last executing test programs:

41.047046028s ago: executing program 2 (id=2202):
socket(0x10, 0x2, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bind$auto(r0, &(0x7f0000000000)=@can, 0x6b)
r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2, 0x0)
write$auto_seq_oss_f_ops_seq_oss(r1, &(0x7f0000000040)="f6e6812018deadf7e88f819e30236ce79200e01532f2ed0d", 0x18)
r2 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/devices/virtual/net/bond0/bonding/arp_ip_target\x00', 0xa0002, 0x0)
write$auto_ocfs2_control_fops_stack_user(r3, &(0x7f0000003900)='\t', 0x1)
write$auto(r2, &(0x7f0000000080)=')@-!\x00', 0x1e1)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
r4 = socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff)
sendmsg$auto_NBD_CMD_CONNECT(r5, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000000200)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="01ed243d7000fddb072501000000140007800c0001800800018000000000040089800c0002000600000000000000"], 0x34}, 0x1, 0x0, 0x0, 0x804}, 0x8880)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/kernel/perf_event_max_contexts_per_stack\x00', 0x202, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, r4, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/virtual/block/nbd7/power/autosuspend_delay_ms\x00', 0x2a0a02, 0x0)
r7 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x189401, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r8 = socketcall$auto(0xa, 0x0)
r9 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$auto(0x3, 0xae41, r8)
ioctl$auto_KVM_GET_MSRS(r7, 0x4400ae8f, 0x0)
statmount$auto(0x0, &(0x7f00000004c0)={0x8, 0x3ff, 0x9, 0x5, 0x14, 0x944, 0x1ffe4, 0x3, 0x6, 0x4, 0x9, 0x400005, 0x4000fff, 0x8000007, 0x8001, 0x20000000000d, 0x5, 0x3, 0x4, 0x7, 0x20, 0x309, 0x8, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x78, 0x0, 0x0, [0x3, 0x0, 0x0, 0x200, 0x9, 0x0, 0x0, 0x4, 0xffffffffffffffff, 0x0, 0x0, 0x4000000000000, 0x8, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x82, 0x800000000002, 0x9, 0x0, 0xbec, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x10, 0xfffffffffffffffe, 0xffffffffffffd059, 0x0, 0x0, 0x0, 0x2961, 0x0, 0x2]}, 0x2001fb, 0x4000007f)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
setsockopt$auto_SO_BROADCAST(r9, 0x7, 0x6, &(0x7f00000000c0)='\x00', 0x2317)

40.732219254s ago: executing program 2 (id=2203):
pipe$auto(0x0)
ioctl$auto_SNDRV_CTL_IOCTL_ELEM_READ(0xffffffffffffffff, 0xc4c85512, &(0x7f0000000100)={{@inferred, 0x5, 0x1, 0x8, "16a0d89bf208384515b5375a677609aa1bc737276563c3d5a2fca999d5797ab7a10a4d2bc341c4bd369ae535", @raw=0xfffffffe}, 0x1, @integer=@value=[0x6d, 0x7, 0x0, 0xbb, 0x4, 0x80000000, 0xffffffffffffffff, 0x7ff, 0x1, 0x0, 0x4, 0x1, 0x200000000000, 0x4, 0x3, 0x6, 0x1, 0x3, 0x4, 0x401, 0x40000800006, 0x0, 0x9a1, 0x3, 0x2, 0x3, 0x5, 0xa, 0x8000000000008000, 0x1, 0x8, 0x7f, 0xffffffffffffdb75, 0x100000000, 0x3, 0x6, 0x7fffffffffffffff, 0x2, 0xb, 0x1, 0x71, 0xfffffffffffffffe, 0x8, 0x2, 0x3, 0xffffffffffffffff, 0x2d7, 0xfffffffffffffffe, 0x1, 0x6, 0x2, 0x800000001, 0x5, 0x7, 0x400000, 0x6, 0x3, 0x9, 0x5, 0xd, 0x3fd, 0x8, 0x20000000007, 0xffff, 0x50ce0883, 0xbd9, 0x5, 0x3, 0xd8f, 0x80000000, 0x0, 0x1, 0x46e, 0xa5cf, 0x8, 0x7, 0x20c16b, 0x6, 0x9, 0x6, 0x8000002, 0x8, 0x1, 0x3, 0x3, 0x80000008, 0x2, 0xffffffffffff0001, 0xffffffff, 0x4, 0x8, 0x9, 0x2, 0x1002000000003, 0xfffffffffffffffe, 0x20007cf9, 0x40, 0x2, 0x400, 0x100, 0x14b, 0x2, 0x45f3, 0x20000000000, 0x101, 0x400000000004, 0x100, 0x8001, 0x0, 0x1, 0x7, 0x9, 0x1, 0x3, 0x0, 0x4, 0x6, 0x6, 0x25e2, 0x7, 0xd09, 0x40, 0x2, 0xffffffffffffff00, 0x7, 0x9, 0xfffffffffffffff8, 0x40], "f3fadb90a56b67d92a5b28b4b23f332550b1e5454e2027fb1a37efe81bbc27deaf7c3100aab088cdb3b40dad335c9174f18934845ac3152fef1e0f42b42471efc0225a4ebe7e05ce3d4ab429805d5921633ffbce8f1a82ff9dec6c288f431cb7005b85ca8633c55d49bbdf4bd9cac1046064001bca7ba37e4b5eacf1940c9a78"})
ioctl$auto_XFS_IOC_PATH_TO_FSHANDLE(0xffffffffffffffff, 0xc0385868, &(0x7f00000003c0)={0xffffffffffffffff, 0x0, 0xf4, 0x0, 0x2, &(0x7f0000000200)="8605162ae41561947c97616419bf9ce4713c68cc31392e13383f2b6e81bf8db7d14c1f087579971f95079c7d9561ed24f0173dae220a4fad877b349926c1d09e4285c8d9ae1e7ead513aed30ebd583f8badf4d7b5b896f5ab011100c8a9ce366d5247edb9d07ac432751b46ab2443f85f5c274f0d745b4d02f", 0x0})
close_range$auto(0x2, 0x8, 0x0)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/input/event0\x00', 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00', <r2=>0x0})
sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="2f212cbd7000fcdbdf252100000008000300", @ANYRES32=r2, @ANYBLOB="10002c8008"], 0x2c}}, 0x4000000)

40.537876345s ago: executing program 2 (id=2204):
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x3, 0x5)
lseek$auto(0x3, 0x0, 0x1)
mkdir$auto(&(0x7f0000000300)='}[,&*}\x00', 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
r0 = io_uring_setup$auto(0x6, 0x0)
socket(0x3, 0x6, 0xb4)
io_uring_register$auto(0x2, 0x5, &(0x7f0000000200), 0x4)
write$auto_set_tracer_fops_trace(r0, &(0x7f0000000340)="00f4efc59745e97b8b7f5fa9ef87b7024d919248ef0a977b47e8dd0d46bbea7c15d8e17df71f0320abb26fdd98ecd111f096162b31dca7b13e0afac6a99c59a3013a537ea8fab114bc42dfe6a10a2ece6e0736cd1972d4a9fc21bbb4c93fa93c2c3dc4a5d93613f5ed4e2bd92e4f43885a5c55c6b335727bcbb822414e7944619babef04dd94d4df4ffef3c3a03e7a94060cb95739cb3d141cc92ac2b4a3d59a7c6c4a93cd5b79b3dd2bc6ca3245adb98a47d1397918ad34b454b57d004278f3", 0xc0)
mount$auto(0x0, &(0x7f0000000280)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0xcf, 0x0)
syz_genetlink_get_family_id$auto_smbd_genl(&(0x7f0000000200), 0xffffffffffffffff)
msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000180), 0xffffffffffffffff)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv6/conf/wg2/accept_ra_rtr_pref\x00', 0xca041, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/bus/pci/resource_alignment\x00', 0x8ea182, 0x0)
accept4$auto(0xffffffffffffffff, &(0x7f0000000000)=@rc={0x1f, @none, 0x9}, 0x0, 0x243)
close_range$auto(0xffffffffffffffff, 0x8, 0x0)
r1 = socket(0x10, 0x2, 0xc)
sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r1, @ANYBLOB="01"], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x80)

40.095563644s ago: executing program 2 (id=2206):
r0 = openat$auto_proc_environ_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/environ\x00', 0x400001, 0x0)
mmap$auto(0x0, 0x9, 0xb, 0x3134, r0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'ipvlan1\x00'})
r1 = socket(0x2, 0xa, 0x0)
mmap$auto(0x5, 0xd9, 0xffffffffffffffff, 0x800000000000eb1, r1, 0x400100000002)
openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, 0x0, 0x80201, 0x0)
write$auto(0x1, 0x0, 0x80000000)
r2 = socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
r3 = socket(0x10, 0x800, 0x8)
close_range$auto(r3, r3, 0x0)
pipe$auto(0x0)
splice$auto(r2, 0x0, r2, 0x0, 0x3fb, 0x9)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x2a, 0x2, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff)
sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="1b0026bc7000fddbdf2503000000040008000c00038008000b00", @ANYRES32=r4, @ANYBLOB="12000100898771d5c19f17790485908286dd000004000280"], 0x3c}, 0x1, 0x0, 0x0, 0x4004040}, 0x4c800)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0x1f, 0x2, 0x0)
getsockopt$auto(0x6, 0x40000000029, 0x1d, 0xfffffffffffffffe, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmmsg$auto(r1, &(0x7f00000000c0)={{&(0x7f0000000000), 0xd1, &(0x7f0000000080)={0x0, 0x5ea}, 0x1, 0x0, 0x1, 0x3}, 0x6}, 0x5, 0x9)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff)
sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRESHEX=0x0, @ANYBLOB="01002bbd7000f9dbdf2501000000060002007fffffffffffffff5800000c1fcc3b4292459f1263e6f90f9e13d200080026000800000008000a000800000014001f00000000000000000000000000000000001400200000000000000000000000ffff0a010100", @ANYRES64=r5, @ANYRES16=r4], 0x5c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$auto_L2TP_CMD_TUNNEL_GET(r0, 0x0, 0x0)
unshare$auto(0x40000080)
openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/usb/usbmon/9t\x00', 0x121a00, 0x0)

39.199204078s ago: executing program 2 (id=2211):
mmap$auto(0x7, 0x7, 0x81, 0x9b72, 0xffffffffffffffff, 0x28000)
close_range$auto(0x2, 0x8, 0x0)
r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r1 = open(&(0x7f0000000000)='./file0\x00', 0x222c0, 0x0)
ioctl$auto(r0, 0x4b48, r1)
r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x103e81, 0x0)
kcmp$auto(0xffffffffffffffff, 0x0, 0x2, 0xffffffffffffffff, 0xffffffffffffffff)
bpf$auto_BPF_ITER_CREATE(0x21, &(0x7f0000000000)=@bpf_attr_4={0x2, <r3=>r2, 0xa5f, r0}, 0x80)
mmap$auto(0x0, 0x8, 0x1000, 0xeb2, r0, 0x80)
r4 = open(&(0x7f0000000000)='./file0\x00', 0xaf44529eb48ad963, 0x17c)
mmap$auto(0x8000000006, 0x100000000, 0xe0, 0xd9b, r3, 0x35767816)
r5 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$auto_IOCTL_VMCI_GET_CONTEXT_ID(r5, 0x7b3, 0xfdfdffffffffffff)
sendmsg$auto_OVS_FLOW_CMD_GET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="0248ace4d530000000", @ANYRES16=0x0, @ANYBLOB="010025bd700002dcdf2503000000040008000400080014000180100010800c000b000800000000000000"], 0x30}, 0x1, 0x0, 0x0, 0x200400f0}, 0x800)
syz_genetlink_get_family_id$auto_ncsi(&(0x7f0000000100), r3)
close_range$auto(0x2, 0x8, 0x0)
socket(0xa, 0xa, 0x0)
r6 = open(0x0, 0xe683, 0x15e)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x401c5820, 0x0)
ioctl$auto_SCSI_IOCTL_GET_BUS_NUMBER(r6, 0x5386, &(0x7f00000001c0)="aaf9429f67df416b5b42725b6c59e9504e679f691ebb598504106ec66f671361257b0748d9e0614a5fbdc95cb57f534bf50ee25b77715705926461fd1e98728974d2277ecabf63c8c4187355aed2989c87ffd607a449e1df0fe8a039c10be9937d890341f99f1fe445ef3f6bac5c2e115de2a7ec388d2f0cce1e5c0ec1879b1811665a439b410ed4e69969e6487f8886b4b6babcf06a97411a6d2d4d508daceebe8505c1809edb06226cf8bdfd7cfd3ea17fd6de97cdc983ccfeb211612656d471130671cc4052137e3486f34b5294c3bd11a8f03ea8c9d00a9f1b6d0fd9a71d16ff6657c507b5f0a5b8087a4ea009c8be")
ioctl$sock_SIOCGIFINDEX(r4, 0x801c581f, 0x0)
syz_genetlink_get_family_id$auto_tipcv2(0x0, 0xffffffffffffffff)
sendmsg$auto_TIPC_NL_MEDIA_GET(0xffffffffffffffff, 0x0, 0x8000)
write$auto(0x3, 0x0, 0xfffffdef)
lsetxattr$auto(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)='NCSI\x00', &(0x7f0000000340)="fbf56e71e4ac232523a12ce5d51451becc978c27b7e0a839495270e1f9355c936486368a7e3580656e462102177d352f65e37fde608bfd0f59b9763b8d80ee99387f134f71f532744343ec739b549b626280730694bcce7029fab1844f5f22b29394f0b1b8b3fd11c7c9ccd3ba942f40b8022211ecab7d7a73be33e0947ddb48a2533a68c7177bc860eeb6bb61a47c4c405c5950efb4da0928d467f711ea80d34e780dad6db5", 0xa, 0xdb17)
r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0)
ioctl$auto_TCFLSH2(r7, 0x5408, 0x0)
r8 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x121040, 0x0)
read$auto_proc_reg_file_ops_compat_inode(r8, &(0x7f0000000100)=""/135, 0x87)

38.782540338s ago: executing program 2 (id=2212):
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = io_uring_setup$auto(0x9, 0x0)
close_range$auto(0xffffffffffffffff, r0, 0x0)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x742, 0x0)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x2, 0x0)
acct$auto(0x0)
syz_genetlink_get_family_id$auto_thermal(&(0x7f0000000100), r0)
open(&(0x7f0000000140)='./file0/file0\x00', 0xa61c2, 0x0)
mmap$auto(0x54e, 0x400005, 0xdc, 0x9b76, 0x2, 0xffff)
r1 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x6, 0x7)
ioctl$auto_FS_IOC_FSSETXATTR(r1, 0x401c5820, 0x5)
openat$auto_kernel_debug_fops_orangefs_debugfs(0xffffffffffffff9c, 0x0, 0x121800, 0x0)
r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000280)='/proc/thread-self/fail-nth\x00', 0x2, 0x0)
write$auto(r2, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81)
write$auto(0x3, 0x0, 0x100082)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/platform/dummy_hcd.2/usb3/power/autosuspend\x00', 0x10b142, 0x0)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
landlock_create_ruleset$auto(&(0x7f0000000000)={0xff, 0x2, 0x9}, 0x9, 0x0)
landlock_restrict_self$auto(r4, 0x7)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socket(0x10, 0x2, 0xc)
socket(0xa, 0x801, 0x80)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x2, 0x1, 0x0)
connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "0000ffffff3b4000"}, 0x55)
sendfile$auto(r3, r3, 0x0, 0x5)

32.033060309s ago: executing program 1 (id=2243):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
acct$auto(&(0x7f0000000c40)='/sys/kernel/security/tomoyo/query\x00')
r0 = socket(0x11, 0x2, 0x300)
sendfile$auto(0x1, r0, 0x0, 0x8fb5)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/wakeup_count\x00', 0xc0082, 0x0)
mmap$auto(0x0, 0x400008, 0x36, 0x1009b72, 0x2, 0x8000)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000080)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0x10000000000fc2}, 0x2, 0x0, 0x4000000000007, 0x84}, 0x8000}, 0x800, 0x3)
r2 = socket(0x29, 0x2, 0x0)
r3 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40080)
recvmmsg$auto(r3, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x6}, 0xfffffff9, 0x10, 0x0)
ioctl$auto(r2, 0x8921, 0x24)
write$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000080)='5', 0x1)

31.086758641s ago: executing program 1 (id=2245):
socket(0x2, 0x802, 0x1)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x128009, 0xdf, 0xeb1, 0x401, 0x8000)
socket(0x10, 0x2, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
memfd_create$auto(0x0, 0xe)
openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f00000001c0), 0x40, 0x0)
sendmsg$auto_L2TP_CMD_SESSION_CREATE(0xffffffffffffffff, 0x0, 0x8004)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000001c0), r0)
sendmsg$auto_ETHTOOL_MSG_PLCA_GET_STATUS(r0, &(0x7f0000004b00)={0x0, 0x0, &(0x7f0000004ac0)={&(0x7f0000000440)=ANY=[], 0x34}}, 0x60000040)
socket(0x2c, 0x6, 0x200a)
mmap$auto(0x546, 0x0, 0x6, 0x2000000eb1, 0xffffffffffffffff, 0x8000)
openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, 0x0, 0x501, 0x0)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
r2 = prctl$auto(0x0, 0x1, 0x0, 0xb9ce, 0xfffffffffffffffc)
socket(0x10, 0x2, 0x0)
sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000800}, 0x4)
r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0xe0301, 0x0)
r4 = socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
ioctl$auto(r3, 0x4b72, r4)
ioctl$auto_KVM_CHECK_EXTENSION(r4, 0xae03, 0x0)
write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
sendmsg$auto_THERMAL_GENL_CMD_THRESHOLD_FLUSH(r2, 0x0, 0x4040004)
socket$nl_generic(0x10, 0x3, 0x10)
select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x0, 0x1, 0x948b, 0x9, 0x15f4da07, 0x6, 0xc, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0x2, 0xd8]}, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x8000000000001fd, 0x20000000007, 0x9, 0x1000000000000bc3, 0x7, 0x3, 0xff, 0x200fffb, 0x402000000003, 0x3, 0xffffffffffffdffc, 0xfffffffffffffffe, 0xfffffffffffffffe, 0x9, 0xffffdfffffffff81, 0x6]}, 0x0)
mmap$auto(0x200000000000, 0x2020009, 0x0, 0xeb1, 0xffffffffffffffff, 0x8000)
semtimedop$auto(0x5, 0x0, 0x72, &(0x7f0000000080)={0x7fb, 0xfffffffffffffffd})
write$auto(0xffffffffffffffff, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81)

30.009787991s ago: executing program 1 (id=2252):
close_range$auto(0x0, 0xffffffffffffffff, 0x7)
r0 = socket(0x1e, 0x4, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x9, 0x26, 0x940, 0x1ffde, 0x3, 0x2894, 0x8000004, 0x9, 0x5, 0x0, 0x4, 0xb0, 0x7, 0x5, 0x3, 0x205, 0xfffffffffffffff0, 0x0, 0x6, 0x0, 0x3, 0x7069, 0x0, 0x2000000, 0x0, 0x2, 0x0, 0x1ff, [0x0, 0x0, 0x0, 0x8, 0x5, 0xfffffffffffffff8, 0x0, 0x6, 0xfffffffffffffffb, 0x0, 0x0, 0x0, 0xedf, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x0, 0x100000000, 0x0, 0x8, 0x0, 0x1, 0x0, 0x0, 0x1001, 0x4, 0x0, 0x0, 0x2000000000000000]}, 0x2, 0x7d)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000180)=ANY=[@ANYRES8=r0, @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0xc000)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_adf_ctl_ops_adf_ctl_drv(0xffffffffffffff9c, &(0x7f0000000040), 0x48080, 0x0)
mmap$auto(0x8, 0x40004, 0x6, 0x9b72, r1, 0x28000)
close_range$auto(0x2, r1, 0x0)
socket(0x2, 0x3, 0x100)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptys4\x00', 0x60d02, 0x0)
write$auto(0x3, 0x0, 0xfdef)
mknod$auto(&(0x7f0000000900)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00', 0x4, 0x407)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
r2 = socket(0xa, 0x1, 0x84)
mmap$auto(0x0, 0x5, 0xdf, 0x9b72, 0x7, 0x28000)
io_uring_setup$auto(0xb, 0x0)
futex$auto(&(0x7f0000000040)=0x1, 0x6, 0x7, 0x0, 0x0, 0xc687)
futex$auto(&(0x7f0000000040)=0x40000000, 0x6, 0x8, 0x0, 0x0, 0xc687)
openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x82802, 0x0)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sg0\x00', 0x8081, 0x0)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
getsockopt$auto(r2, 0x84, 0x81, 0x0, &(0x7f0000000000)=0x9b)
lstat$auto(&(0x7f0000000540)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00', 0x0)
ioctl$auto(0x3, 0x5420, 0x38)
writev$auto(0xffffffffffffffff, 0x0, 0x2)

28.894076544s ago: executing program 1 (id=2255):
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x8a002, 0x0)
poll$auto(&(0x7f0000000080)={0x3, 0x1, 0xa}, 0x5, 0x106)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/i915/parameters/mitigations\x00', 0x80302, 0x0)
pwrite64$auto(r0, &(0x7f0000000440)=',^\x00', 0x1, 0x2)
r1 = memfd_create$auto(&(0x7f0000000300)='/sys/kernel/debug/x86/boot_params/data\x00\"F\xb6\xcd\x06\xd6\x97\\L\xe1\xb2\xee\xb8\x8e\xd6O\xa1j\x90w\xc7\x94\xb7yi\x01&\x04b/\xaa\xfb#s\xc4\xa3\xa7\xacj\xc6\x8e\xf4L\x9a\xf8\xcc\xdcy\x9f\x93\xbc\xf6\xc8\xdb\x05w,|B\xfc\x04\x97\xd3\x0f\x8b\x81\xe8\xbc\x81\x0e\xd7o\xd2\xcd\x18z\xc2\xb7|\xe1\xa6\x9a~\x96\x10rnLnt\xdb\xdb-\x1b\x99\xd4\xed;\xf8\x13a\r\xf2\a\x85%\xef\xa7\x7f#\x96\xf2S\xb0\xf1Hq\x0f;\x83\xb7\x0fz\x9dN\xc9\x1e\x15r\x97|\xbfE\xce\"', 0x0)
fallocate$auto(r1, 0x0, 0x9, 0x4cbd5d)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x0)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x109802, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x101042, 0x0)
ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x47, 0x8000)
fcntl$getown(0xffffffffffffffff, 0x9)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x3, 0x6)
r3 = socket(0x2, 0x1, 0x0)
bind$auto(r3, &(0x7f0000000040)=@in={0x2, 0x4e24, @remote}, 0x6a)
sendmmsg$auto(r3, &(0x7f0000000140)={{0x0, 0x12, 0x0, 0x9, 0x0, 0x5, 0xb}, 0x800008}, 0x5, 0x20000000)
r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14fa02, 0x0)
sendfile$auto(0x3, r4, 0x0, 0x400000000006)
setsockopt$auto(0x3, 0x6, 0x13, 0x0, 0xd)
r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000280)='/proc/thread-self/fail-nth\x00', 0x2, 0x0)
write$auto(r5, &(0x7f00000006c0)='7\x00\\\xa0\x04t\x03\xb1\xed\x0e\xcb\x8e\x86\b\x1cz~p\'\x97\xe4\xfa\xad\x91\xc4\xea^\x1a\xdfMv\x9f\xed\x06\xa5\xa6\x8f,R\xf0\xff@\xf9hzZ\xe8_\x16\xd5\x1b2\xc3\xe47+\xf7^\xd7\xd1\xf9\xc9\xe3+\x8fA\xf7\x14\xa9U&\x00\x14`\xafB\\\xec09*\xccc\xf4d\xac(\xca\x17\xa1\xd3\xcf\xcco\xe3H\xe7\x04\xf3It\xf1e3\x7f\xd9\x00j\x9f\xe6\xc8\xc1R', 0x4000000cdb)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
prctl$auto(0x1000000001c, 0x5, 0x100000000, 0x400000000009, 0x3fffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x80000001)

26.534802503s ago: executing program 1 (id=2260):
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x800, 0x0)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/virtual/block/zram0/algorithm_params\x00', 0xa001, 0x0)
write$auto(r0, &(0x7f00000006c0)='\xb3\x1dr$b\xfa8yr\xd5\xf6\x16Iy\x96\xcd\a!\x1a\\B\xdc\x15\x8eHz\xbf\xae\xc1\xbb6I\xe1(\xc1D,\xf4O\xb7f]S\\\xa7\xda\x95\r\xab\x01:\x9fl{\xdd$;\xe5\xb7_\x12*\xcf\xc8\xd8zz\xeb\xb80W6\xa0\xdb', 0x81)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000180), r1)
sendmsg$auto_OVS_DP_CMD_NEW(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000200)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="013ad7fac400f8dbdf250100000008000200", @ANYRES32=0x4, @ANYBLOB="080001004866520008000200", @ANYRES32, @ANYBLOB], 0x2c}, 0x1, 0x0, 0x0, 0x801}, 0x80)
syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000080), r1)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snd/midiC2D0\x00', 0x80102, 0x0)
readv$auto(0x3, &(0x7f0000000040)={0x0, 0x36a}, 0x6)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0)
ioctl$auto_SNDRV_RAWMIDI_IOCTL_STATUS32(r3, 0xc0245720, &(0x7f0000000680)={0x1, 0x4, 0x7, 0x2, 0x5, "dea5638174d9d8040f31c77f9d893bbd"})
read$auto_ep0_operations_inode(r3, &(0x7f0000000280)=""/96, 0x60)
close_range$auto(r3, r0, 0x0)
r4 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000500)='/dev/sequencer2\x00', 0x1, 0x0)
bpf$auto(0x9, &(0x7f00000005c0)=@enable_stats={0x5}, 0x40)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000540)='/dev/nbd15\x00', 0x22040, 0x0)
write$auto_seq_oss_f_ops_seq_oss(r4, &(0x7f0000000040)="5f74ab2fc43781e047140a5cbc3ac5229b90633d9cddda9efb1f2c3d5d1e63f3fb5acf079b9336319d009cb514679a42eaca52b81c166d19625d173c26ece6542f2fb29712f4fb9072fc432b4cf3e6f5a7f3c9f91ee88ba5fa11d48fd3658e8f44f8423b4cd02bbec912ed34f9f4b19b03d4c62b24ede44c0c76c34edf7bde061903c2ee4c64110ac668239fa53ba42933ae74c3d173663248ff0945dd2e405e0d378b5a8e4643a7bc3b35a7248431450ca8901467ea6dc5d86de1e90f869f6a04ac10043676f3b2c7f1339b2d7468133fb8447d17846b6b78079ecc31d7d0f74caa4a3db1ac4d312bfdb34bd331f1f771a2396108561a52153d63a7b2a3a077a7e4c1a22bcb23e1f3e511fee310baa67904d2aad4d6671e8b77c7720e37e84e0efecb60a35f188cbe8b8b2fb3967b78aa482aabb103f23083baa9b2ae653731d5993db4054233dea4af25795e12eb4d6b046bdeea6adce8626e0def15dd32b0ec16a85d93e1dea980794033f4b46973062c64c0209f9d3efc6ea7704c8e8dfea8cdfbe2cb1e367bf634a1952190e0660994f79f0c622d47ee8f93ce1c2852db907ae68a29bcc960b26e0e634173287fd012c4bb3063c41d35c92e896b44080bc5a98e90907cd1d01cc0708019cc1c93c71f29bfe841c873ad2aa0565dfaeb86c8b8e58ea2075de2a562ba1b5dc4ca452df21f25453b7c7f9a3e31547f4e803cefbac3b94715f2ab1f9fc66570244472f2f29deb9bdf6dc5b18d54e3c2264f9598f2ea749d170a66d351acf003c3f37fe74a09a8a964ce2818e4b4efd1eb0e3bca5dfd2a053eeb5735b96d282d2e03866bd6581b5e5e541c74f0b92b932b234ac117342f156b4b23fc6dcbc92ada00ce404f54443b6e7fdac9acb79e5258a865ced633ff5356d13a3e9923bcd8e6d177c9fb8618f9393798d90d70c78207e40f95bb2b0a9308f29f4331bbdfc1021dface5a740473b462c47286fee1c9d0036c78134e108b5b218d3022fd277e1cdf0cdf8cd4b37d74c8dd47e00e50fcf8d336978a0e7624f94b8fdcd1c9459201231f343c7cb602083aa5e1aea8974a9e22d77cb94cae6c89e239bacfe656d9b0948de480ce2ba3b4dbcb180089d5eb0f8f481e02f7d4628e9134b6e52881572a398e4edd6f01f90983826d721dddc7d4ba3f293288ba54f696fa25cc2f8721c3e380dd04bf05801f90019498601fcbcea6aa6a2d7983e6823f480185ef9c3b4ed19c4f94c108067c89d69bc4e0da0112280ecd0caff8a454fb3e6655dc6a35cdd053aef882e403458754f5e84bd2210f18a61106af8c5a2c18dc48ff87cfda6d545014009a167570f0550e5121d0bdf4b20a1177b708e5515ee33db3baf29633440999ddd36eb0299a1efcd8934ab60c1a88d9db6fa0d2b3f0bf12e87630e0dc5eddca8f291ad85141391e6f9fe56ee4ddb39a1ac7a573cb69ec14f012ea0b721df3ea40747d1130a61802e859519ae1bc5a3673105fa87485f88b8981a3a208a3576848c2df152a023f5e573c867b43b10247336b110956eb28e5288d7aa19219e8324857cdf6d17530385720afd5a1ffd23aa1bd061b73caafa05afdd1441040989d081814635347f1d55669b1c38be4698e3a085e2010e35d2747b4e39ef4920f58d6b4585d737c13221a44ad5543099bb0ab228722ef9cbc0d621178012495837d6a220eeaaf498ccc01", 0xfe04)
r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x101042, 0x0)
ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0)
openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000280)='/proc/thread-self/fail-nth\x00', 0x2, 0x0)
ioctl$auto(0x3, 0xae41, r5)
openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x45c0c1, 0x0)
mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000)
socket(0x2, 0x3, 0x4)
setsockopt$auto(0x3, 0x0, 0x31, 0x0, 0x28)
symlink$auto(&(0x7f0000000000)='.\x00', &(0x7f0000000040)='./file0\x00')
openat2$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000100)={0x84281, 0x0, 0x8}, 0x18)
sysfs$auto(0x4, 0x200, 0x5)

