last executing test programs: 12m44.133859232s ago: executing program 3 (id=459): r0 = prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0x2) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D3\x00', 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) pwrite64$auto(0xffffffffffffffff, 0x0, 0x4, 0x3) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xa4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY\xad\xd6\xc5\xab`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4[\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket(0xa, 0x6, 0x303) timerfd_settime$auto(r0, 0x1000, &(0x7f0000000000)={{0x5, 0x5}, {0x4, 0x9}}, &(0x7f0000000180)={{0x8000000000000001, 0x1474}, {0x80008, 0x6}}) bpf$auto(0x9, &(0x7f00000002c0)=@raw_tracepoint={0xfffffffffffffff7, r2, 0x0, 0xc}, 0x2f9) close_range$auto(0x2, 0x8, 0x0) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x7, 0x4008) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r3 = timerfd_create$auto(0x9, 0x0) semctl$auto(0x1ff, 0x2, 0x13, 0x4) ioctl$auto(r3, 0x40085400, 0x5) ioprio_set$auto(0x2, 0x800000000, 0x8) preadv2$auto(0x3, &(0x7f0000001000)={0x0, 0xfff5}, 0x5, 0xffffffffffffffff, 0x7, 0x2e) r4 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) getsockopt$auto_SO_REUSEADDR(r4, 0x9a, 0x2, &(0x7f0000000000)='%\xf8+\x85*3#{,\\&\x00', &(0x7f0000000380)) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@vsock={0x28, 0x0, 0x2710, @hyper}, 0x4) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) r5 = pidfd_open$auto(0x1, 0x0) setns(r5, 0x60020000) mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) 12m41.494134898s ago: executing program 3 (id=470): bpf$auto(0x9, 0x0, 0x9) socket(0x2, 0x5, 0x0) getcwd$auto(0x0, 0xffffffffffffffff) setsockopt$auto(0x3, 0x10000000084, 0x2, 0x0, 0x8) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/devices/platform/vivid.0/video4linux/video9/index\x00', 0x141c00, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000b40)=""/4096, 0x1000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) shutdown$auto(0x200000003, 0x2) unshare$auto(0x40000080) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) connect$auto(0x3, &(0x7f00000018c0)=@in={0x2, 0x300, @loopback=0xac14140a}, 0x55) 12m37.73122517s ago: executing program 3 (id=485): mmap$auto(0x5, 0x8e, 0x8, 0x8000000000000010, 0xffffffffffffffff, 0x300000000000) socket(0xa, 0x3, 0x3b) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000048c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x890) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xcd) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000e3d9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/slab/kmalloc-64/objects\x00', 0x20000, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/block/ram1/queue/add_random\x00', 0x1a1842, 0x0) write$auto(r1, &(0x7f0000000000)='9\x00d1L\xff\x15\xba\xa17=(\xc1\xf8\xff\xff\v\xb5^\xa1/[', 0x4) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram9\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x2020009, 0x2, 0xf8, 0xfffffffffffffffa, 0x8000) write$auto(0xffffffffffffffff, &(0x7f0000000000)='//\xf2\x00', 0x80000000) ioctl$auto_BLKRRPART(r2, 0x125f, 0x0) unshare$auto(0x40000080) mmap$auto(0xfffffffffffffffa, 0xe983, 0x2, 0xeb1, 0xffffffffffffffff, 0x5fa) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x60042, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) socketpair$auto(0x1, 0x3, 0x5, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x103e81, 0x0) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x0, 0x0) ioctl$auto_TCFLSH2(r3, 0x5408, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000001980)={0x3c, r5, 0x1b, 0x74bd26, 0x25dfdbfd, {}, [@OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_ACTIONS={0xc, 0x3, 0x0, 0x1, [@nested={0x8, 0x6, 0x0, 0x1, [@generic="b14e1007"]}]}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "898771f1c19f17790485908286dd"}, @OVS_PACKET_ATTR_KEY={0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4044000}, 0x20048880) socket$nl_generic(0x10, 0x3, 0x10) 12m34.871459659s ago: executing program 3 (id=494): mmap$auto(0x80000, 0x20009, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/system/memory/memory15/online\x00', 0xa001, 0x0) write$auto(r1, &(0x7f0000000540)='\x00\x00\x00\x00\x00\x92\xacg`\x9c\'\xb2%\v\xb0;\x01\xac=,\x16=[!R\xd0Hv\xa9\x02\xf6gv\xba\xfa\x06z\xaa\xa6l9c\xf5/{\x17\xf8?7\xc8\xc7\xbf\x10\xbd\xefT\xa6\xbc\x90\x8a)I\xf0O\xb2\xd5\x1fd\xca3\"\x9a\x8ek\x00\x92\xcd\xc0\x93U\x95\x1d\xec\xceL\xe0\xe6=\xa7\xe4\xee\x87\xaa\x9c\x98h=\xf4\x11o\xe5\xb8\xb2\xbcg\xed\x83\xde!\x02\x9ar\x1eui{w\x9f\x8c_\x91]F\x84\xe0\xa3\r\xe0\f\x18\xd7\xb7\x01\x00\x00\x00\x8f\xe3\xd5\a\xd2\xdfV\x87\x9d\x13R\xf4\xc5\xe4*u\xbcV@\xc0\xe48\xf5m\xda+\x01\vU\x16', 0x48) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram11\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r2, &(0x7f0000000080)={0x0, 0x80000003}, 0x6, 0xffffffffffffffff, 0x0, 0x2f) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_NEW(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010026bd7020f8dbdf2501000000080002001ff318a76fdd37f287cebaaf6ac55cc41c249738bebc330bef636a1185452dd3657d", @ANYRES32=0x4, @ANYBLOB="08000200", @ANYRES32=0x9, @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x801}, 0x80) r5 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, 0x0, 0x105000, 0x0) ioctl$auto_VHOST_SET_BACKEND_FEATURES(r5, 0x4008af25, 0x0) r6 = openat$auto_fops_u32_ro_(0xffffffffffffff9c, &(0x7f0000000640)='/sys/kernel/debug/netdevsim/netdevsim0/ports/3/bpf_offloaded_id\x00', 0x20082, 0x0) writev$auto(r6, 0x0, 0x7) r7 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000002340)='/dev/binderfs/binder1\x00', 0x0, 0x0) r8 = dup$auto(r7) ioctl$auto_SCSI_IOCTL_DOORLOCK(r8, 0x5380, &(0x7f00000000c0)="33ca7089746618741c87ea79940a4243b98519a4b10cb3dc6438e684d3f8d726b013887e3581765d0d9919985a43f562f5f6b865333efb08fb4f5ed16c768f07ba9fd68be404ff55d20b69ab47271f62ea469ba032d3daadc6d540ddd0eb0e2a2dc661e8ce7bf6a11c064af53cc5f1a0b85a976f9e64c735be31fa5f37a5fc631694a7d84ee34e89cf5265a69cfe8d94bf8a5feaf619db22d8ab56298b685046b9a622d9") sendmsg$auto_KSMBD_EVENT_LOGOUT_REQUEST(0xffffffffffffffff, 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000280)=""/222, 0xde) capset$auto(&(0x7f0000000180)={0x19980330}, 0x0) r9 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) ioctl$auto(r9, 0x401070cd, 0x5) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x9, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0xffffffffffffffff, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) ioctl$auto_BINDER_THREAD_EXIT(r8, 0x40046208, 0x0) r10 = bpf$auto_BPF_BTF_LOAD(0x12, &(0x7f0000000080)=@batch={0x2e1, 0x9, 0xfffffffffffffffb, 0x200, 0x9, r0, 0x9, 0x40}, 0x13) ioctl$auto_SNDCTL_DSP_CHANNELS(r10, 0xc0045006, &(0x7f0000000140)="75c14870a757a0c79d2871f46e29c0c4ebc075d3b50b6dc8cf104048d4cd1f3934f16dc3ba39f74a4fade5e6e3e9be6cbc25948b803a4dafe7e9275ff04c372ee79cf53fdfcdbd9dcbb2cc153aab620ad54d5e133f905662120fe3999e97") ioctl$auto(r1, 0x9, r0) 12m34.518343323s ago: executing program 3 (id=496): mmap$auto(0x9, 0x20009, 0x6, 0xeb5, 0x401, 0x8000) ioctl$auto_TUNSETOWNER(0xffffffffffffffff, 0x400454cc, &(0x7f0000000340)=0x80000000) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, 0x0, 0x24008000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/ati_remote2/parameters/channel_mask\x00', 0x1e1842, 0x0) r1 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000480)='/dev/video18\x00', 0x802, 0x0) write$auto_v4l2_fops_v4l2_dev(r1, &(0x7f00000000c0), 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x602, 0x1) fanotify_mark$auto(0x0, 0x451, 0x40, 0xffffffffffffffff, 0x0) write$auto(r0, &(0x7f0000000180)='7\x00\x00\xec\x007\xfe(\xbd\xb0\x86\xe0K\xcf\xcf\x8d\xf2S6\x9e\x81\xcdc\xd7\x19-7\xc2\x89\x9d\x8cR`\xab6F\xd6O\x8b[\"\x80\xd0\xd2!\xc5\xdf\x8c&\xbd\x12\xb0\xa9v\vK\xfe+\xfb4\x02l\t5:a\xbf\xaf\xe3VX\x8d/l\f\xef\x1c\xc9\x13\xf6\x86\xb9N\xeeq\'\xb8\xb0\xa4\xd8\x94\xb8\xbc\b1\xc5\xb7\xca\x8e\x94\x0e\xc9\x99C\x97\xc2]\x80,\xaa\xf5\x17\xacnQ>\aH\xf6\xd6`/f\xcf\x8d\xaa\x00\xd5\x91\x9f\x96\xc6\xa4\'N\xebE\x8b', 0x400000000003) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x1, 0x0) futex$auto(0x0, 0x6, 0x6, 0x0, 0x0, 0xffffffd6) tkill$auto(0x1, 0x7) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, 0x0) ppoll$auto(0x0, 0x2, 0x0, 0x0, 0x8) read$auto_nsim_dev_trap_fa_cookie_fops_dev(0xffffffffffffffff, 0x0, 0x0) ioctl$auto_SNDCTL_DSP_SYNC(0xffffffffffffffff, 0x5001, 0xfffffffffffffffc) socketpair$auto(0x4, 0x9, 0x80, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) sysfs$auto(0x2, 0xd, 0x0) r2 = fsopen$auto(0x0, 0x1) fsconfig$auto(r2, 0x8, 0x0, 0x0, 0x0) read$auto_regulator_summary_fops_(r2, 0x0, 0x0) 12m33.725163576s ago: executing program 3 (id=499): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x10b402, 0x0) pread64$auto(r0, 0x0, 0x800003, 0x270) r1 = getpid() process_vm_readv$auto(r1, &(0x7f0000000000)={0x0, 0xfff}, 0x800000001, &(0x7f0000000280)={&(0x7f0000000080), 0x1ffffffff}, 0x6, 0x0) prctl$auto_PR_SET_MM_START_STACK(0x8, 0x5, r1, 0x7ff, 0x3) syz_genetlink_get_family_id$auto_ovs_vport(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x3, 0x3, 0xfffffffffffffffd, 0xfffffffffffffffa, 0x8000) bind$auto(0xffffffffffffffff, &(0x7f0000000000)=@llc={0x1a, 0x110, 0x2, 0x9, 0x4, 0x0, @remote}, 0x4) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r2 = socket$nl_generic(0x10, 0x3, 0x10) fcntl$auto_F_GETOWNER_UIDS(r2, 0x11, 0x8) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r3 = pidfd_open$auto(0x1, 0x0) move_mount$auto(0xffffffffffffffff, 0x0, r3, 0x0, 0x273) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="588d2400", @ANYRES16=0x0, @ANYBLOB="000326bd7000fddbdf2502000000080027000800000005001900050000"], 0x24}, 0x1, 0x0, 0x0, 0x40814}, 0x24008000) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 12m33.284386763s ago: executing program 32 (id=499): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x10b402, 0x0) pread64$auto(r0, 0x0, 0x800003, 0x270) r1 = getpid() process_vm_readv$auto(r1, &(0x7f0000000000)={0x0, 0xfff}, 0x800000001, &(0x7f0000000280)={&(0x7f0000000080), 0x1ffffffff}, 0x6, 0x0) prctl$auto_PR_SET_MM_START_STACK(0x8, 0x5, r1, 0x7ff, 0x3) syz_genetlink_get_family_id$auto_ovs_vport(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x3, 0x3, 0xfffffffffffffffd, 0xfffffffffffffffa, 0x8000) bind$auto(0xffffffffffffffff, &(0x7f0000000000)=@llc={0x1a, 0x110, 0x2, 0x9, 0x4, 0x0, @remote}, 0x4) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r2 = socket$nl_generic(0x10, 0x3, 0x10) fcntl$auto_F_GETOWNER_UIDS(r2, 0x11, 0x8) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r3 = pidfd_open$auto(0x1, 0x0) move_mount$auto(0xffffffffffffffff, 0x0, r3, 0x0, 0x273) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="588d2400", @ANYRES16=0x0, @ANYBLOB="000326bd7000fddbdf2502000000080027000800000005001900050000"], 0x24}, 0x1, 0x0, 0x0, 0x40814}, 0x24008000) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 1m41.225947183s ago: executing program 2 (id=2334): io_uring_setup$auto(0x1, 0x0) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop6\x00', 0x18dd01, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1cf503, 0x0) socket(0x2, 0x801, 0x106) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x8000, 0x0) ioctl$auto(r0, 0xffffffff, r1) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) ioctl$auto(0xffffffffffffffff, 0x541c, 0xffffffffffffffff) r2 = socket(0x2, 0x1, 0x0) syz_genetlink_get_family_id$auto_ovs_flow(0x0, r2) fstat$auto(0xffffffffffffffff, &(0x7f0000000280)={0x8, 0xc, 0x5, 0x1ab8, 0x0, 0x0, 0x0, 0x5, 0x5, 0xff, 0x80, 0x5, 0x9, 0x6, 0x8, 0x7, 0x8000}) shmctl$auto_IPC_STAT(0x9, 0x2, &(0x7f0000000240)={{0x1, 0xee00, 0xee01, 0x32, 0x7c8, 0x2, 0x400}, 0xfffffff9, 0x8, 0x8, 0x7, @inferred=0xffffffffffffffff, @inferred, 0xc, 0x0, &(0x7f00000000c0)="0131542f11909472f050dd9b2c0de975ec5671948ffa1dba5643ae6d7e2cdb0eea2a00fc57a1a5411f3dd97c6be2b8de9b8070995fd7856e3be65c409af2f7117a1cc7fe46c851df38fc868f1ee415e96ed7ed249dfe298d2d6776e2fc74c698cf9ff6dce3ac97e69fc3eb", &(0x7f0000000180)}) sendmsg$auto_OVS_FLOW_CMD_NEW(r2, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000002c0)={&(0x7f0000002640)=ANY=[@ANYBLOB="802390c0", @ANYBLOB="000426bd7000ffdbdf25010000000400060008000a0003000000e0110280cd004f00c8a9313682910f2d9f30bab893cba1ab2da61648e9b8bdb930d6767acc2b4e5cc9e1c69d8a6a32445972b6e8a8566aae6034c69c187d247656d78603806bd32e9852f32f4febbb7020b7b82eee8cf04028d53e6cabe4d407dbe889bbb777983d7f27fae4ba04d67e650900a9", @ANYRES32, @ANYBLOB], 0x1280}, 0x1, 0x0, 0x0, 0x24080044}, 0x4001) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/veth1_vlan/disable_ipv6\x00', 0x82002, 0x0) r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000340)='/proc/sys/net/ipv6/conf/veth0_macvtap/mldv2_unsolicited_report_interval\x00', 0x0, 0x0) sendfile$auto(r3, r4, 0x0, 0x1) write$auto_tomoyo_operations_securityfs_if(0xffffffffffffffff, &(0x7f00000012c0)="0a1b9a3c3e3efd6ea3d31791840bd7886d8ea582574c58e9865c33d76e1cadd6a7b7b426b7fcdc8e357080d70b5ab848770dc8f745d1c76eedaa12b9db050000000000000030aeb5dfce3531f694dabdbc08f62cb37e5bc82e660cfd70f603b20416c7bf0e95345b899b4466bf6a70b1274b19782b41ac172a25e65be53e69c6369b67a4cbd6383a0d767d84516183587530a17dbfd83a7678c6dad9917b91c7c9de3d61af452f90cf22400c4bcbb841f7d7641b3bccd058f9f2bad31f2ce81e389e210b34f43b4a5af377a6d4353989b4e9d49b2537b0a63a5cf6ae230d1296ef8b30c6bcdf7a6edf5c3258be46ae9d15fc0417e6070000007b9a8b05b4ad586c7b72db5ae55e9d149330720a", 0x10d) ioctl$auto(r4, 0x80000001, r2) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x4000804) 1m40.637133096s ago: executing program 2 (id=2336): mmap$auto(0x0, 0x400005, 0xe2, 0x9b72, 0x2, 0x8000) r0 = openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x100) setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b) prctl$auto(0x23, 0x5, 0x2009, 0x0, 0x0) r1 = openat$auto_proc_pid_numa_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/numa_maps\x00', 0x20000, 0x0) read$auto_proc_sessionid_operations_base(r1, &(0x7f00000000c0)=""/4073, 0xfe9) ioctl$auto(r0, 0x80a86f3d, 0x38) keyctl$auto_KEY_REQKEY_DEFL_PROCESS_KEYRING(0xc, 0x2, 0x0, 0x0, 0x1) mmap$auto(0x0, 0x400408, 0xdf, 0x9b72, 0x2, 0x8000) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r3 = ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) write$auto(0x4, 0x0, 0x100082) unshare$auto(0x40000080) move_mount$auto(r3, &(0x7f00000000c0)='./file0\x00', r3, &(0x7f0000000140)='./file0\x00', 0x401) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0) vmsplice$auto(0xffffffffffffffff, 0x0, 0x6, 0x1) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sg1\x00', 0x8881, 0x0) openat$auto(r3, &(0x7f0000000180)='./file0\x00', 0x7fff, 0x7) close_range$auto(0x2, 0x8, 0x0) r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r5, &(0x7f0000004240)={0x0, 0x0, &(0x7f0000004200)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=r4, @ANYBLOB="010025bd7013fe"], 0x14}, 0x1, 0x0, 0x0, 0x40c8}, 0x4048000) shutdown$auto(r2, 0x463) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ram4\x00', 0xdd01, 0x0) 1m38.053668267s ago: executing program 2 (id=2340): io_uring_setup$auto(0x1, 0x0) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop6\x00', 0x18dd01, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1cf503, 0x0) socket(0x2, 0x801, 0x106) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x8000, 0x0) ioctl$auto(r0, 0xffffffff, r1) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) ioctl$auto(0xffffffffffffffff, 0x541c, 0xffffffffffffffff) r2 = socket(0x2, 0x1, 0x0) r3 = syz_genetlink_get_family_id$auto_ovs_flow(0x0, r2) fstat$auto(0xffffffffffffffff, &(0x7f0000000280)={0x8, 0xc, 0x5, 0x1ab8, 0x0, 0x0, 0x0, 0x5, 0x5, 0xff, 0x80, 0x5, 0x9, 0x6, 0x8, 0x7, 0x8000}) shmctl$auto_IPC_STAT(0x9, 0x2, &(0x7f0000000240)={{0x1, 0xee00, 0xee01, 0x32, 0x7c8, 0x2, 0x400}, 0xfffffff9, 0x8, 0x8, 0x7, @inferred=0xffffffffffffffff, @inferred, 0xc, 0x0, &(0x7f00000000c0)="0131542f11909472f050dd9b2c0de975ec5671948ffa1dba5643ae6d7e2cdb0eea2a00fc57a1a5411f3dd97c6be2b8de9b8070995fd7856e3be65c409af2f7117a1cc7fe46c851df38fc868f1ee415e96ed7ed249dfe298d2d6776e2fc74c698cf9ff6dce3ac97e69fc3eb", &(0x7f0000000180)}) sendmsg$auto_OVS_FLOW_CMD_NEW(r2, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000002c0)={&(0x7f0000002640)=ANY=[@ANYBLOB="802390c0", @ANYRES16=r3, @ANYBLOB="000426bd7000ffdbdf25010000000400060008000a0003000000e0110280cd004f00c8a9313682910f2d9f30bab893cba1ab2da61648e9b8bdb930d6767acc2b4e5cc9e1c69d8a6a32445972b6e8a8566aae6034c69c187d247656d78603806bd32e9852f32f4febbb7020b7b82eee8cf04028d53e6cabe4d407dbe889bbb777983d7f27fae4ba04d67e", @ANYRES32, @ANYBLOB], 0x1280}, 0x1, 0x0, 0x0, 0x24080044}, 0x4001) r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/veth1_vlan/disable_ipv6\x00', 0x82002, 0x0) r5 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000340)='/proc/sys/net/ipv6/conf/veth0_macvtap/mldv2_unsolicited_report_interval\x00', 0x0, 0x0) sendfile$auto(r4, r5, 0x0, 0x1) write$auto_tomoyo_operations_securityfs_if(0xffffffffffffffff, &(0x7f00000012c0)="0a1b9a3c3e3efd6ea3d31791840bd7886d8ea582574c58e9865c33d76e1cadd6a7b7b426b7fcdc8e357080d70b5ab848770dc8f745d1c76eedaa12b9db050000000000000030aeb5dfce3531f694dabdbc08f62cb37e5bc82e660cfd70f603b20416c7bf0e95345b899b4466bf6a70b1274b19782b41ac172a25e65be53e69c6369b67a4cbd6383a0d767d84516183587530a17dbfd83a7678c6dad9917b91c7c9de3d61af452f90cf22400c4bcbb841f7d7641b3bccd058f9f2bad31f2ce81e389e210b34f43b4a5af377a6d4353989b4e9d49b2537b0a63a5cf6ae230d1296ef8b30c6bcdf7a6edf5c3258be46ae9d15fc0417e6070000007b9a8b05b4ad586c7b72db5ae55e9d149330720a", 0x10d) ioctl$auto(r5, 0x80000001, r2) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x4000804) 1m36.982359983s ago: executing program 2 (id=2342): io_uring_setup$auto(0x1, 0x0) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop6\x00', 0x18dd01, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1cf503, 0x0) socket(0x2, 0x801, 0x106) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x8000, 0x0) ioctl$auto(r0, 0xffffffff, r1) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) ioctl$auto(0xffffffffffffffff, 0x541c, 0xffffffffffffffff) r2 = socket(0x2, 0x1, 0x0) r3 = syz_genetlink_get_family_id$auto_ovs_flow(0x0, r2) fstat$auto(0xffffffffffffffff, &(0x7f0000000280)={0x8, 0xc, 0x5, 0x1ab8, 0x0, 0x0, 0x0, 0x5, 0x5, 0xff, 0x80, 0x5, 0x9, 0x6, 0x8, 0x7, 0x8000}) shmctl$auto_IPC_STAT(0x9, 0x2, &(0x7f0000000240)={{0x1, 0xee00, 0xee01, 0x32, 0x7c8, 0x2, 0x400}, 0xfffffff9, 0x8, 0x8, 0x7, @inferred=0xffffffffffffffff, @inferred, 0xc, 0x0, &(0x7f00000000c0)="0131542f11909472f050dd9b2c0de975ec5671948ffa1dba5643ae6d7e2cdb0eea2a00fc57a1a5411f3dd97c6be2b8de9b8070995fd7856e3be65c409af2f7117a1cc7fe46c851df38fc868f1ee415e96ed7ed249dfe298d2d6776e2fc74c698cf9ff6dce3ac97e69fc3eb", &(0x7f0000000180)}) sendmsg$auto_OVS_FLOW_CMD_NEW(r2, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000002c0)={&(0x7f0000002640)=ANY=[@ANYBLOB="802390c0", @ANYRES16=r3, @ANYBLOB="000426bd7000ffdbdf25010000000400060008000a0003000000e0110280cd004f00c8a9313682910f2d9f30bab893cba1ab2da61648e9b8bdb930d6767acc2b4e5cc9e1c69d8a6a32445972b6e8a8566aae6034c69c187d247656d78603806bd32e9852f32f4febbb7020b7b82eee8cf04028d53e6cabe4d407dbe889", @ANYRES32, @ANYBLOB], 0x1280}, 0x1, 0x0, 0x0, 0x24080044}, 0x4001) r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/veth1_vlan/disable_ipv6\x00', 0x82002, 0x0) r5 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000340)='/proc/sys/net/ipv6/conf/veth0_macvtap/mldv2_unsolicited_report_interval\x00', 0x0, 0x0) sendfile$auto(r4, r5, 0x0, 0x1) write$auto_tomoyo_operations_securityfs_if(0xffffffffffffffff, &(0x7f00000012c0)="0a1b9a3c3e3efd6ea3d31791840bd7886d8ea582574c58e9865c33d76e1cadd6a7b7b426b7fcdc8e357080d70b5ab848770dc8f745d1c76eedaa12b9db050000000000000030aeb5dfce3531f694dabdbc08f62cb37e5bc82e660cfd70f603b20416c7bf0e95345b899b4466bf6a70b1274b19782b41ac172a25e65be53e69c6369b67a4cbd6383a0d767d84516183587530a17dbfd83a7678c6dad9917b91c7c9de3d61af452f90cf22400c4bcbb841f7d7641b3bccd058f9f2bad31f2ce81e389e210b34f43b4a5af377a6d4353989b4e9d49b2537b0a63a5cf6ae230d1296ef8b30c6bcdf7a6edf5c3258be46ae9d15fc0417e6070000007b9a8b05b4ad586c7b72db5ae55e9d149330720a", 0x10d) ioctl$auto(r5, 0x80000001, r2) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x4000804) 1m35.997551916s ago: executing program 2 (id=2343): mmap$auto(0x0, 0x30009, 0x4000000000df, 0x4000eb1, 0x401, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) madvise$auto(0x0, 0xffffffffffff0006, 0x17) madvise$auto(0x0, 0x400053, 0x9) syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000140), 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000440)={'veth1_to_hsr\x00', 0x0}) sendmsg$auto_OVS_VPORT_CMD_NEW(r0, &(0x7f00000006c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x40100}, 0xc, &(0x7f0000000680)={&(0x7f0000001840)=ANY=[@ANYBLOB="f8010000", @ANYRES16=0x0, @ANYBLOB="000027bd7000ffdbdf2501000000eb00050053a9837803d7437d8ec2dbd51d96ea82b646e24beddd5177524a3c45e4e77a429697d3ae47d3f7c1b8dc1ed8c71f4fce54956c60240c3ac06ec1502f207fd3ddab4e0426ee6341013d8bcc512ad4badc992777751602b90229b552a0c79bd1c11ab8e6dbc75c2da11f34bf95d6bf9a6be5337a601328fc7852df4d3372267cf63a7520210ea51b820cc2e504f7c2392f99a3fa593c46441ea7faa00b237bb64f906309a7e623ac08ccc9077b27b855374744702d49bbc4ba8feb522b4b69257a4954500ff0e9afeaa2d1c26c299d8f4ad8d2bc65a004db0e66fc7b75d4e18c0dbc812ab4925cac0008000800", @ANYRES32=r1, @ANYBLOB="ee000a8004007b00de31df467f204610397b7df264041de29517d367609b5e2d504219079db22ba831d941bdefcf053e7348a684f8bfff2ab35dc13a6f16ca12db3694839dec17102a5fab9c1ff589b490f7108648ec0500fd000000000094000b0075f24044da29e4f45b21fff34e0ab7738aa94d61054584a380ebd2c3b93e23af35892d9e050c34c9909f7b0f663896218d5b66cdebee5dae299cf30e0605a814134c087c547d21e9f630f50961e737f131d4e57d12150c1cdbdf16f1300e6626b0b4ebe609c31690c7eee5075de76303e6ff1ea39adad4639469a06ec013bd8377e1053a8a740e1aa2f5c291a801817e08004c00e00000020000"], 0x1f8}, 0x1, 0x0, 0x0, 0x8000}, 0x4000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) writev$auto(0x3, 0x0, 0x8009) syz_genetlink_get_family_id$auto_ovs_flow(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/admmidi2\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x81, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r2 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x400000000000eb1, 0x401, 0x200000000008000) r3 = openat$auto_btrfs_ctl_fops_super(0xffffffffffffff9c, &(0x7f0000003880), 0x20000, 0x0) ioctl$auto_BTRFS_IOC_FORGET_DEV(r3, 0x50009405, 0x0) r4 = syz_clone3(&(0x7f0000000380)={0x2000, 0x0, &(0x7f0000000080), &(0x7f00000000c0), {0x7}, &(0x7f0000000840)=""/4096, 0x1000, &(0x7f0000000300)=""/95, &(0x7f0000000100)=[0x0], 0x1, {r2}}, 0x58) fcntl$auto(r2, 0x400, r4) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) r5 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/locks\x00', 0x0, 0x0) r6 = open(&(0x7f0000000240)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x138) r7 = open_by_handle_at$auto(r6, &(0x7f0000000040)={0x21, 0x2, '\a\x00\x00\x00\x00\x00\x00\x00'}, 0x20401) write$auto_vhci_fops_hci_vhci(r7, &(0x7f0000000280)="437e5d123518", 0x6) read$auto_proc_iter_file_ops_compat_inode(r5, &(0x7f0000000180)=""/250, 0xfa) pread64$auto(0xffffffffffffffff, 0x0, 0x8, 0x8000) 1m35.662868375s ago: executing program 0 (id=2344): mmap$auto(0x0, 0x30009, 0x4000000000df, 0x4000eb1, 0x401, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) madvise$auto(0x0, 0xffffffffffff0006, 0x17) madvise$auto(0x0, 0x400053, 0x9) syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000140), 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000440)={'veth1_to_hsr\x00', 0x0}) sendmsg$auto_OVS_VPORT_CMD_NEW(r0, &(0x7f00000006c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x40100}, 0xc, &(0x7f0000000680)={&(0x7f0000001840)=ANY=[@ANYBLOB="f8010000", @ANYRES16=0x0, @ANYBLOB="000027bd7000ffdbdf2501000000eb00050053a9837803d7437d8ec2dbd51d96ea82b646e24beddd5177524a3c45e4e77a429697d3ae47d3f7c1b8dc1ed8c71f4fce54956c60240c3ac06ec1502f207fd3ddab4e0426ee6341013d8bcc512ad4badc992777751602b90229b552a0c79bd1c11ab8e6dbc75c2da11f34bf95d6bf9a6be5337a601328fc7852df4d3372267cf63a7520210ea51b820cc2e504f7c2392f99a3fa593c46441ea7faa00b237bb64f906309a7e623ac08ccc9077b27b855374744702d49bbc4ba8feb522b4b69257a4954500ff0e9afeaa2d1c26c299d8f4ad8d2bc65a004db0e66fc7b75d4e18c0dbc812ab4925cac0008000800", @ANYRES32=r1, @ANYBLOB="ee000a8004007b00de31df467f204610397b7df264041de29517d367609b5e2d504219079db22ba831d941bdefcf053e7348a684f8bfff2ab35dc13a6f16ca12db3694839dec17102a5fab9c1ff589b490f7108648ec0500fd000000000094000b0075f24044da29e4f45b21fff34e0ab7738aa94d61054584a380ebd2c3b93e23af35892d9e050c34c9909f7b0f663896218d5b66cdebee5dae299cf30e0605a814134c087c547d21e9f630f50961e737f131d4e57d12150c1cdbdf16f1300e6626b0b4ebe609c31690c7eee5075de76303e6ff1ea39adad4639469a06ec013bd8377e1053a8a740e1aa2f5c291a801817e08004c00e00000020000"], 0x1f8}, 0x1, 0x0, 0x0, 0x8000}, 0x4000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) writev$auto(0x3, 0x0, 0x8009) syz_genetlink_get_family_id$auto_ovs_flow(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/admmidi2\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x81, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r2 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x400000000000eb1, 0x401, 0x200000000008000) r3 = openat$auto_btrfs_ctl_fops_super(0xffffffffffffff9c, &(0x7f0000003880), 0x20000, 0x0) ioctl$auto_BTRFS_IOC_FORGET_DEV(r3, 0x50009405, 0x0) r4 = syz_clone3(&(0x7f0000000380)={0x2000, &(0x7f0000000040), 0x0, &(0x7f00000000c0), {0x7}, &(0x7f0000000840)=""/4096, 0x1000, &(0x7f0000000300)=""/95, &(0x7f0000000100)=[0x0], 0x1, {r2}}, 0x58) fcntl$auto(r2, 0x400, r4) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) r5 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/locks\x00', 0x0, 0x0) r6 = open(&(0x7f0000000240)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x138) r7 = open_by_handle_at$auto(r6, &(0x7f0000000040)={0x21, 0x2, '\a\x00\x00\x00\x00\x00\x00\x00'}, 0x20401) write$auto_vhci_fops_hci_vhci(r7, &(0x7f0000000280)="437e5d123518", 0x6) read$auto_proc_iter_file_ops_compat_inode(r5, &(0x7f0000000180)=""/250, 0xfa) pread64$auto(0xffffffffffffffff, 0x0, 0x8, 0x8000) 1m34.88101351s ago: executing program 2 (id=2346): madvise$auto(0x0, 0x2000040080000004, 0xe) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_PAUSE2(r1, 0x40044145, 0x0) syslog$auto(0x3, 0x0, 0x2001013) pwrite64$auto(0xc8, 0x0, 0xfded, 0x6) clock_getres$auto(0x4, &(0x7f0000000340)={0x6, 0x81}) mmap$auto(0x0, 0x40008, 0x1000000004, 0x9b72, 0x2, 0x8000) userfaultfd$auto(0x1) ioctl$auto(0x3, 0xc018aa3f, 0xf0b) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000180), 0x981, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d8) close_range$auto(0x0, 0xfffffffffffff001, 0x2) landlock_restrict_self$auto(0xffffffffffffffff, 0x101) socket(0x11, 0x80003, 0x300) socket(0x29, 0x5, 0x0) open(&(0x7f0000000040)='./cgroup\x00', 0x80, 0xb5d1af1605322de0) epoll_pwait2$auto(r0, &(0x7f0000000080)={0x0, 0x5}, 0x0, &(0x7f0000000200)={0x7, 0x8b0d}, &(0x7f0000000280)={0x200}, 0x8) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0x0, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000002940)='/dev/fb0\x00', 0x841, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x2242, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D3\x00', 0x1, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) 1m34.05948471s ago: executing program 0 (id=2348): mmap$auto(0x5, 0x8e, 