last executing test programs: 18m3.966407404s ago: executing program 2 (id=3024): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x2, 0x3, 0x100) sysfs$auto(0x2, 0x4c, 0x0) fsopen$auto(0x0, 0x1) socket(0x2, 0x5, 0x0) r0 = socket(0x10, 0x2, 0x0) setsockopt$auto(r0, 0x104000000000010e, 0x1, 0x0, 0x16) bind$auto(0x3, &(0x7f0000000000)=@nl=@kern={0x10, 0x0, 0x24}, 0x68) 18m3.739210724s ago: executing program 2 (id=3027): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) io_uring_register$auto(0x2, 0x21, 0x0, 0x1) madvise$auto(0x0, 0xffffffffffff0001, 0x8015) syz_genetlink_get_family_id$auto_nbd(0x0, 0xffffffffffffffff) unshare$auto(0x1) close_range$auto(0x2, 0x8, 0x0) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/manager\x00', 0x82a02, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/firmware/acpi/hotplug/force_remove\x00', 0x2062, 0x0) writev$auto(0x3, &(0x7f0000000080)={0x0, 0x1}, 0x3) 18m3.512557936s ago: executing program 2 (id=3028): openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x8800, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, 0x0, 0x40800) sendmsg$auto_GTP_CMD_GETPDP(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01002d00080007000000000000000000", @ANYRES32, @ANYBLOB='\b\x00'], 0x24}, 0x1, 0x0, 0x0, 0x20000801}, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df45"], 0x1ac}}, 0x0) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0xfffffffe, &(0x7f0000000100)={&(0x7f0000000080), 0x180}, 0x2, &(0x7f0000000340), 0x7, 0xa505}, 0x800}, 0x7, 0x6) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/net/lapb4/ifalias\x00', 0x1a1842, 0x0) 18m3.358767386s ago: executing program 2 (id=3030): mmap$auto(0x0, 0x400008, 0xdf, 0x8009b72, 0x2, 0x9000) close_range$auto(0x0, 0x5, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x182b02, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0x4048aec9, r0) 18m2.960647376s ago: executing program 2 (id=3034): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x8643, 0x15e) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) rename$auto(&(0x7f0000000480)='./file0\x00', 0x0) 18m2.455742355s ago: executing program 2 (id=3037): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x60, 0x0, 0x200, 0x70bd25, 0x25dfdbfc, {}, [@HSR_A_IF2_SEQ={0x6, 0x7, 0x7ffe}, @HSR_A_IF1_SEQ={0x6, 0x6, 0x1}, @HSR_A_IF1_AGE={0x8, 0x3, 0x400}, @HSR_A_NODE_ADDR_B={0xa, 0x5, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x36}}, @HSR_A_NODE_ADDR_B={0xa, 0x5, @remote}, @HSR_A_NODE_ADDR_B={0xa}, @HSR_A_IFINDEX={0x8}, @HSR_A_IF2_SEQ={0x6, 0x7, 0x8}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x40080) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x24004c5d}, 0x24000080) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB='h'], 0x1ac}, 0x1, 0x0, 0x0, 0x40814}, 0x2004c0c4) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 17m47.236106604s ago: executing program 32 (id=3037): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x60, 0x0, 0x200, 0x70bd25, 0x25dfdbfc, {}, [@HSR_A_IF2_SEQ={0x6, 0x7, 0x7ffe}, @HSR_A_IF1_SEQ={0x6, 0x6, 0x1}, @HSR_A_IF1_AGE={0x8, 0x3, 0x400}, @HSR_A_NODE_ADDR_B={0xa, 0x5, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x36}}, @HSR_A_NODE_ADDR_B={0xa, 0x5, @remote}, @HSR_A_NODE_ADDR_B={0xa}, @HSR_A_IFINDEX={0x8}, @HSR_A_IF2_SEQ={0x6, 0x7, 0x8}]}, 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x40080) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x24004c5d}, 0x24000080) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB='h'], 0x1ac}, 0x1, 0x0, 0x0, 0x40814}, 0x2004c0c4) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 2m39.300426229s ago: executing program 1 (id=6546): timer_create$auto(0x9, 0x0, 0x0) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) unshare$auto(0x20000080) syz_clone3(0x0, 0x0) read$auto(0x3, 0x0, 0x8080) r0 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card0\x00', 0x0, 0x0) ioctl$auto(r0, 0x921064a2, r0) timerfd_create$auto(0x7, 0x0) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, 0x0, 0x1000, 0x0) r1 = gettid() read$auto(0x3, 0x0, 0x80) rt_sigqueueinfo$auto(r1, 0xb, &(0x7f00000001c0)={@siginfo_0_0={0x3, 0x401, 0xfffffffb, @_timer={r1, 0xd, @sival_ptr=0x0, 0x62}}}) io_uring_setup$auto(0xa, 0x0) readv$auto(0x3, 0x0, 0x1) close_range$auto(0x2, 0xa, 0x0) setitimer$auto(0x2, 0x0, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x800, 0x0) socket(0x11, 0x80003, 0x300) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x101c41, 0x0) r3 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r2, 0x541c, r3) 2m39.044820692s ago: executing program 1 (id=6549): mmap$auto(0x0, 0x2101, 0x4000000000df, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) rseq$auto(0x0, 0x8000, 0x0, 0x9) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0x2, 0x1, 0x0) socket(0xa, 0x3, 0x3a) r0 = epoll_create$auto(0x2) epoll_pwait2$auto(r0, 0x0, 0x8, 0x0, 0x0, 0x8) sysfs$auto(0x2, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) epoll_ctl$auto(0x5, 0x1, r1, 0x0) futex_wait$auto(0x0, 0x0, 0x83, 0xa, 0x0, 0x1) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/net/protocols\x00', 0x100, 0x0) unshare$auto(0x5) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/card0/oss_mixer\x00', 0x121002, 0x0) 2m38.067023409s ago: executing program 1 (id=6552): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0x8030ae7c, r0) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) syz_genetlink_get_family_id$auto_smc_pnetid(0x0, 0xffffffffffffffff) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/schedstat\x00', 0x100800, 0x0) r2 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x0, 0x1, 0x9, 0x7, 0x38, 0x3ff, 0x1ffde, 0x7, 0x6, 0x2, 0x9, 0x2, 0x6, 0x4, 0xb2, 0x9, 0x0, 0xfffd, 0x80, 0x7, 0x40000, 0x7, 0x2000, 0x200, 0x0, 0x81, 0x0, 0x7, 0x0, 0x0, 0x0, [0x1, 0x6, 0x4, 0x0, 0x0, 0x0, 0x2, 0xfffffffffffffffe, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x4, 0x0, 0x6, 0x0, 0xfffffffffffffffc, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x5]}, 0x202, 0xd) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="1000"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x5}, 0x7, 0x0) 2m37.618405438s ago: executing program 1 (id=6555): mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) r0 = fcntl$auto(0xffffffffffffffff, 0xffff, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000004c0)='/sys/class/firmware/timeout\x00', 0x1a1942, 0x0) mmap$auto(0x0, 0x2020009, 0x2, 0xf8, r0, 0x8000) r1 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000080), 0x48180, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000280)={{0x3, 0x1000, 0x1, 0x1, 0x8}, "654c6dbc7a4d30983899a7e1325b6a29ba1e184410ba9f74e82a3fa6c3ccf1bf"}) ioctl$auto_SNDRV_TIMER_IOCTL_STATUS32(r1, 0x80585414, &(0x7f0000000000)={0x675d529c, 0x9f7d, 0xfffffff1, 0x101, 0x6, 0x4, "1ec4c2336d0d5d8a5db102d8cd84eca696782c75e0cb2d4b8c400f6fdc12a84264800d00000035a29c7c1ebbdcd2fe5c88e17422928a5110f6e9fef8cac28588"}) move_pages$auto(0x0, 0x1002, 0x0, &(0x7f0000001140), 0x0, 0x2) socket(0x1e, 0x3, 0x3b) socket(0x29, 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r2, &(0x7f0000000040)='7\x00\\\xa0\xa5$\x03\xcb\x12\xfa\b\x1c\tk', 0x81) fstatfs$auto(r0, &(0x7f00000000c0)={0x391, 0x1, 0x6, 0xb, 0x0, 0x4, 0x81, {[0x9, 0x3]}, 0x8, 0xfffffffffffffffe, 0x9, [0x1000, 0x6b24002f, 0x7, 0xfffffffffffffffb]}) socket(0xa, 0x801, 0x84) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) io_uring_setup$auto(0x1, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0x8) sendto$auto(0x3, 0x0, 0x2000f, 0x101, &(0x7f0000000000)=@in={0x2, 0x4e22, @loopback}, 0x1c) 2m35.523083039s ago: executing program 1 (id=6560): close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x5, 0x84) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, 0x0, 0x10bb41, 0x0) read$auto(0xffffffffffffffff, 0x0, 0x2) r0 = openat$auto_bch_chardev_fops_chardev(0xffffffffffffff9c, &(0x7f0000000040), 0x424041, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) timer_create$auto(0x3, 0x0, 0x0) timer_create$auto(0x9, 0x0, 0x0) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/asound/card1/timer_source\x00', 0x8002, 0x0) write$auto(r1, 0x0, 0x200c) close_range$auto(0x2, 0xa, 0x0) ioctl$auto_BCH_IOCTL_DISK_RESIZE(r0, 0x4018bc0e, &(0x7f0000000080)={0x5, 0x0, 0x5, 0x1}) mmap$auto(0x0, 0x8, 0x80000000000000df, 0x10004000eb1, 0x8, 0x8000008000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) r2 = bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0x1, 0xb5, 0x10, 0x7, 0x4, 0xffffffffffffffff, 0xa, "2af051a940806ec05be276cfc83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0x7, 0xe5, 0x3}, 0x10) bpf$auto(0x1a, &(0x7f0000000380)=@link_create={@map_fd, @target_ifindex=r4, 0x3, 0x81, @uprobe_multi={0x81, 0x1ff, 0x3d7e, 0x0, 0x1, 0x4}}, 0x92) r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), r3) pread64$auto(r0, &(0x7f0000000540)='%!:{\x14.*\x00', 0x1, 0x1) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000340)={'bridge0\x00', 0x0}) sendmsg$auto_NL80211_CMD_GET_PROTOCOL_FEATURES(r3, &(0x7f0000000500)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000440)={0x38, r5, 0x0, 0x70bd2b, 0x25dfdbfe, {}, [@NL80211_ATTR_VENDOR_SUBCMD={0x8, 0xc4, 0x4}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x2}, @NL80211_ATTR_MPATH_NEXT_HOP={0x4}, @NL80211_ATTR_DISABLE_EHT={0x4}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r6}, @NL80211_ATTR_ROAM_SUPPORT={0x4}]}, 0x38}, 0x1, 0x0, 0x0, 0xc050}, 0x4084) socket(0xa, 0x3, 0x3a) 2m34.729128003s ago: executing program 1 (id=6561): r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="010600bd7000fbdbdf250a000000", @ANYRES32], 0x1c}, 0x1, 0x0, 0x0, 0x20040004}, 0x20008810) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002a40), r1) sendmsg$auto_NFSD_CMD_LISTENER_SET(r1, &(0x7f00000050c0)={0x0, 0x0, &(0x7f0000005080)={&(0x7f0000002a80)={0x14, r2, 0x1, 0x70bd25, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x20008050) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="18"], 0x1ac}}, 0x40000) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000400), r3) sendmsg$auto_NFSD_CMD_VERSION_SET(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000200)={0x24, r4, 0x1, 0x70bd25, 0x25dfdbfb, {}, [@NFSD_A_SERVER_PROTO_VERSION={0x10, 0x1, 0x0, 0x1, [@NFSD_A_VERSION_ENABLED={0x4}, @NFSD_A_VERSION_MAJOR={0x8, 0x1, 0x2}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x24000001}, 0x844) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000080)='/dev/binderfs/binder1\x00', 0x80001, 0x0) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/system/node/node1/distance\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r5, &(0x7f0000001080)=""/98, 0x62) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/v4l-subdev6\x00', 0xc0400, 0x0) ioctl$auto(0x3, 0x80085665, 0x38) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'team_slave_0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'veth0_to_bond\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_LINKINFO_GET(r1, &(0x7f0000000300)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x30, 0x0, 0x401, 0x70bd28, 0x25dfdbff, {}, [@ETHTOOL_A_LINKINFO_HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x8014) 2m19.567487084s ago: executing program 33 (id=6561): r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="010600bd7000fbdbdf250a000000", @ANYRES32], 0x1c}, 0x1, 0x0, 0x0, 0x20040004}, 0x20008810) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002a40), r1) sendmsg$auto_NFSD_CMD_LISTENER_SET(r1, &(0x7f00000050c0)={0x0, 0x0, &(0x7f0000005080)={&(0x7f0000002a80)={0x14, r2, 0x1, 0x70bd25, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x20008050) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="18"], 0x1ac}}, 0x40000) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000400), r3) sendmsg$auto_NFSD_CMD_VERSION_SET(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000200)={0x24, r4, 0x1, 0x70bd25, 0x25dfdbfb, {}, [@NFSD_A_SERVER_PROTO_VERSION={0x10, 0x1, 0x0, 0x1, [@NFSD_A_VERSION_ENABLED={0x4}, @NFSD_A_VERSION_MAJOR={0x8, 0x1, 0x2}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x24000001}, 0x844) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000080)='/dev/binderfs/binder1\x00', 0x80001, 0x0) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/system/node/node1/distance\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r5, &(0x7f0000001080)=""/98, 0x62) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/v4l-subdev6\x00', 0xc0400, 0x0) ioctl$auto(0x3, 0x80085665, 0x38) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'team_slave_0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'veth0_to_bond\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_LINKINFO_GET(r1, &(0x7f0000000300)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x30, 0x0, 0x401, 0x70bd28, 0x25dfdbff, {}, [@ETHTOOL_A_LINKINFO_HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x8014) 9.420559753s ago: executing program 5 (id=7061): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) r1 = syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000980)={0x14, r1, 0x1, 0x70bd31, 0x25dfdbfd}, 0x14}}, 0x24048084) madvise$auto(0x0, 0x200007, 0x19) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x103003, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x101001, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000001c0), 0x101000, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000340), 0x80200, 0x0) pread64$auto(r3, &(0x7f0000000240)='\x03W\x96l\x15\x00'/21, 0x100000002, 0x100000001) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0xe6e43, 0x0) ioctl$auto_BLKFLSBUF(r4, 0x1261, 0x0) prctl$auto(0x1, 0x8, 0x0, 0x3a, 0x1) 8.259422834s ago: executing program 3 (id=7058): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) unshare$auto(0x40000080) r0 = socket(0xa, 0x5, 0x0) mmap$auto(0x4, 0xa020009, 0x3, 0xeb1, r0, 0x7ffe) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/fs/cifs/mount_params\x00', 0x802, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000640)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\xff\x7f\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc:\xfa\x01\xd1\xa3\xb5\xc2B\xa5\xac:woR^a\xb9}\xe7\xbd\xe1\xf77.\xa3\xd8\xc2T\x95\x13\x91\xb6p\xf3\xb2w\xe6\xd7\x94DW\x97\x90a\xe6c\xfb\x88x\xd5L\xa9\xe4\x82\x04\xb1\x8b\r\xcaP\\\x1aVP\xc9\xa4`\xfd\v\x94\f\xc1\x0fQ\xc9\xdcL\x03\x9c\xbfk\xa6\xb1\xb0\xa1\xeeJ\xd8\xef\xc8t\x9d\x1e=J\x91W\xc6AuJ\xb9Q\xed\xd1\a\x05\x9d\x85\xb7b#r\xcd\xaf\xb7\x9f\xf7\xd2\xae\x0f\x98\xa9&\xb6~\xd4\xbd\xbbr\xb9\xc3\xacH!\xc1\x90K2\x05K@\xee\xac\xe8\xc7\t\xab\xbf\xa3\xedb\xd7\xb5\xd7\x83&\x95\xb2?\x0e\x85\xaaIGu\xd6$\xeb\xb6\xdd\a\x121\a\xac\x1bx#\x87\xa9\x10\x9b\xf8YD\x04ZL\xca\x99]\x8f[\x90[\xa8\xbf\x98\xa6\xe50(zC\xe84*w\x13\x96\xd5\xd0\x877\x12\xbc\xa1\xd0h@|\xf9\xfa\x9b\x17\x94\xb9\xe7\xf3\x15\x05\x91\xe8\x98p\x7f:\xd7s\xd9wo\x82\xda\xec\x91\xb7\xd9;H\x8a\b\x00\x00\x00\x00\x00\x00\x00\x8aZ\x94\x14$X7\xaeW6=^I\x9fQ\r5c\x81\xca]\x97m\x89o\x8f\xd8}P>I\xd0\xb3\x88C\xd7', 0x100000a3d9) close_range$auto(0x2, r2, 0x401) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x80000, 0x0) socket(0x2, 0x3, 0xa) openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd5, 0x948b, 0x3, 0x15f4da0a, 0x4, 0x3, 0x62, 0x80000002, 0x7, 0x1, 0x9, 0x3, 0xfffffffffefffffe]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x1000, 0x3, 0x95f4da0a, 0xffffffffffffffff, 0x3, 0x8062, 0x80000001, 0x800, 0x6d3f, 0x9, 0x8, 0xfffffffffffffffe]}, 0x0) r3 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000100), 0x20400, 0x0) ioctl$auto_TUNSETVNETHDRSZ(r3, 0x400454d8, &(0x7f0000000140)=0xbc) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x10000000001ff, 0x4, 0xd, 0x1, 0x3, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000023, 0x7, 0x6d3e, 0xd, 0xd, 0x1]}, 0x0) r4 = openat$auto_stats_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x40002, 0x0) read$auto_stats_fops_(r4, 0x0, 0x0) mmap$auto(0x40000000, 0x2000d, 0x4000000000df, 0xebf, 0x401, 0x7ffe) socket(0x10, 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) 6.869555246s ago: executing program 0 (id=7059): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r1 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000002940)='/dev/fb0\x00', 0x841, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x2242, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, 0x0, 0x191000, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/trace_pipe\x00', 0x20c01, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D3\x00', 0x1, 0x0) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0xffffffffffffffff, 0x15f4da07, 0x6, 0x10, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0x2, 0x8]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x8000000000001fd, 0x20000000007, 0x1, 0xbc3, 0x800, 0x3, 0x8, 0x10001, 0x400000000003, 0x3, 0xffffffffffffffff, 0xfffffffffffffffd, 0x6, 0x9, 0xfffffffffffdff81, 0x4]}, 0x0) pwrite64$auto(r1, 0x0, 0x8, 0x400000000000000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) getpid() sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, 0x0, 0x0) unshare$auto(0x40000080) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/mouse0\x00', 0x2000, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x0, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r2 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, 0x0, 0x10000, 0x0) ioctl$auto_PPPIOCSPASS(r2, 0x40107447, &(0x7f00000001c0)={0x7, &(0x7f0000000140)={0x7, 0x7, 0x1, @inferred=r1}}) mmap$auto(0x0, 0x2020007, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) 6.641633742s ago: executing program 3 (id=7062): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) ioctl$auto_BTRFS_IOC_SCRUB_PROGRESS(r0, 0xc400941d, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0xa00006, 0x400002, 0x40ebe, 0xffffffffffffffff, 0x300000000000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0xa, 0x0) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x3f) sendmsg$auto_ETHTOOL_MSG_PSE_SET(0xffffffffffffffff, 0x0, 0x0) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0) write$auto(r1, &(0x7f0000000200)='/de\xef\xe7audio1\x00', 0xa3d9) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) write$auto_proc_mem_operations_base(0xffffffffffffffff, &(0x7f0000001680)="a7", 0x80000) mmap$auto(0x0, 0x30009, 0x4000000000df, 0x4000eb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000040)=""/105, 0x69) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0xa40, 0x0) ioctl$auto(r2, 0x5606, r2) r3 = openat$auto_hwflags_ops_debugfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/ieee80211/phy4/hwflags\x00', 0x200, 0x0) read$auto_hwflags_ops_debugfs(r3, 0x0, 0x0) 6.352693932s ago: executing program 5 (id=7063): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup/pids.peak\x00', 0x8000, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000e3d9) mmap$auto(0x0, 0x9644, 0xdf, 0x9b72, 0x2, 0x2d4a29c0) pivot_root$auto(0x0, 0x0) kexec_load$auto(0x9, 0x0, 0x0, 0x1003e0000) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0x2000040080000000, 0xe) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x7f, 0x82020009, 0x3, 0xeb1, 0xffffffffffffffff, 0xfff) connect$auto(0x3, 0x0, 0x10) unshare$auto(0x40000080) r2 = openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000100), 0x80840, 0x0) lseek$auto(r2, 0x0, 0x2) readv$auto(r2, &(0x7f0000000a80)={0x0, 0x5b54}, 0x1) getsockopt$auto(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000040)='/dev/cec27\x00', 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x180b01, 0x0) msgctl$auto_MSG_STAT_ANY(0x3, 0xd, &(0x7f00000003c0)={{0x7fff, 0xee00, 0xffffffffffffffff, 0xffdf, 0xa8, 0x80, 0x9}, 0x0, &(0x7f0000000380)=0x2, 0x5, 0x1, 0x3, 0x0, 0x8, 0x5, 0xfffc, 0x8c2, @inferred=0xffffffffffffffff, @raw=0x1}) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x3, 0x3) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) syz_clone3(&(0x7f00000006c0)={0x208200700, 0x0, &(0x7f0000000480), &(0x7f00000004c0), {0x2c}, &(0x7f0000000500)=""/84, 0x54, 0x0, &(0x7f0000000680)=[0xffffffffffffffff, 0xffffffffffffffff, 0x0], 0x3, {r1}}, 0x58) 6.023819675s ago: executing program 0 (id=7064): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x745100, 0x0) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000200), 0x101802, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D0\x00', 0x0, 0x0) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000001140)='/dev/psaux\x00', 0x42000, 0x0) r2 = io_uring_setup$auto(0x8000, 0x0) openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000d00), 0x0, 0x0) shmctl$auto_IPC_SET(0x8, 0x1, 0x0) sendmsg$auto_OVS_CT_LIMIT_CMD_GET(r1, &(0x7f0000000700)={&(0x7f0000000240), 0xc, &(0x7f00000006c0)={&(0x7f0000001180)={0x14, 0x0, 0x400, 0x70bd25, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x24008140}, 0x2404c044) select$auto(0xe, 0x0, 0x0, &(0x7f0000000580)={[0x1ff, 0x8000, 0xd, 0x1, 0x948d, 0x3, 0x10015f4da0a, 0xd, 0x7, 0x64c1, 0x8000001f, 0x400000000, 0x6d3e, 0xc, 0x2, 0x2]}, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xfc\x04\x00\x00)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x2b, 0x1, 0x0) ioctl$auto(0x3, 0x8905, 0x38) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) fallocate$auto(r2, 0x80, 0xf, 0x6ad5) madvise$auto(0x0, 0x200007, 0x19) madvise$auto(0x0, 0xffffffffffff0004, 0x14) pread64$auto(0xffffffffffffffff, &(0x7f0000000080)='\xd5u+~\xa7x\xe0VQ\x1a6\xcf\xce\xfa\xfbN\x19\b\xf64\r\x122i\xd6\x0e\xfa\x96\x9aV:\xe1G\x14\xb2\xd4N\x0e#jX:\xd0\xd0\xa9\xda\xaf\x98\x94G\xa8\xb4\xa7uPc\x1ang\xdb\xb4\xa7\xad\x1b\xcbonh\xd8\x99\x03\x10\xb0\xa5\xfey\xd5F,70\xecG\x8a\fz\x95\x7f\xb0Y{\xdd\xa1\xa3E\x03\xd4\xc67U\x93\n\xfc\xa4\x0e_\xf8\x94\xc3a\x00\xe6\xea4\xa2\x7ft\xeb\x8b$\x16\x0e\xe8j\xcaI\xe0c\x05\x12(\v\xef\xc5Z\xfb\xed\xa3\x01\x001\xa5\x18%\xae/\x1b6\xaa\xf5ysD\xa6\xee\xbf\xc0v\"\x93\x96\"\xcak.