last executing test programs: 2m51.595298614s ago: executing program 3 (id=3096): r0 = socket(0x10, 0x3, 0x6) r1 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$auto_NETDEV_CMD_PAGE_POOL_GET(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x50, r1, 0x1, 0x70bd26, 0x25dfdbff, {}, [@NETDEV_A_PAGE_POOL_ID={0xc, 0x1, 0x7}, @NETDEV_A_PAGE_POOL_ID={0xc, 0x1, 0x4}, @NETDEV_A_PAGE_POOL_ID={0xc, 0x1, 0x40}, @NETDEV_A_PAGE_POOL_ID={0x2, 0x20, 0x4}, @NETDEV_A_PAGE_POOL_ID={0xc}, @NETDEV_A_PAGE_POOL_ID={0x0, 0x1, 0xfd}]}, 0x50}, 0x1, 0xf0ffff, 0x0, 0x4048000}, 0x0) 2m51.360923294s ago: executing program 3 (id=3098): mmap$auto(0x0, 0x9, 0xde, 0xb7, 0x40000000000a5, 0xffffffffffffffff) r0 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtd0ro\x00', 0xc0400, 0x0) ioctl$auto_MEMREADOOB64(r0, 0xc0184d16, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0xe, 0x26dd}) io_uring_setup$auto(0x9, 0x0) r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16, @ANYBLOB="05"], 0x28}, 0x1, 0x0, 0x0, 0x4004044}, 0x8000) recvmmsg$auto(r2, &(0x7f0000000180)={{0x0, 0x5, 0x0, 0x0, 0x0, 0x2, 0x6}, 0x803}, 0x10a, 0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) userfaultfd$auto(0x1) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0xc0400, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) mmap$auto(0x0, 0x2000d, 0x4000000200df, 0xeb1, 0x404, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x800) sendmsg$auto_NL80211_CMD_SET_POWER_SAVE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="50000003", @ANYRES16=0x0, @ANYBLOB="000229bd7000fedbdf253d0000001900210064b6698fa876c13434397b82dd574e5da012ca661800000020001b80040003000400030004000300040002000400020004000200040002"], 0x50}, 0x1, 0x0, 0x0, 0x20004800}, 0x48080) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="01"], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r4) r5 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0) write$auto(r5, &(0x7f0000000080)=')@-!\x00', 0x1e1) ioctl$auto_KVM_GET_MSRS(r3, 0x4138ae84, &(0x7f0000000280)={0x7, 0x0, [{0x0, 0x40, 0xab1e}, {0x3, 0x80000001, 0x4}]}) fanotify_init$auto(0x6, 0x80000000) readv$auto(r1, &(0x7f0000000a80)={0x0, 0x3}, 0x3) close_range$auto(0x0, 0x5, 0x0) 2m51.019059803s ago: executing program 3 (id=3101): socket(0x11, 0x80003, 0x300) sysfs$auto(0x2, 0x4, 0x0) r0 = socket(0xa, 0x5, 0x0) getsockopt$auto(r0, 0x84, 0x1, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r1 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/input/event0\x00', 0x80042, 0x0) sendfile$auto(0xffffffffffffffff, r1, 0x0, 0xa4f) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000000000000000) sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, 0x0, 0x0) ioctl$auto_EVIOCGMASK(r1, 0x80104592, 0x0) write$auto(r1, 0x0, 0x47ffffdf2) r2 = socket(0x2c, 0x3, 0x0) bind$auto(r2, &(0x7f0000000080)=@xdp={0x2c, 0xc, 0x0, 0x1c}, 0x6b) setsockopt$auto_SO_BROADCAST(r2, 0x5, 0x6, 0x0, 0x74) socket(0x80000000000000a, 0x2, 0x0) socket(0x18, 0x3, 0x2) sendmmsg$auto(0x3, 0x0, 0x2, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmsg$auto_NL802154_CMD_SET_MAX_CSMA_BACKOFFS(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="30030000", @ANYRES16=0x0, @ANYBLOB="020029bd7000fddbdf2511000000050024006b00000009032d80d9024d8008002a00", @ANYRES32=0x0, @ANYBLOB="cef1a3599cbab4c74b35d88444996549f412d6af6dac6a77eb72506a4c7eadd0b1bbe91e8ecb6639f0f1263c4b236f1c88b1c5237281a6d98fd00bdddb9ea57428b3748bbed7ddd0c85392dab2ef70d1872148ee0217651e8dc955f0b3be9f7093268e4311371f5c0843f4315444bf0e861dd9bf6b7909b278a8e4407581191484be35cfced266b00e578c0a05acea5dccac699ffe36078931853beab369f309a941c2b5886fcdcfff05ce18c23db6a0998749eefd3abb7963b1f18f940738017d800400aa80bbe4d10c49d1502821894bab8cf2cf455fc43f84c9a0a3c14f68033e0f3081af9ab1b60d373b9126e87ddde02e0f4d0e750b624d0f0569542534bb5ac51fef0f7236c19d7c383e6169be018b664c01d22318ef29552ca31ded9d26145efd8dd381fb56f41361f6f7fbb159fe520b4163c756f4d1b57732236c2dc610cbea5f5dfc84e2266ccd44acd9239d1e2abf1d55c00377c1b9fbcfa3c805c81148d7b1d1a316910189a7c23f80dbfb0e5e15ef4b120ad5cea83471a67ee1e790319a21de88163008fa139b28f2d15b66a1654ef7296e91bf649ee7bfaef3158f6a6ae4a097afb99a47aad9eeb06398de0b074edd90ef47f3d7ba50aa695f9c046cc348d5a0b8995562130864712b69046fe0df599d0539ea636ca9c6d0c9c03e6781c4e0cb52157494daefcdc02f066c076ab4140800660003000000c0f063666057dc64d92fd356dff9eb500ec92b2d2db7d45624bbff85b9284fccbc8981ce8b49f9ac30384b823aa9921961a8e032cdca9d930c158202b55f22121b2bfbb7b325861a11c4cf17fef111de122317b0f5d92dc9bf37efe91123474d5199b783fb66667c38dccf36b652dc24f8c34bf145ff6d9004ef7f1b1de7b16c4ea99a5af26ca5670f6aea311af0e3f86ae4224a3bbf5d7e0683dcc17e5e447d040f7ae53c3727c78ac6ede38ce00ddf06b85f0c8923035814bac7857530bc75f0ced5689e2e6bd7d373572d2cc29e00000008005600ac1414aa08000e00", @ANYRES32, @ANYBLOB="0400000008001bd9", @ANYRES32=0x0, @ANYBLOB="1c1258e6bf0800cf000500000000000005001f004d000000"], 0x330}, 0x1, 0x0, 0x0, 0x20008000}, 0x20) epoll_create$auto(0x4) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) fcntl$auto(0x0, 0x408, 0x100000) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x400, 0x7ff) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) 2m49.658323669s ago: executing program 3 (id=3106): mprotect$auto(0x1ffffffff000, 0x100004, 0x6) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), 0xffffffffffffffff) openat$auto_adf_ctl_ops_adf_ctl_drv(0xffffffffffffff9c, &(0x7f0000000080), 0x20140, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x6051) unshare$auto(0x40000080) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/tcp_ehash_entries\x00', 0x40100, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000001140)='/dev/psaux\x00', 0x42000, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7ffffffc, 0x8, 0x3000, 0x6, 0x7, 0x1000, r0, [], {0x6, 0x6, 0x5, 0x29a, 0x9, 0x80, 0x104, 0x6, 0x4}, {0x100, 0x1, 0x101, 0x85, 0x2, 0x24, 0xfe000000, 0x8, 0x3}}) r1 = openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000d00), 0x0, 0x0) ioctl$auto_XFS_IOC_FREESP(0xffffffffffffffff, 0x4030580b, &(0x7f0000000100)={0x6a6e, 0x2, 0x0, 0x5f6, 0x1}) read$auto_vhci_fops_hci_vhci(r1, &(0x7f0000000d40)=""/16, 0x10) select$auto(0xe, 0x0, 0x0, &(0x7f0000000140)={[0x1ff, 0x20007ffc, 0x6, 0x400001, 0x200948e, 0x3, 0x30015f4da0a, 0xe, 0x7, 0xfffffffffffffffc, 0x8000001f, 0x8, 0x6d3e, 0x200000002, 0xfffffffffffffff4, 0xffffffffffffffff]}, 0x0) r2 = socketcall$auto(0xffe, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x10, 0x2, 0xc) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0xa, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0xe0c02, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) unshare$auto(0xffff) ioctl$auto(0x3, 0xc008ae67, r2) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) bind$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x6b) 2m48.330674747s ago: executing program 0 (id=3114): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/rpc/gss_krb5_enctypes\x00', 0x1c9180, 0x0) read$auto_tracing_stats_fops_trace(r0, 0x0, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000180)='/dev/tty32\x00', 0x84081, 0x0) ioctl$auto_TIOCVHANGUP2(r1, 0x5437, 0x0) mmap$auto(0x0, 0x0, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x1, &(0x7f0000000080)={0x86a7, 0x11, 0xfffffffe, 0x6, 0x30000002, 0x9, 0xffffffffffffffff, [0x0, 0x0, 0xffff], {0x206, 0xffff, 0x20000b, 0x2e1, 0x504, 0x1, 0x6, 0xd, 0x1}, {0x6, 0x3, 0x52, 0x5, 0x10001, 0x80000000, 0x6, 0x8, 0x1}}) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nbd9\x00', 0x0, 0x0) ioctl$auto(r2, 0xab02, r2) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x6, 0x0) r3 = socket(0xa, 0x801, 0x84) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_SET(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000200)={0x24, r5, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@NFSD_A_SERVER_GRACETIME={0x8, 0x2, 0x3}, @NFSD_A_SERVER_THREADS={0x8, 0x1, 0x2}]}, 0x24}, 0x1, 0x0, 0x9000000}, 0x4000) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x40000, 0x0) getsockopt$auto(r3, 0x84, 0x71, 0x0, 0x0) io_uring_register$auto(0x2, 0xf, 0x0, 0x20) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000) mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) io_uring_setup$auto(0x2, &(0x7f0000000080)={0x80000003, 0x9, 0x4002, 0x6, 0x4, 0x8, 0xffffffffffffffff, [], {0x9, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x101, 0x4000006, 0x2000}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x104, 0x8, 0x100000000}}) r6 = getpid() process_vm_readv$auto(r6, &(0x7f0000000000)={0x0, 0xfff}, 0x800000002, &(0x7f0000000400)={&(0x7f0000000040), 0x1ffffffff}, 0x6, 0x0) r7 = socket(0xa, 0x3, 0x3a) ioctl$auto(r7, 0x890b, 0x1) open(&(0x7f0000000000)='./file0\x00', 0x610040, 0x4) 2m47.78175195s ago: executing program 0 (id=3115): r0 = socket(0xa, 0x801, 0x84) shutdown$auto(0x200000003, 0x2) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x14fa02, 0x0) sendfile$auto(0x3, r1, 0x0, 0x400000000006) close_range$auto(0x2, 0x8, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'team_slave_1\x00', 0x0}) bpf$auto_BPF_LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000080)=@bpf_attr_0={0xa1, 0x2, 0x7d, 0x3, 0x80, r1, 0x7, "c8410aa90e3e698979e7611a916fd715", r2, r1, 0x8, 0xffff, 0x5, 0xffffffffffffffff, r1, r0}, 0x7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ustat$auto(0x801, 0x0) close_range$auto(0x2, 0x8, 0x0) r4 = open(0x0, 0x22240, 0x155) getgroups$auto(0xe, &(0x7f0000000000)=0x4a) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) openat$auto_proc_pid_attr_operations_base(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/attr/current\x00', 0x8002, 0x0) exit$auto(0xfff) read$auto_blk_mq_debugfs_fops_blk_mq_debugfs(r4, 0x0, 0x0) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800008}, 0x5, 0x20000000) 2m46.734161028s ago: executing program 0 (id=3117): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) ioctl$auto_RTC_IRQP_READ(0xffffffffffffffff, 0x8008700b, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4ea2, @remote}, 0x6a) getsockopt$auto_SO_RCVTIMEO_OLD(r0, 0xffffffff, 0x14, &(0x7f00000003c0)='\x00\x00+\xa2\xc7\x92\x00\x00\x00\x00\x00\x00\x03\x90\xf9\xe8\x11\x80\a :w\xac[\xbb\xac\xe3\xe0\xff8g:\x04\x00\x00\x00\x00\x00\x00\x00=r\x03\x95\x87\xbaM\xd80=\x81\x8ez\xab\xc3^\xb0\x03Ijj\xc4\xf9\xe6\x84P\x15q\xaa\xc8\x03\xba\x8c\xe3\xc3r\xb8\x1b\x98\xe8\xbc\x11.\xd9A\xb3P\xfa\x04\x95\xfc*\v\xb8\xc5\x16Z\xb7\x82\xbc\x96o\xd2G\xf8\x0f`\xa1\x1f\xc6\xd6\xc5\xdcM\x17\x11\xd2\x12\x988\xa3`\xad[UI\xf7\xc7\xcc\x13XH\xc1\x02\x84$\x97;\xebM`\x7f\xe4\x8dbe\xd8\x901\x8e\'\x10\xf6`^\xd28Xk\x03\x8d\b\xbd\xe2d\\\x11w(\xc7D!,6\x01\x00\x9f\x8bxg\xe2\xfc~\x006\x17\x9b9?,\xd8\n\x82r\x12\xa9\xfd@\x90&\xd3l\xa7[\x9bx\xf7\xb9[m\x9a\xee\"\x9e\x81|\xa4\x8f5\xea\t\x02Axu\xe9io`\x81\xb5\x89\x01\xa0\xa8~]\xd8]\x14}\x8c\xacRc\r\xb7.\x7f\xb3\x85\xff\xf5\xb0\x11/\x80{\xab)\x05\xb3HHU\xcb\x00', 0x0) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0x101}, 0x8}, 0x7, 0x20020000) recvfrom$auto(r0, 0x0, 0x800000000e, 0x1ff, 0x0, 0xfffffffffffffffd) write$auto(0x3, 0x0, 0x7fffffff) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) sendmsg$auto_IEEE802154_LLSEC_LIST_SECLEVEL(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x4000001}, 0x400c1) read$auto(0x3, 0x0, 0x80) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x7, 0x20020000) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) write$auto(0x3, 0x0, 0x100000000) r1 = socket(0x2, 0x1, 0x106) openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, 0x0, 0xa901, 0x0) openat$auto_o2hb_debug_fops_heartbeat(0xffffffffffffff9c, 0x0, 0xa040, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x74c) shutdown$auto(0x200000003, 0x2) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0x20281, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x7, 0x1, 0x9, 0xc98c20c, 0x3b, 0x93f, 0x1fee5, 0x3, 0x200006, 0x4, 0x202, 0x5, 0x8008, 0x4, 0xb0, 0x9, 0x1, 0x3, 0x8, 0x4, 0x10, 0xb65, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x800, 0x0, 0x0, [0x1, 0x7fffff7f, 0x3ff, 0xfffffffffffffffe, 0x9, 0x0, 0x2d26, 0x9, 0x0, 0x0, 0x9, 0x4, 0x8f0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x1, 0x80000000000000, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x80, 0x9, 0xfffffffffffffffc, 0xffffffffffffffff, 0x10, 0x4, 0x2000000000000000, 0x10, 0xc, 0x0, 0x200008, 0x0, 0x0, 0x0, 0xfffffffffffffff9]}, 0x1fe, 0x82) ioctl$auto_BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000440)={"3767d960c2ffe59a8907676695102661eced7832e713b94c2b182e464daf47de", 0x9, 0x1, 0x6, 0x37, 0xcf, 0xffffffffffffffff}) prctl$auto_PR_SYS_DISPATCH_OFF(0x2, 0x0, r2, 0x34bb, 0x3) sendmsg$auto_OVS_VPORT_CMD_DEL(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8001}, 0x18000) r3 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x90}, 0x40000) connect$auto(0x3, 0x0, 0x10) sendmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0x2000000, &(0x7f0000000080)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 2m45.862152639s ago: executing program 0 (id=3122): mmap$auto(0x0, 0x400008, 0x7a02, 0x800000000009b72, 0xffffffffffffffff, 0x7f3) sysfs$auto(0x2, 0xe, 0x0) mmap$auto(0x0, 0x40006, 0xdf, 0x200009b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) (async) r0 = socket(0x2, 0x80002, 0x73) (async) socket(0xa, 0x5, 0x0) (async) connect$auto(0x3, &(0x7f0000000180)=@in={0x2, 0x0, @rand_addr=0x64010102}, 0x54) (async) sysfs$auto(0x2, 0x810000000000003a, 0x0) r1 = getsockopt$auto(r0, 0x403, 0x9, 0x0, 0x0) (async) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x88000, 0x0) ioctl$auto_TIOCSETD2(r2, 0x5423, 0x0) ioctl$auto_TCFLSH2(r2, 0x8925, 0x0) (async) mmap$auto(0x0, 0x2020009, 0x7, 0xf8, 0xffffffffffffffff, 0x8000) (async) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0) write$auto(r3, &(0x7f00000002c0)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef`\xd8\x9c\xf7?:\x1a\xc62\x911e\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\b};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xff\x7f\xd0UV\x11\xcb\xdd\x81\xbe\xde\f/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7\x00\x85Z\x06?\x12\x98\x0f)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1;\xe4pd$\xd7\x1b\v\x82\r\f\xd0Hq\xd9\r\x88#\x89\x8d\xcd\x1e\x87N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8HR+\a\xb7R\t\n+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb\xc8^\xa4\xe2\x05\x91|\x123\xc3:\xfd\xee\x04a\xc8\x12\xce\xa2\x12\xcb\x8c\x87f\xebGQ\xe9\x96\xd5E\x13a\xb7\x057<&\xe0\x94\xa7\xfb\x9d;\xfa\xb1\x1b4a,\'\xb2Ym\xe1:\xbf\x8cs\x06\xa3u\x8d!\n\x80-\x9a\xbb;\xf4\xf3\xe1\x97\xfc8\xff\xa7\\\x8b\xf9\x95\x10$\xef\x1a #b\xfb\xfe\xe9\x06fK0\xdd\x84T,\xfa\xb5\x00\x83d\xbba\xd7\n\x92l\xdfAN\x9d\xcb\x96\xc7\xe8\xe6\x8bC\xeb\xc7EZ\xc8\x1a\x81nf\tZ-sZ\x13n\xec\xa9\xbf\xd0$\xb9\xd8\x00\x00\x00\x00\x00\x00\x00', 0xb) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/mtd/mtd0/bitflip_threshold\x00', 0x2062, 0x0) (async) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0x30}, 0x1) (async) lsm_list_modules$auto(0x0, 0x0, 0x0) (async) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000280), 0x141182, 0x0) (async) r4 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000080), 0x401, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r4, 0x40146f2c, 0x0) (async) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000000), r5) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000002c0)={'dummy0\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_ACT(r5, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000040)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r6, @ANYBLOB="01002dbd7000ffdbdf2715d200000c00018008000100", @ANYRES32=r7], 0x20}}, 0x40000) (async) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'wg1\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_FEC_SET(r1, &(0x7f0000000500)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000004c0)={&(0x7f00000001c0)={0x90, r6, 0x200, 0x70bd2a, 0x25dfdbfe, {}, [@ETHTOOL_A_FEC_AUTO={0x5, 0x3, 0x6}, @ETHTOOL_A_FEC_HEADER={0x74, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pimreg1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6tnl0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x5}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syzkaller0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}]}]}, 0x90}, 0x1, 0x0, 0x0, 0x40004}, 0x24048000) 2m45.664278297s ago: executing program 3 (id=3124): close_range$auto(0x0, 0x5, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) landlock_create_ruleset$auto(&(0x7f0000000000)={0x6, 0x400, 0x7}, 0x9, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = getuid() lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x100000000000201c, 0x280000000000, 0x67, r1, 0x0, 0x0, 0x6, 0x4, 0x80000008040000a, 0x40000402, 0x7, 0xc, 0xffffffff80000000, 0x800000000000b, 0x6, 0x240000100103}) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0f"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) r2 = socket(0x10, 0x2, 0x6) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0xa, 0xb8, 0x10, 0x4, 0x4, 0xffffffffffffffff, 0xa, "2af051b26b658a20d8dc6b36c83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0x7, 0x7, 0x6}, 0xf) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, 0x0, 0xc800) setfsuid$auto(0xee00) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x0, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000300), r3) accept4$auto(r0, &(0x7f0000000280)=@nfc={0x27, 0x0, 0x0, 0x6}, &(0x7f0000000340)=0x3, 0x145d) sendmsg$auto_SMC_PNETID_FLUSH(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000003c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r4, @ANYBLOB="7000d72edf253e83f9d1cbda078cefabee239bb18ee2e33922b10b1923205a1aac42fc77464051d07a854de0a1554c3303a26bf9b00b3f0ff385b74dbfea8a4c65a80fdc1c7694f313aca80bdff8079b12530928a99920a427ee863202eba97baf4fd1619509e99da650fd00"/120], 0x14}}, 0x20) 2m44.848762921s ago: executing program 3 (id=3126): r0 = openat$auto_proc_projid_map_operations_base(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/projid_map\x00', 0x181000, 0x0) mkdir$auto(&(0x7f00000001c0)='./cgroup/../file0\x00', 0x2) r1 = openat$auto_urandom_fops_random(0xffffffffffffff9c, &(0x7f0000000840), 0xc0000, 0x0) ioctl$auto_RNDADDTOENTCNT2(r1, 0x40045201, &(0x7f0000000880)=0x80000001) mmap$auto(0xa, 0x20009, 0x4000000000df, 0xffffffffffffc27d, r0, 0x8000) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x8100, 0x0) r2 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x80, 0x0) r3 = socket(0x15, 0x5, 0x0) getsockopt$auto(r3, 0x114, 0x2711, 0xfffffffffffffffc, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/bus/netdevsim/del_device\x00', 0x501, 0x0) mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) socket(0x10, 0x2, 0x0) socket(0x10, 0x2, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socket(0xa, 0x2, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) socket(0xa, 0x801, 0x106) socket(0xa, 0x801, 0x84) io_uring_setup$auto(0x6, 0x0) r6 = socket(0xa, 0x2, 0x88) bpf$auto(0x0, &(0x7f0000000000)=@link_update={r6, @new_prog_fd=0x4, 0x4, @old_prog_fd=r5}, 0xa3) write$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f0000000040)="3290b800009c550d22350f737ca2dd0af0d849aec832ec49c034169af8fa9231c143b1a8dd292977588a83400445ddc508f3aef64488936413adba3a9cc99bdfd8e7000000", 0x45) getsockopt$auto_SO_BSDCOMPAT(r2, 0x78, 0xe, &(0x7f00000000c0)='/sys/bus/netdevsim/del_device\x00', &(0x7f0000000100)=0xff) 2m44.668993016s ago: executing program 0 (id=3127): socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mremap$auto(0x1ff000, 0x100008, 0x843, 0x3, 0xfffff000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x8081) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) mmap$auto(0x0, 0x240009, 0xdf, 0x8000009b72, 0x7, 0x28000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x1d, 0x2, 0x6) socket(0x11, 0x3, 0x2) openat$auto_fops_blob_file(0xffffffffffffff9c, &(0x7f0000000040), 0x101400, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2c, 0x3, 0x0) socket(0x11, 0x2, 0x73) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f000000fc00), 0x3, 0x0) fanotify_init$auto(0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x40401, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) ioctl$auto_TCFLSH2(r0, 0x5411, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto(0xffffffffffffffff, 0x4b41, 0x7) bind$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) 2m43.986783974s ago: executing program 0 (id=3129): mmap$auto(0x0, 0x9, 0xde, 0xb7, 0x40000000000a5, 0xffffffffffffffff) r0 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtd0ro\x00', 0xc0400, 0x0) ioctl$auto_MEMREADOOB64(r0, 0xc0184d16, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0xe, 0x26dd}) io_uring_setup$auto(0x9, 0x0) r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16, @ANYBLOB="05"], 0x28}, 0x1, 0x0, 0x0, 0x4004044}, 0x8000) recvmmsg$auto(r2, &(0x7f0000000180)={{0x0, 0x5, 0x0, 0x0, 0x0, 0x2, 0x6}, 0x803}, 0x10a, 0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) userfaultfd$auto(0x1) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0xc0400, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) mmap$auto(0x0, 0x2000d, 0x4000000200df, 0xeb1, 0x404, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x800) sendmsg$auto_NL80211_CMD_SET_POWER_SAVE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="50000003", @ANYRES16=0x0, @ANYBLOB="000229bd7000fedbdf253d0000001900210064b6698fa876c13434397b82dd574e5da012ca661800000020001b80040003000400030004000300040002000400020004000200040002"], 0x50}, 0x1, 0x0, 0x0, 0x20004800}, 0x48080) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="01"], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r4) r5 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0) write$auto(r5, &(0x7f0000000080)=')@-!\x00', 0x1e1) ioctl$auto_KVM_GET_MSRS(r3, 0x4138ae84, &(0x7f0000000280)={0x7, 0x0, [{0x1003, 0x3, 0xe8}, {0x0, 0x40, 0xab1e}, {0x3, 0x80000001, 0x4}]}) fanotify_init$auto(0x6, 0x80000000) readv$auto(r1, 0x0, 0x3) close_range$auto(0x0, 0x5, 0x0) 2m29.655023787s ago: executing program 32 (id=3126): r0 = openat$auto_proc_projid_map_operations_base(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/projid_map\x00', 0x181000, 0x0) mkdir$auto(&(0x7f00000001c0)='./cgroup/../file0\x00', 0x2) r1 = openat$auto_urandom_fops_random(0xffffffffffffff9c, &(0x7f0000000840), 0xc0000, 0x0) ioctl$auto_RNDADDTOENTCNT2(r1, 0x40045201, &(0x7f0000000880)=0x80000001) mmap$auto(0xa, 0x20009, 0x4000000000df, 0xffffffffffffc27d, r0, 0x8000) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x8100, 0x0) r2 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x80, 0x0) r3 = socket(0x15, 0x5, 0x0) getsockopt$auto(r3, 0x114, 0x2711, 0xfffffffffffffffc, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/bus/netdevsim/del_device\x00', 0x501, 0x0) mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) socket(0x10, 0x2, 0x0) socket(0x10, 0x2, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socket(0xa, 0x2, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) socket(0xa, 0x801, 0x106) socket(0xa, 0x801, 0x84) io_uring_setup$auto(0x6, 0x0) r6 = socket(0xa, 0x2, 0x88) bpf$auto(0x0, &(0x7f0000000000)=@link_update={r6, @new_prog_fd=0x4, 0x4, @old_prog_fd=r5}, 0xa3) write$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f0000000040)="3290b800009c550d22350f737ca2dd0af0d849aec832ec49c034169af8fa9231c143b1a8dd292977588a83400445ddc508f3aef64488936413adba3a9cc99bdfd8e7000000", 0x45) getsockopt$auto_SO_BSDCOMPAT(r2, 0x78, 0xe, &(0x7f00000000c0)='/sys/bus/netdevsim/del_device\x00', &(0x7f0000000100)=0xff) 2m28.784812186s ago: executing program 33 (id=3129): mmap$auto(0x0, 0x9, 0xde, 0xb7, 0x40000000000a5, 0xffffffffffffffff) r0 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtd0ro\x00', 0xc0400, 0x0) ioctl$auto_MEMREADOOB64(r0, 0xc0184d16, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0xe, 0x26dd}) io_uring_setup$auto(0x9, 0x0) r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16, @ANYBLOB="05"], 0x28}, 0x1, 0x0, 0x0, 0x4004044}, 0x8000) recvmmsg$auto(r2, &(0x7f0000000180)={{0x0, 0x5, 0x0, 0x0, 0x0, 0x2, 0x6}, 0x803}, 0x10a, 0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) userfaultfd$auto(0x1) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0xc0400, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) mmap$auto(0x0, 0x2000d, 0x4000000200df, 0xeb1, 0x404, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x800) sendmsg$auto_NL80211_CMD_SET_POWER_SAVE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="50000003", @ANYRES16=0x0, @ANYBLOB="000229bd7000fedbdf253d0000001900210064b6698fa876c13434397b82dd574e5da012ca661800000020001b80040003000400030004000300040002000400020004000200040002"], 0x50}, 0x1, 0x0, 0x0, 0x20004800}, 0x48080) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="01"], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r4) r5 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0) write$auto(r5, &(0x7f0000000080)=')@-!