last executing test programs: 2m33.751005671s ago: executing program 0 (id=1540): mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) ioctl$auto_BLKRRPART(0xffffffffffffffff, 0x125f, 0x700000000000000) mmap$auto(0x0, 0x202000d, 0x6, 0x16, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) r0 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x430740, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b73, r1, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) r2 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x163340, 0x16e) getsockname$auto(0xffffffffffffffff, 0x0, &(0x7f0000000080)=0x8) socket(0x2, 0x80802, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x4e23, @loopback}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) fcntl$auto(r2, 0x80000001, 0xa553) quotactl_fd$auto(r0, 0x200, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0xfffffffffffffffb, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0xfffffffffffffffd, 0x2000b, 0xa169, 0x16, r2, 0x3) mq_open$auto(&(0x7f00000001c0)='\x12\xe6D\b\x9e\x00\x80\x8d\f\xb9w-\xbd!\x9eb\xed\xfb\x0f\xe5\x9dZ\xc2\xd1\x01wBV\x91\x8f_\xc0.\x84\xfe\x84\xd1se\x01\x06\x00\xb3\x13_Y&\xa9\x88\xe4\xa2\xb0V\x85\x92<\xb6\xdcT \\\xf2\v\xb1\xe2\xd8\xfa\xd8V\xe5\x00\xfa\xe9!\xc5<\xce\x18=\x06\xdagq\xb5\r\t\xb2\xde\x99\xd50\x89h\xc5\xba\xff\xc8u5\xf7\x1a$\xfd\xc7\xf1[-9\xf5v/\x10\x87@\'1\xf3\xd7\xcd\xbf\xac\x84\xe2\x98\x96>\xff1\x8a\x1d\xdalWU\x1c\xc7N\xdf\xcbR\xf6\xea\x89\x01\x04\x00[\x1eP3\xec\x13\x1eh\xab#\x1do\xa1?s\n\xb6\xcc{\x9e\xbb\x06\xe4>J\xbew\xc2K\x1c\x97_=\xe6]\x06)`\xad*\x88k\x1d\x87&\n\xdf#?\x03\x06(\xef;\x7f\x1d\x7f\xb8\xd5\xe9\xfe`M\xe7\x95\xb2\xa6\v\x190\xce\xc4\x15`\xa5C\x9ar\ta\xec\x17\x16\xc6\xf0\x03\xc6\x85U).\xf5\xc5\a\x94\xc5\x86\xb6\xce\r,M\xd2]r\xe5m\x83X\xa82&\x01r3\x8dW\xb0\xf8/\xbf6\xee\x88\xf9LD\r\n\x17\x901\xa1\x10K\x85Yk\x99{\x88\x94\x13rp\xbb\xe18\xbdK\x92\xd8i\x89!l\xad\x1e\xf3M/W3E\xebZ\x92\x1c\xa34\xd2\x84vkf\n6z\x10!\x85\xd9(\xa17\xeb\x82\x97\xd2\x94Nu\x86\xac\x12a\xedp\xa3D\xf7_\x11\x96|V>\xbdj\xb6\x85/\xa6\x17\x11n%\xbe~\x15\x91\xe6\xa9z\xd4\x91\x8f\xac\xc5}\xe4\a\x9an\xa8\xf0\xda\xa1\xb2\xee\xef\xed+S\x1b&X\x82{\x8d\xe3m\xc7\xe8x\xe8V\xf7\xec\xcaH\tQ\xaehU+\x87@\x9b\xe3\xbc\x8e\x99\x8e\x8e\x06/\x0f\ax\xcc\xb0\x88*\xffsuV', 0x2) mmap$auto(0x0, 0x3fffff, 0x7, 0x11, 0xdd, 0x0) 1m49.276838761s ago: executing program 35 (id=1637): mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) mount$auto(0x0, &(0x7f00000000c0)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0xf, 0x0) chdir$auto(&(0x7f0000000000)='}[,&*}\x00') close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x1, 0x84) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video34\x00', 0x800000, 0x0) r0 = open(&(0x7f0000000100)='.\x00', 0x0, 0x408) getdents$auto(r0, 0x0, 0x400018) ioctl$auto(0x3, 0x4020565a, 0x38) 1m48.148900292s ago: executing program 36 (id=1646): r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000040), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffb, 0x8000) madvise$auto(0x0, 0x2000040080000004, 0xe) mq_open$auto(0x0, 0x7e, 0x9, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x1000400008, 0xdf, 0x800000000012, 0xffffffffffffffff, 0x2) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r1, &(0x7f0000000440)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xe7k\xc9\xb7\x80T\xd0\xc2\xa0\a\xf6*:\xb7_\xf1\xb1yx\xc8\x00\xf1\xf9\x87\xa4D\xf4S\xda\xa9Y4*\x1a[\xcdv\x83q\xab\x1aK8 \xe9\xf7TU\xc6\xe3~\x92S\xef\x9c\xc0\xc9\x04/\x18\xf1\xe2\xe4_\xfa{\xe0DB\x1d\x83e\x12*\xa0K\xc0`\nt\xf5\xac$\x94\xf0>\xceXs\xb5\xd8dV\xc4lG\b~\x1cn\x80\xde?\xed~\xcfV\xcd\xdc\xdd\'\xc4^.=\xc4\x86\xce*\xba<\xbf\x19N\xc5~zFY\xc6\x90\xf6o>\xf7\x1a$\xfd\xc7\xf1[-9\xf5v/\x10\x87@\'1\xf3\xd7\xcd\xbf\xac\x84\xe2\x98\x96>\xff1\x8a\x1d\xdalWU\x1c\xc7N\xdf\xcbR\xf6\xea\x89\x01\x04\x00[\x1eP3\xec\x13\x1eh\xab#\x1do\xa1?s\n\xb6\xcc{\x9e\xbb\x06\xe4>J\xbew\xc2K\x1c\x97_=\xe6]\x06)`\xad*\x88k\x1d\x87&\n\xdf#?\x03\x06(\xef;\x7f\x1d\x7f\xb8\xd5\xe9\xfe`M\xe7\x95\xb2\xa6\v\x190\xce\xc4\x15`\xa5C\x9ar\ta\xec\x17\x16\xc6\xf0\x03\xc6\x85U).\xf5\xc5\a\x94\xc5\x86\xb6\xce\r,M\xd2]r\xe5m\x83X\xa82&\x01r3\x8dW\xb0\xf8/\xbf6\xee\x88\xf9LD\r\n\x17\x901\xa1\x10K\x85Yk\x99{\x88\x94\x13rp\xbb\xe18\xbdK\x92\xd8i\x89!l\xad\x1e\xf3M/W3E\xebZ\x92\x1c\xa34\xd2\x84vkf\n6z\x10!\x85\xd9(\xa17\xeb\x82\x97\xd2\x94Nu\x86\xac\x12a\xedp\xa3D\xf7_\x11\x96|V>\xbdj\xb6\x85/\xa6\x17\x11n%\xbe~\x15\x91\xe6\xa9z\xd4\x91\x8f\xac\xc5}\xe4\a\x9an\xa8\xf0\xda\xa1\xb2\xee\xef\xed+S\x1b&X\x82{\x8d\xe3m\xc7\xe8x\xe8V\xf7\xec\xcaH\tQ\xaehU+\x87@\x9b\xe3\xbc\x8e\x99\x8e\x8e\x06/\x0f\ax\xcc\xb0\x88*\xffsuV', 0x2) mmap$auto(0x0, 0x3fffff, 0x7, 0x11, 0xdd, 0x0) 1m4.751423167s ago: executing program 7 (id=1834): mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x2, 0x88) r0 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r0, 0xaf01, 0x5) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x2, 0x3a) ustat$auto(0x801, 0x0) open(0x0, 0x163b40, 0x175) socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) socketpair$auto(0xc6, 0x3, 0xfff, &(0x7f0000000000)=0x1) close_range$auto(0x2, 0x8, 0x0) r1 = socket(0x11, 0x3, 0x9) close_range$auto(0x2, r1, 0x0) socket(0x11, 0x2, 0x300) sendmmsg$auto(r1, &(0x7f0000000400)={{&(0x7f0000000000), 0x205aa, &(0x7f0000000100)={0x0, 0x4b}, 0x1, 0x0, 0x5, 0x1060}, 0x5}, 0x2, 0x100) 1m4.264444792s ago: executing program 7 (id=1835): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x106) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) ioctl$auto(0x4000000000000c8, 0x400454cc, 0x6f) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) setsockopt$auto(0x3, 0x0, 0x28, 0xfffffffffffffffc, 0x70) sendmsg$auto_MACSEC_CMD_DEL_RXSC(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=ANY=[@ANYRES16=0x0, @ANYRES16, @ANYBLOB="010527bd7000fbdbdf250200000008000100", @ANYRES32=0x0, @ANYBLOB="1800"], 0x34}, 0x1, 0x0, 0x0, 0x4028811}, 0x4080) sendmsg$auto_L2TP_CMD_TUNNEL_DELETE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x0, 0x21, 0x70bd28, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c000000", @ANYBLOB="1e"], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) write$auto(0x3, 0x0, 0x1) write$auto(0x3, 0x0, 0xfffffdef) fanotify_init$auto(0x5, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) read$auto_bdi_debug_stats_fops_(0xffffffffffffffff, &(0x7f0000000040)=""/69, 0x45) bind$auto(0xffffffffffffffff, 0x0, 0x6b) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) write$auto(0x3, 0x0, 0x100000000) 1m3.553239792s ago: executing program 7 (id=1836): r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyS2\x00', 0x101f81, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto(0xffffffffffffffff, 0x200, r1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x4a801, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x8000000000000002, 0x4000000000df, 0x11, r1, 0x64b3) socket(0x18, 0xa, 0x1) r2 = socket(0xa, 0x2, 0x0) setsockopt$auto(0x400000000000003, 0x29, 0x6, 0x0, 0x3) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) r3 = landlock_create_ruleset$auto(&(0x7f0000000140)={0xdaa0, 0x1, 0x9}, 0x9, 0x0) landlock_restrict_self$auto(r3, 0x3) r4 = bpf$auto_BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)=@iter_create={r2, 0x100}, 0x2) r5 = syz_genetlink_get_family_id$auto_nlbl_unlbl(&(0x7f0000000280), r3) sendmsg$auto_NLBL_UNLABEL_C_STATICREMOVE(r4, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000003c0)={&(0x7f00000002c0)={0x100, r5, 0x400, 0x70bd25, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @empty}, @NLBL_UNLABEL_A_SECCTX={0xd9, 0x7, "cd91e33e5d201a63b4d4ed04f2e8dacc072db4a194c1f81d87886cb08a1fcaff07f44a555f49c34b9ab1f17b2b407af02b5e24fba0354f851cf3833ef1eee3de146f220f7c6840ff229aa4d23dee292ddb6b4aed416f64f1b5bbd8e552aff248307ecb2f42f04fa45c3db690c950a154497748912c21c52fdd38a8babe6d0b2e0d6376bfddfff6f38f3752eef2ebdb4a9a767bd621dbf9a97bce231ce00dde3193192b23d5de5f97a72468f0da7d86d20db9373ddfdafb4ec6844f0789b92abe5a87749647333aa1312b57bd03499a734c52dce2f5"}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @private=0xa010102}]}, 0x100}, 0x1, 0x0, 0x0, 0x2000c044}, 0x24040000) r6 = open(&(0x7f00000000c0)='./cgroup\x00', 0x80400, 0xb5d1af1605322dd2) open_by_handle_at$auto(r6, &(0x7f0000001280)={0x8, 0x2, "0200000000000000"}, 0x6) ioctl$auto_TIOCCONS2(r0, 0x541d, 0x0) 1m2.30057741s ago: executing program 7 (id=1840): close_range$auto(0x0, 0xfffffffffffff001, 0x2) r0 = socket(0xa, 0x2, 0x0) mmap$auto(0x0, 0x420009, 0xe2, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0xc) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8000, 0x0) socket(0x18, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000100), 0x240202, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000280), 0x101000, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r0) ioctl$auto_KVM_CREATE_VM(r1, 0x4048aecb, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000080), r3) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000dc0)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002abd7000fbdbdf25040000002d0011009b"], 0x44}, 0x1, 0x0, 0x0, 0x4008040}, 0x40800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xffff}, 0x1, 0x0, 0x0, 0x29}, 0x20100007}, 0x3, 0x0) 1m1.339350783s ago: executing program 7 (id=1843): mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) mount$auto(0x0, &(0x7f00000000c0)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0xf, 0x0) chdir$auto(&(0x7f0000000000)='}[,&*}\x00') r0 = open(&(0x7f0000000100)='.\x00', 0x0, 0x408) msgctl$auto_IPC_INFO(0x45, 0x3, &(0x7f0000000200)={{0xff, 0xee00, 0xee00, 0x7fff, 0xb61, 0xa, 0xe17}, &(0x7f0000000180)=0xbf, &(0x7f00000001c0)=0x1, 0x4, 0x8000000000000001, 0x8000000000000001, 0x3, 0x10, 0x7, 0x7ff, 0x7, @raw=0x55c, @inferred=0xffffffffffffffff}) sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(r0, 0x0, 0x4010) mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) ioctl$auto_BTRFS_IOC_SEND(0xffffffffffffffff, 0x40489426, &(0x7f0000000140)={@raw, 0x2, 0x0, 0x929, 0xe5c3, 0x7cd, "abfd2e69df26f540a1d748ceff20c3ed69a359d46ed201e13aea69af"}) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x2, 0x73) madvise$auto(0x0, 0xffffffffffff0005, 0x17) unshare$auto(0x40000080) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x16b802, 0x0) mmap$auto(0x0, 0x4020005, 0xe3, 0xeb3, 0x401, 0x8000) unshare$auto(0x3ff) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x840042, 0x0) write$auto_ocfs2_control_fops_stack_user(r1, &(0x7f0000003900)='\t', 0x1) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000006c0)='/sys/module/psmouse/parameters/proto\x00', 0x20a42, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) shutdown$auto(0x200000003, 0x2) 1m0.935202222s ago: executing program 7 (id=1846): openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bus/usb/010/001\x00', 0x80d00, 0x0) mmap$auto(0x0, 0x400008, 0x5f, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r1 = openat$auto_ecryptfs_miscdev_fops_miscdev(0xffffffffffffff9c, &(0x7f000000e680), 0x68182, 0x0) writev$auto(r1, &(0x7f0000000280)={0x0, 0x45}, 0xb) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) bind$auto(r1, &(0x7f0000000180)=@generic={0x1a, "2f7cc654b9dff9cb8e402430c205"}, 0x1) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'dummy0\x00'}) bpf$auto(0x0, 0x0, 0xf) madvise$auto(0x0, 0x2003f2, 0x15) mmap$auto(0x0, 0x40005, 0xdf, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) select$auto(0x9, 0x0, 0x0, &(0x7f0000000040)={[0xc, 0x5, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x9, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0x1]}, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) madvise$auto(0x5, 0x5, 0x9) 58.682916085s ago: executing program 6 (id=1851): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) futex$auto(0x0, 0x5, 0x0, 0x0, 0x0, 0xa0000001) r0 = openat$auto_userio_fops_userio(0xffffffffffffff9c, &(0x7f0000000980), 0x102001, 0x0) pwrite64$auto(r0, 0x0, 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8004) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/virtual/tty/ttye8/power/autosuspend_delay_ms\x00', 0x2062, 0x0) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000240)='/proc/fs/lockd/nlm_end_grace\x00', 0x8282, 0x0) read$auto_proc_reg_file_ops_compat_inode(r2, 0x0, 0x0) write$auto(r1, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) io_uring_register$auto_IORING_REGISTER_FILE_ALLOC_RANGE(0xffffffffffffffff, 0x19, &(0x7f00000001c0)="56b1b4818cd48a1861e96a7e48c52d76896bb35c40e7828f68689dacf6380d6f40748befeb7ee86318ca8c8acdd178a857f42acefb73cd44f71da0424d9484bfce87dae3f35fc41688d73b39d78bc172b19a2ae5ff8efe7e5e642f23b32d57ac07", 0x4) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_handshake(&(0x7f0000000040), 0xffffffffffffffff) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/rds/tcp/rds_tcp_rcvbuf\x00', 0x141241, 0x0) pwrite64$auto(r3, &(0x7f0000000000)='./cgroup/memory.pressure\x00', 0x6bc, 0x5) prctl$auto_PR_SET_CHILD_SUBREAPER(0x24, 0x9, 0x81, 0x6cf5, 0x280000000000000) socket(0x80000000000000a, 0x2, 0x0) socket(0x2d, 0x2, 0x0) ioctl$auto(0x3, 0x89e0, 0x91) ioctl$auto(0x3, 0x89e1, 0x91) 58.38442976s ago: executing program 6 (id=1853): pidfd_open$auto(0x1, 0x0) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/pcmC1D0c\x00', 0x20000, 0x0) socket(0xa, 0x1, 0x100) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS1\x00', 0x20000, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mount$auto(0x0, 0xfffffffffffffffe, 0x0, 0x80, 0xfffffffffffffffe) write$auto(r0, &(0x7f0000000180)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8\xa6\xb6\xaa\x96/OX\xba\x02\xc5\xc6B\x1d}Y\xbc@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf\xd6f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8', 0x100000a3d6) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0x802, 0x0) mmap$auto(0x1000000000, 0x10000040000b, 0x1000000000000df, 0x4000009b73, r1, 0x8003) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x10000000000001ff, 0x7, 0xd3e, 0x20, 0x9687, 0x100000000000003, 0x3c2a19d5, 0x6, 0x3, 0x62, 0x8, 0x7, 0x6d3f, 0x6, 0xa, 0xfffffffffffffffe]}, 0x0) select$auto(0x8, 0x0, 0x0, &(0x7f00000002c0)={[0x1fb, 0x7, 0xfffffffffffffffb, 0xc40, 0x4, 0x3, 0x3, 0x3, 0xffffffffffffffff, 0x3, 0x8000000000400000, 0x2, 0x6d3c, 0x3, 0x2, 0x8000000000000006]}, 0x0) ioctl$auto_KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0xa3) ioctl$auto_BLKBSZSET(0xffffffffffffffff, 0x40081271, &(0x7f0000000180)=0x800) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/bus/usb/016/001\x00', 0xa901, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/gretap0/queues/rx-0/rps_cpus\x00', 0x183042, 0x0) sendfile$auto(r2, r2, 0x0, 0x8000) ioctl$auto_SIOCGIFHWADDR2(0xffffffffffffffff, 0x8927, &(0x7f0000000080)="eb731de221945aaf9d104a0cbed101ec741d85b0fc5ffbe941e335abe3f990a4dbb9b8bb280d42e5c87bcd41d83bfc9be1fa") socket(0x10, 0x2, 0x0) gettid() 57.143733491s ago: executing program 6 (id=1856): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80802, 0x0) r0 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @loopback}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, 0x0, 0x9, 0x0, 0x1f, 0x9}, 0x800009}, 0x7, 0x20000000) setsockopt$auto(0x3, 0x1, 0x2f, 0x0, 0x9) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) write$auto(0x3, 0x0, 0xfffffdef) openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, 0x0, 0x8803, 0x0) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) mmap$auto(0xffffffffffffffff, 0x20005, 0x1ff, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x2020008, 0xffffffffffffffff, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) connect$auto(0x3, 0x0, 0x54) syz_genetlink_get_family_id$auto_tipcv2(0x0, 0xffffffffffffffff) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x55) setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9) 55.19276695s ago: executing program 6 (id=1859): mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) mbind$auto(0x8000000000000002, 0x100000004, 0x100000000, 0x0, 0x9, 0x2) r0 = openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/block/nbd0/sched/write1_fifo_list\x00', 0x2000, 0x0) read$auto_blk_mq_debugfs_fops_blk_mq_debugfs(r0, &(0x7f00000000c0)=""/120, 0x78) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0x29, 0x2, 0x0) mmap$auto(0x0, 0x100, 0x4000000000df, 0x13, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) mmap$auto(0x0, 0xa00006, 0x400002, 0x40eb1, 0x602, 0x300000000000) r1 = socket(0x2, 0x1, 0x106) connect$auto(r1, 0x0, 0x54) ioprio_set$auto(0x3, 0xffffffffffffffff, 0x4b34) socketpair$auto(0x2, 0x5, 0x2, 0x0) syz_clone(0x4100000, 0x0, 0x0, 0x0, 0x0, 0x0) futex$auto(0x0, 0x86, 0x8, 0x0, 0x0, 0x7) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) 53.652448603s ago: executing program 8 (id=1863): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/clockevents/broadcast/current_device\x00', 0x181400, 0x0) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop6\x00', 0x101202, 0x0) write$auto(0x3, 0x0, 0x200000100082) r2 = openat$auto_clk_dump_fops_(0xffffffffffffff9c, &(0x7f0000005f40)='/sys/kernel/debug/clk/clk_dump\x00', 0x8800, 0x0) pread64$auto(r2, 0x0, 0x13, 0x4) r3 = syz_genetlink_get_family_id$auto_macsec(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$auto_MACSEC_CMD_DEL_TXSA(r1, &(0x7f00000056c0)={0x0, 0x0, &(0x7f0000005680)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="2bb22bbd7000fcdbdf25050000000800", @ANYRES32=0x0, @ANYBLOB="47f22acf9310318f1a2b6298cdc500f2c6544ce39b9cc6c37107b4f8269dfcbc343565f33ba808206482de5c7bc83fdf721946ab0c5bcc0511324cb2359886c0e2c5cf6f5609a26e04038c2e2127eb78fd45b3f0487fc58872f06d7f63ae9613da8d2226d5104173b6e488daf1132a1f27bb404b18f993a0f65ae40b1a50ac55d391b1a01f69af17c6ef25da36ea3cff0a790dbb9d2ea101f358f3ac6b46b037882e"], 0x1c}, 0x1, 0x0, 0x0, 0x20000050}, 0x40094) r4 = socket(0x10, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'team0\x00'}) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_tracing_saved_tgids_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/saved_tgids\x00', 0x101002, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttynull\x00', 0x201, 0x0) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) open(&(0x7f0000001bc0)='./file0\x00', 0x4142, 0x1) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='/sys/devices/virtual/block/loop12/integrity/protection_interval_bytes\x00', 0x80000, 0x0) r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty57\x00', 0x40741, 0x0) ioctl$auto(0x3, 0x402c542d, r5) write$auto(0x3, 0x0, 0xfffffdef) pread64$auto(r0, 0x0, 0x7, 0xd3f3) 53.224326718s ago: executing program 8 (id=1864): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/devices/virtual/block/zram0/mm_stat\x00', 0x8900, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000100)=""/232, 0xe8) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) prctl$auto(0x1000000003b, 0x2000000001, 0x4, 0x5, 0x8) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x29, 0x801, 0x106) socket$nl_generic(0x10, 0x3, 0x10) r1 = io_uring_setup$auto(0x6, 0x0) r2 = socket(0x10, 0x80002, 0x0) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x6, 0x0) timerfd_create$auto(0x0, 0x0) timerfd_settime$auto(r2, 0x3, 0x0, 0x0) r3 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000300)='/dev/cec29\x00', 0x101901, 0x0) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r3, 0xc05c6104, &(0x7f0000000100)={'\x00', 0x0, 0x6, 0x2, 0x9b3, 0x9, "0200000002000000997e763f222ce1", '\x00', "0001410c", '\x00', ["f5404de9641f0000000060c1", "70d9a9a3af9f39d000000001", "ef5ac4927ad87c5c00"]}) r4 = openat$auto_lowpan_control_fops_6lowpan(0xffffffffffffff9c, &(0x7f0000000000), 0xc0240, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x2, 0xa, 0x1) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) r5 = bpf$auto(0x7, &(0x7f00000000c0)=@enable_stats={0x8001}, 0x10) mmap$auto(0x0, 0x7, 0x0, 0x8000200008011, r5, 0x10008000) read$auto_lowpan_control_fops_6lowpan(r4, &(0x7f0000000340)=""/4096, 0x1000) 53.089168438s ago: executing program 8 (id=1865): add_key$auto_KEY_SPEC_REQKEY_AUTH_KEY(0x0, 0x0, 0x0, 0x8, 0xfffffffffffffff9) r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r0, &(0x7f0000000000)="c80d1b5d399b4b", 0xfdef) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) msgctl$auto_MSG_INFO(0x5, 0xc, &(0x7f0000000280)={{0x9, 0xffffffffffffffff, 0xffffffffffffffff, 0x6, 0x287f, 0x2, 0x3}, 0x0, 0x0, 0x7fffffff, 0x9, 0xb, 0xffffffff, 0xfffffffffffffffe, 0x1, 0xfc2, 0x26f, @inferred, @raw=0x9}) setresgid$auto(0x0, 0xffffffffffffffff, r1) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0x1d, 0x3000, 0x6, 0x7, 0x400a, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c48, 0x29b, 0x3, 0x7f, 0x0, 0x6}, {0x100, 0x1, 0x52, 0x85, 0x2, 0x1a7b870a, 0x76c5, 0x8, 0x100000000}}) io_uring_register$auto(0x2, 0x9, 0x0, 0x0) socket(0x1d, 0x2, 0x6) r2 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r3, 0xfd}, 0x6a) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0xa, 0x3, 0xe, 0x940, 0xfffffff8, 0x3, 0x1004, 0x1, 0x9, 0x5, 0x6, 0x7, 0x1001000, 0x8, 0x2, 0x3, 0x5, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xfffffffffffffffe, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x9]}, 0x4, 0x40000081) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r4 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r4, &(0x7f0000000240)={0x0, 0x52, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x8044) mmap$auto(0x0, 0xeb80, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x288202, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) 52.670830601s ago: executing program 8 (id=1866): mmap$auto(0x0, 0x4020009, 0xdb, 0xebe, 0x401, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) r0 = socket(0x2, 0x1, 0x106) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @broadcast}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0xd}}, 0x52) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ram5\x00', 0x14fa02, 0x0) syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000000180), r0) sendfile$auto(0x3, r1, 0x0, 0x400000000006) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) fadvise64$auto_POSIX_FADV_SEQUENTIAL(r3, 0x6, 0x8, 0x2) sysfs$auto(0x2, 0x3c, 0x0) r4 = ioctl$auto_TUNSETSNDBUF2(r2, 0x400454d4, &(0x7f00000000c0)=0xe3e4) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000a8694696f0275f1edadec645ab2d27aa58fcb14d1a7cbf7ded0b7d50adffd465484e82e23c196a6ff8276d450975c36f59ed0fa0cffbdb0150848b89a99fc31a977c4c9f9111670fd5e491d3113042256f756b2cf722ac85c9ad1e6a0e105bb294707967878b4b2fd51558a79561eaf2a066a578385ab1af7d45c791c23c6250c234064f696bc8edad8fb041454e13bfca165aa66a4ff039e2be3e279153c46920a4e17a3b402c019628fa2560ba345f2a454291c5c4036a9f129198a91766d1aeed30df13683f13b5c4d349a14c7bcefda811cd5227c32cc088d76b3256cba8ca5fbb7aac6e0be50095434a3a1f75b9d549fcbf3739", @ANYRES16=0x0, @ANYBLOB="2f212cbd7000fbdbdf2521000000", @ANYRES32=0x0, @ANYBLOB], 0x1c}}, 0x4000000) sendmsg$auto_NL80211_CMD_GET_MPATH(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x1c, 0x0, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x2000c880) getsockopt$auto_SO_BINDTODEVICE(r4, 0x0, 0x19, &(0x7f0000000100)='(\x00', &(0x7f0000000140)=0x800) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/kernel/mm/swap/vma_ra_enabled\x00', 0xb02, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0x3, 0x0, 0xfdef) close_range$auto(0x2, 0x8, 0x0) r5 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r5, 0xc1105517, &(0x7f0000000580)={{@raw=0x7fffffff, 0xf0ee, 0x20009, 0x3, "790eaa00ffff8eac2cdafc1f64010043eeb0b053030001ffff000e000000000100", @raw=0x3}, 0x4, 0x966, 0x3, @raw=0x404, @integer={0x800000000000400f, 0x2000000b752, 0x1}, "6cc1294d63a4f1b4285854c5368de438f8cc142ef6df12bf3373a1183bedbd31b642b4051b078fa1c1c61c329794e5311121c760cb9611c78e6947a99807bcc1"}) mmap$auto(0x0, 0x101, 0x4000000000df, 0xeb1, 0x200000401, 0x8000) r6 = openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000040), 0x42001, 0x0) ioctl$auto(r6, 0xc05c5340, 0x38) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) msync$auto(0x200000, 0x2000000005, 0x6) 52.385784368s ago: executing program 8 (id=1868): mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) mount$auto(0x0, &(0x7f00000000c0)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0xf, 0x0) chdir$auto(&(0x7f0000000000)='}[,&*}\x00') r0 = open(&(0x7f0000000100)='.\x00', 0x0, 0x408) msgctl$auto_IPC_INFO(0x45, 0x3, &(0x7f0000000200)={{0xff, 0xee00, 0xee00, 0x7fff, 0xb61, 0xa, 0xe17}, &(0x7f0000000180)=0xbf, &(0x7f00000001c0)=0x1, 0x4, 0x8000000000000001, 0x8000000000000001, 0x3, 0x10, 0x7, 0x7ff, 0x7, @raw=0x55c, @inferred=0xffffffffffffffff}) sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(r0, 0x0, 0x4010) mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) ioctl$auto_BTRFS_IOC_SEND(0xffffffffffffffff, 0x40489426, &(0x7f0000000140)={@raw, 0x2, 0x0, 0x929, 0xe5c3, 0x7cd, "abfd2e69df26f540a1d748ceff20c3ed69a359d46ed201e13aea69af"}) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x2, 0x73) madvise$auto(0x0, 0xffffffffffff0005, 0x17) unshare$auto(0x40000080) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x16b802, 0x0) mmap$auto(0x0, 0x4020005, 0xe3, 0xeb3, 0x401, 0x8000) unshare$auto(0x3ff) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x840042, 0x0) write$auto_ocfs2_control_fops_stack_user(r1, &(0x7f0000003900)='\t', 0x1) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000006c0)='/sys/module/psmouse/parameters/proto\x00', 0x20a42, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) shutdown$auto(0x200000003, 0x2) 51.771122282s ago: executing program 8 (id=1870): unshare$auto(0x40000080) r0 = socket(0x2, 0x5, 0x0) sendmmsg$auto(r0, &(0x7f00000001c0)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x10000}, 0x7, 0x0, 0x5, 0x9}, 0xf}, 0xd, 0xffffffff) connect$auto(0x3, 0x0, 0x6) setsockopt$auto(0x3, 0x10000000084, 0x1, 0x0, 0x8) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001880)='/sys/fs/tmpfs/features/casefold\x00', 0x8000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f00000018c0)=""/189, 0xbd) mmap$auto(0x0, 0x20009, 0x4000000020df, 0xeb1, 0x401, 0x8000) r2 = socket(0x11, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000440)={'bridge_slave_0\x00', 0x0}) bpf$auto(0x5, &(0x7f0000000300)=@bpf_attr_3={0x3, 0x4, 0xf, 0x63, 0x400, 0xfffffffd, 0x1, 0x80f0c8, 0x0, "38c1d5cbcb9f6b5e511f0cd8ed068f65", r3, 0x200002, 0xffffffffffffffff, 0xe4, 0x2, 0x5, 0x3b1, 0x3, 0x0, 0x78, @attach_btf_obj_fd, 0x6, 0xffff, 0x2, 0x81, 0xfffffffe}, 0x4a) prctl$auto(0x1000000003b, 0x1, 0x0, 0x5, 0x5) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x0, 0x200007, 0x19) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0xa200, 0x0) bpf$auto(0x1, &(0x7f0000000000)=@batch={0xfffffffffffffffb, 0x44, 0x2, 0x9, 0x81, 0xffffffffffffffff, 0x2, 0x8}, 0x100000cf) r4 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200"], 0x1ac}}, 0x40000) recvmmsg$auto(r4, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0) 50.801062864s ago: executing program 6 (id=1872): mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) mount$auto(0x0, &(0x7f00000000c0)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0xf, 0x0) chdir$auto(&(0x7f0000000000)='}[,&*}\x00') r0 = open(&(0x7f0000000100)='.