last executing test programs: 16m35.807920446s ago: executing program 3 (id=286): socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x9, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) r1 = ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$auto_KVM_GET_MSRS(r1, 0x4068aea3, 0x0) timer_create$auto(0x803, 0x0, 0x0) r2 = fanotify_init$auto(0x5, 0x2000000000002) fanotify_mark$auto(r2, 0x9, 0x9, 0xffffffffffffffff, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tracing_saved_tgids_fops_trace(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/tracing/saved_tgids\x00', 0x109100, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttynull\x00', 0x201, 0x0) preadv2$auto(0xffffffffffffffff, 0x0, 0x6, 0xffffffffffffffff, 0x3ffff, 0x2e) syz_genetlink_get_family_id$auto_gtp(0x0, 0xffffffffffffffff) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x8000000) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x55) r3 = socket(0x2, 0x3, 0xa) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x8) bind$auto(r3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyz7\x00', 0x48f41, 0x0) write$auto(0x3, 0x0, 0xfffffdef) 16m34.399735661s ago: executing program 3 (id=292): eventfd$auto(0x40000005) r0 = socket(0x2, 0x80002, 0x73) getsockname$auto(r0, &(0x7f0000000000)=@isdn={0x22, 0x9, 0x0, 0x1, 0x10}, &(0x7f00000000c0)=0xd) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x20000000}, 0x890) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x20000820}, 0x4040000) r1 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/input/event1\x00', 0x2080, 0x0) ioctl$auto_EVIOCSCLOCKID(r1, 0x400445a0, &(0x7f0000000000)=0x1) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0xa, 0x1, 0x84) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/rpc/nfs4.nametoid/content\x00', 0x2000, 0x0) read$auto_proc_reg_file_ops_compat_inode(r2, &(0x7f0000000100)=""/135, 0x87) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) close_range$auto(0x0, 0xffffeffe, 0x2) pipe$auto(0x0) unshare$auto(0x40000080) r3 = open(0x0, 0x571243, 0x134) r4 = openat$auto_uprobe_events_ops_trace_uprobe(0xffffffffffffff9c, 0x0, 0x1, 0x0) writev$auto(r4, &(0x7f0000000bc0)={0x0, 0x81}, 0x3) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/platform/mac802154_hwsim/ieee802154/phy1/net/wpan1/statistics/rx_packets\x00', 0x244100, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r5, 0x0, 0x0) write$auto_cachefiles_daemon_fops_internal(0xffffffffffffffff, 0x0, 0x0) ioctl$auto_NS_GET_TGID_IN_PIDNS(r3, 0x8004b709, &(0x7f0000000040)=0x5) r6 = openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/ieee80211/phy3/netdev:wlan0/stations/08:02:11:00:00:01/he_capa\x00', 0xa0080, 0x0) read$auto_debugfs_full_proxy_file_operations_internal(r6, 0x0, 0x0) unshare$auto(0x40000080) openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/tracing/set_event\x00', 0x101901, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nbd15/queue/scheduler\x00', 0x103a42, 0x0) 16m32.400066409s ago: executing program 3 (id=296): mmap$auto(0x0, 0x400008, 0x5f, 0x9b72, 0x2, 0x8000) (async, rerun: 64) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) (async, rerun: 64) close_range$auto(0x0, 0xfffffffffffff000, 0x2) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/bdi/43:352/strict_limit\x00', 0x100b02, 0x0) (async) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop6\x00', 0x101303, 0x0) ioctl$auto_SG_GET_RESERVED_SIZE(r0, 0x4c00, 0x0) (async, rerun: 32) syz_genetlink_get_family_id$auto_l2tp(&(0x7f00000000c0), 0xffffffffffffffff) (async, rerun: 32) setsockopt$auto(0x3, 0x1, 0x4c, 0x0, 0x9) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_ID(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYRES16=0x0, @ANYBLOB="21020cbd70c031cd"], 0x14}}, 0x4000091) fchown$auto(0xffffffffffffffff, 0x0, 0x0) sendmsg$auto_NETDEV_CMD_PAGE_POOL_GET(0xffffffffffffffff, 0x0, 0x0) r1 = pidfd_open$auto(0x1, 0x0) setns(r1, 0x60020000) (async) mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000180)='nfsd\x00', 0x8, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) (async) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async) pivot_root$auto(&(0x7f0000000100)='..\x00', &(0x7f0000000340)='.\x00z\x86E\xb8\xf1\xcbx\xf6cu<\x0e\xd8\xa5\xcd~\xaf\x80\xd3\xf4\xe5\x02\xf9q p\xe2\x8b\xc0\xedf\xba\x16*\x8ar\xa0\'$A\xe5\xc5\x89\xcb\xd5\xac\x98,\xd4Pycv\xdd\xa1\x84\xfb\xe9\r\x82\x15P*IM\xf7.\xf3v\x85Q\xbc:\xef\xd5\x1a\x9e\xbck\x1d\x114^\x1b\x02\xa1\xb0(\xa2\xdb\xbc\x1a\t\x94\x14\xbb\xc8\xfa\x18I\xff\x7f\xab\xf0\x8f\xd3Gr\xfb5\xf1,\x11\x052u&\xde\x9aF\n\xf0\x06\xfc\x1b\x17\x82%\x14\xb3\x19\x13\f\xbe_\xfdi\x17\xfcv\x82*\xbf<\xfa5\xfd\x8b\x1d\x99\a`\xde\xf4\x8a,\tP) \xf4\xdc\r\x17x\xc6\x18Y\xeaaUY\xeb\xd2\x81\xbare\x00\x8e\xfdA\x93\xb9\xac\xf1\x0eq\x85\xd9\x90\x8a%K\x95\x8fm\v\x98y\x9bc-\xa7;\x117\x19)\x04\xb4\nJ\x0e\x1b\x97e\xee\xdb\xc3\xca\xfe\xa7y\x12\xff\xce') (async, rerun: 64) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async, rerun: 64) sysfs$auto(0x2, 0x4d, 0x0) (async, rerun: 64) fsopen$auto(0x0, 0x1) (rerun: 64) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x109401, 0x0) ioctl$auto(r2, 0x540a, 0x0) socket(0xa, 0x5, 0x0) timer_create$auto(0x0, 0x0, 0x0) (async) r3 = prctl$auto(0x3e, 0x100000000001, 0xffffffffffffffff, 0x1, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r3, 0x0, 0x0) (async, rerun: 32) socket(0xa, 0x801, 0x84) (rerun: 32) msgctl$auto_MSG_STAT(0x0, 0xb, &(0x7f0000004500)={{0x0, 0x0, 0x0, 0x8, 0x3, 0x8000, 0x1}, 0x0, 0x0, 0x8000000000000001, 0xac6, 0xffffffffffff966c, 0x0, 0x8, 0xbaa, 0x7, 0x8, @inferred, @raw=0xd}) (async) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) 16m30.847994466s ago: executing program 3 (id=304): mmap$auto(0x200000000, 0xc, 0x0, 0x40009b72, 0x2, 0x8000) (async) mremap$auto(0x1ff000, 0x100008, 0x843, 0x3, 0xfffff000) (async) request_key$auto_KEY_SPEC_SESSION_KEYRING(&(0x7f0000000140)='1\x81=\"\xad/\x8d\b\x00\x18\xa4\xb0\xb4\xd9\x82=~\x17\xfb&L\xeb=j\a\xf1y\xb3\"\xeb\a\xdd\xf4\xf4Ry\xee\xd7\x1e\x1c\x86\x0f\x03\x00\x00\x00\x00\x00\x00\x00*\xc1M+6/v8\xea\xe9\x85s4\xfe\xe5\t\x7fc\xfb7^\xb86J_\x1d\xbcs!\x01\xff\xff\xff\xff\xff\xff\xff\x1dF\xe6\xf6\x17\x10+\xc0\xb0\xafc\x99\xc4\x150Y~\x1e\xe2\xd6x4fW\x13\xc4U`\x9e-X\xd7\xe2H^\fLS`\xfc\xbb\r\f\x00\xeaN\xa5\xd2\x82;\x7f\xa0.\x9a\xfb\x8d\xf3l\xf2\xd3\x95\xc1M5\xcb\xa6I\x067\xe36\xea\xe9\xe3\xf44oT_`8\xb3\xef\x04 \x05K\xf9\x87pl\xac\x86\nE\xc7e\xc5Q\x89\xcd@\x1c\x92\x00\x87\x976\x9f>\xa2\xcfm\xec\r\x11\x7f\x00\x00\x00\xb1\xde@\x02\xce\x03\xf7\xb1\xfb\x9fr\v\xb2\xe3\xc7\b\x85C /zm\x7f\x8fg,p\a\xc8\x7f\xa5\x87\x02\x87\xbbR=A\x00\x1f\x8a\xa7/Q\"J\xbb\xb0m\xf2SP\x84\x84S\xf0\xba\x9a\xf6\xb6`WI\xba\xba*8\x9f\xea\xe8K/\x98\xbc7~>\x12\x9buB\xcb\xe4\x8aKf\xba\x8c\x19m\xe6I\x02\xde\x80\x9d\x87}\xf4\xbd9\x9bA\xac\x9c\x8e\r(\x1d\x98\x84\x98\xaa\xd6\xdb1]\xde\xa0r\x14\xca56^\x94\xd2\xd8\xe6}9\x91\xb6\xf7\xa1=\x96\x11\xf1\\\xa91\x0e\xd1\xe4z\xc1;Pw!\x8b\xf5{\xc7Xd\xf1\xf2}\x96EVf\xc9\xa8\xcd\xe4\xc9\x8d\x1d7\xd5\x94\\\xb5\r\xd2\xaa\xe6H\xfe)\xb3a\x04\x1eRMl\xa3F\xa8W0\x90\xc9Ky#\x03\xf5~\xd2Z\xe9(\x99\b\x00M\xde\x01]\r\xd09k\xc2\x84\xc1\xabN\x96\x8a6\x98@\xd3\xab\xa8m\xdf\x8d\x1d\b\x82\xfcP\x87\x93\x80\x97Q\x86\x8a\x9c\xf8L\x0f\xa8@VE2\x9d\x1e`#\xd8\xd7M\xd4k1\xe6\x13Y\\\x83E\xd0e\x0eM\xa9Q\xac\x0e\x1d]\a\x19H\x81\xd2\xccF\xc6\xd4\xe2R$\xfa\xd6}\xbdsN\x18\xdf\xf5\xffP\xf5\f\xccL\xef\x83\xb3$\xd4\xf4\xb5\xe6\xd0 \xb9\xa7\x8e6\t\x83q\xef\b\xd2\xdb', &(0x7f0000000380)='[}\x00', 0x0, 0xfffffffffffffffd) r0 = openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000100)='/proc/loadavg\x00', 0x40002, 0x0) sendfile$auto(r0, r0, &(0x7f0000000040)=0x8010, 0x788b) (async) mremap$auto(0x9, 0x5, 0x400000000000004, 0x90f, 0x4008) 16m30.576020048s ago: executing program 3 (id=305): r0 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) sendmsg$auto_NET_SHAPER_CMD_GROUP(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, &(0x7f00000015c0)={&(0x7f0000000440)={0x14, 0x0, 0x1, 0x70bd29, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x44000}, 0x14) write$auto(r0, &(0x7f00000000c0)='\xc4\x1dR\x00\x003\x1bO\xbb\x98)\x7fTa1\xa3\xd0\x89\x1e\\\xff', 0x8587) 16m30.317253764s ago: executing program 3 (id=307): r0 = socket(0xa, 0x1, 0x84) mmap$auto(0xffffffffffffffff, 0x20009, 0x4000000000df, 0xeb1, r0, 0x8001) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x301004, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x0, 0x5, 0x5) mmap$auto(0x0, 0x400008, 0xdf, 0x4000000000009b72, 0x2, 0x8000) mmap$auto(0x0, 0xf4, 0xdf, 0xeb1, 0x69a5, 0xa800000000000000) sysfs$auto(0x2, 0x2100000001, 0x0) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) setsockopt$auto(0x3, 0x10000000084, 0xb, 0x0, 0xc) 16m15.21438217s ago: executing program 32 (id=307): r0 = socket(0xa, 0x1, 0x84) mmap$auto(0xffffffffffffffff, 0x20009, 0x4000000000df, 0xeb1, r0, 0x8001) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x301004, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x0, 0x5, 0x5) mmap$auto(0x0, 0x400008, 0xdf, 0x4000000000009b72, 0x2, 0x8000) mmap$auto(0x0, 0xf4, 0xdf, 0xeb1, 0x69a5, 0xa800000000000000) sysfs$auto(0x2, 0x2100000001, 0x0) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) setsockopt$auto(0x3, 0x10000000084, 0xb, 0x0, 0xc) 1m46.531048096s ago: executing program 1 (id=2838): mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) syz_clone(0x8000, 0x0, 0x0, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0x6, 0x9b73, r0, 0x8000) socket(0x2, 0x1, 0x0) r1 = socket(0x2b, 0x1, 0x1) socketpair$auto(0xfffffffe, 0x1, 0x8000000000000000, 0x0) rseq$auto(&(0x7f0000000000)={0x6, 0x6, 0x9, 0x21ff, 0x2, 0x2, "dc6dfcb8b2d21b19dfcdb26eeb64287d3d85a2ebcb8b09ced707d35e76787d1f9c425a47d57c157f41e90d5311d67a4e3d04e4854c98e77ff97890d01fefc2dc087b0fbc8a5dafad80a24c096aa0bc96528c3a1bb5e144d21f96e1b812797d95c7422bf0b770d993e3ff3ded8d19c5091ba8b9fa9f00431f8794fc1e17c5d7e2705048d044e8a69e48fddc37ea6ffa50d7441f9cfa0c74253c3233945221c205801eb4c19fe84bef6d26cebb7f5bd3ecc6c981b2c133f8042b4c6439cb09"}, 0x3, 0x7, 0x1) ioctl$auto(r1, 0x8982, 0x4) 1m45.994526539s ago: executing program 1 (id=2839): unshare$auto(0x40000080) (async) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) (async) setfsgid$auto(0xee01) (async) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0x8, 0x3, 0x3b) (async) semctl$auto_SEM_STAT(0x0, 0x80000000, 0x12, 0x0) (async) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) (async) ioctl$auto_BTRFS_IOC_SCRUB_PROGRESS(r0, 0xc400941d, &(0x7f0000000500)={0x40a, 0x3, 0x3ac, 0x8, {0x1, 0x4, 0xb, 0x3, 0x9, 0x4, 0x9, 0x2, 0xe, 0xa5, 0x1, 0x4, 0x0, 0xf, 0xff}}) (async) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) r1 = socket(0x2, 0x1, 0x0) bpf$auto_BPF_OBJ_GET_INFO_BY_FD(0xf, &(0x7f00000002c0)=@test={r1, 0x0, 0x856, 0x189, 0x8, 0x7fff, 0x7fff, 0x10000, 0xc91a, 0x7, 0x5, 0x3, 0x3, 0x3, 0x6}, 0x1) (async) mmap$auto(0x0, 0xa00006, 0x400002, 0x40ebe, 0xffffffffffffffff, 0x300000000000) io_uring_setup$auto(0x6, 0x0) (async) close_range$auto(0x2, 0xa, 0x0) (async) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x3f) sendmsg$auto_ETHTOOL_MSG_PSE_SET(0xffffffffffffffff, 0x0, 0x0) (async) r3 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0) write$auto(r3, &(0x7f0000000200)='/de\xef\xe7audio1\x00', 0xa3d9) (async) r4 = socket$nl_generic(0x10, 0x3, 0x10) (async) r5 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)={0x38, r5, 0x1b, 0x70bd26, 0x25dfdbfe, {}, [@OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_ACTIONS={0x8, 0x3, 0x0, 0x1, [@nested={0x4, 0x15}]}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "898771f1c19f1779048590822ad9"}, @OVS_PACKET_ATTR_KEY={0x4}]}, 0x38}, 0x1, 0x0, 0x0, 0x4004040}, 0x4800) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) (async) write$auto_proc_mem_operations_base(0xffffffffffffffff, &(0x7f0000001680)="a7", 0x80000) mmap$auto(0x0, 0x30009, 0x4000000000df, 0x4000eb1, 0x401, 0x8000) (async) close_range$auto(0x2, 0x8, 0x0) (async) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000040)=""/105, 0x69) 1m45.715664809s ago: executing program 4 (id=2842): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_snd_mixer_oss_f_ops_mixer_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer1\x00', 0x90100, 0x0) io_uring_setup$auto(0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) r0 = openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000040), 0x504, 0x0) ioctl$auto_UBI_IOCATT(r0, 0x40186f40, &(0x7f0000000080)={0x3, 0xb052, 0x5, 0x2, 0x10, 0x7}) mmap$auto(0x0, 0x4, 0x2, 0x40eb2, 0x401, 0x300000000000) futex$auto(0x0, 0x5, 0x0, 0x0, 0x0, 0xa0000001) capset$auto(&(0x7f0000000100)={0x20080522}, 0x0) r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/fs/ext4/sda1/es_shrinker_info\x00', 0x8880, 0x0) read$auto_proc_iter_file_ops_compat_inode(r1, &(0x7f0000000040)=""/27, 0x1b) setsockopt$auto(0xffffffffffffffff, 0x104000000000010e, 0x1, 0x0, 0x16) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/virtual/net/rose14/queues/rx-0/rps_cpus\x00', 0x149182, 0x0) write$auto_ocfs2_control_fops_stack_user(r2, &(0x7f0000003900)='\t', 0x1) r3 = socket(0x18, 0x80000, 0x0) connect$auto(r3, &(0x7f0000000180)=@in={0x2, 0x4e22, @empty}, 0x1e) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000008c0), r4) sendmsg$auto_NL80211_CMD_GET_WIPHY(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000140)=ANY=[@ANYBLOB="18000000", @ANYRES16=r5, @ANYBLOB="810b25bd7080fbdbdf25010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x20000000}, 0xc004) recvmmsg$auto(r4, &(0x7f0000000180)={{0x0, 0x5, 0x0, 0x0, 0x0, 0x2, 0x6}, 0x803}, 0x10a, 0x6, 0x0) r6 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_GINFO(r6, 0xc0f85403, 0x0) 1m45.188802323s ago: executing program 4 (id=2843): socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x9, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001b80), r0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x62, 0x0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, 0x0, 0xc0) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/platform/snd_aloop.0/driver_override\x00', 0x101901, 0x0) write$auto(r1, 0x0, 0x81) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x10000000400008, 0xdf, 0x9b72, 0x2, 0x40000008000) socket(0xf, 0x3, 0x2) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) io_uring_setup$auto(0x1, 0x0) futex$auto(0x0, 0x5, 0xfffff05e, 0x0, 0x0, 0x80000001) gettid() r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/all/forwarding\x00', 0x42a81, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/bdi/43:288/max_ratio_fine\x00', 0x10b142, 0x0) futex$auto(&(0x7f00000000c0)=0x4, 0x769, 0xbea, &(0x7f0000000140)={0x4, 0x3}, &(0x7f0000000180)=0xffffffff, 0x8) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendfile$auto(r2, r3, 0x0, 0x1000200) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC2\x00', 0x8600, 0x0) 1m45.024079099s ago: executing program 1 (id=2844): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x12b901, 0x0) (async) mmap$auto(0x0, 0x400008, 0x5f, 0x9b72, 0x2, 0x8000) (async) close_range$auto(0x2, 0x8, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) unshare$auto(0x40000080) (async) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0xffffffffffffd0ac, 0x0, 0x1, 0x0) (async, rerun: 64) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) (async, rerun: 64) ioctl$auto_TIOCSETD2(0xffffffffffffffff, 0x5423, 0x0) (async) timerfd_settime$auto(0xffffffffffffffff, 0x0, &(0x7f0000000000)={{0x10, 0x3ff}, {0x10, 0x9}}, 0x0) socket(0x10, 0x2, 0x4) listen$auto(0x3, 0x81) (async) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/net/ip_vs_conn_sync\x00', 0x181d40, 0x0) read$auto(r2, &(0x7f0000000000)='/prsg\f/dic\x12\x03\xc44\xb1\x00\x00\x00\x00\x00\x10\x00\x00\xb3\xa0\x1e\xe4\x0f+\x96XS\xe1\x19\x8e\x06\xb8\x84\xf5\x00\x00', 0x1d) (async) madvise$auto(0x0, 0xffffffffffff0005, 0x19) ioctl$auto_XFS_IOC_ERROR_CLEARALL(r1, 0x40085875, &(0x7f0000000040)={0xffffffffffffffff, 0x89}) (async) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) getcpu$auto(0xfffffffffffffffc, 0xffffffffffffffff, 0xfffffffffffffffd) fanotify_init$auto(0x65, 0x2) (async, rerun: 32) unshare$auto(0x20000080) (rerun: 32) io_uring_setup$auto(0xa, 0x0) close_range$auto(0x2, 0x8, 0x0) (async, rerun: 32) socket(0x2, 0x80002, 0x73) (rerun: 32) socket(0x2, 0x1, 0x84) (async, rerun: 64) setsockopt$auto(0x3, 0x10000000084, 0x81, 0x0, 0x8) (rerun: 64) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x66) (async) connect$auto(0x3, &(0x7f0000001500)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) (async, rerun: 32) setsockopt$auto(0x3, 0x9, 0x18, 0x0, 0x8) (rerun: 32) 1m42.881864137s ago: executing program 4 (id=2846): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0xa, 0x2, 0x0) r0 = pidfd_open$auto(0x1, 0x0) setns(r0, 0x2000000) ioctl$auto_VHOST_SET_VRING_CALL2(r0, 0x4008af21, 0x0) mmap$auto(0xf5, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000) move_pages$auto(0x1, 0x20007, 0x0, 0x0, 0x0, 0x8000000000000000) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x5, 0x0) getsockopt$auto(0x6, 0x1, 0xb, 0xfffffffffffffffc, 0x0) r2 = socket(0x1d, 0x5, 0x0) syz_genetlink_get_family_id$auto_smbd_genl(0x0, 0xffffffffffffffff) sendmsg$auto_KSMBD_EVENT_LOGIN_RESPONSE(r2, 0x0, 0x30004850) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/acpi/wakeup\x00', 0x141880, 0x0) ioctl$auto(r3, 0x8001, r0) mmap$auto(0x0, 0x404008, 0xdf, 0x9b72, 0x2, 0x8000) r4 = socket(0x27, 0x4, 0x100) setsockopt$auto_SO_TIMESTAMPING_OLD(r4, 0x6, 0x25, &(0x7f0000000140)='\x00', 0x3ff) open(&(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x80400, 0xb5d1af1605322ddc) 1m42.375751732s ago: executing program 1 (id=2847): unshare$auto(0x40000080) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) (async) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0) r1 = openat$auto_ns_file_operations_nsfs(0xffffffffffffff9c, &(0x7f0000005dc0)='/proc/thread-self/ns/cgroup\x00', 0x800, 0x0) open_by_handle_at$auto(r1, &(0x7f0000005e00)={0x10, 0xf1, "82a0d48cb31f0af60000000823b40e62"}, 0x80000001) (async) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd7/queue/max_discard_segments\x00', 0x80000, 0x0) (async) r3 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000680), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) socket(0x1e, 0x2, 0x0) bind$auto(0x4, 0xfffffffffffffffe, 0x0) (async) sendmsg$auto_SMC_NETLINK_REMOVE_UEID(r4, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000840)={0x14, r3, 0x1, 0x70bd2c, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x24008040}, 0x4040) (async) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000900)=""/4096, 0x1000) (async) read$auto(r2, 0x0, 0x9) write$auto(r2, 0x0, 0xfdef) r5 = socket$nl_generic(0x10, 0x3, 0x10) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) (async) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) (async, rerun: 32) r6 = socket(0x11, 0x80003, 0x300) (rerun: 32) setsockopt$auto(r6, 0x107, 0xa, 0x0, 0x4) (async, rerun: 64) io_uring_setup$auto(0x6, 0x0) (async, rerun: 64) socket(0x2, 0x2, 0x1) (async) semctl$auto_IPC_INFO(0x10, 0x3, 0x3, 0x1) (async, rerun: 32) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) (async, rerun: 32) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) (async) io_uring_setup$auto(0x54fa, 0x0) setsockopt$auto(0x3, 0x1, 0x41, 0x0, 0x88) (async) r7 = syz_genetlink_get_family_id$auto_nlbl_mgmt(&(0x7f00000000c0), r4) sendmsg$auto_NLBL_MGMT_C_LISTDEF(r5, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r7, 0x400, 0x70bd2c, 0x25dfdbfe, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20008000}, 0x48081) 1m40.4211037s ago: executing program 4 (id=2849): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000b40)={0x40, r1, 0x1b, 0x70bd26, 0x25dfdbfd, {}, [@OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_ACTIONS={0x10, 0x3, 0x0, 0x1, [@nested={0xc, 0xc, 0x0, 0x1, [@nested={0x8, 0x6, 0x0, 0x1, [@nested={0x4}]}]}]}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "898771f1c19f17790485908286dd"}, @OVS_PACKET_ATTR_KEY={0x4}]}, 0x40}, 0x1, 0x0, 0x600000000000000, 0x50}, 0x400c880) 1m40.139129332s ago: executing program 4 (id=2850): r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_LISTENER_SET(r0, &(0x7f0000003140)={0x0, 0x0, &(0x7f0000003100)={&(0x7f00000001c0)={0x34, r1, 0x1, 0x70bd26, 0x25dfdbfb, {}, [@NFSD_A_SERVER_SOCK_ADDR={0x20, 0x1, 0x0, 0x1, [@NFSD_A_SOCK_ADDR={0x12, 0x1, "5e1f970f497f9f23d63e72850177"}, @NFSD_A_SOCK_TRANSPORT_NAME={0x6, 0x2, '-\x00'}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x0) (async) clock_adjtime$auto(0x7a6, &(0x7f0000000000)={0x0, 0x0, 0x26f, 0xfff, 0x7fffffff, 0xb1, 0x4, 0x0, 0x4, 0x7275, 0x2, {0x5, 0x2}, 0x9, 0x8, 0x6, 0x0, 0x0, 0xea9, 0x8000, 0x9, 0x7fff, 0x4, 0x101}) 1m39.464198763s ago: executing program 4 (id=2851): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) setrlimit$auto(0xf, &(0x7f00000001c0)={0x9, 0xfffffffffffffffa}) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x801, 0x84) ioctl$auto_VHOST_GET_BACKEND_FEATURES(0xffffffffffffffff, 0x8008af26, &(0x7f00000000c0)=0x5) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x15}}, 0x6a) r0 = socket(0x1d, 0x2, 0x2) syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000040), r0) socket(0x10, 0x2, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x189002, 0x0) msgctl$auto_IPC_SET(0x8, 0x1, &(0x7f0000002300)={{0xb, 0xee00, 0xffffffffffffffff, 0x8, 0x3, 0x6, 0x3}, 0x0, 0x0, 0x5000000000000, 0xa7b, 0x671, 0x4000000000000000, 0x1, 0x4, 0x7ff, 0x6, @raw=0x7, @raw=0x2e4b}) mmap$auto(0x0, 0x400408, 0xdf, 0x9b72, 0x2, 0x8000) socket(0xa, 0x800, 0x1075) sendmmsg$auto(r1, &(0x7f0000000240)={{&(0x7f0000000240), 0x8, 0x0, 0x9, 0x0, 0x5, 0x24000000}, 0x3}, 0xd, 0x802) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) setsockopt$auto_SO_BROADCAST(r0, 0x805, 0x6, &(0x7f0000000200)='\x00', 0x2) r3 = socket(0x2b, 0x1, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/bus/netdevsim/del_device\x00', 0x501, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f0000000040)="3290b800009c550d22350f737ca2dd0af0d849aec832ec49c034169af8fa9231c143b1a8dd292977588a83400445ddc508f3aef64488936413adba3a9cc99bdfd8e7000000", 0x45) listen$auto(r3, 0x100006) migrate_pages$auto(0x0, 0xa, &(0x7f0000000100)=0x5, &(0x7f0000000140)=0x2) mmap$auto(0x0, 0x2020009, 0x3, 0x80000011, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x202000a, 0xffffffff, 0xdc, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0xd, 0xa) madvise$auto(0x0, 0xffffffffffff0005, 0x19) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) connect$auto(0x3, &(0x7f0000000180)=@nl=@unspec, 0xff) 1m38.540130932s ago: executing program 1 (id=2855): r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/oom_adj\x00', 0x0, 0x0) write$auto_severities_coverage_fops_severity(0xffffffffffffffff, 0x0, 0x0) read$auto(r0, 0x0, 0x1f40) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x2b) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/fs/ext4/sda1/inode_readahead_blks\x00', 0x1ca142, 0x0) sendfile$auto(r2, r2, 0x0, 0x1) dup$auto(r2) writev$auto(r1, &(0x7f00000000c0)={0x0, 0xffffffff}, 0x6) r3 = semctl$auto_GETPID(0x0, 0x2e3, 0xb, 0x10) mmap$auto(0x0, 0x400008, 0x200, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0xfffffffffffffffd, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) gettid() rt_sigsuspend$auto(0x0, 0x8) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000980), 0xffffffffffffffff) socket(0x15, 0x2, 0xa) connect$auto(0x3, &(0x7f0000000000)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x55) madvise$auto(0x0, 0x2000040080000004, 0xe) read$auto_proc_reg_file_ops_compat_inode(0xffffffffffffffff, 0x0, 0x0) ioctl$auto(0xffffffffffffffff, 0x90006441, 0xc35) write$auto(0xca, &(0x7f0000000000)='\x04>\x01\x01\x00\x00\x00\x01\x00\xb6', 0x7f) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000100)='/dev/midi2\x00', 0x111a80, 0x0) syz_open_procfs$namespace(r3, &(0x7f0000000480)='ns/pid\x00') mlockall$auto(0xb) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000140), 0x1, 0x0) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, 0x0, 0x200000, 0x0) ioctl$auto_TUNGETFILTER(0xffffffffffffffff, 0x801054db, &(0x7f0000000200)={0xc9, 0x0}) 1m37.365639918s ago: executing program 1 (id=2859): socket(0x10, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bind$auto(0x3, &(0x7f0000000000)=@generic={0x10, "a500acb75c9cedd1b5e9a0d76293"}, 0x68) r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2, 0x0) write$auto_seq_oss_f_ops_seq_oss(r0, &(0x7f0000000040)="f6e6812018deadf7e88f819e30236ce79200e01532f2ed0d", 0x18) r1 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/devices/virtual/net/bond0/bonding/arp_ip_target\x00', 0xa0002, 0x0) write$auto_ocfs2_control_fops_stack_user(r2, &(0x7f0000003900)='\t', 0x1) write$auto(r1, &(0x7f0000000080)=')@-!