\x00', 0x1e1) ioctl$auto_KVM_GET_MSRS(r3, 0x4138ae84, &(0x7f0000000280)={0x7, 0x0, [{0x1003, 0x3, 0xe8}, {0x0, 0x40, 0xab1e}, {0x3, 0x80000001, 0x4}]}) fanotify_init$auto(0x6, 0x80000000) readv$auto(r1, 0x0, 0x3) close_range$auto(0x0, 0x5, 0x0) 7.467780185s ago: executing program 1 (id=3578): unshare$auto(0x40000080) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x89b0, &(0x7f0000000080)={'bond0\x00'}) mmap$auto(0xfffffffffffffffc, 0x7, 0x804, 0xeb1, 0x404, 0x8) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x5, 0x0) openat$auto_generic(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/kpagecgroup\x00', 0x20000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/vidtv.0/i2c-0/new_device\x00', 0x4a001, 0x0) sendmsg$auto_MAC802154_HWSIM_CMD_NEW_EDGE(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40001}, 0x24040004) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/irq/8/spurious\x00', 0x0, 0x0) socket(0x1a, 0x2, 0x9) mmap$auto(0x0, 0x40009, 0xfff, 0x9b72, 0xffffffffffffffff, 0x28000) io_uring_setup$auto(0x6, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video7\x00', 0x70d902, 0x0) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000040)='/dev/binderfs/binder1\x00', 0x189160, 0x0) r0 = openat$auto_stats_fops_(0xffffffffffffff9c, 0x0, 0x100, 0x0) pread64$auto(r0, 0x0, 0x2, 0x3) 7.035012228s ago: executing program 1 (id=3579): mmap$auto(0x0, 0x100, 0x4000000000df, 0x80000000eb1, 0x401, 0x8000) io_uring_setup$auto(0x4bf15e08, &(0x7f0000000000)={0x408, 0x3, 0x10101, 0x6fb7, 0x8a, 0x4, 0xffffffffffffffff, [0x100, 0x7, 0x7f], {0x2, 0x7, 0x3034, 0xc, 0x8f, 0x5, 0x5, 0xfffffff9, 0x6}, {0x4000, 0x3, 0x1, 0xbffff000, 0x8, 0x20b86, 0x5, 0x837, 0x8}}) mmap$auto(0x0, 0x20006, 0xe2, 0xfffffffffffffff9, 0x405, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x15) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card1/cable#1\x00', 0xc0f02, 0x0) pread64$auto(r0, 0x0, 0x3, 0x5ef6) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) syz_genetlink_get_family_id$auto_net_shaper(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x20006, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) madvise$auto(0x110c230000, 0x1, 0x9) statmount$auto(0x0, &(0x7f0000000180)={0x9, 0xfffffffe, 0x44f, 0xa, 0x10, 0x1007181, 0x0, 0x62, 0x7, 0x800, 0x0, 0x26, 0x4, 0x200003fffffe, 0xfffffffffffffff5, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x862, 0xf, 0x22002, 0x200, 0x0, 0x62f, 0x6, 0x0, 0x0, 0x0, 0xb626, [0xfffffffffffffffe, 0xffffffffffff04ef, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9e, 0x0, 0xa7, 0xfffffffffffffffd, 0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffffd, 0x40, 0x81, 0x8a0, 0xb, 0x81, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x1000, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100002, 0x0, 0x3ff, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4000000000000]}, 0x800000000000b, 0xbc) r1 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) ioctl$auto__ctl_fops_dm_ioctl(r1, 0xfffffff7effffd0c, &(0x7f00000001c0)) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) keyctl$auto_KEYCTL_SESSION_TO_PARENT(0x12, 0xaa2, 0x86, 0xf, 0x86f1) setsockopt$auto(0x3, 0x0, 0x4, 0x0, 0x28) msync$auto(0x110c230000, 0x200001, 0x6) 4.921478788s ago: executing program 1 (id=3583): openat$auto_force_suspend_fops_hci_vhci(0xffffffffffffff9c, 0x0, 0x41a900, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r0 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_TIPC_NL_LINK_GET(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000051c0)={&(0x7f0000000f40)=ANY=[@ANYBLOB="14000000", @ANYRES16=r0, @ANYBLOB="012818dbf86e192ec83abd1f0c00"], 0x14}, 0x1, 0x0, 0x0, 0x24000055}, 0x4) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0) unshare$auto(0x40000080) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) openat$auto_proc_pid_numa_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000003640)='/proc/self/numa_maps\x00', 0x40080, 0x0) unshare$auto(0x1) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x1) r2 = open(&(0x7f0000000100)='.\x00', 0x0, 0x408) getdents64$auto(r2, 0x0, 0x40002) getdents64$auto(r2, 0x0, 0x400) epoll_create1$auto(0x3) 3.691871431s ago: executing program 1 (id=3585): openat$auto_force_suspend_fops_hci_vhci(0xffffffffffffff9c, 0x0, 0x41a900, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r0 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_TIPC_NL_LINK_GET(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000051c0)={&(0x7f0000000f40)=ANY=[@ANYBLOB="14000000", @ANYRES16=r0, @ANYBLOB="012818dbf86e192ec83abd1f0c00"], 0x14}, 0x1, 0x0, 0x0, 0x24000055}, 0x4) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0) unshare$auto(0x40000080) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) openat$auto_proc_pid_numa_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000003640)='/proc/self/numa_maps\x00', 0x40080, 0x0) unshare$auto(0x1) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x1) getdents64$auto(0xffffffffffffffff, 0x0, 0x40002) getdents64$auto(0xffffffffffffffff, 0x0, 0x400) 2.481357589s ago: executing program 2 (id=3588): r0 = openat$auto__dev_ioctl_fops_dev_ioctl(0xffffffffffffff9c, &(0x7f0000000040), 0x44481, 0x0) r1 = getpid() process_vm_readv$auto(r1, &(0x7f0000000000)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={&(0x7f0000000040)="8c9700089d1b208365d5b5d112dbab029ed13881d2f2c7ba2eb01c3db79f77fdc2bb50c64a925009dff4cd1aca925c57100112d88f73348a54396800ed598a0e5500d7c0cbb6b1e91d", 0x40000000001243}, 0x4, 0x0) r2 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f0000000400)='/dev/snd/pcmC0D0c\x00', 0x20000, 0x0) sendmsg$auto_MAC802154_HWSIM_CMD_NEW_RADIO(r0, &(0x7f0000002640)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000002600)={&(0x7f0000001200)={0x1288, 0x0, 0x20, 0x70bd2d, 0x10, {}, [@MAC802154_HWSIM_ATTR_RADIO_EDGE={0x1254, 0x2, 0x0, 0x1, [@generic="a1b697a25b2c9d989610a902262314a234d0319ab522543504669fe4fdc44a0a3bee40f8c6c86e246ad44535f7d16d461a674b9f188a04973541002e072e5029160591cdfbb7192995525a293209100e3731ddd2da8f945b305789c099b3882cdb8012ec9b4533fcf062829ef9515fcf2e0be398b3a14109c77a30a32b30c4c3b8d738dc5562e40a387431e4829d941d47c6a7cdd812b882af9e346a53944b1b8bae18e532f05539b55c896e438ba32b7cdc91f15d5226fc858f2424a4c83ee50a964db4f3365defa3", @nested={0x10c2, 0x3, 0x0, 0x1, [@typed={0xc, 0x64, 0x0, 0x0, @u64=0xc}, @generic="74cb3af78a35f542d27d2c097a454603cfffce8ed34dff6ee0453f0d6028cf718547d162272222cbd599592f82f0f31a02ae1cfdcc7d24096e70a5427bdfab51213875293b3b904cc4c4d828a042bca8d7452ef109e27033a32deb8737ddd2c453431060a7f1e852f733d1bf5c7855fcefca05cf74d41925087eeb2d9107bcf3651e15f7de43517ec28d0301f01047ba939359889741a219930e5ddf3dff75f7afbf76da774d4ce71ba143551551d743aaf61a0989827589f89c69749be9ded33b5b37a7b6671ac38773c4d671cead9357e463c251bb15e64391ac96b34d4e7b309e95c875f9f161f52fdff4f77909e1987aa322e447571721c1fade47a20318593b463e1f0be3f9ba1cbaf5424268e608626efb860350b9731b2a2ec8e91fe2a5896a18dc823eb76e9075e7599d1c349d90bceb136314ec4a295d11ffd181efaf4838728ae41ec7bf3a0d2883eb13fca1ab485a4193e4972c244e5f7c8a0ae29ae85d79a92d2918de0cf4bd9baaa2bc18debbda025d898bae24d169566c22582212dfa8044506b3da2bd32132f8a6a0f129681f33cd8449448bfc276bc4567cb26400a0a2fe8c42321d12f5157f00a4fede10a0f17ddf1ae3d3ba6cea67ac0176b3072941bb6048638830c4a5f3739f6defe364823779075fcca6c0c6d4504b8ca84433f05d9fad99e5d3b55d2e7ef2a7616358814d31cdb75713e92d6babee63350fc16aabee25ef337a7c8ee6d66e6ced8761cacd23c82cab72f4aa9fccd72a9405997763944116c64227b4570e43866ec7502273cff3aaa4ed648a6be8dac00f9b445f7cadb7d63ae75a63ca176e206dc261ed582f8d2f30d4327d5ba688c7dca2d29037d6b715592dc8a4c28ddae1697630c6a99b0a5e1e1a55e56a1c2704e940e2fd24285e2508545459498625073f10ab26294f7423806d4e00dd49c7d86653a45bc31a490e1db39c6a286d2dc2e0560a821332306f1ea54ad2e84354e70f3fb791d9cfd74eb49316e540639bcb7c837cfe5ae068c64fb6c1cb61e7d8be82e7c2a8d4b53c9462cd97d10e8ee3dfe631db74937733bcf7c511b5d3262eb21d3cdaa6cd354d6ffbad293b04af55e57e3f9844e034e7c158a716656cb912c9a3953ec9e491ab3cf081e3c2583223bc8e5657558d49d8d2c25cf67503d33fe11c373d4913d4c5228999e5dd944c80556432808cb793ce79d0182efc66e370aa67ace16cd151eaaae9251775e642afeb35d729d5e1f04ad24087f6b2c3a433644c8153b30560099ad30573f2019fbab7c1d454451110728883195325da39366d3fb29a8f44f00faf31a9f13a14daea7321c194383f5b476d5d7c2f27750b071620590037ac2c113c64db41f574a45b33a2e941141b657efb1f1de983089885adaa2487c1040dbb949970e8b97102d80127a11a902c1dfac7908a395c278a4148e086d3da01d5a950ceecda90b677240cc2bd2d5785e8182029689890e7062508eca78054a4289770f21d4d0ad90c2601ad08177543ecf077e2b148b713a3bfcb00c146b4f53ae3bea678ba24f4f57ba04474b88a7ae18c1d3673c6508883afb664259c2b7bdc8302f44ca614d2d44f5e31c877af90997e951cddcfb641bd6c43f0cf4f8d6a22061015683c4ec0062ba12b9ca4c683f90bae883790dfdbdc5fc9520634d0f3c8e7ac6fdd7d1e3d495aa330a19ff3bfd1203f8363264de09ca1c715f351cb0ef671a09b2520f2b450ed708c5120a9d3b68a2f56bac0ab119ba8447384e6653c7a8a864f7377330a2da0c4be564ab01178313c02e871c60339db3e54cbfcdeab762c177b2df561c9554d219fea09e70d3145c7f619bfc3d40b5f344b794f07275d36cdb3404dd9f383d1a28b69a5da350deee726b3e8aef1b2cba9e86fb1eb2b7f8053457a835646f683a6fcdc35d92c28f7da84b72e8e4a22a798dc1f1b86c0c75188ca5faecb00de682ef5fd697c5f629edcaa0ab213cee59df3f36f925b413bd66f1600a028e9647afa9a4825dcd643f5c86d0bdd3f21ffe847d969e6b89b481c94476d15242b5b31c3fcd292ec64c241b7c59ed9e302adf3c150120e7045aa7c09649ad80c8f8f87d79e3fc932bb58c9b22891d8e497e8b439f2e0042609dd515d35caacc24acc536919c8caf876af020da0a399526d409adf7659e68ea1202762e5f42285a0eeacfc00e9043c39f2e38994ab556a6dd16b6d7b9f22b5131e6eaaa3370e33672f3e021d8d8e6b6ca65855eb9dc3567279317cc6132aaae8f0a188580f6d5ab1cab3f24b0200de09254711dd7ed6aae1873f632dd0b737afd579c5c75f48e4066f2f6a560977a16ed8e87af063ef96d126e655d676510da4f7d290f9f7158c20f4e64afc0be5d64831b3b9205eb8b3cca9307abbe0fc1a17ba019b402730d2349ca02cbc92f4609a286552080ebe9ea7db1195e898fd0dc9e7c435046bb3acb8520b258ac7c19f0ac33f98e7345119cafcd378a7eecc3455c169de1a65df98eac289dfd697a7871f148cd995c5a9889ea996a6704e98bec05d5b71ea1ec2d69bc7e4ca81164ca560c15fabc60c41022242b5c2f052b41233ab937fafb59d09ba5a42f8be9b48f66c9e4ec56464e220cf1074b28704f2cae5f62da8c962d0cd83123eefd210c33c22192da370c9d570948c0908be48e0ab54363dc23fd2e0a0002ea9de4e36b8c468f49d6fdf86221cef65a37be4a6109efea5a59bba3e3ce319a3c871be7c51861b93def944e2a6063eeb9ecfbaadf71055c885f833a3b5feaa4f4f2d57f1ba29430e9486536eb67bf4dc357c4bd818b428ebb030b1b7d9be7c1009079252145d7067c46e40b77f81925546ff941c2302dae0325699875c3a7e45f66dc0cccba3774a8ad6eaf8a40198d20a6248bc4f43cf3ba9d347aaead5e3d06d9278023afc8002152010c401c4848f8834dc90879150dccac3469f19d192a9195302b984706bfd5dbc10879935f26e9334d9c2c152d4befc849011262dec227a8d7a51fc6979e804ce4c62b53d0e1ef2b548b89f655c4a7c1397934f765e418909f2c2841a9e37c0d26d943d4d716c9b247e71eccce3d79e40a7edb9894b2e68c10872127c4557fa90387e94af5d4a208e84e9263977bc1b3708b13d57d1f2dde9d1bb8c00359cda63770a4e9686e9b27cfd0f2869febcd45ce59b53bcea23468c85c379878c1065a094a14dabe56266df7ee360b95443f8be6655439f7678a0430a79f26b348d9953b5513a28e4aec0b24dbde7e25e79e6cbfd1acad99e38ffc7f43c1de96b358db2e2054992b0f565562a761003e445381a8cc371ba1790b412fc9e2f91548f75b2f897b8e4cd6622c042cfeeda32d4dc7821f02084f87b4e6acc8049e1676097914a3999c5d782c9eadb1310bdc7d55aeeec0f395105f2e873cb945eff26bbf6431fd99671b81304795ba6d5b8c631b66f870b9ef8a7b46559bfc667586a329c02a48a0d899ac0e1efc5fa3df77372ffc3f3094c17c19c3af39f48254853a4608c00de22d1e4dafa9c31b266e037735f193657aa4fc42fc700b2b6d4915d9c2cb3e207b743228d9e2b339662782c32ac20ded185674fadd4245bcf6a7b4c333c3ca00c5c818b14485bf0018a4834ba86cdf66a50e47733db17a408e62af1f2ff393ab495bfb6d3b44b9f0df046d51b653f69bbc4c5a2bafdf8a83fd4806ba8b479d10c4403105d8f492e1fa1097287e60e3955d23729c4d3e38d0d726524bcaac671c5f2b85702de97271bc4191c1134df3c340f7d95441541ec160f90c0dcf66ab3eed3bde08d27c5035326aedcf17f3ce239ab281bd2670633e01640b523edc7f6214190663be93e1b81193c1667b72c13cbb7faac144e5b40c264b7e077414c26a8475a35b35182ac3ead8293d0b8f81f4f5481136de4ec5eb6cd0417f745cdad73a51cbb5f5345719e82b868fbdcd3a19c9103728a4fa69d4513a7cf27c3e59f7280e3b26f3c590e8108e138686b44eede632e7369fd1a177d02c0e50e1dfdd74500d6ce2ab0d926cc71e5e7c64fe4d58d7080e2fd5f3a0e18957d563bbcf9e1b767a928089a7bdc09f929c363661ace15abba7cb0a099c3218bd6970cda9b60747db6e5e97721a074f0d0de0a88a8e13b9f90f057c9d3d445052f4eaac316e485c6c072fb9a40b8fc19f4d6f9f6832d25a8eb4d959f246433e47a3e52a378d49b1d798f3d93aad521ba4915919c0fb816a6390cb5a6b5bf6562809daef80166ac918f7c75fe2a6f50802b8c3a662d5b5ff94c4d1e261d170b3ed43e8913d8d1b5c10d9517e73f93346e9336ce66cdd94c6b4dd020b8130cd9f7eceb05fe815dae252bc4537915a1da3d861acfebb7efeb8a417fec63dba234ca5c8698f56b2210af47096e052fcc7d5d3933442753558294c405952a638ffb5ece81137a31ec8cd1930e812893d17091c2b0035c9bca671fb657fd2df64a4685455dff9f07262b9736cfc40c919b4d69bf901dd9d005b059f5eac0011b29879fe1c3dd44c25c76fa5563a4a269e1c58bdb4bb4ea2dd2a94b697a70f343808d7d849c8b72c88f7228b849dddece44053c57012461ddcda6d2463d622020b74887df05c0570dd5aacffd3cea4ccdd0837f7f92d18d3536752927d392b7eb407ee1410783a41a1c2f1ddada75e42a703dba1bc5bdc6f5117ddedcdffd1e1b20aa7523b724965dee1adcd289b95ed49525150e54a232124c15a8d23f12afbad705911dfe5b1b125f3646c0f4d06e0f1a50b65e2c3f9015bb7792c3b5ed5b64e69a8275317912d5c6fa9f502459db9c0211b3c7ca5de71bcd7d90431d5d28c5d8e41760ea73e8fb0e4b4ad12693563c775328bdaec8448ee58a590ba0cdde230e9d0d4fcead1bb1160686271f9a9a28e79a6c87a713c21950cdf6dd52c3dfb0817742e11608aecce43a53737215ebcf4c79b640e703a541dd3b2da569ea77a2f0cfdcd463dbc0c1524a5db730b584c195a71965ea8d693849743abf5406be2012d6b2ce2a55e872bbfc359c226ed270e75a73b83afe06d23fc41a6b6f7a99485d55b8f86d69359a912ef66d1a72a7f43ddbf38ab554334e749454e8882f6f1e3af7a6b2bc4da398bedda425473e3c1e0b58311e5765897772598394df1bee861a5924f4e8401762cb7c8427da9d2def98542eb9449746eb2132486f70dd6ce775f9fe9eccc9df44c9f3a954969772caa0156b322fd52ad7e7988cc9be896ff97042b0af55a333679f95d26279a5fcaba16cd74193f6017033abcb8cbd4afd29234669ed9b2144aea62160045e7a56b021123af3e572a3793304f0aa70a00b3616d2bf1340870acc6c7572fc69767c12f05a8f6cf23cacc672ab40477831d0ad483589dd432e50c6af44c99e64f76f9fe69db1fe831482bb1b0666b00c16b152fd65de0f43acc79645687d64484e48de4e9aacb91dce470341637534d03b925e3cc4baf94b0c6108f8439290d3d4fd3fa1ba7738844a82d90ee80478b7ff297d9ded9939a1fc7fa5a68f335d0ac3465ec3d474eab2ae3628dfa9596424f8b84d9a0d78e5dddaf53405fe05d129cfb2010d8a075240fedb2b5972c6e86745514ad031326a8e4be88a0e2e5981992d99894927a1dceee6b8efdf31588750d509e24524e109baa6cbc86bd2fbefe598e6ff3ad60d344b823d122c37657e6287402e9539732466cd6eb1c47dd5173dc7dc83893e8f6ddb8515f056c68012ca489a8ab0fea95d1a0deec3ccf8d260e21259b848b5bc31f00648a093a6211c6143a8f117287fc70631e067f56f7ad9c5f8e6", @nested={0x4, 0x5f}, @generic="2a6e1095de8f994d9e1ba5e954fc2805562aa487b445ab7d3303e79791f510165488a18e6cbd3ed6448527e6896f11d710a5d437a8cebe6ac1fba3d7a40ca3b47bcde154e849c757d51773d6cbecf5298d982d3910286ac95ae68d0098ededf9b43dc49fe4979909fe980d27a3635da201508acf17c35ae492c3389c88b3b3e36d1b891d0548836c635833257dc4a23773dd25a00091edfab3426ccc52805bf93875dafd2bc70706d58bfc16d451"]}, @nested={0x4, 0xb8}, @typed={0x8, 0x141, 0x0, 0x0, @fd=r2}, @generic="86658e9d6e2261a027463c2135f811d745cd2736293dfb472ff4629e41025ba3de5f507b9046ad6d295f704a312386e4932f3d116b16cf12a9abee5962f9d19f555965a9c1e3c51c0a9be1a46c3f148688cc132ca7d6d55d929f22dc3f3cfe6183ecc2add75e7bc7266bddc1bd410c5def2de65efed744950752124177918bdd243a378cd54b86657ced2a4f599d12b6b464baeb870c16375b4597204f6e04b7190b37529b6fe4", @typed={0x8, 0x14a, 0x0, 0x0, @fd=r0}, @nested={0x8, 0xcb, 0x0, 0x1, [@nested={0x4, 0x1a}]}]}, @MAC802154_HWSIM_ATTR_RADIO_ID={0x8, 0x1, 0x2}, @MAC802154_HWSIM_ATTR_RADIO_ID={0x8, 0x1, 0x3}, @MAC802154_HWSIM_ATTR_RADIO_ID={0x8, 0x1, 0x8001}, @MAC802154_HWSIM_ATTR_RADIO_ID={0x8, 0x1, 0x8}]}, 0x1288}, 0x1, 0x0, 0x0, 0x804}, 0x4000000) close_range$auto(0x2, r0, 0x3) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/interrupts\x00', 0x18b202, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) r3 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/block/nbd7/power/autosuspend_delay_ms\x00', 0x22902, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x189401, 0x0) close_range$auto(0x2, 0x8, 0x0) r4 = socketcall$auto(0xa, 0x0) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r4) mmap$auto(0x0, 0x101, 0x4000000000df, 0xeb1, 0x200000401, 0x8000) close_range$auto(0x0, 0xffffffffffffffff, 0x4000000000002) eventfd$auto(0x1) openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000080), 0x141080, 0x0) r6 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) r7 = ioctl$auto_KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0xffffffffffffffff) r8 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto(r7, 0x4020ae76, r8) close_range$auto(0x2, 0x8, 0x0) 2.181063304s ago: executing program 2 (id=3589): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) r1 = syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000980)={0x14, r1, 0x1, 0x70bd31, 0x25dfdbfd}, 0x14}}, 0x24048084) madvise$auto(0x0, 0x200007, 0x19) fanotify_init$auto(0x65, 0x2) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) unshare$auto(0x20000080) syz_clone3(&(0x7f0000000380)={0x2c022000, 0x0, 0x0, 0x0, {0x1f}, 0x0, 0x0, 0x0, 0x0}, 0x58) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x101001, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000001c0), 0x101000, 0x0) sendmsg$auto_NL80211_CMD_DEL_TX_TS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000200)={&(0x7f0000000480)={0x264, 0x0, 0x100, 0x70bd2c, 0x25dfdbff, {}, [@NL80211_ATTR_KEY_DATA={0x15, 0x7, "f6ff64389b62872b26f97bc80d052696ab"}, @NL80211_ATTR_MESH_ID={0x22, 0x18, "3eed9b1465d94ee937d70efbcdd93f95cb35b0d61936ae811703d63b6d71"}, @NL80211_ATTR_SAR_SPEC={0x200, 0x12c, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS={0x11c, 0x2, 0x0, 0x1, [{0x14, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_POWER={0x8}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x1}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0xa}]}, {0x24, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x2}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x1}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x48}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x9}]}, {0x2c, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x7}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x6}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0xd}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x4}]}, {0x34, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x401}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x200}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x7}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x1000}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x7}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x8}]}, {0x1c, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x6}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0xfffffffd}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0xffff1e6d}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x452}]}, {0x24, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x7f}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x7}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x4}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x2}]}, {0x4}, {0x24, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0xbb02}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x9}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0xb19}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x20}]}]}, @NL80211_SAR_ATTR_SPECS={0xe0, 0x2, 0x0, 0x1, [{0x34, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x497819ce}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x9}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x100}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0xc59b}]}, {0x34, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x18}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x4}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x7ff}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x7}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0xc6000000}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x7}]}, {0x34, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x9}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x4}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x20000}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x7fff}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0xd}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x5}]}, {0x1c, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x7}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x7fff}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x100}]}, {0x24, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x5}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x8}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0xfff}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x6}]}]}]}, @NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM={0x6, 0xfb, 0x3}, @NL80211_ATTR_AP_ISOLATE={0x5, 0x60, 0x4}, @NL80211_ATTR_TDLS_EXTERNAL_SETUP={0x4}]}, 0x264}, 0x1, 0x0, 0x0, 0x24040081}, 0x40094) r2 = openat$auto_zero_fops_mem(0xffffffffffffff9c, 0x0, 0x80200, 0x0) pread64$auto(r2, &(0x7f0000000240)='\x03W\x96l\x15\x00\x00\x00\x00\xf4\x00'/21, 0x100000002, 0x100000001) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x101c82, 0x0) r3 = prctl$auto(0x42, 0x0, 0x0, 0x1, 0x0) ioctl$auto_BLKROSET(r3, 0x125d, 0x0) 1.420956969s ago: executing program 1 (id=3590): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) sysfs$auto(0x2, 0x100000000000037, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) r1 = socket(0x80000000000000a, 0x2, 0x0) getsockopt$auto(r1, 0x88, 0x66, 0x0, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x1, 0x0, 0x14) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r2, 0x0, 0x20) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x4) ioctl$auto_FIDEDUPERANGE(r0, 0xc0189436, 0x8000001) msgctl$auto_IPC_INFO(0x6, 0x3, 0x0) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0) 1.293463142s ago: executing program 1 (id=3591): mmap$auto(0x0, 0x100, 0x4000000000df, 0x80000000eb1, 0x401, 0x8000) io_uring_setup$auto(0x4bf15e08, &(0x7f0000000000)={0x408, 0x3, 0x10101, 0x6fb7, 0x8a, 0x4, 0xffffffffffffffff, [0x100, 0x7, 0x7f], {0x2, 0x7, 0x3034, 0xc, 0x8f, 0x5, 0x5, 0xfffffff9, 0x6}, {0x4000, 0x3, 0x1, 0xbffff000, 0x8, 0x20b86, 0x5, 0x837, 0x8}}) mmap$auto(0x0, 0x20006, 0xe2, 0xfffffffffffffff9, 0x405, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x15) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card1/cable#1\x00', 0xc0f02, 0x0) pread64$auto(r0, 0x0, 0x3, 0x5ef6) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x20006, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x15, 0x5, 0x7) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) madvise$auto(0x110c230000, 0x1, 0x9) statmount$auto(0x0, &(0x7f0000000180)={0x9, 0xfffffffe, 0x44f, 0xa, 0x10, 0x1007181, 0x0, 0x62, 0x7, 0x800, 0x0, 0x26, 0x4, 0x200003fffffe, 0xfffffffffffffff5, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x862, 0xf, 0x22002, 0x200, 0x0, 0x62f, 0x6, 0x0, 0x0, 0x0, 0xb626, [0xfffffffffffffffe, 0xffffffffffff04ef, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9e, 0x0, 0xa7, 0xfffffffffffffffd, 0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffffd, 0x40, 0x81, 0x8a0, 0xb, 0x81, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x1000, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100002, 0x0, 0x3ff, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4000000000000]}, 0x800000000000b, 0xbc) r1 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) ioctl$auto__ctl_fops_dm_ioctl(r1, 0xfffffff7effffd0c, &(0x7f00000001c0)) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) keyctl$auto_KEYCTL_SESSION_TO_PARENT(0x12, 0xaa2, 0x86, 0xf, 0x86f1) setsockopt$auto(0x3, 0x0, 0x4, 0x0, 0x28) msync$auto(0x110c230000, 0x200001, 0x6) 843.577134ms ago: executing program 2 (id=3592): r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/mpls/platform_labels\x00', 0x202, 0x0) pwrite64$auto(r0, &(0x7f0000000040)='/proc/sys/user/max_fanotify_g\b\x00\x00\x00s@', 0x7, 0x7) 643.996792ms ago: executing program 2 (id=3593): r0 = openat$auto__dev_ioctl_fops_dev_ioctl(0xffffffffffffff9c, &(0x7f0000000040), 0x44481, 0x0) r1 = getpid() process_vm_readv$auto(r1, &(0x7f0000000000)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={&(0x7f0000000040)="8c9700089d1b208365d5b5d112dbab029ed13881d2f2c7ba2eb01c3db79f77fdc2bb50c64a925009dff4cd1aca925c57100112d88f73348a54396800ed598a0e5500d7c0cbb6b1e91d", 0x40000000001243}, 0x4, 0x0) r2 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f0000000400)='/dev/snd/pcmC0D0c\x00', 0x20000, 0x0) sendmsg$auto_MAC802154_HWSIM_CMD_NEW_RADIO(r0, &(0x7f0000002640)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000002600)={&(0x7f0000001200)={0x1288, 0x0, 0x20, 0x70bd2d, 0x10, {}, [@MAC802154_HWSIM_ATTR_RADIO_EDGE={0x1254, 0x2, 0x0, 0x1, [@generic="a1b697a25b2c9d989610a902262314a234d0319ab522543504669fe4fdc44a0a3bee40f8c6c86e246ad44535f7d16d461a674b9f188a04973541002e072e5029160591cdfbb7192995525a293209100e3731ddd2da8f945b305789c099b3882cdb8012ec9b4533fcf062829ef9515fcf2e0be398b3a14109c77a30a32b30c4c3b8d738dc5562e40a387431e4829d941d47c6a7cdd812b882af9e346a53944b1b8bae18e532f05539b55c896e438ba32b7cdc91f15d5226fc858f2424a4c83ee50a964db4f3365defa3", @nested={0x10c2, 0x3, 0x0, 0x1, [@typed={0xc, 0x64, 0x0, 