\x00', 0x0, 0x408) msgctl$auto_IPC_INFO(0x45, 0x3, &(0x7f0000000200)={{0xff, 0xee00, 0xee00, 0x7fff, 0xb61, 0xa, 0xe17}, &(0x7f0000000180)=0xbf, &(0x7f00000001c0)=0x1, 0x4, 0x8000000000000001, 0x8000000000000001, 0x3, 0x10, 0x7, 0x7ff, 0x7, @raw=0x55c, @inferred=0xffffffffffffffff}) sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(r0, 0x0, 0x4010) mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) ioctl$auto_BTRFS_IOC_SEND(0xffffffffffffffff, 0x40489426, &(0x7f0000000140)={@raw, 0x2, 0x0, 0x929, 0xe5c3, 0x7cd, "abfd2e69df26f540a1d748ceff20c3ed69a359d46ed201e13aea69af"}) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) r1 = socket(0xa, 0x2, 0x73) mmap$auto(0xfffffffffffffc, 0xd8f0, 0x100000001, 0xeb1, r1, 0xbf47) madvise$auto(0x0, 0xffffffffffff0005, 0x17) unshare$auto(0x40000080) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x16b802, 0x0) mmap$auto(0x0, 0x4020005, 0xe3, 0xeb3, 0x401, 0x8000) unshare$auto(0x3ff) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x840042, 0x0) write$auto_ocfs2_control_fops_stack_user(r2, &(0x7f0000003900)='\t', 0x1) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000006c0)='/sys/module/psmouse/parameters/proto\x00', 0x20a42, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) shutdown$auto(0x200000003, 0x2) 49.61178559s ago: executing program 6 (id=1882): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = openat$auto_snd_mixer_oss_f_ops_mixer_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer1\x00', 0x180, 0x0) ioctl$auto_OSS_ALSAEMULVER(r2, 0x40086602, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400044, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/bus/pci/rescan\x00', 0x20681, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000000200)='5', 0x1) mmap$auto(0x2000, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) syz_genetlink_get_family_id$auto_ovs_packet(0x0, 0xffffffffffffffff) ioctl$auto_SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000080)) mbind$auto(0xffffffffffffff00, 0xff, 0x9, 0x0, 0x3, 0x7) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x2b44c1, 0x0) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) msync$auto(0x1ffff000, 0x1800000ff000000, 0x400000004) r4 = openat$auto_proc_pid_smaps_operations_internal(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/smaps\x00', 0x42000, 0x0) read$auto_proc_pid_smaps_operations_internal(r4, 0x0, 0x0) 45.688455604s ago: executing program 37 (id=1846): openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bus/usb/010/001\x00', 0x80d00, 0x0) mmap$auto(0x0, 0x400008, 0x5f, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r1 = openat$auto_ecryptfs_miscdev_fops_miscdev(0xffffffffffffff9c, &(0x7f000000e680), 0x68182, 0x0) writev$auto(r1, &(0x7f0000000280)={0x0, 0x45}, 0xb) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) bind$auto(r1, &(0x7f0000000180)=@generic={0x1a, "2f7cc654b9dff9cb8e402430c205"}, 0x1) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'dummy0\x00'}) bpf$auto(0x0, 0x0, 0xf) madvise$auto(0x0, 0x2003f2, 0x15) mmap$auto(0x0, 0x40005, 0xdf, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) select$auto(0x9, 0x0, 0x0, &(0x7f0000000040)={[0xc, 0x5, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x9, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0x1]}, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) madvise$auto(0x5, 0x5, 0x9) 36.677255168s ago: executing program 38 (id=1870): unshare$auto(0x40000080) r0 = socket(0x2, 0x5, 0x0) sendmmsg$auto(r0, &(0x7f00000001c0)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x10000}, 0x7, 0x0, 0x5, 0x9}, 0xf}, 0xd, 0xffffffff) connect$auto(0x3, 0x0, 0x6) setsockopt$auto(0x3, 0x10000000084, 0x1, 0x0, 0x8) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001880)='/sys/fs/tmpfs/features/casefold\x00', 0x8000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f00000018c0)=""/189, 0xbd) mmap$auto(0x0, 0x20009, 0x4000000020df, 0xeb1, 0x401, 0x8000) r2 = socket(0x11, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000440)={'bridge_slave_0\x00', 0x0}) bpf$auto(0x5, &(0x7f0000000300)=@bpf_attr_3={0x3, 0x4, 0xf, 0x63, 0x400, 0xfffffffd, 0x1, 0x80f0c8, 0x0, "38c1d5cbcb9f6b5e511f0cd8ed068f65", r3, 0x200002, 0xffffffffffffffff, 0xe4, 0x2, 0x5, 0x3b1, 0x3, 0x0, 0x78, @attach_btf_obj_fd, 0x6, 0xffff, 0x2, 0x81, 0xfffffffe}, 0x4a) prctl$auto(0x1000000003b, 0x1, 0x0, 0x5, 0x5) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x0, 0x200007, 0x19) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0xa200, 0x0) bpf$auto(0x1, &(0x7f0000000000)=@batch={0xfffffffffffffffb, 0x44, 0x2, 0x9, 0x81, 0xffffffffffffffff, 0x2, 0x8}, 0x100000cf) r4 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200"], 0x1ac}}, 0x40000) recvmmsg$auto(r4, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0) 34.106524058s ago: executing program 39 (id=1882): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = openat$auto_snd_mixer_oss_f_ops_mixer_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer1\x00', 0x180, 0x0) ioctl$auto_OSS_ALSAEMULVER(r2, 0x40086602, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400044, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/bus/pci/rescan\x00', 0x20681, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000000200)='5', 0x1) mmap$auto(0x2000, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) syz_genetlink_get_family_id$auto_ovs_packet(0x0, 0xffffffffffffffff) ioctl$auto_SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000080)) mbind$auto(0xffffffffffffff00, 0xff, 0x9, 0x0, 0x3, 0x7) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x2b44c1, 0x0) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) msync$auto(0x1ffff000, 0x1800000ff000000, 0x400000004) r4 = openat$auto_proc_pid_smaps_operations_internal(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/smaps\x00', 0x42000, 0x0) read$auto_proc_pid_smaps_operations_internal(r4, 0x0, 0x0) 25.589370968s ago: executing program 2 (id=1905): statmount$auto(0x0, &(0x7f0000000180)={0x770, 0xfffffffe, 0x8, 0x4, 0x4005, 0x0, 0x5, 0x400, 0x3, 0x9, 0x6, 0x6, 0x4, 0x11ffffffffffb, 0xb2, 0x2, 0x6, 0x10, 0x80, 0x7ff, 0x8000, 0x1, 0x1, 0x202, 0xd, 0xbca7, 0xfffffffffffffff6, 0x0, 0x0, 0x0, 0x6b4, [0x2, 0x6, 0x0, 0x5, 0x0, 0x0, 0x20000000000, 0x0, 0x4, 0x2, 0x3169b201, 0x0, 0x3, 0xfffffffffffffc01, 0x5, 0xfffffbfffffffffb, 0x0, 0x9, 0x2000000, 0xfffffffffffffffe, 0x0, 0x8, 0x0, 0x200000000000000, 0x0, 0x8000000000000000, 0x0, 0x1, 0x0, 0x7fffffff, 0x101, 0x0, 0x20000000000000, 0x40000000000000, 0x1000000000000200, 0x0, 0x400, 0x96, 0x5, 0x4, 0xe17, 0x0, 0x6]}, 0x1fe, 0x1) r0 = socket(0x10, 0x3, 0x6) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="1400", @ANYRES16, @ANYBLOB="01"], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, 0x0, 0x84) keyctl$auto(0x6, 0xfffffbfffffffffe, 0x0, 0x32, 0xfff) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="72010000", @ANYBLOB="bfcd4738b564a2ff3b160bbe43260aec9633"], 0x1ac}, 0x1, 0x0, 0x0, 0x24000000}, 0x40000) mkdir$auto(&(0x7f0000000040)='./file0\x00', 0x2) mkdir$auto(&(0x7f00000000c0)='./file1\x00', 0x9) rename$auto(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)='./file0/file0\x00') r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x8000, 0x70) mkdir$auto(&(0x7f0000000000)='./file1\x00', 0x4) renameat2$auto(r1, &(0x7f00000000c0)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x2) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) r2 = socket(0x10, 0x2, 0xf) r3 = bpf$auto(0x0, &(0x7f0000000080)=@bpf_attr_4={0x1e, r2, 0xffffffff}, 0xd) bpf$auto(0x2, &(0x7f0000000080)=@iter_create={r3, 0x98}, 0x5) r4 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) ioctl$auto__ctl_fops_dm_ioctl(r4, 0xfffffffffffffd03, &(0x7f00000001c0)) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/workqueue/nvmet-wq/affinity_scope\x00', 0x562, 0x0) write$auto(r5, &(0x7f00000005c0)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xe1\x903\x9e\xca\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81\xe4\xab\xc5\x8da\vr\xb91\xfe\x9a\xf0\x0f\x03\x12m/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\xf4\r\x19$\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbbc\xb9\xd0\x1f\xd9\x8e`\xba\xd0\xa4\xf5\x00\x00\x00\x00\x00\x00\x00\x00', 0x98c7) 24.841774372s ago: executing program 2 (id=1924): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NFSD_CMD_VERSION_SET(r0, 0x0, 0x844) sendmsg$auto_NL80211_CMD_GET_STATION(0xffffffffffffffff, 0x0, 0x8000) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xfffffffffffeffff, 0x15) gettid() mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) execve$auto(&(0x7f0000000000)='./file0\x00', &(0x7f0000000180)=&(0x7f00000000c0)='nfsd\x00', &(0x7f00000002c0)=&(0x7f0000000280)=',+^\x00') sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) close_range$auto(0x2, 0x8, 0x0) r1 = socket(0x2, 0x3, 0x6) r2 = socket(0x2, 0x1, 0x0) bind$auto(r2, &(0x7f0000000040)=@in={0x2, 0x4e20, @remote}, 0x6a) sendmmsg$auto(r2, &(0x7f0000000380)={{&(0x7f0000000040), 0x12, 0x0, 0x19, 0x0, 0x1f, 0xb}, 0x800008}, 0x5, 0x20000000) sendmsg$auto_IPVS_CMD_NEW_SERVICE(0xffffffffffffffff, &(0x7f0000000840)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000800)={&(0x7f0000000540)=ANY=[@ANYBLOB="ac020000", @ANYRES16=0x0, @ANYBLOB="000228bd7000fbdbdf250100000089010380c53543203b1de97955f2c20300741ba2e40fb382d06628967bcf8b37fcd95b7ae2f324e0dce4bfada8908cbf27179fba352815400d19600182f237d5f842a402c3294346852ac23da401000100bc6c601d1b1b779044d26c923d6e9cbb13e5672d0e0c38ad401042c7b6287b9d3d1375b4bcfe1603f00b61b84b1f4ea0ec500647788f31dbce528c346c41b18882c271eadc117cffc3e5bd4d9f295d9bb8fe9d8a0400de00dd0003800400cd8008006b0001000000f2b812dc5878945211dc0f4d3788b40000000052bff4d6464e0800a40dacf91a57271273bd4abedcb37e64a11eb6ba977a281d693b82947a2cc52526742fb53a5abde669cac0fa1f130de578dc997af8f2eaeb6aca77b6fd7ba415dc8a7728fd869bb47a4c179bafcfa44d53c7d263f7b2ee1c66743831f588822db66f3c527eacd49c3a81f8c272e04bf9e5e73d00080000000000000cef6908004b00", @ANYRES32=0x0, @ANYRES32=r1, @ANYRES32=0x0, @ANYBLOB="000000000000180002801400b000fe8000000000000000000000000000aa08000600a5220000eb0003800800e6800400da8004007400080006000a010100163fc57d51a412f55a37d0077142cef03822caf8321c055cc4b7bff434b7bba503e448bd749d421e9e3af80bec00add1b87514f790e5326d0bf40a80613270ca89c9d34032f904c48d4681b784e49f21028208000200000000004037a2faa2dba7441e2aaabd56234255024b9d607a0d5b77a490fbfe0df891386b3f423073a9428e4014f22b495c449533008d4b3c7db8402bd3501435a2603a90b3ace0245a6f80980a24c80f7f4084954a89dea2edd2eaa0a01a1f0858a8adead1cfb4937ee4650d0911107badd4545d427e42ba111d93ce00"], 0x2ac}}, 0x20000000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c00, 0x0, 0x5, 0x0, 0x0, 0x9}, 0x5}, 0x3, 0x400) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) futex$auto(0x0, 0x85, 0x38, 0x0, 0x0, 0x80800005) r3 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mtd0ro\x00', 0x0, 0x0) ioctl$auto_BLKPG2(r3, 0x1269, 0x0) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x14fa02, 0x0) sendfile$auto(0x3, r4, 0x0, 0x400000000006) sendfile$auto(0xffffffffffffffff, r4, &(0x7f0000000140)=0x140000000000009, 0x20002000000005) ioctl$auto_TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, &(0x7f0000000300)=0x6) shutdown$auto(r2, 0x2) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) 23.141633301s ago: executing program 2 (id=1928): close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0xa, 0x1, 0x84) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nbd15/queue/scheduler\x00', 0x103a42, 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) r2 = openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcsa1\x00', 0x101041, 0x0) poll$auto(&(0x7f0000000000)={0x3, 0x1, 0xa}, 0x5, 0x108) write$auto(r2, &(0x7f0000000000)='/sys/kernel/security/integrity/evm/evm_xattrs\x00', 0x20000003) r3 = socket(0x2a, 0x2, 0x1) mmap$auto(0x0, 0x2020009, 0xffff, 0xeb5, 0xfffffffffffffffa, 0x7ffc) connect$auto(r3, &(0x7f0000000140)=@qipcrtr={0x2a, 0x1, 0x4000}, 0x57) write$auto(0x3, 0x0, 0x3f00) write$auto_fops_ulong_ro_(0xffffffffffffffff, 0x0, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x40000000c07) io_uring_register$auto(r1, 0x11, 0x0, 0xffffffff) r4 = timerfd_create$auto(0x0, 0x4) close_range$auto(r0, r4, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r5 = socket(0x15, 0x5, 0x0) getsockopt$auto(r5, 0x114, 0x2716, 0xfffffffffffffffc, 0x0) ioctl$auto(0x1, 0x890c, 0x8) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mremap$auto(0x0, 0xffffffffffffffff, 0x3fd6, 0x3, 0x7fffffffb000) prctl$auto(0x23, 0x20000000000000b, 0x7fffffffefff, 0x0, 0x0) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x20009, 0x4, 0xeb1, 0x401, 0x1ff) socket$nl_generic(0x10, 0x3, 0x10) 22.665773109s ago: executing program 2 (id=1929): r0 = socket$nl_generic(0x10, 0x3, 0x10) unshare$auto(0x40000080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/kernel/bpf_stats_enabled\x00', 0x163041, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/ati_remote2/parameters/channel_mask\x00', 0x1e1842, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000040)=""/4096, 0x1000) write$auto_proc_sys_file_operations_proc_sysctl(r1, 0x0, 0x0) r3 = getegid() fsconfig$auto(0xffffffffffffffff, 0x3, 0x0, 0x0, r3) setsockopt$auto_SO_WIFI_STATUS(r1, 0xcb, 0x29, &(0x7f0000000000)='\x00', 0x5) keyctl$auto(0x1f, 0x1, 0x6, r3, 0x3ff) madvise$auto(0x0, 0x240007, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x0, 0x200007, 0x19) openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000001040), 0xb0040, 0x0) userfaultfd$auto(0x1) close_range$auto(0x2, 0x8, 0x0) syz_genetlink_get_family_id$auto_macsec(&(0x7f0000001840), r0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f00000020c0), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_REPORT_PMSR(r4, &(0x7f0000002240)={0x0, 0x0, &(0x7f0000002200)={&(0x7f0000002100)=ANY=[@ANYBLOB='\"\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010028bd7000fcdbdf250b0000000a000200db1b0f6bd3ff0000"], 0x20}, 0x1, 0x0, 0x0, 0x20040800}, 0x40804) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000240), r6) sendmsg$auto_NETDEV_CMD_NAPI_GET(r6, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x20000000) sendmsg$auto_MACSEC_CMD_UPD_TXSA(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000001100)=ANY=[@ANYRESOCT=0x0, @ANYRES16=r4, @ANYRESHEX=0x0, @ANYRES64=r3, @ANYRESHEX=r6], 0x28}, 0x1, 0x0, 0x0, 0x200480c7}, 0x80) 21.422018811s ago: executing program 2 (id=1932): mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x4, 0xc00000072, 0x8b72, 0x1000000002, 0x8000) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) mount$auto(0x0, &(0x7f00000000c0)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0xf, 0x0) open(&(0x7f0000000100)='.\x00', 0x0, 0x0) mremap$auto(0x5, 0x3, 0x3fda, 0x8, 0x7fffffffb000) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x28200, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f00000001c0)=""/234, 0xea) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket(0x2, 0x3, 0xa) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x501, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_uprobe_events_ops_trace_uprobe(0xffffffffffffff9c, &(0x7f0000000900)='/sys/kernel/debug/tracing/uprobe_events\x00', 0x1, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x40000, 0x0) msgctl$auto_IPC_INFO(0x8, 0x3, 0x0) ioctl$auto(r2, 0x560a, r2) write$auto(r0, &(0x7f0000001380)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xfc\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\r&\xec\xb8\xb1Z\\\xc9L\xb2\t\xddbH|\xffGP\x97)\xb9:nqn\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc$\xa0\xa5\xce\xca\xe1P\xf7\xe5_\xca\xd5\xd8\xa4g_\xb1\x88\x8cAJS\x11\x8b\xd1%a\xe5DPk\x8c\xf9\xfb\xe0+\xdb\x12\x10.F\x00\xc37\xc7\xbf\x80\xbeu\xe1V\xb2\xc5\xc9\x1a\xc7\xdc}!\x10\xb1\",1%\x0e\xeb\x15\x15me\xe1a\x03\x18{\xb03+\x93*vB\xc6\xf1\xc6\xff\xbbt\x04!\xb6\v\xde2\xc9\x89#\xbaR\xee\x13jF%\xf2\x15\x9a\x82&\x89o\xa9\xd9\xbfFY\x90\x8c\xa0\xe4\x9d\xa2\xcd\x9a\xb5TC\xc4\x9d\x9ePb]\xaa\xc7f\x06N\xc5\xfa{\x02Y\xae\xf4(\xaa\x06);{?\x1e\fu\x19b\xdf$,\x01\"\x94\x00\x00\x00\x00\x003\xcfZ\xaf~<\xba\xb7\xa03\x8c\n*krS\x19Q#\x8f\xfbW\xad\xe0\xb3o\xcb\xf7\xda\x87C\x99\x1a\xa8\xc1\xe3\xc6%\xac\x01@*\xa0\xc4\xedn-lT\xe6*?\'\x9dW=\xa7\x03\x06\x83 IT\xa3\x7ff\xb6\x95\xe5\xd2\n\xaf\x87`\xce%\xf6 &\xa7M5I\x9c\x17h\x8c\xa4\x98\x16\xe0\xd9?Y\x7f\xf6\x85_{\xfd9p$B9_\xd8\xf4\x0e\xd0\xfa\xe7\xb0\xb8\xa0\xd7\a\xff.\"\x81\b\xb0\xb4\x84\xac\xad\x1b\x93~_\xea\xfe7\x03\"\xd9\x1d.\xe5{bHX\x14\xa1\bO\x03[^\x85jP\x89\t\x06GI\xb7\x99\xb2zZf\xc8\xd4\x8d\x1c\x1e\x03\xb9\xa7Nt\xae\xfff\xf9\tx\xae\xa8\x05\xb14\xc6\x9b\x1f\xd3\x01#\xc6\nb\xd4\xb4\xc8?\xa7\xe2R\xc1\xcf\xd2\xbc\xae\xd1\xc2\x88\"\xf3\xf0\xc0uQy\xec\xfab\xd6\xcd\x16)\x19*E\vm\x8d\x1bG:\x80\'pJ', 0x4100000a3d7) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/asound/card1/pcm0p/sub7/info\x00', 0x8040, 0x0) read$auto_proc_reg_file_ops_compat_inode(r3, &(0x7f0000000100)=""/184, 0xb8) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x0, 0x200007, 0x19) close_range$auto(0x2, 0x8, 0x0) 19.196329019s ago: executing program 2 (id=1938): mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x44eb2, 0xd, 0x300000000000) semctl$auto_SEM_INFO(0x0, 0xfffffffd, 0x13, 0x1) r0 = socket(0x11, 0x80003, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = fcntl$auto(r1, 0xa, 0x1) syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000003c0), r2) sendmsg$auto_NL80211_CMD_TDLS_CHANNEL_SWITCH(r2, 0x0, 0x4008000) fcntl$auto(r1, 0x10, 0x2) setsockopt$auto(r0, 0x107, 0xd, 0x0, 0x8000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000380)={{&(0x7f0000000040)="8cdd411735502ea33a2640e3d3b9fadb78eed1324ad3ec6769623ee6f1ecf47b5a6ab290204afdf2a14d78ebf930", 0x7ff, &(0x7f0000000300)={&(0x7f0000000240)="72a88044bd4e8f19157c9bd885b453596ec6a3ff723d27c34bf33d98e38754f2aadbecd3e3c90879f9a4b4a28066f723caad7caf93e283faca0ef8e1e240af1e29d3ab2d58e8b70f51898119fcf861d1c11edb5e0a1d98f8e70912ee7bdfb2a7e4c5cfa4336232c9f7f107c73a45f9bddfbcc9808c3709b4e052884f096c1b9ada24b9df3bb3bba67044535c6af38d000145b8696b0b7a6db4", 0x3}, 0x5e, &(0x7f0000000340)="340ec95871932eac123508fb2e4af0a1", 0x480000, 0xff}, 0x28}, 0x4b6, 0x5) mmap$auto(0x0, 0x8000000004020009, 0xdf, 0xeb1, 0x401, 0x18000) r3 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004) map_shadow_stack$auto(0x40, 0x7, 0x1ff) r4 = open(0x0, 0x4242, 0xe1d2b27bdc14aafe) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mkdir$auto(&(0x7f0000000400)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x5) ioctl$auto_VHOST_SET_OWNER(0xffffffffffffffff, 0xaf01, 0x5) ioctl$auto(0xffffffffffffffff, 0x4008af20, 0xffffffffffffffff) fallocate$auto(r4, 0x0, 0x7, 0x4cbd5d) write$auto_proc_coredump_filter_operations_base(r3, &(0x7f0000000180)="8907447b3cf49ae1052ea9628639b1138996742452020d420f842ef08fa0bcc8a7961e20fcdc9a025b09ce4d68a0ba089acde051a75cbb7fc1d0733d114b1e011c4b3d0dbc4b43e35909c31bc1e76a52242d7ca2937f85015647c4ac4117edf2a96d19c8f39d3ff5409b12902aaf4f663ff35565941fbcb501a0fb06081f30dbdccc5970f74df90532cb5aeadd17e036df16ddf9c999fd2f370bfb2114384c56cfe4", 0xa2) r5 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop2\x00', 0x24040, 0x0) ioctl$auto_BLKTRACESETUP(r5, 0xc0481273, &(0x7f00000000c0)={"ef65ce6c00cf81000000ffffffffffffff291d000000000700000000000300", 0x3ff, 0x408, 0xfff, 0x400004, 0x200000000040000d}) ioctl$auto_BLKTRACETEARDOWN(r5, 0x1276, 0x0) pwrite64$auto(0xc8, &(0x7f0000000480)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00\x00\x00\xfd\xfd\xd3\xd3\x1d\x00^\x0fo\x97\xfc\x89\v\xea\xc2\x95\xafQ;C>\x15L\x90\xad\xa4\x1648W\t\x00\x00\x001\x00\x00\x04@X\xb9_\xdd\xee\xc4\xd06,|\xfe.\xa6\x00\x00\x00\x00\x00\x00\x00\x1ch*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe4\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0J}]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\b\x00\x00\x00wU&%`_[\xde\x7f\xde8\xf7\xc1\x94\xf2\xc1\"\xact\xee\xc9\x00\x00\x00\x00\x00\x00\x00\x00\xee\xa9\x0eX\x01\xa3g\xba\x9cc\x90\xe3\xae\xa9\xde\x84v\n\xcdN\xb6\xa4\xe0\xb7e\x97 ?\xb5\xa1E=t\x96\xbd\xfd\xc5\xebn\xb7\n\xc2\xbc\xa2\xa8\x04#\x84\xa7R}\xed\x8f\x03\x01\x10wLT\vay\x12\xb63\x9e\a\x8e\xbd\x18y<\xb3\v\x14\x82\x97&\xfcm\x86\x10o\xdc\xf3x\xfd\x06\x87t\xb9$\x94,f\x9b0\xcd\xd3\r\xb1e\'\x19\xc1\xe7>*\xad\xa5+\xa8\x1c\x88\xa1\x0e[\x99\xb6LKZ\x9e\r\xd0r\xe2Ct\xc1\x99\x1b/\xc5P.aUdq\x97\x94\xb9\xa8qU\xae*g\x86\xc9\xa4\xe7\n\vh-v\"o.\xbf6\x13\tFK\x8e\xc6&&\x13\x81\x00\x8c7PS\x9c\xa3\xfb\x1d\xa9\x98\xd47\n\xa7\xd1\x10\xb3i\xd2\xa8\x18f\xb3K\x9b\x9b\x8c\xe8\x84\xa3,5-\xd6\xae\xbd\x1d\xf2o\x99\x02\x1a:w9\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\bl\x042\x935\x9e\xeeH\x87\xda\x10\x8f^1\x89L`\xf4[\x06\xf6\xc7\xd0#\xdb\xb1\\\xc3\xb1\xb8\xe8\xde2\xbb\xf8I\x9c\x17KI\x8c\f\x1d\xaa\xa0\xdb\xc7\x9e\x81\x90CTe\xfa\x8dq&\x17\x908\xc9T\xffm\x890\x1d\x91\xf8|t\xfd\x18\xd5\xb0\xcbH\xa7\xb6T\n\x11%\xba\x16o\r\xf6\xd0\x00\xc1\x1a\x1f\xaa8\xfbo)rtYK\"c\xe2c\xbeM\x9bT\x05\xf3\xccC\x8c\x00\xdf\x8c\x1b+\xca\x80\x00\x00\x00\xc3aB\xa0\xd7\xf8C\xde\xcc\xeaoNs\f\x86\x06<\x17\xcd\xd7\xf7\xc3\xba\xd0\xb9\x0e\xd0v\xeb\xe5$_\xd7\x9f\x8e\xac \x9a\xa3\xfd\x83(\xcc\xcd!%Kv\x13\xe9rR\xbc\xc1\x89\xd3vpA\x8a\xa6\xdc<\xaa\xdcsdCA\x19\xe3\xdf&\xea\x00f /X\xc6\x9b\xaa\x86\xa6\x8a\x80\xc0w\xb2S\xba\x9f\xef\xa5\xea\xff\x86\xb6l_M\x8b\xffj\xbc\x19\xa0\x81aBq\x85\x9b\xc4\x92\xc3\x87', 0x84, 0xe83) getrandom$auto(0x0, 0xa, 0x3) write$auto_uhid_fops_uhid(0xffffffffffffffff, &(0x7f0000000840)="d965380d53abac165375e1e59f2c4cf369fd6380e7b03f4c6e3503f485fa4ef051d88404f4b81fdae140c9c98cfe7a9096b34b1b8c8ec1a21995ba117a079fc270523a164ccb028f18b7e13e2fde00c73ffe92b72dd5af448446990d5b48fc069dcb0c0c71a7701e52b6b35737d5737afdc3825875123e2c0d81d986640ad9b2a41ebcf7941996499d3bb1b694df1e6d8fa977cb4fd29cb848561f0ed24ca48b777b90cc9d1a214f680363869985d8e4d2e95c87558e8624b45580520a91db7230e2b00880d29aad009919d1538b66fb2c844daefa9516a5be08ea8e477a70df92ae", 0xe2) r6 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r6, 0x4b67, 0x1) 15.540130257s ago: executing program 9 (id=1946): close_range$auto(0x0, 0xffffffffffffffff, 0x2) socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_SNDRV_RAWMIDI_IOCTL_STATUS32(0xffffffffffffffff, 0xc0245720, 0x0) unshare$auto(0x40000080) shmctl$auto(0x4, 0x3, &(0x7f0000000540)={{0x5, 0xee01, 0x0, 0x2, 0x9, 0x9, 0x34f9}, 0x8, 0x1, 0xf7c, 0x8, @inferred=0xffffffffffffffff, @raw=0x80000001, 0x1, 0x0, &(0x7f0000000400)="d4b768b0ad84e2e9bfa0d60275afedc4772f0cdae2d9e5d4cf65a4f8e9c7052d9fd37c7cb921a868822599d3ad6fe7a2db50b98f15857b39c00c4bf7803cbffe0b4cabac1f477cd49331b5b4f8687d969797f4d8d783e1f8637852c0aca76d69144aaaceea22f4ba94eee22fd8d82b12552fb270012b1d69ac4d42ba0af919b731877d732df22fc427177a4932b846679c2654eddbc1320f8aae4bd8c91e01", &(0x7f00000004c0)="a97f747b55fb217d5b26e49327e12f1393aac8986ebe1b904fb30767cafe67224fd4b06c2af690634ae4ee423a6d9e0be614da93d9d257bcb9bebaec6d8de5471acfa7425e3d79efd2620e0ae85cc03d8e9b3cfe65d2b75a34fe86aa06b5574f3efe861ccfa2a0ac9f572c2f19e9fe76"}) setfsuid$auto(r0) mq_timedsend$auto(0xffffffffffffffff, 0x0, 0x2, 0x10000, 0xfffffffffffffffe) r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000300)='/dev/snd/controlC2\x00', 0x8100, 0x0) read$auto_proc_pid_maps_operations_internal(0xffffffffffffffff, 0x0, 0x0) prctl$auto(0x26, 0x1, 0x0, 0x0, 0x0) seccomp$auto_SECCOMP_SET_MODE_FILTER(0x1, 0x8, &(0x7f0000000080)="c20c") r2 = openat$auto_ftrace_formats_fops_trace_printk(0xffffffffffffff9c, &(0x7f00000003c0)='/sys/kernel/tracing/printk_formats\x00', 0xc0002, 0x0) pread64$auto(r2, 0x0, 0x1, 0xb29e) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r1, 0xc0045516, &(0x7f0000000040)=0x5) r3 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x123801, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000140), r4) r6 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8905, &(0x7f0000000200)={'ip6tnl0\x00'}) sendmsg$auto_IOAM6_CMD_DUMP_SCHEMAS(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000001ec0)={0x14, r5, 0x721, 0x70bd27, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x4000001}, 0x4008004) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r3, 0xc1105517, &(0x7f00000009c0)={{@raw=0x7000, 0xd252, 0x9, 0x2, "790eaa00ffff8eac2cdafc1f64010043eeb0b053030001ffff000e00"}, 0x4, 0x2000963, 0x2, @raw=0x404, @reserved="b20200a3077300f2c167afeb0a9902da3d58908ea1a8475fbd3a75d4690e48fc922df5fdffffffffffffffdbb68aec3f51e29bc18b59d74badbdcc1ba97a2004117190c9a050186fa73f5a197762a94460d134b357b8b4d0caaf1ca142917779cef3673ee57f2f5fde573fa4d4328a8ea0be7eccec0adb4f64290e53d4faa89d", "6cc1294d63a4f1b4285854c5368de438f8cc142ef6df12bf3373a1cb04b435b3fcd0c7c61c329794e5311121c760cb9611c78e6947a99806bcc100"}) ioctl$auto_SNDRV_CTL_IOCTL_TLV_COMMAND(r3, 0xc008551c, 0x0) close_range$auto(0x2, 0xa, 0x0) r7 = socket(0xa, 0x2, 0x0) setsockopt$auto(r7, 0x29, 0x37, &(0x7f0000000080)='\x15!\xa8^J/\xddCx4!\x00\xd3\x8f\x1e\x1b\xc3 \xe2\xa8\xd6\xd9\xc0\xa2\x0f\x88\xb1e\x8a\xd8?\xfe\xda\xc4\xef\xff(i\xc6@\x91[\vBj\x0eQ\xce\x16\'C\x8cYA\x92u\xd5\xb8\\\x82,\xe2=y\x9bR\xbcn\xa0c\x16~\x86\"t\xde\x14\xe4\xa5\xfe\xb5', 0x110) setsockopt$auto(0x400000000000003, 0x29, 0x3b, 0xffffffffffffffff, 0x0) socket(0x2, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 14.708364787s ago: executing program 9 (id=1947): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x0) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@ethernet={0x1, @link_local}, 0x6a) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/ram2/partscan\x00', 0x80200, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x800) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC2\x00', 0x800, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_CARD_INFO(r0, 0x81785501, &(0x7f0000000240)={0x5, 0x0, "de6208d69c90e1beedda1aa1796c4536", "1aef09f057b8e6b77c3fa8db259056a2", "9649efcec118d7563fb34bf487b9bcf832fed7b3dee7edc8c7a06ac8ed714648", "ef86743334004e34ded7f4f918c1ae2728d423746ae9388e833447898844020468166e720aa18e9e8bf939fb69fa37f8cb1a3723933044e12e7aca4980b6dd6a49ec893b4a14c1870013dce4ee7bb313", "1bdd1bd1e7c93fb23eec09c0fd894efd", "cfc574487a9ea54410cef23d4fe7ca3e78d158c240515f8735c415b6011c4201335554d8a56f185263367dea284aa2cfd1186f7918f367d0329159d3cd2419a890b4840be7dda3125c4f826a8ee0ef22", "c40316b50fd844ca966e25bae3ea9e0485911ca98dc015b6353fc8fdb75ed727190a9b59c895c6fd3f4857dd0a53acc9fc8eaaf65594d77abfb1a6b0788a2ac012a27f566ac119dff3c275c8e64a87699577b2ad1a822a23d98d5dcef24a81ad1005f9c69ebdea766c9795a8214e6804939ac95778ab3f25c3c4da43984d0b0f"}) write$auto(0xffffffffffffffff, &(0x7f0000000000)='9\x00\\\xa0\x04|\x9d$\xdcM)\xb9\xdd\xd6\xd5\xc3H\x15I=\xf5\xfb\xa0\x9a][LIU\x9d0\xfb0Q\x88H\x95\v\xbe5\xc2os\xe2iq\x1d>,\xe8\xb3\x950\xca\xfc\x98\xbd\xff\x93&\x98\'\\\xf4\xfe\xed7\x8e.I\xc3HG\x8d\xa3m\'\xbf\xc4\xad:\x96z\xcb\x1b\xe6\xa9J\xcfL\xf9\xd5\x00\x00\x00\x00\x00\x00X\xa8\xdb\xcf\xbb?f\xa2\xd0\xa4\xc2#f\xce\x98\x98\xbf\x03\xb6\x1aaAT\x1b\xa9\xa0\xee\xa2K\xe6\xf2B\xdb|\xa1\x19\xf0#\xda\x1b\xaf\x94\xed\x17)\x9f}\x19\x81\x11|G\x97\f\xe2\xf2%AvH\x82~', 0x4) sendmsg$auto_TCP_METRICS_CMD_DEL(0xffffffffffffffff, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000c80)={&(0x7f0000000180)={0x30, 0x0, 0x901, 0x70bd27, 0x25dfdbfb, {}, [@TCP_METRICS_ATTR_SADDR_IPV6={0x14, 0xc, @mcast1}, @TCP_METRICS_ATTR_ADDR_IPV4={0x8, 0x1, @remote}]}, 0x30}, 0x1, 0x0, 0x0, 0x80}, 0x40) r1 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_MEM_TABLE(r1, 0x4001af84, 0x0) ioctl$auto_VHOST_SET_OWNER(r1, 0xaf01, 0x0) mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000) openat$auto_event_inject_fops_trace(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/tracing/events/vmalloc/alloc_vmap_area/inject\x00', 0x2, 0x0) open_tree$auto(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x1ff) r2 = openat$auto_aoe_fops_aoechr(0xffffffffffffff9c, &(0x7f0000000000)='/dev/etherd/discover\x00', 0x801, 0x0) write$auto_aoe_fops_aoechr(r2, 0x0, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) sendmmsg$auto(0xffffffffffffffff, &(0x7f00000001c0)={{0x0, 0x10, &(0x7f00000000c0)={0x0, 0x10000}, 0x7, 0x0, 0x5, 0x9}, 0xf}, 0xd, 0xffffffff) connect$auto(0x3, 0x0, 0x6) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x0, 0x5, 0x5) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x0, 0x200007, 0x19) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x400c000) 14.443859434s ago: executing program 9 (id=1949): mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) r0 = socket(0x2, 0x1, 0x0) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4ea2, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000000)={{&(0x7f0000000040), 0x19, 0x0, 0x9, 0x0, 0x1f, 0x3}, 0x4}, 0x7, 0x20020004) write$auto(0x3, 0x0, 0x7fffffff) preadv2$auto(0x3, &(0x7f0000001000)={0x0, 0x9}, 0x5, 0xffffffffffffffff, 0x7, 0x2e) r1 = openat$auto_drm_crtc_crc_control_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000100), 0x84400, 0x0) fcntl$auto_F_SETSIG(r1, 0xa, 0xfffffffffffffffd) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000000)='/dev/usbmon33\x00', 0x121200, 0x0) mmap$auto(0x0, 0x4000002, 0xfffffffffffffe01, 0x8051, 0x3, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) madvise$auto(0x800000000, 0x8000000000000001, 0x19) sendmsg$auto_NL802154_CMD_SET_CCA_ED_LEVEL(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x53, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYRES64=r2, @ANYRES16=0x0, @ANYBLOB="08002dbd7000fddbdf252dfffffff600120040000000"], 0x1c}, 0x1, 0x0, 0x0, 0x8001}, 0x40000) io_setup$auto(0x5b6e4b94, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = socket(0x2, 0x1, 0x106) connect$auto(r3, 0x0, 0x54) mmap$auto(0x0, 0x40006, 0xe2, 0x8000000000000011, r3, 0x8) r4 = open(&(0x7f0000000040)='./file0\x00', 0x2041, 0xfa) write$auto(r4, 0x0, 0xfffffdf1) ioctl$auto_FS_IOC_SETFLAGS2(r4, 0x40086602, 0x0) rename$auto(&(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='./file0\x00') 12.816324659s ago: executing program 9 (id=1952): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x89fc, &(0x7f0000000040)={'bridge0\x00'}) r2 = socket$nl_generic(0x10, 0x3, 0x10) accept$auto(r1, &(0x7f0000000500)=@hci={0x1f, 0x4}, &(0x7f0000000540)=0xfffffffb) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/afs/sysname\x00', 0xaa102, 0x0) write$auto(r3, &(0x7f0000000100)='\x00\x00\x00\x00\x00\x00\x00x \xec(\x1d\x98\xe9\xc4\xe8\xfc@6=\xab\xf4\x89\x01\x93\xdc\x19\xffv\'\xa1\xd5\x14\x06S\xae\xadB}\xdf]\x99\xc9\x9f4\xbb\xc5\x81\x9d\x8ak\xdeB\xcbd\xd3\x05\xe4P\x84\xcb\xb8#\x13\nYU\'\x95R\xc8\x9d\xb7*\xe0.