xffffffffffffffff, 0x4004510d, 0x0) mmap$auto(0x0, 0x30009, 0x4000000000df, 0x4000eb1, 0x401, 0x8000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x40180, 0x0) close_range$auto(0x2, 0x8, 0x0) semctl$auto(0xa, 0x2, 0x13, 0xde) move_pages$auto(0xffffffffffffffff, 0x7, &(0x7f0000000080)=&(0x7f00000002c0), &(0x7f00000000c0)=0x6, &(0x7f0000000240)=0x5, 0x8) recvmmsg$auto(0x3, 0x0, 0x80000401, 0x4000, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000f40)={'batadv0\x00', 0x0}) sendmsg$auto_BATADV_CMD_SET_MESH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)={0x3c, 0x0, 0x1, 0x70bd2c, 0x25dfdbfb, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r1}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x9}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000}, 0x140080e4) bind$auto(0xffffffffffffffff, 0x0, 0x9) sendmsg$auto_OVS_FLOW_CMD_SET(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x90}, 0x10) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f0000001040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x5c, 0x0, 0x1, 0x70bd25, 0x25dfdbf7, {0x1, 0x0, 0x3f00}, [@L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x58}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x5}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x8}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @mcast1}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @local}]}, 0x5c}, 0x1, 0x0, 0x0, 0x44000}, 0x0) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_OVS_FLOW_CMD_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x4000}, 0x40040) io_uring_setup$auto(0x6, 0x0) openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000000)='/proc/kpagecount\x00', 0x0, 0x0) readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x1000}, 0x100000007) 9m30.845394497s ago: executing program 0 (id=3717): mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x2020009, 0x2000000000000003, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_MAC802154_HWSIM_CMD_NEW_RADIO(r0, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x24040041}, 0x0) sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x86}, 0x1) openat$auto_tun_fops_tun(0xffffffffffffff9c, 0x0, 0x82002, 0x0) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/devices/virtual/workqueue/nvme_tcp_wq/max_active\x00', 0x182b02, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/module/vxlan/parameters/udp_port\x00', 0x2400, 0x0) read$auto(r1, 0x0, 0x20) write$auto(0x3, 0x0, 0xfffffdef) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty17\x00', 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) io_uring_setup$auto(0x1, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) r3 = ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto(r3, 0x4020ae76, r4) 9m30.59980245s ago: executing program 0 (id=3719): close_range$auto(0x2, 0x8, 0x0) socket(0x18, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x103080, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r1 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f0000003b80)='/dev/snd/pcmC0D0c\x00', 0x8100, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x1, 0x11, 0xfffffffe, 0x5, 0x7fff, 0x8, 0xffffffffffffffff, [], {0x2, 0x10001, 0xb, 0x2de, 0x504, 0x1, 0x101, 0x6, 0x8}, {0xfff7ffff, 0x2, 0x52, 0x5, 0x10001, 0x44, 0x76c5, 0x8, 0x8000000000040000}}) timer_settime$auto(0x0, 0xffff8000, &(0x7f00000000c0)={{0xf, 0xe64e}, {0x9, 0x3}}, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x14fa02, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0x400000000e31, 0xffffffffffffffff, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x2, 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) r2 = getpid() process_vm_readv$auto(r2, &(0x7f0000000000)={0x0, 0xfff}, 0x800000001, &(0x7f0000000280)={&(0x7f0000000080), 0x1ffffffff}, 0x6, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_HW_REFINE2(r1, 0xc2604110, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r3) ioctl$auto_KVM_GET_MSRS(r0, 0x4008ae89, &(0x7f0000000080)={0x2, 0x0, [{0x400000f1, 0x400, 0x718c1257}]}) 9m25.827698087s ago: executing program 0 (id=3730): socket(0x15, 0x5, 0x3) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) r0 = pidfd_open$auto(0x1, 0x0) setns(r0, 0x60020000) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) syz_clone3(&(0x7f0000000300)={0x153326100, 0x0, 0x0, 0x0, {0x23}, 0x0, 0x0, 0x0, 0x0, 0x0, {r0}}, 0xa7) clone$auto(0x9001, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x5) r1 = socket(0xa, 0x5, 0x0) r2 = getsockopt$auto(r1, 0x84, 0x24, 0x0, 0x0) syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000040), 0xffffffffffffffff) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x80000, 0x0) ioctl$auto_USB_RAW_IOCTL_RUN(0xffffffffffffffff, 0x5501, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x14, 0x0, 0x8) mmap$auto(0x0, 0x400, 0xdf, 0xeb1, 0x1272, 0x8000) close_range$auto(0x2, 0x8, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_L2TP_CMD_TUNNEL_DELETE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="21008d1dd290f336a1f03cb08eabfdca0600000000000000075795be08ab1eeaff802ca970479d2a531cce4befb3bdbbf5f7fe97a768da0e8758dd1623ebf2b387259b39c39ded00"/84], 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) r4 = ioctl$auto_TUNGETFILTER(r0, 0x801054db, 0x0) sendmsg$auto_L2TP_CMD_SESSION_GET(r0, &(0x7f0000000480)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x68, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {}, [@L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0x4}, @L2TP_ATTR_FD={0x8, 0x17, r4}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x9}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x8}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0xffffc674}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @local}, @L2TP_ATTR_RECV_SEQ={0x5}, @L2TP_ATTR_FD={0x8, 0x17, r2}, @L2TP_ATTR_SESSION_ID={0x8, 0xb, 0xfffffbff}]}, 0x68}, 0x1, 0x0, 0x0, 0x40000}, 0x800) r5 = socket(0x1d, 0x2, 0x7) r6 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(r5, &(0x7f0000000000)=@can={0x1d, r7}, 0x6a) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0xe, 0x40, 0x801ffdf, 0x1, 0x2000000000000006, 0x3, 0x8, 0x5, 0x6, 0x7, 0x1, 0x9, 0x2, 0x3, 0x5, 0xfffffffffffffffa, 0x0, 0x0, 0x0, 0x0, 0x3b9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0xffffffff00000000, 0x0, 0x200, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb, 0x0, 0x5, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x0, 0x0, 0x5, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x19, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000000000]}, 0x5, 0x2) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) openat$auto_fops_blob_file(0xffffffffffffff9c, &(0x7f00000000c0), 0x101800, 0x0) r8 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0xffffff9e}, 0x40000) 9m24.910161576s ago: executing program 0 (id=3733): r0 = socket(0x10, 0x4, 0xfffffffc) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x23, 0x80805, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/power/resume\x00', 0x189002, 0x0) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) write$auto(0x3, 0x0, 0x7fffffff) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x0) write$auto(0xca, &(0x7f0000000140)='\x04\x0e\x06\xd5\x89|d\v\x00\x00@\x00\x81\x00\x00\x00\xf6\xf5\x00\xdf\xff\x00', 0x10) mmap$auto(0x0, 0x402000d, 0xa, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYRES16=0x0, @ANYBLOB="06000000e83c3dc3327809dc81ef9f55e170", @ANYRES16=r0], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x8a0) socket(0x10, 0x2, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/ram10/queue/max_sectors_kb\x00', 0xe3102, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000300)='/dev/audio1\x00', 0x6102, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) ioctl$auto_PPPIOCSACTIVE(r1, 0x40107446, &(0x7f00000000c0)={0x38, &(0x7f0000000040)={0x4, 0x41, 0xd, @inferred=r1}}) mount_setattr$auto(r1, 0x0, 0x0, &(0x7f0000000640)={0x8, 0x100009}, 0x283) ioctl$auto(0xffffffffffffffff, 0x5419, 0x38) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r2, &(0x7f0000000080)='7\x00\\\xa0\x04|\x03[\\\xf2\x8d\xcb\x12\xfa', 0x40) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_gtp(&(0x7f00000001c0), r1) sendmsg$auto_GTP_CMD_NEWPDP(r3, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x40, r4, 0x300, 0x70bd2b, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x8}, @GTPA_I_TEI={0x8, 0x8, 0x5}, @GTPA_O_TEI={0x8, 0x9, 0x100}, @GTPA_LINK={0x8, 0x1, 0x33b}, @GTPA_I_TEI={0x8, 0x8, 0x8}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000000}, 0x24000041) socket(0x6, 0x5, 0x10) r5 = socket(0x1d, 0x3, 0x1) sendmmsg$auto(r5, &(0x7f0000000340)={{&(0x7f0000000100), 0x6, &(0x7f0000000000)={0x0, 0xff}, 0x8, &(0x7f00000002c0), 0x1ff, 0x7}, 0x1000}, 0x2a08, 0x0) syz_open_procfs$namespace(0x0, &(0x7f00000004c0)='ns/time_for_children\x00') socket(0x15, 0x5, 0x0) 9m9.799788365s ago: executing program 33 (id=3733): r0 = socket(0x10, 0x4, 0xfffffffc) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x23, 0x80805, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/power/resume\x00', 0x189002, 0x0) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) write$auto(0x3, 0x0, 0x7fffffff) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x0) write$auto(0xca, &(0x7f0000000140)='\x04\x0e\x06\xd5\x89|d\v\x00\x00@\x00\x81\x00\x00\x00\xf6\xf5\x00\xdf\xff\x00', 0x10) mmap$auto(0x0, 0x402000d, 0xa, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYRES16=0x0, @ANYBLOB="06000000e83c3dc3327809dc81ef9f55e170", @ANYRES16=r0], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x8a0) socket(0x10, 0x2, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/ram10/queue/max_sectors_kb\x00', 0xe3102, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000300)='/dev/audio1\x00', 0x6102, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) ioctl$auto_PPPIOCSACTIVE(r1, 0x40107446, &(0x7f00000000c0)={0x38, &(0x7f0000000040)={0x4, 0x41, 0xd, @inferred=r1}}) mount_setattr$auto(r1, 0x0, 0x0, &(0x7f0000000640)={0x8, 0x100009}, 0x283) ioctl$auto(0xffffffffffffffff, 0x5419, 0x38) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r2, &(0x7f0000000080)='7\x00\\\xa0\x04|\x03[\\\xf2\x8d\xcb\x12\xfa', 0x40) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_gtp(&(0x7f00000001c0), r1) sendmsg$auto_GTP_CMD_NEWPDP(r3, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x40, r4, 0x300, 0x70bd2b, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x8}, @GTPA_I_TEI={0x8, 0x8, 0x5}, @GTPA_O_TEI={0x8, 0x9, 0x100}, @GTPA_LINK={0x8, 0x1, 0x33b}, @GTPA_I_TEI={0x8, 0x8, 0x8}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000000}, 0x24000041) socket(0x6, 0x5, 0x10) r5 = socket(0x1d, 0x3, 0x1) sendmmsg$auto(r5, &(0x7f0000000340)={{&(0x7f0000000100), 0x6, &(0x7f0000000000)={0x0, 0xff}, 0x8, &(0x7f00000002c0), 0x1ff, 0x7}, 0x1000}, 0x2a08, 0x0) syz_open_procfs$namespace(0x0, &(0x7f00000004c0)='ns/time_for_children\x00') socket(0x15, 0x5, 0x0) 3m23.184845082s ago: executing program 4 (id=4880): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x2, 0x0) socket(0x2, 0x1, 0x0) socket(0x2, 0x5, 0x0) epoll_create$auto(0x7) r0 = socket$nl_generic(0x10, 0x3, 0x10) epoll_ctl$auto(0x5, 0x1, r0, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x0, 0xfffff004, 0x2) socket(0xa, 0x807, 0x3) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_fd=r1, r3, 0x8, 0xff, r2, @relative_fd, 0xe600}, 0xf) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffffffffffffffff, 0x0, 0x1}, 0x4) bpf$auto(0x3, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x3}, 0xb) capset$auto(0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) epoll_ctl$auto(0x5, 0x1, r4, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) epoll_ctl$auto(0x5, 0x3, r4, 0x0) close_range$auto(0x2, 0xa, 0x0) r5 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x80001, 0x0) writev$auto(r5, &(0x7f0000000180)={&(0x7f00000000c0), 0x101}, 0x1) socket$nl_generic(0x10, 0x3, 0x10) 3m22.176960696s ago: executing program 4 (id=4881): unshare$auto(0x40000080) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) r0 = socket(0x29, 0x2, 0x0) setsockopt$auto(r0, 0x119, 0xfffffffe, 0x0, 0x8) mremap$auto(0x110c230000, 0x0, 0x2000101, 0x3, 0xf000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x12, 0xffffffffffffffff, 0x0) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x0, 0x0, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x5, &(0x7f0000000100)={&(0x7f0000000140)="db51de43746d9508078a7e880f50e4932fa93d6ed3f8654ddea5b28e9b2701e522044e1ab6da91436c27accab4cd87505e08a1fafbcf53be4ed35b23b3362a366b000a2ccbb9267d8f172088c5bbb0f3a932155893e5f3767cfee203383632f91e73cbb9710b96758a7c275a231a9c644d27", 0xfc2}, 0xfffffffffffffffe, &(0x7f0000000240)="a3f0c396b3209d20c4df34bedf068fcca1d9488eec997315dd633f43079bb5446e57522c9f9a82bfdfc8ffde842b5c5cb82f7a5b0c60a7601e0a48b07dac5e73d0957e7ac62a95d75892a2d96828759d7a8cd32caaaa357c27f6dc3fa4ba8c203f5e590a14fc70406304807c8a195fe87447976980f5b4cf0eb3ef826e1b5885e4560a8b253762e55d0665c7ea5838d0690af6deef1504469b7fc2580123ca11fce78554d70d82298ceb28", 0x7, 0xa505}, 0x800}, 0xb, 0x9) mmap$auto(0x8a2e, 0x8, 0x0, 0x13, r1, 0x6) socket$nl_generic(0x10, 0x3, 0x10) get_robust_list$auto(0x0, 0x0, 0x0) unshare$auto(0x8) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x0, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0) read$auto(r3, 0x0, 0x20) writev$auto(r2, &(0x7f0000000200)={0x0, 0x3}, 0x3) openat$auto_tracing_mark_raw_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/trace_marker_raw\x00', 0x109c00, 0x0) 3m21.327420142s ago: executing program 4 (id=4884): r0 = openat$auto_proc_pid_numa_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000880)='/proc/thread-self/numa_maps\x00', 0x28100, 0x0) r1 = openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/pcmC0D0p\x00', 0x0, 0x0) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r2 = openat$auto_random_fops_random(0xffffffffffffff9c, 0x0, 0x40200, 0x0) ioctl$auto_RNDADDENTROPY(r2, 0x40085203, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_FORWARD(r1, 0x40084149, 0x0) r3 = open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x40) open(&(0x7f0000000040)='./file0\x00', 0x40040, 0x1) r4 = ioctl$auto_TUNSETFILTEREBPF(r3, 0x800454e1, &(0x7f00000001c0)=0x3) ioctl$auto_proc_reg_file_ops_compat_inode(r4, 0x4, &(0x7f0000000200)="2b4f193ffb7dacf4a448b1b8e35c6dea6d5f5eb63163f518d72fb5e1b2a3acb7e777e72b2017042ead9b047c26030a3aae9d6c75f4d2a11fb335d61a66339a0bb2c2d929365449194b7e275ae7d9a4c464457c83482978ca75160af66e6a0c4c471d6918d14d2bffbeed049bfca7") execve$auto(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8001, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x170) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) r5 = open(&(0x7f0000000040)='./file0\x00', 0x149443, 0xc8) r6 = openat$auto_udmabuf_fops_udmabuf(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$auto_UDMABUF_CREATE(r6, 0x40187542, &(0x7f00000000c0)={r5, 0x8, 0x2000000, 0x8000}) mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)='nfsd\x00\xee\x1a\x8f\xa2~?\xe2\x82fg\xb3G\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xe4\xafW\xcc\xa3\xce\tI\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd_\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xd1\x98\xe3T\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xfd\rw\xca1\x88|\xe5\x1e\x10\x89X\x01\xe9\xf6g\x95xx\xaf\xa9~m\x05\xe1\xa8\xda\x80\xc5\x8f\xb41\x81\xf0\xa3\xa2\xe4\x81\xb9\x92\xda\x13\xfe5\xfb\xc6\xd8>\x01\xd4\x14', 0x7, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000280)='/proc/asound/card0/pcm0c/sub1/status\x00', 0x109100, 0x0) mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000180)='nfsd\x00', 0x8, 0x0) pread64$auto(r0, &(0x7f00000008c0)='\x00', 0x10001, 0x3) 3m20.656406542s ago: executing program 4 (id=4887): socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="7201", @ANYBLOB], 0x1ac}}, 0x4004) pwrite64$auto(0xc8, &(0x7f0000000180)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdde\x1cJ\x99\x00\x00/\x00\x00\x00\xfd\xfdX\xd3\x1d\xf8\xbebZ\xddL\x01\x00\x00\x00^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL2\x01\x88\v\xae\xa9i8W\xe5\x00W\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\x90\x13\xd5\x84\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x95\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x13#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xbf\xa6\x11YTz\xf3\xdd\xe7i~:\x1a\xd0\xb0R\xb4J}\x00\x00\x00\x00\x00\x00\xa3\x05\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xd5\xc1\"\xact\xff\xc9\x00'/242, 0xfded, 0x4) close_range$auto(0x2, 0xa, 0x0) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x30000881}, 0xc040804) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, 0x0, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket(0x28, 0x1, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x44a700, 0x0) socket(0x2, 0x1, 0x106) openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000340)='/sys/kernel/debug/block/loop14/hctx0/sched_tags_bitmap\x00', 0x80, 0x0) r2 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000240)='/dev/binderfs/binder0\x00', 0x82000, 0x0) clock_getres$auto(0xfffffffd, 0x0) ppoll$auto(&(0x7f00000002c0)={r2, 0x101, 0x2}, 0x6, 0x0, 0x0, 0x8) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_UDMABUF_CREATE_LIST(r1, 0x40087543, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0x10001, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x5, 0x2, 0xfffffffffffffffe]}, 0x0) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0xfffffdfe, 0xf, 0xfffffffffffffffe, 0x948b, 0x3, 0x4, 0x3, 0x1000, 0x200000000000005e, 0x4000008000001f, 0x17, 0x6d3e, 0x0, 0x2, 0x8000000000820]}, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/kernel/nmi_watchdog\x00', 0x101202, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) write$auto(0x3, 0x0, 0xfdef) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0xc0c01, 0x0) ioctl$auto_VHOST_SET_FEATURES2(r4, 0x4008af00, &(0x7f0000000040)=0xc) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x2, 0x0) 3m19.354884267s ago: executing program 4 (id=4895): openat$auto_stats_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x189c80, 0x0) r0 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$auto_NETDEV_CMD_PAGE_POOL_GET(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010026bd"], 0x50}, 0x1, 0x0, 0x0, 0x4048000}, 0x0) openat$auto_trace_options_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/tracing/options/blk_classic\x00', 0x4000, 0x0) r1 = socket(0x27, 0x2, 0x0) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f0000000040), 0x7, 0xa505}, 0x800}, 0x5, 0x400a) mmap$auto(0x0, 0x30009, 0x4000000000df, 0x4000eb1, 0x401, 0x8000) ioprio_set$auto(0x2, 0x800000000, 0x8) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) 3m19.161689541s ago: executing program 4 (id=4896): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa}, 0x58) r0 = socket$nl_generic(0x10, 0x3, 0x10) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x7) write$auto(0xca, 0x0, 0x7e) setreuid$auto(0x0, 0x0) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x20802, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x7ff, 0x4, 0xdf, 0x13, 0x2, 0x8001) syz_genetlink_get_family_id$auto_ncsi(&(0x7f0000000080), 0xffffffffffffffff) r3 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x102, 0x0) r4 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) mmap$auto(0x0, 0x2010d, 0x8, 0x20000000000e31, 0x40000000000a5, 0x1) close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) r5 = socket(0x9, 0x5, 0x5) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @local}, 0x406a) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) setsockopt$auto(r0, 0x10000000084, 0x1, 0x0, 0x8) sendmmsg$auto(r5, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1fff8}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) sendmmsg$auto(r4, &(0x7f00000003c0)={{&(0x7f0000000240)="702a4fffc6ad10dd6d80767a19ba84dfa2740cc6418876baf0eb1f697a6bb19210e541c960cb428fb2be75b81684bc666028efe1f998d8605fb7894da4b36e8d6924b850257c9c258d42fe4171a109f722d745c13747b2089c4d3f0fd466101b756161c0a9b42037aabfc5e2e9983d04e0e5f7c794b3362952f23b8a56734ab259f7ef856ab6fed7", 0x4, &(0x7f0000000100)={&(0x7f0000000300)="11359302187cc4c451330c1f1d31f828233c89e3043f4d172ae5387207b71d00d101664e49e801742c7449ab8f85010a1c6ed2b8ebb39c93334e669a5d14289eb84354f8efbe88dd90c7eea6de7e6b463ff0a7cd41a1e04724305fc68294a337afc6a30c9ce7e1d09953a92abc5278335d5c06a0427646ae1de2cf27346a26e3bed113a3b14fad4004c92a5769bf07d7797107886935832dedff10d96dbfb6a58c23a94697279d7b8e13", 0x6}, 0x3, &(0x7f0000000180)="e3a039dc6b6186e4c4b5a60742ebe8323823dc8d0cd50256192c6fd2a5dd78cdace3b45c8fe3144f43484f25dc79fd42e01314e7d3fc614af6d5b4e7934e660059bb19e86050ecb3ff9393e72c2d6569b5af7b06cdceba68ff3510a9475e52eb56f22fa8e45c44", 0x0, 0x1ff}, 0x2}, 0x1, 0xa9a) ioctl$auto(r3, 0x900064b7, r3) settimeofday$auto(0x0, 0x0) openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f00000006c0)='/sys/kernel/debug/tracing/events/vmalloc/filter\x00', 0x103041, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 3m3.995519111s ago: executing program 34 (id=4896): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa}, 0x58) r0 = socket$nl_generic(0x10, 0x3, 0x10) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x7) write$auto(0xca, 0x0, 0x7e) setreuid$auto(0x0, 0x0) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x20802, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x7ff, 0x4, 0xdf, 0x13, 0x2, 0x8001) syz_genetlink_get_family_id$auto_ncsi(&(0x7f0000000080), 0xffffffffffffffff) r3 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x102, 0x0) r4 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) mmap$auto(0x0, 0x2010d, 0x8, 0x20000000000e31, 0x40000000000a5, 0x1) close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) r5 = socket(0x9, 0x5, 0x5) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @local}, 0x406a) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) setsockopt$auto(r0, 0x10000000084, 0x1, 0x0, 0x8) sendmmsg$auto(r5, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1fff8}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) sendmmsg$auto(r4, &(0x7f00000003c0)={{&(0x7f0000000240)="702a4fffc6ad10dd6d80767a19ba84dfa2740cc6418876baf0eb1f697a6bb19210e541c960cb428fb2be75b81684bc666028efe1f998d8605fb7894da4b36e8d6924b850257c9c258d42fe4171a109f722d745c13747b2089c4d3f0fd466101b756161c0a9b42037aabfc5e2e9983d04e0e5f7c794b3362952f23b8a56734ab259f7ef856ab6fed7", 0x4, &(0x7f0000000100)={&(0x7f0000000300)="11359302187cc4c451330c1f1d31f828233c89e3043f4d172ae5387207b71d00d101664e49e801742c7449ab8f85010a1c6ed2b8ebb39c93334e669a5d14289eb84354f8efbe88dd90c7eea6de7e6b463ff0a7cd41a1e04724305fc68294a337afc6a30c9ce7e1d09953a92abc5278335d5c06a0427646ae1de2cf27346a26e3bed113a3b14fad4004c92a5769bf07d7797107886935832dedff10d96dbfb6a58c23a94697279d7b8e13", 0x6}, 0x3, &(0x7f0000000180)="e3a039dc6b6186e4c4b5a60742ebe8323823dc8d0cd50256192c6fd2a5dd78cdace3b45c8fe3144f43484f25dc79fd42e01314e7d3fc614af6d5b4e7934e660059bb19e86050ecb3ff9393e72c2d6569b5af7b06cdceba68ff3510a9475e52eb56f22fa8e45c44", 0x0, 0x1ff}, 0x2}, 0x1, 0xa9a) ioctl$auto(r3, 0x900064b7, r3) settimeofday$auto(0x0, 0x0) openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f00000006c0)='/sys/kernel/debug/tracing/events/vmalloc/filter\x00', 0x103041, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 2m51.875103337s ago: executing program 2 (id=4944): semctl$auto(0x8, 0x1, 0x6, 0xff) r0 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) socket(0x11, 0x4, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$auto(0x3, 0x0, 0x100082) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) pwritev$auto(0xffffffffffffffff, 0x0, 0x4, 0x3, 0x9) ioctl$auto(r0, 0x5270, 0xffffffffffffffff) write$auto(0x3, 0x0, 0xfdef) arch_prctl$auto(0x5003, 0x8000002007fe) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x400000040000, 0x200006, 0x80000000000000, 0x40eb1, r0, 0x4) socket$nl_generic(0x10, 0x3, 0x10) unshare$auto(0x40000080) sendmsg$auto_NL80211_CMD_GET_WIPHY(0xffffffffffffffff, 0x0, 0x4) socket(0x10, 0x2, 0xc) sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="0100"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44) unshare$auto(0x8) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}}, 0x3, 0x0) syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000002c0), 0xffffffffffffffff) 2m48.907554326s ago: executing program 2 (id=4948): sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x90}, 0x2004088d) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/dummy_hcd.7/usb8/power/wakeup_total_time_ms\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000080)=""/173, 0xad) openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x802, 0x9, 0x63, 0x0, 0x0, 0x0, 0x7, 0x7ff, 0x800000000100002, 0x0, 0x2, 0xc, 0x40, 0x1c, 0x20000000009, 0xb}) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) futex_waitv$auto(&(0x7f0000000000)={0xfffffffffffffffd, 0x7e4, 0x2}, 0x1, 0x0, 0x0, 0x623d) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000140)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="24051c27c100dedbdf250307cc0008000200", @ANYRES32=0x0, @ANYBLOB="060007000080000006000700050000000a00050000000000000000000a00010000000000000000000a0001000000000000000000060006000d00000006000600070000000a0001"], 0x6c}}, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = socket(0x2, 0x1, 0x106) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x200903, 0x0) socketpair$auto(0x1, 0x10000002, 0x78, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0xe8, 0x9, 0x2, 0x1, 0x5, 0x4, 0x15f4da0e, 0x8, 0x9, 0x100000000000000c, 0x8, 0x1, 0xfca, 0x9, 0x2, 0x4000000000000d]}, 0x0) pwrite64$auto(0xc8, &(0x7f0000000140)='\vX\xb5n\x91p\xe6\x1eRNM\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00,\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbe\x01\x00\x00\x00\'\x03\x00\x00\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^B\xb8\xe4j\t,\xe4\x90\xcc\x9d\xc5\x0fo\x84\xf4\x89\v\xea\x1b\x95\xafQ;CL\"\x01@\x00\x00\x00\x00\f\x00\xc0\x13\xc8\xe2\xae\xf5\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8d\x81\x81O*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,8\x93\xba\x88\x93\x9d\xb6\x1a\x7f\xc0%\xb0\x83ROJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd6eWj\xdc\xac\x88\xf0\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00\x00\xff\xff\x00'/242, 0xfdf0, 0x39) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) getsockopt$auto_SO_RCVMARK(r2, 0x0, 0x4b, &(0x7f0000000000)='}\'.