0x0, @u64=0xc}, @generic="74cb3af78a35f542d27d2c097a454603cfffce8ed34dff6ee0453f0d6028cf718547d162272222cbd599592f82f0f31a02ae1cfdcc7d24096e70a5427bdfab51213875293b3b904cc4c4d828a042bca8d7452ef109e27033a32deb8737ddd2c453431060a7f1e852f733d1bf5c7855fcefca05cf74d41925087eeb2d9107bcf3651e15f7de43517ec28d0301f01047ba939359889741a219930e5ddf3dff75f7afbf76da774d4ce71ba143551551d743aaf61a0989827589f89c69749be9ded33b5b37a7b6671ac38773c4d671cead9357e463c251bb15e64391ac96b34d4e7b309e95c875f9f161f52fdff4f77909e1987aa322e447571721c1fade47a20318593b463e1f0be3f9ba1cbaf5424268e608626efb860350b9731b2a2ec8e91fe2a5896a18dc823eb76e9075e7599d1c349d90bceb136314ec4a295d11ffd181efaf4838728ae41ec7bf3a0d2883eb13fca1ab485a4193e4972c244e5f7c8a0ae29ae85d79a92d2918de0cf4bd9baaa2bc18debbda025d898bae24d169566c22582212dfa8044506b3da2bd32132f8a6a0f129681f33cd8449448bfc276bc4567cb26400a0a2fe8c42321d12f5157f00a4fede10a0f17ddf1ae3d3ba6cea67ac0176b3072941bb6048638830c4a5f3739f6defe364823779075fcca6c0c6d4504b8ca84433f05d9fad99e5d3b55d2e7ef2a7616358814d31cdb75713e92d6babee63350fc16aabee25ef337a7c8ee6d66e6ced8761cacd23c82cab72f4aa9fccd72a9405997763944116c64227b4570e43866ec7502273cff3aaa4ed648a6be8dac00f9b445f7cadb7d63ae75a63ca176e206dc261ed582f8d2f30d4327d5ba688c7dca2d29037d6b715592dc8a4c28ddae1697630c6a99b0a5e1e1a55e56a1c2704e940e2fd24285e2508545459498625073f10ab26294f7423806d4e00dd49c7d86653a45bc31a490e1db39c6a286d2dc2e0560a821332306f1ea54ad2e84354e70f3fb791d9cfd74eb49316e540639bcb7c837cfe5ae068c64fb6c1cb61e7d8be82e7c2a8d4b53c9462cd97d10e8ee3dfe631db74937733bcf7c511b5d3262eb21d3cdaa6cd354d6ffbad293b04af55e57e3f9844e034e7c158a716656cb912c9a3953ec9e491ab3cf081e3c2583223bc8e5657558d49d8d2c25cf67503d33fe11c373d4913d4c5228999e5dd944c80556432808cb793ce79d0182efc66e370aa67ace16cd151eaaae9251775e642afeb35d729d5e1f04ad24087f6b2c3a433644c8153b30560099ad30573f2019fbab7c1d454451110728883195325da39366d3fb29a8f44f00faf31a9f13a14daea7321c194383f5b476d5d7c2f27750b071620590037ac2c113c64db41f574a45b33a2e941141b657efb1f1de983089885adaa2487c1040dbb949970e8b97102d80127a11a902c1dfac7908a395c278a4148e086d3da01d5a950ceecda90b677240cc2bd2d5785e8182029689890e7062508eca78054a4289770f21d4d0ad90c2601ad08177543ecf077e2b148b713a3bfcb00c146b4f53ae3bea678ba24f4f57ba04474b88a7ae18c1d3673c6508883afb664259c2b7bdc8302f44ca614d2d44f5e31c877af90997e951cddcfb641bd6c43f0cf4f8d6a22061015683c4ec0062ba12b9ca4c683f90bae883790dfdbdc5fc9520634d0f3c8e7ac6fdd7d1e3d495aa330a19ff3bfd1203f8363264de09ca1c715f351cb0ef671a09b2520f2b450ed708c5120a9d3b68a2f56bac0ab119ba8447384e6653c7a8a864f7377330a2da0c4be564ab01178313c02e871c60339db3e54cbfcdeab762c177b2df561c9554d219fea09e70d3145c7f619bfc3d40b5f344b794f07275d36cdb3404dd9f383d1a28b69a5da350deee726b3e8aef1b2cba9e86fb1eb2b7f8053457a835646f683a6fcdc35d92c28f7da84b72e8e4a22a798dc1f1b86c0c75188ca5faecb00de682ef5fd697c5f629edcaa0ab213cee59df3f36f925b413bd66f1600a028e9647afa9a4825dcd643f5c86d0bdd3f21ffe847d969e6b89b481c94476d15242b5b31c3fcd292ec64c241b7c59ed9e302adf3c150120e7045aa7c09649ad80c8f8f87d79e3fc932bb58c9b22891d8e497e8b439f2e0042609dd515d35caacc24acc536919c8caf876af020da0a399526d409adf7659e68ea1202762e5f42285a0eeacfc00e9043c39f2e38994ab556a6dd16b6d7b9f22b5131e6eaaa3370e33672f3e021d8d8e6b6ca65855eb9dc3567279317cc6132aaae8f0a188580f6d5ab1cab3f24b0200de09254711dd7ed6aae1873f632dd0b737afd579c5c75f48e4066f2f6a560977a16ed8e87af063ef96d126e655d676510da4f7d290f9f7158c20f4e64afc0be5d64831b3b9205eb8b3cca9307abbe0fc1a17ba019b402730d2349ca02cbc92f4609a286552080ebe9ea7db1195e898fd0dc9e7c435046bb3acb8520b258ac7c19f0ac33f98e7345119cafcd378a7eecc3455c169de1a65df98eac289dfd697a7871f148cd995c5a9889ea996a6704e98bec05d5b71ea1ec2d69bc7e4ca81164ca560c15fabc60c41022242b5c2f052b41233ab937fafb59d09ba5a42f8be9b48f66c9e4ec56464e220cf1074b28704f2cae5f62da8c962d0cd83123eefd210c33c22192da370c9d570948c0908be48e0ab54363dc23fd2e0a0002ea9de4e36b8c468f49d6fdf86221cef65a37be4a6109efea5a59bba3e3ce319a3c871be7c51861b93def944e2a6063eeb9ecfbaadf71055c885f833a3b5feaa4f4f2d57f1ba29430e9486536eb67bf4dc357c4bd818b428ebb030b1b7d9be7c1009079252145d7067c46e40b77f81925546ff941c2302dae0325699875c3a7e45f66dc0cccba3774a8ad6eaf8a40198d20a6248bc4f43cf3ba9d347aaead5e3d06d9278023afc8002152010c401c4848f8834dc90879150dccac3469f19d192a9195302b984706bfd5dbc10879935f26e9334d9c2c152d4befc849011262dec227a8d7a51fc6979e804ce4c62b53d0e1ef2b548b89f655c4a7c1397934f765e418909f2c2841a9e37c0d26d943d4d716c9b247e71eccce3d79e40a7edb9894b2e68c10872127c4557fa90387e94af5d4a208e84e9263977bc1b3708b13d57d1f2dde9d1bb8c00359cda63770a4e9686e9b27cfd0f2869febcd45ce59b53bcea23468c85c379878c1065a094a14dabe56266df7ee360b95443f8be6655439f7678a0430a79f26b348d9953b5513a28e4aec0b24dbde7e25e79e6cbfd1acad99e38ffc7f43c1de96b358db2e2054992b0f565562a761003e445381a8cc371ba1790b412fc9e2f91548f75b2f897b8e4cd6622c042cfeeda32d4dc7821f02084f87b4e6acc8049e1676097914a3999c5d782c9eadb1310bdc7d55aeeec0f395105f2e873cb945eff26bbf6431fd99671b81304795ba6d5b8c631b66f870b9ef8a7b46559bfc667586a329c02a48a0d899ac0e1efc5fa3df77372ffc3f3094c17c19c3af39f48254853a4608c00de22d1e4dafa9c31b266e037735f193657aa4fc42fc700b2b6d4915d9c2cb3e207b743228d9e2b339662782c32ac20ded185674fadd4245bcf6a7b4c333c3ca00c5c818b14485bf0018a4834ba86cdf66a50e47733db17a408e62af1f2ff393ab495bfb6d3b44b9f0df046d51b653f69bbc4c5a2bafdf8a83fd4806ba8b479d10c4403105d8f492e1fa1097287e60e3955d23729c4d3e38d0d726524bcaac671c5f2b85702de97271bc4191c1134df3c340f7d95441541ec160f90c0dcf66ab3eed3bde08d27c5035326aedcf17f3ce239ab281bd2670633e01640b523edc7f6214190663be93e1b81193c1667b72c13cbb7faac144e5b40c264b7e077414c26a8475a35b35182ac3ead8293d0b8f81f4f5481136de4ec5eb6cd0417f745cdad73a51cbb5f5345719e82b868fbdcd3a19c9103728a4fa69d4513a7cf27c3e59f7280e3b26f3c590e8108e138686b44eede632e7369fd1a177d02c0e50e1dfdd74500d6ce2ab0d926cc71e5e7c64fe4d58d7080e2fd5f3a0e18957d563bbcf9e1b767a928089a7bdc09f929c363661ace15abba7cb0a099c3218bd6970cda9b60747db6e5e97721a074f0d0de0a88a8e13b9f90f057c9d3d445052f4eaac316e485c6c072fb9a40b8fc19f4d6f9f6832d25a8eb4d959f246433e47a3e52a378d49b1d798f3d93aad521ba4915919c0fb816a6390cb5a6b5bf6562809daef80166ac918f7c75fe2a6f50802b8c3a662d5b5ff94c4d1e261d170b3ed43e8913d8d1b5c10d9517e73f93346e9336ce66cdd94c6b4dd020b8130cd9f7eceb05fe815dae252bc4537915a1da3d861acfebb7efeb8a417fec63dba234ca5c8698f56b2210af47096e052fcc7d5d3933442753558294c405952a638ffb5ece81137a31ec8cd1930e812893d17091c2b0035c9bca671fb657fd2df64a4685455dff9f07262b9736cfc40c919b4d69bf901dd9d005b059f5eac0011b29879fe1c3dd44c25c76fa5563a4a269e1c58bdb4bb4ea2dd2a94b697a70f343808d7d849c8b72c88f7228b849dddece44053c57012461ddcda6d2463d622020b74887df05c0570dd5aacffd3cea4ccdd0837f7f92d18d3536752927d392b7eb407ee1410783a41a1c2f1ddada75e42a703dba1bc5bdc6f5117ddedcdffd1e1b20aa7523b724965dee1adcd289b95ed49525150e54a232124c15a8d23f12afbad705911dfe5b1b125f3646c0f4d06e0f1a50b65e2c3f9015bb7792c3b5ed5b64e69a8275317912d5c6fa9f502459db9c0211b3c7ca5de71bcd7d90431d5d28c5d8e41760ea73e8fb0e4b4ad12693563c775328bdaec8448ee58a590ba0cdde230e9d0d4fcead1bb1160686271f9a9a28e79a6c87a713c21950cdf6dd52c3dfb0817742e11608aecce43a53737215ebcf4c79b640e703a541dd3b2da569ea77a2f0cfdcd463dbc0c1524a5db730b584c195a71965ea8d693849743abf5406be2012d6b2ce2a55e872bbfc359c226ed270e75a73b83afe06d23fc41a6b6f7a99485d55b8f86d69359a912ef66d1a72a7f43ddbf38ab554334e749454e8882f6f1e3af7a6b2bc4da398bedda425473e3c1e0b58311e5765897772598394df1bee861a5924f4e8401762cb7c8427da9d2def98542eb9449746eb2132486f70dd6ce775f9fe9eccc9df44c9f3a954969772caa0156b322fd52ad7e7988cc9be896ff97042b0af55a333679f95d26279a5fcaba16cd74193f6017033abcb8cbd4afd29234669ed9b2144aea62160045e7a56b021123af3e572a3793304f0aa70a00b3616d2bf1340870acc6c7572fc69767c12f05a8f6cf23cacc672ab40477831d0ad483589dd432e50c6af44c99e64f76f9fe69db1fe831482bb1b0666b00c16b152fd65de0f43acc79645687d64484e48de4e9aacb91dce470341637534d03b925e3cc4baf94b0c6108f8439290d3d4fd3fa1ba7738844a82d90ee80478b7ff297d9ded9939a1fc7fa5a68f335d0ac3465ec3d474eab2ae3628dfa9596424f8b84d9a0d78e5dddaf53405fe05d129cfb2010d8a075240fedb2b5972c6e86745514ad031326a8e4be88a0e2e5981992d99894927a1dceee6b8efdf31588750d509e24524e109baa6cbc86bd2fbefe598e6ff3ad60d344b823d122c37657e6287402e9539732466cd6eb1c47dd5173dc7dc83893e8f6ddb8515f056c68012ca489a8ab0fea95d1a0deec3ccf8d260e21259b848b5bc31f00648a093a6211c6143a8f117287fc70631e067f56f7ad9c5f8e6", @nested={0x4, 0x5f}, @generic="2a6e1095de8f994d9e1ba5e954fc2805562aa487b445ab7d3303e79791f510165488a18e6cbd3ed6448527e6896f11d710a5d437a8cebe6ac1fba3d7a40ca3b47bcde154e849c757d51773d6cbecf5298d982d3910286ac95ae68d0098ededf9b43dc49fe4979909fe980d27a3635da201508acf17c35ae492c3389c88b3b3e36d1b891d0548836c635833257dc4a23773dd25a00091edfab3426ccc52805bf93875dafd2bc70706d58bfc16d451"]}, @nested={0x4, 0xb8}, @typed={0x8, 0x141, 0x0, 0x0, @fd=r2}, @generic="86658e9d6e2261a027463c2135f811d745cd2736293dfb472ff4629e41025ba3de5f507b9046ad6d295f704a312386e4932f3d116b16cf12a9abee5962f9d19f555965a9c1e3c51c0a9be1a46c3f148688cc132ca7d6d55d929f22dc3f3cfe6183ecc2add75e7bc7266bddc1bd410c5def2de65efed744950752124177918bdd243a378cd54b86657ced2a4f599d12b6b464baeb870c16375b4597204f6e04b7190b37529b6fe4", @typed={0x8, 0x14a, 0x0, 0x0, @fd=r0}, @nested={0x8, 0xcb, 0x0, 0x1, [@nested={0x4, 0x1a}]}]}, @MAC802154_HWSIM_ATTR_RADIO_ID={0x8, 0x1, 0x2}, @MAC802154_HWSIM_ATTR_RADIO_ID={0x8, 0x1, 0x3}, @MAC802154_HWSIM_ATTR_RADIO_ID={0x8, 0x1, 0x8001}, @MAC802154_HWSIM_ATTR_RADIO_ID={0x8, 0x1, 0x8}]}, 0x1288}, 0x1, 0x0, 0x0, 0x804}, 0x4000000) close_range$auto(0x2, r0, 0x3) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/interrupts\x00', 0x18b202, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="1000"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) r3 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/block/nbd7/power/autosuspend_delay_ms\x00', 0x22902, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x189401, 0x0) close_range$auto(0x2, 0x8, 0x0) r4 = socketcall$auto(0xa, 0x0) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r4) mmap$auto(0x0, 0x101, 0x4000000000df, 0xeb1, 0x200000401, 0x8000) close_range$auto(0x0, 0xffffffffffffffff, 0x4000000000002) eventfd$auto(0x1) openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000080), 0x141080, 0x0) r6 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) r7 = ioctl$auto_KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0xffffffffffffffff) r8 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto(r7, 0x4020ae76, r8) close_range$auto(0x2, 0x8, 0x0) 350.039738ms ago: executing program 2 (id=3594): openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC1\x00', 0x42000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(0xffffffffffffffff, 0x0, 0x810) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) socket(0x2, 0x3, 0x1b42) socket(0x21, 0x800, 0x0) sendmsg$auto_TCP_METRICS_CMD_GET(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB="c2e8b3440c2af6871e22d8f5d451218b91a1226d53202895ee1d1c67b54301dd59ecd4780139fbb267e653ed3d896883406caa17863f4187e7716829da69852a811a3aa50f69e677060aeda7431b5e88624234d55c8f49a68d5e9d1a9d93dab4aaadb5e83957d7a36565a1e7019d492ef22a13100120fd95abe8df3758a08c2aeca82333d26277b61dfdeee28fac9588353357a8f1051dd8043c1a34a500008c43e9ab", @ANYBLOB="0100f9020000fbdbdf250100000008000b00ac141420080001"], 0x24}, 0x1, 0x0, 0x0, 0x14}, 0x0) r0 = socket(0x11, 0xa, 0x9) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000400)='/dev/snd/controlC0\x00', 0x880, 0x0) openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cpuinfo\x00', 0x8800, 0x0) socket(0xa, 0x2, 0x0) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000001280)='/dev/sequencer2\x00', 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYRES32=0x0, @ANYRES8=r0, @ANYRES8=r1], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x2000c082) write$auto(r2, &(0x7f0000000000)='-\x00', 0xfdef) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/mpls/platform_labels\x00', 0x202, 0x0) mmap$auto(0x0, 0x8, 0x1000000004, 0x9b72, 0x2, 0x8000) io_setup$auto(0x1, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000) signalfd4$auto(0xffffffff, 0x0, 0x8, 0x0) unshare$auto(0x40000080) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x123002, 0x0) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) 0s ago: executing program 2 (id=3595): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000001500), r0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x10000, 0xde, 0x11, 0xffffffffffffffff, 0x28000) madvise$auto(0x0, 0x2000040080000004, 0xe) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) write$auto(0x1, 0x0, 0x80000000) fcntl$auto(0x0, 0x407, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xa001, 0x0) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/conf/veth1_macvtap/ignore_routes_with_linkdown\x00', 0x143000, 0x0) write$auto_proc_sys_file_operations_proc_sysctl(r1, 0x0, 0x0) kernel console output (not intermixed with test programs): 67.483169][T18147] CPU: 1 UID: 0 PID: 18147 Comm: syz.3.2799 Tainted: G L syzkaller #0 PREEMPT(full) [ 967.483230][T18147] Tainted: [L]=SOFTLOCKUP [ 967.483245][T18147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 967.483275][T18147] Call Trace: [ 967.483288][T18147] [ 967.483301][T18147] dump_stack_lvl+0x100/0x190 [ 967.483370][T18147] should_fail_ex.cold+0x5/0xa [ 967.483409][T18147] ? prepare_alloc_pages+0x16d/0x5f0 [ 967.483463][T18147] should_fail_alloc_page+0xeb/0x140 [ 967.483507][T18147] prepare_alloc_pages+0x1f0/0x5f0 [ 967.483567][T18147] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 967.483643][T18147] ? stack_trace_save+0x8e/0xc0 [ 967.483688][T18147] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 967.483747][T18147] ? stack_depot_save_flags+0x27/0x9d0 [ 967.483807][T18147] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 967.483879][T18147] ? kasan_save_stack+0x3f/0x50 [ 967.483913][T18147] ? kasan_save_stack+0x30/0x50 [ 967.483945][T18147] ? kasan_save_track+0x14/0x30 [ 967.483995][T18147] ? do_sys_openat2+0x10d/0x1e0 [ 967.484042][T18147] ? __x64_sys_openat+0x12d/0x210 [ 967.484098][T18147] ? do_syscall_64+0x106/0xf80 [ 967.484145][T18147] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 967.484186][T18147] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 967.484233][T18147] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 967.484275][T18147] ? policy_nodemask+0xed/0x4f0 [ 967.484324][T18147] alloc_pages_mpol+0x1fb/0x550 [ 967.484361][T18147] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 967.484410][T18147] alloc_pages_noprof+0x136/0x390 [ 967.484454][T18147] get_zeroed_page_noprof+0x18/0xb0 [ 967.484501][T18147] get_image_page+0x18/0x1a0 [ 967.484538][T18147] memory_bm_create+0x432/0xba0 [ 967.484597][T18147] create_basic_memory_bitmaps+0x10b/0x350 [ 967.484651][T18147] snapshot_open+0x230/0x2a0 [ 967.484694][T18147] ? __pfx_snapshot_open+0x10/0x10 [ 967.484746][T18147] misc_open+0x26d/0x450 [ 967.484794][T18147] ? __pfx_misc_open+0x10/0x10 [ 967.484838][T18147] chrdev_open+0x234/0x6a0 [ 967.484875][T18147] ? __pfx_apparmor_file_open+0x10/0x10 [ 967.484915][T18147] ? __pfx_chrdev_open+0x10/0x10 [ 967.484956][T18147] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 967.485043][T18147] do_dentry_open+0x6d8/0x1660 [ 967.485086][T18147] ? __pfx_chrdev_open+0x10/0x10 [ 967.485137][T18147] vfs_open+0x82/0x3f0 [ 967.485193][T18147] path_openat+0x208c/0x31a0 [ 967.485245][T18147] ? __pfx_path_openat+0x10/0x10 [ 967.485302][T18147] do_file_open+0x20e/0x430 [ 967.485345][T18147] ? __pfx_do_file_open+0x10/0x10 [ 967.485410][T18147] ? alloc_fd+0x476/0x790 [ 967.485440][T18147] ? do_getname+0x191/0x390 [ 967.485477][T18147] do_sys_openat2+0x10d/0x1e0 [ 967.485513][T18147] ? __pfx_do_sys_openat2+0x10/0x10 [ 967.485606][T18147] __x64_sys_openat+0x12d/0x210 [ 967.485644][T18147] ? __pfx___x64_sys_openat+0x10/0x10 [ 967.485692][T18147] do_syscall_64+0x106/0xf80 [ 967.485720][T18147] ? clear_bhb_loop+0x40/0x90 [ 967.485752][T18147] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 967.485779][T18147] RIP: 0033:0x7fd95c99c819 [ 967.485801][T18147] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 967.485826][T18147] RSP: 002b:00007fd95d7d8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 967.485851][T18147] RAX: ffffffffffffffda RBX: 00007fd95cc15fa0 RCX: 00007fd95c99c819 [ 967.485869][T18147] RDX: 0000000000008001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 967.485885][T18147] RBP: 00007fd95ca32c91 R08: 0000000000000000 R09: 0000000000000000 [ 967.485900][T18147] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 967.485916][T18147] R13: 00007fd95cc16038 R14: 00007fd95cc15fa0 R15: 00007ffdaa2bca78 [ 967.485949][T18147] [ 968.397267][T18167] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 970.156436][T18188] netlink: 338 bytes leftover after parsing attributes in process `syz.2.2807'. [ 970.746003][T18197] random: crng reseeded on system resumption [ 971.025228][T18201] smc: net device dummy0 applied user defined pnetid DUMMY0 [ 971.059662][T18181] Bluetooth: hci4: command 0x0406 tx timeout [ 971.455194][T11656] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 971.667233][T18210] netlink: 338 bytes leftover after parsing attributes in process `syz.2.2816'. [ 971.813746][T18210] KVM: debugfs: duplicate directory 18210-3 [ 972.360861][T18227] netlink: 338 bytes leftover after parsing attributes in process `syz.2.2821'. [ 972.512693][T18230] random: crng reseeded on system resumption [ 972.558906][T18227] KVM: debugfs: duplicate directory 18227-3 [ 972.741647][T18237] smc: net device dummy0 applied user defined pnetid DUMMY0 [ 973.433245][T11656] Bluetooth: hci3: unexpected event 0x1c length: 725 > 5 [ 973.541958][T18257] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2831'. [ 973.822091][T18271] random: crng reseeded on system resumption [ 974.172266][T18278] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2837'. [ 974.217553][T18278] KVM: debugfs: duplicate directory 18278-3 [ 974.873227][T18287] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2839'. [ 974.901223][T18287] KVM: debugfs: duplicate directory 18287-3 [ 975.035793][T18285] random: crng reseeded on system resumption [ 975.138907][T18285] input: jJǸ-¶š9ã%vø“û¨lÐQ  J86Ö‘ as /devices/virtual/input/input85 [ 976.226231][T18315] block2mtd: illegal erase size [ 977.307365][T18323] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2847'. [ 977.437019][T18326] KVM: debugfs: duplicate directory 18326-3 [ 977.742328][T18330] __vm_enough_memory: pid: 18330, comm: syz.0.2849, bytes: 4398046457856 not enough memory for the allocation [ 978.230713][T18338] futex_wake_op: syz.0.2852 tries to shift op by -2048; fix this program [ 978.445749][T18341] netlink: 'syz.1.2851': attribute type 1 has an invalid length. [ 978.562632][T18341] netlink: 9 bytes leftover after parsing attributes in process `syz.1.2851'. [ 978.930803][T18356] netlink: 'syz.0.2856': attribute type 29 has an invalid length. [ 978.956682][T18356] netlink: 'syz.0.2856': attribute type 30 has an invalid length. [ 978.997844][T18356] netlink: 'syz.0.2856': attribute type 31 has an invalid length. [ 979.087122][T18356] netlink: 'syz.0.2856': attribute type 32 has an invalid length. [ 979.103723][T18356] netlink: 'syz.0.2856': attribute type 33 has an invalid length. [ 979.157182][T18356] netlink: 'syz.0.2856': attribute type 35 has an invalid length. [ 979.190461][T18356] netlink: 'syz.0.2856': attribute type 37 has an invalid length. [ 979.213691][T18349] usb usb37: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 979.236100][T18349] vhci_hcd vhci_hcd.2: invalid port number 0 [ 979.275171][T18356] netlink: 18 bytes leftover after parsing attributes in process `syz.0.2856'. [ 979.569348][T18363] random: crng reseeded on system resumption [ 979.629136][T18363] FAULT_INJECTION: forcing a failure. [ 979.629136][T18363] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 979.695260][T18363] CPU: 1 UID: 0 PID: 18363 Comm: syz.1.2857 Tainted: G L syzkaller #0 PREEMPT(full) [ 979.695317][T18363] Tainted: [L]=SOFTLOCKUP [ 979.695329][T18363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 979.695350][T18363] Call Trace: [ 979.695361][T18363] [ 979.695374][T18363] dump_stack_lvl+0x100/0x190 [ 979.695434][T18363] should_fail_ex.cold+0x5/0xa [ 979.695472][T18363] ? prepare_alloc_pages+0x16d/0x5f0 [ 979.695520][T18363] should_fail_alloc_page+0xeb/0x140 [ 979.695565][T18363] prepare_alloc_pages+0x1f0/0x5f0 [ 979.695615][T18363] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 979.695677][T18363] ? __alloc_frozen_pages_noprof+0x2b1/0x2ba0 [ 979.695752][T18363] ? stack_trace_save+0x8e/0xc0 [ 979.695793][T18363] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 979.695864][T18363] ? stack_depot_save_flags+0x27/0x9d0 [ 979.695916][T18363] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 979.695981][T18363] ? kasan_save_stack+0x3f/0x50 [ 979.696013][T18363] ? kasan_save_stack+0x30/0x50 [ 979.696044][T18363] ? kasan_save_track+0x14/0x30 [ 979.696086][T18363] ? do_sys_openat2+0x10d/0x1e0 [ 979.696133][T18363] ? __x64_sys_openat+0x12d/0x210 [ 979.696181][T18363] ? do_syscall_64+0x106/0xf80 [ 979.696218][T18363] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 979.696264][T18363] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 979.696305][T18363] ? policy_nodemask+0xed/0x4f0 [ 979.696350][T18363] alloc_pages_mpol+0x1fb/0x550 [ 979.696394][T18363] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 979.696437][T18363] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 979.696483][T18363] alloc_pages_noprof+0x136/0x390 [ 979.696528][T18363] get_zeroed_page_noprof+0x18/0xb0 [ 979.696575][T18363] get_image_page+0x18/0x1a0 [ 979.696611][T18363] alloc_rtree_node+0x3c/0xb0 [ 979.696648][T18363] memory_bm_create+0x65e/0xba0 [ 979.696704][T18363] create_basic_memory_bitmaps+0x10b/0x350 [ 979.696751][T18363] snapshot_open+0x230/0x2a0 [ 979.696794][T18363] ? __pfx_snapshot_open+0x10/0x10 [ 979.696846][T18363] misc_open+0x26d/0x450 [ 979.696894][T18363] ? __pfx_misc_open+0x10/0x10 [ 979.696941][T18363] chrdev_open+0x234/0x6a0 [ 979.696978][T18363] ? __pfx_apparmor_file_open+0x10/0x10 [ 979.697020][T18363] ? __pfx_chrdev_open+0x10/0x10 [ 979.697060][T18363] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 979.697126][T18363] do_dentry_open+0x6d8/0x1660 [ 979.697165][T18363] ? __pfx_chrdev_open+0x10/0x10 [ 979.697216][T18363] vfs_open+0x82/0x3f0 [ 979.697267][T18363] path_openat+0x208c/0x31a0 [ 979.697320][T18363] ? __pfx_path_openat+0x10/0x10 [ 979.697376][T18363] do_file_open+0x20e/0x430 [ 979.697420][T18363] ? __pfx_do_file_open+0x10/0x10 [ 979.697492][T18363] ? alloc_fd+0x476/0x790 [ 979.697535][T18363] ? do_getname+0x191/0x390 [ 979.697587][T18363] do_sys_openat2+0x10d/0x1e0 [ 979.697636][T18363] ? __pfx_do_sys_openat2+0x10/0x10 [ 979.697688][T18363] ? find_held_lock+0x2b/0x80 [ 979.697733][T18363] __x64_sys_openat+0x12d/0x210 [ 979.697785][T18363] ? __pfx___x64_sys_openat+0x10/0x10 [ 979.697862][T18363] do_syscall_64+0x106/0xf80 [ 979.697901][T18363] ? clear_bhb_loop+0x40/0x90 [ 979.697946][T18363] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 979.697984][T18363] RIP: 0033:0x7f4055b9c819 [ 979.698016][T18363] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 979.698052][T18363] RSP: 002b:00007f4056b16028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 979.698094][T18363] RAX: ffffffffffffffda RBX: 00007f4055e15fa0 RCX: 00007f4055b9c819 [ 979.698119][T18363] RDX: 0000000000008001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 979.698143][T18363] RBP: 00007f4055c32c91 R08: 0000000000000000 R09: 0000000000000000 [ 979.698167][T18363] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 979.698190][T18363] R13: 00007f4055e16038 R14: 00007f4055e15fa0 R15: 00007ffdd33a0b88 [ 979.698234][T18363] [ 980.038875][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 980.629413][T18367] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2860'. [ 980.681918][T18367] KVM: debugfs: duplicate directory 18367-3 [ 980.867580][T18372] FAULT_INJECTION: forcing a failure. [ 980.867580][T18372] name failslab, interval 1, probability 0, space 0, times 0 [ 981.106704][T18370] ima: policy update failed [ 981.123004][ T31] audit: type=1802 audit(4294967610.110:17): pid=18370 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.2859" res=0 errno=0 [ 981.168530][T18372] CPU: 0 UID: 0 PID: 18372 Comm: syz.1.2861 Tainted: G L syzkaller #0 PREEMPT(full) [ 981.168571][T18372] Tainted: [L]=SOFTLOCKUP [ 981.168581][T18372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 981.168597][T18372] Call Trace: [ 981.168605][T18372] [ 981.168615][T18372] dump_stack_lvl+0x100/0x190 [ 981.168660][T18372] should_fail_ex.cold+0x5/0xa [ 981.168696][T18372] should_failslab+0xc2/0x120 [ 981.168725][T18372] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 981.168766][T18372] ? do_getname+0x35/0x390 [ 981.168806][T18372] do_getname+0x35/0x390 [ 981.168842][T18372] do_sys_openat2+0xc5/0x1e0 [ 981.168878][T18372] ? __pfx_do_sys_openat2+0x10/0x10 [ 981.168916][T18372] ? find_held_lock+0x2b/0x80 [ 981.168942][T18372] ? __fget_files+0x215/0x3d0 [ 981.168974][T18372] __x64_sys_openat+0x12d/0x210 [ 981.169011][T18372] ? __pfx___x64_sys_openat+0x10/0x10 [ 981.169059][T18372] do_syscall_64+0x106/0xf80 [ 981.169129][T18372] ? clear_bhb_loop+0x40/0x90 [ 981.169161][T18372] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 981.169188][T18372] RIP: 0033:0x7f4055b9c819 [ 981.169208][T18372] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 981.169233][T18372] RSP: 002b:00007f4056b16028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 981.169257][T18372] RAX: ffffffffffffffda RBX: 00007f4055e15fa0 RCX: 00007f4055b9c819 [ 981.169274][T18372] RDX: 0000000000000000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 981.169290][T18372] RBP: 00007f4055c32c91 R08: 0000000000000000 R09: 