\xd2\xdf\x1b\x88D\x8c{k\xcec\xe1\xa2j\xec\xc9\xd2\x98\x94I\x102h\x06\x8c\xa2\xc8\x8a7\xb7t', 0x7ef) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), r2) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r1, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="14000000", @ANYRES16=r4, @ANYBLOB="05082cbd7000fbdbdf257e000000000000ffe9ff00000000fbcdcf723761e464cc2327ce89ce96a5082aecdbbbdb9b60b1d900"/60], 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x80) r5 = setfsuid$auto(0xee00) r6 = io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) listen$auto(0x3, 0x81) socket(0x1d, 0x2, 0x7) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0xfffffffffffffe11, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x200440c4}, 0x40048c5) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x37, 0xfffffffffffffffe, 0x80000001, 0x0, 0x0, 0x0, 0x1000000009, 0x10001, 0x6, 0x400, 0x7ffffffb, 0x5, 0xdd79, 0x10000, 0x3, 0x104}) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r7, 0x89fc, &(0x7f0000000040)={'bridge0\x00'}) io_uring_register$auto(r6, 0x1, 0x0, 0x5) ioctl$auto_SNDCTL_DSP_SPEED(r6, 0xc0045002, &(0x7f00000004c0)="14616e145dc4b5f48054b22a95d3d80b50e74d6f899f8c07ace1a885f3f9bdd90d8a2304e21272d40841f91e2f7fa78b") setreuid$auto(r5, 0x0) r8 = getsid$auto(0x0) sendmsg$auto_NL80211_CMD_GET_FTM_RESPONDER_STATS(r0, &(0x7f0000000480)={&(0x7f0000000000), 0xc, &(0x7f0000000440)={&(0x7f0000000080)=ANY=[@ANYBLOB="b8030000", @ANYRES16=r4, @ANYBLOB="000226bd7000fedbdf2582000000f0022c800800010007000000b40002802c000080080001000200000008000200090000000800010003000000080002000800000008000100060000001400008008000200fbffffff08000100060000001400008008000200fbffffff08000100510b00000c00008008000100000000001c0000800800010000010000080002008a09000008000100ffff00000c000080080001000a0000001c0000800800010038660000080001000100000008000200ffffff7f0c0000800800010000000000d00002802400008008000100008000000800020000000000080002000600000008000100040000001c0000800800020005000000080002002b00000008000100ba0000000c00008008000200050000003c0000800800020000feff000800010080000000080001000300000008000200090000000800020004000000080001007f00000008000100000200001c00008008000100090000000800020003000000080001003a1f0000140000800800020008000000080001000100000014000080080002000001000008000200ff07000008000100faffffff4801028034000080080002007f000000080001000600000008000200d9fe00000800010007000000080001000700000008000100c20000004400008008000200018000000800010008000000080002000600000008000100040000000800020000800000080001003faf0000080001000900000008000200010400001c00008008000200010000000800020001000000080002000700000014000080080001000700000008000200a70c000054000080080001000000000008000100c006000008000600f40000000800020010000000080002000500000008000100010000000800010009000000080002000080000008000100070000000800010002000000140000800800010003000000080001000700000034000080080002000101000008000100060000000800010003000000080001000e00000008000100030000000800010008000000080001004000000008000100030000007000f080e893438ab30d68d7d891f83a6cb4199c334c700bdc5fff2265d4c602e6543d92059c89e294a2269d3e68aaa1c27c5430cedd24f4ddf2d2affa83c4231ef93668337ab03ae84a1c6a4f6f9f826544fa1348a9b57efa536aa54df416d9fd2c381aaddb5ece08003600", @ANYRES32=r5, @ANYBLOB="06001201040000001f00f200f390b030498157d5348c45829889c416b0c306a80286d6b1188ab50008005200", @ANYRES32=r8, @ANYBLOB="0600f9004c810000060043010400000004004401"], 0x3b8}, 0x1, 0x0, 0x0, 0x40}, 0x20008080) setresuid$auto(0x2, 0x7, 0x8080) open_by_handle_at$auto(0x1, &(0x7f0000000040)={0x2, 0x9, "4cbd"}, 0x2) 12.21586887s ago: executing program 9 (id=1956): unshare$auto(0x40000080) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/mtdblock0\x00', 0x14fe02, 0x0) getsockopt$auto_SO_BSDCOMPAT(r0, 0x3, 0xe, &(0x7f00000000c0)='*\\\x00', &(0x7f0000000180)=0x40) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$auto_OVS_VPORT_CMD_SET(r1, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c00982a", @ANYRES16=r2, @ANYBLOB="000227bd7000ffdbdf2504000000080001000000"], 0x1c}, 0x1, 0x0, 0x0, 0x5}, 0x24040080) mmap$auto(0x0, 0x810000, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000080)={0x0, 0x80000003}, 0x7, 0xffffffffffffffff, 0x8000000000000, 0x2f) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0xffff) mount$auto(0x0, &(0x7f00000000c0)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0xf, 0x0) open$dir(&(0x7f00000002c0)='}[,&*}\x00', 0x2000, 0x71) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/cifs/LinuxExtensionsEnabled\x00', 0x80, 0x0) read$auto_proc_reg_file_ops_compat_inode(r3, &(0x7f00000000c0)=""/192, 0xc0) bind$auto(0x3, &(0x7f0000000040)=@tipc=@id={0x1e, 0x3, 0x3, {0x4e21, 0x3}}, 0x1) openat$auto_tracing_saved_cmdlines_fops_trace(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/debug/tracing/saved_cmdlines\x00', 0x280, 0x0) r4 = getpid() process_vm_readv$auto(r4, 0x0, 0x5, &(0x7f0000000380)={&(0x7f00000003c0)="5d4846965d0b30daa3e6601c064002004ef4e3449da9de6d8e81b8ef5ba7539963c8a299f8bf8f816d2fd597aff09165fb11db610530b5ff686981cc7cb546f1a6192dc51d47abb1d077af445519b9844596b7f246681246ac9d2c851ac3803d504a303643768bea050522be34f77c5e0127fe6b3aeb745f71b0d241ed3a8abec0e46b13b787c00958c3d840b59099cb02f74d9cce7e86f05e60a70ef0a00d046c010000000000000000"}, 0x6, 0x0) r5 = socket(0x1e, 0x4, 0x0) setsockopt$auto(r5, 0x10f, 0x87, 0x0, 0x14) r6 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) listen$auto(r0, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttynull\x00', 0x0, 0x0) dup$auto(r6) r7 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/ipv6_route\x00', 0x80000, 0x0) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40814}, 0x24008000) r8 = openat$auto_event_inject_fops_trace(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/tracing/events/vmalloc/purge_vmap_area_lazy/inject\x00', 0x40482, 0x0) writev$auto(r8, &(0x7f0000000000)={&(0x7f0000000000), 0x101}, 0x2) pread64$auto(r7, 0x0, 0x6000000000, 0x100000004) 10.729015551s ago: executing program 9 (id=1960): mmap$auto(0x0, 0x20005, 0xa, 0x200eb1, 0x401, 0x8000) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) madvise$auto(0x0, 0x400053, 0x9) socket(0xa, 0x2, 0x0) setfsuid$auto(0xee00) mmap$auto(0xfff, 0x5, 0xffffffffffffffc0, 0x100000000000017, 0x7, 0x28000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/bus/usb/drivers/usbip-host/rebind\x00', 0x121681, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000740), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) read$auto(0xc8, 0x0, 0x200) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000826bd7000fedbdf2503000000080004", @ANYRES32=r2, @ANYBLOB="0a0005000180c200000e00000a0001000180c200000e00000a000100000000000000000008000200", @ANYRES32=r2, @ANYBLOB="060006ff050000000800"], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'wlan1\x00'}) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000840)='./cgroup.cpu/memory.stat\x00', 0x80200, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x101800, 0x0) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r4, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) connect$auto(0x3, &(0x7f0000000080)=@nl=@proc={0x10, 0x0, 0x25dfdbfe, 0x4}, 0x81) 6.428896022s ago: executing program 3 (id=1970): r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = openat$auto_ftrace_set_event_notrace_pid_fops_trace_events(0xffffffffffffff9c, 0x0, 0x582, 0x0) write$auto_console_fops_tty_io(r1, &(0x7f0000001240), 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0x8, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) pwrite64$auto(r0, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88\xa8s\x1c\b\x06\x8a>)\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cgroup.threads\x00', 0x80302, 0x0) sendmsg$auto_IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000001800)={0x0, 0x0, &(0x7f00000017c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010028bd7000fedbdf250c0000001d000280d2f7abf5204c1c01107d33d6d37bc50e476301cfa9375e0781"], 0x34}, 0x1, 0x0, 0x0, 0x20004014}, 0x4014) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x80}, 0x40000) pwrite64$auto(0xc8, &(0x7f0000000040)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00\x00\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbe\x01\x00\x00\x00\'\x03\x00\x00\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e#\xae\xa9i8W\xe5Iq\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00'/231, 0xfdf2, 0x3a) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) pwritev2$auto(r2, &(0x7f0000000180)={&(0x7f0000000140)="000d7fc249aa0ec38c9a6f0be872cac913c1b3aa34ebeaa54322d5382e257e7322ab8444fb236b2771f84812c234a93ccd457d0557ed91a8323c4d", 0x5}, 0x6, 0x800, 0x702, 0x6) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r3) kexec_load$auto(0x8, 0x17, &(0x7f0000002200)={@buf=&(0x7f0000000240)="557520b858fd7175472fcb0f3514254f0f98d090101503ecb7013ec18ea4c46a08f4c5220f9f6071c1cce3e0244c6143770c92d10a2e31e0ec68e825f7d13f9aa4922d42b69d796ca6d0ec0913459344fbe9eca33e6820d1d7fb65bc4616ddd621677e691ef2550ab8d6daf1d4a3d03414a0538c775be04927789269850425d3b13b61e6d87ffc75d8eaaf0b7dcbd09b94801009bb4586a2fac4942b20b518261f13a9468a2b42c9d04dccbf06f56a02f233928af6db2931d0fa4ba85fee747ddfb9b8c153cf1442be87b1991251dcf168373e9bd00291ecd58c39955b2073ceea8f29cd52518000ca7a35511e6a6b6fb0477f2ac0", 0x2, 0x7f, 0x9}, 0x1) close_range$auto(0xffffffffffffffff, 0x8, 0x0) mmap$auto(0x0, 0x9, 0xdf, 0xeb1, 0x401, 0x8000) pwrite64$auto(0xc8, 0x0, 0xfdef, 0x2) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) write$auto(r4, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) 5.881145653s ago: executing program 3 (id=1973): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/net/bond0/bonding/arp_validate\x00', 0x2002, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ioctl$auto(0xc8, 0x401054d5, 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) read$auto_proc_timers_operations_base(0xffffffffffffffff, &(0x7f0000000200)=""/4, 0x4) prctl$auto_PR_SET_VMA(0x53564d41, 0x0, 0x0, 0x0, 0x2) socket(0x10, 0x2, 0x2f) io_uring_setup$auto(0xf00, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x80402, 0x0) r0 = socket(0xa, 0x801, 0x84) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x1c1041, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000240)='\x88\x84;/\xb9H\xc5\xa8\xf1\x94i\xcc\xdd\x8eW\xa9\x8d\xa0\xcaOK:\xde\xc5m\xd5\xcb\x90t\xbanb\x17}\x1btx\x06\x1e\xe0!\xa2A|\x86\xfd\x1b\x0f\xcc_2\xb1fB\x98\xfb\x1c\be\x82\x9d^g*>\xbf\x1e\x94\x80_\x04\xba%\x921\x04=\'\xe2\xac\xbd\x85\x19\f \xab}\xea n\f^\xb669$\xd6\xad\xf1\xcaR\x89\x829\xc2InTj\xa0$\xfe\xe3\x82\xcb\x9c\x8b\xf3G\xdey\x19E\xacs\xe2\xeeJ\'q\x16\x7fF\v\xfbE\xb6\x8a\x96\xceE\xe3\x80\xe1m`\x9cE\x8bPwx\xcc\xfb\v4\v\x99\rr\x8b;J\xf8\a\xb9\xc4\x8dN\x03%\x86\xd0+\xdfz\xb1>1\x0e\xb8\x88\xb6\x11V.\f\xe7\x0f!\xa6\xeb\x19', 0x100000a3d9) openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/trace_pipe\x00', 0x20c01, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x4, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x2003f2, 0x15) openat$auto_drm_connector_fops_drm_debugfs(0xffffffffffffff9c, 0x0, 0x202, 0x0) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\x84q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa24X@\xadD\xf8\x9d\xf3 \xd2]\xc4\x13G\x1d\x04!\xc1\xeb.e$\xfb\xa3KU\xcf\xc1\x7fFD\x99\xf5v\v\x9dS\xc11P\xa3\xe9\xb0SqL\x85\xea\xb2\x9cY\x83.I\xca\x92\x1c\xc4\x13CV=\x92\x17c\x87iOt\x14On\x15=\v\xf0 \xc5\x8b~\xd6\xd4\xc7\xa3a\x1c\x06\x17\xb3\x88\x8c\xf1L\xba\x89a\xfd\xa5\xc6\x7fU\x00\xe5\x9b', 0x5) fchdir$auto(0xffffffffffffffff) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x80, 0x0) sendmsg$auto_SMC_NETLINK_DUMP_SEID(r0, 0x0, 0xc000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x44eb1, r0, 0x300000000000) io_uring_setup$auto(0x5, 0x0) openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/per_cpu/cpu1/trace\x00', 0x2c081, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000180)={[0x1ff, 0x200, 0xd7e, 0x1, 0x948b, 0x3, 0x95b45a07, 0x8000000000000003, 0xe05, 0x8000000000008001, 0x80000001, 0x7, 0x6d3f, 0x9, 0x800, 0x4]}, 0x0) 5.452260722s ago: executing program 5 (id=1974): close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x103e81, 0x0) ioctl$auto_TCSBRKP2(r0, 0x5425, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x103e81, 0x0) recvfrom$auto(r0, &(0x7f0000000200), 0x4, 0x10001, 0x0, &(0x7f0000000480)=0xc) ioctl$auto_TCSBRKP2(r1, 0x5425, 0x0) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SETTRIGGER(r2, 0x40045010, &(0x7f0000000040)) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x0) r3 = socket(0xa, 0x1, 0x84) pwrite64$auto(0xc8, &(0x7f0000000340)='\vX\xc9\xb3\xbc\x8c\x1dga08\x90\x86\xdde\x1cJ\x99\x00\x11:\x14\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xfe\x80\x12\x00\x00\x00\x00\x00\x0fo\x84\xfc\x89\x01\x97.\x03\x11\xc1\xbaS\x1c\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#\x1c\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd8\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xaf\n1t\xee\xc9:\xcfE\x87Z&i\xd4\x00\x00\x00\x00\x00', 0xedef, 0x3) accept$auto(r3, 0x0, 0x0) setsockopt$auto(0x3, 0x10f, 0x8a, 0x0, 0x14) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/tty45\x00', 0x201, 0x0) write$auto_tty_fops_tty_io(r4, 0x0, 0x0) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x3, 0x1, 0x9488, 0x9, 0x15f4da07, 0x6, 0x4, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0x2, 0xd8]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x8000000000001fd, 0x20000000007, 0x4, 0x1000000000000bbf, 0x7ff, 0x3, 0xff, 0x10001, 0x1, 0x3, 0x8001, 0xfffffffffffffffe, 0x80000000, 0x335b0ef1, 0xffffdfffffffff81, 0x4]}, 0x0) 4.95660646s ago: executing program 3 (id=1975): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mremap$auto(0x0, 0xffffffffffffffff, 0x3fda, 0x3, 0x7fffffffb000) r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, r0, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}}, 0x4004) r1 = open_by_handle_at$auto(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x9}, 0x3) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f0000001380)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xfc\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\r&\xec\xb8\xb1Z\\\xc9L\xb2\t\xddbH|\xffGP\x97)\xb9:nqn\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc$\xa0\xa5\xce\xca\xe1P\xf7\xe5_\xca\xd5\xd8\xa4g_\xb1\x88\x8cAJS\x11\x8b\xd1%a\xe5DPk\x8c\xf9\xfb\xe0+\xdb\x12\x10.F\x00\xc37\xc7\xbf\x80\xbeu\xe1V\xb2\xc5\xc9\x1a\xc7\xdc}!\x10\xb1\",1%\x0e\xeb\x15\x15me\xe1a\x03\x18{\xb03+\x93*vB\xc6\xf1\xc6\xff\xbbt\x04!\xb6\v\xde2\xc9\x89#\xbaR\xee\x13jF%\xf2\x15\x9a\x82&\x89o\xa9\xd9\xbfFY\x90\x8c\xa0\xe4\x9d\xa2\xcd\x9a\xb5TC\xc4\x9d\x9ePb]\xaa\xc7f\x06N\xc5\xfa{\x02Y\xae\xf4(\xaa\x06);{?\x1e\fu\x19b\xdf$,\x01\"\x94\x00\x00\x00\x00\x003\xcfZ\xaf~<\xba\xb7\xa03\x8c\n*krS\x19Q#\x8f\xfbW\xad\xe0\xb3o\xcb\xf7\xda\x87C\x99\x1a\xa8\xc1\xe3\xc6%\xac\x01@*\xa0\xc4\xedn-lT\xe6*?\'\x9dW=\xa7\x03\x06\x83 IT\xa3\x7ff\xb6\x95\xe5\xd2\n\xaf\x87`\xce%\xf6 &\xa7M5I\x9c\x17h\x8c\xa4\x98\x16\xe0\xd9?Y\x7f\xf6\x85_{\xfd9p$B9_\xd8\xf4\x0e\xd0\xfa\xe7\xb0\xb8\xa0\xd7\a\xff.\"\x81\b\xb0\xb4\x84\xac\xad\x1b\x93~_\xea\xfe7\x03\"\xd9\x1d.\xe5{bHX\x14\xa1\bO\x03[^\x85jP\x89\t\x06GI\xb7\x99\xb2zZf\xc8\xd4\x8d\x1c\x1e\x03\xb9\xa7Nt\xae\xfff\xf9\tx\xae\xa8\x05\xb14\xc6\x9b\x1f\xd3\x01#\xc6\nb\xd4\xb4\xc8?\xa7\xe2R\xc1\xcf\xd2\xbc\xae\xd1\xc2\x88\"\xf3\xf0\xc0uQy\xec\xfab\xd6\xcd\x16)\x19*E\vm\x8d\x1bG:\x80\'pJ', 0x4100000a3d7) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x0, 0x200007, 0x19) write$auto_tomoyo_operations_securityfs_if(0xffffffffffffffff, &(0x7f0000000440)="0a1bab5c30595644f93bb154d7886d8ec5eacee8d3371cadb82b2606381300770dc8f745b5c76eedaa0ec76b0a8b", 0x2e) pread64$auto(0xffffffffffffffff, 0x0, 0x100000002, 0x100000001) mmap$auto(0x0, 0x202000a, 0x5, 0xeb1, 0xfffffffffffffffa, 0x8000) mremap$auto(0x0, 0x4000007, 0x3fd7, 0x0, 0x20000020000000) io_setup$auto(0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) preadv2$auto(r3, &(0x7f0000000280)={0x0, 0x80000000}, 0x6, 0x3, 0x4, 0x2e) ioctl$auto_SNDRV_CTL_IOCTL_TLV_COMMAND(r1, 0xc008551c, &(0x7f0000000040)={0x4, 0x2, [0x1, 0xfffffffa]}) socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/machinecheck/machinecheck0/monarch_timeout\x00', 0x2, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f0000000140)="33aa0d7191af", 0x6) 4.503523925s ago: executing program 5 (id=1976): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0xe, 0x4, 0x4, 0x10001, 0x8, 0xc, 0xffffffffffffffff, 0x9, 0x7ff}, 0xee) mmap$auto(0x0, 0x40009, 0x1ff, 0x9b72, 0x7, 0x28000) modify_ldt$auto(0x1, 0x0, 0x10) modify_ldt$auto(0x0, 0x0, 0xfffffffffffffffb) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x82002, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000080)="2dfc", 0x2) close_range$auto(0x2, 0x8, 0x0) unshare$auto(0x40000080) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ioctl$auto_VHOST_SET_FEATURES2(r2, 0x4008af00, &(0x7f0000000040)=0x3) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) mremap$auto(0xfffffffffffffe01, 0x40000000100005, 0x843, 0x3, 0x2) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) r3 = openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/tracing/trace_options\x00', 0x2, 0x0) write$auto(r3, 0x0, 0x6) madvise$auto(0x0, 0x2003f2, 0x15) mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) fanotify_init$auto(0x5, 0x0) creat$auto(&(0x7f0000000000)='./file0\x00', 0x3ff) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x182b02, 0x0) sendfile$auto(r4, r4, 0x0, 0x3) r5 = openat$auto_tomoyo_self_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) write$auto(r5, 0x0, 0x81) sendto$auto(r5, &(0x7f0000000000)="18308123784b0ef29c8ab277202e1a1e3d88e09059bca5b1694042700bbb8c3e0a04cec14c214e75679a469269c6fb27747c6c127985fe857051df7597d0521aafc1e26d4d2b2e62d9406dcdf2124897afc5641e6ab7fa49aea19b0ad214a2772320e17d77c0ed47bd942d8ebbd3888ad07e1ff6490a933ba3f7a8030cb557c3667a11e40e23e9441f80ac64d8b1cb0842df15d984f2a35035edac6808865be6c452589109241d7dd506f2f6181d34a5779741d712e248f00536a9f95e439426bc6549be11dcbac937cd35b6595e5efc62299ae5264f30cb0c6666", 0xffffffff, 0x3, &(0x7f0000000100)=@l2={0x1f, 0x4, @none, 0x9, 0x1}, 0xa) 4.099822919s ago: executing program 40 (id=1938): mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x44eb2, 0xd, 0x300000000000) semctl$auto_SEM_INFO(0x0, 0xfffffffd, 0x13, 0x1) r0 = socket(0x11, 0x80003, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = fcntl$auto(r1, 0xa, 0x1) syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000003c0), r2) sendmsg$auto_NL80211_CMD_TDLS_CHANNEL_SWITCH(r2, 0x0, 0x4008000) fcntl$auto(r1, 0x10, 0x2) setsockopt$auto(r0, 0x107, 0xd, 0x0, 0x8000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000380)={{&(0x7f0000000040)="8cdd411735502ea33a2640e3d3b9fadb78eed1324ad3ec6769623ee6f1ecf47b5a6ab290204afdf2a14d78ebf930", 0x7ff, &(0x7f0000000300)={&(0x7f0000000240)="72a88044bd4e8f19157c9bd885b453596ec6a3ff723d27c34bf33d98e38754f2aadbecd3e3c90879f9a4b4a28066f723caad7caf93e283faca0ef8e1e240af1e29d3ab2d58e8b70f51898119fcf861d1c11edb5e0a1d98f8e70912ee7bdfb2a7e4c5cfa4336232c9f7f107c73a45f9bddfbcc9808c3709b4e052884f096c1b9ada24b9df3bb3bba67044535c6af38d000145b8696b0b7a6db4", 0x3}, 0x5e, &(0x7f0000000340)="340ec95871932eac123508fb2e4af0a1", 0x480000, 0xff}, 0x28}, 0x4b6, 0x5) mmap$auto(0x0, 0x8000000004020009, 0xdf, 0xeb1, 0x401, 0x18000) r3 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004) map_shadow_stack$auto(0x40, 0x7, 0x1ff) r4 = open(0x0, 0x4242, 0xe1d2b27bdc14aafe) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mkdir$auto(&(0x7f0000000400)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x5) ioctl$auto_VHOST_SET_OWNER(0xffffffffffffffff, 0xaf01, 0x5) ioctl$auto(0xffffffffffffffff, 0x4008af20, 0xffffffffffffffff) fallocate$auto(r4, 0x0, 0x7, 0x4cbd5d) write$auto_proc_coredump_filter_operations_base(r3, &(0x7f0000000180)="8907447b3cf49ae1052ea9628639b1138996742452020d420f842ef08fa0bcc8a7961e20fcdc9a025b09ce4d68a0ba089acde051a75cbb7fc1d0733d114b1e011c4b3d0dbc4b43e35909c31bc1e76a52242d7ca2937f85015647c4ac4117edf2a96d19c8f39d3ff5409b12902aaf4f663ff35565941fbcb501a0fb06081f30dbdccc5970f74df90532cb5aeadd17e036df16ddf9c999fd2f370bfb2114384c56cfe4", 0xa2) r5 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop2\x00', 0x24040, 0x0) ioctl$auto_BLKTRACESETUP(r5, 0xc0481273, &(0x7f00000000c0)={"ef65ce6c00cf81000000ffffffffffffff291d000000000700000000000300", 0x3ff, 0x408, 0xfff, 0x400004, 0x200000000040000d}) ioctl$auto_BLKTRACETEARDOWN(r5, 0x1276, 0x0) pwrite64$auto(0xc8, &(0x7f0000000480)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00\x00\x00\xfd\xfd\xd3\xd3\x1d\x00^\x0fo\x97\xfc\x89\v\xea\xc2\x95\xafQ;C>\x15L\x90\xad\xa4\x1648W\t\x00\x00\x001\x00\x00\x04@X\xb9_\xdd\xee\xc4\xd06,|\xfe.\xa6\x00\x00\x00\x00\x00\x00\x00\x1ch*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe4\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0J}]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\b\x00\x00\x00wU&%`_[\xde\x7f\xde8\xf7\xc1\x94\xf2\xc1\"\xact\xee\xc9\x00\x00\x00\x00\x00\x00\x00\x00\xee\xa9\x0eX\x01\xa3g\xba\x9cc\x90\xe3\xae\xa9\xde\x84v\n\xcdN\xb6\xa4\xe0\xb7e\x97 ?\xb5\xa1E=t\x96\xbd\xfd\xc5\xebn\xb7\n\xc2\xbc\xa2\xa8\x04#\x84\xa7R}\xed\x8f\x03\x01\x10wLT\vay\x12\xb63\x9e\a\x8e\xbd\x18y<\xb3\v\x14\x82\x97&\xfcm\x86\x10o\xdc\xf3x\xfd\x06\x87t\xb9$\x94,f\x9b0\xcd\xd3\r\xb1e\'\x19\xc1\xe7>*\xad\xa5+\xa8\x1c\x88\xa1\x0e[\x99\xb6LKZ\x9e\r\xd0r\xe2Ct\xc1\x99\x1b/\xc5P.aUdq\x97\x94\xb9\xa8qU\xae*g\x86\xc9\xa4\xe7\n\vh-v\"o.\xbf6\x13\tFK\x8e\xc6&&\x13\x81\x00\x8c7PS\x9c\xa3\xfb\x1d\xa9\x98\xd47\n\xa7\xd1\x10\xb3i\xd2\xa8\x18f\xb3K\x9b\x9b\x8c\xe8\x84\xa3,5-\xd6\xae\xbd\x1d\xf2o\x99\x02\x1a:w9\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\bl\x042\x935\x9e\xeeH\x87\xda\x10\x8f^1\x89L`\xf4[\x06\xf6\xc7\xd0#\xdb\xb1\\\xc3\xb1\xb8\xe8\xde2\xbb\xf8I\x9c\x17KI\x8c\f\x1d\xaa\xa0\xdb\xc7\x9e\x81\x90CTe\xfa\x8dq&\x17\x908\xc9T\xffm\x890\x1d\x91\xf8|t\xfd\x18\xd5\xb0\xcbH\xa7\xb6T\n\x11%\xba\x16o\r\xf6\xd0\x00\xc1\x1a\x1f\xaa8\xfbo)rtYK\"c\xe2c\xbeM\x9bT\x05\xf3\xccC\x8c\x00\xdf\x8c\x1b+\xca\x80\x00\x00\x00\xc3aB\xa0\xd7\xf8C\xde\xcc\xeaoNs\f\x86\x06<\x17\xcd\xd7\xf7\xc3\xba\xd0\xb9\x0e\xd0v\xeb\xe5$_\xd7\x9f\x8e\xac \x9a\xa3\xfd\x83(\xcc\xcd!%Kv\x13\xe9rR\xbc\xc1\x89\xd3vpA\x8a\xa6\xdc<\xaa\xdcsdCA\x19\xe3\xdf&\xea\x00f /X\xc6\x9b\xaa\x86\xa6\x8a\x80\xc0w\xb2S\xba\x9f\xef\xa5\xea\xff\x86\xb6l_M\x8b\xffj\xbc\x19\xa0\x81aBq\x85\x9b\xc4\x92\xc3\x87', 0x84, 0xe83) getrandom$auto(0x0, 0xa, 0x3) write$auto_uhid_fops_uhid(0xffffffffffffffff, &(0x7f0000000840)="d965380d53abac165375e1e59f2c4cf369fd6380e7b03f4c6e3503f485fa4ef051d88404f4b81fdae140c9c98cfe7a9096b34b1b8c8ec1a21995ba117a079fc270523a164ccb028f18b7e13e2fde00c73ffe92b72dd5af448446990d5b48fc069dcb0c0c71a7701e52b6b35737d5737afdc3825875123e2c0d81d986640ad9b2a41ebcf7941996499d3bb1b694df1e6d8fa977cb4fd29cb848561f0ed24ca48b777b90cc9d1a214f680363869985d8e4d2e95c87558e8624b45580520a91db7230e2b00880d29aad009919d1538b66fb2c844daefa9516a5be08ea8e477a70df92ae", 0xe2) r6 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r6, 0x4b67, 0x1) 3.252330994s ago: executing program 3 (id=1978): bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0xe, 0x4, 0x4, 0x10001, 0x8, 0xc, 0xffffffffffffffff, 0x9, 0x7ff}, 0xee) unshare$auto(0x40000080) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x2, 0x5, 0x0) mmap$auto(0x0, 0x8001, 0x3ff57696, 0x9b72, 0x2, 0x8000000000008000) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x5, 0x84) semctl$auto(0x2, 0x5, 0x13, 0x9) setsockopt$auto(0x3, 0x10000000084, 0xa, 0x0, 0x20) socket(0x2b, 0x5, 0xfffffffd) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) fcntl$auto_F_NOTIFY(0xffffffffffffffff, 0x402, 0x9000) r2 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x1c1041, 0x0) write$auto_fuse_dev_operations_fuse_i(r2, &(0x7f0000000440)="11000000000000000000000000000100", 0x10) pwrite64$auto(0xc8, 0x0, 0xe, 0x4) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x8f00, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) fsopen$auto(0x0, 0x1) prctl$auto(0x38, 0x3, r0, 0x0, 0x3) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) shmctl$auto(0x4, 0x16, &(0x7f0000000300)={{0xe9, 0xee01, 0xee00, 0x3, 0x80000000, 0x7bef26fc, 0x100}, 0x80000000, 0xed8, 0x7, 0x8000000000000001, @raw, @inferred=r0, 0x8, 0x0, 0x0, &(0x7f0000000240)="401c20a15ebcca215b6699300b690e97d5582a9026ab730bc1b587719b81a1cc97971ceaf608eb4036175e03c4b82daeba258ed195000f5e86033ceec7130321d11a0fff164400173a1ca624e23abd4160e8b60efdb781400c45036db507e133e126a78b77b336af95d105e6aecb85bb474024d8651e6072cccce685851908b81ee180cc"}) r4 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000000), 0x123000, 0x0) ioctl$auto_USB_RAW_IOCTL_EVENT_FETCH(r4, 0x80085502, 0x0) shutdown$auto(0x200000003, 0x2) syz_genetlink_get_family_id$auto_ethtool(0x0, r1) setsockopt$auto(0xffffffffffffffff, 0x100, 0x5, &(0x7f0000000040)='#)@$$:]+)]\x00', 0x8001) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3) 2.706082471s ago: executing program 5 (id=1979): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000004440), 0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_NEW(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000004540)={&(0x7f00000000c0)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01009b64c23ef155546b0104000008000900", @ANYBLOB="080005000600000008000200", @ANYRES32=0x0, @ANYBLOB="0c0001"], 0x8d}, 0x1, 0x0, 0x0, 0x10}, 0x2000000) sendmsg$auto_OVS_METER_CMD_SET(r0, &(0x7f0000000740)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000700)={&(0x7f00000006c0)={0x20, 0x0, 0x804, 0x70bd2a, 0x25dfdbff, {}, [@OVS_METER_ATTR_USED={0xc, 0x5, 0xe5}]}, 0x20}, 0x1, 0x0, 0x0, 0x41}, 0x400000c) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), r0) sendmsg$auto_NL80211_CMD_AUTHENTICATE(r0, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000780)={0x40, r3, 0x100, 0x70bd2c, 0x25dfdbfd, {}, [@NL80211_ATTR_BSS_SHORT_PREAMBLE={0x5, 0x1d, 0x7f}, @NL80211_ATTR_MLO_RECONF_REM_LINKS={0x6, 0x14f, 0x10}, @NL80211_ATTR_TIMEOUT={0x8, 0x110, 0x8}, @NL80211_ATTR_FILS_DISCOVERY={0xc, 0x126, 0x0, 0x1, [@NL80211_FILS_DISCOVERY_ATTR_INT_MAX={0x8, 0x2, 0x1}]}, @NL80211_ATTR_BSS_SHORT_SLOT_TIME={0x5, 0x1e, 0x80}]}, 0x40}, 0x1, 0x0, 0x0, 0x1}, 0x40000) r4 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000980)='/dev/snd/controlC0\x00', 0x0, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_INFO(r4, 0xc1105511, &(0x7f00000009c0)={{@raw=0xb, 0x2, 0xed, 0x5, "23af44e99b39d92c8f7925902e82e274330f614fe788a29d9671e208274eb3003d738d0ced7f8e4ae6a7e31d"}, 0x4, 0x7, 0x65dc, @inferred, @enumerated={0x6, 0x46, "ccf8a22025f886dfa5f5ce5396f3add58174d9e53228434abe8f8017ca440b62f31abb9d0169fadbfa8b73374cc17c08360d32f9536712384d926c4677d3559d", 0x40, 0x1}, "3a1b2e5bfbf619455ff4b80b5092c5bf432fa6c3d158c2b2591103e6fdbf0bb88e707ed93304acc4c076b5b3d92be4e06123de781b632127a86c6ccae54ffb74"}) sendmsg$auto_OVS_DP_CMD_NEW(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x801}, 0x80) r5 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000280), r0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'sit0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'tunl0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000380)={'bond_slave_1\x00', 0x0}) r9 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x90}, 0x20000081) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x802, 0x9, 0x63, 0x0, 0x0, 0x0, 0x7, 0x7ff, 0x800000000100002, 0x0, 0x2, 0xc, 0x40, 0x1c, 0x20000000009, 0xb}) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000140)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="24051c27c100dedbdf250307cc0008000200", @ANYRES32=0x0, @ANYBLOB="060007000080000006000700050000000a00050000000000000000000a00010000000000000000000a0001000000000000000000060006000d00000006000600070000000a0001"], 0x6c}}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) fallocate$auto(r9, 0x0, 0x7, 0x4cbd5d) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) madvise$auto(0x0, 0x400053, 0x9) sendmsg$auto_ETHTOOL_MSG_LINKINFO_GET(r0, &(0x7f0000000640)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000600)={&(0x7f00000003c0)={0x204, r5, 0x100, 0x70bd2d, 0x25dfdbfd, {}, [@ETHTOOL_A_LINKINFO_HEADER={0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macsec0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x9}]}, @ETHTOOL_A_LINKINFO_HEADER={0x58, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x5}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x6}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pimreg\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vxcan1\x00'}]}, @ETHTOOL_A_LINKINFO_HEADER={0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x9}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_vlan\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macsec0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @ETHTOOL_A_LINKINFO_HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @ETHTOOL_A_LINKINFO_HEADER={0x58, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syzkaller1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x10001}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}]}, @ETHTOOL_A_LINKINFO_HEADER={0x78, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macsec0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x344c}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x401}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'hsr0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'hsr0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge0\x00'}]}, @ETHTOOL_A_LINKINFO_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xc34b}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netpci0\x00'}]}]}, 0x204}, 0x1, 0x0, 0x0, 0x2040001}, 0x400805c) 2.382034646s ago: executing program 3 (id=1980): mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = open(&(0x7f0000000040)='./file0\x00', 0x2041, 0xfa) write$auto(r0, 0x0, 0xfffffdf1) ioctl$auto_FS_IOC_SETFLAGS2(r0, 0x40086602, 0x0) socket(0x2, 0x801, 0xff) read$auto_mon_fops_binary_mon_bin(r0, &(0x7f0000001080)=""/4097, 0x1001) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020005, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x600006, 0x19) r1 = openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/psaux\x00', 0x40000, 0x0) times$auto(&(0x7f0000000040)={0x100002b, 0x9, 0x1, 