\x00', 0x1e1) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/kernel/perf_event_max_contexts_per_stack\x00', 0x202, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) socket(0x2b, 0x1, 0x1) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x3ff, 0x9, 0x5, 0x14, 0x944, 0x1ffe4, 0x3, 0x6, 0x4, 0x9, 0x400005, 0x4000fff, 0x8000007, 0x8001, 0xd, 0x5, 0x3, 0x4, 0x7, 0x20, 0x309, 0x8, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x78, 0x0, 0x0, [0x3, 0x0, 0x0, 0x200, 0x9, 0x0, 0x0, 0x4, 0xffffffffffffffff, 0x0, 0x0, 0x4000000000000, 0x2000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x82, 0x800000000002, 0x9, 0x0, 0xbec, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x10, 0xfffffffffffffffe, 0xffffffffffffd059, 0x0, 0x0, 0x0, 0x2961, 0x0, 0x2]}, 0x2001fb, 0x7f) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) kexec_load$auto(0x200000000007, 0x1, &(0x7f0000000040)={@kbuf=0x0, 0x2aaa, 0x6c0000c000, 0xc000}, 0x4) r3 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0x1f00, &(0x7f0000000100)={0x0, 0xfdef}, 0x2, 0x0, 0x7, 0xa505}, 0x700}, 0x7, 0x4008) socket(0x10, 0x2, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) bind$auto(0x3, &(0x7f0000000000)=@generic={0x10, "a500acb75c9cedd1b5e9a0d76293"}, 0x68) (async) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2, 0x0) (async) write$auto_seq_oss_f_ops_seq_oss(r0, &(0x7f0000000040)="f6e6812018deadf7e88f819e30236ce79200e01532f2ed0d", 0x18) (async) openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/devices/virtual/net/bond0/bonding/arp_ip_target\x00', 0xa0002, 0x0) (async) write$auto_ocfs2_control_fops_stack_user(r2, &(0x7f0000003900)='\t', 0x1) (async) write$auto(r1, &(0x7f0000000080)=')@-!\x00', 0x1e1) (async) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/kernel/perf_event_max_contexts_per_stack\x00', 0x202, 0x0) (async) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) (async) socket(0x2b, 0x1, 0x1) (async) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x3ff, 0x9, 0x5, 0x14, 0x944, 0x1ffe4, 0x3, 0x6, 0x4, 0x9, 0x400005, 0x4000fff, 0x8000007, 0x8001, 0xd, 0x5, 0x3, 0x4, 0x7, 0x20, 0x309, 0x8, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x78, 0x0, 0x0, [0x3, 0x0, 0x0, 0x200, 0x9, 0x0, 0x0, 0x4, 0xffffffffffffffff, 0x0, 0x0, 0x4000000000000, 0x2000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x82, 0x800000000002, 0x9, 0x0, 0xbec, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x10, 0xfffffffffffffffe, 0xffffffffffffd059, 0x0, 0x0, 0x0, 0x2961, 0x0, 0x2]}, 0x2001fb, 0x7f) (async) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) kexec_load$auto(0x200000000007, 0x1, &(0x7f0000000040)={@kbuf=0x0, 0x2aaa, 0x6c0000c000, 0xc000}, 0x4) (async) socket(0x10, 0x2, 0x0) (async) sendmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0x1f00, &(0x7f0000000100)={0x0, 0xfdef}, 0x2, 0x0, 0x7, 0xa505}, 0x700}, 0x7, 0x4008) (async) 1m24.373277667s ago: executing program 33 (id=2851): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) setrlimit$auto(0xf, &(0x7f00000001c0)={0x9, 0xfffffffffffffffa}) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x801, 0x84) ioctl$auto_VHOST_GET_BACKEND_FEATURES(0xffffffffffffffff, 0x8008af26, &(0x7f00000000c0)=0x5) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x15}}, 0x6a) r0 = socket(0x1d, 0x2, 0x2) syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000040), r0) socket(0x10, 0x2, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x189002, 0x0) msgctl$auto_IPC_SET(0x8, 0x1, &(0x7f0000002300)={{0xb, 0xee00, 0xffffffffffffffff, 0x8, 0x3, 0x6, 0x3}, 0x0, 0x0, 0x5000000000000, 0xa7b, 0x671, 0x4000000000000000, 0x1, 0x4, 0x7ff, 0x6, @raw=0x7, @raw=0x2e4b}) mmap$auto(0x0, 0x400408, 0xdf, 0x9b72, 0x2, 0x8000) socket(0xa, 0x800, 0x1075) sendmmsg$auto(r1, &(0x7f0000000240)={{&(0x7f0000000240), 0x8, 0x0, 0x9, 0x0, 0x5, 0x24000000}, 0x3}, 0xd, 0x802) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) setsockopt$auto_SO_BROADCAST(r0, 0x805, 0x6, &(0x7f0000000200)='\x00', 0x2) r3 = socket(0x2b, 0x1, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/bus/netdevsim/del_device\x00', 0x501, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f0000000040)="3290b800009c550d22350f737ca2dd0af0d849aec832ec49c034169af8fa9231c143b1a8dd292977588a83400445ddc508f3aef64488936413adba3a9cc99bdfd8e7000000", 0x45) listen$auto(r3, 0x100006) migrate_pages$auto(0x0, 0xa, &(0x7f0000000100)=0x5, &(0x7f0000000140)=0x2) mmap$auto(0x0, 0x2020009, 0x3, 0x80000011, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x202000a, 0xffffffff, 0xdc, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0xd, 0xa) madvise$auto(0x0, 0xffffffffffff0005, 0x19) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) connect$auto(0x3, &(0x7f0000000180)=@nl=@unspec, 0xff) 1m22.236233591s ago: executing program 34 (id=2859): socket(0x10, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bind$auto(0x3, &(0x7f0000000000)=@generic={0x10, "a500acb75c9cedd1b5e9a0d76293"}, 0x68) r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2, 0x0) write$auto_seq_oss_f_ops_seq_oss(r0, &(0x7f0000000040)="f6e6812018deadf7e88f819e30236ce79200e01532f2ed0d", 0x18) r1 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/devices/virtual/net/bond0/bonding/arp_ip_target\x00', 0xa0002, 0x0) write$auto_ocfs2_control_fops_stack_user(r2, &(0x7f0000003900)='\t', 0x1) write$auto(r1, &(0x7f0000000080)=')@-!\x00', 0x1e1) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/kernel/perf_event_max_contexts_per_stack\x00', 0x202, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) socket(0x2b, 0x1, 0x1) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x3ff, 0x9, 0x5, 0x14, 0x944, 0x1ffe4, 0x3, 0x6, 0x4, 0x9, 0x400005, 0x4000fff, 0x8000007, 0x8001, 0xd, 0x5, 0x3, 0x4, 0x7, 0x20, 0x309, 0x8, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x78, 0x0, 0x0, [0x3, 0x0, 0x0, 0x200, 0x9, 0x0, 0x0, 0x4, 0xffffffffffffffff, 0x0, 0x0, 0x4000000000000, 0x2000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x82, 0x800000000002, 0x9, 0x0, 0xbec, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x10, 0xfffffffffffffffe, 0xffffffffffffd059, 0x0, 0x0, 0x0, 0x2961, 0x0, 0x2]}, 0x2001fb, 0x7f) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) kexec_load$auto(0x200000000007, 0x1, &(0x7f0000000040)={@kbuf=0x0, 0x2aaa, 0x6c0000c000, 0xc000}, 0x4) r3 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0x1f00, &(0x7f0000000100)={0x0, 0xfdef}, 0x2, 0x0, 0x7, 0xa505}, 0x700}, 0x7, 0x4008) socket(0x10, 0x2, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) bind$auto(0x3, &(0x7f0000000000)=@generic={0x10, "a500acb75c9cedd1b5e9a0d76293"}, 0x68) (async) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2, 0x0) (async) write$auto_seq_oss_f_ops_seq_oss(r0, &(0x7f0000000040)="f6e6812018deadf7e88f819e30236ce79200e01532f2ed0d", 0x18) (async) openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/devices/virtual/net/bond0/bonding/arp_ip_target\x00', 0xa0002, 0x0) (async) write$auto_ocfs2_control_fops_stack_user(r2, &(0x7f0000003900)='\t', 0x1) (async) write$auto(r1, &(0x7f0000000080)=')@-!\x00', 0x1e1) (async) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/kernel/perf_event_max_contexts_per_stack\x00', 0x202, 0x0) (async) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) (async) socket(0x2b, 0x1, 0x1) (async) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x3ff, 0x9, 0x5, 0x14, 0x944, 0x1ffe4, 0x3, 0x6, 0x4, 0x9, 0x400005, 0x4000fff, 0x8000007, 0x8001, 0xd, 0x5, 0x3, 0x4, 0x7, 0x20, 0x309, 0x8, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x78, 0x0, 0x0, [0x3, 0x0, 0x0, 0x200, 0x9, 0x0, 0x0, 0x4, 0xffffffffffffffff, 0x0, 0x0, 0x4000000000000, 0x2000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x82, 0x800000000002, 0x9, 0x0, 0xbec, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x10, 0xfffffffffffffffe, 0xffffffffffffd059, 0x0, 0x0, 0x0, 0x2961, 0x0, 0x2]}, 0x2001fb, 0x7f) (async) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) kexec_load$auto(0x200000000007, 0x1, &(0x7f0000000040)={@kbuf=0x0, 0x2aaa, 0x6c0000c000, 0xc000}, 0x4) (async) socket(0x10, 0x2, 0x0) (async) sendmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0x1f00, &(0x7f0000000100)={0x0, 0xfdef}, 0x2, 0x0, 0x7, 0xa505}, 0x700}, 0x7, 0x4008) (async) 3.991374434s ago: executing program 2 (id=3006): r0 = openat$auto_vga_arb_device_fops_vgaarb(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) io_uring_register$auto_IORING_REGISTER_ENABLE_RINGS(r0, 0xc, &(0x7f0000000040)="b7042635eec10248104eb4b6f8e52c0831e1f8f666a5f93980e085c52429291be2886e4e457b932b206b799f17cc28cf9bb24c30006a2f59db3aaff37b8974bf49b7a9cae1e51192e66ca1ce441a8b22b632e81f8001ced7a0a1de9ee9eaf86a6299c76ec1e576257b88c02c506004fd9ce1cdf2655fc3e91962a076a0d899eadc20b8a27db4de7190e43257c66ba8e757855539495369e0335880ffcd20adf7e165e57d1618b65a9bd640df3d8a2cfb40a63b23010634e6545fe7e11645f2496cb709eec9b6c417edefb52f6e33381173942f57e9c049ebd292669e1e82570f3bb78938671285a7c6e306ad8f9ea4182f0dc01a45eb48295ef5e093d8ddd88a80556f36ae4cabf1466bbc61a4cf48e7dae9320e2053e1a3ac6bb25476032293705fd867d3ff23938b0c748fbd370d24aa9b232bb1c4c3343482d090eea03bcb43ace844d1be3d58eb9bda3d80cabe31eb5b7313fa56b692c7e43718c05d7cb7116a308e6ab57ab7461481d69f4edbfd8fae2ff69a71511801b1e66e3d299f20a08ac19109c3134c67e95344927b6f465dc00afd961a4bc47b9c48c8224d5413d806348540b4836d45e23ede82d136721ac5e1e3cf3994e95bb4c9ce1ca760a2ba955a50737d515e64e3541f22db181afab30923e48cd341d55175dbe39cd19f72631acc13cf036c2d18154a4baae00a8a91b9a182ead15995e346ffab8bf2832d83ffeb292cb1b0b92f7ab2e3e9b360d6fbfc35e770de048182f523b8fc72d58b053f570d2dc162a0eb88c7f0eb6b54c80c35578f689f80240a315698c10160de661e1d03083d5cad808e4674053f79f6e2dcb65544a40f3cd7333b3a47927636119162d4fd9ec7e17c9a2ffdec65ae980960973364effb97ccdaa600c969be85fdfc74712e9c71837a51fe3b66f93bd2ecbbc2fc391dee8617dccfce063ab8fd078aebe2a7ac31311c6a8de3ad6f0a45c025b4870f8b240e238127c87b3b990be234a3c8465e0f721ce01a2f21a4fc848788c0af37666ac00559f5f7bbc6f53bb25586d8c3fd642507a93c478b832824c89d64207db036c5ad17e36af9a1c26f6f0fd0ba39456c2fd5c3848ad886322969a701f25e130610a11091f7d5321f17e0e9c6ecab88ccf436b26457f10de66abb5d2917571993f50789a64947fba60c52459d6a151065642ab7c0f53dda316e9f8163084b329b528d1366244c90bfce66188b030135ea7af839d80b822f6c5f6920b1b5b5a04a3294d110331f80d60d7171349656f87a080c5c98de0ded1459a928ae393462d0f3530b409e76313de8ba308d803a91098a60545c998d382614711a8541993a741568342aea60648075754e906a01c6d23890fa2075a378ca483ad8ce141a5e60c1588b1e43ce41458745199283c384ce53144aec70670224b545b0eca1248779006ed0cb899b9f5b2f594ddd18a3eaf618038b9ab4a16bbc875053df0a4e22a120f8a3df2beb7a40c883ba1b7e43bd77ea65c0326d0ff02cd32004cd52bfec5d1d6a12950028908049848770f81ac346ab0b52d5502a518538c6f3c7873b6ea549ab2a634ce7c008b46e8bab90bafceccbcc3ff750d7ac66bacb9bfffce206b66d701cf1d47e57ba729ec02ddf76184135ba5bc1fc9f7448e243c9009d36d71c843963f459df6ecc7b77c72bb776910f51829a8045ddef271fc47186d12549cee0be9c8ea42b036f37a5d4ef82df611cf1af9832174f0efd8ad60d82f559fc5e9f1336fae9df61fec845af4afcb18be2db1256c6843d0a1432430816cba1b10ae62fe318f3ab20002c403092944e55b8966bfbb378f8a6e41c550dd4eda4c8f91a9a2b5416ef3a779ebbf31b25695e94bd0112d300d0e8ffc850446952e5ad7e7c435bb7ee33042cdf29a7dd9050231164c6a659218450b548e7e9a8eda95189f3c3eebccef2ecc1f54897ae01cda79d7a0c2fb53bd219e9715b6f7d09a3c00d8ddb5e37cc82f7c447a49187ab84aefbed20d473e2e264c176cfc8d785f8090e49bf61a509f746809b27e03315ad9c3b473cf958313410dc6cfcdbd077ea12e39d64e8becdd69dbe8d385074880610c3c61a96a711d39862d8585789a4232a94b0c2c0cb5297261c6efb0ba3d8edd4046afbab1507d7f4baa8f1f3e97f5f817f36e653f53cb57af2cf63d189505caa3b6b3a8c7da52cd1347247c5712ccfc36b21cb96e513dd791b5a6be578d5b376018914bba1f88fba82b2778a083584c91fed482056a242157045e2e3c82cd6b30192c630cc1ff058ba718f15490118ca247f349230f4c0df7f0e96c4014bd89f6a8d7f5ea35d39ae74124827a1fc236ec8961eec5ba0b613e16d2c76eec1c61baa734d0ecb47bdafcbe54b71e44797e1cc65ffb5d49b7263ae46fe3fc1f2493eb5199b95b2cf5a7d7e478eef686f8453e5e6729f463ff23cc54af7a86b8a73d6ddb0dd5c3996793d588929384c568fbd7d33e30b6b25698e0a0199863600bd65604f0b84bd6bc6e0085f37fca8dab009583dcdf005f476a470326f1dab60116ed301d06698d32cdd9ab741eaa2ae992a8bf908c930a8a89b09da463648518debb41bb9fdae3522da03f267eddbd2d2111614c00ea4815a8d83c761c187b9c166a432440fa493ac5748b44df8ae69dee19a3176df23783ff084faa222aa9756d060907ae80a299aa5fcd41c6ab1a514d1ba04b8d3749398b14c2f06634d0a5ab82ccaa9f2ed2b88b6dc32b196c9d36f4497eece05fdff4be98ff48d2802346aa946930b59d758eb28ac952fa62d6a44d23179085863a4bc1c72c7de3df0351621cef21627db1858dcae21ba75b10f4a8063b90e1428bc8e3e84fc1bb0e3d0058aaa9d0856ee4e8a2b04d9c9710b2f0acbae20b0b08db5b1477b30406b115676eb5195372522390552106d0d3f949672f40c37ea8e336f70ea6bd207b572a9be5cf1a590afdb04410b746131cfdb6c7c219b77dc854f465b3e49fffe0bc6c8a6d67c11bfd5167c75153674bb4b41e63b419c8b85394c5a0d9e27ab85d6480b141a4dd4bdf4844f497362cbc0144e795bc2f22c2660fce8a2b6ff67ba9440651c155bcebf59cc034d1b63c3ba0e99d1d37aa575eaff943041f8fbbe1579c2a08770d75e1e9b24ed57065b1e0ad62a1afe8f297b253c4d98386b36425a31f2050aae5fb1d8abb69d53302ebaee7f3914a4dfb8edde71c7922c3a4ada97a837782bf5f3b1c7da5be66b5924d06efff77bb1d1efaa53dcf161b1387103198a64546ec0e54ab56380e8332f8f0a1fa8da95a95cd1c3347d651475cb9d081579ca076c50a5e9942325adacc974940a530c01663c90d4b1fbd544924b0c0ee868cf98d1dc70a7fb99f01626649e81fba7e576d2ff144901c4ca8c20e547a69267ab52550e436df21e0c7838a75568952785e1369f14559eee9c2deb524da8010865db6510ddab29d4951ec3a6a966549567137732291cdd64da2691d1e3c58541c85a3778ace9848f93408789ac48b7c4e3a18221a24e3d421363dedc00fd40b46e81eb5f1fa4633065e83d354052ad0cd606d7c5b217844c3e4e4e9f60341e3b8a94ccd0a961dfcc9d5048086dfb70617ba6bdc3e4c2b6c4d9a7cffb4db1f970346224f765fb032b35dd895ecea1a946f5a827a039eda219073d04a5f66d470fdef1b7784ee7ea1096bef023ec577ec6891588d009b3febcdfb3ec30c58f45ed24118c10da992b9f4a606f9725d67ff397da6380fc2158894fa15ea294deec0dfd5c6123944b6f24fed0df315255e626fd1e4761462dfc258d7d63a37a5d1e08d0443e2845a40579f3de395fb47f78dd75e1fd0087b930791af15c0ca5a7711a5d0deaf343e9f1f3e0503bc8469f10c727039cd4043223d0e9a0dfaf35311fffd0f7bccff66042c2915dd741a8c0128f2ec943dd8b46045f19089f3c9cfbe7ee71f31c3393727151508c6ab1631a42b80c5e0e7245936173fcde4943c78375330102179421025edab231ad2b195788238a32f24d728b3751c36e48bfa129d29c4c00568651119959b75a6e3260e5ed812483d070652d59b2a3c2f83afd84ffb53fb40a7c81d18e5aa34b0d1000338f3c69d5e37bbb2e751c01fb99e19a3f60e348059a48cab284d87182d1edadb387c7a2a7b833e6c9c9d438739b7c3967cfb02e6a6eec4bda5121d33947d83884b02a0a3680cffdf6a0dbbe852a456d9ce7487546be6da7835320904155fa8ea14e56912f0cfe3d45aebc800136836ed806bb1a7c12df41f650304922483418ca59a5e10697d024954edff07caf25eaaac9786b93da2089b51a9a7ddcaf48a2f1904e02e925454f70d64c77e25e4d76e95c0a1344d7bb5cca22f4b38468f68c7e4759d48324bae35f45713e900dae285a0cf6a4769211f2d6bb9d3a00a389124f35a9a324c5099ed65ed8a806face667f217715f0537ad244f9f602eccb66366de57b5cfc78ee3f3896680273465ac2f9a4c39f8dcd4877be59abf98a5a67824485568b6fa5d4366dcc8b167528c85af4c365b85a1f061bd0d95f92299687d4b82e59c5b73b77a04a9731d5bf6a0c687d72d53c96475b682896ea3b2d1c501bed907f22d8c7bb8f000da2c2eee4e9d97bae4cb3f253a04aac6aac8c5f3389d955ff04da62de580d3d1cdeaeadc5c29236d229e9202fdd752a0e41bd29dc64a462873e59689461dab92e358bdae855f0140bee5becdc692f4164b79db3aaa4ec87b0830eaf19dbed7f9a0c9592339d28ac7e175190531a1a2522d6ce15d1b66e3aea3bc0e7531d57f635d4a6d93c3f84f93ea79cbf57587b1027af6512b75de9a9372ed62463990d34b7f5d54b2f92e9aca1e77e749199f19d134899b09e60b24a1d2ef691db40d3af0f1c19424afb9055e0d256e2f5f6e5d0c683e684a889ad4876e7e889cb853474827d228b64940cd36e6d0ed033bd492fa43a7de2d06b40f7badbaa1f120289de4498e6d50eb78f7cd1d884bd21916d13d97e2593dc919d604251f46b2639691481a22028dc6cf0a8052d6e484e29335f5fef17f585fd474361dc606af02cd31605cdc7e86f4a018cabfc8518d63ce52edabe77e1d477f63e6b9d1e68ea19afddfde5b9d336197df243cb00208e5ad13eb0e42edec74b688151601ee86177af680512537e3abb6038b255ce9a08dcd27291b3b05522df3115474090c205a6c9525d9e91c35f2e4745b34a72addfbf6330296b793e42bc103105766aa22e74f9360f51d9a75ec7bbbf40c1a588a3ce168f4d4a1cbdcb5c4bc6ff83f61cec94cc44a96e89e1520e08cfc08bd83c039dc92d6b8569edf19b02f14eca6a86bf72f5df97a6aec43d9265e4ba5969786889c1e38a3e22403c91fb14d25c482a9158ff399feff44d5b378661c5fbab1472410a437413ccb7b0b0251f02cbe5a9c0ef73ca9034af8201ed7aba189d73a7c558556a0041fae4388a38910bced54cd3653cf2d09dad5bcbadf2a48b1e8f710935c6198a8a45ec5c0f6e7cf71d2dde799c98ed1c5e92f4a159823bab3a804dc5d6a2beaac23c30e3df1ee7760cbe63fce39601a71d8d99ab13f33c03a22c6d2b34e82e0afa513c684bb6f7c9c2fa8c88cd3ffe3cbefeacdc6a688f485707bebc48991b0ddd66ab5dcd02a5fa01a9f8a6fbc44c64f32359fd5055896d9b424d7568a4f4f30e80413f3cb840fd96af3cd511d1812340d19980da48a3d8cd3ffb20b110082830574c24efdd8213b0eb45b83b38d1ffa4816d3ccde6dce7293f3d207729c5bd85739dd6097ffc49ae847799a6b68dc0969f304bbc84", 0x3) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) r1 = socket(0x80000000000000a, 0x2, 0x0) getsockopt$auto(r1, 0x88, 0x66, 0x0, 0x0) 3.804619458s ago: executing program 2 (id=3007): symlink$auto(0x0, &(0x7f0000000440)='./file0\x00') r0 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f00000001c0), 0x80100, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r0, 0x6f29, 0x0) close_range$auto(0x2, 0x8, 0x0) getpid() mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_SCAN(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) inotify_add_watch$auto(0xffffffffffffffff, 0x0, 0x1000e6e) personality$auto(0x5) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/softnet_stat\x00', 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000826bd7000fedbdf250300000008000400b70a0000060007000080000008000200", @ANYRES32=r3, @ANYBLOB="0a0005000180c200000e00000a0001000180c200000e00000a000100000000000000000008000200", @ANYRES32=r3, @ANYBLOB="060006ff05000000080003009b"], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) preadv$auto(0xffffffffffffffff, &(0x7f0000009180)={0x0, 0x7}, 0x26, 0x800000000080, 0x5) read$auto_blk_mq_debugfs_fops_blk_mq_debugfs(r2, &(0x7f0000000300)=""/241, 0xf1) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 2.766785582s ago: executing program 2 (id=3009): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0xe6e43, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zram0\x00', 0x42, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ram1\x00', 0x80000, 0x0) ioctl$auto_XFS_IOC_READLINK_BY_HANDLE(0xffffffffffffffff, 0xc038586c, &(0x7f0000000240)={r0, &(0x7f00000000c0)="2c88bbe2fbd3e53427f23cafe42945284f6a3c1ef9e2c43c380f46cfce7711f2b5b0ecd8aa9a74c0ba3cffbd61e9f31fb2d6e29e69dec1ea135bf9f3f46cac5cc63bb3fe0f7a9811508e14cba89c566818edb09b4d761e2bbe395d8b56", 0x7fff, &(0x7f0000000140)="3298328fc2ed3761c5af5e218fdce527c6262d81549018d45b4fb6c03ec2c303a6529b0d8bd38e300ce841e3c69bca41098d2febc6f9fba9293a65a1d44ac8deccc67171dae36d9cf19b016d49bb144990ec6011d4947d23c53fa0d04a85c10a1f46420cb3325d8d384c4af4fc1715", 0x9, &(0x7f00000001c0)="b757368498449cb5e7f079c8f9ed5dbc35bf2ad92240e91886f5f325750a75", &(0x7f0000000200)=0x5}) ioctl$auto_BLKFLSBUF(r1, 0x1261, 0xfff4) 2.538842643s ago: executing program 2 (id=3010): unshare$auto(0x40000080) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/mtdblock0\x00', 0x14fe02, 0x0) getsockopt$auto_SO_BSDCOMPAT(r0, 0x3, 0xe, &(0x7f00000000c0)='*\\\x00', &(0x7f0000000180)=0x40) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000040)={0x0, 0x80000003}, 0x6, 0xffffffffffffffff, 0x8000000000000, 0x2f) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) listen$auto(r0, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttynull\x00', 0x0, 0x0) close_range$auto(0xffffffffffffffff, 0xa, 0x0) mmap$auto(0x0, 0x6, 0x3, 0xeb1, 0x7, 0x8000) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0) ioctl$auto_PAGEMAP_SCAN(r3, 0xc0606610, &(0x7f0000000100)={0x60, 0x0, 0x100000, 0x100000, 0x40, 0x5, 0xe4, 0x0, 0x0, 0x2, 0x0, 0x6}) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000840)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_DEL_PMK(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000880)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002cbd7000fbd751589d00000008000300", @ANYRES32=r5], 0x1c}, 0x1, 0x0, 0x0, 0x48880}, 0x80) sendmsg$auto_NL80211_CMD_UPDATE_OWE_INFO(r1, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000002c0)={&(0x7f0000000100)={0x2c, r4, 0x10, 0x70bd2b, 0x25dfdbfc, {}, [@NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI={0x5, 0xf6, 0xeb}, @NL80211_ATTR_MESH_PEER_AID={0x6, 0xed, 0x2}, @NL80211_ATTR_CIPHER_SUITE_GROUP={0x8, 0x4a, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40040}, 0x48004) futex$auto(0x0, 0x85, 0x38, 0x0, 0x0, 0x80800005) r6 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x68082, 0x0) setsockopt$auto_SO_NO_CHECK(r6, 0x80000001, 0xb, &(0x7f00000001c0)='&\xe7o\x8f7\x98\xe84\xe9C\xc36S<\x01\x93\xa0\xdc\x1f\x00\x1fU\xdb\xa4/kd\xd4\xb6\xa6\xae\xa8\x99\x89\x1b_\x05)\x90\xe56\xb3!\xad\x8fa\xbc,]\x93\x89\x12\xb8n\xf7\x96x\xefv \x8e\xe8\xfa\xc2\xbal\xf4\f\bU\xe67?\xfd\xef\xd3Z\x92\xf4\xa0\x9e\x17\x8b[\x12\xe6\xdd79xP\x8a<\x824o\xd9>\xaf\xbf\x17u\xadeR\xd7\xa6\xc6\xc7\x02\x85\xb0J\xf9\x8f\xa0%bOW\x1f\xe7AE\xc7[\xeb\x83\xe0\x1a\xe1\r\x1e\x8c[\x81:\xd3\xd6\x19R\xeb\x1e\x89[\xec5\xea\xc4\x91\xba\xdb7\xcf\xe2zl3[y(\x1d\x1a\xc9\xe9\xe3>\xb1U\x13\\|7r#\xd9\x9e+a\x99|\xa9\xdegc\x7f\xf1\xa0=\xbb\xd8\xaeS\xef\xf5\x00\xc8z\xd1fa\x91\xae\xe3\x1b\xff\xefy\xe5\x92\x18\x0e\xcc\x91\"/M\xda\xa3P\x83:\xab\x99\x94\xb6\x92M\x0e4\xb4\xf8l\x89NBm\xb7\x98\xbb\x95\xde$;\xf1W\x1f\xce\xb3b2\xcb\t\x894', 0x5) ioctl$auto_BLKPG2(r6, 0x1269, 0x0) ioctl$auto_MEMGETINFO(r6, 0x80204d01, 0x0) mmap$auto(0x0, 0xe97f, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_tracing_fops_trace(0xffffffffffffff9c, 0x0, 0x40200, 0x0) mmap$auto(0x0, 0x402000b, 0x4af, 0xeb1, 0x401, 0x8000) open(&(0x7f0000000000)='./file0\x00', 0x621c2, 0x84) read$auto(0x3, 0x0, 0xfffffdef) syz_genetlink_get_family_id$auto_seg6(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) 1.481938958s ago: executing program 0 (id=3013): r0 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtd0ro\x00', 0x6f42, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/input/event1\x00', 0x34d802, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000180), 0x109802, 0x0) close_range$auto(0x2, r2, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x88000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getcwd$auto(0x0, 0xffffffffffffffff) r4 = inotify_init1$auto(0x3000000000000) inotify_add_watch$auto(r4, 0x0, 0x2) inotify_add_watch$auto(r4, 0x0, 0x10000007) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r3) ioctl$auto_KVM_GET_MSRS(r2, 0xc008ae88, &(0x7f0000000500)={0x7, 0x0, [{0x40000004, 0x2, 0x6}]}) r5 = syz_genetlink_get_family_id$auto_gtp(&(0x7f0000000b00), r1) sendmsg$auto_GTP_CMD_ECHOREQ(r1, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f00000001c0)=ANY=[@ANYBLOB="eba00d5cd04230ad8fe170f97f508a333a166cceac0fdd84105a261075d3fb2d990c74742fa0c24e86fdd4", @ANYRES16=r5, @ANYBLOB="01002abd7000fddbdf25030000000800040000000000080002000d0000000800010003000000"], 0x2c}, 0x1, 0x0, 0x0, 0x90}, 0x80) ioctl$auto_MEMERASE64(r0, 0x40104d14, &(0x7f0000000080)={0x0, 0x4}) 1.229279761s ago: executing program 2 (id=3014): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/vivid.0/video4linux/vbi10/power/runtime_status\x00', 0x88181, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/kcore\x00', 0x10b402, 0x0) close_range$auto(0x2, 0x8, 0x0) wait4$auto(0x0, 0x0, 0x80000001, 0x0) ioctl$auto(0xffffffffffffffff, 0x5646, 0xffffffffffffffff) write$auto_ocfs2_control_fops_stack_user(0xffffffffffffffff, 0x0, 0x0) mmap$auto(0x0, 0x9, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) sysfs$auto(0x2, 0x7, 0x0) socketpair$auto(0x9, 0x2, 0x8000000000000000, 0x0) r0 = openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, &(0x7f0000008040), 0x321000, 0x0) ioctl$auto_I2C_SMBUS(r0, 0x720, 0x0) ioctl$auto(0xffffffffffffffff, 0x2400000, 0xffffffffffffffff) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x2) landlock_create_ruleset$auto(&(0x7f0000000000)={0x81, 0x8000000000001, 0xa}, 0xb, 0x0) landlock_restrict_self$auto(r1, 0x8) ioctl$auto_SNDRV_RAWMIDI_IOCTL_INFO(0xffffffffffffffff, 0x810c5701, &(0x7f00000002c0)={0x1, 0x5, 0xc03, 0xfffffffe, 0x5, "9e72bf5fd298f25f760daf40d7527b13cf13b6e8f2afd23ca604d0dfae64037e22ecfa03a4b785ad43a0977564809ba313564263ff7d59ce2f8000", "6955bf9f20e35b1e394553e3936c6d586e2e051af387dcf63188e74240c692179f73674a7773ca3bda3e16236b22ba96661cb21da85a82db879b35dd3dcdcd8740c9c4299af078d1a7e10a715656cb99", "8816edf8c15cb423b5b566230d5753875d4e92c46c9c00", 0x1, 0xf43, 0x9, "d8a90d43fb9e61d6f57083c1ba716e9f3e996d52e00ed1d700000000000085b17344ab42046ab9f44f51c0cbe535aba6017e8d12ec120600"}) 1.152757528s ago: executing program 0 (id=3015): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x20048840}, 0x4000804) lstat$auto(0x0, &(0x7f0000000180)={0xa, 0x10, 0x7131, 0xfbc, 0x0, 0x0, 0x0, 0x4, 0x26, 0xc, 0x40005, 0x9, 0x0, 0x2, 0x5b71}) move_mount$auto(0xffffffffffffffff, 0x0, 0x4, 0x0, 0x176) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/irq/13/actions\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000001280)=""/4124, 0x101c) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x89fc, &(0x7f0000000040)={'bridge0\x00'}) open_tree_attr$auto(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu/cgroup.procs\x00', 0x1, &(0x7f00000000c0)={0xe4, 0x37b60000, 0x8, @raw=0x34}, 0x800) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), r0) sendmsg$auto_NL80211_CMD_SET_SAR_SPECS(r2, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000000)={0x1c, r3, 0x20, 0x70bd2b, 0x25dfdbfb, {}, [@NL80211_ATTR_AP_ISOLATE={0x5, 0x60, 0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x400c080}, 0x0) 923.245971ms ago: executing program 0 (id=3016): setresuid$auto(0x8, 0x8, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x410040, 0x0) mmap$auto(0x6, 0x8, 0x4696, 0x97e, r0, 0x5) mmap$auto(0x0, 0x400006, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2b, 0x1, 0x1) io_uring_setup$auto(0x1ff, 0x0) setsockopt$auto(0x3, 0x1, 0xd, 0x0, 0x9) close_range$auto(0x2, 0xffffffffffffffff, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x2, 0x4, 0x3, 0x2, 0x400, 0xc, 0xe3, 0x400000000a, 0x3}, 0x6f4) 731.767488ms ago: executing program 0 (id=3017): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0x3, 0x0, 0xffd8) (async) read$auto(0xffffffffffffffff, 0x0, 0x20) (async) r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vbi15\x00', 0x802, 0x0) (async) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x101080, 0x0) vmsplice$auto(0x4, &(0x7f0000000040)={0x0, 