^\x00', &(0x7f00000000c0)=0x7) mmap$auto(0x0, 0x40009, 0x36, 0x9b72, 0x7, 0x28000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) shutdown$auto(0x200000003, 0x400002) mlockall$auto(0x7) bind$auto(r1, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) write$auto(0x3, 0x0, 0x1) 2m47.653007775s ago: executing program 2 (id=4949): close_range$auto(0x0, 0xffffffffffffffff, 0x2) fanotify_init$auto(0xc00, 0x2000000000002) r0 = open(&(0x7f0000000000)='./file0\x00', 0x165b42, 0xe1d2b27bdc14aa98) fanotify_mark$auto(0x400000000000, 0x105, 0xf2b, r0, 0x0) r1 = socket(0x28, 0x800, 0x1) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) r2 = io_uring_setup$auto(0x203, 0x0) setsockopt$auto(0x3, 0x0, 0x2, 0x0, 0x3) write$auto(r1, &(0x7f0000000000)='/dev/loop6\x00', 0x6) write$auto_fops_init_pkru_pkeys(r2, &(0x7f0000000280), 0x0) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x10000}, 0x7, 0x0, 0x5, 0xb}, 0xfff}, 0x8, 0x311) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop6\x00', 0x18dd01, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) lsm_list_modules$auto(0x0, 0x0, 0x0) r3 = socket(0x2, 0x801, 0x106) sendmsg$auto_ETHTOOL_MSG_LINKMODES_GET(r3, 0x0, 0x24040000) getsockopt$auto(r3, 0x11c, 0x3, 0x0, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_map_fd=0x5, 0x4007, @old_prog_fd=0x13b}, 0xa3) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/consoles\x00', 0x400200, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x200000000008000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x6) socket(0x2, 0x1, 0x0) setsockopt$auto(0x3, 0x200001, 0x2000000a, 0x0, 0x9) openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x40342, 0xb) 2m46.228569823s ago: executing program 2 (id=4953): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/zswap/parameters/compressor\x00', 0xc0002, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x9, 0x2, 0x1d2c, 0x3, 0x4, 0x15f4da0e, 0x6, 0x9, 0x100000000000000c, 0x8, 0x4, 0xfca, 0x9, 0x2, 0x4000000000000d]}, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ram1\x00', 0x6281, 0x0) ioctl$auto_BLKZEROOUT(r0, 0x127f, 0x0) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r1, 0xc0045002, 0x0) close_range$auto(0x2, 0x8, 0x0) pread64$auto(0xffffffffffffffff, 0x0, 0x20000000001, 0x28001) 2m45.536452365s ago: executing program 2 (id=4954): r0 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x1c, 0x80000009, 0x6, 0x0, 0x0, 0x0, 0x1001, 0x8, 0x80000008000000a, 0x40000402, 0x9, 0x8, 0xffffffff80000000, 0x800000000000d, 0x6}) r3 = socket(0xa, 0x3, 0x3c) connect$auto(0x3, 0x0, 0x55) write$auto(r3, &(0x7f0000000080)='<&\x00I\xaar\x1c\xbb\xde\ah\x15,\xeb|\x85\xe8\x97Z\xc30\xae}\xa1\x17K(\x80]]\x8d\xb5\xeb-\x9d\xc1\xceU\xbb_\xcf\xe8#U\xd0_|\x15f\x92\xaa\x9f\xa0l}7z#u\xf6\xd1\xe1\x8d\x05=w\xf1\xb9K\xf4\\\a\xdf\x87\xbb\x03d6\xe1\x14\xb1|\x98\x82$\xf3\xb2\xcf\xb7\x7f\xf8f*/\xc2\x82\x8c2\x8d^\x10\xc6\x1cs', 0x263f) mmap$auto(0x40000000000000, 0xc, 0x4000000000df, 0x100000044eb2, 0x10006, 0x300000000000) r4 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000240)='/dev/usbmon32\x00', 0x80440, 0x0) ioctl$auto_MON_IOCX_GET(r4, 0x40189206, 0x0) ioctl$auto_MON_IOCQ_RING_SIZE(r4, 0x9205, 0x0) io_uring_enter$auto(0x3, 0x80a84, 0x80000001, 0xa, 0x0, 0x21b15ab0) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000002740), 0xffffffffffffffff) process_vm_readv$auto(0x0, 0x0, 0x1, 0x0, 0x2, 0x6) setgroups$auto(0x0, 0x0) getgroups$auto(0x7fd, 0x0) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x0, 0x1010001, 0x100000003) madvise$auto(0x1000, 0x400050, 0x9) write$auto(0x1, 0x0, 0x80000000) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYRES16=r2, @ANYRES16=r0, @ANYBLOB="01002cbd7000fbdbdf250300000004000800"], 0x18}, 0x1, 0x0, 0x0, 0x24040071}, 0x800) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x10, 0x80002, 0x0) r5 = epoll_create$auto(0x20009) r6 = epoll_create$auto(0x3e) epoll_ctl$auto(r6, 0x1, r5, 0x0) read$auto(0x3, 0x0, 0x8080) epoll_ctl$auto(0x5, 0x1, 0x8000000000000000, 0x0) 2m43.990093377s ago: executing program 2 (id=4956): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x10) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x2b, 0x1, 0x0) listen$auto(0x3, 0x7) r1 = getpid() io_uring_setup$auto(0x201, &(0x7f0000000000)={0x403, 0x10002, 0xfffffffc, 0x5, 0x6, 0x5, 0xffffffffffffffff, [0x0, 0x0, 0x9], {0x2, 0x2005, 0x2002, 0x8, 0x400, 0xb533, 0x9, 0x5, 0x80000000}, {0x7, 0xd, 0x6e68, 0x100, 0x6b, 0x86fe, 0x0, 0x0, 0xb1}}) r2 = waitid$auto_P_ALL(0x0, 0x1, &(0x7f0000000100)={@_si_pad}, 0x9, 0x0) rt_tgsigqueueinfo$auto_SIGCONT(r1, r2, 0x12, &(0x7f0000000180)={@_si_pad}) close_range$auto(0xffffffffffffffff, 0x8, 0x8) socket(0x2c, 0x3, 0x0) r3 = socket(0x10, 0x2, 0x4) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'xfrm0\x00'}) sendmsg$auto_ETHTOOL_MSG_RINGS_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x2000000, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20004000}, 0x2000c031) sendmsg$auto_NFSD_CMD_THREADS_SET(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="0c0000001400c7"], 0x2c}, 0x1, 0x0, 0x0, 0x4000004}, 0x4830) write$auto(r3, &(0x7f0000000000)='-\x00', 0x2fb) ioctl$auto(0x3, 0x8905, 0x38) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nbd8\x00', 0x0, 0x0) r5 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/001/001\x00', 0x29202, 0x0) close_range$auto(0x2, 0x8, 0x0) r6 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x88000, 0x0) ioctl$auto_KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r6) mmap$auto(0x2000, 0x80009, 0xb, 0x8000000008011, r5, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) madvise$auto(0x0, 0x240007, 0x19) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) 2m32.01243279s ago: executing program 6 (id=4973): close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xf) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x404240, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS0\x00', 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x10, 0x2, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) socket(0xa, 0x1, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x28b40, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket(0x2, 0x5, 0x0) socket(0xa, 0x801, 0x84) socket(0xa, 0x2, 0x3a) io_uring_setup$auto(0x6, 0x0) r1 = socket(0xa, 0x2, 0x88) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) bpf$auto(0x0, &(0x7f0000000000)=@link_update={r1, @new_prog_fd=0x4, 0x4, @old_prog_fd=r0}, 0xa3) bpf$auto(0x3, 0x0, 0x7) r2 = openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000100), 0x440202, 0x0) fadvise64$auto_POSIX_FADV_WILLNEED(r2, 0x7fff, 0x6, 0x3) 2m31.583067863s ago: executing program 6 (id=4974): semctl$auto(0x8, 0x1, 0x6, 0xff) r0 = openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) socket(0x11, 0x4, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$auto(0x3, 0x0, 0x100082) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) pwritev$auto(0xffffffffffffffff, 0x0, 0x4, 0x3, 0x9) ioctl$auto(r0, 0x5270, 0xffffffffffffffff) write$auto(0x3, 0x0, 0xfdef) arch_prctl$auto(0x5003, 0x8000002007fe) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x400000040000, 0x200006, 0x80000000000000, 0x40eb1, r0, 0x4) socket$nl_generic(0x10, 0x3, 0x10) unshare$auto(0x40000080) sendmsg$auto_NL80211_CMD_GET_WIPHY(0xffffffffffffffff, 0x0, 0x4) r1 = socket(0x10, 0x2, 0xc) sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="0100"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44) unshare$auto(0x8) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}}, 0x3, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB='q\x00\x00\x00', @ANYRES16, @ANYBLOB="10002cbd7000df250a0a08000a"], 0x10e}}, 0x10004010) 2m28.272640192s ago: executing program 6 (id=4977): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0xa, 0x5, 0x0) syz_genetlink_get_family_id$auto_nlbl_calipso(&(0x7f0000000040), r0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D2\x00', 0x40001, 0x0) openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0) r1 = socket(0x1d, 0x2, 0x6) bind$auto(r1, &(0x7f0000000040)=@can={0x1d, 0x0, 0xfd}, 0x6) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000300)='/dev/snd/controlC2\x00', 0x8100, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/platform/dummy_udc.3/driver_override\x00', 0xe2685, 0x0) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_taskstats(&(0x7f0000000140), r2) r4 = getpgrp(0x0) sendmsg$auto_TASKSTATS_CMD_GET(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x1c, r3, 0xa01, 0x70bd2b, 0x25dfdbfb, {}, [@TASKSTATS_CMD_ATTR_TGID={0x8, 0x2, r4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4001}, 0x20000000) r5 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000100), r1) r6 = waitid$auto(0xff, 0xffffffffffffffff, &(0x7f0000000140)={@_si_pad}, 0x0, &(0x7f00000001c0)={{0x0, 0x3}, {0x0, 0xfde}, 0x200, 0x8, 0x4, 0x0, 0xfb, 0x4, 0x6, 0x1, 0x90fa, 0xfe00000000000000, 0x7, 0x8, 0x1, 0x1}) r7 = wait4$auto(0x0, &(0x7f0000000280)=0x8, 0x5, &(0x7f0000000340)={{0x1}, {0x15, 0x71e}, 0x5, 0x4, 0x125d, 0x7fffffff, 0x0, 0xfffffffffffffff9, 0xfffffffffffffff9, 0x3, 0xf3, 0x3, 0x10000, 0x9, 0x1, 0xe2}) sendmsg$auto_TIPC_NL_LINK_GET(r2, &(0x7f0000001a00)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000019c0)={&(0x7f0000000400)={0x1588, r5, 0x800, 0x70bd25, 0x25dfdbfe, {}, [@TIPC_NLA_UNSPEC={0xa4, 0x0, "4363a86dea606b70c7a811a5fd2507677c795e7bbc1bc7e8ebe3d937d0bc9245774f5727d0fa3c590edadc8cbd2e9d633169bc353f2880c2760659d43091472977220fcf7969822a962f8cda597c54effdb186038131aac8bc97196bac15affbd54e2528fb1f95b3037ab1e5c05b34b04cc7bd0ef4649893439ff17a873b3616cf287f7c92acf1d22dd5d2e5f932fa98484ca19f0594118985fffa318f2f7ed3"}, @TIPC_NLA_MON={0xcc, 0x9, 0x0, 0x1, [@typed={0x8, 0xcb, 0x0, 0x0, @u32=0x9}, @generic="fe0e7c1dedc002153154c00ad5d0d90d72fe4ec772cc3cba76532a6c940189d941ea93288aa2d71ef7c0c92df84173baa8b42efbe6ab11de2416f4981449db454b1903e7df0ac6bb5dbc418d64bed9ba7f339dade52af71dbe05f9643e2551f8f89ad8d527e3be81096d8c8a9be9bab19046d04be67dbb0968b1fc63e39b78d864a0706d844969890b100355bb61e80320e63191bbb9451f15d61eb749b95ee0a49c224245ca8c4a576b4e7f801a4e9f6d933909038fc89060a3cacea52fa80c"]}, @TIPC_NLA_SOCK={0xdc, 0x2, 0x0, 0x1, [@typed={0xd6, 0x7b, 0x0, 0x0, @binary="5fd039ed8f94bf42b3f14724dabaa449a0ead6d738085a5f8a266b615900ac7caae4a8feb080a5823b7c01f14801969eee8702c6399fbbd389d304823f417058b6620f9c09be83fa12adc25d5fe8e48c7e9ba23d5bfc909d2d871baff795b32dfefb30e4f40e82cc2dfaa436dd970a1ae2eb46141b79ea7b4138280b0c2a3b3441df728e8b205715e7cb067618038c44f32c452b074b44ba44222da83497582d0943b922c85b8d6f820d90140276a80e580ad068441f39d6f24fa93ad963d517fcfbdc086816ff4f40c3b6852dd6e78d5501"}]}, @TIPC_NLA_BEARER={0x156, 0x1, 0x0, 0x1, [@nested={0x38, 0x11d, 0x0, 0x1, [@nested={0x4, 0x6d}, @typed={0x4, 0x61}, @nested={0x4, 0xc3}, @generic="5d728995d5d793c2bf26066b2b1457f354232773361962b29284ae4f88d8f265da325644", @nested={0x4, 0xaf}]}, @generic="f102b3abfafbf083d59ac29033a608ecfa01011791f9b911e2d642daf295d65fab707523552f8a3575d3bd4efc2ac5b784fb2b15843e009f11d35b8c68e6e49688ed0176aaafe0c91bb9ed0fb1bffb324f5b", @nested={0x10, 0x23, 0x0, 0x1, [@nested={0x4, 0x6f}, @typed={0x8, 0x53, 0x0, 0x0, @u32=0x96dc}]}, @nested={0xa7, 0xa2, 0x0, 0x1, [@nested={0x4, 0xdd}, @generic="ddbbacfc0444e9ecafa20c899ebb25eac5e4a1ea5cdcbcb1f3a31d697f23d5aafeeddb60535b65b3f64d727e5a9c54ee95c98bbf0513dd8c1777cfa28c4c14b25cb43fb4b6494a864576a97c06694f7c04451c4149cca1adb303cc10595ca87c1ecf05bbd658727f29d1c4d89f85c5f92426b4", @typed={0xc, 0x127, 0x0, 0x0, @u64=0x5801}, @typed={0x8, 0xc7, 0x0, 0x0, @pid=r6}, @typed={0x14, 0x84, 0x0, 0x0, @ipv6=@loopback}, @nested={0x4, 0x14e}]}, @nested={0x10, 0x150, 0x0, 0x1, [@typed={0x8, 0x7c, 0x0, 0x0, @uid=0xffffffffffffffff}, @nested={0x4, 0xda}]}]}, @TIPC_NLA_MEDIA={0x18b, 0x5, 0x0, 0x1, [@generic="6e4cd282ab19be219c134e1196d6859f940d61615b1645105f851b322f641bcd376bb3ee4910953829db75de2f6de5e9157e239bdab1b9ab50bcdd3fd8c0b1f9051fa7af6cda98353b022c044189923b07f052bd3a2421eb08410f848b48c81c607c4e58c66e4cfb229d22010f4e902e2cd588f6705f4303f647b95817f04c74dd8e06d506a6ce532c38b9a52a5a0a964159b51aa329cbed502f30d6727a67051d3cfcf4543c0097fff41a348d091024022b868ad054641fd606abcf0112c3be052410e8944a5f52798e69d5a25468cfc594474ef0be", @generic="b10f82c4d12a8299bb70795a910d358eeda6be905d774902b6cd0728726e926841cfae997c3923d0cfd420231672e1b0fdf900d404717c8762f0f0ec2a3d93cb9a002972e931ea538a5bd3dfb6b399fef54ea6f13477f9594fe38390d55ca9eb858fb493e5b62f6f5af5cc17e11a08275501f980228c52a7b82373bfc53740b15ad131c017e205bb31c11796daaae6e42c68c3a566e295654caa7f5e94a5fc3d5c199c57d4069cc831db621c59f0d9d9ca"]}, @TIPC_NLA_BEARER={0x28, 0x1, 0x0, 0x1, [@nested={0x1c, 0xd5, 0x0, 0x1, [@typed={0x17, 0x59, 0x0, 0x0, @str='/dev/snd/controlC2\x00'}]}, @typed={0x8, 0x155, 0x0, 0x0, @pid=r7}]}, @TIPC_NLA_MON={0x101c, 0x9, 0x0, 0x1, [@typed={0x8, 0xd8, 0x0, 0x0, @u32=0xc}, @generic="2108aacdc9d56184f56c84d2a7511d853fa98e40f8fb9f793ace8d7ee6d354ff6b670845b776131c921c2edbea096c005f9728c0341a00183af38ff3cccfd8b23a49093cbd1c1becccb613d6044195b709cc256217a6689ac830a1a3be8b4efce633f4d93d8fb8e47868839b12ddb8b7db34f74092f63f777cd7d7da9f853eeb7d3c1c935a2e142d03124411c0b1f9d87553b5250fdb4bf55086ec10174ea23a8f6e4b2c7fdbf07543589fb9b5dada99be8531f543a2bc96ecdcfb7813e446892eee01f2caaf0f5be4081c40ebd3597dc0076824cb9fa6abe907eed32b3507b42ca95437375a7bd8b44f9682b2236d0669e0ccbf6ad9bd698f334422fbe25ece820dc5533516a579048ac89dcd33018e9bbb84e4f099a536a41982f7b3584e178613ae00bd7f5d8f6927f8ca11b26e5529dd51392f0b016eef72d2e175e9febaa650cc9fba8d69e39ccbc8ec9db8546867ce2ec06c2d7710b8e4972dde2b9697b08aefb2b5be5f8b0d88f5d9e470e51f2ea64bd6def8c17afc0e432d82f70a207b809bd9d5f842e9f7da6c7dd7dde25888d510232f2360ef8f1f6c35ea9a7bee3d2670576d02f40fbc5b103c5ce82f94a4d66fd3f411961ed4be7e74305e31844836fbc7b86bc6cdff7a805f1adc617457311a04306ebcb140b2c5d6f30bf1954299a266e1ba1a26f12bcc103cac1f4ba54e92eecef7842f4ea317202d1b0c7fbdf71d513f05d1452807b02a756bdcbec564b372360970dd40e157c5f09e2307e4fcc71e658b9b17da18f13e70ffaf5517557a43e64ee6bc67329f6a8609988a50bfc5913b2821da21043827529cad7b22833ce08e658bcb39cb0593ad5ba57670119bf896ceb16c7d3db63f7ffcb1d6413fcae7ad54389a599b06dcac3870518636ec034cf11453962aea2e37eef769b7a341d0f3d6117ddd86ce394caf8f1da19111ce3f4b0f2da5a2f57076805185ba628988fdd59cbd3f5efecfc8aae416c799b0ad63adf60f8758599152e8160db93f778dbdf8e243a5d65520e559c8dfb173c47532459cbfc485c38687ece366e8f8bfb1412caf6baddd3ce45edfe6afb9f07b12c9bf6dc887ee5ccdfb07b5cb05eeed61f4fb9bbe212480c30fbcf40aacc7567d22466555e65c214399491be40f4d2193bd0c36851fc8eb1c7478b3dbff6c8cb19e61279b0cfeb4518ef310026a1d7e306af992b00e6527340ab06a2f89e8d671f634df90560268d2c6aee94131f4f58c923b04568600356a98cd1337eaef3f88670be4a1c15265188e1a8e992ed76f1c0e4e5f03c6690c5f1836a99eba8443fb5d5cbaad48a5736bf1a017f6ebd0517efcb75bc8113dd0d49b0d17010faa153e465c61aa453537e33faeca13bd136f8ea52427f21dcb86db885c08918e55184d8500e2d91d11532cfdc8b150b4c196f49893352bdf30baad2003da218d594f2db4363c6cc6bd1999cc8e738b8629c46f245fde418606628c2b2d8cfd0200b5a5ccbbc99b38a2849aa070304b3bc6cb87ecdff7a507ac33154e8adf5e7eb2b3024dd83228b1ebd928c993c35929925a5ba92290763e241fe16d9b73cdf9886ebe353c3fbbb8be8f9c9fe76e30933c5a0d7b67122071adc85971eab6ce3df9125b172d53df6e773ea56947232b8c643226d64dc84cd460bdeb2127a4de58f468ab4430288108ff915ffcc5b2cb21f664d261e928f4784e3921c79617870886c8e74cad24d806c87c4fd14de35841da91c3937ef7bb454c12e31bb0ff5049a916bc80ba78be1d08f9beca7fc6c035d0250c24967ebf60eb4ba0dc8de553e2c690d63fa8c0daced5a0302e7188958316e14d0351f37bcac58ce143b1a53b2436d6271d1a6e669adf97b575413a453d798e739eaffe6e718ec369f36950e1bf003cfecc889ebb2bcb32ba0232f1c8573d64f52ffd43df05edcf3707af427d4aa4a4241a16ea18649af11ae9226678bce6e963bad1fa61df38829e5894f11bf7eaba7d53e0bdf87d93f061a38dcfc61c5f8cd0674eb272a85994b21e1d2222981916d087fee8d54a88b24cdf31290efcd724d3a5d6e137e62f339c0f67f43bb4f7675b07417a7ef6e12100cfb1d7487cfd125a235104aad83b33151de585cd488062f8ce7720b80eab65a1feaa4a2d28b9c5250ae0bd3e282a6812f4731d804579cc8368de44c765d4573d40f384d02334448c8d9a71d2189fa93c3e4573983f995528aa64fb39b102a9cc8f0dc4624e93c57c4c440d8c3120bb1f127ed3c99a56c7147380891c80c5bac032a5ba04a355f4d49101b47eebe57952bddc537f21a66a182b6b6a0a9d1f869cc67a3bc8a60e14c884f958701ec7271d4876206879728cb51e836c330364d3220f89df2de2c371a75c4b86c5a4b0a83eec82eb4d79cf61daa89a76645d81815d46e2774cb4f274c0f3187427f9696a20e753ff23976a965a10e49199f576ccd3837e9788780e05e2c21961eb2bbe3a92eb867f15428f582a887631722117e19c5d401011327ba6394697c4f419cb9686c9a388a22291650a563361c63eba8964d7a63f3e76a94b2d6c90d2bc159ff51ed3587b8c57ec1c913ab173779a95ef7a8a229eb473d15ce9a7a11f4186c4e5c47c8f5e0e0c65504536c4032b952bde859fd83e0899bf62ebabf140ea08cc65964e17f89ccb332b347d51dc82538c16a7c44672d79603f46d6a1ee734d02901ca4d6bb55fff7d3632e3f35ff250b67c9d5f83bb5ee207e52b651df2dec1c6cdc78c5f6a9f2d1ec13e2ffb06b190d66aaa70de4a438bddc591d7eb797c512db9880c895fc1f159178fd6dd30d8c2ea8454434eccbb0a80ce502c0a4571d27714246775998f72338c58c37f11de7f1c20dd20ba4d9b75ce5fc0793ae8d9ccb5caffba7f63a82b494c2e372f6c0e7dcc1876b8f2b2847a47640be1376a48f5715698cccce2f336de05526fe60fc99d379fc5cfaba0f78a6a463fe23e5b4cb2cdaa0c600ff0e735d6ca2b60c7592deceb65e46ec6bd86c7d28b5a26f4032b55fd3dd3f8bc5984826542cbc9efb8a5be5f09a68ad2e81cd10fc0b9cfef23f422fdc954ec38deb270eb2b9ed26558993679f691d811cd03f3c4f98276f08091130bd58f1b324c55b4aa1b59acee3973a47c87006c46640ef422f35240e479f29609292887c45d6ceaf5f6f0fc41f6169cd8c97f03485206cf05219b882f4e4fa0ea08ccca64b7452d9736edd4983e49d5a69a24ad47a27c52e4dae9a34944b68e275b0d600c07c66bd7a8085aef9f455a4e1210e231cc179b9f093f46ab566578e8ec00c9b71649ef11a174ef72d060bec145d91664545b023bc1c86cd0d23b87d8c98a4c4fc1e387e395ceb613b17d63946a074d70202362db0f10c225bc73f983712e87f769df182ddce18e87ba41e5de62157a38fbd02ecd93af5c9cacce44b47dddfe065e3f08eda0fa6a4266be89117853778bec5183ccd4d240f2a7de5d1c3e72203720da68440a2f467a1b15bcf29174675a3be5141695c74aecd8413f0a13d51764e22f41205671a41c67cc7eadb0ed6efa9bf36fde63600fe376c6409da316eab8a851830537048fe7219e051c87674f85c2994c13c29b0ac7770010a36d268318e6d09a14220ae4aafbd58df9d2ccebaa4f92a4306880f4d46cf07314d71f9942f3bd70b22ee01d77841850fc3c2f4e957320c9be61cd7f35e4a3d7d3e6ac4eb0f4c78e8e9484487dae5157a8b5ea4599eb37b1e7a30e099eed7e322d932587b0194b6caf0a47402f343a3f12f929213a7ce4267c38bd18f8d0b0b33c772ee15d2b32ae332002966b654905e47a4d899ffee8aa4f2d8339c68e198c341dd862677221274ef7359a9a2093c9c201ac39ddbde8acf49f30234aa57112fac68931c1debd4a57e25fb6039197a049b19da8ff80b33f02d92560c81189c947029d254dac0bde9b7d35c6677cad3f362f7b28b8bc9b157d88aef50f7835a9dbaba39a9cdb7644686c6e8a433a1c7c97a3d96ce826dbf28e6663ee5d9c92deb6215a90481739889b2164c2eaea08c93c93da67eb48c3c3924eb70f6bc7240258c9079406daa0b800ab3666be7fb94972f894f4f12c46ab697738ce8d343d79b3b516f64d60560e5aeffdfda9e448cc453e765753c8b4eb76ef50f39695ac222b12c2e137836cf5c7f12830e9588f72f8158e9235b82d6d6ffb8cd268a6ed22cf6fc69c4b8285cb3f1ee397eb43f2adf63c6a48838ad5fd375eba5a570d19163bf089a4a3bdd51588d52db8dd8b8b4f750f40c12d910c8bde063efb62d2d64c1e26b0a3073f89a1e0fd4468c6869b9a429a7928129f30d7b36ebe276d46daca7ea850b2489225e01facce28112435283a5013fdd581f08dd92fb75b63857a268f6dba3e4f1868fc49ff0a7f552a1b3f8ea490542b3b8618ecfc304839b12ba56c527e930f3dccc9fb97de9e3109cd4189c0198d56a027b47b9bb6fddebe8f5db6997cacdbc1c75bce735ce2c962c1364c7fa1c145e0048776dbe3d26999575ca364d7b84a1039671a560cc877aee6a95f5b615854584d2b5795715e148c306258a5643e86fc47bc02f4440a81bafe95d8b9b4608882346c6f4d28818569751f411cc31b62cff784077e9ee98f914c2c0f6512c32187e3524e46ed26888e3fc7c7a3f19ded5f4040ace09ca960acd8bac66cb04fa2f0e9d8ce64360af7e012d0b81afde09b34c67ecfe9095847010f9ccb2be22e70303e197f4fcf19ce823730eec482d4dc93cc476f38e6bbecfb26c4d72d16babe03576ad56e5fd291def463412cc9de01361a229521c398c5e6f161d5e87a364fab524951a98ded1767b3a9ed2d5ab569cde49020e926fa37fa3b2701900664d3b6b455c13162ba7f5c407858a60fead87e68a0a9db9dcebc726393f07eccc3010dd3cbb6d16678909cb13f7367ef6733f5104dd68dfc30ddced6a35aed99566bcda8b0343ac2d13ebe34b14beeb001c0df908f5c6d4bd166cd35bb5eb77316e316ba6d745871357f3bb4783ed24649468e7dab447676d67e170037dd553626561acdb03c39b205504dcea7298c09fbd227bb28f6b1fc214de98d090c2363806b7032fedd8944606561174a8d54cf85eb4646c6eeac07ada559d2ac402f86af66e91faa4dad34498dc24744eb87d11df948a438671ad726592d7936febb54dc7d310ece90534930de9fb06f0a259ac3c8758b72f620d29e124d8feefa012a3037595abdc0d745897fb220cb94bcce557c3bb3fd54ccb1b7e49a9bcf1ce9fb3b265f96559cda24d67fe818cfe66e11dc01cdd6ce63947097815dde3bff8cf445075aa98ce98d8adbee6c2c8c3cd699741732287624901c8b3300f58031ecaff5e2c466076a403fb56bbd29d91f3670bd271c7ed4c48021e9e465e513d3a02a9aa293b9d441b6d58b63af7a58dc4194bd239dd6cfa4804334bf4fe3a661dded917e07942b761e33818bc309cf25d03ec54f62f53a7c7c73d3f2b28e27af9f17f10dce99940cdcd2903be421995031cc730ea629cc8aea5795f6657d0db09bd7730de220739c9e24ce066cfd3250fb9bef1044b0ddb799ac9132ee3c7c9aec530bf3068e0bc2c639a1204a7d7db37cd607c403a0caf6a7923184a576f8f9aa768d59d4a6886bb39f4296d9feddfbe6c7fc7140812c765f72e9bc7049edb761a4618753172778f08287fe3507cc6859425d13ecebc9760f87c2d52a932d1c433b6d2bcb88eaa7864a9ce774784e2740d688744b650fe2070efc27ce511958ecf971cafbe835a62af8b18595a4587bc3085e90b3e0", @typed={0x10, 0xb5, 0x0, 0x0, @str='/dev/rfkill\x00'}]}]}, 0x1588}, 0x1, 0x0, 0x0, 0x4000090}, 0x20000058) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0xffffffffffffffff, 0x8, 0xd, 0x5, 0x948b, 0x336, 0x15f4da0c, 0x1, 0x6, 0x0, 0x8000000080000001, 0x7, 0x0, 0x5, 0x2]}, 0x0) 2m27.802968117s ago: executing program 6 (id=4980): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x6a1, 0x2000000000002) socket(0x28, 0x1, 0x0) socketpair$auto(0x1e, 0x1, 0x0, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) fanotify_mark$auto(0x0, 0x1, 0x9, 0x4, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC0\x00', 0x2900, 0x0) ioctl$auto(r0, 0xc1205531, 0xffffffffffffffff) 2m27.26607461s ago: executing program 6 (id=4982): openat$auto_dvb_dvr_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000080), 0x2003, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, 0x0, 0x2002, 0x0) close_range$auto(0x2, 0xa, 0x0) socket(0x11, 0x3, 0x9) sendmsg$auto_TIPC_NL_NET_GET(0xffffffffffffffff, 0x0, 0x20000000) bpf$auto_BPF_PROG_BIND_MAP(0x23, &(0x7f0000003180)=@task_fd_query={0x0, 0xffffffffffffffff, 0x5, 0x6, 0x52, 0xe, 0xffffffffffffffff, 0x0, 0x6}, 0x101) landlock_create_ruleset$auto(&(0x7f00000000c0)={0x2, 0x2}, 0x7fffffffffffffff, 0x6) poll$auto(&(0x7f0000000d40)={0xffffffffffffffff, 0x1, 0xa}, 0x5, 0x3) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000180), 0x40900, 0x0) ioctl$auto_UBI_IOCATT(r0, 0x40186f40, 0x0) ioctl$auto_UBI_IOCDET(r0, 0x40046f41, 0x0) ioctl$auto_UBI_IOCDET(r0, 0x40046f41, 0x0) read$auto(0xffffffffffffffff, 0x0, 0x20) mmap$auto(0x6, 0x2020009, 0x3, 0xebd, 0xffffffffffffffff, 0x8000) ioctl$auto_BLKDISCARDZEROES(0xffffffffffffffff, 0x127c, 0x0) 2m26.006114368s ago: executing program 6 (id=4985): socket$nl_generic(0x10, 0x3, 0x10) bind$auto(0x3, &(0x7f0000000000)=@generic={0x10, "a500acb75c9cedd1b5e9a0d76293"}, 0x68) r0 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/devices/virtual/net/bond0/bonding/arp_ip_target\x00', 0xa0002, 0x0) write$auto_ocfs2_control_fops_stack_user(r1, &(0x7f0000003900)='\t', 0x1) ioctl$auto_KVM_GET_EMULATED_CPUID(0xffffffffffffffff, 0xc008ae09, &(0x7f00000004c0)={0x7fffffff, 0x0, [{0x4, 0xff, 0x1000000, 0x400, 0x1ff5, 0x6, 0x6}, {0xffffffc0, 0x53, 0x8, 0x3, 0x5, 0x6, 0x2}, {0x83d, 0x80, 0x633, 0x5, 0x7, 0x7, 0xfe}, {0x1, 0x200, 0xbba, 0x1, 0x7, 0x1, 0x3f1}, {0x95, 0x2, 0xdffb, 0x80000001, 0x6e, 0x7fffffff, 0x10}, {0x7fff, 0x0, 0x7, 0x8, 0x4, 0x0, 0x7}, {0x1, 0x1, 0x2, 0x2c, 0x9, 0x5, 0x8}, {0x4, 0x10, 0x82e1, 0xe, 0x9, 0x7, 0x8}, {0x1, 0x9a6e, 0xfff, 0x9, 0xfffffffd, 0x3, 0x3ff}, {0x3, 0x5, 0x7ff, 0x40, 0x7f74, 0x2416, 0xb9}]}) write$auto(r0, &(0x7f0000000080)=')@-!\x00', 0x1e1) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/kernel/perf_event_max_contexts_per_stack\x00', 0x202, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) socket(0x2b, 0x1, 0x1) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x3ff, 0x9, 0x5, 0x14, 0x944, 0x1ffe4, 0x3, 0x6, 0x4, 0x9, 0x400005, 0x4000fff, 0x8000007, 0x8001, 0xd, 0x5, 0x3, 0x4, 0x7, 0x20, 0x309, 0x8, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x78, 0x0, 0x0, [0x3, 0x0, 0x0, 0x200, 0x9, 0x0, 0x0, 0x4, 0xffffffffffffffff, 0x0, 0x0, 0x4000000000000, 0x2000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x82, 0x800000000002, 0x9, 0x0, 0xbec, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x10, 0xfffffffffffffffe, 0xffffffffffffd059, 0x0, 0x0, 0x0, 0x2961, 0x0, 0x2]}, 0x2001fb, 0x7f) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) r3 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0x1f00, &(0x7f0000000100)={0x0, 0xfdef}, 0x2, 0x0, 0x7, 0xa505}, 0x700}, 0x7, 0x4008) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000040)={0x2, "f74d086d6600f5daa47fca1f1a0730a2f629350000000000000008600418af10", @inferred=r2}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_uhid_fops_uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2800, 0x0) readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x1000}, 0x100000007) r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/neigh/vlan1/base_reachable_time\x00', 0x40400, 0x0) read$auto(r4, 0x0, 0x1ff) r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x8002, 0x0) writev$auto(r5, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000140)='/dev/v4l-subdev5\x00', 0x280600, 0x0) sendmsg$auto_NL80211_CMD_NOTIFY_RADAR(0xffffffffffffffff, 0x0, 0x4) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x4, 0x0) seccomp$auto(0x1, 0x0, &(0x7f0000000100)="740fb5dc698e7ba7e41f") 2m10.779031686s ago: executing program 35 (id=4985): socket$nl_generic(0x10, 0x3, 0x10) bind$auto(0x3, &(0x7f0000000000)=@generic={0x10, "a500acb75c9cedd1b5e9a0d76293"}, 0x68) r0 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/devices/virtual/net/bond0/bonding/arp_ip_target\x00', 0xa0002, 0x0) write$auto_ocfs2_control_fops_stack_user(r1, &(0x7f0000003900)='\t', 0x1) ioctl$auto_KVM_GET_EMULATED_CPUID(0xffffffffffffffff, 0xc008ae09, &(0x7f00000004c0)={0x7fffffff, 0x0, [{0x4, 0xff, 0x1000000, 0x400, 0x1ff5, 0x6, 0x6}, {0xffffffc0, 0x53, 0x8, 0x3, 0x5, 0x6, 0x2}, {0x83d, 0x80, 0x633, 0x5, 0x7, 0x7, 0xfe}, {0x1, 0x200, 0xbba, 0x1, 0x7, 0x1, 0x3f1}, {0x95, 0x2, 0xdffb, 0x80000001, 0x6e, 0x7fffffff, 0x10}, {0x7fff, 0x0, 0x7, 0x8, 0x4, 0x0, 0x7}, {0x1, 0x1, 0x2, 0x2c, 0x9, 0x5, 0x8}, {0x4, 0x10, 0x82e1, 0xe, 0x9, 0x7, 0x8}, {0x1, 0x9a6e, 0xfff, 0x9, 0xfffffffd, 0x3, 0x3ff}, {0x3, 0x5, 0x7ff, 0x40, 0x7f74, 0x2416, 0xb9}]}) write$auto(r0, &(0x7f0000000080)=')@-!