last executing test programs: 6.729627443s ago: executing program 2 (id=2503): socket$nl_generic(0x10, 0x3, 0x10) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000002f80)={&(0x7f0000000040)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB="04002bbd7000ffdbdf250500000008000500030000000c0001800800030008000000"], 0x28}, 0x1, 0x0, 0x0, 0x278e18a297a8387c}, 0x24000802) mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) close_range$auto(0x2, 0x8000, 0x0) socket(0xa, 0x5, 0x0) socket(0x10, 0x2, 0x0) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000426bd7000fddbdf250300000004000800040003374b0008"], 0x20}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="db002cbd7000fbdbdf250a"], 0x1c}, 0x1, 0x0, 0x0, 0x20040004}, 0x20008810) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="18"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 6.356184998s ago: executing program 2 (id=2496): sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB="c04b13129ebc9478eaa9f240752ec50ec50a40000000000000009b9782eb2b3aa2a52d3e736697127a5307c0bdb9386f8bc399ba76d0317253be7da737f212cd78cb72b2080ca2bb9d1d0e56832fc9e77773c6907136063056c9ee1bcd261540523d425110bf4881c43bffffff7f000000003f56c135050a0ca79ef9087c12d48200faf749e21f85c0", @ANYRESDEC=0x0, @ANYBLOB="100025bd7000fbdbdf250200000008000100fb19a1450c000e"], 0x28}}, 0x4004024) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, r0, 0x8000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x288202, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) close_range$auto(0x2, 0xa, 0x0) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/est_cpulist\x00', 0x0, 0x0) read$auto(r1, &(0x7f00000001c0)='\x80\b\xea\x01\xdeAk*\t\xb8\x01\x00', 0x461e) io_uring_setup$auto(0x1fd, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, 0x0, 0x100000e3d9) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/loop12/queue/max_integrity_segments\x00', 0x42a283, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f00000008c0)=""/61, 0x3d) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x1a1842, 0x0) write$auto(r3, &(0x7f0000000000)='9\x00d1L\xff\x15\xba\xa17=(\xc1\xf8\xff\xff\v\xb5^\xa1/[', 0x4) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ram7\x00', 0x16f602, 0x0) r5 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nbd10\x00', 0x1206c2, 0x0) write$auto(r5, &(0x7f0000000000)='//\xf2\x00', 0x80000000) ioctl$auto_BLKRRPART(r4, 0x125f, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x103e81, 0x0) r6 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x0, 0x0) ioctl$auto_TCFLSH2(r6, 0x5408, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) 6.009368227s ago: executing program 0 (id=2498): sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB="c04b13129ebc9478eaa9f240752ec50ec50a40000000000000009b9782eb2b3aa2a52d3e736697127a5307c0bdb9386f8bc399ba76d0317253be7da737f212cd78cb72b2080ca2bb9d1d0e56832fc9e77773c6907136063056c9ee1bcd261540523d425110bf4881c43bffffff7f000000003f56c135050a0ca79ef9087c12d48200faf749e21f85c0", @ANYBLOB="100025bd7000fbdbdf250200000008000100fb19a1450c000e"], 0x28}}, 0x4004024) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x288202, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) close_range$auto(0x2, 0xa, 0x0) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/est_cpulist\x00', 0x0, 0x0) read$auto(r0, &(0x7f00000001c0)='\x80\b\xea\x01\xdeAk*\t\xb8\x01\x00', 0x461e) io_uring_setup$auto(0x1fd, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, 0x0, 0x100000e3d9) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/loop12/queue/max_integrity_segments\x00', 0x42a283, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f00000008c0)=""/61, 0x3d) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x1a1842, 0x0) write$auto(r2, &(0x7f0000000000)='9\x00d1L\xff\x15\xba\xa17=(\xc1\xf8\xff\xff\v\xb5^\xa1/[', 0x4) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ram7\x00', 0x16f602, 0x0) mmap$auto(0x0, 0x2020009, 0x2, 0xf8, 0xfffffffffffffffa, 0x8000) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nbd10\x00', 0x1206c2, 0x0) write$auto(r4, &(0x7f0000000000)='//\xf2\x00', 0x80000000) ioctl$auto_BLKRRPART(r3, 