26.054116552s ago: executing program 1 (id=2261):
socket(0x10, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bind$auto(0x3, &(0x7f0000000000)=@generic={0x10, "a500acb75c9cedd1b5e9a0d76293"}, 0x68)
r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2, 0x0)
mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000)
ioctl$auto(0x4000000000000c8, 0x800454cf, 0x3)
r1 = socket(0x11, 0x80003, 0x0)
setsockopt$auto(r1, 0x107, 0x12, 0x0, 0x4)
write$auto_seq_oss_f_ops_seq_oss(r0, &(0x7f0000000040)="f6e6812018deadf7e88f819e30236ce79200e01532f2ed0d", 0x18)
r2 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/devices/virtual/net/bond0/bonding/arp_ip_target\x00', 0xa0002, 0x0)
write$auto_ocfs2_control_fops_stack_user(r3, &(0x7f0000003900)='\t', 0x1)
write$auto(r2, &(0x7f0000000080)=')@-!\x00', 0x1e1)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_NBD_CMD_CONNECT(r4, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000000200)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYBLOB="01ed243d7000fddb072501000000140007800c0001800800018000000000040089800c0002000600000000000000"], 0x34}, 0x1, 0x0, 0x0, 0x804}, 0x8880)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/kernel/perf_event_max_contexts_per_stack\x00', 0x202, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/virtual/block/nbd7/power/autosuspend_delay_ms\x00', 0x2a0a02, 0x0)
r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x189401, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r6 = socketcall$auto(0xa, 0x0)
r7 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$auto(0x3, 0xae41, r6)
ioctl$auto_KVM_GET_MSRS(r5, 0x4400ae8f, 0x0)

24.965927148s ago: executing program 0 (id=2267):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
syz_genetlink_get_family_id$auto_seg6(0x0, r0)
pread64$auto(0xffffffffffffffff, 0x0, 0x4b, 0x2)
mmap$auto(0x0, 0x61, 0x100001000000003, 0x9b72, 0x2, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x1, 0x0)
r1 = socket(0xa, 0x801, 0x106)
setsockopt$auto(r1, 0x6, 0x24, 0x0, 0x9)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
preadv$auto(r0, &(0x7f0000000040)={&(0x7f0000000000)="14a8f801389e4e356de0b7fe1cb7", 0x68bd}, 0x1, 0x9, 0x2)
setsockopt$auto(0xffffffffffffffff, 0x0, 0x24, 0x0, 0x9)
socket(0x2, 0x801, 0x106)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x0, 0x4, 0x100000000000805, 0x8)
adjtimex$auto(0x0)
syz_genetlink_get_family_id$auto_ethtool(0x0, r0)
bpf$auto_BPF_TOKEN_CREATE(0x24, 0x0, 0x0)
ioctl$auto_BLKDISCARD(0xffffffffffffffff, 0x1277, 0x0)

24.331134469s ago: executing program 0 (id=2269):
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x3, 0x5)
lseek$auto(0x3, 0x0, 0x1)
mkdir$auto(&(0x7f0000000300)='}[,&*}\x00', 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
r0 = io_uring_setup$auto(0x6, 0x0)
socket(0x3, 0x6, 0xb4)
io_uring_register$auto(0x2, 0x5, &(0x7f0000000200), 0x4)
write$auto_set_tracer_fops_trace(r0, &(0x7f0000000340)="00f4efc59745e97b8b7f5fa9ef87b7024d919248ef0a977b47e8dd0d46bbea7c15d8e17df71f0320abb26fdd98ecd111f096162b31dca7b13e0afac6a99c59a3013a537ea8fab114bc42dfe6a10a2ece6e0736cd1972d4a9fc21bbb4c93fa93c2c3dc4a5d93613f5ed4e2bd92e4f43885a5c55c6b335727bcbb822414e7944619babef04dd94d4df4ffef3c3a03e7a94060cb95739cb3d141cc92ac2b4a3d59a7c6c4a93cd5b79b3dd2bc6ca3245adb98a47d1397918ad34b454b57d004278f3", 0xc0)
mount$auto(0x0, &(0x7f0000000280)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0xcf, 0x0)
syz_genetlink_get_family_id$auto_smbd_genl(&(0x7f0000000200), 0xffffffffffffffff)
msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000180), 0xffffffffffffffff)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv6/conf/wg2/accept_ra_rtr_pref\x00', 0xca041, 0x0)
accept4$auto(0xffffffffffffffff, &(0x7f0000000000)=@rc={0x1f, @none, 0x9}, 0x0, 0x243)
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0xffffffffffffffff, 0x8, 0x0)
r1 = socket(0x10, 0x2, 0xc)
sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r1, @ANYBLOB="01"], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x80)

23.927220046s ago: executing program 0 (id=2272):
r0 = openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/block/loop6/rqos/wbt/id\x00', 0x101a00, 0x0)
read$auto_blk_mq_debugfs_fops_blk_mq_debugfs(r0, &(0x7f0000000340)=""/179, 0xb3)
r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop6\x00', 0x101303, 0x0)
syz_clone3(&(0x7f0000000640)={0x108000, 0x0, 0x0, 0x0, {0x15}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r2 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x101001, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000)
r3 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC2\x00', 0x100, 0x0)
ioctl$auto_SNDRV_CTL_IOCTL_CARD_INFO(r3, 0x81785501, &(0x7f0000000240)={0x5, 0x0, "ceb3e800", "1aef09f057b8e6b77c3fa8df259056a2", "9649efcec918d7563fb34bf487b99df832fed7b3dee7edc8c7a06ac8ed714648", "ef86743334004e34ded7f4f918c1ae2728d423746ae9388e833447898844020468166e720aa18e9e8bf939fb69fa37f8cb1a3723933044e12e7aca4980b6dd6a49ec893b4a14c1870013dce4ee7bb313", "1bdd1bd1e7c93fb23eec09c0fd894efd", "cfc574487a9ea54410cef23d4fe7ca3e78d158c240515f8735c415b6011c4201335554d8a56f185263367dea284aa2cfd1186f7918f367d0329159d3cd2419a890b4840be7dda3125c4f826a8ee0ef22", "c40316b50fd844ca966e25bae3ea9e0485911ca98dc015b6353fc8fdb75ed727190a9b59c895c6fd3f4857dd0a53acc9fc8eaaf65594d77abfb1a6b0788a2ac012a27f566ac119dff3c275c8e64a87699577b2ad1a822a23d98d5dcef24a81ad1005f9c69ebdea766c9795a8214e6804939ac95778ab3f25c3c4da43984d0b0f"})
r4 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f0000003b80)='/dev/snd/pcmC0D0c\x00', 0x8100, 0x0)
io_uring_setup$auto(0x5b, &(0x7f0000000080)={0x3, 0x4000010, 0x3, 0x6, 0x5, 0xfff, 0xffffffffffffffff, [0x0, 0x40, 0x7ff], {0x0, 0x1, 0x5, 0x2e1, 0x8e, 0x0, 0x101, 0x6, 0x200000a}, {0xfff7fffd, 0x1, 0xfffffff7, 0xfffffffe, 0x10000, 0x4050, 0x4040008, 0x8, 0x8000000000040000}})
r5 = getpid()
process_vm_readv$auto(r5, &(0x7f0000000000)={0x0, 0xfff}, 0x800000001, &(0x7f0000000500)={&(0x7f0000000080), 0x1ffffffff}, 0x6, 0x0)
ioctl$auto_SNDRV_PCM_IOCTL_HW_REFINE2(r4, 0xc2604110, 0x0)
ioctl$auto_UI_DEV_SETUP(r2, 0x405c5503, &(0x7f00000000c0)={{0x9, 0xf2cf, 0x8, 0x80}, "6a034a07c7b82d90b69a39e32576f893fba86c9dd051a0094a3836d61c9100fefbbabea6ef9368c7996e841f3f1561d4992f726b0a6c36b0b2fd1678e816201cf562367fe6596824588a2e3d84ba165f", 0xa})
writev$auto(r2, &(0x7f0000000340)={&(0x7f00000002c0), 0xda7e}, 0x9)
socket(0x11, 0x3, 0x9)
socket(0x2, 0x3, 0x4)
ioperm$auto(0x3, 0xe, 0x2000000000000149)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/block/nbd7/power/autosuspend_delay_ms\x00', 0x22902, 0x0)
r6 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x80, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socketcall$auto(0xa, 0x0)
r7 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$auto_KVM_CREATE_VM(r6, 0xae80, 0x0)
ioctl$auto_SG_GET_RESERVED_SIZE(r1, 0x4c03, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000600)='/sys/kernel/mm/lru_gen/enabled\x00', 0x2062, 0x0)

23.375292557s ago: executing program 0 (id=2276):
close_range$auto(0x2, 0x8, 0x0)
socket(0x10, 0x2, 0x4)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000380)='/dev/snd/controlC2\x00', 0x58240, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x2, r0, 0x0)
socket(0x10, 0x2, 0x4)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r2, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f0000004300)=ANY=[@ANYBLOB="14000000", @ANYRES16=<r3=>0xffffffffffffffff, @ANYBLOB='\v'], 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x810)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), r2)
read$auto(r2, &(0x7f0000000000)='\x00', 0x91e2)
close_range$auto(0x2, 0x8, 0x0)
socket(0x10, 0x2, 0xc)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/fs/ocfs2/cluster_stack\x00', 0x88282, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
io_uring_setup$auto(0x8, &(0x7f0000000140)={0xb00e4cd, 0x1, 0x9, 0x210001, 0xc, 0xc05, <r4=>0xffffffffffffffff, [0x7fd, 0x1001, 0x3], {0x9, 0x3, 0xff, 0x0, 0x4, 0x895, 0x3fdc, 0x6, 0x5}, {0x2, 0x1d11, 0x54ed, 0x0, 0x101, 0xff, 0x7, 0xa, 0xb}})
sendmsg$auto_NL802154_CMD_SET_CHANNEL(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16, @ANYBLOB="000329bd7000fedbdf250900000008000c000100008008000300", @ANYRES32, @ANYBLOB="08002c000001050018001d"], 0x3c}, 0x1, 0x0, 0x0, 0x20000828}, 0x0)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
open(0x0, 0x22040, 0x75)
socket(0x10, 0x2, 0x0)
sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYRES64=r1, @ANYRES8=r3, @ANYBLOB="01eb"], 0x14}, 0x1, 0x0, 0x0, 0x20040840}, 0x24004000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x20004884)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x3}, 0x3ef3}, 0x3, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/disk\x00', 0x100, 0x0)
socket(0x11, 0x3, 0x2)
r5 = socket(0x10, 0x2, 0xc)
sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r5, @ANYRES8=r1], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x4000050)

23.188627363s ago: executing program 0 (id=2277):
mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_cifs(&(0x7f0000000040), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'wlan1\x00', <r3=>0x0})
sendmsg$auto_NL80211_CMD_SET_WOWLAN(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRES16, @ANYBLOB="01ee696b97a772f4c2255900000008000300", @ANYRES32=r3], 0x1c}, 0x1, 0x0, 0x0, 0x2400c815}, 0x804)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000400)={'veth1_to_bond\x00', <r4=>0x0})
sendmsg$auto_ETHTOOL_MSG_PHY_GET(r0, &(0x7f0000000540)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)={0xc0, 0x0, 0x200, 0x70bd2b, 0x25dfdbfb, {}, [@ETHTOOL_A_PHY_HEADER={0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x8000}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gre0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg2\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x9}]}, @ETHTOOL_A_PHY_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xffff}]}, @ETHTOOL_A_PHY_HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @ETHTOOL_A_PHY_HEADER={0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'virt_wifi0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan0\x00'}]}]}, 0xc0}, 0x1, 0x0, 0x0, 0x4040001}, 0x10)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x8f3b7a51b80eb581, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0)
socket(0x2, 0x80002, 0x73)
r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/platform/dummy_hcd.0/usb1/power/autosuspend_delay_ms\x00', 0x20461, 0x0)
write$auto_kernfs_file_fops_kernfs_internal(r6, 0x0, 0x0)
read$auto(r5, 0x0, 0x10001)
r7 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r7, &(0x7f0000000240)={0x0, 0x7}, 0x2)
sysfs$auto(0x2, 0x24, 0x0)
syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff)
r8 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0)
write$auto(r8, 0x0, 0xaf0)
getsockopt$auto(0xffffffffffffffff, 0x29, 0x42, 0x0, 0x0)
fsopen$auto(0x0, 0x6)
r9 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$auto_ETHTOOL_MSG_DEBUG_SET(r2, &(0x7f0000002e40)={0x0, 0x0, &(0x7f0000002e00)={&(0x7f0000000240)={0x2c, r9, 0x1, 0x70bd2a, 0x25dfdbff, {}, [@ETHTOOL_A_DEBUG_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8050}, 0x4000080)
sendmsg$auto_CIFS_GENL_CMD_SWN_NOTIFY(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x34, r1, 0x4, 0x70bd29, 0x25dfdbfd, {}, [@CIFS_GENL_ATTR_SWN_SHARE_NAME={0x6, 0x3, '3\x00'}, @CIFS_GENL_ATTR_SWN_NET_NAME_NOTIFY={0x4}, @CIFS_GENL_ATTR_SWN_RESOURCE_STATE={0x8, 0xd, 0x6}, @CIFS_GENL_ATTR_SWN_NET_NAME_NOTIFY={0x4}, @CIFS_GENL_ATTR_SWN_PASSWORD={0x7, 0xa, '^@^'}]}, 0x34}, 0x1, 0x0, 0x0, 0x20008000}, 0x4)
mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0xffffffffffffffff, 0x2)
r10 = openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, &(0x7f0000000600)='/proc/thread-self/clear_refs\x00', 0x2, 0x0)
write$auto(r10, &(0x7f0000000340)='3\x00', 0x6)

22.102845134s ago: executing program 0 (id=2280):
socket(0x10, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bind$auto(0x3, &(0x7f0000000000)=@generic={0x10, "a500acb75c9cedd1b5e9a0d76293"}, 0x68)
r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2, 0x0)
mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000)
ioctl$auto(0x4000000000000c8, 0x800454cf, 0x3)
r1 = socket(0x11, 0x80003, 0x0)
setsockopt$auto(r1, 0x107, 0x12, 0x0, 0x4)
write$auto_seq_oss_f_ops_seq_oss(r0, &(0x7f0000000040)="f6e6812018deadf7e88f819e30236ce79200e01532f2ed0d", 0x18)
r2 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/devices/virtual/net/bond0/bonding/arp_ip_target\x00', 0xa0002, 0x0)
write$auto_ocfs2_control_fops_stack_user(r3, &(0x7f0000003900)='\t', 0x1)
write$auto(r2, &(0x7f0000000080)=')@-!\x00', 0x1e1)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_NBD_CMD_CONNECT(r4, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000000200)=ANY=[@ANYRES16, @ANYBLOB="01ed243d7000fddb072501000000140007800c0001800800018000000000040089800c0002000600000000000000"], 0x34}, 0x1, 0x0, 0x0, 0x804}, 0x8880)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/kernel/perf_event_max_contexts_per_stack\x00', 0x202, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/virtual/block/nbd7/power/autosuspend_delay_ms\x00', 0x2a0a02, 0x0)
r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x189401, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r6 = socketcall$auto(0xa, 0x0)
r7 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$auto(0x3, 0xae41, r6)
ioctl$auto_KVM_GET_MSRS(r5, 0x4400ae8f, 0x0)

10.795720177s ago: executing program 32 (id=2261):
socket(0x10, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bind$auto(0x3, &(0x7f0000000000)=@generic={0x10, "a500acb75c9cedd1b5e9a0d76293"}, 0x68)
r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2, 0x0)
mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000)
ioctl$auto(0x4000000000000c8, 0x800454cf, 0x3)
r1 = socket(0x11, 0x80003, 0x0)
setsockopt$auto(r1, 0x107, 0x12, 0x0, 0x4)
write$auto_seq_oss_f_ops_seq_oss(r0, &(0x7f0000000040)="f6e6812018deadf7e88f819e30236ce79200e01532f2ed0d", 0x18)
r2 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/devices/virtual/net/bond0/bonding/arp_ip_target\x00', 0xa0002, 0x0)
write$auto_ocfs2_control_fops_stack_user(r3, &(0x7f0000003900)='\t', 0x1)
write$auto(r2, &(0x7f0000000080)=')@-!\x00', 0x1e1)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_NBD_CMD_CONNECT(r4, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000000200)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYBLOB="01ed243d7000fddb072501000000140007800c0001800800018000000000040089800c0002000600000000000000"], 0x34}, 0x1, 0x0, 0x0, 0x804}, 0x8880)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/kernel/perf_event_max_contexts_per_stack\x00', 0x202, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/virtual/block/nbd7/power/autosuspend_delay_ms\x00', 0x2a0a02, 0x0)
r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x189401, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r6 = socketcall$auto(0xa, 0x0)
r7 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$auto(0x3, 0xae41, r6)
ioctl$auto_KVM_GET_MSRS(r5, 0x4400ae8f, 0x0)

7.143329523s ago: executing program 33 (id=2280):
socket(0x10, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bind$auto(0x3, &(0x7f0000000000)=@generic={0x10, "a500acb75c9cedd1b5e9a0d76293"}, 0x68)
r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2, 0x0)
mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000)
ioctl$auto(0x4000000000000c8, 0x800454cf, 0x3)
r1 = socket(0x11, 0x80003, 0x0)
setsockopt$auto(r1, 0x107, 0x12, 0x0, 0x4)
write$auto_seq_oss_f_ops_seq_oss(r0, &(0x7f0000000040)="f6e6812018deadf7e88f819e30236ce79200e01532f2ed0d", 0x18)
r2 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/devices/virtual/net/bond0/bonding/arp_ip_target\x00', 0xa0002, 0x0)
write$auto_ocfs2_control_fops_stack_user(r3, &(0x7f0000003900)='\t', 0x1)
write$auto(r2, &(0x7f0000000080)=')@-!\x00', 0x1e1)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_NBD_CMD_CONNECT(r4, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000000200)=ANY=[@ANYRES16, @ANYBLOB="01ed243d7000fddb072501000000140007800c0001800800018000000000040089800c0002000600000000000000"], 0x34}, 0x1, 0x0, 0x0, 0x804}, 0x8880)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/kernel/perf_event_max_contexts_per_stack\x00', 0x202, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/virtual/block/nbd7/power/autosuspend_delay_ms\x00', 0x2a0a02, 0x0)
r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x189401, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r6 = socketcall$auto(0xa, 0x0)
r7 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$auto(0x3, 0xae41, r6)
ioctl$auto_KVM_GET_MSRS(r5, 0x4400ae8f, 0x0)

1.314153851s ago: executing program 3 (id=2358):
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0xfdf, 0xc, 0x5, 0x1837, 0x401, 0x2)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x4a8000, 0x0)
select$auto(0xd, 0x0, &(0x7f0000000400)={[0x8, 0x200000000005, 0x7, 0x7, 0x0, 0x80000004, 0xc, 0x6, 0x8fc, 0xb80, 0xe34c, 0x9, 0x3, 0xfffffffffffff954, 0xfffffffffffffff8, 0xfff]}, 0x0, &(0x7f0000000080)={0x800000000001ff, 0x401})
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'ip6gretap0\x00'})
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
statmount$auto(0x0, &(0x7f0000000380)={0x55c35ef, 0x2f, 0x3, 0x62, 0x28000, 0xfffffffffffffffe, 0x0, 0x800, 0x13, 0x8, 0x5, 0x40, 0xf, 0x1, 0x21fd, 0x0, 0xe7, 0x1000, 0x2, 0xffffffffffffffff, 0x2d8, 0x5, 0x7, 0x2, 0x7, 0x1, 0x4, 0x4, 0xe, 0x7, 0x8, [0x61, 0xd0e, 0x8, 0x5, 0x3ff, 0x7, 0x10000, 0x1ff, 0x3, 0x121980a3, 0x4, 0x8001, 0x5, 0x40, 0x7, 0xb1a3, 0x80000000, 0x5, 0x2a6, 0x100000000, 0x7, 0xfffffffffffffff9, 0x4, 0x3, 0x0, 0x6, 0xe43, 0x5, 0x9c8, 0x4, 0x2e1, 0x100, 0x1, 0xfffffffffffff538, 0x2, 0x8, 0x8, 0x100000000, 0x7f, 0xfffffffffffffff1, 0x8, 0x0, 0x2]}, 0x9, 0xcc)
open_by_handle_at$auto(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x10002}, 0x6)
unshare$auto(0x40000080)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0)
write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
listen$auto(0x3, 0x81)
dup2$auto(0x5, 0x4)

1.178936931s ago: executing program 3 (id=2359):
select$auto(0xd, &(0x7f00000000c0)={[0x5, 0x9, 0x3, 0x3, 0x2, 0xb8, 0x0, 0x9, 0x8000000000000001, 0xffffffffffffff73, 0x8001, 0x2, 0x4, 0x8, 0x3e7, 0x8]}, 0x0, 0x0, 0x0)
mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
r0 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x147)
ppoll$auto(&(0x7f0000000240)={0xffffffffffffffff, 0x3, 0x3}, 0x3, 0x0, 0x0, 0x8)
move_pages$auto(0x1, 0x20007, 0x0, 0x0, 0x0, 0x8000000000000000)
mmap$auto(0x0, 0x7, 0xdf, 0xeb1, 0x401, 0x8000)
ioctl$auto_BLKTRACESETUP2(0xffffffffffffffff, 0xc0481273, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x4604, 0x0)
unshare$auto(0x40000080)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
ioctl$auto_SNDCTL_DSP_SETTRIGGER(0xffffffffffffffff, 0x40045010, &(0x7f0000000040))
msgget$auto(0xc, 0x77d9)
msgrcv$auto(0x0, 0x0, 0xff9, 0x1, 0x3)
msgsnd$auto(0x0, &(0x7f0000000000)={0x1, 0x5}, 0x8, 0x9)
sendmmsg$auto(r0, &(0x7f0000000180)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0x4}, 0x1000000000028, 0x0, 0x1, 0x3e0}, 0x800}, 0x4, 0x4008)
execve$auto(&(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f0000000100)=&(0x7f0000000600)='#\xdc\xfe\xd8E\xc8\x8bu4\xd9n\xcb\xca\xc7zw \x96\x9ejh\xad\x9eEc\xae\x1e\x89\x92\x9a\xbbP[B\xae\x9cf)\x15\xac\x90)l\x06\xf0\t\x12\x05zz\xa6\xb3\xce=\x00\x00\x00 \x00/\xc4T\x1f\xe5P\xff\xb4\xb7s0\x02\xc5\x81\x93\xc6\xc8\xb6Sp\x1a{8\xfc\xe0,X\xc7BU\xd0\x97\x7f1\x16\x99\x04\xabu/a(\x02\x7f\xbb\xbd\x906\xa8\xce\xee\xcd\xd7\t\x00\xfb\x83\xc8\x8aO\xe9\xbe=\xf7\xf4\x84,\x06\xd3j\x99b\xe6\xf6Y3A\xbb\xa4\xb2\f\x1b\xc3\x8a,g\xc6\xe8[\xdf\x88\x01\x9f7\xb5\x19m\xd8L\x84j\x8c\xec\xdf\x1a\xbd\xc5\x94\xb9\xb7\xd5\xa4\xc0\f-6\xfe\xa8\xed/u\x81_G\xfeR\xbb\x12\x16\xb8*\xa9\xc9\xe81\x9d\x06\xbbC\x17\xbb\xe6|\x97\xabB4J\xed+-\xf8u0/n\xcf\x8b\x95\x9d\xab\xa8\xc47\xa6\x0e\xdeOq\\\xc3\'{\b\xd3m\x94\xc2\xdd{\xeaO\x0e\xe4\xe0\xb9N:\xd60\x17,\x06\xc7B#Y0\x99\xeb\x874\xab?\xc8\x82\xe5\x8f\xb7\x91\xc2\xbe\xb2\x02\xfe\xd3k\xd5\xdcZ\xdcP\x8e+\xd8\xc7C\xcb\x15\x13c\xbf\xe8\xbd\"\x8f3\"\x14\xf8(\xda\x19\xcd\xec\x03.\xd9^\xc3A\xda\r[\x1a\xda\\#/\xd4\xaf\xd0\xe8\xa2\xdd\xc5{\xfa\xe0\x90\x8f\x99lQ\xec\x84h^\x11+\x93\b\xe0c\xe6\xd22\xf9\xa5')