\x0e_\xb3\xf7\xac\x9e\xbd/w\xdf\xfc\xe24z\x0f\x8f\b\xbe\xda\xfb\xd0Jj\x97\xfa{\x9d\xfd\xfb\x14\x1f\b#\xb9\x01\xf7\xf5\x1c1\xfbNX\xd9\xf0\x97@\xff(\x99\x13M\xadM\b\xa7\xf3u\xa8ak\xff\x7f\x00\x00\x12\x85\x85\x14\b\x9c\x15\xc10\xb3\xd5.\x13\xc6\xb6\xbak:\xbf\x8f\xcd\x7f\a\xb8\x00'/272, 0x202, 0x7) 4.9852872s ago: executing program 3 (id=7066): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) socket(0x10, 0x2, 0x14) socket(0x11, 0x80003, 0x300) socket(0x1d, 0x2, 0x7) socket(0x2, 0x1, 0x0) socket(0xa, 0x2, 0x73) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x0) socket(0x10, 0x2, 0x14) socket(0x11, 0x80003, 0x300) socket(0x1d, 0x2, 0x7) socket(0x2, 0x1, 0x0) socket(0x10, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x0) socket(0xa, 0x5, 0x0) r0 = socket(0x10, 0x2, 0x14) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r0, &(0x7f0000003000)={0x0, 0x0, &(0x7f0000002fc0)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000000a14af"], 0x14}, 0x1, 0x0, 0x0, 0x80c3}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYRES8=r0], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4c084}, 0x51) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x2}, 0x3, 0x0) 4.565104286s ago: executing program 0 (id=7067): r0 = open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x130) acct$auto(&(0x7f0000000380)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc') fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) fallocate$auto(r0, 0x1, 0x820, 0x7fff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x28b42, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14fa02, 0x0) mmap$auto(0x0, 0xb9f, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) memfd_secret$auto(0x0) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) bpf$auto(0x8, &(0x7f0000000280)=@bpf_attr_7={@btf_id=0x2, 0x6, 0x40000023}, 0x96) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, 0x0, 0x100000a3d9) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/sound/ctl-led/speaker/card2/reset\x00', 0xa001, 0x0) write$auto(r2, &(0x7f0000000140)='1\x81=\"\xad/\x8d\b\x00\x18\xa4\xb0\xb4\xd9\x82=~\x17\xfb&L\xeb=j\a\xf1y\xb3\"\xeb\a\xdd\xf4\xf4Ry\xee\xd7\x1e\x1c\x86\x0f\xcf\x7f\xbf\xab\x12{\xc2\xc2*\xc1M+6/v8\xea\xe9\x85s4\xfe\xe5\t\x7fc\xfb7^\xb86J_\x1d\xbcs!\x01\xff\xff\xff\xff\xff\xff\xff\x1dF\xe6\xf6\x17\x10+\xc0\xb0\xafc\x99\xd4\x150Y~\x1e\xe2\xd6x4fW\x13\xc4U`\x9e-X\xd7\xe2H^\fLS`\xfc\xbb\r\f\x00\xeaN\xa5\xd2\x82;\x7f\xa0.\x9a\xfb\x8d\xf3l\xf2\xd3\x95\xc1M5\xcb\xa6I\x067\xe36\xea\xe9\xe3\xf44oT_`8\xb3\xef\x04 \x05K\xf9\x87pl\xac\x86\nE\xc7e\xc5Q\x89\xcd@\x1c\x92\x00\x87\x976\x9f>\xa2\xcfm\xec\r\x11\x7f\x00\x00\x00\xb1\xde@\x02\xce\x03\xb7\xb1\xfb\x9fr\v\xb2\xe3\xc7\b\x85C /zm\x7f\x8fg,p\a\xc8\x7f\xa5\x87\x02\x87\xbbR=A\x00\x1f\x8a\xa7/Q\"J\xbb\xb0m\xf2SP\x84\x84S\xf0\xba\x9a\xf6\xb6`WI\xba\xba*8\x9f\xea\xe8K/\x98\xbc7~>\x12\x9buB\xcb\xe4\x8aKf\xba\x8c\x19m\xe6I\x02\xde\x80\x9d\x87}\xf4\xbd9\x9bA\xac\x9c\x8e\r(\x1d\x98\x84\x98\xaa\xd6\xdb1]\xde\xa0r\x14\xca56^\x94\xd2\xd8\xe6}9\x91\xb6\xf7\xa1=\x96\x11\xf1\\\xa91\x0e\xd1\xe4z\xc1;Pw!\x8b\xf5{\xc7Xd\xf1\xf2}\x96EVf\xc9\xa8\xcd\xe4\xc9\x8d\x1d7\xd5\x94\\\xb5\r\xd2\xaa\xe6H\xfe)\xb3a\x04\x1eRMl\xa3F\xa8W0\x90\xc9Ky#\x03\xf5~\xd2Z\xe9(\x99\b\x00M\xde\x01]\r\xd09k\xc2\x84\xc1\xabN\x96\x8a6\x98@\xd3\xab\xa8m\xdf\x8d\x1d\b\x82\xfcP\x87\x93\x80\x97Q\x86\x8a\x9c\xf8L\x0f\xa8@VE2\x9d\x1e`#\xd8\xd7M\xd4k1\xe6\x13Y\\\x83E\xd0e\x0eM\xa9Q\xac\x0e\x1d]\a\x19H\x81\xd2\xccF\xc6\xd4\xe2R$\xfa\xd6}\xbdsN\x18\xdf\xf5\xffP\xf5\f\xccL\xef\x83\xb3$\xd4\xf4\xb5\xe6\xd0 \xb9\xa7\x8e6\t\x83q\xef\b\xd2\xdb', 0x1) 4.508682287s ago: executing program 3 (id=7068): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) socket(0x2, 0x2, 0x0) seccomp$auto(0x2, 0x10, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2c40, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000001c00)=""/4109, 0x100d) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty1\x00', 0xa0000, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x9, 0x2, 0x1d2c, 0x3, 0x4, 0x15f4da0e, 0x6, 0x9, 0x100000000000000c, 0x8, 0x4, 0xfca, 0x9, 0x2, 0x4000000000000d]}, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) get_mempolicy$auto(0x0, 0x0, 0x2, 0x86, 0x9) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dri/card2\x00', 0x688200, 0x0) mmap$auto(0xd, 0x2000a, 0x5, 0xeb1, 0x401, 0x10000008000) unshare$auto(0x40000080) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/bond0/bonding/use_carrier\x00', 0x103b02, 0x0) sendfile$auto(r0, r0, 0x0, 0x8080000001) close_range$auto(0x0, 0x5, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x800, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff) 4.459614064s ago: executing program 5 (id=7069): mmap$auto(0x0, 0x6, 0x3, 0xeb1, 0x7, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000002940)='/dev/fb0\x00', 0x841, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x2242, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ipvs(0x0, 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_NEW_MPATH(r0, 0x0, 0x20080055) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x942, 0x0) select$auto(0x9, 0x0, 0x0, 0x0, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x8000000000001fd, 0x20000000007, 0x4, 0xbc3, 0x800, 0x3, 0x8, 0x10001, 0x400000000003, 0x3, 0xfffffffffffffffc, 0xfffffffffffffffe, 0x6, 0x9, 0xffffdfffffffff81, 0x4]}, 0x0) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x22240, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = getpid() process_vm_readv$auto(r2, 0x0, 0x800000001, &(0x7f0000000280)={&(0x7f0000000080), 0x1ffffffff}, 0x6, 0x0) timer_create$auto_CLOCK_MONOTONIC(0x1, &(0x7f0000000000)={@sival_int=0x1, @inferred=r1, 0x3, @_tid=r2}, 0x0) io_uring_setup$auto(0x20, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x40001, 0x0) write$auto(0x3, 0x0, 0xfdef) ioctl$auto(0x3, 0x5402, r1) 4.100460331s ago: executing program 4 (id=7070): mmap$auto(0x0, 0x420009, 0xfff, 0xeb1, 0x401, 0x7ffd) r0 = bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x19, 0x4, 0x4, 0x880b, 0x8, 0xd, 0x66b, 0x4, 0x7ff}, 0x6f4) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x14fa02, 0x0) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) sendmsg$auto_NL80211_CMD_GET_STATION(0xffffffffffffffff, 0x0, 0x8000) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket(0xa, 0x1, 0xfffffeff) r3 = openat$auto_stats_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) pread64$auto(r3, 0x0, 0x2, 0x3) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f0000000340)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\x97U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x181500, 0x0) sched_setattr$auto(r1, 0x0, 0x3) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) mmap$auto(0x0, 0x7f, 0xdf, 0x9b72, 0x2, 0x8000) fanotify_mark$auto(0xffffffffffffffff, 0x9, 0x1000000009, r0, 0x0) r4 = open(&(0x7f0000000100)='.\x00', 0x0, 0x408) getdents$auto(r4, 0x0, 0x400018) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_IPVS_CMD_GET_DAEMON(r5, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x804}, 0x40000) r6 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, 0x0) 3.056584592s ago: executing program 0 (id=7071): r0 = openat$auto_proc_tid_children_operations_internal(0xffffffffffffff9c, &(0x7f0000000040), 0x2400, 0x0) getsockopt$auto_SO_BUF_LOCK(r0, 0x4, 0x48, &(0x7f0000000180)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', &(0x7f0000000080)=0x2) unshare$auto(0x40000080) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = socket(0x15, 0x5, 0x0) getsockopt$auto(r2, 0x114, 0x2713, 0xfffffffffffffffc, 0x0) socket(0x2b, 0x1, 0x0) listen$auto(0x3, 0x81) ioctl$auto(0x3, 0x8905, 0x38) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x0, 0x200007, 0x19) close_range$auto(0x2, 0x8, 0x0) userfaultfd$auto(0x1) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0xc0400, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cgroup.threads\x00', 0x80302, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) 2.320806481s ago: executing program 4 (id=7072): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000080), 0x48980, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_TREAD_OLD(r0, 0x40045402, &(0x7f0000000140)=0x80000000) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x3, 0x8, 0x2, 0x1, 0x2}, "654c6dbc7a4d30983899a7e1325b6a29ba1e184410ba9f74e82a3fa6c3ccf1bf"}) ioctl$auto_SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f00000000c0)={0x4, 0x7, 0x0, 0x400, 0x9a, "077c1315ff06c9cc9ff4956913870ef95ebcd43e985b110210346f7f05f8bd5d8b4458e71254da2aab17208e518d2a9b3c20bd53a710ce119b1b61b0"}) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) getcwd$auto(0x0, 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = socket(0x2, 0x1, 0x84) setrlimit$auto(0x1000000007, 0x0) accept$auto(r1, 0x0, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) r2 = socket(0x2, 0x1, 0x84) r3 = socket(0x25, 0x5, 0x0) setsockopt$auto(0x3, 0x0, 0x4, 0x0, 0x28) r4 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x3}, 0x55) close_range$auto(r2, r3, 0x7f) sendmsg$auto_NFC_CMD_SE_IO(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYBLOB="0800fc00", @ANYRES16=0x0, @ANYBLOB="20002bbd7000fedbdf251b000000"], 0x14}, 0x1, 0x0, 0x0, 0x40801}, 0x11) getsockopt$auto(r4, 0x5, 0x5, 0x0, &(0x7f0000000100)=0x14) socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000002740), 0xffffffffffffffff) sendmsg$auto_NL802154_CMD_SET_SHORT_ADDR(r3, &(0x7f00000003c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x40045000}, 0xc, &(0x7f0000000380)={&(0x7f0000000240)={0x10c, r5, 0x102, 0x70bd2a, 0x25dfdbfb, {}, [@NL802154_ATTR_SEC_DEVKEY={0xf0, 0x2f, 0x0, 0x1, [@nested={0xe4, 0xc6, 0x0, 0x1, [@nested={0x4, 0x8}, @generic="7ec01686381b6872d5b81b03889202be97639f5456bba5c51a9c8ff0ace7e29be88e5f6a3d3c6d8adc838d51bfd23b0d53612c59aa4f224c6040e6586dd92a7fa80fc06bccc9f60ef318066ef8", @nested={0x4}, @generic="c577f44712ad0243c678a87eab37bb1f0cf893bce8282d2783bb9fbed91ae8aafb28e17e28c563d9065672f4404993351ec3f0563319212570f4d751bf865da6482758aa92bc2226bc6de2a9c85a720c9e7229d7f86fce042ba2f0486ac4b5da2be2666b42532ebb7599949e79d487cf6f174da5d23a92a551ce046ab1c02365adc443c3532fd7", @nested={0x4, 0x64}]}, @typed={0x8, 0xbf, 0x0, 0x0, @uid}]}, @NL802154_ATTR_SCAN_DURATION={0x5, 0x24, 0xed}]}, 0x10c}, 0x1, 0x0, 0x0, 0x4000}, 0x4080) 2.265169525s ago: executing program 5 (id=7073): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r1 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000002940)='/dev/fb0\x00', 0x841, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x2242, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, 0x0, 0x191000, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/trace_pipe\x00', 0x20c01, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D3\x00', 0x1, 0x0) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0xffffffffffffffff, 0x15f4da07, 0x6, 0x10, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0x2, 0x8]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x8000000000001fd, 0x20000000007, 0x1, 0xbc3, 0x800, 0x3, 0x8, 0x10001, 0x400000000003, 0x3, 0xffffffffffffffff, 0xfffffffffffffffd, 0x6, 0x9, 0xfffffffffffdff81, 0x4]}, 0x0) pwrite64$auto(r1, 0x0, 0x8, 0x400000000000000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) getpid() sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, 0x0, 0x0) unshare$auto(0x40000080) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/mouse0\x00', 0x2000, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x0, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r2 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, 0x0, 0x10000, 0x0) ioctl$auto_PPPIOCSPASS(r2, 0x40107447, &(0x7f00000001c0)={0x7, &(0x7f0000000140)={0x7, 0x7, 0x1, @inferred=r1}}) mmap$auto(0x0, 0x2020007, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) 1.93995429s ago: executing program 4 (id=7074): mmap$auto(0x0, 0x2020006, 0x1000000000000007, 0xeb1, 0x0, 0x1008000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x6, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f0, 0x1015) madvise$auto(0x0, 0x200007, 0x19) mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x7, 0x0) socket(0x11, 0x800, 0x7) openat$auto_loop_ctl_fops_loop(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) socketpair$auto(0x3, 0xd, 0x8dc2, 0x0) close_range$auto(0x2, 0x8000, 0x0) socket(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000280), 0x105901, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0xe0182, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7ff7fffc, 0x9fffff00, 0x2, 0x6, 0x9, 0x8, 0xffffffffffffffff, [0x8], {0x6, 0x806, 0xf, 0x80006, 0x7, 0x85, 0x5, 0x17f, 0x2}, {0xff, 0x401, 0x8, 0x32, 0x5, 0x200002, 0x0, 0x7, 0x100000004}}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_SMC_NETLINK_DISABLE_SEID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=r2], 0x14}, 0x1, 0x0, 0x0, 0x880}, 0x810) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080), 0xfc2}, 0x2, 0x0, 0x3, 0xa505}, 0x800}, 0x7, 0x4008) 1.814016982s ago: executing program 3 (id=7075): mmap$auto(0xfffffffffffffffa, 0x1, 0xdf, 0xeb1, 0x401, 0x8003) rseq$auto(0x0, 0x1a, 0xffff, 0x0) mmap$auto(0x0, 0x40009, 0x7, 0x9b72, 0x7, 0x28000) r0 = socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) syz_genetlink_get_family_id$auto_nbd(0x0, 0xffffffffffffffff) sendmsg$auto_NBD_CMD_CONNECT(0xffffffffffffffff, 0x0, 0x0) recvmmsg$auto(0x3, 0x0, 0x800, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) sendto$auto(0x3, 0x0, 0x2000f, 0x0, 0x0, 0x1c) r1 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000180)='/dev/bus/usb/034/001\x00', 0x802, 0x0) syz_genetlink_get_family_id$auto_nfc(&(0x7f0000000100), r1) sendmsg$auto_NFC_CMD_DISABLE_SE(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={0x0}, 0x1, 0x0, 0x0, 0x20008094}, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) r2 = openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, 0x0, 0x103041, 0x0) writev$auto(r2, &(0x7f0000000140)={0x0, 0x5}, 0x5) r3 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, 0x0, 0x48180, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_PARAMS(r3, 0x40505412, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/bdi/43:288/max_ratio_fine\x00', 0x10b142, 0x0) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) fstatfs$auto(0x3, 0x0) ioctl$auto(r4, 0x4b67, 0x1) socket$nl_generic(0x10, 0x3, 0x10) 1.807208566s ago: executing program 0 (id=7083): open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x130) acct$auto(&(0x7f0000000380)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc') fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x28b42, 0x0) writev$auto(r0, &(0x7f0000000100)={&(0x7f0000000280)="8e8873b5f9dd39182ab801a9e417130ff346eab3d41f954d458b276ffab4f6d5b23e17c1", 0x7115}, 0x8) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14fa02, 0x0) mmap$auto(0x0, 0xb9f, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) memfd_secret$auto(0x0) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) bpf$auto(0x8, &(0x7f0000000280)=@bpf_attr_7={@btf_id=0x2, 0x6, 0x40000023}, 0x96) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, 0x0, 0x100000a3d9) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/sound/ctl-led/speaker/card2/reset\x00', 0xa001, 0x0) write$auto(r2, &(0x7f0000000140)='1\x81=\"\xad/\x8d\b\x00\x18\xa4\xb0\xb4\xd9\x82=~\x17\xfb&L\xeb=j\a\xf1y\xb3\"\xeb\a\xdd\xf4\xf4Ry\xee\xd7\x1e\x1c\x86\x0f\xcf\x7f\xbf\xab\x12{\xc2\xc2*\xc1M+6/v8\xea\xe9\x85s4\xfe\xe5\t\x7fc\xfb7^\xb86J_\x1d\xbcs!\x01\xff\xff\xff\xff\xff\xff\xff\x1dF\xe6\xf6\x17\x10+\xc0\xb0\xafc\x99\xd4\x150Y~\x1e\xe2\xd6x4fW\x13\xc4U`\x9e-X\xd7\xe2H^\fLS`\xfc\xbb\r\f\x00\xeaN\xa5\xd2\x82;\x7f\xa0.\x9a\xfb\x8d\xf3l\xf2\xd3\x95\xc1M5\xcb\xa6I\x067\xe36\xea\xe9\xe3\xf44oT_`8\xb3\xef\x04 \x05K\xf9\x87pl\xac\x86\nE\xc7e\xc5Q\x89\xcd@\x1c\x92\x00\x87\x976\x9f>\xa2\xcfm\xec\r\x11\x7f\x00\x00\x00\xb1\xde@\x02\xce\x03\xb7\xb1\xfb\x9fr\v\xb2\xe3\xc7\b\x85C /zm\x7f\x8fg,p\a\xc8\x7f\xa5\x87\x02\x87\xbbR=A\x00\x1f\x8a\xa7/Q\"J\xbb\xb0m\xf2SP\x84\x84S\xf0\xba\x9a\xf6\xb6`WI\xba\xba*8\x9f\xea\xe8K/\x98\xbc7~>\x12\x9buB\xcb\xe4\x8aKf\xba\x8c\x19m\xe6I\x02\xde\x80\x9d\x87}\xf4\xbd9\x9bA\xac\x9c\x8e\r(\x1d\x98\x84\x98\xaa\xd6\xdb1]\xde\xa0r\x14\xca56^\x94\xd2\xd8\xe6}9\x91\xb6\xf7\xa1=\x96\x11\xf1\\\xa91\x0e\xd1\xe4z\xc1;Pw!\x8b\xf5{\xc7Xd\xf1\xf2}\x96EVf\xc9\xa8\xcd\xe4\xc9\x8d\x1d7\xd5\x94\\\xb5\r\xd2\xaa\xe6H\xfe)\xb3a\x04\x1eRMl\xa3F\xa8W0\x90\xc9Ky#\x03\xf5~\xd2Z\xe9(\x99\b\x00M\xde\x01]\r\xd09k\xc2\x84\xc1\xabN\x96\x8a6\x98@\xd3\xab\xa8m\xdf\x8d\x1d\b\x82\xfcP\x87\x93\x80\x97Q\x86\x8a\x9c\xf8L\x0f\xa8@VE2\x9d\x1e`#\xd8\xd7M\xd4k1\xe6\x13Y\\\x83E\xd0e\x0eM\xa9Q\xac\x0e\x1d]\a\x19H\x81\xd2\xccF\xc6\xd4\xe2R$\xfa\xd6}\xbdsN\x18\xdf\xf5\xffP\xf5\f\xccL\xef\x83\xb3$\xd4\xf4\xb5\xe6\xd0 \xb9\xa7\x8e6\t\x83q\xef\b\xd2\xdb', 0x1) 1.435898815s ago: executing program 4 (id=7076): openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x40000, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, r0, 0x0) r2 = socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) sendmsg$auto_ETHTOOL_MSG_RINGS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001d80)={&(0x7f0000000000)=ANY=[@ANYBLOB="00000500", @ANYRES16=0x0, @ANYBLOB="010037bd7000ffdbdf25100000000c0001"], 0x20}, 0x1, 0x0, 0x0, 0x40010}, 0x20080800) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) openat$auto_proc_uid_map_operations_base(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/uid_map\x00', 0x109800, 0x0) openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcsa\x00', 0x2a801, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x15, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x0, @remote}, 0x6a) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) pipe2$auto(0x0, 0x0) memfd_secret$auto(0x0) syz_genetlink_get_family_id$auto_mac80211_hwsim(0x0, 0xffffffffffffffff) socket(0xa, 0x3, 0x84) r4 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r4, @ANYRES8=r1], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x4000050) write$auto(r2, &(0x7f0000000000)='-\x00', 0xfdef) 899.99807ms ago: executing program 4 (id=7077): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) socket(0x10, 0x2, 0x14) socket(0x11, 0x80003, 0x300) socket(0x1d, 0x2, 0x7) socket(0x2, 0x1, 0x0) socket(0xa, 0x2, 0x73) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x0) socket(0x10, 0x2, 0x14) socket(0x11, 0x80003, 0x300) socket(0x1d, 0x2, 0x7) socket(0x2, 0x1, 0x0) socket(0x10, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x0) socket(0xa, 0x5, 0x0) r0 = socket(0x10, 0x2, 0x14) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r0, &(0x7f0000003000)={0x0, 0x0, &(0x7f0000002fc0)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000000a14af"], 0x14}, 0x1, 0x0, 0x0, 0x80c3}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYRES8=r0], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4c084}, 0x51) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x2}, 0x3, 0x0) 752.508868ms ago: executing program 0 (id=7078): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r1, &(0x7f0000000000)='//\xf2\x00', 0x80000000) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0xfffffffffffffffc, 0xfffffffffffffffd, 0x1, 0x1, 0x6, 0x0, 0xffffffffffffff7f, 0x368e, 0x2, {0xffffffff, 0x20000000010000}, 0x5, 0x6, 0xfffffffffffffffd, 0x47, 0x0, 0x9, 0x81, 0xffffffffffff628e, 0xa747, 0xdead, 0x804}) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snd/midiC2D1\x00', 0x581402, 0x0) r2 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000080), 0xc0402, 0x0) ioctl$auto_posix_clock_file_operations_posix_clock(r2, 0xc0403d11, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) waitid$auto_P_ALL(0x0, 0x3b000, &(0x7f0000000280)={@siginfo_0_0={0x200, 0x0, 0x6, @_sigsys={&(0x7f00000000c0)="55eb8df319677f9aebf453b195011dc75b314a6a2de037085459dc03a1ad199752151699faea53575d94e9e2f930abeb4f1cd2fa58eef0e25b15baeca5f900c19f32e51de1ba99fb4f82871232b30000000000", 0x1000, 0x826}}}, 0x3, &(0x7f0000000300)={{0xda0000000000000, 0x969d}, {0x2, 0x6}, 0x8000000000000000, 0xa, 0x8, 0xd11c, 0xb871, 0x6, 0x9ffd, 0x81, 0x4, 0x1000000000f8c5, 0x1000, 0x81, 0xc, 0xd}) mmap$auto(0x0, 0x5, 0x3, 0x14, r2, 0x8000) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x0, 0x200007, 0x1d) pwrite64$auto(0xc8, 0x0, 0xfded, 0x6) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r3, &(0x7f00000003c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4G\x0f\xed\xc0D\xd6\xaf%\xa5\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xccT\fZq', 0x100000a3da) close_range$auto(0x0, 0xfffffffffffff001, 0x2) socket(0x11, 0x80003, 0x300) socket(0x29, 0x5, 0x0) open(&(0x7f0000000040)='./cgroup\x00', 0x80, 0xb5d1af1605322de0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) 592.217129ms ago: executing program 5 (id=7079): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x10, 0x2, 0x14) socket(0x11, 0x80003, 0x300) socket(0x1d, 0x2, 0x7) socket(0x2, 0x1, 0x0) socket(0x10, 0x2, 0x0) socket(0x1d, 0x2, 0x7) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x0) socket(0xa, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_ETHTOOL_MSG_RINGS_SET(r0, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f0000001d80)={&(0x7f0000000040)=ANY=[@ANYRES16, @ANYBLOB="010027bd7000ffdbdf25100000000c0001800800", @ANYRES32, @ANYBLOB="080006"], 0x28}, 0x1, 0x0, 0x0, 0x90}, 0x0) r1 = socket(0x10, 0x2, 0x14) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r1, &(0x7f0000003000)={0x0, 0x0, &(0x7f0000002fc0)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000000a14af"], 0x14}, 0x1, 0x0, 0x0, 0x80c3}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYRES8=r1], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4c084}, 0x51) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x2}, 0x3, 0x0) 509.259274ms ago: executing program 4 (id=7080): mmap$auto(0x0, 0x4, 0x4000000000df, 0x78, 0xffffffffffffffff, 0x300000000000) socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x54) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) select$auto(0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x7, 