\x00', 0x1e1) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/kernel/perf_event_max_contexts_per_stack\x00', 0x202, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) socket(0x2b, 0x1, 0x1) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x3ff, 0x9, 0x5, 0x14, 0x944, 0x1ffe4, 0x3, 0x6, 0x4, 0x9, 0x400005, 0x4000fff, 0x8000007, 0x8001, 0xd, 0x5, 0x3, 0x4, 0x7, 0x20, 0x309, 0x8, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x78, 0x0, 0x0, [0x3, 0x0, 0x0, 0x200, 0x9, 0x0, 0x0, 0x4, 0xffffffffffffffff, 0x0, 0x0, 0x4000000000000, 0x2000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x82, 0x800000000002, 0x9, 0x0, 0xbec, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x10, 0xfffffffffffffffe, 0xffffffffffffd059, 0x0, 0x0, 0x0, 0x2961, 0x0, 0x2]}, 0x2001fb, 0x7f) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) r3 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0x1f00, &(0x7f0000000100)={0x0, 0xfdef}, 0x2, 0x0, 0x7, 0xa505}, 0x700}, 0x7, 0x4008) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000040)={0x2, "f74d086d6600f5daa47fca1f1a0730a2f629350000000000000008600418af10", @inferred=r2}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_uhid_fops_uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2800, 0x0) readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x1000}, 0x100000007) r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/neigh/vlan1/base_reachable_time\x00', 0x40400, 0x0) read$auto(r4, 0x0, 0x1ff) r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x8002, 0x0) writev$auto(r5, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000140)='/dev/v4l-subdev5\x00', 0x280600, 0x0) sendmsg$auto_NL80211_CMD_NOTIFY_RADAR(0xffffffffffffffff, 0x0, 0x4) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x4, 0x0) seccomp$auto(0x1, 0x0, &(0x7f0000000100)="740fb5dc698e7ba7e41f") 2.902180207s ago: executing program 3 (id=5242): openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x121140, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xa001, 0x0) close_range$auto(0x2, 0xa, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/lru_gen_full\x00', 0x400, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_ftrace_set_event_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000002640)='/sys/kernel/debug/tracing/set_event_pid\x00', 0x2002, 0x0) r0 = openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/buffer_size_kb\x00', 0x40, 0x0) readv$auto(r0, &(0x7f0000000100)={0x0, 0x3}, 0x1) r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_open_procfs$namespace(r1, 0x0) write$auto(0x3, 0x0, 0xfdef) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/tty/ptybd/power/autosuspend_delay_ms\x00', 0x0, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) 2.586246636s ago: executing program 3 (id=5244): unshare$auto(0x40000080) (async) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) listen$auto(0x3, 0x81) (async) socket(0x13, 0x3, 0xb) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x8f80, 0x0) (async) r2 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/fs/netfs/volumes\x00', 0x40080, 0x0) pread64$auto(r2, 0x0, 0x8100000041, 0x413e) clock_nanosleep$auto(0xfffffff2, 0x5, 0x0, 0x0) (async) mremap$auto(0x1ff000, 0xfffffffffffffffe, 0x843, 0x3, 0x2) (async) mremap$auto(0xfffff000, 0x4, 0x4, 0x7, 0x1001ff000) (async) fsopen$auto(0x0, 0x1) (async) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) (async) madvise$auto(0xfffffffffffffffa, 0x5, 0x19) waitid$auto_P_PIDFD(0x3, r1, &(0x7f0000000040)={@siginfo_0_0={0x2, 0x4, 0x0, @_rt={0xffffffffffffffff, 0x0, @sival_ptr=&(0x7f0000000280)="79ca6170c72c9b5affac767c0127e58e38f3f407303ed544651fc514ea2bf3a8d8ec1b5efc99d62cbb8043d4582607afd440f400a4fdcd74a0d6cc759ee437d05a5a149e70f79615cb36ed421aea340b2fe64c6f0439d9294cee642b94067691cdb8738f2363b14d75159d50f1d2041552ec66151a9f701e52dbbc1da461754f08314b0d6bbb04733b1e75896aa1d04e8e80eeef31efb7c1d6d29923d10bb06fc202e8c6970da24c428b428a45a8146761b0799727aa98dee9a474d1ec2011619ef92795e56f01adc6944105d7bf5c917ab81c899a21ee50a5ef56db545f7c67b8077183bc65"}}}, 0x20f5, &(0x7f0000000440)={{0x0, 0x80}, {0x8, 0x3}, 0xc2, 0xfffffffffffffff1, 0x80000001, 0x9, 0x1, 0xffffffffffffffff, 0x10, 0x101, 0xfff, 0x0, 0x3, 0x9, 0x8, 0xfffffffffffffffa}) (async) madvise$auto(0x0, 0x2003f2, 0x15) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) mmap$auto(0x0, 0x4, 0x4000000000df, 0x78, 0x4, 0x300000000000) (async) socket(0x1d, 0x3, 0x1) (async) ptrace$auto(0x4206, 0x1, 0x100000000, 0xe855) (async) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x182b02, 0x0) sendfile$auto(r3, r3, 0x0, 0x3) (async) madvise$auto(0x0, 0xffffffffffff0005, 0x3) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/virtual/block/ram8/trace/pid\x00', 0x808882, 0x0) write$auto(r4, &(0x7f00000004c0)='1\x00\\\xa0\x04|\xfd\xca\x12\xfa\b\x1c\xc7k\x923\xe05\"3n\x84n#\xd1\xcaso\v\xf0\xda\xbb\x86\xbcX\xb4\x999\\\xa8&;<\xca\xa8\x05\x9d\x9e-\xc3\x93\xaa\xda\x02\x03\xddUbHu\x01\x00\x00\x00\xac\xa7\x93T\aA\xbd\xc0\xb8K\xd7\xed\xcbP\xa1\xfe\xc7\xa1\x8b\xa7\x02\xad\xbc\xfaq*0F\xff&\xbb+\x9b\xe2\xbfd\xf7\xde\xb40\x1d=\x99\xe2\x06\xbf\x9cNS\xbf\x82\x9c\xfb', 0x3) (async) read$auto(0x3, 0x0, 0x7fffffff) (async) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, 0x0, 0x40000, 0x0) (async) madvise$auto(0x0, 0xffffffffffff0001, 0x15) 1.773191239s ago: executing program 3 (id=5246): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0xa, 0x0) r0 = socket(0x2b, 0x1, 0x1) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(r0, 0x2, &(0x7f00000000c0), 0x1) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="0700000000000000df250a"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a00"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x20000800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) recvmmsg$auto(r1, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={0x0, 0xcb}, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x1c1041, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\a\x00\x00'], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a00"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="19"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) io_uring_register$auto(0x2, 0x3, 0x0, 0x0) 1.658289593s ago: executing program 5 (id=5247): setresuid$auto(0x8, 0x8, 0x0) (async) r0 = setfsuid$auto(0xee00) (async) socket(0x2, 0x2, 0x88) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) (async) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) (async) signalfd$auto(r1, &(0x7f0000000140)={0x8000000000000001}, 0x4) (async) madvise$auto(0x0, 0x200007, 0x1d) (async) bind$auto(r2, &(0x7f0000000340)=@rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x5}, 0x6a) mmap$auto(0x87, 0x2020008, 0xfffffffffdfff1ae, 0xeb1, 0xffffffffffffffff, 0x8000) (async) write$auto(0xffffffffffffffff, 0x0, 0x5) (async) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffb, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) (async) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x4015) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/kallsyms\x00', 0x20100, 0x0) pread64$auto(r3, 0x0, 0x80000000008, 0x8000) (async) setreuid$auto(r0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000000540), r4) (async) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', 0x0}) sendmsg$auto_NET_SHAPER_CMD_DELETE(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000640)=ANY=[@ANYBLOB="20000000d5dd2ec3fc137d3c4294c0a746686a2c4898a73b854018fef2b5ef676219928daa6886720da2ad550ac317cec3fbd457e3ae426ac0327610d1c5bf8d18541e7232e165ac165d1eaa2224f06eae8150ce1f07712fa29d795b244e7b4af2d427f61624f739924e0b1331a83e2e6a456ad8adc8c45b3556e8a5", @ANYRES16=r5, @ANYBLOB, @ANYRES32=r6, @ANYBLOB="04000180"], 0x20}, 0x1, 0x0, 0x0, 0x44000}, 0xc050) (async) msgsnd$auto(0x2, &(0x7f0000000300)={0x4, 0x9}, 0x65, 0xfffffffd) (async) fsconfig$auto(r4, 0x10000001, &(0x7f0000000180)='\x05', 0x0, 0x0) (async) r7 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async) prctl$auto(0x3e, 0x0, 0x0, 0x6, 0x1) write$auto(r7, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) 1.466558202s ago: executing program 3 (id=5248): mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) ioctl$auto_BLKRRPART(0xffffffffffffffff, 0x125f, 0x700000000000000) r0 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x6, 0x1, 0x9, 0x7, 0x3b, 0x3ff, 0x1ffde, 0x7, 0x6, 0x2, 0x9, 0x3, 0x6, 0x4, 0xb2, 0x9, 0x3, 0xfffc, 0x80, 0x7, 0x40000, 0x7, 0x2000, 0x200, 0x0, 0x81, 0x0, 0x7, 0x0, 0x0, 0x0, [0x1000000001, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x9, 0x4, 0x0, 0x0, 0x9]}, 0x202, 0xd) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x5}, 0x7, 0x0) acct$auto(0x0) r1 = socket(0x10, 0x3, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, 0x0, 0x100000a3d9) mmap$auto(0xf0, 0x400009, 0xdf, 0x9b72, r1, 0x8000) r3 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) ioctl$auto_VHOST_SET_BACKEND_FEATURES2(r3, 0x4008af25, &(0x7f0000000080)=0x2) socket(0xa, 0x5, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x31f882, 0x0) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000180), 0x109802, 0x0) close_range$auto(0x2, r4, 0x0) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x88000, 0x0) ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r5) ioctl$auto_KVM_GET_MSRS(r4, 0xc008ae88, &(0x7f0000000040)={0x7, 0x0, [{0x400000b5, 0x2, 0x6}]}) msync$auto(0x7, 0x8, 0x400000004) open(0x0, 0x163340, 0x2c) ioctl$auto_TIOCVHANGUP2(0xffffffffffffffff, 0x5437, &(0x7f0000000280)="34516f7276dfaacf46facb8323edc3f98472075577769a1f838e20ecf400bfb58bb5") prctl$auto(0x35, 0x0, 0x8, 0x0, 0x400) prctl$auto(0x34, 0x0, 0x0, 0x3999, 0x3ff) 1.371004635s ago: executing program 5 (id=5249): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/power/resume\x00', 0x189002, 0x0) r1 = socket(0xa, 0x1, 0x100) sendfile$auto(r1, r0, 0x0, 0x4) writev$auto(r0, 0x0, 0x3) mmap$auto(0x0, 0xe983, 0x100000000, 0x17, 0x401, 0x8000) r2 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x613583, 0x0) mmap$auto(0x0, 0x400008, 0xe3, 0x9b72, r1, 0x8000) close_range$auto(0x2, 0x8, 0x0) r3 = io_uring_setup$auto(0x6, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(r1, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20008040}, 0x8000) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) syz_clone(0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0) semctl$auto(0x7, 0x2, 0x13, 0x1) madvise$auto(0x0, 0x200007, 0x8) statmount$auto(0x0, &(0x7f0000000180)={0xf, 0xfffffffd, 0x44b, 0x20000003, 0x5, 0x1007181, 0x7ff, 0x400007, 0x3, 0x2, 0x800c, 0x80000001, 0x6, 0x3, 0x200000004, 0x1000de0, 0x9809588, 0xfffffffd, 0x2, 0x9, 0x864, 0x5, 0x21ffc, 0x964, 0x20006, 0x800c3f, 0x5bd3, 0x0, 0x1, 0x8400, 0x39, [0x0, 0x0, 0x0, 0x7fdd, 0x47, 0x4000000000000, 0x20000100, 0x0, 0x200000000000000b, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x7cd, 0x8, 0x4, 0x8000000000000, 0x1, 0xa, 0xfffffffffffffffe, 0x0, 0x3, 0x100000006, 0x7, 0x4, 0x7, 0x0, 0x0, 0x0, 0xff, 0x3, 0x0, 0x6, 0x7fc, 0xa721, 0x0, 0x1, 0x0, 0xf]}, 0xa, 0xd) openat$auto_uinput_fops_uinput(0xffffffffffffff9c, 0x0, 0x101001, 0x0) close_range$auto(0x2, 0x8, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000200), 0x101802, 0x0) r6 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) mmap$auto(0x0, 0x7fff, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_HANDSHAKE_CMD_DONE(r1, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000440)={&(0x7f0000000580)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=0x0, @ANYRES16=r5, @ANYRES32=r4, @ANYRES16=r2, @ANYRES32=r3, @ANYBLOB="08000200", @ANYRES32, @ANYBLOB="08000200", @ANYRES32, @ANYBLOB="08000200", @ANYRES32=r3, @ANYBLOB="08000200", @ANYRES32, @ANYBLOB="8e8a93cdefa90962cf18af8b4ffdde59b081fa901386f29446702320ed26de08f20300ffff00001aefd9e59fed25668fdd0a14bb647ca957d841aee7b08cb0cdd1a86afd832113f1008c736fd8c48a3b94cd8f638829c4dec0ad0cf3a9ce1f88c6c63c10e56671a0d5dd001565ae4368479bc83b9aafe5eff5af40ef7e080d6168ed15a50352ceafb8db4f2568232f90db691e87b5793c11d658c572423e62fc6ac96082ddf85613e3cdd88de6da7be0af202e883eeb809a0c880a54030cda13d1046bcda2ead7516200ed12d4b4935886a9e70c070077694515a3840000000000000000"], 0x5c}, 0x1, 0x0, 0x0, 0x4010}, 0x40000) close_range$auto(0x2, 0x8, 0x0) r7 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r7) ioctl$auto_KVM_GET_MSRS(r6, 0x4068aea3, &(0x7f0000000080)={0xa3}) close_range$auto(0x2, 0x8, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/031/001\x00', 0x208e40, 0x0) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/security/tomoyo/domain_policy\x00', 0xc0802, 0x0) 850.834417ms ago: executing program 3 (id=5250): connect$auto(0xffffffffffffffff, 0x0, 0x8) io_uring_setup$auto(0x59, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) openat$auto_clear_warn_once_fops_(0xffffffffffffff9c, 0x0, 0x410c01, 0x0) close_range$auto(0xffffffffffffffff, 0xa, 0x0) r0 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x68082, 0x0) ioctl$auto_MEMGETINFO(r0, 0x80204d01, 0x0) keyctl$auto_KEYCTL_SESSION_TO_PARENT(0x12, 0x9, 0x600, 0x0, 0x75) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) futex$auto(0x0, 0x85, 0x38, 0x0, 0x0, 0x80800005) r1 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x68082, 0x0) ioctl$auto_BLKPG2(r1, 0x1269, 0x0) r2 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x12002, 0x0) ioctl$auto_XFS_IOC_ATTRMULTI_BY_HANDLE(r2, 0x4048587b, &(0x7f0000000340)={{r2, &(0x7f0000000000)="5963a72e0fb3c20ad7e273ed7d0362", 0x4, &(0x7f0000000040), 0x2, &(0x7f0000000140)="d0507ce69fcd1afb0741a14185a8f73dd4675eff4ab883c8f980910ebeb49589d4047d206b3ae75b330f72eb", &(0x7f0000000180)=0x1ff}, 0x2, &(0x7f0000000300)={0x6, 0x7fff, &(0x7f00000001c0)="6811c59cddb917fd127970567b4ec6412b0a5cd26381a1c6239527f23c4ac289f64d4f509b80d03a20cb83111d41fe80c66a4015eba0c626f9c7a9fb22622f9cf29e1e341a53bdeaea4ae49ae531e23d52e36c89933d9cd7c9ccf76047b9652530dfc5a68a7db7f9bea64d78aeb670f3bc07a6ab937cee7bc141e094b86bd54db005e61ecbff562379ba564982c1a4d0f3267f4b15cdd47338d18855e0142d751da75d19645d116fdec716f5e68daaaa13a9344ce72cb22bdcfb5b3a828bab6c9d7d613eef5c021ba7618b490b6cfd70b23bcd55f71c38d2753854660e319134940963", &(0x7f00000002c0)="3fe90cafe87c27db66de6e568623cc7e1ffffbf70f7a00", 0xce, 0x8}}) open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) socket(0x2, 0x1, 0x106) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x5, 0x84) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x6e602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000cf, 0xeb1, 0xffffffffffffffff, 0x8000) socket(0x10, 0x2, 0x0) 846.180354ms ago: executing program 5 (id=5256): mmap$auto(0x0, 0x1, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) setsockopt$auto_SO_RCVPRIORITY(0xffffffffffffffff, 0x0, 0x52, &(0x7f00000001c0)=')(&\x00', 0xbd) select$auto(0x4, 0x0, &(0x7f0000000080)={[0x209c, 0x80000e9e, 0x5, 0x8001, 0xfffffffffffffffb, 0x100000004, 0x2c2, 0x800002017d, 0x4, 0xdfdfffff, 0xd, 0xd59, 0xfb, 0xff, 0x6, 0x100000005]}, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_SMC_NETLINK_DISABLE_SEID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYBLOB="013b"], 0x14}, 0x1, 0x0, 0x0, 0x880}, 0x810) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080), 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 635.176598ms ago: executing program 5 (id=5251): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/timers\x00', 0x109500, 0x0) pread64$auto(r0, 0x0, 0x8, 0xffff) r1 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyba\x00', 0xc00, 0x0) ioctl$auto_TIOCSSERIAL(r1, 0x541e, &(0x7f0000000080)="b55f0ba48fbe601f41dfffe5de4bb70d6c6e0f3c360fe356ac893b8ff1c042010a0bf2f2ccf3dcd02041c712005dd05f9aeb155e7fe276f533e43586bb1b3272594a4a2f81fc6c36dbafca351fdf1e3ffe0a5f1fbe2d44c0a63745ddc4a00b9f0efacffc372084f8ddcb5214a3579bb1102eef7b230d0aa198756c45") openat$auto_bridges_fops_(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/debug/dri/vkms/encoder-0/bridges\x00', 0x400400, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x9, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/module/zswap/parameters/enabled\x00', 0x62, 0x0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000000100)=ANY=[@ANYBLOB="3a9a57196985ff8b17b5f924a381c3a33afafe2ab33374561c6ff823124cc6435fda0a2ead95faaeccb87bb3f2f8c3ebd7e31ce917b1f80b0000000000009a00"/73, @ANYRES16, @ANYBLOB="010027bd7000fbdbdf2504000000080017000800000004000e00"], 0x20}, 0x1, 0x0, 0x0, 0x220000c1}, 0xc0) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x10000000400008, 0xdf, 0x9b72, 0x2, 0x40000008000) mmap$auto(0x0, 0x2020005, 0x203, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event0\x00', 0x80, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) fadvise64$auto_POSIX_FADV_SEQUENTIAL(r2, 0x9, 0x9, 0x2) read$auto(r4, 0x0, 0xe8) r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000001240)='/proc/thread-self/fail-nth\x00', 0xa0302, 0x0) writev$auto(r5, &(0x7f0000000200)={0x0, 0x7}, 0x3) capget$auto(0x0, 0xfffffffffffffffe) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0xfffffdcb, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x200040c4}, 0x440c5) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x800000004, 0x7, 0xfffffff9, 0x0, 0x0, 0x0, 0x6, 0x10001, 0x7, 0x8001, 0x7ffffff7, 0x5, 0x4, 0x5, 0x61, 0x600000000000}) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r6, 0x89fc, &(0x7f0000000040)={'bridge0\x00'}) socket(0xf, 0x3, 0x2) 307.465138ms ago: executing program 5 (id=5252): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) fstat$auto(r0, 0x0) close_range$auto(0x0, 0x5, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptytd\x00', 0x800, 0x0) r1 = socket(0xa, 0x2, 0x0) setsockopt$auto(r1, 0x29, 0x32, 0x0, 0x13) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_JOIN_IBSS(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x24, r2, 0x10, 0x70bd26, 0x25dfdbff, {}, [@NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x3}, @NL80211_ATTR_CRIT_PROT_ID={0x6, 0xb3, 0x401}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000011}, 0x804) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101c40, 0x0) r4 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$auto_PPPIOCSMRU(r4, 0x40047452, &(0x7f00000000c0)) r5 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r3, 0x541c, r5) 39.371887ms ago: executing program 3 (id=5253): openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x121140, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xa001, 0x0) close_range$auto(0x2, 0xa, 0x0) r0 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/lru_gen_full\x00', 0x400, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/net/lapb4/ifalias\x00', 0x1a1842, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}, 0x1, 0x0, 0x0, 0x4000804}, 0x40000) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x44814}, 0x2004c0c4) r2 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) unshare$auto(0x10000) mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = io_uring_setup$auto(0x6, 0x0) listmount$auto(0x0, 0x0, 0x4, 0x101) init_module$auto(0x0, 0xffff9, 0x0) r4 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video36\x00', 0x8a603, 0x0) ioctl$auto_v4l2_fops_v4l2_dev(r3, 0x3, &(0x7f00000001c0)="9b6e55ad20c86c38d25417ab82cd7cf7acd488f51db79f3f6656e823df5f8ae1c4965e48d3be81370e5f077dc9cffb806cb1b7526793547e6df25431f553265f8088323b559c411ff26177ad57d732e035b7ac45aba215882c58cf6631531c6faf3651b7ea7c3b690e6b7712280e99882328360d48c370c487cb82ad8ae016c46f5eb0507e7459b9956d7677400b7e388f37c72a7890968e8bd1832b647d03ca6475cd2403996f41713eb6dc78876c5f36c15dd9c6edf27c718a586f2ca96dcfb72f42003f4d682f6b0e9dd7b75a84d2af18eb8e102972f155ea32") ioctl$auto(r4, 0x5646, r4) close_range$auto(0x2, 0xa, 0x0) r5 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0x4040, 0x0) fadvise64$auto(r5, 0x8, 0x400000000000006, 0x4) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB, @ANYRES16=r2, @ANYBLOB="000336bd7000fedbdf25020000"], 0x24}, 0x1, 0x0, 0x0, 0xc005}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x20090}, 0x20040844) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) r6 = socket(0xa, 0x5, 0x84) setsockopt$auto(r6, 0x10000000084, 0x20, 0x0, 0x7) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x44814}, 0x2004c0c4) acct$auto(&(0x7f0000000000)='/dev/bus/usb/015/001\x00') sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0x800}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0xa788}, 0x7, 0x8) 0s ago: executing program 5 (id=5254): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0xa, 0x0) r0 = socket(0x2b, 0x1, 0x1) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(r0, 0x2, &(0x7f00000000c0), 0x1) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="0700000000000000df250a"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a00"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x20000800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) recvmmsg$auto(r1, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={0x0, 0xcb}, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x1c1041, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\a\x00\x00'], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a00"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="19"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) io_uring_register$auto(0x2, 0x3, 0x0, 0x0) kernel console output (not intermixed with test programs): ge_slave_0) entered forwarding state [ 1443.024244][T26072] tpg colorspace: 8 [ 1443.085428][T25570] bridge0: port 2(bridge_slave_1) entered blocking state [ 1443.093009][T25570] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1443.105851][T26072] tpg transfer function: 0/0 [ 1443.180247][T26072] tpg Y'CbCr encoding: 0/0 [ 1443.215132][T26072] tpg quantization: 0/0 [ 1443.219323][T26072] tpg RGB range: 0/2 [ 1443.267774][T26072] vivid-007: ================== END STATUS ================== [ 1443.304738][T25859] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1443.811389][T26085] Bluetooth: hci10: Opcode 0x0c1a failed: -4 [ 1443.859496][T26085] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1443.900263][T26085] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1443.922186][T26085] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1443.956367][T26085] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1444.029649][T26085] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1444.347513][T25859] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1444.578920][T26113] ubi0: attaching mtd0 [ 1444.619103][T26113] ubi0: scanning is finished [ 1444.653743][T26113] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1444.963588][T25859] veth0_vlan: entered promiscuous mode [ 1444.989119][T26113] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1445.162867][T25859] veth1_vlan: entered promiscuous mode [ 1445.281912][T25859] veth0_macvtap: entered promiscuous mode [ 1445.325036][T25859] veth1_macvtap: entered promiscuous mode [ 1445.415445][T25859] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1445.478200][T25859] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1445.520921][T25659] Bluetooth: hci10: command 0x0406 tx timeout [ 1445.570854][T25570] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1445.608360][T25570] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1445.698145][T25570] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1445.813285][T25570] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1445.924122][T25659] Bluetooth: hci3: command 0x0c1a tx timeout [ 1445.930198][T25659] Bluetooth: hci1: command 0x0406 tx timeout [ 1446.002030][T25659] Bluetooth: hci0: command 0x0c1a tx timeout [ 1446.696319][T25541] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1446.785234][T25541] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1446.994517][T25570] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1447.057110][T25570] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1447.568610][T26159] EXT4-fs error (device sda1): trigger_test_error:130: comm syz.3.4653: 7 [ 1447.718592][T26165] netlink: 326 bytes leftover after parsing attributes in process `syz.4.4701'. [ 1447.929457][T26157] EXT4-fs error (device sda1): ext4_discard_preallocations:5702: comm syz.2.4702: Error -117 reading block bitmap for 3 [ 1447.983910][T26157] EXT4-fs error (device sda1): ext4_discard_preallocations:5702: comm syz.2.4702: Error -117 reading block bitmap for 3 [ 1448.036831][T26171] netlink: 302 bytes leftover after parsing attributes in process `syz.3.4704'. [ 1448.082612][T25659] Bluetooth: hci0: command 0x0c1a tx timeout [ 1448.823968][T26186] netlink: 342 bytes leftover after parsing attributes in process `syz.5.4706'. [ 1448.877841][T26186] IPv6: Can't replace route, no match found [ 1449.176465][T26179] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz.4.4705: bg 4: bad block bitmap checksum [ 1449.232921][T26179] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 74 [ 1449.299190][T26179] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1449.299190][T26179] [ 1450.163409][T25659] Bluetooth: hci0: command 0x0c1a tx timeout [ 1450.757527][T26198] Bluetooth: hci10: Opcode 0x0c1a failed: -4 [ 1450.809994][T26198] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1450.855869][T26198] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1450.891943][T26198] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1452.407608][T25659] Bluetooth: hci10: command 0x0406 tx timeout [ 1452.884560][T25659] Bluetooth: hci0: command 0x0c1a tx timeout [ 1452.890965][T25659] Bluetooth: hci3: command 0x0c1a tx timeout [ 1452.898833][ T5837] Bluetooth: hci1: command 0x0406 tx timeout [ 1455.067086][T26298] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 1455.117201][T26300] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 1456.216634][T25550] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 1456.263501][T25550] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1456.263501][T25550] [ 1456.309610][T26322] ubi0: attaching mtd0 [ 1456.342940][T26322] ubi0: scanning