240.198267ms ago: executing program 3 (id=2360):
socket(0x10, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bind$auto(0x3, &(0x7f0000000000)=@generic={0x10, "a500acb75c9cedd1b5e9a0d76293"}, 0x68)
r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2, 0x0)
mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000)
ioctl$auto(0x4000000000000c8, 0x800454cf, 0x3)
r1 = socket(0x11, 0x80003, 0x0)
setsockopt$auto(r1, 0x107, 0x12, 0x0, 0x4)
write$auto_seq_oss_f_ops_seq_oss(r0, &(0x7f0000000040)="f6e6812018deadf7e88f819e30236ce79200e01532f2ed0d", 0x18)
r2 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/devices/virtual/net/bond0/bonding/arp_ip_target\x00', 0xa0002, 0x0)
write$auto_ocfs2_control_fops_stack_user(r3, &(0x7f0000003900)='\t', 0x1)
write$auto(r2, &(0x7f0000000080)=')@-!\x00', 0x1e1)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_NBD_CMD_CONNECT(r4, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000000200)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16, @ANYBLOB="01ed243d7000fddb072501000000140007800c0001800800018000000000040089800c0002000600000000000000"], 0x34}, 0x1, 0x0, 0x0, 0x804}, 0x8880)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x202, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/virtual/block/nbd7/power/autosuspend_delay_ms\x00', 0x2a0a02, 0x0)
r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x189401, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r6 = socketcall$auto(0xa, 0x0)
r7 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$auto(0x3, 0xae41, r6)
ioctl$auto_KVM_GET_MSRS(r5, 0x4400ae8f, 0x0)

137.926031ms ago: executing program 3 (id=2361):
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS2\x00', 0xa0840, 0x0)
ioctl$auto(r0, 0x540a, r0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000002280), r1)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'macsec0\x00', <r3=>0x0})
sendmsg$auto_MACSEC_CMD_DEL_RXSC(r1, &(0x7f0000005380)={0x0, 0x0, &(0x7f0000005340)={&(0x7f0000000440)=ANY=[@ANYBLOB="2c000000e4f657ab1760d041f40268542716cdad747e01affe38b72be60e51d7e8da8382463ecfe642dc158f4badf4accb6ac54ea297d96503dadfbe46331d4e73132cd25e78ebe0c613ab6f9043ca1243add8ae973edd3ef812844d0ebb143d885073a529d38efb31f44961e0ffde572771bf924eb95003e28e1e299ffb4f0cad67074bd10a2b9659f471777c5211dd982adfc2687214585515eff532706b40968b5ab2f0b63d4b0e3c3199bfae62c38204ee6608e348399201b20eb9919c75a6b032b91fe0dd820d8badade5d9d32327803cbd7600c04ab51545b694c366aa0a117d249b618b1e8ef889716581b845b9133860741ad13141f6ad6c874f366093d9b5f59d35c61bcedfbd6dc3a604552b7ba8434ad3fcba96f477d5cf7d9310ef8dc03431238d3a59ddcca310b18bd7e1617838ac0e", @ANYRES16=r2, @ANYBLOB="01082abd7000fcdbdf2502000000100002800c000100d70b4d9343ea1b1208000100", @ANYRES32=r3, @ANYBLOB], 0x2c}, 0x1, 0x0, 0x0, 0x4040005}, 0x40)
mmap$auto(0x0, 0x2020005, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendmsg$auto_WG_CMD_GET_DEVICE(r1, &(0x7f0000000a80)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000a40)={&(0x7f0000000d40)={0x628, 0x0, 0x20, 0x70bd2b, 0x25dfdbfc, {}, [@WGDEVICE_A_PUBLIC_KEY={0x4a, 0x4, "196d3f8fb36e7dd12fd7dd651a746a8cd9dc5f7b7a99b66c674532146699f7be49f9fcff4331e173ad6fae168012fd5d1cebd20f030e62ffee94434dbfba2bd78e3cf29b28ac"}, @WGDEVICE_A_LISTEN_PORT={0x6, 0x6, 0x4e21}, @WGDEVICE_A_PRIVATE_KEY={0x2f, 0x3, "f5e25b441dc90d5eed5b5947647c8748d8fc8ff76532482732afacde53150e67408f0f252008fc3d2899b9"}, @WGDEVICE_A_FWMARK={0x8, 0x7, 0x5}, @WGDEVICE_A_PEERS={0x588, 0x8, 0x0, 0x1, [@nested={0x7c, 0x8c, 0x0, 0x1, [@typed={0x8, 0x4, 0x0, 0x0, @pid}, @nested={0x4, 0x8b}, @nested={0x4, 0xa3}, @typed={0x68, 0xed, 0x0, 0x0, @binary="ec06620a7da7dafa322d6b8dc791ae23ddb5e653026c009ad4728a2bd7ef718cfeb819be5a10970431cca516810443da1873263d631009199729f7ea53408251253dd89515e996dcf6a60af5c5cedaa8adad38b5cdaba65271a57c4b3f6cbd165ba22aea"}]}, @nested={0x507, 0x66, 0x0, 0x1, [@nested={0x4, 0x3a}, @nested={0x3be, 0xb2, 0x0, 0x1, [@generic="8addfbf934b652d21d4bca812a1f54cbd536f644f012bc9c265226667531ed06415b8a243445f05fd0b76597e30f0ce6427a5e8464285c44ac68c1670e86fcc8762fc41affcf1d28f5536c6ddc6241b02ba98d43b7e543d19168485f6ae3368ea102b93717d3eaff50cb6b2e8bbb215a0d0acc50c3689c784c72", @nested={0xdc, 0xaa, 0x0, 0x1, [@generic="4676eb79daed31232a06c7dcb1ddf6b23a6423080d2e9db420d7822b0b2545652a59c81674f2236c0b208dcb64467dfd0abae632d683c2b07b01da621774edc55399bff460db6fa619", @generic="ed93a19981e2d1ccf98e9b72e5080db87e333f8d229e5155a94cef06aefb613b52658a88d4cf4b93795abd848ea95d12f092fe43cddb6a8297e289b0788cf272b16694882cd3b453d6b995046479528ebd0070e86f805e56d437ef3be984fad6dc4f3659e0564c3ecefd25910767e35581f82ef00d21b96c6e69c4c8aa617500465738a12960cabc103c75081ca147"]}, @nested={0x25f, 0x115, 0x0, 0x1, [@typed={0xc, 0xb2, 0x0, 0x0, @u64=0xc62}, @generic="0cd5648bd3903ed1d58f3634a09d6d57aa7cbc1db7958a7b49f443e49bc6fdf3c66468a503f87568dcd5094b822e3b97bf8780789ef6e673a7f737ff5684d892210200f03a77287455d60537cdc4f713cfc54d875f76c5833089d0f6c615a7ecb8b9293864523bfe7b046a3e1c18e4dccdb7dd7dea9d1aa7fe5f95310a594c1c7de6f40043cd1a4304c7ac53f0ca7a6f25388401733237d270fc07abd283bd83ab67f9b0683da89a44c98d3702d01382d1e8400c57f1523df04d985b33c8a76ceade244bc5957601f3726162c6bd152621e5b85f12dba596d3c4d0ed24eb52fc408cef", @typed={0x8, 0x5e, 0x0, 0x0, @ipv4=@multicast2}, @generic="5a1bf0f3a3a977fa89d6b70e64db5eb14706891b2cc581c1b693dddad39f6870fec0d080f90038e31532fd17cc3171a94bd946ace8f7e925578595c6708a367e4aac769460bec847b83fd92430f4ced65b6a77efc251a133b2585a648fa4e2e56b9c6986e9002566eeaa2b00454d2e190cc373d851b2b553b3d7bda3c684e26af38d5c6c606a9c302541c04823092233e1374600120dca6a6ab5bed6be939a7bf1afe675a39d05b443ad2e53e1ef5cea8b1ec168931341171669d66170512445e8db8134363635b7ae9545ba4f47c15e0adf5dad9a9e2cf6fb", @typed={0x8, 0x14d, 0x0, 0x0, @uid}, @nested={0x4, 0x138}, @generic="e6dcab9c2514e49b596c654fa1c7db18f945b729a4bc6bc7278f5916a8fa9b91067151ef3e8e0966fa5635871f50463e13882e0bba64714c714d666bb0af24c6cb85f085f047452a9ab1439a87559d58356787347ce2651a82256ea8f24765f2cf4a00b38c666a1cae1e7e88a5e55911fda0a4c944c67b", @typed={0x4, 0x144}, @nested={0x4, 0x15c}]}, @typed={0x4, 0x46}]}, @typed={0x8, 0x39, 0x0, 0x0, @ipv4=@dev={0xac, 0x14, 0x14, 0x5}}, @generic="757c9df6eb763ae946923074dbef910c3e32f6b38deefa28a2baabc38da48c9caa328081a2b8fc75426ed9f5bc661818b96e62ed1047eb35006dbab1ba0c4e9382c0c565b0dc9914643ee7cf77c125aad5aa096ce0e18fefb67df47d9311928070085020f201a47bbad0874ed7b2d89847e0f7536a8b83593080096fd346cce8d8232396386a89fefb4b9fcebe06b2474db714df212fac2876359f63ff", @typed={0x8, 0xb2, 0x0, 0x0, @u32=0x400}, @generic="4b644ac7bdbb82f32fbc42427f53438752c21db0b85160c20bdc068fcfad604fadb37c5dcb25889fe3706a328276cecb370fd7244f839ef0c7fec9515412a52a5c5debe12b806a776ffdcfaf8b6cefce62201c5d34a586bea557cd4fd8197efb59f7cb11fa0064283b69f4466e0ff7329e57c1f314e7cf23e870f3e71b15a81f4944ac950e8eedf1e53e29c225743bd0be55"]}]}]}, 0x628}}, 0x24000000)
r4 = io_uring_setup$auto(0x6, 0x0)
madvise$auto(0x1000000, 0x3, 0x66)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000600), r5)
r6 = socket(0x29, 0x2, 0x1)
socket(0x28, 0x800, 0x3)
ioctl$auto__ctl_fops_dm_ioctl(0xffffffffffffffff, 0x2, &(0x7f00000001c0)="dcbb5fd7054bed139fb7f9fb1dca8fe1d88f65ee057c0e6faac40d106e4f0d52edf6e31c48e8d983ae3431fa707225c2c387e1a200b38759ba8e9187200e6d044ef46a534de751b1436f20ed7071b254509700aa726ea003a1b7b9ce2313756dc84bc4556ddac694c4553d72ed13a885176712c9cff968f74bd1d14ff734ad08e60cf7e7a7dd07d2b6ca9cb21ddaae68d2969afcf6c734f6ee1c63b1c93abf32264f9ec022b64c903276298739ee8ae7ac1fe14534ad54004f39ea1b99964702554c1494e1742baeae527cf3007d50fc92e924f73b6288e5d9fd071d2fba76b2fabd3faf5229f4c3168226346e3087026d3d2c378505748aed398d4988971e05ff0ab9f5f2328e7f51d5061584b44581a4c83e413718d3a82f87daf87d1d5a2c32fbaa58f095fbf34ccc603b632155c27289cb5598049a7c9160dfe8a01d5a1983408082941eb39db2a09c5a34dc876dfa58a589687aa0cf6be7b5b084a8f753758332896ec3adad7a79b751908ee2b3d251314185a0ed8d20e9b6b8a1ed11402b02e544b67caf3177eda039e64aaf295eca7953c165fa73afca96d7750663711101c6e14e44817c6ad4b1474132dd441ca5c9d7776c871ffacbd96910496cad7010b9b526135e84813adcfb5cb7a08f7028bdf724ee3ef93237ef05f87bd3ffb222eeadadd91004411eb91dd5b822fe4147314195ecf3a4fa")
mmap$auto(0x0, 0x2020009, 0x80000000, 0xeb1, 0xfffffffffffffffa, 0x108000)
close_range$auto(r6, 0x5, 0xfffffffc)
write$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000100)="d630ecd5ff327f9b60c042ba1f8e2800", 0x10)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000001b40)={{&(0x7f00000003c0)="36a588795656be424ba73943c0ddfe6835b6950e1f7759589faee692cf4c34c7d759d93f9e01b2f6e82837aee03f4cce397b8e99399b510b743687c9f68f137f5ac4c6e7ece37542f98a6578de2d108441faea10251f27bec14422af180cc75bcb07df28", 0x1, 0x0, 0x4, &(0x7f0000001a80)="8cd377cb686abc15feef88b10df1ed3e7e4c63ffe7fc4d1297ce325514a4e372d5e0eacdb7f0c5b21b942e5e0ae940e409e33a0f88be4a270b5ad7babe450dd70e6f0aa63613bae068a4ceb45e4b5d5c53caddbc854b8ae2309f0b1642d65b3c0a5a7d63008222596440229b75", 0x0, 0x2}, 0x7}, 0x0, 0x6)
r7 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0)
write$auto_console_fops_tty_io(r7, &(0x7f0000000000)="c80d1b5d399b3b", 0xfdef)
openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000040), 0x125300, 0x0)
r8 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sysvipc/sem\x00', 0x0, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r4, &(0x7f0000000640)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000180)={0x1c, 0x0, 0x520, 0x70bd25, 0x25dfdbfd, {}, [@NL80211_ATTR_CIPHER_SUITE_GROUP={0x8, 0x4a, 0x6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4008808}, 0x44090)
lseek$auto(r8, 0x7fd, 0x1)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
socket(0x2, 0x1, 0x0)
io_uring_setup$auto(0x6, 0x0)
kcmp$auto(0x1, 0x1, 0x0, 0x100000004, 0x100000001)

82.870243ms ago: executing program 3 (id=2362):
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x20800, 0x0)
ioctl$auto(r0, 0x4b65, r0)
close_range$auto(0x2, 0x8, 0x0)
socket(0x10, 0x2, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x180, 0x0)
ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$auto(0x3, 0xae41, r2)
ioctl$auto_KVM_GET_MSRS(r1, 0x4008ae8a, &(0x7f00000000c0)={0xfc})
close_range$auto(0x2, 0x8, 0x0)
landlock_create_ruleset$auto(&(0x7f0000000040)={0x100000000, 0x7, 0x80000001}, 0x5, 0x1)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'vcan0\x00'})
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x8000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto_TCFLSH2(0xffffffffffffffff, 0x540b, 0x0)
fcntl$auto(r3, 0x8, 0x1)
r4 = clone3$auto(&(0x7f00000000c0)={0x8, 0xfffffffffffffff9, 0xfffffffffffffffc, 0x81, 0x400, 0x6358c246, 0x10001, 0x8, 0x5, 0x4, 0x80000000}, 0xffffffffffffffff)
fcntl$auto(r3, 0x10, r4)
socket(0x2, 0x1, 0x0)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20342, 0x0)

0s ago: executing program 3 (id=2363):
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x3, 0x5)
lseek$auto(0x3, 0x0, 0x1)
mkdir$auto(&(0x7f0000000300)='}[,&*}\x00', 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
r0 = io_uring_setup$auto(0x6, 0x0)
socket(0x3, 0x6, 0xb4)
io_uring_register$auto(0x2, 0x5, &(0x7f0000000200), 0x4)
write$auto_set_tracer_fops_trace(r0, &(0x7f0000000340)="00f4efc59745e97b8b7f5fa9ef87b7024d919248ef0a977b47e8dd0d46bbea7c15d8e17df71f0320abb26fdd98ecd111f096162b31dca7b13e0afac6a99c59a3013a537ea8fab114bc42dfe6a10a2ece6e0736cd1972d4a9fc21bbb4c93fa93c2c3dc4a5d93613f5ed4e2bd92e4f43885a5c55c6b335727bcbb822414e7944619babef04dd94d4df4ffef3c3a03e7a94060cb95739cb3d141cc92ac2b4a3d59a7c6c4a93cd5b79b3dd2bc6ca3245adb98a47d1397918ad34b454b57d004278f3", 0xc0)
mount$auto(0x0, &(0x7f0000000280)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0xcf, 0x0)
syz_genetlink_get_family_id$auto_smbd_genl(&(0x7f0000000200), 0xffffffffffffffff)
msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv6/conf/wg2/accept_ra_rtr_pref\x00', 0xca041, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/bus/pci/resource_alignment\x00', 0x8ea182, 0x0)
accept4$auto(0xffffffffffffffff, &(0x7f0000000000)=@rc={0x1f, @none, 0x9}, 0x0, 0x243)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket(0x10, 0x2, 0x4)
close_range$auto(r1, 0x8, 0x0)
r2 = socket(0x10, 0x2, 0xc)
sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r2, @ANYBLOB="01"], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x80)
write$auto(r1, &(0x7f0000000000)='-\x00', 0xfdef)

kernel console output (not intermixed with test programs):