0000000000000000 [ 981.169307][T18372] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 981.169323][T18372] R13: 00007f4055e16038 R14: 00007f4055e15fa0 R15: 00007ffdd33a0b88 [ 981.169354][T18372] [ 981.545508][T18369] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2859'. [ 981.690301][T18369] mac80211_hwsim hwsim27 ›: renamed from wlan0 (while UP) [ 981.880800][T18386] FAULT_INJECTION: forcing a failure. [ 981.880800][T18386] name failslab, interval 1, probability 0, space 0, times 0 [ 982.116647][T18386] CPU: 1 UID: 0 PID: 18386 Comm: syz.0.2864 Tainted: G L syzkaller #0 PREEMPT(full) [ 982.116700][T18386] Tainted: [L]=SOFTLOCKUP [ 982.116712][T18386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 982.116731][T18386] Call Trace: [ 982.116742][T18386] [ 982.116754][T18386] dump_stack_lvl+0x100/0x190 [ 982.116811][T18386] should_fail_ex.cold+0x5/0xa [ 982.116862][T18386] ? tomoyo_realpath_from_path+0xb6/0x690 [ 982.116911][T18386] should_failslab+0xc2/0x120 [ 982.116947][T18386] __kmalloc_noprof+0xe0/0x850 [ 982.117008][T18386] tomoyo_realpath_from_path+0xb6/0x690 [ 982.117070][T18386] tomoyo_check_open_permission+0x2af/0x3c0 [ 982.117115][T18386] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 982.117195][T18386] ? do_raw_spin_lock+0x128/0x260 [ 982.117252][T18386] ? path_get+0x61/0x80 [ 982.117297][T18386] tomoyo_file_open+0x6b/0x90 [ 982.117332][T18386] security_file_open+0xb5/0x1e0 [ 982.117378][T18386] do_dentry_open+0x5aa/0x1660 [ 982.117418][T18386] ? security_inode_permission+0xbf/0x250 [ 982.117466][T18386] vfs_open+0x82/0x3f0 [ 982.117515][T18386] path_openat+0x208c/0x31a0 [ 982.117567][T18386] ? __pfx_path_openat+0x10/0x10 [ 982.117621][T18386] do_file_open+0x20e/0x430 [ 982.117661][T18386] ? __pfx_do_file_open+0x10/0x10 [ 982.117728][T18386] ? alloc_fd+0x476/0x790 [ 982.117767][T18386] ? do_getname+0x191/0x390 [ 982.117816][T18386] do_sys_openat2+0x10d/0x1e0 [ 982.117874][T18386] ? __pfx_do_sys_openat2+0x10/0x10 [ 982.117924][T18386] ? blkcg_maybe_throttle_current+0x5df/0xeb0 [ 982.117992][T18386] __x64_sys_openat+0x12d/0x210 [ 982.118041][T18386] ? __pfx___x64_sys_openat+0x10/0x10 [ 982.118107][T18386] do_syscall_64+0x106/0xf80 [ 982.118142][T18386] ? clear_bhb_loop+0x40/0x90 [ 982.118185][T18386] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 982.118219][T18386] RIP: 0033:0x7f92c899c819 [ 982.118248][T18386] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 982.118280][T18386] RSP: 002b:00007f92c98e5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 982.118313][T18386] RAX: ffffffffffffffda RBX: 00007f92c8c16090 RCX: 00007f92c899c819 [ 982.118335][T18386] RDX: 0000000000109100 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 982.118359][T18386] RBP: 00007f92c8a32c91 R08: 0000000000000000 R09: 0000000000000000 [ 982.118380][T18386] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 982.118401][T18386] R13: 00007f92c8c16128 R14: 00007f92c8c16090 R15: 00007ffee9b60448 [ 982.118452][T18386] [ 982.118508][T18386] ERROR: Out of memory at tomoyo_realpath_from_path. [ 982.381578][T18399] netlink: 338 bytes leftover after parsing attributes in process `syz.2.2866'. [ 982.504849][T18403] KVM: debugfs: duplicate directory 18403-3 [ 984.953637][T18445] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2879'. [ 985.022879][T18449] KVM: debugfs: duplicate directory 18449-3 [ 986.417262][T16081] Bluetooth: hci3: command 0x0406 tx timeout [ 987.231722][T18483] nbd: illegal input index -1073741824 [ 987.241478][T18483] No such timeout policy "" [ 987.249952][T18483] netlink: Failed to associated timeout policy '' [ 988.348407][T18493] block2mtd: illegal erase size [ 988.499433][T18495] block2mtd: illegal erase size [ 988.912597][T18181] Bluetooth: hci0: unexpected event 0x1c length: 725 > 5 [ 990.433562][T18181] Bluetooth: hci4: unexpected event 0x1c length: 725 > 5 [ 990.643968][T18579] block2mtd: illegal erase size [ 991.061079][T18592] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2905'. [ 991.187313][T18592] KVM: debugfs: duplicate directory 18592-3 [ 991.547812][T18181] Bluetooth: hci0: unexpected event 0x1c length: 725 > 5 [ 991.701673][T18600] program syz.3.2906 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 992.082842][T18605] futex_wake_op: syz.0.2908 tries to shift op by -2048; fix this program [ 992.096299][T18620] nbd: illegal input index -1073741824 [ 992.127357][T18620] No such timeout policy "" [ 992.154558][T18620] netlink: Failed to associated timeout policy '' [ 992.494296][T18181] Bluetooth: hci0: unexpected event 0x1c length: 725 > 5 [ 993.037400][T18643] netlink: 338 bytes leftover after parsing attributes in process `syz.2.2916'. [ 993.232833][T18643] KVM: debugfs: duplicate directory 18643-3 [ 994.054829][T18181] Bluetooth: hci0: unexpected event 0x1c length: 725 > 5 [ 994.417959][T18681] random: crng reseeded on system resumption [ 994.748884][T18686] bond0: option ad_actor_sys_prio: mode dependency failed, not supported in mode balance-rr(0) [ 994.858866][T18686] block2mtd: device name too long [ 994.865027][T18688] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2931'. [ 994.947964][T18690] KVM: debugfs: duplicate directory 18690-3 [ 995.304335][T18702] FAULT_INJECTION: forcing a failure. [ 995.304335][T18702] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 995.418160][T18706] netlink: 'syz.2.2934': attribute type 1 has an invalid length. [ 995.515836][T18702] CPU: 0 UID: 0 PID: 18702 Comm: syz.3.2933 Tainted: G L syzkaller #0 PREEMPT(full) [ 995.515889][T18702] Tainted: [L]=SOFTLOCKUP [ 995.515901][T18702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 995.515922][T18702] Call Trace: [ 995.515934][T18702] [ 995.515948][T18702] dump_stack_lvl+0x100/0x190 [ 995.516011][T18702] should_fail_ex.cold+0x5/0xa [ 995.516048][T18702] ? prepare_alloc_pages+0x16d/0x5f0 [ 995.516098][T18702] should_fail_alloc_page+0xeb/0x140 [ 995.516143][T18702] prepare_alloc_pages+0x1f0/0x5f0 [ 995.516185][T18702] ? bpf_ksym_find+0x124/0x1c0 [ 995.516234][T18702] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 995.516301][T18702] ? __kernel_text_address+0xd/0x30 [ 995.516357][T18702] ? unwind_get_return_address+0x59/0xa0 [ 995.516398][T18702] ? arch_stack_walk+0xa6/0xf0 [ 995.516449][T18702] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 995.516508][T18702] ? stack_trace_save+0x8e/0xc0 [ 995.516727][T18702] ? __pfx_stack_trace_save+0x10/0x10 [ 995.516767][T18702] ? stack_depot_save_flags+0x27/0x9d0 [ 995.516829][T18702] ? kasan_save_stack+0x30/0x50 [ 995.516862][T18702] ? kasan_save_track+0x14/0x30 [ 995.516894][T18702] ? __kasan_slab_alloc+0x89/0x90 [ 995.516931][T18702] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 995.516999][T18702] ? __pmd_alloc+0xbf/0x950 [ 995.517039][T18702] ? __handle_mm_fault+0xa9e/0x2b60 [ 995.517094][T18702] ? handle_mm_fault+0x36d/0xa20 [ 995.517145][T18702] ? __get_user_pages+0xf9c/0x34d0 [ 995.517187][T18702] ? populate_vma_page_range+0x267/0x3f0 [ 995.517234][T18702] ? __mm_populate+0x107/0x3a0 [ 995.517274][T18702] ? vm_mmap_pgoff+0x37f/0x470 [ 995.517330][T18702] ? ksys_mmap_pgoff+0xe1/0x650 [ 995.517376][T18702] ? __x64_sys_mmap+0x125/0x190 [ 995.517432][T18702] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 995.517475][T18702] ? policy_nodemask+0xed/0x4f0 [ 995.517521][T18702] alloc_pages_mpol+0x1fb/0x550 [ 995.517573][T18702] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 995.517625][T18702] alloc_pages_noprof+0x136/0x390 [ 995.517668][T18702] pte_alloc_one+0x1c/0x3d0 [ 995.517710][T18702] __pte_alloc+0x6d/0x3e0 [ 995.517751][T18702] ? __pfx___pte_alloc+0x10/0x10 [ 995.517793][T18702] ? do_raw_spin_lock+0x128/0x260 [ 995.518023][T18702] ? find_held_lock+0x2b/0x80 [ 995.518062][T18702] do_anonymous_page+0x13cc/0x1fb0 [ 995.518120][T18702] ? do_raw_spin_unlock+0x145/0x1e0 [ 995.518175][T18702] ? _raw_spin_unlock+0x28/0x50 [ 995.518234][T18702] ? __pmd_alloc+0x3fb/0x950 [ 995.518286][T18702] __handle_mm_fault+0x1d48/0x2b60 [ 995.518346][T18702] ? mt_find+0x45e/0x8e0 [ 995.518389][T18702] ? __pfx___handle_mm_fault+0x10/0x10 [ 995.518438][T18702] ? __pfx_mt_find+0x10/0x10 [ 995.518511][T18702] handle_mm_fault+0x36d/0xa20 [ 995.518575][T18702] __get_user_pages+0xf9c/0x34d0 [ 995.518668][T18702] ? __pfx___get_user_pages+0x10/0x10 [ 995.518727][T18702] populate_vma_page_range+0x267/0x3f0 [ 995.518900][T18702] ? __pfx_populate_vma_page_range+0x10/0x10 [ 995.518949][T18702] ? __pfx_find_vma_intersection+0x10/0x10 [ 995.518993][T18702] ? do_mmap+0x93f/0x12f0 [ 995.519033][T18702] __mm_populate+0x107/0x3a0 [ 995.519096][T18702] ? __pfx___mm_populate+0x10/0x10 [ 995.519169][T18702] ? up_write+0x290/0x4f0 [ 995.519241][T18702] vm_mmap_pgoff+0x37f/0x470 [ 995.519291][T18702] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 995.519336][T18702] ? do_futex+0x192/0x350 [ 995.519385][T18702] ? __pfx_do_futex+0x10/0x10 [ 995.519439][T18702] ksys_mmap_pgoff+0xe1/0x650 [ 995.519495][T18702] ? __x64_sys_futex+0x34f/0x4d0 [ 995.519547][T18702] ? __x64_sys_futex+0x358/0x4d0 [ 995.519593][T18702] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 995.519724][T18702] ? xfd_validate_state+0x129/0x190 [ 995.519786][T18702] __x64_sys_mmap+0x125/0x190 [ 995.519845][T18702] do_syscall_64+0x106/0xf80 [ 995.519883][T18702] ? clear_bhb_loop+0x40/0x90 [ 995.519925][T18702] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 995.519964][T18702] RIP: 0033:0x7fd95c99c819 [ 995.519992][T18702] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 995.520027][T18702] RSP: 002b:00007fd95d7d8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 995.520061][T18702] RAX: ffffffffffffffda RBX: 00007fd95cc15fa0 RCX: 00007fd95c99c819 [ 995.520092][T18702] RDX: 00000000000000e2 RSI: 0000000000040009 RDI: 0000000000000000 [ 995.520114][T18702] RBP: 00007fd95ca32c91 R08: 0000000000000007 R09: 0000000000028000 [ 995.520137][T18702] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 995.520197][T18702] R13: 00007fd95cc16038 R14: 00007fd95cc15fa0 R15: 00007ffdaa2bca78 [ 995.520249][T18702] [ 996.372318][T18716] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2936'. [ 997.794323][T18731] block2mtd: illegal erase size [ 998.776914][T18739] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2943'. [ 998.806800][T18739] KVM: debugfs: duplicate directory 18739-3 [ 999.526271][T18758] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2947'. [ 999.701959][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 999.715076][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1001.775139][T16081] Bluetooth: hci1: command 0x0406 tx timeout [ 1002.468674][T18821] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2966'. [ 1004.122626][T18181] Bluetooth: hci1: unexpected event 0x1c length: 725 > 5 [ 1004.448487][T18878] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2982'. [ 1004.795071][ T31] audit: type=1800 audit(4294967633.740:18): pid=18887 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2987" name="dbroot" dev="configfs" ino=87116 res=0 errno=0 [ 1008.876369][T18961] FAULT_INJECTION: forcing a failure. [ 1008.876369][T18961] name failslab, interval 1, probability 0, space 0, times 0 [ 1008.908367][T18961] CPU: 1 UID: 0 PID: 18961 Comm: syz.3.3003 Tainted: G L syzkaller #0 PREEMPT(full) [ 1008.908416][T18961] Tainted: [L]=SOFTLOCKUP [ 1008.908427][T18961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1008.908444][T18961] Call Trace: [ 1008.908454][T18961] [ 1008.908466][T18961] dump_stack_lvl+0x100/0x190 [ 1008.908518][T18961] should_fail_ex.cold+0x5/0xa [ 1008.908553][T18961] ? sk_prot_alloc+0x10b/0x2a0 [ 1008.908587][T18961] should_failslab+0xc2/0x120 [ 1008.908621][T18961] __kmalloc_noprof+0xe0/0x850 [ 1008.908676][T18961] sk_prot_alloc+0x10b/0x2a0 [ 1008.908713][T18961] sk_alloc+0x36/0xe80 [ 1008.908770][T18961] __netlink_create+0x5e/0x2c0 [ 1008.908812][T18961] ? __wake_up+0x3f/0x60 [ 1008.908847][T18961] netlink_create+0x293/0x610 [ 1008.908892][T18961] ? __pfx_genl_bind+0x10/0x10 [ 1008.908923][T18961] ? __pfx_genl_unbind+0x10/0x10 [ 1008.908955][T18961] ? __pfx_genl_release+0x10/0x10 [ 1008.908996][T18961] __sock_create+0x339/0x860 [ 1008.909043][T18961] __sys_socket+0x14d/0x260 [ 1008.909099][T18961] ? __pfx___sys_socket+0x10/0x10 [ 1008.909157][T18961] __x64_sys_socket+0x72/0xb0 [ 1008.909197][T18961] ? lockdep_hardirqs_on+0x78/0x100 [ 1008.909230][T18961] do_syscall_64+0x106/0xf80 [ 1008.909259][T18961] ? clear_bhb_loop+0x40/0x90 [ 1008.909297][T18961] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1008.909330][T18961] RIP: 0033:0x7fd95c99c819 [ 1008.909356][T18961] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1008.909389][T18961] RSP: 002b:00007fd95d796028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 1008.909421][T18961] RAX: ffffffffffffffda RBX: 00007fd95cc16180 RCX: 00007fd95c99c819 [ 1008.909442][T18961] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 1008.909464][T18961] RBP: 00007fd95ca32c91 R08: 0000000000000000 R09: 0000000000000000 [ 1008.909486][T18961] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1008.909507][T18961] R13: 00007fd95cc16218 R14: 00007fd95cc16180 R15: 00007ffdaa2bca78 [ 1008.909550][T18961] [ 1009.278630][T18958] random: crng reseeded on system resumption [ 1009.601317][T18975] block2mtd: illegal erase size [ 1011.867589][T19009] FAULT_INJECTION: forcing a failure. [ 1011.867589][T19009] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1011.935556][T19009] CPU: 0 UID: 0 PID: 19009 Comm: syz.0.3013 Tainted: G L syzkaller #0 PREEMPT(full) [ 1011.935605][T19009] Tainted: [L]=SOFTLOCKUP [ 1011.935617][T19009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1011.935637][T19009] Call Trace: [ 1011.935648][T19009] [ 1011.935662][T19009] dump_stack_lvl+0x100/0x190 [ 1011.935720][T19009] should_fail_ex.cold+0x5/0xa [ 1011.935762][T19009] _copy_from_user+0x2e/0xd0 [ 1011.935808][T19009] copy_msghdr_from_user+0x9f/0x4f0 [ 1011.935857][T19009] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1011.935924][T19009] ___sys_sendmsg+0x106/0x1e0 [ 1011.935973][T19009] ? __pfx____sys_sendmsg+0x10/0x10 [ 1011.936075][T19009] __sys_sendmsg+0x170/0x220 [ 1011.936110][T19009] ? __pfx___sys_sendmsg+0x10/0x10 [ 1011.936171][T19009] do_syscall_64+0x106/0xf80 [ 1011.936207][T19009] ? clear_bhb_loop+0x40/0x90 [ 1011.936249][T19009] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1011.936284][T19009] RIP: 0033:0x7f92c899c819 [ 1011.936313][T19009] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1011.936346][T19009] RSP: 002b:00007f92c9906028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1011.936379][T19009] RAX: ffffffffffffffda RBX: 00007f92c8c15fa0 RCX: 00007f92c899c819 [ 1011.936403][T19009] RDX: 0000000000000020 RSI: 0000200000000040 RDI: 0000000000000003 [ 1011.936424][T19009] RBP: 00007f92c9906090 R08: 0000000000000000 R09: 0000000000000000 [ 1011.936446][T19009] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1011.936466][T19009] R13: 00007f92c8c16038 R14: 00007f92c8c15fa0 R15: 00007ffee9b60448 [ 1011.936509][T19009] [ 1012.652877][T19021] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3016'. [ 1014.310587][T19060] block2mtd: illegal erase size [ 1014.436544][T19059] random: crng reseeded on system resumption [ 1015.158961][T19067] FAULT_INJECTION: forcing a failure. [ 1015.158961][T19067] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1015.221290][T19067] CPU: 1 UID: 0 PID: 19067 Comm: syz.2.3027 Tainted: G L syzkaller #0 PREEMPT(full) [ 1015.221348][T19067] Tainted: [L]=SOFTLOCKUP [ 1015.221360][T19067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1015.221381][T19067] Call Trace: [ 1015.221394][T19067] [ 1015.221407][T19067] dump_stack_lvl+0x100/0x190 [ 1015.221465][T19067] should_fail_ex.cold+0x5/0xa [ 1015.221506][T19067] get_futex_key+0x1d2/0x1620 [ 1015.221555][T19067] ? __pfx_get_futex_key+0x10/0x10 [ 1015.221602][T19067] ? __do_sys_memfd_create+0x283/0x3d0 [ 1015.221655][T19067] ? kasan_save_stack+0x3f/0x50 [ 1015.221688][T19067] ? kasan_save_stack+0x30/0x50 [ 1015.221727][T19067] ? kasan_save_track+0x14/0x30 [ 1015.221761][T19067] ? kasan_save_free_info+0x3b/0x70 [ 1015.221810][T19067] ? __kasan_slab_free+0x5f/0x80 [ 1015.221851][T19067] futex_wake+0xea/0x530 [ 1015.221913][T19067] ? __pfx_futex_wake+0x10/0x10 [ 1015.221988][T19067] do_futex+0x32b/0x350 [ 1015.222037][T19067] ? __pfx_do_futex+0x10/0x10 [ 1015.222092][T19067] __x64_sys_futex+0x34f/0x4d0 [ 1015.222145][T19067] ? __pfx___x64_sys_futex+0x10/0x10 [ 1015.222192][T19067] ? kfree+0x1f6/0x6b0 [ 1015.222239][T19067] ? strncpy_from_user+0x19d/0x2d0 [ 1015.222297][T19067] do_syscall_64+0x106/0xf80 [ 1015.222334][T19067] ? clear_bhb_loop+0x40/0x90 [ 1015.222378][T19067] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1015.222416][T19067] RIP: 0033:0x7f70a2f9c819 [ 1015.222445][T19067] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1015.222480][T19067] RSP: 002b:00007f70a3e060e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1015.222543][T19067] RAX: ffffffffffffffda RBX: 00007f70a3215fa8 RCX: 00007f70a2f9c819 [ 1015.222568][T19067] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f70a3215fac [ 1015.222590][T19067] RBP: 00007f70a3215fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1015.222613][T19067] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 1015.222636][T19067] R13: 00007f70a3216038 R14: 00007ffd3b8cbbc0 R15: 00007ffd3b8cbca8 [ 1015.222681][T19067] [ 1015.406212][ T0] NOHZ tick-stop error: local softirq work is pending, handler #c0!!! [ 1015.465201][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 1015.536259][T19067] bridge0: port 3(bond0) entered blocking state [ 1015.544373][T19067] bridge0: port 3(bond0) entered disabled state [ 1015.667170][T19067] bond0: entered allmulticast mode [ 1015.705910][T19067] bond_slave_0: entered allmulticast mode [ 1015.735173][T19067] bond_slave_1: entered allmulticast mode [ 1015.766726][T19067] bond0: entered promiscuous mode [ 1015.772089][T19067] bond_slave_0: entered promiscuous mode [ 1015.779020][T19067] bond_slave_1: entered promiscuous mode [ 1015.818216][T19067] bridge0: port 3(bond0) entered blocking state [ 1015.826239][T19067] bridge0: port 3(bond0) entered forwarding state [ 1015.868752][T19073] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3031'. [ 1015.916695][T19070] FAULT_INJECTION: forcing a failure. [ 1015.916695][T19070] name failslab, interval 1, probability 0, space 0, times 0 [ 1015.978925][T18181] Bluetooth: hci4: unexpected event 0x3e length: 508 > 260 [ 1015.978982][T18181] Bluetooth: hci4: unexpected subevent 0x02 length: 507 > 260 [ 1016.007217][T18181] Bluetooth: hci4: Dropping invalid advertising data [ 1016.018995][T18181] Bluetooth: hci4: unknown advertising packet type: 0xe9 [ 1016.019050][T18181] Bluetooth: hci4: Dropping invalid advertising data [ 1016.040551][T18181] Bluetooth: hci4: Malformed LE Event: 0x02 [ 1016.048115][T19070] CPU: 0 UID: 0 PID: 19070 Comm: syz.1.3029 Tainted: G L syzkaller #0 PREEMPT(full) [ 1016.048168][T19070] Tainted: [L]=SOFTLOCKUP [ 1016.048181][T19070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1016.048201][T19070] Call Trace: [ 1016.048212][T19070] [ 1016.048225][T19070] dump_stack_lvl+0x100/0x190 [ 1016.048281][T19070] should_fail_ex.cold+0x5/0xa [ 1016.048335][T19070] should_failslab+0xc2/0x120 [ 1016.048531][T19070] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1016.048592][T19070] ? snd_seq_port_connect+0x61/0x560 [ 1016.048633][T19070] ? snd_seq_port_use_ptr+0x14d/0x1b0 [ 1016.048670][T19070] ? snd_seq_port_use_ptr+0x14d/0x1b0 [ 1016.048716][T19070] snd_seq_port_connect+0x61/0x560 [ 1016.048758][T19070] ? _raw_read_unlock+0x28/0x50 [ 1016.048794][T19070] ? check_subscription_permission.isra.0+0x146/0x240 [ 1016.048845][T19070] snd_seq_ioctl_subscribe_port+0x219/0x490 [ 1016.048899][T19070] ? __pfx_snd_seq_ioctl_subscribe_port+0x10/0x10 [ 1016.048972][T19070] call_seq_client_ctl+0xa3/0x130 [ 1016.049016][T19070] snd_seq_kernel_client_ctl+0x77/0xd0 [ 1016.049068][T19070] snd_seq_oss_midi_open+0x5ad/0x6b0 [ 1016.049129][T19070] ? __pfx_snd_seq_oss_midi_open+0x10/0x10 [ 1016.049185][T19070] ? find_held_lock+0x2b/0x80 [ 1016.049241][T19070] ? lockdep_hardirqs_on+0x78/0x100 [ 1016.049279][T19070] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1016.049340][T19070] ? get_mididev+0x115/0x160 [ 1016.049396][T19070] snd_seq_oss_synth_setup_midi+0x131/0x590 [ 1016.049472][T19070] snd_seq_oss_open+0x82e/0xa10 [ 1016.049525][T19070] odev_open+0x79/0xc0 [ 1016.049562][T19070] ? __pfx_odev_open+0x10/0x10 [ 1016.049613][T19070] soundcore_open+0x2e3/0x5a0 [ 1016.049662][T19070] ? __pfx_soundcore_open+0x10/0x10 [ 1016.049704][T19070] chrdev_open+0x234/0x6a0 [ 1016.049743][T19070] ? __pfx_apparmor_file_open+0x10/0x10 [ 1016.049782][T19070] ? __pfx_chrdev_open+0x10/0x10 [ 1016.049823][T19070] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1016.049872][T19070] do_dentry_open+0x6d8/0x1660 [ 1016.049908][T19070] ? __pfx_chrdev_open+0x10/0x10 [ 1016.049956][T19070] vfs_open+0x82/0x3f0 [ 1016.050009][T19070] path_openat+0x208c/0x31a0 [ 1016.050063][T19070] ? __pfx_path_openat+0x10/0x10 [ 1016.050115][T19070] do_file_open+0x20e/0x430 [ 1016.050156][T19070] ? __pfx_do_file_open+0x10/0x10 [ 1016.050226][T19070] ? alloc_fd+0x476/0x790 [ 1016.050267][T19070] ? do_getname+0x191/0x390 [ 1016.050319][T19070] do_sys_openat2+0x10d/0x1e0 [ 1016.050368][T19070] ? __pfx_do_sys_openat2+0x10/0x10 [ 1016.050430][T19070] ? __fget_files+0x21f/0x3d0 [ 1016.050473][T19070] __x64_sys_openat+0x12d/0x210 [ 1016.050523][T19070] ? __pfx___x64_sys_openat+0x10/0x10 [ 1016.050588][T19070] do_syscall_64+0x106/0xf80 [ 1016.050626][T19070] ? clear_bhb_loop+0x40/0x90 [ 1016.050670][T19070] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1016.050705][T19070] RIP: 0033:0x7f4055b9c819 [ 1016.050734][T19070] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1016.050767][T19070] RSP: 002b:00007f4056b16028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1016.050799][T19070] RAX: ffffffffffffffda RBX: 00007f4055e15fa0 RCX: 00007f4055b9c819 [ 1016.050822][T19070] RDX: 0000000000060002 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1016.050843][T19070] RBP: 00007f4055c32c91 R08: 0000000000000000 R09: 0000000000000000 [ 1016.050863][T19070] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1016.050883][T19070] R13: 00007f4055e16038 R14: 00007f4055e15fa0 R15: 00007ffdd33a0b88 [ 1016.050927][T19070] [ 1017.034649][T19097] random: crng reseeded on system resumption [ 1017.597482][T19112] netlink: 338 bytes leftover after parsing attributes in process `syz.0.3041'. [ 1017.805822][T19116] KVM: debugfs: duplicate directory 19116-3 [ 1018.642241][T19135] block2mtd: illegal erase size [ 1019.798203][T19142] smc: net device dummy0 erased user defined pnetid DUMMY0 [ 1020.288040][T19149] netlink: 338 bytes leftover after parsing attributes in process `syz.3.3047'. [ 1020.502613][T19149] KVM: debugfs: duplicate directory 19149-3 [ 1020.828195][T19157] smc: net device dummy0 applied user defined pnetid DUMMY0 [ 1021.629882][T12837] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1023.376619][T19200] netlink: 338 bytes leftover after parsing attributes in process `syz.2.3060'. [ 1023.414388][T19200] KVM: debugfs: duplicate directory 19200-3 [ 1023.773443][T19205] smc: net device dummy0 applied user defined pnetid DUMMY0 [ 1025.279749][T19234] netlink: 330 bytes leftover after parsing attributes in process `syz.2.3068'. [ 1025.303938][T19236] netlink: 330 bytes leftover after parsing attributes in process `syz.2.3068'. [ 1025.386160][T19236] netlink: 330 bytes leftover after parsing attributes in process `syz.2.3068'. [ 1025.415688][T19236] netlink: 330 bytes leftover after parsing attributes in process `syz.2.3068'. [ 1025.455822][T19236] netlink: 330 bytes leftover after parsing attributes in process `syz.2.3068'. [ 1025.846835][T19244] netlink: 338 bytes leftover after parsing attributes in process `syz.0.3070'. [ 1025.945909][T19244] KVM: debugfs: duplicate directory 19244-3 [ 1026.863242][T19271] FAULT_INJECTION: forcing a failure. [ 1026.863242][T19271] name failslab, interval 1, probability 0, space 0, times 0 [ 1026.877746][T19271] CPU: 1 UID: 0 PID: 19271 Comm: syz.2.3077 Tainted: G L syzkaller #0 PREEMPT(full) [ 1026.877796][T19271] Tainted: [L]=SOFTLOCKUP [ 1026.877806][T19271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1026.877826][T19271] Call Trace: [ 1026.877838][T19271] [ 1026.877850][T19271] dump_stack_lvl+0x100/0x190 [ 1026.877909][T19271] should_fail_ex.cold+0x5/0xa [ 1026.877943][T19271] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1026.877983][T19271] should_failslab+0xc2/0x120 [ 1026.878021][T19271] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1026.878076][T19271] ? skb_clone+0x190/0x400 [ 1026.878116][T19271] skb_clone+0x190/0x400 [ 1026.878151][T19271] dev_queue_xmit_nit+0x255/0xa60 [ 1026.878198][T19271] dev_hard_start_xmit+0x2f5/0x7d0 [ 1026.878254][T19271] __dev_queue_xmit+0x32c1/0x4800 [ 1026.878317][T19271] ? __pfx___dev_queue_xmit+0x10/0x10 [ 1026.878397][T19271] ? rcu_is_watching+0x12/0xc0 [ 1026.878454][T19271] ? __asan_memcpy+0x3c/0x60 [ 1026.878506][T19271] ? __asan_memcpy+0x3c/0x60 [ 1026.878556][T19271] ? __skb_clone+0x570/0x760 [ 1026.878615][T19271] netlink_deliver_tap+0xa4d/0xcc0 [ 1026.878659][T19271] netlink_unicast+0x650/0x870 [ 1026.878703][T19271] ? __pfx_netlink_unicast+0x10/0x10 [ 1026.878756][T19271] netlink_sendmsg+0x8b0/0xda0 [ 1026.878808][T19271] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1026.878838][T19271] ? __import_iovec+0x1d2/0x640 [ 1026.878881][T19271] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 1026.878918][T19271] ____sys_sendmsg+0x9e1/0xb70 [ 1026.878953][T19271] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1026.878988][T19271] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1026.879042][T19271] ___sys_sendmsg+0x190/0x1e0 [ 1026.879083][T19271] ? __pfx____sys_sendmsg+0x10/0x10 [ 1026.879167][T19271] __sys_sendmsg+0x170/0x220 [ 1026.879197][T19271] ? __pfx___sys_sendmsg+0x10/0x10 [ 1026.879249][T19271] do_syscall_64+0x106/0xf80 [ 1026.879280][T19271] ? clear_bhb_loop+0x40/0x90 [ 1026.879322][T19271] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1026.879357][T19271] RIP: 0033:0x7f70a2f9c819 [ 1026.879392][T19271] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1026.879421][T19271] RSP: 002b:00007f70a3e06028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1026.879449][T19271] RAX: ffffffffffffffda RBX: 00007f70a3215fa0 RCX: 00007f70a2f9c819 [ 1026.879468][T19271] RDX: 0000000000000080 RSI: 0000200000000180 RDI: 0000000000000006 [ 1026.879487][T19271] RBP: 00007f70a3e06090 R08: 0000000000000000 R09: 0000000000000000 [ 1026.879505][T19271] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1026.879522][T19271] R13: 00007f70a3216038 R14: 00007f70a3215fa0 R15: 00007ffd3b8cbca8 [ 1026.879560][T19271] [ 1027.184888][T19271] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3077'. [ 1027.535220][T16081] Bluetooth: hci0: command 0x0406 tx timeout [ 1027.560494][T19275] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3078'. [ 1027.684672][T19263] mkiss: ax0: crc mode is auto. [ 1028.979953][T19297] netlink: 338 bytes leftover after parsing attributes in process `syz.2.3084'. [ 1029.241700][T19302] FAULT_INJECTION: forcing a failure. [ 1029.241700][T19302] name failslab, interval 1, probability 0, space 0, times 0 [ 1029.297066][T19302] CPU: 0 UID: 0 PID: 19302 Comm: syz.2.3085 Tainted: G L syzkaller #0 PREEMPT(full) [ 1029.297119][T19302] Tainted: [L]=SOFTLOCKUP [ 1029.297132][T19302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1029.297333][T19302] Call Trace: [ 1029.297485][T19302] [ 1029.297501][T19302] dump_stack_lvl+0x100/0x190 [ 1029.297561][T19302] should_fail_ex.cold+0x5/0xa [ 1029.297604][T19302] should_failslab+0xc2/0x120 [ 1029.297643][T19302] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 1029.297700][T19302] ? dlmfs_alloc_inode+0x25/0x50 [ 1029.297746][T19302] ? __pfx_dlmfs_alloc_inode+0x10/0x10 [ 1029.297787][T19302] ? __pfx_dlmfs_fill_super+0x10/0x10 [ 1029.297830][T19302] dlmfs_alloc_inode+0x25/0x50 [ 1029.297870][T19302] alloc_inode+0x68/0x250 [ 1029.297919][T19302] new_inode+0x22/0x1c0 [ 1029.297969][T19302] ? __pfx_dlmfs_fill_super+0x10/0x10 [ 1029.298016][T19302] dlmfs_fill_super+0xeb/0x260 [ 1029.298061][T19302] get_tree_nodev+0xdd/0x190 [ 1029.298097][T19302] vfs_get_tree+0x92/0x320 [ 1029.298143][T19302] vfs_cmd_create+0xd7/0x2a0 [ 1029.298185][T19302] __do_sys_fsconfig+0x55a/0xcb0 [ 1029.298227][T19302] ? __pfx___do_sys_fsconfig+0x10/0x10 [ 1029.298395][T19302] ? fput+0x79/0x100 [ 1029.298457][T19302] do_syscall_64+0x106/0xf80 [ 1029.298494][T19302] ? clear_bhb_loop+0x40/0x90 [ 1029.298538][T19302] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1029.298573][T19302] RIP: 0033:0x7f70a2f9c819 [ 1029.298602][T19302] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1029.298635][T19302] RSP: 002b:00007f70a3de5028 EFLAGS: 00000246 ORIG_RAX: 00000000000001af [ 1029.298668][T19302] RAX: ffffffffffffffda RBX: 00007f70a3216090 RCX: 00007f70a2f9c819 [ 1029.298690][T19302] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000004 [ 1029.298710][T19302] RBP: 00007f70a3de5090 R08: 0000000000000000 R09: 0000000000000000 [ 1029.298731][T19302] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1029.298751][T19302] R13: 00007f70a3216128 R14: 00007f70a3216090 R15: 00007ffd3b8cbca8 [ 1029.298797][T19302] [ 1029.897367][T19310] block2mtd: illegal erase size [ 1030.366062][T19315] FAULT_INJECTION: forcing a failure. [ 1030.366062][T19315] name failslab, interval 1, probability 0, space 0, times 0 [ 1030.405319][T19315] CPU: 1 UID: 0 PID: 19315 Comm: syz.0.3089 Tainted: G L syzkaller #0 PREEMPT(full) [ 1030.405378][T19315] Tainted: [L]=SOFTLOCKUP [ 1030.405392][T19315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1030.405414][T19315] Call Trace: [ 1030.405426][T19315] [ 1030.405440][T19315] dump_stack_lvl+0x100/0x190 [ 1030.405514][T19315] should_fail_ex.cold+0x5/0xa [ 1030.405559][T19315] should_failslab+0xc2/0x120 [ 1030.405608][T19315] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1030.405666][T19315] ? __kernfs_new_node+0xd2/0x960 [ 1030.405729][T19315] __kernfs_new_node+0xd2/0x960 [ 1030.405789][T19315] ? __pfx___kernfs_new_node+0x10/0x10 [ 1030.405855][T19315] ? find_held_lock+0x2b/0x80 [ 1030.405891][T19315] ? kernfs_root+0xee/0x2a0 [ 1030.405943][T19315] ? kernfs_root+0xee/0x2a0 [ 1030.406007][T19315] kernfs_new_node+0x11b/0x1a0 [ 1030.406050][T19315] __kernfs_create_file+0x53/0x350 [ 1030.406126][T19315] sysfs_add_file_mode_ns+0x207/0x3c0 [ 1030.406190][T19315] internal_create_group+0x593/0xf40 [ 1030.406266][T19315] ? __pfx_internal_create_group+0x10/0x10 [ 1030.406331][T19315] ? kernfs_create_link+0x1bd/0x240 [ 1030.406383][T19315] internal_create_groups+0x9d/0x150 [ 1030.406443][T19315] device_add+0x77a/0x1950 [ 1030.406497][T19315] ? __pfx_device_add+0x10/0x10 [ 1030.406542][T19315] ? __pfx___might_resched+0x10/0x10 [ 1030.406597][T19315] ? lockdep_hardirqs_on+0x78/0x100 [ 1030.406651][T19315] __add_disk+0x518/0xe40 [ 1030.406716][T19315] add_disk_fwnode+0x118/0x5c0 [ 1030.406762][T19315] loop_add+0x90b/0xb60 [ 1030.406828][T19315] ? __pfx_loop_add+0x10/0x10 [ 1030.406912][T19315] ? find_held_lock+0x2b/0x80 [ 1030.406947][T19315] ? __fget_files+0x215/0x3d0 [ 1030.406989][T19315] loop_control_ioctl+0xae/0x620 [ 1030.407047][T19315] ? __pfx_loop_control_ioctl+0x10/0x10 [ 1030.407109][T19315] ? __pfx_loop_control_ioctl+0x10/0x10 [ 1030.407166][T19315] __x64_sys_ioctl+0x18e/0x210 [ 1030.407223][T19315] do_syscall_64+0x106/0xf80 [ 1030.407268][T19315] ? clear_bhb_loop+0x40/0x90 [ 1030.407337][T19315] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1030.407374][T19315] RIP: 0033:0x7f92c899c819 [ 1030.407405][T19315] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1030.407451][T19315] RSP: 002b:00007f92c9906028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1030.407487][T19315] RAX: ffffffffffffffda RBX: 00007f92c8c15fa0 RCX: 00007f92c899c819 [ 1030.407512][T19315] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000009 [ 1030.407534][T19315] RBP: 00007f92c8a32c91 R08: 0000000000000000 R09: 0000000000000000 [ 1030.407555][T19315] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1030.407576][T19315] R13: 00007f92c8c16038 R14: 00007f92c8c15fa0 R15: 00007ffee9b60448 [ 1030.407620][T19315] [ 1031.305877][T19330] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3092'. [ 1031.516649][T19330] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3092'. [ 1031.609911][T19335] dyndbg: expected <4096 bytes into control [ 1031.996305][T19339] netlink: 338 bytes leftover after parsing attributes in process `syz.0.3094'. [ 1032.130470][T19339] KVM: debugfs: duplicate directory 19339-3 [ 1032.191919][T18181] Bluetooth: hci3: unexpected event 0x1c length: 725 > 5 [ 1032.518505][T19342] netlink: 338 bytes leftover after parsing attributes in process `syz.2.3095'. [ 1032.706583][T19354] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3099'. [ 1032.729442][T19342] KVM: debugfs: duplicate directory 19342-3 [ 1033.031366][T19359] No such timeout policy "" [ 1033.046370][T19359] netlink: Failed to associated timeout policy '' [ 1037.666992][T19448] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3120'. [ 1037.788314][T19438] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3117'. [ 1037.855164][T18181] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 1038.306590][T19457] smpboot: CPU 1 is now offline [ 1038.433304][T19466] random: crng reseeded on system resumption [ 1038.481260][T19466] FAULT_INJECTION: forcing a failure. [ 1038.481260][T19466] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1038.534393][T19466] CPU: 0 UID: 0 PID: 19466 Comm: syz.2.3125 Tainted: G L syzkaller #0 PREEMPT(full) [ 1038.534436][T19466] Tainted: [L]=SOFTLOCKUP [ 1038.534446][T19466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1038.534461][T19466] Call Trace: [ 1038.534470][T19466] [ 1038.534481][T19466] dump_stack_lvl+0x100/0x190 [ 1038.534526][T19466] should_fail_ex.cold+0x5/0xa [ 1038.534552][T19466] ? prepare_alloc_pages+0x16d/0x5f0 [ 1038.534586][T19466] should_fail_alloc_page+0xeb/0x140 [ 1038.534617][T19466] prepare_alloc_pages+0x1f0/0x5f0 [ 1038.534654][T19466] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 1038.534699][T19466] ? __alloc_frozen_pages_noprof+0x2b1/0x2ba0 [ 1038.534750][T19466] ? stack_trace_save+0x8e/0xc0 [ 1038.534778][T19466] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1038.534820][T19466] ? stack_depot_save_flags+0x27/0x9d0 [ 1038.534857][T19466] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1038.534910][T19466] ? kasan_save_stack+0x3f/0x50 [ 1038.534936][T19466] ? kasan_save_stack+0x30/0x50 [ 1038.534959][T19466] ? kasan_save_track+0x14/0x30 [ 1038.534988][T19466] ? do_sys_openat2+0x10d/0x1e0 [ 1038.535023][T19466] ? __x64_sys_openat+0x12d/0x210 [ 1038.535058][T19466] ? do_syscall_64+0x106/0xf80 [ 1038.535085][T19466] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1038.535113][T19466] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1038.535142][T19466] ? policy_nodemask+0xed/0x4f0 [ 1038.535173][T19466] alloc_pages_mpol+0x1fb/0x550 [ 1038.535219][T19466] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1038.535253][T19466] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1038.535287][T19466] alloc_pages_noprof+0x136/0x390 [ 1038.535317][T19466] get_zeroed_page_noprof+0x18/0xb0 [ 1038.535348][T19466] get_image_page+0x18/0x1a0 [ 1038.535374][T19466] alloc_rtree_node+0x3c/0xb0 [ 1038.535399][T19466] memory_bm_create+0x65e/0xba0 [ 1038.535437][T19466] create_basic_memory_bitmaps+0x10b/0x350 [ 1038.535470][T19466] snapshot_open+0x230/0x2a0 [ 1038.535501][T19466] ? __pfx_snapshot_open+0x10/0x10 [ 1038.535533][T19466] misc_open+0x26d/0x450 [ 1038.535568][T19466] ? __pfx_misc_open+0x10/0x10 [ 1038.535601][T19466] chrdev_open+0x234/0x6a0 [ 1038.535628][T19466] ? __pfx_apparmor_file_open+0x10/0x10 [ 1038.535657][T19466] ? __pfx_chrdev_open+0x10/0x10 [ 1038.535687][T19466] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1038.535723][T19466] do_dentry_open+0x6d8/0x1660 [ 1038.535750][T19466] ? __pfx_chrdev_open+0x10/0x10 [ 1038.535785][T19466] vfs_open+0x82/0x3f0 [ 1038.535823][T19466] path_openat+0x208c/0x31a0 [ 1038.535871][T19466] ? __pfx_path_openat+0x10/0x10 [ 1038.535911][T19466] do_file_open+0x20e/0x430 [ 1038.535941][T19466] ? __pfx_do_file_open+0x10/0x10 [ 1038.535991][T19466] ? alloc_fd+0x476/0x790 [ 1038.536021][T19466] ? do_getname+0x191/0x390 [ 1038.536057][T19466] do_sys_openat2+0x10d/0x1e0 [ 1038.536094][T19466] ? __pfx_do_sys_openat2+0x10/0x10 [ 1038.536192][T19466] __x64_sys_openat+0x12d/0x210 [ 1038.536231][T19466] ? __pfx___x64_sys_openat+0x10/0x10 [ 1038.536280][T19466] do_syscall_64+0x106/0xf80 [ 1038.536306][T19466] ? clear_bhb_loop+0x40/0x90 [ 1038.536338][T19466] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1038.536378][T19466] RIP: 0033:0x7f70a2f9c819 [ 1038.536400][T19466] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1038.536425][T19466] RSP: 002b:00007f70a3e06028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1038.536453][T19466] RAX: ffffffffffffffda RBX: 00007f70a3215fa0 RCX: 00007f70a2f9c819 [ 1038.536476][T19466] RDX: 0000000000008001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1038.536499][T19466] RBP: 00007f70a3032c91 R08: 0000000000000000 R09: 0000000000000000 [ 1038.536520][T19466] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1038.536535][T19466] R13: 00007f70a3216038 R14: 00007f70a3215fa0 R15: 00007ffd3b8cbca8 [ 1038.536596][T19466] [ 1038.965275][T19468] netlink: 186 bytes leftover after parsing attributes in process `syz.3.3124'. [ 1039.349047][T19471] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1039.544178][T19471] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1039.679569][T19471] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1039.888845][T19471] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1040.059989][T19488] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3130'. [ 1040.263060][T19471] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1042.294367][T19523] FAULT_INJECTION: forcing a failure. [ 1042.294367][T19523] name failslab, interval 1, probability 0, space 0, times 0 [ 1042.336895][T19523] CPU: 0 UID: 0 PID: 19523 Comm: syz.1.3136 Tainted: G L syzkaller #0 PREEMPT(full) [ 1042.336935][T19523] Tainted: [L]=SOFTLOCKUP [ 1042.336944][T19523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1042.336959][T19523] Call Trace: [ 1042.336967][T19523] [ 1042.336978][T19523] dump_stack_lvl+0x100/0x190 [ 1042.337021][T19523] should_fail_ex.cold+0x5/0xa [ 1042.337053][T19523] should_failslab+0xc2/0x120 [ 1042.337081][T19523] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 1042.337121][T19523] ? __d_alloc+0x34/0xa80 [ 1042.337147][T19523] ? __pfx_from_vfsgid+0x10/0x10 [ 1042.337187][T19523] ? __pfx_dlmfs_fill_super+0x10/0x10 [ 1042.337218][T19523] __d_alloc+0x34/0xa80 [ 1042.337248][T19523] ? __pfx_dlmfs_fill_super+0x10/0x10 [ 1042.337278][T19523] d_make_root+0x3e/0x90 [ 1042.337308][T19523] dlmfs_fill_super+0x1ad/0x260 [ 1042.337347][T19523] get_tree_nodev+0xdd/0x190 [ 1042.337372][T19523] vfs_get_tree+0x92/0x320 [ 1042.337407][T19523] vfs_cmd_create+0xd7/0x2a0 [ 1042.337441][T19523] __do_sys_fsconfig+0x55a/0xcb0 [ 1042.337476][T19523] ? __pfx___do_sys_fsconfig+0x10/0x10 [ 1042.337508][T19523] ? fput+0x79/0x100 [ 1042.337548][T19523] do_syscall_64+0x106/0xf80 [ 1042.337574][T19523] ? clear_bhb_loop+0x40/0x90 [ 1042.337604][T19523] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1042.337629][T19523] RIP: 0033:0x7f4055b9c819 [ 1042.337649][T19523] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1042.337672][T19523] RSP: 002b:00007f4056af5028 EFLAGS: 00000246 ORIG_RAX: 00000000000001af [ 1042.337695][T19523] RAX: ffffffffffffffda RBX: 00007f4055e16090 RCX: 00007f4055b9c819 [ 1042.337712][T19523] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000004 [ 1042.337726][T19523] RBP: 00007f4056af5090 R08: 0000000000000000 R09: 0000000000000000 [ 1042.337741][T19523] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1042.337756][T19523] R13: 00007f4055e16128 R14: 00007f4055e16090 R15: 00007ffdd33a0b88 [ 1042.337793][T19523] [ 1045.557148][T19541] smc: net device dummy0 erased user defined pnetid DUMMY0 [ 1045.741078][T19543] FAULT_INJECTION: forcing a failure. [ 1045.741078][T19543] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1045.791151][T19543] CPU: 0 UID: 0 PID: 19543 Comm: syz.2.3141 Tainted: G L syzkaller #0 PREEMPT(full) [ 1045.791190][T19543] Tainted: [L]=SOFTLOCKUP [ 1045.791198][T19543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1045.791214][T19543] Call Trace: [ 1045.791223][T19543] [ 1045.791233][T19543] dump_stack_lvl+0x100/0x190 [ 1045.791277][T19543] should_fail_ex.cold+0x5/0xa [ 1045.791306][T19543] _copy_to_user+0x32/0xd0 [ 1045.791341][T19543] simple_read_from_buffer+0xcb/0x170 [ 1045.791382][T19543] proc_fail_nth_read+0x1af/0x230 [ 1045.791415][T19543] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1045.791448][T19543] ? rw_verify_area+0xce/0x6d0 [ 1045.791485][T19543] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1045.791516][T19543] vfs_read+0x1e4/0xb30 [ 1045.791543][T19543] ? __pfx_vfs_read+0x10/0x10 [ 1045.791574][T19543] ? __fget_files+0x215/0x3d0 [ 1045.791605][T19543] ? __fget_files+0x21f/0x3d0 [ 1045.791637][T19543] ksys_read+0x12a/0x250 [ 1045.791660][T19543] ? __pfx_ksys_read+0x10/0x10 [ 1045.791692][T19543] do_syscall_64+0x106/0xf80 [ 1045.791717][T19543] ? clear_bhb_loop+0x40/0x90 [ 1045.791747][T19543] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1045.791771][T19543] RIP: 0033:0x7f70a2f5d04e [ 1045.791791][T19543] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1045.791815][T19543] RSP: 002b:00007f70a3e05fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1045.791837][T19543] RAX: ffffffffffffffda RBX: 00007f70a3e066c0 RCX: 00007f70a2f5d04e [ 1045.791854][T19543] RDX: 000000000000000f RSI: 00007f70a3e060a0 RDI: 0000000000000005 [ 1045.791869][T19543] RBP: 00007f70a3e06090 R08: 0000000000000000 R09: 0000000000000000 [ 1045.791883][T19543] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1045.791897][T19543] R13: 00007f70a3216038 R14: 00007f70a3215fa0 R15: 00007ffd3b8cbca8 [ 1045.791928][T19543] [ 1046.131004][T19549] smc: net device dummy0 applied user defined pnetid DUMMY0 [ 1046.190324][T19551] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3145'. [ 1046.309897][ T31] audit: type=1107 audit(4294967675.300:19): pid=19552 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1046.357802][ T31] audit: type=1107 audit(4294967675.320:20): pid=19552 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1046.511686][T19553] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1046.533527][T19553] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 1046.591618][T19553] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1046.625421][T19553] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 1046.726854][T19553] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1046.767849][T19553] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1046.844490][T19565] netlink: 338 bytes leftover after parsing attributes in process `syz.2.3148'. [ 1046.898811][T19553] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1046.935604][T19553] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1046.997706][T19563] KVM: debugfs: duplicate directory 19563-3 [ 1047.941535][T19584] netlink: 338 bytes leftover after parsing attributes in process `syz.2.3155'. [ 1048.006573][T19584] KVM: debugfs: duplicate directory 19584-3 [ 1048.316787][T19588] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3157'. [ 1048.345311][T19588] mac80211_hwsim hwsim21 wlan1: entered promiscuous mode [ 1048.363068][T19588] mac80211_hwsim hwsim21 wlan1: entered allmulticast mode [ 1048.416637][T18181] Bluetooth: hci4: command 0x0406 tx timeout [ 1048.655330][T18181] Bluetooth: hci3: command 0x0406 tx timeout [ 1048.735393][T18181] Bluetooth: hci1: command 0x0406 tx timeout [ 1048.975345][T18181] Bluetooth: hci0: command 0x0406 tx timeout [ 1049.207686][T19605] aoe: invalid device specification [ 1050.495651][T18181] Bluetooth: hci4: command 0x0406 tx timeout [ 1050.736468][T18181] Bluetooth: hci3: command 0x0406 tx timeout [ 1050.794169][T19633] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3170'. [ 1050.818336][T18181] Bluetooth: hci1: command 0x0406 tx timeout [ 1051.059026][T18181] Bluetooth: hci0: command 0x0406 tx timeout [ 1051.224185][T19641] netlink: 338 bytes leftover after parsing attributes in process `syz.2.3174'. [ 1051.267972][T19639] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3173'. [ 1051.281715][T19641] KVM: debugfs: duplicate directory 19641-3 [ 1051.340844][T19639] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3173'. [ 1051.772011][T19653] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3178'. [ 1051.790579][T19651] ovs_: entered promiscuous mode [ 1052.214435][T19663] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3181'. [ 1052.365487][T19665] netlink: 338 bytes leftover after parsing attributes in process `syz.2.3182'. [ 1052.416313][T19665] KVM: debugfs: duplicate directory 19665-3 [ 1053.412039][T19685] FAULT_INJECTION: forcing a failure. [ 1053.412039][T19685] name failslab, interval 1, probability 0, space 0, times 0 [ 1053.430580][T19685] CPU: 0 UID: 0 PID: 19685 Comm: syz.2.3188 Tainted: G L syzkaller #0 PREEMPT(full) [ 1053.430621][T19685] Tainted: [L]=SOFTLOCKUP [ 1053.430631][T19685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1053.430646][T19685] Call Trace: [ 1053.430655][T19685] [ 1053.430672][T19685] dump_stack_lvl+0x100/0x190 [ 1053.430721][T19685] should_fail_ex.cold+0x5/0xa [ 1053.430752][T19685] should_failslab+0xc2/0x120 [ 1053.430896][T19685] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1053.430958][T19685] ? sctp_endpoint_new+0xfc/0xb20 [ 1053.430988][T19685] ? __debug_object_init+0x2de/0x3d0 [ 1053.431024][T19685] sctp_endpoint_new+0xfc/0xb20 [ 1053.431061][T19685] ? __pfx_sctp_endpoint_new+0x10/0x10 [ 1053.431095][T19685] ? lockdep_init_map_type+0x5c/0x250 [ 1053.431134][T19685] ? lockdep_init_map_type+0x5c/0x250 [ 1053.431169][T19685] ? lockdep_init_map_type+0x5c/0x250 [ 1053.431209][T19685] sctp_init_sock+0xe2b/0x1300 [ 1053.431236][T19685] ? __pfx_sctp_v6_init_sock+0x10/0x10 [ 1053.431264][T19685] sctp_v6_init_sock+0x16/0x70 [ 1053.431290][T19685] ? __pfx_sctp_v6_init_sock+0x10/0x10 [ 1053.431318][T19685] inet6_create+0xb21/0x12b0 [ 1053.431346][T19685] ? inet6_create+0x7f/0x12b0 [ 1053.431375][T19685] __sock_create+0x339/0x860 [ 1053.431414][T19685] __sys_socket+0x14d/0x260 [ 1053.431449][T19685] ? __pfx___sys_socket+0x10/0x10 [ 1053.431493][T19685] __x64_sys_socket+0x72/0xb0 [ 1053.431527][T19685] ? lockdep_hardirqs_on+0x78/0x100 [ 1053.431555][T19685] do_syscall_64+0x106/0xf80 [ 1053.431583][T19685] ? clear_bhb_loop+0x40/0x90 [ 1053.431614][T19685] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1053.431642][T19685] RIP: 0033:0x7f70a2f9c819 [ 1053.431663][T19685] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1053.431689][T19685] RSP: 002b:00007f70a3de5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 1053.431715][T19685] RAX: ffffffffffffffda RBX: 00007f70a3216090 RCX: 00007f70a2f9c819 [ 1053.431732][T19685] RDX: 0000000000000084 RSI: 0000000000000801 RDI: 000000000000000a [ 1053.431749][T19685] RBP: 00007f70a3032c91 R08: 0000000000000000 R09: 0000000000000000 [ 1053.431773][T19685] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1053.431789][T19685] R13: 00007f70a3216128 R14: 00007f70a3216090 R15: 00007ffd3b8cbca8 [ 1053.431821][T19685] [ 1054.646453][T16081] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1054.658508][T16081] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1054.669497][T16081] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1054.680409][T16081] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1054.692772][T16081] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1055.559144][T16081] Bluetooth: hci0: unexpected event 0x1c length: 725 > 5 [ 1055.663630][T18181] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1055.695695][T18181] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1055.714233][T18181] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1055.724211][T18181] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1055.734162][T18181] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1055.827422][T19694] chnl_net:caif_netlink_parms(): no params data found [ 1056.336306][T19694] bridge0: port 1(bridge_slave_0) entered blocking state [ 1056.343877][T19694] bridge0: port 1(bridge_slave_0) entered disabled state [ 1056.385310][T19694] bridge_slave_0: entered allmulticast mode [ 1056.413870][T19694] bridge_slave_0: entered promiscuous mode [ 1056.436748][T18181] Bluetooth: hci0: unexpected event 0x1c length: 725 > 5 [ 1056.465276][T19694] bridge0: port 2(bridge_slave_1) entered blocking state [ 1056.518110][T19694] bridge0: port 2(bridge_slave_1) entered disabled state [ 1056.546820][T19694] bridge_slave_1: entered allmulticast mode [ 1056.577844][T19694] bridge_slave_1: entered promiscuous mode [ 1056.735184][T18181] Bluetooth: hci2: command tx timeout [ 1056.747416][T19694] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1056.814323][T19694] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1056.974293][T19711] chnl_net:caif_netlink_parms(): no params data found [ 1057.027457][T19694] team0: Port device team_slave_0 added [ 1057.104714][T19694] team0: Port device team_slave_1 added [ 1057.269330][T19694] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1057.284772][T19726] netlink: 338 bytes leftover after parsing attributes in process `syz.1.3196'. [ 1057.298232][T19694] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1057.387002][T19694] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1057.434160][T19694] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1057.465662][T19694] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1057.508404][T19728] KVM: debugfs: duplicate directory 19728-3 [ 1057.560578][T19694] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1057.776081][T18181] Bluetooth: hci5: command tx timeout [ 1057.890810][T19711] bridge0: port 1(bridge_slave_0) entered blocking state [ 1057.923186][T19711] bridge0: port 1(bridge_slave_0) entered disabled state [ 1057.952097][T19711] bridge_slave_0: entered allmulticast mode [ 1057.979565][T19711] bridge_slave_0: entered promiscuous mode [ 1058.021941][T19694] hsr_slave_0: entered promiscuous mode [ 1058.073292][T19694] hsr_slave_1: entered promiscuous mode [ 1058.103398][T19694] debugfs: 'hsr0' already exists in 'hsr' [ 1058.141884][T19694] Cannot create hsr debugfs directory [ 1058.216434][T19711] bridge0: port 2(bridge_slave_1) entered blocking state [ 1058.246401][T19711] bridge0: port 2(bridge_slave_1) entered disabled state [ 1058.275714][T19711] bridge_slave_1: entered allmulticast mode [ 1058.295674][T19721] kexec: Could not allocate control_code_buffer [ 1058.303301][T19711] bridge_slave_1: entered promiscuous mode [ 1058.496466][T19711] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1058.609927][T19711] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1058.758702][T19711] team0: Port device team_slave_0 added [ 1058.813083][T19711] team0: Port device team_slave_1 added [ 1058.821056][T18181] Bluetooth: hci2: command tx timeout [ 1058.949054][T19711] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1058.967326][T19711] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1059.088319][T19711] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1059.138349][T19711] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1059.179099][T19711] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1059.275471][T19711] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1059.486584][T19711] hsr_slave_0: entered promiscuous mode [ 1059.501978][T19711] hsr_slave_1: entered promiscuous mode [ 1059.536612][T19711] debugfs: 'hsr0' already exists in 'hsr' [ 1059.564907][T19711] Cannot create hsr debugfs directory [ 1059.760925][T19748] futex_wake_op: syz.2.3200 tries to shift op by -2048; fix this program [ 1059.856429][T18181] Bluetooth: hci5: command tx timeout [ 1060.605551][T18181] Bluetooth: hci0: unexpected subevent 0x0c length: 118 > 5 [ 1060.895236][T18181] Bluetooth: hci2: command tx timeout [ 1061.145483][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1061.153938][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1061.935576][T18181] Bluetooth: hci5: command tx timeout [ 1062.985211][T18181] Bluetooth: hci2: command tx timeout [ 1063.614214][T19797] netlink: 338 bytes leftover after parsing attributes in process `syz.1.3211'. [ 1063.676463][T19797] KVM: debugfs: duplicate directory 19797-3 [ 1063.873686][T19801] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3213'. [ 1064.015110][T18181] Bluetooth: hci5: command tx timeout [ 1064.740079][T19824] random: crng reseeded on system resumption [ 1065.726332][T19839] smc: net device dummy0 erased user defined pnetid DUMMY0 [ 1065.876460][T19841] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3223'. [ 1067.650823][T19858] netlink: 338 bytes leftover after parsing attributes in process `syz.1.3227'. [ 1067.706695][T19858] KVM: debugfs: duplicate directory 19858-3 [ 1068.764445][T19874] FAULT_INJECTION: forcing a failure. [ 1068.764445][T19874] name failslab, interval 1, probability 0, space 0, times 0 [ 1068.804200][T19874] CPU: 0 UID: 0 PID: 19874 Comm: syz.1.3232 Tainted: G L syzkaller #0 PREEMPT(full) [ 1068.804243][T19874] Tainted: [L]=SOFTLOCKUP [ 1068.804252][T19874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1068.804268][T19874] Call Trace: [ 1068.804279][T19874] [ 1068.804290][T19874] dump_stack_lvl+0x100/0x190 [ 1068.804343][T19874] should_fail_ex.cold+0x5/0xa [ 1068.804374][T19874] should_failslab+0xc2/0x120 [ 1068.804403][T19874] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 1068.804430][T19874] ? xfrm4_net_init+0x9e/0x1c0 [ 1068.804460][T19874] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1068.804510][T19874] kmemdup_noprof+0x29/0x60 [ 1068.804541][T19874] xfrm4_net_init+0x9e/0x1c0 [ 1068.804572][T19874] ? __pfx_xfrm4_net_init+0x10/0x10 [ 1068.804602][T19874] ops_init+0x1e2/0x5f0 [ 1068.804633][T19874] setup_net+0x118/0x3a0 [ 1068.804660][T19874] ? __pfx_setup_net+0x10/0x10 [ 1068.804684][T19874] ? lockdep_init_map_type+0x5c/0x250 [ 1068.804722][T19874] ? mutex_init_lockep+0x110/0x150 [ 1068.804763][T19874] copy_net_ns+0x46f/0x7c0 [ 1068.804797][T19874] create_new_namespaces+0x3ea/0xac0 [ 1068.804832][T19874] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1068.804864][T19874] ksys_unshare+0x473/0xad0 [ 1068.804899][T19874] ? __pfx_ksys_unshare+0x10/0x10 [ 1068.804949][T19874] __x64_sys_unshare+0x31/0x40 [ 1068.804982][T19874] do_syscall_64+0x106/0xf80 [ 1068.805008][T19874] ? clear_bhb_loop+0x40/0x90 [ 1068.805048][T19874] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1068.805076][T19874] RIP: 0033:0x7f4055b9c819 [ 1068.805098][T19874] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1068.805123][T19874] RSP: 002b:00007f4056b16028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1068.805148][T19874] RAX: ffffffffffffffda RBX: 00007f4055e15fa0 RCX: 00007f4055b9c819 [ 1068.805165][T19874] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1068.805181][T19874] RBP: 00007f4055c32c91 R08: 0000000000000000 R09: 0000000000000000 [ 1068.805197][T19874] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1068.805214][T19874] R13: 00007f4055e16038 R14: 00007f4055e15fa0 R15: 00007ffdd33a0b88 [ 1068.805246][T19874] [ 1070.784216][T19890] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3236'. [ 1071.229980][T19895] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3237'. [ 1073.240273][T19926] block2mtd: illegal erase size [ 1074.562714][T19937] netlink: 338 bytes leftover after parsing attributes in process `syz.2.3247'. [ 1075.236552][T19940] netlink: 338 bytes leftover after parsing attributes in process `syz.2.3248'. [ 1075.390673][T19940] KVM: debugfs: duplicate directory 19940-3 [ 1075.898646][T18181] Bluetooth: hci4: unexpected event 0x1c length: 725 > 5 [ 1076.686237][T19956] netlink: 338 bytes leftover after parsing attributes in process `syz.2.3254'. [ 1076.785929][T19956] KVM: debugfs: duplicate directory 19956-3 [ 1078.545775][T19984] netlink: 338 bytes leftover after parsing attributes in process `syz.1.3262'. [ 1078.598455][T19984] KVM: debugfs: duplicate directory 19984-3 [ 1078.750013][T19983] can: request_module (can-proto-0) failed. [ 1080.790275][T20016] netlink: 350 bytes leftover after parsing attributes in process `syz.2.3270'. [ 1081.416904][T20023] block2mtd: illegal erase size [ 1085.814819][T20070] netlink: 186 bytes leftover after parsing attributes in process `syz.1.3280'. [ 1085.955095][T18181] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 1087.977778][T20091] FAULT_INJECTION: forcing a failure. [ 1087.977778][T20091] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1088.019348][T16081] Bluetooth: hci4: command 0x0406 tx timeout [ 1088.037845][T20091] CPU: 0 UID: 0 PID: 20091 Comm: syz.1.3283 Tainted: G L syzkaller #0 PREEMPT(full) [ 1088.037884][T20091] Tainted: [L]=SOFTLOCKUP [ 1088.037893][T20091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1088.037908][T20091] Call Trace: [ 1088.037917][T20091] [ 1088.037926][T20091] dump_stack_lvl+0x100/0x190 [ 1088.037969][T20091] should_fail_ex.cold+0x5/0xa [ 1088.037998][T20091] strncpy_from_user+0x3b/0x2d0 [ 1088.038033][T20091] __do_sys_add_key+0xd4/0x460 [ 1088.038059][T20091] ? __pfx___do_sys_add_key+0x10/0x10 [ 1088.038080][T20091] ? ksys_write+0x1ac/0x250 [ 1088.038115][T20091] do_syscall_64+0x106/0xf80 [ 1088.038143][T20091] ? clear_bhb_loop+0x40/0x90 [ 1088.038172][T20091] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1088.038205][T20091] RIP: 0033:0x7f4055b9c819 [ 1088.038224][T20091] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1088.038249][T20091] RSP: 002b:00007f4056b16028 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8 [ 1088.038272][T20091] RAX: ffffffffffffffda RBX: 00007f4055e15fa0 RCX: 00007f4055b9c819 [ 1088.038294][T20091] RDX: 0000000000000000 RSI: 0000200000000a00 RDI: 00002000000009c0 [ 1088.038309][T20091] RBP: 00007f4056b16090 R08: fffffffffffffffd R09: 0000000000000000 [ 1088.038325][T20091] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001 [ 1088.038339][T20091] R13: 00007f4055e16038 R14: 00007f4055e15fa0 R15: 00007ffdd33a0b88 [ 1088.038370][T20091] [ 1088.872489][T16081] Bluetooth: hci4: unexpected event 0x1c length: 725 > 5 [ 1089.188366][T16081] Bluetooth: hci4: unexpected event 0x1c length: 725 > 5 [ 1089.343360][T20104] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !PjE ùrõ£Ò„yù*›"¤l-ý¤ôy–ú„ [ 1090.095903][T16081] Bluetooth: hci4: command 0x0406 tx timeout [ 1095.503036][T20168] netlink: 338 bytes leftover after parsing attributes in process `syz.1.3302'. [ 1095.618176][T20168] KVM: debugfs: duplicate directory 20168-3 [ 1095.980078][T20177] block2mtd: illegal erase size [ 1096.960766][T20188] FAULT_INJECTION: forcing a failure. [ 1096.960766][T20188] name failslab, interval 1, probability 0, space 0, times 0 [ 1096.997936][T20188] CPU: 0 UID: 0 PID: 20188 Comm: syz.1.3308 Tainted: G L syzkaller #0 PREEMPT(full) [ 1096.997980][T20188] Tainted: [L]=SOFTLOCKUP [ 1096.997999][T20188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1096.998016][T20188] Call Trace: [ 1096.998025][T20188] [ 1096.998035][T20188] dump_stack_lvl+0x100/0x190 [ 1096.998081][T20188] should_fail_ex.cold+0x5/0xa [ 1096.998112][T20188] ? realloc_user_queue+0xe9/0x320 [ 1096.998148][T20188] should_failslab+0xc2/0x120 [ 1096.998178][T20188] __kmalloc_noprof+0xe0/0x850 [ 1096.998226][T20188] realloc_user_queue+0xe9/0x320 [ 1096.998265][T20188] ? __pfx_snd_timer_user_open+0x10/0x10 [ 1096.998304][T20188] snd_timer_user_open+0xfc/0x180 [ 1096.998342][T20188] snd_open+0x22d/0x4c0 [ 1096.998375][T20188] ? __pfx_snd_open+0x10/0x10 [ 1096.998406][T20188] chrdev_open+0x234/0x6a0 [ 1096.998434][T20188] ? __pfx_apparmor_file_open+0x10/0x10 [ 1096.998463][T20188] ? __pfx_chrdev_open+0x10/0x10 [ 1096.998493][T20188] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1096.998528][T20188] do_dentry_open+0x6d8/0x1660 [ 1096.998575][T20188] ? __pfx_chrdev_open+0x10/0x10 [ 1096.998617][T20188] vfs_open+0x82/0x3f0 [ 1096.998656][T20188] path_openat+0x208c/0x31a0 [ 1096.998695][T20188] ? __pfx_path_openat+0x10/0x10 [ 1096.998736][T20188] do_file_open+0x20e/0x430 [ 1096.998766][T20188] ? __pfx_do_file_open+0x10/0x10 [ 1096.998817][T20188] ? alloc_fd+0x476/0x790 [ 1096.998847][T20188] ? do_getname+0x191/0x390 [ 1096.998884][T20188] do_sys_openat2+0x10d/0x1e0 [ 1096.998920][T20188] ? __pfx_do_sys_openat2+0x10/0x10 [ 1096.998958][T20188] ? fput+0x79/0x100 [ 1096.998994][T20188] __x64_sys_openat+0x12d/0x210 [ 1096.999032][T20188] ? __pfx___x64_sys_openat+0x10/0x10 [ 1096.999080][T20188] do_syscall_64+0x106/0xf80 [ 1096.999108][T20188] ? clear_bhb_loop+0x40/0x90 [ 1096.999139][T20188] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1096.999166][T20188] RIP: 0033:0x7f4055b9c819 [ 1096.999189][T20188] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1096.999215][T20188] RSP: 002b:00007f4056b16028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1096.999249][T20188] RAX: ffffffffffffffda RBX: 00007f4055e15fa0 RCX: 00007f4055b9c819 [ 1096.999267][T20188] RDX: 0000000000020000 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1096.999285][T20188] RBP: 00007f4055c32c91 R08: 0000000000000000 R09: 0000000000000000 [ 1096.999300][T20188] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1096.999315][T20188] R13: 00007f4055e16038 R14: 00007f4055e15fa0 R15: 00007ffdd33a0b88 [ 1096.999348][T20188] [ 1098.644206][T18181] Bluetooth: hci0: unexpected event 0x1c length: 725 > 5 [ 1098.862366][T20208] block2mtd: illegal erase size [ 1099.660906][T20219] block2mtd: illegal erase size [ 1100.488178][T20225] netlink: 338 bytes leftover after parsing attributes in process `syz.1.3317'. [ 1100.631336][T20225] KVM: debugfs: duplicate directory 20225-3 [ 1100.814602][ T31] audit: type=1326 audit(4294967729.800:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20226 comm="syz.2.3318" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f70a2f9c819 code=0x0 [ 1100.928186][T20231] block2mtd: illegal erase size [ 1103.171124][T20248] block2mtd: illegal erase size [ 1104.198560][T20262] netlink: 338 bytes leftover after parsing attributes in process `syz.2.3327'. [ 1104.266683][T20262] KVM: debugfs: duplicate directory 20262-3 [ 1106.147267][T20285] block2mtd: illegal erase size [ 1108.782390][T20296] kexec: Could not allocate control_code_buffer [ 1109.733956][T20318] block2mtd: illegal erase size [ 1110.664530][T20324] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3338'. [ 1111.206536][T20326] FAULT_INJECTION: forcing a failure. [ 1111.206536][T20326] name failslab, interval 1, probability 0, space 0, times 0 [ 1111.263485][T20326] CPU: 0 UID: 0 PID: 20326 Comm: syz.1.3339 Tainted: G L syzkaller #0 PREEMPT(full) [ 1111.263527][T20326] Tainted: [L]=SOFTLOCKUP [ 1111.263536][T20326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1111.263552][T20326] Call Trace: [ 1111.263562][T20326] [ 1111.263573][T20326] dump_stack_lvl+0x100/0x190 [ 1111.263630][T20326] should_fail_ex.cold+0x5/0xa [ 1111.263662][T20326] should_failslab+0xc2/0x120 [ 1111.263691][T20326] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1111.263728][T20326] ? snd_pcm_oss_change_params_locked+0x1db/0x39f0 [ 1111.263772][T20326] snd_pcm_oss_change_params_locked+0x1db/0x39f0 [ 1111.263812][T20326] ? __mutex_lock+0x26a/0x1b90 [ 1111.263842][T20326] ? tomoyo_path_number_perm+0x46d/0x580 [ 1111.263874][T20326] ? snd_pcm_oss_get_active_substream+0x153/0x1d0 [ 1111.263913][T20326] ? kasan_quarantine_put+0x104/0x240 [ 1111.263957][T20326] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 1111.263994][T20326] ? __pfx___mutex_lock+0x10/0x10 [ 1111.264022][T20326] ? find_held_lock+0x2b/0x80 [ 1111.264046][T20326] ? tomoyo_path_number_perm+0x28f/0x580 [ 1111.264078][T20326] ? tomoyo_path_number_perm+0x28f/0x580 [ 1111.264119][T20326] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1111.264150][T20326] ? futex_wait+0x125/0x380 [ 1111.264204][T20326] snd_pcm_oss_get_active_substream+0x175/0x1d0 [ 1111.264247][T20326] snd_pcm_oss_get_formats+0x7d/0x350 [ 1111.264282][T20326] ? do_vfs_ioctl+0x226/0x13e0 [ 1111.264320][T20326] ? __pfx_snd_pcm_oss_get_formats+0x10/0x10 [ 1111.264366][T20326] snd_pcm_oss_ioctl+0x1719/0x3720 [ 1111.264410][T20326] ? find_held_lock+0x2b/0x80 [ 1111.264435][T20326] ? __fget_files+0x215/0x3d0 [ 1111.264461][T20326] ? hook_file_ioctl_common+0x146/0x410 [ 1111.264496][T20326] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 1111.264536][T20326] ? __fget_files+0x21f/0x3d0 [ 1111.264566][T20326] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 1111.264605][T20326] __x64_sys_ioctl+0x18e/0x210 [ 1111.264646][T20326] do_syscall_64+0x106/0xf80 [ 1111.264673][T20326] ? clear_bhb_loop+0x40/0x90 [ 1111.264704][T20326] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1111.264731][T20326] RIP: 0033:0x7f4055b9c819 [ 1111.264752][T20326] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1111.264778][T20326] RSP: 002b:00007f4056b16028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1111.264803][T20326] RAX: ffffffffffffffda RBX: 00007f4055e15fa0 RCX: 00007f4055b9c819 [ 1111.264821][T20326] RDX: 0000000000000000 RSI: 000000008004500b RDI: 0000000000000003 [ 1111.264837][T20326] RBP: 00007f4055c32c91 R08: 0000000000000000 R09: 0000000000000000 [ 1111.264854][T20326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1111.264870][T20326] R13: 00007f4055e16038 R14: 00007f4055e15fa0 R15: 00007ffdd33a0b88 [ 1111.264908][T20326] [ 1112.885750][T18181] Bluetooth: hci4: unexpected event 0x1c length: 725 > 5 [ 1113.099843][T20343] block2mtd: illegal erase size [ 1113.804202][T20352] FAULT_INJECTION: forcing a failure. [ 1113.804202][T20352] name failslab, interval 1, probability 0, space 0, times 0 [ 1113.835715][T20352] CPU: 0 UID: 0 PID: 20352 Comm: syz.2.3347 Tainted: G L syzkaller #0 PREEMPT(full) [ 1113.835755][T20352] Tainted: [L]=SOFTLOCKUP [ 1113.835764][T20352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1113.835779][T20352] Call Trace: [ 1113.835787][T20352] [ 1113.835797][T20352] dump_stack_lvl+0x100/0x190 [ 1113.835839][T20352] should_fail_ex.cold+0x5/0xa [ 1113.835869][T20352] ? genl_family_rcv_msg_attrs_parse.isra.0+0xc2/0x280 [ 1113.835901][T20352] should_failslab+0xc2/0x120 [ 1113.835939][T20352] __kmalloc_noprof+0xe0/0x850 [ 1113.835976][T20352] ? rcu_is_watching+0x12/0xc0 [ 1113.836020][T20352] genl_family_rcv_msg_attrs_parse.isra.0+0xc2/0x280 [ 1113.836058][T20352] genl_family_rcv_msg_doit+0xc7/0x300 [ 1113.836092][T20352] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1113.836125][T20352] ? genl_get_cmd+0x3ef/0x720 [ 1113.836160][T20352] ? __dev_queue_xmit+0x5af/0x4800 [ 1113.836192][T20352] ? __radix_tree_lookup+0x217/0x2b0 [ 1113.836238][T20352] genl_rcv_msg+0x560/0x800 [ 1113.836271][T20352] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1113.836303][T20352] ? __pfx_tipc_nl_media_set+0x10/0x10 [ 1113.836339][T20352] netlink_rcv_skb+0x159/0x420 [ 1113.836366][T20352] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1113.836398][T20352] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1113.836437][T20352] ? netlink_deliver_tap+0x1ae/0xcc0 [ 1113.836465][T20352] genl_rcv+0x28/0x40 [ 1113.836492][T20352] netlink_unicast+0x5aa/0x870 [ 1113.836522][T20352] ? __pfx_netlink_unicast+0x10/0x10 [ 1113.836560][T20352] netlink_sendmsg+0x8b0/0xda0 [ 1113.836591][T20352] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1113.836616][T20352] ? __import_iovec+0x1d2/0x640 [ 1113.836652][T20352] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 1113.836683][T20352] ____sys_sendmsg+0x9e1/0xb70 [ 1113.836713][T20352] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1113.836742][T20352] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1113.836786][T20352] ___sys_sendmsg+0x190/0x1e0 [ 1113.836820][T20352] ? __pfx____sys_sendmsg+0x10/0x10 [ 1113.836888][T20352] __sys_sendmsg+0x170/0x220 [ 1113.836918][T20352] ? __pfx___sys_sendmsg+0x10/0x10 [ 1113.836960][T20352] do_syscall_64+0x106/0xf80 [ 1113.836985][T20352] ? clear_bhb_loop+0x40/0x90 [ 1113.837014][T20352] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1113.837039][T20352] RIP: 0033:0x7f70a2f9c819 [ 1113.837059][T20352] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1113.837082][T20352] RSP: 002b:00007f70a3e06028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1113.837106][T20352] RAX: ffffffffffffffda RBX: 00007f70a3215fa0 RCX: 00007f70a2f9c819 [ 1113.837122][T20352] RDX: 0000000000004044 RSI: 0000200000003b00 RDI: 0000000000000003 [ 1113.837138][T20352] RBP: 00007f70a3e06090 R08: 0000000000000000 R09: 0000000000000000 [ 1113.837154][T20352] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1113.837169][T20352] R13: 00007f70a3216038 R14: 00007f70a3215fa0 R15: 00007ffd3b8cbca8 [ 1113.837200][T20352] [ 1114.703881][T16081] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 1114.728399][T16081] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 1114.749081][T16081] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 1114.772722][T16081] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 1114.785317][T16081] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 1114.968117][T20363] overlayfs: missing 'lowerdir' [ 1115.388082][T20359] chnl_net:caif_netlink_parms(): no params data found [ 1115.862762][T20359] bridge0: port 1(bridge_slave_0) entered blocking state [ 1115.915131][T20359] bridge0: port 1(bridge_slave_0) entered disabled state [ 1115.937233][T18181] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 1115.962611][T18181] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 1115.976484][T18181] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 1115.988685][T18181] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 1115.999589][T18181] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 1116.045629][T20359] bridge_slave_0: entered allmulticast mode [ 1116.093271][T20359] bridge_slave_0: entered promiscuous mode [ 1116.144794][T20359] bridge0: port 2(bridge_slave_1) entered blocking state [ 1116.196066][T20359] bridge0: port 2(bridge_slave_1) entered disabled state [ 1116.233155][T20359] bridge_slave_1: entered allmulticast mode [ 1116.271874][T20359] bridge_slave_1: entered promiscuous mode [ 1116.412365][T20357] kexec: Could not allocate control_code_buffer [ 1116.630663][T20359] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1116.723300][T20359] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1116.895629][T18181] Bluetooth: hci6: command tx timeout [ 1116.978027][T20359] team0: Port device team_slave_0 added [ 1117.078665][T20359] team0: Port device team_slave_1 added [ 1117.356346][T20359] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1117.363976][T20359] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1117.439219][T18181] Bluetooth: hci0: unexpected event 0x1c length: 725 > 5 [ 1117.580615][T20359] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1117.679484][T20359] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1117.709716][T20359] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1117.797688][T20359] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1118.038327][T20359] hsr_slave_0: entered promiscuous mode [ 1118.073533][T20359] hsr_slave_1: entered promiscuous mode [ 1118.097842][T18181] Bluetooth: hci7: command tx timeout [ 1118.109060][T20359] debugfs: 'hsr0' already exists in 'hsr' [ 1118.132300][T20359] Cannot create hsr debugfs directory [ 1118.150294][T20401] FAULT_INJECTION: forcing a failure. [ 1118.150294][T20401] name failslab, interval 1, probability 0, space 0, times 0 [ 1118.208289][T20401] CPU: 0 UID: 0 PID: 20401 Comm: syz.2.3357 Tainted: G L syzkaller #0 PREEMPT(full) [ 1118.208326][T20401] Tainted: [L]=SOFTLOCKUP [ 1118.208334][T20401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1118.208349][T20401] Call Trace: [ 1118.208357][T20401] [ 1118.208366][T20401] dump_stack_lvl+0x100/0x190 [ 1118.208409][T20401] should_fail_ex.cold+0x5/0xa [ 1118.208438][T20401] should_failslab+0xc2/0x120 [ 1118.208466][T20401] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 1118.208528][T20401] ? __alloc_skb+0x140/0x710 [ 1118.208578][T20401] __alloc_skb+0x140/0x710 [ 1118.208613][T20401] ? __alloc_skb+0x5b7/0x710 [ 1118.208649][T20401] ? __pfx___alloc_skb+0x10/0x10 [ 1118.208685][T20401] ? genl_rcv_msg+0x4be/0x800 [ 1118.208723][T20401] netlink_ack+0x117/0xb80 [ 1118.208757][T20401] netlink_rcv_skb+0x333/0x420 [ 1118.208784][T20401] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1118.208817][T20401] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1118.208857][T20401] ? netlink_deliver_tap+0x1ae/0xcc0 [ 1118.208885][T20401] genl_rcv+0x28/0x40 [ 1118.208911][T20401] netlink_unicast+0x5aa/0x870 [ 1118.208941][T20401] ? __pfx_netlink_unicast+0x10/0x10 [ 1118.208978][T20401] netlink_sendmsg+0x8b0/0xda0 [ 1118.209008][T20401] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1118.209032][T20401] ? __import_iovec+0x1d2/0x640 [ 1118.209085][T20401] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 1118.209129][T20401] ____sys_sendmsg+0x9e1/0xb70 [ 1118.209159][T20401] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1118.209187][T20401] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1118.209231][T20401] ___sys_sendmsg+0x190/0x1e0 [ 1118.209264][T20401] ? __pfx____sys_sendmsg+0x10/0x10 [ 1118.209334][T20401] __sys_sendmsg+0x170/0x220 [ 1118.209358][T20401] ? __pfx___sys_sendmsg+0x10/0x10 [ 1118.209400][T20401] do_syscall_64+0x106/0xf80 [ 1118.209425][T20401] ? clear_bhb_loop+0x40/0x90 [ 1118.209455][T20401] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1118.209479][T20401] RIP: 0033:0x7f70a2f9c819 [ 1118.209499][T20401] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1118.209522][T20401] RSP: 002b:00007f70a3e06028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1118.209561][T20401] RAX: ffffffffffffffda RBX: 00007f70a3215fa0 RCX: 00007f70a2f9c819 [ 1118.209577][T20401] RDX: 0000000000004044 RSI: 0000200000003b00 RDI: 0000000000000003 [ 1118.209593][T20401] RBP: 00007f70a3e06090 R08: 0000000000000000 R09: 0000000000000000 [ 1118.209608][T20401] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1118.209622][T20401] R13: 00007f70a3216038 R14: 00007f70a3215fa0 R15: 00007ffd3b8cbca8 [ 1118.209654][T20401] [ 1119.077429][T18181] Bluetooth: hci6: command tx timeout [ 1119.175710][T20376] chnl_net:caif_netlink_parms(): no params data found [ 1119.686033][T20406] block2mtd: illegal erase size [ 1119.857469][T20376] bridge0: port 1(bridge_slave_0) entered blocking state [ 1119.905153][T20376] bridge0: port 1(bridge_slave_0) entered disabled state [ 1119.934619][T20376] bridge_slave_0: entered allmulticast mode [ 1119.968105][T20376] bridge_slave_0: entered promiscuous mode [ 1120.025727][T20376] bridge0: port 2(bridge_slave_1) entered blocking state [ 1120.033847][T20376] bridge0: port 2(bridge_slave_1) entered disabled state [ 1120.067391][T20411] netlink: 338 bytes leftover after parsing attributes in process `syz.2.3360'. [ 1120.105573][T20376] bridge_slave_1: entered allmulticast mode [ 1120.135218][T20376] bridge_slave_1: entered promiscuous mode [ 1120.175249][T18181] Bluetooth: hci7: command tx timeout [ 1120.182996][T20413] KVM: debugfs: duplicate