0x80000000002}, 0x3, 0x4) (async) execve$auto(0x0, 0x0, 0x0) write$auto(0x3, 0x0, 0x1) (async) r1 = openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000400)='/sys/kernel/debug/usb/usbmon/0u\x00', 0x22202, 0x0) pread64$auto(r0, 0x0, 0xa, 0x8000000000005) read$auto_mon_fops_text_t_mon_text(r1, 0x0, 0x0) (async) r2 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async) mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) socket(0xb, 0x801, 0x84) setsockopt$auto(r1, 0x80, 0x3a, 0x0, 0x3) (async, rerun: 32) r3 = open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) (rerun: 32) write$auto_cachefiles_daemon_fops_internal(r3, &(0x7f00000000c0)='a', 0x1) (async, rerun: 32) socket(0x2, 0x2, 0x0) (async, rerun: 32) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) (async) capset$auto(0x0, 0x0) (async) setsockopt$auto(0x3, 0x0, 0x17, 0x0, 0x28) mmap$auto(0x0, 0x6, 0xdb, 0x9b72, 0xffffffffffffffff, 0x8000) (async, rerun: 64) setsockopt$auto(0x3, 0x800, 0x17, 0x0, 0x28) (rerun: 64) mmap$auto(0x52, 0x2, 0x6, 0xfffffffffffffffc, r1, 0x63de) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) write$auto(0x3, 0x0, 0xdfd5) (async) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0x12, 0x0, 0x9, 0x0, 0x1f, 0x8}, 0x6}, 0x9, 0xfffffeff) (async) bpf$auto(0x5, &(0x7f0000000100)=@bpf_attr_5={@target_ifindex, r1, 0x3, 0x90000000, r2, @relative_id=0xfffffffa, 0x8001}, 0x101) (async, rerun: 64) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/nr1/proto_down\x00', 0x3afe83, 0x0) (async, rerun: 64) sendfile$auto(0x3, 0x3, 0x0, 0x400000000002) 658.89929ms ago: executing program 2 (id=3018): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/v4l-subdev3\x00', 0x80000, 0x0) r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x2, 0x88) socket(0x22, 0x3, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/kernel/random/uuid\x00', 0x40400, 0x0) r1 = epoll_create$auto(0x8800001) epoll_ctl$auto(r1, 0x1, r0, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x28, 0x3, 0x73) io_uring_setup$auto(0x406, 0x0) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) capset$auto(&(0x7f0000000000)={0x5, 0xffffffffffffffff}, &(0x7f0000000040)={0x6, 0x9, 0x2}) process_vm_writev$auto(r2, &(0x7f0000000180)={&(0x7f0000000080)="d614b2085cfb41d8e3a116fc170894778b4d39c02a9fd21e2dd84014b4b8dad505f6a8d8eceab1fa4be70fcda7acf34fbadd7f02b76f5848829ffb979d6b1647f94559ac312a1eb46da9bf444f68bd7f51428218b12d052829c3895bd8695328563c33bc8132b2b76e5cc34a570944e1191710041b23dce4c6dfa5b0c5fcd4597f1e1c0672ad981980b9210273018d57bacb7cb8ca906a61375dd5dcd8097a01ec4ea9d49de866f2a308fca77b9cc107278019cf88ebdff3d04ea93ef722cde794", 0x2}, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)="e87799912ca6b1a66dc5cc64c928b6535c546cd2ce3f52f804a29ac63aca6d6bbb73ccb5f61f6428b00bb9f5942b39be5b3b6cd696b9bf8177cd7a4748381881db6c1695bef72cc72d753b18c3f45ac6f640c79a6b9e15694934caf6068d08025038b3cf640434af7c9032e07d6aa55c229ac85be7d2d6de81d512c6ce770400de75ab133a863d88f808bbbac1eb765a78ae29eb6fc62e60bdb9c01c91cd2a", 0xf12a}, 0x6, 0x8) io_uring_enter$auto(0x3, 0x4, 0xfffffffe, 0xcb, 0x0, 0x800049) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) (async) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/v4l-subdev3\x00', 0x80000, 0x0) (async) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) (async) socket(0x2, 0x2, 0x88) (async) socket(0x22, 0x3, 0x0) (async) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/kernel/random/uuid\x00', 0x40400, 0x0) (async) epoll_create$auto(0x8800001) (async) epoll_ctl$auto(r1, 0x1, r0, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) (async) socket(0x28, 0x3, 0x73) (async) io_uring_setup$auto(0x406, 0x0) (async) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) (async) getrandom$auto(0x0, 0x6000000, 0x3) (async) capset$auto(&(0x7f0000000000)={0x5, 0xffffffffffffffff}, &(0x7f0000000040)={0x6, 0x9, 0x2}) (async) process_vm_writev$auto(r2, &(0x7f0000000180)={&(0x7f0000000080)="d614b2085cfb41d8e3a116fc170894778b4d39c02a9fd21e2dd84014b4b8dad505f6a8d8eceab1fa4be70fcda7acf34fbadd7f02b76f5848829ffb979d6b1647f94559ac312a1eb46da9bf444f68bd7f51428218b12d052829c3895bd8695328563c33bc8132b2b76e5cc34a570944e1191710041b23dce4c6dfa5b0c5fcd4597f1e1c0672ad981980b9210273018d57bacb7cb8ca906a61375dd5dcd8097a01ec4ea9d49de866f2a308fca77b9cc107278019cf88ebdff3d04ea93ef722cde794", 0x2}, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)="e87799912ca6b1a66dc5cc64c928b6535c546cd2ce3f52f804a29ac63aca6d6bbb73ccb5f61f6428b00bb9f5942b39be5b3b6cd696b9bf8177cd7a4748381881db6c1695bef72cc72d753b18c3f45ac6f640c79a6b9e15694934caf6068d08025038b3cf640434af7c9032e07d6aa55c229ac85be7d2d6de81d512c6ce770400de75ab133a863d88f808bbbac1eb765a78ae29eb6fc62e60bdb9c01c91cd2a", 0xf12a}, 0x6, 0x8) (async) io_uring_enter$auto(0x3, 0x4, 0xfffffffe, 0xcb, 0x0, 0x800049) (async) 208.149274ms ago: executing program 0 (id=3019): r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dri/card2\x00', 0x480842, 0x0) write$auto(r0, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) getxattr$auto(0x0, 0x0, 0x0, 0x4f) ioctl$auto_SOUND_MIXER_READ_RECMASK(0xffffffffffffffff, 0x80044dfd, &(0x7f00000000c0)="d82f2e890190f8e19316b7b8b71e3d5cc66765441adbabb3fba968697104a082dfc5973e75b72bcdc6f0c7b5b4743b3cad1f97d31db44b9d09f0d3479160763c4c52dc2e197eab409dacd1bd86ff969e1284316979ee71711a60069e18c3ee81ea5b12904df43ad2725f5d2172ebac11ddf10dbcaf16d85552cc03942bc2d2ab65ae8dc808a414c95f9067128d9b9a96c9355ed4c415cfd1ab869fd06e9cb8ea4b51ea10cffed10ce3c4a6809b51bdb3c6f12287416678cabc35b943ad6c3e82a6f0da1357a5752f361094b6e5732a45a821e1b83e29f09f421247ddd69ce628f176db076cb3ad0161aa83fbd0bd2d6b619282389090d85a59f696eb") mmap$auto(0x0, 0x202000b, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) mmap$auto(0x0, 0x202000b, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x0) ioctl$auto_PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, &(0x7f0000000080)={0x6, 0x2, 0x910003, 0x7fffffffefff, 0xfffffffffffffffe, 0xffffffffffffffff, 0x20, 0x82, 0x5, 0x2, 0x1, 0x2}) (async) ioctl$auto_PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, &(0x7f0000000080)={0x6, 0x2, 0x910003, 0x7fffffffefff, 0xfffffffffffffffe, 0xffffffffffffffff, 0x20, 0x82, 0x5, 0x2, 0x1, 0x2}) r1 = socket(0xa, 0x801, 0x84) r2 = getpid() process_vm_readv$auto(r2, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) setsockopt$auto(r1, 0x10000000084, 0x9, 0x0, 0x9c) (async) setsockopt$auto(r1, 0x10000000084, 0x9, 0x0, 0x9c) r3 = socket(0x23, 0x80805, 0x0) setresuid$auto(0x0, 0x7, 0x8080) (async) setresuid$auto(0x0, 0x7, 0x8080) io_uring_setup$auto(0x1, 0x0) poll$auto(&(0x7f0000000040)={r3, 0x7, 0x8}, 0x80, 0x400400) setsockopt$auto(r4, 0x113, 0x1, 0x0, 0x81) (async) setsockopt$auto(r4, 0x113, 0x1, 0x0, 0x81) close_range$auto(0x2, 0x8, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) 0s ago: executing program 0 (id=3020): mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) (async) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_TDR_ACT(0xffffffffffffffff, 0x0, 0x800) (async) timer_create$auto(0x9, 0x0, 0x0) read$auto(0x3, 0x0, 0x8080) (async) socket(0xa, 0x1, 0x100) (async) write$auto(0x3, 0x0, 0xffd8) (async) unshare$auto(0x40000080) (async) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS1\x00', 0x20000, 0x0) ioctl$auto_TIOCGDEV2(r0, 0x5429, 0x0) (async) process_mrelease$auto(0xffffffffffffffff, 0xa) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) ioctl$auto_XFS_IOC_ALLOCSP64(r2, 0x40305824, &(0x7f00000000c0)={0x4, 0x1ff, 0x0, 0x400, 0x1ad, 0xffffffffffffffff}) getpgrp(r3) (async) mount$auto(0x0, 0xfffffffffffffffe, 0x0, 0x80, 0xfffffffffffffffe) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x3fd, 0x8000) (async) r4 = socketpair$auto(0x1e, 0x5, 0x3, 0x0) (async) semctl$auto(0x2, 0x0, 0x13, 0x7) (async) r5 = prctl$auto(0x23, 0xe, 0x0, 0x68, 0x0) (async) r6 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f00000003c0), 0x1541, 0x0) (async) write$auto(r1, &(0x7f0000000180)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8\xa6\xb6\xaa\x96/OX\xba\x02\xc5\xc6B\x1d}Y\xbc@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf\xd6f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8', 0x100000a3d6) (async) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/bus/usb/037/001\x00', 0x802, 0x0) (async) mmap$auto(0x1000000000, 0x100000400008, 0x1400000000000df, 0x4000009b73, r2, 0x8000) (async) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/admmidi2\x00', 0x40080, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x10000000000001ff, 0x7, 0xd3e, 0x20, 0x9687, 0x100000000000003, 0x3c2a19d5, 0x6, 0x3, 0x62, 0xd8, 0x7, 0x6d3f, 0x6, 0xa, 0xfffffffffffffffe]}, 0x0) (async) ioctl$auto_XFS_IOC_SWAPEXT(r5, 0xc0c0586d, &(0x7f0000000400)={0x7, @inferred=r6, @raw, 0x7, 0x800, '\x00', {0x9, 0x5, 0x7f, 0xee01, 0xffffffffffffffff, 0x9, 0x6, 0xfffffffffffffff7, {0xe, 0x3}, {0x6, 0xfffffffb}, {0x3, 0xe}, 0x5, 0x6, 0x7fffffff, 0xc341, 0x0, 0xf, 0x0, 0x7, 0x0, 0x5, '\x00', 0x6, 0x4, 0x28, 0x9}}) sendmsg$auto_NBD_CMD_STATUS(r4, &(0x7f00000029c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000002980)={&(0x7f00000017c0)=ANY=[@ANYBLOB="ac110000", @ANYRES16=0x0, @ANYBLOB="0c002abd7000fbdbdf25050000000c00050005150000000000000c0004000200000000000000170007800c002f000200000000000000572b6676d0f373000c00030009000000000000004d1109806f102f80faa2ff39366c39b3407eaa66b369266ce038dbe57f6112c5b534b926d57be05c7fab2944ea8c6b441cf735844cc08f954fb8695ff1fbac32119fe5a910127c6e8d5fd9f01b9dcf277cfc2368d396b03bf03e870299522d9d91bc37c8956de2e2254080fd78035067385f984e17a2a03a26b90d47ed0f2851ce3ceb1240609a56e219da956971bd9360c0c671da4ac332e32aad032cbe49a6bc63e009401ef981be53cbbb8d1248ad026bb962269eeaf5e81a77d411c0441766254922a238a8c9a8b90013e70ef55c6c460835611d74b315f1cc4592bbb5dc24c36d0925821e3d4dce5a1241a06fb648b64cb6c61b9eacbba20075dc2ba8b9f37cf236182984810b4a8b7d64bc356dbc82b81b8eab3c87ad68555504eb6ccb656284f22a08cc7e0573e11ab63f074860364664e17014ef653d5598a6b5676dc5afa3785e2c34621265bdff1cf7df245634001ce7d8c9357955a4483eff453074089be9910a77e2806de458d71c6613d6c926ef45e7b2331a6020f909e457225ad3845b15c4aa4acb0ce4ed6cb88e68bfc437ec4c33fb18b4792dd0eb52a9963f0e2979aed2db4aba76b99f9ce0852338bea4af623f7abf2281559027ad13c39fe712f13ffbc1a2ebb94e72f687b8041e09055f2671d6cbf3e75d87ad004705df5cf010e3044ad0b8ab10e121b1f9d82c7261214b28c28f4ad042d81d1b0475bd84a6a4bccb8c37dedfd57ad3434e0a498d175ae467401fc1854bb63760c04c347ccdb2c2a89c63fe2c6181e4594a9dc1240be63980c644e323b2cb92ddbd5cfce75f6ad3f2021c4790a4cc6899294ffae1f9241b8832e9ef6a9e044ca23801871c130ac5ab39c4d7788fdbb477b285af1e6f4f52b877571b5c5363bae9e21b4790f0fc6b264331df43a40b867428731a9058d01ca459fa02346bd5e819eaa008a46d47fec9a188778e69486dbb7925926276fc0f5f0ecb88427952f1c97d16e06f87391d45229fffa27ecd9377144c2238362993e036e75cf8003b811ed886400a1b45c0c0c8b8e4ce7dc6f86b94a7c5a5cdcb5aa6372dfa65af3c9f6a58b53b0c7ca13f44a981e3168bcfea65c907e176e6cd42a7c0755155b4e73a185bb52f93b0b9938c31e9d8c29933c42dbc2c933db12ecf365bb255cb72f33d99356e602e2d316957bd13133e35f46c02930613489d2686729fbebe470581f811531ccbed17124ea00a3d347ae703c0810ff4844037a2b60232e62c2dce93c6214318e833109a571e367ccbfd760aa3c23243518ef4d16c8015a96f35dc4bc0ede1ee22be08b6fd51066b60c03487ccc83d41d508c1551fc8fe1ade1cd7a847b2eced2e2e4c080786418e396c9b506f58dd54df065fcd21cf793cff209c87b2ea9a6f20a7934bee3e2a01f340e66df41087984a77f66879bbd97c31129e6919a201d3b5ef1e7b9e36f0f1a4b4054b1c258e9074dfbcdfe0ba04cc0338a6b37cfe2968eef36726c8034aab2ea0c8aa6ff31c79be35f3d62b695824d1354946330b339c88834d95331a06135d65ac93a5367162e1c25079592ce708e45516520f7077518abaec5af112aa7d9e94c1d9c4461b9ca9e347fc798ebfcbc37f311f6481ce447051f2fa4b536531138daeb2ec10bf053cf41a4a1a1d631aa07ec809e7601e2e2ab1f9c7c46f9c5c39130145e4ea3ddccf1ce3233f2f3af6d6fec4802a05cac55ee8138600598dd6936df78b20fa389b0c9d7d9fc07ede5deb8dcf553a517424e4cf02cbf465015880a42b23fcdb5eb4ff7877b0f048382d355f15cf86dfb18f3db8bef5321a44500b9b5a0b2492c894362bec2edaac0279331d06f7159a3b6e00fb18d924035a036f8106392a914b4ca1251dfb06ffeba6a42edc49c948795d84da7ab397f3223cf24efc42b1c8b3f942564ea83b6a4801790da24cfefdebad6f5e6390bd03aeca1e6f2401b8d87759c771872f01b188fbd3527cfcf21ffb4b305a9cda89ab78988e5cb2f54d21ad61812280c230a705bbfc8581eb4c227f20336a2584a1d7307759d572340b7b673177c7d77f3a632e5ba43f94f956380609cae72e31c4496c6e70bd02840239f94e05958bc9883340b9036200bead631320ce1d37d4bef7fbaa5a619772176c94c6b3d8a16f4b090e708d5defec10dec98172072e7401f6b499ed69e6e298c4208698fe0edebd3135226de244a2bd1080f6c38234f3b41c3b3ce5cf6e764ff2ee1b7560c939a99e405a240c09b824c5006bf335700b3a3100dfe78a9bd05a50e0c4d57a43f36f706f534f90b815e4b39b68e861d1ecde2c5becb57e59be728c8e608c2b3d444ac1d0b103c423a100e141664c2f974f334c5db79c9bfcebef0e99ba802330c844e1cf49ced7a2e60180bd36e4cfb7b3dc37bb6321a9182622be8561e284e37fb089e014cc702782a583ccf2eb6322c892e4e1ccef6618594072d5b0ec11e3a7c0831530eea1dd6606d07d699ff88fd61cee645347b215edcf6d695014e96752f221129b28226b7fd3359bbe77aca066dfe76647848fa2d4d74ebb999d552b6ea43cec8a98b2e910e762897f6fab850f384a07c990656d649df5ac8c944121f472927926c9b524a8c7c317d2eb772bbd9eaaf7c0fe4f2f0693827900e46be56053735e363efc5a22af0ce01d7d936f750eb3c07befa99bdda8ad48d194d48fac99e1a58f0abc756f58adfb8e5ca5056247a4c53f3309fd4e324b2ee38b6a2b9e4e1ff302e578e5c533696c1d95fad6c7bb661ec298ca1a54aeb479ff8c3377f21d25393470c3f616230e6bf4bf4614a1825f53fe84f171df5b1ddc94637393247a1ae0b41e6c630a783cbd050a89ec6d52381ba38ca1972a88b331ff8b1fbac07e22a961d9c89e62104e8d9cbb3a6d082a22996b719b5776fa3b6712864e2bdac90d420b861889f90cdd578581cb86efb711aa5d489a37eb4ae1b08f14fb750d4278040b2b91231bc8b1157ba9cc16dfec6d3cd48860283b155c8acbaa8ce777c7ac1b851ded3c40e55d04eb0812dfe657080c4c9f25dff2e6d093781c8b722ca743d62e5d334c59ee28a40b54c8c843c9d51d8b5e7832c56247c971ef25deaf0187fee94c3dc1221333b72118fc7565cf4ffeda8d81484016142d4197d8ee45372bb96d5251dfff084a1d62605e20561e7911eeb3ca8268a3b16ef820fd8a5e63521057c2a79271c19d8428c4fbc2c670d8d17c501b57531911f63e283b51304e2282e97a2f8899ab45ea16ce43d397f83985cb0af2eec02095b070209fb91e910a3765db981efcfac72d5376a917bdbeabd932719f71c96ce18d449765734673cc4199ff25013dbcc84a5087a4d291fca7cc4bbd407ef28831012a64101e0801fe0965f6f4e0fc71b01b01774af2c65e2ef49f14c0c1138ea0f7a140348084224492a4fe8936c754704f0224a19aab77ae0c6693cb98ea4e9ab5384d75bc3ad642fbe6408320fa897919b4e91be37d59f848fd397b4355a48c349b8cfd5cc9d92e853dd7e7a4f84cf732aad5074efdf9f8a6a917ee2e88ac501bb136ef0bba37c4091cab2939db169f40ca9d255fd20328924360c0f5c5bdef800f92f09911e563dab7f535e18bbc852f8b39fe030d966ce41bb49583364e2545774a4635f0bc316ef68e000812ce8c896fb634403b7de508bb574c787919d65c90c609cd92d89f5ff89ed4aaea0629e798cd83d2c67f8f6fcd3a975089f1edc7d670426450b4a609a6145ca28f4116cebc64d219482b9a6a7a014d6bda37d9c2a250a325bcd3a1397ab89eb9cef1e625786dc7243895cda2db3e367580a8050063fd99afdd247bba38f7b6e6609b64155e046355a9a81316844769bf35561345c440d092aa2a747d66ea75bc28b3a9783dae6ce3b4d1e57b2562b7d98bc8df6f4e364734f541cf2603dc63471cb0505c6f79ff33d48f554f6794deef9b22df1030ef7cd5615a0211de8022e208f97510980c08556861e43e67393e75f79feac6c76427443b3850da376c94948b806b87a6d66a9d5469ce2022c01169acc33d84a96c4193a38e8e3ccb63eabe39179efe218b89d03d6aa91caf14f627c3fcfc680fd31fb420e80279eafcc231fbcedb04961943da5c8939711398031cc324f187ee5b1ef0ab52620045131f4a65a2642d384b6861e467add4ab1a2a6725b07f2abcdde00e9704d667a10140733148f3558707cf2bab85f1c7787876a96f929c8f796f236b56a7b1780d78276530e67115bc0f3397f1d91f139126ac894ac8aa4bb9712ff006f864897aae997e2efc17e294f0d1f3aba34d36bace744e96b66589a9e5363909178b3b8febb5d878153c93f94bd2f92e59a2ff4a5ac47787952d109d9569d22f97e621154fdd36c2eed1949cceb2253d33defaf1269a1c40dc9c1cbe95e125d51872ebcb4bfaec7f4c040721cfcc1397cc21d29d8b59b07c2897ad9111249bb5a1456112e5f581e4492c88a10ed62c4b8dcd1d2d7f80f97f2014534edc4f33968ef7300014a115eb4fae613d239c5a6e915b1e57928b99643bfff5f34218fa3983c7a6737fc4146d4f9717f840afa68e2774a4a13851c9641f0fcac5ca6c1fdf528f97dbd41b05eb866059f44b896c96f1112c795be3029d0aa814656035f06a93139acb2fe07b7a31ee22b880956786d49a3fc8b024192733fc7be02d9faf17265e862d71b5d5e9faccc48e0c3adfe11c2e0f83f9aaeb2f8c5a01d4cadd7d24a3d609e9c016ed2a300d6abf09791da414120b84cc2868ffa25e20cbe302a7660d5ae2d6556db7cc91390c96bdc9b6b42a67da80a93b960f5e5c34f79da42d6e99de0053bf6d62a9f13930ba9a678dfc99dfad9a505bec21ce10f3ecc95212659c68048ac2130c7aeba8ba29b979a39d65ae19f1117e4dd928d358ce7fb740e8fcce26824151c4b0023a20817d125565e3a077ba6aa788116ab7a7eb18f5d08f90a05fa164694d984024a6e308a4c9a919c3a22fdef1de2adc0d4fb5123c35bef9f1573f99a649a50237e15fcdc119571868beb4f697062bfa5cabff998f2d6c5d3b3c41092356621b888483af584b3508edd6fea41a246785894634b178918793953c88aa5fdbd1a1a117110761cf5743b7682f964a61b5d57bc6dceefa8016099e8cba1d4b56641684f2109cd6ad4bb44315b14ba3046e321ae3f1ccf7d2ce3f65f7c53582b4ab4bf1567fca97d3871198295a1737f5f7d701d6c6236c9625e2bbf4fc77871ddbf363acc19fee90464496592a25de54e9160767500bde4ebc10517a65ebfefd99dd30f5289b924e0d0ace6bb1dbf2cded48b0cc31a618c8f7aa44b25dafeb8cd13df358b5c245405e5cadcede225ee96eac937382323c3b57a149c4b7d0f4dd2ed93e4a73516caac61a1749e9ca320a84a4f82b2377c8fb9d1fbfdb3e780a0555c31155ebaf3f1d54e001dd7592d2887672e54d4eefcf389dc49fc9ab1aa905abc7df7d91bd1d0e8299bf0e976cadfce57ab5077746f7cc626add83981011c592a4f7344771558054b149673dde36738a6192651fb04ceed4a93a718666218cfe3af7a8ef2cacd8effc4fe8f07021b140064dc5205d47bb775d1a82ea700462250542c1e0404011aa37ee3fc125e086c039132e90c446549ea0266daf98dcabe522229e2419c1937823ebd124a1810d5bf6122792cdc801e7eb0a212a1f3d9bbe27786a6698331562d658de03b89c0d5ae230e02107d4aaddc6603890f22fd8d41667bc2cfcd6daa106bb3bd5351ecd0602310cc92a9255a69440998b3b8fe20cbec479a836cd2dde3d9779450800c400", @ANYRES32=0xee01, @ANYBLOB="0b008c005e23f25ca82a0000e4ca28927930163dbfee4ff7cdd69ec2dd8fed8a706134988e12e5151478fc81f6c2803916a08b881288812b5968bd336b8439d8934f4bf352e21d5ecd812c9eff2ec54a1834d1ba37a1cb1eafdac008001b00ac14141a000c002200060000000000000008003300", @ANYRES32=r7, @ANYBLOB="4e8f08ddb25d5a2af9645f2fd51290055a150863b00287937f06a62faa4bd51755473b4253bc3edadf9a86d5a7f54016f4da8c21c70b2128589533a6126def39e518ad2c02fed53dc43a3ab581de7ecee4d991e65d8c7a361096b114ec1fb6c56436bb15e0cf23391a2c3b127aa2d0899ec4b6d7c3a6c2a9e18eafbd5d8a27705d618a69962a11b318c7a4a327f18e53d7609b3000f3acc53eccb589438827935dffa48c945311f5799d647f183a97d26dce17d5d7fb54bf6a8029df2ccdb478521f4e36b90000000c0004000800000000000000"], 0x11ac}, 0x1, 0x0, 0x0, 0x200080c4}, 0xc054) (async) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xfffffffffffffffb, 0x1, 0x4, 0x3, 0x3, 0x3, 0xffffffffffffffff, 0x3, 0x8000000000400000, 0x3, 0x6d3c, 0x3, 0x2, 0x800000000000000a]}, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) readv$auto(0xffffffffffffffff, &(0x7f0000001780)={0x0, 0x400}, 0x7f) kernel console output (not intermixed with test programs): : type=1800 audit(4294967905.840:179): pid=16042 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2181" name="sr0" dev="devtmpfs" ino=2826 res=0 errno=0 [ 791.380336][T16059] ubi31: attaching mtd0 [ 791.516574][T16059] ubi31: scanning is finished [ 791.575691][T16072] netlink: 326 bytes leftover after parsing attributes in process `syz.4.2186'. [ 791.652591][T16059] ubi31 error: ubi_read_volume_table: the layout volume was not found [ 791.901009][T16059] ubi31 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 793.366042][T16069] Process accounting paused [ 793.742050][T16094] vivid-007: ================= START STATUS ================= [ 793.742084][T16094] vivid-007: Enable Output Cropping: true [ 793.742139][T16094] vivid-007: Enable Output Composing: true [ 793.742164][T16094] vivid-007: Enable Output Scaler: true [ 793.742189][T16094] vivid-007: Tx RGB Quantization Range: Automatic [ 793.742214][T16094] vivid-007: Transmit Mode: HDMI [ 793.742238][T16094] vivid-007: Hotplug Present: 0x00000000 [ 793.742264][T16094] vivid-007: RxSense Present: 0x00000000 [ 793.742289][T16094] vivid-007: EDID Present: 0x00000000 [ 793.742314][T16094] vivid-007: ================== END STATUS ================== [ 794.026653][T16098] FAULT_INJECTION: forcing a failure. [ 794.026653][T16098] name failslab, interval 1, probability 0, space 0, times 0 [ 794.026715][T16098] CPU: 0 UID: 0 PID: 16098 Comm: syz.0.2195 Tainted: G L syzkaller #0 PREEMPT(full) [ 794.026747][T16098] Tainted: [L]=SOFTLOCKUP [ 794.026755][T16098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 794.026769][T16098] Call Trace: [ 794.026777][T16098] [ 794.026785][T16098] dump_stack_lvl+0x100/0x190 [ 794.026826][T16098] should_fail_ex.cold+0x5/0xa [ 794.026854][T16098] should_failslab+0xc2/0x120 [ 794.026881][T16098] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 794.026919][T16098] ? proc_alloc_inode+0x25/0x200 [ 794.026959][T16098] ? __pfx_proc_alloc_inode+0x10/0x10 [ 794.026997][T16098] proc_alloc_inode+0x25/0x200 [ 794.027032][T16098] alloc_inode+0x68/0x250 [ 794.027066][T16098] new_inode+0x22/0x1c0 [ 794.027101][T16098] proc_pid_make_inode+0x22/0x160 [ 794.027138][T16098] proc_pident_instantiate+0x85/0x310 [ 794.027178][T16098] proc_pident_lookup+0x1e3/0x270 [ 794.027221][T16098] lookup_open.isra.0+0x631/0x11b0 [ 794.027264][T16098] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 794.027318][T16098] ? lookup_fast+0x2da/0x600 [ 794.027358][T16098] path_openat+0xa98/0x31a0 [ 794.027393][T16098] ? __pfx_path_openat+0x10/0x10 [ 794.027430][T16098] do_file_open+0x20e/0x430 [ 794.027458][T16098] ? __pfx_do_file_open+0x10/0x10 [ 794.027495][T16098] ? __pfx_kfree_link+0x10/0x10 [ 794.027537][T16098] ? alloc_fd+0x476/0x790 [ 794.027573][T16098] ? do_getname+0x191/0x390 [ 794.027607][T16098] do_sys_openat2+0x10d/0x1e0 [ 794.027640][T16098] ? __pfx_do_sys_openat2+0x10/0x10 [ 794.027684][T16098] __x64_sys_openat+0x12d/0x210 [ 794.027718][T16098] ? __pfx___x64_sys_openat+0x10/0x10 [ 794.027762][T16098] do_syscall_64+0x106/0xf80 [ 794.027787][T16098] ? clear_bhb_loop+0x40/0x90 [ 794.027816][T16098] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 794.027840][T16098] RIP: 0033:0x7fb2de99c819 [ 794.027859][T16098] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 794.027881][T16098] RSP: 002b:00007fb2df8e7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 794.027904][T16098] RAX: ffffffffffffffda RBX: 00007fb2dec16180 RCX: 00007fb2de99c819 [ 794.027920][T16098] RDX: 0000000000008000 RSI: 000020000000c340 RDI: ffffffffffffff9c [ 794.027935][T16098] RBP: 00007fb2dea32c91 R08: 0000000000000000 R09: 0000000000000000 [ 794.027948][T16098] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 794.027962][T16098] R13: 00007fb2dec16218 R14: 00007fb2dec16180 R15: 00007fffbe815388 [ 794.027992][T16098] [ 795.093056][ T30] audit: type=1800 audit(4294967910.240:180): pid=16104 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2196" name="sr0" dev="devtmpfs" ino=2826 res=0 errno=0 [ 795.880211][T16116] netlink: 420 bytes leftover after parsing attributes in process `syz.2.2200'. [ 797.326426][ T30] audit: type=1800 audit(4294967912.460:181): pid=16124 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2201" name="sr0" dev="devtmpfs" ino=2826 res=0 errno=0 [ 798.033531][T16131] netlink: 264 bytes leftover after parsing attributes in process `syz.0.2203'. [ 798.144286][T16129] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 798.288839][T16129] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 798.288967][T16129] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 798.289085][T16129] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 798.707128][ T30] audit: type=1806 audit(4294967913.850:182): xattr="." res=0 [ 800.369722][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 800.375857][ T51] Bluetooth: hci4: command 0x0406 tx timeout [ 800.382126][T14089] Bluetooth: hci1: command 0x0c1a tx timeout [ 800.460832][T16169] netlink: zone id is out of range [ 800.626126][T16169] netlink: set zone limit has 8 unknown bytes [ 800.696360][T16162] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 800.746789][T16162] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 800.800687][T16162] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 800.837462][T16162] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 801.167821][T16179] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2215'. [ 802.049799][T14089] Bluetooth: hci0: command 0x0c1a tx timeout [ 802.778805][T14089] Bluetooth: hci1: command 0x0c1a tx timeout [ 802.849501][T14089] Bluetooth: hci2: command 0x0c1a tx timeout [ 802.855606][T14089] Bluetooth: hci4: command 0x0406 tx timeout [ 803.122225][T16203] NFSD: Failed to start, no listeners configured. [ 803.523577][T16214] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2222'. [ 805.870725][ T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 805.883279][ T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 805.894718][ T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 805.902827][ T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 805.910552][ T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 806.242529][ T30] audit: type=1800 audit(4294967921.390:183): pid=16225 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2224" name="sr0" dev="devtmpfs" ino=2826 res=0 errno=0 [ 807.296105][ T9212] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 807.802524][ T9212] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 807.863871][T16248] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 807.921768][T16248] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 807.970524][ T51] Bluetooth: hci3: command tx timeout [ 807.977551][T16248] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 808.056872][T16248] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 808.108470][T16248] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 