is finished [ 1456.369278][T26322] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1456.560014][T26322] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1457.566103][T26347] : Can't lookup blockdev [ 1458.678996][T26368] loop6: detected capacity change from 0 to 8192 [ 1458.836986][T25511] EXT4-fs (sda1): Delayed block allocation failed for inode 2032 at logical offset 9 with max blocks 14 with error 117 [ 1458.914308][T25511] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1458.914308][T25511] [ 1459.017103][T25511] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 1459.106434][T25511] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1459.106434][T25511] [ 1459.282934][T25511] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm kworker/u8:1: bg 5: bad block bitmap checksum [ 1459.347678][T25511] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 4096 with max blocks 1 with error 74 [ 1459.413806][T25511] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1459.413806][T25511] [ 1460.785414][T26385] Bluetooth: hci10: Opcode 0x0c1a failed: -4 [ 1460.838173][T26385] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1460.861969][T26385] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1460.918860][T26385] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1461.342097][T26396] NFSD: Failed to start, no listeners configured. [ 1461.388078][T26400] FAULT_INJECTION: forcing a failure. [ 1461.388078][T26400] name failslab, interval 1, probability 0, space 0, times 0 [ 1461.442074][T26400] CPU: 0 UID: 0 PID: 26400 Comm: syz.4.4755 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1461.442119][T26400] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1461.442130][T26400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1461.442146][T26400] Call Trace: [ 1461.442156][T26400] [ 1461.442165][T26400] dump_stack_lvl+0x100/0x190 [ 1461.442209][T26400] should_fail_ex.cold+0x5/0xa [ 1461.442239][T26400] should_failslab+0xc2/0x120 [ 1461.442266][T26400] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1461.442300][T26400] ? alloc_super+0x52/0xd20 [ 1461.442343][T26400] alloc_super+0x52/0xd20 [ 1461.442383][T26400] ? __pfx_mqueue_fill_super+0x10/0x10 [ 1461.442418][T26400] sget_fc+0x117/0xc70 [ 1461.442455][T26400] ? __pfx_set_anon_super_fc+0x10/0x10 [ 1461.442493][T26400] ? __pfx_mqueue_fill_super+0x10/0x10 [ 1461.442526][T26400] get_tree_nodev+0x28/0x190 [ 1461.442568][T26400] mqueue_get_tree+0xf1/0x130 [ 1461.442602][T26400] vfs_get_tree+0x92/0x320 [ 1461.442637][T26400] fc_mount_longterm+0x1a/0x270 [ 1461.442676][T26400] mq_init_ns+0x482/0x820 [ 1461.442724][T26400] copy_ipcs+0x3dd/0x7e0 [ 1461.442766][T26400] create_new_namespaces+0x20a/0xac0 [ 1461.442793][T26400] ? security_capable+0x80/0x260 [ 1461.442832][T26400] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1461.442865][T26400] ksys_unshare+0x473/0xad0 [ 1461.442899][T26400] ? __pfx_ksys_unshare+0x10/0x10 [ 1461.442942][T26400] __x64_sys_unshare+0x31/0x40 [ 1461.442972][T26400] do_syscall_64+0x106/0xf80 [ 1461.443003][T26400] ? clear_bhb_loop+0x40/0x90 [ 1461.443034][T26400] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1461.443064][T26400] RIP: 0033:0x7f0208f9c799 [ 1461.443085][T26400] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1461.443110][T26400] RSP: 002b:00007f0209ebb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1461.443135][T26400] RAX: ffffffffffffffda RBX: 00007f0209215fa0 RCX: 00007f0208f9c799 [ 1461.443152][T26400] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c000000 [ 1461.443167][T26400] RBP: 00007f0209032bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1461.443183][T26400] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1461.443198][T26400] R13: 00007f0209216038 R14: 00007f0209215fa0 R15: 00007fffcf7fd818 [ 1461.443231][T26400] [ 1462.626162][T25659] Bluetooth: hci10: command 0x0406 tx timeout [ 1462.795543][T26429] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 1462.843435][ T5837] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1462.859686][ T5837] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1462.886777][ T5837] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1462.896026][T23221] Bluetooth: hci3: command 0x0c1a tx timeout [ 1462.904371][ T5837] Bluetooth: hci1: command 0x0406 tx timeout [ 1462.912449][ T5837] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1462.920510][ T52] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1462.968595][T25659] Bluetooth: hci0: command 0x0c1a tx timeout [ 1463.040600][T26429] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1463.040600][T26429] [ 1463.360319][T26436] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 1463.487033][T26436] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1463.487033][T26436] [ 1463.856525][T26442] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4763'. [ 1463.967340][T26442] netlink: 'syz.5.4763': attribute type 1 has an invalid length. [ 1464.421345][T26456] Format for adding new device is "id port_count num_queues" (uint uint unit). [ 1464.959565][T26430] chnl_net:caif_netlink_parms(): no params data found [ 1464.966700][T25659] Bluetooth: hci2: command tx timeout [ 1465.468914][T26430] bridge0: port 1(bridge_slave_0) entered blocking state [ 1465.483414][T26430] bridge0: port 1(bridge_slave_0) entered disabled state [ 1465.516632][T26430] bridge_slave_0: entered allmulticast mode [ 1465.566711][T26430] bridge_slave_0: entered promiscuous mode [ 1465.608339][T26430] bridge0: port 2(bridge_slave_1) entered blocking state [ 1465.668707][T26430] bridge0: port 2(bridge_slave_1) entered disabled state [ 1465.706924][T26430] bridge_slave_1: entered allmulticast mode [ 1465.730982][T26430] bridge_slave_1: entered promiscuous mode [ 1465.852780][T26430] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1465.899572][T26430] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1465.964838][T26480] random: crng reseeded on system resumption [ 1466.092581][T26430] team0: Port device team_slave_0 added [ 1466.140742][T26430] team0: Port device team_slave_1 added [ 1466.339480][T26430] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1466.363321][T26430] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1466.432139][T26430] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1466.477509][T26430] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1466.484791][T26430] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1466.577976][T26430] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1467.044622][T26430] hsr_slave_0: entered promiscuous mode [ 1467.051134][T25659] Bluetooth: hci2: command tx timeout [ 1467.077563][T26430] hsr_slave_1: entered promiscuous mode [ 1467.105383][T26430] debugfs: 'hsr0' already exists in 'hsr' [ 1467.127638][T26430] Cannot create hsr debugfs directory [ 1467.717530][T26500] ubi0: attaching mtd0 [ 1467.787733][T26500] ubi0: scanning is finished [ 1467.792440][T26500] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1468.151908][T26500] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1468.164581][T26430] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1468.184891][T26502] ubi0: attaching mtd0 [ 1468.201872][T26502] ubi0: scanning is finished [ 1468.218366][T26502] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1468.260773][T26496] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1468.310523][T26496] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1468.331571][T26496] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1468.343778][T26430] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1468.365115][T26496] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1468.373607][T26502] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1468.389186][T26496] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1468.451012][T26496] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1468.660074][T26430] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1469.013232][T26430] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1469.653293][T26430] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1469.681106][T26430] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1469.710409][T26430] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1469.734451][T26430] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1470.001748][T26430] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1470.029171][T26537] netlink: 342 bytes leftover after parsing attributes in process `syz.5.4781'. [ 1470.100045][T25659] Bluetooth: hci1: command 0x0406 tx timeout [ 1470.121328][T26430] 8021q: adding VLAN 0 to HW filter on device team0 [ 1470.211415][T25543] bridge0: port 1(bridge_slave_0) entered blocking state [ 1470.218925][T25543] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1470.280941][T25543] bridge0: port 2(bridge_slave_1) entered blocking state [ 1470.288179][T25543] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1470.329807][T25659] Bluetooth: hci3: command 0x0c1a tx timeout [ 1470.407601][T25659] Bluetooth: hci2: command 0x0419 tx timeout [ 1470.413677][T26433] Bluetooth: hci0: command 0x0c1a tx timeout [ 1470.602014][T26550] ubi0: attaching mtd0 [ 1470.634358][T26550] ubi0: scanning is finished [ 1470.655701][T26550] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1470.910743][T26550] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1471.163988][T26430] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1471.627834][T26575] netlink: 54 bytes leftover after parsing attributes in process `syz.2.4788'. [ 1472.379950][T26583] bridge0: port 3(team0) entered blocking state [ 1472.486570][T25659] Bluetooth: hci2: command 0x0419 tx timeout [ 1472.498012][T26583] bridge0: port 3(team0) entered disabled state [ 1472.652232][T26583] team0: entered allmulticast mode [ 1472.671095][T26595] netlink: 16 bytes leftover after parsing attributes in process `syz.5.4791'. [ 1472.684734][T26583] team_slave_0: entered allmulticast mode [ 1472.817039][T26583] team_slave_1: entered allmulticast mode [ 1472.873633][T26583] team0: entered promiscuous mode [ 1472.996160][T26583] team_slave_0: entered promiscuous mode [ 1473.073104][T26583] team_slave_1: entered promiscuous mode [ 1473.114813][T26606] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 1473.150239][T26583] bridge0: port 3(team0) entered blocking state [ 1473.156684][T26583] bridge0: port 3(team0) entered forwarding state [ 1473.198693][T26430] veth0_vlan: entered promiscuous mode [ 1473.227786][T26606] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1473.227786][T26606] [ 1473.272191][T26595] macsec0: entered promiscuous mode [ 1473.287368][T26595] macsec0: entered allmulticast mode [ 1473.324305][T26595] veth1_macvtap: entered allmulticast mode [ 1473.388581][T26430] veth1_vlan: entered promiscuous mode [ 1473.628798][T26430] veth0_macvtap: entered promiscuous mode [ 1473.666596][T26430] veth1_macvtap: entered promiscuous mode [ 1473.932254][T26430] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1474.012801][T26430] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1474.138998][T25567] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1474.233008][T25567] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1474.293328][T25567] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1474.340832][T25567] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1474.430225][T26622] netlink: 342 bytes leftover after parsing attributes in process `syz.5.4796'. [ 1474.566746][T25659] Bluetooth: hci2: command 0x0419 tx timeout [ 1474.632024][T25564] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1474.670724][T25564] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1474.739526][T25564] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1474.766005][T25564] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1474.918296][T26630] device-mapper: ioctl: Invalid ioctl structure: name , dev 3ff [ 1475.392795][T26638] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4801'. [ 1475.618433][T26641] netlink: 54 bytes leftover after parsing attributes in process `syz.5.4800'. [ 1476.396793][T26657] FAULT_INJECTION: forcing a failure. [ 1476.396793][T26657] name failslab, interval 1, probability 0, space 0, times 0 [ 1476.562821][T26657] CPU: 0 UID: 0 PID: 26657 Comm: syz.5.4804 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1476.562865][T26657] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1476.562876][T26657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1476.562892][T26657] Call Trace: [ 1476.562901][T26657] [ 1476.562911][T26657] dump_stack_lvl+0x100/0x190 [ 1476.562956][T26657] should_fail_ex.cold+0x5/0xa [ 1476.562985][T26657] ? constrain_params_by_rules+0x175/0xcc0 [ 1476.563101][T26657] should_failslab+0xc2/0x120 [ 1476.563128][T26657] __kmalloc_noprof+0xe0/0x850 [ 1476.563165][T26657] ? unwind_get_return_address+0x59/0xa0 [ 1476.563198][T26657] constrain_params_by_rules+0x175/0xcc0 [ 1476.563234][T26657] ? stack_trace_save+0x8e/0xc0 [ 1476.563263][T26657] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 1476.563291][T26657] ? kfree+0x1f6/0x6b0 [ 1476.563320][T26657] ? snd_pcm_hw_param_near.constprop.0+0x573/0x850 [ 1476.563387][T26657] ? __kasan_kmalloc+0xaa/0xb0 [ 1476.563425][T26657] ? snd_pcm_hw_param_near.constprop.0+0xbc/0x850 [ 1476.563473][T26657] ? snd_pcm_oss_change_params_locked+0x18d9/0x39f0 [ 1476.563516][T26657] ? snd_pcm_oss_make_ready+0xeb/0x1b0 [ 1476.563567][T26657] ? snd_interval_refine+0x2d0/0x580 [ 1476.563604][T26657] snd_pcm_hw_refine+0x7e7/0xad0 [ 1476.563637][T26657] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 1476.563678][T26657] ? _snd_pcm_hw_param_min+0x1ea/0x670 [ 1476.563723][T26657] snd_pcm_hw_param_near.constprop.0+0x5d0/0x850 [ 1476.563769][T26657] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 1476.563813][T26657] ? calc_src_frames.isra.0+0x17c/0x1c0 [ 1476.563862][T26657] snd_pcm_oss_change_params_locked+0x18d9/0x39f0 [ 1476.563919][T26657] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 1476.563961][T26657] ? __pfx___mutex_lock+0x10/0x10 [ 1476.564017][T26657] snd_pcm_oss_make_ready+0xeb/0x1b0 [ 1476.564061][T26657] snd_pcm_oss_sync+0x1de/0x840 [ 1476.564108][T26657] snd_pcm_oss_release+0x238/0x300 [ 1476.564150][T26657] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 1476.564193][T26657] __fput+0x3ff/0xb40 [ 1476.564229][T26657] task_work_run+0x150/0x240 [ 1476.564266][T26657] ? __pfx_task_work_run+0x10/0x10 [ 1476.564311][T26657] exit_to_user_mode_loop+0x100/0x4a0 [ 1476.564348][T26657] do_syscall_64+0x668/0xf80 [ 1476.564378][T26657] ? clear_bhb_loop+0x40/0x90 [ 1476.564409][T26657] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1476.564436][T26657] RIP: 0033:0x7ff3b7b9c799 [ 1476.564456][T26657] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1476.564487][T26657] RSP: 002b:00007ff3b8a15028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1476.564512][T26657] RAX: 0000000000000000 RBX: 00007ff3b7e15fa0 RCX: 00007ff3b7b9c799 [ 1476.564528][T26657] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 1476.564544][T26657] RBP: 00007ff3b7c32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1476.564560][T26657] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1476.564576][T26657] R13: 00007ff3b7e16038 R14: 00007ff3b7e15fa0 R15: 00007fffbd973848 [ 1476.564609][T26657] [ 1477.303263][T25659] Bluetooth: hci2: command 0x0419 tx timeout [ 1477.825600][T26662] zswap: compressor not available [ 1478.072246][T26682] random: crng reseeded on system resumption [ 1478.102124][T26682] FAULT_INJECTION: forcing a failure. [ 1478.102124][T26682] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1478.160646][T26682] CPU: 0 UID: 0 PID: 26682 Comm: syz.2.4810 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1478.160691][T26682] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1478.160701][T26682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1478.160717][T26682] Call Trace: [ 1478.160726][T26682] [ 1478.160736][T26682] dump_stack_lvl+0x100/0x190 [ 1478.160781][T26682] should_fail_ex.cold+0x5/0xa [ 1478.160805][T26682] ? prepare_alloc_pages+0x16d/0x5f0 [ 1478.160837][T26682] should_fail_alloc_page+0xeb/0x140 [ 1478.160865][T26682] prepare_alloc_pages+0x1f0/0x5f0 [ 1478.160899][T26682] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 1478.160941][T26682] ? __alloc_frozen_pages_noprof+0x2b1/0x2ba0 [ 1478.160989][T26682] ? stack_trace_save+0x8e/0xc0 [ 1478.161018][T26682] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1478.161057][T26682] ? stack_depot_save_flags+0x27/0x9d0 [ 1478.161086][T26682] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1478.161129][T26682] ? kasan_save_stack+0x3f/0x50 [ 1478.161167][T26682] ? kasan_save_stack+0x30/0x50 [ 1478.161211][T26682] ? kasan_save_track+0x14/0x30 [ 1478.161257][T26682] ? do_sys_openat2+0x10d/0x1e0 [ 1478.161288][T26682] ? __x64_sys_openat+0x12d/0x210 [ 1478.161320][T26682] ? do_syscall_64+0x106/0xf80 [ 1478.161350][T26682] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1478.161379][T26682] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1478.161424][T26682] ? policy_nodemask+0xed/0x4f0 [ 1478.161453][T26682] alloc_pages_mpol+0x1fb/0x550 [ 1478.161481][T26682] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1478.161508][T26682] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1478.161540][T26682] alloc_pages_noprof+0x131/0x390 [ 1478.161568][T26682] get_zeroed_page_noprof+0x18/0xb0 [ 1478.161596][T26682] get_image_page+0x18/0x1a0 [ 1478.161637][T26682] alloc_rtree_node+0x3c/0xb0 [ 1478.161679][T26682] memory_bm_create+0x65e/0xba0 [ 1478.161733][T26682] create_basic_memory_bitmaps+0xbd/0x350 [ 1478.161765][T26682] snapshot_open+0x230/0x2a0 [ 1478.161794][T26682] ? __pfx_snapshot_open+0x10/0x10 [ 1478.161824][T26682] misc_open+0x26d/0x450 [ 1478.161849][T26682] ? __pfx_misc_open+0x10/0x10 [ 1478.161872][T26682] chrdev_open+0x234/0x6a0 [ 1478.161897][T26682] ? __pfx_apparmor_file_open+0x10/0x10 [ 1478.161935][T26682] ? __pfx_chrdev_open+0x10/0x10 [ 1478.161963][T26682] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1478.161997][T26682] do_dentry_open+0x6d8/0x1660 [ 1478.162021][T26682] ? __pfx_chrdev_open+0x10/0x10 [ 1478.162054][T26682] vfs_open+0x82/0x3f0 [ 1478.162089][T26682] path_openat+0x208c/0x31a0 [ 1478.162125][T26682] ? __pfx_path_openat+0x10/0x10 [ 1478.162162][T26682] do_file_open+0x20e/0x430 [ 1478.162190][T26682] ? __pfx_do_file_open+0x10/0x10 [ 1478.162244][T26682] ? alloc_fd+0x476/0x790 [ 1478.162272][T26682] ? do_getname+0x191/0x390 [ 1478.162306][T26682] do_sys_openat2+0x10d/0x1e0 [ 1478.162339][T26682] ? __pfx_do_sys_openat2+0x10/0x10 [ 1478.162375][T26682] ? find_held_lock+0x2b/0x80 [ 1478.162406][T26682] __x64_sys_openat+0x12d/0x210 [ 1478.162441][T26682] ? __pfx___x64_sys_openat+0x10/0x10 [ 1478.162487][T26682] do_syscall_64+0x106/0xf80 [ 1478.162516][T26682] ? clear_bhb_loop+0x40/0x90 [ 1478.162547][T26682] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1478.162574][T26682] RIP: 0033:0x7f19a819c799 [ 1478.162595][T26682] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1478.162621][T26682] RSP: 002b:00007f19a8fae028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1478.162646][T26682] RAX: ffffffffffffffda RBX: 00007f19a8415fa0 RCX: 00007f19a819c799 [ 1478.162664][T26682] RDX: 0000000000008001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1478.162681][T26682] RBP: 00007f19a8232bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1478.162696][T26682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1478.162711][T26682] R13: 00007f19a8416038 R14: 00007f19a8415fa0 R15: 00007ffc055ca648 [ 1478.162744][T26682] [ 1478.838417][T26685] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 1478.851395][T26685] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1478.851395][T26685] [ 1478.966115][T26687] FAULT_INJECTION: forcing a failure. [ 1478.966115][T26687] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1479.031295][T26687] CPU: 0 UID: 0 PID: 26687 Comm: syz.2.4812 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1479.031339][T26687] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1479.031350][T26687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1479.031365][T26687] Call Trace: [ 1479.031373][T26687] [ 1479.031383][T26687] dump_stack_lvl+0x100/0x190 [ 1479.031427][T26687] should_fail_ex.cold+0x5/0xa [ 1479.031457][T26687] _copy_from_user+0x2e/0xd0 [ 1479.031501][T26687] memdup_user+0x6b/0xe0 [ 1479.031543][T26687] snd_ctl_ioctl+0x739/0x1330 [ 1479.031581][T26687] ? __pfx_snd_ctl_ioctl+0x10/0x10 [ 1479.031620][T26687] ? find_held_lock+0x2b/0x80 [ 1479.031643][T26687] ? __fget_files+0x215/0x3d0 [ 1479.031665][T26687] ? hook_file_ioctl_common+0x146/0x410 [ 1479.031713][T26687] ? __fget_files+0x21f/0x3d0 [ 1479.031740][T26687] ? __pfx_snd_ctl_ioctl+0x10/0x10 [ 1479.031778][T26687] __x64_sys_ioctl+0x18e/0x210 [ 1479.031817][T26687] do_syscall_64+0x106/0xf80 [ 1479.031848][T26687] ? clear_bhb_loop+0x40/0x90 [ 1479.031879][T26687] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1479.031905][T26687] RIP: 0033:0x7f19a819c799 [ 1479.031926][T26687] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1479.031952][T26687] RSP: 002b:00007f19a8fae028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1479.031976][T26687] RAX: ffffffffffffffda RBX: 00007f19a8415fa0 RCX: 00007f19a819c799 [ 1479.031994][T26687] RDX: 0000000000000000 RSI: 00000000c4c85512 RDI: 0000000000000005 [ 1479.032010][T26687] RBP: 00007f19a8232bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1479.032025][T26687] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1479.032041][T26687] R13: 00007f19a8416038 R14: 00007f19a8415fa0 R15: 00007ffc055ca648 [ 1479.032074][T26687] [ 1479.900097][T26701] [U] [ 1479.902931][T26701] [U] [ 1479.905643][T26701] [U] [ 1479.908354][T26701] [U] [ 1479.959018][T26701] [U] [ 1479.961778][T26701] [U] [ 1479.964528][T26701] [U] [ 1479.967240][T26701] [U] [ 1480.038266][T26701] [U] [ 1480.041045][T26701] [U] [ 1480.043773][T26701] [U] [ 1480.046495][T26701] [U] [ 1480.210630][T26701] [U] [ 1480.213425][T26701] [U] [ 1480.216139][T26701] [U] [ 1480.218879][T26701] [U] [ 1480.807804][T26701] [U] [ 1480.810560][T26701] [U] [ 1480.813274][T26701] [U] [ 1480.815992][T26701] [U] [ 1480.839186][T26707] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1480.900442][T26701] [U] [ 1480.930924][T26707] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1481.062790][T26707] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1481.184653][T26707] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1482.052973][T26735] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 1482.158546][T26735] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1482.158546][T26735] [ 1482.168425][T25659] Bluetooth: hci1: command 0x0406 tx timeout [ 1482.638812][T26749] FAULT_INJECTION: forcing a failure. [ 1482.638812][T26749] name failslab, interval 1, probability 0, space 0, times 0 [ 1482.797842][T26749] CPU: 0 UID: 0 PID: 26749 Comm: syz.5.4822 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1482.797884][T26749] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1482.797900][T26749] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1482.797916][T26749] Call Trace: [ 1482.797925][T26749] [ 1482.797935][T26749] dump_stack_lvl+0x100/0x190 [ 1482.797978][T26749] should_fail_ex.cold+0x5/0xa [ 1482.798007][T26749] should_failslab+0xc2/0x120 [ 1482.798035][T26749] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 1482.798074][T26749] ? sock_alloc_inode+0x25/0x1c0 [ 1482.798115][T26749] ? __pfx_sock_alloc_inode+0x10/0x10 [ 1482.798152][T26749] sock_alloc_inode+0x25/0x1c0 [ 1482.798187][T26749] alloc_inode+0x68/0x250 [ 1482.798221][T26749] sock_alloc+0x44/0x280 [ 1482.798252][T26749] ? security_socket_create+0x7f/0x250 [ 1482.798291][T26749] __sock_create+0xc2/0x860 [ 1482.798335][T26749] __sys_socket+0x14d/0x260 [ 1482.798376][T26749] ? __pfx___sys_socket+0x10/0x10 [ 1482.798425][T26749] __x64_sys_socket+0x72/0xb0 [ 1482.798465][T26749] ? lockdep_hardirqs_on+0x78/0x100 [ 1482.798496][T26749] do_syscall_64+0x106/0xf80 [ 1482.798526][T26749] ? clear_bhb_loop+0x40/0x90 [ 1482.798557][T26749] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1482.798583][T26749] RIP: 0033:0x7ff3b7b9c799 [ 1482.798603][T26749] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1482.798629][T26749] RSP: 002b:00007ff3b89f4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 1482.798653][T26749] RAX: ffffffffffffffda RBX: 00007ff3b7e16090 RCX: 00007ff3b7b9c799 [ 1482.798671][T26749] RDX: 0000000000000073 RSI: 0000000000080002 RDI: 0000000000000002 [ 1482.798687][T26749] RBP: 00007ff3b7c32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1482.798703][T26749] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1482.798719][T26749] R13: 00007ff3b7e16128 R14: 00007ff3b7e16090 R15: 00007fffbd973848 [ 1482.798751][T26749] [ 1482.798763][T26749] socket: no more sockets [ 1483.065470][T25659] Bluetooth: hci3: command 0x0c1a tx timeout [ 1483.179356][T25659] Bluetooth: hci0: command 0x0c1a tx timeout [ 1483.242291][T25659] Bluetooth: hci2: command 0x0419 tx timeout [ 1483.856027][T26762] aoe: could not set interface list: too many interfaces [ 1483.887779][T26759] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4825'. [ 1483.919124][T26760] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4825'. [ 1484.798318][T26773] Invalid ELF header magic: != ELF [ 1485.131056][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1485.137540][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1485.400619][T26774] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1485.438261][T26774] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1485.476425][T26774] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1485.496657][T26774] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1485.965764][T26785] zswap: compressor query not available [ 1486.498053][T26795] FAULT_INJECTION: forcing a failure. [ 1486.498053][T26795] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1486.611566][T26795] CPU: 0 UID: 0 PID: 26795 Comm: syz.4.4834 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1486.611610][T26795] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1486.611620][T26795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1486.611636][T26795] Call