[ T9704] R13: 00007f7aa0816218 R14: 00007f7aa0816180 R15: 00007ffeafd683a8
[  274.728657][ T9704]  </TASK>
[  276.281859][ T9736] FAULT_INJECTION: forcing a failure.
[  276.281859][ T9736] name fail_futex, interval 1, probability 0, space 0, times 0
[  276.366704][ T9736] CPU: 0 UID: 0 PID: 9736 Comm: syz.3.1011 Tainted: G     U       L      syzkaller #0 PREEMPT(full) 
[  276.366734][ T9736] Tainted: [U]=USER, [L]=SOFTLOCKUP
[  276.366741][ T9736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  276.366750][ T9736] Call Trace:
[  276.366756][ T9736]  <TASK>
[  276.366762][ T9736]  dump_stack_lvl+0x100/0x190
[  276.366785][ T9736]  should_fail_ex.cold+0x5/0xa
[  276.366806][ T9736]  get_futex_key+0x1d2/0x1510
[  276.366824][ T9736]  ? __pfx_get_futex_key+0x10/0x10
[  276.366839][ T9736]  ? __pfx___might_resched+0x10/0x10
[  276.366862][ T9736]  futex_wake+0xea/0x530
[  276.366881][ T9736]  ? find_held_lock+0x2b/0x80
[  276.366901][ T9736]  ? __pfx_futex_wake+0x10/0x10
[  276.366921][ T9736]  ? ksys_write+0x190/0x250
[  276.366937][ T9736]  ? ksys_write+0x190/0x250
[  276.366956][ T9736]  do_futex+0x32b/0x350
[  276.366973][ T9736]  ? __pfx_do_futex+0x10/0x10
[  276.366993][ T9736]  __x64_sys_futex+0x34f/0x4d0
[  276.367011][ T9736]  ? __pfx___x64_sys_futex+0x10/0x10
[  276.367027][ T9736]  ? ksys_write+0x1ac/0x250
[  276.367046][ T9736]  ? rcu_is_watching+0x12/0xc0
[  276.367065][ T9736]  do_syscall_64+0x10b/0xf80
[  276.367086][ T9736]  ? clear_bhb_loop+0x40/0x90
[  276.367104][ T9736]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  276.367119][ T9736] RIP: 0033:0x7f7aa059cdd9
[  276.367133][ T9736] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  276.367146][ T9736] RSP: 002b:00007f7aa14900e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  276.367161][ T9736] RAX: ffffffffffffffda RBX: 00007f7aa0815fa8 RCX: 00007f7aa059cdd9
[  276.367171][ T9736] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f7aa0815fac
[  276.367180][ T9736] RBP: 00007f7aa0815fa0 R08: 0000000000000001 R09: 0000000000000000
[  276.367189][ T9736] R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000000
[  276.367202][ T9736] R13: 00007f7aa0816038 R14: 00007ffeafd682c0 R15: 00007ffeafd683a8
[  276.367221][ T9736]  </TASK>
[  277.229946][ T9758] block nbd2: not configured, cannot reconfigure
[  277.615838][ T9766] sock: sock_timestamping_bind_phc: sock not bind to device
[  278.426829][ T9777] bond0: invalid ARP target specified
[  278.874147][ T9800] block nbd2: not configured, cannot reconfigure
[  279.582864][ T9823] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1029'.
[  279.907299][ T9835] random: crng reseeded on system resumption
[  280.550554][ T9843] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1035'.
[  281.958924][ T9904] block nbd2: not configured, cannot reconfigure
[  282.532786][ T9917] bond0: invalid ARP target specified
[  282.865318][ T9925] Â: entered promiscuous mode
[  282.905846][ T9931] Setting dangerous option i915.mitigations - tainting kernel
[  283.292841][ T9948] random: crng reseeded on system resumption
[  283.387190][ T9930] FAULT_INJECTION: forcing a failure.
[  283.387190][ T9930] name fail_futex, interval 1, probability 0, space 0, times 0
[  283.472668][ T9930] CPU: 0 UID: 0 PID: 9930 Comm: syz.3.1059 Tainted: G     U       L      syzkaller #0 PREEMPT(full) 
[  283.472695][ T9930] Tainted: [U]=USER, [L]=SOFTLOCKUP
[  283.472700][ T9930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  283.472709][ T9930] Call Trace:
[  283.472714][ T9930]  <TASK>
[  283.472720][ T9930]  dump_stack_lvl+0x100/0x190
[  283.472741][ T9930]  should_fail_ex.cold+0x5/0xa
[  283.472760][ T9930]  get_futex_key+0x1d2/0x1510
[  283.472784][ T9930]  ? __pfx_get_futex_key+0x10/0x10
[  283.472798][ T9930]  ? lock_acquire+0x1b1/0x370
[  283.472818][ T9930]  futex_wake+0xea/0x530
[  283.472839][ T9930]  ? __pfx_futex_wake+0x10/0x10
[  283.472857][ T9930]  ? exit_mm_release+0x19/0x30
[  283.472883][ T9930]  do_futex+0x32b/0x350
[  283.472899][ T9930]  ? __pfx_do_futex+0x10/0x10
[  283.472914][ T9930]  ? __might_fault+0xc5/0x140
[  283.472940][ T9930]  mm_release+0x24a/0x2f0
[  283.472959][ T9930]  do_exit+0x707/0x2a60
[  283.472984][ T9930]  ? __pfx_do_exit+0x10/0x10
[  283.473005][ T9930]  ? do_raw_spin_lock+0x128/0x260
[  283.473021][ T9930]  ? find_held_lock+0x2b/0x80
[  283.473039][ T9930]  ? get_signal+0x7e0/0x21e0
[  283.473060][ T9930]  do_group_exit+0xd5/0x2a0
[  283.473074][ T9930]  get_signal+0x1ec7/0x21e0
[  283.473099][ T9930]  ? __pfx_get_signal+0x10/0x10
[  283.473119][ T9930]  ? do_futex+0x192/0x350
[  283.473135][ T9930]  arch_do_signal_or_restart+0x91/0x7a0
[  283.473156][ T9930]  ? sock_ioctl+0x2dc/0x6b0
[  283.473178][ T9930]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  283.473204][ T9930]  ? __fget_files+0x21f/0x3d0
[  283.473222][ T9930]  ? rcu_is_watching+0x12/0xc0
[  283.473242][ T9930]  exit_to_user_mode_loop+0x8b/0x4f0
[  283.473256][ T9930]  ? rcu_is_watching+0x12/0xc0
[  283.473275][ T9930]  do_syscall_64+0x6f2/0xf80
[  283.473296][ T9930]  ? clear_bhb_loop+0x40/0x90
[  283.473314][ T9930]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  283.473329][ T9930] RIP: 0033:0x7f7aa059cdd9
[  283.473342][ T9930] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  283.473356][ T9930] RSP: 002b:00007f7aa14900e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  283.473371][ T9930] RAX: fffffffffffffe00 RBX: 00007f7aa0815fa8 RCX: 00007f7aa059cdd9
[  283.473380][ T9930] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f7aa0815fa8
[  283.473389][ T9930] RBP: 00007f7aa0815fa0 R08: 0000000000000000 R09: 0000000000000000
[  283.473398][ T9930] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  283.473406][ T9930] R13: 00007f7aa0816038 R14: 00007ffeafd682c0 R15: 00007ffeafd683a8
[  283.473424][ T9930]  </TASK>
[  285.305551][ T9983] snd_virmidi snd_virmidi.0: control 61678:131081:3:yª:3 is already present
[  285.753473][T10013] random: crng reseeded on system resumption
[  286.128970][T10030] random: crng reseeded on system resumption
[  286.531445][T10040] netlink: 286 bytes leftover after parsing attributes in process `syz.1.1081'.
[  286.612639][T10012] Process accounting paused
[  287.519199][T10074] random: crng reseeded on system resumption
[  288.036251][T10086] usb usb15: usbfs: process 10086 (syz.3.1093) did not claim interface 0 before use
[  289.175983][T10113] netlink: 354 bytes leftover after parsing attributes in process `syz.1.1101'.
[  290.548277][T10148] block nbd2: not configured, cannot reconfigure
[  291.447637][T10170] netlink: 'syz.3.1118': attribute type 11 has an invalid length.
[  292.069770][T10184] netlink: 'syz.3.1122': attribute type 11 has an invalid length.
[  292.885009][T10198] Setting dangerous option i915.mitigations - tainting kernel
[  293.423816][T10201] FAULT_INJECTION: forcing a failure.
[  293.423816][T10201] name fail_futex, interval 1, probability 0, space 0, times 0
[  293.481830][T10201] CPU: 0 UID: 0 PID: 10201 Comm: syz.0.1128 Tainted: G     U       L      syzkaller #0 PREEMPT(full) 
[  293.481858][T10201] Tainted: [U]=USER, [L]=SOFTLOCKUP
[  293.481863][T10201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  293.481872][T10201] Call Trace:
[  293.481877][T10201]  <TASK>
[  293.481883][T10201]  dump_stack_lvl+0x100/0x190
[  293.481904][T10201]  should_fail_ex.cold+0x5/0xa
[  293.481930][T10201]  get_futex_key+0x1d2/0x1510
[  293.481948][T10201]  ? __pfx_get_futex_key+0x10/0x10
[  293.481962][T10201]  ? lock_acquire+0x1b1/0x370
[  293.481981][T10201]  futex_wake+0xea/0x530
[  293.482002][T10201]  ? __pfx_futex_wake+0x10/0x10
[  293.482020][T10201]  ? exit_mm_release+0x19/0x30
[  293.482047][T10201]  do_futex+0x32b/0x350
[  293.482063][T10201]  ? __pfx_do_futex+0x10/0x10
[  293.482077][T10201]  ? __might_fault+0xc5/0x140
[  293.482104][T10201]  mm_release+0x24a/0x2f0
[  293.482122][T10201]  do_exit+0x707/0x2a60
[  293.482146][T10201]  ? __pfx_do_exit+0x10/0x10
[  293.482168][T10201]  ? do_raw_spin_lock+0x128/0x260
[  293.482184][T10201]  ? find_held_lock+0x2b/0x80
[  293.482202][T10201]  ? get_signal+0x7e0/0x21e0
[  293.482223][T10201]  do_group_exit+0xd5/0x2a0
[  293.482238][T10201]  get_signal+0x1ec7/0x21e0
[  293.482280][T10201]  ? __pfx_get_signal+0x10/0x10
[  293.482301][T10201]  ? do_futex+0x192/0x350
[  293.482318][T10201]  arch_do_signal_or_restart+0x91/0x7a0
[  293.482340][T10201]  ? sock_ioctl+0x2dc/0x6b0
[  293.482362][T10201]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  293.482388][T10201]  ? __fget_files+0x21f/0x3d0
[  293.482406][T10201]  ? rcu_is_watching+0x12/0xc0
[  293.482425][T10201]  exit_to_user_mode_loop+0x8b/0x4f0
[  293.482439][T10201]  ? rcu_is_watching+0x12/0xc0
[  293.482458][T10201]  do_syscall_64+0x6f2/0xf80
[  293.482479][T10201]  ? clear_bhb_loop+0x40/0x90
[  293.482497][T10201]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  293.482512][T10201] RIP: 0033:0x7ff83ed9cdd9
[  293.482525][T10201] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  293.482538][T10201] RSP: 002b:00007ff83fc5e0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  293.482553][T10201] RAX: fffffffffffffe00 RBX: 00007ff83f016098 RCX: 00007ff83ed9cdd9
[  293.482563][T10201] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007ff83f016098
[  293.482572][T10201] RBP: 00007ff83f016090 R08: 0000000000000000 R09: 0000000000000000
[  293.482581][T10201] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  293.482589][T10201] R13: 00007ff83f016128 R14: 00007ffcf9a974f0 R15: 00007ffcf9a975d8
[  293.482607][T10201]  </TASK>
[  294.357683][T10226] bond0: invalid ARP target specified
[  294.555987][T10230] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1139'.
[  294.591564][T10232] netlink: 354 bytes leftover after parsing attributes in process `syz.3.1139'.
[  294.795014][T10240] block nbd2: not configured, cannot reconfigure
[  294.906665][T10250] FAULT_INJECTION: forcing a failure.
[  294.906665][T10250] name failslab, interval 1, probability 0, space 0, times 0
[  294.965983][T10250] CPU: 0 UID: 0 PID: 10250 Comm: syz.0.1144 Tainted: G     U       L      syzkaller #0 PREEMPT(full) 
[  294.966012][T10250] Tainted: [U]=USER, [L]=SOFTLOCKUP
[  294.966019][T10250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  294.966028][T10250] Call Trace:
[  294.966033][T10250]  <TASK>
[  294.966040][T10250]  dump_stack_lvl+0x100/0x190
[  294.966062][T10250]  should_fail_ex.cold+0x5/0xa
[  294.966082][T10250]  ? tracepoint_add_func+0x3a8/0x1150
[  294.966105][T10250]  should_failslab+0xc2/0x120
[  294.966122][T10250]  __kmalloc_noprof+0xe0/0x850
[  294.966140][T10250]  ? __pfx_trace_event_raw_event_nfsd_cb_class+0x10/0x10
[  294.966160][T10250]  tracepoint_add_func+0x3a8/0x1150
[  294.966180][T10250]  ? __pfx_trace_event_raw_event_nfsd_cb_class+0x10/0x10
[  294.966204][T10250]  ? __pfx_trace_event_raw_event_nfsd_cb_class+0x10/0x10
[  294.966223][T10250]  tracepoint_probe_register+0xc4/0x110
[  294.966246][T10250]  ? __pfx_tracepoint_probe_register+0x10/0x10
[  294.966268][T10250]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  294.966290][T10250]  ? __pfx_trace_event_raw_event_nfsd_cb_class+0x10/0x10
[  294.966309][T10250]  ? __pfx_probe_sched_switch+0x10/0x10
[  294.966336][T10250]  trace_event_reg+0x209/0x350
[  294.966357][T10250]  __ftrace_event_enable_disable+0x211/0x6f0
[  294.966382][T10250]  __ftrace_set_clr_event_nolock+0x390/0xc30
[  294.966404][T10250]  ftrace_set_clr_event+0x1b7/0x3f0
[  294.966423][T10250]  ? __pfx_ftrace_set_clr_event+0x10/0x10
[  294.966439][T10250]  ? trace_get_user+0x3ae/0xa70
[  294.966466][T10250]  ftrace_event_write+0x259/0x2c0
[  294.966483][T10250]  ? __pfx_ftrace_event_write+0x10/0x10
[  294.966518][T10250]  vfs_write+0x2aa/0x1070
[  294.966537][T10250]  ? __pfx_ftrace_event_write+0x10/0x10
[  294.966557][T10250]  ? __pfx_vfs_write+0x10/0x10
[  294.966573][T10250]  ? __fget_files+0x215/0x3d0
[  294.966595][T10250]  ? __fget_files+0x21f/0x3d0
[  294.966620][T10250]  ksys_write+0x12a/0x250
[  294.966636][T10250]  ? __pfx_ksys_write+0x10/0x10
[  294.966655][T10250]  ? rcu_is_watching+0x12/0xc0
[  294.966675][T10250]  do_syscall_64+0x10b/0xf80
[  294.966695][T10250]  ? clear_bhb_loop+0x40/0x90
[  294.966713][T10250]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  294.966728][T10250] RIP: 0033:0x7ff83ed9cdd9
[  294.966742][T10250] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  294.966756][T10250] RSP: 002b:00007ff83fc7f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  294.966771][T10250] RAX: ffffffffffffffda RBX: 00007ff83f015fa0 RCX: 00007ff83ed9cdd9
[  294.966782][T10250] RDX: 0000000000000af0 RSI: 0000000000000000 RDI: 0000000000000009
[  294.966791][T10250] RBP: 00007ff83ee32d69 R08: 0000000000000000 R09: 0000000000000000
[  294.966800][T10250] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  294.966809][T10250] R13: 00007ff83f016038 R14: 00007ff83f015fa0 R15: 00007ffcf9a975d8
[  294.966829][T10250]  </TASK>
[  295.259932][T10250] event trace: Could not enable event nfsd_cb_rpc_prepare
[  295.453089][T10259] block nbd2: not configured, cannot reconfigure
[  295.810252][T10270] random: crng reseeded on system resumption
[  296.463044][T10292] FAULT_INJECTION: forcing a failure.
[  296.463044][T10292] name failslab, interval 1, probability 0, space 0, times 0
[  296.525983][T10292] CPU: 0 UID: 0 PID: 10292 Comm: syz.0.1153 Tainted: G     U       L      syzkaller #0 PREEMPT(full) 
[  296.526012][T10292] Tainted: [U]=USER, [L]=SOFTLOCKUP
[  296.526018][T10292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  296.526031][T10292] Call Trace:
[  296.526037][T10292]  <TASK>
[  296.526043][T10292]  dump_stack_lvl+0x100/0x190
[  296.526065][T10292]  should_fail_ex.cold+0x5/0xa
[  296.526085][T10292]  should_failslab+0xc2/0x120
[  296.526102][T10292]  __kmalloc_cache_noprof+0x7a/0x6f0
[  296.526124][T10292]  ? wakeup_source_device_create+0x46/0x2e0
[  296.526148][T10292]  wakeup_source_device_create+0x46/0x2e0
[  296.526169][T10292]  wakeup_source_sysfs_add+0x1c/0x90
[  296.526189][T10292]  wakeup_source_register+0x154/0x3e0
[  296.526207][T10292]  ep_create_wakeup_source+0x1df/0x2e0
[  296.526226][T10292]  ? __pfx_ep_create_wakeup_source+0x10/0x10
[  296.526248][T10292]  ? do_epoll_ctl+0x1012/0x36a0
[  296.526267][T10292]  ? do_epoll_ctl+0x1012/0x36a0
[  296.526289][T10292]  do_epoll_ctl+0x1eee/0x36a0
[  296.526316][T10292]  ? __pfx_do_epoll_ctl+0x10/0x10
[  296.526334][T10292]  ? find_held_lock+0x2b/0x80
[  296.526352][T10292]  ? __might_fault+0xc5/0x140
[  296.526373][T10292]  ? __might_fault+0xc5/0x140
[  296.526401][T10292]  ? __x64_sys_epoll_ctl+0x15c/0x1e0
[  296.526419][T10292]  __x64_sys_epoll_ctl+0x15c/0x1e0
[  296.526445][T10292]  ? __pfx___x64_sys_epoll_ctl+0x10/0x10
[  296.526468][T10292]  ? rcu_is_watching+0x12/0xc0
[  296.526488][T10292]  do_syscall_64+0x10b/0xf80
[  296.526509][T10292]  ? clear_bhb_loop+0x40/0x90
[  296.526528][T10292]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  296.526544][T10292] RIP: 0033:0x7ff83ed9cdd9
[  296.526557][T10292] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  296.526571][T10292] RSP: 002b:00007ff83fc3d028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9
[  296.526589][T10292] RAX: ffffffffffffffda RBX: 00007ff83f016180 RCX: 00007ff83ed9cdd9
[  296.526600][T10292] RDX: 0000000000000005 RSI: 0000000000000001 RDI: 0000000000000007
[  296.526608][T10292] RBP: 00007ff83ee32d69 R08: 0000000000000000 R09: 0000000000000000
[  296.526617][T10292] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  296.526626][T10292] R13: 00007ff83f016218 R14: 00007ff83f016180 R15: 00007ffcf9a975d8
[  296.526646][T10292]  </TASK>
[  296.991112][T10300] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1158'.
[  297.227662][T10306] block nbd2: not configured, cannot reconfigure
[  298.141227][T10336] FAULT_INJECTION: forcing a failure.
[  298.141227][T10336] name failslab, interval 1, probability 0, space 0, times 0
[  298.192280][T10336] CPU: 0 UID: 0 PID: 10336 Comm: syz.3.1168 Tainted: G     U       L      syzkaller #0 PREEMPT(full) 
[  298.192309][T10336] Tainted: [U]=USER, [L]=SOFTLOCKUP
[  298.192315][T10336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  298.192324][T10336] Call Trace:
[  298.192330][T10336]  <TASK>
[  298.192336][T10336]  dump_stack_lvl+0x100/0x190
[  298.192358][T10336]  should_fail_ex.cold+0x5/0xa
[  298.192379][T10336]  should_failslab+0xc2/0x120
[  298.192397][T10336]  __kmalloc_cache_noprof+0x7a/0x6f0
[  298.192419][T10336]  ? wakeup_source_device_create+0x46/0x2e0
[  298.192443][T10336]  wakeup_source_device_create+0x46/0x2e0
[  298.192463][T10336]  wakeup_source_sysfs_add+0x1c/0x90
[  298.192490][T10336]  wakeup_source_register+0x154/0x3e0
[  298.192508][T10336]  ep_create_wakeup_source+0x1df/0x2e0
[  298.192529][T10336]  ? __pfx_ep_create_wakeup_source+0x10/0x10
[  298.192552][T10336]  ? do_epoll_ctl+0x1012/0x36a0
[  298.192571][T10336]  ? do_epoll_ctl+0x1012/0x36a0
[  298.192593][T10336]  do_epoll_ctl+0x1eee/0x36a0
[  298.192620][T10336]  ? __pfx_do_epoll_ctl+0x10/0x10
[  298.192638][T10336]  ? find_held_lock+0x2b/0x80
[  298.192656][T10336]  ? __might_fault+0xc5/0x140
[  298.192677][T10336]  ? __might_fault+0xc5/0x140
[  298.192706][T10336]  ? __x64_sys_epoll_ctl+0x15c/0x1e0
[  298.192724][T10336]  __x64_sys_epoll_ctl+0x15c/0x1e0
[  298.192744][T10336]  ? __pfx___x64_sys_epoll_ctl+0x10/0x10
[  298.192766][T10336]  ? rcu_is_watching+0x12/0xc0
[  298.192785][T10336]  do_syscall_64+0x10b/0xf80
[  298.192806][T10336]  ? clear_bhb_loop+0x40/0x90
[  298.192824][T10336]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  298.192839][T10336] RIP: 0033:0x7f7aa059cdd9
[  298.192853][T10336] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  298.192867][T10336] RSP: 002b:00007f7aa144e028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9
[  298.192882][T10336] RAX: ffffffffffffffda RBX: 00007f7aa0816180 RCX: 00007f7aa059cdd9
[  298.192891][T10336] RDX: 0000000000000005 RSI: 0000000000000001 RDI: 0000000000000007
[  298.192900][T10336] RBP: 00007f7aa0632d69 R08: 0000000000000000 R09: 0000000000000000
[  298.192908][T10336] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  298.192917][T10336] R13: 00007f7aa0816218 R14: 00007f7aa0816180 R15: 00007ffeafd683a8
[  298.192936][T10336]  </TASK>
[  298.549556][T10343] block nbd2: not configured, cannot reconfigure
[  299.113856][T10357] FAULT_INJECTION: forcing a failure.
[  299.113856][T10357] name failslab, interval 1, probability 0, space 0, times 0
[  299.172089][T10357] CPU: 0 UID: 0 PID: 10357 Comm: syz.0.1177 Tainted: G     U       L      syzkaller #0 PREEMPT(full) 
[  299.172118][T10357] Tainted: [U]=USER, [L]=SOFTLOCKUP
[  299.172124][T10357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  299.172133][T10357] Call Trace:
[  299.172138][T10357]  <TASK>
[  299.172144][T10357]  dump_stack_lvl+0x100/0x190
[  299.172178][T10357]  should_fail_ex.cold+0x5/0xa
[  299.172198][T10357]  ? tracepoint_add_func+0x3a8/0x1150
[  299.172221][T10357]  should_failslab+0xc2/0x120
[  299.172238][T10357]  __kmalloc_noprof+0xe0/0x850
[  299.172256][T10357]  ? __pfx_trace_event_raw_event_nfsd_cb_class+0x10/0x10
[  299.172275][T10357]  tracepoint_add_func+0x3a8/0x1150
[  299.172296][T10357]  ? __pfx_trace_event_raw_event_nfsd_cb_class+0x10/0x10
[  299.172319][T10357]  ? __pfx_trace_event_raw_event_nfsd_cb_class+0x10/0x10
[  299.172338][T10357]  tracepoint_probe_register+0xc4/0x110
[  299.172362][T10357]  ? __pfx_tracepoint_probe_register+0x10/0x10
[  299.172383][T10357]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  299.172405][T10357]  ? __pfx_trace_event_raw_event_nfsd_cb_class+0x10/0x10
[  299.172424][T10357]  ? __pfx_probe_sched_switch+0x10/0x10
[  299.172446][T10357]  ? __lock_acquire+0x4a5/0x2630
[  299.172465][T10357]  trace_event_reg+0x209/0x350
[  299.172486][T10357]  __ftrace_event_enable_disable+0x211/0x6f0
[  299.172511][T10357]  __ftrace_set_clr_event_nolock+0x390/0xc30
[  299.172533][T10357]  ftrace_set_clr_event+0x1b7/0x3f0
[  299.172551][T10357]  ? __pfx_ftrace_set_clr_event+0x10/0x10
[  299.172568][T10357]  ? trace_get_user+0x3ae/0xa70
[  299.172594][T10357]  ftrace_event_write+0x259/0x2c0
[  299.172624][T10357]  ? __pfx_ftrace_event_write+0x10/0x10
[  299.172653][T10357]  vfs_write+0x2aa/0x1070
[  299.172671][T10357]  ? __pfx_ftrace_event_write+0x10/0x10
[  299.172690][T10357]  ? __pfx_vfs_write+0x10/0x10
[  299.172706][T10357]  ? __fget_files+0x215/0x3d0
[  299.172728][T10357]  ? __fget_files+0x21f/0x3d0
[  299.172751][T10357]  ksys_write+0x12a/0x250
[  299.172768][T10357]  ? __pfx_ksys_write+0x10/0x10
[  299.172787][T10357]  ? rcu_is_watching+0x12/0xc0
[  299.172808][T10357]  do_syscall_64+0x10b/0xf80
[  299.172828][T10357]  ? clear_bhb_loop+0x40/0x90
[  299.172846][T10357]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  299.172861][T10357] RIP: 0033:0x7ff83ed9cdd9
[  299.172874][T10357] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  299.172889][T10357] RSP: 002b:00007ff83fc7f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  299.172904][T10357] RAX: ffffffffffffffda RBX: 00007ff83f015fa0 RCX: 00007ff83ed9cdd9
[  299.172913][T10357] RDX: 0000000000000af0 RSI: 0000000000000000 RDI: 0000000000000009
[  299.172922][T10357] RBP: 00007ff83ee32d69 R08: 0000000000000000 R09: 0000000000000000
[  299.172930][T10357] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  299.172938][T10357] R13: 00007ff83f016038 R14: 00007ff83f015fa0 R15: 00007ffcf9a975d8
[  299.172958][T10357]  </TASK>
[  299.172987][T10357] event trace: Could not enable event nfsd_cb_probe
[  301.106083][T10402] FAULT_INJECTION: forcing a failure.
[  301.106083][T10402] name failslab, interval 1, probability 0, space 0, times 0
[  301.174210][T10403] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1186'.