808.220896][T16248] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 808.378729][ T9212] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 808.841498][ T9212] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 808.860041][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.866379][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 809.111859][T16231] chnl_net:caif_netlink_parms(): no params data found [ 809.734684][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 809.969720][ T51] Bluetooth: hci4: command 0x0406 tx timeout [ 810.049823][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 810.129760][ T51] Bluetooth: hci3: command 0x040f tx timeout [ 810.502453][ T9212] team0: left allmulticast mode [ 810.507417][ T9212] team0: left promiscuous mode [ 810.557161][ T9212] team_slave_0: left promiscuous mode [ 810.591796][ T9212] bridge0: port 4(team0) entered disabled state [ 810.651113][ T9212] batadv0: left allmulticast mode [ 810.679782][ T9212] batadv0: left promiscuous mode [ 810.684986][ T9212] bridge0: port 3(batadv0) entered disabled state [ 810.791791][ T9212] bridge_slave_1: left allmulticast mode [ 810.830876][ T9212] bridge_slave_1: left promiscuous mode [ 810.836767][ T9212] bridge0: port 2(bridge_slave_1) entered disabled state [ 810.932570][ T9212] bridge_slave_0: left allmulticast mode [ 810.938493][ T9212] bridge_slave_0: left promiscuous mode [ 810.987319][ T9212] bridge0: port 1(bridge_slave_0) entered disabled state [ 811.672490][ T9212] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 811.723530][ T9212] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 811.773104][ T9212] bond0 (unregistering): Released all slaves [ 811.954611][T16231] bridge0: port 1(bridge_slave_0) entered blocking state [ 812.003785][T16231] bridge0: port 1(bridge_slave_0) entered disabled state [ 812.077748][T16231] bridge_slave_0: entered allmulticast mode [ 812.147506][T16231] bridge_slave_0: entered promiscuous mode [ 812.202281][ T9212] tipc: Left network mode [ 812.210063][ T51] Bluetooth: hci3: command 0x040f tx timeout [ 812.235495][T16231] bridge0: port 2(bridge_slave_1) entered blocking state [ 812.316532][T16231] bridge0: port 2(bridge_slave_1) entered disabled state [ 812.391652][T16231] bridge_slave_1: entered allmulticast mode [ 812.439539][T16231] bridge_slave_1: entered promiscuous mode [ 812.754717][T16231] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 812.914462][T16231] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 813.234004][T16290] netlink: 338 bytes leftover after parsing attributes in process `syz.4.2237'. [ 813.378873][T16231] team0: Port device team_slave_0 added [ 813.431067][T16231] team0: Port device team_slave_1 added [ 814.150076][T16231] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 814.157086][T16231] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 814.272235][ T30] audit: type=1800 audit(4294967929.410:184): pid=16287 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2236" name="sr0" dev="devtmpfs" ino=2826 res=0 errno=0 [ 814.328653][ T51] Bluetooth: hci3: command 0x040f tx timeout [ 814.488609][T16231] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 814.691319][T16231] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 814.761399][T16231] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 815.017741][T16231] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 815.105497][T16311] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 815.142296][T16311] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 815.211311][T16311] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 815.263046][T16311] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 815.763680][T16231] hsr_slave_0: entered promiscuous mode [ 815.771655][T16320] zswap: compressor 000 not available [ 815.821036][T16231] hsr_slave_1: entered promiscuous mode [ 815.827867][T16231] debugfs: 'hsr0' already exists in 'hsr' [ 815.919868][T16231] Cannot create hsr debugfs directory [ 816.225991][ T9212] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 816.300310][ T9212] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 816.377075][ T9212] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 816.420633][ T9212] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 816.489275][T16337] netlink: zone id is out of range [ 816.507042][ T9212] veth1_macvtap: left promiscuous mode [ 816.538094][ T9212] veth0_macvtap: left promiscuous mode [ 816.578928][ T9212] veth0_vlan: left promiscuous mode [ 816.613906][T16337] netlink: set zone limit has 8 unknown bytes [ 816.850378][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 817.169797][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 817.176055][ T51] Bluetooth: hci4: command 0x0406 tx timeout [ 817.249504][T14089] Bluetooth: hci3: command 0x040f tx timeout [ 817.699843][ T9212] team0 (unregistering): Port device team_slave_0 removed [ 819.330619][T14089] Bluetooth: hci3: command 0x040f tx timeout [ 821.001847][T16380] netlink: 338 bytes leftover after parsing attributes in process `syz.2.2253'. [ 821.549769][T16388] netlink: zone id is out of range [ 821.631447][T16231] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 821.712412][T16388] netlink: set zone limit has 8 unknown bytes [ 821.745020][T16231] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 821.897500][T16231] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 822.063263][T16231] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 822.155524][ T30] audit: type=1800 audit(4294967937.300:185): pid=16383 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2251" name="sr0" dev="devtmpfs" ino=2826 res=0 errno=0 [ 822.865065][T16231] 8021q: adding VLAN 0 to HW filter on device bond0 [ 823.150143][T16231] 8021q: adding VLAN 0 to HW filter on device team0 [ 823.297452][ T9211] bridge0: port 1(bridge_slave_0) entered blocking state [ 823.304684][ T9211] bridge0: port 1(bridge_slave_0) entered forwarding state [ 823.360483][T16418] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2258'. [ 823.454282][ T9211] bridge0: port 2(bridge_slave_1) entered blocking state [ 823.461550][ T9211] bridge0: port 2(bridge_slave_1) entered forwarding state [ 823.759217][T16231] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 823.949469][T16231] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 823.993452][T16428] netlink: 'syz.4.2259': attribute type 11 has an invalid length. [ 824.082012][T16428] netlink: 'syz.4.2259': attribute type 11 has an invalid length. [ 824.215192][T16428] netlink: 'syz.4.2259': attribute type 11 has an invalid length. [ 824.243288][T16424] Process accounting resumed [ 825.114005][T16448] can: request_module (can-proto-4) failed. [ 825.497090][T16231] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 825.656576][T16460] netlink: zone id is out of range [ 825.678047][T16461] FAULT_INJECTION: forcing a failure. [ 825.678047][T16461] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 825.841181][T16461] CPU: 0 UID: 0 PID: 16461 Comm: syz.2.2264 Tainted: G L syzkaller #0 PREEMPT(full) [ 825.841219][T16461] Tainted: [L]=SOFTLOCKUP [ 825.841227][T16461] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 825.841241][T16461] Call Trace: [ 825.841248][T16461] [ 825.841257][T16461] dump_stack_lvl+0x100/0x190 [ 825.841298][T16461] should_fail_ex.cold+0x5/0xa [ 825.841326][T16461] _copy_from_user+0x2e/0xd0 [ 825.841358][T16461] copy_msghdr_from_user+0x9f/0x4f0 [ 825.841391][T16461] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 825.841437][T16461] ___sys_sendmsg+0x106/0x1e0 [ 825.841470][T16461] ? __pfx____sys_sendmsg+0x10/0x10 [ 825.841535][T16461] __sys_sendmsg+0x170/0x220 [ 825.841559][T16461] ? __pfx___sys_sendmsg+0x10/0x10 [ 825.841601][T16461] do_syscall_64+0x106/0xf80 [ 825.841667][T16461] ? clear_bhb_loop+0x40/0x90 [ 825.841696][T16461] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 825.841721][T16461] RIP: 0033:0x7fc31319c819 [ 825.841740][T16461] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 825.841764][T16461] RSP: 002b:00007fc314044028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 825.841786][T16461] RAX: ffffffffffffffda RBX: 00007fc313416090 RCX: 00007fc31319c819 [ 825.841828][T16461] RDX: 0000000002000014 RSI: 0000200000000cc0 RDI: 0000000000000003 [ 825.841843][T16461] RBP: 00007fc314044090 R08: 0000000000000000 R09: 0000000000000000 [ 825.841858][T16461] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 825.841872][T16461] R13: 00007fc313416128 R14: 00007fc313416090 R15: 00007ffea992cc58 [ 825.841907][T16461] [ 826.195498][T16231] veth0_vlan: entered promiscuous mode [ 826.244382][T16231] veth1_vlan: entered promiscuous mode [ 826.536519][T16231] veth0_macvtap: entered promiscuous mode [ 826.691060][T16231] veth1_macvtap: entered promiscuous mode [ 826.812665][T16231] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 826.924856][T16231] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 827.116963][ T9210] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 827.140941][T16475] FAULT_INJECTION: forcing a failure. [ 827.140941][T16475] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 827.180723][ T9210] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 827.239733][T16475] CPU: 0 UID: 0 PID: 16475 Comm: syz.2.2267 Tainted: G L syzkaller #0 PREEMPT(full) [ 827.239771][T16475] Tainted: [L]=SOFTLOCKUP [ 827.239786][T16475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 827.239801][T16475] Call Trace: [ 827.239809][T16475] [ 827.239818][T16475] dump_stack_lvl+0x100/0x190 [ 827.239859][T16475] should_fail_ex.cold+0x5/0xa [ 827.239887][T16475] _copy_from_user+0x2e/0xd0 [ 827.239920][T16475] copy_msghdr_from_user+0x9f/0x4f0 [ 827.239954][T16475] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 827.239999][T16475] ___sys_sendmsg+0x106/0x1e0 [ 827.240033][T16475] ? __pfx____sys_sendmsg+0x10/0x10 [ 827.240098][T16475] __sys_sendmsg+0x170/0x220 [ 827.240122][T16475] ? __pfx___sys_sendmsg+0x10/0x10 [ 827.240163][T16475] do_syscall_64+0x106/0xf80 [ 827.240189][T16475] ? clear_bhb_loop+0x40/0x90 [ 827.240219][T16475] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 827.240244][T16475] RIP: 0033:0x7fc31319c819 [ 827.240263][T16475] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 827.240286][T16475] RSP: 002b:00007fc314065028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 827.240308][T16475] RAX: ffffffffffffffda RBX: 00007fc313415fa0 RCX: 00007fc31319c819 [ 827.240324][T16475] RDX: 000000000400c880 RSI: 0000200000000000 RDI: 0000000000000003 [ 827.240339][T16475] RBP: 00007fc314065090 R08: 0000000000000000 R09: 0000000000000000 [ 827.240353][T16475] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 827.240366][T16475] R13: 00007fc313416038 R14: 00007fc313415fa0 R15: 00007ffea992cc58 [ 827.240396][T16475] [ 827.633217][T16460] netlink: set zone limit has 8 unknown bytes [ 827.852026][ T9210] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 827.863916][ T9210] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 828.176593][T16480] netlink: Unknown conntrack attr (type=335, max=9) [ 828.589691][ T1145] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 828.641943][ T1145] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 828.816369][T16485] netlink: 334 bytes leftover after parsing attributes in process `syz.4.2269'. [ 828.850458][ T1145] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 828.858678][ T1145] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 829.413240][T16496] Format for deleting device is "id" (uint). [ 829.889962][T14089] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 832.127794][T16533] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 832.181512][T16533] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 832.248352][T16533] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 832.306591][T16533] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 832.983115][T16555] mkiss: ax0: crc mode is auto. [ 833.591545][T14089] Bluetooth: hci0: unexpected event 0x34 length: 2 < 6 [ 833.729872][T14089] Bluetooth: hci0: command 0x0c1a tx timeout [ 834.212805][T14089] Bluetooth: hci4: command 0x0406 tx timeout [ 834.290382][T14089] Bluetooth: hci2: command 0x0c1a tx timeout [ 834.369769][T14089] Bluetooth: hci3: command 0x040f tx timeout [ 834.420555][T16575] sd 0:0:1:0: PR command failed: 1026 [ 834.549268][T16575] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 834.762404][T16575] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 835.380123][ T30] audit: type=1800 audit(4294967950.510:186): pid=16579 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2286" name="sr0" dev="devtmpfs" ino=2826 res=0 errno=0 [ 836.541557][T16599] netlink: Unknown nat attribute (0) [ 837.562822][T16604] zswap: compressor 000 not available [ 838.754466][T16618] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 838.820294][T16618] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 838.826756][T16618] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 838.952061][T16618] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 840.210361][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 840.853069][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 840.859226][ T51] Bluetooth: hci4: command 0x0406 tx timeout [ 841.010531][ T51] Bluetooth: hci3: command 0x040f tx timeout [ 842.115451][ T30] audit: type=1800 audit(4294967957.260:187): pid=16657 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2301" name="dbroot" dev="configfs" ino=122808 res=0 errno=0 [ 843.462468][T16663] blktrace: Concurrent blktraces are not allowed on loop2 [ 843.995293][T14089] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 844.009773][T14089] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 844.021056][T14089] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 844.029108][T14089] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 844.039852][T14089] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 845.874794][T16665] chnl_net:caif_netlink_parms(): no params data found [ 845.929953][ T30] audit: type=1800 audit(4294967961.060:188): pid=16670 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2307" name="sr0" dev="devtmpfs" ino=2826 res=0 errno=0 [ 846.131550][T14089] Bluetooth: hci1: command tx timeout [ 846.727282][T16688] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 846.805501][T16688] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 846.842342][T16688] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 846.909531][T16688] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 846.915673][T16688] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 847.038568][T16665] bridge0: port 1(bridge_slave_0) entered blocking state [ 847.091532][T16665] bridge0: port 1(bridge_slave_0) entered disabled state [ 847.110572][T16688] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 847.158793][T16665] bridge_slave_0: entered allmulticast mode [ 847.239742][T16665] bridge_slave_0: entered promiscuous mode [ 847.574658][T16665] bridge0: port 2(bridge_slave_1) entered blocking state [ 847.607481][T16706] netlink: 'syz.4.2315': attribute type 1 has an invalid length. [ 847.649889][T16665] bridge0: port 2(bridge_slave_1) entered disabled state [ 847.657281][T16665] bridge_slave_1: entered allmulticast mode [ 847.693643][T16706] netlink: 306 bytes leftover after parsing attributes in process `syz.4.2315'. [ 847.747190][T16665] bridge_slave_1: entered promiscuous mode [ 848.131774][T14089] Bluetooth: hci4: command 0x0406 tx timeout [ 848.140006][T16708] netlink: Unknown nat attribute (0) [ 848.162529][T16665] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 848.226829][T16665] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 848.507906][T16665] team0: Port device team_slave_0 added [ 848.561807][T16665] team0: Port device team_slave_1 added [ 848.814122][T16665] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 848.848105][T16721] blktrace: Concurrent blktraces are not allowed on loop2 [ 848.855996][T14089] Bluetooth: hci3: command 0x040f tx timeout [ 848.862372][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 848.889962][T16665] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 848.930576][T14089] Bluetooth: hci1: command 0x040f tx timeout [ 849.082040][T16665] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 849.183082][T16665] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 849.193688][T16724] netlink: zone id is out of range [ 849.237526][T16665] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 849.318868][T16724] netlink: set zone limit has 8 unknown bytes [ 849.450944][T16665] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 849.823535][T16665] hsr_slave_0: entered promiscuous mode [ 849.862174][T16665] hsr_slave_1: entered promiscuous mode [ 849.901905][T16665] debugfs: 'hsr0' already exists in 'hsr' [ 849.952048][T16665] Cannot create hsr debugfs directory [ 850.402571][T16733] block2mtd: illegal erase size [ 851.009601][T14089] Bluetooth: hci1: command 0x040f tx timeout [ 852.231221][T16665] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 852.369052][T16665] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 852.397969][T16756] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 852.527410][T16665] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 852.733638][T16665] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 853.081572][T16754] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 853.090959][T14089] Bluetooth: hci1: command 0x040f tx timeout [ 853.142385][T16754] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 853.170456][T16754] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 853.243601][T16754] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 853.580319][T16775] netlink: zone id is out of range [ 853.722896][T16665] 8021q: adding VLAN 0 to HW filter on device bond0 [ 853.745425][T16775] netlink: set zone limit has 8 unknown bytes [ 854.052592][T16665] 8021q: adding VLAN 0 to HW filter on device team0 [ 854.119140][T16786] Invalid ELF header magic: != ELF [ 854.164182][ T9219] bridge0: port 1(bridge_slave_0) entered blocking state [ 854.171478][ T9219] bridge0: port 1(bridge_slave_0) entered forwarding state [ 854.300652][ T9219] bridge0: port 2(bridge_slave_1) entered blocking state [ 854.307880][ T9219] bridge0: port 2(bridge_slave_1) entered forwarding state [ 854.403578][T16773] Process accounting paused [ 854.450175][T14089] Bluetooth: hci4: command 0x0406 tx timeout [ 854.637477][T16665] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 854.750844][T16665] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 855.093524][T14089] Bluetooth: hci2: command 0x0c1a tx timeout [ 855.171848][T14089] Bluetooth: hci3: command 0x040f tx timeout [ 855.342508][T14089] Bluetooth: hci1: command 0x040f tx timeout [ 856.635871][T16665] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 857.085921][ T30] audit: type=1800 audit(4294967972.230:189): pid=16814 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2335" name="sr0" dev="devtmpfs" ino=2826 res=0 errno=0 [ 857.303998][T16665] veth0_vlan: entered promiscuous mode [ 857.395714][T16665] veth1_vlan: entered promiscuous mode [ 857.409723][T14089] Bluetooth: hci1: command 0x040f tx timeout [ 857.595303][T16665] veth0_macvtap: entered promiscuous mode [ 857.905474][T16665] veth1_macvtap: entered promiscuous mode [ 858.072553][T16665] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 858.144456][T16665] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 858.320074][ T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 858.618692][ T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 858.697314][ T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 858.874842][ T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 859.581912][ T9218] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 859.638458][ T9218] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 859.982831][ T1145] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 860.030861][T16839] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 860.055385][ T1145] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 860.091158][T16839] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 860.142907][T16839] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 860.193470][T16839] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 861.490440][T16861] netlink: Unknown nat attribute (0) [ 861.734429][T14089] Bluetooth: hci4: command 0x0406 tx timeout [ 861.841054][T16855] zswap: compressor not available [ 862.053904][T14089] Bluetooth: hci2: command 0x0c1a tx timeout [ 862.129625][T14089] Bluetooth: hci3: command 0x040f tx timeout [ 862.211984][T14089] Bluetooth: hci1: command 0x040f tx timeout [ 862.908669][T16850] openvswitch: netlink: IP tunnel TTL not specified. [ 863.338686][ T30] audit: type=1800 audit(4294967978.480:190): pid=16888 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2346" name="dbroot" dev="configfs" ino=132949 res=0 errno=0 [ 864.534331][T16905] netlink: Unknown nat attribute (0) [ 865.121407][T16908] random: crng reseeded on system resumption [ 866.657658][T14089] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 866.657692][T14089] Bluetooth: hci1: unexpected subevent 0x06 length: 725 > 10 [ 868.154085][T16940] zswap: compressor not available [ 868.365743][ T30] audit: type=1800 audit(4294967983.500:191): pid=16949 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2364" name="dbroot" dev="configfs" ino=135260 res=0 errno=0 [ 868.690944][T14089] Bluetooth: hci1: command 0x040f tx timeout [ 869.841187][T16964] random: crng reseeded on system resumption [ 870.085071][T16964] hub 1-0:1.0: USB hub found [ 870.140403][T16964] hub 1-0:1.0: 1 port detected [ 870.295355][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.302480][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 870.832696][T16976] FAULT_INJECTION: forcing a failure. [ 870.832696][T16976] name fail_futex, interval 1, probability 0, space 0, times 0 [ 870.949301][T16976] CPU: 0 UID: 0 PID: 16976 Comm: syz.4.2374 Tainted: G L syzkaller #0 PREEMPT(full) [ 870.949343][T16976] Tainted: [L]=SOFTLOCKUP [ 870.949352][T16976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 870.949367][T16976] Call Trace: [ 870.949375][T16976] [ 870.949384][T16976] dump_stack_lvl+0x100/0x190 [ 870.949433][T16976] should_fail_ex.cold+0x5/0xa [ 870.949463][T16976] get_futex_key+0x1d2/0x1620 [ 870.949497][T16976] ? __pfx_get_futex_key+0x10/0x10 [ 870.949534][T16976] ? lock_acquire+0x1cf/0x380 [ 870.949568][T16976] futex_wait_setup+0x83/0x510 [ 870.949616][T16976] __futex_wait+0x19f/0x300 [ 870.949658][T16976] ? __pfx___futex_wait+0x10/0x10 [ 870.949696][T16976] ? __lock_acquire+0x4a5/0x2630 [ 870.949732][T16976] ? __pfx_futex_wake_mark+0x10/0x10 [ 870.949774][T16976] ? futex_hash+0x2c5/0x380 [ 870.949813][T16976] futex_wait+0xed/0x380 [ 870.949852][T16976] ? __pfx_futex_wait+0x10/0x10 [ 870.949898][T16976] ? kmem_cache_free+0x5d2/0x6a0 [ 870.949939][T16976] do_futex+0x1ef/0x350 [ 870.949973][T16976] ? __pfx_do_futex+0x10/0x10 [ 870.950004][T16976] ? __pfx_do_sys_openat2+0x10/0x10 [ 870.950046][T16976] __x64_sys_futex+0x34f/0x4d0 [ 870.950080][T16976] ? __x64_sys_openat+0x12d/0x210 [ 870.950116][T16976] ? __pfx___x64_sys_futex+0x10/0x10 [ 870.950161][T16976] do_syscall_64+0x106/0xf80 [ 870.950187][T16976] ? clear_bhb_loop+0x40/0x90 [ 870.950217][T16976] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 870.950242][T16976] RIP: 0033:0x7f40a819c819 [ 870.950262][T16976] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 870.950286][T16976] RSP: 002b:00007f40a8fb80e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 870.950309][T16976] RAX: ffffffffffffffda RBX: 00007f40a8415fa8 RCX: 00007f40a819c819 [ 870.950325][T16976] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f40a8415fa8 [ 870.950339][T16976] RBP: 00007f40a8415fa0 R08: 0000000000000000 R09: 0000000000000000 [ 870.950353][T16976] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 870.950368][T16976] R13: 00007f40a8416038 R14: 00007fff2a050f60 R15: 00007fff2a051048 [ 870.950399][T16976] [ 871.463483][T16980] futex_wake_op: syz.1.2375 tries to shift op by -2048; fix this program [ 871.503483][T16980] futex_wake_op: syz.1.2375 tries to shift op by -2048; fix this program [ 873.763215][ T30] audit: type=1800 audit(4294967299.210:192): pid=16987 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2376" name="sr0" dev="devtmpfs" ino=2826 res=0 errno=0 [ 874.118053][ T30] audit: type=1800 audit(4294967299.560:193): pid=17002 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2378" name="dbroot" dev="configfs" ino=137852 res=0 errno=0 [ 874.319485][T16994] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 876.683203][T17044] netlink: 'syz.1.2386': attribute type 2 has an invalid length. [ 876.964506][T17036] zswap: compressor not available [ 878.165787][T14089] Bluetooth: hci4: ISO packet for unknown connection handle 0 [ 878.404331][T17052] netlink: zone id is out of range [ 878.534613][T17053] netlink: zone id is out of range [ 878.586034][T17052] netlink: set zone limit has 8 unknown bytes [ 879.104885][T17057] QAT: Device 0 not found [ 880.592394][T17077] netlink: Unknown nat attribute (0) [ 881.202937][T17075] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2396'. [ 882.685780][T17099] netlink: zone id is out of range [ 882.816598][T17101] netlink: zone id is out of range [ 882.940251][T17099] netlink: set zone limit has 8 unknown bytes [ 884.571081][T17118] Unable to find swap-space signature [ 886.334223][T17130] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 886.390266][T17130] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 886.396387][T17130] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 886.489602][T17130] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 886.728394][T17088] Process accounting resumed [ 887.971069][ T51] Bluetooth: hci4: command 0x0406 tx timeout [ 888.449424][ T51] Bluetooth: hci3: command 0x040f tx timeout [ 888.455720][T14089] Bluetooth: hci2: command 0x0c1a tx timeout [ 888.531155][ T51] Bluetooth: hci1: command 0x040f tx timeout [ 888.735616][T17164] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 888.857198][T17164] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 889.009633][T17164] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 889.015973][T17164] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 889.560345][T17175] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2419'. [ 890.175045][T17187] netlink: zone id is out of range [ 890.273320][T17188] netlink: zone id is out of range [ 890.278544][T17188] netlink: del zone limit has 4 unknown bytes [ 890.369496][T14089] Bluetooth: hci4: command 0x0406 tx timeout [ 890.426628][T17187] netlink: set zone limit has 8 unknown bytes [ 890.929507][T14089] Bluetooth: hci2: command 0x0c1a tx timeout [ 890.939818][T17189] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 891.012788][T17189] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 891.078960][T17189] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 891.095697][T14089] Bluetooth: hci1: command 0x040f tx timeout [ 891.150355][T17189] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 891.364269][T17195] can: request_module (can-proto-0) failed. [ 892.690630][T14089] Bluetooth: hci4: command 0x0406 tx timeout [ 892.712756][T17208] input: f¬ as /devices/virtual/input/input13 [ 893.011868][T14089] Bluetooth: hci2: command 0x0c1a tx timeout [ 893.089869][T14089] Bluetooth: hci3: command 0x040f tx timeout [ 893.169788][T14089] Bluetooth: hci1: command 0x040f tx timeout [ 893.972602][T17213] ksmbd: Unknown IPC event: 6, ignore. [ 895.134501][T17230] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2433'. [ 895.237425][T17230] Unable to find swap-space signature [ 895.246652][T17234] netlink: zone id is out of range [ 895.372835][T17236] netlink: zone id is out of range [ 895.378155][T17236] netlink: del zone limit has 4 unknown bytes [ 895.605369][T17234] netlink: set zone limit has 8 unknown bytes [ 897.217915][T17265] FAULT_INJECTION: forcing a failure. [ 897.217915][T17265] name failslab, interval 1, probability 0, space 0, times 0 [ 897.311226][T17257] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 897.349103][T17265] CPU: 0 UID: 0 PID: 17265 Comm: syz.1.2438 Tainted: G L syzkaller #0 PREEMPT(full) [ 897.349141][T17265] Tainted: [L]=SOFTLOCKUP [ 897.349149][T17265] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 897.349164][T17265] Call Trace: [ 897.349172][T17265] [ 897.349181][T17265] dump_stack_lvl+0x100/0x190 [ 897.349225][T17265] should_fail_ex.cold+0x5/0xa [ 897.349255][T17265] should_failslab+0xc2/0x120 [ 897.349283][T17265] __kmalloc_cache_noprof+0x7a/0x6f0 [ 897.349322][T17265] ? snd_virmidi_output_open+0xc4/0x670 [ 897.349360][T17265] snd_virmidi_output_open+0xc4/0x670 [ 897.349397][T17265] open_substream+0x480/0x9e0 [ 897.349437][T17265] rawmidi_open_priv+0x595/0x6f0 [ 897.349480][T17265] snd_rawmidi_open+0x4c9/0xba0 [ 897.349524][T17265] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 897.349565][T17265] ? __pfx_default_wake_function+0x10/0x10 [ 897.349596][T17265] ? kobject_get_unless_zero+0x156/0x200 [ 897.349631][T17265] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 897.349670][T17265] snd_open+0x22d/0x4c0 [ 897.349702][T17265] ? __pfx_snd_open+0x10/0x10 [ 897.349732][T17265] chrdev_open+0x234/0x6a0 [ 897.349758][T17265] ? __pfx_apparmor_file_open+0x10/0x10 [ 897.349786][T17265] ? __pfx_chrdev_open+0x10/0x10 [ 897.349815][T17265] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 897.349849][T17265] do_dentry_open+0x6d8/0x1660 [ 897.349882][T17265] ? __pfx_chrdev_open+0x10/0x10 [ 897.349916][T17265] vfs_open+0x82/0x3f0 [ 897.349952][T17265] path_openat+0x208c/0x31a0 [ 897.349990][T17265] ? __pfx_path_openat+0x10/0x10 [ 897.350028][T17265] do_file_open+0x20e/0x430 [ 897.350057][T17265] ? __pfx_do_file_open+0x10/0x10 [ 897.350105][T17265] ? alloc_fd+0x476/0x790 [ 897.350134][T17265] ? do_getname+0x191/0x390 [ 897.350169][T17265] do_sys_openat2+0x10d/0x1e0 [ 897.350204][T17265] ? __pfx_do_sys_openat2+0x10/0x10 [ 897.350240][T17265] ? __fget_files+0x21f/0x3d0 [ 897.350271][T17265] __x64_sys_openat+0x12d/0x210 [ 897.350306][T17265] ? __pfx___x64_sys_openat+0x10/0x10 [ 897.350353][T17265] do_syscall_64+0x106/0xf80 [ 897.350378][T17265] ? clear_bhb_loop+0x40/0x90 [ 897.350408][T17265] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 897.350433][T17265] RIP: 0033:0x7fcd4339c819 [ 897.350453][T17265] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 897.350477][T17265] RSP: 002b:00007fcd44284028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 897.350500][T17265] RAX: ffffffffffffffda RBX: 00007fcd43616090 RCX: 00007fcd4339c819 [ 897.350517][T17265] RDX: 0000000000000001 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 897.350533][T17265] RBP: 00007fcd43432c91 R08: 0000000000000000 R09: 0000000000000000 [ 897.350549][T17265] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 897.350563][T17265] R13: 00007fcd43616128 R14: 00007fcd43616090 R15: 00007ffd1e04cc68 [ 897.350595][T17265] [ 897.671616][T17257] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 897.677876][T17257] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 897.684082][T17257] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 899.173455][ T51] Bluetooth: hci4: command 0x0406 tx timeout [ 899.350406][T14089] Bluetooth: hci2: command 0x0c1a tx timeout [ 899.363754][ T12] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 899.820834][T17263] netlink: Unknown nat attribute (0) [ 900.033054][T17286] netlink: Unknown NAT attribute (type=768, max=9) [ 900.140202][T14089] Bluetooth: hci1: command 0x040f tx timeout [ 900.146299][T14089] Bluetooth: hci3: command 0x040f tx timeout [ 900.659217][T17292] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2443'. [ 905.312525][T17340] netlink: Unknown nat attribute (0) [ 907.679164][ T30] audit: type=1800 audit(4294967333.120:194): pid=17371 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2455" name="dbroot" dev="configfs" ino=152285 res=0 errno=0 [ 909.431572][T17394] futex_wake_op: syz.4.2462 tries to shift op by -2048; fix this program [ 909.484013][T17394] futex_wake_op: syz.4.2462 tries to shift op by -2048; fix this program [ 909.564930][T17395] 0x000000000001-0x000000020000 : "" [ 909.759601][T17395] ftl_cs: FTL header corrupt! [ 910.565225][ T9210] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm kworker/u8:45: bg 2: bad block bitmap checksum [ 910.663795][ T9210] EXT4-fs (sda1): Delayed block allocation failed for inode 2034 at logical offset 1372 with max blocks 6 with error 74 [ 910.776777][ T9210] EXT4-fs (sda1): This should not happen!! Data will be lost [ 910.776777][ T9210] [ 911.813225][T14089] Bluetooth: hci2: Unexpected cc 0x7c89 with no status [ 913.893203][T17440] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2471'. [ 914.318276][ T30] audit: type=1800 audit(4294967339.760:195): pid=17444 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2469" name="dbroot" dev="configfs" ino=155460 res=0 errno=0 [ 916.956770][T17461] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 917.006504][T17461] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 917.066574][T17461] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 917.130313][T17461] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 917.344177][T17461] Process accounting paused [ 918.329061][T17486] netlink: zone id is out of range [ 918.458722][T17487] netlink: zone id is out of range [ 918.529746][T14089] Bluetooth: hci4: command 0x0406 tx timeout [ 918.567206][T17487] netlink: zone id is out of range [ 918.623596][T17486] netlink: set zone limit has 8 unknown bytes [ 918.698553][T17487] netlink: zone id is out of range [ 918.877778][T17487] netlink: zone id is out of range [ 918.965852][T17487] netlink: zone id is out of range [ 919.075207][T17487] netlink: zone id is out of range [ 919.089562][T14089] Bluetooth: hci3: command 0x040f tx timeout [ 919.095850][T14089] Bluetooth: hci2: command 0x0c1a tx timeout [ 919.176118][T14089] Bluetooth: hci1: command 0x040f tx timeout [ 919.230339][T17487] netlink: zone id is out of range [ 919.235508][T17487] netlink: zone id is out of range [ 919.632060][ T30] audit: type=1800 audit(4294967345.080:196): pid=17500 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2483" name="dbroot" dev="configfs" ino=157898 res=0 errno=0 [ 921.911929][T17523] Unable to find swap-space signature [ 922.351499][T17528] FAULT_INJECTION: forcing a failure. [ 922.351499][T17528] name failslab, interval 1, probability 0, space 0, times 0 [ 922.459497][T17528] CPU: 0 UID: 0 PID: 17528 Comm: syz.0.2491 Tainted: G L syzkaller #0 PREEMPT(full) [ 922.459541][T17528] Tainted: [L]=SOFTLOCKUP [ 922.459550][T17528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 922.459564][T17528] Call Trace: [ 922.459572][T17528] [ 922.459582][T17528] dump_stack_lvl+0x100/0x190 [ 922.459625][T17528] should_fail_ex.cold+0x5/0xa [ 922.459654][T17528] should_failslab+0xc2/0x120 [ 922.459681][T17528] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 922.459721][T17528] ? __d_alloc+0x34/0xa80 [ 922.459757][T17528] __d_alloc+0x34/0xa80 [ 922.459789][T17528] d_alloc_pseudo+0x1c/0xc0 [ 922.459826][T17528] alloc_file_pseudo+0xcf/0x230 [ 922.459861][T17528] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 922.459904][T17528] __shmem_file_setup+0x221/0x490 [ 922.459940][T17528] ? __pfx___shmem_file_setup+0x10/0x10 [ 922.459981][T17528] ? vm_area_alloc+0x1f/0x160 [ 922.460019][T17528] shmem_zero_setup+0x96/0x1b0 [ 922.460044][T17528] __mmap_region+0x21f6/0x2a50 [ 922.460095][T17528] ? __pfx___mmap_region+0x10/0x10 [ 922.460136][T17528] ? __lock_acquire+0x4a5/0x2630 [ 922.460171][T17528] ? set_next_entity+0x11e/0x9c0 [ 922.460214][T17528] ? __lock_acquire+0x4a5/0x2630 [ 922.460245][T17528] ? find_held_lock+0x2b/0x80 [ 922.460281][T17528] ? find_held_lock+0x2b/0x80 [ 922.460304][T17528] ? finish_task_switch.isra.0+0x200/0xb80 [ 922.460332][T17528] ? finish_task_switch.isra.0+0x200/0xb80 [ 922.460371][T17528] ? trace_sched_exit_tp+0x13a/0x180 [ 922.460403][T17528] ? __schedule+0x1000/0x6120 [ 922.460463][T17528] ? rcu_is_watching+0x12/0xc0 [ 922.460502][T17528] ? cap_capable+0x107/0x460 [ 922.460533][T17528] mmap_region+0x180/0x3e0 [ 922.460577][T17528] do_mmap+0xc63/0x12f0 [ 922.460611][T17528] ? __pfx_do_mmap+0x10/0x10 [ 922.460640][T17528] ? __pfx_down_write_killable+0x10/0x10 [ 922.460678][T17528] vm_mmap_pgoff+0x29e/0x470 [ 922.460713][T17528] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 922.460745][T17528] ? do_futex+0x192/0x350 [ 922.460779][T17528] ? __pfx_do_futex+0x10/0x10 [ 922.460817][T17528] ksys_mmap_pgoff+0xe1/0x650 [ 922.460845][T17528] ? __x64_sys_futex+0x34f/0x4d0 [ 922.460878][T17528] ? __x64_sys_futex+0x358/0x4d0 [ 922.460911][T17528] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 922.460939][T17528] ? xfd_validate_state+0x129/0x190 [ 922.460981][T17528] __x64_sys_mmap+0x125/0x190 [ 922.461023][T17528] do_syscall_64+0x106/0xf80 [ 922.461049][T17528] ? clear_bhb_loop+0x40/0x90 [ 922.461094][T17528] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 922.461120][T17528] RIP: 0033:0x7fb2de99c819 [ 922.461140][T17528] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 922.461164][T17528] RSP: 002b:00007fb2df929028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 922.461187][T17528] RAX: ffffffffffffffda RBX: 00007fb2dec15fa0 RCX: 00007fb2de99c819 [ 922.461204][T17528] RDX: 00004000000000df RSI: 0000000000020009 RDI: 0000000000000000 [ 922.461219][T17528] RBP: 00007fb2dea32c91 R08: 0000000000000006 R09: 0000000000008000 [ 922.461233][T17528] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 922.461248][T17528] R13: 00007fb2dec16038 R14: 00007fb2dec15fa0 R15: 00007fffbe815388 [ 922.461279][T17528] [ 924.001960][T17542] net_ratelimit: 2 callbacks suppressed [ 924.001980][T17542] netlink: ct family unspecified [ 925.105418][ T30] audit: type=1800 audit(4294967350.550:197): pid=17548 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2496" name="dbroot" dev="configfs" ino=159740 res=0 errno=0 [ 926.889883][T17556] futex_wake_op: syz.2.2499 tries to shift op by -2048; fix this program [ 931.009286][T17596] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 931.038089][T17596] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 931.075525][T17596] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 931.121621][T17596] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 931.734251][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.750151][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 932.769712][T17597] Bluetooth: hci4: command 0x0406 tx timeout [ 933.089609][T17597] Bluetooth: hci3: command 0x040f tx timeout [ 933.095805][T17597] Bluetooth: hci2: command 0x0c1a tx timeout [ 933.169390][T17620] Bluetooth: hci1: command 0x040f tx timeout [ 934.068104][T17625] FAULT_INJECTION: forcing a failure. [ 934.068104][T17625] name failslab, interval 1, probability 0, space 0, times 0 [ 934.151151][T17625] CPU: 0 UID: 0 PID: 17625 Comm: syz.0.2511 Tainted: G L syzkaller #0 PREEMPT(full) [ 934.151191][T17625] Tainted: [L]=SOFTLOCKUP [ 934.151200][T17625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 934.151213][T17625] Call Trace: [ 934.151221][T17625] [ 934.151231][T17625] dump_stack_lvl+0x100/0x190 [ 934.151274][T17625] should_fail_ex.cold+0x5/0xa [ 934.151302][T17625] should_failslab+0xc2/0x120 [ 934.151331][T17625] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 934.151369][T17625] ? alloc_empty_file+0x55/0x1c0 [ 934.151408][T17625] alloc_empty_file+0x55/0x1c0 [ 934.151441][T17625] alloc_file_pseudo+0x13a/0x230 [ 934.151476][T17625] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 934.151517][T17625] __shmem_file_setup+0x221/0x490 [ 934.151554][T17625] ? __pfx___shmem_file_setup+0x10/0x10 [ 934.151595][T17625] ? vm_area_alloc+0x1f/0x160 [ 934.151633][T17625] shmem_zero_setup+0x96/0x1b0 [ 934.151659][T17625] __mmap_region+0x21f6/0x2a50 [ 934.151701][T17625] ? __pfx___mmap_region+0x10/0x10 [ 934.151745][T17625] ? set_next_entity+0x11e/0x9c0 [ 934.151797][T17625] ? __lock_acquire+0x4a5/0x2630 [ 934.151831][T17625] ? find_held_lock+0x2b/0x80 [ 934.151867][T17625] ? find_held_lock+0x2b/0x80 [ 934.151891][T17625] ? finish_task_switch.isra.0+0x200/0xb80 [ 934.151919][T17625] ? finish_task_switch.isra.0+0x200/0xb80 [ 934.151959][T17625] ? trace_sched_exit_tp+0x13a/0x180 [ 934.151991][T17625] ? __schedule+0x1000/0x6120 [ 934.152051][T17625] ? rcu_is_watching+0x12/0xc0 [ 934.152090][T17625] ? cap_capable+0x107/0x460 [ 934.152120][T17625] mmap_region+0x180/0x3e0 [ 934.152164][T17625] do_mmap+0xc63/0x12f0 [ 934.152199][T17625] ? __pfx_do_mmap+0x10/0x10 [ 934.152228][T17625] ? __pfx_down_write_killable+0x10/0x10 [ 934.152265][T17625] vm_mmap_pgoff+0x29e/0x470 [ 934.152300][T17625] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 934.152331][T17625] ? do_futex+0x192/0x350 [ 934.152365][T17625] ? __pfx_do_futex+0x10/0x10 [ 934.152403][T17625] ksys_mmap_pgoff+0xe1/0x650 [ 934.152431][T17625] ? __x64_sys_futex+0x34f/0x4d0 [ 934.152463][T17625] ? __x64_sys_futex+0x358/0x4d0 [ 934.152497][T17625] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 934.152525][T17625] ? xfd_validate_state+0x129/0x190 [ 934.152567][T17625] __x64_sys_mmap+0x125/0x190 [ 934.152607][T17625] do_syscall_64+0x106/0xf80 [ 934.152633][T17625] ? clear_bhb_loop+0x40/0x90 [ 934.152663][T17625] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 934.152688][T17625] RIP: 0033:0x7fb2de99c819 [ 934.152715][T17625] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 934.152739][T17625] RSP: 002b:00007fb2df908028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 934.152762][T17625] RAX: ffffffffffffffda RBX: 00007fb2dec16090 RCX: 00007fb2de99c819 [ 934.152778][T17625] RDX: 00000000000000df RSI: 0000000000020006 RDI: 0000000000000000 [ 934.152800][T17625] RBP: 00007fb2dea32c91 R08: 0000000000000401 R09: 0000000000008000 [ 934.152815][T17625] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 934.152830][T17625] R13: 00007fb2dec16128 R14: 00007fb2dec16090 R15: 00007fffbe815388 [ 934.152861][T17625] [ 934.803842][T17629] netlink: Unknown nat attribute (0) [ 935.993048][T17641] sock: sock_timestamping_bind_phc: sock not bind to device [ 938.592699][T17646] EXT4-fs (sda1): Delayed block allocation failed for inode 2034 at logical offset 922 with max blocks 5 with error 117 [ 938.659727][T17673] netlink: Unknown nat attribute (0) [ 938.707913][T17646] EXT4-fs (sda1): This should not happen!! Data will be lost [ 938.707913][T17646] [ 939.580404][T17678] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(3) [ 943.320144][T17712] FAULT_INJECTION: forcing a failure. [ 943.320144][T17712] name failslab, interval 1, probability 0, space 0, times 0 [ 943.517698][T17712] CPU: 0 UID: 0 PID: 17712 Comm: syz.1.2528 Tainted: G L syzkaller #0 PREEMPT(full) [ 943.517742][T17712] Tainted: [L]=SOFTLOCKUP [ 943.517751][T17712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 943.517765][T17712] Call Trace: [ 943.517772][T17712] [ 943.517781][T17712] dump_stack_lvl+0x100/0x190 [ 943.517823][T17712] should_fail_ex.cold+0x5/0xa [ 943.517851][T17712] should_failslab+0xc2/0x120 [ 943.517877][T17712] __kmalloc_cache_noprof+0x7a/0x6f0 [ 943.517916][T17712] ? alloc_pipe_info+0x10e/0x590 [ 943.517942][T17712] ? find_held_lock+0x2b/0x80 [ 943.517970][T17712] alloc_pipe_info+0x10e/0x590 [ 943.517999][T17712] splice_direct_to_actor+0x78f/0xa30 [ 943.518041][T17712] ? __lock_acquire+0x4a5/0x2630 [ 943.518070][T17712] ? __pfx_direct_splice_actor+0x10/0x10 [ 943.518097][T17712] ? __pfx_aa_file_perm+0x10/0x10 [ 943.518137][T17712] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 943.518171][T17712] do_splice_direct+0x174/0x240 [ 943.518197][T17712] ? __pfx_do_splice_direct+0x10/0x10 [ 943.518223][T17712] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 943.518251][T17712] ? rw_verify_area+0xce/0x6d0 [ 943.518288][T17712] do_sendfile+0xadc/0xe20 [ 943.518315][T17712] ? __pfx_do_sendfile+0x10/0x10 [ 943.518353][T17712] ? __fget_files+0x21f/0x3d0 [ 943.518384][T17712] __x64_sys_sendfile64+0x1d8/0x220 [ 943.518411][T17712] ? ksys_write+0x1ac/0x250 [ 943.518434][T17712] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 943.518471][T17712] do_syscall_64+0x106/0xf80 [ 943.518495][T17712] ? clear_bhb_loop+0x40/0x90 [ 943.518524][T17712] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 943.518547][T17712] RIP: 0033:0x7fcd4339c819 [ 943.518566][T17712] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 943.518589][T17712] RSP: 002b:00007fcd442a5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 943.518619][T17712] RAX: ffffffffffffffda RBX: 00007fcd43615fa0 RCX: 00007fcd4339c819 [ 943.518634][T17712] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 943.518648][T17712] RBP: 00007fcd442a5090 R08: 0000000000000000 R09: 0000000000000000 [ 943.518662][T17712] R10: 0000400000000006 R11: 0000000000000246 R12: 0000000000000001 [ 943.518676][T17712] R13: 00007fcd43616038 R14: 00007fcd43615fa0 R15: 00007ffd1e04cc68 [ 943.518706][T17712] [ 944.205589][T17717] netlink: Unknown nat attribute (0) [ 944.365667][T17718] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2530'. [ 945.627500][T17730] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 945.635252][T17730] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 945.689836][T17730] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 945.695975][T17730] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 946.224485][T17739] nvme_fcloop: unknown parameter or missing value '7' [ 947.175711][T17563] Bluetooth: hci4: command 0x0406 tx timeout [ 947.512887][T17748] FAULT_INJECTION: forcing a failure. [ 947.512887][T17748] name failslab, interval 1, probability 0, space 0, times 0 [ 947.629797][T17748] CPU: 0 UID: 0 PID: 17748 Comm: syz.1.2539 Tainted: G L syzkaller #0 PREEMPT(full) [ 947.629834][T17748] Tainted: [L]=SOFTLOCKUP [ 947.629843][T17748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 947.629857][T17748] Call Trace: [ 947.629865][T17748] [ 947.629874][T17748] dump_stack_lvl+0x100/0x190 [ 947.629916][T17748] should_fail_ex.cold+0x5/0xa [ 947.629944][T17748] ? alloc_pipe_info+0x1ec/0x590 [ 947.629969][T17748] should_failslab+0xc2/0x120 [ 947.629996][T17748] __kmalloc_noprof+0xe0/0x850 [ 947.630040][T17748] alloc_pipe_info+0x1ec/0x590 [ 947.630069][T17748] splice_direct_to_actor+0x78f/0xa30 [ 947.630097][T17748] ? __lock_acquire+0x4a5/0x2630 [ 947.630127][T17748] ? __pfx_direct_splice_actor+0x10/0x10 [ 947.630154][T17748] ? __pfx_aa_file_perm+0x10/0x10 [ 947.630192][T17748] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 947.630226][T17748] do_splice_direct+0x174/0x240 [ 947.630252][T17748] ? __pfx_do_splice_direct+0x10/0x10 [ 947.630279][T17748] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 947.630308][T17748] ? rw_verify_area+0xce/0x6d0 [ 947.630347][T17748] do_sendfile+0xadc/0xe20 [ 947.630375][T17748] ? __pfx_do_sendfile+0x10/0x10 [ 947.630413][T17748] ? __fget_files+0x21f/0x3d0 [ 947.630444][T17748] __x64_sys_sendfile64+0x1d8/0x220 [ 947.630472][T17748] ? ksys_write+0x1ac/0x250 [ 947.630494][T17748] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 947.630532][T17748] do_syscall_64+0x106/0xf80 [ 947.630558][T17748] ? clear_bhb_loop+0x40/0x90 [ 947.630587][T17748] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 947.630611][T17748] RIP: 0033:0x7fcd4339c819 [ 947.630630][T17748] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 947.630653][T17748] RSP: 002b:00007fcd442a5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 947.630675][T17748] RAX: ffffffffffffffda RBX: 00007fcd43615fa0 RCX: 00007fcd4339c819 [ 947.630690][T17748] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 947.630704][T17748] RBP: 00007fcd442a5090 R08: 0000000000000000 R09: 0000000000000000 [ 947.630718][T17748] R10: 0000400000000006 R11: 0000000000000246 R12: 0000000000000001 [ 947.630733][T17748] R13: 00007fcd43616038 R14: 00007fcd43615fa0 R15: 00007ffd1e04cc68 [ 947.630769][T17748] [ 948.274589][T17563] Bluetooth: hci2: command 0x0c1a tx timeout [ 948.280801][T17563] Bluetooth: hci1: command 0x040f tx timeout [ 948.286812][T17563] Bluetooth: hci3: command 0x040f tx timeout [ 949.287784][T17742] Process accounting resumed [ 952.038135][T17781] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 952.038135][T17781] The task syz.0.2546 (17781) triggered the difference, watch for misbehavior. [ 952.487838][T17785] FAULT_INJECTION: forcing a failure. [ 952.487838][T17785] name failslab, interval 1, probability 0, space 0, times 0 [ 952.793410][T17785] CPU: 0 UID: 0 PID: 17785 Comm: syz.4.2549 Tainted: G L syzkaller #0 PREEMPT(full) [ 952.793448][T17785] Tainted: [L]=SOFTLOCKUP [ 952.793456][T17785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 952.793470][T17785] Call Trace: [ 952.793478][T17785] [ 952.793486][T17785] dump_stack_lvl+0x100/0x190 [ 952.793527][T17785] should_fail_ex.cold+0x5/0xa [ 952.793560][T17785] ? copy_splice_read+0x1a3/0xb90 [ 952.793583][T17785] should_failslab+0xc2/0x120 [ 952.793610][T17785] __kmalloc_noprof+0xe0/0x850 [ 952.793654][T17785] copy_splice_read+0x1a3/0xb90 [ 952.793685][T17785] ? __pfx_copy_splice_read+0x10/0x10 [ 952.793711][T17785] ? look_up_lock_class+0x64/0x120 [ 952.793743][T17785] ? lockdep_init_map_type+0x5c/0x250 [ 952.793778][T17785] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 952.793803][T17785] ? __pfx_copy_splice_read+0x10/0x10 [ 952.793827][T17785] do_splice_read+0x285/0x370 [ 952.793855][T17785] splice_direct_to_actor+0x2a1/0xa30 [ 952.793883][T17785] ? __pfx_direct_splice_actor+0x10/0x10 [ 952.793913][T17785] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 952.793946][T17785] do_splice_direct+0x174/0x240 [ 952.793973][T17785] ? __pfx_do_splice_direct+0x10/0x10 [ 952.793998][T17785] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 952.794028][T17785] ? rw_verify_area+0xce/0x6d0 [ 952.794066][T17785] do_sendfile+0xadc/0xe20 [ 952.794094][T17785] ? __pfx_do_sendfile+0x10/0x10 [ 952.794133][T17785] ? __fget_files+0x21f/0x3d0 [ 952.794165][T17785] __x64_sys_sendfile64+0x1d8/0x220 [ 952.794193][T17785] ? ksys_write+0x1ac/0x250 [ 952.794216][T17785] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 952.794254][T17785] do_syscall_64+0x106/0xf80 [ 952.794278][T17785] ? clear_bhb_loop+0x40/0x90 [ 952.794308][T17785] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 952.794333][T17785] RIP: 0033:0x7f40a819c819 [ 952.794352][T17785] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 952.794375][T17785] RSP: 002b:00007f40a8fb8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 952.794404][T17785] RAX: ffffffffffffffda RBX: 00007f40a8415fa0 RCX: 00007f40a819c819 [ 952.794419][T17785] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 952.794432][T17785] RBP: 00007f40a8fb8090 R08: 0000000000000000 R09: 0000000000000000 [ 952.794446][T17785] R10: 0000400000000006 R11: 0000000000000246 R12: 0000000000000001 [ 952.794460][T17785] R13: 00007f40a8416038 R14: 00007f40a8415fa0 R15: 00007fff2a051048 [ 952.794490][T17785] [ 956.079882][T17799] [U] ^\ [ 956.975882][T17812] netlink: Unknown nat attribute (0) [ 959.760324][T17853] netlink: Unknown nat attribute (0) [ 960.109835][T17857] netlink: zone id is out of range [ 960.303282][T17860] netlink: zone id is out of range [ 960.469433][T17860] netlink: zone id is out of range [ 960.589078][T17857] netlink: set zone limit has 8 unknown bytes [ 960.689630][T17867] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2569'. [ 960.739658][T17860] netlink: zone id is out of range [ 960.744959][T17860] netlink: del zone limit has 4 unknown bytes [ 960.893708][T17869] FAULT_INJECTION: forcing a failure. [ 960.893708][T17869] name failslab, interval 1, probability 0, space 0, times 0 [ 961.100150][T17869] CPU: 0 UID: 0 PID: 17869 Comm: syz.1.2569 Tainted: G L syzkaller #0 PREEMPT(full) [ 961.100190][T17869] Tainted: [L]=SOFTLOCKUP [ 961.100198][T17869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 961.100213][T17869] Call Trace: [ 961.100221][T17869] [ 961.100229][T17869] dump_stack_lvl+0x100/0x190 [ 961.100273][T17869] should_fail_ex.cold+0x5/0xa [ 961.100302][T17869] should_failslab+0xc2/0x120 [ 961.100329][T17869] __kmalloc_cache_noprof+0x7a/0x6f0 [ 961.100364][T17869] ? snd_seq_prioq_new+0x3f/0x110 [ 961.100387][T17869] ? lockdep_init_map_type+0x5c/0x250 [ 961.100433][T17869] snd_seq_prioq_new+0x3f/0x110 [ 961.100456][T17869] snd_seq_queue_alloc+0x153/0x590 [ 961.100498][T17869] snd_seq_ioctl_create_queue+0xa9/0x370 [ 961.100528][T17869] call_seq_client_ctl+0xa3/0x130 [ 961.100566][T17869] snd_seq_kernel_client_ctl+0x77/0xd0 [ 961.100598][T17869] alloc_seq_queue+0xdb/0x180 [ 961.100629][T17869] ? __pfx_alloc_seq_queue+0x10/0x10 [ 961.100676][T17869] ? mark_held_locks+0x40/0x70 [ 961.100708][T17869] ? _raw_spin_unlock_irq+0x23/0x50 [ 961.100748][T17869] ? lockdep_hardirqs_on+0x78/0x100 [ 961.100778][T17869] snd_seq_oss_open+0x2b2/0xa10 [ 961.100815][T17869] odev_open+0x79/0xc0 [ 961.100841][T17869] ? __pfx_odev_open+0x10/0x10 [ 961.100869][T17869] soundcore_open+0x2e3/0x5a0 [ 961.100901][T17869] ? __pfx_soundcore_open+0x10/0x10 [ 961.100931][T17869] chrdev_open+0x234/0x6a0 [ 961.100957][T17869] ? __pfx_apparmor_file_open+0x10/0x10 [ 961.100985][T17869] ? __pfx_chrdev_open+0x10/0x10 [ 961.101014][T17869] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 961.101049][T17869] do_dentry_open+0x6d8/0x1660 [ 961.101075][T17869] ? __pfx_chrdev_open+0x10/0x10 [ 961.101109][T17869] vfs_open+0x82/0x3f0 [ 961.101146][T17869] path_openat+0x208c/0x31a0 [ 961.101183][T17869] ? __pfx_path_openat+0x10/0x10 [ 961.101222][T17869] do_file_open+0x20e/0x430 [ 961.101251][T17869] ? __pfx_do_file_open+0x10/0x10 [ 961.101299][T17869] ? alloc_fd+0x476/0x790 [ 961.101328][T17869] ? do_getname+0x191/0x390 [ 961.101363][T17869] do_sys_openat2+0x10d/0x1e0 [ 961.101398][T17869] ? __pfx_do_sys_openat2+0x10/0x10 [ 961.101443][T17869] __x64_sys_openat+0x12d/0x210 [ 961.101478][T17869] ? __pfx___x64_sys_openat+0x10/0x10 [ 961.101524][T17869] do_syscall_64+0x106/0xf80 [ 961.101555][T17869] ? clear_bhb_loop+0x40/0x90 [ 961.101585][T17869] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 961.101610][T17869] RIP: 0033:0x7fcd4339c819 [ 961.101629][T17869] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 961.101653][T17869] RSP: 002b:00007fcd44284028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 961.101677][T17869] RAX: ffffffffffffffda RBX: 00007fcd43616090 RCX: 00007fcd4339c819 [ 961.101693][T17869] RDX: 0000000000000001 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 961.101709][T17869] RBP: 00007fcd43432c91 R08: 0000000000000000 R09: 0000000000000000 [ 961.101724][T17869] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 961.101739][T17869] R13: 00007fcd43616128 R14: 00007fcd43616090 R15: 00007ffd1e04cc68 [ 961.101769][T17869] [ 962.181684][T17879] block2mtd: too many arguments [ 962.290346][T17879] can: request_module (can-proto-0) failed. [ 965.092016][T17898] netlink: 330 bytes leftover after parsing attributes in process `syz.4.2573'. [ 967.299074][T17901] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(12) [ 975.939368][ T30] audit: type=1107 audit(4294967401.380:198): pid=17965 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='f/f' [ 977.228200][T17976] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2587'. [ 977.461902][T17992] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2589'. [ 979.819753][T17992] EXT4-fs error (device sda1): ext4_lookup:1785: inode #449: comm syz.4.2589: iget: checksum invalid [ 980.486231][T17992] faux_driver regulatory: loading /lib/firmware/regulatory.db.p7s failed with error -74 [ 980.868756][T17992] faux_driver regulatory: Direct firmware load for regulatory.db.p7s failed with error -74 [ 981.513329][T17992] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db.p7s [ 983.417685][T17620] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 985.885929][T18006] Process accounting paused [ 990.700383][T18063] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 990.980367][T18063] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 991.120243][T18063] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 991.379425][T18063] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 992.304899][T17620] Bluetooth: hci4: command 0x0406 tx timeout [ 992.769381][T17620] Bluetooth: hci2: command 0x0c1a tx timeout [ 993.009409][T17620] Bluetooth: hci3: command 0x040f tx timeout [ 993.178564][T17620] Bluetooth: hci1: command 0x040f tx timeout [ 993.187505][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.207565][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 993.226460][T18096] netlink: zone id is out of range [ 993.338133][T18096] netlink: set zone limit has 8 unknown bytes [ 993.399556][T18097] netlink: zone id is out of range [ 993.404771][T18097] netlink: zone id is out of range [ 993.499619][T18097] netlink: zone id is out of range [ 993.549693][T18097] netlink: del zone limit has 4 unknown bytes [ 995.921678][T18132] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 996.309771][T18127] zswap: compressor û not available [ 996.900463][ T30] audit: type=1800 audit(4294967422.340:199): pid=18141 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2611" name="dbroot" dev="configfs" ino=189707 res=0 errno=0 [ 1001.462051][T18179] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1001.529901][T18179] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1001.560041][T18179] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1001.629425][T18179] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1002.272692][ T30] audit: type=1800 audit(4294967427.710:200): pid=18207 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2626" name="dbroot" dev="configfs" ino=192537 res=0 errno=0 [ 1003.410218][T17620] Bluetooth: hci4: command 0x0406 tx timeout [ 1003.489407][T17620] Bluetooth: hci2: command 0x0c1a tx timeout [ 1003.572180][T17620] Bluetooth: hci1: command 0x040f tx timeout [ 1003.581341][T17563] Bluetooth: hci3: command 0x040f tx timeout [ 1006.757253][T18262] futex_wake_op: syz.0.2642 tries to shift op by -2048; fix this program [ 1006.776135][ T30] audit: type=1800 audit(4294967432.220:201): pid=18267 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2641" name="dbroot" dev="configfs" ino=194397 res=0 errno=0 [ 1006.831957][T18262] futex_wake_op: syz.0.2642 tries to shift op by -2048; fix this program [ 1006.940202][T18275] 0x000000000001-0x000000020000 : "" [ 1007.172991][T18275] ftl_cs: FTL header corrupt! [ 1008.741853][T18295] FAULT_INJECTION: forcing a failure. [ 1008.741853][T18295] name failslab, interval 1, probability 0, space 0, times 0 [ 1008.890241][T18295] CPU: 0 UID: 0 PID: 18295 Comm: syz.1.2649 Tainted: G L syzkaller #0 PREEMPT(full) [ 1008.890281][T18295] Tainted: [L]=SOFTLOCKUP [ 1008.890289][T18295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1008.890305][T18295] Call Trace: [ 1008.890313][T18295] [ 1008.890322][T18295] dump_stack_lvl+0x100/0x190 [ 1008.890366][T18295] should_fail_ex.cold+0x5/0xa [ 1008.890396][T18295] should_failslab+0xc2/0x120 [ 1008.890424][T18295] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 1008.890451][T18295] ? parse_pred+0x2d4/0x3070 [ 1008.890494][T18295] kmemdup_nul+0x49/0xd0 [ 1008.890549][T18295] parse_pred+0x2d4/0x3070 [ 1008.890595][T18295] ? __pfx_parse_pred+0x10/0x10 [ 1008.890643][T18295] ? rcu_is_watching+0x12/0xc0 [ 1008.890684][T18295] ? trace_kmalloc+0x101/0x130 [ 1008.890714][T18295] ? __kmalloc_noprof+0x320/0x850 [ 1008.890765][T18295] process_preds+0x6a6/0x1d90 [ 1008.890812][T18295] ? create_filter_start.constprop.0+0x134/0x310 [ 1008.890856][T18295] create_filter+0x140/0x210 [ 1008.890897][T18295] ? __pfx_create_filter+0x10/0x10 [ 1008.890939][T18295] ? find_held_lock+0x2b/0x80 [ 1008.890967][T18295] apply_event_filter+0x220/0x500 [ 1008.891009][T18295] ? __pfx_apply_event_filter+0x10/0x10 [ 1008.891058][T18295] event_filter_write+0x16d/0x290 [ 1008.891090][T18295] vfs_write+0x2aa/0x1070 [ 1008.891115][T18295] ? __pfx_event_filter_write+0x10/0x10 [ 1008.891148][T18295] ? __pfx_vfs_write+0x10/0x10 [ 1008.891172][T18295] ? __fget_files+0x215/0x3d0 [ 1008.891202][T18295] ? __fget_files+0x21f/0x3d0 [ 1008.891235][T18295] ksys_write+0x12a/0x250 [ 1008.891258][T18295] ? __pfx_ksys_write+0x10/0x10 [ 1008.891292][T18295] do_syscall_64+0x106/0xf80 [ 1008.891318][T18295] ? clear_bhb_loop+0x40/0x90 [ 1008.891384][T18295] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1008.891409][T18295] RIP: 0033:0x7fcd4339c819 [ 1008.891429][T18295] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1008.891453][T18295] RSP: 002b:00007fcd442a5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1008.891476][T18295] RAX: ffffffffffffffda RBX: 00007fcd43615fa0 RCX: 00007fcd4339c819 [ 1008.891492][T18295] RDX: 00000000000005c8 RSI: 0000000000000000 RDI: 0000000000000003 [ 1008.891506][T18295] RBP: 00007fcd43432c91 R08: 0000000000000000 R09: 0000000000000000 [ 1008.891520][T18295] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1008.891541][T18295] R13: 00007fcd43616038 R14: 00007fcd43615fa0 R15: 00007ffd1e04cc68 [ 1008.891573][T18295] [ 1011.276441][T18326] sctp: [Deprecated]: syz.2.2657 (pid 18326) Use of int in max_burst socket option. [ 1011.276441][T18326] Use struct sctp_assoc_value instead [ 1015.052958][T18378] vivid-007: ================= START STATUS ================= [ 1015.158708][T18378] vivid-007: Generate PTS: true [ 1015.274739][T18378] vivid-007: Generate SCR: true [ 1015.322608][T18378] tpg source WxH: 320x240 (Y'CbCr) [ 1015.366568][T18378] tpg field: 1 [ 1015.409573][T18378] tpg crop: (0,0)/320x240 [ 1015.440855][T18378] tpg compose: (0,0)/320x240 [ 1015.510178][T18378] tpg colorspace: 8 [ 1015.533455][T18378] tpg transfer function: 0/0 [ 1015.597866][T18378] tpg Y'CbCr encoding: 0/0 [ 1015.629576][T18378] tpg quantization: 0/0 [ 1015.689570][T18378] tpg RGB range: 0/2 [ 1015.731128][T18378] vivid-007: ================== END STATUS ================== [ 1018.277593][T18401] Process accounting resumed [ 1019.974630][T18450] NFSD: Failed to start, no listeners configured. [ 1020.798868][T18458] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 1021.299691][T18468] kvm: kvm [18467]: vcpu2, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010015) = 0x718c1217 [ 1021.983338][ T30] audit: type=1800 audit(4294967447.410:202): pid=18479 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2688" name="dbroot" dev="configfs" ino=200540 res=0 errno=0 [ 1022.480357][T17620] Bluetooth: hci3: unexpected event 0x14 length: 16 > 6 [ 1022.806986][T18486] ovs_: entered promiscuous mode [ 1025.659713][T18515] zswap: compressor not available [ 1026.920874][T18537] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1026.992905][T18537] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1027.070310][T18537] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1027.077968][T18537] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1028.449372][T17563] Bluetooth: hci4: command 0x0406 tx timeout [ 1028.623749][T18567] netlink: 25 bytes leftover after parsing attributes in process `syz.4.2704'. [ 1028.929421][T17563] Bluetooth: hci2: command 0x0c1a tx timeout [ 1029.090340][T17620] Bluetooth: hci3: command 0x040f tx timeout [ 1029.096536][T17563] Bluetooth: hci1: command 0x040f tx timeout [ 1030.003815][ T30] audit: type=1800 audit(4294967455.450:203): pid=18577 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2705" name="dbroot" dev="configfs" ino=204111 res=0 errno=0 [ 1030.980530][T18581] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2707'. [ 1031.570993][T17563] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 1032.211775][T18597] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2713'. [ 1032.313990][T18591] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1032.375497][T18591] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1032.429618][T18591] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1032.449167][T18591] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1033.635258][T18621] misc userio: Invalid payload size [ 1033.889539][T17620] Bluetooth: hci4: command 0x0406 tx timeout [ 1034.449432][T17620] Bluetooth: hci1: command 0x040f tx timeout [ 1034.449486][T17620] Bluetooth: hci3: command 0x040f tx timeout [ 1034.449515][T17620] Bluetooth: hci2: command 0x0c1a tx timeout [ 1036.549755][T18662] Ignoring unsupported numa_zonelist_order value: 1 [ 1036.549755][T18662] [ 1039.377621][T18698] netlink: zone id is out of range [ 1039.441112][T18697] misc userio: Invalid payload size [ 1039.722335][T18701] netlink: zone id is out of range [ 1039.722355][T18701] netlink: zone id is out of range [ 1039.722364][T18701] netlink: zone id is out of range [ 1039.722373][T18701] netlink: zone id is out of range [ 1039.722381][T18701] netlink: zone id is out of range [ 1039.722390][T18701] netlink: zone id is out of range [ 1039.722399][T18701] netlink: zone id is out of range [ 1039.722408][T18701] netlink: zone id is out of range [ 1039.722417][T18701] netlink: zone id is out of range [ 1041.988582][ T30] audit: type=1800 audit(4294967467.400:204): pid=18730 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2741" name="dbroot" dev="configfs" ino=209403 res=0 errno=0 [ 1044.899434][T17563] Bluetooth: hci4: unexpected event 0x04 length: 64 > 10 [ 1044.899513][T17563] Bluetooth: hci4: connection err: -111 [ 1045.315755][T18764] FAULT_INJECTION: forcing a failure. [ 1045.315755][T18764] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1045.524011][T18764] CPU: 0 UID: 0 PID: 18764 Comm: syz.0.2753 Tainted: G L syzkaller #0 PREEMPT(full) [ 1045.524049][T18764] Tainted: [L]=SOFTLOCKUP [ 1045.524057][T18764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1045.524072][T18764] Call Trace: [ 1045.524079][T18764] [ 1045.524088][T18764] dump_stack_lvl+0x100/0x190 [ 1045.524128][T18764] should_fail_ex.cold+0x5/0xa [ 1045.524156][T18764] get_futex_key+0x1d2/0x1620 [ 1045.524190][T18764] ? __pfx_get_futex_key+0x10/0x10 [ 1045.524222][T18764] ? trace_pid_list_is_set+0x22c/0x390 [ 1045.524266][T18764] futex_wait_setup+0x83/0x510 [ 1045.524311][T18764] __futex_wait+0x19f/0x300 [ 1045.524350][T18764] ? __pfx___futex_wait+0x10/0x10 [ 1045.524393][T18764] ? __pfx_futex_wake_mark+0x10/0x10 [ 1045.524439][T18764] ? __hrtimer_setup+0x178/0x280 [ 1045.524475][T18764] ? ktime_add_safe+0x60/0x70 [ 1045.524511][T18764] futex_wait+0xed/0x380 [ 1045.524549][T18764] ? __pfx_futex_wait+0x10/0x10 [ 1045.524585][T18764] ? __lock_acquire+0x4a5/0x2630 [ 1045.524619][T18764] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 1045.524662][T18764] do_futex+0x1ef/0x350 [ 1045.524695][T18764] ? __pfx_do_futex+0x10/0x10 [ 1045.524726][T18764] ? ktime_get+0x200/0x300 [ 1045.524751][T18764] ? lockdep_hardirqs_on+0x78/0x100 [ 1045.524782][T18764] ? read_tsc+0x9/0x20 [ 1045.524814][T18764] __x64_sys_futex+0x34f/0x4d0 [ 1045.524850][T18764] ? __pfx___x64_sys_futex+0x10/0x10 [ 1045.524900][T18764] do_syscall_64+0x106/0xf80 [ 1045.524924][T18764] ? clear_bhb_loop+0x40/0x90 [ 1045.524953][T18764] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1045.524976][T18764] RIP: 0033:0x7fb2de99c819 [ 1045.524995][T18764] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1045.525017][T18764] RSP: 002b:00007fffbe8154e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1045.525040][T18764] RAX: ffffffffffffffda RBX: 00000000000ff31c RCX: 00007fb2de99c819 [ 1045.525055][T18764] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fb2dec15fac [ 1045.525070][T18764] RBP: 0000000000000032 R08: 0000000000000000 R09: 0000000000000000 [ 1045.525083][T18764] R10: 00007fffbe8155f0 R11: 0000000000000246 R12: 00007fffbe815610 [ 1045.525098][T18764] R13: 00007fb2dec15fac R14: 00000000000ff34e R15: 00007fffbe8155f0 [ 1045.525127][T18764] [ 1047.718876][T18788] net_ratelimit: 15 callbacks suppressed [ 1047.718897][T18788] netlink: zone id is out of range [ 1047.788793][T18788] netlink: set zone limit has 8 unknown bytes [ 1047.900569][T18790] netlink: zone id is out of range [ 1047.905787][T18790] netlink: zone id is out of range [ 1047.977638][T18790] netlink: zone id is out of range [ 1047.998998][T18790] netlink: zone id is out of range [ 1048.059606][T18790] netlink: zone id is out of range [ 1048.099783][T18790] netlink: zone id is out of range [ 1048.137651][T18790] netlink: zone id is out of range [ 1048.199887][T18790] netlink: zone id is out of range [ 1048.872521][T18791] Process accounting paused [ 1049.761807][T18810] ovs_: entered promiscuous mode [ 1054.621658][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1054.628198][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1054.719597][T18886] FAULT_INJECTION: forcing a failure. [ 1054.719597][T18886] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1055.139674][T18886] CPU: 0 UID: 0 PID: 18886 Comm: syz.4.2780 Tainted: G L syzkaller #0 PREEMPT(full) [ 1055.139720][T18886] Tainted: [L]=SOFTLOCKUP [ 1055.139729][T18886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1055.139744][T18886] Call Trace: [ 1055.139753][T18886] [ 1055.139762][T18886] dump_stack_lvl+0x100/0x190 [ 1055.139805][T18886] should_fail_ex.cold+0x5/0xa [ 1055.139830][T18886] ? prepare_alloc_pages+0x16d/0x5f0 [ 1055.139863][T18886] should_fail_alloc_page+0xeb/0x140 [ 1055.139894][T18886] prepare_alloc_pages+0x1f0/0x5f0 [ 1055.139929][T18886] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 1055.139971][T18886] ? stack_trace_save+0x8e/0xc0 [ 1055.139997][T18886] ? __pfx_stack_trace_save+0x10/0x10 [ 1055.140023][T18886] ? stack_depot_save_flags+0x27/0x9d0 [ 1055.140064][T18886] ? kasan_save_stack+0x3f/0x50 [ 1055.140087][T18886] ? kasan_save_stack+0x30/0x50 [ 1055.140108][T18886] ? kasan_save_track+0x14/0x30 [ 1055.140129][T18886] ? __kasan_slab_alloc+0x89/0x90 [ 1055.140153][T18886] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 1055.140194][T18886] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1055.140234][T18886] ? insert_page+0xcc/0x220 [ 1055.140262][T18886] ? vm_insert_page+0x2c0/0x400 [ 1055.140291][T18886] ? kcov_mmap+0xca/0x130 [ 1055.140313][T18886] ? mmap_region+0x30a/0x3e0 [ 1055.140350][T18886] ? vm_mmap_pgoff+0x29e/0x470 [ 1055.140377][T18886] ? ksys_mmap_pgoff+0x3c8/0x650 [ 1055.140402][T18886] ? __x64_sys_mmap+0x125/0x190 [ 1055.140438][T18886] ? do_syscall_64+0x106/0xf80 [ 1055.140464][T18886] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1055.140503][T18886] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1055.140531][T18886] ? policy_nodemask+0xed/0x4f0 [ 1055.140560][T18886] alloc_pages_mpol+0x1fb/0x550 [ 1055.140589][T18886] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1055.140620][T18886] ? do_raw_spin_lock+0x128/0x260 [ 1055.140662][T18886] alloc_pages_noprof+0x136/0x390 [ 1055.140691][T18886] pte_alloc_one+0x1c/0x3d0 [ 1055.140726][T18886] __pte_alloc+0x6d/0x3e0 [ 1055.140753][T18886] ? __pfx___pte_alloc+0x10/0x10 [ 1055.140781][T18886] ? walk_to_pmd+0x302/0x4c0 [ 1055.140814][T18886] get_locked_pte+0xa1/0xc0 [ 1055.140847][T18886] insert_page+0xcc/0x220 [ 1055.140878][T18886] ? __pfx_insert_page+0x10/0x10 [ 1055.140908][T18886] ? __pfx_down_read_trylock+0x10/0x10 [ 1055.140953][T18886] vm_insert_page+0x2c0/0x400 [ 1055.140987][T18886] kcov_mmap+0xca/0x130 [ 1055.141012][T18886] __mmap_region+0x1503/0x2a50 [ 1055.141055][T18886] ? __pfx___mmap_region+0x10/0x10 [ 1055.141095][T18886] ? find_held_lock+0x2b/0x80 [ 1055.141119][T18886] ? ima_match_policy+0x8c4/0x2350 [ 1055.141150][T18886] ? ima_match_policy+0x8c4/0x2350 [ 1055.141208][T18886] ? find_held_lock+0x2b/0x80 [ 1055.141231][T18886] ? process_measurement+0x4c8/0x2350 [ 1055.141255][T18886] ? process_measurement+0x4c8/0x2350 [ 1055.141291][T18886] ? process_measurement+0x1f4/0x2350 [ 1055.141365][T18886] mmap_region+0x30a/0x3e0 [ 1055.141410][T18886] do_mmap+0xc63/0x12f0 [ 1055.141444][T18886] ? __pfx_do_mmap+0x10/0x10 [ 1055.141473][T18886] ? __pfx_down_write_killable+0x10/0x10 [ 1055.141511][T18886] vm_mmap_pgoff+0x29e/0x470 [ 1055.141546][T18886] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1055.141574][T18886] ? __fget_files+0x215/0x3d0 [ 1055.141604][T18886] ? __fget_files+0x21f/0x3d0 [ 1055.141635][T18886] ksys_mmap_pgoff+0x3c8/0x650 [ 1055.141664][T18886] ? __x64_sys_futex+0x34f/0x4d0 [ 1055.141698][T18886] ? __x64_sys_futex+0x358/0x4d0 [ 1055.141738][T18886] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 1055.141768][T18886] ? xfd_validate_state+0x129/0x190 [ 1055.141811][T18886] __x64_sys_mmap+0x125/0x190 [ 1055.141852][T18886] do_syscall_64+0x106/0xf80 [ 1055.141878][T18886] ? clear_bhb_loop+0x40/0x90 [ 1055.141909][T18886] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1055.141935][T18886] RIP: 0033:0x7f40a819c819 [ 1055.141956][T18886] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1055.141981][T18886] RSP: 002b:00007f40a8f76028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1055.142005][T18886] RAX: ffffffffffffffda RBX: 00007f40a8416180 RCX: 00007f40a819c819 [ 1055.142027][T18886] RDX: 0000000000000007 RSI: 00000000003fffff RDI: 0000400000000000 [ 1055.142043][T18886] RBP: 00007f40a8232c91 R08: 00000000000000dd R09: 0000000000000000 [ 1055.142058][T18886] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000 [ 1055.142073][T18886] R13: 00007f40a8416218 R14: 00007f40a8416180 R15: 00007fff2a051048 [ 1055.142105][T18886] [ 1055.142129][T18886] kcov: kcov: vm_insert_page() failed [ 1057.667581][T17563] Bluetooth: hci2: unexpected event 0x14 length: 16 > 6 [ 1062.257400][T17563] Bluetooth: hci3: unexpected event 0x32 length: 727 > 9 [ 1062.609758][T18932] kexec: Could not allocate control_code_buffer [ 1065.336126][T19008] net_ratelimit: 3 callbacks suppressed [ 1065.336147][T19008] netlink: zone id is out of range [ 1065.590336][T19008] netlink: set zone limit has 8 unknown bytes [ 1065.802620][T19015] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2807'. [ 1066.859850][T19025] FAULT_INJECTION: forcing a failure. [ 1066.859850][T19025] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1067.115324][T19025] CPU: 0 UID: 0 PID: 19025 Comm: syz.0.2808 Tainted: G L syzkaller #0 PREEMPT(full) [ 1067.115363][T19025] Tainted: [L]=SOFTLOCKUP [ 1067.115372][T19025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1067.115387][T19025] Call Trace: [ 1067.115395][T19025] [ 1067.115405][T19025] dump_stack_lvl+0x100/0x190 [ 1067.115447][T19025] should_fail_ex.cold+0x5/0xa [ 1067.115476][T19025] get_futex_key+0x1d2/0x1620 [ 1067.115511][T19025] ? __pfx_get_futex_key+0x10/0x10 [ 1067.115539][T19025] ? __sock_release+0x1fc/0x260 [ 1067.115565][T19025] ? __sys_socket+0x14d/0x260 [ 1067.115595][T19025] ? __x64_sys_socket+0x72/0xb0 [ 1067.115633][T19025] ? do_syscall_64+0x106/0xf80 [ 1067.115658][T19025] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1067.115690][T19025] futex_wait_setup+0x83/0x510 [ 1067.115735][T19025] __futex_wait+0x19f/0x300 [ 1067.115774][T19025] ? __pfx___futex_wait+0x10/0x10 [ 1067.115817][T19025] ? __pfx_futex_wake_mark+0x10/0x10 [ 1067.115858][T19025] ? do_raw_spin_lock+0x128/0x260 [ 1067.115894][T19025] ? find_held_lock+0x2b/0x80 [ 1067.115916][T19025] ? futex_wake+0x456/0x530 [ 1067.115951][T19025] ? futex_wake+0x456/0x530 [ 1067.116000][T19025] futex_wait+0xed/0x380 [ 1067.116038][T19025] ? __pfx_futex_wait+0x10/0x10 [ 1067.116091][T19025] do_futex+0x1ef/0x350 [ 1067.116123][T19025] ? __pfx_do_futex+0x10/0x10 [ 1067.116154][T19025] ? iput+0x3a/0x40 [ 1067.116183][T19025] ? __sock_release+0x184/0x260 [ 1067.116214][T19025] __x64_sys_futex+0x34f/0x4d0 [ 1067.116248][T19025] ? __sys_socket+0xac/0x260 [ 1067.116280][T19025] ? __pfx___x64_sys_futex+0x10/0x10 [ 1067.116329][T19025] do_syscall_64+0x106/0xf80 [ 1067.116354][T19025] ? clear_bhb_loop+0x40/0x90 [ 1067.116383][T19025] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1067.116408][T19025] RIP: 0033:0x7fb2de99c819 [ 1067.116428][T19025] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1067.116450][T19025] RSP: 002b:00007fb2df9080e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1067.116473][T19025] RAX: ffffffffffffffda RBX: 00007fb2dec16098 RCX: 00007fb2de99c819 [ 1067.116489][T19025] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fb2dec16098 [ 1067.116503][T19025] RBP: 00007fb2dec16090 R08: 0000000000000000 R09: 0000000000000000 [ 1067.116518][T19025] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1067.116532][T19025] R13: 00007fb2dec16128 R14: 00007fffbe8152a0 R15: 