0x125f, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x103e81, 0x0) r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x0, 0x0) ioctl$auto_TCFLSH2(r5, 0x5408, 0x0) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) 5.898944823s ago: executing program 2 (id=2499): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000000540), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dri/card1\x00', 0x101002, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000001540)={'netdevsim0\x00', 0x0}) sendmsg$auto_NET_SHAPER_CMD_GET2(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r1, 0x1, 0x70bd29, 0x25dfdbfc, {}, [@NET_SHAPER_A_IFINDEX={0x8, 0x8, r3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x60040010}, 0x10) r4 = socket(0x10, 0x2, 0x0) r5 = socket(0x11, 0x3, 0x9) r6 = openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/ieee80211/phy1/aql_txq_limit\x00', 0x822, 0x0) write$auto(r6, 0x0, 0xa50f) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48}) sendmmsg$auto(r5, &(0x7f00000006c0)={{&(0x7f0000000000), 0x5ac, &(0x7f0000000100)={&(0x7f0000000200)="4c0300000000000000a3677337f9eca9075f6bba831b53", 0x49}, 0x5, &(0x7f0000000700), 0x5, 0x1}, 0x5}, 0x2, 0x100) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="1e00df45"], 0x1ac}}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB='R'], 0x1ac}}, 0x40000) 5.393348034s ago: executing program 2 (id=2500): sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB="c04b13129ebc9478eaa9f240752ec50ec50a40000000000000009b9782eb2b3aa2a52d3e736697127a5307c0bdb9386f8bc399ba76d0317253be7da737f212cd78cb72b2080ca2bb9d1d0e56832fc9e77773c6907136063056c9ee1bcd261540523d425110bf4881c43bffffff7f000000003f56c135050a0ca79ef9087c12d48200faf749e21f85c0", @ANYRESDEC=0x0, @ANYBLOB="100025bd7000fbdbdf250200000008000100fb19a1450c00"], 0x28}}, 0x4004024) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x288202, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) close_range$auto(0x2, 0xa, 0x0) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/est_cpulist\x00', 0x0, 0x0) read$auto(r0, &(0x7f00000001c0)='\x80\b\xea\x01\xdeAk*\t\xb8\x01\x00', 0x461e) io_uring_setup$auto(0x1fd, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, 0x0, 0x100000e3d9) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/loop12/queue/max_integrity_segments\x00', 0x42a283, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f00000008c0)=""/61, 0x3d) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x1a1842, 0x0) write$auto(r2, &(0x7f0000000000)='9\x00d1L\xff\x15\xba\xa17=(\xc1\xf8\xff\xff\v\xb5^\xa1/[', 0x4) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ram7\x00', 0x16f602, 0x0) mmap$auto(0x0, 0x2020009, 0x2, 0xf8, 0xfffffffffffffffa, 0x8000) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nbd10\x00', 0x1206c2, 0x0) write$auto(r4, &(0x7f0000000000)='//\xf2\x00', 0x80000000) ioctl$auto_BLKRRPART(r3, 0x125f, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x103e81, 0x0) r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x0, 0x0) ioctl$auto_TCFLSH2(r5, 0x5408, 0x0) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) 5.392068582s ago: executing program 1 (id=2509): unshare$auto(0x40000080) mmap$auto(0x0, 0x20009, 0x7, 0x12, 0xffffffffffffffff, 0xf4e) mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000) r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r0, &(0x7f0000001bc0)="51426572911c17e9dd66bf94ea32689283bb895dbc0a97721ed6e250c974356905898b7d48acecddf280cf6dd4ba18c1aa3928071c6585025ceab0e2f34f37ddec138ea587fc4def825608b0ab2a6ecac42062bd3c58ba606307b7471b20a40ffa168b91dde6727571c4ec94bfbde1df90ccb265ffda374c98ffb1ee22069af38a3f200532dbbe5e98f4455170e9a137517b9b7b8840359940ab00f37125c2bec0ac36606b6c69edb35967d723fb81a15faea2bd280d1581ad1ef597bb4dc09f6a5d53aaff1877b77c4e425761dc09d34498c1fce72c0ba1041a99b8748a37597b9567cda1de2cbf6962798e5ee11bf7cb2c70a9502f33c43b8e5dc54de743a2e24cb94c22d669b434888a7ce4cb16cd77b324258e07af32adc0cb38f8c622085783f6804edc3913fb9e98c55713fa0bf8101ad0f6f43407ce4be0001d1bb201bec283ade79ab23484c1076e703864629ac9a6031533dc956f705f89f0e0ef7d3109e46859d1f2ad1b8cb3cfcedf868a3be101e8b9acd75e39e6a27a541aa9fe