[  301.209212][T10402] CPU: 0 UID: 0 PID: 10402 Comm: syz.0.1188 Tainted: G     U       L      syzkaller #0 PREEMPT(full) 
[  301.209240][T10402] Tainted: [U]=USER, [L]=SOFTLOCKUP
[  301.209246][T10402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  301.209256][T10402] Call Trace:
[  301.209262][T10402]  <TASK>
[  301.209268][T10402]  dump_stack_lvl+0x100/0x190
[  301.209290][T10402]  should_fail_ex.cold+0x5/0xa
[  301.209310][T10402]  should_failslab+0xc2/0x120
[  301.209327][T10402]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  301.209350][T10402]  ? do_getname+0x35/0x390
[  301.209371][T10402]  ? ksys_write+0x190/0x250
[  301.209389][T10402]  do_getname+0x35/0x390
[  301.209412][T10402]  do_sys_openat2+0xc5/0x1e0
[  301.209435][T10402]  ? __pfx_do_sys_openat2+0x10/0x10
[  301.209463][T10402]  __x64_sys_openat+0x12d/0x210
[  301.209485][T10402]  ? __pfx___x64_sys_openat+0x10/0x10
[  301.209506][T10402]  ? ksys_write+0x1ac/0x250
[  301.209524][T10402]  ? rcu_is_watching+0x12/0xc0
[  301.209545][T10402]  do_syscall_64+0x10b/0xf80
[  301.209565][T10402]  ? clear_bhb_loop+0x40/0x90
[  301.209583][T10402]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  301.209598][T10402] RIP: 0033:0x7ff83ed9cdd9
[  301.209611][T10402] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  301.209625][T10402] RSP: 002b:00007ff83fc7f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  301.209641][T10402] RAX: ffffffffffffffda RBX: 00007ff83f015fa0 RCX: 00007ff83ed9cdd9
[  301.209651][T10402] RDX: 0000000000000800 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  301.209660][T10402] RBP: 00007ff83ee32d69 R08: 0000000000000000 R09: 0000000000000000
[  301.209668][T10402] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  301.209677][T10402] R13: 00007ff83f016038 R14: 00007ff83f015fa0 R15: 00007ffcf9a975d8
[  301.209699][T10402]  </TASK>
[  301.939965][T10403] veth0_macvtap: left promiscuous mode
[  302.094774][T10416] netlink: 'syz.3.1189': attribute type 2 has an invalid length.
[  302.491616][ T7377] Bluetooth: hci3: unexpected event 0x30 length: 10 > 3
[  302.724480][T10436] random: crng reseeded on system resumption
[  303.974801][T10468] random: crng reseeded on system resumption
[  304.584182][T10479] FAULT_INJECTION: forcing a failure.
[  304.584182][T10479] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  304.648998][T10479] CPU: 0 UID: 0 PID: 10479 Comm: syz.0.1204 Tainted: G     U       L      syzkaller #0 PREEMPT(full) 
[  304.649026][T10479] Tainted: [U]=USER, [L]=SOFTLOCKUP
[  304.649032][T10479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  304.649040][T10479] Call Trace:
[  304.649046][T10479]  <TASK>
[  304.649052][T10479]  dump_stack_lvl+0x100/0x190
[  304.649073][T10479]  should_fail_ex.cold+0x5/0xa
[  304.649092][T10479]  _copy_from_user+0x2e/0xd0
[  304.649108][T10479]  copy_msghdr_from_user+0x9f/0x4f0
[  304.649131][T10479]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  304.649160][T10479]  ___sys_sendmsg+0x106/0x1e0
[  304.649182][T10479]  ? __pfx____sys_sendmsg+0x10/0x10
[  304.649224][T10479]  __sys_sendmsg+0x170/0x220
[  304.649241][T10479]  ? __pfx___sys_sendmsg+0x10/0x10
[  304.649265][T10479]  ? rcu_is_watching+0x12/0xc0
[  304.649285][T10479]  do_syscall_64+0x10b/0xf80
[  304.649306][T10479]  ? clear_bhb_loop+0x40/0x90
[  304.649323][T10479]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  304.649338][T10479] RIP: 0033:0x7ff83ed9cdd9
[  304.649352][T10479] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  304.649366][T10479] RSP: 002b:00007ff83fc7f028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  304.649380][T10479] RAX: ffffffffffffffda RBX: 00007ff83f015fa0 RCX: 00007ff83ed9cdd9
[  304.649390][T10479] RDX: 0000000000000080 RSI: 0000200000001ac0 RDI: 0000000000000004
[  304.649398][T10479] RBP: 00007ff83fc7f090 R08: 0000000000000000 R09: 0000000000000000
[  304.649407][T10479] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  304.649415][T10479] R13: 00007ff83f016038 R14: 00007ff83f015fa0 R15: 00007ffcf9a975d8
[  304.649434][T10479]  </TASK>
[  305.104000][T10488] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1208'.
[  305.417317][T10497] FAULT_INJECTION: forcing a failure.
[  305.417317][T10497] name failslab, interval 1, probability 0, space 0, times 0
[  305.507897][T10497] CPU: 0 UID: 0 PID: 10497 Comm: syz.0.1212 Tainted: G     U       L      syzkaller #0 PREEMPT(full) 
[  305.507927][T10497] Tainted: [U]=USER, [L]=SOFTLOCKUP
[  305.507933][T10497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  305.507943][T10497] Call Trace:
[  305.507950][T10497]  <TASK>
[  305.507956][T10497]  dump_stack_lvl+0x100/0x190
[  305.507978][T10497]  should_fail_ex.cold+0x5/0xa
[  305.507999][T10497]  should_failslab+0xc2/0x120
[  305.508017][T10497]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  305.508039][T10497]  ? __anon_vma_prepare+0x344/0x5e0
[  305.508064][T10497]  __anon_vma_prepare+0x344/0x5e0
[  305.508084][T10497]  ? __pfx___pte_alloc+0x10/0x10
[  305.508103][T10497]  __vmf_anon_prepare+0x11f/0x250
[  305.508122][T10497]  do_anonymous_page+0x536/0x2050
[  305.508149][T10497]  __handle_mm_fault+0x1d2c/0x2a00
[  305.508174][T10497]  ? mt_find+0x45e/0x8e0
[  305.508197][T10497]  ? __pfx___handle_mm_fault+0x10/0x10
[  305.508217][T10497]  ? __pfx_mt_find+0x10/0x10
[  305.508253][T10497]  handle_mm_fault+0x36d/0xa20
[  305.508278][T10497]  __get_user_pages+0x1178/0x32a0
[  305.508304][T10497]  ? __pfx___get_user_pages+0x10/0x10
[  305.508327][T10497]  get_user_pages_remote+0x3d2/0xb10
[  305.508348][T10497]  ? __pfx_get_user_pages_remote+0x10/0x10
[  305.508368][T10497]  ? __pfx_create_init_stack_vma+0x10/0x10
[  305.508388][T10497]  get_arg_page+0xf4/0x310
[  305.508404][T10497]  ? __pfx_get_arg_page+0x10/0x10
[  305.508424][T10497]  ? alloc_bprm+0x3da/0x710
[  305.508438][T10497]  ? alloc_bprm+0x3da/0x710
[  305.508456][T10497]  copy_string_kernel+0x17d/0x3f0
[  305.508473][T10497]  ? alloc_bprm+0x420/0x710
[  305.508490][T10497]  do_execveat_common.isra.0+0x2e6/0x580
[  305.508511][T10497]  __x64_sys_execveat+0xdf/0x130
[  305.508530][T10497]  do_syscall_64+0x10b/0xf80
[  305.508550][T10497]  ? clear_bhb_loop+0x40/0x90
[  305.508568][T10497]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  305.508582][T10497] RIP: 0033:0x7ff83ed9cdd9
[  305.508596][T10497] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  305.508610][T10497] RSP: 002b:00007ff83fc7f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
[  305.508675][T10497] RAX: ffffffffffffffda RBX: 00007ff83f015fa0 RCX: 00007ff83ed9cdd9
[  305.508686][T10497] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009
[  305.508695][T10497] RBP: 00007ff83ee32d69 R08: 0000000000001000 R09: 0000000000000000
[  305.508705][T10497] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  305.508714][T10497] R13: 00007ff83f016038 R14: 00007ff83f015fa0 R15: 00007ffcf9a975d8
[  305.508735][T10497]  </TASK>
[  305.898277][T10493] synth uevent: /bus/mei: unknown uevent action string
[  306.237148][T10513] mmap: syz.2.1215 (10513) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  306.367693][T10517] HfR: entered promiscuous mode
[  306.494640][T10521] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1219'.
[  306.800877][T10531] FAULT_INJECTION: forcing a failure.
[  306.800877][T10531] name fail_futex, interval 1, probability 0, space 0, times 0
[  306.863848][T10531] CPU: 0 UID: 0 PID: 10531 Comm: syz.0.1222 Tainted: G     U       L      syzkaller #0 PREEMPT(full) 
[  306.863877][T10531] Tainted: [U]=USER, [L]=SOFTLOCKUP
[  306.863883][T10531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  306.863892][T10531] Call Trace:
[  306.863898][T10531]  <TASK>
[  306.863905][T10531]  dump_stack_lvl+0x100/0x190
[  306.863927][T10531]  should_fail_ex.cold+0x5/0xa
[  306.863948][T10531]  get_futex_key+0x1d2/0x1510
[  306.863966][T10531]  ? __pfx_get_futex_key+0x10/0x10
[  306.863987][T10531]  futex_wait_setup+0x83/0x510
[  306.864011][T10531]  __futex_wait+0x19f/0x300
[  306.864033][T10531]  ? __pfx___futex_wait+0x10/0x10
[  306.864055][T10531]  ? __pfx_futex_wake_mark+0x10/0x10
[  306.864077][T10531]  ? futex_hash+0x2ad/0x370
[  306.864092][T10531]  ? futex_hash+0x141/0x370
[  306.864108][T10531]  futex_wait+0xe6/0x370
[  306.864127][T10531]  ? __pfx_futex_wait+0x10/0x10
[  306.864156][T10531]  do_futex+0x1ef/0x350
[  306.864172][T10531]  ? __pfx_do_futex+0x10/0x10
[  306.864187][T10531]  ? fput+0x79/0x100
[  306.864207][T10531]  ? __sys_sendmsg+0x18f/0x220
[  306.864226][T10531]  __x64_sys_futex+0x34f/0x4d0
[  306.864254][T10531]  ? __pfx___x64_sys_futex+0x10/0x10
[  306.864278][T10531]  ? rcu_is_watching+0x12/0xc0
[  306.864300][T10531]  do_syscall_64+0x10b/0xf80
[  306.864327][T10531]  ? clear_bhb_loop+0x40/0x90
[  306.864351][T10531]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  306.864368][T10531] RIP: 0033:0x7ff83ed9cdd9
[  306.864383][T10531] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  306.864399][T10531] RSP: 002b:00007ff83fc7f0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  306.864420][T10531] RAX: ffffffffffffffda RBX: 00007ff83f015fa8 RCX: 00007ff83ed9cdd9
[  306.864430][T10531] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007ff83f015fa8
[  306.864441][T10531] RBP: 00007ff83f015fa0 R08: 0000000000000000 R09: 0000000000000000
[  306.864454][T10531] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  306.864464][T10531] R13: 00007ff83f016038 R14: 00007ffcf9a974f0 R15: 00007ffcf9a975d8
[  306.864494][T10531]  </TASK>
[  307.137244][T10542] netlink: 'syz.1.1227': attribute type 11 has an invalid length.
[  307.303616][T10548] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1229'.
[  307.342344][T10548] netlink: 29 bytes leftover after parsing attributes in process `syz.1.1229'.
[  307.425247][T10552] FAULT_INJECTION: forcing a failure.
[  307.425247][T10552] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  307.439139][T10552] CPU: 0 UID: 0 PID: 10552 Comm: syz.0.1230 Tainted: G     U       L      syzkaller #0 PREEMPT(full) 
[  307.439165][T10552] Tainted: [U]=USER, [L]=SOFTLOCKUP
[  307.439171][T10552] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  307.439181][T10552] Call Trace:
[  307.439187][T10552]  <TASK>
[  307.439193][T10552]  dump_stack_lvl+0x100/0x190
[  307.439215][T10552]  should_fail_ex.cold+0x5/0xa
[  307.439232][T10552]  ? prepare_alloc_pages+0x16d/0x5f0
[  307.439252][T10552]  should_fail_alloc_page+0xeb/0x140
[  307.439271][T10552]  prepare_alloc_pages+0x1f0/0x5f0
[  307.439293][T10552]  __alloc_frozen_pages_noprof+0x19a/0x2bc0
[  307.439319][T10552]  ? mark_held_locks+0x40/0x70
[  307.439333][T10552]  ? irqentry_exit+0x24d/0x7e0
[  307.439353][T10552]  ? lockdep_hardirqs_on+0x78/0x100
[  307.439374][T10552]  ? irqentry_exit+0x24d/0x7e0
[  307.439395][T10552]  ? folios_put_refs+0x716/0xa90
[  307.439413][T10552]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  307.439448][T10552]  ? __lock_acquire+0x4a5/0x2630
[  307.439463][T10552]  ? __lock_acquire+0x4a5/0x2630
[  307.439476][T10552]  ? css_rstat_updated+0x1ce/0x5a0
[  307.439505][T10552]  ? lock_acquire+0x1b1/0x370
[  307.439519][T10552]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  307.439541][T10552]  ? policy_nodemask+0xed/0x4f0
[  307.439560][T10552]  alloc_pages_mpol+0x1fb/0x540
[  307.439578][T10552]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  307.439597][T10552]  ? __lock_acquire+0x4a5/0x2630
[  307.439612][T10552]  folio_alloc_mpol_noprof+0x36/0x260
[  307.439633][T10552]  vma_alloc_folio_noprof+0xed/0x1d0
[  307.439652][T10552]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  307.439677][T10552]  do_anonymous_page+0xb46/0x2050
[  307.439700][T10552]  ? rcu_read_unlock+0x2d/0xb0
[  307.439725][T10552]  __handle_mm_fault+0x1d2c/0x2a00
[  307.439748][T10552]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  307.439768][T10552]  ? __pfx___handle_mm_fault+0x10/0x10
[  307.439791][T10552]  ? pte_offset_map_lock+0x174/0x320
[  307.439808][T10552]  ? find_held_lock+0x2b/0x80
[  307.439832][T10552]  ? follow_page_pte+0x4d0/0x13f0
[  307.439853][T10552]  handle_mm_fault+0x36d/0xa20
[  307.439878][T10552]  __get_user_pages+0x1178/0x32a0
[  307.439903][T10552]  ? __pfx___get_user_pages+0x10/0x10
[  307.439926][T10552]  populate_vma_page_range+0x267/0x3f0
[  307.439946][T10552]  ? __pfx_populate_vma_page_range+0x10/0x10
[  307.439965][T10552]  ? __pfx_find_vma_intersection+0x10/0x10
[  307.439983][T10552]  ? do_mmap+0x93f/0x12f0
[  307.440002][T10552]  __mm_populate+0x107/0x3a0
[  307.440021][T10552]  ? __pfx___mm_populate+0x10/0x10
[  307.440041][T10552]  ? up_write+0x28c/0x4f0
[  307.440063][T10552]  vm_mmap_pgoff+0x37f/0x470
[  307.440084][T10552]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  307.440104][T10552]  ? do_futex+0x192/0x350
[  307.440120][T10552]  ? __pfx_do_futex+0x10/0x10
[  307.440136][T10552]  ? sock_ioctl+0x2dc/0x6b0
[  307.440159][T10552]  ksys_mmap_pgoff+0xe4/0x610
[  307.440177][T10552]  ? __x64_sys_futex+0x358/0x4d0
[  307.440193][T10552]  ? __pfx_ksys_mmap_pgoff+0x10/0x10
[  307.440210][T10552]  ? xfd_validate_state+0x129/0x190
[  307.440230][T10552]  __x64_sys_mmap+0x125/0x190
[  307.440248][T10552]  do_syscall_64+0x10b/0xf80
[  307.440268][T10552]  ? clear_bhb_loop+0x40/0x90
[  307.440287][T10552]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  307.440302][T10552] RIP: 0033:0x7ff83ed9cdd9
[  307.440316][T10552] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  307.440330][T10552] RSP: 002b:00007ff83fc7f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  307.440345][T10552] RAX: ffffffffffffffda RBX: 00007ff83f015fa0 RCX: 00007ff83ed9cdd9
[  307.440355][T10552] RDX: 000000000000005f RSI: 0000000000400008 RDI: 0000000000000000
[  307.440364][T10552] RBP: 00007ff83ee32d69 R08: 0000000000000002 R09: 0000000000008000
[  307.440373][T10552] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000
[  307.440382][T10552] R13: 00007ff83f016038 R14: 00007ff83f015fa0 R15: 00007ffcf9a975d8
[  307.440402][T10552]  </TASK>
[  309.633757][ T7377] Bluetooth: hci0: unexpected event 0x30 length: 10 > 3
[  310.359111][T10590] could not allocate digest TFM handle 
[  312.701957][T10651] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1252'.
[  313.144583][T10656] netlink: 2468 bytes leftover after parsing attributes in process `syz.1.1253'.
[  313.432537][T10661] vhci_hcd vhci_hcd.2: invalid port number 253
[  313.494441][T10661] vhci_hcd vhci_hcd.2: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub
[  314.268076][T10681] netlink: 346 bytes leftover after parsing attributes in process `syz.3.1260'.
[  314.867203][T10698] random: crng reseeded on system resumption
[  314.881036][T10701] block nbd2: not configured, cannot reconfigure
[  315.181829][T10709] nfs4: Unknown parameter '/dev/audio'
[  317.194022][ T1315] ieee802154 phy0 wpan0: encryption failed: -22
[  317.203019][ T1315] ieee802154 phy1 wpan1: encryption failed: -22
[  317.610259][T10753] Process accounting resumed
[  317.892221][T10776] netlink: 850 bytes leftover after parsing attributes in process `syz.0.1284'.
[  317.991599][T10782] block nbd2: not configured, cannot reconfigure
[  318.996169][T10814] netlink: 'syz.1.1292': attribute type 1 has an invalid length.
[  319.062646][T10805] netlink: 354 bytes leftover after parsing attributes in process `syz.0.1290'.
[  319.082640][T10814] netlink: 322 bytes leftover after parsing attributes in process `syz.1.1292'.
[  319.168595][T10819] netlink: 'syz.1.1292': attribute type 1 has an invalid length.
[  319.236344][T10819] netlink: 322 bytes leftover after parsing attributes in process `syz.1.1292'.
[  319.999069][T10842] block nbd2: not configured, cannot reconfigure
[  320.533443][T10857] netlink: 'syz.0.1301': attribute type 5 has an invalid length.
[  320.565278][T10857] netlink: 'syz.0.1301': attribute type 1 has an invalid length.
[  321.002823][T10871] netlink: 'syz.0.1304': attribute type 1 has an invalid length.
[  321.031377][T10871] netlink: 322 bytes leftover after parsing attributes in process `syz.0.1304'.
[  321.067995][T10871] netlink: 'syz.0.1304': attribute type 1 has an invalid length.
[  321.111719][T10871] netlink: 322 bytes leftover after parsing attributes in process `syz.0.1304'.
[  323.271130][T10925] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1315'.
[  324.132740][T10930] ubi0: attaching mtd0
[  324.210947][T10930] ubi0: scanning is finished
[  324.223042][T10930] ubi0: empty MTD device detected
[  324.616924][T10954] bond0: invalid ARP target specified
[  324.878076][T10930] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  325.044669][T10930] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  325.178070][T10930] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  325.281270][   T30] audit: type=1800 audit(1778389967.037:11): pid=10969 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1324" name="file0" dev="tmpfs" ino=1519 res=0 errno=0
[  325.302642][T10930] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  325.381702][T10930] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  325.470258][T10930] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  325.566878][T10930] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 798078553
[  325.638354][T10930] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  325.727730][T10961] ubi0: background thread "ubi_bgt0d" started, PID 10961
[  325.779768][T10934] ubi0: detaching mtd0
[  325.917895][T10934] ubi0: mtd0 is detached
[  326.269230][T10987] tipc: Started in network mode
[  326.297237][T10987] tipc: Node identity ee00, cluster identity 4711
[  326.352238][T10987] tipc: Node number set to 60928
[  328.834731][T11039] bond0: invalid ARP target specified
[  329.521836][T11050] random: crng reseeded on system resumption
[  331.265743][T11083] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1355'.
[  332.784591][T11126] block nbd2: not configured, cannot reconfigure
[  334.660205][T11174] futex_wake_op: syz.1.1367 tries to shift op by -2048; fix this program
[  334.747886][T11179] Setting dangerous option i915.mitigations - tainting kernel
[  335.079376][T11176] FAULT_INJECTION: forcing a failure.
[  335.079376][T11176] name fail_futex, interval 1, probability 0, space 0, times 0
[  335.173912][T11176] CPU: 0 UID: 0 PID: 11176 Comm: syz.0.1368 Tainted: G     U       L      syzkaller #0 PREEMPT(full) 
[  335.173940][T11176] Tainted: [U]=USER, [L]=SOFTLOCKUP
[  335.173945][T11176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  335.173954][T11176] Call Trace:
[  335.173960][T11176]  <TASK>
[  335.173965][T11176]  dump_stack_lvl+0x100/0x190
[  335.173994][T11176]  should_fail_ex.cold+0x5/0xa
[  335.174016][T11176]  get_futex_key+0x1d2/0x1510
[  335.174034][T11176]  ? __pfx_get_futex_key+0x10/0x10
[  335.174048][T11176]  ? lock_acquire+0x1b1/0x370
[  335.174067][T11176]  futex_wake+0xea/0x530
[  335.174094][T11176]  ? __pfx_futex_wake+0x10/0x10
[  335.174112][T11176]  ? exit_mm_release+0x19/0x30
[  335.174138][T11176]  do_futex+0x32b/0x350
[  335.174154][T11176]  ? __pfx_do_futex+0x10/0x10
[  335.174169][T11176]  ? __might_fault+0xc5/0x140
[  335.174195][T11176]  mm_release+0x24a/0x2f0
[  335.174214][T11176]  do_exit+0x707/0x2a60
[  335.174239][T11176]  ? __pfx_do_exit+0x10/0x10
[  335.174260][T11176]  ? do_raw_spin_lock+0x128/0x260
[  335.174276][T11176]  ? find_held_lock+0x2b/0x80
[  335.174295][T11176]  ? get_signal+0x7e0/0x21e0
[  335.174315][T11176]  do_group_exit+0xd5/0x2a0
[  335.174330][T11176]  get_signal+0x1ec7/0x21e0
[  335.174355][T11176]  ? __pfx_get_signal+0x10/0x10
[  335.174374][T11176]  ? do_futex+0x192/0x350
[  335.174391][T11176]  arch_do_signal_or_restart+0x91/0x7a0
[  335.174412][T11176]  ? sock_ioctl+0x2dc/0x6b0
[  335.174434][T11176]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  335.174460][T11176]  ? __fget_files+0x21f/0x3d0
[  335.174478][T11176]  ? rcu_is_watching+0x12/0xc0
[  335.174498][T11176]  exit_to_user_mode_loop+0x8b/0x4f0
[  335.174512][T11176]  ? rcu_is_watching+0x12/0xc0
[  335.174530][T11176]  do_syscall_64+0x6f2/0xf80
[  335.174552][T11176]  ? clear_bhb_loop+0x40/0x90
[  335.174569][T11176]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  335.174584][T11176] RIP: 0033:0x7ff83ed9cdd9
[  335.174597][T11176] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  335.174611][T11176] RSP: 002b:00007ff83fc7f0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  335.174631][T11176] RAX: fffffffffffffe00 RBX: 00007ff83f015fa8 RCX: 00007ff83ed9cdd9
[  335.174641][T11176] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007ff83f015fa8
[  335.174649][T11176] RBP: 00007ff83f015fa0 R08: 0000000000000000 R09: 0000000000000000
[  335.174658][T11176] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  335.174666][T11176] R13: 00007ff83f016038 R14: 00007ffcf9a974f0 R15: 00007ffcf9a975d8
[  335.174684][T11176]  </TASK>
[  338.106258][T11250] bond0: invalid ARP target specified
[  338.199898][T11236] x86/mm: Checked W+X mappings: passed, no W+X pages found.
[  339.379743][T11293] netlink: 'syz.0.1395': attribute type 1 has an invalid length.
[  339.766835][T11303] random: crng reseeded on system resumption
[  339.946095][T11306] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[  339.946095][T11306] The task syz.3.1399 (11306) triggered the difference, watch for misbehavior.
[  340.163407][T11289] tipc: can't start tipc receive workqueue
[  342.340269][T11360] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1411'.
[  342.406457][T11353] NFSD: Failed to start, no listeners configured.
[  342.638215][T11365] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1412'.
[  343.054098][T11378] input: f¬
 as /devices/virtual/input/input8
[  343.292123][T11387] openvswitch: HfR: Dropping previously announced user features
[  345.478823][T11435] bond0: invalid ARP target specified