00007fffbe815388 [ 1067.116562][T19025] [ 1069.005692][ T30] audit: type=1800 audit(4294967494.430:205): pid=19055 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2812" name="dbroot" dev="configfs" ino=220456 res=0 errno=0 [ 1069.426129][T19023] kexec: Could not allocate control_code_buffer [ 1069.827297][T19061] netlink: zone id is out of range [ 1069.906117][T19061] netlink: set zone limit has 8 unknown bytes [ 1070.129186][T19064] FAULT_INJECTION: forcing a failure. [ 1070.129186][T19064] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1070.167175][T19065] random: crng reseeded on system resumption [ 1070.231464][T19064] CPU: 0 UID: 0 PID: 19064 Comm: syz.1.2818 Tainted: G L syzkaller #0 PREEMPT(full) [ 1070.231503][T19064] Tainted: [L]=SOFTLOCKUP [ 1070.231512][T19064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1070.231555][T19064] Call Trace: [ 1070.231564][T19064] [ 1070.231573][T19064] dump_stack_lvl+0x100/0x190 [ 1070.231615][T19064] should_fail_ex.cold+0x5/0xa [ 1070.231643][T19064] _copy_to_user+0x32/0xd0 [ 1070.231682][T19064] __snd_timer_user_ioctl.isra.0+0x19d0/0x27c0 [ 1070.231725][T19064] ? __pfx___snd_timer_user_ioctl.isra.0+0x10/0x10 [ 1070.231768][T19064] ? rcu_is_watching+0x12/0xc0 [ 1070.231806][T19064] ? trace_contention_end+0x140/0x180 [ 1070.231841][T19064] ? __mutex_lock+0x26a/0x1b90 [ 1070.231871][T19064] ? snd_timer_user_ioctl+0x4a/0xd0 [ 1070.231907][T19064] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 1070.231945][T19064] ? __pfx___mutex_lock+0x10/0x10 [ 1070.231977][T19064] ? find_held_lock+0x2b/0x80 [ 1070.232015][T19064] snd_timer_user_ioctl+0x76/0xd0 [ 1070.232051][T19064] ? __pfx_snd_timer_user_ioctl+0x10/0x10 [ 1070.232092][T19064] __x64_sys_ioctl+0x18e/0x210 [ 1070.232130][T19064] do_syscall_64+0x106/0xf80 [ 1070.232155][T19064] ? clear_bhb_loop+0x40/0x90 [ 1070.232185][T19064] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1070.232210][T19064] RIP: 0033:0x7fcd4339c819 [ 1070.232230][T19064] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1070.232253][T19064] RSP: 002b:00007fcd442a5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1070.232275][T19064] RAX: ffffffffffffffda RBX: 00007fcd43615fa0 RCX: 00007fcd4339c819 [ 1070.232291][T19064] RDX: 0000000000000000 RSI: 00000000c0f85403 RDI: 0000000000000004 [ 1070.232305][T19064] RBP: 00007fcd442a5090 R08: 0000000000000000 R09: 0000000000000000 [ 1070.232320][T19064] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1070.232334][T19064] R13: 00007fcd43616038 R14: 00007fcd43615fa0 R15: 00007ffd1e04cc68 [ 1070.232364][T19064] [ 1071.127133][T19080] vhci_hcd vhci_hcd.2: USB_PORT_FEAT_BH_PORT_RESET req not supported for USB 2.0 roothub [ 1072.511373][T19089] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2824'. [ 1073.951826][T19115] FAULT_INJECTION: forcing a failure. [ 1073.951826][T19115] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1074.088818][T19115] CPU: 0 UID: 0 PID: 19115 Comm: syz.1.2828 Tainted: G L syzkaller #0 PREEMPT(full) [ 1074.088859][T19115] Tainted: [L]=SOFTLOCKUP [ 1074.088868][T19115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1074.088882][T19115] Call Trace: [ 1074.088891][T19115] [ 1074.088900][T19115] dump_stack_lvl+0x100/0x190 [ 1074.088943][T19115] should_fail_ex.cold+0x5/0xa [ 1074.088972][T19115] _copy_to_user+0x32/0xd0 [ 1074.089007][T19115] __snd_timer_user_ioctl.isra.0+0x19d0/0x27c0 [ 1074.089048][T19115] ? __pfx___snd_timer_user_ioctl.isra.0+0x10/0x10 [ 1074.089100][T19115] ? rcu_is_watching+0x12/0xc0 [ 1074.089140][T19115] ? trace_contention_end+0x140/0x180 [ 1074.089180][T19115] ? __mutex_lock+0x26a/0x1b90 [ 1074.089210][T19115] ? snd_timer_user_ioctl+0x4a/0xd0 [ 1074.089250][T19115] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 1074.089288][T19115] ? __pfx___mutex_lock+0x10/0x10 [ 1074.089320][T19115] ? find_held_lock+0x2b/0x80 [ 1074.089358][T19115] snd_timer_user_ioctl+0x76/0xd0 [ 1074.089394][T19115] ? __pfx_snd_timer_user_ioctl+0x10/0x10 [ 1074.089431][T19115] __x64_sys_ioctl+0x18e/0x210 [ 1074.089469][T19115] do_syscall_64+0x106/0xf80 [ 1074.089495][T19115] ? clear_bhb_loop+0x40/0x90 [ 1074.089525][T19115] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1074.089550][T19115] RIP: 0033:0x7fcd4339c819 [ 1074.089570][T19115] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1074.089594][T19115] RSP: 002b:00007fcd442a5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1074.089618][T19115] RAX: ffffffffffffffda RBX: 00007fcd43615fa0 RCX: 00007fcd4339c819 [ 1074.089634][T19115] RDX: 0000000000000000 RSI: 00000000c0f85403 RDI: 0000000000000004 [ 1074.089648][T19115] RBP: 00007fcd442a5090 R08: 0000000000000000 R09: 0000000000000000 [ 1074.089663][T19115] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1074.089677][T19115] R13: 00007fcd43616038 R14: 00007fcd43615fa0 R15: 00007ffd1e04cc68 [ 1074.089707][T19115] [ 1074.943027][ T30] audit: type=1800 audit(4294967500.310:206): pid=19112 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2827" name="dbroot" dev="configfs" ino=222729 res=0 errno=0 [ 1077.691654][T19153] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2836'. [ 1077.884841][T19155] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2836'. [ 1081.711805][T19196] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1081.952770][ T30] audit: type=1800 audit(4294967507.400:207): pid=19208 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2840" name="dbroot" dev="configfs" ino=225717 res=0 errno=0 [ 1081.989418][T19196] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1082.099603][T19201] can: request_module (can-proto-0) failed. [ 1082.279368][T19196] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1082.484486][T19196] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1083.198183][T19173] Process accounting resumed [ 1083.489549][T17563] Bluetooth: hci4: command 0x0406 tx timeout [ 1083.731860][T17563] Bluetooth: hci2: command 0x0c1a tx timeout [ 1083.954501][T19221] netlink: zone id is out of range [ 1084.033640][T19221] netlink: set zone limit has 8 unknown bytes [ 1084.065775][T17563] Bluetooth: hci3: command 0x040f tx timeout [ 1084.110425][T19222] netlink: zone id is out of range [ 1084.160844][T19222] netlink: zone id is out of range [ 1084.218620][T19222] netlink: zone id is out of range [ 1084.277763][T19222] netlink: zone id is out of range [ 1084.293178][T17563] Bluetooth: hci1: command 0x040f tx timeout [ 1084.344016][T19222] netlink: zone id is out of range [ 1084.389564][T19222] netlink: zone id is out of range [ 1084.447061][T19222] netlink: zone id is out of range [ 1084.502498][T19222] netlink: zone id is out of range [ 1085.924706][T19249] device-mapper: ioctl: Invalid data size in the ioctl structure: 0 [ 1085.936098][T17563] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 1086.154769][T19241] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1087.508224][T19261] bond0: invalid ARP target specified [ 1087.953294][T19261] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2859'. [ 1088.320265][T19276] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2859'. [ 1088.430722][T19241] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1088.787444][ T30] audit: type=1800 audit(4294967514.230:208): pid=19279 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2857" name="dbroot" dev="configfs" ino=228503 res=0 errno=0 [ 1088.951448][T19261] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1088.958910][T19261] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1089.280076][T19261] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1089.287713][T19261] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1089.574149][T19241] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1089.606322][T19282] net_ratelimit: 2 callbacks suppressed [ 1089.606345][T19282] netlink: zone id is out of range [ 1089.925916][T19288] netlink: zone id is out of range [ 1090.013572][T19289] netlink: zone id is out of range [ 1090.045758][T19289] netlink: zone id is out of range [ 1090.070919][T19241] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1090.116674][T19288] netlink: set zone limit has 8 unknown bytes [ 1090.123964][T19282] netlink: set zone limit has 8 unknown bytes [ 1090.191723][T19289] netlink: zone id is out of range [ 1090.229487][T19289] netlink: zone id is out of range [ 1090.257023][T19289] netlink: zone id is out of range [ 1090.311605][T19289] netlink: zone id is out of range [ 1090.485161][T19241] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1091.292871][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1091.300719][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1092.470996][T19305] input: f¬ as /devices/virtual/input/input16 [ 1093.087624][T19308] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1093.120291][T19308] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1093.150811][T19308] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1093.181943][T19308] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 1093.384326][T19308] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1094.770781][T17620] Bluetooth: hci4: command 0x0406 tx timeout [ 1095.179549][T17620] Bluetooth: hci3: command 0x040f tx timeout [ 1095.186359][T17563] Bluetooth: hci2: command 0x0c1a tx timeout [ 1095.295996][T19327] can: request_module (can-proto-5) failed. [ 1095.409731][T17563] Bluetooth: hci1: command 0x040f tx timeout [ 1095.662467][T19333] net_ratelimit: 4 callbacks suppressed [ 1095.662489][T19333] netlink: zone id is out of range [ 1095.885155][T19334] netlink: zone id is out of range [ 1096.159527][T19334] netlink: zone id is out of range [ 1096.250402][T19333] netlink: set zone limit has 8 unknown bytes [ 1096.299458][T19334] netlink: zone id is out of range [ 1096.489638][T19334] netlink: zone id is out of range [ 1096.494804][T19334] netlink: zone id is out of range [ 1096.771721][T19334] netlink: zone id is out of range [ 1096.776896][T19334] netlink: zone id is out of range [ 1097.061129][T19334] netlink: zone id is out of range [ 1097.250657][T17563] Bluetooth: hci3: command 0x040f tx timeout [ 1097.619074][T19344] bonding: no command found in bonding_masters - use +ifname or -ifname [ 1100.483936][T17620] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1100.496609][T17620] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1100.505221][T17620] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1100.514783][T17620] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1100.528542][T17620] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1101.614683][T19364] chnl_net:caif_netlink_parms(): no params data found [ 1101.869696][T19372] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1101.971828][T19372] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1102.069401][T19372] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1102.204663][T19372] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1102.287000][T19364] bridge0: port 1(bridge_slave_0) entered blocking state [ 1102.300184][T19372] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1102.306377][T19372] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1102.379652][T19364] bridge0: port 1(bridge_slave_0) entered disabled state [ 1102.387003][T19364] bridge_slave_0: entered allmulticast mode [ 1102.458513][T19372] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1102.499922][T19364] bridge_slave_0: entered promiscuous mode [ 1102.550119][T19364] bridge0: port 2(bridge_slave_1) entered blocking state [ 1102.603282][T19364] bridge0: port 2(bridge_slave_1) entered disabled state [ 1102.669477][T19364] bridge_slave_1: entered allmulticast mode [ 1102.723714][T19364] bridge_slave_1: entered promiscuous mode [ 1102.747372][T17563] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1102.764439][T17563] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1102.776385][T17563] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1102.786172][T17563] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1102.809967][T17563] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1103.185732][T19364] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1103.293905][T19364] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1103.446445][T19395] net_ratelimit: 14 callbacks suppressed [ 1103.446466][T19395] netlink: zone id is out of range [ 1103.559627][T19396] netlink: zone id is out of range [ 1103.564850][T19396] netlink: zone id is out of range [ 1103.615394][T19395] netlink: set zone limit has 8 unknown bytes [ 1103.720802][T19396] netlink: zone id is out of range [ 1103.729996][T17563] Bluetooth: hci4: command 0x0406 tx timeout [ 1103.773707][T19396] netlink: zone id is out of range [ 1103.792998][T19364] team0: Port device team_slave_0 added [ 1103.810710][T19396] netlink: zone id is out of range [ 1103.863449][T19396] netlink: zone id is out of range [ 1103.876113][T19396] netlink: zone id is out of range [ 1103.891201][T17563] Bluetooth: hci2: command 0x0c1a tx timeout [ 1103.904838][T19364] team0: Port device team_slave_1 added [ 1103.919563][T19396] netlink: zone id is out of range [ 1104.050391][T17563] Bluetooth: hci3: command 0x040f tx timeout [ 1104.170678][T19364] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1104.239389][T19364] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1104.299653][T17563] Bluetooth: hci1: command 0x040f tx timeout [ 1104.379492][T17563] Bluetooth: hci0: command 0x041b tx timeout [ 1104.444032][T19364] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1104.621629][T19364] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1104.628989][T19364] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1104.849573][T17563] Bluetooth: hci5: command tx timeout [ 1104.856960][T19364] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1105.911169][T19364] hsr_slave_0: entered promiscuous mode [ 1105.959764][T19364] hsr_slave_1: entered promiscuous mode [ 1105.991923][T19364] debugfs: 'hsr0' already exists in 'hsr' [ 1105.997752][T19364] Cannot create hsr debugfs directory [ 1106.067982][T19384] chnl_net:caif_netlink_parms(): no params data found [ 1106.454241][T17563] Bluetooth: hci0: command 0x041b tx timeout [ 1106.939400][T17563] Bluetooth: hci5: command tx timeout [ 1107.297896][T19384] bridge0: port 1(bridge_slave_0) entered blocking state [ 1107.339613][T19384] bridge0: port 1(bridge_slave_0) entered disabled state [ 1107.346897][T19384] bridge_slave_0: entered allmulticast mode [ 1107.417256][T19384] bridge_slave_0: entered promiscuous mode [ 1107.503123][T19384] bridge0: port 2(bridge_slave_1) entered blocking state [ 1107.548779][T19384] bridge0: port 2(bridge_slave_1) entered disabled state [ 1107.617272][T19384] bridge_slave_1: entered allmulticast mode [ 1107.653970][T19384] bridge_slave_1: entered promiscuous mode [ 1107.964001][T19384] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1108.082589][T19384] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1108.468629][T19384] team0: Port device team_slave_0 added [ 1108.534499][T17563] Bluetooth: hci0: command 0x041b tx timeout [ 1108.570178][T19384] team0: Port device team_slave_1 added [ 1108.953494][ T30] audit: type=1800 audit(4294967534.400:209): pid=19426 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2891" name="dbroot" dev="configfs" ino=239817 res=0 errno=0 [ 1109.012949][T17563] Bluetooth: hci5: command tx timeout [ 1109.054789][T19384] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1109.132822][T19384] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1109.292528][T19384] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1109.452749][T19384] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1109.492181][T19384] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1109.669600][T19384] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1109.785590][T17563] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 1110.031820][T19384] hsr_slave_0: entered promiscuous mode [ 1110.098490][T19384] hsr_slave_1: entered promiscuous mode [ 1110.141763][T19384] debugfs: 'hsr0' already exists in 'hsr' [ 1110.147578][T19384] Cannot create hsr debugfs directory [ 1110.565152][T19437] net_ratelimit: 2 callbacks suppressed [ 1110.565172][T19437] netlink: zone id is out of range [ 1110.615070][T17620] Bluetooth: hci0: command 0x041b tx timeout [ 1110.657403][T19437] netlink: set zone limit has 8 unknown bytes [ 1110.740469][T19438] netlink: zone id is out of range [ 1110.745791][T19438] netlink: zone id is out of range [ 1110.801803][T19438] netlink: zone id is out of range [ 1110.834827][T19438] netlink: zone id is out of range [ 1110.881945][T19438] netlink: zone id is out of range [ 1110.936786][T19438] netlink: zone id is out of range [ 1110.958117][T19438] netlink: zone id is out of range [ 1111.010165][T19438] netlink: zone id is out of range [ 1111.090442][T17620] Bluetooth: hci5: command tx timeout [ 1111.631543][T19440] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2896'. [ 1111.811336][T17620] Bluetooth: hci2: command 0x0c1a tx timeout [ 1112.689372][T17620] Bluetooth: hci0: command 0x041b tx timeout [ 1113.368141][T19445] Process accounting paused [ 1113.893502][T17620] Bluetooth: hci2: command 0x0c1a tx timeout [ 1114.111492][T19464] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2902'. [ 1114.333977][T19464] EXT4-fs error (device sda1): ext4_lookup:1785: inode #449: comm syz.0.2902: iget: checksum invalid [ 1114.466513][T19464] faux_driver regulatory: loading /lib/firmware/regulatory.db.p7s failed with error -74 [ 1114.592591][T19464] faux_driver regulatory: Direct firmware load for regulatory.db.p7s failed with error -74 [ 1114.779504][T17563] Bluetooth: hci0: command 0x041b tx timeout [ 1114.899378][T19464] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db.p7s [ 1116.062296][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1116.068741][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1116.462607][T19473] FAULT_INJECTION: forcing a failure. [ 1116.462607][T19473] name failslab, interval 1, probability 0, space 0, times 0 [ 1116.659446][T19473] CPU: 0 UID: 0 PID: 19473 Comm: syz.2.2904 Tainted: G L syzkaller #0 PREEMPT(full) [ 1116.659486][T19473] Tainted: [L]=SOFTLOCKUP [ 1116.659495][T19473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1116.659511][T19473] Call Trace: [ 1116.659520][T19473] [ 1116.659531][T19473] dump_stack_lvl+0x100/0x190 [ 1116.659575][T19473] should_fail_ex.cold+0x5/0xa [ 1116.659606][T19473] should_failslab+0xc2/0x120 [ 1116.659635][T19473] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1116.659675][T19473] ? anon_vma_fork+0x8d/0x6b0 [ 1116.659716][T19473] anon_vma_fork+0x8d/0x6b0 [ 1116.659753][T19473] ? vm_area_dup+0x59d/0x8e0 [ 1116.659790][T19473] dup_mmap+0x141f/0x2180 [ 1116.659844][T19473] ? __pfx_dup_mmap+0x10/0x10 [ 1116.659874][T19473] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1116.659906][T19473] ? __lock_acquire+0x4a5/0x2630 [ 1116.659941][T19473] ? find_held_lock+0x2b/0x80 [ 1116.659965][T19473] ? __percpu_counter_init_many+0x2bc/0x3b0 [ 1116.660021][T19473] copy_process+0x7523/0x7a40 [ 1116.660072][T19473] ? __pfx_copy_process+0x10/0x10 [ 1116.660103][T19473] ? find_held_lock+0x2b/0x80 [ 1116.660140][T19473] kernel_clone+0xfc/0x9a0 [ 1116.660168][T19473] ? __pfx_futex_wait+0x10/0x10 [ 1116.660210][T19473] ? __pfx_kernel_clone+0x10/0x10 [ 1116.660256][T19473] __do_sys_clone+0xd9/0x120 [ 1116.660287][T19473] ? __pfx___do_sys_clone+0x10/0x10 [ 1116.660343][T19473] do_syscall_64+0x106/0xf80 [ 1116.660369][T19473] ? clear_bhb_loop+0x40/0x90 [ 1116.660399][T19473] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1116.660430][T19473] RIP: 0033:0x7f679b99c819 [ 1116.660450][T19473] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1116.660474][T19473] RSP: 002b:00007f679c78efd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1116.660498][T19473] RAX: ffffffffffffffda RBX: 00007f679bc15fa0 RCX: 00007f679b99c819 [ 1116.660514][T19473] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000002360411 [ 1116.660530][T19473] RBP: 00007f679ba32c91 R08: 0000000000000000 R09: 0000000000000000 [ 1116.660545][T19473] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1116.660560][T19473] R13: 00007f679bc16038 R14: 00007f679bc15fa0 R15: 00007fff2d56a4d8 [ 1116.660592][T19473] [ 1120.598238][T19498] net_ratelimit: 2 callbacks suppressed [ 1120.598259][T19498] netlink: zone id is out of range [ 1120.692200][T19498] netlink: set zone limit has 8 unknown bytes [ 1120.763956][T19499] netlink: zone id is out of range [ 1120.769124][T19499] netlink: zone id is out of range [ 1120.860360][T19499] netlink: zone id is out of range [ 1120.899565][T19499] netlink: zone id is out of range [ 1120.939578][T19499] netlink: zone id is out of range [ 1120.944925][T19499] netlink: zone id is out of range [ 1120.982442][T19499] netlink: zone id is out of range [ 1121.019378][T19499] netlink: zone id is out of range [ 1122.170579][T17563] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 1122.178375][T17563] Bluetooth: hci2: Invalid handle: 0x3a4a > 0x0eff [ 1122.185548][T17620] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 1122.196018][T17620] Bluetooth: hci2: Invalid handle: 0x3a4a > 0x0eff [ 1125.311868][T19533] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2920'. [ 1125.552889][T19533] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2920'. [ 1125.935634][T19538] net_ratelimit: 2 callbacks suppressed [ 1125.935655][T19538] netlink: zone id is out of range [ 1126.018676][T19538] netlink: set zone limit has 8 unknown bytes [ 1126.463730][T19538] netlink: zone id is out of range [ 1126.469016][T19538] netlink: zone id is out of range [ 1126.583995][T19538] netlink: zone id is out of range [ 1126.642314][T19538] netlink: zone id is out of range [ 1126.672164][T19538] netlink: zone id is out of range [ 1126.720917][T19538] netlink: zone id is out of range [ 1126.726587][T19538] netlink: zone id is out of range [ 1126.773168][T19538] netlink: zone id is out of range [ 1133.939469][T19599] can: request_module (can-proto-3) failed. [ 1136.970886][T19619] EXT4-fs error (device sda1): ext4_lookup:1785: inode #449: comm syz.0.2937: iget: checksum invalid [ 1136.993784][ T30] audit: type=1800 audit(4294967562.440:210): pid=19617 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2934" name="dbroot" dev="configfs" ino=255930 res=0 errno=0 [ 1137.173435][T19619] faux_driver regulatory: loading /lib/firmware/regulatory.db.p7s failed with error -74 [ 1137.355529][T19619] faux_driver regulatory: Direct firmware load for regulatory.db.p7s failed with error -74 [ 1137.535031][T19619] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db.p7s [ 1140.883787][T19632] net_ratelimit: 19 callbacks suppressed [ 1140.883809][T19632] netlink: zone id is out of range [ 1141.011091][T19633] netlink: zone id is out of range [ 1141.016388][T19633] netlink: zone id is out of range [ 1141.190495][T19633] netlink: zone id is out of range [ 1141.334537][T19633] netlink: zone id is out of range [ 1141.393493][T19632] netlink: set zone limit has 8 unknown bytes [ 1141.497084][T19633] netlink: zone id is out of range [ 1141.549370][T19633] netlink: zone id is out of range [ 1141.641930][T19633] netlink: zone id is out of range [ 1141.769380][T19633] netlink: zone id is out of range [ 1144.501162][ T30] audit: type=1800 audit(4294967569.950:211): pid=19648 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2942" name="dbroot" dev="configfs" ino=260332 res=0 errno=0 [ 1149.800832][T19685] net_ratelimit: 2 callbacks suppressed [ 1149.800853][T19685] netlink: zone id is out of range [ 1149.913127][T19685] netlink: set zone limit has 8 unknown bytes [ 1149.987271][T19686] netlink: zone id is out of range [ 1150.029442][T19686] netlink: zone id is out of range [ 1150.050657][T19686] netlink: zone id is out of range [ 1150.084176][T19686] netlink: zone id is out of range [ 1150.121564][T19686] netlink: zone id is out of range [ 1150.160472][T19686] netlink: zone id is out of range [ 1150.180421][T19686] netlink: zone id is out of range [ 1150.210343][T19686] netlink: zone id is out of range [ 1155.986797][T19711] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2963'. [ 1156.048463][T19711] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2963'. [ 1161.482861][T17620] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 1161.499744][T17620] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 1161.508369][T17620] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 1161.516581][T17620] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 1161.543064][T17620] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 1162.543696][T19741] chnl_net:caif_netlink_parms(): no params data found [ 1162.919720][T17563] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 1162.933935][T17563] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 1162.942267][T17563] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 1162.950874][T17563] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 1162.960495][T17563] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 1163.158480][T19741] bridge0: port 1(bridge_slave_0) entered blocking state [ 1163.209426][T19741] bridge0: port 1(bridge_slave_0) entered disabled state [ 1163.216799][T19741] bridge_slave_0: entered allmulticast mode [ 1163.285437][T19741] bridge_slave_0: entered promiscuous mode [ 1163.484107][T19741] bridge0: port 2(bridge_slave_1) entered blocking state [ 1163.529453][T19741] bridge0: port 2(bridge_slave_1) entered disabled state [ 