86ad3119b7049c3fad2a901222eb948cabb4b5c3e5ba6ffc02a15bf7d550b00ab0f3dd3002924f7bd0701269ae293c4cb231b9127d1f6b38dd6fbb3429905384eed7eed9330a9c5e732bdd510169d9ca3e420ea2102be3770a0ab598c037b8f01e8910cf8b0942aafb156ac90724cf552df158a7f59c26e62f3fcf32d860c2259cb1b3118a773ff3cfbaf9c5b068dade5cd7778f1ea98700629b62534735fef3071c30afa6ea26f7e651ec140936c07d9e90f1c9faef3e05376b1e121af6a6691616c10e19fd4f16b1858b44d99e597908cda0e8fa8c21d8b700987d7723a4b5a4ff3c371f2d1cb9fb2f054abc58727239ba67a173f1431083fedc7c4304488c13c75e4995a58ac9de085377356ddc5338aeb44e7f3d06f82a5e0c846159c881a0395a3dbf32a9f2530a520721431a752b13b01a89bdf2b38387b72e8a533936623ec396f6ef94ddfcca047bf20a6fe450a03dedb36a57355e2519ff579b5c63095f48407ece8a7c6c4f5b2582616f0a6bba059810c0a28355fb08dceec9e290026452c3135f8ad93f9617f22e590122d43f6fdc1ea0f9ec12c551b5127108443bb081f7a89660034ea4f3c4305108428cc91918dbb28c2a117f09609e40903b13055e92a727afa767b1f97df335ee729686c0113e4cc18aa50f4ad82b1d403cc6c11ac3bf63415560417d7d488df01b69c925ca3fce60ca7ac767fd11df61caf62f3ab67dad043faf1cc334903e0f419c2e97553ecaad5814bf097192e76e9a16bc5c9be932718aba32cd7dbcc6bc634a463c6f709cc81963b39442e710c14c7e107b0aeb7b6a0e3f3757860d10dd741863277c43ce4dcec49f4558959b08f59182baf4f250aa045fee383ceaec280817bf222dfbeeca8c1ec8473176326c1ffd49ea072b5f3c73f36865b6052a1595c1bb76cfe37f976848fbcb408381ddeff9c318a2e6bbfe6c18ef16531fec3c47874a5391238c0d6b0e033db3fce94127cc9c98a4211e5d873f7b4810846d96be2d6cac532fce0ddee737e4d1ddb65b8b2449984a897e4090449ed4fb4006fb9d133e51396d4664a3f0c395c5b24781f8389979ccb565c6461b66db7134d15cff5ae8f935a5bcb23caace2edd2b37a726575e3cb0528de05edd9f03e30feb617767b6a557280a0a288b52af44a1607b6063867e5c9d8d56c44968fd509b5983fa06e6b1eefb2f8cee0c1cb49b8b569cf13b77adbc22ce972cd718167ac571ee41a446d13931f849d5636c729996b36ec84171fde260a4e01e9770cf687591a79833ae6473c51e12c0faab96ef093e6178d485526dbf775c94324c76bd4af2652e9036b1cc0d3df05c9232ee6eef7c4f46a6cf8ad160ad087aba6928bf156bf3ade1d135a965c4a2b283485737da67fe99227f2fbfb3baa74d75fe29122adfd82fcb9325b7ea826a52559654e76d494a374d9535facfcd4ab248e388c516bb8a0dc151b1557e418fd7c625c67ab1c50d6f05b97ba15c55631aeea44b21131aa93ead176f7bfd1418856e38782f004f272738827a64bb695f6b6a08cff8d1917be52a8851bd2bfd57d08bb0660e2ffc23792a419c2e9b006e3b0ad05044d99b97391fd2cceb86cf26acebe089a861340b04fd01e1baa70583032a30ea2e605217b80f7ee16d7e28be43d12bb2b67937dd26a8aeb84fef2f2d52f75232a400e7b279dcfc01953b0c46203477a50b5853e8f7b14b2ba31db742504bca6ed95b18846706c9fd85bf2a3a2642029b9ff2828bf0f7cbd96109a237961be8fe5c62f0fcc04c994f123f4a22f048403eac9308cfd2f2e4350c72e9ef83416ce973d3aa90d281a0275886dd3858b5869784ae58e257aa5af6d373dcc9cf520e364be748833adbb10daa6f6a334b51d27529d86ea5ce874562f9f93da45d244224b936fced3b658abbe7aa1f0d502fffce823f528ab47ea3540722f144733666229ae08cfc7e61247742ea4e3c180938ae7c7b81c1ee975c831f79672e044cefc49894c2ab73bba2580ac476cc0e56b6748b8edbb37a3f8dda7ffad4ec07abce7c4d10fc32e40d5a9db37f7b1e3a6eabedbefa9dd8eef189b92363d3391d384af26b7d47958d3d82845c9b668da5bcbd64058dc9e1c6d903ab5d2aa049d197116a11309a1abe9e5b3f9e7f1c623242b1d8089bc369d145a7070e8a9bdf543dbffe899ff9366009a3b0424a634681b530dad9ef23f136a10c7287068e57f3c2de45adf0a105c328e0035b97168f4c17aa4610b2e6e1a6ba0b71c06417b7a9497be4a009b19d7162adfd4d7b6490faf3782a920281333ad09b848ab5f4d15534b8c4e43dc9604b0630f8d349b2c80a98fde04693c31cbed7d460edfc0138dcc5d3974e682bbd555ac19625bf6e0607d8803391ec9c2dc41fc4e8bceae4f53507137324dd02914a067d52a577b812ddac4a34765c26a98839b3edb6290abff0c75991d6f8c1bd7540f38a7f25fec2f3539f894c938e1f3cf0ff1e6994d6a6ecc457a482f045ba712a85e8e31afd49c8e3480dc1c36d56ab2eceac6e5a847455d8ef4e3d45cd463c421bd1bce2ca57dd88f0e7ab3446cdfa8cb3914c240936f1738af7009e9131b240b59af55d7e38307b91fc8f00410cfdcfacaa341607a801afa63640091eb00b860700ea882878a8d9838f5597b970366be7d167ddebfe3c9253b5dbf7f30a67ee4d87dccb3c723c20200aa5fc036caf12811b19ce49c81ce328d7b24587353ecb99bafd327e33303cf447b36800d1bed8ee10df527d55c0d5f7506fb11cb1338074113579e665c6f3cffde5a8ee98a7bf3f8157986cf7c1c5dbdedaacbe3946b3d8809dec7387f006c062b93b6b481a806e5544ddeea7218fcc15c25a88164bfd0735e6290167cb2dbf4b4a317ba00b1fc27d203a6cff71ef8fe97a97d8e07af2ce1d0a0a2aa9ede7dd0572325075