syzkaller
syzkaller login: [  348.097169][T11478] Process accounting paused
[  348.475379][T11502] random: crng reseeded on system resumption
[  348.816672][T11513] can: request_module (can-proto-5) failed.
[  348.877505][T11514] netlink: 354 bytes leftover after parsing attributes in process `syz.2.1447'.
[  349.255937][T11517] snd_virmidi snd_virmidi.0: control 61678:131081:3:yª:3 is already present
[  349.527560][T11538] bond0: invalid ARP target specified
[  351.260488][T11579] usb usb26: usbfs: process 11579 (syz.3.1465) did not claim interface 0 before use
[  352.165432][T11607] futex_wake_op: syz.3.1473 tries to shift op by -2048; fix this program
[  352.408350][T11603] 0x000000000001-0x000000020000 : ""
[  352.440819][T11621] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1478'.
[  352.683689][T11603] ftl_cs: FTL header corrupt!
[  353.171212][T11642] random: crng reseeded on system resumption
[  353.466579][T11650] random: crng reseeded on system resumption
[  354.039256][T11671] netlink: 'syz.1.1491': attribute type 11 has an invalid length.
[  354.080062][T11671] netlink: 'syz.1.1491': attribute type 11 has an invalid length.
[  354.109317][T11671] netlink: 'syz.1.1491': attribute type 11 has an invalid length.
[  354.407445][T11675] bond0: invalid ARP target specified
[  357.193099][T11747] bond0: invalid ARP target specified
[  358.032963][T11774] Setting dangerous option i915.mitigations - tainting kernel
[  358.986723][ T7377] Bluetooth: hci3: unexpected event 0x31 length: 19 > 6
[  359.110045][T11786] cougar: G6 mapped to space
[  359.353755][T11795] FAULT_INJECTION: forcing a failure.
[  359.353755][T11795] name failslab, interval 1, probability 0, space 0, times 0
[  359.400268][T11795] CPU: 0 UID: 0 PID: 11795 Comm: syz.0.1524 Tainted: G     U       L      syzkaller #0 PREEMPT(full) 
[  359.400297][T11795] Tainted: [U]=USER, [L]=SOFTLOCKUP
[  359.400303][T11795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  359.400312][T11795] Call Trace:
[  359.400319][T11795]  <TASK>
[  359.400325][T11795]  dump_stack_lvl+0x100/0x190
[  359.400347][T11795]  should_fail_ex.cold+0x5/0xa
[  359.400367][T11795]  ? tracepoint_add_func+0x3a8/0x1150
[  359.400389][T11795]  should_failslab+0xc2/0x120
[  359.400407][T11795]  __kmalloc_noprof+0xe0/0x850
[  359.400423][T11795]  ? __pfx_trace_event_raw_event_nfsd_cb_lifetime_class+0x10/0x10
[  359.400444][T11795]  tracepoint_add_func+0x3a8/0x1150
[  359.400464][T11795]  ? __pfx_trace_event_raw_event_nfsd_cb_lifetime_class+0x10/0x10
[  359.400488][T11795]  ? __pfx_trace_event_raw_event_nfsd_cb_lifetime_class+0x10/0x10
[  359.400507][T11795]  tracepoint_probe_register+0xc4/0x110
[  359.400530][T11795]  ? __pfx_tracepoint_probe_register+0x10/0x10
[  359.400552][T11795]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  359.400574][T11795]  ? __pfx_trace_event_raw_event_nfsd_cb_lifetime_class+0x10/0x10
[  359.400593][T11795]  ? __pfx_probe_sched_switch+0x10/0x10
[  359.400616][T11795]  ? __lock_acquire+0x4a5/0x2630
[  359.400634][T11795]  trace_event_reg+0x209/0x350
[  359.400656][T11795]  __ftrace_event_enable_disable+0x211/0x6f0
[  359.400681][T11795]  __ftrace_set_clr_event_nolock+0x390/0xc30
[  359.400702][T11795]  ftrace_set_clr_event+0x1b7/0x3f0
[  359.400721][T11795]  ? __pfx_ftrace_set_clr_event+0x10/0x10
[  359.400737][T11795]  ? trace_get_user+0x3ae/0xa70
[  359.400763][T11795]  ftrace_event_write+0x259/0x2c0
[  359.400781][T11795]  ? __pfx_ftrace_event_write+0x10/0x10
[  359.400805][T11795]  vfs_write+0x2aa/0x1070
[  359.400823][T11795]  ? __pfx_ftrace_event_write+0x10/0x10
[  359.400842][T11795]  ? __pfx_vfs_write+0x10/0x10
[  359.400858][T11795]  ? __fget_files+0x215/0x3d0
[  359.400887][T11795]  ? __fget_files+0x21f/0x3d0
[  359.400910][T11795]  ksys_write+0x12a/0x250
[  359.400928][T11795]  ? __pfx_ksys_write+0x10/0x10
[  359.400947][T11795]  ? rcu_is_watching+0x12/0xc0
[  359.400967][T11795]  do_syscall_64+0x10b/0xf80
[  359.400987][T11795]  ? clear_bhb_loop+0x40/0x90
[  359.401007][T11795]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  359.401024][T11795] RIP: 0033:0x7ff83ed9cdd9
[  359.401037][T11795] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  359.401052][T11795] RSP: 002b:00007ff83fc7f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  359.401066][T11795] RAX: ffffffffffffffda RBX: 00007ff83f015fa0 RCX: 00007ff83ed9cdd9
[  359.401077][T11795] RDX: 0000000000000af0 RSI: 0000000000000000 RDI: 0000000000000009
[  359.401086][T11795] RBP: 00007ff83ee32d69 R08: 0000000000000000 R09: 0000000000000000
[  359.401096][T11795] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  359.401104][T11795] R13: 00007ff83f016038 R14: 00007ff83f015fa0 R15: 00007ffcf9a975d8
[  359.401125][T11795]  </TASK>
[  359.401133][T11795] event trace: Could not enable event nfsd_cb_queue
[  362.162221][T11832] openvswitch: netlink: ERSPAN option length err (len 256, max 255).
[  362.999641][T11866] vivid-008: =================  START STATUS  =================
[  363.096036][T11866] vivid-008: ==================  END STATUS  ==================
[  363.485386][ T7377] block nbd0: Receive control failed (result -32)
[  364.082908][T11873] random: crng reseeded on system resumption
[  364.870456][T11898] random: crng reseeded on system resumption
[  365.404007][T11910] can: request_module (can-proto-5) failed.
[  369.697781][T11992] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1569'.
[  369.823586][T11992] geneve0: entered promiscuous mode
[  369.861489][T11992] geneve0: entered allmulticast mode
[  369.916919][ T7377] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  372.705425][T12058] ima: policy update failed
[  372.774053][   T30] audit: type=1802 audit(1778390014.527:12): pid=12058 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.1586" res=0 errno=0
[  376.604414][T12153] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1606'.
[  377.736379][ T5716] ACPI Error: Could not disable RealTimeClock events (20251212/evxfevnt-243)
[  378.088064][T12191] Setting dangerous option i915.mitigations - tainting kernel
[  378.638630][ T1315] ieee802154 phy0 wpan0: encryption failed: -22
[  378.650128][ T1315] ieee802154 phy1 wpan1: encryption failed: -22
[  378.681787][T12187] Process accounting resumed
[  379.473794][T12215] netlink: 'syz.0.1623': attribute type 11 has an invalid length.
[  379.513394][T12215] netlink: 'syz.0.1623': attribute type 11 has an invalid length.
[  379.554307][T12215] netlink: 'syz.0.1623': attribute type 11 has an invalid length.
[  380.348766][T12240] Setting dangerous option i915.mitigations - tainting kernel
[  380.407552][T12239] block2mtd: illegal erase size
[  382.148824][T12274] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1638'.
[  382.535602][T12284] usb usb26: usbfs: process 12284 (syz.0.1641) did not claim interface 0 before use
[  382.776786][T12292] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1643'.
[  384.630912][T12329] MTRR 1 not used
[  386.822578][T12364] openvswitch: netlink: IP tunnel TTL not specified.
[  386.984841][T12362] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1660'.
[  387.066888][T12365] netlink: 354 bytes leftover after parsing attributes in process `syz.2.1660'.
[  388.356574][T12389] netlink: 206 bytes leftover after parsing attributes in process `syz.1.1669'.
[  388.422770][T12389] netlink: 'syz.1.1669': attribute type 1 has an invalid length.
[  388.734139][T12397] nbd: socks must be embedded in a SOCK_ITEM attr
[  388.780915][T12397] block nbd1: shutting down sockets
[  392.199373][T12474] futex_wake_op: syz.3.1691 tries to shift op by -2048; fix this program
[  392.304528][ T7377] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18
[  393.479583][T12504] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1698'.
[  393.781685][T12508] bond0: Unable to set down delay as MII monitoring is disabled
[  394.377309][ T7460] Bluetooth: hci0: command 0x2016 tx timeout
[  396.448820][ T7377] Bluetooth: hci0: command 0x2016 tx timeout
[  396.855545][T12555] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1715'.
[  396.903702][T12555] openvswitch: netlink: Flow get message rejected, Key attribute missing.
[  398.560567][T12594] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1725'.
[  398.629908][T12593] input: jJǸ-�¶š9ã%vø“û¨l�ÐQ 	J86Ö‘ as /devices/virtual/input/input9
[  400.880550][T12643] vivid-007: =================  START STATUS  =================
[  400.933357][T12643] vivid-007: Interlaced VBI Format: false
[  400.999417][T12643] vivid-007: ==================  END STATUS  ==================
[  402.072340][T12660] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  402.115901][T12660] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  402.238009][T12660] FAULT_INJECTION: forcing a failure.
[  402.238009][T12660] name failslab, interval 1, probability 0, space 0, times 0
[  402.365509][T12660] CPU: 0 UID: 0 PID: 12660 Comm: syz.0.1746 Tainted: G     U       L      syzkaller #0 PREEMPT(full) 
[  402.365537][T12660] Tainted: [U]=USER, [L]=SOFTLOCKUP
[  402.365543][T12660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  402.365553][T12660] Call Trace:
[  402.365558][T12660]  <TASK>
[  402.365567][T12660]  dump_stack_lvl+0x100/0x190
[  402.365589][T12660]  should_fail_ex.cold+0x5/0xa
[  402.365609][T12660]  should_failslab+0xc2/0x120
[  402.365627][T12660]  __kmalloc_node_track_caller_noprof+0xe3/0x850
[  402.365644][T12660]  ? kstrdup_const+0x63/0x80
[  402.365659][T12660]  ? rcu_is_watching+0x12/0xc0
[  402.365680][T12660]  kstrdup+0x51/0xe0
[  402.365696][T12660]  kstrdup_const+0x63/0x80
[  402.365710][T12660]  __kernfs_new_node+0x9b/0x9f0
[  402.365729][T12660]  ? __pfx___kernfs_new_node+0x10/0x10
[  402.365750][T12660]  ? find_held_lock+0x2b/0x80
[  402.365768][T12660]  ? kernfs_root+0xee/0x2a0
[  402.365783][T12660]  ? kernfs_root+0xee/0x2a0
[  402.365802][T12660]  kernfs_new_node+0x11b/0x1a0
[  402.365823][T12660]  kernfs_create_link+0xcc/0x240
[  402.365846][T12660]  sysfs_do_create_link_sd+0x90/0x140
[  402.365864][T12660]  sysfs_create_link+0x61/0xc0
[  402.365879][T12660]  __add_disk+0x619/0xe40
[  402.365903][T12660]  add_disk_fwnode+0x118/0x5c0
[  402.365926][T12660]  loop_add+0x90b/0xb60
[  402.365948][T12660]  ? __pfx_loop_add+0x10/0x10
[  402.365967][T12660]  ? __sanitizer_cov_trace_switch+0x16/0x90
[  402.366002][T12660]  ? find_held_lock+0x2b/0x80
[  402.366021][T12660]  ? __fget_files+0x215/0x3d0
[  402.366040][T12660]  loop_control_ioctl+0xae/0x620
[  402.366063][T12660]  ? __pfx_loop_control_ioctl+0x10/0x10
[  402.366088][T12660]  ? __pfx_loop_control_ioctl+0x10/0x10
[  402.366111][T12660]  __x64_sys_ioctl+0x18e/0x210
[  402.366128][T12660]  do_syscall_64+0x10b/0xf80
[  402.366148][T12660]  ? clear_bhb_loop+0x40/0x90
[  402.366175][T12660]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  402.366191][T12660] RIP: 0033:0x7ff83ed9cdd9
[  402.366205][T12660] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  402.366220][T12660] RSP: 002b:00007ff83fc7f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  402.366235][T12660] RAX: ffffffffffffffda RBX: 00007ff83f015fa0 RCX: 00007ff83ed9cdd9
[  402.366245][T12660] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000004
[  402.366254][T12660] RBP: 00007ff83ee32d69 R08: 0000000000000000 R09: 0000000000000000
[  402.366263][T12660] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  402.366272][T12660] R13: 00007ff83f016038 R14: 00007ff83f015fa0 R15: 00007ffcf9a975d8
[  402.366291][T12660]  </TASK>
[  403.355577][T12680] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1749'.
[  403.400723][T12685] netlink: 354 bytes leftover after parsing attributes in process `syz.3.1749'.
[  404.086985][ T7460] Bluetooth: hci0: command 0x2016 tx timeout
[  404.162562][T12719] netlink: 21 bytes leftover after parsing attributes in process `syz.3.1752'.
[  404.171923][ T7460] Bluetooth: hci3: command 0x0c1a tx timeout
[  404.712919][T12734] netlink: 'syz.2.1758': attribute type 11 has an invalid length.
[  404.761148][T12734] netlink: 'syz.2.1758': attribute type 11 has an invalid length.
[  404.781390][T12729] sctp: [Deprecated]: syz.3.1756 (pid 12729) Use of struct sctp_assoc_value in delayed_ack socket option.
[  404.781390][T12729] Use struct sctp_sack_info instead
[  404.809021][T12734] netlink: 'syz.2.1758': attribute type 11 has an invalid length.
[  405.324944][T12741] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1760'.
[  405.406586][T12741] netlink: 13 bytes leftover after parsing attributes in process `syz.3.1760'.
[  406.712956][T12737] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes.
[  406.728189][T12774] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1770'.
[  406.747248][T12737] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes.
[  406.824181][T12738] binder: 12736:12738 ioctl c00c620f 200000000080 returned -22
[  412.278306][T12858] snd_virmidi snd_virmidi.0: control 61678:134348809:44033:yª:5 is already present
[  412.410109][T12858] ecryptfs_miscdev_response: (sizeof(*msg) + msg->data_len) = [1067213646]; data_size = [146]. Invalid packet.
[  412.546980][T12858] ecryptfs_miscdev_write: Failed to deliver miscdev response to requesting operation; rc = [-22]
[  412.846748][T12852] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1788'.
[  413.107246][T12852] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  413.242641][T12852] batman_adv: batadv0: Removing interface: batadv_slave_0
[  413.386969][T12852] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  413.533435][T12852] batman_adv: batadv0: Removing interface: batadv_slave_1
[  414.403188][T12876] bond0: invalid ARP target specified
[  417.900465][T12948] ubi0: attaching mtd0
[  417.918002][T12948] ubi0 error: ubi_attach_mtd_dev: bad VID header (63) or data offsets (127)
[  418.410044][ T7460] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18
[  418.434304][ T7460] Bluetooth: hci3: unexpected event 0x04 length: 6 < 10
[  418.459355][T12958] openvswitch: netlink: Geneve opt len 1 is not a multiple of 4.
[  418.557666][ T7460] Bluetooth: hci0: Malformed LE Event: 0x0b
[  419.964253][T12976] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1823'.
[  420.484041][ T7377] Bluetooth: hci3: command 0x0c1a tx timeout
[  421.175229][T12988] nbd: socks must be embedded in a SOCK_ITEM attr
[  421.217507][T12988] block nbd1: shutting down sockets
[  422.555054][ T9117] Bluetooth: hci3: command 0x0c1a tx timeout
[  423.686152][T13037] block2mtd: illegal erase size
[  424.042808][T13044] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1844'.
[  424.108043][T13046] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1844'.
[  424.838487][T12519] syz.1.1703 (12519) used greatest stack depth: 19704 bytes left
[  425.473928][T13071] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1852'.
[  425.549004][T13071] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1852'.
[  426.165706][T13085] HfR: entered promiscuous mode
[  426.775398][T12766] syz.1.1764 (12766) used greatest stack depth: 19504 bytes left
[  427.702206][T13128] FAULT_INJECTION: forcing a failure.
[  427.702206][T13128] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  427.797240][T13128] CPU: 0 UID: 0 PID: 13128 Comm: syz.0.1867 Tainted: G     U       L      syzkaller #0 PREEMPT(full) 
[  427.797268][T13128] Tainted: [U]=USER, [L]=SOFTLOCKUP
[  427.797273][T13128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  427.797282][T13128] Call Trace:
[  427.797287][T13128]  <TASK>
[  427.797293][T13128]  dump_stack_lvl+0x100/0x190
[  427.797314][T13128]  should_fail_ex.cold+0x5/0xa
[  427.797333][T13128]  _copy_from_user+0x2e/0xd0
[  427.797349][T13128]  core_sys_select+0x472/0xbb0
[  427.797370][T13128]  ? __pfx_core_sys_select+0x10/0x10
[  427.797387][T13128]  ? get_pid_task+0xfc/0x250
[  427.797411][T13128]  ? get_pid_task+0x106/0x250
[  427.797444][T13128]  ? __mutex_unlock_slowpath+0x15d/0x8a0
[  427.797467][T13128]  ? kernel_write+0x663/0x6c0
[  427.797482][T13128]  ? __fget_files+0x215/0x3d0
[  427.797500][T13128]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  427.797525][T13128]  kern_select+0x20c/0x270
[  427.797543][T13128]  ? __pfx_kern_select+0x10/0x10
[  427.797562][T13128]  ? __pfx_ksys_write+0x10/0x10
[  427.797581][T13128]  __x64_sys_select+0xbd/0x160
[  427.797597][T13128]  ? do_syscall_64+0x90/0xf80
[  427.797617][T13128]  ? lockdep_hardirqs_on+0x78/0x100
[  427.797637][T13128]  do_syscall_64+0x10b/0xf80
[  427.797657][T13128]  ? clear_bhb_loop+0x40/0x90
[  427.797675][T13128]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  427.797690][T13128] RIP: 0033:0x7ff83ed9cdd9
[  427.797703][T13128] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  427.797717][T13128] RSP: 002b:00007ff83fc3d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000017
[  427.797732][T13128] RAX: ffffffffffffffda RBX: 00007ff83f016180 RCX: 00007ff83ed9cdd9
[  427.797742][T13128] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009
[  427.797750][T13128] RBP: 00007ff83fc3d090 R08: 0000000000000000 R09: 0000000000000000
[  427.797758][T13128] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001
[  427.797767][T13128] R13: 00007ff83f016218 R14: 00007ff83f016180 R15: 00007ffcf9a975d8
[  427.797785][T13128]  </TASK>
[  429.821182][T13175] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1881'.
[  429.924734][T13175] unsupported nlmsg_type 40
[  430.005195][T13180] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1881'.
[  432.872703][T13211] kexec: Could not allocate control_code_buffer
[  433.587181][T13246] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1895'.
[  433.628155][T13246] netlink: 354 bytes leftover after parsing attributes in process `syz.1.1895'.
[  434.183544][ T7460] Bluetooth: hci0: unexpected event 0x1c length: 725 > 5
[  435.534377][T13305] netlink: Unknown conntrack attr (type=257, max=9)
[  436.938742][T13332] netlink: 'syz.2.1918': attribute type 11 has an invalid length.
[  436.990719][T13332] netlink: 'syz.2.1918': attribute type 11 has an invalid length.
[  437.044821][T13332] netlink: 'syz.2.1918': attribute type 11 has an invalid length.
[  437.648129][T13353] random: crng reseeded on system resumption
[  437.817049][T13354] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1926'.
[  438.018607][T13368] raw_sendmsg: syz.2.1928 forgot to set AF_INET. Fix it!
[  438.884256][T13383] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input10
[  439.743158][ T1315] ieee802154 phy0 wpan0: encryption failed: -22
[  439.749613][ T1315] ieee802154 phy1 wpan1: encryption failed: -22
[  440.557487][T13429] nbd: socks must be embedded in a SOCK_ITEM attr
[  440.568438][T13431] snd_virmidi snd_virmidi.0: control 61678:134348809:44033:yª:5 is already present
[  440.586178][T13429] block nbd1: shutting down sockets
[  440.739570][T13431] ecryptfs_miscdev_response: (sizeof(*msg) + msg->data_len) = [1067213646]; data_size = [146]. Invalid packet.
[  440.855816][T13431] ecryptfs_miscdev_write: Failed to deliver miscdev response to requesting operation; rc = [-22]
[  443.630385][T13505] netlink: 'syz.3.1969': attribute type 11 has an invalid length.
[  443.678664][T13505] netlink: 'syz.3.1969': attribute type 11 has an invalid length.
[  444.715078][T13522] netlink: 'syz.3.1973': attribute type 2 has an invalid length.
[  444.918212][ T7460] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18
[  446.983764][ T7460] Bluetooth: hci3: command 0x0c1a tx timeout
[  447.575686][T13582] netlink: 'syz.3.1990': attribute type 1 has an invalid length.
[  449.053082][ T7460] Bluetooth: hci3: command 0x0c1a tx timeout
[  450.183488][T13556] Process accounting resumed
[  451.220352][T13663] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2017'.
[  451.272644][T13663] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2017'.
[  454.971361][T13752] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2039'.
[  457.133621][T13807] input: f¬
 as /devices/virtual/input/input11
[  460.016064][T13893] capability: warning: `syz.2.2080' uses 32-bit capabilities (legacy support in use)
[  460.395308][ T9117] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18
[  460.403099][ T9117] Bluetooth: hci3: Invalid handle: 0x3a4a > 0x0eff
[  461.215495][T13918] FAULT_INJECTION: forcing a failure.
[  461.215495][T13918] name failslab, interval 1, probability 0, space 0, times 0
[  461.263496][T13918] CPU: 0 UID: 0 PID: 13918 Comm: syz.0.2085 Tainted: G     U       L      syzkaller #0 PREEMPT(full) 
[  461.263525][T13918] Tainted: [U]=USER, [L]=SOFTLOCKUP
[  461.263532][T13918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  461.263542][T13918] Call Trace:
[  461.263548][T13918]  <TASK>
[  461.263555][T13918]  dump_stack_lvl+0x100/0x190
[  461.263578][T13918]  should_fail_ex.cold+0x5/0xa
[  461.263599][T13918]  should_failslab+0xc2/0x120
[  461.263617][T13918]  kmem_cache_alloc_lru_noprof+0x80/0x6e0
[  461.263642][T13918]  ? __d_alloc+0x34/0xa40
[  461.263667][T13918]  __d_alloc+0x34/0xa40
[  461.263688][T13918]  d_alloc_pseudo+0x1c/0xc0
[  461.263702][T13918]  alloc_file_pseudo+0xcf/0x230
[  461.263726][T13918]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  461.263752][T13918]  __shmem_file_setup+0x205/0x460
[  461.263774][T13918]  ? __pfx___shmem_file_setup+0x10/0x10
[  461.263795][T13918]  ? vm_area_alloc+0x1f/0x160
[  461.263818][T13918]  shmem_zero_setup+0x96/0x1b0
[  461.263835][T13918]  __mmap_region+0x24e9/0x2da0
[  461.263861][T13918]  ? __pfx___mmap_region+0x10/0x10
[  461.263898][T13918]  ? do_raw_spin_lock+0x128/0x260
[  461.263927][T13918]  ? do_raw_spin_lock+0x128/0x260
[  461.263944][T13918]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  461.263967][T13918]  ? hrtimer_start_range_ns+0x860/0x1a50
[  461.263993][T13918]  ? find_held_lock+0x2b/0x80
[  461.264011][T13918]  ? finish_task_switch.isra.0+0x2c6/0x1010
[  461.264062][T13918]  mmap_region+0x35d/0x620
[  461.264077][T13918]  ? rcu_is_watching+0x12/0xc0
[  461.264095][T13918]  ? __pfx_mmap_region+0x10/0x10
[  461.264111][T13918]  ? cap_mmap_addr+0x4b/0x120
[  461.264133][T13918]  ? bpf_lsm_mmap_addr+0x9/0x30
[  461.264147][T13918]  ? security_mmap_addr+0x71/0x1e0
[  461.264164][T13918]  ? __get_unmapped_area+0x255/0x3e0
[  461.264184][T13918]  do_mmap+0xc63/0x12f0
[  461.264205][T13918]  ? __pfx_do_mmap+0x10/0x10
[  461.264222][T13918]  ? __pfx_down_write_killable+0x10/0x10
[  461.264242][T13918]  vm_mmap_pgoff+0x29e/0x470
[  461.264263][T13918]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  461.264283][T13918]  ? do_futex+0x192/0x350
[  461.264300][T13918]  ? __pfx_do_futex+0x10/0x10
[  461.264315][T13918]  ? __pfx_do_sys_openat2+0x10/0x10
[  461.264341][T13918]  ksys_mmap_pgoff+0xe4/0x610
[  461.264359][T13918]  ? __x64_sys_futex+0x358/0x4d0
[  461.264375][T13918]  ? __pfx_ksys_mmap_pgoff+0x10/0x10
[  461.264392][T13918]  ? xfd_validate_state+0x129/0x190
[  461.264412][T13918]  __x64_sys_mmap+0x125/0x190
[  461.264430][T13918]  do_syscall_64+0x10b/0xf80
[  461.264451][T13918]  ? clear_bhb_loop+0x40/0x90
[  461.264469][T13918]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  461.264484][T13918] RIP: 0033:0x7ff83ed9cdd9
[  461.264499][T13918] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  461.264513][T13918] RSP: 002b:00007ff83fc7f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  461.264529][T13918] RAX: ffffffffffffffda RBX: 00007ff83f015fa0 RCX: 00007ff83ed9cdd9
[  461.264540][T13918] RDX: 00000000000001ff RSI: 0000000000020004 RDI: 0000000000000000
[  461.264549][T13918] RBP: 00007ff83ee32d69 R08: ffffffffffffffff R09: 0000000000008000
[  461.264559][T13918] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000
[  461.264568][T13918] R13: 00007ff83f016038 R14: 00007ff83f015fa0 R15: 00007ffcf9a975d8
[  461.264588][T13918]  </TASK>
[  462.894432][T13943] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2092'.
[  463.016751][T13943] netlink: 25 bytes leftover after parsing attributes in process `syz.2.2092'.
[  463.763411][T13973] bond0: invalid ARP target specified
[  464.961707][T13999] nbd: socks must be embedded in a SOCK_ITEM attr
[  464.990188][T13999] block nbd1: shutting down sockets
[  466.663706][T14042] FAULT_INJECTION: forcing a failure.
[  466.663706][T14042] name failslab, interval 1, probability 0, space 0, times 0
[  466.784788][T14042] CPU: 0 UID: 0 PID: 14042 Comm: syz.0.2118 Tainted: G     U       L      syzkaller #0 PREEMPT(full) 
[  466.784823][T14042] Tainted: [U]=USER, [L]=SOFTLOCKUP
[  466.784829][T14042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  466.784839][T14042] Call Trace:
[  466.784846][T14042]  <TASK>
[  466.784852][T14042]  dump_stack_lvl+0x100/0x190
[  466.784874][T14042]  should_fail_ex.cold+0x5/0xa
[  466.784895][T14042]  ? tracepoint_add_func+0x3a8/0x1150
[  466.784917][T14042]  should_failslab+0xc2/0x120
[  466.784934][T14042]  __kmalloc_noprof+0xe0/0x850
[  466.784952][T14042]  ? __pfx_trace_event_raw_event_nfsd_cb_lifetime_class+0x10/0x10
[  466.784972][T14042]  tracepoint_add_func+0x3a8/0x1150
[  466.784993][T14042]  ? __pfx_trace_event_raw_event_nfsd_cb_lifetime_class+0x10/0x10
[  466.785016][T14042]  ? __pfx_trace_event_raw_event_nfsd_cb_lifetime_class+0x10/0x10
[  466.785036][T14042]  tracepoint_probe_register+0xc4/0x110
[  466.785059][T14042]  ? __pfx_tracepoint_probe_register+0x10/0x10
[  466.785081][T14042]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  466.785103][T14042]  ? __pfx_trace_event_raw_event_nfsd_cb_lifetime_class+0x10/0x10
[  466.785123][T14042]  ? __pfx_probe_sched_switch+0x10/0x10
[  466.785199][T14042]  trace_event_reg+0x209/0x350
[  466.785220][T14042]  __ftrace_event_enable_disable+0x211/0x6f0
[  466.785246][T14042]  __ftrace_set_clr_event_nolock+0x390/0xc30
[  466.785268][T14042]  ftrace_set_clr_event+0x1b7/0x3f0
[  466.785287][T14042]  ? __pfx_ftrace_set_clr_event+0x10/0x10
[  466.785303][T14042]  ? trace_get_user+0x3ae/0xa70
[  466.785332][T14042]  ftrace_event_write+0x259/0x2c0
[  466.785350][T14042]  ? __pfx_ftrace_event_write+0x10/0x10
[  466.785374][T14042]  vfs_write+0x2aa/0x1070
[  466.785392][T14042]  ? __pfx_ftrace_event_write+0x10/0x10
[  466.785410][T14042]  ? __pfx_vfs_write+0x10/0x10
[  466.785426][T14042]  ? __fget_files+0x215/0x3d0
[  466.785447][T14042]  ? __fget_files+0x21f/0x3d0
[  466.785473][T14042]  ksys_write+0x12a/0x250
[  466.785489][T14042]  ? __pfx_ksys_write+0x10/0x10
[  466.785513][T14042]  ? rcu_is_watching+0x12/0xc0
[  466.785534][T14042]  do_syscall_64+0x10b/0xf80
[  466.785555][T14042]  ? clear_bhb_loop+0x40/0x90
[  466.785573][T14042]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  466.785588][T14042] RIP: 0033:0x7ff83ed9cdd9
[  466.785602][T14042] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  466.785616][T14042] RSP: 002b:00007ff83fc7f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  466.785631][T14042] RAX: ffffffffffffffda RBX: 00007ff83f015fa0 RCX: 00007ff83ed9cdd9
[  466.785641][T14042] RDX: 0000000000000af0 RSI: 0000000000000000 RDI: 0000000000000009
[  466.785650][T14042] RBP: 00007ff83ee32d69 R08: 0000000000000000 R09: 0000000000000000
[  466.785659][T14042] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  466.785668][T14042] R13: 00007ff83f016038 R14: 00007ff83f015fa0 R15: 00007ffcf9a975d8
[  466.785688][T14042]  </TASK>
[  466.785721][T14042] event trace: Could not enable event nfsd_cb_queue
[  469.185112][T14094] TCP: TCP_TX_DELAY enabled
[  469.221546][T14094] tipc: Started in network mode
[  469.252057][T14094] tipc: Node identity ee00, cluster identity 4711
[  469.287854][T14094] tipc: Node number set to 60928
[  470.791407][ T7460] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  470.807769][ T7460] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  470.815913][ T7460] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  470.830331][ T7460] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  470.841695][ T7460] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  471.699752][T14153] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2147'.
[  471.800949][ T7447] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  471.957066][ T7447] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  472.209633][ T7447] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  472.389396][ T7447] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  472.419288][T14167] random: crng reseeded on system resumption
[  472.929338][ T7460] Bluetooth: hci4: command tx timeout
[  473.284263][ T7447] dummy0: left allmulticast mode
[  473.344516][ T7447] dummy0: left promiscuous mode
[  473.375485][ T7447] bridge0: port 3(dummy0) entered disabled state
[  473.458277][ T7447] bridge_slave_1: left allmulticast mode
[  473.507490][ T7447] bridge_slave_1: left promiscuous mode
[  473.538719][ T7447] bridge0: port 2(bridge_slave_1) entered disabled state
[  473.584017][ T7447] bridge_slave_0: left allmulticast mode
[  473.617848][ T7447] bridge_slave_0: left promiscuous mode
[  473.664026][ T7447] bridge0: port 1(bridge_slave_0) entered disabled state
[  473.906174][ T7460] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18
[  473.930245][ T7460] Bluetooth: hci3: unexpected event 0x05 length: 6 > 4
[  474.370202][ T7447] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  474.413646][ T7447] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  474.440309][ T7447] bond0 (unregistering): Released all slaves
[  474.546662][ T5289] 8021q: adding VLAN 0 to HW filter on device eth1
[  474.617319][ T7447] HfR: left promiscuous mode
[  474.666070][T14207] netlink: 'syz.0.2157': attribute type 11 has an invalid length.
[  474.700895][T14207] netlink: 'syz.0.2157': attribute type 11 has an invalid length.
[  474.998661][ T7460] Bluetooth: hci4: command tx timeout
[  475.361860][T14129] bridge0: port 1(bridge_slave_0) entered blocking state
[  475.421186][T14129] bridge0: port 1(bridge_slave_0) entered disabled state
[  475.451003][T14129] bridge_slave_0: entered allmulticast mode
[  475.491183][T14129] bridge_slave_0: entered promiscuous mode
[  475.632694][T14129] bridge0: port 2(bridge_slave_1) entered blocking state
[  475.672036][T14129] bridge0: port 2(bridge_slave_1) entered disabled state