Trace: [ 1486.611645][T26795] [ 1486.611655][T26795] dump_stack_lvl+0x100/0x190 [ 1486.611699][T26795] should_fail_ex.cold+0x5/0xa [ 1486.611729][T26795] get_futex_key+0x1d2/0x1620 [ 1486.611763][T26795] ? __pfx_get_futex_key+0x10/0x10 [ 1486.611807][T26795] futex_wake+0xea/0x530 [ 1486.611848][T26795] ? __pfx_futex_wake+0x10/0x10 [ 1486.611890][T26795] ? putname+0xb1/0x110 [ 1486.611915][T26795] ? kmem_cache_free+0x124/0x6a0 [ 1486.611955][T26795] do_futex+0x32b/0x350 [ 1486.611988][T26795] ? __pfx_do_futex+0x10/0x10 [ 1486.612019][T26795] ? __pfx_do_sys_openat2+0x10/0x10 [ 1486.612054][T26795] ? __fget_files+0x21f/0x3d0 [ 1486.612088][T26795] __x64_sys_futex+0x34f/0x4d0 [ 1486.612124][T26795] ? __x64_sys_openat+0x12d/0x210 [ 1486.612158][T26795] ? __pfx___x64_sys_futex+0x10/0x10 [ 1486.612204][T26795] do_syscall_64+0x106/0xf80 [ 1486.612235][T26795] ? clear_bhb_loop+0x40/0x90 [ 1486.612267][T26795] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1486.612293][T26795] RIP: 0033:0x7f499139c799 [ 1486.612315][T26795] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1486.612340][T26795] RSP: 002b:00007f49922930e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1486.612364][T26795] RAX: ffffffffffffffda RBX: 00007f4991615fa8 RCX: 00007f499139c799 [ 1486.612382][T26795] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f4991615fac [ 1486.612398][T26795] RBP: 00007f4991615fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1486.612414][T26795] R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000000 [ 1486.612430][T26795] R13: 00007f4991616038 R14: 00007fff8a332390 R15: 00007fff8a332478 [ 1486.612462][T26795] [ 1487.076545][T25659] Bluetooth: hci1: command 0x0406 tx timeout [ 1487.454488][T26433] Bluetooth: hci0: command 0x0c1a tx timeout [ 1487.460807][T26433] Bluetooth: hci3: command 0x0c1a tx timeout [ 1487.529815][T26433] Bluetooth: hci2: command 0x0419 tx timeout [ 1488.446449][T26821] netlink: 'syz.5.4839': attribute type 11 has an invalid length. [ 1489.466743][T25512] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 4103 with max blocks 1 with error 117 [ 1489.466881][T25512] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1489.466881][T25512] [ 1489.916409][T26832] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1489.996361][T26832] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1490.076501][T26832] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1490.156678][T26832] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1490.596718][T26846] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4846'. [ 1490.649664][T26854] ubi0: attaching mtd0 [ 1490.670420][T26854] ubi0: scanning is finished [ 1490.684522][T26846] nbd: must specify a size in bytes for the device [ 1490.691536][T26854] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1490.888768][T26854] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1491.353349][T26871] Invalid ELF header magic: != ELF [ 1491.364422][T26433] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 1491.446647][T25659] Bluetooth: hci1: command 0x0406 tx timeout [ 1492.006441][T25659] Bluetooth: hci0: command 0x0c1a tx timeout [ 1492.012507][T25659] Bluetooth: hci3: command 0x0c1a tx timeout [ 1492.166501][T25659] Bluetooth: hci2: command 0x0419 tx timeout [ 1493.424987][T26891] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1493.455240][T26891] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1493.502028][T26891] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 1493.549568][T26891] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1493.582973][T26891] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1493.819347][T26900] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 1493.898112][T26900] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1493.898112][T26900] [ 1494.817907][T26913] FAULT_INJECTION: forcing a failure. [ 1494.817907][T26913] name failslab, interval 1, probability 0, space 0, times 0 [ 1494.966516][T25659] Bluetooth: hci0: Malformed LE Event: 0x1b [ 1495.006548][T26913] CPU: 0 UID: 0 PID: 26913 Comm: syz.3.4858 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1495.006591][T26913] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1495.006601][T26913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1495.006618][T26913] Call Trace: [ 1495.006626][T26913] [ 1495.006636][T26913] dump_stack_lvl+0x100/0x190 [ 1495.006679][T26913] should_fail_ex.cold+0x5/0xa [ 1495.006708][T26913] should_failslab+0xc2/0x120 [ 1495.006735][T26913] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 1495.006776][T26913] ? kvasprintf_const+0x66/0x1a0 [ 1495.006801][T26913] ? nci_allocate_device+0x23b/0x410 [ 1495.006900][T26913] ? virtual_ncidev_open+0x6f/0x220 [ 1495.006936][T26913] kvasprintf+0xbc/0x150 [ 1495.006960][T26913] ? __pfx_kvasprintf+0x10/0x10 [ 1495.006988][T26913] ? rcu_is_watching+0x12/0xc0 [ 1495.007026][T26913] ? ida_alloc_range+0x70d/0x830 [ 1495.007056][T26913] ? kfree+0x2ec/0x6b0 [ 1495.007085][T26913] ? mark_held_locks+0x40/0x70 [ 1495.007122][T26913] kvasprintf_const+0x66/0x1a0 [ 1495.007148][T26913] kobject_set_name_vargs+0x5a/0x140 [ 1495.007187][T26913] dev_set_name+0xc7/0x100 [ 1495.007217][T26913] ? __pfx_dev_set_name+0x10/0x10 [ 1495.007260][T26913] nfc_allocate_device+0x206/0x5e0 [ 1495.007296][T26913] nci_allocate_device+0x23b/0x410 [ 1495.007338][T26913] virtual_ncidev_open+0x6f/0x220 [ 1495.007368][T26913] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 1495.007396][T26913] misc_open+0x26d/0x450 [ 1495.007420][T26913] ? __pfx_misc_open+0x10/0x10 [ 1495.007442][T26913] chrdev_open+0x234/0x6a0 [ 1495.007467][T26913] ? __pfx_apparmor_file_open+0x10/0x10 [ 1495.007506][T26913] ? __pfx_chrdev_open+0x10/0x10 [ 1495.007533][T26913] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1495.007570][T26913] do_dentry_open+0x6d8/0x1660 [ 1495.007594][T26913] ? __pfx_chrdev_open+0x10/0x10 [ 1495.007627][T26913] vfs_open+0x82/0x3f0 [ 1495.007661][T26913] path_openat+0x208c/0x31a0 [ 1495.007697][T26913] ? __pfx_path_openat+0x10/0x10 [ 1495.007734][T26913] do_file_open+0x20e/0x430 [ 1495.007762][T26913] ? __pfx_do_file_open+0x10/0x10 [ 1495.007810][T26913] ? alloc_fd+0x476/0x790 [ 1495.007843][T26913] ? do_getname+0x191/0x390 [ 1495.007878][T26913] do_sys_openat2+0x10d/0x1e0 [ 1495.007911][T26913] ? __pfx_do_sys_openat2+0x10/0x10 [ 1495.007956][T26913] __x64_sys_openat+0x12d/0x210 [ 1495.007990][T26913] ? __pfx___x64_sys_openat+0x10/0x10 [ 1495.008036][T26913] do_syscall_64+0x106/0xf80 [ 1495.008066][T26913] ? clear_bhb_loop+0x40/0x90 [ 1495.008098][T26913] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1495.008124][T26913] RIP: 0033:0x7f7c9b79c799 [ 1495.008145][T26913] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1495.008171][T26913] RSP: 002b:00007f7c9c5cf028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1495.008195][T26913] RAX: ffffffffffffffda RBX: 00007f7c9ba15fa0 RCX: 00007f7c9b79c799 [ 1495.008213][T26913] RDX: 0000000000000002 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 1495.008229][T26913] RBP: 00007f7c9b832bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1495.008246][T26913] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1495.008261][T26913] R13: 00007f7c9ba16038 R14: 00007f7c9ba15fa0 R15: 00007fffc749a108 [ 1495.008295][T26913] [ 1495.611960][T26922] sg_write: data in/out 525520918/1949 bytes for SCSI command 0x3d-- guessing data in; [ 1495.611960][T26922] program syz.5.4860 not setting count and/or reply_len properly [ 1495.645230][T25659] Bluetooth: hci1: command 0x0406 tx timeout [ 1495.653107][T25659] Bluetooth: hci3: command 0x0c1a tx timeout [ 1495.660963][T25659] Bluetooth: hci2: command 0x0419 tx timeout [ 1495.668919][T25659] Bluetooth: hci0: command 0x0c1a tx timeout [ 1495.717695][T25543] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 1495.751203][T25543] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1495.751203][T25543] [ 1495.958997][T25553] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 1496.000289][T25553] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1496.000289][T25553] [ 1496.224083][T26940] futex_wake_op: syz.5.4861 tries to shift op by -2048; fix this program [ 1496.425591][T26913] workqueue: Failed to create a rescuer kthread for wq "(null)_nci_tx_wq": -EINTR [ 1497.435602][T26960] Invalid ELF header magic: != ELF [ 1497.687499][T26433] Bluetooth: hci3: command 0x0c1a tx timeout [ 1499.097140][T26972] ubi0: attaching mtd0 [ 1499.121668][T26972] ubi0: scanning is finished [ 1499.158549][T26972] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1499.224627][T26433] Bluetooth: hci0: unexpected event 0x1c length: 725 > 5 [ 1499.473773][T26977] openvswitch: netlink: Multiple metadata blocks provided [ 1499.758316][T26972] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1500.358328][T26984] nbd: couldn't find a device at index 35644 [ 1501.596953][T26993] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 0 out of range (51000000..2150000000) [ 1502.607986][T27011] netlink: zone id is out of range [ 1502.640183][T27011] netlink: zone id is out of range [ 1502.646036][T27011] netlink: zone id is out of range [ 1502.662970][T27005] Invalid ELF header magic: != ELF [ 1504.658062][T27035] FAULT_INJECTION: forcing a failure. [ 1504.658062][T27035] name failslab, interval 1, probability 0, space 0, times 0 [ 1504.738670][T27035] CPU: 0 UID: 0 PID: 27035 Comm: syz.5.4879 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1504.738714][T27035] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1504.738725][T27035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1504.738741][T27035] Call Trace: [ 1504.738750][T27035] [ 1504.738760][T27035] dump_stack_lvl+0x100/0x190 [ 1504.738804][T27035] should_fail_ex.cold+0x5/0xa [ 1504.738833][T27035] ? net_alloc_generic+0x1e/0x70 [ 1504.738865][T27035] should_failslab+0xc2/0x120 [ 1504.738891][T27035] __kmalloc_noprof+0xe0/0x850 [ 1504.738944][T27035] net_alloc_generic+0x1e/0x70 [ 1504.738976][T27035] copy_net_ns+0xc6/0x7c0 [ 1504.739010][T27035] ? copy_cgroup_ns+0x71/0x970 [ 1504.739042][T27035] create_new_namespaces+0x3ea/0xac0 [ 1504.739076][T27035] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1504.739106][T27035] ksys_unshare+0x473/0xad0 [ 1504.739139][T27035] ? __pfx_ksys_unshare+0x10/0x10 [ 1504.739182][T27035] __x64_sys_unshare+0x31/0x40 [ 1504.739213][T27035] do_syscall_64+0x106/0xf80 [ 1504.739244][T27035] ? clear_bhb_loop+0x40/0x90 [ 1504.739274][T27035] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1504.739301][T27035] RIP: 0033:0x7ff3b7b9c799 [ 1504.739322][T27035] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1504.739347][T27035] RSP: 002b:00007ff3b8a15028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1504.739371][T27035] RAX: ffffffffffffffda RBX: 00007ff3b7e15fa0 RCX: 00007ff3b7b9c799 [ 1504.739388][T27035] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1504.739404][T27035] RBP: 00007ff3b7c32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1504.739420][T27035] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1504.739436][T27035] R13: 00007ff3b7e16038 R14: 00007ff3b7e15fa0 R15: 00007fffbd973848 [ 1504.739468][T27035] [ 1506.549402][T27052] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 1506.910773][T27056] netlink: 330 bytes leftover after parsing attributes in process `syz.5.4883'. [ 1506.998439][T27056] mac80211_hwsim hwsim45 : renamed from wlan0 (while UP) [ 1508.143024][T27079] netlink: 54 bytes leftover after parsing attributes in process `syz.5.4888'. [ 1509.538590][T27121] FAULT_INJECTION: forcing a failure. [ 1509.538590][T27121] name failslab, interval 1, probability 0, space 0, times 0 [ 1509.626935][T27121] CPU: 0 UID: 0 PID: 27121 Comm: syz.4.4896 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1509.626979][T27121] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1509.626990][T27121] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1509.627005][T27121] Call Trace: [ 1509.627014][T27121] [ 1509.627024][T27121] dump_stack_lvl+0x100/0x190 [ 1509.627067][T27121] should_fail_ex.cold+0x5/0xa [ 1509.627097][T27121] should_failslab+0xc2/0x120 [ 1509.627124][T27121] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 1509.627166][T27121] ? kasprintf+0xc7/0x100 [ 1509.627192][T27121] ? __lock_acquire+0x4a5/0x2630 [ 1509.627229][T27121] kvasprintf+0xbc/0x150 [ 1509.627253][T27121] ? __pfx_kvasprintf+0x10/0x10 [ 1509.627290][T27121] kasprintf+0xc7/0x100 [ 1509.627315][T27121] ? __pfx_kasprintf+0x10/0x10 [ 1509.627342][T27121] ? __is_module_percpu_address+0x1c2/0x430 [ 1509.627383][T27121] alloc_workqueue_noprof+0x114/0x200 [ 1509.627415][T27121] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 1509.627454][T27121] ? __pfx___debug_object_init+0x10/0x10 [ 1509.627506][T27121] nci_register_device+0x394/0xb80 [ 1509.627614][T27121] ? __pfx_nci_register_device+0x10/0x10 [ 1509.627660][T27121] ? lockdep_init_map_type+0x5c/0x250 [ 1509.627700][T27121] virtual_ncidev_open+0x141/0x220 [ 1509.627731][T27121] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 1509.627762][T27121] misc_open+0x26d/0x450 [ 1509.627786][T27121] ? __pfx_misc_open+0x10/0x10 [ 1509.627809][T27121] chrdev_open+0x234/0x6a0 [ 1509.627834][T27121] ? __pfx_apparmor_file_open+0x10/0x10 [ 1509.627873][T27121] ? __pfx_chrdev_open+0x10/0x10 [ 1509.627900][T27121] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1509.627934][T27121] do_dentry_open+0x6d8/0x1660 [ 1509.627958][T27121] ? __pfx_chrdev_open+0x10/0x10 [ 1509.627990][T27121] vfs_open+0x82/0x3f0 [ 1509.628025][T27121] path_openat+0x208c/0x31a0 [ 1509.628061][T27121] ? __pfx_path_openat+0x10/0x10 [ 1509.628098][T27121] do_file_open+0x20e/0x430 [ 1509.628125][T27121] ? __pfx_do_file_open+0x10/0x10 [ 1509.628173][T27121] ? alloc_fd+0x476/0x790 [ 1509.628201][T27121] ? do_getname+0x191/0x390 [ 1509.628235][T27121] do_sys_openat2+0x10d/0x1e0 [ 1509.628268][T27121] ? __pfx_do_sys_openat2+0x10/0x10 [ 1509.628313][T27121] __x64_sys_openat+0x12d/0x210 [ 1509.628348][T27121] ? __pfx___x64_sys_openat+0x10/0x10 [ 1509.628393][T27121] do_syscall_64+0x106/0xf80 [ 1509.628424][T27121] ? clear_bhb_loop+0x40/0x90 [ 1509.628456][T27121] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1509.628489][T27121] RIP: 0033:0x7f499139c799 [ 1509.628511][T27121] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1509.628537][T27121] RSP: 002b:00007f4992272028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1509.628561][T27121] RAX: ffffffffffffffda RBX: 00007f4991616090 RCX: 00007f499139c799 [ 1509.628579][T27121] RDX: 0000000000000002 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 1509.628596][T27121] RBP: 00007f4991432bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1509.628612][T27121] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1509.628628][T27121] R13: 00007f4991616128 R14: 00007f4991616090 R15: 00007fff8a332478 [ 1509.628661][T27121] [ 1511.243762][T27132] Invalid ELF header magic: != ELF [ 1512.961658][T27149] futex_wake_op: syz.2.4903 tries to shift op by -2048; fix this program [ 1513.047814][T27149] futex_wake_op: syz.2.4903 tries to shift op by -2048; fix this program [ 1514.636427][T27165] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 1514.696641][T27165] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1514.696641][T27165] [ 1514.800927][T25567] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 4150 with max blocks 1 with error 117 [ 1514.859540][T25567] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1514.859540][T25567] [ 1515.085723][T25567] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 4155 with max blocks 1 with error 117 [ 1515.142333][T25567] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1515.142333][T25567] [ 1515.304678][T27188] FAULT_INJECTION: forcing a failure. [ 1515.304678][T27188] name failslab, interval 1, probability 0, space 0, times 0 [ 1515.366551][T27188] CPU: 0 UID: 0 PID: 27188 Comm: syz.2.4907 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1515.366595][T27188] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1515.366604][T27188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1515.366620][T27188] Call Trace: [ 1515.366629][T27188] [ 1515.366639][T27188] dump_stack_lvl+0x100/0x190 [ 1515.366684][T27188] should_fail_ex.cold+0x5/0xa [ 1515.366714][T27188] should_failslab+0xc2/0x120 [ 1515.366740][T27188] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 1515.366780][T27188] ? shmem_alloc_inode+0x25/0x50 [ 1515.366809][T27188] ? __lock_acquire+0x4a5/0x2630 [ 1515.366841][T27188] ? __pfx_shmem_alloc_inode+0x10/0x10 [ 1515.366871][T27188] shmem_alloc_inode+0x25/0x50 [ 1515.366898][T27188] alloc_inode+0x68/0x250 [ 1515.366932][T27188] new_inode+0x22/0x1c0 [ 1515.366976][T27188] shmem_get_inode+0x212/0x1040 [ 1515.367013][T27188] ? __pfx_shmem_get_inode+0x10/0x10 [ 1515.367045][T27188] ? rcu_is_watching+0x12/0xc0 [ 1515.367083][T27188] ? percpu_counter_add_batch+0xb9/0x230 [ 1515.367135][T27188] __shmem_file_setup+0x3ac/0x490 [ 1515.367170][T27188] ? __pfx___shmem_file_setup+0x10/0x10 [ 1515.367210][T27188] ? vm_area_alloc+0x1f/0x160 [ 1515.367249][T27188] shmem_zero_setup+0x96/0x1b0 [ 1515.367291][T27188] __mmap_region+0x2198/0x29e0 [ 1515.367333][T27188] ? __pfx___mmap_region+0x10/0x10 [ 1515.367377][T27188] ? set_next_entity+0x11e/0x9c0 [ 1515.367418][T27188] ? __lock_acquire+0x4a5/0x2630 [ 1515.367449][T27188] ? update_cfs_rq_load_avg+0x51/0x550 [ 1515.367490][T27188] ? find_held_lock+0x2b/0x80 [ 1515.367512][T27188] ? finish_task_switch.isra.0+0x200/0xb80 [ 1515.367540][T27188] ? finish_task_switch.isra.0+0x200/0xb80 [ 1515.367579][T27188] ? trace_sched_exit_tp+0x13a/0x180 [ 1515.367609][T27188] ? __schedule+0x1000/0x6120 [ 1515.367674][T27188] ? rcu_is_watching+0x12/0xc0 [ 1515.367713][T27188] ? cap_capable+0x107/0x460 [ 1515.367753][T27188] mmap_region+0x180/0x3e0 [ 1515.367796][T27188] do_mmap+0xc63/0x12f0 [ 1515.367830][T27188] ? __pfx_do_mmap+0x10/0x10 [ 1515.367857][T27188] ? __pfx_down_write_killable+0x10/0x10 [ 1515.367900][T27188] vm_mmap_pgoff+0x29e/0x470 [ 1515.367933][T27188] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1515.367969][T27188] ? do_futex+0x192/0x350 [ 1515.368002][T27188] ? __pfx_do_futex+0x10/0x10 [ 1515.368041][T27188] ksys_mmap_pgoff+0xe1/0x650 [ 1515.368068][T27188] ? __x64_sys_futex+0x34f/0x4d0 [ 1515.368101][T27188] ? __x64_sys_futex+0x358/0x4d0 [ 1515.368135][T27188] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 1515.368162][T27188] ? xfd_validate_state+0x129/0x190 [ 1515.368205][T27188] __x64_sys_mmap+0x125/0x190 [ 1515.368246][T27188] do_syscall_64+0x106/0xf80 [ 1515.368276][T27188] ? clear_bhb_loop+0x40/0x90 [ 1515.368308][T27188] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1515.368361][T27188] RIP: 0033:0x7f19a819c799 [ 1515.368384][T27188] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1515.368410][T27188] RSP: 002b:00007f19a63f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1515.368433][T27188] RAX: ffffffffffffffda RBX: 00007f19a8416180 RCX: 00007f19a819c799 [ 1515.368450][T27188] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 1515.368465][T27188] RBP: 00007f19a8232bd9 R08: fffffffffffffffa R09: 0000000000008000 [ 1515.368482][T27188] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 1515.368498][T27188] R13: 00007f19a8416218 R14: 00007f19a8416180 R15: 00007ffc055ca648 [ 1515.368530][T27188] [ 1516.218644][T27189] openvswitch: netlink: Key type 261 is out of range max 32 [ 1519.539814][T27226] netlink: 'syz.2.4915': attribute type 2 has an invalid length. [ 1524.648270][T26433] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 1525.294279][T25659] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1525.304161][T25659] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1525.315117][T25659] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1525.326080][T25659] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1525.333811][T25659] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1526.653241][T27267] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1526.698534][T27267] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1526.749033][T27267] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1526.799192][T27267] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1526.846598][T27267] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1526.915436][T27267] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 1526.963999][T27267] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 1527.690579][T27283] input: f as /devices/virtual/input/input26 [ 1528.323180][T27266] chnl_net:caif_netlink_parms(): no params data found [ 1528.362784][T27284] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1528.407693][T27284] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1528.454558][T27284] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1528.516447][T27284] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1528.565395][T27284] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1528.979364][T27297] EXT4-fs error (device sda1): ext4_discard_preallocations:5702: comm syz.2.4926: Error -117 reading block bitmap for 5 [ 1529.105108][T27297] EXT4-fs error (device sda1): ext4_discard_preallocations:5702: comm syz.2.4926: Error -117 reading block bitmap for 4 [ 1529.470199][T27266] bridge0: port 1(bridge_slave_0) entered blocking state [ 1529.528403][T27266] bridge0: port 1(bridge_slave_0) entered disabled state [ 1529.535759][T27266] bridge_slave_0: entered allmulticast mode [ 1529.630891][T27266] bridge_slave_0: entered promiscuous mode [ 1529.686484][T25659] Bluetooth: hci1: command 0x0406 tx timeout [ 1529.759066][T27266] bridge0: port 2(bridge_slave_1) entered blocking state [ 1529.820652][T27266] bridge0: port 2(bridge_slave_1) entered disabled state [ 1529.860103][T27266] bridge_slave_1: entered allmulticast mode [ 1529.919145][T27266] bridge_slave_1: entered promiscuous mode [ 1530.231156][T27266] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1530.369758][T27266] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1530.488144][T25659] Bluetooth: hci0: command 0x0c1a tx timeout [ 1530.495247][T26433] Bluetooth: hci3: command 0x0c1a tx timeout [ 1530.577459][T26433] Bluetooth: hci2: command 0x0419 tx timeout [ 1530.646388][T26433] Bluetooth: hci4: command 0x041b tx timeout [ 1530.808943][T27266] team0: Port device team_slave_0 added [ 1530.862260][T27266] team0: Port device team_slave_1 added [ 1531.225099][T27266] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1531.276462][T27266] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1531.450105][T27266] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1531.557130][T27266] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1531.615155][T27266] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1531.797619][T27266] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1532.431035][T27266] hsr_slave_0: entered promiscuous mode [ 1532.462839][T27266] hsr_slave_1: entered promiscuous mode [ 1532.511968][T27266] debugfs: 'hsr0' already exists in 'hsr' [ 1532.552538][T27266] Cannot create hsr debugfs directory [ 1532.726889][T26433] Bluetooth: hci4: command 0x041b tx timeout [ 1533.503541][T27333] ubi0: attaching mtd0 [ 1533.551714][T27333] ubi0: scanning is finished [ 1533.589570][T27333] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1533.952991][T27333] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1533.964232][T27337] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4935'. [ 1534.550709][T27341] random: crng reseeded on system resumption [ 1534.602768][T27266] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 1534.666226][T26433] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 1534.675422][T26433] Bluetooth: hci1: Invalid handle: 0x3a4a > 0x0eff [ 1534.737229][T27341] hub 1-0:1.0: USB hub found [ 1534.768090][T27266] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 1534.777656][T27341] hub 1-0:1.0: 1 port detected [ 1534.807182][T25659] Bluetooth: hci4: command 0x041b tx timeout [ 1534.854468][T27266] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 1534.933207][T27266] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 1536.324332][T27266] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1536.524684][T27266] 8021q: adding VLAN 0 to HW filter on device team0 [ 1536.697626][T25567] bridge0: port 1(bridge_slave_0) entered blocking state [ 1536.705160][T25567] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1536.820584][T25567] bridge0: port 2(bridge_slave_1) entered blocking state [ 1536.828252][T25567] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1536.886603][T25659] Bluetooth: hci4: command 0x041b tx timeout [ 1538.971559][T25659] Bluetooth: hci4: command 0x041b tx timeout [ 1539.255117][T27393] netlink: 342 bytes leftover after parsing attributes in process `syz.3.4947'. [ 1539.882250][T27266] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1541.053247][T25659] Bluetooth: hci4: command 0x041b tx timeout [ 1541.455108][T27410] nfs: Unknown parameter '' [ 1542.378503][T27266] veth0_vlan: entered promiscuous mode [ 1542.515487][T27266] veth1_vlan: entered promiscuous mode [ 1542.776601][T27266] veth0_macvtap: entered promiscuous mode [ 1542.848841][T27266] veth1_macvtap: entered promiscuous mode [ 1543.006020][T27266] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1543.120330][T27266] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1543.214107][T25543] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1543.265998][T25543] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1543.398755][T25543] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1543.457430][T25543] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1544.170227][T25543] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1544.260009][T25543] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1544.663963][T25512] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1544.727549][T25512] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1546.140709][T27446] netlink: 16 bytes leftover after parsing attributes in process `syz.6.4921'. [ 