0x0) close_range$auto(0x0, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0xffffffffffffffff, 0xeb1, 0x401, 0x8000) futex$auto(&(0x7f0000000080)=0x1, 0xb, 0x1, 0x0, 0x0, 0xfffffffa) futex$auto(&(0x7f0000000080)=0xfffffffa, 0xc, 0x1, 0x0, 0x0, 0xfffffffa) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0x240007, 0x19) migrate_pages$auto(0x0, 0xa, &(0x7f0000000100)=0x5, &(0x7f0000000140)=0x2) madvise$auto(0x0, 0xffffffffffff0005, 0x19) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0x2, 0x1, 0x0) sysfs$auto(0x2, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'macvtap0\x00'}) 119.103317ms ago: executing program 5 (id=7081): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) socket(0x1, 0x3, 0x2) close_range$auto(0x0, 0xfffffffffffff001, 0x2) r1 = socket(0x1e, 0x1, 0x0) r2 = socket(0x1d, 0x2, 0x6) r3 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) r5 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000300), r2) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000340)={'veth0_to_bridge\x00', 0x0}) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000140), r7) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r8, @ANYBLOB="2f212cbd7010ca705d845526cc0008000380", @ANYRES32=r9], 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x8810) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000380)={'veth0_to_team\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_MM_GET(r1, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x450000}, 0xc, &(0x7f0000000500)={&(0x7f00000003c0)={0x130, r5, 0x200, 0x70bd29, 0x25dfdbff, {}, [@ETHTOOL_A_MM_HEADER={0x4}, @ETHTOOL_A_MM_HEADER={0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'rose0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xc}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan1\x00'}]}, @ETHTOOL_A_MM_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}]}, @ETHTOOL_A_MM_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}]}, @ETHTOOL_A_MM_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}]}, @ETHTOOL_A_MM_HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @ETHTOOL_A_MM_HEADER={0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xe}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x9}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xfffffbff}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bond\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}]}, @ETHTOOL_A_MM_HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}]}, @ETHTOOL_A_MM_HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}]}]}, 0x130}}, 0x4040) bind$auto(r2, &(0x7f0000000040)=@can={0x1d, r4, 0xfd}, 0x6a) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000280), 0x483, 0x0) close_range$auto(0x2, 0x8, 0x0) r11 = socket(0xa, 0x801, 0x84) socketpair$auto(0xfffffffc, 0x1, 0x8000000000000000, 0x0) r12 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vbi0\x00', 0x80382, 0x0) vmsplice$auto(r0, 0x0, 0x1ff, 0xf) ioctl$auto(r12, 0xc0045627, r1) sendmsg$auto_NETDEV_CMD_PAGE_POOL_GET(r11, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x2c, 0x0, 0x100, 0x70bd2b, 0x25dfdbfe, {}, [@NETDEV_A_PAGE_POOL_ID={0xc, 0x1, 0x8}, @NETDEV_A_PAGE_POOL_ID={0xc, 0x1, 0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 0s ago: executing program 3 (id=7082): r0 = openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f0000000400)='/sys/kernel/debug/dri/vkms/state\x00', 0xa8201, 0x0) lseek$auto(r0, 0x9, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket(0x18, 0x1, 0x974a) ioctl$auto_SNDCTL_SEQ_OUTOFBAND(0xffffffffffffffff, 0x40085112, &(0x7f0000000280)="053b8c6a00394d64e013aed60ea55b9b14087438113fffc275747670630c8e96d06e1c38d397d4908fec12e6d058498d737ea574c097d069bb0ed761a5c8e597546366e43dcf84287fa21307db55b56bfebeb7a7a908534d6d26132741c29c85c65d45620d8c501ab675cb29b26710084754f9e3e7cedb6bfc430586159584a4195dbef4e20012c7a81d70b9c9b06599148963644099ec9706a1e5c9cf548a714e03ed3e") openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) r1 = openat$auto_fops_x64_ro_(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/ieee80211/phy7/netdev:wlan0/stations/08:02:11:00:00:01/driver_buffered_tids\x00', 0x2, 0x0) read$auto_fops_x64_ro_(r1, &(0x7f0000002140)=""/4096, 0x1000) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x88000, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) unshare$auto(0x40000080) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_SEG6_CMD_SETHMAC(r3, 0x0, 0x44000) sendmsg$auto_SEG6_CMD_GET_TUNSRC(r2, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x8890) r4 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f00000001c0), 0x80100, 0x0) openat$auto_dvb_dvr_fops_dmxdev(0xffffffffffffff9c, &(0x7f00000002c0), 0x44100, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r4, 0x40146f2c, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x10803, 0x0) kernel console output (not intermixed with test programs): sbfs_start_wait_urb+0x10/0x10 [ 1067.268022][T22638] do_proc_control+0x7e1/0xe50 [ 1067.268066][T22638] ? __pfx_do_proc_control+0x10/0x10 [ 1067.268113][T22638] usbdev_ioctl+0x1a28/0x3aa0 [ 1067.268157][T22638] ? __pfx_usbdev_ioctl+0x10/0x10 [ 1067.268203][T22638] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1067.268257][T22638] ? do_vfs_ioctl+0x226/0x13e0 [ 1067.268313][T22638] ? find_held_lock+0x2b/0x80 [ 1067.268359][T22638] ? __fget_files+0x215/0x3d0 [ 1067.268402][T22638] ? hook_file_ioctl_common+0x146/0x410 [ 1067.268447][T22638] ? __fget_files+0x21f/0x3d0 [ 1067.268498][T22638] ? __pfx_usbdev_ioctl+0x10/0x10 [ 1067.268538][T22638] __x64_sys_ioctl+0x18e/0x210 [ 1067.268580][T22638] do_syscall_64+0x106/0xf80 [ 1067.268627][T22638] ? clear_bhb_loop+0x40/0x90 [ 1067.268665][T22638] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1067.268698][T22638] RIP: 0033:0x7fe68459bf79 [ 1067.268729][T22638] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1067.268759][T22638] RSP: 002b:00007fe685380028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1067.268788][T22638] RAX: ffffffffffffffda RBX: 00007fe684815fa0 RCX: 00007fe68459bf79 [ 1067.268808][T22638] RDX: 0000200000000000 RSI: 00000000c0185500 RDI: 0000000000000008 [ 1067.268829][T22638] RBP: 00007fe6846327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1067.268857][T22638] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1067.268876][T22638] R13: 00007fe684816038 R14: 00007fe684815fa0 R15: 00007ffe83130ad8 [ 1067.268920][T22638] [ 1067.812701][T22640] netlink: 2468 bytes leftover after parsing attributes in process `syz.0.5576'. [ 1067.992431][T22634] Invalid ELF header magic: != ELF [ 1069.735477][ T58] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 1461 with max blocks 14 with error 117 [ 1069.817563][ T58] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1069.817563][ T58] [ 1079.434262][T15310] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 1079.444612][T15310] Bluetooth: hci2: Invalid handle: 0x3a4a > 0x0eff [ 1080.255536][T22779] netlink: 5 bytes leftover after parsing attributes in process `syz.1.5614'. [ 1080.280285][T22779] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5614'. [ 1081.764555][T22795] netlink: 25 bytes leftover after parsing attributes in process `syz.3.5620'. [ 1082.996280][T22812] netlink: 354 bytes leftover after parsing attributes in process `syz.0.5625'. [ 1084.756978][T22825] bonding: no command found in bonding_masters - use +ifname or -ifname [ 1084.757391][T22825] bonding: no command found in bonding_masters - use +ifname or -ifname [ 1085.876159][T20250] Bluetooth: hci2: unexpected event 0x05 length: 440 > 4 [ 1086.187914][T22853] netlink: 13 bytes leftover after parsing attributes in process `syz.0.5638'. [ 1086.788849][T22868] FAULT_INJECTION: forcing a failure. [ 1086.788849][T22868] name failslab, interval 1, probability 0, space 0, times 0 [ 1086.815748][T22868] CPU: 0 UID: 0 PID: 22868 Comm: syz.1.5642 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1086.815801][T22868] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1086.815814][T22868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1086.815833][T22868] Call Trace: [ 1086.815843][T22868] [ 1086.815856][T22868] dump_stack_lvl+0x100/0x190 [ 1086.815907][T22868] should_fail_ex.cold+0x5/0xa [ 1086.815945][T22868] should_failslab+0xc2/0x120 [ 1086.815991][T22868] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1086.816025][T22868] ? refill_pi_state_cache+0x91/0x260 [ 1086.816077][T22868] refill_pi_state_cache+0x91/0x260 [ 1086.816123][T22868] futex_lock_pi+0x177/0x7b0 [ 1086.816172][T22868] ? __pfx_futex_lock_pi+0x10/0x10 [ 1086.816210][T22868] ? __pfx___futex_wait+0x10/0x10 [ 1086.816285][T22868] ? __pfx_futex_wake_mark+0x10/0x10 [ 1086.816338][T22868] ? __get_user_nocheck_8+0x20/0x20 [ 1086.816377][T22868] ? do_vfs_ioctl+0x226/0x13e0 [ 1086.816420][T22868] do_futex+0x18a/0x350 [ 1086.816470][T22868] ? __pfx_do_futex+0x10/0x10 [ 1086.816510][T22868] ? find_held_lock+0x2b/0x80 [ 1086.816558][T22868] __x64_sys_futex+0x34f/0x4d0 [ 1086.816599][T22868] ? __pfx___x64_sys_futex+0x10/0x10 [ 1086.816650][T22868] do_syscall_64+0x106/0xf80 [ 1086.816690][T22868] ? clear_bhb_loop+0x40/0x90 [ 1086.816728][T22868] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1086.816760][T22868] RIP: 0033:0x7fe68459bf79 [ 1086.816787][T22868] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1086.816815][T22868] RSP: 002b:00007fe6827f6028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1086.816845][T22868] RAX: ffffffffffffffda RBX: 00007fe684816090 RCX: 00007fe68459bf79 [ 1086.816866][T22868] RDX: 0000000000000008 RSI: 0000000000000006 RDI: 0000000000000000 [ 1086.816884][T22868] RBP: 00007fe6846327e0 R08: 0000000000000000 R09: 000000008000fff5 [ 1086.816904][T22868] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1086.816923][T22868] R13: 00007fe684816128 R14: 00007fe684816090 R15: 00007ffe83130ad8 [ 1086.816965][T22868] [ 1090.914432][T22926] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5658'. [ 1091.099912][T22926] hsr_slave_0 (unregistering): left promiscuous mode [ 1091.263929][T22931] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5656'. [ 1095.356646][T22975] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5671'. [ 1095.366234][T22975] : entered promiscuous mode [ 1095.371280][T22975] bond_slave_0: entered promiscuous mode [ 1095.444136][T22975] : entered allmulticast mode [ 1095.482698][T22975] bond_slave_0: entered allmulticast mode [ 1099.469613][T20250] Bluetooth: hci0: Malformed Event: 0x13 [ 1100.293792][T21966] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 1461 with max blocks 14 with error 117 [ 1100.324975][T21966] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1100.324975][T21966] [ 1102.620124][T23031] netlink: 'syz.0.5682': attribute type 4 has an invalid length. [ 1102.636214][T23033] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 1102.652701][T23031] netlink: 314 bytes leftover after parsing attributes in process `syz.0.5682'. [ 1102.662412][T23031] IPv6: NLM_F_CREATE should be specified when creating new route [ 1105.241045][T23053] HSR: entered promiscuous mode [ 1105.481592][T23065] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5691'. [ 1106.155982][T23077] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5704'. [ 1106.449136][T23087] netlink: 'syz.0.5696': attribute type 12 has an invalid length. [ 1111.650324][T23159] netlink: 354 bytes leftover after parsing attributes in process `syz.4.5716'. [ 1115.068709][T23197] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 976 with max blocks 47 with error 117 [ 1115.309456][T23197] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1115.309456][T23197] [ 1116.335699][T20250] Bluetooth: hci1: unexpected event 0x36 length: 123 > 7 [ 1116.372685][T23212] FAULT_INJECTION: forcing a failure. [ 1116.372685][T23212] name failslab, interval 1, probability 0, space 0, times 0 [ 1116.428304][T23214] Console: switching to colour VGA+ 80x25 [ 1116.436986][T23212] CPU: 1 UID: 0 PID: 23212 Comm: syz.1.5727 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1116.437040][T23212] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1116.437054][T23212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1116.437074][T23212] Call Trace: [ 1116.437086][T23212] [ 1116.437099][T23212] dump_stack_lvl+0x100/0x190 [ 1116.437152][T23212] should_fail_ex.cold+0x5/0xa [ 1116.437191][T23212] should_failslab+0xc2/0x120 [ 1116.437242][T23212] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1116.437277][T23212] ? apply_subsystem_event_filter+0x565/0x17d0 [ 1116.437324][T23212] ? append_filter_err+0x43a/0x620 [ 1116.437376][T23212] apply_subsystem_event_filter+0x565/0x17d0 [ 1116.437436][T23212] ? __pfx_apply_subsystem_event_filter+0x10/0x10 [ 1116.437492][T23212] ? _copy_from_user+0x59/0xd0 [ 1116.437535][T23212] ? __pfx_subsystem_filter_write+0x10/0x10 [ 1116.437579][T23212] subsystem_filter_write+0x95/0x120 [ 1116.437627][T23212] vfs_writev+0x5ea/0xe10 [ 1116.437678][T23212] ? rcu_is_watching+0x12/0xc0 [ 1116.437736][T23212] ? __pfx_vfs_writev+0x10/0x10 [ 1116.437774][T23212] ? fdget_pos+0x2aa/0x380 [ 1116.437854][T23212] ? __fget_files+0x21f/0x3d0 [ 1116.437909][T23212] ? do_writev+0x13e/0x340 [ 1116.437949][T23212] do_writev+0x13e/0x340 [ 1116.437991][T23212] ? __pfx_do_writev+0x10/0x10 [ 1116.438046][T23212] do_syscall_64+0x106/0xf80 [ 1116.438088][T23212] ? clear_bhb_loop+0x40/0x90 [ 1116.438130][T23212] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1116.438178][T23212] RIP: 0033:0x7fe68459bf79 [ 1116.438206][T23212] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1116.438241][T23212] RSP: 002b:00007fe685380028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1116.438275][T23212] RAX: ffffffffffffffda RBX: 00007fe684815fa0 RCX: 00007fe68459bf79 [ 1116.438297][T23212] RDX: 0000000000000005 RSI: 0000200000000140 RDI: 0000000000000007 [ 1116.438319][T23212] RBP: 00007fe6846327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1116.438339][T23212] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1116.438358][T23212] R13: 00007fe684816038 R14: 00007fe684815fa0 R15: 00007ffe83130ad8 [ 1116.438403][T23212] [ 1116.544592][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 1116.771020][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1123.998759][T23304] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5750'. [ 1125.271005][T23327] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5755'. [ 1125.337357][T23327] netlink: 354 bytes leftover after parsing attributes in process `syz.1.5755'. [ 1126.255841][T23322] kexec: Could not allocate control_code_buffer [ 1129.391094][T23373] smpboot: CPU 1 is now offline [ 1131.092952][T21965] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 1461 with max blocks 14 with error 117 [ 1131.171583][T21965] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1131.171583][T21965] [ 1131.799464][T23408] netlink: 186 bytes leftover after parsing attributes in process `syz.4.5777'. [ 1134.451639][T20250] Bluetooth: hci1: ISO packet for unknown connection handle 0 [ 1135.291643][T23437] netlink: 'syz.4.5786': attribute type 3 has an invalid length. [ 1135.340775][T23437] netlink: 306 bytes leftover after parsing attributes in process `syz.4.5786'. [ 1136.714969][T23458] netlink: 50 bytes leftover after parsing attributes in process `syz.0.5791'. [ 1138.382244][T23478] netlink: 334 bytes leftover after parsing attributes in process `syz.3.5797'. [ 1138.713957][T23483] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5798'. [ 1138.802747][T23483] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1138.942253][T23483] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1144.297561][T23531] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5811'. [ 1144.454821][T23538] netlink: 354 bytes leftover after parsing attributes in process `syz.3.5811'. [ 1144.503803][T23535] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5810'. [ 1147.930263][T23545] kexec: Could not allocate control_code_buffer [ 1148.057381][T23569] netlink: 'syz.3.5817': attribute type 64 has an invalid length. [ 1148.133070][T23569] netlink: 74 bytes leftover after parsing attributes in process `syz.3.5817'. [ 1149.570111][T23582] random: crng reseeded on system resumption [ 1150.474770][T23589] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5823'. [ 1150.564496][T23593] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5823'. [ 1152.087241][T23597] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5825'. [ 1156.340582][T23639] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5834'. [ 1156.403620][T23641] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 974 with max blocks 49 with error 117 [ 1156.538641][T23641] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1156.538641][T23641] [ 1157.370550][T23615] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 1157.414314][T20250] Bluetooth: hci1: command 0x0c1a tx timeout [ 1157.444872][T23615] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1157.482705][T23615] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1158.107139][T23615] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1158.127066][T23615] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1158.187154][T23615] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1158.248631][T23655] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5835'. [ 1158.343306][T23615] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1158.492813][T23655] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1158.763795][T23655] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1158.870651][T23666] netlink: 93 bytes leftover after parsing attributes in process `syz.4.5839'. [ 1158.985683][T23664] netlink: 93 bytes leftover after parsing attributes in process `syz.4.5839'. [ 1159.084698][T23669] netlink: 93 bytes leftover after parsing attributes in process `syz.4.5839'. [ 1159.492655][T20250] Bluetooth: hci2: command 0x0c1a tx timeout [ 1159.897670][T23675] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5842'. [ 1160.132861][T20250] Bluetooth: hci3: command 0x0c1a tx timeout [ 1160.212548][T20250] Bluetooth: hci0: command 0x0406 tx timeout [ 1161.276932][T23692] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5845'. [ 1161.573749][T16994] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 1461 with max blocks 14 with error 117 [ 1161.589840][T20250] Bluetooth: hci2: command 0x0c1a tx timeout [ 1161.658654][T16994] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1161.658654][T16994] [ 1161.953406][T23695] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5847'. [ 1162.292648][T20250] Bluetooth: hci0: command 0x0406 tx timeout [ 1164.350514][T23730] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5856'. [ 1164.373740][T20250] Bluetooth: hci0: command 0x0406 tx timeout [ 1165.454913][T23738] netlink: 334 bytes leftover after parsing attributes in process `syz.4.5857'. [ 1169.924521][T23752] kexec: Could not allocate control_code_buffer [ 1172.593493][T23810] netlink: 206 bytes leftover after parsing attributes in process `syz.4.5877'. [ 1175.695827][T23840] netlink: 25 bytes leftover after parsing attributes in process `syz.1.5886'. [ 1178.002939][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 1178.009515][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1180.380196][T23873] FAULT_INJECTION: forcing a failure. [ 1180.380196][T23873] name failslab, interval 1, probability 0, space 0, times 0 [ 1180.565589][T23873] CPU: 0 UID: 0 PID: 23873 Comm: syz.1.5894 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1180.565624][T23873] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1180.565632][T23873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1180.565643][T23873] Call Trace: [ 1180.565650][T23873] [ 1180.565658][T23873] dump_stack_lvl+0x100/0x190 [ 1180.565690][T23873] should_fail_ex.cold+0x5/0xa [ 1180.565713][T23873] should_failslab+0xc2/0x120 [ 1180.565742][T23873] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1180.565766][T23873] ? __kernfs_new_node+0xd2/0x960 [ 1180.565790][T23873] __kernfs_new_node+0xd2/0x960 [ 1180.565809][T23873] ? kernfs_add_one+0x583/0x850 [ 1180.565833][T23873] ? __pfx___kernfs_new_node+0x10/0x10 [ 1180.565858][T23873] ? find_held_lock+0x2b/0x80 [ 1180.565886][T23873] ? kernfs_root+0xee/0x2a0 [ 1180.565904][T23873] ? kernfs_root+0xee/0x2a0 [ 1180.565928][T23873] kernfs_new_node+0x11b/0x1a0 [ 1180.565953][T23873] __kernfs_create_file+0x53/0x350 [ 1180.565982][T23873] sysfs_add_file_mode_ns+0x207/0x3c0 [ 1180.566018][T23873] sysfs_create_file_ns+0x145/0x1e0 [ 1180.566047][T23873] ? __pfx_sysfs_create_file_ns+0x10/0x10 [ 1180.566077][T23873] ? __pfx___up_read+0x10/0x10 [ 1180.566102][T23873] ? acpi_device_notify+0x464/0x500 [ 1180.566123][T23873] ? kobject_put+0xb9/0x640 [ 1180.566154][T23873] device_create_file+0xf2/0x1d0 [ 1180.566182][T23873] device_add+0x2cb/0x1950 [ 1180.566204][T23873] ? __pfx_dev_set_name+0x10/0x10 [ 1180.566228][T23873] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1180.566257][T23873] ? __pfx_device_add+0x10/0x10 [ 1180.566280][T23873] ? lockdep_init_map_type+0x5c/0x250 [ 1180.566304][T23873] ? __init_waitqueue_head+0xca/0x150 [ 1180.566335][T23873] netdev_register_kobject+0x1a9/0x3d0 [ 1180.566374][T23873] register_netdevice+0x12e0/0x2210 [ 1180.566404][T23873] ? __pfx_register_netdevice+0x10/0x10 [ 1180.566436][T23873] ? __pfx_loopback_net_init+0x10/0x10 [ 1180.566457][T23873] register_netdev+0x34/0x50 [ 1180.566483][T23873] loopback_net_init+0x7a/0x170 [ 1180.566505][T23873] ? __pfx_loopback_net_init+0x10/0x10 [ 1180.566523][T23873] ops_init+0x1e2/0x5f0 [ 1180.566551][T23873] setup_net+0x118/0x3a0 [ 1180.566576][T23873] ? __pfx_setup_net+0x10/0x10 [ 1180.566604][T23873] ? lockdep_init_map_type+0x5c/0x250 [ 