0x8, 0x8000000000000010, 0xffffffffffffffff, 0x300000000000) socket(0xa, 0x3, 0x3b) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000048c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x890) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xcd) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000e3d9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/slab/kmalloc-64/objects\x00', 0x20000, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/block/ram1/queue/add_random\x00', 0x1a1842, 0x0) write$auto(r1, &(0x7f0000000000)='9\x00d1L\xff\x15\xba\xa17=(\xc1\xf8\xff\xff\v\xb5^\xa1/[', 0x4) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram9\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x2020009, 0x2, 0xf8, 0xfffffffffffffffa, 0x8000) write$auto(0xffffffffffffffff, &(0x7f0000000000)='//\xf2\x00', 0x80000000) ioctl$auto_BLKRRPART(r2, 0x125f, 0x0) unshare$auto(0x40000080) mmap$auto(0xfffffffffffffffa, 0xe983, 0x2, 0xeb1, 0xffffffffffffffff, 0x5fa) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x60042, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) socketpair$auto(0x1, 0x3, 0x5, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x103e81, 0x0) ioctl$auto_TCSBRKP2(r3, 0x5425, 0x0) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x0, 0x0) ioctl$auto_TCFLSH2(r4, 0x5408, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000001980)={0x38, r6, 0x1b, 0x74bd26, 0x25dfdbfd, {}, [@OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_ACTIONS={0x8, 0x3, 0x0, 0x1, [@nested={0x4, 0x6}]}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "898771f1c19f17790485908286dd"}, @OVS_PACKET_ATTR_KEY={0x4}]}, 0x38}, 0x1, 0x0, 0x0, 0x4044000}, 0x20048880) socket$nl_generic(0x10, 0x3, 0x10) 1m32.475068538s ago: executing program 0 (id=2353): io_uring_setup$auto(0x1, 0x0) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop6\x00', 0x18dd01, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1cf503, 0x0) socket(0x2, 0x801, 0x106) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x8000, 0x0) ioctl$auto(r0, 0xffffffff, r1) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) ioctl$auto(0xffffffffffffffff, 0x541c, 0xffffffffffffffff) r2 = socket(0x2, 0x1, 0x0) r3 = syz_genetlink_get_family_id$auto_ovs_flow(0x0, r2) fstat$auto(0xffffffffffffffff, &(0x7f0000000280)={0x8, 0xc, 0x5, 0x1ab8, 0x0, 0x0, 0x0, 0x5, 0x5, 0xff, 0x80, 0x5, 0x9, 0x6, 0x8, 0x7, 0x8000}) shmctl$auto_IPC_STAT(0x9, 0x2, &(0x7f0000000240)={{0x1, 0xee00, 0xee01, 0x32, 0x7c8, 0x2, 0x400}, 0xfffffff9, 0x8, 0x8, 0x7, @inferred=0xffffffffffffffff, @inferred, 0xc, 0x0, &(0x7f00000000c0)="0131542f11909472f050dd9b2c0de975ec5671948ffa1dba5643ae6d7e2cdb0eea2a00fc57a1a5411f3dd97c6be2b8de9b8070995fd7856e3be65c409af2f7117a1cc7fe46c851df38fc868f1ee415e96ed7ed249dfe298d2d6776e2fc74c698cf9ff6dce3ac97e69fc3eb", &(0x7f0000000180)}) sendmsg$auto_OVS_FLOW_CMD_NEW(r2, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000002c0)={&(0x7f0000002640)=ANY=[@ANYRES16=r3, @ANYBLOB="000426bd7000ffdbdf25010000000400060008000a0003000000e0110280cd004f00c8a9313682910f2d9f30bab893cba1ab2da61648e9b8bdb930d6767acc2b4e5cc9e1c69d8a6a32445972b6e8a8566aae6034c69c187d247656d78603806bd32e9852f32f4febbb7020b7b82eee8cf04028d53e6cabe4d407dbe889bbb777983d7f27fae4ba04d67e650900a9", @ANYRES32, @ANYBLOB], 0x1280}, 0x1, 0x0, 0x0, 0x24080044}, 0x4001) r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/veth1_vlan/disable_ipv6\x00', 0x82002, 0x0) r5 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000340)='/proc/sys/net/ipv6/conf/veth0_macvtap/mldv2_unsolicited_report_interval\x00', 0x0, 0x0) sendfile$auto(r4, r5, 0x0, 0x1) write$auto_tomoyo_operations_securityfs_if(0xffffffffffffffff, &(0x7f00000012c0)="0a1b9a3c3e3efd6ea3d31791840bd7886d8ea582574c58e9865c33d76e1cadd6a7b7b426b7fcdc8e357080d70b5ab848770dc8f745d1c76eedaa12b9db050000000000000030aeb5dfce3531f694dabdbc08f62cb37e5bc82e660cfd70f603b20416c7bf0e95345b899b4466bf6a70b1274b19782b41ac172a25e65be53e69c6369b67a4cbd6383a0d767d84516183587530a17dbfd83a7678c6dad9917b91c7c9de3d61af452f90cf22400c4bcbb841f7d7641b3bccd058f9f2bad31f2ce81e389e210b34f43b4a5af377a6d4353989b4e9d49b2537b0a63a5cf6ae230d1296ef8b30c6bcdf7a6edf5c3258be46ae9d15fc0417e6070000007b9a8b05b4ad586c7b72db5ae55e9d149330720a", 0x10d) ioctl$auto(r5, 0x80000001, r2) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x4000804) 1m31.61109114s ago: executing program 0 (id=2354): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x40008000) r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x4, 0x7) madvise$auto(0x0, 0x2000040080000004, 0xe) write$auto(0xffffffffffffffff, &(0x7f0000000040)='//\xf2\x02', 0x80000002) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002f00), 0xffffffffffffffff) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) r3 = syz_genetlink_get_family_id$auto_ncsi(&(0x7f0000000180), r0) sendmsg$auto_NCSI_CMD_SET_CHANNEL_MASK(r2, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000500)=ANY=[@ANYBLOB="04170000", @ANYRES16=r3, @ANYBLOB="000126bd7000fddbdf2506000000ac000280a700b8002f4565762f617564696f31005649a3aab13b9d4ac6c027db56d4eec2dda7ee248dc4e964030d46ecb8b15a7cff47509729cf07fb5c6e89433a84441d75b49a62cea774551477b4141d559d8ba45595332e4fab22348abb5938405a3560a46dff6217bb7fea342aa4f4b490c0bfd46dbfc715be0198d76c4497297dfa4bdf3e66b82695393d0acc5777e29c4b0c4507cad336e8cb3f28fa49e2ae2c956b3883cfc544cc00040006005104050045cfe1e10448c0cc75c696ea2e8df2bfc3bbc0e19bb35a078d2ac6273124baab76679916a4bd25a3d08c022bb963187d0300d567b169a50bf361787d4c0d98ea615d02b8185dc5af25471a1400374ced7cbc6f5ee0301fa9039112e26ebc4dffd77740739bea6648e20e3a5729e1f4b2202cddae0121e977af77bac229138b22336f33d6b26a440983f97cfc3d85c207383ed62b1b9d0abb7584e8bd4db869998c3e953c5af8ff459251313cd8c9dfc184274de650f1765eb85a918cc3fde9b82762bb1f806496fc9a3f59158d0749f219ebfef30dbb2827a3548e3a4778b7887cc8618bd81b410bf57c6b3a3d861d9abe91e1f25ce7090e67275bbc3f6b05ee073389b68409d8810a22a017e6ab87a1d386e756bbdd7c07363d246f0c1c4dda041cdcff313b74a262e9ffb057c75e4e255c854b04a42f06f791229fe70cba808af87ba77cc2e4b3de0157ae296d3ca00179df75c21205f33c9deaa52a12f69dcf3df08099c4bd0fd6e85d15879391571ad3281e4d4aa8b35340f143550638cc2679459b1cf1d3fedbde7a85700095d08039e92cef4d4ade6238d4c36c0c0e9a6684b83070b8d99aa050e2c00f6e9c50446b96bb14ec48afa9e007683041b699584f75d0b5876496ee0c0b3db035667fe14be7666637914922b8c490b19163701150c6b591f258c5581c4e74cb5458e29913d8f1953217a329f2de573ba782f0a074d7086b828a8e9eefa88335ab91c55a897eb9cc9866bed237a2198bc9ea0cf3542672efcc9583b315f6e305115c997498953dd71cb14435ebc157ad323cef489a5307cdc3b3b1bb2cf735a8c0ad72063eef804d364b86723de66ca7d3c48170e25be3bd82df7bb9d38719331cd2b959901e8c34f4cc4b399c0f8e39413f08beb3e9cddb73ee783f556baaa76e843cccfce0f704c2fdc760535cc79308ebf72d82f10189b4fc6f267c4dd5fab9f98b57d6e399609062dc2bb232517d5d6d73c885df31a57a352bbee338314a25f3d6c636fe77f19fff140da8ce34513c5799ee152199d0ab4114439fb4021574999caee87be2539baece4a41d99c2c34eee4212f5033ea9577aaf45b2eb7211a690618ee5b28f9e2e143e9307c6c801f63b82715a9ff1d629400fe2c4c3021d5bc03f7f248342e17f438d7424f3d5cbc9ad862d6246e591928a7c1a125ffddcbccfa81298dafefd7d11bd917e836a0adaeb4a690f5738a25b855a91255cd182f749808573916c13a8915b9de43943580f7d6d5369050c8a8962f35384d67569890646543ffee710b7ae50a62f552b762ef0e3448a35db9e876dbc8b7028534cfa8ec700df8b4148fa7390d102177e7f156c9c847577c5e1e9f38c488c8b9e50eb58847f0a32c7b4d2e886baf268e3883f119500bd11b68c59edaf2882d3e35e70cd8d2d84110e71a8aa34d1863210e230f00216719eb9a2c364e1e2d01e90bc8843350b8ea64203244218bfcc35ef8d7b3c1568dbe11b05e78cf4ff46e2da1e79e44040e7b1036aeacb7b9c2bcfec18546ce54bea7d92787dd4d5426b61a9200000069000500a071bc5199a0f861a75fbb6d6f5931f8327a66700a819a1ee13272093e2449c10cf0e48a8c4c2ce197023b68ec2fca28e356be3d2aafc249a592196b6f6b74686c7aedcc1af790fa999287d8feb84bccb124bc351201979d1364d4f54d24c9f093056ee8190000007d110280ccf1b636f30a610d95295493b9aab05ae7d48b702b6ad8d4d41701fb2416733c30be7fa06ac66dddd759cefcbcbfbe153103d5dd658cfe2e4e4fc04720de3a5bc4d9cac5e38ab0209aed5dda08af66d604007a7cfc096201517f7e47783c4db82fea90df555d0204c32e0d83ecae79f85404b0b1b07285771e28bf6af9818d5a25a84bbb78c3f0566ec4d1725a21f4b6cfa0fa75d555288e2ec3e24e8099c1633d6db250181cb1acc757197b1066d45bcb812bda13bd4fa087ed1b3d44eb9a1ee8236714001900fe880000000000000000000000000001af6d40f66dc5668d09028b673ba48240964cfa38384bc1197a85429853164c5a18fb6f7c3cd8ce91597008e3b2f1c009c34050295fd58b9080e6ea389c34075aa011213b6d998b887bb73b1e2f8a1a4fd0d0d32a1130ebcbf306b98ebcbd534155b630d48490f00c4e485378ee596d1d97c04111d44e31d177ae2e815f991b34cdebc90a648dfc00833e5c5c66de0ddec8b22b5266907505fe85c96f6d754f8a650ea55d5ea677d153659b368f66451b1108b98fd3f5825a425bd0bb3b27ab2474569018ceabd3b4e9794ea28ee49439a7ad6f2650f12ed2bc621adc328953e30d430fb58f02dc89efa89af85a16d058aba573d73dd2fd225af1020f8a801d25e2bd36947fd2a57358b60a4e7b3e3ee6bb4f66a19ecd81d4fd6233849ab60af24a17e618196abeca589fcf04a444fad7e7642750133e14367e893b30c608affe34730299cff1eff7ffeb5b53a51622d47597a21cd500216487330308d054475061d268703d7604e11817cfa922c12c3c5b04dad92e7de209dc1b3909afe164ce2a2dea96a58ef9e22c5f82b9f18a03f409a202cb0688a3703db4fcdcfcd0a47bbca00cf94e2250331b2f889e4cd3024eb9b45d66a47e84b22c183f66fb73f1f63cabf51769dba4e931475c4a3737300e25c6d50f5f47e7206d1864df82e342973e6bdc7daa3c9fa7ca1067ca8de2fcd95a2b6cce1f88836ae31451e6b4d2dac1ae196a454a98f4f1d92992fd845fd646b3118118e3006b66d79524bd9e935bf09283a7801cae34552fc8e45f5fad745993d20501565e5558e940c237284536dd8ec0e0750767444791b4ec34719e96467eae60219f0f5d6b3994c628d53a38d141b58d10e13b8d2a66139b3fad5294dd9c5c0aa0bcff907f665bb023c06e1c4437ca8116b2fc0f3c7ae4feecfa70eb280e7a564a6c301f79c816971feef9e4a3062bdd706591111f2879d32b67171f754c8fca1d2a39ee433ad5bd455ca0155704e989e2f7948bd3fa80912dc0689089b67dbdca669bac1c975fc8bbe3526cfef9efd1399c5c486b5fc975cabd90c10a4a6abe420e1f429d2c9380d440dd6d62e70089ca75965ad7cf7f4be04dfaeeebc968a83d3bccf3374da9e4cd2430834a9c442950c3b7b555e02637b2a133cd039e02a9f7714b81f0b74aa416e8b290829da287940433e7450084391d4ef99de18301981e48058a9e3994c377b48fc37904b443e0f44483b52144e241671420f321a7572cde62108b8d9a9835f5b745dff58375240a7ac9e81e365f5468bb4504a85f1a9454c6338ec5b515c4f4aa6e1f9b1113253b5b271f65246a3d3610cd593aa847b27187f698522b81a380ae678148b40007932e1a075b0a7edf0789dd705cdfc3b760da9d67ee348a410f2437bab6a1146259607dd97c1a19ba45e64776a0fcbbd7c140cc85205ba6719a620b7dab56630c655e535dccb532cda8422c261645672d48fa4987f00fe546533ef02a97bf801219dfb5247eaaf31b05543ea91171548897abd8226d4405b996e3cb0b6f7a80533310f24b011f1532f9e58bebad0971a71d879dcb5a526aedef29ba4cfaee46e2b63df764c7cb9147d68bd5778b85cc26e160ab5a4a460181d4c204b376c82774da12b8405371f9f7e26a11d9b2fa84cc8260d2b329e06e88999e99d3c589d522fc990ec542b2ea86638bf1eccdfc33b33499c661b32b4c3f776fe20f0fc8b829eeffb25daced6a2ff6158c04de5254bc0623ad81620b2e3f4e23ce143addf575b46f16184bed2085b1fb4d46340ceb819378d946ef143a08b42a8a4ea27d6c2169d35ff4fef3870d89bad8580d75738d4653a28e338afa8f6ebd9a3110a0275ec2d4ce4307813da6afe3c8a7a8548ae6adc6fc4d844766d76e72523799e2aaf1e4e01737ece30fc34958ee15752dbc8e7276ae1fdf81f35510664773ec37d4e73e785f6d4aa532b7e8dd1484b4a32c81afaa74440eac99b6775ad671bbb4d590dd96b58c8182f8a2b5a2c6a2b620c099bf5b02708af887e2aa73ecae7c3a8f89ff6aa5d33763fdbd81367f1cd45da71e288737475905299f152605f5a010dd27f7b84ee8a5966cb453976203b667f4968cfe8a3ff8442360e63cf4818753775f37d00ccbb8c26096fa9328777455724a3ce8fedccd60b214301f1ae958483227dcbb973f6a595170198184c5f6e92fdda85f6bb220809608bcf13c200c0d7d07bc615afe98b26a01194b2ef610d35787385f3bbd7792c24dcbe79e7e48bdb7e4462b9f79679d02acbdb6e8f33354b96c31b16537939254aa2555d5996cd93922edc6d47bd4124e9c973c8d5eb853641ce187004f7c30ec86f6d807ac4434b6456165cef3ef01c89f0ab604e7e30f3c6d3bb5b823d1863c8f8681ae351c3673f4aab2a7048f9f2b81c8365f9ab8ede1ad109c36ff25a251ede63b837a0b1b405e5b1fecff13eb4d002aea9e907a6d37be87a312992ea6174177574bd9ccdedbcfa8443eddb0f23c06caf815a67c0c1ff9c0098435ac274af9359366ed004a786fe34aae408eb8e715a0210ce8e58bfb67c0a21c4b6ab699c9dffb90948eaf131edc5abd18a08baf8d1d48f51a7361c9832a6ae3bd0ac6f1b825e76068d405490cf74f7786aa97177448182dd28b343e4b5c20718e8da2a5b6d648048b70a075223f91a6642a1aa0de64fdade20fdf67807590540705cea2bc59326d9dfedfb126f0afcb07d1b9d69c6abe80b001ce1b630b5eb2523a55d837115ded9ec98e01214d53eda406e04a86e775972462d9c5e66a58d1878583f43be70fa94bd18cd42026700980a5585a39cafbc0371d379def08cf64faacada1c55b005c594450fd15543c30941b27cecde33dfa01f98c779b2babb5c8d538d4e779b6a691e00b951f6466ddbc98aae4cb30b4af3b4aa868a0f61b920746b757fc3ca516acf8c2b2f31f0e8bc1e1d76bec6042ff47fb83469f1c679ab55dc3eb96c911c97c6eeac1005436369b7f6a5deb4b4d5ed4be465086f5f52b45e75cac47936201851bbe5b1a06f460dbe8df12bf385b0dfb74a07e1e82ab44c6e5c1235ccfa11ebaf08ce624e1d08fecb970d0bb0887287e705666e9862c6c429a9307a183083dc86db8b3628eaad81af03d0196edfa5021f382fb32d3b38a80375b8a6fdcbc0f03fd9cfbb3ac3ed3a699d41f8c78746e629e35a8b6a726bf86b191de5011d2a7046cd37cff54d7c353fb744cac7b5fe8406981bd39cb0d5f011b58b6d04e917217376d81214dd3b0456801b99c1dd9505e7fc2b9a6bb9a66035ee997cb07b32fbb578b07c3c0e21aa5f393b882e7da35911a30813a9632a8b968f918e243ac1ccc26d753efe45a444aa799c9b68edeb845888ee4810ad86ce2c3ca64927eb23a5f1e37b533d0a335bafece724c689f4ae71016251cbd2240ca9281a8f2bac8ef9bab88be5b793fc4e452944e40a4c4bc921bb910118ec48d9ab3aa28f5a268f0fc84ba635d39feb317dab1074fbab0dbc9fdab041083003965bc9500d7dff285c1c168a53ac47917b59bd739ef6d899f1ee2651c71430045d9743b9179bfe6126d41505b9965722e9040882d490f9283a8d38837885e0729fea8d4ab5e0968feb1ce6aa30b8cb8b166e165de9d45e5b5d5f0fd53eb7a1e5a35c85d3ca1acc72421ea53e2df16c51b0b5bb92362c6c8eb4df2f57b109224dcc6529458138343347ae21845d576c6c6c4e0b2c6fc203ead16599d727e9b99231a837c80436c356f98511dad49e8e895058da89595472eee850886d8ac4e63ab7c7156cbaef27f4c43aac309452b48e421a2fd6e0935ba10eb1ff127dac213f521a83e2b18516e412a7ddcba6548c4600c0410957342013caf43d440595364439b7386f89bb2bb35f68758c60a04e3db2244cf542b33eceefa61408727e60840fc77be3409908b4490abc989fe41d3edfe4945f79901e86482c4a83ae2c6d2b5c8244729b0514d5af06186eac63236211a3ba96b99595a89f134c99d76be1739e9c16cd4ba5a54e8b371ecb0ff294ec5f40ae8eab5151b29c357930a8a05d54bcd9d3a0935356ecd58206ff4d0e85578d83b9f40d3736b839efb9f5211e2d6c8e11c9782158e9255e583dabfc0524bde0c1b3c199e1cbd93ef5b0ac369e44eebf3ef25739d4876e945110f49988e69089e1029d8b289281167742bfda077d3014d1bbbe0b2b5528636c372e00b35065e9dbb71f4baf60ab4c9b9615ec43eb5a724d769a314267d615be7f80810fc891e4269e6d3613bfda2460dac74832d45ae6da4edc20ff4238899821f9b0067aaed9291c6fed9cd4d1e6049bbda18c2ce6da0a8713a9902f2e5e83c270673e079e98f792c96e4612c16579b65966ec66c9cdeaf2e814a8cde1b4b5ad90462efd5ccd5c0fa5c4244fa73cb198e5df4006f27392f9c62a99b27886b13b32d70fd33668b55ca8319c7b817a1e058f753d7125320ade7fd4a3c711c52089eabdeca943caa46fa34c7fb446745e2d7c53adfac81a7e958ddc66541df7e423deada2eff5947ac12873a6534c3dc3a8c20dcbd6b305b32683d5cf5bda2f37fba0074673e97e2ffe2b700f06368dfd436f07ba55921e1193cb561ef66a305e766ab46add3ba35cc6cfeea43140369e2bfa45773a70590983495c6e088404c0917f1a0cb1266506b12f6f7ca040fa78aaafa5d135dcc95d0bcde50470e779b3d042123dd23db72b13ee57d9b3fa228bd7c8059d724145d1672c8499f97239db061709b51a28fe1ad045ab5377ad97c8be101eb6b2fd24393f504edce898a1e94a28c9ec7ed6d717f2636639100aa4c134d95f342b2fc8ad27f7bd56621a97928cb1f2a89f92c8fca198056a4c662501ca61569f5037dfd161bb58e1ce3f8d93293d6ef88a4a08b90d40df3e18e0436124dc7efb079ccf782b647bda9338ce44b2f5c083235446cfa733cb0c7795b9e92d1cbe34b2f1fb37981f746934548ecba94f643c784e53d1d33dad21e8355fe10abd08f9598c7a95a400a47612c5a14792c5833c07c4615ba71e71eeef1efb57807b76973cd5f820b4bc4ab49503bd21a6bb62f6472fa8707c577d55bfcd830fd9bc95fd88447b2dc55530bfbfc9a8921c58d7de2f6667e43ead4034642dd304925e59de1ff1033ce6f144ed8c0145c9c26e1699658c2630a92ced23aece9d4da6fba4f6d358e16e2b9c0385676e9e77419c0766d2b4276b76963dc027d7944dfbe39e69725d7dcbd4c640d35bf12bc2a2109043fc2d83ef8725df98890ae11678f87d65eb0ded028f27da91b69fa17e93fbdc523160521c206d00e76c1d46d3d4283341a8656f253f8bd7921e4cc643d3db0957787d966aeae49f28bfb8b2bc37fced5ef482bcf95fbf94013fe01983bfa85fe8eeee074bbe27a707c250895a09a09159ff1d8797ef7cddcdb91e56f6f787b1fa70ab05e64c34cb50fb2300f090be75b89855314c3bc26663bfe01bf97a8e2763292b9131fda3f9620fe667d48c51c0125e786ffb3d8b0b58c878fe7473bc5b1af47507b46c467de53e7689f079684f5c662ee9320e8e315e0b18726d8fb92987248a84055c8375c77f89fa664f573989a818959e87fb20274251a2aa64f5a8b88260685e118019b870f3c9d9e2b0c753411066c33fd5f2c8213af43b3f32e4fc4cc215df75e560fa9c6b60d647f33ff7820a1d7a03ddb37301f3afc385c6d0c2d4715210bd44e61408335e80b52a7a699f585f082633c66d683d4bdbf9a6f577a90d3bca3a3eedacf173413e503ea35785be5632b029f24a30809533b4be45dd2ecbba79456362f77403a5cc74fc7be2adf5c0adffa589eeaa3ff4eaedf6fc271489e8e45ea91fc126b6737770ff93b14532a22a1c27a12e0a9a1f9dd7e6bfd41709af69fa77b3c07effea4397f0eca5bc70b70b12f8eba820abdc6e867c1eaf55997bd3e11b9e284c2a15b6a1cbafb8495a8d432591181c06bf272558e0100cc44bc82f845515564508cec3b8a9859d4f5f567d95c9c6bd9c48094a2cd000000"], 0x1704}, 0x1, 0x0, 0x0, 0x40001}, 0x14) openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000400)='/dev/amidi2\x00', 0x201, 0x0) mmap$auto(0x0, 0x400008, 0x803c, 0x9b72, 0xffffffffffffffff, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x407, 0x1, 0x44f, 0x7, 0x1, 0x1007181, 0x8a0d, 0x7, 0x7, 0x7, 0x89, 0x26, 0x4, 0x200000000001, 0xfffffffffffff343, 0xfffffffffffffffa, 0x500000000000000, 0x0, 0x30, 0x0, 0x864, 0xe, 0x22000, 0x9, 0x0, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x9, 0xd) r5 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) ioctl$auto__ctl_fops_dm_ioctl(r5, 0xfffffff7effffd06, &(0x7f00000001c0)) r6 = syz_genetlink_get_family_id$auto_ila(&(0x7f0000000440), 0xffffffffffffffff) sendmsg$auto_ILA_CMD_ADD(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000480)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010026bd7004feb1df25010000000c000300060000000000000044544c277b851a207336181df9183f916cbcb6e4c5cb7c2faef597a8bdd6403ef8"], 0x20}, 0x1, 0x0, 0x0, 0x20040880}, 0x4) syz_clone(0x4040400, 0x0, 0x0, 0x0, 0x0, 0x0) readv$auto(0x3, 0x0, 0x1) socket(0x2a, 0xa, 0x2000) r7 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000040), 0x81, 0x0) ioctl$auto_USB_RAW_IOCTL_VBUS_DRAW(r7, 0x4004550a, 0x0) openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptydc\x00', 0x80502, 0x0) socket(0x2c, 0x6, 0x2) 1m30.481181488s ago: executing program 0 (id=2356): io_uring_setup$auto(0x1, 0x0) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop6\x00', 0x18dd01, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1cf503, 0x0) socket(0x2, 0x801, 0x106) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x8000, 0x0) ioctl$auto(r0, 0xffffffff, r1) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) ioctl$auto(0xffffffffffffffff, 0x541c, 0xffffffffffffffff) r2 = socket(0x2, 0x1, 0x0) r3 = syz_genetlink_get_family_id$auto_ovs_flow(0x0, r2) fstat$auto(0xffffffffffffffff, &(0x7f0000000280)={0x8, 0xc, 0x5, 0x1ab8, 0x0, 0x0, 0x0, 0x5, 0x5, 0xff, 0x80, 0x5, 0x9, 0x6, 0x8, 0x7, 0x8000}) shmctl$auto_IPC_STAT(0x9, 0x2, &(0x7f0000000240)={{0x1, 0xee00, 0xee01, 0x32, 0x7c8, 0x2, 0x400}, 0xfffffff9, 0x8, 0x8, 0x7, @inferred=0xffffffffffffffff, @inferred, 0xc, 0x0, &(0x7f00000000c0)="0131542f11909472f050dd9b2c0de975ec5671948ffa1dba5643ae6d7e2cdb0eea2a00fc57a1a5411f3dd97c6be2b8de9b8070995fd7856e3be65c409af2f7117a1cc7fe46c851df38fc868f1ee415e96ed7ed249dfe298d2d6776e2fc74c698cf9ff6dce3ac97e69fc3eb", &(0x7f0000000180)}) sendmsg$auto_OVS_FLOW_CMD_NEW(r2, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000002c0)={&(0x7f0000002640)=ANY=[@ANYBLOB="802390c0", @ANYRES16=r3, @ANYBLOB="000426bd7000ffdbdf25010000000400060008000a0003000000e0110280cd004f00c8a9313682910f2d9f30bab893cba1ab2da61648e9b8bdb930d6767acc2b4e5cc9e1c69d8a6a32445972b6e8a8566aae6034c69c187d247656d78603806bd32e9852f32f4febbb7020b7b82eee8cf04028d53e6cabe4d407dbe889bbb777983d7f27fae4ba04d67e6509", @ANYRES32, @ANYBLOB], 0x1280}, 0x1, 0x0, 0x0, 0x24080044}, 0x4001) r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/veth1_vlan/disable_ipv6\x00', 0x82002, 0x0) r5 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000340)='/proc/sys/net/ipv6/conf/veth0_macvtap/mldv2_unsolicited_report_interval\x00', 0x0, 0x0) sendfile$auto(r4, r5, 0x0, 0x1) write$auto_tomoyo_operations_securityfs_if(0xffffffffffffffff, &(0x7f00000012c0)="0a1b9a3c3e3efd6ea3d31791840bd7886d8ea582574c58e9865c33d76e1cadd6a7b7b426b7fcdc8e357080d70b5ab848770dc8f745d1c76eedaa12b9db050000000000000030aeb5dfce3531f694dabdbc08f62cb37e5bc82e660cfd70f603b20416c7bf0e95345b899b4466bf6a70b1274b19782b41ac172a25e65be53e69c6369b67a4cbd6383a0d767d84516183587530a17dbfd83a7678c6dad9917b91c7c9de3d61af452f90cf22400c4bcbb841f7d7641b3bccd058f9f2bad31f2ce81e389e210b34f43b4a5af377a6d4353989b4e9d49b2537b0a63a5cf6ae230d1296ef8b30c6bcdf7a6edf5c3258be46ae9d15fc0417e6070000007b9a8b05b4ad586c7b72db5ae55e9d149330720a", 0x10d) ioctl$auto(r5, 0x80000001, r2) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x4000804) 1m30.237790819s ago: executing program 0 (id=2358): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25030000ff0000030004020000060007040080000300000000", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a0001000000000000000000060007000300000008000200", @ANYRES32=0x0, @ANYBLOB="0800030001"], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40008d0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, 0x0, 0x511200, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x4) ioctl$auto_FIDEDUPERANGE(r0, 0xc0189436, 0x8000) sysfs$auto(0x2, 0x11, 0x0) keyctl$auto(0x20, 0x72510000000, 0x69c9, 0x2, 0x6) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000004ec0)='/dev/snd/pcmC1D0p\x00', 0x2100, 0x0) r2 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0) write$auto(r2, &(0x7f0000005900)='\x00', 0x6) write$auto(0xca, 0x0, 0x2d9) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 1m25.630216596s ago: executing program 1 (id=2364): mmap$auto(0x0, 0x400005, 0xe2, 0x9b72, 0x2, 0x8000) r0 = openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) r1 = socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x100) setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b) mmap$auto(0x6, 0x2020009, 0x4, 0x95, r1, 0xfffffffffffffffe) prctl$auto(0x23, 0x5, 0x2009, 0x0, 0x0) r2 = openat$auto_proc_pid_numa_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/numa_maps\x00', 0x20000, 0x0) read$auto_proc_sessionid_operations_base(r2, &(0x7f00000000c0)=""/4073, 0xfe9) ioctl$auto(r0, 0x80a86f3d, 0x38) keyctl$auto_KEY_REQKEY_DEFL_PROCESS_KEYRING(0xc, 0x2, 0x0, 0x0, 0x1) mmap$auto(0x0, 0x400408, 0xdf, 0x9b72, 0x2, 0x8000) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r4 = ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) write$auto(0x4, 0x0, 0x100082) unshare$auto(0x40000080) move_mount$auto(r4, &(0x7f00000000c0)='./file0\x00', r4, &(0x7f0000000140)='./file0\x00', 0x401) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0) vmsplice$auto(0xffffffffffffffff, 0x0, 0x6, 0x1) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sg1\x00', 0x8881, 0x0) openat$auto(r4, &(0x7f0000000180)='./file0\x00', 0x7fff, 0x7) close_range$auto(0x2, 0x8, 0x0) r5 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r6, &(0x7f0000004240)={0x0, 0x0, &(0x7f0000004200)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=r5, @ANYBLOB="010025bd7013fe"], 0x14}, 0x1, 0x0, 0x0, 0x40c8}, 0x4048000) shutdown$auto(r3, 0x463) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ram4\x00', 0xdd01, 0x0) 1m25.110673736s ago: executing program 1 (id=2366): mmap$auto(0x5, 0x8e, 0x8, 0x8000000000000010, 0xffffffffffffffff, 0x300000000000) socket(0xa, 0x3, 0x3b) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000048c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x890) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xcd) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000e3d9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/slab/kmalloc-64/objects\x00', 0x20000, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/block/ram1/queue/add_random\x00', 0x1a1842, 0x0) write$auto(r1, &(0x7f0000000000)='9\x00d1L\xff\x15\xba\xa17=(\xc1\xf8\xff\xff\v\xb5^\xa1/[', 0x4) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram9\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x2020009, 0x2, 0xf8, 0xfffffffffffffffa, 0x8000) write$auto(0xffffffffffffffff, &(0x7f0000000000)='//\xf2\x00', 0x80000000) ioctl$auto_BLKRRPART(r2, 0x125f, 0x0) unshare$auto(0x40000080) mmap$auto(0xfffffffffffffffa, 0xe983, 0x2, 0xeb1, 0xffffffffffffffff, 0x5fa) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x60042, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x103e81, 0x0) ioctl$auto_TCSBRKP2(r3, 0x5425, 0x0) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x0, 0x0) ioctl$auto_TCFLSH2(r4, 0x5408, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_ovs_packet(0x0, 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000001980)={0x3c, r6, 0x1b, 0x74bd26, 0x25dfdbfd, {}, [@OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_ACTIONS={0xc, 0x3, 0x0, 0x1, [@nested={0x8, 0x6, 0x0, 0x1, [@generic="b14e1007"]}]}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "898771f1c19f17790485908286dd"}, @OVS_PACKET_ATTR_KEY={0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4044000}, 0x20048880) socket$nl_generic(0x10, 0x3, 0x10) 1m24.121969739s ago: executing program 1 (id=2367): mmap$auto(0x0, 0x30009, 0x4000000000df, 0x4000eb1, 0x401, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) madvise$auto(0x0, 0xffffffffffff0006, 0x17) madvise$auto(0x0, 0x400053, 0x9) syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000140), 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000440)={'veth1_to_hsr\x00', 0x0}) sendmsg$auto_OVS_VPORT_CMD_NEW(r0, &(0x7f00000006c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x40100}, 0xc, &(0x7f0000000680)={&(0x7f0000001840)=ANY=[@ANYBLOB="f8010000", @ANYRES16=0x0, @ANYBLOB="000027bd7000ffdbdf2501000000eb00050053a9837803d7437d8ec2dbd51d96ea82b646e24beddd5177524a3c45e4e77a429697d3ae47d3f7c1b8dc1ed8c71f4fce54956c60240c3ac06ec1502f207fd3ddab4e0426ee6341013d8bcc512ad4badc992777751602b90229b552a0c79bd1c11ab8e6dbc75c2da11f34bf95d6bf9a6be5337a601328fc7852df4d3372267cf63a7520210ea51b820cc2e504f7c2392f99a3fa593c46441ea7faa00b237bb64f906309a7e623ac08ccc9077b27b855374744702d49bbc4ba8feb522b4b69257a4954500ff0e9afeaa2d1c26c299d8f4ad8d2bc65a004db0e66fc7b75d4e18c0dbc812ab4925cac0008000800", @ANYRES32=r1, @ANYBLOB="ee000a8004007b00de31df467f204610397b7df264041de29517d367609b5e2d504219079db22ba831d941bdefcf053e7348a684f8bfff2ab35dc13a6f16ca12db3694839dec17102a5fab9c1ff589b490f7108648ec0500fd000000000094000b0075f24044da29e4f45b21fff34e0ab7738aa94d61054584a380ebd2c3b93e23af35892d9e050c34c9909f7b0f663896218d5b66cdebee5dae299cf30e0605a814134c087c547d21e9f630f50961e737f131d4e57d12150c1cdbdf16f1300e6626b0b4ebe609c31690c7eee5075de76303e6ff1ea39adad4639469a06ec013bd8377e1053a8a740e1aa2f5c291a801817e08004c00e00000020000"], 0x1f8}, 0x1, 0x0, 0x0, 0x8000}, 0x4000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) writev$auto(0x3, 0x0, 0x8009) syz_genetlink_get_family_id$auto_ovs_flow(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/admmidi2\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x81, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r2 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x400000000000eb1, 0x401, 0x200000000008000) r3 = openat$auto_btrfs_ctl_fops_super(0xffffffffffffff9c, &(0x7f0000003880), 0x20000, 0x0) ioctl$auto_BTRFS_IOC_FORGET_DEV(r3, 0x50009405, 0x0) r4 = syz_clone3(&(0x7f0000000380)={0x2000, &(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0), {0x7}, 0x0, 0x0, &(0x7f0000000300)=""/95, &(0x7f0000000100)=[0x0], 0x1, {r2}}, 0x58) fcntl$auto(r2, 