directory 20413-3 [ 1120.310752][T20376] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1120.387070][T20376] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1120.551051][T20376] team0: Port device team_slave_0 added [ 1120.596320][T20376] team0: Port device team_slave_1 added [ 1120.757641][T20376] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1120.786105][T20376] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1120.919281][T20376] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1120.992758][T20376] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1121.023111][T20376] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1121.142675][T18181] Bluetooth: hci6: command tx timeout [ 1121.196036][T20422] netlink: 338 bytes leftover after parsing attributes in process `syz.2.3364'. [ 1121.215157][T20376] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1121.310722][T20422] KVM: debugfs: duplicate directory 20422-3 [ 1121.520200][T20376] hsr_slave_0: entered promiscuous mode [ 1121.544456][T20376] hsr_slave_1: entered promiscuous mode [ 1121.588069][T20376] debugfs: 'hsr0' already exists in 'hsr' [ 1121.617877][T20376] Cannot create hsr debugfs directory [ 1122.257765][T18181] Bluetooth: hci7: command tx timeout [ 1122.598132][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1122.615130][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1122.941582][T18181] Bluetooth: hci4: unexpected event 0x1c length: 725 > 5 [ 1123.109190][T20437] block2mtd: illegal erase size [ 1123.219172][T18181] Bluetooth: hci6: command tx timeout [ 1124.335944][T18181] Bluetooth: hci7: command tx timeout [ 1124.951342][T20448] netlink: 338 bytes leftover after parsing attributes in process `syz.2.3370'. [ 1125.029519][T20448] KVM: debugfs: duplicate directory 20448-3 [ 1125.240929][T20450] FAULT_INJECTION: forcing a failure. [ 1125.240929][T20450] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1125.275557][T20450] CPU: 0 UID: 0 PID: 20450 Comm: syz.2.3371 Tainted: G L syzkaller #0 PREEMPT(full) [ 1125.275597][T20450] Tainted: [L]=SOFTLOCKUP [ 1125.275606][T20450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1125.275620][T20450] Call Trace: [ 1125.275628][T20450] [ 1125.275637][T20450] dump_stack_lvl+0x100/0x190 [ 1125.275679][T20450] should_fail_ex.cold+0x5/0xa [ 1125.275708][T20450] strncpy_from_user+0x3b/0x2d0 [ 1125.275742][T20450] do_getname+0x78/0x390 [ 1125.275777][T20450] do_sys_openat2+0xc5/0x1e0 [ 1125.275810][T20450] ? __pfx_do_sys_openat2+0x10/0x10 [ 1125.275842][T20450] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1125.275876][T20450] ? __fget_files+0x21f/0x3d0 [ 1125.276018][T20450] __x64_sys_openat+0x12d/0x210 [ 1125.276055][T20450] ? __pfx___x64_sys_openat+0x10/0x10 [ 1125.276088][T20450] ? ksys_write+0x1ac/0x250 [ 1125.276121][T20450] do_syscall_64+0x106/0xf80 [ 1125.276147][T20450] ? clear_bhb_loop+0x40/0x90 [ 1125.276178][T20450] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1125.276203][T20450] RIP: 0033:0x7f70a2f9c819 [ 1125.276222][T20450] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1125.276246][T20450] RSP: 002b:00007f70a3e06028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1125.276268][T20450] RAX: ffffffffffffffda RBX: 00007f70a3215fa0 RCX: 00007f70a2f9c819 [ 1125.276284][T20450] RDX: 0000000000008001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1125.276300][T20450] RBP: 00007f70a3e06090 R08: 0000000000000000 R09: 0000000000000000 [ 1125.276315][T20450] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1125.276329][T20450] R13: 00007f70a3216038 R14: 00007f70a3215fa0 R15: 00007ffd3b8cbca8 [ 1125.276359][T20450] [ 1126.765221][T18181] Bluetooth: hci0: unexpected event 0x1c length: 725 > 5 [ 1129.741162][T18181] Bluetooth: hci0: unexpected event 0x1c length: 725 > 5 [ 1132.032736][ T31] audit: type=1800 audit(4294967761.020:22): pid=20521 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.3388" name="dbroot" dev="configfs" ino=98346 res=0 errno=0 [ 1133.563676][T20540] FAULT_INJECTION: forcing a failure. [ 1133.563676][T20540] name failslab, interval 1, probability 0, space 0, times 0 [ 1133.665180][T20540] CPU: 0 UID: 0 PID: 20540 Comm: syz.2.3393 Tainted: G L syzkaller #0 PREEMPT(full) [ 1133.665223][T20540] Tainted: [L]=SOFTLOCKUP [ 1133.665233][T20540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1133.665250][T20540] Call Trace: [ 1133.665261][T20540] [ 1133.665272][T20540] dump_stack_lvl+0x100/0x190 [ 1133.665317][T20540] should_fail_ex.cold+0x5/0xa [ 1133.665361][T20540] should_failslab+0xc2/0x120 [ 1133.665398][T20540] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1133.665440][T20540] ? __kernfs_new_node+0xd2/0x960 [ 1133.665485][T20540] __kernfs_new_node+0xd2/0x960 [ 1133.665527][T20540] ? __pfx___kernfs_new_node+0x10/0x10 [ 1133.665574][T20540] ? find_held_lock+0x2b/0x80 [ 1133.665599][T20540] ? kernfs_root+0xee/0x2a0 [ 1133.665636][T20540] ? kernfs_root+0xee/0x2a0 [ 1133.665680][T20540] kernfs_new_node+0x11b/0x1a0 [ 1133.665710][T20540] __kernfs_create_file+0x53/0x350 [ 1133.665749][T20540] sysfs_add_file_mode_ns+0x207/0x3c0 [ 1133.665794][T20540] internal_create_group+0x593/0xf40 [ 1133.665841][T20540] ? __pfx_internal_create_group+0x10/0x10 [ 1133.665887][T20540] ? kernfs_create_link+0x1bd/0x240 [ 1133.665923][T20540] internal_create_groups+0x9d/0x150 [ 1133.665966][T20540] device_add+0x71a/0x1950 [ 1133.666002][T20540] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1133.666029][T20540] ? __pfx_device_add+0x10/0x10 [ 1133.666064][T20540] ? lockdep_init_map_type+0x5c/0x250 [ 1133.666100][T20540] ? __init_waitqueue_head+0xca/0x150 [ 1133.666147][T20540] netdev_register_kobject+0x1a9/0x3d0 [ 1133.666182][T20540] register_netdevice+0x12e0/0x2210 [ 1133.666222][T20540] ? __pfx_register_netdevice+0x10/0x10 [ 1133.666258][T20540] __ip_tunnel_create+0x52b/0x670 [ 1133.666292][T20540] ? __pfx___ip_tunnel_create+0x10/0x10 [ 1133.666318][T20540] ? net_generic+0xea/0x2a0 [ 1133.666353][T20540] ip_tunnel_init_net+0x230/0x780 [ 1133.666391][T20540] ? __pfx_ip_tunnel_init_net+0x10/0x10 [ 1133.666429][T20540] ? __kmalloc_noprof+0x320/0x850 [ 1133.666473][T20540] ? __pfx_ipgre_tap_init_net+0x10/0x10 [ 1133.666515][T20540] ops_init+0x1e2/0x5f0 [ 1133.666544][T20540] setup_net+0x118/0x3a0 [ 1133.666571][T20540] ? __pfx_setup_net+0x10/0x10 [ 1133.666596][T20540] ? lockdep_init_map_type+0x5c/0x250 [ 1133.666633][T20540] ? mutex_init_lockep+0x110/0x150 [ 1133.666675][T20540] copy_net_ns+0x46f/0x7c0 [ 1133.666707][T20540] create_new_namespaces+0x3ea/0xac0 [ 1133.666744][T20540] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1133.666776][T20540] ksys_unshare+0x473/0xad0 [ 1133.666811][T20540] ? __pfx_ksys_unshare+0x10/0x10 [ 1133.666856][T20540] __x64_sys_unshare+0x31/0x40 [ 1133.666945][T20540] do_syscall_64+0x106/0xf80 [ 1133.667205][T20540] ? clear_bhb_loop+0x40/0x90 [ 1133.667239][T20540] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1133.667268][T20540] RIP: 0033:0x7f70a2f9c819 [ 1133.667292][T20540] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1133.667330][T20540] RSP: 002b:00007f70a3e06028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1133.667364][T20540] RAX: ffffffffffffffda RBX: 00007f70a3215fa0 RCX: 00007f70a2f9c819 [ 1133.667383][T20540] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1133.667400][T20540] RBP: 00007f70a3032c91 R08: 0000000000000000 R09: 0000000000000000 [ 1133.667416][T20540] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1133.667433][T20540] R13: 00007f70a3216038 R14: 00007f70a3215fa0 R15: 00007ffd3b8cbca8 [ 1133.667467][T20540] [ 1134.586017][T20548] netlink: 338 bytes leftover after parsing attributes in process `syz.1.3395'. [ 1134.618921][T20548] KVM: debugfs: duplicate directory 20548-3 [ 1135.459642][T20556] futex_wake_op: syz.1.3398 tries to shift op by -2048; fix this program [ 1135.483558][T20556] futex_wake_op: syz.1.3398 tries to shift op by -2048; fix this program [ 1136.107621][T20572] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3402'. [ 1136.200579][T20572] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1136.235529][T20572] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1136.334476][T20572] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1136.426391][T20572] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1138.257355][T20597] FAULT_INJECTION: forcing a failure. [ 1138.257355][T20597] name failslab, interval 1, probability 0, space 0, times 0 [ 1138.331187][T20597] CPU: 0 UID: 0 PID: 20597 Comm: syz.2.3408 Tainted: G L syzkaller #0 PREEMPT(full) [ 1138.331228][T20597] Tainted: [L]=SOFTLOCKUP [ 1138.331238][T20597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1138.331254][T20597] Call Trace: [ 1138.331264][T20597] [ 1138.331275][T20597] dump_stack_lvl+0x100/0x190 [ 1138.331320][T20597] should_fail_ex.cold+0x5/0xa [ 1138.331352][T20597] should_failslab+0xc2/0x120 [ 1138.331381][T20597] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 1138.331423][T20597] ? alloc_inode+0x183/0x250 [ 1138.331459][T20597] ? find_inode_fast+0x1fa/0x910 [ 1138.331499][T20597] alloc_inode+0x183/0x250 [ 1138.331535][T20597] iget_locked+0x1d9/0x6d0 [ 1138.331573][T20597] ? __pfx_iget_locked+0x10/0x10 [ 1138.331621][T20597] ? kernfs_root+0xee/0x2a0 [ 1138.331659][T20597] ? kernfs_root+0xee/0x2a0 [ 1138.331703][T20597] kernfs_get_inode+0x46/0x470 [ 1138.331742][T20597] kernfs_iop_lookup+0x1a7/0x2d0 [ 1138.331786][T20597] __lookup_slow+0x251/0x460 [ 1138.331823][T20597] ? __pfx___lookup_slow+0x10/0x10 [ 1138.331880][T20597] ? __d_lookup+0x266/0x4a0 [ 1138.331926][T20597] lookup_slow+0x50/0x70 [ 1138.331962][T20597] link_path_walk+0x1377/0x1cc0 [ 1138.332014][T20597] path_openat+0x1be/0x31a0 [ 1138.332041][T20597] ? kasan_save_stack+0x3f/0x50 [ 1138.332064][T20597] ? kasan_save_stack+0x30/0x50 [ 1138.332086][T20597] ? kasan_save_track+0x14/0x30 [ 1138.332109][T20597] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 1138.332157][T20597] ? __pfx_path_openat+0x10/0x10 [ 1138.332196][T20597] do_file_open+0x20e/0x430 [ 1138.332230][T20597] ? __pfx_do_file_open+0x10/0x10 [ 1138.332280][T20597] ? alloc_fd+0x476/0x790 [ 1138.332309][T20597] ? do_getname+0x191/0x390 [ 1138.332346][T20597] do_sys_openat2+0x10d/0x1e0 [ 1138.332382][T20597] ? __pfx_do_sys_openat2+0x10/0x10 [ 1138.332430][T20597] __x64_sys_openat+0x12d/0x210 [ 1138.332467][T20597] ? __pfx___x64_sys_openat+0x10/0x10 [ 1138.332515][T20597] do_syscall_64+0x106/0xf80 [ 1138.332542][T20597] ? clear_bhb_loop+0x40/0x90 [ 1138.332573][T20597] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1138.332607][T20597] RIP: 0033:0x7f70a2f9c819 [ 1138.332629][T20597] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1138.332655][T20597] RSP: 002b:00007f70a3dc4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1138.332680][T20597] RAX: ffffffffffffffda RBX: 00007f70a3216180 RCX: 00007f70a2f9c819 [ 1138.332698][T20597] RDX: 0000000000183841 RSI: 0000200000000280 RDI: ffffffffffffff9c [ 1138.332715][T20597] RBP: 00007f70a3032c91 R08: 0000000000000000 R09: 0000000000000000 [ 1138.332732][T20597] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1138.332748][T20597] R13: 00007f70a3216218 R14: 00007f70a3216180 R15: 00007ffd3b8cbca8 [ 1138.332780][T20597] [ 1140.146011][T20624] smc: net device dummy0 applied user defined pnetid DUMMY0 [ 1140.923900][T20622] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1140.942575][T20622] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1140.955518][T20622] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1140.973977][T20622] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1140.998947][T20622] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1141.031371][T20622] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1141.052680][T20622] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1141.065408][T20622] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1141.077145][T20622] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 1141.090173][T20622] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 1141.120828][T20622] Bluetooth: hci6: Opcode 0x0c1a failed: -4 [ 1141.131395][T20622] Bluetooth: hci6: Opcode 0x0406 failed: -4 [ 1141.145557][T20622] Bluetooth: hci6: Opcode 0x0406 failed: -4 [ 1141.180199][T20622] Bluetooth: hci7: Opcode 0x0c1a failed: -4 [ 1141.195272][T20622] Bluetooth: hci7: Opcode 0x0406 failed: -4 [ 1141.213247][T20622] Bluetooth: hci7: Opcode 0x0406 failed: -4 [ 1141.541508][T20637] netlink: 338 bytes leftover after parsing attributes in process `syz.1.3418'. [ 1141.653671][T20637] KVM: debugfs: duplicate directory 20637-3 [ 1142.255167][T18181] Bluetooth: hci4: command 0x0406 tx timeout [ 1142.975418][T18181] Bluetooth: hci0: command 0x0406 tx timeout [ 1142.982840][T18181] Bluetooth: hci1: command 0x0406 tx timeout [ 1142.989777][T16081] Bluetooth: hci3: command 0x0406 tx timeout [ 1143.058443][T18181] Bluetooth: hci2: command 0x0c1a tx timeout [ 1143.135178][T18181] Bluetooth: hci6: command 0x0c1a tx timeout [ 1143.142553][T16081] Bluetooth: hci5: command 0x0c1a tx timeout [ 1143.215025][T18181] Bluetooth: hci7: command 0x0c1a tx timeout [ 1145.137995][T18181] Bluetooth: hci2: command 0x0c1a tx timeout [ 1145.215080][T18181] Bluetooth: hci6: command 0x0c1a tx timeout [ 1145.222482][T18181] Bluetooth: hci5: command 0x0c1a tx timeout [ 1145.295277][T18181] Bluetooth: hci7: command 0x0c1a tx timeout [ 1145.516111][T20681] netlink: 338 bytes leftover after parsing attributes in process `syz.1.3427'. [ 1145.587195][T20681] KVM: debugfs: duplicate directory 20681-3 [ 1146.267173][T20688] i8042 aux 00:02: in use; can't configure [ 1146.511490][T20692] FAULT_INJECTION: forcing a failure. [ 1146.511490][T20692] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1146.545134][T20692] CPU: 0 UID: 0 PID: 20692 Comm: syz.1.3432 Tainted: G L syzkaller #0 PREEMPT(full) [ 1146.545174][T20692] Tainted: [L]=SOFTLOCKUP [ 1146.545182][T20692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1146.545198][T20692] Call Trace: [ 1146.545206][T20692] [ 1146.545216][T20692] dump_stack_lvl+0x100/0x190 [ 1146.545258][T20692] should_fail_ex.cold+0x5/0xa [ 1146.545288][T20692] _copy_from_user+0x2e/0xd0 [ 1146.545375][T20692] kstrtouint_from_user+0xd6/0x1d0 [ 1146.545415][T20692] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 1146.545453][T20692] ? __lock_acquire+0x4a5/0x2630 [ 1146.545489][T20692] ? lock_acquire+0x1cf/0x380 [ 1146.545526][T20692] proc_fail_nth_write+0x83/0x220 [ 1146.545559][T20692] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 1146.545599][T20692] vfs_write+0x2aa/0x1070 [ 1146.545623][T20692] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 1146.545658][T20692] ? __pfx_vfs_write+0x10/0x10 [ 1146.545681][T20692] ? __fget_files+0x215/0x3d0 [ 1146.545712][T20692] ? __fget_files+0x21f/0x3d0 [ 1146.545744][T20692] ksys_write+0x12a/0x250 [ 1146.545788][T20692] ? __pfx_ksys_write+0x10/0x10 [ 1146.545822][T20692] do_syscall_64+0x106/0xf80 [ 1146.545848][T20692] ? clear_bhb_loop+0x40/0x90 [ 1146.545884][T20692] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1146.545908][T20692] RIP: 0033:0x7f4055b5d04e [ 1146.545928][T20692] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1146.545951][T20692] RSP: 002b:00007f4056b15fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1146.545974][T20692] RAX: ffffffffffffffda RBX: 00007f4056b166c0 RCX: 00007f4055b5d04e [ 1146.545990][T20692] RDX: 0000000000000001 RSI: 00007f4056b160a0 RDI: 0000000000000007 [ 1146.546005][T20692] RBP: 00007f4056b16090 R08: 0000000000000000 R09: 0000000000000000 [ 1146.546020][T20692] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1146.546035][T20692] R13: 00007f4055e16038 R14: 00007f4055e15fa0 R15: 00007ffdd33a0b88 [ 1146.546065][T20692] [ 1147.221357][T18181] Bluetooth: hci2: command 0x0c1a tx timeout [ 1147.295318][T18181] Bluetooth: hci5: command 0x0c1a tx timeout [ 1147.302397][T16081] Bluetooth: hci6: command 0x0c1a tx timeout [ 1147.376263][T18181] Bluetooth: hci7: command 0x0c1a tx timeout [ 1148.253414][T20707] netlink: 338 bytes leftover after parsing attributes in process `syz.1.3437'. [ 1148.341964][T20707] KVM: debugfs: duplicate directory 20707-3 [ 1148.413456][T20709] netlink: 338 bytes leftover after parsing attributes in process `syz.2.3438'. [ 1148.494851][T20709] KVM: debugfs: duplicate directory 20709-3 [ 1148.905365][T18181] Bluetooth: hci4: unexpected event 0x1c length: 725 > 5 [ 1149.158851][T20723] block2mtd: illegal erase size [ 1152.546523][T20759] netlink: 338 bytes leftover after parsing attributes in process `syz.2.3451'. [ 1152.624356][T20759] KVM: debugfs: duplicate directory 20759-3 [ 1153.066759][T18181] Bluetooth: hci0: unexpected event 0x1c length: 725 > 5 [ 1156.087828][T18181] Bluetooth: hci0: unexpected event 0x1c length: 725 > 5 [ 1159.440645][T18181] Bluetooth: hci0: unexpected event 0x1c length: 725 > 5 [ 1160.734065][T20850] Invalid ELF header magic: != ELF [ 1164.448807][T18181] Bluetooth: hci0: unexpected event 0x1c length: 725 > 5 [ 1164.959679][T20879] KVM: debugfs: duplicate directory 20879-3 [ 1164.976090][T20876] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(12) [ 1166.881272][T20896] netlink: 202 bytes leftover after parsing attributes in process `syz.1.3486'. [ 1167.192747][T20902] netlink: 338 bytes leftover after parsing attributes in process `syz.2.3489'. [ 1167.223798][T20900] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3488'. [ 1167.247366][T20902] KVM: debugfs: duplicate directory 20902-3 [ 1167.255814][T20900] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1167.263492][T20900] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1167.296323][T20900] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1167.306614][T20900] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1168.157562][T20921] FAULT_INJECTION: forcing a failure. [ 1168.157562][T20921] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1168.183939][T20921] CPU: 0 UID: 0 PID: 20921 Comm: syz.1.3495 Tainted: G L syzkaller #0 PREEMPT(full) [ 1168.183978][T20921] Tainted: [L]=SOFTLOCKUP [ 1168.183988][T20921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1168.184003][T20921] Call Trace: [ 1168.184012][T20921] [ 1168.184021][T20921] dump_stack_lvl+0x100/0x190 [ 1168.184082][T20921] should_fail_ex.cold+0x5/0xa [ 1168.184112][T20921] _copy_to_user+0x32/0xd0 [ 1168.184148][T20921] simple_read_from_buffer+0xcb/0x170 [ 1168.184189][T20921] proc_fail_nth_read+0x1af/0x230 [ 1168.184222][T20921] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1168.184255][T20921] ? rw_verify_area+0xce/0x6d0 [ 1168.184292][T20921] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1168.184323][T20921] vfs_read+0x1e4/0xb30 [ 1168.184351][T20921] ? __pfx_vfs_read+0x10/0x10 [ 1168.184373][T20921] ? __fget_files+0x215/0x3d0 [ 1168.184403][T20921] ? __fget_files+0x21f/0x3d0 [ 1168.184435][T20921] ksys_read+0x12a/0x250 [ 1168.184458][T20921] ? __pfx_ksys_read+0x10/0x10 [ 1168.184489][T20921] do_syscall_64+0x106/0xf80 [ 1168.184515][T20921] ? clear_bhb_loop+0x40/0x90 [ 1168.184545][T20921] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1168.184569][T20921] RIP: 0033:0x7f4055b5d04e [ 1168.184592][T20921] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1168.184615][T20921] RSP: 002b:00007f4056b15fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1168.184638][T20921] RAX: ffffffffffffffda RBX: 00007f4056b166c0 RCX: 00007f4055b5d04e [ 1168.184654][T20921] RDX: 000000000000000f RSI: 00007f4056b160a0 RDI: 0000000000000004 [ 1168.184669][T20921] RBP: 00007f4056b16090 R08: 0000000000000000 R09: 0000000000000000 [ 1168.184683][T20921] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1168.184698][T20921] R13: 00007f4055e16038 R14: 00007f4055e15fa0 R15: 00007ffdd33a0b88 [ 1168.184729][T20921] [ 1168.511838][T18181] Bluetooth: hci0: unexpected event 0x1c length: 725 > 5 [ 1168.947647][T18181] Bluetooth: hci0: unexpected event 0x1c length: 725 > 5 [ 1169.718390][T20945] KVM: debugfs: duplicate directory 20945-3 [ 1170.178771][T20960] block2mtd: illegal erase size [ 1171.336085][T20980] netlink: 338 bytes leftover after parsing attributes in process `syz.1.3513'. [ 1171.393046][T20980] KVM: debugfs: duplicate directory 20980-3 [ 1171.871562][ T31] audit: type=1800 audit(4294967800.860:23): pid=20988 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3516" name="dbroot" dev="configfs" ino=101729 res=0 errno=0 [ 1171.984357][ T31] audit: type=1800 audit(4294967800.960:24): pid=20987 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3516" name="dbroot" dev="configfs" ino=101731 res=0 errno=0 [ 1172.542207][T18181] Bluetooth: hci4: unexpected event 0x1c length: 725 > 5 [ 1172.638725][T21002] smc: net device dummy0 erased user defined pnetid DUMMY0 [ 1174.931776][T21039] zswap: compressor not available [ 1175.304480][T21046] zswap: compressor /sys5 not available [ 1175.535913][T16081] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 1175.549415][T16081] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 1175.559393][T16081] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 1175.570765][T16081] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 1175.579443][T16081] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 1176.365724][T18181] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 1176.382029][T18181] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 1176.391707][T18181] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 1176.402550][T18181] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 1176.410785][T18181] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 1176.816685][T21062] chnl_net:caif_netlink_parms(): no params data found [ 1177.213867][T21062] bridge0: port 1(bridge_slave_0) entered blocking state [ 1177.249908][T21062] bridge0: port 1(bridge_slave_0) entered disabled state [ 1177.285327][T21062] bridge_slave_0: entered allmulticast mode [ 1177.303182][T21062] bridge_slave_0: entered promiscuous mode [ 1177.340340][T21074] chnl_net:caif_netlink_parms(): no params data found [ 1177.393121][T21062] bridge0: port 2(bridge_slave_1) entered blocking state [ 1177.406475][T21062] bridge0: port 2(bridge_slave_1) entered disabled state [ 1177.425238][T21062] bridge_slave_1: entered allmulticast mode [ 1177.442309][T21062] bridge_slave_1: entered promiscuous mode [ 1177.615673][T18181] Bluetooth: hci8: command tx timeout [ 1177.639043][T21062] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1177.707604][T21062] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1177.883988][T21062] team0: Port device team_slave_0 added [ 1177.926652][T21062] team0: Port device team_slave_1 added [ 1178.239298][T21062] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1178.270480][T21062] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1178.365091][T21062] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1178.402041][T21074] bridge0: port 1(bridge_slave_0) entered blocking state [ 1178.437249][T21074] bridge0: port 1(bridge_slave_0) entered disabled state [ 1178.465052][T21074] bridge_slave_0: entered allmulticast mode [ 1178.483779][T18181] Bluetooth: hci4: unexpected event 0x1c length: 725 > 5 [ 1178.487477][T21074] bridge_slave_0: entered promiscuous mode [ 1178.501288][T18181] Bluetooth: hci9: command tx timeout [ 1178.531164][T21074] bridge0: port 2(bridge_slave_1) entered blocking state [ 1178.569227][T21074] bridge0: port 2(bridge_slave_1) entered disabled state [ 1178.583415][T18562] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm kworker/u10:38: bg 2: bad block bitmap checksum [ 1178.626131][T21074] bridge_slave_1: entered allmulticast mode [ 1178.653503][T21074] bridge_slave_1: entered promiscuous mode [ 1178.662465][T18562] EXT4-fs (sda1): Delayed block allocation failed for inode 2028 at logical offset 6 with max blocks 6 with error 74 [ 1178.696119][T21062] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1178.703774][T21062] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1178.748644][T18562] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1178.748644][T18562] [ 1178.859269][T21062] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1178.873563][T21111] block2mtd: illegal erase size [ 1178.945258][T21113] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3536'. [ 1179.086743][T21074] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1179.146496][T21115] netlink: 'syz.2.3536': attribute type 1 has an invalid length. [ 1179.176109][T21115] netlink: 198 bytes leftover after parsing attributes in process `syz.2.3536'. [ 1179.241422][T21074] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1179.351613][T21062] hsr_slave_0: entered promiscuous mode [ 1179.382020][T21062] hsr_slave_1: entered promiscuous mode [ 1179.408138][T21062] debugfs: 'hsr0' already exists in 'hsr' [ 1179.433957][T21062] Cannot create hsr debugfs directory [ 1179.537343][T21074] team0: Port device team_slave_0 added [ 1179.576152][T21074] team0: Port device team_slave_1 added [ 1179.589393][T21118] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3537'. [ 1179.696567][T18181] Bluetooth: hci8: command tx timeout [ 1179.773646][T21074] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1179.807613][T21074] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1179.897885][T21074] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1179.925492][T21121] netlink: 