1546.587904][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1546.594368][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1547.439051][T27449] zswap: compressor not available [ 1547.983425][T26433] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1548.010576][T26433] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1548.034450][T26433] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1548.047151][T26433] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1548.054655][T26433] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1548.646908][T25552] bridge_slave_1: left allmulticast mode [ 1548.699459][T27469] FAULT_INJECTION: forcing a failure. [ 1548.699459][T27469] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1548.731004][T25552] bridge_slave_1: left promiscuous mode [ 1548.764371][T25552] bridge0: port 2(bridge_slave_1) entered disabled state [ 1548.830055][T27469] CPU: 0 UID: 0 PID: 27469 Comm: syz.3.4962 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1548.830099][T27469] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1548.830109][T27469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1548.830125][T27469] Call Trace: [ 1548.830138][T27469] [ 1548.830148][T27469] dump_stack_lvl+0x100/0x190 [ 1548.830191][T27469] should_fail_ex.cold+0x5/0xa [ 1548.830222][T27469] _copy_from_iter+0x1f4/0x1690 [ 1548.830250][T27469] ? __asan_memset+0x23/0x50 [ 1548.830286][T27469] ? __alloc_skb+0x4e9/0x710 [ 1548.830315][T27469] ? __pfx__copy_from_iter+0x10/0x10 [ 1548.830338][T27469] ? __pfx___alloc_skb+0x10/0x10 [ 1548.830369][T27469] ? skb_page_frag_refill+0x2fc/0x5b0 [ 1548.830412][T27469] ? sk_page_frag_refill+0x6c/0x340 [ 1548.830457][T27469] tcp_sendmsg_locked+0xc8f/0x45f0 [ 1548.830515][T27469] ? __pfx_tcp_sendmsg_locked+0x10/0x10 [ 1548.830557][T27469] ? do_raw_spin_lock+0x128/0x260 [ 1548.830597][T27469] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1548.830641][T27469] ? __local_bh_enable_ip+0x9e/0x120 [ 1548.830673][T27469] tcp_sendmsg+0x2e/0x50 [ 1548.830709][T27469] ? __pfx_tcp_sendmsg+0x10/0x10 [ 1548.830746][T27469] inet_sendmsg+0xb9/0x140 [ 1548.830795][T27469] sock_write_iter+0x509/0x610 [ 1548.830836][T27469] ? __pfx_sock_write_iter+0x10/0x10 [ 1548.830885][T27469] ? bpf_lsm_file_permission+0x9/0x10 [ 1548.830927][T27469] ? security_file_permission+0x76/0x210 [ 1548.830955][T27469] ? rw_verify_area+0xce/0x6d0 [ 1548.830994][T27469] vfs_write+0x6ac/0x1070 [ 1548.831036][T27469] ? __pfx_sock_write_iter+0x10/0x10 [ 1548.831077][T27469] ? __pfx_vfs_write+0x10/0x10 [ 1548.831116][T27469] ? find_held_lock+0x2b/0x80 [ 1548.831158][T27469] ksys_write+0x1f8/0x250 [ 1548.831198][T27469] ? __pfx_ksys_write+0x10/0x10 [ 1548.831247][T27469] do_syscall_64+0x106/0xf80 [ 1548.831279][T27469] ? clear_bhb_loop+0x40/0x90 [ 1548.831311][T27469] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1548.831338][T27469] RIP: 0033:0x7f7c9b79c799 [ 1548.831359][T27469] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1548.831384][T27469] RSP: 002b:00007f7c9c5ae028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1548.831409][T27469] RAX: ffffffffffffffda RBX: 00007f7c9ba16090 RCX: 00007f7c9b79c799 [ 1548.831427][T27469] RDX: 000000000000fdf3 RSI: 0000000000000000 RDI: 0000000000000003 [ 1548.831443][T27469] RBP: 00007f7c9b832bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1548.831459][T27469] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1548.831475][T27469] R13: 00007f7c9ba16128 R14: 00007f7c9ba16090 R15: 00007fffc749a108 [ 1548.831507][T27469] [ 1549.517536][T25552] bridge_slave_0: left allmulticast mode [ 1549.536913][T25552] bridge_slave_0: left promiscuous mode [ 1549.542670][T25552] bridge0: port 1(bridge_slave_0) entered disabled state [ 1549.834104][T27480] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4965'. [ 1550.166616][T25659] Bluetooth: hci5: command tx timeout [ 1550.552812][T25552] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1550.629246][T25552] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1550.710315][T25552] bond0 (unregistering): Released all slaves [ 1551.202970][T25552] HfR: left promiscuous mode [ 1551.317035][T25552] : left promiscuous mode [ 1552.256087][T25659] Bluetooth: hci5: command tx timeout [ 1552.372629][T27487] NFSD: Failed to start, no listeners configured. [ 1553.547515][T25552] hsr_slave_0: left promiscuous mode [ 1553.573028][T25552] hsr_slave_1: left promiscuous mode [ 1553.708805][T25552] veth1_macvtap: left promiscuous mode [ 1553.730668][T25552] veth0_macvtap: left promiscuous mode [ 1553.764371][T25552] veth1_vlan: left promiscuous mode [ 1553.800979][T25552] veth0_vlan: left promiscuous mode [ 1554.329981][T25659] Bluetooth: hci5: command tx timeout [ 1555.040026][T25552] team0 (unregistering): Port device team_slave_1 removed [ 1555.161823][T25552] team0 (unregistering): Port device team_slave_0 removed [ 1556.100745][T27461] chnl_net:caif_netlink_parms(): no params data found [ 1556.408841][T25659] Bluetooth: hci5: command tx timeout [ 1557.571254][T25552] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1557.682680][T27461] bridge0: port 1(bridge_slave_0) entered blocking state [ 1557.725319][T27461] bridge0: port 1(bridge_slave_0) entered disabled state [ 1557.778519][T27461] bridge_slave_0: entered allmulticast mode [ 1557.838549][T27461] bridge_slave_0: entered promiscuous mode [ 1557.889061][T27461] bridge0: port 2(bridge_slave_1) entered blocking state [ 1557.896223][T27461] bridge0: port 2(bridge_slave_1) entered disabled state [ 1557.959403][T27461] bridge_slave_1: entered allmulticast mode [ 1558.016106][T27461] bridge_slave_1: entered promiscuous mode [ 1558.125444][T25552] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1558.470956][T25552] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1558.671606][T27461] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1558.783672][T27461] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1558.979205][T25552] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1559.283249][T27461] team0: Port device team_slave_0 added [ 1559.364556][T27461] team0: Port device team_slave_1 added [ 1559.659536][T27461] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1559.700786][T27461] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1559.879544][T27461] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1559.974884][T27461] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1560.050799][T27461] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1560.256456][T27461] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1560.748091][T27461] hsr_slave_0: entered promiscuous mode [ 1560.754550][T27461] hsr_slave_1: entered promiscuous mode [ 1560.861289][T27461] debugfs: 'hsr0' already exists in 'hsr' [ 1560.909500][T27461] Cannot create hsr debugfs directory [ 1561.379377][T27557] ubi0: attaching mtd0 [ 1561.456769][T27557] ubi0: scanning is finished [ 1561.497861][T27557] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1561.635322][T25552] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1562.008407][T27557] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1562.271122][T25552] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1562.952461][T27584] netlink: 28 bytes leftover after parsing attributes in process `syz.6.4985'. [ 1563.092032][T25552] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1563.566333][T27584] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1563.566364][T27584] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1563.666139][T27584] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1563.666166][T27584] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1563.985651][T25552] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1564.869709][T27602] netlink: 54 bytes leftover after parsing attributes in process `syz.3.4988'. [ 1565.110212][T27607] mkiss: ax0: crc mode is auto. [ 1570.749693][T27679] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(2) [ 1575.410951][T27721] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(2) [ 1575.803826][T27723] netlink: 54 bytes leftover after parsing attributes in process `syz.5.5008'. [ 1578.270713][T26433] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1578.280822][T26433] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1578.289849][T26433] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1578.299427][T26433] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1578.307011][T26433] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1579.347795][T27756] chnl_net:caif_netlink_parms(): no params data found [ 1579.836106][T27756] bridge0: port 1(bridge_slave_0) entered blocking state [ 1579.885224][T27756] bridge0: port 1(bridge_slave_0) entered disabled state [ 1579.914241][T27756] bridge_slave_0: entered allmulticast mode [ 1579.967404][T27756] bridge_slave_0: entered promiscuous mode [ 1580.003919][T27784] netlink: 93 bytes leftover after parsing attributes in process `syz.3.5024'. [ 1580.037616][T27756] bridge0: port 2(bridge_slave_1) entered blocking state [ 1580.056424][T27756] bridge0: port 2(bridge_slave_1) entered disabled state [ 1580.063764][T27756] bridge_slave_1: entered allmulticast mode [ 1580.171296][T27756] bridge_slave_1: entered promiscuous mode [ 1580.378914][T27756] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1580.407854][T26433] Bluetooth: hci1: command tx timeout [ 1580.438165][T27756] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1580.780532][T27756] team0: Port device team_slave_0 added [ 1580.882827][T27756] team0: Port device team_slave_1 added [ 1581.048493][T27756] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1581.076408][T27756] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1581.241021][T27756] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1581.287073][T27756] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1581.316373][T27756] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1581.433348][T27756] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1582.003786][T27756] hsr_slave_0: entered promiscuous mode [ 1582.076887][T27756] hsr_slave_1: entered promiscuous mode [ 1582.106731][T27756] debugfs: 'hsr0' already exists in 'hsr' [ 1582.112513][T27756] Cannot create hsr debugfs directory [ 1582.487211][T26433] Bluetooth: hci1: command tx timeout [ 1583.431584][T27798] netlink: 342 bytes leftover after parsing attributes in process `syz.3.5028'. [ 1584.398850][T27804] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1584.455233][T27804] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1584.488209][T27804] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1584.519651][T27804] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1584.551236][T27804] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 1584.572345][T26433] Bluetooth: hci1: command tx timeout [ 1584.608503][T27804] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 1584.752515][T27804] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1584.779042][T27804] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1584.823172][T27804] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1586.167696][T26433] Bluetooth: hci3: command 0x0c1a tx timeout [ 1586.486627][T26433] Bluetooth: hci0: command 0x0c1a tx timeout [ 1586.566503][T26433] Bluetooth: hci5: command 0x0c1a tx timeout [ 1586.572718][T25659] Bluetooth: hci4: command 0x041b tx timeout [ 1586.816492][T26433] Bluetooth: hci1: command 0x0c1a tx timeout [ 1587.132091][T27851] netlink: 342 bytes leftover after parsing attributes in process `syz.5.5037'. [ 1588.646547][T26433] Bluetooth: hci5: command 0x0c1a tx timeout [ 1588.886464][T26433] Bluetooth: hci1: command 0x0c1a tx timeout [ 1590.580974][T27899] netlink: 342 bytes leftover after parsing attributes in process `syz.5.5042'. [ 1590.730423][T26433] Bluetooth: hci5: command 0x0c1a tx timeout [ 1590.966841][T26433] Bluetooth: hci1: command 0x0c1a tx timeout [ 1591.251828][T27892] Invalid ELF header magic: != ELF [ 1592.387398][T27914] ecryptfs_miscdev_write: Acceptable packet size range is [6-531], but amount of data written is [1]. [ 1592.986107][T27920] phram: not enough arguments [ 1597.484968][T27935] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 1602.578758][T27995] FAULT_INJECTION: forcing a failure. [ 1602.578758][T27995] name failslab, interval 1, probability 0, space 0, times 0 [ 1602.719438][T27995] CPU: 0 UID: 0 PID: 27995 Comm: syz.3.5060 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1602.719481][T27995] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1602.719491][T27995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1602.719506][T27995] Call Trace: [ 1602.719514][T27995] [ 1602.719524][T27995] dump_stack_lvl+0x100/0x190 [ 1602.719569][T27995] should_fail_ex.cold+0x5/0xa [ 1602.719598][T27995] ? constrain_params_by_rules+0x175/0xcc0 [ 1602.719629][T27995] should_failslab+0xc2/0x120 [ 1602.719656][T27995] __kmalloc_noprof+0xe0/0x850 [ 1602.719694][T27995] ? unwind_get_return_address+0x59/0xa0 [ 1602.719728][T27995] constrain_params_by_rules+0x175/0xcc0 [ 1602.719763][T27995] ? stack_trace_save+0x8e/0xc0 [ 1602.719792][T27995] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 1602.719827][T27995] ? __kasan_kmalloc+0xaa/0xb0 [ 1602.719864][T27995] ? snd_pcm_oss_change_params_locked+0x247/0x39f0 [ 1602.719908][T27995] ? snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 1602.719948][T27995] ? snd_pcm_oss_sync+0x265/0x840 [ 1602.719997][T27995] ? rcu_is_watching+0x12/0xc0 [ 1602.720035][T27995] ? snd_interval_refine+0x2d0/0x580 [ 1602.720072][T27995] snd_pcm_hw_refine+0x7e7/0xad0 [ 1602.720105][T27995] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 1602.720153][T27995] ? __asan_memset+0x23/0x50 [ 1602.720188][T27995] ? _snd_pcm_hw_param_min+0x1ea/0x670 [ 1602.720233][T27995] snd_pcm_oss_change_params_locked+0x2594/0x39f0 [ 1602.720288][T27995] ? snd_pcm_oss_sync+0x243/0x840 [ 1602.720329][T27995] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 1602.720377][T27995] ? __pfx___mutex_lock+0x10/0x10 [ 1602.720430][T27995] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 1602.720474][T27995] snd_pcm_oss_sync+0x265/0x840 [ 1602.720521][T27995] snd_pcm_oss_release+0x238/0x300 [ 1602.720563][T27995] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 1602.720605][T27995] __fput+0x3ff/0xb40 [ 1602.720642][T27995] task_work_run+0x150/0x240 [ 1602.720680][T27995] ? __pfx_task_work_run+0x10/0x10 [ 1602.720725][T27995] exit_to_user_mode_loop+0x100/0x4a0 [ 1602.720763][T27995] do_syscall_64+0x668/0xf80 [ 1602.720793][T27995] ? clear_bhb_loop+0x40/0x90 [ 1602.720824][T27995] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1602.720852][T27995] RIP: 0033:0x7f7c9b79c799 [ 1602.720873][T27995] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1602.720899][T27995] RSP: 002b:00007f7c9c5cf028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1602.720925][T27995] RAX: 0000000000000000 RBX: 00007f7c9ba15fa0 RCX: 00007f7c9b79c799 [ 1602.720942][T27995] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 1602.720958][T27995] RBP: 00007f7c9b832bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1602.720973][T27995] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1602.720988][T27995] R13: 00007f7c9ba16038 R14: 00007f7c9ba15fa0 R15: 00007fffc749a108 [ 1602.721021][T27995] [ 1605.413448][T25543] EXT4-fs (sda1): Delayed block allocation failed for inode 2032 at logical offset 9 with max blocks 1 with error 117 [ 1605.413487][T25543] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1605.413487][T25543] [ 1607.768402][T28002] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 1608.014809][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1608.021766][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1608.036933][ T52] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1608.050299][ T52] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1608.061177][ T52] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1608.070490][ T52] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1608.079080][ T52] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1609.011848][T28021] chnl_net:caif_netlink_parms(): no params data found [ 1609.101242][T28032] scsi_strcpy_devinfo: vendor string '/&c~n] | [ 1609.101242][T28032] M' is too long [ 1609.101293][T28032] scsi_strcpy_devinfo: model string 'Dd5 K2b [ 1609.101293][T28032] W ' is too long [ 1609.147046][T28034] scsi_strcpy_devinfo: vendor string '/&c~n] | [ 1609.147046][T28034] M' is too long [ 1609.147070][T28034] scsi_strcpy_devinfo: model string 'Dd5 K2b [ 1609.147070][T28034] W ' is too long [ 1609.537756][T28021] bridge0: port 1(bridge_slave_0) entered blocking state [ 1609.537844][T28021] bridge0: port 1(bridge_slave_0) entered disabled state [ 1609.538011][T28021] bridge_slave_0: entered allmulticast mode [ 1609.540405][T28021] bridge_slave_0: entered promiscuous mode [ 1609.542674][T28021] bridge0: port 2(bridge_slave_1) entered blocking state [ 1609.542756][T28021] bridge0: port 2(bridge_slave_1) entered disabled state [ 1609.542885][T28021] bridge_slave_1: entered allmulticast mode [ 1609.544271][T28021] bridge_slave_1: entered promiscuous mode [ 1609.725270][T28021] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1609.759584][T28021] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1609.930404][T28021] team0: Port device team_slave_0 added [ 1609.933098][T28021] team0: Port device team_slave_1 added [ 1610.155678][T28021] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1610.155700][T28021] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1610.155730][T28021] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1610.165740][T28021] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1610.165763][T28021] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1610.165795][T28021] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1610.167239][ T52] Bluetooth: hci2: command tx timeout [ 1610.560075][T28021] hsr_slave_0: entered promiscuous mode [ 1610.569037][T28021] hsr_slave_1: entered promiscuous mode [ 1610.574331][T28021] debugfs: 'hsr0' already exists in 'hsr' [ 1610.574358][T28021] Cannot create hsr debugfs directory [ 1612.247542][ T52] Bluetooth: hci2: command tx timeout [ 1612.532906][T28055] netlink: zone id is out of range [ 1612.597680][T28055] netlink: zone id is out of range [ 1612.667580][T28055] netlink: zone id is out of range [ 1612.749417][T28055] netlink: zone id is out of range [ 1612.828627][T28055] netlink: zone id is out of range [ 1613.068230][T28055] netlink: set zone limit has 8 unknown bytes [ 1613.598535][T28062] FAULT_INJECTION: forcing a failure. [ 1613.598535][T28062] name failslab, interval 1, probability 0, space 0, times 0 [ 1613.679055][T28062] CPU: 0 UID: 0 PID: 28062 Comm: syz.5.5071 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1613.679099][T28062] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1613.679110][T28062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1613.679126][T28062] Call Trace: [ 1613.679135][T28062] [ 1613.679145][T28062] dump_stack_lvl+0x100/0x190 [ 1613.679189][T28062] should_fail_ex.cold+0x5/0xa [ 1613.679219][T28062] should_failslab+0xc2/0x120 [ 1613.679246][T28062] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 1613.679286][T28062] ? alloc_unbound_pwq+0x3ff/0xdd0 [ 1613.679317][T28062] alloc_unbound_pwq+0x3ff/0xdd0 [ 1613.679350][T28062] apply_wqattrs_prepare+0x3aa/0xbb0 [ 1613.679387][T28062] workqueue_apply_unbound_cpumask+0x18c/0x970 [ 1613.679422][T28062] ? __pfx_workqueue_apply_unbound_cpumask+0x10/0x10 [ 1613.679449][T28062] ? bitmap_parse+0x306/0x3f0 [ 1613.679484][T28062] cpumask_store+0x1ad/0x220 [ 1613.679509][T28062] ? __pfx_cpumask_store+0x10/0x10 [ 1613.679534][T28062] ? find_held_lock+0x2b/0x80 [ 1613.679557][T28062] ? sysfs_file_kobj+0xe4/0x290 [ 1613.679595][T28062] ? sysfs_file_kobj+0xe4/0x290 [ 1613.679628][T28062] ? __pfx_cpumask_store+0x10/0x10 [ 1613.679653][T28062] dev_attr_store+0x58/0x80 [ 1613.679695][T28062] ? __pfx_dev_attr_store+0x10/0x10 [ 1613.679736][T28062] sysfs_kf_write+0xf2/0x150 [ 1613.679769][T28062] kernfs_fop_write_iter+0x3e0/0x5f0 [ 1613.679794][T28062] ? __pfx_sysfs_kf_write+0x10/0x10 [ 1613.679829][T28062] vfs_write+0x6ac/0x1070 [ 1613.679870][T28062] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 1613.679901][T28062] ? __pfx_vfs_write+0x10/0x10 [ 1613.679961][T28062] ksys_write+0x12a/0x250 [ 1613.680002][T28062] ? __pfx_ksys_write+0x10/0x10 [ 1613.680051][T28062] do_syscall_64+0x106/0xf80 [ 1613.680087][T28062] ? clear_bhb_loop+0x40/0x90 [ 1613.680118][T28062] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1613.680145][T28062] RIP: 0033:0x7ff3b7b9c799 [ 1613.680166][T28062] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1613.680191][T28062] RSP: 002b:00007ff3b8a15028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1613.680216][T28062] RAX: ffffffffffffffda RBX: 00007ff3b7e15fa0 RCX: 00007ff3b7b9c799 [ 1613.680233][T28062] RDX: 0000000000000005 RSI: 0000200000000180 RDI: 000000000000000a [ 1613.680249][T28062] RBP: 00007ff3b7c32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1613.680265][T28062] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1613.680282][T28062] R13: 00007ff3b7e16038 R14: 00007ff3b7e15fa0 R15: 00007fffbd973848 [ 1613.680315][T28062] [ 1614.426988][ T52] Bluetooth: hci2: command tx timeout [ 1615.517671][ T5913] usb usb40-port2: attempt power cycle [ 1616.077252][ T5913] usb usb40-port2: unable to enumerate USB device [ 1616.493064][T26433] Bluetooth: hci2: command tx timeout [ 1618.296369][T15989] Process accounting resumed [ 1619.136519][T28096] Invalid ELF header magic: != ELF [ 1622.715706][T28115] NFSD: Failed to start, no listeners configured. [ 1623.417225][T28121] bridge0: port 3(gretap0) entered blocking state [ 1623.457424][T28121] bridge0: port 3(gretap0) entered disabled state [ 1623.498360][T28121] gretap0: entered allmulticast mode [ 1623.547739][T28121] gretap0: entered promiscuous mode [ 1623.571634][T28121] FAULT_INJECTION: forcing a failure. [ 1623.571634][T28121] name failslab, interval 1, probability 0, space 0, times 0 [ 1623.585058][T28121] CPU: 0 UID: 0 PID: 28121 Comm: syz.3.5082 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1623.585102][T28121] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1623.585112][T28121] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1623.585128][T28121] Call Trace: [ 1623.585138][T28121] [ 1623.585148][T28121] dump_stack_lvl+0x100/0x190 [ 1623.585192][T28121] should_fail_ex.cold+0x5/0xa [ 1623.585222][T28121] should_failslab+0xc2/0x120 [ 1623.585248][T28121] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 1623.585288][T28121] ? __alloc_skb+0x140/0x710 [ 1623.585323][T28121] __alloc_skb+0x140/0x710 [ 1623.585349][T28121] ? __alloc_skb+0x5b7/0x710 [ 1623.585380][T28121] ? __pfx___alloc_skb+0x10/0x10 [ 1623.585410][T28121] ? __pfx_fdb_create+0x10/0x10 [ 1623.585453][T28121] fdb_notify+0xa2/0x190 [ 1623.585491][T28121] fdb_add_local+0x184/0x1c0 [ 1623.585586][T28121] br_fdb_add_local+0x39/0x60 [ 1623.585628][T28121] __vlan_add+0x1820/0x2dd0 [ 1623.585706][T28121] ? __pfx___vlan_add+0x10/0x10 [ 1623.585739][T28121] nbp_vlan_add+0x258/0x3e0 [ 1623.585768][T28121] nbp_vlan_init+0x373/0x500 [ 1623.585794][T28121] ? __pfx_nbp_vlan_init+0x10/0x10 [ 1623.585827][T28121] ? __local_bh_enable_ip+0x9e/0x120 [ 1623.585854][T28121] ? lockdep_hardirqs_on+0x78/0x100 [ 1623.585885][T28121] ? br_fdb_add_local+0x43/0x60 [ 1623.585924][T28121] ? __local_bh_enable_ip+0x9e/0x120 [ 1623.585963][T28121] br_add_if+0xf79/0x1b40 [ 1623.585991][T28121] ? veth_get_iflink+0x2a3/0x2c0 [ 1623.586036][T28121] add_del_if+0x114/0x160 [ 1623.586073][T28121] br_dev_siocdevprivate+0x8ac/0x1650 [ 1623.586107][T28121] ? __pfx_br_dev_siocdevprivate+0x10/0x10 [ 1623.586149][T28121] ? lock_acquire+0x1cf/0x380 [ 1623.586192][T28121] ? netdev_name_node_lookup+0x107/0x150 [ 1623.586223][T28121] ? __mutex_lock+0x26a/0x1b90 [ 1623.586259][T28121] dev_ifsioc+0xc1e/0x1e90 [ 1623.586314][T28121] ? __pfx_dev_ifsioc+0x10/0x10 [ 1623.586339][T28121] ? __pfx___mutex_lock+0x10/0x10 [ 1623.586382][T28121] ? dev_load+0x8e/0x240 [ 1623.586407][T28121] ? dev_load+0x8e/0x240 [ 1623.586440][T28121] dev_ioctl+0x70e/0x1070 [ 1623.586470][T28121] sock_ioctl+0x494/0x6b0 [ 1623.586512][T28121] ? __pfx_sock_ioctl+0x10/0x10 [ 1623.586550][T28121] ? hook_file_ioctl_common+0x146/0x410 [ 1623.586599][T28121] ? __fget_files+0x21f/0x3d0 [ 1623.586627][T28121] ? __pfx_sock_ioctl+0x10/0x10 [ 1623.586669][T28121] __x64_sys_ioctl+0x18e/0x210 [ 1623.586708][T28121] do_syscall_64+0x106/0xf80 [ 1623.586738][T28121] ? clear_bhb_loop+0x40/0x90 [ 1623.586769][T28121] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1623.586796][T28121] RIP: 0033:0x7f7c9b79c799 [ 1623.586818][T28121] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1623.586843][T28121] RSP: 002b:00007f7c9c5cf028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1623.586867][T28121] RAX: ffffffffffffffda RBX: 00007f7c9ba15fa0 RCX: 00007f7c9b79c799 [ 1623.586885][T28121] RDX: 0000200000000040 RSI: 00000000000089fc RDI: 000000000000000a [ 1623.586901][T28121] RBP: 00007f7c9b832bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1623.586917][T28121] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1623.586932][T28121] R13: 00007f7c9ba16038 R14: 00007f7c9ba15fa0 R15: 00007fffc749a108 [ 1623.586964][T28121] [ 1624.841457][T28121] bridge0: port 3(gretap0) entered blocking state [ 1624.848058][T28121] bridge0: port 3(gretap0) entered forwarding state [ 1625.937907][T28128] FAULT_INJECTION: forcing a failure. [ 1625.937907][T28128] name failslab, interval 1, probability 0, space 0, times 0 [ 1625.981137][T28128] CPU: 0 UID: 0 PID: 28128 Comm: syz.3.5084 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1625.981181][T28128] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1625.981191][T28128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1625.981207][T28128] Call Trace: [ 1625.981215][T28128] [ 1625.981226][T28128] dump_stack_lvl+0x100/0x190 [ 1625.981271][T28128] should_fail_ex.cold+0x5/0xa [ 1625.981301][T28128] should_failslab+0xc2/0x120 [ 1625.981327][T28128] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1625.981365][T28128] ? anon_vma_clone+0x2bd/0xc70 [ 1625.981403][T28128] anon_vma_clone+0x2bd/0xc70 [ 1625.981443][T28128] anon_vma_fork+0x1bb/0x6b0 [ 1625.981483][T28128] dup_mmap+0x141f/0x2180 [ 1625.981525][T28128] ? __pfx_dup_mmap+0x10/0x10 [ 1625.981553][T28128] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1625.981589][T28128] ? __lock_acquire+0x4a5/0x2630 [ 1625.981623][T28128] ? find_held_lock+0x2b/0x80 [ 1625.981646][T28128] ? __percpu_counter_init_many+0x2bc/0x3b0 [ 1625.981713][T28128] copy_process+0x73d7/0x7a10 [ 1625.981744][T28128] ? __pfx___schedule+0x10/0x10 [ 1625.981784][T28128] ? __pfx_copy_process+0x10/0x10 [ 1625.981822][T28128] ? _copy_from_user+0x59/0xd0 [ 1625.981868][T28128] kernel_clone+0xfc/0x9a0 [ 1625.981900][T28128] ? __pfx_kernel_clone+0x10/0x10 [ 1625.981928][T28128] ? futex_private_hash_put+0x107/0x1c0 [ 1625.981978][T28128] ? __pfx_futex_wake+0x10/0x10 [ 1625.982021][T28128] __do_sys_clone3+0x214/0x290 [ 1625.982051][T28128] ? __pfx___do_sys_clone3+0x10/0x10 [ 1625.982121][T28128] do_syscall_64+0x106/0xf80 [ 1625.982151][T28128] ? clear_bhb_loop+0x40/0x90 [ 1625.982183][T28128] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1625.982210][T28128] RIP: 0033:0x7f7c9b79c799 [ 1625.982231][T28128] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1625.982257][T28128] RSP: 002b:00007f7c9c5ceef8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1625.982281][T28128] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f7c9b79c799 [ 1625.982298][T28128] RDX: 00007f7c9c5cef10 RSI: 0000000000000058 RDI: 00007f7c9c5cef10 [ 1625.982313][T28128] RBP: 00007f7c9b832bd9 R08: 0000000000000000 R09: 0000000000000058 [ 1625.982329][T28128] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1625.982345][T28128] R13: 00007f7c9ba16038 R14: 00007f7c9ba15fa0 R15: 00007fffc749a108 [ 1625.982377][T28128] [ 1626.315207][T28130] ptrace attach of "./syz-executor exec"[25859] was attempted by "!