1180.566628][T23873] ? mutex_init_lockep+0x110/0x150 [ 1180.566655][T23873] copy_net_ns+0x46f/0x7c0 [ 1180.566684][T23873] create_new_namespaces+0x3ea/0xac0 [ 1180.566721][T23873] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1180.566742][T23873] ksys_unshare+0x455/0xab0 [ 1180.566766][T23873] ? __pfx_ksys_unshare+0x10/0x10 [ 1180.566797][T23873] __x64_sys_unshare+0x31/0x40 [ 1180.566819][T23873] do_syscall_64+0x106/0xf80 [ 1180.566843][T23873] ? clear_bhb_loop+0x40/0x90 [ 1180.566866][T23873] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1180.566885][T23873] RIP: 0033:0x7fe68459bf79 [ 1180.566902][T23873] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1180.566920][T23873] RSP: 002b:00007fe685380028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1180.566940][T23873] RAX: ffffffffffffffda RBX: 00007fe684815fa0 RCX: 00007fe68459bf79 [ 1180.566952][T23873] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1180.566963][T23873] RBP: 00007fe6846327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1180.566974][T23873] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1180.566986][T23873] R13: 00007fe684816038 R14: 00007fe684815fa0 R15: 00007ffe83130ad8 [ 1180.567010][T23873] [ 1181.403693][T20250] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 1184.035450][T23904] netlink: 330 bytes leftover after parsing attributes in process `syz.3.5901'. [ 1186.183916][T23915] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5903'. [ 1187.208256][T23925] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5905'. [ 1187.414148][T23929] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5907'. [ 1187.563980][T23929] bridge0: port 3() entered disabled state [ 1187.617331][T23929]  (unregistering): (slave bond_slave_0): Releasing backup interface [ 1187.780946][T23929] bond_slave_0: left promiscuous mode [ 1187.816871][T23929]  (unregistering): (slave bond_slave_1): Releasing backup interface [ 1187.988380][T23929] bond_slave_1: left promiscuous mode [ 1188.021323][T23929] bond_slave_1: left allmulticast mode [ 1188.065977][T23929]  (unregistering): Released all slaves [ 1189.704231][T23949] Invalid ELF header magic: != ELF [ 1189.741062][T23948] delete_channel: no stack [ 1191.982807][ T1338] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 1461 with max blocks 14 with error 117 [ 1192.047209][ T1338] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1192.047209][ T1338] [ 1192.840772][T23982] pim6reg: entered allmulticast mode [ 1192.864115][T23989] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5923'. [ 1193.386899][T23975] Invalid ELF header magic: != ELF [ 1194.044978][ C0] vcan0: j1939_tp_rxtimer: 0xffff8880340c5000: rx timeout, send abort [ 1194.553918][ C0] vcan0: j1939_tp_rxtimer: 0xffff8880340c5000: abort rx timeout. Force session deactivation [ 1195.485358][T24021] netlink: 9 bytes leftover after parsing attributes in process `syz.1.5932'. [ 1197.868228][T24050] tipc: Started in network mode [ 1197.910239][T24050] tipc: Node identity ee00, cluster identity 4711 [ 1197.950583][T24050] tipc: Node number set to 60928 [ 1201.264240][T24083] netlink: 206 bytes leftover after parsing attributes in process `syz.0.5947'. [ 1201.446944][T24094] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5950'. [ 1202.043482][T24110] futex_wake_op: syz.3.5953 tries to shift op by -2048; fix this program [ 1202.083615][T24112] binder: 24111:24112 ioctl c018620c 0 returned -1 [ 1202.132348][T24110] futex_wake_op: syz.3.5953 tries to shift op by -2048; fix this program [ 1202.163572][T24112] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5954'. [ 1202.173538][T24094] macsec0: entered promiscuous mode [ 1202.179310][T24094] macsec0: entered allmulticast mode [ 1202.339584][T24094] veth1_macvtap: entered allmulticast mode [ 1202.858654][T24119] EXT4-fs (sda1): Delayed block allocation failed for inode 2026 at logical offset 1 with max blocks 1 with error 117 [ 1203.122859][T24119] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1203.122859][T24119] [ 1203.730348][T24124] FAULT_INJECTION: forcing a failure. [ 1203.730348][T24124] name failslab, interval 1, probability 0, space 0, times 0 [ 1203.826247][T24124] CPU: 0 UID: 0 PID: 24124 Comm: syz.4.5956 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1203.826284][T24124] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1203.826292][T24124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1203.826306][T24124] Call Trace: [ 1203.826313][T24124] [ 1203.826321][T24124] dump_stack_lvl+0x100/0x190 [ 1203.826353][T24124] should_fail_ex.cold+0x5/0xa [ 1203.826377][T24124] should_failslab+0xc2/0x120 [ 1203.826406][T24124] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 1203.826433][T24124] ? kstrdup_const+0x63/0x80 [ 1203.826463][T24124] kstrdup+0x51/0xe0 [ 1203.826489][T24124] kstrdup_const+0x63/0x80 [ 1203.826513][T24124] __kernfs_new_node+0x9b/0x960 [ 1203.826537][T24124] ? __pfx___kernfs_new_node+0x10/0x10 [ 1203.826562][T24124] ? find_held_lock+0x2b/0x80 [ 1203.826590][T24124] ? kernfs_root+0xee/0x2a0 [ 1203.826608][T24124] ? kernfs_root+0xee/0x2a0 [ 1203.826631][T24124] kernfs_new_node+0x11b/0x1a0 [ 1203.826657][T24124] kernfs_create_link+0xcc/0x240 [ 1203.826687][T24124] sysfs_do_create_link_sd+0x90/0x140 [ 1203.826708][T24124] sysfs_create_link+0x61/0xc0 [ 1203.826727][T24124] device_add+0x675/0x1950 [ 1203.826751][T24124] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1203.826779][T24124] ? __pfx_device_add+0x10/0x10 [ 1203.826801][T24124] ? lockdep_init_map_type+0x5c/0x250 [ 1203.826825][T24124] ? __init_waitqueue_head+0xca/0x150 [ 1203.826857][T24124] netdev_register_kobject+0x1a9/0x3d0 [ 1203.826888][T24124] register_netdevice+0x12e0/0x2210 [ 1203.826920][T24124] ? __pfx_register_netdevice+0x10/0x10 [ 1203.826951][T24124] ? __pfx_loopback_net_init+0x10/0x10 [ 1203.826972][T24124] register_netdev+0x34/0x50 [ 1203.826997][T24124] loopback_net_init+0x7a/0x170 [ 1203.827018][T24124] ? __pfx_loopback_net_init+0x10/0x10 [ 1203.827036][T24124] ops_init+0x1e2/0x5f0 [ 1203.827072][T24124] setup_net+0x118/0x3a0 [ 1203.827108][T24124] ? __pfx_setup_net+0x10/0x10 [ 1203.827132][T24124] ? lockdep_init_map_type+0x5c/0x250 [ 1203.827157][T24124] ? mutex_init_lockep+0x110/0x150 [ 1203.827185][T24124] copy_net_ns+0x46f/0x7c0 [ 1203.827214][T24124] create_new_namespaces+0x3ea/0xac0 [ 1203.827250][T24124] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1203.827277][T24124] ksys_unshare+0x455/0xab0 [ 1203.827303][T24124] ? __pfx_ksys_unshare+0x10/0x10 [ 1203.827335][T24124] __x64_sys_unshare+0x31/0x40 [ 1203.827357][T24124] do_syscall_64+0x106/0xf80 [ 1203.827382][T24124] ? clear_bhb_loop+0x40/0x90 [ 1203.827405][T24124] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1203.827425][T24124] RIP: 0033:0x7fdbe3d9bf79 [ 1203.827442][T24124] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1203.827460][T24124] RSP: 002b:00007fdbe4b74028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1203.827479][T24124] RAX: ffffffffffffffda RBX: 00007fdbe4016090 RCX: 00007fdbe3d9bf79 [ 1203.827491][T24124] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1203.827502][T24124] RBP: 00007fdbe3e327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1203.827514][T24124] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1203.827526][T24124] R13: 00007fdbe4016128 R14: 00007fdbe4016090 R15: 00007fffb52866b8 [ 1203.827550][T24124] [ 1204.622726][T24125] netlink: 286 bytes leftover after parsing attributes in process `syz.1.5964'. [ 1205.047823][T24131] FAULT_INJECTION: forcing a failure. [ 1205.047823][T24131] name failslab, interval 1, probability 0, space 0, times 0 [ 1205.315245][T24131] CPU: 0 UID: 0 PID: 24131 Comm: syz.1.5958 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1205.315279][T24131] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1205.315287][T24131] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1205.315298][T24131] Call Trace: [ 1205.315306][T24131] [ 1205.315317][T24131] dump_stack_lvl+0x100/0x190 [ 1205.315355][T24131] should_fail_ex.cold+0x5/0xa [ 1205.315377][T24131] ? __register_sysctl_table+0xbe4/0x1650 [ 1205.315401][T24131] should_failslab+0xc2/0x120 [ 1205.315430][T24131] __kmalloc_noprof+0xe0/0x850 [ 1205.315459][T24131] __register_sysctl_table+0xbe4/0x1650 [ 1205.315488][T24131] ? __pfx___register_sysctl_table+0x10/0x10 [ 1205.315510][T24131] ? is_module_address+0x69/0xf0 [ 1205.315532][T24131] ? register_net_sysctl_sz+0x222/0x430 [ 1205.315566][T24131] __devinet_sysctl_register+0x1b9/0x360 [ 1205.315596][T24131] ? trace_kmalloc+0x101/0x130 [ 1205.315624][T24131] ? __pfx___devinet_sysctl_register+0x10/0x10 [ 1205.315657][T24131] ? __asan_memcpy+0x3c/0x60 [ 1205.315682][T24131] devinet_init_net+0x303/0x8d0 [ 1205.315711][T24131] ? __pfx_devinet_init_net+0x10/0x10 [ 1205.315739][T24131] ops_init+0x1e2/0x5f0 [ 1205.315767][T24131] setup_net+0x118/0x3a0 [ 1205.315793][T24131] ? __pfx_setup_net+0x10/0x10 [ 1205.315816][T24131] ? lockdep_init_map_type+0x5c/0x250 [ 1205.315840][T24131] ? mutex_init_lockep+0x110/0x150 [ 1205.315868][T24131] copy_net_ns+0x46f/0x7c0 [ 1205.315897][T24131] create_new_namespaces+0x3ea/0xac0 [ 1205.315932][T24131] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1205.315953][T24131] ksys_unshare+0x455/0xab0 [ 1205.315977][T24131] ? __pfx_ksys_unshare+0x10/0x10 [ 1205.316009][T24131] __x64_sys_unshare+0x31/0x40 [ 1205.316031][T24131] do_syscall_64+0x106/0xf80 [ 1205.316053][T24131] ? clear_bhb_loop+0x40/0x90 [ 1205.316085][T24131] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1205.316104][T24131] RIP: 0033:0x7fe68459bf79 [ 1205.316121][T24131] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1205.316139][T24131] RSP: 002b:00007fe685380028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1205.316158][T24131] RAX: ffffffffffffffda RBX: 00007fe684815fa0 RCX: 00007fe68459bf79 [ 1205.316171][T24131] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1205.316183][T24131] RBP: 00007fe6846327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1205.316194][T24131] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1205.316206][T24131] R13: 00007fe684816038 R14: 00007fe684815fa0 R15: 00007ffe83130ad8 [ 1205.316231][T24131] [ 1205.316276][T24131] sysctl could not get directory: /net/ipv4/conf/all -12 [ 1206.810307][T24153] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5967'. [ 1208.944352][T24178] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5975'. [ 1209.686683][T24191] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5977'. [ 1210.994123][T23868] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 1213.349283][T24230] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5987'. [ 1218.094027][ T30] audit: type=1800 audit(4294967319.920:17): pid=24272 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.5994" name="features" dev="configfs" ino=448886 res=0 errno=0 [ 1220.983897][T24294] netlink: 330 bytes leftover after parsing attributes in process `syz.1.6000'. [ 1222.376318][ T12] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 1461 with max blocks 14 with error 117 [ 1222.492702][ T12] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1222.492702][ T12] [ 1224.072874][T24316] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6006'. [ 1224.260276][T24318] netlink: set zone limit has 8 unknown bytes [ 1225.585057][T24334] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6009'. [ 1225.635617][T24332] ptrace attach of "./syz-executor exec"[17062] was attempted by "UùzîyÈ/ˆî¡دbÆtFÕ!FÄ·‰\x0cÓP‰\x07ë4Y­7Õ’§r„¬Sâ(È |C»œ`–u×Î2rùy]ÿ­Ë)1ƒ#}ÃLÅÅÏ1DƒÏ?+à'é=çJXªO_’óe\x5c›efÇ?_Š‘¬ÿÝ®¤`Xox<‘q²µ¾;$\x1bh\x0aN6ìÓO„] óó=b:¬¢ÄfÝ+ã˜é‚ù½Dé8\x07¼ÍÞM»Œ(þ>Ô\x0c­[¶'1òˆ¥5ß)áMp[ÎþPà‰LlL~ÿGŽ)å¾™©Sy©WðýEG9qó🊺1¬øNŸ}Ëá+¦`”ACæ‚Œ|‚¥àÝIè·6jÈ®4þþ°M‰[¹&Þ:è¾av%|Uòˆ\x0dQLK*„|‚ v=cn×—,Õ<ºTÈd±Ì¾Ë”ìJ\x0a¾«i6D'Ã`~»ëæ)ëʃš8ŽÛÿˆj®Oæ3ƒ…(‰÷…G¬Ù’ªƒÓö}õC{$ºý0K%•~„ú¹³h®pÖÒ–—HZÄëàÌãV[ÑS̽‰A­Kò¨Þ0äœ\x0aó6înxÎé·/.9\x0b‚i\x1b'dæ§êBîã¢\x09›ø`€bgJú­acIœNUšv\x09vúÒšˆÆào嶹?Íh&c3g¯\x5cß¿P&à”Þåì“Z?\x1b;gùTAKˆÎ±©šþŸè“]œë“ý™¼\x1b¤j€ŽüÔYKÓCmçFa%_.é— \x22ðŸR6ˆÍ‡G\x5cŽ÷î=Ù\x09¶ï¤ðÕ°%\x1b4*Oòæi³S]¦ ã¢6.\x22¶Ì.¿}í[d'¥[¸±šo¯¬¼ÈŒI„/dË9Îÿ$Yì $ÜAb\x0aµÄÖ¶ª}<²_'º<\x5c…ø¿ÝÍÌ[h)Ú“'Y¸îí/²è£ tœ¯¥qk˜`ÞùhûxŒÃc¿žF0ñ–@5\x5c\x22ðK#eÛȬ`ëÄ!åa·@ [ö懈ª?y£³zl\x09Ž\x07C57MÀ<#\x0c¦ZtŠÙÑ\x09ƒ$ÓGd¦/ñÔ놽D*ÀÛ`@ý•ùØû˜Ë¼~…wpè‚'ç¼òxÓ}5¤¤éIÛô‡8y¹xuÛo`‚4¸Ý=)ý©£\x07&ØxÉ\x22([ß:õÈ|Î.œ¥¹\x5ck1ó˜âÔ‘ [ 1225.686372][T24336] random: crng reseeded on system resumption [ 1230.165776][ T30] audit: type=1800 audit(4294967331.980:18): pid=24356 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.6012" name="features" dev="configfs" ino=456041 res=0 errno=0 [ 1230.274081][T24377] netlink: 17 bytes leftover after parsing attributes in process `syz.0.6017'. [ 1231.166897][T24387] FAULT_INJECTION: forcing a failure. [ 1231.166897][T24387] name failslab, interval 1, probability 0, space 0, times 0 [ 1231.267033][T24387] CPU: 0 UID: 0 PID: 24387 Comm: syz.4.6021 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1231.267066][T24387] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1231.267074][T24387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1231.267086][T24387] Call Trace: [ 1231.267093][T24387] [ 1231.267101][T24387] dump_stack_lvl+0x100/0x190 [ 1231.267133][T24387] should_fail_ex.cold+0x5/0xa [ 1231.267155][T24387] should_failslab+0xc2/0x120 [ 1231.267184][T24387] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1231.267205][T24387] ? ip6addrlbl_add+0xe0/0xdb0 [ 1231.267228][T24387] ip6addrlbl_add+0xe0/0xdb0 [ 1231.267253][T24387] ip6addrlbl_net_init+0x10a/0x330 [ 1231.267273][T24387] ? __pfx_ip6addrlbl_net_init+0x10/0x10 [ 1231.267293][T24387] ops_init+0x1e2/0x5f0 [ 1231.267322][T24387] setup_net+0x118/0x3a0 [ 1231.267347][T24387] ? __pfx_setup_net+0x10/0x10 [ 1231.267371][T24387] ? lockdep_init_map_type+0x5c/0x250 [ 1231.267395][T24387] ? mutex_init_lockep+0x110/0x150 [ 1231.267422][T24387] copy_net_ns+0x46f/0x7c0 [ 1231.267451][T24387] create_new_namespaces+0x3ea/0xac0 [ 1231.267487][T24387] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1231.267508][T24387] ksys_unshare+0x455/0xab0 [ 1231.267532][T24387] ? __pfx_ksys_unshare+0x10/0x10 [ 1231.267563][T24387] __x64_sys_unshare+0x31/0x40 [ 1231.267585][T24387] do_syscall_64+0x106/0xf80 [ 1231.267608][T24387] ? clear_bhb_loop+0x40/0x90 [ 1231.267631][T24387] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1231.267650][T24387] RIP: 0033:0x7fdbe3d9bf79 [ 1231.267667][T24387] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1231.267685][T24387] RSP: 002b:00007fdbe4b95028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1231.267705][T24387] RAX: ffffffffffffffda RBX: 00007fdbe4015fa0 RCX: 00007fdbe3d9bf79 [ 1231.267717][T24387] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1231.267728][T24387] RBP: 00007fdbe3e327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1231.267740][T24387] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1231.267751][T24387] R13: 00007fdbe4016038 R14: 00007fdbe4015fa0 R15: 00007fffb52866b8 [ 1231.267775][T24387] [ 1232.007260][T24394] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6022'. [ 1232.415903][T24393] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 960 with max blocks 63 with error 117 [ 1232.493081][T24393] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1232.493081][T24393] [ 1233.980135][T24417] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6027'. [ 1234.777644][T24419] can0: slcan on ptm0. [ 1235.349363][T24418] can0 (unregistered): slcan off ptm0. [ 1238.944631][T24486] device-mapper: ioctl: only supply one of name or uuid, cmd(5) [ 1238.996046][T24485] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6038'. [ 1239.419078][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 1239.426238][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1240.672834][T24505] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6043'. [ 1240.747238][T24505] netlink: 354 bytes leftover after parsing attributes in process `syz.1.6043'. [ 1241.075761][T24503] zswap: compressor not available [ 1243.776283][T24551] netlink: 25 bytes leftover after parsing attributes in process `syz.3.6054'. [ 1246.029080][T24572] vhci_hcd vhci_hcd.2: default hub control req: 0000 v0000 i0000 l0 [ 1246.513053][T24590] random: crng reseeded on system resumption [ 1247.432918][ T30] audit: type=1800 audit(4294967349.250:19): pid=24604 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.6067" name="dbroot" dev="configfs" ino=466519 res=0 errno=0 [ 1247.490964][T24607] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6075'. [ 1247.693392][T24602] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 980 with max blocks 43 with error 117 [ 1247.927856][T24602] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1247.927856][T24602] [ 1250.336229][T24628] zswap: compressor not available [ 1252.933374][T21965] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 1461 with max blocks 14 with error 117 [ 1252.996206][T21965] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1252.996206][T21965] [ 1253.602098][T24664] netlink: 25 bytes leftover after parsing attributes in process `syz.0.6083'. [ 1254.193988][T24631] kexec: Could not allocate control_code_buffer [ 1254.388980][T24675] misc userio: Invalid payload size [ 1254.639422][T24680] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6087'. [ 1254.753510][T24681] netlink: 25 bytes leftover after parsing attributes in process `syz.3.6088'. [ 1254.884590][T24676] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 996 with max blocks 27 with error 117 [ 1254.957112][T24682] netlink: 'syz.1.6089': attribute type 2 has an invalid length. [ 1255.153254][T24676] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1255.153254][T24676] [ 1255.343039][T24686] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6090'. [ 1255.696712][T24688] Console: switching to colour frame buffer device 128x6 [ 1256.580449][T24706] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6093'. [ 1256.665036][T24704] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 997 with max blocks 26 with error 117 [ 1256.884559][T24707] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 1256.976937][T24704] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1256.976937][T24704] [ 1257.013814][T24707] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1257.226364][T24707] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 1257.403022][T24707] page_type: f5(slab) [ 1257.512585][T24707] raw: 00fff00000000040 ffff88813fe37140 dead000000000100 dead000000000122 [ 1257.521842][T24707] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 1257.575216][T24715] netlink: 36 bytes leftover after parsing attributes in process `syz.4.6099'. [ 1257.772740][T24707] head: 00fff00000000040 ffff88813fe37140 dead000000000100 dead000000000122 [ 1257.857264][T24718] __vm_enough_memory: pid: 24718, comm: syz.4.6099, bytes: 4398046511104 not enough memory for the allocation [ 1257.903998][T24707] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 1258.022572][T24707] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 1258.134879][T24707] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 1258.266753][T24707] page dumped because: unmovable page [ 1258.380827][T24707] page_owner tracks the page as allocated [ 1258.428561][T24707] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5201, tgid 5201 (udevd), ts 38826386084, free_ts 30291207149 [ 1258.526986][T24727] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6102'. [ 1258.693188][T24707] post_alloc_hook+0x153/0x170 [ 1258.698218][T24707] get_page_from_freelist+0x111d/0x3140 [ 1258.817368][T24707] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 1258.830381][T24730] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6103'. [ 1258.894243][T24707] new_slab+0xa6/0x6e0 [ 1258.898369][T24707] refill_objects+0x26b/0x400 [ 1258.933565][T24730] netlink: 'syz.3.6103': attribute type 1 has an invalid length. [ 1258.941419][T24730] netlink: 'syz.3.6103': attribute type 6 has an invalid length. [ 1259.012900][T24707] __pcs_replace_empty_main+0x19f/0x600 [ 1259.018713][T24707] __kmalloc_noprof+0x688/0x850 [ 1259.127441][T24707] tomoyo_realpath_from_path+0xb6/0x690 [ 1259.179884][T24707] tomoyo_path_perm+0x276/0x460 [ 1259.261624][T24707] tomoyo_path_symlink+0x97/0xe0 [ 1259.305039][T24707] security_path_symlink+0x152/0x2d0 [ 1259.311133][T24707] filename_symlinkat+0x122/0x560 [ 1259.405113][T24707] __x64_sys_symlink+0x79/0xb0 [ 1259.454078][T24707] do_syscall_64+0x106/0xf80 [ 1259.486162][T24707] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1259.538475][T24707] page last free pid 1 tgid 1 stack trace: [ 1259.598480][T24707] __free_frozen_pages+0x7ca/0x10a0 [ 1259.641170][T24707] free_contig_range+0xde/0x1d0 [ 1259.689469][T24707] destroy_args+0xa8/0x7a0 [ 1259.732536][T24707] debug_vm_pgtable+0x1b66/0x34c0 [ 1259.775004][T24707] do_one_initcall+0x11d/0x760 [ 1259.817551][T24707] kernel_init_freeable+0x6e5/0x7a0 [ 1259.866842][T24707] kernel_init+0x1f/0x1e0 [ 1259.926574][T24707] ret_from_fork+0x754/0xd80 [ 1259.965630][T24707] ret_from_fork_asm+0x1a/0x30 [ 1263.216419][T24751] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1263.243508][T24751] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1263.249480][T24751] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1263.440132][T24751] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1263.462709][T24751] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1264.533390][T20250] Bluetooth: hci1: command 0x0c1a tx timeout [ 1264.542898][T24748] usb usb3: usbfs: interface 0 claimed by hub while 'syz.1.6108' sets config #16 [ 1264.816179][T24780] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6114'. [ 1265.333178][T20250] Bluetooth: hci2: command 0x0c1a tx timeout [ 1265.494457][T20250] Bluetooth: hci0: command 0x0406 tx timeout [ 1265.500808][T20250] Bluetooth: hci3: command 0x0c1a tx timeout [ 1266.810457][T24797] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input18 [ 1267.412560][T20250] Bluetooth: hci2: command 0x0c1a tx timeout [ 1267.767091][T24798] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 987 with max blocks 36 with error 117 [ 1267.803414][T24808] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6119'. [ 1268.025624][T24798] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1268.025624][T24798] [ 1268.079480][T24808] vlan1: entered promiscuous mode [ 1268.085863][T24808] vlan1: entered allmulticast mode [ 1268.132768][T24808] veth0_vlan: entered allmulticast mode [ 1272.176552][T24864] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6128'. [ 1275.882867][T24905] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6138'. [ 1278.924423][T24930] FAULT_INJECTION: forcing a failure. [ 1278.924423][T24930] name failslab, interval 1, probability 0, space 0, times 0 [ 1279.162658][T24930] CPU: 0 UID: 0 PID: 24930 Comm: syz.1.6144 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1279.162693][T24930] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1279.162702][T24930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1279.162713][T24930] Call Trace: [ 1279.162720][T24930] [ 1279.162729][T24930] dump_stack_lvl+0x100/0x190 [ 1279.162761][T24930] should_fail_ex.cold+0x5/0xa [ 1279.162784][T24930] should_failslab+0xc2/0x120 [ 1279.162812][T24930] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1279.162834][T24930] ? append_filter_err+0xb8/0x620 [ 1279.162859][T24930] ? process_preds+0x937/0x1e10 [ 1279.162887][T24930] append_filter_err+0xb8/0x620 [ 1279.162915][T24930] apply_subsystem_event_filter+0x73d/0x17d0 [ 1279.162949][T24930] ? __pfx_apply_subsystem_event_filter+0x10/0x10 [ 1279.162981][T24930] ? _copy_from_user+0x59/0xd0 [ 1279.163014][T24930] ? __pfx_subsystem_filter_write+0x10/0x10 [ 1279.163039][T24930] subsystem_filter_write+0x95/0x120 [ 1279.163067][T24930] vfs_writev+0x5ea/0xe10 [ 1279.163091][T24930] ? rcu_is_watching+0x12/0xc0 [ 1279.163123][T24930] ? __pfx_vfs_writev+0x10/0x10 [ 1279.163145][T24930] ? fdget_pos+0x2aa/0x380 [ 1279.163189][T24930] ? __fget_files+0x21f/0x3d0 [ 1279.163220][T24930] ? do_writev+0x13e/0x340 [ 1279.163242][T24930] do_writev+0x13e/0x340 [ 1279.163266][T24930] ? __pfx_do_writev+0x10/0x10 [ 1279.163296][T24930] do_syscall_64+0x106/0xf80 [ 1279.163320][T24930] ? clear_bhb_loop+0x40/0x90 [ 1279.163343][T24930] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1279.163363][T24930] RIP: 0033:0x7fe68459bf79 [ 1279.163379][T24930] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1279.163397][T24930] RSP: 002b:00007fe685380028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1279.163416][T24930] RAX: ffffffffffffffda RBX: 00007fe684815fa0 RCX: 00007fe68459bf79 [ 1279.163428][T24930] RDX: 0000000000000005 RSI: 0000200000000140 RDI: 0000000000000005 [ 1279.163440][T24930] RBP: 00007fe6846327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1279.163450][T24930] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1279.163462][T24930] R13: 00007fe684816038 R14: 00007fe684815fa0 R15: 00007ffe83130ad8 [ 1279.163487][T24930] [ 1280.718354][T24947] FAULT_INJECTION: forcing a failure. [ 1280.718354][T24947] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1280.731632][T24947] CPU: 0 UID: 0 PID: 24947 Comm: syz.1.6148 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1280.731666][T24947] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1280.731674][T24947] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1280.731789][T24947] Call Trace: [ 1280.731799][T24947] [ 1280.731808][T24947] dump_stack_lvl+0x100/0x190 [ 1280.731842][T24947] should_fail_ex.cold+0x5/0xa [ 1280.731864][T24947] should_fail_futex+0x4c/0x60 [ 1280.731885][T24947] futex_lock_pi_atomic+0xe7/0xaf0 [ 1280.731915][T24947] futex_lock_pi+0x246/0x7b0 [ 1280.731942][T24947] ? __pfx_futex_lock_pi+0x10/0x10 [ 1280.731969][T24947] ? __pfx___futex_wait+0x10/0x10 [ 1280.731994][T24947] ? lockdep_hardirqs_on+0x78/0x100 [ 1280.732036][T24947] ? __pfx_futex_wake_mark+0x10/0x10 [ 1280.732074][T24947] ? ksys_write+0x190/0x250 [ 1280.732100][T24947] ? ksys_write+0x190/0x250 [ 1280.732129][T24947] do_futex+0x18a/0x350 [ 1280.732150][T24947] ? __pfx_do_futex+0x10/0x10 [ 1280.732178][T24947] __x64_sys_futex+0x34f/0x4d0 [ 1280.732203][T24947] ? __pfx___x64_sys_futex+0x10/0x10 [ 1280.732234][T24947] do_syscall_64+0x106/0xf80 [ 1280.732258][T24947] ? clear_bhb_loop+0x40/0x90 [ 1280.732281][T24947] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1280.732301][T24947] RIP: 0033:0x7fe68459bf79 [ 1280.732318][T24947] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1280.732342][T24947] RSP: 002b:00007fe685380028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1280.732361][T24947] RAX: ffffffffffffffda RBX: 00007fe684815fa0 RCX: 00007fe68459bf79 [ 1280.732373][T24947] RDX: 0000000000000008 RSI: 0000000000000006 RDI: 0000000000000000 [ 1280.732384][T24947] RBP: 00007fe6846327e0 R08: 0000000000000000 R09: 000000008000fff5 [ 1280.732396][T24947] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1280.732408][T24947] R13: 00007fe684816038 R14: 00007fe684815fa0 R15: 00007ffe83130ad8 [ 1280.732437][T24947] [ 1282.305905][T20250] Bluetooth: hci0: ACL packet too small [ 1282.663910][T24958] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6150'. [ 1282.734392][T24958] netlink: 25 bytes leftover after parsing attributes in process `syz.3.6150'. [ 1282.923159][T24962] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6151'. [ 1283.087400][ T30] audit: type=1800 audit(4294985728.909:20): pid=24966 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.6153" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 1283.192138][T24960] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 984 with max blocks 39 with error 117 [ 1283.333150][ T58] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 1461 with max blocks 14 with error 117 [ 1283.349788][T24960] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1283.349788][T24960] [ 1283.403414][ T58] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1283.403414][ T58] [ 1283.504468][T24970] random: crng reseeded on system resumption [ 1286.583459][T25011] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6163'. [ 1286.726201][T25013] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6164'. [ 1287.237626][ T30] audit: type=1800 audit(4294985733.059:21): pid=25020 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.6166" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 1288.523678][T25029] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6169'. [ 1288.645870][T25032] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6169'. [ 1288.772180][T25033] random: crng reseeded on system resumption [ 1296.083887][T25097] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6183'. [ 1296.174271][T25097] netlink: 354 bytes leftover after parsing attributes in process `syz.1.6183'. [ 1298.982720][T25131] input: jJǸ-¶š9ã%vø“û¨lÐQ  J86Ö‘ as /devices/virtual/input/input19 [ 1300.855523][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 1300.861909][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1304.834005][T25171] input: jJǸ-¶š9ã%vø“ûJ86Ö‘ as /devices/virtual/input/input20 [ 1304.871968][T25169] Invalid ELF header magic: != ELF [ 1305.682223][T25181] netlink: 330 bytes leftover after parsing attributes in process `syz.0.6205'. [ 1306.434834][T25164] kexec: Could not allocate control_code_buffer [ 1311.356398][T25240] netlink: 334 bytes leftover after parsing attributes in process `syz.3.6219'. [ 1312.350051][T25251] Console: switching to colour VGA+ 80x25 [ 1313.560807][T25245] kexec: Could not allocate control_code_buffer [ 1313.898268][ T58] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 1461 with max blocks 14 with error 117 [ 1313.941718][T25263] can0: slcan on ttyS2. [ 1314.031822][ T58] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1314.031822][ T58] [ 1314.133682][ T58] EXT4-fs (sda1): Delayed block allocation failed for inode 2026 at logical offset 1 with max blocks 1 with error 117 [ 1314.213934][T25268] can0 (unregistered): slcan off ttyS2. [ 1314.267288][ T58] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1314.267288][ T58] [ 1315.067134][T25294] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6228'. [ 1316.037722][T25301] __vm_enough_memory: pid: 25301, comm: syz.0.6229, bytes: 8589938688 not enough memory for the allocation [ 1317.028864][T25326] netlink: 93 bytes leftover after parsing attributes in process `syz.0.6233'. [ 1317.191839][T25324] netlink: 93 bytes leftover after parsing attributes in process `syz.0.6233'. [ 1320.604429][T25379] netlink: 25 bytes leftover after parsing attributes in process `syz.0.6241'. [ 1321.845996][T25400] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6247'. [ 1321.950987][T25399] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 995 with max blocks 28 with error 117 [ 1322.057594][T25399] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1322.057594][T25399] [ 1322.443828][T25408] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6250'. [ 1324.105331][T25420] FAULT_INJECTION: forcing a failure. [ 1324.105331][T25420] name failslab, interval 1, probability 0, space 0, times 0 [ 1324.210198][T25420] CPU: 0 UID: 0 PID: 25420 Comm: syz.4.6253 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1324.210233][T25420] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1324.210241][T25420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1324.210252][T25420] Call Trace: [ 1324.210260][T25420] [ 1324.210270][T25420] dump_stack_lvl+0x100/0x190 [ 1324.210303][T25420] should_fail_ex.cold+0x5/0xa [ 1324.210325][T25420] should_failslab+0xc2/0x120 [ 1324.210354][T25420] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1324.210376][T25420] ? snd_seq_timer_new+0x44/0x1b0 [ 1324.210406][T25420] snd_seq_timer_new+0x44/0x1b0 [ 1324.210433][T25420] snd_seq_queue_alloc+0x177/0x590 [ 1324.210458][T25420] snd_seq_ioctl_create_queue+0xa9/0x370 [ 1324.210486][T25420] call_seq_client_ctl+0xa3/0x130 [ 1324.210514][T25420] snd_seq_kernel_client_ctl+0x77/0xd0 [ 1324.210616][T25420] alloc_seq_queue+0xdb/0x180 [ 1324.210661][T25420] ? __pfx_alloc_seq_queue+0x10/0x10 [ 1324.210703][T25420] ? mark_held_locks+0x40/0x70 [ 1324.210726][T25420] ? _raw_spin_unlock_irq+0x23/0x50 [ 1324.210748][T25420] ? lockdep_hardirqs_on+0x78/0x100 [ 1324.210775][T25420] snd_seq_oss_open+0x2b2/0xa10 [ 1324.210813][T25420] odev_open+0x79/0xc0 [ 1324.210839][T25420] ? __pfx_odev_open+0x10/0x10 [ 1324.210866][T25420] soundcore_open+0x2e3/0x5a0 [ 1324.210896][T25420] ? __pfx_soundcore_open+0x10/0x10 [ 1324.210924][T25420] chrdev_open+0x234/0x6a0 [ 1324.210952][T25420] ? __pfx_apparmor_file_open+0x10/0x10 [ 1324.210972][T25420] ? __pfx_chrdev_open+0x10/0x10 [ 1324.211000][T25420] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1324.211033][T25420] do_dentry_open+0x6d8/0x1660 [ 1324.211061][T25420] ? __pfx_chrdev_open+0x10/0x10 [ 1324.211094][T25420] vfs_open+0x82/0x3f0 [ 1324.211116][T25420] path_openat+0x208c/0x31a0 [ 1324.211152][T25420] ? __pfx_path_openat+0x10/0x10 [ 1324.211189][T25420] do_file_open+0x20e/0x430 [ 1324.211218][T25420] ? __pfx_do_file_open+0x10/0x10 [ 1324.211263][T25420] ? alloc_fd+0x476/0x790 [ 1324.211292][T25420] ? do_getname+0x191/0x390 [ 1324.211314][T25420] do_sys_openat2+0x10d/0x1e0 [ 1324.211336][T25420] ? __pfx_do_sys_openat2+0x10/0x10 [ 1324.211365][T25420] __x64_sys_openat+0x12d/0x210 [ 1324.211387][T25420] ? __pfx___x64_sys_openat+0x10/0x10 [ 1324.211417][T25420] do_syscall_64+0x106/0xf80 [ 1324.211441][T25420] ? clear_bhb_loop+0x40/0x90 [ 1324.211465][T25420] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1324.211485][T25420] RIP: 0033:0x7fdbe3d9bf79 [ 1324.211503][T25420] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1324.211521][T25420] RSP: 002b:00007fdbe4b95028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1324.211540][T25420] RAX: ffffffffffffffda RBX: 00007fdbe4015fa0 RCX: 00007fdbe3d9bf79 [ 1324.211566][T25420] RDX: 0000000000000801 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 1324.211578][T25420] RBP: 00007fdbe3e327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1324.211590][T25420] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1324.211602][T25420] R13: 00007fdbe4016038 R14: 00007fdbe4015fa0 R15: 00007fffb52866b8 [ 1324.211627][T25420] [ 1325.283123][T25425] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 988 with max blocks 23 with error 117 [ 1325.517188][T25425] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1325.517188][T25425] [ 1327.112660][T25458] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6261'. [ 1327.508063][T25460] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6262'. [ 1327.578321][T25460] netlink: 354 bytes leftover after parsing attributes in process `syz.3.6262'. [ 1327.634108][T25462] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6263'. [ 1328.613641][T20250] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 1330.931095][T25510] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6276'. [ 1331.769391][T25521] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6279'. [ 1335.027919][T25559] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6287'. [ 1342.114576][T25647] serio: Serial port pty6 [ 1344.695315][T25669] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6310'. [ 1344.774120][T25616] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 1461 with max blocks 14 with error 117 [ 1344.851528][T25616] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1344.851528][T25616] [ 1344.928076][T25616] EXT4-fs (sda1): Delayed block allocation failed for inode 2026 at logical offset 1 with max blocks 6 with error 117 [ 1345.042505][T25616] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1345.042505][T25616] [ 1345.439378][T25688] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6314'. [ 1348.493174][T25729] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6325'. [ 1349.340013][T25724] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input21 [ 1351.604257][T25769] binder: BINDER_SET_CONTEXT_MGR already set [ 1351.646404][T25769] binder: 25768:25769 ioctl 4018620d 9 returned -16 [ 1351.806194][T25778] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6337'. [ 1352.465188][T25800] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 981 with max blocks 42 with error 117 [ 1352.562632][T25800] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1352.562632][T25800] [ 1352.649220][T25793] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6343'. [ 1352.931261][T25810] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6346'. [ 1352.981228][T25810] netlink: 'syz.0.6346': attribute type 1 has an invalid length. [ 1353.028475][T25810] netlink: 'syz.0.6346': attribute type 6 has an invalid length. [ 1356.236363][T25843] Invalid ELF header magic: != ELF [ 1357.176507][T25862] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6358'. [ 1361.283516][T25905] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6369'. [ 1361.364051][T25906] netlink: 354 bytes leftover after parsing attributes in process `syz.0.6369'. [ 1361.669120][T25909] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6370'. [ 1361.724041][T25909] netlink: 'syz.1.6370': attribute type 1 has an invalid length. [ 1361.732155][T25909] netlink: 342 bytes leftover after parsing attributes in process `syz.1.6370'. [ 1362.307973][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 1362.317936][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1365.023937][T25948] EXT4-fs (sda1): Delayed block allocation failed for inode 2026 at logical offset 1 with max blocks 1 with error 117 [ 1365.093256][T25948] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1365.093256][T25948] [ 1365.908597][T25964] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6385'. [ 1365.940574][T25964] netlink: 'syz.0.6385': attribute type 1 has an invalid length. [ 1365.993810][T25964] netlink: 'syz.0.6385': attribute type 6 has an invalid length. [ 1366.030227][T25967] tipc: Started in network mode [ 1366.057693][T25967] tipc: Node identity ee00, cluster identity 4711 [ 1366.108130][T25967] tipc: Node number set to 60928 [ 1366.239987][T25972] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6387'. [ 1366.278461][T25972] netlink: 'syz.4.6387': attribute type 1 has an invalid length. [ 1366.310347][T25972] netlink: 'syz.4.6387': attribute type 6 has an invalid length. [ 1366.713927][T25988] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 986 with max blocks 37 with error 117 [ 1366.794682][T25988] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1366.794682][T25988] [ 1366.856199][T25984] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6392'. [ 1367.084530][T25999] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6395'. [ 1367.125432][T25999] netlink: 'syz.0.6395': attribute type 1 has an invalid length. [ 1367.159123][T25999] netlink: 'syz.0.6395': attribute type 6 has an invalid length. [ 1368.561593][T26025] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 987 with max blocks 36 with error 117 [ 1368.652491][T26025] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1368.652491][T26025] [ 1368.721360][T26021] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6402'. [ 1369.220517][T26038] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 987 with max blocks 36 with error 117 [ 1369.292131][T26038] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1369.292131][T26038] [ 1369.352029][T26036] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6404'. [ 1369.748941][T26043] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6405'. [ 1370.467764][T25620] block nbd0: Receive control failed (result -32) [ 1371.041626][T26070] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 986 with max blocks 37 with error 117 [ 1371.126857][T26070] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1371.126857][T26070] [ 1371.203209][T26064] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6412'. [ 1371.448643][T26076] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6411'. [ 1371.592833][T26080] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 986 with max blocks 37 with error 117 [ 1371.610112][T26081] netlink: 'syz.4.6411': attribute type 1 has an invalid length. [ 1371.650927][T26080] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1371.650927][T26080] [ 1371.704442][T26078] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6414'. [ 1371.761022][T26081] netlink: 51505 bytes leftover after parsing attributes in process `syz.4.6411'. [ 1372.277340][T26087] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6415'. [ 1375.337129][T25616] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 1461 with max blocks 14 with error 117 [ 1375.432456][T25616] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1375.432456][T25616] [ 1375.493697][T25616] EXT4-fs (sda1): Delayed block allocation failed for inode 2026 at logical offset 1 with max blocks 1 with error 117 [ 1375.552567][T25616] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1375.552567][T25616] [ 1378.340947][T26137] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6425'. [ 1379.054813][T26145] serio: Serial port pty6 [ 1381.072619][T26177] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6433'. [ 1384.485134][T26224] netlink: 25 bytes leftover after parsing attributes in process `syz.1.6447'. [ 1386.006698][T26243] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6451'. [ 1386.058776][T26243] netlink: 'syz.1.6451': attribute type 1 has an invalid length. [ 1386.094936][T26243] netlink: 'syz.1.6451': attribute type 6 has an invalid length. [ 1386.412042][T26245] FAULT_INJECTION: forcing a failure. [ 1386.412042][T26245] name failslab, interval 1, probability 0, space 0, times 0 [ 1386.481721][T26245] CPU: 0 UID: 0 PID: 26245 Comm: syz.1.6452 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1386.481758][T26245] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1386.481765][T26245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1386.481777][T26245] Call Trace: [ 1386.481784][T26245] [ 1386.481792][T26245] dump_stack_lvl+0x100/0x190 [ 1386.481830][T26245] should_fail_ex.cold+0x5/0xa [ 1386.481853][T26245] should_failslab+0xc2/0x120 [ 1386.481882][T26245] __kmalloc_cache_node_noprof+0x7d/0x770 [ 1386.481910][T26245] ? __alloc_workqueue+0x711/0x1880 [ 1386.481931][T26245] ? lockdep_init_map_type+0x5c/0x250 [ 1386.481960][T26245] __alloc_workqueue+0x711/0x1880 [ 1386.481985][T26245] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1386.482011][T26245] alloc_workqueue_noprof+0xd2/0x200 [ 1386.482033][T26245] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 1386.482061][T26245] ? __pfx___debug_object_init+0x10/0x10 [ 1386.482086][T26245] nci_register_device+0x511/0xb80 [ 1386.482108][T26245] ? __pfx_nci_register_device+0x10/0x10 [ 1386.482131][T26245] ? lockdep_init_map_type+0x5c/0x250 [ 1386.482159][T26245] virtual_ncidev_open+0x141/0x220 [ 1386.482185][T26245] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 1386.482211][T26245] misc_open+0x26d/0x450 [ 1386.482243][T26245] ? __pfx_misc_open+0x10/0x10 [ 1386.482265][T26245] chrdev_open+0x234/0x6a0 [ 1386.482293][T26245] ? __pfx_apparmor_file_open+0x10/0x10 [ 1386.482314][T26245] ? __pfx_chrdev_open+0x10/0x10 [ 1386.482342][T26245] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1386.482375][T26245] do_dentry_open+0x6d8/0x1660 [ 1386.482408][T26245] ? __pfx_chrdev_open+0x10/0x10 [ 1386.482440][T26245] vfs_open+0x82/0x3f0 [ 1386.482462][T26245] path_openat+0x208c/0x31a0 [ 1386.482497][T26245] ? __pfx_path_openat+0x10/0x10 [ 1386.482532][T26245] do_file_open+0x20e/0x430 [ 