338 bytes leftover after parsing attributes in process `syz.2.3538'. [ 1179.983001][T21074] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1180.018072][T21074] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1180.050002][T21124] KVM: debugfs: duplicate directory 21124-3 [ 1180.116246][T21074] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1180.449271][T21074] hsr_slave_0: entered promiscuous mode [ 1180.477161][T21074] hsr_slave_1: entered promiscuous mode [ 1180.512932][T21074] debugfs: 'hsr0' already exists in 'hsr' [ 1180.528085][T21074] Cannot create hsr debugfs directory [ 1180.575311][T18181] Bluetooth: hci9: command tx timeout [ 1181.775164][T18181] Bluetooth: hci8: command tx timeout [ 1182.655083][T18181] Bluetooth: hci9: command tx timeout [ 1183.163211][T21151] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3545'. [ 1183.857322][T18181] Bluetooth: hci8: command tx timeout [ 1184.019719][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1184.026974][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1184.735376][T18181] Bluetooth: hci9: command tx timeout [ 1186.440744][T21180] block2mtd: illegal erase size [ 1187.357489][T21190] smc: net device dummy0 applied user defined pnetid DUMMY0 [ 1187.769668][T21195] netlink: 338 bytes leftover after parsing attributes in process `syz.2.3555'. [ 1187.843023][T21195] KVM: debugfs: duplicate directory 21195-3 [ 1188.306520][T21203] KVM: debugfs: duplicate directory 21203-3 [ 1189.278636][T21219] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3562'. [ 1190.038088][T21225] KVM: debugfs: duplicate directory 21225-3 [ 1192.437501][T21246] netlink: 338 bytes leftover after parsing attributes in process `syz.1.3568'. [ 1192.511084][T21246] KVM: debugfs: duplicate directory 21246-3 [ 1193.650668][T21257] KVM: debugfs: duplicate directory 21257-3 [ 1194.154171][T21267] block2mtd: illegal erase size [ 1197.355170][T18181] Bluetooth: hci0: unexpected event 0x1c length: 725 > 5 [ 1197.842057][T18181] Bluetooth: hci0: unexpected event 0x1c length: 725 > 5 [ 1200.173449][T21313] FAULT_INJECTION: forcing a failure. [ 1200.173449][T21313] name failslab, interval 1, probability 0, space 0, times 0 [ 1200.225123][T21313] CPU: 0 UID: 0 PID: 21313 Comm: syz.2.3584 Tainted: G L syzkaller #0 PREEMPT(full) [ 1200.225162][T21313] Tainted: [L]=SOFTLOCKUP [ 1200.225171][T21313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1200.225187][T21313] Call Trace: [ 1200.225196][T21313] [ 1200.225212][T21313] dump_stack_lvl+0x100/0x190 [ 1200.225254][T21313] should_fail_ex.cold+0x5/0xa [ 1200.225283][T21313] should_failslab+0xc2/0x120 [ 1200.225311][T21313] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 1200.225352][T21313] ? __alloc_skb+0x140/0x710 [ 1200.225395][T21313] __alloc_skb+0x140/0x710 [ 1200.225432][T21313] ? __alloc_skb+0x5b7/0x710 [ 1200.225468][T21313] ? __pfx___alloc_skb+0x10/0x10 [ 1200.225514][T21313] netlink_alloc_large_skb+0x69/0x150 [ 1200.225544][T21313] netlink_sendmsg+0x680/0xda0 [ 1200.225575][T21313] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1200.225600][T21313] ? __import_iovec+0x1d2/0x640 [ 1200.225643][T21313] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 1200.225674][T21313] ____sys_sendmsg+0x9e1/0xb70 [ 1200.225702][T21313] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1200.225731][T21313] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1200.225774][T21313] ___sys_sendmsg+0x190/0x1e0 [ 1200.225807][T21313] ? __pfx____sys_sendmsg+0x10/0x10 [ 1200.225872][T21313] __sys_sendmsg+0x170/0x220 [ 1200.225897][T21313] ? __pfx___sys_sendmsg+0x10/0x10 [ 1200.225939][T21313] do_syscall_64+0x106/0xf80 [ 1200.225964][T21313] ? clear_bhb_loop+0x40/0x90 [ 1200.226000][T21313] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1200.226025][T21313] RIP: 0033:0x7f70a2f9c819 [ 1200.226045][T21313] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1200.226069][T21313] RSP: 002b:00007f70a3e06028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1200.226099][T21313] RAX: ffffffffffffffda RBX: 00007f70a3215fa0 RCX: 00007f70a2f9c819 [ 1200.226115][T21313] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003 [ 1200.226130][T21313] RBP: 00007f70a3e06090 R08: 0000000000000000 R09: 0000000000000000 [ 1200.226145][T21313] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1200.226159][T21313] R13: 00007f70a3216038 R14: 00007f70a3215fa0 R15: 00007ffd3b8cbca8 [ 1200.226190][T21313] [ 1201.348264][T21323] smc: net device dummy0 erased user defined pnetid DUMMY0 [ 1201.588769][T21325] KVM: debugfs: duplicate directory 21325-3 [ 1203.387407][T21343] KVM: debugfs: duplicate directory 21343-3 [ 1203.587729][T21345] netlink: 25 bytes leftover after parsing attributes in process `syz.2.3594'. [ 1203.855218][ T32] INFO: task syz.3.3126:19471 blocked for more than 143 seconds. SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1203.904547][ T32] Tainted: G L syzkaller #0 [ 1203.947143][ T32] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1203.983853][ T32] task:syz.3.3126 state:D stack:26072 pid:19471 tgid:19470 ppid:16218 task_flags:0x480140 flags:0x00080006 [ 1204.053699][ T32] Call Trace: [ 1204.075121][ T32] [ 1204.078272][ T32] __schedule+0xfee/0x6120 [ 1204.083320][ T32] ? __lock_acquire+0x4a5/0x2630 [ 1204.125004][ T32] ? __pfx___schedule+0x10/0x10 [ 1204.150099][ T32] ? find_held_lock+0x2b/0x80 [ 1204.183856][ T32] ? schedule+0x2bf/0x390 [ 1204.204968][ T32] schedule+0xdd/0x390 [ 1204.231272][ T32] schedule_timeout+0x1b2/0x280 [ 1204.261099][ T32] ? __pfx_schedule_timeout+0x10/0x10 [ 1204.290797][ T32] ? mark_held_locks+0x40/0x70 [ 1204.315113][ T32] __wait_for_common+0x2e7/0x4c0 [ 1204.394754][ T32] ? __pfx_schedule_timeout+0x10/0x10 [ 1204.465143][ T32] ? __pfx___wait_for_common+0x10/0x10 [ 1204.516192][ T32] remove_one+0x312/0x420 [ 1204.521313][ T32] ? find_next_child+0x18f/0x280 [ 1204.585002][ T32] __simple_recursive_removal+0x148/0x5c0 [ 1204.591171][ T32] ? __pfx_remove_one+0x10/0x10 [ 1204.633502][ T32] debugfs_remove+0x5d/0x80 [ 1204.649409][ T32] nsim_dev_health_exit+0x3b/0xe0 [ 1204.654781][ T32] nsim_dev_reload_destroy+0x144/0x4a0 [ 1204.701341][ T32] nsim_drv_remove+0x52/0x1e0 [ 1204.737236][ T32] ? __pfx_nsim_bus_remove+0x10/0x10 [ 1204.755323][ T32] device_remove+0xcb/0x180 [ 1204.760440][ T32] device_release_driver_internal+0x44e/0x620 [ 1204.795135][ T32] bus_remove_device+0x2bc/0x560 [ 1204.800923][ T32] ? __pfx_bus_remove_device+0x10/0x10 [ 1204.835085][ T32] ? __pfx_device_remove_attrs+0x10/0x10 [ 1204.841170][ T32] ? up_write+0x290/0x4f0 [ 1204.875084][ T32] device_del+0x376/0x9b0 [ 1204.880339][ T32] ? __pfx_device_del+0x10/0x10 [ 1204.899381][ T32] ? __lock_acquire+0x4a5/0x2630 [ 1204.915080][ T32] device_unregister+0x1d/0xe0 [ 1204.921065][ T32] del_device_store+0x346/0x480 [ 1204.945055][ T32] ? __pfx_del_device_store+0x10/0x10 [ 1204.952182][ T32] ? find_held_lock+0x2b/0x80 [ 1204.965793][ T32] ? sysfs_file_kobj+0xe4/0x290 [ 1204.971565][ T32] ? sysfs_file_kobj+0xe4/0x290 [ 1204.995414][ T32] ? __pfx_del_device_store+0x10/0x10 [ 1205.004206][ T32] bus_attr_store+0x74/0xb0 [ 1205.024984][ T32] ? __pfx_bus_attr_store+0x10/0x10 [ 1205.030651][ T32] sysfs_kf_write+0xf2/0x150 [ 1205.050372][ T32] kernfs_fop_write_iter+0x3e0/0x5f0 [ 1205.075384][ T32] ? __pfx_sysfs_kf_write+0x10/0x10 [ 1205.082033][ T32] vfs_write+0x6ac/0x1070 [ 1205.104974][ T32] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 1205.124957][ T32] ? __pfx_vfs_write+0x10/0x10 [ 1205.130196][ T32] ksys_write+0x12a/0x250 [ 1205.145002][ T32] ? __pfx_ksys_write+0x10/0x10 [ 1205.150271][ T32] do_syscall_64+0x106/0xf80 [ 1205.177432][ T32] ? clear_bhb_loop+0x40/0x90 [ 1205.184073][ T32] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1205.196898][ T32] RIP: 0033:0x7fd95c99c819 [ 1205.202138][ T32] RSP: 002b:00007fd95d7d8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1205.215222][ T32] RAX: ffffffffffffffda RBX: 00007fd95cc15fa0 RCX: 00007fd95c99c819 [ 1205.224027][ T32] RDX: 0000000000000045 RSI: 0000200000000040 RDI: 0000000000000006 [ 1205.233660][ T32] RBP: 00007fd95ca32c91 R08: 0000000000000000 R09: 0000000000000000 [ 1205.242443][ T32] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1205.251170][ T32] R13: 00007fd95cc16038 R14: 00007fd95cc15fa0 R15: 00007ffdaa2bca78 [ 1205.260947][ T32] [ 1205.339744][ T32] INFO: task syz.0.3129:19487 blocked for more than 144 seconds. [ 1205.367593][ T32] Tainted: G L syzkaller #0 [ 1205.374163][ T32] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1205.435044][ T32] task:syz.0.3129 state:D stack:27176 pid:19487 tgid:19485 ppid:16463 task_flags:0x400140 flags:0x00080002 [ 1205.475092][ T32] Call Trace: [ 1205.479115][ T32] [ 1205.495126][ T32] __schedule+0xfee/0x6120 [ 1205.500088][ T32] ? __lock_acquire+0x4a5/0x2630 [ 1205.535287][ T32] ? __pfx___schedule+0x10/0x10 [ 1205.540778][ T32] ? find_held_lock+0x2b/0x80 [ 1205.564942][ T32] ? schedule+0x2bf/0x390 [ 1205.569591][ T32] schedule+0xdd/0x390 [ 1205.573929][ T32] schedule_preempt_disabled+0x13/0x30 [ 1205.635082][ T32] __mutex_lock+0xc9a/0x1b90 [ 1205.640135][ T32] ? netlink_has_listeners+0x20f/0x430 [ 1205.675105][ T32] ? devlink_health_report+0x681/0xb50 [ 1205.681290][ T32] ? __pfx___mutex_lock+0x10/0x10 [ 1205.715093][ T32] ? devlink_recover_notify.constprop.0+0x200/0x670 [ 1205.722426][ T32] ? __lock_acquire+0x401/0x2630 [ 1205.749387][ T32] ? devlink_health_report+0x681/0xb50 [ 1205.794517][ T32] devlink_health_report+0x681/0xb50 [ 1205.805223][ T32] ? __pfx_devlink_health_report+0x10/0x10 [ 1205.811604][ T32] ? _copy_from_user+0x59/0xd0 [ 1205.844353][ T32] nsim_dev_health_break_write+0x166/0x210 [ 1205.861612][ T32] ? __pfx_nsim_dev_health_break_write+0x10/0x10 [ 1205.869705][ T32] full_proxy_write+0x135/0x1a0 [ 1205.875575][ T32] vfs_write+0x2aa/0x1070 [ 1205.880442][ T32] ? __pfx_full_proxy_write+0x10/0x10 [ 1205.886641][ T32] ? __pfx_vfs_write+0x10/0x10 [ 1205.891855][ T32] ? __fget_files+0x215/0x3d0 [ 1205.897641][ T32] ? __fget_files+0x21f/0x3d0 [ 1205.902637][ T32] ksys_write+0x12a/0x250 [ 1205.907951][ T32] ? __pfx_ksys_write+0x10/0x10 [ 1205.913207][ T32] do_syscall_64+0x106/0xf80 [ 1205.918550][ T32] ? clear_bhb_loop+0x40/0x90 [ 1205.923461][ T32] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1205.932365][ T32] RIP: 0033:0x7f92c899c819 [ 1205.938598][ T32] RSP: 002b:00007f92c9906028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1205.948175][ T32] RAX: ffffffffffffffda RBX: 00007f92c8c15fa0 RCX: 00007f92c899c819 [ 1205.960261][ T32] RDX: 00000000000001e1 RSI: 0000200000000080 RDI: 0000000000000005 [ 1205.969785][ T32] RBP: 00007f92c8a32c91 R08: 0000000000000000 R09: 0000000000000000 [ 1205.980849][ T32] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1205.992446][ T32] R13: 00007f92c8c16038 R14: 00007f92c8c15fa0 R15: 00007ffee9b60448 [ 1206.001592][ T32] [ 1206.040927][ T32] INFO: task syz-executor:19694 blocked for more than 145 seconds. [ 1206.050451][T21348] EXT4-fs error (device sda1): ext4_discard_preallocations:5702: comm syz.2.3595: Error -117 reading block bitmap for 2 [ 1206.070210][ T32] Tainted: G L syzkaller #0 [ 1206.081443][ T32] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1206.115194][ T32] task:syz-executor state:D stack:24552 pid:19694 tgid:19694 ppid:1 task_flags:0x400140 flags:0x00080002 [ 1206.145136][ T32] Call Trace: [ 1206.148582][ T32] [ 1206.151686][ T32] __schedule+0xfee/0x6120 [ 1206.165975][ T32] ? __lock_acquire+0x4a5/0x2630 [ 1206.171268][ T32] ? __pfx___schedule+0x10/0x10 [ 1206.189797][ T32] ? find_held_lock+0x2b/0x80 [ 1206.196100][ T32] ? schedule+0x2bf/0x390 [ 1206.201149][T21348] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz.2.3595: bg 1: bad block bitmap checksum [ 1206.214783][ T32] schedule+0xdd/0x390 [ 1206.219877][ T32] schedule_preempt_disabled+0x13/0x30 [ 1206.226266][ T32] __mutex_lock+0xc9a/0x1b90 [ 1206.231275][ T32] ? del_device_store+0xd1/0x480 [ 1206.241476][T21348] EXT4-fs error (device sda1) in ext4_mb_clear_bb:6685: Filesystem failed CRC [ 1206.251869][ T32] ? __pfx___mutex_lock+0x10/0x10 [ 1206.258719][T21348] EXT4-fs error (device sda1): ext4_discard_preallocations:5702: comm syz.2.3595: Error -117 reading block bitmap for 2 [ 1206.273707][ T32] ? sscanf+0xc7/0x100 [ 1206.279218][ T32] ? __pfx_sscanf+0x10/0x10 [ 1206.283821][ T32] ? __lock_acquire+0x4a5/0x2630 [ 1206.305074][ T32] ? __lock_acquire+0x4a5/0x2630 [ 1206.311113][ T32] ? del_device_store+0xd1/0x480 [ 1206.324646][ T32] del_device_store+0xd1/0x480 [ 1206.333672][ T32] ? __pfx_del_device_store+0x10/0x10 [ 1206.347865][ T32] ? find_held_lock+0x2b/0x80 [ 1206.353798][ T32] ? sysfs_file_kobj+0xe4/0x290 [ 1206.359775][ T32] ? sysfs_file_kobj+0xe4/0x290 [ 1206.364795][ T32] ? __pfx_del_device_store+0x10/0x10 [ 1206.370983][ T32] bus_attr_store+0x74/0xb0 [ 1206.376352][ T32] ? __pfx_bus_attr_store+0x10/0x10 [ 1206.383452][ T32] sysfs_kf_write+0xf2/0x150 [ 1206.389765][ T32] kernfs_fop_write_iter+0x3e0/0x5f0 [ 1206.397757][ T32] ? __pfx_sysfs_kf_write+0x10/0x10 [ 1206.403686][ T32] vfs_write+0x6ac/0x1070 [ 1206.408815][ T32] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 1206.414854][ T32] ? __pfx_vfs_write+0x10/0x10 [ 1206.421877][ T32] ? __pfx_do_sys_openat2+0x10/0x10 [ 1206.427929][ T32] ksys_write+0x12a/0x250 [ 1206.432609][ T32] ? __pfx_ksys_write+0x10/0x10 [ 1206.438555][ T32] do_syscall_64+0x106/0xf80 [ 1206.446018][ T32] ? clear_bhb_loop+0x40/0x90 [ 1206.451217][ T32] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1206.458078][ T32] RIP: 0033:0x7fd9c6f5d04e [ 1206.462811][ T32] RSP: 002b:00007ffec33dfe88 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1206.472525][ T32] RAX: ffffffffffffffda RBX: 000055556a56a500 RCX: 00007fd9c6f5d04e [ 1206.482929][ T32] RDX: 0000000000000001 RSI: 00007ffec33dff10 RDI: 0000000000000005 [ 1206.494265][ T32] RBP: 00007fd9c7033514 R08: 0000000000000000 R09: 0000000000000000 [ 1206.508206][ T32] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1206.517309][ T32] R13: 00007ffec33dff10 R14: 00007fd9c7d44620 R15: 0000000000000003 [ 1206.526539][ T32] [ 1206.554051][ T32] INFO: task syz-executor:19711 blocked for more than 146 seconds. [ 1206.567662][ T32] Tainted: G L syzkaller #0 [ 1206.574747][ T32] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1206.584480][ T32] task:syz-executor state:D stack:24712 pid:19711 tgid:19711 ppid:1 task_flags:0x400140 flags:0x00080002 [ 1206.598814][ T32] Call Trace: [ 1206.602829][ T32] [ 1206.606481][ T32] __schedule+0xfee/0x6120 [ 1206.613096][ T32] ? __lock_acquire+0x4a5/0x2630 [ 1206.623887][ T32] ? __pfx___schedule+0x10/0x10 [ 1206.630441][ T32] ? find_held_lock+0x2b/0x80 [ 1206.636785][ T32] ? schedule+0x2bf/0x390 [ 1206.641458][ T32] schedule+0xdd/0x390 [ 1206.648891][ T32] schedule_preempt_disabled+0x13/0x30 [ 1206.655740][ T32] __mutex_lock+0xc9a/0x1b90 [ 1206.661195][ T32] ? del_device_store+0xd1/0x480 [ 1206.667036][ T32] ? __pfx___mutex_lock+0x10/0x10 [ 1206.672659][ T32] ? sscanf+0xc7/0x100 [ 1206.677615][ T32] ? __pfx_sscanf+0x10/0x10 [ 1206.682666][ T32] ? __lock_acquire+0x4a5/0x2630 [ 1206.689324][ T32] ? __lock_acquire+0x4a5/0x2630 [ 1206.695397][ T32] ? del_device_store+0xd1/0x480 [ 1206.700802][ T32] del_device_store+0xd1/0x480 [ 1206.707364][ T32] ? __pfx_del_device_store+0x10/0x10 [ 1206.713367][ T32] ? find_held_lock+0x2b/0x80 [ 1206.719307][ T32] ? sysfs_file_kobj+0xe4/0x290 [ 1206.724525][ T32] ? sysfs_file_kobj+0xe4/0x290 [ 1206.733375][ T32] ? __pfx_del_device_store+0x10/0x10 [ 1206.739994][ T32] bus_attr_store+0x74/0xb0 [ 1206.744854][ T32] ? __pfx_bus_attr_store+0x10/0x10 [ 1206.754061][ T32] sysfs_kf_write+0xf2/0x150 [ 1206.759993][ T32] kernfs_fop_write_iter+0x3e0/0x5f0 [ 1206.766404][ T32] ? __pfx_sysfs_kf_write+0x10/0x10 [ 1206.772724][ T32] vfs_write+0x6ac/0x1070 [ 1206.778116][ T32] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 1206.787495][ T32] ? __pfx_vfs_write+0x10/0x10 [ 1206.793333][ T32] ? __pfx_do_sys_openat2+0x10/0x10 [ 1206.799813][ T32] ksys_write+0x12a/0x250 [ 1206.804651][ T32] ? __pfx_ksys_write+0x10/0x10 [ 1206.810565][ T32] do_syscall_64+0x106/0xf80 [ 1206.816352][ T32] ? clear_bhb_loop+0x40/0x90 [ 1206.821482][ T32] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1206.828220][ T32] RIP: 0033:0x7f1ce4d5d04e [ 1206.833429][ T32] RSP: 002b:00007ffdef479568 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1206.845857][ T32] RAX: ffffffffffffffda RBX: 000055556a8c3500 RCX: 00007f1ce4d5d04e [ 1206.858835][ T32] RDX: 0000000000000001 RSI: 00007ffdef4795f0 RDI: 0000000000000005 [ 1206.868400][ T32] RBP: 00007f1ce4e33514 R08: 0000000000000000 R09: 0000000000000000 [ 1206.877959][ T32] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1206.887380][ T32] R13: 00007ffdef4795f0 R14: 00007f1ce5b44620 R15: 0000000000000003 [ 1206.897199][ T32] [ 1206.928572][ T32] [ 1206.928572][ T32] Showing all locks held in the system: [ 1206.966544][ T32] 1 lock held by khungtaskd/32: [ 1206.972151][ T32] #0: ffffffff8e7e75e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184 [ 1206.999280][ T32] 2 locks held by getty/12744: [ 1207.004458][ T32] #0: ffff8880339ae0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 1207.026492][T21338] EXT4-fs error (device sda1): ext4_discard_preallocations:5702: comm syz.1.3591: Error -117 reading block bitmap for 2 [ 1207.039895][ T32] #1: ffffc90003b392f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x419/0x1500 [ 1207.057947][ T32] 3 locks held by kworker/0:5/16193: [ 1207.063822][ T32] #0: ffff88813fe63148 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x1310/0x19a0 [ 1207.095082][ T32] #1: ffffc90004257d08 ((fqdir_free_work).work){+.+.}-{0:0}, at: process_one_work+0x988/0x19a0 [ 1207.124988][ T32] #2: ffffffff8e7f3000 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x48/0x6d0 [ 1207.146630][ T32] 2 locks held by kworker/u10:25/18537: [ 1207.152807][ T32] #0: ffff88801ebef948 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_one_work+0x1310/0x19a0 [ 1207.167934][ T32] #1: ffffc90004d1fd08 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_one_work+0x988/0x19a0 [ 1207.180375][ T32] 3 locks held by kworker/u10:27/18539: [ 1207.187446][ T32] #0: ffff88801c6b6948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x1310/0x19a0 [ 1207.199345][ T32] #1: ffffc90004ddfd08 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x988/0x19a0 [ 1207.211553][ T32] #2: ffffffff8e7f3000 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x48/0x6d0 [ 1207.224278][ T32] 8 locks held by syz.3.3126/19471: [ 1207.230521][ T32] #0: ffff88802071f7b8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2aa/0x380 [ 1207.241398][ T32] #1: ffff8880376e8420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1207.251337][ T32] #2: ffff88807a59a888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 1207.264229][ T32] #3: ffff888028e55b48 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 1207.276872][ T32] #4: ffffffff8fb6f088 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 1207.288963][ T32] #5: ffff8880796ba130 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xb2/0x620 [ 1207.303381][ T32] #6: ffff88807dbf2250 (&devlink->lock_key#9){+.+.}-{4:4}, at: nsim_drv_remove+0x4a/0x1e0 [ 1207.314576][ T32] #7: ffff8880603dcb58 (&sb->s_type->i_mutex_key#10/2){+.+.}-{4:4}, at: __simple_recursive_removal+0xe0/0x5c0 [ 1207.328761][ T32] 3 locks held by syz.0.3129/19487: [ 1207.334526][ T32] #0: ffff8880337020f8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2aa/0x380 [ 1207.344722][ T32] #1: ffff8880202e0420 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1207.355359][ T32] #2: ffff88807dbf2250 (&devlink->lock_key#9){+.+.}-{4:4}, at: devlink_health_report+0x681/0xb50 [ 1207.369737][ T32] 4 locks held by syz-executor/19694: [ 1207.381284][ T32] #0: ffff8880376e8420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1207.394753][ T32] #1: ffff888065e1a888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 1207.408087][ T32] #2: ffff888028e55b48 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 1207.419154][ T32] #3: ffffffff8fb6f088 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 1207.430363][ T32] 4 locks held by syz-executor/19711: [ 1207.436566][ T32] #0: ffff8880376e8420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1207.446557][ T32] #1: ffff888060482488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 1207.459202][ T32] #2: ffff888028e55b48 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 1207.473156][ T32] #3: ffffffff8fb6f088 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 1207.485910][ T32] 4 locks held by syz-executor/20359: [ 1207.491603][ T32] #0: ffff8880376e8420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1207.505631][ T32] #1: ffff888029b1a088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 1207.518412][ T32] #2: ffff888028e55b48 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 1207.529777][ T32] #3: ffffffff8fb6f088 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 1207.541706][ T32] 4 locks held by syz-executor/20376: [ 1207.547883][ T32] #0: ffff8880376e8420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1207.558213][ T32] #1: ffff88802bb2f888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 1207.571037][ T32] #2: ffff888028e55b48 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 1207.582033][ T32] #3: ffffffff8fb6f088 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 1207.593580][ T32] 4 locks held by syz-executor/21062: [ 1207.599394][ T32] #0: ffff8880376e8420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1207.610975][ T32] #1: ffff8880b3725488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 1207.621499][ T32] #2: ffff888028e55b48 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 1207.633716][ T32] #3: ffffffff8fb6f088 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 1207.645429][ T32] 4 locks held by syz-executor/21074: [ 1207.651242][ T32] #0: ffff8880376e8420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1207.661729][ T32] #1: ffff888020b93088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 1207.674456][ T32] #2: ffff888028e55b48 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 1207.685672][ T32] #3: ffffffff8fb6f088 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 1207.727018][ T32] [ 1207.729494][ T32] ============================================= [ 1207.729494][ T32] [ 1207.757964][ T32] NMI backtrace for cpu 0 [ 1207.757990][ T32] CPU: 0 UID: 0 PID: 32 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full) [ 1207.758023][ T32] Tainted: [L]=SOFTLOCKUP [ 1207.758032][ T32] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1207.758047][ T32] Call Trace: [ 1207.758056][ T32] [ 1207.758066][ T32] dump_stack_lvl+0x100/0x190 [ 1207.758107][ T32] nmi_cpu_backtrace.cold+0x12d/0x151 [ 1207.758148][ T32] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1207.758186][ T32] nmi_trigger_cpumask_backtrace+0x1d7/0x230 [ 1207.758227][ T32] sys_info+0x141/0x190 [ 1207.758257][ T32] watchdog+0xd25/0x1050 [ 1207.758304][ T32] ? __pfx_watchdog+0x10/0x10 [ 1207.758330][ T32] ? __kthread_parkme+0x18c/0x230 [ 1207.758361][ T32] ? kthread+0x13a/0x450 [ 1207.758392][ T32] ? __pfx_watchdog+0x10/0x10 [ 1207.758414][ T32] kthread+0x370/0x450 [ 1207.758445][ T32] ? __pfx_kthread+0x10/0x10 [ 1207.758480][ T32] ret_from_fork+0x754/0xd80 [ 1207.758518][ T32] ? __pfx_ret_from_fork+0x10/0x10 [ 1207.758557][ T32] ? __switch_to+0x7b4/0x1120 [ 1207.758584][ T32] ? __pfx_kthread+0x10/0x10 [ 1207.758620][ T32] ret_from_fork_asm+0x1a/0x30 [ 1207.758661][ T32] [ 1207.914718][T18539] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1207.951517][ T32] Kernel panic - not syncing: hung_task: blocked tasks [ 1207.960025][ T32] CPU: 0 UID: 0 PID: 32 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full) [ 1207.971718][ T32] Tainted: [L]=SOFTLOCKUP [ 1207.977220][ T32] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1207.990301][ T32] Call Trace: [ 1207.993824][ T32] [ 1207.997841][ T32] dump_stack_lvl+0x100/0x190 [ 1208.003183][ T32] vpanic+0x552/0x970 [ 1208.007892][ T32] ? __pfx_vpanic+0x10/0x10 [ 1208.013580][ T32] ? nmi_trigger_cpumask_backtrace+0x182/0x230 [ 1208.020587][ T32] panic+0xd1/0xe0 [ 1208.025000][ T32] ? __pfx_panic+0x10/0x10 [ 1208.030224][ T32] ? nmi_trigger_cpumask_backtrace+0x1b5/0x230 [ 1208.037753][ T32] ? nmi_trigger_cpumask_backtrace+0x1f6/0x230 [ 1208.044575][ T32] ? nmi_trigger_cpumask_backtrace+0x200/0x230 [ 1208.051223][ T32] ? watchdog.cold+0x198/0x1ca [ 1208.056309][ T32] ? watchdog+0xd35/0x1050 [ 1208.061193][ T32] watchdog.cold+0x1a9/0x1ca [ 1208.065930][ T32] ? __pfx_watchdog+0x10/0x10 [ 1208.071092][ T32] ? __kthread_parkme+0x18c/0x230 [ 1208.076436][ T32] ? kthread+0x13a/0x450 [ 1208.080841][ T32] ? __pfx_watchdog+0x10/0x10 [ 1208.085851][ T32] kthread+0x370/0x450 [ 1208.090324][ T32] ? __pfx_kthread+0x10/0x10 [ 1208.095543][ T32] ret_from_fork+0x754/0xd80 [ 1208.100629][ T32] ? __pfx_ret_from_fork+0x10/0x10 [ 1208.106727][ T32] ? __switch_to+0x7b4/0x1120 [ 1208.112036][ T32] ? __pfx_kthread+0x10/0x10 [ 1208.117048][ T32] ret_from_fork_asm+0x1a/0x30 [ 1208.122398][ T32] [ 1208.125885][ T32] Kernel Offset: disabled [ 1208.130522][ T32] Rebooting in 86400 seconds..