Ҿ\x22?fg]nuX\x0ac^>x0AJ\x22\x1bFiKu'H^\x1b+y??_e[g\x22a֞^6Y6E܈$;RWs\x1bVny1қ\x22Cb\x0b*R{\x0doVySn\x22vq.c^4_>PIW\x22ͳLX7fKc,ZC\x07gg)$b{(R\x22xQMhO*͜5KwZQ\x07#\x22\x5c=J(s @T+ގR^rᳶ}:E>dIvQˡF$Ug2V4)j.6|āNj[B>\x0a\x09\x22v']-DSMrVK4DFss|\x09bG#\x07_a\x0dc0\x1bD0Y\x07Qd>ɇR&A*&ضȶ~wsȝ7^zn|P$8{3eпz8Жb7ODKKI>\x0b ]pS\x0aOj?As\x0d\x0c%q{칐\x1bw9k^cBXEg*_3ev%fwQ尠Qf5~էA\x22O:opPo|$% ~Ώa^6{ ޥ\x07Fy-ӫ:@8'uMˁѤEDxrC9\x5cfڥڣzKMkaĵ_ u-Zp)H\x0aj=ٱǧv/)\x1bOq7w3pxv.J`DyN\x0aQ谗>07-4Pe5h1m [ 1626.369424][T28132] futex_wake_op: syz.3.5086 tries to shift op by -2048; fix this program [ 1626.471344][T28132] futex_wake_op: syz.3.5086 tries to shift op by -2048; fix this program [ 1626.492794][T28132] 0x000000000001-0x000000020000 : "" [ 1626.538086][T28132] ftl_cs: FTL header corrupt! [ 1631.309170][T28185] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5097'. [ 1636.882328][T28227] netlink: 342 bytes leftover after parsing attributes in process `syz.3.5110'. [ 1637.240191][T28232] __vm_enough_memory: pid: 28232, comm: syz.3.5111, bytes: 4398046511104 not enough memory for the allocation [ 1637.371785][T28232] __vm_enough_memory: pid: 28232, comm: syz.3.5111, bytes: 4398046511104 not enough memory for the allocation [ 1637.422623][T28232] __vm_enough_memory: pid: 28232, comm: syz.3.5111, bytes: 4398046511104 not enough memory for the allocation [ 1637.480132][T28232] __vm_enough_memory: pid: 28232, comm: syz.3.5111, bytes: 4398046511104 not enough memory for the allocation [ 1637.538830][T28232] __vm_enough_memory: pid: 28232, comm: syz.3.5111, bytes: 4398046511104 not enough memory for the allocation [ 1637.607840][T28232] __vm_enough_memory: pid: 28232, comm: syz.3.5111, bytes: 4398046511104 not enough memory for the allocation [ 1637.652522][T28232] __vm_enough_memory: pid: 28232, comm: syz.3.5111, bytes: 4398046511104 not enough memory for the allocation [ 1637.723225][T28232] __vm_enough_memory: pid: 28232, comm: syz.3.5111, bytes: 4398046511104 not enough memory for the allocation [ 1637.808604][T28232] __vm_enough_memory: pid: 28232, comm: syz.3.5111, bytes: 4398046511104 not enough memory for the allocation [ 1637.872404][T28232] __vm_enough_memory: pid: 28232, comm: syz.3.5111, bytes: 4398046511104 not enough memory for the allocation [ 1638.643054][ T52] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 1638.664263][ T52] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 1638.675483][ T52] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 1638.685124][ T52] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 1638.693692][ T52] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 1639.303243][T28269] bridge0: port 3(gretap0) entered blocking state [ 1639.328341][T28269] bridge0: port 3(gretap0) entered disabled state [ 1639.361100][T28269] gretap0: entered allmulticast mode [ 1639.403622][T28269] gretap0: entered promiscuous mode [ 1639.439039][T28269] FAULT_INJECTION: forcing a failure. [ 1639.439039][T28269] name failslab, interval 1, probability 0, space 0, times 0 [ 1639.496217][T28269] CPU: 0 UID: 0 PID: 28269 Comm: syz.5.5116 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1639.496262][T28269] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1639.496272][T28269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1639.496288][T28269] Call Trace: [ 1639.496297][T28269] [ 1639.496308][T28269] dump_stack_lvl+0x100/0x190 [ 1639.496352][T28269] should_fail_ex.cold+0x5/0xa [ 1639.496383][T28269] should_failslab+0xc2/0x120 [ 1639.496409][T28269] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1639.496443][T28269] ? vlan_vid_add+0x326/0x730 [ 1639.496544][T28269] vlan_vid_add+0x326/0x730 [ 1639.496581][T28269] __vlan_add+0x266f/0x2dd0 [ 1639.496619][T28269] ? __pfx___vlan_add+0x10/0x10 [ 1639.496653][T28269] nbp_vlan_add+0x258/0x3e0 [ 1639.496682][T28269] nbp_vlan_init+0x373/0x500 [ 1639.496708][T28269] ? __pfx_nbp_vlan_init+0x10/0x10 [ 1639.496740][T28269] ? __local_bh_enable_ip+0x9e/0x120 [ 1639.496767][T28269] ? lockdep_hardirqs_on+0x78/0x100 [ 1639.496797][T28269] ? br_fdb_add_local+0x43/0x60 [ 1639.496844][T28269] ? __local_bh_enable_ip+0x9e/0x120 [ 1639.496876][T28269] br_add_if+0xf79/0x1b40 [ 1639.496903][T28269] ? veth_get_iflink+0x2a3/0x2c0 [ 1639.496941][T28269] add_del_if+0x114/0x160 [ 1639.496971][T28269] br_dev_siocdevprivate+0x8ac/0x1650 [ 1639.497002][T28269] ? __lock_acquire+0x4a5/0x2630 [ 1639.497035][T28269] ? __pfx_br_dev_siocdevprivate+0x10/0x10 [ 1639.497076][T28269] ? do_raw_spin_lock+0x128/0x260 [ 1639.497119][T28269] ? mark_held_locks+0x40/0x70 [ 1639.497155][T28269] ? netdev_name_node_lookup+0x107/0x150 [ 1639.497182][T28269] ? __mutex_lock+0x26a/0x1b90 [ 1639.497217][T28269] dev_ifsioc+0xc1e/0x1e90 [ 1639.497248][T28269] ? __pfx_dev_ifsioc+0x10/0x10 [ 1639.497273][T28269] ? __pfx___mutex_lock+0x10/0x10 [ 1639.497315][T28269] ? dev_load+0x8e/0x240 [ 1639.497340][T28269] ? dev_load+0x8e/0x240 [ 1639.497372][T28269] dev_ioctl+0x70e/0x1070 [ 1639.497402][T28269] sock_ioctl+0x494/0x6b0 [ 1639.497444][T28269] ? __pfx_sock_ioctl+0x10/0x10 [ 1639.497482][T28269] ? hook_file_ioctl_common+0x146/0x410 [ 1639.497530][T28269] ? __fget_files+0x21f/0x3d0 [ 1639.497558][T28269] ? __pfx_sock_ioctl+0x10/0x10 [ 1639.497600][T28269] __x64_sys_ioctl+0x18e/0x210 [ 1639.497639][T28269] do_syscall_64+0x106/0xf80 [ 1639.497669][T28269] ? clear_bhb_loop+0x40/0x90 [ 1639.497700][T28269] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1639.497727][T28269] RIP: 0033:0x7ff3b7b9c799 [ 1639.497747][T28269] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1639.497773][T28269] RSP: 002b:00007ff3b8a15028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1639.497797][T28269] RAX: ffffffffffffffda RBX: 00007ff3b7e15fa0 RCX: 00007ff3b7b9c799 [ 1639.497821][T28269] RDX: 0000200000000040 RSI: 00000000000089fc RDI: 000000000000000a [ 1639.497837][T28269] RBP: 00007ff3b7c32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1639.497853][T28269] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1639.497868][T28269] R13: 00007ff3b7e16038 R14: 00007ff3b7e15fa0 R15: 00007fffbd973848 [ 1639.497902][T28269] [ 1640.727178][ T52] Bluetooth: hci6: command tx timeout [ 1640.822096][T28269] gretap0: failed to initialize vlan filtering on this port [ 1640.849133][T28269] gretap0: left allmulticast mode [ 1642.095246][T28262] chnl_net:caif_netlink_parms(): no params data found [ 1642.590770][T28262] bridge0: port 1(bridge_slave_0) entered blocking state [ 1642.645114][T28262] bridge0: port 1(bridge_slave_0) entered disabled state [ 1642.688308][T28262] bridge_slave_0: entered allmulticast mode [ 1642.736736][T28262] bridge_slave_0: entered promiscuous mode [ 1642.781551][T28262] bridge0: port 2(bridge_slave_1) entered blocking state [ 1642.806890][ T52] Bluetooth: hci6: command tx timeout [ 1642.844834][T28262] bridge0: port 2(bridge_slave_1) entered disabled state [ 1642.884334][T28262] bridge_slave_1: entered allmulticast mode [ 1642.933581][T28262] bridge_slave_1: entered promiscuous mode [ 1643.119307][T28262] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1643.190789][T28262] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1643.448345][T28262] team0: Port device team_slave_0 added [ 1643.487361][T28262] team0: Port device team_slave_1 added [ 1643.646438][T28262] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1643.653531][T28262] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1643.838977][T28262] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1643.939919][T28262] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1643.975581][T28262] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1644.176702][T28262] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1644.448567][T28262] hsr_slave_0: entered promiscuous mode [ 1644.496070][T28262] hsr_slave_1: entered promiscuous mode [ 1644.538110][T28262] debugfs: 'hsr0' already exists in 'hsr' [ 1644.568535][T28262] Cannot create hsr debugfs directory [ 1644.886943][ T52] Bluetooth: hci6: command tx timeout [ 1646.971163][ T52] Bluetooth: hci6: command tx timeout [ 1651.649932][T28346] bridge0: port 3(gretap0) entered blocking state [ 1651.707737][T28346] bridge0: port 3(gretap0) entered disabled state [ 1651.714444][T28346] gretap0: entered allmulticast mode [ 1651.752055][T28346] FAULT_INJECTION: forcing a failure. [ 1651.752055][T28346] name failslab, interval 1, probability 0, space 0, times 0 [ 1651.764787][T28346] CPU: 0 UID: 0 PID: 28346 Comm: syz.5.5133 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1651.764828][T28346] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1651.764839][T28346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1651.764855][T28346] Call Trace: [ 1651.764864][T28346] [ 1651.764873][T28346] dump_stack_lvl+0x100/0x190 [ 1651.764917][T28346] should_fail_ex.cold+0x5/0xa [ 1651.764947][T28346] should_failslab+0xc2/0x120 [ 1651.764974][T28346] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 1651.765014][T28346] ? __alloc_skb+0x140/0x710 [ 1651.765048][T28346] __alloc_skb+0x140/0x710 [ 1651.765074][T28346] ? __alloc_skb+0x5b7/0x710 [ 1651.765101][T28346] ? __pfx___alloc_skb+0x10/0x10 [ 1651.765133][T28346] ? __pfx_fdb_create+0x10/0x10 [ 1651.765174][T28346] fdb_notify+0xa2/0x190 [ 1651.765213][T28346] fdb_add_local+0x184/0x1c0 [ 1651.765252][T28346] br_fdb_add_local+0x39/0x60 [ 1651.765294][T28346] __vlan_add+0x1820/0x2dd0 [ 1651.765331][T28346] ? __pfx___vlan_add+0x10/0x10 [ 1651.765364][T28346] nbp_vlan_add+0x258/0x3e0 [ 1651.765394][T28346] nbp_vlan_init+0x373/0x500 [ 1651.765421][T28346] ? __pfx_nbp_vlan_init+0x10/0x10 [ 1651.765452][T28346] ? __local_bh_enable_ip+0x9e/0x120 [ 1651.765479][T28346] ? lockdep_hardirqs_on+0x78/0x100 [ 1651.765510][T28346] ? br_fdb_add_local+0x43/0x60 [ 1651.765548][T28346] ? __local_bh_enable_ip+0x9e/0x120 [ 1651.765579][T28346] br_add_if+0xf79/0x1b40 [ 1651.765614][T28346] add_del_if+0x114/0x160 [ 1651.765644][T28346] br_dev_siocdevprivate+0x8ac/0x1650 [ 1651.765677][T28346] ? __pfx_br_dev_siocdevprivate+0x10/0x10 [ 1651.765726][T28346] ? lock_acquire+0x1cf/0x380 [ 1651.765769][T28346] ? netdev_name_node_lookup+0x107/0x150 [ 1651.765795][T28346] ? __mutex_lock+0x26a/0x1b90 [ 1651.765830][T28346] dev_ifsioc+0xc1e/0x1e90 [ 1651.765861][T28346] ? __pfx_dev_ifsioc+0x10/0x10 [ 1651.765887][T28346] ? __pfx___mutex_lock+0x10/0x10 [ 1651.765929][T28346] ? dev_load+0x8e/0x240 [ 1651.765953][T28346] ? dev_load+0x8e/0x240 [ 1651.765985][T28346] dev_ioctl+0x70e/0x1070 [ 1651.766015][T28346] sock_ioctl+0x494/0x6b0 [ 1651.766057][T28346] ? __pfx_sock_ioctl+0x10/0x10 [ 1651.766095][T28346] ? hook_file_ioctl_common+0x146/0x410 [ 1651.766144][T28346] ? __fget_files+0x21f/0x3d0 [ 1651.766172][T28346] ? __pfx_sock_ioctl+0x10/0x10 [ 1651.766217][T28346] __x64_sys_ioctl+0x18e/0x210 [ 1651.766256][T28346] do_syscall_64+0x106/0xf80 [ 1651.766286][T28346] ? clear_bhb_loop+0x40/0x90 [ 1651.766317][T28346] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1651.766344][T28346] RIP: 0033:0x7ff3b7b9c799 [ 1651.766366][T28346] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1651.766390][T28346] RSP: 002b:00007ff3b8a15028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1651.766414][T28346] RAX: ffffffffffffffda RBX: 00007ff3b7e15fa0 RCX: 00007ff3b7b9c799 [ 1651.766431][T28346] RDX: 0000200000000040 RSI: 00000000000089fc RDI: 000000000000000a [ 1651.766447][T28346] RBP: 00007ff3b7c32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1651.766463][T28346] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1651.766478][T28346] R13: 00007ff3b7e16038 R14: 00007ff3b7e15fa0 R15: 00007fffbd973848 [ 1651.766510][T28346] [ 1653.426654][T28346] bridge0: port 3(gretap0) entered blocking state [ 1653.433214][T28346] bridge0: port 3(gretap0) entered forwarding state [ 1654.172060][T28356] binder: 28355:28356 ioctl c018620c 200000000040 returned -22 [ 1660.393207][T28426] FAULT_INJECTION: forcing a failure. [ 1660.393207][T28426] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1660.453432][T28426] CPU: 0 UID: 0 PID: 28426 Comm: syz.3.5156 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1660.453476][T28426] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1660.453487][T28426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1660.453503][T28426] Call Trace: [ 1660.453511][T28426] [ 1660.453522][T28426] dump_stack_lvl+0x100/0x190 [ 1660.453567][T28426] should_fail_ex.cold+0x5/0xa [ 1660.453592][T28426] ? prepare_alloc_pages+0x16d/0x5f0 [ 1660.453625][T28426] should_fail_alloc_page+0xeb/0x140 [ 1660.453653][T28426] prepare_alloc_pages+0x1f0/0x5f0 [ 1660.453682][T28426] ? mas_wr_store_entry+0x6d2/0x2390 [ 1660.453724][T28426] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 1660.453763][T28426] ? perf_event_mmap+0xbc/0xe40 [ 1660.453804][T28426] ? vms_complete_munmap_vmas+0x1e1/0xdd0 [ 1660.453851][T28426] ? mas_store_prealloc+0x893/0xfb0 [ 1660.453889][T28426] ? __pfx_perf_event_mmap+0x10/0x10 [ 1660.453932][T28426] ? __pfx_vms_complete_munmap_vmas+0x10/0x10 [ 1660.453969][T28426] ? vma_wants_writenotify+0x10b/0x390 [ 1660.454007][T28426] ? __pfx_vma_wants_writenotify+0x10/0x10 [ 1660.454047][T28426] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1660.454092][T28426] ? vma_set_page_prot+0xb1/0x120 [ 1660.454128][T28426] ? mas_ascend+0x53d/0xb30 [ 1660.454155][T28426] ? __pfx___mmap_region+0x10/0x10 [ 1660.454190][T28426] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1660.454236][T28426] ? policy_nodemask+0xed/0x4f0 [ 1660.454264][T28426] alloc_pages_mpol+0x1fb/0x550 [ 1660.454292][T28426] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1660.454326][T28426] alloc_pages_noprof+0x131/0x390 [ 1660.454354][T28426] __pmd_alloc+0x3b/0x9c0 [ 1660.454385][T28426] __handle_mm_fault+0xa99/0x2b60 [ 1660.454424][T28426] ? mt_find+0x45e/0x8e0 [ 1660.454458][T28426] ? __pfx___handle_mm_fault+0x10/0x10 [ 1660.454491][T28426] ? __pfx_mt_find+0x10/0x10 [ 1660.454547][T28426] handle_mm_fault+0x36d/0xa20 [ 1660.454587][T28426] __get_user_pages+0xf9c/0x34d0 [ 1660.454626][T28426] ? __pfx___get_user_pages+0x10/0x10 [ 1660.454662][T28426] populate_vma_page_range+0x267/0x3f0 [ 1660.454695][T28426] ? __pfx_populate_vma_page_range+0x10/0x10 [ 1660.454725][T28426] ? __pfx_find_vma_intersection+0x10/0x10 [ 1660.454753][T28426] ? do_mmap+0x93f/0x12f0 [ 1660.454784][T28426] __mm_populate+0x107/0x3a0 [ 1660.454814][T28426] ? __pfx___mm_populate+0x10/0x10 [ 1660.454852][T28426] ? up_write+0x290/0x4f0 [ 1660.454893][T28426] vm_mmap_pgoff+0x37f/0x470 [ 1660.454925][T28426] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1660.454955][T28426] ? do_futex+0x192/0x350 [ 1660.454989][T28426] ? __pfx_do_futex+0x10/0x10 [ 1660.455027][T28426] ksys_mmap_pgoff+0xe1/0x650 [ 1660.455053][T28426] ? __x64_sys_futex+0x34f/0x4d0 [ 1660.455085][T28426] ? __x64_sys_futex+0x358/0x4d0 [ 1660.455119][T28426] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 1660.455146][T28426] ? xfd_validate_state+0x129/0x190 [ 1660.455189][T28426] __x64_sys_mmap+0x125/0x190 [ 1660.455230][T28426] do_syscall_64+0x106/0xf80 [ 1660.455260][T28426] ? clear_bhb_loop+0x40/0x90 [ 1660.455291][T28426] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1660.455318][T28426] RIP: 0033:0x7f7c9b79c799 [ 1660.455340][T28426] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1660.455365][T28426] RSP: 002b:00007f7c9c5cf028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1660.455392][T28426] RAX: ffffffffffffffda RBX: 00007f7c9ba15fa0 RCX: 00007f7c9b79c799 [ 1660.455409][T28426] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 1660.455425][T28426] RBP: 00007f7c9b832bd9 R08: 0000000000000002 R09: 0000000000008000 [ 1660.455442][T28426] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 1660.455457][T28426] R13: 00007f7c9ba16038 R14: 00007f7c9ba15fa0 R15: 00007fffc749a108 [ 1660.455490][T28426] [ 1664.078472][T28447] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1664.095347][T28447] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1664.114051][T28447] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1664.136852][T28447] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1664.172034][T28447] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1664.193256][T28447] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1664.217250][T28447] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1664.244966][T28447] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1664.264185][T28447] Bluetooth: hci6: Opcode 0x0c1a failed: -4 [ 1664.289223][T28447] Bluetooth: hci6: Opcode 0x0406 failed: -4 [ 1664.313795][T28447] Bluetooth: hci6: Opcode 0x0406 failed: -4 [ 1664.564455][T28454] netlink: 'syz.3.5164': attribute type 1 has an invalid length. [ 1665.368732][ T52] Bluetooth: hci3: command 0x0c1a tx timeout [ 1665.597558][T28466] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(2) [ 1666.167725][ T52] Bluetooth: hci5: command 0x0c1a tx timeout [ 1666.174189][T26433] Bluetooth: hci4: command 0x041b tx timeout [ 1666.180306][T25659] Bluetooth: hci0: command 0x0c1a tx timeout [ 1666.250184][ T52] Bluetooth: hci2: command 0x0c1a tx timeout [ 1666.256522][T26433] Bluetooth: hci1: command 0x0c1a tx timeout [ 1666.328103][ T52] Bluetooth: hci6: command 0x0c1a tx timeout [ 1668.249299][T25659] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 1668.261997][T25659] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 1668.275453][T25659] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 1668.283605][T25659] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 1668.291467][T25659] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 1668.327432][T25659] Bluetooth: hci2: command 0x0c1a tx timeout [ 1668.411542][T25659] Bluetooth: hci6: command 0x0c1a tx timeout [ 1669.371916][T28493] chnl_net:caif_netlink_parms(): no params data found [ 1669.456421][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1669.462772][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1669.851413][T28493] bridge0: port 1(bridge_slave_0) entered blocking state [ 1669.900446][T28493] bridge0: port 1(bridge_slave_0) entered disabled state [ 1669.959795][T28493] bridge_slave_0: entered allmulticast mode [ 1670.019998][T28493] bridge_slave_0: entered promiscuous mode [ 1670.060265][T28493] bridge0: port 2(bridge_slave_1) entered blocking state [ 1670.099088][T28493] bridge0: port 2(bridge_slave_1) entered disabled state [ 1670.158279][T28493] bridge_slave_1: entered allmulticast mode [ 1670.203059][T28493] bridge_slave_1: entered promiscuous mode [ 1670.326549][T25659] Bluetooth: hci7: command tx timeout [ 1670.407442][T25659] Bluetooth: hci2: command 0x0c1a tx timeout [ 1670.438844][T28493] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1670.490525][T25659] Bluetooth: hci6: command 0x0c1a tx timeout [ 1670.529014][T28493] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1670.702840][T28493] team0: Port device team_slave_0 added [ 1670.767467][T28493] team0: Port device team_slave_1 added [ 1670.935919][T28493] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1670.984835][T28493] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1671.156375][T28493] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1671.226608][T28493] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1671.263233][T28493] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1671.385786][T28493] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1671.844579][T28493] hsr_slave_0: entered promiscuous mode [ 1671.880171][T28493] hsr_slave_1: entered promiscuous mode [ 1671.910422][T28493] debugfs: 'hsr0' already exists in 'hsr' [ 1671.939475][T28493] Cannot create hsr debugfs directory [ 1672.407156][T25659] Bluetooth: hci7: command tx timeout [ 1673.910242][T28548] FAULT_INJECTION: forcing a failure. [ 1673.910242][T28548] name failslab, interval 1, probability 0, space 0, times 0 [ 1673.966422][T28548] CPU: 0 UID: 0 PID: 28548 Comm: syz.5.5184 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1673.966465][T28548] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1673.966474][T28548] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1673.966489][T28548] Call Trace: [ 1673.966498][T28548] [ 1673.966507][T28548] dump_stack_lvl+0x100/0x190 [ 1673.966549][T28548] should_fail_ex.cold+0x5/0xa [ 1673.966583][T28548] ? copy_splice_read+0x1a3/0xb90 [ 1673.966621][T28548] should_failslab+0xc2/0x120 [ 1673.966646][T28548] __kmalloc_noprof+0xe0/0x850 [ 1673.966688][T28548] copy_splice_read+0x1a3/0xb90 [ 1673.966729][T28548] ? pipe_lock+0x69/0x80 [ 1673.966769][T28548] ? __pfx_copy_splice_read+0x10/0x10 [ 1673.966819][T28548] ? __fget_files+0x215/0x3d0 [ 1673.966844][T28548] ? __pfx_copy_splice_read+0x10/0x10 [ 1673.966883][T28548] do_splice_read+0x285/0x370 [ 1673.966926][T28548] splice_file_to_pipe+0x82/0x120 [ 1673.966953][T28548] do_sendfile+0x366/0xe20 [ 1673.966996][T28548] ? __pfx_do_sendfile+0x10/0x10 [ 1673.967034][T28548] ? __fget_files+0x21f/0x3d0 [ 1673.967063][T28548] __x64_sys_sendfile64+0x1d8/0x220 [ 1673.967089][T28548] ? ksys_write+0x1ac/0x250 [ 1673.967127][T28548] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1673.967164][T28548] do_syscall_64+0x106/0xf80 [ 1673.967194][T28548] ? clear_bhb_loop+0x40/0x90 [ 1673.967224][T28548] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1673.967249][T28548] RIP: 0033:0x7ff3b7b9c799 [ 1673.967280][T28548] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1673.967305][T28548] RSP: 002b:00007ff3b8a15028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1673.967328][T28548] RAX: ffffffffffffffda RBX: 00007ff3b7e15fa0 RCX: 00007ff3b7b9c799 [ 1673.967345][T28548] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000001 [ 1673.967360][T28548] RBP: 00007ff3b8a15090 R08: 0000000000000000 R09: 0000000000000000 [ 1673.967381][T28548] R10: 000000007ffff000 R11: 0000000000000246 R12: 0000000000000001 [ 1673.967396][T28548] R13: 00007ff3b7e16038 R14: 00007ff3b7e15fa0 R15: 00007fffbd973848 [ 1673.967427][T28548] [ 1674.547448][T25659] Bluetooth: hci7: command tx timeout [ 1675.128929][T28550] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(2) [ 1676.239693][T28570] futex_wake_op: syz.3.5188 tries to shift op by -2048; fix this program [ 1676.309322][T28570] futex_wake_op: syz.3.5188 tries to shift op by -2048; fix this program [ 1676.346670][T28571] 0x000000000001-0x000000020000 : "" [ 1676.490283][T28571] ftl_cs: FTL header corrupt! [ 1676.566793][T25659] Bluetooth: hci7: command tx timeout [ 1676.612060][T28576] futex_wake_op: syz.5.5189 tries to shift op by -2048; fix this program [ 1676.669553][T28576] futex_wake_op: syz.5.5189 tries to shift op by -2048; fix this program [ 1677.952504][T28586] futex_wake_op: syz.3.5191 tries to shift op by -2048; fix this program [ 1678.060980][T28586] futex_wake_op: syz.3.5191 tries to shift op by -2048; fix this program [ 1678.170804][T28587] 0x000000000001-0x000000020000 : "" [ 1678.226985][T28587] ftl_cs: FTL header corrupt! [ 1681.169855][T28603] FAULT_INJECTION: forcing a failure. [ 1681.169855][T28603] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1681.312123][T28603] CPU: 0 UID: 0 PID: 28603 Comm: syz.3.5193 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1681.312164][T28603] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1681.312173][T28603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1681.312188][T28603] Call Trace: [ 1681.312197][T28603] [ 1681.312206][T28603] dump_stack_lvl+0x100/0x190 [ 1681.312252][T28603] should_fail_ex.cold+0x5/0xa [ 1681.312276][T28603] ? prepare_alloc_pages+0x16d/0x5f0 [ 1681.312310][T28603] should_fail_alloc_page+0xeb/0x140 [ 1681.312337][T28603] prepare_alloc_pages+0x1f0/0x5f0 [ 1681.312364][T28603] ? kernel_text_address+0x8d/0x100 [ 1681.312403][T28603] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 1681.312451][T28603] ? copy_splice_read+0x1a3/0xb90 [ 1681.312491][T28603] ? stack_trace_save+0x8e/0xc0 [ 1681.312515][T28603] ? __pfx_stack_trace_save+0x10/0x10 [ 1681.312541][T28603] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1681.312581][T28603] ? copy_splice_read+0x1a3/0xb90 [ 1681.312617][T28603] ? kasan_save_stack+0x3f/0x50 [ 1681.312653][T28603] ? kasan_save_stack+0x30/0x50 [ 1681.312688][T28603] ? kasan_save_track+0x14/0x30 [ 1681.312723][T28603] ? __kasan_kmalloc+0xaa/0xb0 [ 1681.312757][T28603] ? __kmalloc_noprof+0x301/0x850 [ 1681.312791][T28603] ? copy_splice_read+0x1a3/0xb90 [ 1681.312828][T28603] ? do_splice_read+0x285/0x370 [ 