0x400, r4) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) r5 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/locks\x00', 0x0, 0x0) r6 = open(&(0x7f0000000240)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x138) r7 = open_by_handle_at$auto(r6, &(0x7f0000000040)={0x21, 0x2, '\a\x00\x00\x00\x00\x00\x00\x00'}, 0x20401) write$auto_vhci_fops_hci_vhci(r7, &(0x7f0000000280)="437e5d123518", 0x6) read$auto_proc_iter_file_ops_compat_inode(r5, &(0x7f0000000180)=""/250, 0xfa) pread64$auto(0xffffffffffffffff, 0x0, 0x8, 0x8000) 1m22.642567728s ago: executing program 1 (id=2370): socket(0xa, 0x1, 0x84) mmap$auto(0xffffffffffffffff, 0x5, 0x2, 0xeb1, 0x8000000000000024, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x59, &(0x7f0000000100)={0x6, 0xd, 0xfffffffe, 0x6, 0x7fff, 0x0, 0xffffffffffffffff, [0x0, 0x3, 0x400], {0x4, 0x10001, 0xb, 0x2de, 0x504, 0x1, 0x101, 0x6, 0x6}, {0xfff7ffff, 0x2, 0x52, 0x5b, 0x10001, 0x40, 0x76c5, 0x8, 0x8000000000000000}}) r0 = getpid() ptrace$auto(0x9, r0, 0x5, 0x2) process_vm_readv$auto(r0, &(0x7f0000000000)={0x0, 0xfff}, 0x800000001, &(0x7f0000000280)={&(0x7f0000000080), 0x1ffffffff}, 0x6, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000001fc0), r1) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000004440), 0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_NEW(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000004540)={&(0x7f0000000140)={0x2c, r4, 0x1, 0x70bd2b, 0x25dfdbff, {}, [@OVS_DP_ATTR_IFINDEX={0x8}, @OVS_DP_ATTR_USER_FEATURES={0x8, 0x5, 0x6}, @OVS_DP_ATTR_UPCALL_PID={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10}, 0x2000000) sendmsg$auto_OVS_VPORT_CMD_DEL(r1, &(0x7f0000003780)={0x0, 0x0, &(0x7f0000003740)={&(0x7f0000000400)={0x18, r2, 0x1, 0x70bd28, 0x25dfdbff, {}, [@OVS_VPORT_ATTR_UPCALL_STATS={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x24004000}, 0xc008) r5 = socket(0xa, 0x2, 0x3a) setsockopt$auto(r5, 0x29, 0x40, 0x0, 0x110) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) r6 = socket(0xa, 0x3, 0x3c) ioctl$auto_USBDEVFS_SUBMITURB32(0xffffffffffffffff, 0x802c550a, &(0x7f0000000180)=ANY=[@ANYBLOB="030800000100000000000000810500ff56000000100000ffff5a830478606ea50b957e7883cc2b0f17b2c1ff248800000001000000020000000000000004000000000000"]) connect$auto(r1, &(0x7f00000018c0)=@tipc=@nameseq={0x1e, 0x1, 0x2, {0x41, 0x4, 0x1}}, 0x55) write$auto(r6, &(0x7f0000000080)='+&\xc9I\xaar\x1c\xbb\xde\ah\x15,\xeb|\x85\xe8\x97Z\xc30\xae}\xa1\x17K(\x80]]\x8d\xb5\xeb-\x9d\xc1\xceU\xbb_\xcf\xe8#U\xd0_|\x15f\x92\xaa\x9f\xa0l}7z#u\xf6\xd1\xe1\x8d\x05=w\xf1\xb9K\xf4\\\a\xdf\x87\xbb\x03d6\xe1\x14\xb1|\x98\x82$\xf3\xb2\xcf\xb7\x7f\xf8f*/\xc2\x82\x8c2\x8d^\x10\xc6\x1cs', 0x857) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) close_range$auto(0x0, 0xfffffffffffff000, 0x2) eventfd$auto(0x4) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer2\x00', 0x402, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0xfffffffd, 0x5, 0xffffffff, 0x0) unshare$auto(0x40000080) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd) socket$nl_generic(0x10, 0x3, 0x10) 1m22.015984234s ago: executing program 1 (id=2372): write$auto(0x3, 0x0, 0xffd8) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f00000001c0), 0xffffffffffffffff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000540)='/proc/sys/kernel/kexec_load_limit_panic\x00', 0x840141, 0x0) write$auto_proc_sys_file_operations_proc_sysctl(r2, 0x0, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0) read$auto(r3, 0x0, 0x20) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) landlock_create_ruleset$auto(0x0, 0x4, 0xfffffffd) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f00000003c0), 0x785000, 0x0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000740)=ANY=[], 0x404}, 0x1, 0x0, 0x0, 0x801}, 0x4044820) ioctl$auto_FS_IOC_GETFLAGS(r3, 0x80086601, 0x3) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x130) mmap$auto(0x455, 0x400, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/platform/dummy_udc.1/udc/dummy_udc.1/is_selfpowered\x00', 0x80500, 0x0) read$auto(r4, 0x0, 0x20) open(&(0x7f00000000c0)='./file0\x00', 0x40000, 0x31) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) rename$auto(&(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='./file0\x00') r5 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card0\x00', 0x0, 0x0) ioctl$auto(r5, 0x64cd, r5) open(&(0x7f0000000040)='./file0\x00', 0x1e9e02, 0x61) socket(0x2d, 0x2, 0x0) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/virtual/mac80211_hwsim/hwsim1/ieee80211/phy1/rfkill3/name\x00', 0x8d40, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r6, &(0x7f0000000040)=""/203, 0xcb) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="7a2c0c6619825c38c48a130bbd020e3d509ea6ba5a70403c8a637a6fa51141bbac9536e0093c714cfb8b2c3fcf6abc8e3cfee9e54ae789508a22e1a59f46ba0422b67f17647454c962899db9e243", @ANYRES16=r8, @ANYBLOB="01002dbd7000f9dbdf250100000006000200000000000500070080000000080009000100000008000a000800000014001f0000000000000000000000ffff0000003f14002000fe80000000000000000000000000003a"], 0x5c}, 0x1, 0x0, 0x0, 0x40000}, 0x400c004) 1m21.935067137s ago: executing program 1 (id=2373): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25030000ff0000030004020000060007040080000300000000", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a0001000000000000000000060007000300000008000200", @ANYRES32=0x0, @ANYBLOB="0800030001"], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40008d0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, 0x0, 0x511200, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x4) ioctl$auto_FIDEDUPERANGE(r0, 0xc0189436, 0x8000) sysfs$auto(0x2, 0x11, 0x0) keyctl$auto(0x20, 0x72510000000, 0x69c9, 0x2, 0x6) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000004ec0)='/dev/snd/pcmC1D0p\x00', 0x2100, 0x0) r2 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0) write$auto(r2, &(0x7f0000005900)='\x00', 0x6) write$auto(0xca, &(0x7f0000000040)='\x04>\x01\r\xfb\xff\xf6OL\xc8\xbe\x94\xf2\xa2\x00\x00', 0x2d9) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 1m15.117734699s ago: executing program 33 (id=2358): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25030000ff0000030004020000060007040080000300000000", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a0001000000000000000000060007000300000008000200", @ANYRES32=0x0, @ANYBLOB="0800030001"], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40008d0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, 0x0, 0x511200, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x4) ioctl$auto_FIDEDUPERANGE(r0, 0xc0189436, 0x8000) sysfs$auto(0x2, 0x11, 0x0) keyctl$auto(0x20, 0x72510000000, 0x69c9, 0x2, 0x6) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000004ec0)='/dev/snd/pcmC1D0p\x00', 0x2100, 0x0) r2 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0) write$auto(r2, &(0x7f0000005900)='\x00', 0x6) write$auto(0xca, 0x0, 0x2d9) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 1m6.816550833s ago: executing program 34 (id=2373): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25030000ff0000030004020000060007040080000300000000", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a0001000000000000000000060007000300000008000200", @ANYRES32=0x0, @ANYBLOB="0800030001"], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40008d0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, 0x0, 0x511200, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x4) ioctl$auto_FIDEDUPERANGE(r0, 0xc0189436, 0x8000) sysfs$auto(0x2, 0x11, 0x0) keyctl$auto(0x20, 0x72510000000, 0x69c9, 0x2, 0x6) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000004ec0)='/dev/snd/pcmC1D0p\x00', 0x2100, 0x0) r2 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0) write$auto(r2, &(0x7f0000005900)='\x00', 0x6) write$auto(0xca, &(0x7f0000000040)='\x04>\x01\r\xfb\xff\xf6OL\xc8\xbe\x94\xf2\xa2\x00\x00', 0x2d9) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 2.335106886s ago: executing program 4 (id=2507): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x40008000) r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x4, 0x7) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r1, &(0x7f0000000040)='//\xf2\x02', 0x80000002) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002f00), 0xffffffffffffffff) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, 0x0, 0x100000a3d9) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) r4 = syz_genetlink_get_family_id$auto_ncsi(&(0x7f0000000180), r0) sendmsg$auto_NCSI_CMD_SET_CHANNEL_MASK(r3, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000500)=ANY=[@ANYBLOB="04170000", @ANYRES16=r4, @ANYBLOB="000126bd7000fddbdf2506000000ac000280a700b8002f4565762f617564696f31005649a3aab13b9d4ac6c027db56d4eec2dda7ee248dc4e964030d46ecb8b15a7cff47509729cf07fb5c6e89433a84441d75b49a62cea774551477b4141d559d8ba45595332e4fab22348abb5938405a3560a46dff6217bb7fea342aa4f4b490c0bfd46dbfc715be0198d76c4497297dfa4bdf3e66b82695393d0acc5777e29c4b0c4507cad336e8cb3f28fa49e2ae2c956b3883cfc544cc00040006005104050045cfe1e10448c0cc75c696ea2e8df2bfc3bbc0e19bb35a078d2ac6273124baab76679916a4bd25a3d08c022bb963187d0300d567b169a50bf361787d4c0d98ea615d02b8185dc5af25471a1400374ced7cbc6f5ee0301fa9039112e26ebc4dffd77740739bea6648e20e3a5729e1f4b2202cddae0121e977af77bac229138b22336f33d6b26a440983f97cfc3d85c207383ed62b1b9d0abb7584e8bd4db869998c3e953c5af8ff459251313cd8c9dfc184274de650f1765eb85a918cc3fde9b82762bb1f806496fc9a3f59158d0749f219ebfef30dbb2827a3548e3a4778b7887cc8618bd81b410bf57c6b3a3d861d9abe91e1f25ce7090e67275bbc3f6b05ee073389b68409d8810a22a017e6ab87a1d386e756bbdd7c07363d246f0c1c4dda041cdcff313b74a262e9ffb057c75e4e255c854b04a42f06f791229fe70cba808af87ba77cc2e4b3de0157ae296d3ca00179df75c21205f33c9deaa52a12f69dcf3df08099c4bd0fd6e85d15879391571ad3281e4d4aa8b35340f143550638cc2679459b1cf1d3fedbde7a85700095d08039e92cef4d4ade6238d4c36c0c0e9a6684b83070b8d99aa050e2c00f6e9c50446b96bb14ec48afa9e007683041b699584f75d0b5876496ee0c0b3db035667fe14be7666637914922b8c490b19163701150c6b591f258c5581c4e74cb5458e29913d8f1953217a329f2de573ba782f0a074d7086b828a8e9eefa88335ab91c55a897eb9cc9866bed237a2198bc9ea0cf3542672efcc9583b315f6e305115c997498953dd71cb14435ebc157ad323cef489a5307cdc3b3b1bb2cf735a8c0ad72063eef804d364b86723de66ca7d3c48170e25be3bd82df7bb9d38719331cd2b959901e8c34f4cc4b399c0f8e39413f08beb3e9cddb73ee783f556baaa76e843cccfce0f704c2fdc760535cc79308ebf72d82f10189b4fc6f267c4dd5fab9f98b57d6e399609062dc2bb232517d5d6d73c885df31a57a352bbee338314a25f3d6c636fe77f19fff140da8ce34513c5799ee152199d0ab4114439fb4021574999caee87be2539baece4a41d99c2c34eee4212f5033ea9577aaf45b2eb7211a690618ee5b28f9e2e143e9307c6c801f63b82715a9ff1d629400fe2c4c3021d5bc03f7f248342e17f438d7424f3d5cbc9ad862d6246e591928a7c1a125ffddcbccfa81298dafefd7d11bd917e836a0adaeb4a690f5738a25b855a91255cd182f749808573916c13a8915b9de43943580f7d6d5369050c8a8962f35384d67569890646543ffee710b7ae50a62f552b762ef0e3448a35db9e876dbc8b7028534cfa8ec700df8b4148fa7390d102177e7f156c9c847577c5e1e9f38c488c8b9e50eb58847f0a32c7b4d2e886baf268e3883f119500bd11b68c59edaf2882d3e35e70cd8d2d84110e71a8aa34d1863210e230f00216719eb9a2c364e1e2d01e90bc8843350b8ea64203244218bfcc35ef8d7b3c1568dbe11b05e78cf4ff46e2da1e79e44040e7b1036aeacb7b9c2bcfec18546ce54bea7d92787dd4d5426b61a9200000069000500a071bc5199a0f861a75fbb6d6f5931f8327a66700a819a1ee13272093e2449c10cf0e48a8c4c2ce197023b68ec2fca28e356be3d2aafc249a592196b6f6b74686c7aedcc1af790fa999287d8feb84bccb124bc351201979d1364d4f54d24c9f093056ee8190000007d110280ccf1b636f30a610d95295493b9aab05ae7d48b702b6ad8d4d41701fb2416733c30be7fa06ac66dddd759cefcbcbfbe153103d5dd658cfe2e4e4fc04720de3a5bc4d9cac5e38ab0209aed5dda08af66d604007a7cfc096201517f7e47783c4db82fea90df555d0204c32e0d83ecae79f85404b0b1b07285771e28bf6af9818d5a25a84bbb78c3f0566ec4d1725a21f4b6cfa0fa75d555288e2ec3e24e8099c1633d6db250181cb1acc757197b1066d45bcb812bda13bd4fa087ed1b3d44eb9a1ee8236714001900fe880000000000000000000000000001af6d40f66dc5668d09028b673ba48240964cfa38384bc1197a85429853164c5a18fb6f7c3cd8ce91597008e3b2f1c009c34050295fd58b9080e6ea389c34075aa011213b6d998b887bb73b1e2f8a1a4fd0d0d32a1130ebcbf306b98ebcbd534155b630d48490f00c4e485378ee596d1d97c04111d44e31d177ae2e815f991b34cdebc90a648dfc00833e5c5c66de0ddec8b22b5266907505fe85c96f6d754f8a650ea55d5ea677d153659b368f66451b1108b98fd3f5825a425bd0bb3b27ab2474569018ceabd3b4e9794ea28ee49439a7ad6f2650f12ed2bc621adc328953e30d430fb58f02dc89efa89af85a16d058aba573d73dd2fd225af1020f8a801d25e2bd36947fd2a57358b60a4e7b3e3ee6bb4f66a19ecd81d4fd6233849ab60af24a17e618196abeca589fcf04a444fad7e7642750133e14367e893b30c608affe34730299cff1eff7ffeb5b53a51622d47597a21cd500216487330308d054475061d268703d7604e11817cfa922c12c3c5b04dad92e7de209dc1b3909afe164ce2a2dea96a58ef9e22c5f82b9f18a03f409a202cb0688a3703db4fcdcfcd0a47bbca00cf94e2250331b2f889e4cd3024eb9b45d66a47e84b22c183f66fb73f1f63cabf51769dba4e931475c4a3737300e25c6d50f5f47e7206d1864df82e342973e6bdc7daa3c9fa7ca1067ca8de2fcd95a2b6cce1f88836ae31451e6b4d2dac1ae196a454a98f4f1d92992fd845fd646b3118118e3006b66d79524bd9e935bf09283a7801cae34552fc8e45f5fad745993d20501565e5558e940c237284536dd8ec0e0750767444791b4ec34719e96467eae60219f0f5d6b3994c628d53a38d141b58d10e13b8d2a66139b3fad5294dd9c5c0aa0bcff907f665bb023c06e1c4437ca8116b2fc0f3c7ae4feecfa70eb280e7a564a6c301f79c816971feef9e4a3062bdd706591111f2879d32b67171f754c8fca1d2a39ee433ad5bd455ca0155704e989e2f7948bd3fa80912dc0689089b67dbdca669bac1c975fc8bbe3526cfef9efd1399c5c486b5fc975cabd90c10a4a6abe420e1f429d2c9380d440dd6d62e70089ca75965ad7cf7f4be04dfaeeebc968a83d3bccf3374da9e4cd2430834a9c442950c3b7b555e02637b2a133cd039e02a9f7714b81f0b74aa416e8b290829da287940433e7450084391d4ef99de18301981e48058a9e3994c377b48fc37904b443e0f44483b52144e241671420f321a7572cde62108b8d9a9835f5b745dff58375240a7ac9e81e365f5468bb4504a85f1a9454c6338ec5b515c4f4aa6e1f9b1113253b5b271f65246a3d3610cd593aa847b27187f698522b81a380ae678148b40007932e1a075b0a7edf0789dd705cdfc3b760da9d67ee348a410f2437bab6a1146259607dd97c1a19ba45e64776a0fcbbd7c140cc85205ba6719a620b7dab56630c655e535dccb532cda8422c261645672d48fa4987f00fe546533ef02a97bf801219dfb5247eaaf31b05543ea91171548897abd8226d4405b996e3cb0b6f7a80533310f24b011f1532f9e58bebad0971a71d879dcb5a526aedef29ba4cfaee46e2b63df764c7cb9147d68bd5778b85cc26e160ab5a4a460181d4c204b376c82774da12b8405371f9f7e26a11d9b2fa84cc8260d2b329e06e88999e99d3c589d522fc990ec542b2ea86638bf1eccdfc33b33499c661b32b4c3f776fe20f0fc8b829eeffb25daced6a2ff6158c04de5254bc0623ad81620b2e3f4e23ce143addf575b46f16184bed2085b1fb4d46340ceb819378d946ef143a08b42a8a4ea27d6c2169d35ff4fef3870d89bad8580d75738d4653a28e338afa8f6ebd9a3110a0275ec2d4ce4307813da6afe3c8a7a8548ae6adc6fc4d844766d76e72523799e2aaf1e4e01737ece30fc34958ee15752dbc8e7276ae1fdf81f35510664773ec37d4e73e785f6d4aa532b7e8dd1484b4a32c81afaa74440eac99b6775ad671bbb4d590dd96b58c8182f8a2b5a2c6a2b620c099bf5b02708af887e2aa73ecae7c3a8f89ff6aa5d33763fdbd81367f1cd45da71e288737475905299f152605f5a010dd27f7b84ee8a5966cb453976203b667f4968cfe8a3ff8442360e63cf4818753775f37d00ccbb8c26096fa9328777455724a3ce8fedccd60b214301f1ae958483227dcbb973f6a595170198184c5f6e92fdda85f6bb220809608bcf13c200c0d7d07bc615afe98b26a01194b2ef610d35787385f3bbd7792c24dcbe79e7e48bdb7e4462b9f79679d02acbdb6e8f33354b96c31b16537939254aa2555d5996cd93922edc6d47bd4124e9c973c8d5eb853641ce187004f7c30ec86f6d807ac4434b6456165cef3ef01c89f0ab604e7e30f3c6d3bb5b823d1863c8f8681ae351c3673f4aab2a7048f9f2b81c8365f9ab8ede1ad109c36ff25a251ede63b837a0b1b405e5b1fecff13eb4d002aea9e907a6d37be87a312992ea6174177574bd9ccdedbcfa8443eddb0f23c06caf815a67c0c1ff9c0098435ac274af9359366ed004a786fe34aae408eb8e715a0210ce8e58bfb67c0a21c4b6ab699c9dffb90948eaf131edc5abd18a08baf8d1d48f51a7361c9832a6ae3bd0ac6f1b825e76068d405490cf74f7786aa97177448182dd28b343e4b5c20718e8da2a5b6d648048b70a075223f91a6642a1aa0de64fdade20fdf67807590540705cea2bc59326d9dfedfb126f0afcb07d1b9d69c6abe80b001ce1b630b5eb2523a55d837115ded9ec98e01214d53eda406e04a86e775972462d9c5e66a58d1878583f43be70fa94bd18cd42026700980a5585a39cafbc0371d379def08cf64faacada1c55b005c594450fd15543c30941b27cecde33dfa01f98c779b2babb5c8d538d4e779b6a691e00b951f6466ddbc98aae4cb30b4af3b4aa868a0f61b920746b757fc3ca516acf8c2b2f31f0e8bc1e1d76bec6042ff47fb83469f1c679ab55dc3eb96c911c97c6eeac1005436369b7f6a5deb4b4d5ed4be465086f5f52b45e75cac47936201851bbe5b1a06f460dbe8df12bf385b0dfb74a07e1e82ab44c6e5c1235ccfa11ebaf08ce624e1d08fecb970d0bb0887287e705666e9862c6c429a9307a183083dc86db8b3628eaad81af03d0196edfa5021f382fb32d3b38a80375b8a6fdcbc0f03fd9cfbb3ac3ed3a699d41f8c78746e629e35a8b6a726bf86b191de5011d2a7046cd37cff54d7c353fb744cac7b5fe8406981bd39cb0d5f011b58b6d04e917217376d81214dd3b0456801b99c1dd9505e7fc2b9a6bb9a66035ee997cb07b32fbb578b07c3c0e21aa5f393b882e7da35911a30813a9632a8b968f918e243ac1ccc26d753efe45a444aa799c9b68edeb845888ee4810ad86ce2c3ca64927eb23a5f1e37b533d0a335bafece724c689f4ae71016251cbd2240ca9281a8f2bac8ef9bab88be5b793fc4e452944e40a4c4bc921bb910118ec48d9ab3aa28f5a268f0fc84ba635d39feb317dab1074fbab0dbc9fdab041083003965bc9500d7dff285c1c168a53ac47917b59bd739ef6d899f1ee2651c71430045d9743b9179bfe6126d41505b9965722e9040882d490f9283a8d38837885e0729fea8d4ab5e0968feb1ce6aa30b8cb8b166e165de9d45e5b5d5f0fd53eb7a1e5a35c85d3ca1acc72421ea53e2df16c51b0b5bb92362c6c8eb4df2f57b109224dcc6529458138343347ae21845d576c6c6c4e0b2c6fc203ead16599d727e9b99231a837c80436c356f98511dad49e8e895058da89595472eee850886d8ac4e63ab7c7156cbaef27f4c43aac309452b48e421a2fd6e0935ba10eb1ff127dac213f521a83e2b18516e412a7ddcba6548c4600c0410957342013caf43d440595364439b7386f89bb2bb35f68758c60a04e3db2244cf542b33eceefa61408727e60840fc77be3409908b4490abc989fe41d3edfe4945f79901e86482c4a83ae2c6d2b5c8244729b0514d5af06186eac63236211a3ba96b99595a89f134c99d76be1739e9c16cd4ba5a54e8b371ecb0ff294ec5f40ae8eab5151b29c357930a8a05d54bcd9d3a0935356ecd58206ff4d0e85578d83b9f40d3736b839efb9f5211e2d6c8e11c9782158e9255e583dabfc0524bde0c1b3c199e1cbd93ef5b0ac369e44eebf3ef25739d4876e945110f49988e69089e1029d8b289281167742bfda077d3014d1bbbe0b2b5528636c372e00b35065e9dbb71f4baf60ab4c9b9615ec43eb5a724d769a314267d615be7f80810fc891e4269e6d3613bfda2460dac74832d45ae6da4edc20ff4238899821f9b0067aaed9291c6fed9cd4d1e6049bbda18c2ce6da0a8713a9902f2e5e83c270673e079e98f792c96e4612c16579b65966ec66c9cdeaf2e814a8cde1b4b5ad90462efd5ccd5c0fa5c4244fa73cb198e5df4006f27392f9c62a99b27886b13b32d70fd33668b55ca8319c7b817a1e058f753d7125320ade7fd4a3c711c52089eabdeca943caa46fa34c7fb446745e2d7c53adfac81a7e958ddc66541df7e423deada2eff5947ac12873a6534c3dc3a8c20dcbd6b305b32683d5cf5bda2f37fba0074673e97e2ffe2b700f06368dfd436f07ba55921e1193cb561ef66a305e766ab46add3ba35cc6cfeea43140369e2bfa45773a70590983495c6e088404c0917f1a0cb1266506b12f6f7ca040fa78aaafa5d135dcc95d0bcde50470e779b3d042123dd23db72b13ee57d9b3fa228bd7c8059d724145d1672c8499f97239db061709b51a28fe1ad045ab5377ad97c8be101eb6b2fd24393f504edce898a1e94a28c9ec7ed6d717f2636639100aa4c134d95f342b2fc8ad27f7bd56621a97928cb1f2a89f92c8fca198056a4c662501ca61569f5037dfd161bb58e1ce3f8d93293d6ef88a4a08b90d40df3e18e0436124dc7efb079ccf782b647bda9338ce44b2f5c083235446cfa733cb0c7795b9e92d1cbe34b2f1fb37981f746934548ecba94f643c784e53d1d33dad21e8355fe10abd08f9598c7a95a400a47612c5a14792c5833c07c4615ba71e71eeef1efb57807b76973cd5f820b4bc4ab49503bd21a6bb62f6472fa8707c577d55bfcd830fd9bc95fd88447b2dc55530bfbfc9a8921c58d7de2f6667e43ead4034642dd304925e59de1ff1033ce6f144ed8c0145c9c26e1699658c2630a92ced23aece9d4da6fba4f6d358e16e2b9c0385676e9e77419c0766d2b4276b76963dc027d7944dfbe39e69725d7dcbd4c640d35bf12bc2a2109043fc2d83ef8725df98890ae11678f87d65eb0ded028f27da91b69fa17e93fbdc523160521c206d00e76c1d46d3d4283341a8656f253f8bd7921e4cc643d3db0957787d966aeae49f28bfb8b2bc37fced5ef482bcf95fbf94013fe01983bfa85fe8eeee074bbe27a707c250895a09a09159ff1d8797ef7cddcdb91e56f6f787b1fa70ab05e64c34cb50fb2300f090be75b89855314c3bc26663bfe01bf97a8e2763292b9131fda3f9620fe667d48c51c0125e786ffb3d8b0b58c878fe7473bc5b1af47507b46c467de53e7689f079684f5c662ee9320e8e315e0b18726d8fb92987248a84055c8375c77f89fa664f573989a818959e87fb20274251a2aa64f5a8b88260685e118019b870f3c9d9e2b0c753411066c33fd5f2c8213af43b3f32e4fc4cc215df75e560fa9c6b60d647f33ff7820a1d7a03ddb37301f3afc385c6d0c2d4715210bd44e61408335e80b52a7a699f585f082633c66d683d4bdbf9a6f577a90d3bca3a3eedacf173413e503ea35785be5632b029f24a30809533b4be45dd2ecbba79456362f77403a5cc74fc7be2adf5c0adffa589eeaa3ff4eaedf6fc271489e8e45ea91fc126b6737770ff93b14532a22a1c27a12e0a9a1f9dd7e6bfd41709af69fa77b3c07effea4397f0eca5bc70b70b12f8eba820abdc6e867c1eaf55997bd3e11b9e284c2a15b6a1cbafb8495a8d432591181c06bf272558e0100cc44bc82f845515564508cec3b8a9859d4f5f567d95c9c6bd9c48094a2cd000000"], 0x1704}, 0x1, 0x0, 0x0, 0x40001}, 0x14) openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000400)='/dev/amidi2\x00', 0x201, 0x0) mmap$auto(0x0, 0x400008, 0x803c, 0x9b72, 0xffffffffffffffff, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x407, 0x1, 0x44f, 0x7, 0x1, 0x1007181, 0x8a0d, 0x7, 0x7, 0x7, 0x89, 0x26, 0x4, 0x200000000001, 0xfffffffffffff343, 0xfffffffffffffffa, 0x500000000000000, 0x0, 0x30, 0x0, 0x864, 0xe, 0x22000, 0x9, 0x0, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x9, 0xd) r6 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) ioctl$auto__ctl_fops_dm_ioctl(r6, 0xfffffff7effffd06, &(0x7f00000001c0)) r7 = syz_genetlink_get_family_id$auto_ila(&(0x7f0000000440), 0xffffffffffffffff) sendmsg$auto_ILA_CMD_ADD(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000480)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010026bd7004feb1df25010000000c000300060000000000000044544c277b851a207336181df9183f916cbcb6e4c5cb7c2faef597a8bdd6403ef8"], 0x20}, 0x1, 0x0, 0x0, 0x20040880}, 0x4) syz_clone(0x4040400, 0x0, 0x0, 0x0, 0x0, 0x0) readv$auto(0x3, 0x0, 0x1) socket(0x2a, 0xa, 0x2000) r8 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000040), 0x81, 0x0) ioctl$auto_USB_RAW_IOCTL_VBUS_DRAW(r8, 0x4004550a, 0x0) openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptydc\x00', 0x80502, 0x0) socket(0x2c, 0x6, 0x2) 1.149737321s ago: executing program 4 (id=2508): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/usbcore/parameters/quirks\x00', 0xc0202, 0x0) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x20000, 0x0) read$auto(r1, 0x0, 0x20) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r2 = socket(0xa, 0x801, 0x84) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sysinfo$auto(0x0) setsockopt$auto(r2, 0x10000000084, 0x0, 0x0, 0x10) r3 = socket(0x11, 0x3, 0x9) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48}) sendmmsg$auto(r3, &(0x7f0000000640)={{&(0x7f0000000000), 0x5ab, &(0x7f0000000100)={&(0x7f00000007c0)="4c030000000000002106000000000000005f6bba44181041", 0x49}, 0x6, 0x0, 0x5, 0x1}, 0x6}, 0x2, 0x100) writev$auto(r0, &(0x7f0000000200)={0x0, 0x3}, 0x3) r4 = accept$auto(r1, 0x0, 0x0) ioctl$auto_NS_GET_NSTYPE(r4, 0xb703, 0x0) connect$auto(r1, 0x0, 0x64) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7114}, 0x8) 1.083169s ago: executing program 4 (id=2509): mmap$auto(0x0, 0x400005, 0xe2, 0x9b72, 0x2, 0x8000) r0 = openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) r1 = socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x100) setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b) mmap$auto(0x6, 0x2020009, 0x4, 0x95, r1, 0xfffffffffffffffe) prctl$auto(0x23, 0x5, 0x2009, 0x0, 0x0) r2 = openat$auto_proc_pid_numa_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/numa_maps\x00', 0x20000, 0x0) read$auto_proc_sessionid_operations_base(r2, &(0x7f00000000c0)=""/4073, 0xfe9) ioctl$auto(r0, 0x80a86f3d, 0x38) keyctl$auto_KEY_REQKEY_DEFL_PROCESS_KEYRING(0xc, 0x2, 0x0, 0x0, 0x1) mmap$auto(0x0, 0x400408, 0xdf, 0x9b72, 0x2, 0x8000) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r4 = ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) write$auto(0x4, 0x0, 0x100082) unshare$auto(0x40000080) move_mount$auto(r4, 0x0, r4, &(0x7f0000000140)='./file0\x00', 0x401) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0) vmsplice$auto(0xffffffffffffffff, 0x0, 0x6, 0x1) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sg1\x00', 0x8881, 0x0) openat$auto(r4, &(0x7f0000000180)='./file0\x00', 0x7fff, 0x7) close_range$auto(0x2, 0x8, 0x0) r5 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r6, &(0x7f0000004240)={0x0, 0x0, &(0x7f0000004200)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=r5, @ANYBLOB="010025bd7013fe"], 0x14}, 0x1, 0x0, 0x0, 0x40c8}, 0x4048000) shutdown$auto(r3, 0x463) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ram4\x00', 0xdd01, 0x0) 722.561077ms ago: executing program 4 (id=2510): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x20881, 0x0) ioctl$auto_EVIOCGRAB(r0, 0x40044590, 0x0) r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x10b402, 0x0) pread64$auto(r1, 0x0, 0x800003, 0x270) syz_genetlink_get_family_id$auto_ovs_vport(0x0, 0xffffffffffffffff) r2 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x600080, 0x0) socket(0x2, 0x3, 0x1) r3 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r4, &(0x7f0000004240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)={0x1c, r3, 0x1, 0x70bd25, 0x25dfdbfc, {}, [@HWSIM_ATTR_CHANNELS={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40c8}, 0x4048000) r5 = openat$auto_evm_xattr_ops_evm_secfs(0xffffffffffffff9c, &(0x7f0000000080), 0x100401, 0x0) write$auto_evm_xattr_ops_evm_secfs(r5, &(0x7f00000000c0)='.', 0x1) connect$auto(0x3, &(0x7f0000000000)=@in={0x2, 0x0, @empty}, 0x20055) ioctl$auto(0xc8, 0x400454ce, 0x5c8d) setsockopt$auto(0x3, 0x0, 0x28, 0xfffffffffffffffc, 0x70) readv$auto(0x10, &(0x7f0000000040)={&(0x7f0000000000), 0xf}, 0xbb) write$auto_mtd_fops_mtdchar(r2, &(0x7f0000000440)="df", 0x1) mmap$auto(0x0, 0x3, 0x3, 0xfffffffffffffffd, 0xfffffffffffffffa, 0x8000) bind$auto(0xffffffffffffffff, &(0x7f0000000000)=@llc={0x1a, 0x110, 0x2, 0x9, 0x4, 0x0, @remote}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r6 = pidfd_open$auto(0x1, 0x0) move_mount$auto(0xffffffffffffffff, 0x0, r6, 0x0, 0x273) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="588d2400", @ANYRES16=0x0, @ANYBLOB="000326bd7000fddbdf2502000000080027000800000005001900050000"], 0x24}, 0x1, 0x0, 0x0, 0x40814}, 0x24008000) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYRES64=r1, @ANYBLOB=' \x00\''], 0x1ac}}, 0x40000) 571.785098ms ago: executing program 4 (id=2511): mmap$auto(0x8000000010008000, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0xa, 0x801, 0x84) unshare$auto(0x40000080) prctl$auto(0x3e, 0x1, 0xffffffffffffffff, 0x1, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, 0x0, 0x2000, 0x0) r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0xc0000, 0x0) mmap$auto(0x0, 0x2a, 0xdf, 0x9b72, 0x1000, 0x28000) lsm_list_modules$auto(0x0, 0x0, 0x0) open(0x0, 0x14927f, 0x0) socket(0x25, 0x1, 0x3) close_range$auto(0x2, 0xa, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/platform/vhci_hcd.0/usbip_debug\x00', 0x8002, 0x0) openat$auto_ctl_device_fops_user(0xffffffffffffff9c, &(0x7f0000000100), 0x420a02, 0x0) write$auto(0x3, 0x0, 0x70) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r1, 0x4b45, r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000400)={0x14, r0, 0x1, 0x70bd2d, 0x25dfdbfc}, 0x14}, 0x1, 0x68, 0x0, 0x4000000}, 0x0) r3 = io_uring_setup$auto(0x1, 0x0) futex$auto(0x0, 0x4, 0x6, 0x0, 0x0, 0xffffffd8) r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/net/tcp\x00', 0x181800, 0x0) read$auto(r4, &(0x7f0000000100)='^$\x00', 0x1) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000003180), 0xffffffffffffffff) arch_prctl$auto_ARCH_GET_XCOMP_GUEST_PERM(0x1024, 0x7fffffffffffffff) syz_genetlink_get_family_id$auto_taskstats(&(0x7f0000000000), r3) tkill$auto(0x1, 0x7) 131.696158ms ago: executing program 4 (id=2512): mmap$auto(0x0, 0x400005, 0xe2, 0x9b72, 0x2, 0x8000) r0 = openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) r1 = socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x100) setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b) mmap$auto(0x6, 0x2020009, 0x4, 0x95, r1, 0xfffffffffffffffe) prctl$auto(0x23, 0x5, 0x2009, 0x0, 0x0) r2 = openat$auto_proc_pid_numa_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/numa_maps\x00', 0x20000, 0x0) read$auto_proc_sessionid_operations_base(r2, &(0x7f00000000c0)=""/4073, 0xfe9) ioctl$auto(r0, 0x80a86f3d, 0x38) keyctl$auto_KEY_REQKEY_DEFL_PROCESS_KEYRING(0xc, 0x2, 0x0, 0x0, 0x1) mmap$auto(0x0, 0x400408, 0xdf, 0x9b72, 0x2, 0x8000) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r4 = ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) write$auto(0x4, 0x0, 0x100082) unshare$auto(0x40000080) move_mount$auto(r4, 0x0, r4, &(0x7f0000000140)='./file0\x00', 0x401) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0) vmsplice$auto(0xffffffffffffffff, 0x0, 0x6, 0x1) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sg1\x00', 0x8881, 0x0) openat$auto(r4, &(0x7f0000000180)='./file0\x00', 0x7fff, 0x7) close_range$auto(0x2, 0x8, 0x0) r5 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r6, &(0x7f0000004240)={0x0, 0x0, &(0x7f0000004200)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=r5, @ANYBLOB="010025bd7013fe"], 0x14}, 0x1, 0x0, 0x0, 0x40c8}, 0x4048000) shutdown$auto(r3, 0x463) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ram4\x00', 0xdd01, 0x0) 0s ago: executing program 35 (id=2512): mmap$auto(0x0, 0x400005, 0xe2, 0x9b72, 0x2, 0x8000) r0 = openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) r1 = socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x100) setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b) mmap$auto(0x6, 0x2020009, 0x4, 0x95, r1, 0xfffffffffffffffe) prctl$auto(0x23, 0x5, 0x2009, 0x0, 0x0) r2 = openat$auto_proc_pid_numa_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/numa_maps\x00', 0x20000, 0x0) read$auto_proc_sessionid_operations_base(r2, &(0x7f00000000c0)=""/4073, 0xfe9) ioctl$auto(r0, 0x80a86f3d, 0x38) keyctl$auto_KEY_REQKEY_DEFL_PROCESS_KEYRING(0xc, 0x2, 0x0, 0x0, 0x1) mmap$auto(0x0, 0x400408, 0xdf, 0x9b72, 0x2, 0x8000) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r4 = ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) write$auto(0x4, 0x0, 0x100082) unshare$auto(0x40000080) move_mount$auto(r4, 0x0, r4, &(0x7f0000000140)='./file0\x00', 0x401) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0) vmsplice$auto(0xffffffffffffffff, 0x0, 0x6, 0x1) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sg1\x00', 0x8881, 0x0) openat$auto(r4, &(0x7f0000000180)='./file0\x00', 0x7fff, 0x7) close_range$auto(0x2, 0x8, 0x0) r5 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r6, &(0x7f0000004240)={0x0, 0x0, &(0x7f0000004200)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=r5, @ANYBLOB="010025bd7013fe"], 0x14}, 0x1, 0x0, 0x0, 0x40c8}, 0x4048000) shutdown$auto(r3, 0x463) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ram4\x00', 0xdd01, 0x0) kernel console output (not intermixed with test programs): iled: -4 [ 287.026363][ T9036] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 287.400330][ T52] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 287.400365][ T52] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 287.415398][ T52] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 287.415421][ T52] Bluetooth: hci0: adv larger than maximum supported [ 287.422595][ T52] Bluetooth: hci0: Unknown advertising packet type: 0x72 [ 287.429433][ T52] Bluetooth: hci0: Unknown advertising packet type: 0x7e [ 287.436464][ T52] Bluetooth: hci0: Malformed LE Event: 0x0d [ 288.948274][ T52] Bluetooth: hci0: command 0x0c1a tx timeout [ 289.038091][ T52] Bluetooth: hci1: command 0x040f tx timeout [ 289.044262][ T52] Bluetooth: hci3: command 0x0c1a tx timeout [ 289.050478][ T52] Bluetooth: hci2: command 0x0c1a tx timeout [ 290.195905][ T5845] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 290.195942][ T5845] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 290.213012][ T5845] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 290.213048][ T5845] Bluetooth: hci2: adv larger than maximum supported [ 290.221067][ T5845] Bluetooth: hci2: Unknown advertising packet type: 0x72 [ 290.227784][ T5845] Bluetooth: hci2: Unknown advertising packet type: 0x7e [ 290.238191][ T5845] Bluetooth: hci2: Malformed LE Event: 0x0d [ 295.146697][ T9171] random: crng reseeded on system resumption [ 295.376746][ T9163] : Can't lookup blockdev [ 298.251900][ T9223] futex_wake_op: syz.1.701 tries to shift op by -2048; fix this program [ 298.293783][ T9223] 0x000000000001-0x000000020000 : "" [ 298.376745][ T9223] ftl_cs: FTL header corrupt! [ 299.427941][ T9251] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 299.615932][ T9251] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 299.622304][ T9251] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 299.628498][ T9251] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 301.509117][ T5845] Bluetooth: hci0: command 0x0c1a tx timeout [ 301.668284][ T5845] Bluetooth: hci1: command 0x040f tx timeout [ 301.675468][ T5845] Bluetooth: hci3: command 0x0c1a tx timeout [ 301.681541][ T5845] Bluetooth: hci2: command 0x0c1a tx timeout [ 301.864318][ T9291] netlink: 16 bytes leftover after parsing attributes in process `syz.2.716'. [ 302.108910][ T52] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 302.108951][ T52] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 302.124905][ T52] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 302.124938][ T52] Bluetooth: hci0: adv larger than maximum supported [ 302.134983][ T52] Bluetooth: hci0: Unknown advertising packet type: 0x72 [ 302.141862][ T52] Bluetooth: hci0: Unknown advertising packet type: 0x7e [ 302.149150][ T52] Bluetooth: hci0: Malformed LE Event: 0x0d [ 303.439595][ T52] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 303.439635][ T52] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 303.455544][ T52] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 303.455600][ T52] Bluetooth: hci1: adv larger than maximum supported [ 303.462969][ T52] Bluetooth: hci1: Unknown advertising packet type: 0x72 [ 303.478089][ T52] Bluetooth: hci1: Unknown advertising packet type: 0x7e [ 303.485274][ T52] Bluetooth: hci1: Malformed LE Event: 0x0d [ 306.212058][ T9339] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 306.236867][ T9339] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 306.258783][ T9339] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 306.301094][ T9339] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 308.228261][ T52] Bluetooth: hci0: command 0x0c1a tx timeout [ 308.308739][ T52] Bluetooth: hci1: command 0x040f tx timeout [ 308.308758][ T5845] Bluetooth: hci3: command 0x0c1a tx timeout [ 308.308799][ T5845] Bluetooth: hci2: command 0x0c1a tx timeout [ 309.452796][ T9395] netlink: 40 bytes leftover after parsing attributes in process `syz.4.741'. [ 315.099333][ T9463] netlink: 40 bytes leftover after parsing attributes in process `syz.2.751'. [ 321.158409][ T9504] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 321.166931][ T9504] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 321.217604][ T9504] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 321.254141][ T9504] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 321.332568][ T9519] netlink: 40 bytes leftover after parsing attributes in process `syz.1.763'. [ 322.394506][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.413799][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 323.104407][ T9538] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 323.153838][ T9538] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 323.162400][ T9538] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 323.173334][ T9538] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 324.159369][ T9551] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 324.168582][ T9551] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 324.186697][ T9551] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 324.204374][ T9551] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 324.738336][ T9560] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 324.749877][ T9560] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 324.770564][ T9560] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 324.788358][ T9560] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 325.297307][ T5845] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 325.297345][ T5845] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 325.312584][ T5845] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 325.312617][ T5845] Bluetooth: hci2: adv larger than maximum supported [ 325.319955][ T5845] Bluetooth: hci2: Unknown advertising packet type: 0x72 [ 325.326669][ T5845] Bluetooth: hci2: Unknown advertising packet type: 0x7e [ 325.334080][ T5845] Bluetooth: hci2: Malformed LE Event: 0x0d [ 325.718879][ T9576] netlink: 40 bytes leftover after parsing attributes in process `syz.0.778'. [ 326.309384][ T9582] netlink: 40 bytes leftover after parsing attributes in process `syz.2.780'. [ 326.798187][ T5845] Bluetooth: hci3: command 0x0c1a tx timeout [ 326.805092][ T5831] Bluetooth: hci2: command 0x0c1a tx timeout [ 326.811362][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout [ 326.870338][ T52] Bluetooth: hci1: command 0x040f tx timeout [ 328.786002][ T9618] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 328.878348][ T9618] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 328.884516][ T9618] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 328.925561][ T9618] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 329.568717][ T5845] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 329.569030][ T5845] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 329.584086][ T5845] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 329.584122][ T5845] Bluetooth: hci0: adv larger than maximum supported [ 329.591413][ T5845] Bluetooth: hci0: Unknown advertising packet type: 0x72 [ 329.598178][ T5845] Bluetooth: hci0: Unknown advertising packet type: 0x7e [ 329.607191][ T5845] Bluetooth: hci0: Malformed LE Event: 0x0d [ 330.788920][ T5845] Bluetooth: hci0: command 0x0c1a tx timeout [ 330.948234][ T5845] Bluetooth: hci1: command 0x040f tx timeout [ 330.958715][ T5845] Bluetooth: hci3: command 0x0c1a tx timeout [ 330.964859][ T5845] Bluetooth: hci2: command 0x0c1a tx timeout [ 333.037219][ T9679] netlink: 40 bytes leftover after parsing attributes in process `syz.0.803'. [ 336.917371][ T5845] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 336.917410][ T5845] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 336.935825][ T5845] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 336.935858][ T5845] Bluetooth: hci3: adv larger than maximum supported [ 336.947097][ T5845] Bluetooth: hci3: Unknown advertising packet type: 0x72 [ 336.954079][ T5845] Bluetooth: hci3: Unknown advertising packet type: 0x7e [ 336.961522][ T5845] Bluetooth: hci3: Malformed LE Event: 0x0d [ 344.443467][ T9815] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 344.455133][ T9815] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 344.478546][ T9815] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 344.506187][ T9815] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 346.470077][ T5845] Bluetooth: hci2: command 0x0c1a tx timeout [ 346.470111][ T52] Bluetooth: hci0: command 0x0c1a tx timeout [ 346.548161][ T52] Bluetooth: hci1: command 0x040f tx timeout [ 346.548173][ T5845] Bluetooth: hci3: command 0x0c1a tx timeout [ 346.637933][ T52] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 346.638054][ T52] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 346.653049][ T52] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 346.653081][ T52] Bluetooth: hci2: adv larger than maximum supported [ 346.660583][ T52] Bluetooth: hci2: Unknown advertising packet type: 0x72 [ 346.667676][ T52] Bluetooth: hci2: Malformed LE Event: 0x0d [ 350.836021][ T52] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 350.836050][ T52] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 350.851507][ T52] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 350.851539][ T52] Bluetooth: hci0: adv larger than maximum supported [ 350.859035][ T52] Bluetooth: hci0: Unknown advertising packet type: 0x72 [ 350.866006][ T52] Bluetooth: hci0: Malformed LE Event: 0x0d [ 355.247166][ T52] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 355.247209][ T52] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 355.263015][ T52] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 355.263051][ T52] Bluetooth: hci0: adv larger than maximum supported [ 355.270209][ T52] Bluetooth: hci0: Unknown advertising packet type: 0x72 [ 355.276941][ T52] Bluetooth: hci0: Malformed LE Event: 0x0d [ 358.300074][ T9995] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 358.306244][ T9995] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 358.315327][ T9995] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 358.325296][ T9995] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 360.398101][ T5845] Bluetooth: hci1: command 0x040f tx timeout [ 360.398201][ T52] Bluetooth: hci3: command 0x0c1a tx timeout [ 360.404152][ T5845] Bluetooth: hci2: command 0x0c1a tx timeout [ 360.410345][ T52] Bluetooth: hci0: command 0x0c1a tx timeout [ 360.487370][T10019] netlink: 40 bytes leftover after parsing attributes in process `syz.4.871'. [ 362.167699][T10040] netlink: 40 bytes leftover after parsing attributes in process `syz.4.876'. [ 372.521782][T10145] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(6) [ 375.793635][T10180] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 375.799783][T10180] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 375.805967][T10180] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 375.812742][T10180] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 376.528394][T10197] netlink: 40 bytes leftover after parsing attributes in process `syz.2.911'. [ 377.588400][ T5838] Bluetooth: hci0: command 0x0c1a tx timeout [ 377.838304][ T5838] Bluetooth: hci1: command 0x040f tx timeout [ 377.844372][ T5838] Bluetooth: hci3: command 0x0c1a tx timeout [ 377.850736][ T52] Bluetooth: hci2: command 0x0c1a tx timeout [ 380.440668][T10235] netlink: 40 bytes leftover after parsing attributes in process `syz.2.921'. [ 383.835436][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 383.866724][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 388.444452][T10306] netlink: 40 bytes leftover after parsing attributes in process `syz.4.933'. [ 388.578235][T10301] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 388.606199][T10301] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 388.632478][T10301] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 388.645316][T10301] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 390.631829][ T5845] Bluetooth: hci0: command 0x0c1a tx timeout [ 390.638673][ T5838] Bluetooth: hci2: command 0x0c1a tx timeout [ 390.709394][ T5838] Bluetooth: hci1: command 0x040f tx timeout [ 390.715513][ T5845] Bluetooth: hci3: command 0x0c1a tx timeout [ 392.976390][T10363] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 393.012166][T10372] netlink: 40 bytes leftover after parsing attributes in process `syz.2.946'. [ 393.046406][T10363] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 393.084597][T10363] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 393.129806][T10363] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 395.041808][ T5845] Bluetooth: hci0: command 0x0c1a tx timeout [ 395.118544][ T5845] Bluetooth: hci3: command 0x0c1a tx timeout [ 395.124583][ T5845] Bluetooth: hci2: command 0x0c1a tx timeout [ 395.188259][ T5838] Bluetooth: hci1: command 0x040f tx timeout [ 397.496785][T10428] netlink: 40 bytes leftover after parsing attributes in process `syz.4.956'. [ 397.666331][T10430] netlink: 40 bytes leftover after parsing attributes in process `syz.2.957'. [ 401.307239][ T5838] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 401.307278][ T5838] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 401.322695][ T5838] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 401.322726][ T5838] Bluetooth: hci1: adv larger than maximum supported [ 401.330096][ T5838] Bluetooth: hci1: Unknown advertising packet type: 0x72 [ 401.337644][ T5838] Bluetooth: hci1: Malformed LE Event: 0x0d [ 401.619138][T10473] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(6) [ 402.912360][ T5838] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 402.912401][ T5838] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 402.928128][ T5838] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 402.928161][ T5838] Bluetooth: hci1: adv larger than maximum supported [ 402.935207][ T5838] Bluetooth: hci1: Unknown advertising packet type: 0x72 [ 402.942304][ T5838] Bluetooth: hci1: Unknown advertising packet type: 0x7e [ 402.950009][ T5838] Bluetooth: hci1: Malformed LE Event: 0x0d [ 404.508426][T10517] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 404.519871][T10517] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 404.572816][T10517] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 404.632482][T10517] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 406.555868][ T5838] Bluetooth: hci2: command 0x0c1a tx timeout [ 406.555909][ T5845] Bluetooth: hci0: command 0x0c1a tx timeout [ 406.636532][ T5845] Bluetooth: hci3: command 0x0c1a tx timeout [ 406.709156][ T5845] Bluetooth: hci1: command 0x040f tx timeout [ 409.120389][T10576] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 409.128323][T10576] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 409.157786][T10576] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 409.169679][T10576] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 411.188423][ T5845] Bluetooth: hci1: command 0x040f tx timeout [ 411.194511][ T5845] Bluetooth: hci3: command 0x0c1a tx timeout [ 411.199188][ T52] Bluetooth: hci2: command 0x0c1a tx timeout [ 411.200645][ T5845] Bluetooth: hci0: command 0x0c1a tx timeout [ 412.275339][T10619] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 412.282553][T10619] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 412.328290][T10619] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 412.375633][T10619] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 414.308138][ T5845] Bluetooth: hci2: command 0x0c1a tx timeout [ 414.314182][ T52] Bluetooth: hci0: command 0x0c1a tx timeout [ 414.388208][ T52] Bluetooth: hci3: command 0x0c1a tx timeout [ 414.394289][ T5845] Bluetooth: hci1: command 0x040f tx timeout [ 414.993427][T10676] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1004'. [ 418.803476][T10732] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 418.816413][T10732] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 418.907630][T10732] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 418.917597][T10732] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 419.253117][ T5845] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 419.253157][ T5845] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 419.277384][ T5845] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 419.277421][ T5845] Bluetooth: hci0: adv larger than maximum supported [ 419.285604][ T5845] Bluetooth: hci0: Unknown advertising packet type: 0x72 [ 419.292654][ T5845] Bluetooth: hci0: Malformed LE Event: 0x0d [ 420.868129][ T5845] Bluetooth: hci2: command 0x0c1a tx timeout [ 420.874196][ T5845] Bluetooth: hci0: command 0x0c1a tx timeout [ 420.950711][ T5845] Bluetooth: hci1: command 0x040f tx timeout [ 420.950744][ T52] Bluetooth: hci3: command 0x0c1a tx timeout [ 428.289777][T10844] Console: switching to colour VGA+ 80x25 [ 428.757914][T10843] Console: switching to colour frame buffer device 128x48 [ 428.848244][T10847] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 428.848447][T10847] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 428.848552][T10847] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 428.848657][T10847] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 430.872668][ T5845] Bluetooth: hci1: command 0x040f tx timeout [ 430.872783][ T5831] Bluetooth: hci2: command 0x0c1a tx timeout [ 430.879066][ T5845] Bluetooth: hci0: command 0x0c1a tx timeout [ 430.899483][ T52] Bluetooth: hci3: command 0x0c1a tx timeout [ 431.146179][ T52] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 431.146217][ T52] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 431.164925][ T52] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 431.164958][ T52] Bluetooth: hci3: adv larger than maximum supported [ 431.172340][ T52] Bluetooth: hci3: Unknown advertising packet type: 0x72 [ 431.179251][ T52] Bluetooth: hci3: Unknown advertising packet type: 0x7e [ 431.186331][ T52] Bluetooth: hci3: Malformed LE Event: 0x0d [ 434.135822][ T52] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 434.135861][ T52] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 434.151452][ T52] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 434.151475][ T52] Bluetooth: hci1: adv larger than maximum supported [ 434.158526][ T52] Bluetooth: hci1: Unknown advertising packet type: 0x72 [ 434.168229][ T52] Bluetooth: hci1: Unknown advertising packet type: 0x7e [ 434.175312][ T52] Bluetooth: hci1: Malformed LE Event: 0x0d [ 437.468749][T10961] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 437.488942][T10961] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 437.495658][T10961] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 437.502191][T10961] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 439.404724][ T52] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 439.404763][ T52] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 439.422800][ T52] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 439.422857][ T52] Bluetooth: hci0: adv larger than maximum supported [ 439.433455][ T52] Bluetooth: hci0: Unknown advertising packet type: 0x72 [ 439.440435][ T52] Bluetooth: hci0: Malformed LE Event: 0x0d [ 439.509863][ T52] Bluetooth: hci3: command 0x0c1a tx timeout [ 439.515991][ T5831] Bluetooth: hci2: command 0x0c1a tx timeout [ 439.527047][ T5838] Bluetooth: hci0: command 0x0c1a tx timeout [ 439.598185][ T52] Bluetooth: hci1: command 0x040f tx timeout [ 442.754315][T11061] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 442.761691][T11061] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 442.815900][T11061] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 442.874908][T11061] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 444.788185][ T52] Bluetooth: hci2: command 0x0c1a tx timeout [ 444.794308][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout [ 444.868075][ T52] Bluetooth: hci3: command 0x0c1a tx timeout [ 444.948237][ T52] Bluetooth: hci1: command 0x040f tx timeout [ 445.271581][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 445.278305][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 449.662538][ T5831] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 449.662564][ T5831] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 449.678885][ T5831] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 449.678908][ T5831] Bluetooth: hci3: adv larger than maximum supported [ 449.685936][ T5831] Bluetooth: hci3: Unknown advertising packet type: 0x72 [ 449.692746][ T5831] Bluetooth: hci3: Unknown advertising packet type: 0x7e [ 449.699874][ T5831] Bluetooth: hci3: Malformed LE Event: 0x0d [ 449.941956][T11168] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1105'. [ 452.349388][T11190] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 452.363178][T11190] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 452.372913][T11190] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 452.382704][T11190] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 453.148642][ T5831] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 453.148668][ T5831] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 453.164540][ T5831] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 453.164561][ T5831] Bluetooth: hci3: adv larger than maximum supported [ 453.175132][ T5831] Bluetooth: hci3: Unknown advertising packet type: 0x72 [ 453.182998][ T5831] Bluetooth: hci3: Unknown advertising packet type: 0x7e [ 453.190385][ T5831] Bluetooth: hci3: Malformed LE Event: 0x0d [ 454.273557][T11221] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1116'. [ 454.396737][ T5831] Bluetooth: hci1: command 0x040f tx timeout [ 454.403314][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout [ 454.410046][ T52] Bluetooth: hci2: command 0x0c1a tx timeout [ 454.416090][ T52] Bluetooth: hci0: command 0x0c1a tx timeout [ 463.448423][T11316] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 463.457103][T11316] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 463.491588][T11316] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 463.501667][T11316] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 465.508648][ T5838] Bluetooth: hci1: command 0x040f tx timeout [ 465.515338][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout [ 465.515375][ T52] Bluetooth: hci2: command 0x0c1a tx timeout [ 465.522055][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout [ 467.626273][T11377] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1148'. [ 472.649710][ T5831] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 472.649739][ T5831] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 472.664762][ T5831] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 472.664783][ T5831] Bluetooth: hci2: adv larger than maximum supported [ 472.672012][ T5831] Bluetooth: hci2: Unknown advertising packet type: 0x72 [ 472.678758][ T5831] Bluetooth: hci2: Malformed LE Event: 0x0d [ 476.636289][ T5831] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 476.636316][ T5831] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 476.658176][ T5831] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 476.658212][ T5831] Bluetooth: hci3: adv larger than maximum supported [ 476.684367][ T5831] Bluetooth: hci3: Unknown advertising packet type: 0x72 [ 476.691348][ T5831] Bluetooth: hci3: Malformed LE Event: 0x0d [ 477.352672][T11508] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 477.508391][T11508] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 477.514574][T11508] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 477.529100][T11508] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 479.348396][ T5838] Bluetooth: hci0: command 0x0c1a tx timeout [ 479.588134][ T5838] Bluetooth: hci1: command 0x040f tx timeout [ 479.596317][T11352] Bluetooth: hci2: command 0x0c1a tx timeout [ 479.602489][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout [ 480.353256][ T1142] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm kworker/u8:6: bg 2: bad block bitmap checksum [ 480.420521][ T1142] EXT4-fs (sda1): Delayed block allocation failed for inode 2033 at logical offset 924 with max blocks 5 with error 74 [ 480.526400][ T1142] EXT4-fs (sda1): This should not happen!! Data will be lost [ 480.526400][ T1142] [ 481.673008][T11562] Console: switching to colour VGA+ 80x25 [ 482.169159][T11559] Console: switching to colour frame buffer device 128x48 [ 484.407295][T11591] Console: switching to colour VGA+ 80x25 [ 484.707508][T11591] Console: switching to colour frame buffer device 128x48 [ 486.783866][T11619] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 486.817761][T11619] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 486.861605][T11619] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 486.902121][T11619] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 487.134339][ T5831] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 487.134377][ T5831] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 487.149863][ T5831] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 487.149897][ T5831] Bluetooth: hci3: adv larger than maximum supported [ 487.158710][ T5831] Bluetooth: hci3: Unknown advertising packet type: 0x72 [ 487.165517][ T5831] Bluetooth: hci3: Unknown advertising packet type: 0x7e [ 487.173036][ T5831] Bluetooth: hci3: Malformed LE Event: 0x0d [ 487.894512][T11651] Console: switching to colour VGA+ 80x25 [ 488.133825][T11647] Console: switching to colour frame buffer device 128x48 [ 488.788269][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout [ 488.868391][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout [ 488.874492][T11352] Bluetooth: hci2: command 0x0c1a tx timeout [ 488.951820][T11352] Bluetooth: hci1: command 0x040f tx timeout [ 493.038117][T11352] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 493.038151][T11352] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 493.053525][T11352] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 493.053556][T11352] Bluetooth: hci1: adv larger than maximum supported [ 493.061118][T11352] Bluetooth: hci1: Unknown advertising packet type: 0x72 [ 493.067892][T11352] Bluetooth: hci1: Unknown advertising packet type: 0x7e [ 493.078086][T11352] Bluetooth: hci1: Malformed LE Event: 0x0d [ 493.690740][T11736] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 493.697557][T11736] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 493.711612][T11736] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 493.731017][T11736] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 495.128531][T11770] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 495.134663][T11770] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 495.151570][T11770] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 495.204371][T11770] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 497.188388][T11352] Bluetooth: hci3: command 0x0c1a tx timeout [ 497.194610][ T5831] Bluetooth: hci2: command 0x0c1a tx timeout [ 497.200876][ T5838] Bluetooth: hci0: command 0x0c1a tx timeout [ 497.268084][T11352] Bluetooth: hci1: command 0x040f tx timeout [ 497.880222][T11803] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1238'. [ 498.378696][T11813] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 498.504315][T11813] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 498.618920][T11813] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 498.682093][T11813] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 500.388161][T11352] Bluetooth: hci0: command 0x0c1a tx timeout [ 500.548217][T11352] Bluetooth: hci2: command 0x0c1a tx timeout [ 500.628079][T11352] Bluetooth: hci3: command 0x0c1a tx timeout [ 500.708177][T11352] Bluetooth: hci1: command 0x040f tx timeout [ 505.230826][T11894] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 505.246450][T11894] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 505.325277][T11894] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 505.355540][T11894] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 505.743343][T11905] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1262'. [ 506.716516][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 506.723742][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 507.268293][T11352] Bluetooth: hci2: command 0x0c1a tx timeout [ 507.268305][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout [ 507.358328][T11352] Bluetooth: hci3: command 0x0c1a tx timeout [ 507.431395][ T5831] Bluetooth: hci1: command 0x040f tx timeout [ 508.409192][T11942] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 508.415452][T11942] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 508.425726][T11942] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 508.454147][T11942] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 510.468295][T11352] Bluetooth: hci1: command 0x040f tx timeout [ 510.474427][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout [ 510.480478][ T5831] Bluetooth: hci2: command 0x0c1a tx timeout [ 510.488098][T11352] Bluetooth: hci0: command 0x0c1a tx timeout [ 511.973639][T11986] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1280'. [ 512.116899][T11988] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 512.124828][T11988] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 512.132195][T11988] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 512.139744][T11988] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 512.193004][T11990] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1281'. [ 514.029448][T12021] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 514.043553][T12021] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 514.049969][T12021] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 514.089770][T12021] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 515.299822][T12040] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 515.306285][T12040] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 515.342619][T12040] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 515.358331][T12040] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 516.301952][T12054] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1295'. [ 517.348413][ T5838] Bluetooth: hci3: command 0x0c1a tx timeout [ 517.351746][ T5831] Bluetooth: hci2: command 0x0c1a tx timeout [ 517.354465][ T5838] Bluetooth: hci0: command 0x0c1a tx timeout [ 517.428270][ T5838] Bluetooth: hci1: command 0x040f tx timeout [ 517.610250][ T5838] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 517.610289][ T5838] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 517.625572][ T5838] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 517.625603][ T5838] Bluetooth: hci2: adv larger than maximum supported [ 517.632963][ T5838] Bluetooth: hci2: Unknown advertising packet type: 0x72 [ 517.640049][ T5838] Bluetooth: hci2: Unknown advertising packet type: 0x7e [ 517.647099][ T5838] Bluetooth: hci2: Malformed LE Event: 0x0d [ 521.538184][ T5838] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 521.538224][ T5838] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 521.553068][ T5838] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 521.553093][ T5838] Bluetooth: hci1: adv larger than maximum supported [ 521.563229][ T5838] Bluetooth: hci1: Unknown advertising packet type: 0x72 [ 521.570045][ T5838] Bluetooth: hci1: Unknown advertising packet type: 0x7e [ 521.577117][ T5838] Bluetooth: hci1: Malformed LE Event: 0x0d [ 534.686914][ T5838] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 534.686953][ T5838] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 534.701932][ T5838] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 534.701955][ T5838] Bluetooth: hci3: adv larger than maximum supported [ 534.709225][ T5838] Bluetooth: hci3: Unknown advertising packet type: 0x72 [ 534.716269][ T5838] Bluetooth: hci3: Unknown advertising packet type: 0x7e [ 534.724868][ T5838] Bluetooth: hci3: Malformed LE Event: 0x0d [ 535.413242][T12270] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 535.426517][T12270] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 535.450525][T12270] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 535.467154][T12270] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 537.449869][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout [ 537.456038][ T5838] Bluetooth: hci2: command 0x0c1a tx timeout [ 537.508465][ T5838] Bluetooth: hci1: command 0x040f tx timeout [ 537.514571][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout [ 544.689175][T12406] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 544.729028][T12406] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 544.738338][T12406] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 544.758232][T12406] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 546.222352][T12440] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1382'. [ 546.708060][ T5838] Bluetooth: hci0: command 0x0c1a tx timeout [ 546.798130][ T5838] Bluetooth: hci1: command 0x040f tx timeout [ 546.803009][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout [ 546.804180][ T5838] Bluetooth: hci2: command 0x0c1a tx timeout [ 552.492662][T12522] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1396'. [ 554.302718][T12533] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 554.322390][T12533] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 554.330181][T12533] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 554.470698][T12533] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 555.797006][T12544] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 555.808921][T12544] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 555.845341][T12544] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 555.889531][T12544] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 557.510780][ T5838] Bluetooth: hci0: command 0x0c1a tx timeout [ 557.838078][ T5838] Bluetooth: hci3: command 0x0c1a tx timeout [ 557.846385][ T5831] Bluetooth: hci2: command 0x0c1a tx timeout [ 557.910596][ T5831] Bluetooth: hci1: command 0x040f tx timeout [ 564.019684][ T5831] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 564.019719][ T5831] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 564.034761][ T5831] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 564.034794][ T5831] Bluetooth: hci0: adv larger than maximum supported [ 564.041898][ T5831] Bluetooth: hci0: Unknown advertising packet type: 0x72 [ 564.048741][ T5831] Bluetooth: hci0: Unknown advertising packet type: 0x7e [ 564.057117][ T5831] Bluetooth: hci0: Malformed LE Event: 0x0d [ 567.978747][T12712] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 567.997185][T12712] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 568.018085][T12712] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 568.024550][T12712] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 568.154585][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 568.168157][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 568.450426][T12721] Console: switching to colour VGA+ 80x25 [ 568.752727][T12721] Console: switching to colour frame buffer device 128x48 [ 569.908207][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout [ 569.988278][ T5831] Bluetooth: hci2: command 0x0c1a tx timeout [ 570.068129][ T5831] Bluetooth: hci1: command 0x040f tx timeout [ 570.068687][ T5838] Bluetooth: hci3: command 0x0c1a tx timeout [ 570.586955][ T5838] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 570.586992][ T5838] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 570.602279][ T5838] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 570.602301][ T5838] Bluetooth: hci0: adv larger than maximum supported [ 570.610405][ T5838] Bluetooth: hci0: Unknown advertising packet type: 0x72 [ 570.617112][ T5838] Bluetooth: hci0: Malformed LE Event: 0x0d [ 573.550829][T12783] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 573.584831][T12783] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 573.618211][T12783] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 573.638511][T12783] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 574.549288][T12802] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 574.605856][T12802] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 574.694555][T12802] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 574.724752][T12802] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 575.440217][T12816] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1457'. [ 576.628118][ T5838] Bluetooth: hci2: command 0x0c1a tx timeout [ 576.634198][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout [ 576.691669][T12829] Console: switching to colour VGA+ 80x25 [ 576.708150][ T5838] Bluetooth: hci3: command 0x0c1a tx timeout [ 576.789715][ T5838] Bluetooth: hci1: command 0x040f tx timeout [ 576.992542][T12831] Console: switching to colour frame buffer device 128x48 [ 580.346757][T12873] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 580.388392][T12873] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 580.395067][T12873] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 580.401399][T12873] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 582.389454][ T5838] Bluetooth: hci0: command 0x0c1a tx timeout [ 582.478252][ T5838] Bluetooth: hci1: command 0x040f tx timeout [ 582.484322][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout [ 582.484359][T11352] Bluetooth: hci2: command 0x0c1a tx timeout [ 588.882354][T12982] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 588.889457][T12982] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 588.896257][T12982] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 588.905241][T12982] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 589.106123][T12989] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1495'. [ 590.948922][T11352] Bluetooth: hci1: command 0x040f tx timeout [ 590.954985][T11352] Bluetooth: hci3: command 0x0c1a tx timeout [ 590.961054][ T5838] Bluetooth: hci2: command 0x0c1a tx timeout [ 590.961108][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout [ 598.040523][T13086] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1513'. [ 599.732441][T13096] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 599.748399][T13096] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 599.780170][T13096] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 599.792538][T13096] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 601.268122][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout [ 601.427067][ T5831] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 601.427103][ T5831] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 601.443558][ T5831] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 601.443590][ T5831] Bluetooth: hci0: adv larger than maximum supported [ 601.451237][ T5831] Bluetooth: hci0: Unknown advertising packet type: 0x72 [ 601.461219][ T5831] Bluetooth: hci0: Unknown advertising packet type: 0x7e [ 601.468487][ T5831] Bluetooth: hci0: Malformed LE Event: 0x0d [ 601.828305][ T5831] Bluetooth: hci1: command 0x040f tx timeout [ 601.828343][T11352] Bluetooth: hci3: command 0x0c1a tx timeout [ 601.834459][ T5831] Bluetooth: hci2: command 0x0c1a tx timeout [ 605.201960][T13192] Console: switching to colour VGA+ 80x25 [ 605.812898][T13201] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1538'. [ 615.192149][T13341] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1567'. [ 616.611901][T13354] Console: switching to colour frame buffer device 128x48 [ 623.699880][T13453] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 623.706071][T13453] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 623.736366][T13453] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 623.764548][T13453] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 625.078157][ T5831] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 625.078183][ T5831] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 625.098205][ T5831] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 625.098231][ T5831] Bluetooth: hci3: adv larger than maximum supported [ 625.105365][ T5831] Bluetooth: hci3: Unknown advertising packet type: 0x72 [ 625.112223][ T5831] Bluetooth: hci3: Unknown advertising packet type: 0x7e [ 625.119306][ T5831] Bluetooth: hci3: Malformed LE Event: 0x0d [ 625.602361][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout [ 625.762412][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout [ 625.762440][T11352] Bluetooth: hci2: command 0x0c1a tx timeout [ 625.828057][T11352] Bluetooth: hci1: command 0x040f tx timeout [ 629.596751][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 629.603293][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 630.393371][T13545] Console: switching to colour VGA+ 80x25 [ 632.026899][T13568] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 632.045046][T13568] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 632.071919][T13568] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 632.088262][T13568] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 634.078143][T11352] Bluetooth: hci2: command 0x0c1a tx timeout [ 634.078150][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout [ 634.158344][T11352] Bluetooth: hci1: command 0x040f tx timeout [ 634.158604][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout [ 634.821760][T13613] Console: switching to colour frame buffer device 128x48 [ 639.715039][T13686] Console: switching to colour VGA+ 80x25 [ 643.142690][T13735] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 643.164162][T13735] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 643.187593][T13735] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 643.249328][T13735] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 645.188167][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout [ 645.188212][ T5845] Bluetooth: hci0: command 0x0c1a tx timeout [ 645.200302][T11352] Bluetooth: hci2: command 0x0c1a tx timeout [ 645.268121][T11352] Bluetooth: hci1: command 0x040f tx timeout [ 647.708197][T13792] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 647.742331][T13792] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 647.810444][T13792] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 647.838471][T13792] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 648.784662][T13803] Console: switching to colour frame buffer device 128x48 [ 649.749184][T11352] Bluetooth: hci2: command 0x0c1a tx timeout [ 649.755218][T11352] Bluetooth: hci0: command 0x0c1a tx timeout [ 649.828488][T11352] Bluetooth: hci3: command 0x0c1a tx timeout [ 649.912292][T11352] Bluetooth: hci1: command 0x040f tx timeout [ 653.403702][T13876] Console: switching to colour VGA+ 80x25 [ 665.798107][T11352] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 665.798133][T11352] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 665.813303][T11352] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 665.813325][T11352] Bluetooth: hci0: adv larger than maximum supported [ 665.820451][T11352] Bluetooth: hci0: Unknown advertising packet type: 0x72 [ 665.827174][T11352] Bluetooth: hci0: Malformed LE Event: 0x0d [ 669.017259][T11352] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 669.017300][T11352] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 669.032460][T11352] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 669.032493][T11352] Bluetooth: hci2: adv larger than maximum supported [ 669.039755][T11352] Bluetooth: hci2: Unknown advertising packet type: 0x72 [ 669.046485][T11352] Bluetooth: hci2: Malformed LE Event: 0x0d [ 680.294563][T14203] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1750'. [ 686.609840][T14287] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 686.616227][T14287] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 686.639975][T14287] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 686.675325][T14287] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 688.628080][T11352] Bluetooth: hci0: command 0x0c1a tx timeout [ 688.634403][ T5845] Bluetooth: hci2: command 0x0c1a tx timeout [ 688.708259][ T5845] Bluetooth: hci3: command 0x0c1a tx timeout [ 688.714343][T11352] Bluetooth: hci1: command 0x040f tx timeout [ 691.053946][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 691.060542][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 693.376826][T14387] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1786'. [ 695.108694][T14408] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 695.115408][T14408] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 695.130246][T14408] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 695.206565][T14408] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 696.489744][T11352] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 696.489772][T11352] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 696.505045][T11352] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 696.505066][T11352] Bluetooth: hci1: adv larger than maximum supported [ 696.512460][T11352] Bluetooth: hci1: Unknown advertising packet type: 0x72 [ 696.521144][T11352] Bluetooth: hci1: Unknown advertising packet type: 0x7e [ 696.536417][T11352] Bluetooth: hci1: Malformed LE Event: 0x0d [ 697.199682][T11352] Bluetooth: hci3: command 0x0c1a tx timeout [ 697.199742][ T5845] Bluetooth: hci2: command 0x0c1a tx timeout [ 697.206195][T11352] Bluetooth: hci0: command 0x0c1a tx timeout [ 697.268154][ T5845] Bluetooth: hci1: command 0x040f tx timeout [ 699.249190][T14472] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 699.255722][T14472] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 699.262044][T14472] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 699.268877][T14472] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 701.206212][T14509] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1811'. [ 701.350542][ T5831] Bluetooth: hci1: command 0x040f tx timeout [ 701.356710][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout [ 701.363183][ T5845] Bluetooth: hci2: command 0x0c1a tx timeout [ 701.369346][T11352] Bluetooth: hci0: command 0x0c1a tx timeout [ 708.770739][ T5838] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 708.770775][ T5838] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 708.786381][ T5838] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 708.786404][ T5838] Bluetooth: hci2: adv larger than maximum supported [ 708.794037][ T5838] Bluetooth: hci2: Unknown advertising packet type: 0x72 [ 708.801320][ T5838] Bluetooth: hci2: Unknown advertising packet type: 0x7e [ 708.808812][ T5838] Bluetooth: hci2: Malformed LE Event: 0x0d [ 709.380739][T14591] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1830'. [ 713.548964][T14655] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 713.561537][T14655] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 713.614818][T14655] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 713.627286][T14655] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 714.029392][T14663] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1843'. [ 715.598184][ T5838] Bluetooth: hci2: command 0x0c1a tx timeout [ 715.606489][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout [ 715.673725][ T5831] Bluetooth: hci1: command 0x040f tx timeout [ 715.680760][ T5838] Bluetooth: hci3: command 0x0c1a tx timeout [ 721.971425][T14779] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1866'. [ 729.999698][ T5831] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 729.999853][ T5831] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 730.018389][ T5831] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 730.018479][ T5831] Bluetooth: hci2: adv larger than maximum supported [ 730.025631][ T5831] Bluetooth: hci2: Unknown advertising packet type: 0x72 [ 730.032689][ T5831] Bluetooth: hci2: Unknown advertising packet type: 0x7e [ 730.040053][ T5831] Bluetooth: hci2: Malformed LE Event: 0x0d [ 731.369455][T14900] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 731.382218][T14900] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 731.438418][T14900] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 731.473889][T14900] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 732.988180][T14928] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1898'. [ 733.100871][T14931] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1899'. [ 733.219972][ T5831] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 733.219998][ T5831] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 733.235326][ T5831] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 733.235346][ T5831] Bluetooth: hci3: adv larger than maximum supported [ 733.242507][ T5831] Bluetooth: hci3: Unknown advertising packet type: 0x72 [ 733.249612][ T5831] Bluetooth: hci3: Unknown advertising packet type: 0x7e [ 733.256833][ T5831] Bluetooth: hci3: Malformed LE Event: 0x0d [ 733.435688][ T5831] Bluetooth: hci2: command 0x0c1a tx timeout [ 733.435702][ T5838] Bluetooth: hci0: command 0x0c1a tx timeout [ 733.508244][ T5831] Bluetooth: hci1: command 0x040f tx timeout [ 733.514320][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout [ 739.639024][T15012] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 739.684058][T15012] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 739.727701][T15012] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 739.744394][T15012] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 741.111149][T15037] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1921'. [ 741.668272][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout [ 741.748169][ T5831] Bluetooth: hci1: command 0x040f tx timeout [ 741.754240][ T5838] Bluetooth: hci3: command 0x0c1a tx timeout [ 741.760400][ T5838] Bluetooth: hci2: command 0x0c1a tx timeout [ 746.033982][T15114] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1936'. [ 750.978836][T15189] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 750.985152][T15189] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 751.022564][T15189] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 751.067501][T15189] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 751.869152][ T5831] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 751.869191][ T5831] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 751.885402][ T5831] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 751.885434][ T5831] Bluetooth: hci0: adv larger than maximum supported [ 751.892941][ T5831] Bluetooth: hci0: Unknown advertising packet type: 0x72 [ 751.900000][ T5831] Bluetooth: hci0: adv larger than maximum supported [ 751.907125][ T5831] Bluetooth: hci0: Malformed LE Event: 0x0d [ 752.476176][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 752.483453][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 753.028667][ T5831] Bluetooth: hci2: command 0x0c1a tx timeout [ 753.034909][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout [ 753.108157][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout [ 753.117745][ T5845] Bluetooth: hci1: command 0x040f tx timeout [ 754.086722][T15233] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 754.135253][T15233] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 754.239148][T15233] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 754.255656][T15233] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 755.272515][T15249] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1966'. [ 756.148300][ T5831] Bluetooth: hci2: command 0x0c1a tx timeout [ 756.148307][ T5845] Bluetooth: hci0: command 0x0c1a tx timeout [ 756.328145][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout [ 756.334462][ T5845] Bluetooth: hci1: command 0x040f tx timeout [ 761.879411][T15363] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 761.889043][T15363] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 