[  475.703821][T14129] bridge_slave_1: entered allmulticast mode
[  475.739521][T14129] bridge_slave_1: entered promiscuous mode
[  475.801154][T14229] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2160'.
[  475.956561][ T9117] Bluetooth: hci3: command 0x0c1a tx timeout
[  476.040956][T14129] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  476.121650][T14129] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  476.394718][T14129] team0: Port device team_slave_0 added
[  476.414841][T14240] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2163'.
[  476.453863][T14129] team0: Port device team_slave_1 added
[  476.745693][T14129] batman_adv: batadv0: Adding interface: batadv_slave_0
[  476.788204][T14129] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  476.930326][T14129] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  477.006863][ T5289] 8021q: adding VLAN 0 to HW filter on device eth2
[  477.060326][T14129] batman_adv: batadv0: Adding interface: batadv_slave_1
[  477.068134][ T9117] Bluetooth: hci4: command tx timeout
[  477.092882][T14129] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  477.182123][T14129] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  477.275241][ T7447] hsr_slave_0: left promiscuous mode
[  477.296598][ T7447] hsr_slave_1: left promiscuous mode
[  477.382260][ T7447] veth1_macvtap: left promiscuous mode
[  477.410001][ T7447] veth1_vlan: left promiscuous mode
[  477.426784][ T7447] veth0_vlan: left promiscuous mode
[  477.908354][ T7447] team0 (unregistering): Port device team_slave_1 removed
[  477.916152][T14272] i2c i2c-0: new_device: Can't parse I2C address
[  477.942382][ T7447] team0 (unregistering): Port device team_slave_0 removed
[  478.117244][ T7447] smc: removing net device dummy0 with user defined pnetid DUMMY0
[  478.537798][T14129] hsr_slave_0: entered promiscuous mode
[  478.570988][T14129] hsr_slave_1: entered promiscuous mode
[  478.613649][T14129] debugfs: 'hsr0' already exists in 'hsr'
[  478.645788][T14129] Cannot create hsr debugfs directory
[  479.137106][ T9117] Bluetooth: hci4: command tx timeout
[  479.919814][T14305] bond0: invalid ARP target specified
[  480.176024][T14304] Process accounting paused
[  480.230180][T14313] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2182'.
[  480.996059][T14335] Setting dangerous option i915.mitigations - tainting kernel
[  481.606848][T14129] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  481.696409][T14129] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  481.742112][T14129] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  481.798612][T14129] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  481.839467][T14129] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  481.892347][T14129] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  481.935833][T14129] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  481.945067][T14332] FAULT_INJECTION: forcing a failure.
[  481.945067][T14332] name failslab, interval 1, probability 0, space 0, times 0
[  482.004808][T14129] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  482.034047][T14332] CPU: 0 UID: 0 PID: 14332 Comm: syz.0.2186 Tainted: G     U       L      syzkaller #0 PREEMPT(full) 
[  482.034077][T14332] Tainted: [U]=USER, [L]=SOFTLOCKUP
[  482.034084][T14332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  482.034093][T14332] Call Trace:
[  482.034099][T14332]  <TASK>
[  482.034105][T14332]  dump_stack_lvl+0x100/0x190
[  482.034127][T14332]  should_fail_ex.cold+0x5/0xa
[  482.034148][T14332]  should_failslab+0xc2/0x120
[  482.034166][T14332]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  482.034188][T14332]  ? mas_preallocate+0x1105/0x14a0
[  482.034215][T14332]  mas_preallocate+0x1105/0x14a0
[  482.034234][T14332]  ? __pfx_mas_preallocate+0x10/0x10
[  482.034255][T14332]  ? __asan_memset+0x23/0x50
[  482.034277][T14332]  ? init_multi_vma_prep+0x33c/0x650
[  482.034301][T14332]  commit_merge+0x3e3/0xbd0
[  482.034324][T14332]  ? __pfx_commit_merge+0x10/0x10
[  482.034344][T14332]  ? debug_check_no_obj_freed+0x31f/0x630
[  482.034377][T14332]  vma_expand+0xac5/0xea0
[  482.034401][T14332]  ? __pfx_vma_expand+0x10/0x10
[  482.034421][T14332]  ? can_vma_merge_right+0x101/0x720
[  482.034445][T14332]  ? __pfx_can_vma_merge_right+0x10/0x10
[  482.034472][T14332]  vma_merge_new_range+0x516/0xc00
[  482.034498][T14332]  ? __pfx_vma_merge_new_range+0x10/0x10
[  482.034522][T14332]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  482.034547][T14332]  __mmap_region+0xa89/0x2da0
[  482.034572][T14332]  ? __pfx___mmap_region+0x10/0x10
[  482.034598][T14332]  ? rcu_is_watching+0x12/0xc0
[  482.034615][T14332]  ? trace_pelt_se_tp+0x13b/0x190
[  482.034637][T14332]  ? __lock_acquire+0x4a5/0x2630
[  482.034652][T14332]  ? do_raw_spin_unlock+0x145/0x1e0
[  482.034670][T14332]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  482.034698][T14332]  ? find_held_lock+0x2b/0x80
[  482.034717][T14332]  ? rcu_is_watching+0x12/0xc0
[  482.034742][T14332]  ? rcu_is_watching+0x12/0xc0
[  482.034759][T14332]  ? finish_task_switch.isra.0+0x2cb/0x1010
[  482.034778][T14332]  ? lockdep_hardirqs_on+0x78/0x100
[  482.034820][T14332]  ? futex_unqueue+0x133/0x2c0
[  482.034841][T14332]  mmap_region+0x35d/0x620
[  482.034856][T14332]  ? rcu_is_watching+0x12/0xc0
[  482.034872][T14332]  ? __pfx_mmap_region+0x10/0x10
[  482.034889][T14332]  ? cap_mmap_addr+0x4b/0x120
[  482.034909][T14332]  ? bpf_lsm_mmap_addr+0x9/0x30
[  482.034923][T14332]  ? security_mmap_addr+0x71/0x1e0
[  482.034940][T14332]  ? __get_unmapped_area+0x255/0x3e0
[  482.034961][T14332]  do_mmap+0xc63/0x12f0
[  482.034986][T14332]  ? __pfx_do_mmap+0x10/0x10
[  482.035004][T14332]  ? __pfx_down_write_killable+0x10/0x10
[  482.035023][T14332]  vm_mmap_pgoff+0x29e/0x470
[  482.035045][T14332]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  482.035066][T14332]  ? do_futex+0x192/0x350
[  482.035082][T14332]  ? __pfx_do_futex+0x10/0x10
[  482.035101][T14332]  ksys_mmap_pgoff+0xe4/0x610
[  482.035119][T14332]  ? __x64_sys_futex+0x358/0x4d0
[  482.035136][T14332]  ? __pfx_ksys_mmap_pgoff+0x10/0x10
[  482.035153][T14332]  ? xfd_validate_state+0x129/0x190
[  482.035168][T14332]  ? ksys_write+0x1ac/0x250
[  482.035188][T14332]  __x64_sys_mmap+0x125/0x190
[  482.035211][T14332]  do_syscall_64+0x10b/0xf80
[  482.035231][T14332]  ? clear_bhb_loop+0x40/0x90
[  482.035250][T14332]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  482.035265][T14332] RIP: 0033:0x7ff83ed9cdd9
[  482.035279][T14332] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  482.035293][T14332] RSP: 002b:00007ff83fc7f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  482.035308][T14332] RAX: ffffffffffffffda RBX: 00007ff83f015fa0 RCX: 00007ff83ed9cdd9
[  482.035317][T14332] RDX: 00000000000000df RSI: 0000000000040009 RDI: 0000000000000000
[  482.035327][T14332] RBP: 00007ff83ee32d69 R08: 0000000000000007 R09: 0000000000028000
[  482.035336][T14332] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000
[  482.035345][T14332] R13: 00007ff83f016038 R14: 00007ff83f015fa0 R15: 00007ffcf9a975d8
[  482.035365][T14332]  </TASK>
[  482.830321][T14368] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2192'.
[  483.066873][T14129] 8021q: adding VLAN 0 to HW filter on device bond0
[  483.158127][T14129] 8021q: adding VLAN 0 to HW filter on device team0
[  483.212551][T12713] bridge0: port 1(bridge_slave_0) entered blocking state
[  483.219748][T12713] bridge0: port 1(bridge_slave_0) entered forwarding state
[  483.291359][T12713] bridge0: port 2(bridge_slave_1) entered blocking state
[  483.298517][T12713] bridge0: port 2(bridge_slave_1) entered forwarding state
[  484.656218][T14417] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2196'.
[  485.153505][T14434] bond0: invalid ARP target specified
[  485.236588][T14431] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2198'.
[  485.603848][T14451] nbd: socks must be embedded in a SOCK_ITEM attr
[  485.628333][T14451] block nbd1: shutting down sockets
[  485.727379][T14129] 8021q: adding VLAN 0 to HW filter on device batadv0
[  485.934026][T14129] veth0_vlan: entered promiscuous mode
[  485.997490][T14129] veth1_vlan: entered promiscuous mode
[  486.140826][T14129] veth0_macvtap: entered promiscuous mode
[  486.247997][T14129] veth1_macvtap: entered promiscuous mode
[  486.305954][T14464] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2204'.
[  486.469674][T14129] batman_adv: batadv0: Interface activated: batadv_slave_0
[  486.571890][T14129] batman_adv: batadv0: Interface activated: batadv_slave_1
[  486.662651][T12702] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  486.750660][T12702] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  486.780524][T12702] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  486.869134][T12702] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  487.112831][T14484] bond0: invalid ARP target specified
[  487.426031][T12710] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  487.480511][T12710] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  487.639890][T12705] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  487.674260][T12705] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  488.663899][ T7460] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  488.677297][ T7460] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  488.693377][ T7460] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  488.712187][ T7460] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  488.720093][ T7460] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  488.858774][T14517] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2216'.
[  489.080869][T14514] can: request_module (can-proto-0) failed.
[  489.199776][T14527] bond0: invalid ARP target specified
[  489.512231][T14534] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030
[  489.824932][ T7460] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18
[  490.172551][T12713] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  490.230872][T14553] FAULT_INJECTION: forcing a failure.
[  490.230872][T14553] name failslab, interval 1, probability 0, space 0, times 0
[  490.266399][T14553] CPU: 0 UID: 0 PID: 14553 Comm: syz.1.2224 Tainted: G     U       L      syzkaller #0 PREEMPT(full) 
[  490.266427][T14553] Tainted: [U]=USER, [L]=SOFTLOCKUP
[  490.266433][T14553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  490.266443][T14553] Call Trace:
[  490.266448][T14553]  <TASK>
[  490.266455][T14553]  dump_stack_lvl+0x100/0x190
[  490.266483][T14553]  should_fail_ex.cold+0x5/0xa
[  490.266503][T14553]  ? tracepoint_add_func+0x3a8/0x1150
[  490.266526][T14553]  should_failslab+0xc2/0x120
[  490.266543][T14553]  __kmalloc_noprof+0xe0/0x850
[  490.266560][T14553]  ? __pfx_trace_event_raw_event_nfsd_cb_class+0x10/0x10
[  490.266580][T14553]  tracepoint_add_func+0x3a8/0x1150
[  490.266601][T14553]  ? __pfx_trace_event_raw_event_nfsd_cb_class+0x10/0x10
[  490.266624][T14553]  ? __pfx_trace_event_raw_event_nfsd_cb_class+0x10/0x10
[  490.266643][T14553]  tracepoint_probe_register+0xc4/0x110
[  490.266666][T14553]  ? __pfx_tracepoint_probe_register+0x10/0x10
[  490.266688][T14553]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  490.266710][T14553]  ? __pfx_trace_event_raw_event_nfsd_cb_class+0x10/0x10
[  490.266728][T14553]  ? __pfx_probe_sched_switch+0x10/0x10
[  490.266751][T14553]  ? __lock_acquire+0x4a5/0x2630
[  490.266768][T14553]  trace_event_reg+0x209/0x350
[  490.266789][T14553]  __ftrace_event_enable_disable+0x211/0x6f0
[  490.266814][T14553]  __ftrace_set_clr_event_nolock+0x390/0xc30
[  490.266836][T14553]  ftrace_set_clr_event+0x1b7/0x3f0
[  490.266855][T14553]  ? __pfx_ftrace_set_clr_event+0x10/0x10
[  490.266871][T14553]  ? trace_get_user+0x3ae/0xa70
[  490.266898][T14553]  ftrace_event_write+0x259/0x2c0
[  490.266918][T14553]  ? __pfx_ftrace_event_write+0x10/0x10
[  490.266943][T14553]  vfs_write+0x2aa/0x1070
[  490.266961][T14553]  ? __pfx_ftrace_event_write+0x10/0x10
[  490.266980][T14553]  ? __pfx_vfs_write+0x10/0x10
[  490.266996][T14553]  ? __fget_files+0x215/0x3d0
[  490.267017][T14553]  ? __fget_files+0x21f/0x3d0
[  490.267040][T14553]  ksys_write+0x12a/0x250
[  490.267056][T14553]  ? __pfx_ksys_write+0x10/0x10
[  490.267074][T14553]  ? rcu_is_watching+0x12/0xc0
[  490.267094][T14553]  do_syscall_64+0x10b/0xf80
[  490.267114][T14553]  ? clear_bhb_loop+0x40/0x90
[  490.267132][T14553]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  490.267147][T14553] RIP: 0033:0x7f6ffe19cdd9
[  490.267161][T14553] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  490.267175][T14553] RSP: 002b:00007f6ffeffc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  490.267190][T14553] RAX: ffffffffffffffda RBX: 00007f6ffe415fa0 RCX: 00007f6ffe19cdd9
[  490.267199][T14553] RDX: 0000000000000af0 RSI: 0000000000000000 RDI: 0000000000000009
[  490.267208][T14553] RBP: 00007f6ffe232d69 R08: 0000000000000000 R09: 0000000000000000
[  490.267217][T14553] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  490.267226][T14553] R13: 00007f6ffe416038 R14: 00007f6ffe415fa0 R15: 00007ffe3c72f808
[  490.267246][T14553]  </TASK>
[  490.268211][T14553] event trace: Could not enable event nfsd_cb_rpc_done
[  490.777659][ T9117] Bluetooth: hci1: command tx timeout
[  490.813044][T12713] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  490.920915][T12713] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  491.156115][T12713] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  491.871978][ T7377] Bluetooth: hci0: command 0x2016 tx timeout
[  492.103586][T14585] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2232'.
[  492.155578][T14583] netlink: 25 bytes leftover after parsing attributes in process `syz.1.2232'.
[  492.189619][T14513] bridge0: port 1(bridge_slave_0) entered blocking state
[  492.211340][T14513] bridge0: port 1(bridge_slave_0) entered disabled state
[  492.250757][T14513] bridge_slave_0: entered allmulticast mode
[  492.289429][T14513] bridge_slave_0: entered promiscuous mode
[  492.353945][T12713] bridge_slave_1: left allmulticast mode
[  492.384123][T12713] bridge_slave_1: left promiscuous mode
[  492.417774][T12713] bridge0: port 2(bridge_slave_1) entered disabled state
[  492.473561][T12713] bridge_slave_0: left allmulticast mode
[  492.508376][T12713] bridge_slave_0: left promiscuous mode
[  492.531501][T12713] bridge0: port 1(bridge_slave_0) entered disabled state
[  492.825659][ T7377] Bluetooth: hci1: command tx timeout
[  493.149780][T12713] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  493.205104][T12713] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  493.259926][T12713] bond0 (unregistering): Released all slaves
[  493.312633][T14513] bridge0: port 2(bridge_slave_1) entered blocking state
[  493.373144][T14513] bridge0: port 2(bridge_slave_1) entered disabled state
[  493.412492][T14513] bridge_slave_1: entered allmulticast mode
[  493.445166][T14513] bridge_slave_1: entered promiscuous mode
[  493.563974][ T5289] 8021q: adding VLAN 0 to HW filter on device eth1
[  493.612643][T12713] HfR: left promiscuous mode
[  493.680243][T12713] Â: left promiscuous mode
[  493.726751][T14513] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  493.737336][T14618] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2239'.
[  493.777571][T14513] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  493.811376][T12713] tipc: Left network mode
[  493.940568][ T7377] Bluetooth: hci0: command 0x2016 tx timeout
[  494.003748][T14513] team0: Port device team_slave_0 added
[  494.053158][T14513] team0: Port device team_slave_1 added
[  494.394396][T14513] batman_adv: batadv0: Adding interface: batadv_slave_0
[  494.439884][T14513] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  494.591457][T14513] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  494.673125][T14513] batman_adv: batadv0: Adding interface: batadv_slave_1
[  494.720686][T14513] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  494.849388][T14513] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  494.894666][ T7460] Bluetooth: hci1: command tx timeout
[  495.410923][T14513] hsr_slave_0: entered promiscuous mode
[  495.458659][T14513] hsr_slave_1: entered promiscuous mode
[  495.498624][T14513] debugfs: 'hsr0' already exists in 'hsr'
[  495.522613][T14513] Cannot create hsr debugfs directory
[  495.557869][ T5289] 8021q: adding VLAN 0 to HW filter on device eth2
[  495.914020][T14676] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2246'.
[  496.157747][T14683] bond0: invalid ARP target specified
[  496.239909][T12713] hsr_slave_0: left promiscuous mode
[  496.264864][T12713] hsr_slave_1: left promiscuous mode
[  496.296693][T12713] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  496.337586][T12713] batman_adv: batadv0: Removing interface: batadv_slave_0
[  496.412145][T12713] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  496.473144][T12713] batman_adv: batadv0: Removing interface: batadv_slave_1
[  496.545176][T12713] veth0_macvtap: left promiscuous mode
[  496.971976][ T7460] Bluetooth: hci1: command tx timeout
[  497.386220][T12713] team0 (unregistering): Port device team_slave_1 removed
[  497.477918][T12713] team0 (unregistering): Port device team_slave_0 removed
[  497.787638][T14720] Setting dangerous option i915.mitigations - tainting kernel
[  497.911136][ T5289] 8021q: adding VLAN 0 to HW filter on device eth3
[  498.748099][T14742] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2259'.
[  498.773506][T14719] FAULT_INJECTION: forcing a failure.
[  498.773506][T14719] name failslab, interval 1, probability 0, space 0, times 0
[  498.814164][T14744] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2259'.
[  498.829886][T14719] CPU: 0 UID: 0 PID: 14719 Comm: syz.1.2255 Tainted: G     U       L      syzkaller #0 PREEMPT(full) 
[  498.829916][T14719] Tainted: [U]=USER, [L]=SOFTLOCKUP
[  498.829922][T14719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  498.829931][T14719] Call Trace:
[  498.829937][T14719]  <TASK>
[  498.829943][T14719]  dump_stack_lvl+0x100/0x190
[  498.829965][T14719]  should_fail_ex.cold+0x5/0xa
[  498.829986][T14719]  should_failslab+0xc2/0x120
[  498.830004][T14719]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  498.830027][T14719]  ? mas_preallocate+0x1105/0x14a0
[  498.830046][T14719]  mas_preallocate+0x1105/0x14a0
[  498.830070][T14719]  ? __pfx_mas_preallocate+0x10/0x10
[  498.830092][T14719]  ? __asan_memset+0x23/0x50
[  498.830113][T14719]  ? init_multi_vma_prep+0x33c/0x650
[  498.830136][T14719]  commit_merge+0x3e3/0xbd0
[  498.830161][T14719]  ? __pfx_commit_merge+0x10/0x10
[  498.830186][T14719]  ? debug_check_no_obj_freed+0x31f/0x630
[  498.830220][T14719]  vma_expand+0xac5/0xea0
[  498.830242][T14719]  ? __pfx_vma_expand+0x10/0x10
[  498.830267][T14719]  ? can_vma_merge_right+0x101/0x720
[  498.830291][T14719]  ? __pfx_can_vma_merge_right+0x10/0x10
[  498.830320][T14719]  vma_merge_new_range+0x516/0xc00
[  498.830350][T14719]  ? __pfx_vma_merge_new_range+0x10/0x10
[  498.830374][T14719]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  498.830399][T14719]  __mmap_region+0xa89/0x2da0
[  498.830424][T14719]  ? __pfx___mmap_region+0x10/0x10
[  498.830453][T14719]  ? rcu_is_watching+0x12/0xc0
[  498.830471][T14719]  ? trace_pelt_se_tp+0x13b/0x190
[  498.830494][T14719]  ? __lock_acquire+0x4a5/0x2630
[  498.830508][T14719]  ? do_raw_spin_unlock+0x145/0x1e0
[  498.830526][T14719]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  498.830554][T14719]  ? find_held_lock+0x2b/0x80
[  498.830573][T14719]  ? rcu_is_watching+0x12/0xc0
[  498.830597][T14719]  ? rcu_is_watching+0x12/0xc0
[  498.830615][T14719]  ? finish_task_switch.isra.0+0x2cb/0x1010
[  498.830634][T14719]  ? lockdep_hardirqs_on+0x78/0x100
[  498.830676][T14719]  ? futex_unqueue+0x133/0x2c0
[  498.830697][T14719]  mmap_region+0x35d/0x620
[  498.830718][T14719]  ? rcu_is_watching+0x12/0xc0
[  498.830736][T14719]  ? __pfx_mmap_region+0x10/0x10
[  498.830753][T14719]  ? cap_mmap_addr+0x4b/0x120
[  498.830775][T14719]  ? bpf_lsm_mmap_addr+0x9/0x30
[  498.830790][T14719]  ? security_mmap_addr+0x71/0x1e0
[  498.830807][T14719]  ? __get_unmapped_area+0x255/0x3e0
[  498.830828][T14719]  do_mmap+0xc63/0x12f0
[  498.830848][T14719]  ? __pfx_do_mmap+0x10/0x10
[  498.830866][T14719]  ? __pfx_down_write_killable+0x10/0x10
[  498.830884][T14719]  vm_mmap_pgoff+0x29e/0x470
[  498.830906][T14719]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  498.830925][T14719]  ? do_futex+0x192/0x350
[  498.830941][T14719]  ? __pfx_do_futex+0x10/0x10
[  498.830960][T14719]  ksys_mmap_pgoff+0xe4/0x610
[  498.830978][T14719]  ? __x64_sys_futex+0x358/0x4d0
[  498.830994][T14719]  ? __pfx_ksys_mmap_pgoff+0x10/0x10
[  498.831014][T14719]  ? xfd_validate_state+0x129/0x190
[  498.831029][T14719]  ? ksys_write+0x1ac/0x250
[  498.831049][T14719]  __x64_sys_mmap+0x125/0x190
[  498.831067][T14719]  do_syscall_64+0x10b/0xf80
[  498.831087][T14719]  ? clear_bhb_loop+0x40/0x90
[  498.831104][T14719]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  498.831119][T14719] RIP: 0033:0x7f6ffe19cdd9
[  498.831133][T14719] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  498.831147][T14719] RSP: 002b:00007f6ffeffc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  498.831163][T14719] RAX: ffffffffffffffda RBX: 00007f6ffe415fa0 RCX: 00007f6ffe19cdd9
[  498.831173][T14719] RDX: 00000000000000df RSI: 0000000000040009 RDI: 0000000000000000
[  498.831181][T14719] RBP: 00007f6ffe232d69 R08: 0000000000000007 R09: 0000000000028000
[  498.831194][T14719] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000
[  498.831207][T14719] R13: 00007f6ffe416038 R14: 00007f6ffe415fa0 R15: 00007ffe3c72f808
[  498.831229][T14719]  </TASK>
[  500.269397][T14768] HfR: entered promiscuous mode
[  500.761375][T14775] bond0: invalid ARP target specified
[  500.871459][ T1315] ieee802154 phy0 wpan0: encryption failed: -22
[  500.882009][ T1315] ieee802154 phy1 wpan1: encryption failed: -22
[  502.443480][T14826] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2269'.
[  503.535444][T14863] FAULT_INJECTION: forcing a failure.
[  503.535444][T14863] name failslab, interval 1, probability 0, space 0, times 0
[  503.581646][T14863] CPU: 0 UID: 0 PID: 14863 Comm: syz.0.2277 Tainted: G     U       L      syzkaller #0 PREEMPT(full) 
[  503.581676][T14863] Tainted: [U]=USER, [L]=SOFTLOCKUP
[  503.581682][T14863] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  503.581691][T14863] Call Trace:
[  503.581697][T14863]  <TASK>
[  503.581702][T14863]  dump_stack_lvl+0x100/0x190
[  503.581726][T14863]  should_fail_ex.cold+0x5/0xa
[  503.581746][T14863]  ? tracepoint_add_func+0x3a8/0x1150
[  503.581769][T14863]  should_failslab+0xc2/0x120
[  503.581786][T14863]  __kmalloc_noprof+0xe0/0x850
[  503.581803][T14863]  ? __pfx_trace_event_raw_event_nfsd_cb_lifetime_class+0x10/0x10
[  503.581824][T14863]  tracepoint_add_func+0x3a8/0x1150
[  503.581845][T14863]  ? __pfx_trace_event_raw_event_nfsd_cb_lifetime_class+0x10/0x10
[  503.581869][T14863]  ? __pfx_trace_event_raw_event_nfsd_cb_lifetime_class+0x10/0x10
[  503.581889][T14863]  tracepoint_probe_register+0xc4/0x110
[  503.581911][T14863]  ? __pfx_tracepoint_probe_register+0x10/0x10
[  503.581934][T14863]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  503.581956][T14863]  ? __pfx_trace_event_raw_event_nfsd_cb_lifetime_class+0x10/0x10
[  503.581976][T14863]  ? __pfx_probe_sched_switch+0x10/0x10
[  503.581999][T14863]  ? __lock_acquire+0x4a5/0x2630
[  503.582017][T14863]  trace_event_reg+0x209/0x350
[  503.582038][T14863]  __ftrace_event_enable_disable+0x211/0x6f0
[  503.582063][T14863]  __ftrace_set_clr_event_nolock+0x390/0xc30
[  503.582084][T14863]  ftrace_set_clr_event+0x1b7/0x3f0
[  503.582103][T14863]  ? __pfx_ftrace_set_clr_event+0x10/0x10
[  503.582120][T14863]  ? trace_get_user+0x3ae/0xa70
[  503.582146][T14863]  ftrace_event_write+0x259/0x2c0
[  503.582163][T14863]  ? __pfx_ftrace_event_write+0x10/0x10
[  503.582188][T14863]  vfs_write+0x2aa/0x1070
[  503.582206][T14863]  ? __pfx_ftrace_event_write+0x10/0x10
[  503.582225][T14863]  ? __pfx_vfs_write+0x10/0x10
[  503.582241][T14863]  ? __fget_files+0x215/0x3d0
[  503.582262][T14863]  ? __fget_files+0x21f/0x3d0
[  503.582284][T14863]  ksys_write+0x12a/0x250
[  503.582300][T14863]  ? __pfx_ksys_write+0x10/0x10
[  503.582319][T14863]  ? rcu_is_watching+0x12/0xc0
[  503.582347][T14863]  do_syscall_64+0x10b/0xf80
[  503.582367][T14863]  ? clear_bhb_loop+0x40/0x90
[  503.582389][T14863]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  503.582405][T14863] RIP: 0033:0x7ff83ed9cdd9
[  503.582418][T14863] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  503.582433][T14863] RSP: 002b:00007ff83fc7f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  503.582447][T14863] RAX: ffffffffffffffda RBX: 00007ff83f015fa0 RCX: 00007ff83ed9cdd9
[  503.582457][T14863] RDX: 0000000000000af0 RSI: 0000000000000000 RDI: 0000000000000009
[  503.582465][T14863] RBP: 00007ff83ee32d69 R08: 0000000000000000 R09: 0000000000000000
[  503.582474][T14863] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  503.582483][T14863] R13: 00007ff83f016038 R14: 00007ff83f015fa0 R15: 00007ffcf9a975d8
[  503.582503][T14863]  </TASK>
[  503.588054][T14863] event trace: Could not enable event nfsd_cb_queue
[  504.563543][T14891] bond0: invalid ARP target specified
[  506.838902][T14919] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2292'.
[  506.849682][T14919] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2292'.
[  508.140977][T14939] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2300'.
[  508.151195][T14939] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2300'.
[  508.537151][T14949] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2303'.
[  508.547862][T14949] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2303'.
[  509.318592][T14970] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2310'.
[  509.708503][T14978] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2313'.
[  510.054427][T14205] ACPI Error: Could not disable RealTimeClock events (20251212/evxfevnt-243)
[  510.072154][T14986] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2316'.
[  511.511535][T15007] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2324'.
[  515.904547][ T7377] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  515.920350][ T7377] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  515.928629][ T7377] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  515.936628][ T7377] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  515.947023][ T7377] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  516.124968][T15061] nbd: socks must be embedded in a SOCK_ITEM attr
[  516.162299][T15061] block nbd1: shutting down sockets
[  517.148996][T15055] bridge0: port 1(bridge_slave_0) entered blocking state
[  517.156255][T15055] bridge0: port 1(bridge_slave_0) entered disabled state
[  517.163980][T15055] bridge_slave_0: entered allmulticast mode
[  517.171701][T15055] bridge_slave_0: entered promiscuous mode
[  517.183704][T15055] bridge0: port 2(bridge_slave_1) entered blocking state
[  517.191192][T15055] bridge0: port 2(bridge_slave_1) entered disabled state
[  517.198878][T15055] bridge_slave_1: entered allmulticast mode
[  517.205941][T15055] bridge_slave_1: entered promiscuous mode
[  517.238012][T15055] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  517.251335][T15055] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  517.282032][T15055] team0: Port device team_slave_0 added
[  517.292378][T15055] team0: Port device team_slave_1 added
[  517.318654][T15055] batman_adv: batadv0: Adding interface: batadv_slave_0
[  517.326308][T15055] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  517.354068][T15055] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  517.366606][T15055] batman_adv: batadv0: Adding interface: batadv_slave_1
[  517.373990][T15055] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  517.403612][T15055] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  517.448976][T15055] hsr_slave_0: entered promiscuous mode
[  517.455447][T15055] hsr_slave_1: entered promiscuous mode
[  517.462921][T15055] debugfs: 'hsr0' already exists in 'hsr'
[  517.469172][T15055] Cannot create hsr debugfs directory
[  517.976277][ T7377] Bluetooth: hci3: command tx timeout
[  518.595168][T15096] __nla_validate_parse: 1 callbacks suppressed
[  518.595184][T15096] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2345'.
[  519.399744][ T5625] Process accounting resumed
[  519.546959][ T7460] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  519.558812][ T7460] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  519.568095][ T7460] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  519.578266][ T7460] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  519.588390][ T7460] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  519.621627][T15102] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2347'.
[  519.640421][T15105] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2347'.
[  520.043838][ T7377] Bluetooth: hci3: command tx timeout
[  520.383934][T15101] bridge0: port 1(bridge_slave_0) entered blocking state
[  520.402124][T15101] bridge0: port 1(bridge_slave_0) entered disabled state
[  520.412256][T15101] bridge_slave_0: entered allmulticast mode
[  520.427840][T15101] bridge_slave_0: entered promiscuous mode
[  520.444049][T15101] bridge0: port 2(bridge_slave_1) entered blocking state
[  520.461875][T15101] bridge0: port 2(bridge_slave_1) entered disabled state
[  520.479185][T15101] bridge_slave_1: entered allmulticast mode
[  520.492621][T15101] bridge_slave_1: entered promiscuous mode
[  520.549160][T15101] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  520.571787][T15101] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  520.634655][T15101] team0: Port device team_slave_0 added
[  520.653336][T15101] team0: Port device team_slave_1 added
[  520.707220][T15101] batman_adv: batadv0: Adding interface: batadv_slave_0