1681.312885][T28603] alloc_pages_bulk_noprof+0x782/0x1490 [ 1681.312933][T28603] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 1681.312978][T28603] ? __kmalloc_noprof+0x320/0x850 [ 1681.313019][T28603] copy_splice_read+0x1e1/0xb90 [ 1681.313059][T28603] ? pipe_lock+0x69/0x80 [ 1681.313106][T28603] ? __pfx_copy_splice_read+0x10/0x10 [ 1681.313160][T28603] ? __fget_files+0x215/0x3d0 [ 1681.313185][T28603] ? __pfx_copy_splice_read+0x10/0x10 [ 1681.313224][T28603] do_splice_read+0x285/0x370 [ 1681.313265][T28603] splice_file_to_pipe+0x82/0x120 [ 1681.313292][T28603] do_sendfile+0x366/0xe20 [ 1681.313335][T28603] ? __pfx_do_sendfile+0x10/0x10 [ 1681.313372][T28603] ? __fget_files+0x21f/0x3d0 [ 1681.313401][T28603] __x64_sys_sendfile64+0x1d8/0x220 [ 1681.313427][T28603] ? ksys_write+0x1ac/0x250 [ 1681.313464][T28603] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1681.313500][T28603] do_syscall_64+0x106/0xf80 [ 1681.313532][T28603] ? clear_bhb_loop+0x40/0x90 [ 1681.313562][T28603] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1681.313587][T28603] RIP: 0033:0x7f7c9b79c799 [ 1681.313606][T28603] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1681.313629][T28603] RSP: 002b:00007f7c9c5cf028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1681.313652][T28603] RAX: ffffffffffffffda RBX: 00007f7c9ba15fa0 RCX: 00007f7c9b79c799 [ 1681.313668][T28603] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000001 [ 1681.313682][T28603] RBP: 00007f7c9c5cf090 R08: 0000000000000000 R09: 0000000000000000 [ 1681.313697][T28603] R10: 000000007ffff000 R11: 0000000000000246 R12: 0000000000000001 [ 1681.313712][T28603] R13: 00007f7c9ba16038 R14: 00007f7c9ba15fa0 R15: 00007fffc749a108 [ 1681.313743][T28603] [ 1683.098252][T28607] nfsd: Unknown parameter 'ԣ' [ 1684.153770][T28617] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(12) [ 1689.265659][T28648] netlink: 342 bytes leftover after parsing attributes in process `syz.3.5202'. [ 1689.374395][T28650] futex_wake_op: syz.5.5203 tries to shift op by -2048; fix this program [ 1689.417648][T28650] futex_wake_op: syz.5.5203 tries to shift op by -2048; fix this program [ 1689.462381][T28650] 0x000000000001-0x000000020000 : "" [ 1689.503682][T28650] ftl_cs: FTL header corrupt! [ 1690.883586][T28664] input: jJǸ-9%vJ86 as /devices/virtual/input/input28 [ 1691.255641][T28668] futex_wake_op: syz.3.5206 tries to shift op by -2048; fix this program [ 1691.349345][T28668] futex_wake_op: syz.3.5206 tries to shift op by -2048; fix this program [ 1691.400865][T28669] 0x000000000001-0x000000020000 : "" [ 1691.516651][T28669] ftl_cs: FTL header corrupt! [ 1695.140219][T28697] FAULT_INJECTION: forcing a failure. [ 1695.140219][T28697] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1695.208384][T28697] CPU: 0 UID: 0 PID: 28697 Comm: syz.3.5213 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1695.208427][T28697] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1695.208437][T28697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1695.208451][T28697] Call Trace: [ 1695.208459][T28697] [ 1695.208469][T28697] dump_stack_lvl+0x100/0x190 [ 1695.208511][T28697] should_fail_ex.cold+0x5/0xa [ 1695.208539][T28697] _copy_to_user+0x32/0xd0 [ 1695.208566][T28697] simple_read_from_buffer+0xcb/0x170 [ 1695.208606][T28697] proc_fail_nth_read+0x1af/0x230 [ 1695.208638][T28697] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1695.208668][T28697] ? rw_verify_area+0xce/0x6d0 [ 1695.208703][T28697] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1695.208731][T28697] vfs_read+0x1e4/0xb30 [ 1695.208772][T28697] ? __pfx_vfs_read+0x10/0x10 [ 1695.208809][T28697] ? __fget_files+0x215/0x3d0 [ 1695.208838][T28697] ? __fget_files+0x21f/0x3d0 [ 1695.208868][T28697] ksys_read+0x12a/0x250 [ 1695.208905][T28697] ? __pfx_ksys_read+0x10/0x10 [ 1695.208950][T28697] do_syscall_64+0x106/0xf80 [ 1695.208980][T28697] ? clear_bhb_loop+0x40/0x90 [ 1695.209010][T28697] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1695.209035][T28697] RIP: 0033:0x7f7c9b75cfce [ 1695.209055][T28697] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1695.209079][T28697] RSP: 002b:00007f7c9c5cefe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1695.209102][T28697] RAX: ffffffffffffffda RBX: 00007f7c9c5cf6c0 RCX: 00007f7c9b75cfce [ 1695.209118][T28697] RDX: 000000000000000f RSI: 00007f7c9c5cf0a0 RDI: 0000000000000003 [ 1695.209133][T28697] RBP: 00007f7c9c5cf090 R08: 0000000000000000 R09: 0000000000000000 [ 1695.209147][T28697] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1695.209162][T28697] R13: 00007f7c9ba16038 R14: 00007f7c9ba15fa0 R15: 00007fffc749a108 [ 1695.209192][T28697] [ 1695.623315][T28702] netlink: 342 bytes leftover after parsing attributes in process `syz.3.5215'. [ 1696.447186][ T9] usb usb40-port2: attempt power cycle [ 1697.039757][ T9] usb usb40-port2: unable to enumerate USB device [ 1698.551715][T28736] block nbd8: shutting down sockets [ 1698.939045][T28739] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 1698.959434][T28739] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 1698.970959][T28739] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 1698.982278][T28739] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 1698.994066][T28739] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 1699.126391][T28629] Bluetooth: hci8: Opcode 0x0c03 failed: -110 [ 1699.955459][T28738] chnl_net:caif_netlink_parms(): no params data found [ 1700.579745][T28738] bridge0: port 1(bridge_slave_0) entered blocking state [ 1700.634798][T28738] bridge0: port 1(bridge_slave_0) entered disabled state [ 1700.697370][T28738] bridge_slave_0: entered allmulticast mode [ 1700.741533][T28738] bridge_slave_0: entered promiscuous mode [ 1700.813813][T28738] bridge0: port 2(bridge_slave_1) entered blocking state [ 1700.878808][T28738] bridge0: port 2(bridge_slave_1) entered disabled state [ 1700.927676][T28738] bridge_slave_1: entered allmulticast mode [ 1700.972639][T28738] bridge_slave_1: entered promiscuous mode [ 1701.047772][T28629] Bluetooth: hci9: command tx timeout [ 1701.101800][T28768] netlink: 342 bytes leftover after parsing attributes in process `syz.3.5229'. [ 1701.192557][T28738] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1701.285068][T28738] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1701.330171][T28770] futex_wake_op: syz.5.5230 tries to shift op by -2048; fix this program [ 1701.399344][T28770] futex_wake_op: syz.5.5230 tries to shift op by -2048; fix this program [ 1701.461842][T28770] 0x000000000001-0x000000020000 : "" [ 1701.495164][T28738] team0: Port device team_slave_0 added [ 1701.534173][T28770] ftl_cs: FTL header corrupt! [ 1701.581675][T28738] team0: Port device team_slave_1 added [ 1701.788153][T28738] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1701.822401][T28738] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1701.995456][T28738] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1702.080142][T28738] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1702.136293][T28738] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1702.271601][T28738] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1702.711551][T28738] hsr_slave_0: entered promiscuous mode [ 1702.759591][T28738] hsr_slave_1: entered promiscuous mode [ 1702.820362][T28738] debugfs: 'hsr0' already exists in 'hsr' [ 1702.855592][T28738] Cannot create hsr debugfs directory [ 1703.127447][T28629] Bluetooth: hci9: command tx timeout [ 1704.868577][T28809] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(3) [ 1705.186737][T28809] futex_wake_op: syz.5.5238 tries to shift op by -2048; fix this program [ 1705.206873][T28629] Bluetooth: hci9: command tx timeout [ 1706.798276][T28834] netlink: 342 bytes leftover after parsing attributes in process `syz.3.5246'. [ 1707.128916][T28844] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5248'. [ 1707.169251][T28844] ipvlan0: entered promiscuous mode [ 1707.174498][T28844] ipvlan0: entered allmulticast mode [ 1707.287607][T28629] Bluetooth: hci9: command tx timeout [ 1707.298820][T28844] veth0_vlan: entered allmulticast mode [ 1707.691159][T28852] futex_wake_op: syz.3.5250 tries to shift op by -2048; fix this program [ 1707.731270][T28852] futex_wake_op: syz.3.5250 tries to shift op by -2048; fix this program [ 1707.780148][T28852] 0x000000000001-0x000000020000 : "" [ 1707.825522][T28852] ftl_cs: FTL header corrupt! [ 1708.486983][ T31] INFO: task kworker/u8:43:25552 blocked for more than 143 seconds. [ 1708.495009][ T31] Tainted: G U L syzkaller #0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1708.538447][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1708.607744][ T31] task:kworker/u8:43 state:D stack:24392 pid:25552 tgid:25552 ppid:2 task_flags:0x4208060 flags:0x00080000 [ 1708.651336][T28864] netlink: 342 bytes leftover after parsing attributes in process `syz.5.5254'. [ 1708.668817][T28865] Invalid ELF header magic: != ELF [ 1708.706360][ T31] Workqueue: netns cleanup_net [ 1708.726895][T28866] vivid-007: ================= START STATUS ================= [ 1708.750055][ T31] Call Trace: [ 1708.753381][ T31] [ 1708.801199][ T31] __schedule+0xfee/0x6120 [ 1708.805679][ T31] ? __lock_acquire+0x4a5/0x2630 [ 1708.826979][T28866] vivid-007: Enable Output Cropping: true [ 1708.833817][T28866] vivid-007: Enable Output Composing: true [ 1708.876284][ T31] ? __pfx___schedule+0x10/0x10 [ 1708.881297][ T31] ? find_held_lock+0x2b/0x80 [ 1708.885995][ T31] ? schedule+0x2bf/0x390 [ 1708.972849][ T31] schedule+0xdd/0x390 [ 1709.006362][ T31] schedule_timeout+0x1b2/0x280 [ 1709.026574][T28866] vivid-007: Enable Output Scaler: true [ 1709.032238][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 1709.071469][ T31] ? mark_held_locks+0x40/0x70 [ 1709.097845][T28866] vivid-007: Tx RGB Quantization Range: [ 1709.100637][ T31] __wait_for_common+0x2e7/0x4c0 [ 1709.111661][T28866] Automatic [ 1709.149139][T28866] vivid-007: Transmit Mode: HDMI [ 1709.216684][T28866] vivid-007: Hotplug Present: 0x00000000 [ 1709.225054][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 1709.269798][T28866] vivid-007: RxSense Present: 0x00000000 [ 1709.280886][ T31] ? __pfx___wait_for_common+0x10/0x10 [ 1709.347546][T28866] vivid-007: EDID Present: 0x00000000 [ 1709.356316][ T31] remove_one+0x312/0x420 [ 1709.386851][ T31] ? find_next_child+0x18f/0x280 [ 1709.391890][ T31] __simple_recursive_removal+0x148/0x5c0 [ 1709.483112][ T31] ? __pfx_remove_one+0x10/0x10 [ 1709.507285][ T31] debugfs_remove+0x5d/0x80 [ 1709.511867][ T31] nsim_dev_health_exit+0x3b/0xe0 [ 1709.517456][T28866] vivid-007: ================== END STATUS ================== [ 1709.567604][ T31] nsim_dev_reload_destroy+0x144/0x4a0 [ 1709.573148][ T31] nsim_dev_reload_down+0x66/0xd0 [ 1709.634681][ T31] devlink_reload+0x173/0x790 [ 1709.656853][ T31] ? __pfx_devlink_reload+0x10/0x10 [ 1709.662398][ T31] devlink_pernet_pre_exit+0x222/0x330 [ 1709.703928][ T31] ? __pfx_devlink_pernet_pre_exit+0x10/0x10 [ 1709.730997][ T31] ? kobject_put+0xb9/0x640 [ 1709.746826][ T31] ? __pfx_devlink_pernet_pre_exit+0x10/0x10 [ 1709.752975][ T31] ops_undo_list+0x187/0xab0 [ 1709.794499][ T31] ? __pfx_ops_undo_list+0x10/0x10 [ 1709.822783][ T31] ? cleanup_net+0x332/0x920 [ 1709.835297][ T31] ? cleanup_net+0x332/0x920 [ 1709.856565][ T31] ? idr_destroy+0x62/0x2e0 [ 1709.861284][ T31] cleanup_net+0x499/0x920 [ 1709.865743][ T31] ? __pfx_cleanup_net+0x10/0x10 [ 1709.899795][ T31] ? rcu_is_watching+0x12/0xc0 [ 1709.904661][ T31] process_one_work+0x9d7/0x1920 [ 1709.932727][ T31] ? __pfx_process_one_work+0x10/0x10 [ 1709.949378][ T31] ? __pfx_cleanup_net+0x10/0x10 [ 1709.954398][ T31] worker_thread+0x5da/0xe40 [ 1709.979366][ T31] ? kthread+0x13a/0x450 [ 1709.983694][ T31] ? __pfx_worker_thread+0x10/0x10 [ 1710.007242][ T31] kthread+0x370/0x450 [ 1710.011473][ T31] ? __pfx_kthread+0x10/0x10 [ 1710.035314][ T31] ret_from_fork+0x754/0xd80 [ 1710.051378][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 1710.066309][ T31] ? __switch_to+0x7b4/0x1120 [ 1710.071147][ T31] ? __pfx_kthread+0x10/0x10 [ 1710.075791][ T31] ret_from_fork_asm+0x1a/0x30 [ 1710.107214][ T31] [ 1710.246323][ T31] INFO: task syz-executor:27461 blocked for more than 145 seconds. [ 1710.312441][ T31] Tainted: G U L syzkaller #0 [ 1710.362685][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1710.416449][ T31] task:syz-executor state:D stack:24560 pid:27461 tgid:27461 ppid:1 task_flags:0x400140 flags:0x00080002 [ 1710.486579][ T31] Call Trace: [ 1710.489906][ T31] [ 1710.492854][ T31] __schedule+0xfee/0x6120 [ 1710.536279][ T31] ? __lock_acquire+0x4a5/0x2630 [ 1710.541295][ T31] ? __pfx___schedule+0x10/0x10 [ 1710.596504][ T31] ? find_held_lock+0x2b/0x80 [ 1710.601257][ T31] ? schedule+0x2bf/0x390 [ 1710.605618][ T31] schedule+0xdd/0x390 [ 1710.702501][ T31] schedule_preempt_disabled+0x13/0x30 [ 1710.726600][ T31] __mutex_lock+0xc9a/0x1b90 [ 1710.731264][ T31] ? device_del+0xa0/0x9b0 [ 1710.735718][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 1710.806755][ T31] ? mark_held_locks+0x40/0x70 [ 1710.811594][ T31] ? device_del+0xa0/0x9b0 [ 1710.856337][ T31] device_del+0xa0/0x9b0 [ 1710.860651][ T31] ? __pfx_ida_free+0x10/0x10 [ 1710.916698][ T31] ? __pfx_device_del+0x10/0x10 [ 1710.946521][ T31] ? __lock_acquire+0x4a5/0x2630 [ 1710.951530][ T31] device_unregister+0x1d/0xe0 [ 1711.000844][ T31] del_device_store+0x346/0x480 [ 1711.005774][ T31] ? __pfx_del_device_store+0x10/0x10 [ 1711.077870][ T31] ? find_held_lock+0x2b/0x80 [ 1711.082699][ T31] ? sysfs_file_kobj+0xe4/0x290 [ 1711.126445][ T31] ? sysfs_file_kobj+0xe4/0x290 [ 1711.131373][ T31] ? __pfx_del_device_store+0x10/0x10 [ 1711.172218][ T31] bus_attr_store+0x74/0xb0 [ 1711.185164][ T31] ? __pfx_bus_attr_store+0x10/0x10 [ 1711.200536][ T31] sysfs_kf_write+0xf2/0x150 [ 1711.205217][ T31] kernfs_fop_write_iter+0x3e0/0x5f0 [ 1711.233161][ T31] ? __pfx_sysfs_kf_write+0x10/0x10 [ 1711.248256][ T31] vfs_write+0x6ac/0x1070 [ 1711.252659][ T31] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 1711.281214][ T31] ? __pfx_vfs_write+0x10/0x10 [ 1711.286048][ T31] ? __pfx_do_sys_openat2+0x10/0x10 [ 1711.320771][ T31] ksys_write+0x12a/0x250 [ 1711.337817][ T31] ? __pfx_ksys_write+0x10/0x10 [ 1711.342846][ T31] do_syscall_64+0x106/0xf80 [ 1711.372656][ T31] ? clear_bhb_loop+0x40/0x90 [ 1711.391527][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1711.410725][ T31] RIP: 0033:0x7f7932b5cfce [ 1711.415199][ T31] RSP: 002b:00007fff14ce5468 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1711.467873][ T31] RAX: ffffffffffffffda RBX: 0000555555f31500 RCX: 00007f7932b5cfce [ 1711.489743][ T31] RDX: 0000000000000001 RSI: 00007fff14ce54f0 RDI: 0000000000000005 [ 1711.511833][ T31] RBP: 00007f7932c3345c R08: 0000000000000000 R09: 0000000000000000 [ 1711.534408][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1711.561687][ T31] R13: 00007fff14ce54f0 R14: 00007f7933944620 R15: 0000000000000003 [ 1711.584487][ T31] [ 1711.595872][ T31] INFO: task syz.6.4985:27582 blocked for more than 146 seconds. [ 1711.718361][ T31] Tainted: G U L syzkaller #0 [ 1711.724909][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1711.759604][ T31] task:syz.6.4985 state:D stack:29000 pid:27582 tgid:27576 ppid:27266 task_flags:0x400040 flags:0x00080002 [ 1711.795381][ T31] Call Trace: [ 1711.806164][ T31] [ 1711.812418][ T31] __schedule+0xfee/0x6120 [ 1711.833615][ T31] ? __lock_acquire+0x4a5/0x2630 [ 1711.847827][ T31] ? __pfx___schedule+0x10/0x10 [ 1711.852867][ T31] ? find_held_lock+0x2b/0x80 [ 1711.887991][ T31] ? schedule+0x2bf/0x390 [ 1711.892386][ T31] schedule+0xdd/0x390 [ 1711.912142][ T31] schedule_preempt_disabled+0x13/0x30 [ 1711.936956][ T31] __mutex_lock+0xc9a/0x1b90 [ 1711.941613][ T31] ? __pfx___alloc_skb+0x10/0x10 [ 1711.972866][ T31] ? devlink_health_report+0x681/0xb50 [ 1711.997727][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 1712.002816][ T31] ? devlink_recover_notify.constprop.0+0x4d7/0x670 [ 1712.034242][ T31] ? devlink_recover_notify.constprop.0+0x200/0x670 [ 1712.056653][ T31] ? devlink_health_report+0x681/0xb50 [ 1712.062186][ T31] devlink_health_report+0x681/0xb50 [ 1712.084708][ T31] ? __pfx_devlink_health_report+0x10/0x10 [ 1712.107659][ T31] ? _copy_from_user+0x59/0xd0 [ 1712.112648][ T31] nsim_dev_health_break_write+0x166/0x210 [ 1712.142005][ T31] ? __pfx_nsim_dev_health_break_write+0x10/0x10 [ 1712.164657][ T31] full_proxy_write+0x135/0x1a0 [ 1712.179180][ T31] vfs_write+0x2aa/0x1070 [ 1712.194339][ T31] ? __pfx_full_proxy_write+0x10/0x10 [ 1712.208773][ T31] ? __pfx_vfs_write+0x10/0x10 [ 1712.213778][ T31] ? __fget_files+0x215/0x3d0 [ 1712.236285][ T31] ? __fget_files+0x21f/0x3d0 [ 1712.241032][ T31] ksys_write+0x12a/0x250 [ 1712.245413][ T31] ? __pfx_ksys_write+0x10/0x10 [ 1712.284187][ T31] do_syscall_64+0x106/0xf80 [ 1712.299279][ T31] ? clear_bhb_loop+0x40/0x90 [ 1712.304071][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1712.332099][ T31] RIP: 0033:0x7f699b59c799 [ 1712.344919][ T31] RSP: 002b:00007f699c388028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1712.386767][ T31] RAX: ffffffffffffffda RBX: 00007f699b816090 RCX: 00007f699b59c799 [ 1712.395682][ T31] RDX: 00000000000001e1 RSI: 0000200000000080 RDI: 0000000000000004 [ 1712.450901][ T31] RBP: 00007f699b632bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1712.481643][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1712.510750][ T31] R13: 00007f699b816128 R14: 00007f699b816090 R15: 00007ffc4d86e638 [ 1712.533992][ T31] [ 1712.547244][ T31] [ 1712.547244][ T31] Showing all locks held in the system: [ 1712.555080][ T31] 1 lock held by pool_workqueue_/3: [ 1712.664407][ T31] #0: ffffffff8e7f4e38 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x19e/0x3c0 [ 1712.693949][ T31] 1 lock held by khungtaskd/31: [ 1712.709338][ T31] #0: ffffffff8e7e9220 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184 [ 1712.738977][ T31] 2 locks held by getty/25081: [ 1712.743873][ T31] #0: ffff8880390590a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 1712.786602][ T31] #1: ffffc9000368d2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x419/0x1500 [ 1712.825687][ T31] 6 locks held by kworker/u8:43/25552: [ 1712.842359][ T31] #0: ffff88801c6ae948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920 [ 1712.876562][ T31] #1: ffffc90004c17d08 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920 [ 1712.906299][ T31] #2: ffffffff905fb330 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xb8/0x920 [ 1712.937944][ T31] #3: ffff888037d790e8 (&dev->mutex){....}-{4:4}, at: devlink_pernet_pre_exit+0x185/0x330 [ 1712.987085][ T31] #4: ffff888020baa250 (&devlink->lock_key#8){+.+.}-{4:4}, at: devlink_pernet_pre_exit+0x18f/0x330 [ 1713.020723][ T31] #5: ffff88804b4cee90 (&sb->s_type->i_mutex_key#10/2){+.+.}-{4:4}, at: __simple_recursive_removal+0xe0/0x5c0 [ 1713.054940][ T31] 5 locks held by syz-executor/27461: [ 1713.083907][ T31] #0: ffff888037798420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1713.111356][ T31] #1: ffff88804a667488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 1713.149979][ T31] #2: ffff88802a1d7f08 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 1713.185094][ T31] #3: ffffffff8fb6c4c8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 1713.222912][ T31] #4: ffff888037d790e8 (&dev->mutex){....}-{4:4}, at: device_del+0xa0/0x9b0 [ 1713.251283][ T31] 3 locks held by syz.6.4985/27582: [ 1713.269026][ T31] #0: ffff888066980478 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2aa/0x380 [ 1713.299083][ T31] #1: ffff88802069c420 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1713.342270][ T31] #2: ffff888020baa250 (&devlink->lock_key#8){+.+.}-{4:4}, at: devlink_health_report+0x681/0xb50 [ 1713.370788][ T31] 4 locks held by syz-executor/27756: [ 1713.386854][ T31] #0: ffff888037798420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1713.414361][ T31] #1: ffff88802c098c88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 1713.453285][ T31] #2: ffff88802a1d7f08 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 1713.483284][ T31] #3: ffffffff8fb6c4c8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 1713.522696][ T31] 4 locks held by syz-executor/28021: [ 1713.549962][ T31] #0: ffff888037798420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1713.579196][ T31] #1: ffff88809c799c88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 1713.610808][ T31] #2: ffff88802a1d7f08 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 1713.639696][ T31] #3: ffffffff8fb6c4c8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 1713.675412][ T31] 4 locks held by syz-executor/28262: [ 1713.702695][ T31] #0: ffff888037798420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1713.732006][ T31] #1: ffff88806dcf5c88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 1713.766442][ T31] #2: ffff88802a1d7f08 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 1713.797520][ T31] #3: ffffffff8fb6c4c8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 1713.829658][ T31] 4 locks held by syz-executor/28493: [ 1713.850255][ T31] #0: ffff888037798420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1713.881468][ T31] #1: ffff88802758d488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 1713.912312][ T31] #2: ffff88802a1d7f08 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 1713.959681][ T31] #3: ffffffff8fb6c4c8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 1713.991586][ T31] 2 locks held by kworker/u11:5/28623: [ 1714.006505][ T31] 3 locks held by kworker/u11:8/28628: [ 1714.012089][ T31] #0: ffff88813fea4148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920 [ 1714.054202][ T31] #1: ffffc900033a7d08 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920 [ 1714.085455][ T31] #2: ffffffff90613c68 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0x51/0xc0 [ 1714.121887][ T31] 4 locks held by syz-executor/28738: [ 1714.137327][ T31] #0: ffff888037798420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1714.206312][ T31] #1: ffff88809d8cdc88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 1714.216139][ T31] #2: ffff88802a1d7f08 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 1714.271219][ T31] #3: ffffffff8fb6c4c8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 1714.303116][ T31] 2 locks held by syz.5.5228/28766: [ 1714.318880][ T31] #0: ffffffff90613c68 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x220 [ 1714.351473][ T31] #1: ffffffff8e7f4e38 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x19e/0x3c0 [ 1714.382134][ T31] 1 lock held by syz.3.5253/28866: [ 1714.401238][ T31] #0: ffffffff90613c68 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x220 [ 1714.447677][ T31] [ 1714.450050][ T31] ============================================= [ 1714.450050][ T31] [ 1714.648227][ T31] NMI backtrace for cpu 0 [ 1714.648251][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G U L syzkaller #0 PREEMPT(full) [ 1714.648286][ T31] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1714.648296][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1714.648310][ T31] Call Trace: [ 1714.648318][ T31] [ 1714.648328][ T31] dump_stack_lvl+0x100/0x190 [ 1714.648371][ T31] nmi_cpu_backtrace.cold+0x12d/0x151 [ 1714.648410][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1714.648447][ T31] nmi_trigger_cpumask_backtrace+0x1d7/0x230 [ 1714.648490][ T31] sys_info+0x141/0x190 [ 1714.648524][ T31] watchdog+0xd25/0x1050 [ 1714.648561][ T31] ? __pfx_watchdog+0x10/0x10 [ 1714.648592][ T31] ? __kthread_parkme+0x18c/0x230 [ 1714.648623][ T31] ? kthread+0x13a/0x450 [ 1714.648652][ T31] ? __pfx_watchdog+0x10/0x10 [ 1714.648678][ T31] kthread+0x370/0x450 [ 1714.648709][ T31] ? __pfx_kthread+0x10/0x10 [ 1714.648742][ T31] ret_from_fork+0x754/0xd80 [ 1714.648779][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 1714.648817][ T31] ? __switch_to+0x7b4/0x1120 [ 1714.648844][ T31] ? __pfx_kthread+0x10/0x10 [ 1714.648878][ T31] ret_from_fork_asm+0x1a/0x30 [ 1714.648917][ T31] [ 1714.876919][T28766] EXT4-fs error (device sda1): ext4_discard_preallocations:5702: comm syz.5.5228: Error -117 reading block bitmap for 3 [ 1714.918262][T28766] EXT4-fs error (device sda1): ext4_discard_preallocations:5702: comm syz.5.5228: Error -117 reading block bitmap for 3 [ 1714.949004][T28866] EXT4-fs error (device sda1): ext4_discard_preallocations:5702: comm syz.3.5253: Error -117 reading block bitmap for 3 [ 1714.976483][T28866] EXT4-fs error (device sda1): ext4_discard_preallocations:5702: comm syz.3.5253: Error -117 reading block bitmap for 3 [ 1715.044984][T28766] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem [ 1715.066530][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 1715.073428][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G U L syzkaller #0 PREEMPT(full) [ 1715.084132][ T31] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1715.089342][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1715.099457][ T31] Call Trace: [ 1715.102756][ T31] [ 1715.105878][ T31] dump_stack_lvl+0x100/0x190 [ 1715.110610][ T31] vpanic+0x552/0x970 [ 1715.114702][ T31] ? __pfx_vpanic+0x10/0x10 [ 1715.119225][ T31] ? nmi_trigger_cpumask_backtrace+0x182/0x230 [ 1715.125414][ T31] panic+0xd1/0xe0 [ 1715.129156][ T31] ? __pfx_panic+0x10/0x10 [ 1715.133780][ T31] ? nmi_trigger_cpumask_backtrace+0x1b5/0x230 [ 1715.140004][ T31] ? nmi_trigger_cpumask_backtrace+0x1f6/0x230 [ 1715.146278][ T31] ? nmi_trigger_cpumask_backtrace+0x200/0x230 [ 1715.152493][ T31] ? watchdog.cold+0x198/0x1ca [ 1715.157279][ T31] ? watchdog+0xd35/0x1050 [ 1715.161733][ T31] watchdog.cold+0x1a9/0x1ca [ 1715.166351][ T31] ? __pfx_watchdog+0x10/0x10 [ 1715.171044][ T31] ? __kthread_parkme+0x18c/0x230 [ 1715.176089][ T31] ? kthread+0x13a/0x450 [ 1715.180376][ T31] ? __pfx_watchdog+0x10/0x10 [ 1715.185694][ T31] kthread+0x370/0x450 [ 1715.189790][ T31] ? __pfx_kthread+0x10/0x10 [ 1715.194417][ T31] ret_from_fork+0x754/0xd80 [ 1715.199161][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 1715.204404][ T31] ? __switch_to+0x7b4/0x1120 [ 1715.209103][ T31] ? __pfx_kthread+0x10/0x10 [ 1715.213718][ T31] ret_from_fork_asm+0x1a/0x30 [ 1715.218512][ T31] [ 1715.221643][ T31] Kernel Offset: disabled [ 1715.225979][ T31] Rebooting in 86400 seconds..