1386.482561][T26245] ? __pfx_do_file_open+0x10/0x10 [ 1386.482605][T26245] ? alloc_fd+0x476/0x790 [ 1386.482636][T26245] ? do_getname+0x191/0x390 [ 1386.482658][T26245] do_sys_openat2+0x10d/0x1e0 [ 1386.482679][T26245] ? __pfx_do_sys_openat2+0x10/0x10 [ 1386.482708][T26245] __x64_sys_openat+0x12d/0x210 [ 1386.482729][T26245] ? __pfx___x64_sys_openat+0x10/0x10 [ 1386.482759][T26245] do_syscall_64+0x106/0xf80 [ 1386.482782][T26245] ? clear_bhb_loop+0x40/0x90 [ 1386.482805][T26245] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1386.482825][T26245] RIP: 0033:0x7fe68459bf79 [ 1386.482843][T26245] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1386.482862][T26245] RSP: 002b:00007fe685380028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1386.482882][T26245] RAX: ffffffffffffffda RBX: 00007fe684815fa0 RCX: 00007fe68459bf79 [ 1386.482893][T26245] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 1386.482904][T26245] RBP: 00007fe6846327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1386.482916][T26245] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1386.482926][T26245] R13: 00007fe684816038 R14: 00007fe684815fa0 R15: 00007ffe83130ad8 [ 1386.482950][T26245] [ 1388.230690][T26248] busy [ 1392.264526][T26299] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6463'. [ 1395.035202][ T30] audit: type=1800 audit(4295004184.846:22): pid=26331 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.6468" name="SYSV00000008" dev="hugetlbfs" ino=0 res=0 errno=0 [ 1400.861985][T26395] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6478'. [ 1401.494032][T25620] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 1403.162102][T26432] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6488'. [ 1403.205613][T26432] netlink: 'syz.3.6488': attribute type 1 has an invalid length. [ 1403.237045][T26432] netlink: 'syz.3.6488': attribute type 6 has an invalid length. [ 1404.713399][T26455] FAULT_INJECTION: forcing a failure. [ 1404.713399][T26455] name failslab, interval 1, probability 0, space 0, times 0 [ 1404.783026][T26455] CPU: 0 UID: 0 PID: 26455 Comm: syz.1.6494 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1404.783062][T26455] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1404.783069][T26455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1404.783080][T26455] Call Trace: [ 1404.783090][T26455] [ 1404.783100][T26455] dump_stack_lvl+0x100/0x190 [ 1404.783136][T26455] should_fail_ex.cold+0x5/0xa [ 1404.783159][T26455] should_failslab+0xc2/0x120 [ 1404.783188][T26455] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1404.783212][T26455] ? alloc_empty_file+0x55/0x1c0 [ 1404.783236][T26455] alloc_empty_file+0x55/0x1c0 [ 1404.783257][T26455] alloc_file_pseudo+0x13a/0x230 [ 1404.783285][T26455] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 1404.783322][T26455] __shmem_file_setup+0x1a3/0x330 [ 1404.783345][T26455] shmem_zero_setup+0x93/0x1b0 [ 1404.783372][T26455] __mmap_region+0x20b5/0x2760 [ 1404.783396][T26455] ? set_next_entity+0x11b/0x9c0 [ 1404.783422][T26455] ? __pfx___mmap_region+0x10/0x10 [ 1404.783461][T26455] ? finish_task_switch.isra.0+0x200/0xb80 [ 1404.783480][T26455] ? finish_task_switch.isra.0+0x200/0xb80 [ 1404.783500][T26455] ? rcu_is_watching+0x12/0xc0 [ 1404.783535][T26455] ? __schedule+0x1000/0x60e0 [ 1404.783588][T26455] ? rcu_is_watching+0x12/0xc0 [ 1404.783614][T26455] ? cap_capable+0x107/0x460 [ 1404.783647][T26455] mmap_region+0x180/0x3e0 [ 1404.783675][T26455] do_mmap+0xc63/0x12f0 [ 1404.783707][T26455] ? __pfx_do_mmap+0x10/0x10 [ 1404.783735][T26455] ? __pfx_down_write_killable+0x10/0x10 [ 1404.783770][T26455] vm_mmap_pgoff+0x29e/0x470 [ 1404.783803][T26455] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1404.783837][T26455] ? __x64_sys_futex+0x34f/0x4d0 [ 1404.783857][T26455] ? __x64_sys_futex+0x358/0x4d0 [ 1404.783881][T26455] ksys_mmap_pgoff+0x7d/0x5b0 [ 1404.783912][T26455] __x64_sys_mmap+0x125/0x190 [ 1404.783941][T26455] do_syscall_64+0x106/0xf80 [ 1404.783964][T26455] ? clear_bhb_loop+0x40/0x90 [ 1404.783987][T26455] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1404.784007][T26455] RIP: 0033:0x7fe68459bf79 [ 1404.784023][T26455] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1404.784041][T26455] RSP: 002b:00007fe685380028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1404.784061][T26455] RAX: ffffffffffffffda RBX: 00007fe684815fa0 RCX: 00007fe68459bf79 [ 1404.784073][T26455] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 1404.784084][T26455] RBP: 00007fe6846327e0 R08: fffffffffffffffa R09: 0000000000008000 [ 1404.784096][T26455] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 1404.784107][T26455] R13: 00007fe684816038 R14: 00007fe684815fa0 R15: 00007ffe83130ad8 [ 1404.784131][T26455] [ 1405.241671][T26461] openvswitch: netlink: Key type 261 is out of range max 32 [ 1405.895091][T25628] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 1461 with max blocks 14 with error 117 [ 1405.939144][T25628] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1405.939144][T25628] [ 1405.984309][T25628] EXT4-fs (sda1): Delayed block allocation failed for inode 2026 at logical offset 1 with max blocks 1 with error 117 [ 1406.043649][T25628] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1406.043649][T25628] [ 1406.194507][T26467] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 947 with max blocks 76 with error 117 [ 1406.294341][T26467] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1406.294341][T26467] [ 1406.894387][T26479] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 985 with max blocks 14 with error 117 [ 1406.972322][ T30] audit: type=1804 audit(4295004196.796:23): pid=26486 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.6499" name="/newroot/579/file0" dev="tmpfs" ino=3055 res=1 errno=0 [ 1407.014063][T26489] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6498'. [ 1407.057093][T26479] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1407.057093][T26479] [ 1407.074386][ T30] audit: type=1804 audit(4295004196.876:24): pid=26488 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.6499" name="/newroot/579/file0" dev="tmpfs" ino=3055 res=1 errno=0 [ 1409.910577][T26535] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.3.6511: iget: checksum invalid [ 1409.962039][T26538] netlink: set zone limit has 8 unknown bytes [ 1410.113086][T26535] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 1410.156243][T26535] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.3.6511: iget: checksum invalid [ 1410.222880][T26535] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 1410.273870][T26535] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.3.6511: iget: checksum invalid [ 1410.354009][T26535] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 1410.432902][T26535] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.3.6511: iget: checksum invalid [ 1410.594731][T26535] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 1410.665944][T26535] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 1410.753072][T26535] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 1411.223011][T26562] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6517'. [ 1412.115211][T26584] forcing mempool usage for bio_alloc_bioset+0x392/0x850 [ 1412.627741][T26579] Process accounting resumed [ 1413.828977][T26621] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.3.6532: iget: checksum invalid [ 1413.905221][T26621] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 1414.044053][T26621] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.3.6532: iget: checksum invalid [ 1414.135582][T26621] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 1414.226346][T26621] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.3.6532: iget: checksum invalid [ 1414.282093][T26621] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 1414.358675][T26621] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.3.6532: iget: checksum invalid [ 1414.422009][T26621] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 1414.479188][T26621] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 1414.572762][T26621] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 1416.757045][T26641] Process accounting resumed [ 1417.444962][ T30] audit: type=1804 audit(4295004207.276:25): pid=26671 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.6540" name="file0" dev="tmpfs" ino=8713 res=1 errno=0 [ 1417.516891][ T30] audit: type=1804 audit(4295004207.296:26): pid=26678 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.6540" name="file0" dev="tmpfs" ino=8713 res=1 errno=0 [ 1417.635562][T26684] bridge0: port 2(gretap0) entered blocking state [ 1417.707103][T26684] bridge0: port 2(gretap0) entered disabled state [ 1417.780699][T26684] gretap0: entered allmulticast mode [ 1417.857725][T26684] gretap0: entered promiscuous mode [ 1418.259791][T26686] Invalid ELF header magic: != ELF [ 1418.668104][T26697] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6548'. [ 1418.706989][T26697] netlink: 354 bytes leftover after parsing attributes in process `syz.0.6548'. [ 1420.422724][T26733] FAULT_INJECTION: forcing a failure. [ 1420.422724][T26733] name failslab, interval 1, probability 0, space 0, times 0 [ 1420.567115][T26733] CPU: 0 UID: 0 PID: 26733 Comm: syz.1.6555 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1420.567150][T26733] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1420.567158][T26733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1420.567170][T26733] Call Trace: [ 1420.567177][T26733] [ 1420.567185][T26733] dump_stack_lvl+0x100/0x190 [ 1420.567216][T26733] should_fail_ex.cold+0x5/0xa [ 1420.567247][T26733] should_failslab+0xc2/0x120 [ 1420.567276][T26733] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1420.567300][T26733] ? sk_prot_alloc+0x60/0x2a0 [ 1420.567338][T26733] sk_prot_alloc+0x60/0x2a0 [ 1420.567368][T26733] sk_alloc+0x36/0xe80 [ 1420.567390][T26733] inet6_create+0x385/0x12b0 [ 1420.567418][T26733] ? inet6_create+0x7f/0x12b0 [ 1420.567445][T26733] __sock_create+0x339/0x860 [ 1420.567479][T26733] __sys_socket+0x14d/0x260 [ 1420.567498][T26733] ? __pfx___sys_socket+0x10/0x10 [ 1420.567523][T26733] __x64_sys_socket+0x72/0xb0 [ 1420.567541][T26733] ? lockdep_hardirqs_on+0x78/0x100 [ 1420.567566][T26733] do_syscall_64+0x106/0xf80 [ 1420.567589][T26733] ? clear_bhb_loop+0x40/0x90 [ 1420.567612][T26733] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1420.567632][T26733] RIP: 0033:0x7fe68459bf79 [ 1420.567649][T26733] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1420.567668][T26733] RSP: 002b:00007fe6827d5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 1420.567687][T26733] RAX: ffffffffffffffda RBX: 00007fe684816180 RCX: 00007fe68459bf79 [ 1420.567699][T26733] RDX: 0000000000000084 RSI: 0000000000000801 RDI: 000000000000000a [ 1420.567710][T26733] RBP: 00007fe6846327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1420.567722][T26733] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1420.567733][T26733] R13: 00007fe684816218 R14: 00007fe684816180 R15: 00007ffe83130ad8 [ 1420.567756][T26733] [ 1423.736920][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 1423.743609][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1424.430515][T25620] Bluetooth: hci3: Unexpected cc 0x7c89 with no status [ 1424.883365][T26780] random: crng reseeded on system resumption [ 1425.499802][T26800] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1426.746672][T25620] Bluetooth: hci2: unexpected event 0x12 length: 440 > 8 [ 1427.185507][T26828] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6580'. [ 1427.907070][T26837] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6582'. [ 1430.813196][T26873] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6590'. [ 1431.027654][T26876] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6591'. [ 1431.063861][T26876] netlink: 354 bytes leftover after parsing attributes in process `syz.0.6591'. [ 1431.127324][T26878] sock: sock_timestamping_bind_phc: sock not bind to device [ 1432.789472][T26906] EXT4-fs (sda1): Delayed block allocation failed for inode 2026 at logical offset 1 with max blocks 1 with error 117 [ 1432.861007][T26906] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1432.861007][T26906] [ 1433.334779][T26915] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6602'. [ 1433.393359][T26915] netlink: 'syz.0.6602': attribute type 1 has an invalid length. [ 1433.401826][T26915] netlink: 'syz.0.6602': attribute type 6 has an invalid length. [ 1433.594857][ T30] audit: type=1326 audit(4295004223.426:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26916 comm="syz.0.6603" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5bc2d9bf79 code=0x0 [ 1436.453938][T25608] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 1461 with max blocks 14 with error 117 [ 1436.521460][T25608] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1436.521460][T25608] [ 1436.573017][T26946] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 986 with max blocks 37 with error 117 [ 1436.614291][T26946] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1436.614291][T26946] [ 1438.453056][T26974] bridge0: port 3(gretap0) entered blocking state [ 1438.481215][T26974] bridge0: port 3(gretap0) entered disabled state [ 1438.531552][T26974] gretap0: entered allmulticast mode [ 1438.574817][T26387] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1438.587023][T26387] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1438.597369][T26387] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1438.605630][T26387] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1438.614072][T26387] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1438.651371][T26974] gretap0: entered promiscuous mode [ 1439.596743][T26978] chnl_net:caif_netlink_parms(): no params data found [ 1439.719031][T26994] netlink: 338 bytes leftover after parsing attributes in process `syz.0.6619'. [ 1439.808139][T26994] net veth1_virt_wifi virt_wifi0: entered promiscuous mode [ 1440.062294][T26978] bridge0: port 1(bridge_slave_0) entered blocking state [ 1440.112250][T26978] bridge0: port 1(bridge_slave_0) entered disabled state [ 1440.140040][T26978] bridge_slave_0: entered allmulticast mode [ 1440.160571][T26978] bridge_slave_0: entered promiscuous mode [ 1440.193903][T26978] bridge0: port 2(bridge_slave_1) entered blocking state [ 1440.222574][T26978] bridge0: port 2(bridge_slave_1) entered disabled state [ 1440.259294][T26978] bridge_slave_1: entered allmulticast mode [ 1440.283722][T26978] bridge_slave_1: entered promiscuous mode [ 1440.422989][T26978] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1440.474995][T26978] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1440.692659][T26387] Bluetooth: hci4: command tx timeout [ 1440.811028][T26978] team0: Port device team_slave_0 added [ 1440.850586][T26978] team0: Port device team_slave_1 added [ 1441.062831][T26978] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1441.119473][T26978] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1441.262712][T26978] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1441.363035][T26978] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1441.370674][T26978] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1441.526047][T26978] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1442.104996][T26978] hsr_slave_0: entered promiscuous mode [ 1442.137103][T26978] hsr_slave_1: entered promiscuous mode [ 1442.169478][T26978] debugfs: 'hsr0' already exists in 'hsr' [ 1442.196734][T26978] Cannot create hsr debugfs directory [ 1442.601798][T27030] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.4.6627: iget: checksum invalid [ 1442.692067][T27030] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 1442.755828][T27035] netlink: set zone limit has 8 unknown bytes [ 1442.772530][T26387] Bluetooth: hci4: command tx timeout [ 1442.812791][T27034] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6628'. [ 1442.865398][T27030] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.4.6627: iget: checksum invalid [ 1442.878987][T26978] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1442.922796][T27030] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 1442.960453][T26978] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1442.971782][T27030] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.4.6627: iget: checksum invalid [ 1443.011587][T27030] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 1443.062111][T27030] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.4.6627: iget: checksum invalid [ 1443.101265][T26978] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1443.115679][T27030] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 1443.132954][T26978] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1443.150189][T27030] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 1443.222538][T27030] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 1443.507589][T27040] EXT4-fs (sda1): Delayed block allocation failed for inode 2026 at logical offset 1 with max blocks 1 with error 117 [ 1443.549482][T27030] Process accounting paused [ 1443.591586][T27040] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1443.591586][T27040] [ 1443.885112][T26978] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1444.007076][T26978] 8021q: adding VLAN 0 to HW filter on device team0 [ 1444.074476][T25617] bridge0: port 1(bridge_slave_0) entered blocking state [ 1444.081994][T25617] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1444.129611][T25617] bridge0: port 2(bridge_slave_1) entered blocking state [ 1444.137632][T25617] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1444.806902][T26978] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1444.855467][T26387] Bluetooth: hci4: command tx timeout [ 1445.629485][T26978] veth0_vlan: entered promiscuous mode [ 1445.716066][T26978] veth1_vlan: entered promiscuous mode [ 1445.899094][T26978] veth0_macvtap: entered promiscuous mode [ 1445.936647][T26978] veth1_macvtap: entered promiscuous mode [ 1446.021365][T27092] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 962 with max blocks 61 with error 117 [ 1446.036383][T26978] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1446.085675][T26978] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1446.104637][T27092] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1446.104637][T27092] [ 1446.142779][T26024] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1446.309999][T26024] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1446.357176][T26024] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1446.515168][T26024] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1446.828563][T25628] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1446.871356][T25628] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1446.933095][T26387] Bluetooth: hci4: command tx timeout [ 1447.076405][T26024] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1447.113090][T26024] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1447.965218][T27124] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 990 with max blocks 33 with error 117 [ 1448.026054][T27124] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1448.026054][T27124] [ 1450.656085][T27145] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1451.015005][T27164] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6657'. [ 1451.063195][T27164] netlink: 354 bytes leftover after parsing attributes in process `syz.0.6657'. [ 1452.500898][T27190] netlink: 'syz.5.6665': attribute type 1 has an invalid length. [ 1452.542504][T27190] netlink: 54 bytes leftover after parsing attributes in process `syz.5.6665'. [ 1452.613703][T27193] ima: policy update failed [ 1452.635794][ T30] audit: type=1802 audit(4295004242.466:28): pid=27193 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.5.6665" res=0 errno=0 [ 1453.100115][T27206] FAULT_INJECTION: forcing a failure. [ 1453.100115][T27206] name failslab, interval 1, probability 0, space 0, times 0 [ 1453.219193][T27206] CPU: 0 UID: 0 PID: 27206 Comm: syz.4.6667 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1453.219227][T27206] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1453.219234][T27206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1453.219246][T27206] Call Trace: [ 1453.219253][T27206] [ 1453.219261][T27206] dump_stack_lvl+0x100/0x190 [ 1453.219295][T27206] should_fail_ex.cold+0x5/0xa [ 1453.219318][T27206] should_failslab+0xc2/0x120 [ 1453.219347][T27206] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1453.219376][T27206] ? snd_seq_fifo_new+0x42/0x270 [ 1453.219399][T27206] ? _raw_spin_unlock_irq+0x2e/0x50 [ 1453.219423][T27206] ? __pfx_snd_seq_open+0x10/0x10 [ 1453.219449][T27206] snd_seq_fifo_new+0x42/0x270 [ 1453.219472][T27206] snd_seq_open+0x3fe/0x590 [ 1453.219499][T27206] ? __pfx_snd_seq_open+0x10/0x10 [ 1453.219524][T27206] snd_open+0x22d/0x4c0 [ 1453.219554][T27206] ? __pfx_snd_open+0x10/0x10 [ 1453.219582][T27206] chrdev_open+0x234/0x6a0 [ 1453.219609][T27206] ? __pfx_apparmor_file_open+0x10/0x10 [ 1453.219629][T27206] ? __pfx_chrdev_open+0x10/0x10 [ 1453.219657][T27206] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1453.219689][T27206] do_dentry_open+0x6d8/0x1660 [ 1453.219715][T27206] ? __pfx_chrdev_open+0x10/0x10 [ 1453.219747][T27206] vfs_open+0x82/0x3f0 [ 1453.219769][T27206] path_openat+0x208c/0x31a0 [ 1453.219803][T27206] ? __pfx_path_openat+0x10/0x10 [ 1453.219839][T27206] do_file_open+0x20e/0x430 [ 1453.219868][T27206] ? __pfx_do_file_open+0x10/0x10 [ 1453.219912][T27206] ? alloc_fd+0x476/0x790 [ 1453.219940][T27206] ? do_getname+0x191/0x390 [ 1453.219961][T27206] do_sys_openat2+0x10d/0x1e0 [ 1453.219982][T27206] ? __pfx_do_sys_openat2+0x10/0x10 [ 1453.220011][T27206] __x64_sys_openat+0x12d/0x210 [ 