c83c2ecf866aa01654eff55ebe4e489e72152e6a3090e2348732704eb02997ffd23a63faabfbbbd1fb124cab606faed24a393058cea1c1286001ee5c0c1fa26b6a81ebdd4718a94cebdb45bfe812c771df398d3305da03d37ced9d0242b6da212dc9f5c14d7ff999bee20f6621792d1442e449eba8589a823e5e99c65fdffbaefe89e2e32406ec4cf574e335e2d288e4cdad56f4b1b57c364ed3e28809e480d6f410c7ebf43bd2a605d6a8c9facae6b7f8f2c56f792ae21fc0cc5dd9beae0cab3547ebb5467183c2f01bc315bd7bd191088886752dc5108093bdbc91348743440130f33d3dfa9c25490245e5fa904f8660e82253c826b7bea4e9a7a1c627e10c56d71878a644bd176016f29cf5398be14cc0fdec45c65e2b967aedb75212eed1eb05a44da62190009d1c08163b74813b82c27f1e6cd681a4b5150f967444b7bc930da68603fd706e96ba8663b2e50ef0a9b04e321a8a337b08fea7288a3fef5062c7e4c17ad3d490870d39c10b78a74eab25c993527e313a4f59d86de55aa9a8a63f734c2db556692fe993b0cd08e0ab5434c9ec02d5127354f55e6b5d5a7b61685d02edae21ece71d203abf7408211229a9ebbfdeffa2c0f38db274066d0706d80398c172e6daf4a0dce62c2287cbf0d30cfa313d7baf4e5caa18f594f0ab0d854f3cef76ff83e96fa49d0e0f8a47193b51a0a45aee2e1d9a5b372b8ee828f645a06979ec351d798480c7824e846028c02f58b5641acbae1e2079abd86182a662bb1642c9346d7fba628fb012da293acef33b8b76a8885c2e5d685348b6148c5b44409f58d8d5f29344fe8a2e4c2432ae622bb1912ea65d55745eff6aa689e859dcaeff39bff895025bd72cd780d59cbaa0886afd5d6676d2de6266903115525c075cc3f75ce9eba3787a890e1f758f0e502c4c9c0538dc942cf4e2d69742edeeddb66b1d459fcf6f744b2c40111104ab21fd4e99b4477e25cc5a9af59108c8b2f569d4ba227c754f294fdc1e6b383fd89861a203f4d4ee33814aeb21ee411a0d6918533aa2450b1e35c97ab6f01f3829c8a4c33fe0fbc81dd579bbdb44eda4f335d2bc512ca7f38f603c29033c94df2c9533f4422432f574a021e90a0fe3a4cf54de46e25986315b30956face49e26e8dcbcc9e1363627a9f38a2ee8304307dab4013d77f4c337551e2a6ac230788513cdd15e734263e4973c75757d9809c510977adc3be6c5b110597b09c7dad1f54e4506744710b53221e4a7982ac4c59bfae6370258b5af7864a4ca680addd736e35da579cc0e975e6cdefa3d082c8b4b10b205415c32797d9450c002895c9b40", 0xd4f) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) r2 = openat$auto_cachefiles_daemon_fops_internal(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) write$auto_cachefiles_daemon_fops_internal(r2, &(0x7f00000001c0)="bc8bf5621a19afeb196c155b38eb59661efa0f8a27f958ba85af7e05bc3ebc7ecb949f3585573e1e8ce631d8702b3367bda5e3187dc0e36784d2c65d38dfccdf95517b0d961e7fb1b5dd63a7782be67d14538e99df2e86d05254de107b64acc76b014c5238817fcfde5bb4575dc5915798ea9e93040a", 0x76) io_uring_register$auto(0x2, 0xa9a9, 0x0, 0x20) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0xb9442, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty58\x00', 0x800, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0xc0000, 0x0) mknod$auto(&(0x7f0000000040)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00'/263, 0x1, 0x4) lstat$auto(&(0x7f0000000200)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00', 0x0) ioctl$auto(0x3, 0x40104d06, 0x5) r4 = fcntl$auto(r3, 0x409, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) semctl$auto(0x201, 0x2, 0x13, 0x1) r5 = signalfd4$auto(0xffffffff, 0x0, 0x8, 0x0) r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000001c0), r4) sendmsg$auto_NL80211_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000300)={&(0x7f0000000440)={0x1e8, r6, 0x100, 0x70bd26, 0x25dfdbfc, {}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x1}, @NL80211_ATTR_PBSS={0x4}, @NL80211_ATTR_HE_OBSS_PD={0xd0, 0x117, 0x0, 0x1, [@NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP={0x17, 0x5, "407bc88a98103635b4a82606b9ac886f1d8fb1"}, @NL80211_HE_OBSS_PD_ATTR_SR_CTRL={0x5, 0x6, 0x7}, @NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP={0xa1, 0x4, "abd0a145c27fabd22b59b7eb6866455faac5f5dcb62f5c3b6a64cf6b31b4a60fa871fe8ab60dcf17baf1dc46a19897521136dcd32bc28a598ee531c4f0de038b2b9ad9d8b4980c36cf3908c7873c63a1a9cfba6313999deb2fb9ce4db0dbb2733b93ca5e5d405631af634ffbebc3df284cafb932ec6a69d16cfe613eba217bcd802c1320a6c9ccb90acbfa79354bc916c7045866eb3836d49164adc526"}, @NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET={0x5, 0x1, 0x2c}]}, @NL80211_ATTR_FREQ_FIXED={0x4}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x7fff}, @NL80211_ATTR_IE={0xe6, 