0x2}) poll$auto(&(0x7f0000000000)={r1, 0x3, 0x4}, 0xb, 0x7) madvise$auto(0x0, 0xfffffffffffeffff, 0x19) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/nbd2\x00', 0x40000, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000006cc0), 0xffffffffffffffff) sendmsg$auto_NBD_CMD_RECONFIGURE(r2, &(0x7f0000006d80)={0x0, 0x0, &(0x7f0000006d40)={&(0x7f0000006d00)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="01002abd7000fbdbdf19030000000800010002"], 0x1c}}, 0x24044880) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x6, 0x0) r4 = socket(0xa, 0x1, 0x84) capget$auto(0x0, 0xfffffffffffffffe) getsockopt$auto(r4, 0x84, 0x85, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) writev$auto(0xffffffffffffffff, 0x0, 0xbf) r5 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/rpc/gss_krb5_enctypes\x00', 0x1c9180, 0x0) read$auto_tracing_stats_fops_trace(r5, 0x0, 0x0) 2.23932982s ago: executing program 5 (id=1981): mmap$auto(0x0, 0x202000a, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r0 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000000), 0x123000, 0x0) ioctl$auto_USB_RAW_IOCTL_EVENT_FETCH(r0, 0x80085502, &(0x7f0000000240)=ANY=[@ANYBLOB="e7fdff8d44916c5dbbdd2310000056b103cfe0ed7b3b700442fbf598d28ed0553238b0023f51cd8a9d2df44ce666337d2e04000000000000b7a00ad9bc0046b3eb2f939f3d84dca30cd7b0b6b3ab0bff9bc793b415ef83f68700823d2d2e51b8e19744697dd98dff315a6a6b7794818c02ddb41abb348a4843fc4bccd111ac90afceb162fdee00c84be8872b0ff3f965180d736e81c95f7ea41ebf601f191cf3196494dba303676b4a98a0e446c89b2a566c72ec4b92681653ea44f41e8b7d67e949bff83502a37ade8248d052da08d44ee317c1f3a2ef0b1dfca63a5600561f251f1e06a6e136719549"]) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r1 = pidfd_open$auto(0x1, 0x0) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/config/target/core/alua/lu_gps/default_lu_gp/lu_gp_id\x00', 0x189002, 0x0) lseek$auto(0x3, 0x2, 0x4) mmap$auto(0x0, 0x2, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r2 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) write$auto(r1, &(0x7f0000000100)='/dev/raw-gadget\x00', 0xa) mmap$auto(0x0, 0x2020009, 0x203, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) dup2$auto(r2, r2) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000140)=""/190, 0xbe) madvise$auto(0x2, 0x7fffffffffffffff, 0x4) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x80302, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000340)='/dev/input/event0\x00', 0x8a100, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) socketpair$auto(0x2, 0x7, 0x2, &(0x7f0000000200)=0xcd51) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd3/queue/iostats\x00', 0x80302, 0x0) sendfile$auto(r3, r3, 0x0, 0x2) faccessat2$auto(0x1, &(0x7f0000000040)='\x00', 0x4, 0x1200) waitid$auto_P_PIDFD(0x3, 0xffffffffffffffff, 0x0, 0x5, &(0x7f0000000240)={{0xc4d, 0xffffffffffffff37}, {0x34, 0x5}, 0x5, 0x1, 0x9, 0x6, 0x4, 0x1, 0xf, 0x6, 0xf, 0x7f, 0x6, 0x5e97, 0xd, 0x5}) migrate_pages$auto(0x0, 0x8, &(0x7f0000000000)=0x4, 0x0) lstat$auto(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0xfffffffffffffffc, 0x1, 0x3, 0x7, 0x0, 0xee01, 0x0, 0x9, 0xf, 0x9, 0xffffffffffffffff, 0x5, 0x8, 0x3, 0xd, 0x7fff, 0x8}) arch_prctl$auto_ARCH_MAP_VDSO_32(0x2002, 0xffffffffffffffff) 1.263893498s ago: executing program 5 (id=1982): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, 0x0) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) msync$auto(0x1ffff000, 0x17ffffffffffffc, 0x400000004) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x22, 0x5, 0x6) socket(0x2, 0x1, 0x0) socketpair$auto(0x80000000, 0x3, 0xffffff00, 0x0) setsockopt$auto(0x3, 0x6, 0x5, 0x0, 0x8) ioctl$auto_BLKRRPART(0xffffffffffffffff, 0x125f, 0x700000000000000) socket(0x10, 0x2, 0x0) statmount$auto(0x0, 0x0, 0x202, 0x2000000) mmap$auto(0x0, 0x4020009, 0xdc, 0xeb1, 0xffffffffffffffff, 0x8000) madvise$auto(0x4, 0x8000000000000000, 0x15) r0 = openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, 0x0, 0x20200, 0x0) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000001040)='/proc/self/fail-nth\x00', 0x802, 0x0) write$auto(r1, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) read$auto_proc_mountinfo_operations_mnt_namespace(r0, &(0x7f0000000040)=""/4080, 0x1036) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) r2 = gettid() read$auto(0x3, 0x0, 0x80) rt_sigqueueinfo$auto(r2, 0xb, &(0x7f00000001c0)={@siginfo_0_0={0x3, 0x401, 0xfffffffb, @_kill={0x0, 0xffffffffffffffff}}}) 131.067777ms ago: executing program 3 (id=1983): r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec18\x00', 0x900, 0x0) ioctl$auto_CEC_S_MODE(r0, 0x40046109, &(0x7f0000002c40)=0xf0) close_range$auto(0x2, 0x8, 0x0) r1 = memfd_secret$auto(0x0) fstatfs$auto(r1, &(0x7f00000000c0)={0x4, 0x8000000000, 0x5, 0x7fff, 0x0, 0x4, 0x6, {[0x9, 0x3]}, 0x0, 0x5, 0x7, [0x9, 0x7e5, 0x9, 0x26]}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x1, 0x0) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/icmp\x00', 0x42500, 0x0) r3 = socket(0x2, 0x2, 0x1) sendto$auto(r3, 0x0, 0xf, 0xfffffff8, 0x0, 0x1c) read$auto_proc_reg_file_ops_compat_inode(r2, &(0x7f0000001080)=""/244, 0xf4) mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ila(&(0x7f0000000040), r4) sendmsg$auto_ILA_CMD_DEL(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x20000010}, 0x4000000) mmap$auto(0x0, 0x3fffff, 0x7, 0x11, 0xdd, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000100)={0x0, 0x1d, 0x3000, 0x6, 0x7, 0x400a, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c48, 0x29b, 0x3, 0x7f, 0x0, 0x6}, {0x100, 0x1, 0x52, 0x85, 0x2, 0x1a7b870a, 0x76c2, 0x9, 0x100000000}}) r5 = openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/ieee80211/phy0/aqm\x00', 0x82, 0x0) preadv$auto(r5, &(0x7f00000000c0)={&(0x7f0000000240), 0x7}, 0x5, 0x37, 0x3) r6 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/pci/00/01.3\x00', 0x84ac0, 0x0) statmount$auto(&(0x7f00000001c0)={0x0, @raw=0x8, 0x2, 0x2, 0xd1d}, &(0x7f0000000200)={0x0, 0x8, 0xfc6, 0x7, 0xf, 0x0, 0x81, 0xb, 0xe6f, 0x4, 0x5, 0x6, 0xe, 0x8, 0x9, 0x3c, 0x7, 0x3, 0x6, 0x39, 0x101, 0x7fff, 0x20, 0x7, 0x400, 0x8, 0x10000, 0x49, 0x743, 0xffff, 0x10001, [0x5, 0x50, 0x2252, 0xd78, 0xbd2, 0x8000, 0x1, 0xffffffffffffffff, 0x1000000000, 0x9a, 0x2b2a, 0x40, 0x80000000, 0x1, 0x2, 0x6, 0xffffffff, 0x7fff, 0x6, 0x9, 0x100, 0x8, 0xffffffffa051be41, 0x6, 0x7, 0x5, 0x43, 0xb, 0x4, 0x1, 0xefdd, 0x3, 0x1, 0x7, 0x0, 0x1, 0x4, 0x5, 0xb, 0x3, 0x100000000, 0x9, 0x5], "2f2fe9af366962ff19fc78633b28d02873db040fd0ad73a5772ccd9068e421d0977d6590ac131589"}, 0x10, 0x8) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r7 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000980)='/proc/self/pagemap\x00', 0x2, 0x0) read$auto(r7, 0x0, 0x39b8) pread64$auto(r6, 0x0, 0xf429, 0xb) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2b, 0x1, 0x0) write$auto_ocfs2_control_fops_stack_user(0xffffffffffffffff, 0x0, 0x0) ioctl$auto_UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, 0x0) 0s ago: executing program 5 (id=1984): syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x10001) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000240)={0x0, 0x7}, 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000001df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) socket(0x2, 0x1, 0x106) io_uring_setup$auto(0x6, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket(0x28, 0x5, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000180), r3) sendmsg$auto_NL802154_CMD_DEL_SEC_KEY(r2, 0x0, 0x20044814) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video3\x00', 0x2aa01, 0x0) socket$nl_generic(0x10, 0x3, 0x10) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x3, 0x1, 0x948b, 0x9, 0x15f4da07, 0x6, 0x2, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0x2, 0xd8]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x8000000000001fd, 0x20000000007, 0x4, 0x1000000000000bc3, 0x800, 0x3, 0xff, 0x10001, 0x400000000003, 0x3, 0xfffffffffffffffc, 0xfffffffffffffffe, 0x80000000, 0x9, 0xffffdfffffffff81, 0x4]}, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@in={0x2, 0x300, @loopback=0xac14140a}, 0x55) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x28640, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x40000, 0x0) io_uring_setup$auto(0x6, 0x0) kernel console output (not intermixed with test programs): fter parsing attributes in process `syz.1.1142'. [ 393.313733][T11501] team_slave_1 (unregistering): left promiscuous mode [ 393.348103][T11501] team_slave_1 (unregistering): left allmulticast mode [ 393.420113][T11501] team0: Port device team_slave_1 removed [ 393.465081][T11510] NFSD: Failed to start, no listeners configured. [ 393.848464][ T5636] Bluetooth: hci0: unexpected event 0x2c length: 1022 > 17 [ 393.848498][ T5636] Bluetooth: hci0: Ignoring connect complete event for invalid link type [ 394.211855][T11534] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1155'. [ 395.299682][ T5636] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 395.299704][ T5636] Bluetooth: hci0: unexpected subevent 0x0e length: 725 > 15 [ 395.314739][ T5636] Bluetooth: hci0: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f [ 395.653711][T11558] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1161'. [ 395.942491][T11563] NFSD: Failed to start, no listeners configured. [ 395.983023][T11558] team0: Port device team_slave_1 removed [ 396.635314][ T5636] Bluetooth: hci0: unexpected event 0x03 length: 123 > 11 [ 397.729944][T11602] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1177'. [ 398.016023][T11602] NFSD: Failed to start, no listeners configured. [ 401.262010][T11689] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1206'. [ 402.394308][T11728] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1216'. [ 402.595133][T11728] NFSD: Failed to start, no listeners configured. [ 403.206296][T11752] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1225'. [ 403.445461][T11763] FAULT_INJECTION: forcing a failure. [ 403.445461][T11763] name failslab, interval 1, probability 0, space 0, times 0 [ 403.500017][T11763] CPU: 0 UID: 0 PID: 11763 Comm: syz.3.1230 Tainted: G L syzkaller #0 PREEMPT(full) [ 403.500043][T11763] Tainted: [L]=SOFTLOCKUP [ 403.500049][T11763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 403.500058][T11763] Call Trace: [ 403.500063][T11763] [ 403.500069][T11763] dump_stack_lvl+0x100/0x190 [ 403.500090][T11763] should_fail_ex.cold+0x5/0xa [ 403.500109][T11763] ? __alloc_empty_sheaf+0x35/0x50 [ 403.500130][T11763] should_failslab+0xc2/0x120 [ 403.500148][T11763] __kmalloc_noprof+0xe0/0x850 [ 403.500160][T11763] ? __pcs_replace_empty_main+0x13a/0x650 [ 403.500183][T11763] ? __pcs_replace_empty_main+0x13a/0x650 [ 403.500208][T11763] __alloc_empty_sheaf+0x35/0x50 [ 403.500228][T11763] __pcs_replace_empty_main+0x3e8/0x650 [ 403.500254][T11763] kmem_cache_alloc_noprof+0x480/0x6e0 [ 403.500276][T11763] ? kcm_create+0x11e/0x6a0 [ 403.500300][T11763] kcm_create+0x11e/0x6a0 [ 403.500321][T11763] __sock_create+0x339/0x860 [ 403.500347][T11763] __sys_socket+0x14d/0x260 [ 403.500369][T11763] ? __pfx___sys_socket+0x10/0x10 [ 403.500390][T11763] ? ksys_write+0x1ac/0x250 [ 403.500412][T11763] __x64_sys_socket+0x72/0xb0 [ 403.500425][T11763] ? lockdep_hardirqs_on+0x78/0x100 [ 403.500448][T11763] do_syscall_64+0x10b/0xf80 [ 403.500469][T11763] ? clear_bhb_loop+0x40/0x90 [ 403.500487][T11763] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 403.500502][T11763] RIP: 0033:0x7f7a89f9ce59 [ 403.500515][T11763] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 403.500528][T11763] RSP: 002b:00007f7a8ad9f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 403.500543][T11763] RAX: ffffffffffffffda RBX: 00007f7a8a215fa0 RCX: 00007f7a89f9ce59 [ 403.500552][T11763] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000029 [ 403.500561][T11763] RBP: 00007f7a8a032d6f R08: 0000000000000000 R09: 0000000000000000 [ 403.500569][T11763] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 403.500577][T11763] R13: 00007f7a8a216038 R14: 00007f7a8a215fa0 R15: 00007fff8db1edc8 [ 403.500595][T11763] [ 403.970341][T11776] FAULT_INJECTION: forcing a failure. [ 403.970341][T11776] name failslab, interval 1, probability 0, space 0, times 0 [ 403.988020][T11776] CPU: 0 UID: 0 PID: 11776 Comm: syz.3.1236 Tainted: G L syzkaller #0 PREEMPT(full) [ 403.988044][T11776] Tainted: [L]=SOFTLOCKUP [ 403.988049][T11776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 403.988058][T11776] Call Trace: [ 403.988063][T11776] [ 403.988069][T11776] dump_stack_lvl+0x100/0x190 [ 403.988091][T11776] should_fail_ex.cold+0x5/0xa [ 403.988111][T11776] should_failslab+0xc2/0x120 [ 403.988128][T11776] __kmalloc_cache_noprof+0x7a/0x6f0 [ 403.988149][T11776] ? sctp_endpoint_new+0xfc/0xb20 [ 403.988167][T11776] ? __debug_object_init+0x2de/0x3d0 [ 403.988193][T11776] sctp_endpoint_new+0xfc/0xb20 [ 403.988213][T11776] ? __pfx_sctp_endpoint_new+0x10/0x10 [ 403.988231][T11776] ? lockdep_init_map_type+0x5c/0x250 [ 403.988247][T11776] ? lockdep_init_map_type+0x5c/0x250 [ 403.988261][T11776] ? lockdep_init_map_type+0x5c/0x250 [ 403.988278][T11776] sctp_init_sock+0xe2b/0x1300 [ 403.988295][T11776] ? __pfx_sctp_v6_init_sock+0x10/0x10 [ 403.988313][T11776] sctp_v6_init_sock+0x16/0x70 [ 403.988330][T11776] ? __pfx_sctp_v6_init_sock+0x10/0x10 [ 403.988347][T11776] inet6_create+0xb21/0x12b0 [ 403.988369][T11776] ? inet6_create+0x7f/0x12b0 [ 403.988390][T11776] __sock_create+0x339/0x860 [ 403.988416][T11776] __sys_socket+0x14d/0x260 [ 403.988438][T11776] ? __pfx___sys_socket+0x10/0x10 [ 403.988459][T11776] ? ksys_write+0x1ac/0x250 [ 403.988480][T11776] __x64_sys_socket+0x72/0xb0 [ 403.988493][T11776] ? lockdep_hardirqs_on+0x78/0x100 [ 403.988515][T11776] do_syscall_64+0x10b/0xf80 [ 403.988536][T11776] ? clear_bhb_loop+0x40/0x90 [ 403.988553][T11776] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 403.988568][T11776] RIP: 0033:0x7f7a89f9ce59 [ 403.988581][T11776] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 403.988594][T11776] RSP: 002b:00007f7a8ad9f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 403.988609][T11776] RAX: ffffffffffffffda RBX: 00007f7a8a215fa0 RCX: 00007f7a89f9ce59 [ 403.988618][T11776] RDX: 0000000000000084 RSI: 0000000000000801 RDI: 000000000000000a [ 403.988627][T11776] RBP: 00007f7a8a032d6f R08: 0000000000000000 R09: 0000000000000000 [ 403.988635][T11776] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 403.988643][T11776] R13: 00007f7a8a216038 R14: 00007f7a8a215fa0 R15: 00007fff8db1edc8 [ 403.988661][T11776] [ 404.293251][T11781] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1237'. [ 405.502902][ T5636] Bluetooth: hci0: unexpected subevent 0x18 length: 123 > 19 [ 405.511088][ T5636] Bluetooth: hci0: Unable to find connection for dst f9:56:cc:cc:70:a9 sid 0x00 [ 405.643299][T11822] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 408.383142][T11890] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1274'. [ 408.991841][T11910] capability: warning: `syz.2.1280' uses 32-bit capabilities (legacy support in use) [ 409.927402][T11942] netlink: 'syz.0.1292': attribute type 1 has an invalid length. [ 410.162303][T11945] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1293'. [ 410.384923][T11951] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1296'. [ 410.972642][T11974] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1304'. [ 411.429196][T11991] netlink: 'syz.1.1313': attribute type 1 has an invalid length. [ 412.216787][T12017] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1323'. [ 413.155290][T12032] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1328'. [ 413.749677][T12060] binder: 12059:12060 unknown command 162562 [ 413.789400][T12060] binder: 12059:12060 ioctl c0306201 2000000000c0 returned -22 [ 414.143450][T12071] FAULT_INJECTION: forcing a failure. [ 414.143450][T12071] name failslab, interval 1, probability 0, space 0, times 0 [ 414.257508][T12071] CPU: 0 UID: 0 PID: 12071 Comm: syz.3.1344 Tainted: G L syzkaller #0 PREEMPT(full) [ 414.257533][T12071] Tainted: [L]=SOFTLOCKUP [ 414.257539][T12071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 414.257548][T12071] Call Trace: [ 414.257554][T12071] [ 414.257560][T12071] dump_stack_lvl+0x100/0x190 [ 414.257581][T12071] should_fail_ex.cold+0x5/0xa [ 414.257608][T12071] should_failslab+0xc2/0x120 [ 414.257628][T12071] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 414.257654][T12071] ? __anon_vma_prepare+0xae/0x5e0 [ 414.257679][T12071] __anon_vma_prepare+0xae/0x5e0 [ 414.257699][T12071] ? __pfx___pte_alloc+0x10/0x10 [ 414.257717][T12071] __vmf_anon_prepare+0x11f/0x250 [ 414.257737][T12071] do_anonymous_page+0x536/0x2050 [ 414.257760][T12071] ? __pfx_pgd_none+0x10/0x10 [ 414.257785][T12071] __handle_mm_fault+0x1d2c/0x2a00 [ 414.257809][T12071] ? mt_find+0x45e/0x8e0 [ 414.257825][T12071] ? __pfx___handle_mm_fault+0x10/0x10 [ 414.257846][T12071] ? __pfx_mt_find+0x10/0x10 [ 414.257874][T12071] handle_mm_fault+0x36d/0xa20 [ 414.257899][T12071] __get_user_pages+0x1178/0x32a0 [ 414.257925][T12071] ? __pfx___get_user_pages+0x10/0x10 [ 414.257948][T12071] populate_vma_page_range+0x267/0x3f0 [ 414.257969][T12071] ? __pfx_populate_vma_page_range+0x10/0x10 [ 414.257988][T12071] ? __pfx_find_vma_intersection+0x10/0x10 [ 414.258006][T12071] ? do_mmap+0x93f/0x12f0 [ 414.258026][T12071] __mm_populate+0x107/0x3a0 [ 414.258045][T12071] ? __pfx___mm_populate+0x10/0x10 [ 414.258065][T12071] ? up_write+0x28c/0x4f0 [ 414.258084][T12071] vm_mmap_pgoff+0x37f/0x470 [ 414.258105][T12071] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 414.258124][T12071] ? do_futex+0x192/0x350 [ 414.258142][T12071] ? __pfx_do_futex+0x10/0x10 [ 414.258161][T12071] ksys_mmap_pgoff+0xe4/0x610 [ 414.258180][T12071] ? __x64_sys_futex+0x358/0x4d0 [ 414.258196][T12071] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 414.258213][T12071] ? xfd_validate_state+0x129/0x190 [ 414.258228][T12071] ? ksys_write+0x1ac/0x250 [ 414.258248][T12071] __x64_sys_mmap+0x125/0x190 [ 414.258266][T12071] do_syscall_64+0x10b/0xf80 [ 414.258288][T12071] ? clear_bhb_loop+0x40/0x90 [ 414.258305][T12071] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 414.258320][T12071] RIP: 0033:0x7f7a89f9ce59 [ 414.258333][T12071] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 414.258347][T12071] RSP: 002b:00007f7a8ad9f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 414.258361][T12071] RAX: ffffffffffffffda RBX: 00007f7a8a215fa0 RCX: 00007f7a89f9ce59 [ 414.258371][T12071] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000401000 [ 414.258380][T12071] RBP: 00007f7a8a032d6f R08: 0000000000000002 R09: 0000000000008000 [ 414.258389][T12071] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 414.258398][T12071] R13: 00007f7a8a216038 R14: 00007f7a8a215fa0 R15: 00007fff8db1edc8 [ 414.258418][T12071] [ 415.296649][T12088] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1349'. [ 416.237800][T12108] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1357'. [ 416.379511][T12109] NFSD: Failed to start, no listeners configured. [ 416.474441][T12111] Process accounting resumed [ 416.801490][T12121] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1361'. [ 416.910531][T12121] NFSD: Failed to start, no listeners configured. [ 417.406662][T12132] FAULT_INJECTION: forcing a failure. [ 417.406662][T12132] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 417.519807][T12132] CPU: 0 UID: 0 PID: 12132 Comm: syz.3.1365 Tainted: G L syzkaller #0 PREEMPT(full) [ 417.519833][T12132] Tainted: [L]=SOFTLOCKUP [ 417.519838][T12132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 417.519847][T12132] Call Trace: [ 417.519852][T12132] [ 417.519858][T12132] dump_stack_lvl+0x100/0x190 [ 417.519880][T12132] should_fail_ex.cold+0x5/0xa [ 417.519897][T12132] ? prepare_alloc_pages+0x16d/0x5f0 [ 417.519919][T12132] should_fail_alloc_page+0xeb/0x140 [ 417.519937][T12132] prepare_alloc_pages+0x1f0/0x5f0 [ 417.519959][T12132] __alloc_frozen_pages_noprof+0x19a/0x2bc0 [ 417.519983][T12132] ? __lock_acquire+0x4a5/0x2630 [ 417.519998][T12132] ? tomoyo_path_number_perm+0x46d/0x580 [ 417.520015][T12132] ? kasan_save_stack+0x3f/0x50 [ 417.520029][T12132] ? kasan_save_stack+0x30/0x50 [ 417.520042][T12132] ? kasan_save_track+0x14/0x30 [ 417.520055][T12132] ? kasan_save_free_info+0x3b/0x70 [ 417.520074][T12132] ? __kasan_slab_free+0x5f/0x80 [ 417.520088][T12132] ? look_up_lock_class+0x55/0x120 [ 417.520109][T12132] ? tomoyo_path_number_perm+0x46d/0x580 [ 417.520126][T12132] ? register_lock_class+0x40/0x560 [ 417.520142][T12132] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 417.520168][T12132] ? __lock_acquire+0x4a5/0x2630 [ 417.520191][T12132] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 417.520214][T12132] ? policy_nodemask+0xed/0x4f0 [ 417.520233][T12132] alloc_pages_mpol+0x1fb/0x540 [ 417.520251][T12132] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 417.520268][T12132] ? do_raw_spin_lock+0x128/0x260 [ 417.520291][T12132] ? find_held_lock+0x2b/0x80 [ 417.520313][T12132] ___kmalloc_large_node+0xe5/0x120 [ 417.520334][T12132] __kmalloc_large_noprof+0x1c/0x70 [ 417.520352][T12132] ? get_task_mm+0xc7/0xf0 [ 417.520370][T12132] vhost_dev_set_owner+0x2b6/0xa30 [ 417.520394][T12132] vhost_net_ioctl+0xfa3/0x1910 [ 417.520411][T12132] ? do_vfs_ioctl+0x226/0x13e0 [ 417.520426][T12132] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 417.520441][T12132] ? __pfx_vhost_net_ioctl+0x10/0x10 [ 417.520464][T12132] ? find_held_lock+0x2b/0x80 [ 417.520485][T12132] ? __fget_files+0x215/0x3d0 [ 417.520501][T12132] ? hook_file_ioctl_common+0x149/0x410 [ 417.520521][T12132] ? __fget_files+0x21f/0x3d0 [ 417.520541][T12132] ? __pfx_vhost_net_ioctl+0x10/0x10 [ 417.520560][T12132] __x64_sys_ioctl+0x18e/0x210 [ 417.520576][T12132] do_syscall_64+0x10b/0xf80 [ 417.520598][T12132] ? clear_bhb_loop+0x40/0x90 [ 417.520615][T12132] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 417.520631][T12132] RIP: 0033:0x7f7a89f9ce59 [ 417.520644][T12132] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 417.520658][T12132] RSP: 002b:00007f7a8ad9f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 417.520672][T12132] RAX: ffffffffffffffda RBX: 00007f7a8a215fa0 RCX: 00007f7a89f9ce59 [ 417.520682][T12132] RDX: 0000000000000000 RSI: 000000000000af01 RDI: 0000000000000004 [ 417.520690][T12132] RBP: 00007f7a8a032d6f R08: 0000000000000000 R09: 0000000000000000 [ 417.520699][T12132] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 417.520707][T12132] R13: 00007f7a8a216038 R14: 00007f7a8a215fa0 R15: 00007fff8db1edc8 [ 417.520727][T12132] [ 418.338005][T12140] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1369'. [ 418.391714][T12139] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1370'. [ 418.586936][T12140] NFSD: Failed to start, no listeners configured. [ 418.672457][T12149] netlink: 'syz.1.1373': attribute type 22 has an invalid length. [ 418.692116][T12149] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1373'. [ 418.783116][T12149] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1373'. [ 419.116918][T12159] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1374'. [ 419.295360][T12164] NFSD: Failed to start, no listeners configured. [ 420.044474][T12185] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1384'. [ 420.163469][T12185] NFSD: Failed to start, no listeners configured. [ 421.062145][T12215] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 421.171348][T12215] File: /dev/nullb0 PID: 12215 Comm: syz.3.1394 [ 421.433125][T12233] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1399'. [ 421.560910][T12233] NFSD: Failed to start, no listeners configured. [ 422.496605][T12268] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1411'. [ 422.599333][T12268] NFSD: Failed to start, no listeners configured. [ 424.292753][T12325] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1432'. [ 424.496709][T12331] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1435'. [ 424.553644][T12333] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1436'. [ 424.567470][T12335] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1437'. [ 424.641635][T12333] NFSD: Failed to start, no listeners configured. [ 424.687701][T12339] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1439'. [ 424.778601][T12335] NFSD: Failed to start, no listeners configured. [ 424.927262][T12339] NFSD: Failed to start, no listeners configured. [ 425.477638][T12368] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1446'. [ 426.395800][T12395] netlink: 334 bytes leftover after parsing attributes in process `syz.2.1456'. [ 426.668037][T12400] netlink: 'syz.2.1459': attribute type 22 has an invalid length. [ 426.711750][T12400] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1459'. [ 426.820807][T12400] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1459'. [ 427.352624][T12420] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1467'. [ 427.494394][T12428] netlink: 'syz.0.1470': attribute type 22 has an invalid length. [ 427.521082][T12428] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1470'. [ 427.589509][T12428] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1470'. [ 428.435008][T12464] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1482'. [ 429.231845][T12475] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1485'. [ 429.287914][T12475] NFSD: Failed to start, no listeners configured. [ 429.790402][T12486] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1490'. [ 429.997980][T12497] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1494'. [ 430.010600][T12496] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1495'. [ 431.791908][T12572] __nla_validate_parse: 2 callbacks suppressed [ 431.791923][T12572] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1517'. [ 432.859778][T12611] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1525'. [ 433.102344][T12618] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1528'. [ 433.306613][T12623] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1530'. [ 433.437677][T12631] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1534'. [ 433.748470][T12644] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1538'. [ 433.786175][T12644] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1538'. [ 433.825711][T12644] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1538'. [ 434.477606][T12668] netlink: 'syz.3.1545': attribute type 22 has an invalid length. [ 434.519240][T12668] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1545'. [ 435.047052][T12679] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 435.086623][T12679] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 435.122757][T12679] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 435.160314][T12679] page_type: f5(slab) [ 435.184532][T12679] raw: 00fff00000000040 ffff88801ce948c0 dead000000000100 dead000000000122 [ 435.247191][T12679] raw: 0000000000000000 00000008000d000d 00000000f5000000 0000000000000000 [ 435.342158][T12679] head: 00fff00000000040 ffff88801ce948c0 dead000000000100 dead000000000122 [ 435.389800][T12679] head: 0000000000000000 00000008000d000d 00000000f5000000 0000000000000000 [ 435.446930][T12679] head: 00fff00000000002 ffffffffffffff01 00000000ffffffff 00000000ffffffff [ 435.491880][T12679] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 435.530973][T12679] page dumped because: unmovable page [ 435.553791][T12679] page_owner tracks the page as allocated [ 435.591289][T12679] page last allocated via order 2, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4998, tgid 4998 (udevd), ts 32885297233, free_ts 25979942018 [ 435.678285][T12679] post_alloc_hook+0x153/0x170 [ 435.693988][T12679] get_page_from_freelist+0x11a6/0x33b0 [ 435.715514][T12679] __alloc_frozen_pages_noprof+0x27c/0x2bc0 [ 435.737264][T12679] new_slab+0xa6/0x6c0 [ 435.751863][T12679] refill_objects+0x277/0x420 [ 435.768681][T12679] __pcs_replace_empty_main+0x375/0x650 [ 435.787309][T12679] kmem_cache_alloc_lru_noprof+0x485/0x6e0 [ 435.813514][T12679] alloc_inode+0x183/0x250 [ 435.842737][T12679] iget_locked+0x1d9/0x6d0 [ 435.871724][T12696] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1553'. [ 435.882013][T12679] kernfs_get_inode+0x46/0x470 [ 435.898291][T12679] kernfs_iop_lookup+0x1a7/0x2d0 [ 435.913910][T12679] __lookup_slow+0x251/0x460 [ 435.929186][T12679] lookup_slow+0x50/0x70 [ 435.944196][T12679] path_lookupat+0x5e8/0xc40 [ 435.958896][T12679] filename_lookup+0x202/0x590 [ 435.974313][T12679] vfs_statx+0xff/0x3f0 [ 435.994291][T12679] page last free pid 1 tgid 1 stack trace: [ 436.012370][T12679] __free_frozen_pages+0x747/0x1040 [ 436.029221][T12679] free_contig_range+0xda/0x140 [ 436.044677][T12679] destroy_args+0xa8/0x7a0 [ 436.058642][T12679] debug_vm_pgtable+0x1d69/0x3490 [ 436.078236][T12679] do_one_initcall+0x121/0x750 [ 436.094475][T12679] kernel_init_freeable+0x6ea/0x7b0 [ 436.110279][T12679] kernel_init+0x1f/0x1e0 [ 436.123488][T12679] ret_from_fork+0x72b/0xd50 [ 436.139323][T12679] ret_from_fork_asm+0x1a/0x30 [ 436.907886][T12726] __nla_validate_parse: 2 callbacks suppressed [ 436.907899][T12726] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1564'. [ 437.920370][T12755] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1573'. [ 439.986700][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 