761.896631][T15363] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 761.903471][T15363] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 763.908123][ T5831] Bluetooth: hci2: command 0x0c1a tx timeout [ 763.908322][ T5845] Bluetooth: hci0: command 0x0c1a tx timeout [ 763.914301][ T5831] Bluetooth: hci1: command 0x040f tx timeout [ 763.920436][ T5838] Bluetooth: hci3: command 0x0c1a tx timeout [ 766.547563][T15427] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(6) [ 767.733470][ T5838] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 767.733497][ T5838] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 767.748680][ T5838] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 767.748702][ T5838] Bluetooth: hci2: adv larger than maximum supported [ 767.755791][ T5838] Bluetooth: hci2: Unknown advertising packet type: 0x72 [ 767.762588][ T5838] Bluetooth: hci2: adv larger than maximum supported [ 767.769660][ T5838] Bluetooth: hci2: Malformed LE Event: 0x0d [ 767.938839][T15456] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 767.985500][ T5838] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 767.985526][ T5838] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 768.004776][ T5838] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 768.004802][ T5838] Bluetooth: hci2: adv larger than maximum supported [ 768.012076][ T5838] Bluetooth: hci2: Unknown advertising packet type: 0x72 [ 768.018851][ T5838] Bluetooth: hci2: adv larger than maximum supported [ 768.025915][ T5838] Bluetooth: hci2: Malformed LE Event: 0x0d [ 768.049905][T15456] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 768.100652][T15456] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 768.144966][T15456] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 769.998171][ T5838] Bluetooth: hci0: command 0x0c1a tx timeout [ 770.078811][ T5838] Bluetooth: hci2: command 0x0c1a tx timeout [ 770.148163][ T5838] Bluetooth: hci1: command 0x040f tx timeout [ 770.153396][ T5845] Bluetooth: hci3: command 0x0c1a tx timeout [ 775.406437][T15575] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2028'. [ 783.015430][T15671] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 783.068506][T15671] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 783.134304][T15671] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 783.170200][T15671] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 784.115313][ T5845] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 784.115350][ T5845] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 784.131800][ T5845] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 784.131840][ T5845] Bluetooth: hci2: adv larger than maximum supported [ 784.139027][ T5845] Bluetooth: hci2: Unknown advertising packet type: 0x72 [ 784.145898][ T5845] Bluetooth: hci2: Unknown advertising packet type: 0x7e [ 784.153050][ T5845] Bluetooth: hci2: Malformed LE Event: 0x0d [ 785.039810][ T5845] Bluetooth: hci0: command 0x0c1a tx timeout [ 785.111833][ T5845] Bluetooth: hci2: command 0x0c1a tx timeout [ 785.188245][ T5845] Bluetooth: hci1: command 0x040f tx timeout [ 785.188254][ T5838] Bluetooth: hci3: command 0x0c1a tx timeout [ 786.865831][ T5845] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 786.865871][ T5845] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 786.886465][ T5845] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 786.886500][ T5845] Bluetooth: hci3: adv larger than maximum supported [ 786.898384][ T5845] Bluetooth: hci3: Unknown advertising packet type: 0x72 [ 786.905127][ T5845] Bluetooth: hci3: Unknown advertising packet type: 0x7e [ 786.912635][ T5845] Bluetooth: hci3: Malformed LE Event: 0x0d [ 787.343195][T15735] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2063'. [ 790.802160][T15775] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 790.819418][T15775] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 790.918328][T15775] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 790.928870][T15775] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 791.199111][ T5845] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 791.199149][ T5845] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 791.213952][ T5845] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 791.213983][ T5845] Bluetooth: hci2: adv larger than maximum supported [ 791.221096][ T5845] Bluetooth: hci2: Unknown advertising packet type: 0x72 [ 791.227811][ T5845] Bluetooth: hci2: Unknown advertising packet type: 0x7e [ 791.234918][ T5845] Bluetooth: hci2: Malformed LE Event: 0x0d [ 792.869175][ T5845] Bluetooth: hci0: command 0x0c1a tx timeout [ 792.875246][ T5845] Bluetooth: hci2: command 0x0c1a tx timeout [ 792.948178][ T5838] Bluetooth: hci3: command 0x0c1a tx timeout [ 792.954292][ T5845] Bluetooth: hci1: command 0x040f tx timeout [ 794.138355][ T5845] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 794.138400][ T5845] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 794.153758][ T5845] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 794.153788][ T5845] Bluetooth: hci2: adv larger than maximum supported [ 794.161253][ T5845] Bluetooth: hci2: Unknown advertising packet type: 0x72 [ 794.168288][ T5845] Bluetooth: hci2: Unknown advertising packet type: 0x7e [ 794.175821][ T5845] Bluetooth: hci2: Malformed LE Event: 0x0d [ 798.210728][ T5845] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 798.210763][ T5845] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 798.225602][ T5845] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 798.225637][ T5845] Bluetooth: hci0: adv larger than maximum supported [ 798.232924][ T5845] Bluetooth: hci0: Unknown advertising packet type: 0x72 [ 798.240869][ T5845] Bluetooth: hci0: Unknown advertising packet type: 0x7e [ 798.249078][ T5845] Bluetooth: hci0: Malformed LE Event: 0x0d [ 801.293129][T15919] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2100'. [ 804.793875][T15974] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 804.835015][T15974] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 804.923480][T15974] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 804.965675][T15974] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 806.638635][T15994] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 806.706171][T15994] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 806.756811][T15994] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 806.771078][T15994] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 808.018086][ T5845] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 808.018125][ T5845] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 808.034189][ T5845] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 808.034222][ T5845] Bluetooth: hci2: adv larger than maximum supported [ 808.041393][ T5845] Bluetooth: hci2: Unknown advertising packet type: 0x72 [ 808.049953][ T5845] Bluetooth: hci2: Unknown advertising packet type: 0x7e [ 808.057048][ T5845] Bluetooth: hci2: Malformed LE Event: 0x0d [ 808.367696][T16021] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2120'. [ 808.708061][ T5845] Bluetooth: hci0: command 0x0c1a tx timeout [ 808.788119][ T5845] Bluetooth: hci1: command 0x040f tx timeout [ 808.788247][ T5838] Bluetooth: hci3: command 0x0c1a tx timeout [ 808.795053][ T5845] Bluetooth: hci2: command 0x0c1a tx timeout [ 810.347651][T16047] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 810.398970][T16047] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 810.438115][T16047] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 810.494957][T16047] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 810.896617][T16063] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2130'. [ 812.389155][ T5838] Bluetooth: hci0: command 0x0c1a tx timeout [ 812.475369][ T5838] Bluetooth: hci3: command 0x0c1a tx timeout [ 812.482092][ T5845] Bluetooth: hci2: command 0x0c1a tx timeout [ 812.568065][ T5845] Bluetooth: hci1: command 0x040f tx timeout [ 813.185834][ T5845] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 813.185871][ T5845] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 813.204285][ T5845] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 813.204318][ T5845] Bluetooth: hci2: adv larger than maximum supported [ 813.211453][ T5845] Bluetooth: hci2: Unknown advertising packet type: 0x72 [ 813.218254][ T5845] Bluetooth: hci2: Unknown advertising packet type: 0x7e [ 813.225343][ T5845] Bluetooth: hci2: Malformed LE Event: 0x0d [ 813.915234][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 813.921936][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 814.706853][T16119] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2140'. [ 818.477499][ T5845] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 818.477539][ T5845] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 818.494449][ T5845] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 818.494493][ T5845] Bluetooth: hci2: adv larger than maximum supported [ 818.501791][ T5845] Bluetooth: hci2: Malformed LE Event: 0x0d [ 819.440418][T16164] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 819.447430][T16164] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 819.458034][T16164] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 819.464256][T16164] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 820.801434][T16183] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 820.825710][T16183] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 820.853103][T16183] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 820.878326][T16183] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 821.781760][ T5845] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 821.781786][ T5845] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 821.800038][ T5845] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 821.800059][ T5845] Bluetooth: hci2: adv larger than maximum supported [ 821.807174][ T5845] Bluetooth: hci2: Unknown advertising packet type: 0x72 [ 821.813964][ T5845] Bluetooth: hci2: Unknown advertising packet type: 0x7e [ 821.821036][ T5845] Bluetooth: hci2: Malformed LE Event: 0x0d [ 822.868282][ T5845] Bluetooth: hci3: command 0x0c1a tx timeout [ 822.874307][ T5845] Bluetooth: hci2: command 0x0c1a tx timeout [ 822.880378][ T5845] Bluetooth: hci0: command 0x0c1a tx timeout [ 822.948384][ T5838] Bluetooth: hci1: command 0x040f tx timeout [ 824.215607][T16226] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 824.238220][T16226] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 824.246386][T16226] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 824.315825][T16226] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 826.228069][ T5838] Bluetooth: hci0: command 0x0c1a tx timeout [ 826.308209][ T5838] Bluetooth: hci3: command 0x0c1a tx timeout [ 826.314270][ T5845] Bluetooth: hci2: command 0x0c1a tx timeout [ 826.390703][ T5838] Bluetooth: hci1: command 0x040f tx timeout [ 828.255587][T16276] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2171'. [ 831.208113][T16317] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2179'. [ 831.769189][T16322] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 831.796913][T16322] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 831.832155][T16322] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 831.911765][T16322] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 833.808082][ T5838] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 833.808110][ T5838] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 833.823539][ T5838] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 833.823560][ T5838] Bluetooth: hci2: adv larger than maximum supported [ 833.833464][ T5845] Bluetooth: hci0: command 0x0c1a tx timeout [ 833.848703][ T5838] Bluetooth: hci2: Unknown advertising packet type: 0x72 [ 833.848742][ T5838] Bluetooth: hci2: Unknown advertising packet type: 0x7e [ 833.855823][ T5838] Bluetooth: hci2: Malformed LE Event: 0x0d [ 833.871084][ T5838] Bluetooth: hci2: command 0x0c1a tx timeout [ 833.908139][ T5838] Bluetooth: hci3: command 0x0c1a tx timeout [ 833.988167][ T5838] Bluetooth: hci1: command 0x040f tx timeout [ 835.991195][T16372] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 836.088122][T16372] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 836.096763][T16372] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 836.108199][T16372] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 837.136476][ T5845] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 837.136512][ T5845] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 837.152392][ T5845] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 837.152427][ T5845] Bluetooth: hci2: adv larger than maximum supported [ 837.160917][ T5845] Bluetooth: hci2: Unknown advertising packet type: 0x72 [ 837.167678][ T5845] Bluetooth: hci2: Unknown advertising packet type: 0x7e [ 837.175006][ T5845] Bluetooth: hci2: Malformed LE Event: 0x0d [ 838.077329][ T5845] Bluetooth: hci0: command 0x0c1a tx timeout [ 838.151041][ T5845] Bluetooth: hci3: command 0x0c1a tx timeout [ 838.157119][ T5838] Bluetooth: hci2: command 0x0c1a tx timeout [ 838.163357][T11352] Bluetooth: hci1: command 0x040f tx timeout [ 838.242179][ T5838] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 838.242218][ T5838] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 838.257157][ T5838] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 838.257186][ T5838] Bluetooth: hci1: adv larger than maximum supported [ 838.264274][ T5838] Bluetooth: hci1: Malformed LE Event: 0x0d [ 839.799158][ T5838] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 839.799224][ T5838] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 839.814490][ T5838] bt_err_ratelimited: 2 callbacks suppressed [ 839.814503][ T5838] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 839.821119][ T5838] Bluetooth: hci3: adv larger than maximum supported [ 839.828239][ T5838] Bluetooth: hci3: Unknown advertising packet type: 0x72 [ 839.835045][ T5838] Bluetooth: hci3: Unknown advertising packet type: 0x7e [ 839.843197][ T5838] Bluetooth: hci3: Malformed LE Event: 0x0d [ 839.848854][T16434] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2203'. [ 840.001106][T16434] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2203'. [ 841.919016][T16464] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 841.925182][T16464] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 841.946590][T16464] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 842.001964][T16464] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 843.527132][T16495] netlink: 330 bytes leftover after parsing attributes in process `syz.4.2216'. [ 843.536316][ T5845] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 843.536339][ T5845] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 843.551411][ T5845] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 843.551432][ T5845] Bluetooth: hci1: adv larger than maximum supported [ 843.558852][ T5845] Bluetooth: hci1: Unknown advertising packet type: 0x72 [ 843.565638][ T5845] Bluetooth: hci1: Unknown advertising packet type: 0x7e [ 843.572797][ T5845] Bluetooth: hci1: Malformed LE Event: 0x0d [ 843.765641][T16495] : renamed from gre0 (while UP) [ 843.796541][T16495] netlink: 330 bytes leftover after parsing attributes in process `syz.4.2216'. [ 843.988866][ T5838] Bluetooth: hci0: command 0x0c1a tx timeout [ 843.990328][T11352] Bluetooth: hci3: command 0x0c1a tx timeout [ 843.995218][ T5838] Bluetooth: hci2: command 0x0c1a tx timeout [ 844.068178][ T5845] Bluetooth: hci1: command 0x040f tx timeout [ 847.329466][T16548] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 847.336295][T16548] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 847.365133][T16548] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 847.381068][T16548] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 848.810971][ T5845] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 848.811007][ T5845] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 848.830662][ T5845] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 848.831145][ T5845] Bluetooth: hci1: adv larger than maximum supported [ 848.838358][ T5845] Bluetooth: hci1: Unknown advertising packet type: 0x72 [ 848.845142][ T5845] Bluetooth: hci1: Unknown advertising packet type: 0x7e [ 848.852300][ T5845] Bluetooth: hci1: Malformed LE Event: 0x0d [ 849.358177][ T5838] Bluetooth: hci0: command 0x0c1a tx timeout [ 849.364355][ T5845] Bluetooth: hci2: command 0x0c1a tx timeout [ 849.438161][ T5838] Bluetooth: hci3: command 0x0c1a tx timeout [ 849.445259][ T5845] Bluetooth: hci1: command 0x040f tx timeout [ 853.596198][T16646] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 853.658781][T16646] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 853.695674][T16646] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 853.706801][T16646] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 855.668262][ T5845] Bluetooth: hci2: command 0x0c1a tx timeout [ 855.674530][ T5845] Bluetooth: hci0: command 0x0c1a tx timeout [ 855.758192][ T5838] Bluetooth: hci1: command 0x040f tx timeout [ 855.758328][ T5845] Bluetooth: hci3: command 0x0c1a tx timeout [ 857.057087][T16684] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2255'. [ 858.264201][T16691] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 858.272040][T16691] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 858.278806][T16691] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 858.284924][T16691] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 858.334348][ T5845] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 858.334391][ T5845] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 858.351103][ T5845] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 858.351145][ T5845] Bluetooth: hci1: adv larger than maximum supported [ 858.368322][ T5845] Bluetooth: hci1: Unknown advertising packet type: 0x72 [ 858.375909][ T5845] Bluetooth: hci1: Unknown advertising packet type: 0x7e [ 858.383163][ T5845] Bluetooth: hci1: Malformed LE Event: 0x0d [ 860.308215][ T5845] Bluetooth: hci1: command 0x040f tx timeout [ 860.308244][ T5838] Bluetooth: hci3: command 0x0c1a tx timeout [ 860.314382][ T5845] Bluetooth: hci2: command 0x0c1a tx timeout [ 860.320381][T16501] Bluetooth: hci0: command 0x0c1a tx timeout [ 861.018157][T16730] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 861.052001][T16730] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 861.059298][T16730] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 861.104590][T16730] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 862.788086][ T5838] Bluetooth: hci0: command 0x0c1a tx timeout [ 863.108185][ T5838] Bluetooth: hci1: command 0x040f tx timeout [ 863.114369][T16501] Bluetooth: hci3: command 0x0c1a tx timeout [ 863.120393][ T5831] Bluetooth: hci2: command 0x0c1a tx timeout [ 863.667217][T16767] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 863.691326][T16767] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 863.697399][T16767] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 863.724572][T16767] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 864.122228][T16501] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 864.122268][T16501] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 864.137637][T16501] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 864.137670][T16501] Bluetooth: hci1: adv larger than maximum supported [ 864.144950][T16501] Bluetooth: hci1: Unknown advertising packet type: 0x72 [ 864.151861][T16501] Bluetooth: hci1: Unknown advertising packet type: 0x7e [ 864.159078][T16501] Bluetooth: hci1: Malformed LE Event: 0x0d [ 865.668205][T16501] Bluetooth: hci0: command 0x0c1a tx timeout [ 865.752529][ T5838] Bluetooth: hci3: command 0x0c1a tx timeout [ 865.758668][ T5831] Bluetooth: hci2: command 0x0c1a tx timeout [ 865.765104][T16501] Bluetooth: hci1: command 0x040f tx timeout [ 866.050399][T16795] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 866.058874][T16795] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 866.127347][T16795] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 866.150834][T16795] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 867.824812][T16821] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 867.840369][T16821] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 867.914294][T16821] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 867.952352][T16821] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 869.130104][T16848] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 869.145199][T16848] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 869.164443][T16848] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 869.247817][T16848] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 871.188169][T16501] Bluetooth: hci2: command 0x0c1a tx timeout [ 871.194369][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout [ 871.202610][ T5838] Bluetooth: hci3: command 0x0c1a tx timeout [ 871.282247][ T5838] Bluetooth: hci1: command 0x040f tx timeout [ 871.737316][T16883] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 871.775588][T16883] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 871.935572][T16883] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 871.943119][T16883] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 872.334628][T16890] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2299'. [ 873.748173][ T5838] Bluetooth: hci0: command 0x0c1a tx timeout [ 873.828280][ T5838] Bluetooth: hci2: command 0x0c1a tx timeout [ 873.988217][ T5838] Bluetooth: hci1: command 0x040f tx timeout [ 873.994287][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout [ 874.869628][ T5838] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 874.869654][ T5838] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 874.887365][ T5838] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 874.887399][ T5838] Bluetooth: hci2: adv larger than maximum supported [ 874.895513][ T5838] Bluetooth: hci2: Unknown advertising packet type: 0x72 [ 874.902348][ T5838] Bluetooth: hci2: Unknown advertising packet type: 0x7e [ 874.909485][ T5838] Bluetooth: hci2: Malformed LE Event: 0x0d [ 875.354872][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 875.361981][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 875.786685][T16925] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 875.805323][T16925] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 875.866538][T16925] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 875.894190][T16925] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 877.006664][T16948] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 0, inode_bitmap = 137 [ 877.028384][T16948] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz-executor: bg 0: bad block bitmap checksum [ 877.103588][T16949] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz-executor: bg 1: bad block bitmap checksum [ 877.828802][ T5838] Bluetooth: hci0: command 0x0c1a tx timeout [ 877.908144][ T5838] Bluetooth: hci1: command 0x040f tx timeout [ 877.914774][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout [ 878.044748][ T5831] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 878.059216][ T5831] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 878.069792][ T5831] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 878.080850][ T5831] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 878.088901][ T5831] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 878.457888][ T65] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 878.753118][ T65] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 879.235129][ T65] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 879.693962][ T65] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 880.148293][ T5838] Bluetooth: hci2: command tx timeout [ 880.365278][T16963] chnl_net:caif_netlink_parms(): no params data found [ 880.440023][ T65] bond0: left allmulticast mode [ 880.444943][ T65] bond_slave_0: left allmulticast mode [ 880.464586][ T65] bond_slave_1: left allmulticast mode [ 880.485641][ T65] bond0: left promiscuous mode [ 880.491936][ T65] bond_slave_0: left promiscuous mode [ 880.497672][ T65] bond_slave_1: left promiscuous mode [ 880.506342][ T65] bridge0: port 3(bond0) entered disabled state [ 880.519018][ T65] bridge_slave_1: left allmulticast mode [ 880.524692][ T65] bridge_slave_1: left promiscuous mode [ 880.569883][ T65] bridge0: port 2(bridge_slave_1) entered disabled state [ 880.664788][ T65] bridge_slave_0: left allmulticast mode [ 880.708827][ T65] bridge_slave_0: left promiscuous mode [ 880.758508][ T65] bridge0: port 1(bridge_slave_0) entered disabled state [ 882.229636][ T5838] Bluetooth: hci2: command tx timeout [ 882.350155][ T65] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 882.362489][ T65] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 882.380882][ T65] bond0 (unregistering): Released all slaves [ 883.127395][T16963] bridge0: port 1(bridge_slave_0) entered blocking state [ 883.148622][T16963] bridge0: port 1(bridge_slave_0) entered disabled state [ 883.156005][T16963] bridge_slave_0: entered allmulticast mode [ 883.164468][T16963] bridge_slave_0: entered promiscuous mode [ 883.237899][T16963] bridge0: port 2(bridge_slave_1) entered blocking state [ 883.245381][T16963] bridge0: port 2(bridge_slave_1) entered disabled state [ 883.255577][T16963] bridge_slave_1: entered allmulticast mode [ 883.269314][T16963] bridge_slave_1: entered promiscuous mode [ 883.375392][T16963] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 883.391972][T16963] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 883.552116][T16963] team0: Port device team_slave_0 added [ 883.577556][T16963] team0: Port device team_slave_1 added [ 883.842336][T16963] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 883.866848][T16963] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 883.908324][T16963] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 883.972604][T16963] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 884.000837][T16963] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 884.043407][T16963] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 884.308118][ T5838] Bluetooth: hci2: command tx timeout [ 884.314634][T16963] hsr_slave_0: entered promiscuous mode [ 884.367903][T16963] hsr_slave_1: entered promiscuous mode [ 884.390617][T16963] debugfs: 'hsr0' already exists in 'hsr' [ 884.405980][T16963] Cannot create hsr debugfs directory [ 886.392072][ T5838] Bluetooth: hci2: command tx timeout [ 886.919099][T17087] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 886.925716][T17087] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 886.945051][T17087] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 886.957012][T17087] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 886.985938][T17087] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 887.024257][T17087] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 888.274293][T16963] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 888.325270][T16963] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 888.432578][T16963] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 888.480245][T16963] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 888.959647][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout [ 888.959669][ T5838] Bluetooth: hci3: command 0x0c1a tx timeout [ 889.028291][ T5838] Bluetooth: hci2: command 0x0c1a tx timeout [ 889.034547][ T5838] Bluetooth: hci1: command 0x040f tx timeout [ 889.869303][T16963] 8021q: adding VLAN 0 to HW filter on device bond0 [ 889.992073][T16963] 8021q: adding VLAN 0 to HW filter on device team0 [ 890.149809][T14641] bridge0: port 1(bridge_slave_0) entered blocking state [ 890.156988][T14641] bridge0: port 1(bridge_slave_0) entered forwarding state [ 890.428607][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 890.435818][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 891.109886][ T5838] Bluetooth: hci2: command 0x0c1a tx timeout [ 891.201333][T16963] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 891.786913][ T65] hsr_slave_0: left promiscuous mode [ 891.801234][T17182] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 891.809486][ T65] hsr_slave_1: left promiscuous mode [ 891.818793][T17182] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 891.824944][T17182] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 891.844214][ T65] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 891.852299][ T65] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 891.859591][T17182] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 891.905567][ T65] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 891.923694][ T65] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 892.036705][ T65] veth1_macvtap: left promiscuous mode [ 892.048314][ T65] veth0_macvtap: left promiscuous mode [ 892.062584][ T65] veth1_vlan: left promiscuous mode [ 892.080462][ T65] veth0_vlan: left promiscuous mode [ 893.082023][ T65] team0 (unregistering): Port device team_slave_1 removed [ 893.138270][ T65] team0 (unregistering): Port device team_slave_0 removed [ 893.833664][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout [ 893.908174][ T5831] Bluetooth: hci2: command 0x0c1a tx timeout [ 893.908323][ T5838] Bluetooth: hci1: command 0x040f tx timeout [ 893.914230][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout [ 893.965040][T16963] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 894.182570][T16963] veth0_vlan: entered promiscuous mode [ 894.224339][T16963] veth1_vlan: entered promiscuous mode [ 894.300776][T16963] veth0_macvtap: entered promiscuous mode [ 894.331107][T16963] veth1_macvtap: entered promiscuous mode [ 894.504195][T16963] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 894.553075][T16963] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 894.639071][ T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 894.757034][ T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 894.769981][ T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 894.871524][ T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 895.269186][T14641] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 895.354785][T14641] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 895.488965][ T65] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 895.504124][ T65] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 897.744522][ T5845] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 897.756835][ T5845] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 897.765646][ T5845] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 897.774463][ T5845] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 897.783767][ T5845] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 898.750451][ T44] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 899.284288][ T44] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 899.436132][T17267] chnl_net:caif_netlink_parms(): no params data found [ 899.541427][ T44] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 899.560839][T17287] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2357'. [ 899.828236][ T5831] Bluetooth: hci4: command tx timeout [ 899.924983][ T44] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 901.250682][T17267] bridge0: port 1(bridge_slave_0) entered blocking state [ 901.378164][T17267] bridge0: port 1(bridge_slave_0) entered disabled state [ 901.386140][T17267] bridge_slave_0: entered allmulticast mode [ 901.409275][T17267] bridge_slave_0: entered promiscuous mode [ 901.423740][T17267] bridge0: port 2(bridge_slave_1) entered blocking state [ 901.538709][T17267] bridge0: port 2(bridge_slave_1) entered disabled state [ 901.546106][T17267] bridge_slave_1: entered allmulticast mode [ 901.559915][T17267] bridge_slave_1: entered promiscuous mode [ 901.722312][T17267] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 901.743544][T17267] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 901.856971][T17267] team0: Port device team_slave_0 added [ 901.872502][T17267] team0: Port device team_slave_1 added [ 901.909844][ T5831] Bluetooth: hci4: command tx timeout [ 901.969806][T17267] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 902.018468][T17267] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 902.157823][T17267] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 902.244366][T17267] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 902.251938][T17267] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 902.282173][T17267] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 902.544434][T17267] hsr_slave_0: entered promiscuous mode [ 902.561907][T17267] hsr_slave_1: entered promiscuous mode [ 902.604569][T17267] debugfs: 'hsr0' already exists in 'hsr' [ 902.617325][T17267] Cannot create hsr debugfs directory [ 903.992528][ T5831] Bluetooth: hci4: command tx timeout [ 904.209979][T17322] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 904.216392][T17322] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 904.224086][T17322] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 904.237191][T17322] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 904.243580][T17322] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 904.260606][T17322] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 906.228294][ T5831] Bluetooth: hci2: command 0x0c1a tx timeout [ 906.234455][ T5831] Bluetooth: hci1: command 0x040f tx timeout [ 906.240517][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout [ 906.259184][T17350] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 906.265385][T17350] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 906.275239][T17350] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 906.288259][T17350] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 907.296055][T17357] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2370'. [ 908.000048][ T5845] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 908.000085][ T5845] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 908.015585][ T5845] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 908.015636][ T5845] Bluetooth: hci2: adv larger than maximum supported [ 908.023072][ T5845] Bluetooth: hci2: Unknown advertising packet type: 0x72 [ 908.029855][ T5845] Bluetooth: hci2: Unknown advertising packet type: 0x7e [ 908.036928][ T5845] Bluetooth: hci2: Malformed LE Event: 0x0d [ 908.308472][ T5831] Bluetooth: hci2: command 0x0c1a tx timeout [ 908.314558][ T5838] Bluetooth: hci1: command 0x040f tx timeout [ 908.320767][T16501] Bluetooth: hci0: command 0x0c1a tx timeout [ 908.327305][ T5845] Bluetooth: hci4: command 0x0c1a tx timeout [ 908.926997][T17375] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2375'. [ 909.409641][T17383] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2377'. [ 910.388146][ T5845] Bluetooth: hci4: command 0x0c1a tx timeout [ 912.468035][ T5845] Bluetooth: hci4: command 0x0c1a tx timeout [ 914.912837][ T5831] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 914.923474][ T5831] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 914.932987][ T5831] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 914.943338][ T5831] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 914.954300][ T5831] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 915.301227][T17429] chnl_net:caif_netlink_parms(): no params data found [ 915.444750][T17429] bridge0: port 1(bridge_slave_0) entered blocking state [ 915.458193][T17429] bridge0: port 1(bridge_slave_0) entered disabled state [ 915.465504][T17429] bridge_slave_0: entered allmulticast mode [ 915.476281][T17429] bridge_slave_0: entered promiscuous mode [ 915.485432][T17429] bridge0: port 2(bridge_slave_1) entered blocking state [ 915.496109][T17429] bridge0: port 2(bridge_slave_1) entered disabled state [ 915.503801][T17429] bridge_slave_1: entered allmulticast mode [ 915.511749][T17429] bridge_slave_1: entered promiscuous mode [ 915.551041][T17429] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 915.564068][T17429] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 915.623415][T17429] team0: Port device team_slave_0 added [ 915.639365][T17429] team0: Port device team_slave_1 added [ 915.725875][T17429] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 915.734019][T17429] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 915.762911][T17429] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 915.776743][T17429] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 915.784334][T17429] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 915.812569][T17429] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 915.878567][T17429] hsr_slave_0: entered promiscuous mode [ 915.885503][T17429] hsr_slave_1: entered promiscuous mode [ 915.892827][T17429] debugfs: 'hsr0' already exists in 'hsr' [ 915.901296][T17429] Cannot create hsr debugfs directory [ 917.028242][ T5831] Bluetooth: hci3: command tx timeout [ 919.108313][ T5831] Bluetooth: hci3: command tx timeout [ 921.188168][ T5831] Bluetooth: hci3: command tx timeout [ 923.274666][ T5831] Bluetooth: hci3: command tx timeout [ 923.356555][ T5845] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 923.371398][ T5845] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 923.390903][ T5845] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 923.405032][ T5845] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 923.413416][ T5845] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 923.819238][T17489] chnl_net:caif_netlink_parms(): no params data found [ 923.932232][T17489] bridge0: port 1(bridge_slave_0) entered blocking state [ 923.940621][T17489] bridge0: port 1(bridge_slave_0) entered disabled state [ 923.948597][T17489] bridge_slave_0: entered allmulticast mode [ 923.956059][T17489] bridge_slave_0: entered promiscuous mode [ 923.965975][T17489] bridge0: port 2(bridge_slave_1) entered blocking state [ 923.973982][T17489] bridge0: port 2(bridge_slave_1) entered disabled state [ 923.981966][T17489] bridge_slave_1: entered allmulticast mode [ 923.992042][T17489] bridge_slave_1: entered promiscuous mode [ 924.028347][T17489] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 924.041779][T17489] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 924.106609][T17489] team0: Port device team_slave_0 added [ 924.126173][T17489] team0: Port device team_slave_1 added [ 924.198193][T17489] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 924.209342][T17489] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 924.236084][T17489] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 924.258650][T17489] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 924.265632][T17489] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 924.298986][T17489] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 924.346635][T17489] hsr_slave_0: entered promiscuous mode [ 924.353062][T17489] hsr_slave_1: entered promiscuous mode [ 924.359545][T17489] debugfs: 'hsr0' already exists in 'hsr' [ 924.365269][T17489] Cannot create hsr debugfs directory [ 925.510803][ T5831] Bluetooth: hci5: command tx timeout syzkaller syzkaller login: [ 927.136684][T17531] FAULT_INJECTION: forcing a failure. [ 927.136684][T17531] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 927.150358][T17531] CPU: 1 UID: 0 PID: 17531 Comm: syz.4.2403 Not tainted syzkaller #0 PREEMPT(full) [ 927.150380][T17531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 927.150389][T17531] Call Trace: [ 927.150394][T17531] [ 927.150400][T17531] dump_stack_lvl+0x16c/0x1f0 [ 927.150423][T17531] should_fail_ex+0x512/0x640 [ 927.150448][T17531] _copy_from_user+0x2e/0xd0 [ 927.150469][T17531] __do_sys_landlock_create_ruleset+0x1c7/0x4e0 [ 927.150492][T17531] ? __pfx___do_sys_landlock_create_ruleset+0x10/0x10 [ 927.150521][T17531] do_syscall_64+0xcd/0xfa0 [ 927.150539][T17531] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 927.150553][T17531] RIP: 0033:0x7f0d8ed8f6c9 [ 927.150567][T17531] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 927.150581][T17531] RSP: 002b:00007f0d8fc56038 EFLAGS: 00000246 ORIG_RAX: 00000000000001bc [ 927.150595][T17531] RAX: ffffffffffffffda RBX: 00007f0d8efe5fa0 RCX: 00007f0d8ed8f6c9 [ 927.150605][T17531] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 0000200000000000 [ 927.150613][T17531] RBP: 00007f0d8ee11f91 R08: 0000000000000000 R09: 0000000000000000 [ 927.150621][T17531] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 927.150630][T17531] R13: 00007f0d8efe6038 R14: 00007f0d8efe5fa0 R15: 00007ffee5397928 [ 927.150649][T17531] [ 927.296325][ C1] vkms_vblank_simulate: vblank timer overrun [ 927.442292][T17535] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2405'. [ 927.588152][ T5831] Bluetooth: hci5: command tx timeout [ 929.328462][T17552] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2409'. [ 929.668195][ T5831] Bluetooth: hci5: command tx timeout [ 930.949176][T17567] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 930.955820][T17567] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 930.962314][T17567] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 930.968448][T17567] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 930.974547][T17567] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 930.980802][T17567] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 930.990930][T17567] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 930.998370][T17567] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 931.004497][T17567] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 931.014457][T17567] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 933.028319][ T5831] Bluetooth: hci5: command 0x0c1a tx timeout [ 933.028404][ T5845] Bluetooth: hci3: command 0x0c1a tx timeout [ 933.035564][T16501] Bluetooth: hci2: command 0x0c1a tx timeout [ 933.044061][ T5845] Bluetooth: hci1: command 0x040f tx timeout [ 933.046801][T16501] Bluetooth: hci0: command 0x0c1a tx timeout [ 933.059074][ T5838] Bluetooth: hci4: command 0x0c1a tx timeout [ 933.642814][T17585] ima: Unable to open file: /suritRy/integrity?iqa/policy (-2) [ 933.680185][T17584] ima: policy update failed [ 933.694363][ T30] audit: type=1802 audit(4294967929.169:2): pid=17584 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.4.2416" res=0 errno=0 [ 934.668729][T17593] syz.4.2418 uses obsolete (PF_INET,SOCK_PACKET) [ 935.108705][ T5831] Bluetooth: hci5: command 0x0c1a tx timeout [ 935.115040][T16501] Bluetooth: hci3: command 0x0c1a tx timeout [ 936.793401][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 936.799857][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 937.188162][T16501] Bluetooth: hci3: command 0x0c1a tx timeout [ 937.188190][ T5831] Bluetooth: hci5: command 0x0c1a tx timeout [ 937.968743][T17618] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 937.974838][T17618] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 937.981300][T17618] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 937.989714][T17618] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 937.995788][T17618] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 938.002834][T17618] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 938.377252][T17623] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2425'. [ 939.718925][T17634] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 939.725598][T17634] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 939.732271][T17634] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 939.738853][T17634] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 939.745291][T17634] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 939.751788][T17634] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 941.122212][T17646] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2431'. [ 941.748394][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout [ 941.748429][T16501] Bluetooth: hci4: command 0x0c1a tx timeout [ 941.754482][ T5838] Bluetooth: hci2: command 0x0c1a tx timeout [ 941.760622][T17583] Bluetooth: hci1: command 0x040f tx timeout [ 941.766554][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout [ 941.828128][T16501] Bluetooth: hci5: command 0x0c1a tx timeout [ 944.557912][T17673] FAULT_INJECTION: forcing a failure. [ 944.557912][T17673] name fail_futex, interval 1, probability 0, space 0, times 1 [ 944.573741][T17673] CPU: 1 UID: 0 PID: 17673 Comm: syz.4.2439 Not tainted syzkaller #0 PREEMPT(full) [ 944.573772][T17673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 944.573782][T17673] Call Trace: [ 944.573788][T17673] [ 944.573795][T17673] dump_stack_lvl+0x16c/0x1f0 [ 944.573817][T17673] should_fail_ex+0x512/0x640 [ 944.573842][T17673] get_futex_key+0x1d0/0x1560 [ 944.573864][T17673] ? __pfx_get_futex_key+0x10/0x10 [ 944.573881][T17673] ? select_task_rq_fair+0x4c4/0x45e0 [ 944.573900][T17673] ? __pfx_call_function_single_prep_ipi+0x10/0x10 [ 944.573923][T17673] futex_wait_setup+0x9d/0x550 [ 944.573950][T17673] __futex_wait+0x193/0x2f0 [ 944.573972][T17673] ? __pfx___futex_wait+0x10/0x10 [ 944.573992][T17673] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 944.574007][T17673] ? lockdep_hardirqs_on+0x7c/0x110 [ 944.574025][T17673] ? __pfx_futex_wake_mark+0x10/0x10 [ 944.574049][T17673] ? find_held_lock+0x2b/0x80 [ 944.574066][T17673] ? futex_private_hash_put+0xd5/0x190 [ 944.574084][T17673] futex_wait+0xe8/0x380 [ 944.574105][T17673] ? __pfx_futex_wait+0x10/0x10 [ 944.574131][T17673] ? kmem_cache_free+0x2d4/0x6c0 [ 944.574145][T17673] ? putname+0x154/0x1a0 [ 944.574167][T17673] do_futex+0x229/0x350 [ 944.574185][T17673] ? __pfx_do_futex+0x10/0x10 [ 944.574205][T17673] ? find_held_lock+0x2b/0x80 [ 944.574220][T17673] __x64_sys_futex+0x1e0/0x4c0 [ 944.574240][T17673] ? __x64_sys_openat+0x174/0x210 [ 944.574260][T17673] ? __pfx___x64_sys_futex+0x10/0x10 [ 944.574280][T17673] ? fput+0x9b/0xd0 [ 944.574301][T17673] do_syscall_64+0xcd/0xfa0 [ 944.574318][T17673] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 944.574332][T17673] RIP: 0033:0x7f0d8ed8f6c9 [ 944.574345][T17673] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 944.574359][T17673] RSP: 002b:00007f0d8fc560e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 944.574372][T17673] RAX: ffffffffffffffda RBX: 00007f0d8efe5fa8 RCX: 00007f0d8ed8f6c9 [ 944.574382][T17673] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f0d8efe5fa8 [ 944.574390][T17673] RBP: 00007f0d8efe5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 944.574399][T17673] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 944.574407][T17673] R13: 00007f0d8efe6038 R14: 00007ffee5397840 R15: 00007ffee5397928 [ 944.574427][T17673] [ 950.311200][T17720] nfs: Bad value for 'source' [ 955.083520][T17767] binder: 17765:17767 unknown command 0 [ 955.098126][T17767] binder: 17765:17767 ioctl c0306201 2000000000c0 returned -22 [ 955.866652][T17770] netlink: 268 bytes leftover after parsing attributes in process `syz.4.2460'. [ 957.214023][ T5831] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 957.225064][ T5831] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 957.238722][ T5831] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 957.249287][ T5831] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 957.264354][ T5831] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 957.690867][T17783] chnl_net:caif_netlink_parms(): no params data found [ 957.800953][T17783] bridge0: port 1(bridge_slave_0) entered blocking state [ 957.810818][T17783] bridge0: port 1(bridge_slave_0) entered disabled state [ 957.819274][T17783] bridge_slave_0: entered allmulticast mode [ 957.826927][T17783] bridge_slave_0: entered promiscuous mode [ 957.836785][T17783] bridge0: port 2(bridge_slave_1) entered blocking state [ 957.845303][T17783] bridge0: port 2(bridge_slave_1) entered disabled state [ 957.853350][T17783] bridge_slave_1: entered allmulticast mode [ 957.861430][T17783] bridge_slave_1: entered promiscuous mode [ 957.897787][T17783] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 957.920118][T17783] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 957.957714][T17783] team0: Port device team_slave_0 added [ 957.967077][T17783] team0: Port device team_slave_1 added [ 958.005154][T17783] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 958.012583][T17783] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 958.042303][T17783] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 958.055834][T17783] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 958.063473][T17783] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 958.092059][T17783] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 958.150157][T17783] hsr_slave_0: entered promiscuous mode [ 958.157408][T17783] hsr_slave_1: entered promiscuous mode [ 958.164610][T17783] debugfs: 'hsr0' already exists in 'hsr' [ 958.171294][T17783] Cannot create hsr debugfs directory [ 958.480920][T17802] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2466'. [ 959.135603][T17813] ptrace attach of "./syz-executor exec"[8170] was attempted by ""[17813] [ 959.348204][ T5831] Bluetooth: hci6: command tx timeout [ 960.360336][T17819] FAULT_INJECTION: forcing a failure. [ 960.360336][T17819] name fail_futex, interval 1, probability 0, space 0, times 0 [ 960.373243][T17819] CPU: 1 UID: 0 PID: 17819 Comm: syz.4.2470 Not tainted syzkaller #0 PREEMPT(full) [ 960.373276][T17819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 960.373291][T17819] Call Trace: [ 960.373301][T17819] [ 960.373308][T17819] dump_stack_lvl+0x16c/0x1f0 [ 960.373331][T17819] should_fail_ex+0x512/0x640 [ 960.373356][T17819] get_futex_key+0x1d0/0x1560 [ 960.373378][T17819] ? __pfx_get_futex_key+0x10/0x10 [ 960.373394][T17819] ? find_held_lock+0x2b/0x80 [ 960.373415][T17819] futex_wake+0xea/0x530 [ 960.373436][T17819] ? futex_wait+0x120/0x380 [ 960.373457][T17819] ? __pfx_futex_wait+0x10/0x10 [ 960.373478][T17819] ? __pfx_futex_wake+0x10/0x10 [ 960.373507][T17819] do_futex+0x1e3/0x350 [ 960.373525][T17819] ? __pfx_do_futex+0x10/0x10 [ 960.373548][T17819] __x64_sys_futex+0x1e0/0x4c0 [ 960.373569][T17819] ? __pfx___x64_sys_futex+0x10/0x10 [ 960.373588][T17819] ? __do_sys_ioprio_get+0xc9/0x1280 [ 960.373612][T17819] do_syscall_64+0xcd/0xfa0 [ 960.373630][T17819] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 960.373644][T17819] RIP: 0033:0x7f0d8ed8f6c9 [ 960.373657][T17819] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 960.373670][T17819] RSP: 002b:00007f0d8fc560e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 960.373684][T17819] RAX: ffffffffffffffda RBX: 00007f0d8efe5fa8 RCX: 00007f0d8ed8f6c9 [ 960.373694][T17819] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f0d8efe5fac [ 960.373702][T17819] RBP: 00007f0d8efe5fa0 R08: 00007f0d8fc57000 R09: 0000000000000000 [ 960.373710][T17819] R10: 0000000000004004 R11: 0000000000000246 R12: 0000000000000000 [ 960.373719][T17819] R13: 00007f0d8efe6038 R14: 00007ffee5397840 R15: 00007ffee5397928 [ 960.373738][T17819] [ 961.428141][ T5831] Bluetooth: hci6: command tx timeout [ 963.508141][ T5831] Bluetooth: hci6: command tx timeout [ 965.423105][T17848] capability: warning: `syz.4.2477' uses deprecated v2 capabilities in a way that may be insecure [ 965.591337][T16501] Bluetooth: hci6: command tx timeout [ 966.856484][T17885] netlink: 268 bytes leftover after parsing attributes in process `syz.4.2479'. [ 970.030577][T17905] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2484'. [ 970.045922][T17904] FAULT_INJECTION: forcing a failure. [ 970.045922][T17904] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 970.061684][T17904] CPU: 1 UID: 0 PID: 17904 Comm: syz.4.2484 Not tainted syzkaller #0 PREEMPT(full) [ 970.061704][T17904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 970.061713][T17904] Call Trace: [ 970.061718][T17904] [ 970.061724][T17904] dump_stack_lvl+0x16c/0x1f0 [ 970.061746][T17904] should_fail_ex+0x512/0x640 [ 970.061770][T17904] _copy_from_user+0x2e/0xd0 [ 970.061793][T17904] get_timespec64+0x8b/0x1b0 [ 970.061811][T17904] ? __pfx_get_timespec64+0x10/0x10 [ 970.061827][T17904] ? ktime_get+0x200/0x310 [ 970.061848][T17904] __x64_sys_futex+0x288/0x4c0 [ 970.061875][T17904] ? __pfx___x64_sys_futex+0x10/0x10 [ 970.061902][T17904] do_syscall_64+0xcd/0xfa0 [ 970.061919][T17904] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 970.061934][T17904] RIP: 0033:0x7f0d8ed8f6c9 [ 970.061946][T17904] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 970.061960][T17904] RSP: 002b:00007ffee5397a88 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 970.061974][T17904] RAX: ffffffffffffffda RBX: 00000000000ecd17 RCX: 00007f0d8ed8f6c9 [ 970.061983][T17904] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f0d8efe5fac [ 970.061992][T17904] RBP: 0000000000000032 R08: 00007f0d8fc57000 R09: 0000001ee5397d7f [ 970.062001][T17904] R10: 00007ffee5397b80 R11: 0000000000000246 R12: 00007f0d8efe5fac [ 970.062009][T17904] R13: 00007ffee5397b80 R14: 00000000000ecd49 R15: 00007ffee5397ba0 [ 970.062028][T17904] [ 972.955253][T17924] netlink: 'syz.4.2489': attribute type 1 has an invalid length. [ 974.716762][T17938] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2492'. [ 975.205151][T16501] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 975.215841][T16501] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 975.224635][T16501] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 975.233785][T16501] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 975.242787][T16501] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 975.381412][T17943] Invalid ELF header magic: != ELF [ 975.541509][T17945] chnl_net:caif_netlink_parms(): no params data found [ 975.630627][T17945] bridge0: port 1(bridge_slave_0) entered blocking state [ 975.638836][T17945] bridge0: port 1(bridge_slave_0) entered disabled state [ 975.646302][T17945] bridge_slave_0: entered allmulticast mode [ 975.654924][T17945] bridge_slave_0: entered promiscuous mode [ 975.664319][T17945] bridge0: port 2(bridge_slave_1) entered blocking state [ 975.672046][T17945] bridge0: port 2(bridge_slave_1) entered disabled state [ 975.679810][T17945] bridge_slave_1: entered allmulticast mode [ 975.687525][T17945] bridge_slave_1: entered promiscuous mode [ 975.729861][T17945] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 975.743275][T17945] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 975.870859][T17945] team0: Port device team_slave_0 added [ 975.887523][T17945] team0: Port device team_slave_1 added [ 975.937291][T17945] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 975.945659][T17945] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 975.975153][T17945] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 975.991269][T17945] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 