0x2a, "4a5fd7c8dba448b7c9e4c6e0b67f31851695e59663dc42fa1dcbe85b6a3ecaa9e34a5ba6af29a1baf111a444b22aff0c862093353c5f056fd3f528d3c196546e251aaccdc7e33245894edea6c04c387841a8874185dd8e25c0c2a63999c6654b0914294ecccdb02dde3858e8c49182ce25611d2f0222a02996452dd863bc2f4a60699b41d63a628c3c6b4dfcba88314015caa8b31b9bed52d8cd9fcaadc0d18bcecc62d30c70243b48abbddb2112a0b4f7469bddaece88c1ef1bb95dbe028c51776dfbdd750961ea3717e3af737f49ad28835d185aa8e1b35549bfb0f5b0d3a0425c"}]}, 0x1e8}, 0x1, 0x0, 0x0, 0x20000000}, 0x8000) read$auto_l2cap_debugfs_fops_(r5, &(0x7f0000000240)=""/173, 0xad) mmap$auto(0x100000, 0xffffffffffffffff, 0x4000000000df, 0x19, r5, 0x5) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mprotect$auto(0x1ffff000, 0x8000000000000004, 0xd) 4.837757825s ago: executing program 0 (id=2502): r0 = socket(0x10, 0x2, 0x0) r1 = socket(0x11, 0x3, 0x9) openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/ieee80211/phy1/aql_txq_limit\x00', 0x822, 0x0) sendmmsg$auto(r1, &(0x7f00000006c0)={{0x0, 0x5ac, 0x0, 0x5, &(0x7f0000000700), 0x5, 0x1}, 0x5}, 0x2, 0x100) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00"], 0x1ac}}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB='R'], 0x1ac}}, 0x40000) 4.528299257s ago: executing program 0 (id=2505): openat$auto_show_traces_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/tracing/available_tracers\x00', 0x80000, 0x0) r0 = eventfd$auto(0x7f) read$auto_vhci_fops_hci_vhci(r0, &(0x7f0000000200)=""/36, 0x24) close_range$auto(0x2, 0x8, 0x0) fanotify_init$auto(0x5, 0x2000000000002) socket(0x2, 0x801, 0x100) connect$auto(0x3, &(0x7f00000000c0), 0x55) ioctl$auto(0x3, 0x5411, 0x10000000000402) socket(0x2, 0x2, 0x0) bind$auto(0x3, 0x0, 0x67) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x8, 0x1ff, 0x7c9, 0x25, 0x4909b6f5, 0x1ffe0, 0x7, 0x3, 0x20000009, 0x9, 0x3, 0x4, 0x1, 0x68d, 0x9, 0x8, 0x10003, 0x80, 0x3, 0x0, 0xa, 0x22000, 0x200, 0xffffff28, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x8000000000000000, 0x101, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0xfffffffffffffffb, 0x0, 0x0, 0x0, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xffffffffffffffff, 0x6, 0xfffffffffffffffc, 0x0, 0x0, 0x80000, 0x0, 0xffff, 0x10, 0x0, 0x8, 0x10000, 0x0, 0x0, 0x90, 0x6, 0xbdcc, 0x0, 0xfffffffffffffffe]}, 0x1fe, 0x9) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x20000008}, 0x40000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r1 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x1892, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f0000000140), 0xb, 0xa505}, 0x800}, 0x7, 0x4008) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000340), 0x82042, 0x0) mmap$auto(0x0, 0x3, 0xffb, 0x8100200008011, 0x3, 0xfffffdfffff00000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) memfd_secret$auto(0x3) socketpair$auto(0x1e, 0x6, 0x3, 0x0) madvise$auto(0x0, 0x2003f2, 0x15) mmap$auto(0x0, 0x2000c, 0xdf, 0x14, r2, 0x8000) madvise$auto(0x0, 0x200007, 0x19) keyctl$auto_KEYCTL_SETPERM(0x5, 0x12de, 0x200, 0x1, 0x100) 4.15552077s ago: executing program 2 (id=2507): r0 = socket(0x10, 0x6, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x1ac}}, 0x40000) sendmmsg$auto(r0, 0x0, 0x7, 0x4008) mmap$auto(0x4, 0x30009, 0x4000000000df, 0xffff, 0x401, 0x8000) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, r1, 0x8000) mmap$auto(0x0, 0x202000d, 0xffffffffffffffff, 0xeb1, 0xfffffffffffffffa, 0x4) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) getpgid(0x0) madvise$auto(0x0, 0xffffffffffff0006, 0x17) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/afs/addr_prefs\x00', 0x8104, 0x0) read$auto_proc_reg_file_ops_compat_inode(r2, &(0x7f0000000e80)=""/215, 0xd7) syz_genetlink_get_family_id$auto_ovs_flow(0x0, 0xffffffffffffffff) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r3 = openat$auto_btrfs_ctl_fops_super(0xffffffffffffff9c, &(0x7f0000003880), 0x20000, 0x0) ioctl$auto_BTRFS_IOC_FORGET_DEV(r3, 0x50009405, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, 0x0, 0x3498c2, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) 4.113664151s ago: executing program 0 (id=2508): setgroups$auto(0x8, &(0x7f0000000000)=0x5) r0 = prctl$auto_PR_SCHED_CORE_SHARE_FROM(0xa, 0x3, 0x0, 