439.994792][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 451.901071][ T8054] Process accounting paused [ 452.101650][ T5629] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 452.119014][ T5631] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 452.126607][ T5631] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 452.137737][ T5631] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 452.147808][ T5631] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 452.155420][ T5631] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 452.180450][ T5631] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 452.188218][ T5631] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 452.201438][ T5631] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 452.209294][ T5631] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 452.813581][ T5629] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 452.826267][ T5629] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 452.834976][ T5629] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 452.846970][ T5629] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 452.854429][ T5629] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 454.041895][T12799] bridge0: port 1(bridge_slave_0) entered blocking state [ 454.059964][T12799] bridge0: port 1(bridge_slave_0) entered disabled state [ 454.073515][T12799] bridge_slave_0: entered allmulticast mode [ 454.088438][T12799] bridge_slave_0: entered promiscuous mode [ 454.108674][T12800] bridge0: port 1(bridge_slave_0) entered blocking state [ 454.124189][T12800] bridge0: port 1(bridge_slave_0) entered disabled state [ 454.137344][T12800] bridge_slave_0: entered allmulticast mode [ 454.155262][T12800] bridge_slave_0: entered promiscuous mode [ 454.175464][T12800] bridge0: port 2(bridge_slave_1) entered blocking state [ 454.185209][T12800] bridge0: port 2(bridge_slave_1) entered disabled state [ 454.201194][T12800] bridge_slave_1: entered allmulticast mode [ 454.216496][T12800] bridge_slave_1: entered promiscuous mode [ 454.224304][ T5631] Bluetooth: hci5: command tx timeout [ 454.246716][T12799] bridge0: port 2(bridge_slave_1) entered blocking state [ 454.261237][T12799] bridge0: port 2(bridge_slave_1) entered disabled state [ 454.281419][T12799] bridge_slave_1: entered allmulticast mode [ 454.290208][T12799] bridge_slave_1: entered promiscuous mode [ 454.305666][ T5631] Bluetooth: hci4: command tx timeout [ 454.391596][T12800] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 454.430234][T12799] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 454.465073][T12799] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 454.480920][T12800] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 454.615528][T12800] team0: Port device team_slave_0 added [ 454.635522][T12800] team0: Port device team_slave_1 added [ 454.658322][T12799] team0: Port device team_slave_0 added [ 454.685127][T12799] team0: Port device team_slave_1 added [ 454.715697][ T30] audit: type=1800 audit(1843123168.895:15): pid=12878 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1604" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 454.795238][T12800] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 454.805158][T12800] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 454.862050][T12800] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 454.888120][T12800] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 454.903306][T12800] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 454.947931][ T5631] Bluetooth: hci6: command tx timeout [ 454.965475][T12800] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 454.988045][T12799] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 455.003864][T12799] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 455.057944][T12799] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 455.104613][T12799] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 455.120024][T12799] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 455.173387][T12799] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 455.265744][T12800] hsr_slave_0: entered promiscuous mode [ 455.280432][T12800] hsr_slave_1: entered promiscuous mode [ 455.293165][T12800] debugfs: 'hsr0' already exists in 'hsr' [ 455.303518][T12800] Cannot create hsr debugfs directory [ 455.388837][T12799] hsr_slave_0: entered promiscuous mode [ 455.413974][T12799] hsr_slave_1: entered promiscuous mode [ 455.426074][T12799] debugfs: 'hsr0' already exists in 'hsr' [ 455.444791][T12799] Cannot create hsr debugfs directory [ 455.677467][T12825] bridge0: port 1(bridge_slave_0) entered blocking state [ 455.702643][T12825] bridge0: port 1(bridge_slave_0) entered disabled state [ 455.731727][T12825] bridge_slave_0: entered allmulticast mode [ 455.748662][T12825] bridge_slave_0: entered promiscuous mode [ 455.837856][T12825] bridge0: port 2(bridge_slave_1) entered blocking state [ 455.853879][T12825] bridge0: port 2(bridge_slave_1) entered disabled state [ 455.871126][T12825] bridge_slave_1: entered allmulticast mode [ 455.885253][T12825] bridge_slave_1: entered promiscuous mode [ 456.007713][T12825] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 456.081641][T12825] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 456.157587][T12825] team0: Port device team_slave_0 added [ 456.197189][T12825] team0: Port device team_slave_1 added [ 456.264165][T12825] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 456.277360][T12825] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 456.305253][ T5631] Bluetooth: hci5: command tx timeout [ 456.311218][T12825] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 456.375914][T12825] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 456.382922][T12825] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 456.408982][ T5631] Bluetooth: hci4: command tx timeout [ 456.417946][T12825] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 456.527165][T12825] hsr_slave_0: entered promiscuous mode [ 456.540167][T12825] hsr_slave_1: entered promiscuous mode [ 456.558115][T12825] debugfs: 'hsr0' already exists in 'hsr' [ 456.573003][T12825] Cannot create hsr debugfs directory [ 456.649853][T12800] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 456.677364][T12800] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 456.709127][T12800] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 456.731347][T12800] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 456.751470][T12800] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 456.792398][T12800] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 456.869808][T12800] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 456.887507][T12800] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 457.023548][ T5631] Bluetooth: hci6: command tx timeout [ 457.098110][T12799] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 457.124332][T12799] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 457.143806][T12799] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 457.158395][T12799] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 457.182537][T12799] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 457.215837][T12799] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 457.295764][T12799] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 457.327608][T12799] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 457.448364][T12825] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 457.466611][T12825] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 457.488544][T12825] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 457.509861][T12825] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 457.537580][T12825] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 457.556056][T12825] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 457.589711][T12825] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 457.608316][T12825] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 457.651266][T12800] 8021q: adding VLAN 0 to HW filter on device bond0 [ 457.710539][T12800] 8021q: adding VLAN 0 to HW filter on device team0 [ 457.747816][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 457.754945][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 457.807771][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 457.814887][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 457.855511][T12799] 8021q: adding VLAN 0 to HW filter on device bond0 [ 457.907617][T12799] 8021q: adding VLAN 0 to HW filter on device team0 [ 457.941941][ T82] bridge0: port 1(bridge_slave_0) entered blocking state [ 457.949054][ T82] bridge0: port 1(bridge_slave_0) entered forwarding state [ 458.006550][ T82] bridge0: port 2(bridge_slave_1) entered blocking state [ 458.013681][ T82] bridge0: port 2(bridge_slave_1) entered forwarding state [ 458.114876][T12825] 8021q: adding VLAN 0 to HW filter on device bond0 [ 458.189971][T12825] 8021q: adding VLAN 0 to HW filter on device team0 [ 458.246278][ T82] bridge0: port 1(bridge_slave_0) entered blocking state [ 458.253396][ T82] bridge0: port 1(bridge_slave_0) entered forwarding state [ 458.325716][ T82] bridge0: port 2(bridge_slave_1) entered blocking state [ 458.332831][ T82] bridge0: port 2(bridge_slave_1) entered forwarding state [ 458.384202][ T5631] Bluetooth: hci5: command tx timeout [ 458.463682][ T5631] Bluetooth: hci4: command tx timeout [ 459.103730][ T5631] Bluetooth: hci6: command tx timeout [ 459.146797][T12800] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 459.374430][T12799] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 459.648659][T12825] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 459.930694][T12800] veth0_vlan: entered promiscuous mode [ 459.979055][T12800] veth1_vlan: entered promiscuous mode [ 460.100963][T12800] veth0_macvtap: entered promiscuous mode [ 460.140324][T12800] veth1_macvtap: entered promiscuous mode [ 460.221342][T12800] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 460.251219][T12799] veth0_vlan: entered promiscuous mode [ 460.281105][T12800] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 460.310910][T12799] veth1_vlan: entered promiscuous mode [ 460.331739][ T47] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 460.363816][ T47] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 460.388578][ T47] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 460.407504][T12992] netlink: zone id is out of range [ 460.429768][ T47] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 460.439805][T12992] netlink: zone id is out of range [ 460.462323][T12992] netlink: zone id is out of range [ 460.471395][ T5631] Bluetooth: hci5: command tx timeout [ 460.543699][ T5631] Bluetooth: hci4: command tx timeout [ 460.578716][T12825] veth0_vlan: entered promiscuous mode [ 460.607535][T12992] netlink: set zone limit has 8 unknown bytes [ 460.625659][T12799] veth0_macvtap: entered promiscuous mode [ 460.652718][T12825] veth1_vlan: entered promiscuous mode [ 460.670306][T12799] veth1_macvtap: entered promiscuous mode [ 460.696781][ T82] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 460.729829][ T82] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 460.800736][T12799] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 460.822961][ T1321] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 460.835475][T12825] veth0_macvtap: entered promiscuous mode [ 460.855696][ T1321] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 460.868706][T12799] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 460.896206][T12825] veth1_macvtap: entered promiscuous mode [ 460.931815][ T1321] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 460.959555][ T1321] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 460.995942][ T1321] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 461.027717][ T1321] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 461.076395][T12825] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 461.149327][T12825] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 461.183937][ T5631] Bluetooth: hci6: command tx timeout [ 461.225020][ T82] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 461.262881][ T82] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 461.322724][ T82] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 461.385687][ T82] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 461.487153][ T1321] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 461.540816][ T1321] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 461.657950][ T82] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 461.701578][ T82] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 461.717171][ T1321] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 461.766336][ T1321] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 461.783335][ T30] audit: type=1800 audit(1843123175.955:16): pid=13013 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.1627" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 461.897184][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 461.936767][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 462.766499][T13033] bridge0: port 4(bond0) entered blocking state [ 462.800949][T13033] bridge0: port 4(bond0) entered disabled state [ 462.842843][T13033] bond0: entered allmulticast mode [ 462.868791][T13033] bond_slave_0: entered allmulticast mode [ 462.889653][T13033] bond_slave_1: entered allmulticast mode [ 462.915369][T13033] bond0: entered promiscuous mode [ 462.936053][T13033] bond_slave_0: entered promiscuous mode [ 462.960648][T13033] bond_slave_1: entered promiscuous mode [ 462.991591][T13033] bridge0: port 4(bond0) entered blocking state [ 462.997935][T13033] bridge0: port 4(bond0) entered forwarding state [ 464.212077][ T5631] Bluetooth: hci6: unexpected event 0x14 length: 16 > 6 [ 464.326499][T13068] netlink: 'syz.6.1645': attribute type 33 has an invalid length. [ 467.598343][T13109] netlink: 338 bytes leftover after parsing attributes in process `syz.5.1663'. [ 467.939370][T13117] netlink: 54 bytes leftover after parsing attributes in process `syz.5.1665'. [ 468.802073][T13129] netlink: 'syz.6.1670': attribute type 22 has an invalid length. [ 468.811057][T13129] netlink: 330 bytes leftover after parsing attributes in process `syz.6.1670'. [ 470.498691][T13156] netlink: 330 bytes leftover after parsing attributes in process `syz.5.1678'. [ 470.970555][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 470.978258][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 470.998191][T13164] can: request_module (can-proto-0) failed. [ 471.014218][T13168] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 471.021925][T13168] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 471.777481][ T5631] Bluetooth: hci6: unexpected event 0x3e length: 508 > 260 [ 471.777506][ T5631] Bluetooth: hci6: unexpected subevent 0x02 length: 507 > 260 [ 471.793179][ T5631] Bluetooth: hci6: Dropping invalid advertising data [ 471.801960][ T5631] Bluetooth: hci6: unknown advertising packet type: 0xe9 [ 471.801978][ T5631] Bluetooth: hci6: unknown advertising packet type: 0xff [ 471.809681][ T5631] Bluetooth: hci6: unknown advertising packet type: 0xff [ 471.816720][ T5631] Bluetooth: hci6: Malformed LE Event: 0x02 [ 471.915085][T13181] netlink: 'syz.6.1686': attribute type 22 has an invalid length. [ 471.923012][T13181] netlink: 330 bytes leftover after parsing attributes in process `syz.6.1686'. [ 472.217534][T13186] netlink: 330 bytes leftover after parsing attributes in process `syz.5.1688'. [ 472.354040][T13191] futex_wake_op: syz.5.1690 tries to shift op by -2048; fix this program [ 472.369963][T13191] futex_wake_op: syz.5.1690 tries to shift op by -2048; fix this program [ 473.602048][T13211] ptrace attach of "ci-qemu-gce-upstream-auto/syz-executor exec"[12825] was attempted by "hl!-cy*PCċ,(46aZdŅem+q4b\x0bu\x1bΣz:}ȼʩ\x22oJ lC[+ϧC)*F]oXtrs\x22~TM-TLj@EʝVa)灬XX\x22EXnr\x5c1]#Iє\x09S\x1bss\x0agX18\x0bldH3 OVC\x1b&l'rFۚ'n\x0707it->Պ^jR/(ʴpEE.GtLYj@wq#^\x09=;E\x09Y@yfe|kRLJRԭl\x0dҞs|+dž{a4Qc\x09<ۓZV|j]* =R F\x07!7Z!\x09J@,\x0c*dtE=lG.ھn*84jc65x;‚hegoUx#)8Z\x0dwV4v9Sɉgd k7]x\x22X14ocf\x0dn9T1WY?0A׷@g\x0d\x1bo<7*}i{1=\x0c\x0afC_E3)+m'>%`\x0btU\x5ch]Ib1ƒVƤm*$c^/lHzUczt?Ptdz`9bs̘-KFAYzzphெihe\x0b|tP.r.OioR7Oe Jxęc *UKm>\x0a4:EL|H\x09忹:Im#jV2lC [ 475.007126][T13230] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 477.201654][T13259] netlink: 330 bytes leftover after parsing attributes in process `syz.6.1707'. [ 477.427087][ T5631] Bluetooth: hci6: unexpected subevent 0x01 length: 123 > 18 [ 477.562519][T13264] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input7 [ 477.933078][T13272] netlink: 338 bytes leftover after parsing attributes in process `syz.5.1710'. [ 478.628919][ T5629] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 478.640810][ T5629] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 478.651043][ T5629] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 478.665029][ T5629] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 478.672767][ T5629] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 478.860619][T13290] FAULT_INJECTION: forcing a failure. [ 478.860619][T13290] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 478.912144][T13290] CPU: 0 UID: 0 PID: 13290 Comm: syz.5.1715 Tainted: G L syzkaller #0 PREEMPT(full) [ 478.912170][T13290] Tainted: [L]=SOFTLOCKUP [ 478.912175][T13290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 478.912185][T13290] Call Trace: [ 478.912191][T13290] [ 478.912196][T13290] dump_stack_lvl+0x100/0x190 [ 478.912223][T13290] should_fail_ex.cold+0x5/0xa [ 478.912240][T13290] ? prepare_alloc_pages+0x16d/0x5f0 [ 478.912261][T13290] should_fail_alloc_page+0xeb/0x140 [ 478.912280][T13290] prepare_alloc_pages+0x1f0/0x5f0 [ 478.912302][T13290] __alloc_frozen_pages_noprof+0x19a/0x2bc0 [ 478.912331][T13290] ? __lock_acquire+0x4a5/0x2630 [ 478.912349][T13290] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 478.912383][T13290] ? __resched_curr+0xf8/0x3b0 [ 478.912402][T13290] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 478.912424][T13290] ? policy_nodemask+0xed/0x4f0 [ 478.912443][T13290] alloc_pages_mpol+0x1fb/0x540 [ 478.912461][T13290] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 478.912479][T13290] ? __lock_acquire+0x4a5/0x2630 [ 478.912495][T13290] folio_alloc_mpol_noprof+0x36/0x260 [ 478.912516][T13290] vma_alloc_folio_noprof+0xed/0x1d0 [ 478.912535][T13290] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 478.912560][T13290] do_anonymous_page+0xb46/0x2050 [ 478.912582][T13290] ? rcu_read_unlock+0x2d/0xb0 [ 478.912608][T13290] __handle_mm_fault+0x1d2c/0x2a00 [ 478.912632][T13290] ? mt_find+0x45e/0x8e0 [ 478.912648][T13290] ? __pfx___handle_mm_fault+0x10/0x10 [ 478.912668][T13290] ? __pfx_mt_find+0x10/0x10 [ 478.912692][T13290] ? find_vma+0xbf/0x140 [ 478.912707][T13290] ? __pfx_find_vma+0x10/0x10 [ 478.912725][T13290] handle_mm_fault+0x36d/0xa20 [ 478.912751][T13290] do_user_addr_fault+0x74c/0x12f0 [ 478.912772][T13290] ? trace_page_fault_kernel+0x7a/0x200 [ 478.912791][T13290] exc_page_fault+0x6f/0xd0 [ 478.912814][T13290] asm_exc_page_fault+0x26/0x30 [ 478.912828][T13290] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 478.912846][T13290] Code: 9b 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 478.912860][T13290] RSP: 0018:ffffc90004cdfbd0 EFLAGS: 00050246 [ 478.912873][T13290] RAX: 0000000000000001 RBX: 0000000000000040 RCX: 0000000000000040 [ 478.912882][T13290] RDX: 0000000000000001 RSI: ffffc90004cdfc68 RDI: 0000200000018000 [ 478.912891][T13290] RBP: 0000200000018000 R08: 0000000000000000 R09: fffff5200099bf94 [ 478.912900][T13290] R10: ffffc90004cdfca7 R11: 0000000000000000 R12: ffffc90004cdfc68 [ 478.912909][T13290] R13: 0000200000018040 R14: 00007ffffffff000 R15: 0000000000000000 [ 478.912927][T13290] _copy_to_user+0xa4/0xd0 [ 478.912944][T13290] rng_dev_read+0x223/0x910 [ 478.912961][T13290] ? __pfx_virtio_read+0x10/0x10 [ 478.912987][T13290] ? __pfx_rng_dev_read+0x10/0x10 [ 478.913007][T13290] ? bpf_lsm_file_permission+0x9/0x10 [ 478.913021][T13290] ? security_file_permission+0x76/0x210 [ 478.913040][T13290] ? rw_verify_area+0xce/0x6d0 [ 478.913055][T13290] ? __pfx_rng_dev_read+0x10/0x10 [ 478.913071][T13290] vfs_read+0x1e4/0xb30 [ 478.913090][T13290] ? __pfx_vfs_read+0x10/0x10 [ 478.913104][T13290] ? find_held_lock+0x2b/0x80 [ 478.913122][T13290] ? __fget_files+0x215/0x3d0 [ 478.913139][T13290] ? __fget_files+0x215/0x3d0 [ 478.913158][T13290] ? __fget_files+0x21f/0x3d0 [ 478.913180][T13290] ksys_read+0x12a/0x250 [ 478.913196][T13290] ? __pfx_ksys_read+0x10/0x10 [ 478.913214][T13290] ? rcu_is_watching+0x12/0xc0 [ 478.913234][T13290] do_syscall_64+0x10b/0xf80 [ 478.913255][T13290] ? clear_bhb_loop+0x40/0x90 [ 478.913273][T13290] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 478.913287][T13290] RIP: 0033:0x7fe80e99ce59 [ 478.913299][T13290] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 478.913313][T13290] RSP: 002b:00007fe80f82f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 478.913325][T13290] RAX: ffffffffffffffda RBX: 00007fe80ec15fa0 RCX: 00007fe80e99ce59 [ 478.913335][T13290] RDX: 00000000fffffe82 RSI: 0000200000000040 RDI: 0000000000000004 [ 478.913343][T13290] RBP: 00007fe80ea32d6f R08: 0000000000000000 R09: 0000000000000000 [ 478.913352][T13290] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 478.913361][T13290] R13: 00007fe80ec16038 R14: 00007fe80ec15fa0 R15: 00007fff839501a8 [ 478.913380][T13290] [ 479.839469][ T5629] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 479.869568][ T5636] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 479.906598][ T5636] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 479.988878][ T5636] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 480.009082][ T5629] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 480.477723][T13322] netlink: 338 bytes leftover after parsing attributes in process `syz.5.1720'. [ 480.704235][ T5631] Bluetooth: hci7: command tx timeout [ 480.922586][T13283] bridge0: port 1(bridge_slave_0) entered blocking state [ 480.960653][T13283] bridge0: port 1(bridge_slave_0) entered disabled state [ 480.978591][T13283] bridge_slave_0: entered allmulticast mode [ 480.992703][T13283] bridge_slave_0: entered promiscuous mode [ 481.029096][T13283] bridge0: port 2(bridge_slave_1) entered blocking state [ 481.048963][T13283] bridge0: port 2(bridge_slave_1) entered disabled state [ 481.065059][T13283] bridge_slave_1: entered allmulticast mode [ 481.081999][T13283] bridge_slave_1: entered promiscuous mode [ 481.173096][T13283] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 481.198922][T13283] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 481.298682][T13283] team0: Port device team_slave_0 added [ 481.325815][T13283] team0: Port device team_slave_1 added [ 481.409653][T13283] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 481.425050][T13283] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 481.479973][T13283] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 481.535865][T13283] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 481.550752][T13283] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 481.615849][T13283] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 481.778225][T13283] hsr_slave_0: entered promiscuous mode [ 481.789155][T13283] hsr_slave_1: entered promiscuous mode [ 481.795982][T13283] debugfs: 'hsr0' already exists in 'hsr' [ 481.801817][T13283] Cannot create hsr debugfs directory [ 482.035688][T13298] bridge0: port 1(bridge_slave_0) entered blocking state [ 482.043106][T13298] bridge0: port 1(bridge_slave_0) entered disabled state [ 482.063602][ T5631] Bluetooth: hci8: command tx timeout [ 482.073451][T13298] bridge_slave_0: entered allmulticast mode [ 482.089632][T13298] bridge_slave_0: entered promiscuous mode [ 482.127807][T13298] bridge0: port 2(bridge_slave_1) entered blocking state [ 482.153426][T13298] bridge0: port 2(bridge_slave_1) entered disabled state [ 482.170792][T13298] bridge_slave_1: entered allmulticast mode [ 482.189835][T13298] bridge_slave_1: entered promiscuous mode [ 482.260919][T13298] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 482.288146][T13298] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 482.454943][T13298] team0: Port device team_slave_0 added [ 482.508746][T13298] team0: Port device team_slave_1 added [ 482.573848][T13283] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 482.594180][T13283] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 482.611977][T13283] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 482.640396][T13283] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 482.655723][T13298] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 482.670162][T13298] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 482.728677][T13298] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 482.753078][T13283] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 482.767667][T13283] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 482.779955][T13298] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 482.787908][ T5631] Bluetooth: hci7: command tx timeout [ 482.796548][T13298] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 482.824876][T13298] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 482.842817][T13283] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 482.852393][T13283] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 482.946676][T13298] hsr_slave_0: entered promiscuous mode [ 482.953068][T13298] hsr_slave_1: entered promiscuous mode [ 482.959637][T13298] debugfs: 'hsr0' already exists in 'hsr' [ 482.966849][T13298] Cannot create hsr debugfs directory [ 483.389263][T13283] 8021q: adding VLAN 0 to HW filter on device bond0 [ 483.441495][T13283] 8021q: adding VLAN 0 to HW filter on device team0 [ 483.552241][ T1321] bridge0: port 1(bridge_slave_0) entered blocking state [ 483.559449][ T1321] bridge0: port 1(bridge_slave_0) entered forwarding state [ 483.619053][ T1321] bridge0: port 2(bridge_slave_1) entered blocking state [ 483.626302][ T1321] bridge0: port 2(bridge_slave_1) entered forwarding state [ 483.716881][T13298] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 483.753106][T13298] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 483.785041][T13298] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 483.810498][T13298] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 483.845775][T13298] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 483.881977][T13298] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 483.902190][T13298] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 483.915295][ T5631] Bluetooth: hci6: unexpected event 0x3e length: 726 > 260 [ 483.915315][ T5631] Bluetooth: hci6: unexpected subevent 0x0d length: 725 > 260 [ 483.930551][ T5631] Bluetooth: hci6: Unknown advertising packet type: 0x7f [ 483.930567][ T5631] Bluetooth: hci6: Unknown advertising packet type: 0x3d [ 483.937814][ T5631] Bluetooth: hci6: adv larger than maximum supported [ 483.944945][ T5631] Bluetooth: hci6: adv larger than maximum supported [ 483.955439][ T5631] Bluetooth: hci6: Malformed LE Event: 0x0d [ 483.982377][T13298] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 484.144992][ T5631] Bluetooth: hci8: command tx timeout [ 484.296886][T13298] 8021q: adding VLAN 0 to HW filter on device bond0 [ 484.359912][T13298] 8021q: adding VLAN 0 to HW filter on device team0 [ 484.416851][ T154] bridge0: port 1(bridge_slave_0) entered blocking state [ 484.423959][ T154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 484.501443][ T154] bridge0: port 2(bridge_slave_1) entered blocking state [ 484.508552][ T154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 484.863808][ T5631] Bluetooth: hci7: command tx timeout [ 485.276894][T13283] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 485.858825][T13298] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 486.007613][T13418] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1730'. [ 486.125980][T13418] hsr_slave_0 (unregistering): left promiscuous mode [ 486.223558][ T5631] Bluetooth: hci8: command tx timeout [ 486.236182][T13283] veth0_vlan: entered promiscuous mode [ 486.290958][T13283] veth1_vlan: entered promiscuous mode [ 486.413061][T13283] veth0_macvtap: entered promiscuous mode [ 486.457113][T13283] veth1_macvtap: entered promiscuous mode [ 486.530688][T13283] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 486.590355][T13283] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 486.660285][ T82] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 486.692180][ T82] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 486.749293][ T82] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 486.778979][ T82] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 486.943568][ T5631] Bluetooth: hci7: command tx timeout [ 486.964066][T13298] veth0_vlan: entered promiscuous mode [ 487.039131][ T47] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 487.061168][T13298] veth1_vlan: entered promiscuous mode [ 487.079818][ T47] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 487.186026][ T82] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 487.226221][T13298] veth0_macvtap: entered promiscuous mode [ 487.235584][ T82] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 487.278435][T13298] veth1_macvtap: entered promiscuous mode [ 487.338711][T13298] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 487.373785][T13434] input: f as /devices/virtual/input/input8 [ 487.404091][T13298] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 487.464641][ T13] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 487.499593][ T13] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 487.544989][ T13] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 487.595182][ T13] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 487.799439][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 487.842768][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 487.927175][ T82] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 487.965230][ T82] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 488.304422][ T5631] Bluetooth: hci8: command tx timeout [ 489.783725][T13472] netlink: 354 bytes leftover after parsing attributes in process `syz.6.1739'. [ 491.756360][T13513] ecryptfs_miscdev_write: Invalid packet size [0] [ 493.541876][ T5631] Bluetooth: hci7: unexpected event 0x1c length: 725 > 5 [ 493.949289][T13542] input: f as /devices/virtual/input/input9 [ 494.771289][T13555] FAULT_INJECTION: forcing a failure. [ 494.771289][T13555] name failslab, interval 1, probability 0, space 0, times 0 [ 494.879158][T13555] CPU: 0 UID: 0 PID: 13555 Comm: syz.5.1760 Tainted: G L syzkaller #0 PREEMPT(full) [ 494.879189][T13555] Tainted: [L]=SOFTLOCKUP [ 494.879195][T13555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 494.879204][T13555] Call Trace: [ 494.879210][T13555] [ 494.879216][T13555] dump_stack_lvl+0x100/0x190 [ 494.879239][T13555] should_fail_ex.cold+0x5/0xa [ 494.879266][T13555] should_failslab+0xc2/0x120 [ 494.879285][T13555] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 494.879310][T13555] ? __alloc_skb+0x140/0x710 [ 494.879330][T13555] __alloc_skb+0x140/0x710 [ 494.879345][T13555] ? __alloc_skb+0x5b7/0x710 [ 494.879360][T13555] ? __pfx___alloc_skb+0x10/0x10 [ 494.879376][T13555] ? kasan_quarantine_put+0x104/0x240 [ 494.879391][T13555] ? lockdep_hardirqs_on+0x78/0x100 [ 494.879417][T13555] __pskb_copy_fclone+0xf2/0xdb0 [ 494.879441][T13555] tipc_sk_mcast_rcv+0x7e9/0xf10 [ 494.879461][T13555] ? __alloc_skb+0x5b7/0x710 [ 494.879482][T13555] ? __pfx_tipc_sk_mcast_rcv+0x10/0x10 [ 494.879502][T13555] ? __pskb_copy_fclone+0x498/0xdb0 [ 494.879528][T13555] ? find_held_lock+0x2b/0x80 [ 494.879546][T13555] ? tipc_mcast_xmit+0x6d7/0xfc0 [ 494.879565][T13555] ? tipc_mcast_xmit+0x6d7/0xfc0 [ 494.879585][T13555] tipc_mcast_xmit+0x713/0xfc0 [ 494.879607][T13555] ? __pfx_tipc_mcast_xmit+0x10/0x10 [ 494.879625][T13555] ? skb_put+0x138/0x180 [ 494.879662][T13555] ? tipc_send_group_bcast+0x76b/0xa20 [ 494.879678][T13555] tipc_send_group_bcast+0x76b/0xa20 [ 494.879700][T13555] ? __pfx_tipc_send_group_bcast+0x10/0x10 [ 494.879719][T13555] ? __pfx_woken_wake_function+0x10/0x10 [ 494.879739][T13555] ? __pfx_tipc_sk_filter_rcv+0x10/0x10 [ 494.879757][T13555] ? aa_label_sk_perm+0x194/0x5f0 [ 494.879785][T13555] __tipc_sendmsg+0x4a3/0x1ad0 [ 494.879803][T13555] ? __lock_acquire+0x4a5/0x2630 [ 494.879821][T13555] ? __pfx___tipc_sendmsg+0x10/0x10 [ 494.879839][T13555] ? __lock_acquire+0x4a5/0x2630 [ 494.879852][T13555] ? __lock_acquire+0x4a5/0x2630 [ 494.879866][T13555] ? __lock_acquire+0x4a5/0x2630 [ 494.879893][T13555] ? __local_bh_enable_ip+0x9e/0x120 [ 494.879914][T13555] tipc_sendmsg+0x4f/0x70 [ 494.879932][T13555] ____sys_sendmsg+0x9e1/0xb70 [ 494.879953][T13555] ? __pfx_tipc_sendmsg+0x10/0x10 [ 494.879973][T13555] ? __pfx_____sys_sendmsg+0x10/0x10 [ 494.879997][T13555] ? rcu_is_watching+0x12/0xc0 [ 494.880013][T13555] ? ___sys_sendmsg+0x19d/0x1e0 [ 494.880034][T13555] ? kfree+0x1dd/0x6c0 [ 494.880056][T13555] ___sys_sendmsg+0x190/0x1e0 [ 494.880080][T13555] ? __pfx____sys_sendmsg+0x10/0x10 [ 494.880118][T13555] ? __pfx___might_resched+0x10/0x10 [ 494.880139][T13555] __sys_sendmmsg+0x205/0x430 [ 494.880159][T13555] ? __pfx___sys_sendmmsg+0x10/0x10 [ 494.880190][T13555] ? __pfx_do_futex+0x10/0x10 [ 494.880206][T13555] ? __pfx_do_sys_openat2+0x10/0x10 [ 494.880239][T13555] ? xfd_validate_state+0x129/0x190 [ 494.880266][T13555] __x64_sys_sendmmsg+0x9c/0x100 [ 494.880285][T13555] ? lockdep_hardirqs_on+0x78/0x100 [ 494.880308][T13555] do_syscall_64+0x10b/0xf80 [ 494.880330][T13555] ? clear_bhb_loop+0x40/0x90 [ 494.880348][T13555] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 494.880364][T13555] RIP: 0033:0x7fe80e99ce59 [ 494.880377][T13555] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 494.880392][T13555] RSP: 002b:00007fe80f82f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 494.880407][T13555] RAX: ffffffffffffffda RBX: 00007fe80ec15fa0 RCX: 00007fe80e99ce59 [ 494.880417][T13555] RDX: 00000000000009a6 RSI: 0000000000000000 RDI: 0000000000000004 [ 494.880426][T13555] RBP: 00007fe80ea32d6f R08: 0000000000000000 R09: 0000000000000000 [ 494.880435][T13555] R10: 0000000000000230 R11: 0000000000000246 R12: 0000000000000000 [ 494.880444][T13555] R13: 00007fe80ec16038 R14: 00007fe80ec15fa0 R15: 00007fff839501a8 [ 494.880464][T13555] [ 495.348835][T13555] tipc: Failed to clone mcast rcv buffer [ 498.005107][T13596] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 498.329072][T13608] random: crng reseeded on system resumption [ 499.157386][T13620] FAULT_INJECTION: forcing a failure. [ 499.157386][T13620] name failslab, interval 1, probability 0, space 0, times 0 [ 499.171352][T13620] CPU: 0 UID: 0 PID: 13620 Comm: syz.6.1773 Tainted: G L syzkaller #0 PREEMPT(full) [ 499.171378][T13620] Tainted: [L]=SOFTLOCKUP [ 499.171383][T13620] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 499.171393][T13620] Call Trace: [ 499.171398][T13620] [ 499.171404][T13620] dump_stack_lvl+0x100/0x190 [ 499.171426][T13620] should_fail_ex.cold+0x5/0xa [ 499.171446][T13620] should_failslab+0xc2/0x120 [ 499.171464][T13620] __kmalloc_cache_noprof+0x7a/0x6f0 [ 499.171485][T13620] ? tipc_dest_push+0x148/0x310 [ 499.171505][T13620] tipc_dest_push+0x148/0x310 [ 499.171522][T13620] tipc_nametbl_lookup_mcast_sockets+0x2b8/0x500 [ 499.171545][T13620] tipc_sk_mcast_rcv+0x4ec/0xf10 [ 499.171564][T13620] ? __alloc_skb+0x5b7/0x710 [ 499.171586][T13620] ? __pfx_tipc_sk_mcast_rcv+0x10/0x10 [ 499.171606][T13620] ? __pskb_copy_fclone+0x498/0xdb0 [ 499.171633][T13620] ? find_held_lock+0x2b/0x80 [ 499.171651][T13620] ? tipc_mcast_xmit+0x6d7/0xfc0 [ 499.171669][T13620] ? tipc_mcast_xmit+0x6d7/0xfc0 [ 499.171690][T13620] tipc_mcast_xmit+0x713/0xfc0 [ 499.171715][T13620] ? __pfx_tipc_mcast_xmit+0x10/0x10 [ 499.171733][T13620] ? skb_put+0x138/0x180 [ 499.171772][T13620] ? tipc_send_group_bcast+0x76b/0xa20 [ 499.171787][T13620] tipc_send_group_bcast+0x76b/0xa20 [ 499.171810][T13620] ? __pfx_tipc_send_group_bcast+0x10/0x10 [ 499.171829][T13620] ? __pfx_woken_wake_function+0x10/0x10 [ 499.171855][T13620] ? __pfx_tipc_sk_filter_rcv+0x10/0x10 [ 499.171875][T13620] ? aa_label_sk_perm+0x194/0x5f0 [ 499.171904][T13620] __tipc_sendmsg+0x4a3/0x1ad0 [ 499.171923][T13620] ? __lock_acquire+0x4a5/0x2630 [ 499.171940][T13620] ? __pfx___tipc_sendmsg+0x10/0x10 [ 499.171958][T13620] ? __lock_acquire+0x4a5/0x2630 [ 499.171972][T13620] ? __lock_acquire+0x4a5/0x2630 [ 499.171986][T13620] ? __lock_acquire+0x4a5/0x2630 [ 499.172012][T13620] ? __local_bh_enable_ip+0x9e/0x120 [ 499.172034][T13620] tipc_sendmsg+0x4f/0x70 [ 499.172053][T13620] ____sys_sendmsg+0x9e1/0xb70 [ 499.172073][T13620] ? __pfx_tipc_sendmsg+0x10/0x10 [ 499.172093][T13620] ? __pfx_____sys_sendmsg+0x10/0x10 [ 499.172117][T13620] ? rcu_is_watching+0x12/0xc0 [ 499.172134][T13620] ? ___sys_sendmsg+0x19d/0x1e0 [ 499.172155][T13620] ? kfree+0x1dd/0x6c0 [ 499.172178][T13620] ___sys_sendmsg+0x190/0x1e0 [ 499.172201][T13620] ? __pfx____sys_sendmsg+0x10/0x10 [ 499.172240][T13620] ? __pfx___might_resched+0x10/0x10 [ 499.172260][T13620] __sys_sendmmsg+0x205/0x430 [ 499.172280][T13620] ? __pfx___sys_sendmmsg+0x10/0x10 [ 499.172303][T13620] ? __pfx_do_futex+0x10/0x10 [ 499.172318][T13620] ? __pfx_do_sys_openat2+0x10/0x10 [ 499.172348][T13620] ? xfd_validate_state+0x129/0x190 [ 499.172369][T13620] __x64_sys_sendmmsg+0x9c/0x100 [ 499.172387][T13620] ? lockdep_hardirqs_on+0x78/0x100 [ 499.172409][T13620] do_syscall_64+0x10b/0xf80 [ 499.172430][T13620] ? clear_bhb_loop+0x40/0x90 [ 499.172448][T13620] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 499.172463][T13620] RIP: 0033:0x7feeb7f9ce59 [ 499.172477][T13620] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 499.172491][T13620] RSP: 002b:00007feeb8ec4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 499.172506][T13620] RAX: ffffffffffffffda RBX: 00007feeb8215fa0 RCX: 00007feeb7f9ce59 [ 499.172516][T13620] RDX: 00000000000009a6 RSI: 0000000000000000 RDI: 0000000000000004 [ 499.172525][T13620] RBP: 00007feeb8032d6f R08: 0000000000000000 R09: 0000000000000000 [ 499.172534][T13620] R10: 0000000000000230 R11: 0000000000000246 R12: 0000000000000000 [ 499.172543][T13620] R13: 00007feeb8216038 R14: 00007feeb8215fa0 R15: 00007ffca81fb9a8 [ 499.172563][T13620] [ 501.428785][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.442252][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.566097][T13633] input: f as /devices/virtual/input/input10 [ 502.385802][ T5631] Bluetooth: hci9: Opcode 0x0c03 failed: -110 [ 502.522440][T13650] binder: 13646:13650 ioctl 40086602 e20 returned -22 [ 502.939116][T13658] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1781'. [ 504.801247][T13690] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1788'. [ 506.678973][T13713] FAULT_INJECTION: forcing a failure. [ 506.678973][T13713] name failslab, interval 1, probability 0, space 0, times 0 [ 506.794612][T13713] CPU: 0 UID: 0 PID: 13713 Comm: syz.5.1792 Tainted: G L syzkaller #0 PREEMPT(full) [ 506.794639][T13713] Tainted: [L]=SOFTLOCKUP [ 506.794645][T13713] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 506.794654][T13713] Call Trace: [ 506.794659][T13713] [ 506.794665][T13713] dump_stack_lvl+0x100/0x190 [ 506.794687][T13713] should_fail_ex.cold+0x5/0xa [ 506.794706][T13713] should_failslab+0xc2/0x120 [ 506.794724][T13713] __kmalloc_cache_noprof+0x7a/0x6f0 [ 506.794745][T13713] ? pkcs7_note_signed_info+0x32e/0x5c0 [ 506.794769][T13713] pkcs7_note_signed_info+0x32e/0x5c0 [ 506.794789][T13713] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 506.794812][T13713] asn1_ber_decoder+0x14cf/0x2170 [ 506.794840][T13713] ? __pfx_asn1_ber_decoder+0x10/0x10 [ 506.794874][T13713] pkcs7_parse_message+0x289/0x870 [ 506.794896][T13713] verify_pkcs7_signature+0x30/0xa0 [ 506.794914][T13713] valid_regdb+0x211/0x590 [ 506.794936][T13713] ? __pfx_valid_regdb+0x10/0x10 [ 506.794958][T13713] reg_reload_regdb+0x11a/0x460 [ 506.794979][T13713] ? __pfx_reg_reload_regdb+0x10/0x10 [ 506.795001][T13713] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 506.795015][T13713] ? nl80211_pre_doit+0x19a/0xae0 [ 506.795034][T13713] genl_family_rcv_msg_doit+0x214/0x300 [ 506.795064][T13713] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 506.795080][T13713] ? genl_get_cmd+0x3e7/0x760 [ 506.795108][T13713] ? bpf_lsm_capable+0x9/0x10 [ 506.795124][T13713] ? security_capable+0x80/0x260 [ 506.795150][T13713] genl_rcv_msg+0x560/0x800 [ 506.795167][T13713] ? __pfx_genl_rcv_msg+0x10/0x10 [ 506.795182][T13713] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 506.795196][T13713] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 506.795214][T13713] ? __pfx_nl80211_post_doit+0x10/0x10 [ 506.795236][T13713] netlink_rcv_skb+0x159/0x420 [ 506.795257][T13713] ? __pfx_genl_rcv_msg+0x10/0x10 [ 506.795273][T13713] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 506.795309][T13713] ? netlink_deliver_tap+0x1ae/0xcc0 [ 506.795332][T13713] genl_rcv+0x28/0x40 [ 506.795344][T13713] netlink_unicast+0x585/0x850 [ 506.795369][T13713] ? __pfx_netlink_unicast+0x10/0x10 [ 506.795395][T13713] netlink_sendmsg+0x8b0/0xda0 [ 506.795420][T13713] ? __pfx_netlink_sendmsg+0x10/0x10 [ 506.795441][T13713] ? __import_iovec+0x1d2/0x640 [ 506.795459][T13713] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 506.795485][T13713] ____sys_sendmsg+0x9e1/0xb70 [ 506.795505][T13713] ? __pfx_netlink_sendmsg+0x10/0x10 [ 506.795528][T13713] ? __pfx_____sys_sendmsg+0x10/0x10 [ 506.795553][T13713] ? __pfx_futex_wake_mark+0x10/0x10 [ 506.795576][T13713] ___sys_sendmsg+0x190/0x1e0 [ 506.795599][T13713] ? __pfx____sys_sendmsg+0x10/0x10 [ 506.795643][T13713] __sys_sendmsg+0x170/0x220 [ 506.795662][T13713] ? __pfx___sys_sendmsg+0x10/0x10 [ 506.795679][T13713] ? __x64_sys_futex+0x34f/0x4d0 [ 506.795702][T13713] ? rcu_is_watching+0x12/0xc0 [ 506.795722][T13713] do_syscall_64+0x10b/0xf80 [ 506.795744][T13713] ? clear_bhb_loop+0x40/0x90 [ 506.795762][T13713] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 506.795777][T13713] RIP: 0033:0x7fe80e99ce59 [ 506.795790][T13713] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 506.795805][T13713] RSP: 002b:00007fe80f80e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 506.795820][T13713] RAX: ffffffffffffffda RBX: 00007fe80ec16090 RCX: 00007fe80e99ce59 [ 506.795830][T13713] RDX: 0000000000008000 RSI: 0000200000000200 RDI: 0000000000000007 [ 506.795839][T13713] RBP: 00007fe80ea32d6f R08: 0000000000000000 R09: 0000000000000000 [ 506.795848][T13713] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 506.795857][T13713] R13: 00007fe80ec16128 R14: 00007fe80ec16090 R15: 00007fff839501a8 [ 506.795877][T13713] [ 508.206330][T13723] can0: slcan on ttyS2. [ 508.545837][T13726] netlink: 25 bytes leftover after parsing attributes in process `syz.5.1794'. [ 508.906284][T13718] can0 (unregistered): slcan off ttyS2. [ 509.392587][T13738] FAULT_INJECTION: forcing a failure. [ 509.392587][T13738] name failslab, interval 1, probability 0, space 0, times 0 [ 509.490344][T13738] CPU: 0 UID: 0 PID: 13738 Comm: syz.7.1796 Tainted: G L syzkaller #0 PREEMPT(full) [ 509.490371][T13738] Tainted: [L]=SOFTLOCKUP [ 509.490376][T13738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 509.490385][T13738] Call Trace: [ 509.490391][T13738] [ 509.490398][T13738] dump_stack_lvl+0x100/0x190 [ 509.490419][T13738] should_fail_ex.cold+0x5/0xa [ 509.490438][T13738] should_failslab+0xc2/0x120 [ 509.490457][T13738] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 509.490473][T13738] ? snd_timer_instance_new+0x65/0x350 [ 509.490500][T13738] kstrdup+0x51/0xe0 [ 509.490516][T13738] snd_timer_instance_new+0x65/0x350 [ 509.490539][T13738] snd_seq_timer_open+0x1d4/0x5d0 [ 509.490559][T13738] ? __pfx_snd_seq_timer_open+0x10/0x10 [ 509.490582][T13738] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 509.490604][T13738] ? lockdep_hardirqs_on+0x78/0x100 [ 509.490626][T13738] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 509.490649][T13738] queue_use+0xdc/0x1f0 [ 509.490663][T13738] snd_seq_queue_alloc+0x2e5/0x540 [ 509.490681][T13738] snd_seq_ioctl_create_queue+0xa9/0x370 [ 509.490702][T13738] call_seq_client_ctl+0xa3/0x130 [ 509.490723][T13738] snd_seq_kernel_client_ctl+0x77/0xd0 [ 509.490744][T13738] alloc_seq_queue+0xdb/0x180 [ 509.490772][T13738] ? __pfx_alloc_seq_queue+0x10/0x10 [ 509.490804][T13738] ? mark_held_locks+0x40/0x70 [ 509.490823][T13738] snd_seq_oss_open+0x2b2/0xa10 [ 509.490848][T13738] odev_open+0x6f/0x90 [ 509.490867][T13738] ? __pfx_odev_open+0x10/0x10 [ 509.490886][T13738] soundcore_open+0x2e3/0x5a0 [ 509.490908][T13738] ? __pfx_soundcore_open+0x10/0x10 [ 509.490928][T13738] chrdev_open+0x234/0x6a0 [ 509.490946][T13738] ? __pfx_apparmor_file_open+0x10/0x10 [ 509.490961][T13738] ? __pfx_chrdev_open+0x10/0x10 [ 509.490980][T13738] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 509.491004][T13738] do_dentry_open+0x6d8/0x1660 [ 509.491022][T13738] ? __pfx_chrdev_open+0x10/0x10 [ 509.491046][T13738] vfs_open+0x82/0x3f0 [ 509.491069][T13738] path_openat+0x208c/0x31a0 [ 509.491094][T13738] ? __pfx_path_openat+0x10/0x10 [ 509.491119][T13738] do_file_open+0x20e/0x430 [ 509.491138][T13738] ? __pfx_do_file_open+0x10/0x10 [ 509.491170][T13738] ? alloc_fd+0x476/0x790 [ 509.491190][T13738] ? do_getname+0x191/0x390 [ 509.491213][T13738] do_sys_openat2+0x10d/0x1e0 [ 509.491235][T13738] ? __pfx_do_sys_openat2+0x10/0x10 [ 509.491264][T13738] __x64_sys_openat+0x12d/0x210 [ 509.491289][T13738] ? __pfx___x64_sys_openat+0x10/0x10 [ 509.491311][T13738] ? exit_to_user_mode_loop+0xe2/0x4f0 [ 509.491329][T13738] ? rcu_is_watching+0x12/0xc0 [ 509.491349][T13738] do_syscall_64+0x10b/0xf80 [ 509.491371][T13738] ? clear_bhb_loop+0x40/0x90 [ 509.491389][T13738] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 509.491404][T13738] RIP: 0033:0x7f98ca99ce59 [ 509.491417][T13738] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 509.491432][T13738] RSP: 002b:00007f98cb868028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 509.491446][T13738] RAX: ffffffffffffffda RBX: 00007f98cac15fa0 RCX: 00007f98ca99ce59 [ 509.491457][T13738] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 509.491467][T13738] RBP: 00007f98caa32d6f R08: 0000000000000000 R09: 0000000000000000 [ 509.491476][T13738] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 509.491485][T13738] R13: 00007f98cac16038 R14: 00007f98cac15fa0 R15: 00007ffd7de34788 [ 509.491505][T13738] [ 511.038428][T13763] netlink: 338 bytes leftover after parsing attributes in process `syz.5.1800'. [ 511.472990][T13768] cougar: G6 mapped to space [ 511.634624][T13763] netlink: 338 bytes leftover after parsing attributes in process `syz.5.1800'. [ 512.275362][T13798] ima: policy update failed [ 512.358014][ T30] audit: type=1802 audit(1843123226.535:17): pid=13798 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.5.1805" res=0 errno=0 [ 515.493706][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 515.502144][T13838] qrtr: Invalid version 0 [ 515.514204][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 515.602267][T13838] FAULT_INJECTION: forcing a failure. [ 515.602267][T13838] name failslab, interval 1, probability 0, space 0, times 0 [ 515.674585][T13838] CPU: 0 UID: 0 PID: 13838 Comm: syz.7.1813 Tainted: G L syzkaller #0 PREEMPT(full) [ 515.674611][T13838] Tainted: [L]=SOFTLOCKUP [ 515.674617][T13838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 515.674626][T13838] Call Trace: [ 515.674631][T13838] [ 515.674637][T13838] dump_stack_lvl+0x100/0x190 [ 515.674659][T13838] should_fail_ex.cold+0x5/0xa [ 515.674678][T13838] ? __netlink_kernel_create+0x181/0x750 [ 515.674700][T13838] should_failslab+0xc2/0x120 [ 515.674718][T13838] __kmalloc_noprof+0xe0/0x850 [ 515.674736][T13838] __netlink_kernel_create+0x181/0x750 [ 515.674759][T13838] ? __pfx___netlink_kernel_create+0x10/0x10 [ 515.674786][T13838] rtnetlink_net_init+0xb9/0x140 [ 515.674802][T13838] ? __pfx_rtnetlink_net_init+0x10/0x10 [ 515.674817][T13838] ? lockdep_init_map_type+0x5c/0x250 [ 515.674833][T13838] ? __pfx_rtnetlink_rcv+0x10/0x10 [ 515.674847][T13838] ? __pfx_rtnetlink_bind+0x10/0x10 [ 515.674863][T13838] ? mutex_init_lockdep+0xf1/0x120 [ 515.674880][T13838] ? __pfx_rtnetlink_net_init+0x10/0x10 [ 515.674895][T13838] ops_init+0x1e2/0x5f0 [ 515.674915][T13838] setup_net+0x118/0x3a0 [ 515.674933][T13838] ? __pfx_setup_net+0x10/0x10 [ 515.674951][T13838] ? mutex_init_lockdep+0xf1/0x120 [ 515.674970][T13838] copy_net_ns+0x46f/0x7c0 [ 515.674991][T13838] create_new_namespaces+0x3ea/0xac0 [ 515.675015][T13838] unshare_nsproxy_namespaces+0xf2/0x220 [ 515.675039][T13838] ksys_unshare+0x438/0xab0 [ 515.675062][T13838] ? __pfx_ksys_unshare+0x10/0x10 [ 515.675082][T13838] ? xfd_validate_state+0x129/0x190 [ 515.675096][T13838] ? exit_to_user_mode_loop+0xe2/0x4f0 [ 515.675124][T13838] __x64_sys_unshare+0x31/0x40 [ 515.675145][T13838] do_syscall_64+0x10b/0xf80 [ 515.675168][T13838] ? clear_bhb_loop+0x40/0x90 [ 515.675186][T13838] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 515.675202][T13838] RIP: 0033:0x7f98ca99ce59 [ 515.675215][T13838] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 515.675229][T13838] RSP: 002b:00007f98cb868028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 515.675244][T13838] RAX: ffffffffffffffda RBX: 00007f98cac15fa0 RCX: 00007f98ca99ce59 [ 515.675253][T13838] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 515.675262][T13838] RBP: 00007f98caa32d6f R08: 0000000000000000 R09: 0000000000000000 [ 515.675271][T13838] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 515.675280][T13838] R13: 00007f98cac16038 R14: 00007f98cac15fa0 R15: 00007ffd7de34788 [ 515.675299][T13838] [ 520.086930][T13903] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 520.216531][T13903] netlink: 186 bytes leftover after parsing attributes in process `syz.8.1823'. [ 520.298280][T13904] can: request_module (can-proto-5) failed. [ 521.902745][T13939] sctp: [Deprecated]: syz.8.1830 (pid 13939) Use of int in max_burst socket option. [ 521.902745][T13939] Use struct sctp_assoc_value instead [ 522.511483][T13945] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 522.587020][T13946] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1831'. [ 522.658107][T13945] netlink: 'syz.5.1831': attribute type 1 has an invalid length. [ 522.690744][T13945] netlink: 51465 bytes leftover after parsing attributes in process `syz.5.1831'. [ 523.033420][T13950] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 523.178778][T13950] File: /dev/nullb0 PID: 13950 Comm: syz.8.1832 [ 524.711014][T13974] hub 1-0:1.0: USB hub found [ 524.752992][T13974] hub 1-0:1.0: 1 port detected [ 524.799044][T13974] FAULT_INJECTION: forcing a failure. [ 524.799044][T13974] name failslab, interval 1, probability 0, space 0, times 0 [ 524.854710][T13974] CPU: 0 UID: 0 PID: 13974 Comm: syz.5.1837 Tainted: G L syzkaller #0 PREEMPT(full) [ 524.854735][T13974] Tainted: [L]=SOFTLOCKUP [ 524.854740][T13974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 524.854753][T13974] Call Trace: [ 524.854758][T13974] [ 524.854764][T13974] dump_stack_lvl+0x100/0x190 [ 524.854786][T13974] should_fail_ex.cold+0x5/0xa [ 524.854807][T13974] should_failslab+0xc2/0x120 [ 524.854825][T13974] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 524.854847][T13974] ? __kernfs_new_node+0xd2/0x9f0 [ 524.854868][T13974] __kernfs_new_node+0xd2/0x9f0 [ 524.854886][T13974] ? __pfx___kernfs_new_node+0x10/0x10 [ 524.854907][T13974] ? find_held_lock+0x2b/0x80 [ 524.854926][T13974] ? kernfs_root+0xee/0x2a0 [ 524.854941][T13974] ? kernfs_root+0xee/0x2a0 [ 524.854961][T13974] kernfs_new_node+0x11b/0x1a0 [ 524.854983][T13974] __kernfs_create_file+0x53/0x350 [ 524.855007][T13974] sysfs_add_file_mode_ns+0x207/0x3c0 [ 524.855027][T13974] internal_create_group+0x593/0xf40 [ 524.855047][T13974] ? sysfs_create_file_ns+0x14c/0x1e0 [ 524.855062][T13974] ? __pfx_internal_create_group+0x10/0x10 [ 524.855078][T13974] ? __pfx_sysfs_create_file_ns+0x10/0x10 [ 524.855096][T13974] ? acpi_device_notify+0x464/0x500 [ 524.855112][T13974] ? lockdep_init_map_type+0x5c/0x250 [ 524.855129][T13974] internal_create_groups+0x9d/0x150 [ 524.855148][T13974] device_add+0x7c8/0x1950 [ 524.855170][T13974] ? __pfx_device_add+0x10/0x10 [ 524.855189][T13974] ? lockdep_init_map_type+0x5c/0x250 [ 524.855205][T13974] ? __init_waitqueue_head+0xca/0x150 [ 524.855235][T13974] usb_create_ep_devs+0x160/0x2b0 [ 524.855255][T13974] create_intf_ep_devs.isra.0+0x161/0x200 [ 524.855284][T13974] usb_set_configuration+0xdb9/0x1c60 [ 524.855311][T13974] bConfigurationValue_store+0x103/0x180 [ 524.855328][T13974] ? __pfx_bConfigurationValue_store+0x10/0x10 [ 524.855345][T13974] ? find_held_lock+0x2b/0x80 [ 524.855363][T13974] ? sysfs_file_kobj+0xe4/0x290 [ 524.855385][T13974] ? sysfs_file_kobj+0xe4/0x290 [ 524.855408][T13974] ? __pfx_bConfigurationValue_store+0x10/0x10 [ 524.855423][T13974] dev_attr_store+0x58/0x80 [ 524.855442][T13974] ? __pfx_dev_attr_store+0x10/0x10 [ 524.855461][T13974] sysfs_kf_write+0xf2/0x150 [ 524.855476][T13974] kernfs_fop_write_iter+0x3e0/0x5f0 [ 524.855496][T13974] ? __pfx_sysfs_kf_write+0x10/0x10 [ 524.855512][T13974] iter_file_splice_write+0x830/0x10a0 [ 524.855541][T13974] ? __pfx_iter_file_splice_write+0x10/0x10 [ 524.855563][T13974] ? __pfx_copy_splice_read+0x10/0x10 [ 524.855591][T13974] ? __pfx_iter_file_splice_write+0x10/0x10 [ 524.855612][T13974] direct_splice_actor+0x192/0x6c0 [ 524.855632][T13974] splice_direct_to_actor+0x345/0xa30 [ 524.855652][T13974] ? __pfx_direct_splice_actor+0x10/0x10 [ 524.855674][T13974] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 524.855699][T13974] do_splice_direct+0x174/0x240 [ 524.855718][T13974] ? __pfx_do_splice_direct+0x10/0x10 [ 524.855737][T13974] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 524.855758][T13974] ? rw_verify_area+0xce/0x6d0 [ 524.855775][T13974] do_sendfile+0xadc/0xe20 [ 524.855795][T13974] ? __pfx_do_sendfile+0x10/0x10 [ 524.855814][T13974] ? __x64_sys_futex+0x34f/0x4d0 [ 524.855829][T13974] ? __x64_sys_futex+0x358/0x4d0 [ 524.855847][T13974] __x64_sys_sendfile64+0x1d8/0x220 [ 524.855868][T13974] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 524.855890][T13974] ? rcu_is_watching+0x12/0xc0 [ 524.855910][T13974] do_syscall_64+0x10b/0xf80 [ 524.855932][T13974] ? clear_bhb_loop+0x40/0x90 [ 524.855951][T13974] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 524.855966][T13974] RIP: 0033:0x7fe80e99ce59 [ 524.855979][T13974] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 524.855994][T13974] RSP: 002b:00007fe80f82f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 524.856010][T13974] RAX: ffffffffffffffda RBX: 00007fe80ec15fa0 RCX: 00007fe80e99ce59 [ 524.856020][T13974] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000005 [ 524.856028][T13974] RBP: 00007fe80ea32d6f R08: 0000000000000000 R09: 0000000000000000 [ 524.856038][T13974] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 [ 524.856047][T13974] R13: 00007fe80ec16038 R14: 00007fe80ec15fa0 R15: 00007fff839501a8 [ 524.856066][T13974] [ 525.325740][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 525.332023][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 525.659038][T13985] FAULT_INJECTION: forcing a failure. [ 525.659038][T13985] name failslab, interval 1, probability 0, space 0, times 0 [ 525.672328][T13985] CPU: 0 UID: 0 PID: 13985 Comm: syz.5.1841 Tainted: G L syzkaller #0 PREEMPT(full) [ 525.672352][T13985] Tainted: [L]=SOFTLOCKUP [ 525.672358][T13985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 525.672367][T13985] Call Trace: [ 525.672372][T13985] [ 525.672378][T13985] dump_stack_lvl+0x100/0x190 [ 525.672398][T13985] should_fail_ex.cold+0x5/0xa [ 525.672418][T13985] should_failslab+0xc2/0x120 [ 525.672436][T13985] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 525.672452][T13985] ? snd_timer_instance_new+0x65/0x350 [ 525.672478][T13985] kstrdup+0x51/0xe0 [ 525.672494][T13985] snd_timer_instance_new+0x65/0x350 [ 525.672516][T13985] snd_seq_timer_open+0x1d4/0x5d0 [ 525.672536][T13985] ? __pfx_snd_seq_timer_open+0x10/0x10 [ 525.672559][T13985] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 525.672580][T13985] ? lockdep_hardirqs_on+0x78/0x100 [ 525.672602][T13985] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 525.672625][T13985] queue_use+0xdc/0x1f0 [ 525.672639][T13985] snd_seq_queue_alloc+0x2e5/0x540 [ 525.672657][T13985] snd_seq_ioctl_create_queue+0xa9/0x370 [ 525.672678][T13985] call_seq_client_ctl+0xa3/0x130 [ 525.672699][T13985] snd_seq_kernel_client_ctl+0x77/0xd0 [ 525.672720][T13985] alloc_seq_queue+0xdb/0x180 [ 525.672740][T13985] ? __pfx_alloc_seq_queue+0x10/0x10 [ 525.672771][T13985] ? mark_held_locks+0x40/0x70 [ 525.672788][T13985] snd_seq_oss_open+0x2b2/0xa10 [ 525.672813][T13985] odev_open+0x6f/0x90 [ 525.672831][T13985] ? __pfx_odev_open+0x10/0x10 [ 525.672849][T13985] soundcore_open+0x2e3/0x5a0 [ 525.672871][T13985] ? __pfx_soundcore_open+0x10/0x10 [ 525.672891][T13985] chrdev_open+0x234/0x6a0 [ 525.672909][T13985] ? __pfx_apparmor_file_open+0x10/0x10 [ 525.672924][T13985] ? __pfx_chrdev_open+0x10/0x10 [ 525.672944][T13985] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 525.672967][T13985] do_dentry_open+0x6d8/0x1660 [ 525.672984][T13985] ? __pfx_chrdev_open+0x10/0x10 [ 525.673007][T13985] vfs_open+0x82/0x3f0 [ 525.673030][T13985] path_openat+0x208c/0x31a0 [ 525.673054][T13985] ? __pfx_path_openat+0x10/0x10 [ 525.673079][T13985] do_file_open+0x20e/0x430 [ 525.673099][T13985] ? __pfx_do_file_open+0x10/0x10 [ 525.673130][T13985] ? alloc_fd+0x476/0x790 [ 525.673150][T13985] ? do_getname+0x191/0x390 [ 525.673180][T13985] do_sys_openat2+0x10d/0x1e0 [ 525.673205][T13985] ? __pfx_do_sys_openat2+0x10/0x10 [ 525.673234][T13985] __x64_sys_openat+0x12d/0x210 [ 525.673256][T13985] ? __pfx___x64_sys_openat+0x10/0x10 [ 525.673277][T13985] ? exit_to_user_mode_loop+0xe2/0x4f0 [ 525.673296][T13985] ? rcu_is_watching+0x12/0xc0 [ 525.673316][T13985] do_syscall_64+0x10b/0xf80 [ 525.673338][T13985] ? clear_bhb_loop+0x40/0x90 [ 525.673356][T13985] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 525.673372][T13985] RIP: 0033:0x7fe80e99ce59 [ 525.673384][T13985] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 525.673398][T13985] RSP: 