1453.220032][T27206] ? __pfx___x64_sys_openat+0x10/0x10 [ 1453.220054][T27206] ? arch_syscall_is_vdso_sigreturn+0xb6/0x200 [ 1453.220078][T27206] ? syscall_user_dispatch+0x76/0x130 [ 1453.220106][T27206] do_syscall_64+0x106/0xf80 [ 1453.220129][T27206] ? clear_bhb_loop+0x40/0x90 [ 1453.220152][T27206] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1453.220171][T27206] RIP: 0033:0x7fdbe3d9bf79 [ 1453.220188][T27206] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1453.220207][T27206] RSP: 002b:00007fdbe4b74028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1453.220226][T27206] RAX: ffffffffffffffda RBX: 00007fdbe4016090 RCX: 00007fdbe3d9bf79 [ 1453.220239][T27206] RDX: 00000000001e3800 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1453.220251][T27206] RBP: 00007fdbe3e327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1453.220262][T27206] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1453.220273][T27206] R13: 00007fdbe4016128 R14: 00007fdbe4016090 R15: 00007fffb52866b8 [ 1453.220296][T27206] [ 1456.706355][T27269] netlink: 28 bytes leftover after parsing attributes in process `syz.5.6679'. [ 1456.731376][T27272] EXT4-fs (sda1): Delayed block allocation failed for inode 2026 at logical offset 1 with max blocks 1 with error 117 [ 1456.848826][T27269] bond0: (slave bond_slave_0): Releasing backup interface [ 1456.865391][T27272] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1456.865391][T27272] [ 1457.051702][T27276] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1457.132810][T27276] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1457.255424][T27276] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1457.354918][T27276] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1457.424167][T27276] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1457.505867][T27276] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 1457.885106][T27276] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 1458.016463][ T30] audit: type=1804 audit(4295004247.836:29): pid=27289 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.6683" name="file0" dev="tmpfs" ino=9297 res=1 errno=0 [ 1458.142488][ T30] audit: type=1804 audit(4295004247.886:30): pid=27292 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.6683" name="file0" dev="tmpfs" ino=9297 res=1 errno=0 [ 1459.093090][T26387] Bluetooth: hci1: command 0x0c1a tx timeout [ 1459.168582][T27319] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 988 with max blocks 35 with error 117 [ 1459.185295][T26387] Bluetooth: hci2: command 0x0c1a tx timeout [ 1459.262548][T27319] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1459.262548][T27319] [ 1459.333986][T26387] Bluetooth: hci3: command 0x0c1a tx timeout [ 1459.416839][T26387] Bluetooth: hci0: command 0x0406 tx timeout [ 1459.493821][T26387] Bluetooth: hci4: command 0x0c1a tx timeout [ 1460.228318][T26387] block nbd1: Receive control failed (result -32) [ 1460.957474][T27348] bridge0: port 3(gretap0) entered blocking state [ 1461.009910][T27348] bridge0: port 3(gretap0) entered disabled state [ 1461.067569][T27348] gretap0: entered allmulticast mode [ 1461.127663][T27348] FAULT_INJECTION: forcing a failure. [ 1461.127663][T27348] name failslab, interval 1, probability 0, space 0, times 0 [ 1461.257017][T27348] CPU: 0 UID: 0 PID: 27348 Comm: syz.5.6696 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1461.257061][T27348] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1461.257069][T27348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1461.257081][T27348] Call Trace: [ 1461.257088][T27348] [ 1461.257095][T27348] dump_stack_lvl+0x100/0x190 [ 1461.257127][T27348] should_fail_ex.cold+0x5/0xa [ 1461.257149][T27348] should_failslab+0xc2/0x120 [ 1461.257178][T27348] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1461.257199][T27348] ? __netdev_adjacent_dev_insert+0x22b/0xbf0 [ 1461.257223][T27348] ? __pfx_ib_device_get_by_netdev+0x10/0x10 [ 1461.257253][T27348] __netdev_adjacent_dev_insert+0x22b/0xbf0 [ 1461.257277][T27348] ? ip6_route_dev_notify+0xe4/0x750 [ 1461.257303][T27348] ? ndisc_netdev_event+0xa1/0x560 [ 1461.257323][T27348] ? __pfx___netdev_adjacent_dev_insert+0x10/0x10 [ 1461.257346][T27348] ? notifier_call_chain+0x34c/0x420 [ 1461.257376][T27348] __netdev_upper_dev_link+0x3d8/0x7e0 [ 1461.257408][T27348] ? __pfx___netdev_upper_dev_link+0x10/0x10 [ 1461.257436][T27348] ? kernfs_root+0xf8/0x2a0 [ 1461.257457][T27348] ? kernfs_add_one+0x214/0x850 [ 1461.257485][T27348] netdev_master_upper_dev_link+0x9f/0xd0 [ 1461.257515][T27348] ? __pfx_netdev_master_upper_dev_link+0x10/0x10 [ 1461.257548][T27348] ? lockdep_rtnl_is_held+0x26/0x40 [ 1461.257574][T27348] ? netdev_is_rx_handler_busy+0x83/0x140 [ 1461.257603][T27348] br_add_if+0x9fd/0x1b40 [ 1461.257627][T27348] ? security_capable+0x80/0x260 [ 1461.257660][T27348] add_del_if+0x114/0x160 [ 1461.257684][T27348] br_dev_siocdevprivate+0x8ac/0x1650 [ 1461.257708][T27348] ? __lock_acquire+0x4a5/0x2630 [ 1461.257730][T27348] ? __pfx_br_dev_siocdevprivate+0x10/0x10 [ 1461.257762][T27348] ? do_raw_spin_lock+0x128/0x260 [ 1461.257798][T27348] ? mark_held_locks+0x40/0x70 [ 1461.257824][T27348] ? netdev_name_node_lookup+0x107/0x150 [ 1461.257844][T27348] ? __mutex_lock+0x26a/0x1b90 [ 1461.257872][T27348] dev_ifsioc+0xc1e/0x1e90 [ 1461.257897][T27348] ? __pfx_dev_ifsioc+0x10/0x10 [ 1461.257924][T27348] ? __pfx___mutex_lock+0x10/0x10 [ 1461.257957][T27348] ? dev_load+0x8e/0x240 [ 1461.257976][T27348] ? dev_load+0x8e/0x240 [ 1461.258002][T27348] dev_ioctl+0x70e/0x1070 [ 1461.258027][T27348] sock_ioctl+0x494/0x6b0 [ 1461.258053][T27348] ? __pfx_sock_ioctl+0x10/0x10 [ 1461.258071][T27348] ? hook_file_ioctl_common+0x146/0x410 [ 1461.258098][T27348] ? __fget_files+0x21f/0x3d0 [ 1461.258127][T27348] ? __pfx_sock_ioctl+0x10/0x10 [ 1461.258147][T27348] __x64_sys_ioctl+0x18e/0x210 [ 1461.258171][T27348] do_syscall_64+0x106/0xf80 [ 1461.258195][T27348] ? clear_bhb_loop+0x40/0x90 [ 1461.258218][T27348] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1461.258238][T27348] RIP: 0033:0x7f1c5319bf79 [ 1461.258255][T27348] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1461.258273][T27348] RSP: 002b:00007f1c53f6e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1461.258292][T27348] RAX: ffffffffffffffda RBX: 00007f1c53416270 RCX: 00007f1c5319bf79 [ 1461.258304][T27348] RDX: 0000200000000040 RSI: 00000000000089fc RDI: 0000000000000008 [ 1461.258315][T27348] RBP: 00007f1c532327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1461.258326][T27348] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1461.258337][T27348] R13: 00007f1c53416308 R14: 00007f1c53416270 R15: 00007ffde3093468 [ 1461.258360][T27348] [ 1461.775776][T27348] gretap0: left allmulticast mode [ 1461.900599][T26387] Bluetooth: hci4: command 0x0c1a tx timeout [ 1462.103742][T27362] syz.5.6699(27362): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 1462.740031][T27368] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 988 with max blocks 35 with error 117 [ 1462.796220][T27368] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1462.796220][T27368] [ 1463.974147][T26387] Bluetooth: hci4: command 0x0c1a tx timeout [ 1465.589399][T27392] Invalid ELF header magic: != ELF [ 1466.574207][T27408] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.0.6706: iget: checksum invalid [ 1466.749115][T27408] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 1466.881334][T27408] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.0.6706: iget: checksum invalid [ 1467.015460][T27408] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 1467.093733][T26024] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 1461 with max blocks 14 with error 117 [ 1467.123593][T27408] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.0.6706: iget: checksum invalid [ 1467.148728][T26024] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1467.148728][T26024] [ 1467.324378][T27408] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 1467.472603][T27408] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.0.6706: iget: checksum invalid [ 1467.632729][T27408] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 1467.692512][T27408] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 1467.743408][T27408] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 1469.170702][T26387] Bluetooth: hci0: unexpected event 0x1c length: 725 > 5 [ 1469.261494][T27436] openvswitch: netlink: Multiple metadata blocks provided [ 1469.324780][T27436] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1472.401540][T27474] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 986 with max blocks 37 with error 117 [ 1472.631379][T27474] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1472.631379][T27474] [ 1474.605111][T27483] Process accounting resumed [ 1475.776863][T27533] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 966 with max blocks 42 with error 117 [ 1475.845894][T27533] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1475.845894][T27533] [ 1475.907884][T27535] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1477.136758][T27553] vivid-007: ================= START STATUS ================= [ 1477.276326][T27553] vivid-007: Generate PTS: true [ 1477.281867][T27553] vivid-007: Generate SCR: true [ 1477.431835][T27553] tpg source WxH: 320x240 (Y'CbCr) [ 1477.472936][T27553] tpg field: 1 [ 1477.513243][T27553] tpg crop: (0,0)/320x240 [ 1477.615899][T27553] tpg compose: (0,0)/320x240 [ 1477.620889][T27553] tpg colorspace: 8 [ 1477.772704][T27553] tpg transfer function: 0/0 [ 1477.818473][T27553] tpg Y'CbCr encoding: 0/0 [ 1477.872747][T27553] tpg quantization: 0/0 [ 1477.934085][T27553] tpg RGB range: 0/2 [ 1477.938020][T27553] vivid-007: ================== END STATUS ================== [ 1478.062955][T27559] block nbd7: not configured, cannot reconfigure [ 1478.153095][T27569] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6739'. [ 1478.191631][T27569] netlink: 354 bytes leftover after parsing attributes in process `syz.3.6739'. [ 1478.545730][T27577] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6742'. [ 1478.583714][T27577] netlink: 354 bytes leftover after parsing attributes in process `syz.4.6742'. [ 1480.540217][T27601] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 996 with max blocks 27 with error 117 [ 1480.680123][T27601] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1480.680123][T27601] [ 1482.351491][T27637] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6756'. [ 1482.396507][T27637] netlink: 354 bytes leftover after parsing attributes in process `syz.4.6756'. [ 1482.522280][T27642] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.3.6755: iget: checksum invalid [ 1482.674392][T27642] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 1482.814077][T27642] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.3.6755: iget: checksum invalid [ 1482.910486][T27642] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 1483.018209][T27642] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.3.6755: iget: checksum invalid [ 1483.184643][T27642] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 1483.283054][T27642] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.3.6755: iget: checksum invalid [ 1483.357291][T27642] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 1483.442835][T27642] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 1483.547739][T27642] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 1485.181208][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 1485.190638][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1485.211607][T27678] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6761'. [ 1485.251888][T27678] netlink: 354 bytes leftover after parsing attributes in process `syz.4.6761'. [ 1488.551678][T27703] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1488.788765][T27716] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.5.6767: iget: checksum invalid [ 1488.833756][T27716] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 1488.876680][T27716] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.5.6767: iget: checksum invalid [ 1488.937213][T27716] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 1488.995039][T27716] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.5.6767: iget: checksum invalid [ 1489.055816][T27716] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 1489.110170][T27716] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.5.6767: iget: checksum invalid [ 1489.151440][T27716] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 1489.164969][T27716] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 1489.185571][T27716] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 1489.533407][T27729] Invalid ELF header magic: != ELF [ 1489.841460][T27731] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6770'. [ 1489.874192][T27731] netlink: 354 bytes leftover after parsing attributes in process `syz.5.6770'. [ 1491.166649][T27754] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 970 with max blocks 53 with error 117 [ 1491.233747][T27754] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1491.233747][T27754] [ 1493.096842][T27793] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1493.744301][T27810] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 952 with max blocks 71 with error 117 [ 1493.842444][T27810] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1493.842444][T27810] [ 1494.252783][T27822] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6793'. [ 1494.292047][T27822] netlink: 354 bytes leftover after parsing attributes in process `syz.4.6793'. [ 1495.312158][T27839] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6796'. [ 1495.394104][T27839] netlink: 354 bytes leftover after parsing attributes in process `syz.0.6796'. [ 1497.354050][T27886] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6808'. [ 1497.403813][T27886] netlink: 'syz.4.6808': attribute type 1 has an invalid length. [ 1497.412016][T27886] netlink: 342 bytes leftover after parsing attributes in process `syz.4.6808'. [ 1497.573785][T25638] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 1461 with max blocks 14 with error 117 [ 1497.608165][T27869] bridge0: port 3(team0) entered blocking state [ 1497.615059][T25638] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1497.615059][T25638] [ 1497.639978][T27869] bridge0: port 3(team0) entered disabled state [ 1497.650742][T25638] EXT4-fs (sda1): Delayed block allocation failed for inode 2026 at logical offset 1 with max blocks 1 with error 117 [ 1497.688952][T27869] team0: entered allmulticast mode [ 1497.695360][T25638] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1497.695360][T25638] [ 1497.742463][T27869] team_slave_0: entered allmulticast mode [ 1497.786100][T27869] team_slave_1: entered allmulticast mode [ 1497.840136][T27869] team0: entered promiscuous mode [ 1497.856631][T27869] team_slave_0: entered promiscuous mode [ 1497.886133][T27869] team_slave_1: entered promiscuous mode [ 1497.927317][T27869] bridge0: port 3(team0) entered blocking state [ 1497.933818][T27869] bridge0: port 3(team0) entered forwarding state [ 1500.395990][T27926] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 988 with max blocks 35 with error 117 [ 1500.602472][T27926] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1500.602472][T27926] [ 1501.226381][T27946] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1501.412475][T27946] netlink: 'syz.4.6824': attribute type 1 has an invalid length. [ 1503.071767][T27981] Invalid ELF header magic: != ELF [ 1506.234627][T28023] EXT4-fs (sda1): Delayed block allocation failed for inode 2026 at logical offset 1 with max blocks 1 with error 117 [ 1506.354650][T28023] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1506.354650][T28023] [ 1507.407815][T27998] Process accounting paused [ 1508.644631][T28057] hub 3-0:1.0: USB hub found [ 1508.662574][T28057] hub 3-0:1.0: 1 port detected [ 1508.692430][T26387] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 1508.727147][T28057] usb usb3: authorized to connect [ 1509.807344][T28060] Invalid ELF header magic: != ELF [ 1510.312444][T28086] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 942 with max blocks 81 with error 117 [ 1510.407653][T28086] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1510.407653][T28086] [ 1512.939588][T28122] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6861'. [ 1512.972135][T28122] netlink: 'syz.5.6861': attribute type 1 has an invalid length. [ 1513.037400][T28122] netlink: 342 bytes leftover after parsing attributes in process `syz.5.6861'. [ 1513.469431][T28133] zram0: detected capacity change from 0 to 8 [ 1513.511535][T28136] Invalid ELF header magic: != ELF [ 1515.975984][T28172] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6874'. [ 1516.018772][T28172] netlink: 'syz.5.6874': attribute type 1 has an invalid length. [ 1516.056006][T28172] netlink: 342 bytes leftover after parsing attributes in process `syz.5.6874'. [ 1516.101365][T28175] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.0.6875: iget: checksum invalid [ 1516.164852][T28175] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 1516.240002][T28175] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.0.6875: iget: checksum invalid [ 1516.277143][T28179] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !PjE ùrõ£Ò„yù*›"¤l-ý¤ôy–ú„ [ 1516.313099][T28175] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 1516.421675][T28175] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.0.6875: iget: checksum invalid [ 1516.629440][T28175] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 1516.738434][T28175] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.0.6875: iget: checksum invalid [ 1516.877704][T28175] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 1516.980822][T28175] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 1517.054625][T28175] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 1517.470807][T28199] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1517.530121][T28199] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 1517.812486][T26387] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 1518.175226][T28215] EXT4-fs (sda1): Delayed block allocation failed for inode 2026 at logical offset 1 with max blocks 1 with error 117 [ 1518.312561][T28215] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1518.312561][T28215] [ 1519.034624][T28227] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6888'. [ 1519.081700][T28227] netlink: 354 bytes leftover after parsing attributes in process `syz.3.6888'. [ 1520.571767][T25620] Bluetooth: hci0: unexpected event 0x17 length: 440 > 6 [ 1520.692681][T26387] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 1520.830769][T28261] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6895'. [ 1520.897403][T28261] netlink: 'syz.4.6895': attribute type 1 has an invalid length. [ 1520.962502][T28261] netlink: 334 bytes leftover after parsing attributes in process `syz.4.6895'. [ 1521.388688][T28273] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6898'. [ 1521.437441][T28273] netlink: 25 bytes leftover after parsing attributes in process `syz.4.6898'. [ 1522.341494][T28284] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(12) [ 1523.000416][T28290] bond0: option arp_validate: invalid value () [ 1523.801411][T28303] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 964 with max blocks 59 with error 117 [ 1523.979623][T28303] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1523.979623][T28303] [ 1525.584891][T28337] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6916'. [ 1525.645991][T28340] netlink: 354 bytes leftover after parsing attributes in process `syz.3.6916'. [ 1526.813474][T28358] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6922'. [ 1527.636428][T28372] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6925'. [ 1527.693675][T28372] netlink: 354 bytes leftover after parsing attributes in process `syz.0.6925'. [ 1527.973037][T25617] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 1461 with max blocks 14 with error 117 [ 1528.067081][T25617] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1528.067081][T25617] [ 1528.081621][T28375] __vm_enough_memory: pid: 28375, comm: syz.0.6926, bytes: 4398046511104 not enough memory for the allocation [ 1529.095593][T28392] netlink: 'syz.0.6930': attribute type 1 has an invalid length. [ 1529.437551][T28397] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 995 with max blocks 28 with error 117 [ 1529.453146][T28388] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.5.6928: iget: checksum invalid [ 1529.574096][T28388] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 1529.644884][T28397] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1529.644884][T28397] [ 1529.802139][T28388] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.5.6928: iget: checksum invalid [ 1530.003909][T28388] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 1530.157945][T28388] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.5.6928: iget: checksum invalid [ 1530.312695][T28388] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 1530.445409][T28388] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.5.6928: iget: checksum invalid [ 1530.616118][T28388] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 1530.737890][T28388] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 1530.878454][T28388] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 1531.297250][T28419] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6937'. [ 1531.331993][T28419] netlink: 354 bytes leftover after parsing attributes in process `syz.3.6937'. [ 1532.384400][T28429] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6940'. [ 1532.433400][T28429] nbd: must specify a