0x0, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r3 = openat$auto_cpu_latency_qos_fops_qos(0xffffffffffffff9c, 0x0, 0x2, 0x0) pwrite64$auto(r3, 0x0, 0x4, 0x3) waitid$auto_P_ALL(0x0, 0x1, 0x0, 0x5, 0x0) sendmsg$auto_NFC_CMD_GET_DEVICE(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000500)={0x30, 0x0, 0x800, 0x70bd29, 0x25dfdbfe, {}, [@NFC_ATTR_COMM_MODE={0x5, 0xa, 0x3}, @NFC_ATTR_IM_PROTOCOLS={0x8, 0xd, 0x2}, @NFC_ATTR_LLC_SDP={0x4}, @NFC_ATTR_DEVICE_POWERED={0x5, 0xc, 0x6}]}, 0x30}, 0x1, 0x0, 0x0, 0x20004000}, 0x84) sendmsg$auto_NFC_CMD_FW_DOWNLOAD(r0, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000380)={&(0x7f0000000440)=ANY=[@ANYBLOB="ac009308", @ANYRES16=0x0, @ANYBLOB="000425bd7000fbdbdf2515000000740019003d68f56930dfec1e0c9ee2d4ec5cdec5a6617f08331f1e41250fe48416dd92cea0221dc8da3d9efe89fd9d72adf19e0e892f0903c80088663c1275a54ef729132cb8005fda646285b305ef19246d6980ac71aad2e89b"], 0x90}, 0x1, 0x0, 0x0, 0x1}, 0x41001) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xa4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY\xad\xd6\xc5\xab`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4[\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r4 = openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/usb/usbmon/9t\x00', 0xa00, 0x0) arch_prctl$auto(0x1003, 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000004400)='/dev/dsp1\x00', 0x1, 0x0) r5 = inotify_init1$auto(0x4) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp\x00', 0x10000, 0x0) ioctl$auto_VHOST_SET_LOG_FD2(r2, 0x4004af07, &(0x7f00000001c0)=r4) r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/tty45\x00', 0x201, 0x0) write$auto_tty_fops_tty_io(r7, &(0x7f0000000580)="7fd0a917413f68eb6b28d5eea7d1553f6595c094f1f855eb8d8776e6bd8f81c440da3fe3433f8243402fc2752caac5da7a03bbb5adf685740635a6bc231c6cf093b7cf0e4dd07f10b2dc12791aa3ebded3cfe2e4befc0e02d2e064b1db3adc8b2ec1c0378efff268086d6cb998b8dedfb7f20d06b7b091e974de1c1a4ce3d378d91b7639d914ba86b1f18337bb06e3619af99e68dfac380ab153fc75a2159d8efbbf7436752c964490346cf1558249979fc61ee71509560d14bdd0922e50904f3a4b2ae1bfc4f6bb9e08f16afd6baa53cf87077be5bcca2829dd4133da071a6fd072ed5568670a5d171e3deee5576bf571a016c162ca369182f202dbe49839df8d4c438dacdd6cdd67c21e2ed9be20baeff5e5019313d5e6e5a0e93eab61be5dec2c7e144cf9d73fd945c25ff11d5d5aa26bf8ab2e06098b8aeb05c1f29c1a30d268d82768b3350c3efcdac39334de0f6406a1aed635e0c55412ff73b0222d67be6bdd185478d502b492c41696ce6f88609795409aa0841dbc7cb222f0cb239b19d9499fdc45988f0290af0666c37b93f047d45b17cbe7c9332c63ad46c6aa871e4b351efa4fbfb88cfa0281f465d1a970939c2d6c45c50ade06f0bb98ed66623b887de325c0f42ab530b649ea29757af9464c18dea186a0bbc62ce209a3be8e86e8f710323cb899d806caf575cb73a419c0804afd4c8a329a2afaebb87291e9fdfd2ca0edebfc4fb7b1e281fa3e6ac387aebfc92107f4251aa8c96a4c6d7599933c2c489a7696e8e42d88b572fa46bead2c96f619030ab70026f14f91bbf0a4c1b3ed74c564d6ae3eefeef94d37e19701513ff7713a52ebfd8f251dc303455de00d1ee3ed3e204bed2901a644056193fc7e00ce10aa6463892a7881a51893af629f7bd8801ce4c44c7ff2decdb6a69d9ed48ff79661ba9ec4a84dd222d3b40e4abf56222b97db9aa646a67e5031a57d570030f41b09529298f1acddbcd1f0ff6a30cb2a2d5eaecd774bbf897477cc1e55488f3493b6aa6908d24b032cbda24f956f7f262d992838923efde7e8ed0558872451d7bd6a4769ecd47c6d0a125a6e638df6f67793901a67071c506d010930b01ce541aa43f9110d874311d18a8ea50fb1907e8d17c3932e0c12c7d6f7c145209ab81105649fc0c5266063bd8c6a16319a82ff5d236122d53e15d6a7fcb16245d7754f3ffbf659a141cbd29286176fe445deebd5dd18baae1bbdfedbe4bd3453c50fb2f6c22505ecd768ad0703624ebf7b924dc7e8e93ea94c8a6a9f0372351b5a4aaadf89a86faf5241e47be7e6790676fbf8abcc6ef89b9f6ce10600e21815ec6d2c580b5c30ada6b956a07d9964e93419856df00b06245d0743ac2b595097007165cbb17c6a492a6eb0559712e5f89ee86b7a2c46acf9b8d8b2c7a85092966aca97f114635c64f6eb44ad927423a3bc434b267c23d364ee5671d3dcbcca02ffbb633b3c9e6f2058c3b43dd46344b92e000a029e6daf42c4d12e3a470487eb5cca6e2014b87e5a5aee1c6b9485472d18aaea4ebefe77c6901cd52e303083d6b2e47f4be756fb4dd02acd4938e6ae5f7178623b3b4bad0a83c2c511fd4a9e1da40efff3ca03326278860a6c507e50717f0ea9288daa0a33748cdaa74ec20f7b5671ab50d2a0ea649b9c1b258fa833e808ce0f0fb537e75e9e4c8e1b5c7fe8ca456e6c32fdb86b88c0bc30e44c5ec22634cf5b6b78574a5aae4cfd5b011095e2ea022a2fd15495