002b:00007fe80f82f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 525.673413][T13985] RAX: ffffffffffffffda RBX: 00007fe80ec15fa0 RCX: 00007fe80e99ce59 [ 525.673423][T13985] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 525.673432][T13985] RBP: 00007fe80ea32d6f R08: 0000000000000000 R09: 0000000000000000 [ 525.673441][T13985] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 525.673450][T13985] R13: 00007fe80ec16038 R14: 00007fe80ec15fa0 R15: 00007fff839501a8 [ 525.673469][T13985] [ 526.630235][T13995] zswap: compressor not available [ 527.699303][T14023] Invalid ELF header magic: != ELF [ 529.746940][T14048] FAULT_INJECTION: forcing a failure. [ 529.746940][T14048] name fail_futex, interval 1, probability 0, space 0, times 1 [ 529.836679][T14048] CPU: 0 UID: 0 PID: 14048 Comm: syz.5.1854 Tainted: G L syzkaller #0 PREEMPT(full) [ 529.836722][T14048] Tainted: [L]=SOFTLOCKUP [ 529.836727][T14048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 529.836736][T14048] Call Trace: [ 529.836741][T14048] [ 529.836747][T14048] dump_stack_lvl+0x100/0x190 [ 529.836768][T14048] should_fail_ex.cold+0x5/0xa [ 529.836785][T14048] ? rcu_is_watching+0x12/0xc0 [ 529.836806][T14048] get_futex_key+0x1d2/0x1510 [ 529.836824][T14048] ? __pfx_get_futex_key+0x10/0x10 [ 529.836839][T14048] ? new_userfaultfd+0x33f/0x400 [ 529.836856][T14048] ? kasan_save_stack+0x3f/0x50 [ 529.836870][T14048] ? kasan_save_stack+0x30/0x50 [ 529.836884][T14048] ? kasan_save_track+0x14/0x30 [ 529.836897][T14048] ? kasan_save_free_info+0x3b/0x70 [ 529.836916][T14048] ? __kasan_slab_free+0x5f/0x80 [ 529.836931][T14048] ? kfree+0x223/0x6c0 [ 529.836952][T14048] futex_wake+0xea/0x530 [ 529.836973][T14048] ? __pfx_futex_wake+0x10/0x10 [ 529.836999][T14048] do_futex+0x32b/0x350 [ 529.837015][T14048] ? __pfx_do_futex+0x10/0x10 [ 529.837036][T14048] __x64_sys_futex+0x34f/0x4d0 [ 529.837053][T14048] ? new_userfaultfd+0x320/0x400 [ 529.837069][T14048] ? __pfx___x64_sys_futex+0x10/0x10 [ 529.837089][T14048] ? rcu_is_watching+0x12/0xc0 [ 529.837108][T14048] do_syscall_64+0x10b/0xf80 [ 529.837131][T14048] ? clear_bhb_loop+0x40/0x90 [ 529.837148][T14048] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 529.837164][T14048] RIP: 0033:0x7fe80e99ce59 [ 529.837178][T14048] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 529.837192][T14048] RSP: 002b:00007fe80f82f0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 529.837207][T14048] RAX: ffffffffffffffda RBX: 00007fe80ec15fa8 RCX: 00007fe80e99ce59 [ 529.837217][T14048] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fe80ec15fac [ 529.837226][T14048] RBP: 00007fe80ec15fa0 R08: 0000000000000001 R09: 0000000000000000 [ 529.837235][T14048] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 529.837244][T14048] R13: 00007fe80ec16038 R14: 00007fff839500c0 R15: 00007fff839501a8 [ 529.837262][T14048] [ 529.842645][T14039] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1852'. [ 533.216251][T14090] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1861'. [ 533.241768][T14081] FAULT_INJECTION: forcing a failure. [ 533.241768][T14081] name fail_futex, interval 1, probability 0, space 0, times 0 [ 533.338460][T14081] CPU: 0 UID: 0 PID: 14081 Comm: syz.5.1860 Tainted: G L syzkaller #0 PREEMPT(full) [ 533.338485][T14081] Tainted: [L]=SOFTLOCKUP [ 533.338490][T14081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 533.338498][T14081] Call Trace: [ 533.338503][T14081] [ 533.338509][T14081] dump_stack_lvl+0x100/0x190 [ 533.338530][T14081] should_fail_ex.cold+0x5/0xa [ 533.338548][T14081] get_futex_key+0xf78/0x1510 [ 533.338565][T14081] ? __pfx_get_futex_key+0x10/0x10 [ 533.338579][T14081] ? lock_acquire+0x1b1/0x370 [ 533.338598][T14081] futex_wake+0xea/0x530 [ 533.338618][T14081] ? __pfx_futex_wake+0x10/0x10 [ 533.338635][T14081] ? exit_mm_release+0x19/0x30 [ 533.338661][T14081] do_futex+0x32b/0x350 [ 533.338677][T14081] ? __pfx_do_futex+0x10/0x10 [ 533.338691][T14081] ? __might_fault+0xc5/0x140 [ 533.338717][T14081] mm_release+0x24a/0x2f0 [ 533.338735][T14081] do_exit+0x707/0x2af0 [ 533.338760][T14081] ? __pfx_do_exit+0x10/0x10 [ 533.338781][T14081] ? do_raw_spin_lock+0x128/0x260 [ 533.338797][T14081] ? find_held_lock+0x2b/0x80 [ 533.338815][T14081] ? get_signal+0x7e5/0x2210 [ 533.338834][T14081] do_group_exit+0xd5/0x2a0 [ 533.338857][T14081] get_signal+0x20ff/0x2210 [ 533.338882][T14081] ? __pfx_get_signal+0x10/0x10 [ 533.338901][T14081] ? do_futex+0x192/0x350 [ 533.338917][T14081] arch_do_signal_or_restart+0x91/0x7a0 [ 533.338940][T14081] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 533.338968][T14081] ? rcu_is_watching+0x12/0xc0 [ 533.338987][T14081] exit_to_user_mode_loop+0x8b/0x4f0 [ 533.339001][T14081] ? rcu_is_watching+0x12/0xc0 [ 533.339020][T14081] do_syscall_64+0x6f2/0xf80 [ 533.339042][T14081] ? clear_bhb_loop+0x40/0x90 [ 533.339060][T14081] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 533.339074][T14081] RIP: 0033:0x7fe80e99ce59 [ 533.339086][T14081] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 533.339100][T14081] RSP: 002b:00007fe80f82f0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 533.339115][T14081] RAX: fffffffffffffe00 RBX: 00007fe80ec15fa8 RCX: 00007fe80e99ce59 [ 533.339124][T14081] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fe80ec15fa8 [ 533.339132][T14081] RBP: 00007fe80ec15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 533.339141][T14081] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 533.339149][T14081] R13: 00007fe80ec16038 R14: 00007fff839500c0 R15: 00007fff839501a8 [ 533.339167][T14081] [ 534.177399][T14101] sctp: [Deprecated]: syz.5.1862 (pid 14101) Use of int in max_burst socket option. [ 534.177399][T14101] Use struct sctp_assoc_value instead [ 534.710364][T14108] netlink: 28 bytes leftover after parsing attributes in process `syz.8.1865'. [ 535.614454][T14117] zswap: compressor not available [ 536.272308][T14130] FAULT_INJECTION: forcing a failure. [ 536.272308][T14130] name failslab, interval 1, probability 0, space 0, times 0 [ 536.319984][T14130] CPU: 0 UID: 0 PID: 14130 Comm: syz.5.1871 Tainted: G L syzkaller #0 PREEMPT(full) [ 536.320011][T14130] Tainted: [L]=SOFTLOCKUP [ 536.320016][T14130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 536.320030][T14130] Call Trace: [ 536.320035][T14130] [ 536.320041][T14130] dump_stack_lvl+0x100/0x190 [ 536.320064][T14130] should_fail_ex.cold+0x5/0xa [ 536.320084][T14130] should_failslab+0xc2/0x120 [ 536.320101][T14130] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 536.320126][T14130] ? shmem_alloc_inode+0x25/0x50 [ 536.320146][T14130] ? __pfx_shmem_alloc_inode+0x10/0x10 [ 536.320164][T14130] shmem_alloc_inode+0x25/0x50 [ 536.320182][T14130] alloc_inode+0x68/0x250 [ 536.320205][T14130] new_inode+0x22/0x1c0 [ 536.320229][T14130] shmem_get_inode+0x1e3/0xfb0 [ 536.320250][T14130] ? __pfx_shmem_get_inode+0x10/0x10 [ 536.320272][T14130] ? make_vfsgid+0xf1/0x140 [ 536.320288][T14130] shmem_mknod+0x217/0x480 [ 536.320309][T14130] ? __pfx_shmem_mknod+0x10/0x10 [ 536.320333][T14130] vfs_mknod+0x3a5/0x7f0 [ 536.320352][T14130] filename_mknodat+0x5aa/0x7f0 [ 536.320374][T14130] ? __pfx_filename_mknodat+0x10/0x10 [ 536.320393][T14130] ? strncpy_from_user+0x19d/0x2d0 [ 536.320412][T14130] ? do_getname+0x191/0x390 [ 536.320434][T14130] __x64_sys_mknod+0x8f/0xc0 [ 536.320454][T14130] do_syscall_64+0x10b/0xf80 [ 536.320476][T14130] ? clear_bhb_loop+0x40/0x90 [ 536.320494][T14130] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 536.320510][T14130] RIP: 0033:0x7fe80e99ce59 [ 536.320523][T14130] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 536.320538][T14130] RSP: 002b:00007fe80f82f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000085 [ 536.320553][T14130] RAX: ffffffffffffffda RBX: 00007fe80ec15fa0 RCX: 00007fe80e99ce59 [ 536.320563][T14130] RDX: 0000000000000044 RSI: 0000000000001001 RDI: 0000200000000040 [ 536.320572][T14130] RBP: 00007fe80ea32d6f R08: 0000000000000000 R09: 0000000000000000 [ 536.320581][T14130] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 536.320589][T14130] R13: 00007fe80ec16038 R14: 00007fe80ec15fa0 R15: 00007fff839501a8 [ 536.320610][T14130] [ 539.959307][T14157] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input11 [ 540.689353][T14168] netlink: 338 bytes leftover after parsing attributes in process `syz.5.1880'. [ 542.009043][T14171] netlink: Conntrack attr has 5 unknown bytes [ 542.129207][ T5629] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 542.145941][ T5629] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 542.154252][ T5629] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 542.177567][ T5629] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 542.187852][ T5629] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 543.022047][T14174] bridge0: port 1(bridge_slave_0) entered blocking state [ 543.043115][T14174] bridge0: port 1(bridge_slave_0) entered disabled state [ 543.061849][T14174] bridge_slave_0: entered allmulticast mode [ 543.076317][T14174] bridge_slave_0: entered promiscuous mode [ 543.090517][T14174] bridge0: port 2(bridge_slave_1) entered blocking state [ 543.100317][T14192] netlink: 'syz.5.1885': attribute type 1 has an invalid length. [ 543.109005][T14174] bridge0: port 2(bridge_slave_1) entered disabled state [ 543.116350][T14192] netlink: 9 bytes leftover after parsing attributes in process `syz.5.1885'. [ 543.126795][T14174] bridge_slave_1: entered allmulticast mode [ 543.136736][T14174] bridge_slave_1: entered promiscuous mode [ 543.202597][T14174] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 543.240316][T14174] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 543.308249][T14174] team0: Port device team_slave_0 added [ 543.325920][T14174] team0: Port device team_slave_1 added [ 543.376186][T14174] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 543.393420][T14174] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 543.449445][T14174] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 543.504864][T14174] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 543.520132][T14174] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 543.547193][T14174] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 543.678293][T14174] hsr_slave_0: entered promiscuous mode [ 543.696514][T14174] hsr_slave_1: entered promiscuous mode [ 543.707532][T14174] debugfs: 'hsr0' already exists in 'hsr' [ 543.716588][T14174] Cannot create hsr debugfs directory [ 544.006138][T14174] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 544.016334][T14174] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 544.027143][T14174] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 544.036620][T14174] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 544.046108][T14174] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 544.056964][T14174] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 544.064913][T14174] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 544.086913][T14174] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 544.225462][ T5629] Bluetooth: hci9: command tx timeout [ 544.517133][T14174] 8021q: adding VLAN 0 to HW filter on device bond0 [ 544.588185][T14174] 8021q: adding VLAN 0 to HW filter on device team0 [ 544.632672][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 544.639791][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 544.700100][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 544.707228][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 545.058456][T14174] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 545.262431][T14174] veth0_vlan: entered promiscuous mode [ 545.307911][T14174] veth1_vlan: entered promiscuous mode [ 545.367848][T14174] veth0_macvtap: entered promiscuous mode [ 545.388825][T14174] veth1_macvtap: entered promiscuous mode [ 545.428265][T14174] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 545.456614][T14174] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 545.484585][ T47] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 545.502941][ T47] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 545.531580][ T47] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 545.559883][ T47] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 545.734118][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 545.769584][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 545.834585][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 545.855478][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 546.303449][ T5629] Bluetooth: hci9: command tx timeout [ 547.762444][T14264] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 548.383587][ T5629] Bluetooth: hci9: command tx timeout [ 549.157497][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 549.165006][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 550.464140][ T5629] Bluetooth: hci9: command tx timeout [ 551.269315][ T5631] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 551.282701][ T5631] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 551.292773][ T5631] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 551.301455][ T5631] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 551.309195][ T5631] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 552.756613][T14307] bridge0: port 1(bridge_slave_0) entered blocking state [ 552.787790][T14307] bridge0: port 1(bridge_slave_0) entered disabled state [ 552.816582][T14307] bridge_slave_0: entered allmulticast mode [ 552.840317][T14307] bridge_slave_0: entered promiscuous mode [ 552.869293][T14307] bridge0: port 2(bridge_slave_1) entered blocking state [ 552.893757][T14307] bridge0: port 2(bridge_slave_1) entered disabled state [ 552.914366][T14307] bridge_slave_1: entered allmulticast mode [ 552.936444][T14307] bridge_slave_1: entered promiscuous mode [ 553.043018][T14307] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 553.078085][T14307] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 553.169053][T14307] team0: Port device team_slave_0 added [ 553.192905][T14307] team0: Port device team_slave_1 added [ 553.271405][T14307] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 553.287279][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 553.296840][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 553.311859][T14307] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 553.352263][ T5629] Bluetooth: hci10: command tx timeout [ 553.404641][T14307] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 553.469124][T14307] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 553.501427][T14307] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 553.628369][T14307] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 553.831031][T14307] hsr_slave_0: entered promiscuous mode [ 553.858467][T14307] hsr_slave_1: entered promiscuous mode [ 553.891411][T14307] debugfs: 'hsr0' already exists in 'hsr' [ 553.922571][ T5631] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 553.933626][ T5631] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 553.943696][ T5631] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 553.951336][ T5631] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 553.959559][ T5631] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 553.993054][T14307] Cannot create hsr debugfs directory [ 554.646765][T14307] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 555.047995][T14307] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 555.367020][T14307] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 555.424323][ T5631] Bluetooth: hci10: command tx timeout [ 555.726299][T14307] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 556.064656][ T5631] Bluetooth: hci11: command tx timeout [ 556.288737][T14307] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 556.342661][T14307] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 556.415293][T14307] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 556.444855][T14307] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 556.484178][T14307] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 556.530541][T14307] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 556.567995][T14307] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 556.604273][T14307] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 556.769475][T14348] bridge0: port 1(bridge_slave_0) entered blocking state [ 556.805664][T14348] bridge0: port 1(bridge_slave_0) entered disabled state [ 556.829244][T14348] bridge_slave_0: entered allmulticast mode [ 556.856140][T14348] bridge_slave_0: entered promiscuous mode [ 556.892254][T14348] bridge0: port 2(bridge_slave_1) entered blocking state [ 556.918869][T14348] bridge0: port 2(bridge_slave_1) entered disabled state [ 556.941361][T14348] bridge_slave_1: entered allmulticast mode [ 556.964535][T14348] bridge_slave_1: entered promiscuous mode [ 557.073744][T14348] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 557.116625][T14348] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 557.242263][T14348] team0: Port device team_slave_0 added [ 557.276769][T14348] team0: Port device team_slave_1 added [ 557.294892][T14307] 8021q: adding VLAN 0 to HW filter on device bond0 [ 557.392804][T14348] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 557.415661][T14348] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 557.475356][T14348] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 557.503632][ T5631] Bluetooth: hci10: command tx timeout [ 557.510636][T14348] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 557.523939][T14348] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 557.582456][T14348] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 557.674746][T14307] 8021q: adding VLAN 0 to HW filter on device team0 [ 557.720052][ T76] bridge0: port 1(bridge_slave_0) entered blocking state [ 557.727193][ T76] bridge0: port 1(bridge_slave_0) entered forwarding state [ 557.802807][ T76] bridge0: port 2(bridge_slave_1) entered blocking state [ 557.809934][ T76] bridge0: port 2(bridge_slave_1) entered forwarding state [ 557.859685][T14348] hsr_slave_0: entered promiscuous mode [ 557.885263][T14348] hsr_slave_1: entered promiscuous mode [ 557.909709][T14348] debugfs: 'hsr0' already exists in 'hsr' [ 557.936792][T14348] Cannot create hsr debugfs directory [ 558.143761][ T5631] Bluetooth: hci11: command tx timeout [ 558.880723][T14348] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 559.081806][T14307] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 559.178739][T14348] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 559.296789][T14396] random: crng reseeded on system resumption [ 559.342588][T14348] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 559.489997][T14348] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 559.583352][ T5631] Bluetooth: hci10: command tx timeout [ 559.690816][T14307] veth0_vlan: entered promiscuous mode [ 559.832167][T14307] veth1_vlan: entered promiscuous mode [ 560.223540][ T5631] Bluetooth: hci11: command tx timeout [ 560.268337][T14348] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 560.317763][T14348] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 560.344634][T14348] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 560.381241][T14348] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 560.404567][T14307] veth0_macvtap: entered promiscuous mode [ 560.430125][T14348] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 560.455806][T14348] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 560.557622][T14307] veth1_macvtap: entered promiscuous mode [ 560.567562][T14348] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 560.598247][T14348] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 560.704680][T14307] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 560.756176][T14307] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 560.968749][ T82] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 561.014951][ T82] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 561.098102][ T82] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 561.098176][ T82] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 561.616397][ T82] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 561.659124][ T82] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 561.756175][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 561.775015][T14348] 8021q: adding VLAN 0 to HW filter on device bond0 [ 561.796302][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 561.842512][T14348] 8021q: adding VLAN 0 to HW filter on device team0 [ 561.880605][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 561.887741][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 562.019862][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 562.026989][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 562.303701][ T5631] Bluetooth: hci11: command tx timeout [ 562.865158][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.876197][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.053921][ T30] audit: type=1800 audit(1843123277.225:18): pid=14441 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.9.1923" name="lu_gp_id" dev="configfs" ino=59921 res=0 errno=0 [ 563.387297][T14458] futex_wake_op: syz.2.1924 tries to shift op by -2048; fix this program [ 563.472582][T14458] 0x000000000001-0x000000020000 : "" [ 563.611260][T14348] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 563.620869][T14458] ftl_cs: FTL header corrupt! [ 563.822402][T14348] veth0_vlan: entered promiscuous mode [ 563.880756][T14348] veth1_vlan: entered promiscuous mode [ 564.011614][T14348] veth0_macvtap: entered promiscuous mode [ 564.055948][T14348] veth1_macvtap: entered promiscuous mode [ 564.136848][T14348] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 564.206586][T14348] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 564.274180][ T76] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 564.335835][ T76] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 564.377791][ T76] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 564.409922][T14466] futex_wake_op: syz.9.1925 tries to shift op by -2048; fix this program [ 564.426206][ T76] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 564.489587][T14469] 0x000000000001-0x000000020000 : "" [ 564.618532][T14469] ftl_cs: FTL header corrupt! [ 564.705242][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 564.757208][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 564.850877][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 564.901751][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 565.493790][ T30] audit: type=1806 audit(1843123279.665:19): xattr="" res=-22 [ 566.424201][T14505] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 568.015711][T14527] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 572.346986][T14565] FAULT_INJECTION: forcing a failure. [ 572.346986][T14565] name failslab, interval 1, probability 0, space 0, times 0 [ 572.462690][T14565] CPU: 0 UID: 0 PID: 14565 Comm: syz.3.1944 Tainted: G L syzkaller #0 PREEMPT(full) [ 572.462714][T14565] Tainted: [L]=SOFTLOCKUP [ 572.462720][T14565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 572.462729][T14565] Call Trace: [ 572.462735][T14565] [ 572.462741][T14565] dump_stack_lvl+0x100/0x190 [ 572.462763][T14565] should_fail_ex.cold+0x5/0xa [ 572.462784][T14565] should_failslab+0xc2/0x120 [ 572.462802][T14565] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 572.462825][T14565] ? seq_open+0x55/0x170 [ 572.462840][T14565] ? __pfx_edid_show+0x10/0x10 [ 572.462860][T14565] ? __pfx_edid_open+0x10/0x10 [ 572.462877][T14565] seq_open+0x55/0x170 [ 572.462890][T14565] ? __pfx_edid_show+0x10/0x10 [ 572.462910][T14565] single_open+0xfc/0x1d0 [ 572.462924][T14565] full_proxy_open_regular+0x1b6/0x370 [ 572.462947][T14565] do_dentry_open+0x6d8/0x1660 [ 572.462965][T14565] ? __pfx_full_proxy_open_regular+0x10/0x10 [ 572.462989][T14565] vfs_open+0x82/0x3f0 [ 572.463013][T14565] path_openat+0x208c/0x31a0 [ 572.463037][T14565] ? __pfx_path_openat+0x10/0x10 [ 572.463062][T14565] do_file_open+0x20e/0x430 [ 572.463081][T14565] ? __pfx_do_file_open+0x10/0x10 [ 572.463112][T14565] ? alloc_fd+0x476/0x790 [ 572.463131][T14565] ? do_getname+0x191/0x390 [ 572.463154][T14565] do_sys_openat2+0x10d/0x1e0 [ 572.463176][T14565] ? __pfx_do_sys_openat2+0x10/0x10 [ 572.463203][T14565] ? __fget_files+0x21f/0x3d0 [ 572.463223][T14565] __x64_sys_openat+0x12d/0x210 [ 572.463252][T14565] ? __pfx___x64_sys_openat+0x10/0x10 [ 572.463278][T14565] ? rcu_is_watching+0x12/0xc0 [ 572.463300][T14565] do_syscall_64+0x10b/0xf80 [ 572.463322][T14565] ? clear_bhb_loop+0x40/0x90 [ 572.463342][T14565] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 572.463357][T14565] RIP: 0033:0x7faeacf9ce59 [ 572.463371][T14565] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 572.463386][T14565] RSP: 002b:00007faeadf11028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 572.463401][T14565] RAX: ffffffffffffffda RBX: 00007faead215fa0 RCX: 00007faeacf9ce59 [ 572.463411][T14565] RDX: 0000000000000400 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 572.463420][T14565] RBP: 00007faead032d6f R08: 0000000000000000 R09: 0000000000000000 [ 572.463429][T14565] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 572.463438][T14565] R13: 00007faead216038 R14: 00007faead215fa0 R15: 00007ffe15a1f598 [ 572.463458][T14565] [ 573.067705][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 573.078618][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 574.764209][ T30] audit: type=1804 audit(1843123288.935:20): pid=14606 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1951" name="/newroot/6/file0" dev="tmpfs" ino=48 res=1 errno=0 [ 574.872540][ T30] audit: type=1804 audit(1843123288.965:21): pid=14609 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.1951" name="/newroot/6/file0" dev="tmpfs" ino=48 res=1 errno=0 [ 575.081177][T14611] bridge0: port 3(vlan1) entered blocking state [ 575.102436][T14611] bridge0: port 3(vlan1) entered disabled state [ 575.137869][T14611] vlan1: entered allmulticast mode [ 575.155776][T14611] veth0_vlan: entered allmulticast mode [ 575.177756][T14611] vlan1: entered promiscuous mode [ 575.223166][T14611] bridge0: port 3(vlan1) entered blocking state [ 575.229524][T14611] bridge0: port 3(vlan1) entered forwarding state [ 575.352597][ T5629] Bluetooth: hci5: command 0x0406 tx timeout [ 575.359090][ T5631] Bluetooth: hci4: command 0x0406 tx timeout [ 575.365106][T14591] Bluetooth: hci6: command 0x0406 tx timeout [ 578.525059][T14658] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1964'. [ 578.536008][T14658] netlink: 'syz.3.1964': attribute type 3 has an invalid length. [ 578.667925][T14662] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1965'. [ 578.862087][ T5636] Bluetooth: hci5: unexpected subevent 0x01 length: 123 > 18 [ 578.887107][ T5636] Bluetooth: hci5: unexpected event 0x05 length: 6 > 4 [ 580.944464][ T5636] Bluetooth: hci5: command tx timeout [ 583.842444][ T5629] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 583.856406][ T5629] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 583.864131][ T5629] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 583.876964][ T5629] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 583.886158][ T5629] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 585.042298][T14743] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1979'. [ 585.150853][T14745] netlink: 326 bytes leftover after parsing attributes in process `syz.5.1979'. [ 585.216489][T14745] bridge0: port 2(bridge_slave_1) entered disabled state [ 585.224313][T14745] bridge0: port 1(bridge_slave_0) entered disabled state [ 585.609473][ T30] audit: type=1800 audit(1843123299.785:22): pid=14757 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.1981" name="lu_gp_id" dev="configfs" ino=62276 res=0 errno=0 [ 585.682625][T14723] bridge0: port 1(bridge_slave_0) entered blocking state [ 585.707721][T14723] bridge0: port 1(bridge_slave_0) entered disabled state [ 585.730266][T14723] bridge_slave_0: entered allmulticast mode [ 585.763997][T14723] bridge_slave_0: entered promiscuous mode [ 585.817533][T14723] bridge0: port 2(bridge_slave_1) entered blocking state [ 585.840565][T14723] bridge0: port 2(bridge_slave_1) entered disabled state [ 585.859032][T14723] bridge_slave_1: entered allmulticast mode [ 585.873319][T14723] bridge_slave_1: entered promiscuous mode [ 585.905671][ T5636] Bluetooth: hci12: command tx timeout [ 585.967148][T14723] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 586.011436][T14723] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 586.107964][T14753] block nbd2: not configured, cannot reconfigure [ 586.151777][T14723] team0: Port device team_slave_0 added [ 586.201054][T14723] team0: Port device team_slave_1 added [ 586.286466][T14723] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 586.309806][T14723] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 586.421694][T14723] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 586.558256][T14723] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 586.581429][T14764] FAULT_INJECTION: forcing a failure. [ 586.581429][T14764] name fail_futex, interval 1, probability 0, space 