1163.536769][T19741] bridge_slave_1: entered allmulticast mode [ 1163.569402][T17563] Bluetooth: hci6: command tx timeout [ 1163.604374][T19741] bridge_slave_1: entered promiscuous mode [ 1163.928512][T19741] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1164.205680][T19741] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1164.507988][T19741] team0: Port device team_slave_0 added [ 1164.552093][T19741] team0: Port device team_slave_1 added [ 1164.811135][T19741] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1164.849159][T19741] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1164.964411][T19741] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1165.010855][T17563] Bluetooth: hci7: command tx timeout [ 1165.124630][T19741] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1165.157257][T19741] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1165.277688][T19741] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1165.651357][T17563] Bluetooth: hci6: command tx timeout [ 1165.687011][T19741] hsr_slave_0: entered promiscuous mode [ 1165.740404][T19741] hsr_slave_1: entered promiscuous mode [ 1165.746695][T19741] debugfs: 'hsr0' already exists in 'hsr' [ 1165.820111][T19741] Cannot create hsr debugfs directory [ 1165.826974][T19755] chnl_net:caif_netlink_parms(): no params data found [ 1167.093739][T17563] Bluetooth: hci7: command tx timeout [ 1167.221079][T19755] bridge0: port 1(bridge_slave_0) entered blocking state [ 1167.228295][T19755] bridge0: port 1(bridge_slave_0) entered disabled state [ 1167.283148][T19755] bridge_slave_0: entered allmulticast mode [ 1167.311774][T19755] bridge_slave_0: entered promiscuous mode [ 1167.444042][T19755] bridge0: port 2(bridge_slave_1) entered blocking state [ 1167.484959][T19755] bridge0: port 2(bridge_slave_1) entered disabled state [ 1167.529972][T19755] bridge_slave_1: entered allmulticast mode [ 1167.578361][T19755] bridge_slave_1: entered promiscuous mode [ 1167.591195][T19791] netlink: 74 bytes leftover after parsing attributes in process `syz.0.2975'. [ 1167.682571][T19770] blktrace: Concurrent blktraces are not allowed on loop2 [ 1167.729270][T17563] Bluetooth: hci6: command tx timeout [ 1167.777608][T19755] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1167.860508][T19755] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1168.112340][T19755] team0: Port device team_slave_0 added [ 1168.152795][T19755] team0: Port device team_slave_1 added [ 1168.581414][T19755] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1168.629534][T19755] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1168.779483][T19755] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1168.894328][T19755] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1168.939780][T19755] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1169.106402][T19755] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1169.174076][T17563] Bluetooth: hci7: command tx timeout [ 1169.447860][T19755] hsr_slave_0: entered promiscuous mode [ 1169.482215][T19755] hsr_slave_1: entered promiscuous mode [ 1169.488605][T19755] debugfs: 'hsr0' already exists in 'hsr' [ 1169.551517][T19755] Cannot create hsr debugfs directory [ 1169.812408][T17563] Bluetooth: hci6: command tx timeout [ 1171.250025][T17563] Bluetooth: hci7: command tx timeout [ 1172.474858][T19826] futex_wake_op: syz.0.2986 tries to shift op by -2048; fix this program [ 1172.564888][T19826] futex_wake_op: syz.0.2986 tries to shift op by -2048; fix this program [ 1173.486309][T19838] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2989'. [ 1174.763605][T19851] net_ratelimit: 97 callbacks suppressed [ 1174.763638][T19851] netlink: zone id is out of range [ 1174.922285][T19851] netlink: set zone limit has 8 unknown bytes [ 1177.497834][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1177.506524][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1179.229628][T19895] serio: Serial port pty6 [ 1180.018792][T19900] delete_channel: no stack [ 1180.528899][T19910] netlink: 330 bytes leftover after parsing attributes in process `syz.2.3007'. [ 1180.568389][T19910] mac80211_hwsim hwsim29 ›: renamed from wlan0 (while UP) [ 1181.978639][T19918] futex_wake_op: syz.2.3010 tries to shift op by -2048; fix this program [ 1182.059496][T19918] futex_wake_op: syz.2.3010 tries to shift op by -2048; fix this program [ 1182.159479][T19918] 0x000000000001-0x000000020000 : "" [ 1182.222327][T19918] ftl_cs: FTL header corrupt! [ 1222.148072][T17620] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 1222.159120][T17620] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 1222.169051][T17620] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 1222.176987][T17620] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 1222.189149][T17620] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 1222.737688][T19973] chnl_net:caif_netlink_parms(): no params data found [ 1223.094846][T19973] bridge0: port 1(bridge_slave_0) entered blocking state [ 1223.139805][T19973] bridge0: port 1(bridge_slave_0) entered disabled state [ 1223.147585][T19973] bridge_slave_0: entered allmulticast mode [ 1223.209447][T19973] bridge_slave_0: entered promiscuous mode [ 1223.241323][T19973] bridge0: port 2(bridge_slave_1) entered blocking state [ 1223.248681][T19973] bridge0: port 2(bridge_slave_1) entered disabled state [ 1223.279756][T19973] bridge_slave_1: entered allmulticast mode [ 1223.316136][T19973] bridge_slave_1: entered promiscuous mode [ 1223.348278][T17620] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 1223.361112][T17620] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 1223.370742][T17620] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 1223.380318][T17620] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 1223.392396][T17620] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 1223.557132][T19973] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1223.615850][T19973] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1223.783914][T19973] team0: Port device team_slave_0 added [ 1223.824391][T19973] team0: Port device team_slave_1 added [ 1223.945623][T19973] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1223.981170][T19973] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1224.045456][T19973] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1224.135493][T19973] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1224.160452][T19973] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1224.242651][T19973] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1224.293989][T17563] Bluetooth: hci8: command tx timeout [ 1224.505497][T19973] hsr_slave_0: entered promiscuous mode [ 1224.552671][T19973] hsr_slave_1: entered promiscuous mode [ 1224.572194][T19973] debugfs: 'hsr0' already exists in 'hsr' [ 1224.578144][T19973] Cannot create hsr debugfs directory [ 1224.616777][T19985] chnl_net:caif_netlink_parms(): no params data found [ 1225.062839][T19985] bridge0: port 1(bridge_slave_0) entered blocking state [ 1225.082872][T19985] bridge0: port 1(bridge_slave_0) entered disabled state [ 1225.106089][T19985] bridge_slave_0: entered allmulticast mode [ 1225.132974][T19985] bridge_slave_0: entered promiscuous mode [ 1225.177175][T19985] bridge0: port 2(bridge_slave_1) entered blocking state [ 1225.202939][T19985] bridge0: port 2(bridge_slave_1) entered disabled state [ 1225.252595][T19985] bridge_slave_1: entered allmulticast mode [ 1225.271522][T19985] bridge_slave_1: entered promiscuous mode [ 1225.431332][T19985] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1225.477449][T19985] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1225.491380][T17563] Bluetooth: hci9: command tx timeout [ 1225.606016][T19985] team0: Port device team_slave_0 added [ 1225.633485][T19985] team0: Port device team_slave_1 added [ 1225.650393][T17597] Bluetooth: hci5: command 0x0406 tx timeout [ 1225.750790][T19985] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1225.757799][T19985] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1225.842615][T19985] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1225.882492][T19985] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1225.906746][T19985] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1225.988007][T19985] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1226.173266][T19985] hsr_slave_0: entered promiscuous mode [ 1226.193892][T19985] hsr_slave_1: entered promiscuous mode [ 1226.217321][T19985] debugfs: 'hsr0' already exists in 'hsr' [ 1226.237624][T19985] Cannot create hsr debugfs directory [ 1226.369884][T17620] Bluetooth: hci8: command tx timeout [ 1227.569655][T17620] Bluetooth: hci9: command tx timeout [ 1228.449424][T17620] Bluetooth: hci8: command tx timeout [ 1229.649609][T17620] Bluetooth: hci9: command tx timeout [ 1230.529643][T17620] Bluetooth: hci8: command tx timeout [ 1231.730229][T17620] Bluetooth: hci9: command tx timeout [ 1238.940460][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1238.946798][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1240.210133][ T31] INFO: task syz.4.2851:19241 blocked for more than 143 seconds. [ 1240.217929][ T31] Tainted: G L syzkaller #0 [ 1240.229667][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1240.238386][ T31] task:syz.4.2851 state:D stack:25880 pid:19241 tgid:19235 ppid:7651 task_flags:0x480040 flags:0x00080002 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1240.302849][ T31] Call Trace: [ 1240.306276][ T31] [ 1240.339644][ T31] __schedule+0xfee/0x6120 [ 1240.344242][ T31] ? __lock_acquire+0x4a5/0x2630 [ 1240.381753][ T31] ? __pfx___schedule+0x10/0x10 [ 1240.386675][ T31] ? find_held_lock+0x2b/0x80 [ 1240.419711][ T31] ? schedule+0x2bf/0x390 [ 1240.424111][ T31] schedule+0xdd/0x390 [ 1240.428287][ T31] schedule_timeout+0x1b2/0x280 [ 1240.471616][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 1240.507836][ T31] ? mark_held_locks+0x40/0x70 [ 1240.601283][ T31] __wait_for_common+0x2e7/0x4c0 [ 1240.606296][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 1240.679633][ T31] ? __pfx___wait_for_common+0x10/0x10 [ 1240.729338][ T31] remove_one+0x312/0x420 [ 1240.733771][ T31] ? find_next_child+0x18f/0x280 [ 1240.738743][ T31] __simple_recursive_removal+0x148/0x5c0 [ 1240.821373][ T31] ? __pfx_remove_one+0x10/0x10 [ 1240.826306][ T31] debugfs_remove+0x5d/0x80 [ 1240.869288][ T31] nsim_dev_health_exit+0x3b/0xe0 [ 1240.874401][ T31] nsim_dev_reload_destroy+0x144/0x4a0 [ 1240.919290][ T31] nsim_drv_remove+0x52/0x1e0 [ 1240.924052][ T31] ? __pfx_nsim_bus_remove+0x10/0x10 [ 1240.973666][ T31] device_remove+0xcb/0x180 [ 1240.978267][ T31] device_release_driver_internal+0x44e/0x620 [ 1241.041328][ T31] bus_remove_device+0x2bc/0x560 [ 1241.046437][ T31] ? __pfx_bus_remove_device+0x10/0x10 [ 1241.099308][ T31] ? __pfx_device_remove_attrs+0x10/0x10 [ 1241.105064][ T31] ? up_write+0x290/0x4f0 [ 1241.152999][ T31] device_del+0x376/0x9b0 [ 1241.157425][ T31] ? __pfx_device_del+0x10/0x10 [ 1241.194300][ T31] ? __lock_acquire+0x4a5/0x2630 [ 1241.229476][ T31] device_unregister+0x1d/0xe0 [ 1241.234344][ T31] del_device_store+0x346/0x480 [ 1241.272158][ T31] ? __pfx_del_device_store+0x10/0x10 [ 1241.277624][ T31] ? find_held_lock+0x2b/0x80 [ 1241.330714][ T31] ? sysfs_file_kobj+0xe4/0x290 [ 1241.335649][ T31] ? sysfs_file_kobj+0xe4/0x290 [ 1241.371565][ T31] ? __pfx_del_device_store+0x10/0x10 [ 1241.377010][ T31] bus_attr_store+0x74/0xb0 [ 1241.412737][ T31] ? __pfx_bus_attr_store+0x10/0x10 [ 1241.418022][ T31] sysfs_kf_write+0xf2/0x150 [ 1241.449647][ T31] kernfs_fop_write_iter+0x3e0/0x5f0 [ 1241.455017][ T31] ? __pfx_sysfs_kf_write+0x10/0x10 [ 1241.490734][ T31] vfs_write+0x6ac/0x1070 [ 1241.495134][ T31] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 1241.539312][ T31] ? __pfx_vfs_write+0x10/0x10 [ 1241.544164][ T31] ksys_write+0x12a/0x250 [ 1241.548508][ T31] ? __pfx_ksys_write+0x10/0x10 [ 1241.596863][T16660] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz-executor: bg 1: bad block bitmap checksum [ 1241.611815][ T31] do_syscall_64+0x106/0xf80 [ 1241.616465][ T31] ? clear_bhb_loop+0x40/0x90 [ 1241.639431][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1241.645427][ T31] RIP: 0033:0x7f40a819c819 [ 1241.670150][T16660] EXT4-fs error (device sda1) in ext4_mb_clear_bb:6685: Filesystem failed CRC [ 1241.689591][ T31] RSP: 002b:00007f40a8f76028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1241.698331][ T31] RAX: ffffffffffffffda RBX: 00007f40a8416180 RCX: 00007f40a819c819 [ 1241.769644][ T31] RDX: 0000000000000045 RSI: 0000200000000040 RDI: 0000000000000008 [ 1241.777699][ T31] RBP: 00007f40a8232c91 R08: 0000000000000000 R09: 0000000000000000 [ 1241.818445][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1241.849770][ T31] R13: 00007f40a8416218 R14: 00007f40a8416180 R15: 00007fff2a051048 [ 1241.857839][ T31] [ 1241.906201][ T31] INFO: task syz.1.2859:19264 blocked for more than 145 seconds. [ 1242.059254][ T31] Tainted: G L syzkaller #0 [ 1242.065816][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1242.146292][ T31] task:syz.1.2859 state:D stack:29000 pid:19264 tgid:19260 ppid:16231 task_flags:0x400040 flags:0x00080002 [ 1242.209822][ T31] Call Trace: [ 1242.213216][ T31] [ 1242.232859][ T31] __schedule+0xfee/0x6120 [ 1242.237353][ T31] ? __lock_acquire+0x4a5/0x2630 [ 1242.279252][ T31] ? __pfx___schedule+0x10/0x10 [ 1242.284193][ T31] ? find_held_lock+0x2b/0x80 [ 1242.288899][ T31] ? schedule+0x2bf/0x390 [ 1242.339220][ T31] schedule+0xdd/0x390 [ 1242.343379][ T31] schedule_preempt_disabled+0x13/0x30 [ 1242.348881][ T31] __mutex_lock+0xc9a/0x1b90 [ 1242.409488][ T31] ? netlink_has_listeners+0x20f/0x430 [ 1242.415047][ T31] ? devlink_health_report+0x681/0xb50 [ 1242.450771][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 1242.456068][ T31] ? devlink_recover_notify.constprop.0+0x200/0x670 [ 1242.509697][ T31] ? __lock_acquire+0x401/0x2630 [ 1242.514844][ T31] ? devlink_health_report+0x681/0xb50 [ 1242.559244][ T31] devlink_health_report+0x681/0xb50 [ 1242.564612][ T31] ? __pfx_devlink_health_report+0x10/0x10 [ 1242.609358][ T31] ? _copy_from_user+0x59/0xd0 [ 1242.614239][ T31] nsim_dev_health_break_write+0x166/0x210 [ 1242.643010][ T31] ? __pfx_nsim_dev_health_break_write+0x10/0x10 [ 1242.672521][ T31] full_proxy_write+0x135/0x1a0 [ 1242.677480][ T31] vfs_write+0x2aa/0x1070 [ 1242.709317][ T31] ? __pfx_full_proxy_write+0x10/0x10 [ 1242.714779][ T31] ? __pfx_vfs_write+0x10/0x10 [ 1242.759449][ T31] ? __fget_files+0x215/0x3d0 [ 1242.764203][ T31] ? __fget_files+0x21f/0x3d0 [ 1242.768924][ T31] ksys_write+0x12a/0x250 [ 1242.807896][ T31] ? __pfx_ksys_write+0x10/0x10 [ 1242.824448][ T31] do_syscall_64+0x106/0xf80 [ 1242.829131][ T31] ? clear_bhb_loop+0x40/0x90 [ 1242.847969][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1242.889439][ T31] RIP: 0033:0x7fcd4339c819 [ 1242.893981][ T31] RSP: 002b:00007fcd44284028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1242.926325][ T31] RAX: ffffffffffffffda RBX: 00007fcd43616090 RCX: 00007fcd4339c819 [ 1242.957389][ T31] RDX: 00000000000001e1 RSI: 0000200000000080 RDI: 0000000000000006 [ 1242.983387][ T31] RBP: 00007fcd43432c91 R08: 0000000000000000 R09: 0000000000000000 [ 1243.008901][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1243.031780][ T31] R13: 00007fcd43616128 R14: 00007fcd43616090 R15: 00007ffd1e04cc68 [ 1243.060256][ T31] [ 1243.091426][ T31] INFO: task syz.1.2859:19268 blocked for more than 146 seconds. [ 1243.172794][ T31] Tainted: G L syzkaller #0 [ 1243.192571][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1243.219536][ T31] task:syz.1.2859 state:D stack:29000 pid:19268 tgid:19260 ppid:16231 task_flags:0x400040 flags:0x00080002 [ 1243.254875][ T31] Call Trace: [ 1243.258250][ T31] [ 1243.285124][ T31] __schedule+0xfee/0x6120 [ 1243.305728][ T31] ? __lock_acquire+0x4a5/0x2630 [ 1243.319435][ T31] ? __pfx_futex_wake_mark+0x10/0x10 [ 1243.324812][ T31] ? __pfx___schedule+0x10/0x10 [ 1243.350209][ T31] ? find_held_lock+0x2b/0x80 [ 1243.355078][ T31] ? schedule+0x2bf/0x390 [ 1243.382223][ T31] schedule+0xdd/0x390 [ 1243.386376][ T31] schedule_preempt_disabled+0x13/0x30 [ 1243.418396][ T31] __mutex_lock+0xc9a/0x1b90 [ 1243.431809][ T31] ? fdget_pos+0x2aa/0x380 [ 1243.436297][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 1243.464984][ T31] ? __fget_files+0x215/0x3d0 [ 1243.482005][ T31] ? __fget_files+0x21f/0x3d0 [ 1243.486774][ T31] ? fdget_pos+0x2aa/0x380 [ 1243.517019][ T31] fdget_pos+0x2aa/0x380 [ 1243.529307][ T31] ksys_write+0x71/0x250 [ 1243.533734][ T31] ? __pfx_ksys_write+0x10/0x10 [ 1243.538634][ T31] do_syscall_64+0x106/0xf80 [ 1243.571244][ T31] ? clear_bhb_loop+0x40/0x90 [ 1243.576000][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1243.605502][ T31] RIP: 0033:0x7fcd4339c819 [ 1243.618463][ T31] RSP: 002b:00007fcd44200028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1243.642821][ T31] RAX: ffffffffffffffda RBX: 00007fcd43616450 RCX: 00007fcd4339c819 [ 1243.671165][ T31] RDX: 00000000000001e1 RSI: 0000200000000080 RDI: 0000000000000006 [ 1243.707384][ T31] RBP: 00007fcd43432c91 R08: 0000000000000000 R09: 0000000000000000 [ 1243.734218][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1243.758885][ T31] R13: 00007fcd436164e8 R14: 00007fcd43616450 R15: 00007ffd1e04cc68 [ 1243.784048][ T31] [ 1243.849598][ T31] [ 1243.849598][ T31] Showing all locks held in the system: [ 1243.902106][ T31] 1 lock held by pool_workqueue_/3: [ 1243.907383][ T31] #0: ffffffff8e7f32b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x19e/0x3c0 [ 1243.979526][ T31] 1 lock held by khungtaskd/31: [ 1243.984433][ T31] #0: ffffffff8e7e7760 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184 [ 1244.019825][ T31] 2 locks held by getty/5582: [ 1244.024572][ T31] #0: ffff88803483e0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 1244.075601][ T31] #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x419/0x1500 [ 1244.109523][ T31] 1 lock held by syz.0.1426/12685: [ 1244.114694][ T31] #0: ffffffff90617328 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x220 [ 1244.149642][ T31] 2 locks held by syz-executor/16665: [ 1244.155081][ T31] #0: ffffffff90617328 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x220 [ 1244.198059][ T31] #1: ffffffff8e7f32b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x19e/0x3c0 [ 1244.241814][ T31] 7 locks held by kworker/u10:27/18037: [ 1244.247435][ T31] 3 locks held by kworker/u10:30/18177: [ 1244.289497][ T31] #0: ffff88813fea4148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x1310/0x19a0 [ 1244.319502][ T31] #1: ffffc900041b7d08 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x988/0x19a0 [ 1244.349023][ T31] #2: ffffffff90617328 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0x51/0xc0 [ 1244.375620][ T31] 8 locks held by syz.4.2851/19241: [ 1244.393919][ T31] #0: ffff88807b8fa638 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2aa/0x380 [ 1244.421548][ T31] #1: ffff888036ea2420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1244.447567][ T31] #2: ffff88807cf33888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 1244.474845][ T31] #3: ffff88802594a008 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 1244.519925][ T31] #4: ffffffff8fb6f208 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 1244.549567][ T31] #5: ffff888026206130 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xb2/0x620 [ 1244.585601][ T31] #6: ffff88801bfb6250 (&devlink->lock_key#8){+.+.}-{4:4}, at: nsim_drv_remove+0x4a/0x1e0 [ 1244.618691][ T31] #7: ffff888062fb8b58 (&sb->s_type->i_mutex_key#10/2){+.+.}-{4:4}, at: __simple_recursive_removal+0xe0/0x5c0 [ 1244.652755][ T31] 3 locks held by syz.1.2859/19264: [ 1244.658017][ T31] #0: ffff88807c5b4b78 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2aa/0x380 [ 1244.693745][ T31] #1: ffff8880202e0420 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1244.729401][ T31] #2: ffff88801bfb6250 (&devlink->lock_key#8){+.+.}-{4:4}, at: devlink_health_report+0x681/0xb50 [ 1244.758822][ T31] 1 lock held by syz.1.2859/19268: [ 1244.775947][ T31] #0: ffff88807c5b4b78 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2aa/0x380 [ 1244.807036][ T31] 4 locks held by syz-executor/19364: [ 1244.825370][ T31] #0: ffff888036ea2420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1244.851837][ T31] #1: ffff8880333fa088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 1244.882352][ T31] #2: ffff88802594a008 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 1244.911091][ T31] #3: ffffffff8fb6f208 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 1244.943148][ T31] 4 locks held by syz-executor/19384: [ 1244.948569][ T31] #0: ffff888036ea2420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1244.991288][ T31] #1: ffff888033606c88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 1245.020430][ T31] #2: ffff88802594a008 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 1245.053114][ T31] #3: ffffffff8fb6f208 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 1245.082873][ T31] 4 locks held by syz-executor/19741: [ 1245.101090][ T31] #0: ffff888036ea2420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1245.142071][ T31] #1: ffff8880452bb088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 1245.170400][ T31] #2: ffff88802594a008 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 1245.203007][ T31] #3: ffffffff8fb6f208 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 1245.237188][ T31] 4 locks held by syz-executor/19755: [ 1245.266402][ T31] #0: ffff888036ea2420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1245.298087][ T31] #1: ffff8880378b8488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 1245.332937][ T31] #2: ffff88802594a008 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 1245.365483][ T31] #3: ffffffff8fb6f208 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 1245.395709][ T31] 4 locks held by syz-executor/19973: [ 1245.411398][ T31] #0: ffff888036ea2420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1245.437890][ T31] #1: ffff88806cfc1088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 1245.464974][ T31] #2: ffff88802594a008 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 1245.496453][ T31] #3: ffffffff8fb6f208 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 1245.537990][ T31] 4 locks held by syz-executor/19985: [ 1245.567702][ T31] #0: ffff888036ea2420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1245.600597][ T31] #1: ffff88805610c488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 1245.630797][ T31] #2: ffff88802594a008 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 1245.663866][ T31] #3: ffffffff8fb6f208 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 1245.704705][ T31] [ 1245.707121][ T31] ============================================= [ 1245.707121][ T31] [ 1245.911000][ T31] NMI backtrace for cpu 0 [ 1245.911039][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full) [ 1245.911074][ T31] Tainted: [L]=SOFTLOCKUP [ 1245.911083][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1245.911097][ T31] Call Trace: [ 1245.911106][ T31] [ 1245.911116][ T31] dump_stack_lvl+0x100/0x190 [ 1245.911158][ T31] nmi_cpu_backtrace.cold+0x12d/0x151 [ 1245.911198][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1245.911236][ T31] nmi_trigger_cpumask_backtrace+0x1d7/0x230 [ 1245.911274][ T31] sys_info+0x141/0x190 [ 1245.911304][ T31] watchdog+0xd25/0x1050 [ 1245.911337][ T31] ? __pfx_watchdog+0x10/0x10 [ 1245.911362][ T31] ? __kthread_parkme+0x18c/0x230 [ 1245.911393][ T31] ? kthread+0x13a/0x450 [ 1245.911424][ T31] ? __pfx_watchdog+0x10/0x10 [ 1245.911447][ T31] kthread+0x370/0x450 [ 1245.911478][ T31] ? __pfx_kthread+0x10/0x10 [ 1245.911512][ T31] ret_from_fork+0x754/0xd80 [ 1245.911550][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 1245.911589][ T31] ? __switch_to+0x7b4/0x1120 [ 1245.911617][ T31] ? __pfx_kthread+0x10/0x10 [ 1245.911651][ T31] ret_from_fork_asm+0x1a/0x30 [ 1245.911702][ T31] [ 1246.363415][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 1246.370337][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full) [ 1246.381050][ T31] Tainted: [L]=SOFTLOCKUP [ 1246.385382][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1246.395448][ T31] Call Trace: [ 1246.398824][ T31] [ 1246.401782][ T31] dump_stack_lvl+0x100/0x190 [ 1246.406493][ T31] vpanic+0x552/0x970 [ 1246.410493][ T31] ? __pfx_vpanic+0x10/0x10 [ 1246.415022][ T31] ? nmi_trigger_cpumask_backtrace+0x182/0x230 [ 1246.421312][ T31] panic+0xd1/0xe0 [ 1246.425052][ T31] ? __pfx_panic+0x10/0x10 [ 1246.429486][ T31] ? nmi_trigger_cpumask_backtrace+0x1b5/0x230 [ 1246.435691][ T31] ? nmi_trigger_cpumask_backtrace+0x1f6/0x230 [ 1246.441873][ T31] ? nmi_trigger_cpumask_backtrace+0x200/0x230 [ 1246.448059][ T31] ? watchdog.cold+0x198/0x1ca [ 1246.452853][ T31] ? watchdog+0xd35/0x1050 [ 1246.457292][ T31] watchdog.cold+0x1a9/0x1ca [ 1246.461915][ T31] ? __pfx_watchdog+0x10/0x10 [ 1246.466645][ T31] ? __kthread_parkme+0x18c/0x230 [ 1246.471709][ T31] ? kthread+0x13a/0x450 [ 1246.475987][ T31] ? __pfx_watchdog+0x10/0x10 [ 1246.480701][ T31] kthread+0x370/0x450 [ 1246.484809][ T31] ? __pfx_kthread+0x10/0x10 [ 1246.489507][ T31] ret_from_fork+0x754/0xd80 [ 1246.494148][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 1246.499303][ T31] ? __switch_to+0x7b4/0x1120 [ 1246.504006][ T31] ? __pfx_kthread+0x10/0x10 [ 1246.508719][ T31] ret_from_fork_asm+0x1a/0x30 [ 1246.513730][ T31] [ 1246.516839][ T31] Kernel Offset: disabled [ 1246.521217][ T31] Rebooting in 86400 seconds..