319ddfad5b3fdabcf012d8f182af76c9ea3b083b66fb34b0ba87957fcd34cb0a55478bfb857bb79b52ec8cf52fcdaf09a20b743b765310cb24d4b05e55790ebbc410cc1342c3dc27facd2ae8c2ea0916bbe0e1372c09f2b98d486294c1ad0776828ec7feebdd969af66b82f708494c4abd5841d70a71ed0c6c7eef68559527ea4c43fe26e8889f9410cda85b13dc02bd03692198ce526997cb45b322a6354d58344e94944f9fa25950ae239c17b75d313f75405c012d959eeb2991130ec84e703193d749671264f3aafd55cfcfb2f5762979724318d6f1ed0b5e570d0b050ed9282a71de1533cb642ea831444a4bb7668745bf9814a180b18835e7c61d907e4321c25b5400be50d0117537ca13190ffde1bb077eb0cd74f6163abcb87a2b1e261b2c2084224d743b27b67f404b3b2d66a9c12892fb6894cd87c018e4018cfe5cb05b6114b90fb7faff3e591e4f60803318cc54783f9c1473276b33f59a3e545340299036ce3eefeb5775b4ddc00759012e5a408ea73b702c05c102740c6ba5b140a89cef6a7e9591c9afca16e478698cd9a3b4d103a553a194cc30e498b14c2315c61e5e6c329722c5cb50b6c114e4901c067ccfdb54268eb51b1d43b0cf36b78c2e91abf18675c3b69614e0d10c3f15014d69067a97953ba58e7da1b625ae43465346bb7cff85515f83c1934956b2195cebef82db5fd2e9083da8240e4d7d1ade0d4f2be992f2f23197df1054c89bb1b7ad9c03a3c3cecb278221889cb30374987dd72d0d58015dfee54acb6db2127dc467ba3ce0a2353e809622b23d03a6b52666f10cde5a2abb02571b845d58d6590afc59bd16caa59ae4026888efa3f6b1d0f879afb71a580486005db5a411073f8f4964f73103efa972ecf481118b12ae48ba55c50a5fd7c31991b73242bb7448bcb4e412427a4ab9657a0e1f8ff3332e9da5b6f695dfcc4e6fbeb5f2cea1c70703f7fe4b685feb246b27601163c98a661ee30467ac71ee1df93812258dfd19f30fcd059c1cde93e142a6fe6976f9f78b580073528e1a2ca6084eea907db9e3b1ac68eb150ee596519613a667c897afe767f17f3f227db922972bd9bfdc6b7ebd8f1e6a51587e31dd1bc3abeed8a338cc458ff7031507b678c97d51f03b92292ded0ac1f004fe460cbc56f355d17c8b3aa73645d06fac0664e6b2da6dfdf56a2efbe5fe06ae5f0bb3f1e91e3914dc9cf71b66515a7b669bb60f1ccc7ca1ffa1d76dd8762a7d2c106f3f42b8d7e1c337236bafcd8744a53f175ff22d3fbc3ff2bb70714c512d9e2c5f833276b8be411724a41dc99e21fa744af8be985d800f274cfbf11df693aa52f4b9a2b3503123f50830942dcd8a574b439a1f052019bdcab9c15e72aba31d9ef3dffcad1e9033ae5a9babbc6f1ab1705c910dbce3e1e086d02e0cd276f7e2bbc07239328242c9dcf978cbc65848a5075b1de6ca677bad27cbede3c05a93480b6f3eb46f8a8e12230aeb21ca5cd7ce42e8732fa37dfb17b83a19af95729bab425c07461e0816e9d5708034c63def894fa6907de93dac8395e82597b9213041950ea18ed7e8ba7b0f493b4b11e798a0513d4ad1f97301af8d53a5b86af41d4932c23830a5682fa5743955450683827e8a0e558a0e268af340fc8a26ecae297ae3c0ad82a46b4363f51822627d2aab585a2fb69fb6d411949a2221fddadf68c694594c6147880176c1f84474a0d510ebafd8f41658586139628551948b5ed07901bd308ea017ac2b6c137417247c0a7ae0b785962ef0d9057b6b0f80beffea656bd5d69f2d4bd6150e2375e5036756c4302a7e282c00240ad1dff076162eb833ca72837df82d31061346aff14b6dcb826605a850d9fc87a80632d8f1bde73b6baf858e71981976f2a3113a8d01248cc8514aaaf1d79cc1f99a81d86c4ad42286dae6ba36e4b2d45b6afcd9a5d6db9fe9642d3a7a4eb35439389f68a69c6a66ca7d6d00f5c0d1163a7cd3e39dbc7ffcd4c2fb3f8921e0fb59d3624417360a82c98a466548e0dfa2152ee833d0f65b5b2fdeca7287efa260ad91f0fe21682b8ab70c4b19d5d9cbb0ad8cb68973585646047da47518dde987a24e2fd0bb9e1d02215bee1bacee391b995cce351f1ccf04109160b05dce5d569ee7dc84c068521b37", 0xace) setsockopt$auto(0xffffffffffffffff, 0x1, 0x1021, 0x0, 0xd) write$auto_ftrace_event_filter_fops_trace_events(r5, &(0x7f0000000240)="dcbb29bea4c19dbc9c3988ec7569219e306a23f64701c160a101f6b7fcdecfe65971b44fa57116632f17a6db3cc123fd0f25277684762edd9f9e272d22f4eb25bab2eb707a1151c5918e3c7ef7370de740", 0x51) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, r6, 0x8000) mmap$auto(0x100000000, 0x5, 0xdf, 0xad3, r4, 0x2) r8 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) r9 