975.998520][T17945] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 976.041181][T17945] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 976.124088][T17945] hsr_slave_0: entered promiscuous mode [ 976.132875][T17945] hsr_slave_1: entered promiscuous mode [ 976.139637][T17945] debugfs: 'hsr0' already exists in 'hsr' [ 976.145637][T17945] Cannot create hsr debugfs directory [ 977.268210][T16501] Bluetooth: hci7: command tx timeout [ 979.348296][T16501] Bluetooth: hci7: command tx timeout [ 980.935744][T17985] [U] [ 980.939197][T17985] [U] [ 980.942060][T17985] [U] [ 980.944748][T17985] [U] [ 980.948119][T17985] [U] [ 980.950851][T17985] [U] [ 980.953891][T17985] [U] [ 980.956565][T17985] [U] [ 980.961311][T17985] [U] [ 980.964045][T17985] [U] [ 980.966757][T17985] [U] [ 980.969465][T17985] [U] [ 980.972574][T17985] [U] [ 980.975274][T17985] [U] [ 980.977965][T17985] [U] [ 980.980660][T17985] [U] [ 980.983798][T17985] [U] [ 980.986512][T17985] [U] [ 980.989199][T17985] [U] [ 980.991878][T17985] [U] [ 980.994883][T17985] [U] [ 980.997591][T17985] [U] [ 981.000298][T17985] [U] [ 981.003088][T17985] [U] [ 981.006832][T17985] [U] [ 981.009565][T17985] [U] [ 981.012282][T17985] [U] [ 981.014995][T17985] [U] [ 981.018393][T17985] [U] [ 981.021105][T17985] [U] ƸG[LiUn6^NnQ[giC:ͽ:5ߡfqp?W(VrD"U¥u-@+5  ]_& [ 981.032240][T17985] [U] E 0O{s` 1 [ 983.569327][T16501] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 983.577463][T16501] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 983.588961][T16501] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 983.596678][T16501] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 983.855521][T18007] chnl_net:caif_netlink_parms(): no params data found [ 984.160176][T18007] bridge0: port 1(bridge_slave_0) entered blocking state [ 984.167442][T18007] bridge0: port 1(bridge_slave_0) entered disabled state [ 984.185486][T18007] bridge_slave_0: entered allmulticast mode [ 984.197289][T18007] bridge_slave_0: entered promiscuous mode [ 984.211177][T18007] bridge0: port 2(bridge_slave_1) entered blocking state [ 984.218501][T18007] bridge0: port 2(bridge_slave_1) entered disabled state [ 984.225847][T18007] bridge_slave_1: entered allmulticast mode [ 984.236357][T18007] bridge_slave_1: entered promiscuous mode [ 984.293436][T18007] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 984.307473][T18007] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 984.425885][T18007] team0: Port device team_slave_0 added [ 984.459098][T18007] team0: Port device team_slave_1 added [ 984.546972][T18007] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 984.556907][T18007] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 984.583645][T18007] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 984.596513][T18007] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 984.604142][T18007] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 984.632199][T18007] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 984.684350][T18007] hsr_slave_0: entered promiscuous mode [ 984.710164][T18007] hsr_slave_1: entered promiscuous mode [ 984.718199][T18007] debugfs: 'hsr0' already exists in 'hsr' [ 984.723958][T18007] Cannot create hsr debugfs directory [ 985.640989][T17233] Process accounting resumed [ 985.672406][ T5831] Bluetooth: hci8: command tx timeout [ 987.748193][ T5831] Bluetooth: hci8: command tx timeout [ 989.207376][ T30] audit: type=1806 audit(4294967984.679:3): xattr="." res=0 [ 989.828264][ T5831] Bluetooth: hci8: command tx timeout [ 989.981890][T16501] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 989.991834][T16501] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 990.000274][T16501] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 990.009724][T16501] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 990.017423][T16501] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 990.172064][T18093] chnl_net:caif_netlink_parms(): no params data found [ 990.241428][T18093] bridge0: port 1(bridge_slave_0) entered blocking state [ 990.249835][T18093] bridge0: port 1(bridge_slave_0) entered disabled state [ 990.257121][T18093] bridge_slave_0: entered allmulticast mode [ 990.264964][T18093] bridge_slave_0: entered promiscuous mode [ 990.273331][T18093] bridge0: port 2(bridge_slave_1) entered blocking state [ 990.280956][T18093] bridge0: port 2(bridge_slave_1) entered disabled state [ 990.288393][T18093] bridge_slave_1: entered allmulticast mode [ 990.295574][T18093] bridge_slave_1: entered promiscuous mode [ 990.324975][T18093] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 990.336867][T18093] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 990.370294][T18093] team0: Port device team_slave_0 added [ 990.378742][T18093] team0: Port device team_slave_1 added [ 990.405482][T18093] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 990.412522][T18093] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 990.438556][T18093] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 990.452189][T18093] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 990.459278][T18093] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 990.486627][T18093] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 990.530498][T18093] hsr_slave_0: entered promiscuous mode [ 990.537047][T18093] hsr_slave_1: entered promiscuous mode [ 990.544019][T18093] debugfs: 'hsr0' already exists in 'hsr' [ 990.551280][T18093] Cannot create hsr debugfs directory [ 991.908556][ T5831] Bluetooth: hci8: command tx timeout [ 992.068292][ T5831] Bluetooth: hci1: command tx timeout [ 994.158188][ T5831] Bluetooth: hci1: command tx timeout [ 996.228222][ T5831] Bluetooth: hci1: command tx timeout [ 998.234054][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 998.240465][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 998.308254][ T5831] Bluetooth: hci1: command tx timeout [ 1017.287559][T16501] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 1017.298914][T16501] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 1017.308490][T16501] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 1017.319653][T16501] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 1017.329524][T16501] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 1017.492724][T18105] chnl_net:caif_netlink_parms(): no params data found [ 1017.563901][T18105] bridge0: port 1(bridge_slave_0) entered blocking state [ 1017.571159][T18105] bridge0: port 1(bridge_slave_0) entered disabled state [ 1017.578908][T18105] bridge_slave_0: entered allmulticast mode [ 1017.587669][T18105] bridge_slave_0: entered promiscuous mode [ 1017.596761][T18105] bridge0: port 2(bridge_slave_1) entered blocking state [ 1017.604359][T18105] bridge0: port 2(bridge_slave_1) entered disabled state [ 1017.611909][T18105] bridge_slave_1: entered allmulticast mode [ 1017.619908][T18105] bridge_slave_1: entered promiscuous mode [ 1017.653106][T18105] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1017.665067][T18105] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1017.698845][T18105] team0: Port device team_slave_0 added [ 1017.708284][T18105] team0: Port device team_slave_1 added [ 1017.735154][T18105] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1017.743464][T18105] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1017.769533][T18105] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1017.781964][T18105] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1017.790102][T18105] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1017.816128][T18105] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1017.862484][T18105] hsr_slave_0: entered promiscuous mode [ 1017.869077][T18105] hsr_slave_1: entered promiscuous mode [ 1017.875275][T18105] debugfs: 'hsr0' already exists in 'hsr' [ 1017.881080][T18105] Cannot create hsr debugfs directory [ 1019.348312][T16501] Bluetooth: hci9: command tx timeout [ 1021.438205][T16501] Bluetooth: hci9: command tx timeout [ 1023.508190][T16501] Bluetooth: hci9: command tx timeout [ 1025.588183][T16501] Bluetooth: hci9: command tx timeout [ 1035.312702][ T5831] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 1035.322448][ T5831] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 1035.330754][ T5831] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 1035.341804][ T5831] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 1035.351142][ T5831] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 1035.507803][T18119] chnl_net:caif_netlink_parms(): no params data found [ 1035.576725][T18119] bridge0: port 1(bridge_slave_0) entered blocking state [ 1035.584132][T18119] bridge0: port 1(bridge_slave_0) entered disabled state [ 1035.591751][T18119] bridge_slave_0: entered allmulticast mode [ 1035.599250][T18119] bridge_slave_0: entered promiscuous mode [ 1035.610671][T18119] bridge0: port 2(bridge_slave_1) entered blocking state [ 1035.617980][T18119] bridge0: port 2(bridge_slave_1) entered disabled state [ 1035.625285][T18119] bridge_slave_1: entered allmulticast mode [ 1035.632630][T18119] bridge_slave_1: entered promiscuous mode [ 1035.664289][T18119] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1035.676327][T18119] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1035.709885][T18119] team0: Port device team_slave_0 added [ 1035.717870][T18119] team0: Port device team_slave_1 added [ 1035.747160][T18119] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1035.754953][T18119] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1035.781661][T18119] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1035.793797][T18119] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1035.800854][T18119] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1035.827840][T18119] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1035.871104][T18119] hsr_slave_0: entered promiscuous mode [ 1035.877641][T18119] hsr_slave_1: entered promiscuous mode [ 1035.884455][T18119] debugfs: 'hsr0' already exists in 'hsr' [ 1035.890242][T18119] Cannot create hsr debugfs directory [ 1037.428321][ T5831] Bluetooth: hci10: command tx timeout [ 1039.508241][ T5831] Bluetooth: hci10: command tx timeout [ 1041.588324][ T5831] Bluetooth: hci10: command tx timeout [ 1043.318210][T16501] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 1043.329624][T16501] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 1043.338200][T16501] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 1043.347202][T16501] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 1043.355827][T16501] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 1043.507651][T18129] chnl_net:caif_netlink_parms(): no params data found [ 1043.577831][T18129] bridge0: port 1(bridge_slave_0) entered blocking state [ 1043.585436][T18129] bridge0: port 1(bridge_slave_0) entered disabled state [ 1043.594144][T18129] bridge_slave_0: entered allmulticast mode [ 1043.602479][T18129] bridge_slave_0: entered promiscuous mode [ 1043.611249][T18129] bridge0: port 2(bridge_slave_1) entered blocking state [ 1043.618810][T18129] bridge0: port 2(bridge_slave_1) entered disabled state [ 1043.626261][T18129] bridge_slave_1: entered allmulticast mode [ 1043.633927][T18129] bridge_slave_1: entered promiscuous mode [ 1043.665160][T18129] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1043.674609][ T5831] Bluetooth: hci10: command tx timeout [ 1043.681030][T18129] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1043.713928][T18129] team0: Port device team_slave_0 added [ 1043.722320][T18129] team0: Port device team_slave_1 added [ 1043.752412][T18129] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1043.759914][T18129] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1043.785957][T18129] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1043.799025][T18129] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1043.805971][T18129] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1043.832204][T18129] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1043.875554][T18129] hsr_slave_0: entered promiscuous mode [ 1043.882254][T18129] hsr_slave_1: entered promiscuous mode [ 1043.889139][T18129] debugfs: 'hsr0' already exists in 'hsr' [ 1043.894888][T18129] Cannot create hsr debugfs directory [ 1044.958193][ T31] INFO: task kworker/u8:3:44 blocked for more than 143 seconds. [ 1044.966093][ T31] Not tainted syzkaller #0 [ 1044.971242][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1044.980025][ T31] task:kworker/u8:3 state:D stack:22776 pid:44 tgid:44 ppid:2 task_flags:0x4208060 flags:0x00080000 [ 1044.992084][ T31] Workqueue: netns cleanup_net [ 1044.996908][ T31] Call Trace: [ 1045.000347][ T31] [ 1045.003388][ T31] __schedule+0x1190/0x5de0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1045.007917][ T31] ? __pfx___schedule+0x10/0x10 [ 1045.012921][ T31] ? find_held_lock+0x2b/0x80 [ 1045.017634][ T31] ? schedule+0x2d7/0x3a0 [ 1045.022154][ T31] schedule+0xe7/0x3a0 [ 1045.026964][ T31] schedule_timeout+0x257/0x290 [ 1045.032561][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 1045.038087][ T31] ? mark_held_locks+0x49/0x80 [ 1045.043061][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 1045.048430][ T31] __wait_for_common+0x2fc/0x4e0 [ 1045.053426][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 1045.059122][ T31] ? __pfx___wait_for_common+0x10/0x10 [ 1045.065539][ T31] remove_one+0x312/0x420 [ 1045.070045][ T31] ? find_next_child+0x18f/0x280 [ 1045.075112][ T31] __simple_recursive_removal+0x15b/0x610 [ 1045.080958][ T31] ? __pfx_remove_one+0x10/0x10 [ 1045.085849][ T31] debugfs_remove+0x5d/0x80 [ 1045.092617][ T31] nsim_dev_health_exit+0x3b/0xe0 [ 1045.097689][ T31] nsim_dev_reload_destroy+0x144/0x4d0 [ 1045.103398][ T31] nsim_dev_reload_down+0x6e/0xd0 [ 1045.110374][ T31] devlink_reload+0x1a1/0x7c0 [ 1045.115095][ T31] ? __pfx_devlink_reload+0x10/0x10 [ 1045.120872][ T31] devlink_pernet_pre_exit+0x1a0/0x2b0 [ 1045.126774][ T31] ? __pfx_devlink_pernet_pre_exit+0x10/0x10 [ 1045.135592][ T31] ? up_write+0x1b2/0x520 [ 1045.148015][ T31] ? kobject_put+0xab/0x5a0 [ 1045.152584][ T31] ? __pfx_devlink_pernet_pre_exit+0x10/0x10 [ 1045.188454][ T31] ops_undo_list+0x187/0xab0 [ 1045.193131][ T31] ? __pfx_ops_undo_list+0x10/0x10 [ 1045.206280][ T31] ? cleanup_net+0x347/0x8b0 [ 1045.211155][ T31] ? idr_destroy+0x62/0x2e0 [ 1045.215710][ T31] cleanup_net+0x41b/0x8b0 [ 1045.220307][ T31] ? __pfx_cleanup_net+0x10/0x10 [ 1045.225278][ T31] ? rcu_is_watching+0x12/0xc0 [ 1045.232051][ T31] process_one_work+0x9cf/0x1b70 [ 1045.237411][ T31] ? __pfx_cleanup_net+0x10/0x10 [ 1045.242410][ T31] ? __pfx_process_one_work+0x10/0x10 [ 1045.247822][ T31] ? assign_work+0x1a0/0x250 [ 1045.252780][ T31] worker_thread+0x6c8/0xf10 [ 1045.257515][ T31] ? __kthread_parkme+0x19e/0x250 [ 1045.262606][ T31] ? __pfx_worker_thread+0x10/0x10 [ 1045.268050][ T31] kthread+0x3c5/0x780 [ 1045.272323][ T31] ? __pfx_kthread+0x10/0x10 [ 1045.276932][ T31] ? rcu_is_watching+0x12/0xc0 [ 1045.282079][ T31] ? __pfx_kthread+0x10/0x10 [ 1045.286705][ T31] ret_from_fork+0x675/0x7d0 [ 1045.291532][ T31] ? __pfx_kthread+0x10/0x10 [ 1045.296249][ T31] ret_from_fork_asm+0x1a/0x30 [ 1045.301192][ T31] [ 1045.304375][ T31] INFO: task syz.0.2358:17292 blocked for more than 143 seconds. [ 1045.312256][ T31] Not tainted syzkaller #0 [ 1045.317333][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1045.326197][ T31] task:syz.0.2358 state:D stack:25912 pid:17292 tgid:17290 ppid:5826 task_flags:0x400140 flags:0x00080002 [ 1045.339311][ T31] Call Trace: [ 1045.342684][ T31] [ 1045.345627][ T31] __schedule+0x1190/0x5de0 [ 1045.350976][ T31] ? __lock_acquire+0x622/0x1c90 [ 1045.355969][ T31] ? __pfx___schedule+0x10/0x10 [ 1045.360989][ T31] ? find_held_lock+0x2b/0x80 [ 1045.365711][ T31] ? schedule+0x2d7/0x3a0 [ 1045.370479][ T31] ? devlink_health_report+0x6b4/0xb00 [ 1045.375974][ T31] schedule+0xe7/0x3a0 [ 1045.380194][ T31] schedule_preempt_disabled+0x13/0x30 [ 1045.385748][ T31] __mutex_lock+0x818/0x1060 [ 1045.390473][ T31] ? devlink_health_report+0x6b4/0xb00 [ 1045.396057][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 1045.401273][ T31] ? devlink_health_report+0x6b4/0xb00 [ 1045.406777][ T31] devlink_health_report+0x6b4/0xb00 [ 1045.412167][ T31] ? __pfx_devlink_health_report+0x10/0x10 [ 1045.418188][ T31] ? _copy_from_user+0x59/0xd0 [ 1045.423007][ T31] nsim_dev_health_break_write+0x166/0x210 [ 1045.429209][ T31] ? __pfx_nsim_dev_health_break_write+0x10/0x10 [ 1045.435590][ T31] full_proxy_write+0x131/0x1a0 [ 1045.438211][ T5831] Bluetooth: hci11: command tx timeout [ 1045.441352][ T31] ? __pfx_full_proxy_write+0x10/0x10 [ 1045.451565][ T31] vfs_write+0x2a0/0x11d0 [ 1045.455904][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 1045.461105][ T31] ? __pfx_vfs_write+0x10/0x10 [ 1045.465928][ T31] ? __fget_files+0x20e/0x3c0 [ 1045.470713][ T31] ksys_write+0x12a/0x250 [ 1045.475292][ T31] ? __pfx_ksys_write+0x10/0x10 [ 1045.480321][ T31] do_syscall_64+0xcd/0xfa0 [ 1045.484859][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1045.490849][ T31] RIP: 0033:0x7fea9df8f6c9 [ 1045.495303][ T31] RSP: 002b:00007fea9ee09038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1045.503965][ T31] RAX: ffffffffffffffda RBX: 00007fea9e1e5fa0 RCX: 00007fea9df8f6c9 [ 1045.512075][ T31] RDX: 0000000000000006 RSI: 0000200000005900 RDI: 0000000000000007 [ 1045.520162][ T31] RBP: 00007fea9e011f91 R08: 0000000000000000 R09: 0000000000000000 [ 1045.528200][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1045.536181][ T31] R13: 00007fea9e1e6038 R14: 00007fea9e1e5fa0 R15: 00007ffc2c045908 [ 1045.544767][ T31] [ 1045.547892][ T31] [ 1045.547892][ T31] Showing all locks held in the system: [ 1045.555787][ T31] 1 lock held by khungtaskd/31: [ 1045.560729][ T31] #0: ffffffff8e3c45a0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0 [ 1045.570725][ T31] 6 locks held by kworker/u8:3/44: [ 1045.576049][ T31] #0: ffff88801ba9f148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 [ 1045.586632][ T31] #1: ffffc90000b47d00 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 [ 1045.596850][ T31] #2: ffffffff900d4610 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xad/0x8b0 [ 1045.606289][ T31] #3: ffff88807e5f50e8 (&dev->mutex){....}-{4:4}, at: devlink_pernet_pre_exit+0x12c/0x2b0 [ 1045.616433][ T31] #4: ffff88807e5f6250 (&devlink->lock_key#4){+.+.}-{4:4}, at: devlink_pernet_pre_exit+0x136/0x2b0 [ 1045.627558][ T31] #5: ffff888040941f78 (&sb->s_type->i_mutex_key#3/2){+.+.}-{4:4}, at: __simple_recursive_removal+0x354/0x610 [ 1045.641786][ T31] 5 locks held by kworker/u8:5/14641: [ 1045.647228][ T31] #0: ffff8880b843a4d8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x29/0x130 [ 1045.657233][ T31] #1: ffff888029ef8018 (&pid_list->lock){-.-.}-{2:2}, at: trace_pid_list_is_set+0x4c/0x150 [ 1045.667407][ T31] #2: ffff8880b8425b18 (&base->lock){-.-.}-{2:2}, at: __mod_timer+0x6b8/0xd30 [ 1045.677098][ T31] #3: ffffffff9ace7da0 (&obj_hash[i].lock){-.-.}-{2:2}, at: debug_object_activate+0x14c/0x4c0 [ 1045.687689][ T31] #4: ffffffff8e3c45a0 (rcu_read_lock){....}-{1:3}, at: unwind_next_frame+0xbd/0x20a0 [ 1045.697431][ T31] 5 locks held by syz-executor/17267: [ 1045.702840][ T31] #0: ffff88803491c420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1045.711885][ T31] #1: ffff88805daa8888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 [ 1045.721779][ T31] #2: ffff888143bec1e8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 [ 1045.731892][ T31] #3: ffffffff8f66cbc8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 [ 1045.742779][ T31] #4: ffff88807e5f50e8 (&dev->mutex){....}-{4:4}, at: device_del+0xa0/0x9f0 [ 1045.752594][ T31] 3 locks held by syz.0.2358/17292: [ 1045.757853][ T31] #0: ffff8880787275f8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2a2/0x370 [ 1045.766991][ T31] #1: ffff88801eee0420 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1045.776054][ T31] #2: ffff88807e5f6250 (&devlink->lock_key#4){+.+.}-{4:4}, at: devlink_health_report+0x6b4/0xb00 [ 1045.787099][ T31] 2 locks held by syz.1.2373/17365: [ 1045.792387][ T31] #0: ffff88801eee0420 (sb_writers#8){.+.+}-{0:0}, at: path_openat+0x1ec8/0x2cb0 [ 1045.801742][ T31] #1: ffff888040941f78 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: path_openat+0x818/0x2cb0 [ 1045.812150][ T31] 4 locks held by syz-executor/17429: [ 1045.817533][ T31] #0: ffff88803491c420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1045.826589][ T31] #1: ffff888044ea5488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 [ 1045.836613][ T31] #2: ffff888143bec1e8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 [ 1045.847699][ T31] #3: ffffffff8f66cbc8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 [ 1045.858240][ T31] 4 locks held by syz-executor/17489: [ 1045.863632][ T31] #0: ffff88803491c420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1045.872663][ T31] #1: ffff88807d951c88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 [ 1045.882817][ T31] #2: ffff888143bec1e8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 [ 1045.893032][ T31] #3: ffffffff8f66cbc8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 [ 1045.903483][ T31] 2 locks held by getty/17511: [ 1045.908611][ T31] #0: ffff88814cd310a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 1045.918453][ T31] #1: ffffc9000ac9b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0 [ 1045.928593][ T31] 4 locks held by syz-executor/17783: [ 1045.933974][ T31] #0: ffff88803491c420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1045.943114][ T31] #1: ffff88806a543488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 [ 1045.953760][ T31] #2: ffff888143bec1e8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 [ 1045.963959][ T31] #3: ffffffff8f66cbc8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 [ 1045.974435][ T31] 4 locks held by syz-executor/17945: [ 1045.979868][ T31] #0: ffff88803491c420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1045.989585][ T31] #1: ffff888033919c88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 [ 1045.999480][ T31] #2: ffff888143bec1e8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 [ 1046.009584][ T31] #3: ffffffff8f66cbc8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 [ 1046.019907][ T31] 4 locks held by syz-executor/18007: [ 1046.025286][ T31] #0: ffff88803491c420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1046.034323][ T31] #1: ffff88807d99bc88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 [ 1046.044150][ T31] #2: ffff888143bec1e8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 [ 1046.055189][ T31] #3: ffffffff8f66cbc8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 [ 1046.065593][ T31] 4 locks held by syz-executor/18093: [ 1046.071081][ T31] #0: ffff88803491c420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1046.080354][ T31] #1: ffff88804f62ec88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 [ 1046.090416][ T31] #2: ffff888143bec1e8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 [ 1046.100562][ T31] #3: ffffffff8f66cbc8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 [ 1046.110922][ T31] 4 locks held by syz-executor/18105: [ 1046.116315][ T31] #0: ffff88803491c420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1046.125339][ T31] #1: ffff888021b6e888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 [ 1046.135185][ T31] #2: ffff888143bec1e8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 [ 1046.145317][ T31] #3: ffffffff8f66cbc8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 [ 1046.157023][ T31] 4 locks held by syz-executor/18119: [ 1046.162497][ T31] #0: ffff88803491c420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1046.171541][ T31] #1: ffff888062d63c88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 [ 1046.181354][ T31] #2: ffff888143bec1e8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 [ 1046.191787][ T31] #3: ffffffff8f66cbc8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 [ 1046.202166][ T31] 4 locks held by syz-executor/18129: [ 1046.207552][ T31] #0: ffff88803491c420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1046.216612][ T31] #1: ffff88807ed63888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 [ 1046.226539][ T31] #2: ffff888143bec1e8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 [ 1046.237267][ T31] #3: ffffffff8f66cbc8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 [ 1046.247696][ T31] [ 1046.253047][ T31] ============================================= [ 1046.253047][ T31] [ 1046.262605][ T31] NMI backtrace for cpu 0 [ 1046.262626][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) [ 1046.262654][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1046.262667][ T31] Call Trace: [ 1046.262675][ T31] [ 1046.262685][ T31] dump_stack_lvl+0x116/0x1f0 [ 1046.262716][ T31] nmi_cpu_backtrace+0x27b/0x390 [ 1046.262748][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1046.262770][ T31] nmi_trigger_cpumask_backtrace+0x29c/0x300 [ 1046.262793][ T31] watchdog+0xf3f/0x1170 [ 1046.262809][ T31] ? rcu_is_watching+0x12/0xc0 [ 1046.262824][ T31] ? __pfx_watchdog+0x10/0x10 [ 1046.262836][ T31] ? lockdep_hardirqs_on+0x7c/0x110 [ 1046.262853][ T31] ? __kthread_parkme+0x19e/0x250 [ 1046.262871][ T31] ? __pfx_watchdog+0x10/0x10 [ 1046.262884][ T31] kthread+0x3c5/0x780 [ 1046.262904][ T31] ? __pfx_kthread+0x10/0x10 [ 1046.262925][ T31] ? rcu_is_watching+0x12/0xc0 [ 1046.262939][ T31] ? __pfx_kthread+0x10/0x10 [ 1046.262959][ T31] ret_from_fork+0x675/0x7d0 [ 1046.262979][ T31] ? __pfx_kthread+0x10/0x10 [ 1046.262999][ T31] ret_from_fork_asm+0x1a/0x30 [ 1046.263028][ T31] [ 1046.263033][ T31] Sending NMI from CPU 0 to CPUs 1: [ 1046.385536][ C1] NMI backtrace for cpu 1 [ 1046.385561][ C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT(full) [ 1046.385590][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1046.385605][ C1] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 1046.385637][ C1] Code: 97 6f 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d c3 b4 2c 00 fb f4 3c 0a 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 1046.385661][ C1] RSP: 0018:ffffc90000197de8 EFLAGS: 000002c6 [ 1046.385680][ C1] RAX: 0000000000d92a51 RBX: 0000000000000001 RCX: ffffffff8b5d72a9 [ 1046.385696][ C1] RDX: 0000000000000000 RSI: ffffffff8da28350 RDI: ffffffff8bf075c0 [ 1046.385711][ C1] RBP: ffffed1003a5bb58 R08: 0000000000000001 R09: ffffed10170a6655 [ 1046.385727][ C1] R10: ffff8880b85332ab R11: 0000000000000001 R12: 0000000000000001 [ 1046.385741][ C1] R13: ffff88801d2ddac0 R14: ffffffff908242d0 R15: 0000000000000000 [ 1046.385757][ C1] FS: 0000000000000000(0000) GS:ffff888124b0d000(0000) knlGS:0000000000000000 [ 1046.385779][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1046.385795][ C1] CR2: 0000560bc4216f40 CR3: 0000000031f20000 CR4: 00000000003526f0 [ 1046.385810][ C1] Call Trace: [ 1046.385819][ C1] [ 1046.385827][ C1] default_idle+0x13/0x20 [ 1046.385857][ C1] default_idle_call+0x6c/0xb0 [ 1046.385888][ C1] do_idle+0x38d/0x500 [ 1046.385913][ C1] ? __pfx_do_idle+0x10/0x10 [ 1046.385936][ C1] ? trace_sched_exit_tp+0x2f/0x120 [ 1046.385974][ C1] cpu_startup_entry+0x4f/0x60 [ 1046.385997][ C1] start_secondary+0x21d/0x2b0 [ 1046.386028][ C1] ? __pfx_start_secondary+0x10/0x10 [ 1046.386061][ C1] common_startup_64+0x13e/0x148 [ 1046.386093][ C1] [ 1047.508459][ T5831] Bluetooth: hci11: command tx timeout [ 1049.588181][ T5831] Bluetooth: hci11: command tx timeout [ 1051.668239][ T5831] Bluetooth: hci11: command tx timeout