device to reconfigure [ 1532.506978][T28442] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6943'. [ 1533.748705][T28457] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6947'. [ 1533.813598][T28459] netlink: 354 bytes leftover after parsing attributes in process `syz.3.6947'. [ 1534.682721][T28471] netlink: 306 bytes leftover after parsing attributes in process `syz.4.6950'. [ 1535.111325][T28476] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6951'. [ 1536.779067][T28501] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.0.6955: iget: checksum invalid [ 1536.877207][T28501] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 1537.007628][T28501] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.0.6955: iget: checksum invalid [ 1537.192879][T28501] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 1537.519657][T28501] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.0.6955: iget: checksum invalid [ 1537.801976][T28501] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 1538.001919][T28498] Process accounting resumed [ 1538.007176][T28501] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.0.6955: iget: checksum invalid [ 1538.215135][T28501] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 1538.402728][T28501] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 1538.486813][T28501] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 1545.409021][T25608] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 998 with max blocks 25 with error 117 [ 1545.496000][T28613] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6978'. [ 1545.507158][T25608] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1545.507158][T25608] [ 1545.566040][T25608] EXT4-fs (sda1): Delayed block allocation failed for inode 2026 at logical offset 1 with max blocks 1 with error 117 [ 1545.603402][T28614] netlink: 354 bytes leftover after parsing attributes in process `syz.3.6978'. [ 1545.636830][T25608] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1545.636830][T25608] [ 1545.738576][T25608] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 993 with max blocks 8 with error 117 [ 1545.843518][T25608] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1545.843518][T25608] [ 1546.625685][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 1546.634496][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1547.095917][T28640] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 965 with max blocks 58 with error 117 [ 1547.183418][T28640] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1547.183418][T28640] [ 1547.272036][T25616] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 1000 with max blocks 12 with error 117 [ 1547.355170][T25616] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1547.355170][T25616] [ 1547.877599][T28650] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1547.923039][T28650] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1547.972609][T28657] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6989'. [ 1548.010094][T28650] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1548.050471][T28660] netlink: 354 bytes leftover after parsing attributes in process `syz.3.6989'. [ 1548.093726][T28650] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1548.182140][T28650] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1549.894788][T25620] Bluetooth: hci1: command 0x0c1a tx timeout [ 1549.972983][T25620] Bluetooth: hci2: command 0x0c1a tx timeout [ 1550.017963][T28687] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6996'. [ 1550.052593][T25620] Bluetooth: hci3: command 0x0c1a tx timeout [ 1550.073266][T28687] netlink: 354 bytes leftover after parsing attributes in process `syz.5.6996'. [ 1550.133712][T25620] Bluetooth: hci0: command 0x0406 tx timeout [ 1550.212946][T25620] Bluetooth: hci4: command 0x0c1a tx timeout [ 1551.732827][T26387] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 1553.011444][T28739] FAULT_INJECTION: forcing a failure. [ 1553.011444][T28739] name failslab, interval 1, probability 0, space 0, times 0 [ 1553.041028][T28733] [U] [ 1553.043846][T28733] [U] [ 1553.046544][T28733] [U] [ 1553.049332][T28733] [U] [ 1553.103448][T28739] CPU: 0 UID: 0 PID: 28739 Comm: syz.5.7007 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1553.103483][T28739] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1553.103491][T28739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1553.103502][T28739] Call Trace: [ 1553.103509][T28739] [ 1553.103517][T28739] dump_stack_lvl+0x100/0x190 [ 1553.103550][T28739] should_fail_ex.cold+0x5/0xa [ 1553.103572][T28739] should_failslab+0xc2/0x120 [ 1553.103601][T28739] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 1553.103626][T28739] ? sock_alloc_inode+0x25/0x1c0 [ 1553.103657][T28739] ? __pfx_sock_alloc_inode+0x10/0x10 [ 1553.103685][T28739] sock_alloc_inode+0x25/0x1c0 [ 1553.103720][T28739] alloc_inode+0x68/0x250 [ 1553.103742][T28739] sock_alloc+0x44/0x280 [ 1553.103766][T28739] ? security_socket_create+0x7f/0x250 [ 1553.103797][T28739] __sock_create+0xc2/0x860 [ 1553.103832][T28739] __sys_socket+0x14d/0x260 [ 1553.103851][T28739] ? __pfx___sys_socket+0x10/0x10 [ 1553.103876][T28739] __x64_sys_socket+0x72/0xb0 [ 1553.103893][T28739] ? lockdep_hardirqs_on+0x78/0x100 [ 1553.103917][T28739] do_syscall_64+0x106/0xf80 [ 1553.103940][T28739] ? clear_bhb_loop+0x40/0x90 [ 1553.103967][T28739] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1553.103987][T28739] RIP: 0033:0x7f1c5319bf79 [ 1553.104004][T28739] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1553.104022][T28739] RSP: 002b:00007f1c53fb0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 1553.104041][T28739] RAX: ffffffffffffffda RBX: 00007f1c53416090 RCX: 00007f1c5319bf79 [ 1553.104053][T28739] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 1553.104064][T28739] RBP: 00007f1c532327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1553.104075][T28739] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1553.104085][T28739] R13: 00007f1c53416128 R14: 00007f1c53416090 R15: 00007ffde3093468 [ 1553.104108][T28739] [ 1553.104118][T28739] socket: no more sockets [ 1553.346130][T28733] [U] [ 1553.349087][T28733] [U] [ 1553.352128][T28733] [U] [ 1553.355091][T28733] [U] [ 1553.399469][T28733] [U] [ 1553.403056][T28733] [U] [ 1553.406016][T28733] [U] [ 1553.409011][T28733] [U] [ 1553.440325][T28733] [U] [ 1553.443454][T28733] [U] [ 1553.446334][T28733] [U] [ 1553.449127][T28733] [U] [ 1553.472966][T28733] [U] [ 1553.476520][T28733] [U] [ 1553.479668][T28733] [U] [ 1553.482688][T28733] [U] [ 1553.522474][T28733] [U] [ 1553.525326][T28733] [U] [ 1553.528391][T28733] [U] [ 1553.531344][T28733] [U] [ 1553.554586][T28733] [U] [ 1553.557515][T28733] [U] [ 1553.560491][T28733] [U] [ 1553.563951][T28733] [U] [ 1553.633210][T28733] [U] [ 1553.944775][T28749] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7011'. [ 1553.963793][T28749] netlink: 354 bytes leftover after parsing attributes in process `syz.3.7011'. [ 1555.172800][T28768] Invalid ELF header magic: != ELF [ 1555.544293][T28778] tipc: Started in network mode [ 1555.563531][T28778] tipc: Node identity ffffffff, cluster identity 4711 [ 1555.580451][T28778] tipc: Node number set to 4294967295 [ 1557.082098][T28798] EXT4-fs: 2 callbacks suppressed [ 1557.082116][T28798] EXT4-fs (sda1): Delayed block allocation failed for inode 2026 at logical offset 1 with max blocks 1 with error 117 [ 1557.313566][T28798] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1557.313566][T28798] [ 1557.558128][T28784] Process accounting resumed [ 1558.132085][T28820] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7024'. [ 1558.193301][T28823] netlink: 'syz.4.7024': attribute type 1 has an invalid length. [ 1558.201180][T28823] netlink: 13 bytes leftover after parsing attributes in process `syz.4.7024'. [ 1559.897345][T28843] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7030'. [ 1559.951565][T28843] netlink: 342 bytes leftover after parsing attributes in process `syz.0.7030'. [ 1560.084491][T28849] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.5.7031: iget: checksum invalid [ 1560.126368][T28849] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 1560.174661][T28849] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.5.7031: iget: checksum invalid [ 1560.209575][T28849] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 1560.277490][T28849] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.5.7031: iget: checksum invalid [ 1560.395548][T28849] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 1560.542988][T28849] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.5.7031: iget: checksum invalid [ 1560.709362][T28849] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 1560.844138][T28849] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 1561.037938][T28849] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 1565.071431][T28910] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.3.7042: iget: checksum invalid [ 1565.182904][T28910] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 1565.266841][T28910] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.3.7042: iget: checksum invalid [ 1565.390874][T28910] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 1565.423090][T28914] netlink: 4 bytes leftover after parsing attributes in process `syz.5.7043'. [ 1565.445477][T28916] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7044'. [ 1565.464540][T28910] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.3.7042: iget: checksum invalid [ 1565.494156][T28914] netlink: 342 bytes leftover after parsing attributes in process `syz.5.7043'. [ 1565.505934][T28918] netlink: 354 bytes leftover after parsing attributes in process `syz.4.7044'. [ 1565.538695][T28910] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 1565.618981][T28910] EXT4-fs error (device sda1): ext4_lookup:1785: inode #274: comm syz.3.7042: iget: checksum invalid [ 1565.718891][T28910] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 1565.771824][T28910] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 1565.848825][T28910] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 1568.170755][T28920] Process accounting paused [ 1568.350904][T28960] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7054'. [ 1568.430019][T28968] netlink: 354 bytes leftover after parsing attributes in process `syz.0.7054'. [ 1570.411260][T26024] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 963 with max blocks 60 with error 117 [ 1570.470872][T26024] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1570.470872][T26024] [ 1570.649717][T26024] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 1360 with max blocks 115 with error 117 [ 1570.694946][T26024] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1570.694946][T26024] [ 1572.204516][T29028] random: crng reseeded on system resumption [ 1572.872518][T29033] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7066'. [ 1572.943811][T29034] netlink: 354 bytes leftover after parsing attributes in process `syz.3.7066'. [ 1573.558404][T29040] [U] [ 1573.561398][T29040] [U] [ 1573.564110][T29040] [U] [ 1573.566973][T29040] [U] [ 1573.620473][T29041] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 1007 with max blocks 16 with error 117 [ 1573.661657][T29040] [U] [ 1573.664559][T29040] [U] [ 1573.667249][T29040] [U] [ 1573.670132][T29040] [U] [ 1573.704047][T29040] [U] [ 1573.706792][T29040] [U] [ 1573.709490][T29040] [U] [ 1573.712182][T29040] [U] [ 1573.744637][T29040] [U] [ 1573.747362][T29040] [U] [ 1573.750231][T29040] [U] [ 1573.753092][T29040] [U] [ 1573.821142][T29040] [U] [ 1573.823872][T29040] [U] [ 1573.826570][T29040] [U] [ 1573.829254][T29040] [U] [ 1573.858133][T29041] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1573.858133][T29041] [ 1573.886955][T29040] [U] [ 1573.889712][T29040] [U] [ 1573.892405][T29040] [U] [ 1573.895184][T29040] [U] [ 1573.954119][T29040] [U] [ 1573.956850][T29040] [U] [ 1573.959642][T29040] [U] [ 1573.962423][T29040] [U] [ 1574.002649][T29040] [U] [ 1574.005556][T29040] [U] [ 1574.008420][T29040] [U] [ 1574.011202][T29040] [U] [ 1574.066115][T29040] [U] [ 1574.068854][T29040] [U] [ 1574.071651][T29040] [U] [ 1574.074426][T29040] [U] [ 1574.187334][T29040] [U] [ 1574.190417][T29040] [U] [ 1574.193216][T29040] [U] [ 1574.195903][T29040] [U] [ 1574.323564][T29040] [U] [ 1574.326518][T29040] [U] [ 1574.329275][T29040] [U] [ 1574.332060][T29040] [U] [ 1574.379239][T29040] [U] [ 1576.218923][T29083] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 964 with max blocks 59 with error 117 [ 1576.404405][T29083] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1576.404405][T29083] [ 1576.509422][T29089] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7076'. [ 1576.560273][T29089] netlink: 'syz.4.7076': attribute type 1 has an invalid length. [ 1576.605239][T29089] netlink: 13 bytes leftover after parsing attributes in process `syz.4.7076'. [ 1576.843018][T29097] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7077'. [ 1576.897207][T29098] netlink: 354 bytes leftover after parsing attributes in process `syz.4.7077'. [ 1577.199438][T29103] netlink: 4 bytes leftover after parsing attributes in process `syz.5.7079'. [ 1577.263432][T29103] netlink: 'syz.5.7079': attribute type 1 has an invalid length. [ 1577.309287][T29103] netlink: 334 bytes leftover after parsing attributes in process `syz.5.7079'. [ 1577.972535][ T31] INFO: task syz.1.6561:26761 blocked for more than 143 seconds. SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1578.012917][ T31] Tainted: G U L syzkaller #0 [ 1578.061378][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1578.116927][ T31] task:syz.1.6561 state:D stack:27464 pid:26761 tgid:26757 ppid:5820 task_flags:0x400140 flags:0x00080002 [ 1578.211510][ T31] Call Trace: [ 1578.233976][ T31] [ 1578.261303][ T31] __schedule+0xfee/0x60e0 [ 1578.296381][ T31] ? __lock_acquire+0x4a5/0x2630 [ 1578.341546][ T31] ? __pfx___schedule+0x10/0x10 [ 1578.370033][ T31] ? find_held_lock+0x2b/0x80 [ 1578.396634][ T31] ? schedule+0x2bf/0x390 [ 1578.417621][ T31] schedule+0xdd/0x390 [ 1578.436190][ T31] schedule_preempt_disabled+0x13/0x30 [ 1578.464747][ T31] __mutex_lock+0xc9a/0x1b90 [ 1578.481573][ T31] ? nfsd_nl_version_set_doit+0xc4/0x7a0 [ 1578.508933][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 1578.535923][ T31] ? __pfx___nla_validate_parse+0x10/0x10 [ 1578.568538][ T31] ? nfsd_nl_version_set_doit+0xc4/0x7a0 [ 1578.586748][ T31] nfsd_nl_version_set_doit+0xc4/0x7a0 [ 1578.601654][ T31] ? __pfx_nfsd_nl_version_set_doit+0x10/0x10 [ 1578.616177][ T31] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x290 [ 1578.632839][ T31] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1b4/0x290 [ 1578.647456][ T31] genl_family_rcv_msg_doit+0x214/0x300 [ 1578.663690][ T31] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1578.722369][ T31] ? genl_get_cmd+0x3ef/0x720 [ 1578.763950][ T31] ? bpf_lsm_capable+0x9/0x10 [ 1578.768945][ T31] ? security_capable+0x80/0x260 [ 1578.852587][ T31] genl_rcv_msg+0x560/0x800 [ 1578.892423][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1578.898036][ T31] ? __pfx_nfsd_nl_version_set_doit+0x10/0x10 [ 1578.949835][ T31] netlink_rcv_skb+0x159/0x420 [ 1578.965040][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1578.970122][ T31] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1579.022549][ T31] ? netlink_deliver_tap+0x1ae/0xcc0 [ 1579.028070][ T31] genl_rcv+0x28/0x40 [ 1579.032090][ T31] netlink_unicast+0x5aa/0x870 [ 1579.052439][ T31] ? __pfx_netlink_unicast+0x10/0x10 [ 1579.057981][ T31] ? __pfx___might_resched+0x10/0x10 [ 1579.072681][ T31] ? __lock_acquire+0x4a5/0x2630 [ 1579.077752][ T31] netlink_sendmsg+0x8b0/0xda0 [ 1579.097256][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1579.112429][ T31] ? __import_iovec+0x1d2/0x640 [ 1579.117511][ T31] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 1579.132570][ T31] ____sys_sendmsg+0xa54/0xc30 [ 1579.137560][ T31] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1579.152776][ T31] ? __pfx_futex_wake_mark+0x10/0x10 [ 1579.158831][ T31] ___sys_sendmsg+0x190/0x1e0 [ 1579.178330][ T31] ? __pfx____sys_sendmsg+0x10/0x10 [ 1579.185838][ T31] __sys_sendmsg+0x170/0x220 [ 1579.190815][ T31] ? __pfx___sys_sendmsg+0x10/0x10 [ 1579.196898][ T31] ? __x64_sys_futex+0x34f/0x4d0 [ 1579.202240][ T31] do_syscall_64+0x106/0xf80 [ 1579.209095][ T31] ? clear_bhb_loop+0x40/0x90 [ 1579.215827][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1579.221947][ T31] RIP: 0033:0x7fe68459bf79 [ 1579.227139][ T31] RSP: 002b:00007fe6827f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1579.236005][ T31] RAX: ffffffffffffffda RBX: 00007fe684816090 RCX: 00007fe68459bf79 [ 1579.244923][ T31] RDX: 0000000000000844 RSI: 00002000000004c0 RDI: 0000000000000005 [ 1579.254670][ T31] RBP: 00007fe6846327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1579.264267][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1579.273184][ T31] R13: 00007fe684816128 R14: 00007fe684816090 R15: 00007ffe83130ad8 [ 1579.281622][ T31] [ 1579.395874][ T31] [ 1579.395874][ T31] Showing all locks held in the system: [ 1579.429127][ T31] 1 lock held by khungtaskd/31: [ 1579.469302][ T31] #0: ffffffff8e7e92e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184 [ 1579.512376][ T31] 2 locks held by syz.0.3507/15892: [ 1579.517875][ T31] #0: ffff8880480c60e0 (&type->s_umount_key#52){+.+.}-{4:4}, at: deactivate_super+0xdf/0x110 [ 1579.563286][ T31] #1: ffffffff8ec55d88 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0 [ 1579.602400][ T31] 3 locks held by kworker/u10:4/25638: [ 1579.607976][ T31] #0: ffff88801c6a6948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920 [ 1579.662383][ T31] #1: ffffc900034efd08 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920 [ 1579.712707][ T31] #2: ffffffff8e7f4dc0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x48/0x6d0 [ 1579.742426][ T31] 2 locks held by syz.1.6561/26758: [ 1579.747951][ T31] #0: ffffffff906bb430 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 1579.803517][ T31] #1: ffffffff8ec55d88 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_listener_set_doit+0xd5/0x1b20 [ 1579.827814][ T31] 2 locks held by syz.1.6561/26761: [ 1579.852370][ T31] #0: ffffffff906bb430 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 1579.860899][ T31] #1: ffffffff8ec55d88 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_version_set_doit+0xc4/0x7a0 [ 1579.894410][ T31] 1 lock held by syz.5.6918/28349: [ 1579.899623][ T31] #0: ffffffff9060f2e8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x220 [ 1579.932338][ T31] 2 locks held by syz.3.7082/29114: [ 1579.937710][ T31] #0: ffffffff905f69f0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x451/0x7c0 [ 1579.979479][ T31] #1: ffffffff8e7f4ef8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x27f/0x3c0 [ 1580.003410][ T31] [ 1580.006016][ T31] ============================================= [ 1580.006016][ T31] [ 1580.062878][ T31] NMI backtrace for cpu 0 [ 1580.062899][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G U L syzkaller #0 PREEMPT(full) [ 1580.062928][ T31] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1580.062935][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1580.062946][ T31] Call Trace: [ 1580.062952][ T31] [ 1580.062960][ T31] dump_stack_lvl+0x100/0x190 [ 1580.062990][ T31] nmi_cpu_backtrace.cold+0x12d/0x151 [ 1580.063019][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1580.063045][ T31] nmi_trigger_cpumask_backtrace+0x1d7/0x230 [ 1580.063068][ T31] sys_info+0x141/0x190 [ 1580.063094][ T31] watchdog+0xd25/0x1050 [ 1580.063125][ T31] ? __pfx_watchdog+0x10/0x10 [ 1580.063153][ T31] ? __kthread_parkme+0x18c/0x230 [ 1580.063174][ T31] ? kthread+0x13a/0x450 [ 1580.063195][ T31] ? __pfx_watchdog+0x10/0x10 [ 1580.063220][ T31] kthread+0x370/0x450 [ 1580.063241][ T31] ? __pfx_kthread+0x10/0x10 [ 1580.063264][ T31] ret_from_fork+0x754/0xd80 [ 1580.063291][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 1580.063318][ T31] ? __switch_to+0x7b4/0x1120 [ 1580.063337][ T31] ? __pfx_kthread+0x10/0x10 [ 1580.063360][ T31] ret_from_fork_asm+0x1a/0x30 [ 1580.063387][ T31] [ 1580.307149][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 1580.314225][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G U L syzkaller #0 PREEMPT(full) [ 1580.325095][ T31] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1580.330484][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1580.341259][ T31] Call Trace: [ 1580.344549][ T31] [ 1580.347703][ T31] dump_stack_lvl+0x100/0x190 [ 1580.352483][ T31] vpanic+0x552/0x970 [ 1580.356465][ T31] ? __pfx_vpanic+0x10/0x10 [ 1580.361326][ T31] ? nmi_trigger_cpumask_backtrace+0x182/0x230 [ 1580.367702][ T31] panic+0xd1/0xe0 [ 1580.371524][ T31] ? __pfx_panic+0x10/0x10 [ 1580.375961][ T31] ? nmi_trigger_cpumask_backtrace+0x1b5/0x230 [ 1580.382221][ T31] ? nmi_trigger_cpumask_backtrace+0x1f6/0x230 [ 1580.388655][ T31] ? nmi_trigger_cpumask_backtrace+0x200/0x230 [ 1580.394921][ T31] ? watchdog.cold+0x198/0x1ca [ 1580.400135][ T31] ? watchdog+0xd35/0x1050 [ 1580.404825][ T31] watchdog.cold+0x1a9/0x1ca [ 1580.409597][ T31] ? __pfx_watchdog+0x10/0x10 [ 1580.414288][ T31] ? __kthread_parkme+0x18c/0x230 [ 1580.419311][ T31] ? kthread+0x13a/0x450 [ 1580.423554][ T31] ? __pfx_watchdog+0x10/0x10 [ 1580.428241][ T31] kthread+0x370/0x450 [ 1580.432491][ T31] ? __pfx_kthread+0x10/0x10 [ 1580.437265][ T31] ret_from_fork+0x754/0xd80 [ 1580.441971][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 1580.448244][ T31] ? __switch_to+0x7b4/0x1120 [ 1580.453157][ T31] ? __pfx_kthread+0x10/0x10 [ 1580.458131][ T31] ret_from_fork_asm+0x1a/0x30 [ 1580.462925][ T31] [ 1580.465999][ T31] Kernel Offset: disabled [ 1580.470335][ T31] Rebooting in 86400 seconds..