[  520.721847][T15101] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  520.779578][T15101] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  520.811757][T15101] batman_adv: batadv0: Adding interface: batadv_slave_1
[  520.828881][T15101] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  520.885713][T15101] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  520.966829][T15101] hsr_slave_0: entered promiscuous mode
[  520.979884][T15101] hsr_slave_1: entered promiscuous mode
[  520.996194][T15101] debugfs: 'hsr0' already exists in 'hsr'
[  521.018028][T15101] Cannot create hsr debugfs directory
[  521.635622][ T7377] Bluetooth: hci5: command tx timeout
[  522.113184][ T7377] Bluetooth: hci3: command tx timeout
[  523.704861][ T7377] Bluetooth: hci5: command tx timeout
[  524.182558][ T7377] Bluetooth: hci3: command tx timeout
[  524.843220][T15141] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2355'.
[  524.860740][T15141] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2355'.
[  525.774161][ T7377] Bluetooth: hci5: command tx timeout
[  526.591285][T15167] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2363'.
[  526.604517][T15167] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2363'.
[  527.843395][ T7377] Bluetooth: hci5: command tx timeout
[  548.492450][ T7460] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  548.505044][ T7460] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  548.515101][ T7460] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  548.526354][ T7460] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  548.536964][ T7460] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  548.968612][T15170] bridge0: port 1(bridge_slave_0) entered blocking state
[  548.976667][T15170] bridge0: port 1(bridge_slave_0) entered disabled state
[  548.984592][T15170] bridge_slave_0: entered allmulticast mode
[  548.991652][T15170] bridge_slave_0: entered promiscuous mode
[  548.999917][T15170] bridge0: port 2(bridge_slave_1) entered blocking state
[  549.007647][T15170] bridge0: port 2(bridge_slave_1) entered disabled state
[  549.015797][T15170] bridge_slave_1: entered allmulticast mode
[  549.022888][T15170] bridge_slave_1: entered promiscuous mode
[  549.057264][T15170] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  549.073837][T15170] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  549.102222][T15170] team0: Port device team_slave_0 added
[  549.110450][T15170] team0: Port device team_slave_1 added
[  549.135416][T15170] batman_adv: batadv0: Adding interface: batadv_slave_0
[  549.145060][T15170] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  549.172877][T15170] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  549.185984][T15170] batman_adv: batadv0: Adding interface: batadv_slave_1
[  549.193560][T15170] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  549.220133][T15170] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  549.267120][T15170] hsr_slave_0: entered promiscuous mode
[  549.274167][T15170] hsr_slave_1: entered promiscuous mode
[  549.280498][T15170] debugfs: 'hsr0' already exists in 'hsr'
[  549.286705][T15170] Cannot create hsr debugfs directory
[  550.604984][ T7460] Bluetooth: hci6: command tx timeout
[  552.674184][ T7460] Bluetooth: hci6: command tx timeout
[  554.743426][ T7460] Bluetooth: hci6: command tx timeout
[  556.812662][ T7460] Bluetooth: hci6: command tx timeout
[  561.988173][ T1315] ieee802154 phy0 wpan0: encryption failed: -22
[  561.995006][ T1315] ieee802154 phy1 wpan1: encryption failed: -22
[  576.022361][ T7377] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  576.038602][ T7377] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  576.049385][ T7377] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  576.061801][ T7377] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  576.071533][ T7377] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  576.496181][T15195] bridge0: port 1(bridge_slave_0) entered blocking state
[  576.505276][T15195] bridge0: port 1(bridge_slave_0) entered disabled state
[  576.512946][T15195] bridge_slave_0: entered allmulticast mode
[  576.520228][T15195] bridge_slave_0: entered promiscuous mode
[  576.527981][T15195] bridge0: port 2(bridge_slave_1) entered blocking state
[  576.536610][T15195] bridge0: port 2(bridge_slave_1) entered disabled state
[  576.544103][T15195] bridge_slave_1: entered allmulticast mode
[  576.551373][T15195] bridge_slave_1: entered promiscuous mode
[  576.583292][T15195] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  576.595004][T15195] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  576.625256][T15195] team0: Port device team_slave_0 added
[  576.633992][T15195] team0: Port device team_slave_1 added
[  576.657724][T15195] batman_adv: batadv0: Adding interface: batadv_slave_0
[  576.664835][T15195] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  576.692375][T15195] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  576.704488][T15195] batman_adv: batadv0: Adding interface: batadv_slave_1
[  576.712172][T15195] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  576.740467][T15195] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  576.781050][T15195] hsr_slave_0: entered promiscuous mode
[  576.787375][T15195] hsr_slave_1: entered promiscuous mode
[  576.794418][T15195] debugfs: 'hsr0' already exists in 'hsr'
[  576.800577][T15195] Cannot create hsr debugfs directory
[  578.141773][ T7377] Bluetooth: hci7: command tx timeout
[  579.521343][ T7460] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[  579.537282][ T7460] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[  579.549364][ T7460] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[  579.557211][ T7460] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[  579.565107][ T7460] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[  580.042087][T15215] bridge0: port 1(bridge_slave_0) entered blocking state
[  580.049325][T15215] bridge0: port 1(bridge_slave_0) entered disabled state
[  580.057236][T15215] bridge_slave_0: entered allmulticast mode
[  580.064977][T15215] bridge_slave_0: entered promiscuous mode
[  580.073030][T15215] bridge0: port 2(bridge_slave_1) entered blocking state
[  580.080213][T15215] bridge0: port 2(bridge_slave_1) entered disabled state
[  580.087915][T15215] bridge_slave_1: entered allmulticast mode
[  580.095876][T15215] bridge_slave_1: entered promiscuous mode
[  580.126419][T15215] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  580.145073][T15215] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  580.177401][T15215] team0: Port device team_slave_0 added
[  580.185438][T15215] team0: Port device team_slave_1 added
[  580.210439][T15215] batman_adv: batadv0: Adding interface: batadv_slave_0
[  580.218153][ T7460] Bluetooth: hci7: command tx timeout
[  580.223999][T15215] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  580.253740][T15215] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  580.266236][T15215] batman_adv: batadv0: Adding interface: batadv_slave_1
[  580.273573][T15215] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  580.300597][T15215] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  580.342041][T15215] hsr_slave_0: entered promiscuous mode
[  580.348422][T15215] hsr_slave_1: entered promiscuous mode
[  580.355855][T15215] debugfs: 'hsr0' already exists in 'hsr'
[  580.363929][T15215] Cannot create hsr debugfs directory
[  581.643609][ T7460] Bluetooth: hci8: command tx timeout
[  582.280292][ T7460] Bluetooth: hci7: command tx timeout
[  583.712806][ T7460] Bluetooth: hci8: command tx timeout
[  584.349561][ T7460] Bluetooth: hci7: command tx timeout
[  585.782047][ T7460] Bluetooth: hci8: command tx timeout
[  587.851553][ T7460] Bluetooth: hci8: command tx timeout
[  594.618936][ T7460] Bluetooth: hci4: command 0x0406 tx timeout
[  608.557588][ T7460] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1
[  608.580926][ T7460] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9
[  608.589229][ T7460] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9
[  608.605079][ T7460] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4
[  608.614919][ T7460] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2
[  609.064087][T15237] bridge0: port 1(bridge_slave_0) entered blocking state
[  609.071406][T15237] bridge0: port 1(bridge_slave_0) entered disabled state
[  609.078904][T15237] bridge_slave_0: entered allmulticast mode
[  609.087792][T15237] bridge_slave_0: entered promiscuous mode
[  609.095844][T15237] bridge0: port 2(bridge_slave_1) entered blocking state
[  609.105365][T15237] bridge0: port 2(bridge_slave_1) entered disabled state
[  609.112964][T15237] bridge_slave_1: entered allmulticast mode
[  609.120018][T15237] bridge_slave_1: entered promiscuous mode
[  609.149201][T15237] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  609.161147][T15237] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  609.192632][T15237] team0: Port device team_slave_0 added
[  609.200914][T15237] team0: Port device team_slave_1 added
[  609.224011][T15237] batman_adv: batadv0: Adding interface: batadv_slave_0
[  609.231357][T15237] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  609.259304][T15237] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  609.273537][T15237] batman_adv: batadv0: Adding interface: batadv_slave_1
[  609.281368][T15237] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  609.307882][T15237] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  609.347168][T15237] hsr_slave_0: entered promiscuous mode
[  609.353563][T15237] hsr_slave_1: entered promiscuous mode
[  609.361874][T15237] debugfs: 'hsr0' already exists in 'hsr'
[  609.367621][T15237] Cannot create hsr debugfs directory
[  610.693552][ T7377] Bluetooth: hci9: command tx timeout
[  612.761670][ T7377] Bluetooth: hci9: command tx timeout
[  614.833122][ T7460] Bluetooth: hci9: command tx timeout
[  614.990240][ T9117] Bluetooth: hci1: command 0x0406 tx timeout
[  616.900200][ T7377] Bluetooth: hci9: command tx timeout
[  623.114004][ T1315] ieee802154 phy0 wpan0: encryption failed: -22
[  623.121906][ T1315] ieee802154 phy1 wpan1: encryption failed: -22
[  636.089961][ T9117] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1
[  636.104979][ T9117] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9
[  636.116535][ T9117] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9
[  636.125389][ T9117] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4
[  636.141145][ T9117] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2
[  636.645856][T15265] bridge0: port 1(bridge_slave_0) entered blocking state
[  636.653500][T15265] bridge0: port 1(bridge_slave_0) entered disabled state
[  636.663755][T15265] bridge_slave_0: entered allmulticast mode
[  636.672552][T15265] bridge_slave_0: entered promiscuous mode
[  636.681415][T15265] bridge0: port 2(bridge_slave_1) entered blocking state
[  636.691351][T15265] bridge0: port 2(bridge_slave_1) entered disabled state
[  636.699571][T15265] bridge_slave_1: entered allmulticast mode
[  636.707495][T15265] bridge_slave_1: entered promiscuous mode
[  636.751172][T15265] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  636.770839][T15265] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  636.808462][T15265] team0: Port device team_slave_0 added
[  636.818039][T15265] team0: Port device team_slave_1 added
[  636.844776][T15265] batman_adv: batadv0: Adding interface: batadv_slave_0
[  636.853053][T15265] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  636.888121][T15265] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  636.902070][T15265] batman_adv: batadv0: Adding interface: batadv_slave_1
[  636.910107][T15265] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  636.937408][T15265] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  636.983748][T15265] hsr_slave_0: entered promiscuous mode
[  636.991938][T15265] hsr_slave_1: entered promiscuous mode
[  636.999488][T15265] debugfs: 'hsr0' already exists in 'hsr'
[  637.005351][T15265] Cannot create hsr debugfs directory
[  638.149857][ T9117] Bluetooth: hci10: command tx timeout
[  639.587353][T15257] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1
[  639.600867][T15257] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9
[  639.612568][T15257] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9
[  639.623949][T15257] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4
[  639.636291][T15257] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2
[  640.094171][T15286] bridge0: port 1(bridge_slave_0) entered blocking state
[  640.102888][T15286] bridge0: port 1(bridge_slave_0) entered disabled state
[  640.111062][T15286] bridge_slave_0: entered allmulticast mode
[  640.118342][T15286] bridge_slave_0: entered promiscuous mode
[  640.126441][T15286] bridge0: port 2(bridge_slave_1) entered blocking state
[  640.135560][T15286] bridge0: port 2(bridge_slave_1) entered disabled state
[  640.144775][T15286] bridge_slave_1: entered allmulticast mode
[  640.152147][T15286] bridge_slave_1: entered promiscuous mode
[  640.182764][T15286] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  640.194935][T15286] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  640.219857][T15257] Bluetooth: hci10: command tx timeout
[  640.230780][T15286] team0: Port device team_slave_0 added
[  640.240594][T15286] team0: Port device team_slave_1 added
[  640.265404][T15286] batman_adv: batadv0: Adding interface: batadv_slave_0
[  640.273182][T15286] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  640.301947][T15286] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  640.314503][T15286] batman_adv: batadv0: Adding interface: batadv_slave_1
[  640.322002][T15286] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  640.351060][T15286] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  640.392018][T15286] hsr_slave_0: entered promiscuous mode
[  640.398847][T15286] hsr_slave_1: entered promiscuous mode
[  640.404971][T15286] debugfs: 'hsr0' already exists in 'hsr'
[  640.411488][T15286] Cannot create hsr debugfs directory
[  640.459034][T15257] Bluetooth: hci3: command 0x0406 tx timeout
[  641.651604][ T7377] Bluetooth: hci11: command tx timeout
[  642.288345][ T7377] Bluetooth: hci10: command tx timeout
[  643.720769][ T7377] Bluetooth: hci11: command tx timeout
[  644.357439][ T7377] Bluetooth: hci10: command tx timeout
[  644.755807][   T31] INFO: task syz-executor:14513 blocked for more than 143 seconds.
[  644.763828][   T31]       Tainted: G     U       L      syzkaller #0
[  644.774320][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  644.783329][   T31] task:syz-executor    state:D stack:24784 pid:14513 tgid:14513 ppid:1      task_flags:0x480140 flags:0x00080002
[  644.795768][   T31] Call Trace:
[  644.799063][   T31]  <TASK>
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  644.801986][   T31]  __schedule+0x1295/0x67a0
[  644.807018][   T31]  ? __pfx___schedule+0x10/0x10
[  644.812325][   T31]  ? find_held_lock+0x2b/0x80
[  644.824847][   T31]  ? schedule+0x2bf/0x390
[  644.836151][   T31]  schedule+0xdd/0x390
[  644.842010][   T31]  schedule_timeout+0x1b2/0x280
[  644.854950][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[  644.864654][   T31]  ? mark_held_locks+0x40/0x70
[  644.875411][   T31]  __wait_for_common+0x2e7/0x4c0
[  644.884825][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[  644.896467][   T31]  ? __pfx___wait_for_common+0x10/0x10
[  644.930649][   T31]  remove_one+0x312/0x420
[  644.961696][   T31]  ? find_next_child+0x18f/0x280
[  644.986095][   T31]  __simple_recursive_removal+0x148/0x5c0
[  645.007932][   T31]  ? __pfx_remove_one+0x10/0x10
[  645.017635][   T31]  debugfs_remove+0x5d/0x80
[  645.034005][   T31]  nsim_dev_health_exit+0x3b/0xe0
[  645.039126][   T31]  nsim_dev_reload_destroy+0x144/0x4a0
[  645.052139][   T31]  nsim_drv_remove+0x52/0x1e0
[  645.058133][   T31]  ? __pfx_nsim_bus_remove+0x10/0x10
[  645.063445][   T31]  device_remove+0xcb/0x180
[  645.068302][   T31]  device_release_driver_internal+0x44e/0x620
[  645.076232][   T31]  bus_remove_device+0x2bc/0x560
[  645.081191][   T31]  ? __pfx_bus_remove_device+0x10/0x10
[  645.087020][   T31]  ? __pfx_device_remove_attrs+0x10/0x10
[  645.092669][   T31]  device_del+0x376/0x9b0
[  645.097854][   T31]  ? __pfx_device_del+0x10/0x10
[  645.102742][   T31]  ? __lock_acquire+0x4a5/0x2630
[  645.108033][   T31]  device_unregister+0x1d/0xe0
[  645.112810][   T31]  del_device_store+0x346/0x480
[  645.118368][   T31]  ? __pfx_del_device_store+0x10/0x10
[  645.123990][   T31]  ? find_held_lock+0x2b/0x80
[  645.129662][   T31]  ? sysfs_file_kobj+0xe4/0x290
[  645.134931][   T31]  ? sysfs_file_kobj+0xe4/0x290
[  645.139810][   T31]  ? __pfx_del_device_store+0x10/0x10
[  645.145520][   T31]  bus_attr_store+0x74/0xb0
[  645.150050][   T31]  ? __pfx_bus_attr_store+0x10/0x10
[  645.162282][   T31]  sysfs_kf_write+0xf2/0x150
[  645.168331][   T31]  kernfs_fop_write_iter+0x3e0/0x5f0
[  645.174132][   T31]  ? __pfx_sysfs_kf_write+0x10/0x10
[  645.179347][   T31]  vfs_write+0x6ac/0x1070
[  645.184129][   T31]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  645.189964][   T31]  ? __pfx_vfs_write+0x10/0x10
[  645.195367][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[  645.200633][   T31]  ksys_write+0x12a/0x250
[  645.206084][   T31]  ? __pfx_ksys_write+0x10/0x10
[  645.211000][   T31]  ? rcu_is_watching+0x12/0xc0
[  645.216288][   T31]  do_syscall_64+0x10b/0xf80
[  645.220983][   T31]  ? clear_bhb_loop+0x40/0x90
[  645.227396][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  645.234023][   T31] RIP: 0033:0x7f900d95d60e
[  645.238606][   T31] RSP: 002b:00007ffc98cbe828 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  645.247346][   T31] RAX: ffffffffffffffda RBX: 00005555883c9500 RCX: 00007f900d95d60e
[  645.255682][   T31] RDX: 0000000000000001 RSI: 00007ffc98cbe8b0 RDI: 0000000000000005
[  645.264276][   T31] RBP: 00007f900da335ec R08: 0000000000000000 R09: 0000000000000000
[  645.273880][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  645.281881][   T31] R13: 00007ffc98cbe8b0 R14: 00007f900e744620 R15: 0000000000000003
[  645.290472][   T31]  </TASK>
[  645.295238][   T31] INFO: task syz.1.2261:14782 blocked for more than 143 seconds.
[  645.319925][   T31]       Tainted: G     U       L      syzkaller #0
[  645.326790][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  645.336918][   T31] task:syz.1.2261      state:D stack:29016 pid:14782 tgid:14774 ppid:14129  task_flags:0x400040 flags:0x00080002
[  645.349188][   T31] Call Trace:
[  645.352741][   T31]  <TASK>
[  645.355685][   T31]  __schedule+0x1295/0x67a0
[  645.360197][   T31]  ? __pfx___schedule+0x10/0x10
[  645.365522][   T31]  ? find_held_lock+0x2b/0x80
[  645.370230][   T31]  ? schedule+0x2bf/0x390
[  645.374850][   T31]  schedule+0xdd/0x390
[  645.378944][   T31]  schedule_preempt_disabled+0x13/0x30
[  645.385877][   T31]  __mutex_lock+0xced/0x1b10
[  645.390682][   T31]  ? devlink_health_report+0x66c/0xb20
[  645.401049][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  645.406381][   T31]  ? devlink_recover_notify.constprop.0+0x1e3/0x540
[  645.413388][   T31]  ? devlink_health_report+0x66c/0xb20
[  645.418924][   T31]  devlink_health_report+0x66c/0xb20
[  645.425232][   T31]  ? __pfx_devlink_health_report+0x10/0x10
[  645.432479][   T31]  ? _copy_from_user+0x59/0xd0
[  645.437353][   T31]  nsim_dev_health_break_write+0x166/0x210
[  645.444066][   T31]  ? __pfx_nsim_dev_health_break_write+0x10/0x10
[  645.450447][   T31]  full_proxy_write+0x135/0x1a0
[  645.455632][   T31]  vfs_write+0x2aa/0x1070
[  645.459977][   T31]  ? __pfx_full_proxy_write+0x10/0x10
[  645.465818][   T31]  ? __pfx_vfs_write+0x10/0x10
[  645.470613][   T31]  ? __fget_files+0x215/0x3d0
[  645.477068][   T31]  ? __fget_files+0x21f/0x3d0
[  645.482184][   T31]  ksys_write+0x12a/0x250
[  645.486548][   T31]  ? __pfx_ksys_write+0x10/0x10
[  645.493009][   T31]  ? kcov_ioctl+0x16a/0x720
[  645.497537][   T31]  ? rcu_is_watching+0x12/0xc0
[  645.502671][   T31]  do_syscall_64+0x10b/0xf80
[  645.507383][   T31]  ? clear_bhb_loop+0x40/0x90
[  645.512377][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  645.518322][   T31] RIP: 0033:0x7f6ffe19cdd9
[  645.523498][   T31] RSP: 002b:00007f6ffefdb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  645.533851][   T31] RAX: ffffffffffffffda RBX: 00007f6ffe416090 RCX: 00007f6ffe19cdd9
[  645.542263][   T31] RDX: 00000000000001e1 RSI: 0000200000000080 RDI: 0000000000000007
[  645.550363][   T31] RBP: 00007f6ffe232d69 R08: 0000000000000000 R09: 0000000000000000
[  645.563788][ T7377] Bluetooth: hci5: command 0x0406 tx timeout
[  645.570217][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  645.578586][   T31] R13: 00007f6ffe416128 R14: 00007f6ffe416090 R15: 00007ffe3c72f808
[  645.586930][   T31]  </TASK>
[  645.628252][   T31] 
[  645.628252][   T31] Showing all locks held in the system:
[  645.648389][   T31] 1 lock held by khungtaskd/31:
[  645.660577][   T31]  #0: ffffffff8e7e52e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184
[  645.680589][   T31] 1 lock held by syz.3.841/9067:
[  645.690585][   T31] 2 locks held by getty/11465:
[  645.700536][   T31]  #0: ffff8880372c60a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80
[  645.722291][   T31]  #1: ffffc9000343d2e8 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x419/0x14f0
[  645.750632][   T31] 7 locks held by syz-executor/14513:
[  645.756184][   T31]  #0: ffff888033ad2410 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250
[  645.788381][   T31]  #1: ffff88805ceed480 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0
[  645.798382][T15257] Bluetooth: hci11: command tx timeout
[  645.817298][   T31]  #2: ffff888029de7c38 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0
[  645.841361][   T31]  #3: ffffffff8fb80220 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480
[  645.876633][   T31]  #4: ffff88805ce42128 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xb2/0x620
[  645.887585][   T31]  #5: ffff88805ce4d258 (&devlink->lock_key#4){+.+.}-{4:4}, at: nsim_drv_remove+0x4a/0x1e0
[  645.898268][   T31]  #6: ffff888046eb5e50 (&sb->s_type->i_mutex_key#9/2){+.+.}-{4:4}, at: __simple_recursive_removal+0xe0/0x5c0
[  645.910311][   T31] 3 locks held by syz.1.2261/14782:
[  645.915538][   T31]  #0: ffff888078da8d30 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2aa/0x380
[  645.925094][   T31]  #1: ffff88802029a410 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250
[  645.934530][   T31]  #2: ffff88805ce4d258 (&devlink->lock_key#4){+.+.}-{4:4}, at: devlink_health_report+0x66c/0xb20
[  645.946509][   T31] 2 locks held by syz.0.2280/14887:
[  645.953114][   T31]  #0: ffff88802029a410 (sb_writers#8){.+.+}-{0:0}, at: path_openat+0x9b1/0x31a0
[  645.962609][   T31]  #1: ffff888046eb5e50 (&sb->s_type->i_mutex_key#17){++++}-{4:4}, at: path_openat+0xa16/0x31a0
[  645.975511][   T31] 4 locks held by syz-executor/15055:
[  645.981171][   T31]  #0: ffff888033ad2410 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250
[  645.990459][   T31]  #1: ffff888026971480 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0
[  646.000769][   T31]  #2: ffff888029de7c38 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0
[  646.011226][   T31]  #3: ffffffff8fb80220 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480
[  646.021752][   T31] 4 locks held by syz-executor/15101:
[  646.027165][   T31]  #0: ffff888033ad2410 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250
[  646.037409][   T31]  #1: ffff8880797a2480 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0
[  646.048735][   T31]  #2: ffff888029de7c38 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0
[  646.060207][   T31]  #3: ffffffff8fb80220 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480
[  646.070804][   T31] 4 locks held by syz-executor/15170:
[  646.076178][   T31]  #0: ffff888033ad2410 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250
[  646.086009][   T31]  #1: ffff888078c2c080 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0
[  646.096111][   T31]  #2: ffff888029de7c38 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0
[  646.106312][   T31]  #3: ffffffff8fb80220 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480
[  646.117871][   T31] 4 locks held by syz-executor/15195:
[  646.123452][   T31]  #0: ffff888033ad2410 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250
[  646.132767][   T31]  #1: ffff888078fd5480 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0
[  646.142734][   T31]  #2: ffff888029de7c38 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0
[  646.154147][   T31]  #3: ffffffff8fb80220 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480
[  646.164786][   T31] 4 locks held by syz-executor/15215:
[  646.171514][   T31]  #0: ffff888033ad2410 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250
[  646.180770][   T31]  #1: ffff88802d44d080 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0
[  646.197252][   T31]  #2: ffff888029de7c38 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0
[  646.207547][   T31]  #3: ffffffff8fb80220 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480
[  646.218514][   T31] 4 locks held by syz-executor/15237:
[  646.224076][   T31]  #0: ffff888033ad2410 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250
[  646.233695][   T31]  #1: ffff88805c2ec880 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0
[  646.243800][   T31]  #2: ffff888029de7c38 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0
[  646.255206][   T31]  #3: ffffffff8fb80220 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480
[  646.265991][   T31] 4 locks held by syz-executor/15265:
[  646.272189][   T31]  #0: ffff888033ad2410 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250
[  646.282641][   T31]  #1: ffff88802a980880 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0
[  646.292952][   T31]  #2: ffff888029de7c38 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0
[  646.303771][   T31]  #3: ffffffff8fb80220 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480
[  646.314797][   T31] 4 locks held by syz-executor/15286:
[  646.320435][   T31]  #0: ffff888033ad2410 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250
[  646.330014][   T31]  #1: ffff888075509880 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0
[  646.340075][   T31]  #2: ffff888029de7c38 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0
[  646.352086][   T31]  #3: ffffffff8fb80220 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480
[  646.389288][   T31] 
[  646.391704][   T31] =============================================
[  646.391704][   T31] 
[  646.404517][   T31] NMI backtrace for cpu 0
[  646.404535][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G     U       L      syzkaller #0 PREEMPT(full) 
[  646.404557][   T31] Tainted: [U]=USER, [L]=SOFTLOCKUP
[  646.404562][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  646.404570][   T31] Call Trace:
[  646.404576][   T31]  <TASK>
[  646.404582][   T31]  dump_stack_lvl+0x100/0x190
[  646.404603][   T31]  nmi_cpu_backtrace.cold+0x12d/0x151
[  646.404622][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  646.404639][   T31]  nmi_trigger_cpumask_backtrace+0x1d7/0x230
[  646.404658][   T31]  sys_info+0x141/0x190
[  646.404672][   T31]  watchdog+0xcb1/0x1030
[  646.404696][   T31]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  646.404717][   T31]  ? __pfx_watchdog+0x10/0x10
[  646.404737][   T31]  ? __kthread_parkme+0x18c/0x230
[  646.404759][   T31]  ? kthread+0x13a/0x450
[  646.404771][   T31]  ? __pfx_watchdog+0x10/0x10
[  646.404790][   T31]  kthread+0x370/0x450
[  646.404803][   T31]  ? __pfx_kthread+0x10/0x10
[  646.404816][   T31]  ret_from_fork+0x72b/0xd50
[  646.404834][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  646.404850][   T31]  ? __switch_to+0x800/0x1100
[  646.404875][   T31]  ? __switch_to_asm+0x39/0x70
[  646.404894][   T31]  ? __pfx_kthread+0x10/0x10
[  646.404907][   T31]  ret_from_fork_asm+0x1a/0x30
[  646.404935][   T31]  </TASK>
[  646.545279][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  646.552139][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G     U       L      syzkaller #0 PREEMPT(full) 
[  646.562833][   T31] Tainted: [U]=USER, [L]=SOFTLOCKUP
[  646.568458][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  646.578510][   T31] Call Trace:
[  646.581781][   T31]  <TASK>
[  646.584699][   T31]  dump_stack_lvl+0x100/0x190
[  646.589370][   T31]  vpanic+0x552/0x970
[  646.593335][   T31]  ? __pfx_vpanic+0x10/0x10
[  646.597821][   T31]  ? nmi_trigger_cpumask_backtrace+0x182/0x230
[  646.603959][   T31]  ? nmi_trigger_cpumask_backtrace+0x182/0x230
[  646.610187][   T31]  panic+0xd1/0xe0
[  646.613921][   T31]  ? __pfx_panic+0x10/0x10
[  646.618324][   T31]  ? nmi_trigger_cpumask_backtrace+0x1b5/0x230
[  646.624464][   T31]  ? nmi_trigger_cpumask_backtrace+0x1f6/0x230
[  646.630602][   T31]  ? nmi_trigger_cpumask_backtrace+0x200/0x230
[  646.636739][   T31]  ? watchdog.cold+0x1ec/0x234
[  646.641494][   T31]  ? watchdog+0xcc1/0x1030
[  646.646003][   T31]  watchdog.cold+0x1fd/0x234
[  646.650877][   T31]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  646.656687][   T31]  ? __pfx_watchdog+0x10/0x10
[  646.661433][   T31]  ? __kthread_parkme+0x18c/0x230
[  646.666553][   T31]  ? kthread+0x13a/0x450
[  646.670869][   T31]  ? __pfx_watchdog+0x10/0x10
[  646.675547][   T31]  kthread+0x370/0x450
[  646.679729][   T31]  ? __pfx_kthread+0x10/0x10
[  646.684338][   T31]  ret_from_fork+0x72b/0xd50
[  646.688928][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  646.694244][   T31]  ? __switch_to+0x800/0x1100
[  646.698916][   T31]  ? __switch_to_asm+0x39/0x70
[  646.703697][   T31]  ? __pfx_kthread+0x10/0x10
[  646.708390][   T31]  ret_from_fork_asm+0x1a/0x30
[  646.713262][   T31]  </TASK>
[  646.716347][   T31] Kernel Offset: disabled
[  646.720672][   T31] Rebooting in 86400 seconds..