0, times 0 [ 586.608346][T14723] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 586.653034][T14764] CPU: 0 UID: 0 PID: 14764 Comm: syz.5.1982 Tainted: G L syzkaller #0 PREEMPT(full) [ 586.653058][T14764] Tainted: [L]=SOFTLOCKUP [ 586.653063][T14764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 586.653071][T14764] Call Trace: [ 586.653076][T14764] [ 586.653082][T14764] dump_stack_lvl+0x100/0x190 [ 586.653101][T14764] should_fail_ex.cold+0x5/0xa [ 586.653117][T14764] ? rcu_is_watching+0x12/0xc0 [ 586.653136][T14764] get_futex_key+0x1d2/0x1510 [ 586.653153][T14764] ? __pfx_get_futex_key+0x10/0x10 [ 586.653173][T14764] futex_wait_setup+0x83/0x510 [ 586.653199][T14764] __futex_wait+0x19f/0x300 [ 586.653220][T14764] ? __pfx___futex_wait+0x10/0x10 [ 586.653241][T14764] ? __pfx_futex_wake_mark+0x10/0x10 [ 586.653261][T14764] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 586.653276][T14764] ? __hrtimer_setup+0x208/0x330 [ 586.653293][T14764] ? ktime_add_safe+0x60/0x70 [ 586.653310][T14764] futex_wait+0xe6/0x370 [ 586.653329][T14764] ? __pfx_futex_wait+0x10/0x10 [ 586.653349][T14764] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 586.653370][T14764] do_futex+0x1ef/0x350 [ 586.653386][T14764] ? __pfx_do_futex+0x10/0x10 [ 586.653401][T14764] ? ktime_get+0x22c/0x320 [ 586.653422][T14764] ? lockdep_hardirqs_on+0x78/0x100 [ 586.653447][T14764] __x64_sys_futex+0x34f/0x4d0 [ 586.653465][T14764] ? __pfx___x64_sys_futex+0x10/0x10 [ 586.653484][T14764] ? rcu_is_watching+0x12/0xc0 [ 586.653503][T14764] do_syscall_64+0x10b/0xf80 [ 586.653524][T14764] ? clear_bhb_loop+0x40/0x90 [ 586.653541][T14764] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 586.653556][T14764] RIP: 0033:0x7fe80e99ce59 [ 586.653568][T14764] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 586.653581][T14764] RSP: 002b:00007fff83950308 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 586.653595][T14764] RAX: ffffffffffffffda RBX: 000000000008f334 RCX: 00007fe80e99ce59 [ 586.653604][T14764] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fe80ec15fac [ 586.653613][T14764] RBP: 0000000000000032 R08: 0000000000000001 R09: 0000000000000000 [ 586.653621][T14764] R10: 00007fff83950410 R11: 0000000000000246 R12: 00007fff83950430 [ 586.653630][T14764] R13: 00007fe80ec15fac R14: 000000000008f366 R15: 00007fff83950410 [ 586.653647][T14764] [ 587.139180][T14723] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 587.236172][T14723] hsr_slave_0: entered promiscuous mode [ 587.247957][T14723] hsr_slave_1: entered promiscuous mode [ 587.254656][T14723] debugfs: 'hsr0' already exists in 'hsr' [ 587.260446][T14723] Cannot create hsr debugfs directory [ 587.682437][T14723] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 587.748479][T14773] FAULT_INJECTION: forcing a failure. [ 587.748479][T14773] name failslab, interval 1, probability 0, space 0, times 0 [ 587.792182][T14773] CPU: 0 UID: 0 PID: 14773 Comm: syz.5.1984 Tainted: G L syzkaller #0 PREEMPT(full) [ 587.792209][T14773] Tainted: [L]=SOFTLOCKUP [ 587.792214][T14773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 587.792224][T14773] Call Trace: [ 587.792230][T14773] [ 587.792236][T14773] dump_stack_lvl+0x100/0x190 [ 587.792257][T14773] should_fail_ex.cold+0x5/0xa [ 587.792277][T14773] should_failslab+0xc2/0x120 [ 587.792295][T14773] __kmalloc_cache_noprof+0x7a/0x6f0 [ 587.792317][T14773] ? snd_virmidi_output_open+0xc4/0x670 [ 587.792343][T14773] snd_virmidi_output_open+0xc4/0x670 [ 587.792366][T14773] open_substream+0x480/0x9b0 [ 587.792384][T14773] rawmidi_open_priv+0x595/0x6f0 [ 587.792404][T14773] snd_rawmidi_open+0x4c9/0xba0 [ 587.792423][T14773] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 587.792441][T14773] ? __pfx_default_wake_function+0x10/0x10 [ 587.792463][T14773] ? kobject_get_unless_zero+0x156/0x200 [ 587.792482][T14773] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 587.792498][T14773] snd_open+0x201/0x450 [ 587.792520][T14773] ? __pfx_snd_open+0x10/0x10 [ 587.792541][T14773] chrdev_open+0x234/0x6a0 [ 587.792560][T14773] ? __pfx_apparmor_file_open+0x10/0x10 [ 587.792575][T14773] ? __pfx_chrdev_open+0x10/0x10 [ 587.792594][T14773] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 587.792618][T14773] do_dentry_open+0x6d8/0x1660 [ 587.792636][T14773] ? __pfx_chrdev_open+0x10/0x10 [ 587.792666][T14773] vfs_open+0x82/0x3f0 [ 587.792691][T14773] path_openat+0x208c/0x31a0 [ 587.792717][T14773] ? __pfx_path_openat+0x10/0x10 [ 587.792742][T14773] do_file_open+0x20e/0x430 [ 587.792762][T14773] ? __pfx_do_file_open+0x10/0x10 [ 587.792793][T14773] ? alloc_fd+0x476/0x790 [ 587.792813][T14773] ? do_getname+0x191/0x390 [ 587.792837][T14773] do_sys_openat2+0x10d/0x1e0 [ 587.792859][T14773] ? __pfx_do_sys_openat2+0x10/0x10 [ 587.792887][T14773] __x64_sys_openat+0x12d/0x210 [ 587.792910][T14773] ? __pfx___x64_sys_openat+0x10/0x10 [ 587.792931][T14773] ? exit_to_user_mode_loop+0xe2/0x4f0 [ 587.792950][T14773] ? rcu_is_watching+0x12/0xc0 [ 587.792970][T14773] do_syscall_64+0x10b/0xf80 [ 587.792991][T14773] ? clear_bhb_loop+0x40/0x90 [ 587.793009][T14773] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 587.793024][T14773] RIP: 0033:0x7fe80e99ce59 [ 587.793038][T14773] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 587.793052][T14773] RSP: 002b:00007fe80f82f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 587.793067][T14773] RAX: ffffffffffffffda RBX: 00007fe80ec15fa0 RCX: 00007fe80e99ce59 [ 587.793078][T14773] RDX: 0000000000000001 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 587.793088][T14773] RBP: 00007fe80ea32d6f R08: 0000000000000000 R09: 0000000000000000 [ 587.793097][T14773] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 587.793106][T14773] R13: 00007fe80ec16038 R14: 00007fe80ec15fa0 R15: 00007fff839501a8 [ 587.793126][T14773] [ 588.181881][ T31] INFO: task syz.2.1563:12724 blocked for more than 144 seconds. [ 588.189704][ T31] Tainted: G L syzkaller #0 [ 588.196217][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 588.204921][ T31] task:syz.2.1563 state:D stack:28112 pid:12724 tgid:12722 ppid:5623 task_flags:0x400140 flags:0x00080002 [ 588.218490][ T31] Call Trace: [ 588.221766][ T31] [ 588.225399][ T31] __schedule+0x1295/0x67a0 [ 588.229911][ T31] ? __pfx___schedule+0x10/0x10 [ 588.235250][ T31] ? find_held_lock+0x2b/0x80 [ 588.239924][ T31] ? schedule+0x2bf/0x390 [ 588.244293][ T31] schedule+0xdd/0x390 [ 588.248352][ T31] schedule_preempt_disabled+0x13/0x30 [ 588.253828][ T31] __mutex_lock+0xced/0x1b10 [ 588.258576][ T31] ? nfsd_nl_listener_get_doit+0x13e/0x7b0 [ 588.264411][ T31] ? __kmalloc_node_track_caller_noprof+0x321/0x850 [ 588.271036][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 588.276081][ T31] ? kmalloc_reserve+0xf9/0x350 [ 588.280922][ T31] ? skb_put+0x138/0x180 [ 588.285347][ T31] ? __nlmsg_put+0x152/0x1c0 [ 588.289942][ T31] ? nfsd_nl_listener_get_doit+0x13e/0x7b0 [ 588.295757][ T31] nfsd_nl_listener_get_doit+0x13e/0x7b0 [ 588.301382][ T31] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1e5/0x2f0 [ 588.308378][ T31] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1ef/0x2f0 [ 588.316994][ T31] genl_family_rcv_msg_doit+0x214/0x300 [ 588.322538][ T31] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 588.328721][ T31] ? genl_get_cmd+0x3e7/0x760 [ 588.333424][ T31] ? __dev_queue_xmit+0xa10/0x4950 [ 588.338694][ T31] ? __radix_tree_lookup+0x217/0x2b0 [ 588.344001][ T31] genl_rcv_msg+0x560/0x800 [ 588.348491][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 588.353540][ T31] ? __pfx_nfsd_nl_listener_get_doit+0x10/0x10 [ 588.359872][ T31] netlink_rcv_skb+0x159/0x420 [ 588.364658][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 588.369666][ T31] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 588.374985][ T31] ? netlink_deliver_tap+0x1ae/0xcc0 [ 588.380264][ T31] genl_rcv+0x28/0x40 [ 588.384274][ T31] netlink_unicast+0x585/0x850 [ 588.389032][ T31] ? __pfx_netlink_unicast+0x10/0x10 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 588.424469][ T5636] Bluetooth: hci12: command tx timeout [ 588.445365][ T31] netlink_sendmsg+0x8b0/0xda0 [ 588.487756][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 588.502697][ T31] ? __import_iovec+0x1d2/0x640 [ 588.532844][ T31] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 588.553699][ T31] ____sys_sendmsg+0x9e1/0xb70 [ 588.570968][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 588.583638][ T31] ? __pfx_____sys_sendmsg+0x10/0x10 [ 588.594992][ T31] ? kasan_quarantine_put+0x104/0x240 [ 588.613100][ T31] ? lockdep_hardirqs_on+0x78/0x100 [ 588.633321][ T31] ___sys_sendmsg+0x190/0x1e0 [ 588.652434][ T31] ? __pfx____sys_sendmsg+0x10/0x10 [ 588.673302][ T31] ? tomoyo_path_number_perm+0x188/0x580 [ 588.687838][ T31] __sys_sendmsg+0x170/0x220 [ 588.701551][ T31] ? __pfx___sys_sendmsg+0x10/0x10 [ 588.718975][ T31] ? kcov_ioctl+0x16a/0x720 [ 588.734775][ T31] ? rcu_is_watching+0x12/0xc0 [ 588.763787][ T31] ? kcov_ioctl+0x16a/0x720 [ 588.774694][ T31] ? rcu_is_watching+0x12/0xc0 [ 588.794590][ T31] do_syscall_64+0x10b/0xf80 [ 588.803939][ T31] ? clear_bhb_loop+0x40/0x90 [ 588.821829][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 588.830937][ T31] RIP: 0033:0x7fc05e99ce59 [ 588.840620][ T31] RSP: 002b:00007fc05cbd5028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 588.850882][ T31] RAX: ffffffffffffffda RBX: 00007fc05ec16090 RCX: 00007fc05e99ce59 [ 588.919903][ T31] RDX: 0000000020010090 RSI: 0000200000000380 RDI: 0000000000000009 [ 588.954024][ T31] RBP: 00007fc05ea32d6f R08: 0000000000000000 R09: 0000000000000000 [ 588.962514][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 588.972759][ T31] R13: 00007fc05ec16128 R14: 00007fc05ec16090 R15: 00007ffd14151b48 [ 588.991896][ T31] [ 588.999751][ T31] INFO: task syz.3.1564:12728 blocked for more than 145 seconds. [ 589.042437][ T31] Tainted: G L syzkaller #0 [ 589.055272][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 589.073147][ T31] task:syz.3.1564 state:D stack:27528 pid:12728 tgid:12725 ppid:8054 task_flags:0x400140 flags:0x00080002 [ 589.100497][ T31] Call Trace: [ 589.109376][ T31] [ 589.112329][ T31] __schedule+0x1295/0x67a0 [ 589.117447][ T31] ? __pfx___schedule+0x10/0x10 [ 589.122326][ T31] ? find_held_lock+0x2b/0x80 [ 589.127343][ T31] ? schedule+0x2bf/0x390 [ 589.131700][ T31] schedule+0xdd/0x390 [ 589.138624][ T31] schedule_preempt_disabled+0x13/0x30 [ 589.144311][ T31] __mutex_lock+0xced/0x1b10 [ 589.148908][ T31] ? nfsd_nl_listener_get_doit+0x13e/0x7b0 [ 589.154988][ T31] ? __kmalloc_node_track_caller_noprof+0x321/0x850 [ 589.161663][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 589.166951][ T31] ? kmalloc_reserve+0xf9/0x350 [ 589.171812][ T31] ? skb_put+0x138/0x180 [ 589.176294][ T31] ? __nlmsg_put+0x152/0x1c0 [ 589.181104][ T31] ? nfsd_nl_listener_get_doit+0x13e/0x7b0 [ 589.188794][ T31] nfsd_nl_listener_get_doit+0x13e/0x7b0 [ 589.195131][ T31] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1e5/0x2f0 [ 589.202083][ T31] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1ef/0x2f0 [ 589.211005][ T31] genl_family_rcv_msg_doit+0x214/0x300 [ 589.218730][ T31] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 589.225341][ T31] ? genl_get_cmd+0x3e7/0x760 [ 589.230042][ T31] ? __dev_queue_xmit+0xa10/0x4950 [ 589.238290][ T31] ? __radix_tree_lookup+0x217/0x2b0 [ 589.244033][ T31] genl_rcv_msg+0x560/0x800 [ 589.248547][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 589.253831][ T31] ? __pfx_nfsd_nl_listener_get_doit+0x10/0x10 [ 589.260085][ T31] netlink_rcv_skb+0x159/0x420 [ 589.265163][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 589.270196][ T31] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 589.275903][ T31] ? netlink_deliver_tap+0x1ae/0xcc0 [ 589.281396][ T31] genl_rcv+0x28/0x40 [ 589.285681][ T31] netlink_unicast+0x585/0x850 [ 589.290463][ T31] ? __pfx_netlink_unicast+0x10/0x10 [ 589.297604][ T31] netlink_sendmsg+0x8b0/0xda0 [ 589.302392][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 589.308744][ T31] ? __import_iovec+0x1d2/0x640 [ 589.315056][ T31] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 589.320711][ T31] ____sys_sendmsg+0x9e1/0xb70 [ 589.327288][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 589.332592][ T31] ? __pfx_____sys_sendmsg+0x10/0x10 [ 589.341052][ T31] ? __pfx_futex_wake_mark+0x10/0x10 [ 589.347115][ T31] ___sys_sendmsg+0x190/0x1e0 [ 589.351807][ T31] ? __pfx____sys_sendmsg+0x10/0x10 [ 589.357374][ T31] __sys_sendmsg+0x170/0x220 [ 589.362052][ T31] ? __pfx___sys_sendmsg+0x10/0x10 [ 589.367467][ T31] ? __x64_sys_futex+0x34f/0x4d0 [ 589.372418][ T31] ? rcu_is_watching+0x12/0xc0 [ 589.377399][ T31] do_syscall_64+0x10b/0xf80 [ 589.381998][ T31] ? clear_bhb_loop+0x40/0x90 [ 589.387141][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 589.393038][ T31] RIP: 0033:0x7f7a89f9ce59 [ 589.397719][ T31] RSP: 002b:00007f7a8ad7e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 589.408143][ T31] RAX: ffffffffffffffda RBX: 00007f7a8a216090 RCX: 00007f7a89f9ce59 [ 589.416793][ T31] RDX: 0000000020010090 RSI: 0000200000000380 RDI: 000000000000000a [ 589.430157][ T31] RBP: 00007f7a8a032d6f R08: 0000000000000000 R09: 0000000000000000 [ 589.439967][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 589.451070][ T31] R13: 00007f7a8a216128 R14: 00007f7a8a216090 R15: 00007fff8db1edc8 [ 589.459903][ T31] [ 589.531001][T14723] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 589.554938][ T31] INFO: task syz.0.1566:12735 blocked for more than 145 seconds. [ 589.594375][ T31] Tainted: G L syzkaller #0 [ 589.613300][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 589.633790][ T31] task:syz.0.1566 state:D stack:26152 pid:12735 tgid:12734 ppid:5622 task_flags:0x400140 flags:0x00080002 [ 589.665215][ T31] Call Trace: [ 589.668586][ T31] [ 589.671511][ T31] __schedule+0x1295/0x67a0 [ 589.684751][ T31] ? __pfx___schedule+0x10/0x10 [ 589.694875][ T31] ? find_held_lock+0x2b/0x80 [ 589.703420][ T31] ? schedule+0x2bf/0x390 [ 589.713383][ T31] schedule+0xdd/0x390 [ 589.723461][ T31] schedule_preempt_disabled+0x13/0x30 [ 589.734963][ T31] __mutex_lock+0xced/0x1b10 [ 589.751668][ T31] ? nfsd_nl_threads_set_doit+0x8ec/0x12b0 [ 589.766049][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 589.775049][ T31] ? net_generic+0xea/0x2a0 [ 589.779567][ T31] ? net_generic+0xea/0x2a0 [ 589.784417][ T31] ? nfsd_nl_threads_set_doit+0x8ec/0x12b0 [ 589.790253][ T31] nfsd_nl_threads_set_doit+0x8ec/0x12b0 [ 589.796354][ T31] genl_family_rcv_msg_doit+0x214/0x300 [ 589.801917][ T31] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 589.808247][ T31] ? genl_get_cmd+0x3e7/0x760 [ 589.812950][ T31] ? bpf_lsm_capable+0x9/0x10 [ 589.817868][ T31] ? security_capable+0x80/0x260 [ 589.822822][ T31] genl_rcv_msg+0x560/0x800 [ 589.828272][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 589.833504][ T31] ? __pfx_nfsd_nl_threads_set_doit+0x10/0x10 [ 589.839585][ T31] netlink_rcv_skb+0x159/0x420 [ 589.846631][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 589.854875][ T31] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 589.860187][ T31] ? netlink_deliver_tap+0x1ae/0xcc0 [ 589.865725][ T31] genl_rcv+0x28/0x40 [ 589.869711][ T31] netlink_unicast+0x585/0x850 [ 589.878050][ T31] ? __pfx_netlink_unicast+0x10/0x10 [ 589.883832][ T31] netlink_sendmsg+0x8b0/0xda0 [ 589.888613][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 589.894126][ T31] ? __import_iovec+0x1d2/0x640 [ 589.899167][ T31] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 589.905142][ T31] ____sys_sendmsg+0x9e1/0xb70 [ 589.909930][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 589.917007][ T31] ? __pfx_____sys_sendmsg+0x10/0x10 [ 589.922304][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 589.927976][ T31] ? try_to_wake_up+0x5f6/0x1900 [ 589.932925][ T31] ___sys_sendmsg+0x190/0x1e0 [ 589.937841][ T31] ? __pfx____sys_sendmsg+0x10/0x10 [ 589.943056][ T31] ? futex_private_hash_put+0x107/0x1c0 [ 589.948928][ T31] __sys_sendmsg+0x170/0x220 [ 589.958140][ T31] ? __pfx___sys_sendmsg+0x10/0x10 [ 589.964621][ T31] ? __x64_sys_futex+0x34f/0x4d0 [ 589.969613][ T31] ? rcu_is_watching+0x12/0xc0 [ 589.975095][ T31] do_syscall_64+0x10b/0xf80 [ 589.979705][ T31] ? clear_bhb_loop+0x40/0x90 [ 589.987539][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 589.993904][ T31] RIP: 0033:0x7f1ee619ce59 [ 589.998516][ T31] RSP: 002b:00007f1ee6f91028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 590.007166][ T31] RAX: ffffffffffffffda RBX: 00007f1ee6415fa0 RCX: 00007f1ee619ce59 [ 590.015302][ T31] RDX: 000000000000c840 RSI: 0000200000000480 RDI: 000000000000000a [ 590.023497][ T31] RBP: 00007f1ee6232d6f R08: 0000000000000000 R09: 0000000000000000 [ 590.031468][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 590.039702][ T31] R13: 00007f1ee6416038 R14: 00007f1ee6415fa0 R15: 00007fffc0dec868 [ 590.047867][ T31] [ 590.086473][ T31] INFO: task syz.0.1566:12740 blocked for more than 146 seconds. [ 590.127972][ T31] Tainted: G L syzkaller #0 [ 590.143874][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 590.161287][ T31] task:syz.0.1566 state:D stack:28136 pid:12740 tgid:12734 ppid:5622 task_flags:0x400140 flags:0x00080002 [ 590.193250][ T31] Call Trace: [ 590.196542][ T31] [ 590.199462][ T31] __schedule+0x1295/0x67a0 [ 590.214422][ T31] ? __pfx___schedule+0x10/0x10 [ 590.223682][ T31] ? find_held_lock+0x2b/0x80 [ 590.233416][ T31] ? schedule+0x2bf/0x390 [ 590.243428][ T31] schedule+0xdd/0x390 [ 590.253370][ T31] schedule_preempt_disabled+0x13/0x30 [ 590.264544][ T31] __mutex_lock+0xced/0x1b10 [ 590.273384][ T31] ? nfsd_nl_listener_get_doit+0x13e/0x7b0 [ 590.299911][ T31] ? __kmalloc_node_track_caller_noprof+0x321/0x850 [ 590.315599][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 590.333253][ T31] ? kmalloc_reserve+0xf9/0x350 [ 590.340050][ T31] ? skb_put+0x138/0x180 [ 590.346890][ T31] ? __nlmsg_put+0x152/0x1c0 [ 590.351498][ T31] ? nfsd_nl_listener_get_doit+0x13e/0x7b0 [ 590.357532][ T31] nfsd_nl_listener_get_doit+0x13e/0x7b0 [ 590.366039][ T31] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1e5/0x2f0 [ 590.372983][ T31] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1ef/0x2f0 [ 590.380242][ T31] genl_family_rcv_msg_doit+0x214/0x300 [ 590.388626][ T31] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 590.394861][ T31] ? genl_get_cmd+0x3e7/0x760 [ 590.399561][ T31] ? __dev_queue_xmit+0xa10/0x4950 [ 590.407391][ T31] ? __radix_tree_lookup+0x217/0x2b0 [ 590.412705][ T31] genl_rcv_msg+0x560/0x800 [ 590.417430][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 590.422455][ T31] ? __pfx_nfsd_nl_listener_get_doit+0x10/0x10 [ 590.432075][ T31] netlink_rcv_skb+0x159/0x420 [ 590.437841][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 590.442875][ T31] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 590.448510][ T31] ? netlink_deliver_tap+0x1ae/0xcc0 [ 590.453944][ T31] genl_rcv+0x28/0x40 [ 590.457925][ T31] netlink_unicast+0x585/0x850 [ 590.462682][ T31] ? __pfx_netlink_unicast+0x10/0x10 [ 590.471017][ T5629] Bluetooth: hci12: command tx timeout [ 590.481069][ T31] netlink_sendmsg+0x8b0/0xda0 [ 590.486071][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 590.491446][ T31] ? __import_iovec+0x1d2/0x640 [ 590.496538][ T31] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 590.502184][ T31] ____sys_sendmsg+0x9e1/0xb70 [ 590.507284][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 590.512772][ T31] ? __pfx_____sys_sendmsg+0x10/0x10 [ 590.522392][ T31] ? kasan_quarantine_put+0x104/0x240 [ 590.527979][ T31] ? lockdep_hardirqs_on+0x78/0x100 [ 590.535672][ T31] ___sys_sendmsg+0x190/0x1e0 [ 590.540369][ T31] ? __pfx____sys_sendmsg+0x10/0x10 [ 590.552663][ T31] ? tomoyo_path_number_perm+0x188/0x580 [ 590.558484][ T31] __sys_sendmsg+0x170/0x220 [ 590.563085][ T31] ? __pfx___sys_sendmsg+0x10/0x10 [ 590.571764][ T31] ? kcov_ioctl+0x16a/0x720 [ 590.576831][ T31] ? rcu_is_watching+0x12/0xc0 [ 590.581619][ T31] ? kcov_ioctl+0x16a/0x720 [ 590.586419][ T31] ? rcu_is_watching+0x12/0xc0 [ 590.591279][ T31] do_syscall_64+0x10b/0xf80 [ 590.596123][ T31] ? clear_bhb_loop+0x40/0x90 [ 590.600812][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 590.607015][ T31] RIP: 0033:0x7f1ee619ce59 [ 590.611621][ T31] RSP: 002b:00007f1ee6f70028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 590.620327][ T31] RAX: ffffffffffffffda RBX: 00007f1ee6416090 RCX: 00007f1ee619ce59 [ 590.634733][ T31] RDX: 0000000020010090 RSI: 0000200000000380 RDI: 0000000000000009 [ 590.642716][ T31] RBP: 00007f1ee6232d6f R08: 0000000000000000 R09: 0000000000000000 [ 590.655083][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 590.663072][ T31] R13: 00007f1ee6416128 R14: 00007f1ee6416090 R15: 00007fffc0dec868 [ 590.673967][ T31] [ 590.704819][ T31] [ 590.704819][ T31] Showing all locks held in the system: [ 590.738153][ T31] 1 lock held by khungtaskd/31: [ 590.743059][ T31] #0: ffffffff8e7e5420 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184 [ 590.756597][ T31] 3 locks held by kworker/0:2/994: [ 590.761732][ T31] #0: ffff88813fe5b140 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x12d6/0x1980 [ 590.776612][ T31] #1: ffffc90004e4fd08 ((work_completion)(&data->fib_event_work)){+.+.}-{0:0}, at: process_one_work+0x973/0x1980 [ 590.789360][ T31] #2: ffff8880275ef250 (&data->fib_lock){+.+.}-{4:4}, at: nsim_fib_event_work+0x1b8/0x63b0 [ 590.800908][ T31] 2 locks held by getty/5387: [ 590.805760][ T31] #0: ffff8880336710a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 590.815757][ T31] #1: ffffc900032332e8 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x419/0x14f0 [ 590.826184][ T31] 2 locks held by syz.2.1563/12723: [ 590.831379][ T31] #0: ffffffff906bf108 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 590.839837][ T31] #1: ffffffff8ec62340 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_threads_set_doit+0x8ec/0x12b0 [ 590.852247][ T31] 2 locks held by syz.2.1563/12724: [ 590.857638][ T31] #0: ffffffff906bf108 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 590.869284][ T31] #1: ffffffff8ec62340 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_listener_get_doit+0x13e/0x7b0 [ 590.882155][ T31] 2 locks held by syz.3.1564/12728: [ 590.888786][ T31] #0: ffffffff906bf108 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 590.897240][ T31] #1: ffffffff8ec62340 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_listener_get_doit+0x13e/0x7b0 [ 590.907499][ T31] 2 locks held by syz.0.1566/12735: [ 590.912690][ T31] #0: ffffffff906bf108 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 590.921348][ T31] #1: ffffffff8ec62340 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_threads_set_doit+0x8ec/0x12b0 [ 590.931594][ T31] 2 locks held by syz.0.1566/12740: [ 590.937013][ T31] #0: ffffffff906bf108 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 590.945401][ T31] #1: ffffffff8ec62340 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_listener_get_doit+0x13e/0x7b0 [ 590.958401][ T31] 2 locks held by syz-executor/12799: [ 590.963899][ T31] #0: ffff88801c3e00d8 (&type->s_umount_key#53){++++}-{4:4}, at: deactivate_super+0xdf/0x110 [ 590.978660][ T31] #1: ffffffff8ec62340 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0 [ 590.989034][ T31] 2 locks held by syz-executor/12825: [ 590.996406][ T31] #0: ffff8880342ac0d8 (&type->s_umount_key#53){++++}-{4:4}, at: deactivate_super+0xdf/0x110 [ 591.006913][ T31] #1: ffffffff8ec62340 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0 [ 591.016691][ T31] 2 locks held by syz.1.1637/13044: [ 591.022052][ T31] #0: ffff88808b47c0d8 (&type->s_umount_key#53){++++}-{4:4}, at: deactivate_super+0xdf/0x110 [ 591.034723][ T31] #1: ffffffff8ec62340 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0 [ 591.044487][ T31] 2 locks held by syz-executor/13283: [ 591.049852][ T31] #0: ffff888079c560d8 (&type->s_umount_key#53){++++}-{4:4}, at: deactivate_super+0xdf/0x110 [ 591.060442][ T31] #1: ffffffff8ec62340 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0 [ 591.072280][ T31] 2 locks held by syz-executor/13298: [ 591.077864][ T31] #0: ffff88807c23e0d8 (&type->s_umount_key#53){++++}-{4:4}, at: deactivate_super+0xdf/0x110 [ 591.093474][ T31] #1: ffffffff8ec62340 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0 [ 591.103144][ T31] 2 locks held by syz-executor/14174: [ 591.110368][ T31] #0: ffff888026b3c0d8 (&type->s_umount_key#53){++++}-{4:4}, at: deactivate_super+0xdf/0x110 [ 591.121184][ T31] #1: ffffffff8ec62340 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0 [ 591.131110][ T31] 1 lock held by syz.5.1886/14197: [ 591.136445][ T31] #0: ffffffff8e7f0e38 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x48/0x6d0 [ 591.146517][ T31] 2 locks held by syz-executor/14307: [ 591.151881][ T31] #0: ffff8880365e40d8 (&type->s_umount_key#53){++++}-{4:4}, at: deactivate_super+0xdf/0x110 [ 591.162417][ T31] #1: ffffffff8ec62340 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0 [ 591.172143][ T31] 9 locks held by syz-executor/14723: [ 591.179979][ T31] #0: ffff888034912410 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 591.192077][ T31] #1: ffff88802bb3dc80 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 591.203956][ T31] #2: ffff88802a588968 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 591.215557][ T31] #3: ffffffff8fb81440 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 591.226156][ T31] #4: ffff88802d700128 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xb2/0x620 [ 591.236919][ T31] #5: ffff888078a8a258 (&devlink->lock_key#2){+.+.}-{4:4}, at: nsim_drv_remove+0x4a/0x1e0 [ 591.247091][ T31] #6: ffffffff90610c20 (rtnl_mutex){+.+.}-{4:4}, at: nsim_destroy+0x19e/0x970 [ 591.256273][ T31] #7: ffff88802d238dc8 (&dev_instance_lock_key#23){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0x47f/0x24f0 [ 591.268519][ T31] #8: ffffffff8e7f0f68 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x27f/0x3c0 [ 591.278863][ T31] 1 lock held by syz.3.1985/14776: [ 591.289292][ T31] #0: ffffffff90610c20 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x220 [ 591.326557][ T31] [ 591.329527][ T31] ============================================= [ 591.329527][ T31] [ 591.339525][T14723] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 591.349964][ T31] NMI backtrace for cpu 0 [ 591.349978][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full) [ 591.349997][ T31] Tainted: [L]=SOFTLOCKUP [ 591.350002][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 591.350011][ T31] Call Trace: [ 591.350015][ T31] [ 591.350021][ T31] dump_stack_lvl+0x100/0x190 [ 591.350040][ T31] nmi_cpu_backtrace.cold+0x12d/0x151 [ 591.350057][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 591.350073][ T31] nmi_trigger_cpumask_backtrace+0x1d7/0x230 [ 591.350094][ T31] sys_info+0x141/0x190 [ 591.350109][ T31] watchdog+0xcb1/0x1030 [ 591.350132][ T31] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 591.350153][ T31] ? __pfx_watchdog+0x10/0x10 [ 591.350173][ T31] ? __kthread_parkme+0x18c/0x230 [ 591.350195][ T31] ? kthread+0x13a/0x450 [ 591.350207][ T31] ? __pfx_watchdog+0x10/0x10 [ 591.350225][ T31] kthread+0x370/0x450 [ 591.350237][ T31] ? __pfx_kthread+0x10/0x10 [ 591.350250][ T31] ret_from_fork+0x72b/0xd50 [ 591.350266][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 591.350282][ T31] ? __switch_to+0x800/0x1100 [ 591.350308][ T31] ? __switch_to_asm+0x39/0x70 [ 591.350326][ T31] ? __pfx_kthread+0x10/0x10 [ 591.350339][ T31] ret_from_fork_asm+0x1a/0x30 [ 591.350366][ T31] [ 591.550717][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 591.557585][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full) [ 591.568242][ T31] Tainted: [L]=SOFTLOCKUP [ 591.572543][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 591.582580][ T31] Call Trace: [ 591.585847][ T31] [ 591.588762][ T31] dump_stack_lvl+0x100/0x190 [ 591.593425][ T31] vpanic+0x552/0x970 [ 591.597390][ T31] ? __pfx_vpanic+0x10/0x10 [ 591.601874][ T31] ? nmi_trigger_cpumask_backtrace+0x182/0x230 [ 591.608015][ T31] ? nmi_trigger_cpumask_backtrace+0x182/0x230 [ 591.614155][ T31] panic+0xd1/0xe0 [ 591.617857][ T31] ? __pfx_panic+0x10/0x10 [ 591.622256][ T31] ? nmi_trigger_cpumask_backtrace+0x1b5/0x230 [ 591.628398][ T31] ? nmi_trigger_cpumask_backtrace+0x1f6/0x230 [ 591.634536][ T31] ? nmi_trigger_cpumask_backtrace+0x200/0x230 [ 591.640673][ T31] ? watchdog.cold+0x1ec/0x234 [ 591.645419][ T31] ? watchdog+0xcc1/0x1030 [ 591.649824][ T31] watchdog.cold+0x1fd/0x234 [ 591.654420][ T31] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 591.660212][ T31] ? __pfx_watchdog+0x10/0x10 [ 591.664874][ T31] ? __kthread_parkme+0x18c/0x230 [ 591.669887][ T31] ? kthread+0x13a/0x450 [ 591.674108][ T31] ? __pfx_watchdog+0x10/0x10 [ 591.678770][ T31] kthread+0x370/0x450 [ 591.682816][ T31] ? __pfx_kthread+0x10/0x10 [ 591.687385][ T31] ret_from_fork+0x72b/0xd50 [ 591.691958][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 591.697052][ T31] ? __switch_to+0x800/0x1100 [ 591.701715][ T31] ? __switch_to_asm+0x39/0x70 [ 591.706463][ T31] ? __pfx_kthread+0x10/0x10 [ 591.711031][ T31] ret_from_fork_asm+0x1a/0x30 [ 591.715789][ T31] [ 591.718843][ T31] Kernel Offset: disabled [ 591.723151][ T31] Rebooting in 86400 seconds..