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r9, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000001b00)=ANY=[@ANYBLOB="20010000", @ANYRES16=r8, @ANYBLOB="010025bd7000fedbdf257e000000003f66004e210000000026800000020004000000000002000000000000000100090000000000010004000000000002000700001f0000980006000000000014010f000000000007001f5198dea666bad033b7aea5d7529adf1ae5607ef3d022c60a57cd1649952c00000080004dec6ee46088e64587adba9ba7537f79f056fbd60490f11a3498560bfa783badf6fa39e3aa9815705e629beb9573271a53f5c4ee3859bf0313d7dad665a019c4e908768bb5b896533bbd3b39e4768150289646864a302e8ded90a5b83ada85575e6657023fb727d3723ff97af53540e2fbc15e85a0c6a5644432b997ba3bdc423b0be181bf0d501cf098551e7b2ce99ac721bf9145ebc91fe7c9230b30f9b88ac5b2c404ddfac531ea9fcaf6d514daf8c13a9f382059488c3280a13754303b49d3eddff53520086a38cbb1075e09f556c208c26f727717e52ad91b929b37df820ffca5a077087bc540d3c30fa84b5986b17605e72c7af63bd4264355ec1e043e6ae397fd5b925bc6ee277f7e42b305fbe861e8e9974efb062206bd7fef4b13f19f926c090b1367e4599ea549d1e97c1c2b214d06c5de3e7dc0bae99b9030f72ae011f303fa7ea798a612fd252f9e9c238f07ccc755d8c4aff22798a08e567e0b8f3975fc1b30522f1b82ed37fecc8927a2f8265cb2423f4272359a5b097f54bdb65f51f0911ca880641493cce6f3f00edfefe3d7f007bc5c57214dde959740b9e0a70b28d191e10eb5c3eccfdf045407c80e026f4e9fe766eca822b77df002210db69f60480ae2e21fced2bf22dde077e0ccbe2e05f58ba0db3d9f6469382574a23009202a928c2e7a67623eeeb3976036936871d6056bca11541ed5d795853e233149c9ea3e3d478b5e35cf5e551002a79ac8a33d81b60fde70ccbf125c4b4243160db218068b7a2db851b3dfad23f584b6db1b9ec1428635f27d4bb08cb9b0d4d9c725595fbd59622038dc6cb2f70282ae273c9927dfc884b8e99578c897e90ffeec2c4f3b1e4c5cadc23ff40dd06e618b0f798c0d4a87c7728de7b03a7a8021dcdbd1f4c8b29ea50d2130cf3099a8b37a4d894a5020bc583feaf86c00b8d917567b988f875af819935a325517e76850262d5558ff1fcf9f5b7b26a9645bb26d20104227757359a6e52317edbdd2fde26c3b3f26ee6e2714d9668cfafe1f1c83c24d7e3b55127b38315b1b9053d3ed9561c14e0cf3b173f89e739337a63e5d13fb97466b9b36556adb4af4e9b18d4778c369692333cb70c72d968aff999fe3f08690fdc345eceedb90782bc907b20d4a06867f2930ebb553494aeceabf2f33f1295753241986835af90226970a126a27d9c1f3a04f9b917fa57524fb70f161e619ab83cff4edceef04362c497dc4804af7e7837a4b4241521a2cb28a08fe7001ce941a8cf3f2a4266dbc5fd02c56a5a16fe2a0af334673588ea9b161c65b7ab9a67e4808f1e8c6cf55641a97082348e1e31ed07154364d1fb134e988d32277a2c5224985ab2e3b518c927af3338cfeab947dc38466b8e58f40402d97417a895d335dcd5ccf6ed33ba8a54c80ea0cfe0c66993e86f8b2699d860ff1b2d00db394a18a92e0ed026737e46d52978bae076c156be5e6530222fe8c93c8e4ecd29bfd1823b2730515eb3e99ecb867e0117fafafb495f34fe5c82c7af4e163ef7c543d5327b011b65e661db58838a0821f66c65a9b2d598fe497d778ced9bb1c48369c70a3ab32dd9626f0b575d47a0b7398fcaebce8048504cc3ebcc4498894bf079758aa008906c570f9a4ce0c5faefd8326dde933dccf7a2896a3b86ceb8add2b7f69943b006c8ca893916b156458c9dd28e1e21770e7ba6d7fb8ebdde22ff23346cd0f6d0c90a093fae2f128f759418402b13fae56d033f6adde7442b46db3aedb8665718b37055df3b0710f5e31ea2e04abbca71d7c8cc71325a1124d38c4245587ff29c5e0f1cbfdf7b865099a395dd9c2f7e29200bda2c2b20b17b7f33e1c277c57925b59aca80821a48085b7eab507385849a0e22c2ac4a526e7b786fd9442fd2df0eb05cb1df98795853536dc12b6fea234a4c32a57059049c0dedee032615da106c88fe54e73226cb88b4863c1f905dac6dffd4e5e53873f746e19ee631e8cab802ef174df5cb6e88e513aa10a0e1dd7d43075bc19b94491b9cb8fe1efac7d300e4c6253d42198c94f76fef50405405c348b9bfe0c4e09b6668655baaff6d464b20c5db5aa72b6e5345aa6af3c2b2e508ab94ed2f3ae27947c30f6c9435396cccca249745963693d456f0b13551ebd2714a5d2aa5eec9d61d2d6b9aba3d482f4c49906435b1d783f381a7180a5077358717dfc2e117d31e141382b11db23fb0c7d8ec13b0e2e542cfe4b44f2e9b0a440dcf9143f3be9494f3bc2004047e86405b4190fb667d269f2a7d1c48509fbdc3bb3e99d6f68a309ffff000006007347b9c70c7a48913b05957bbb9826fc681df1b98ace4a88eebe405b8400e41aa87a86c1aca27323448d0dfed2b28ecfa7d65c7264311080712e8fa3874f7ee38b02120b885602b84d954479702f51ac45a331dfe2ef76c45014c84415189885b9c9613c2acb7a41c6ace876ee5af4fc50407fc3361a128a2e59e60f11b47277c9a5f3cbe0424d3886a3a3a0f40c5ef46d2b331ca3d83f2f444bc6998d06926c6a1c"], 0x120}, 0x1, 0x68, 0x0, 0x24000000}, 0x140) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) ustat$auto(0x801, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @loopback}, 0x6a) openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f00000010c0), 0xa0042, 0x0) 4.058951147s ago: executing program 1 (id=2510): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000000540), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dri/card1\x00', 0x101002, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000001540)={'netdevsim0\x00', 0x0}) sendmsg$auto_NET_SHAPER_CMD_GET2(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r1, 0x1, 0x70bd29, 0x25dfdbfc, {}, [@NET_SHAPER_A_IFINDEX={0x8, 0x8, r3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x60040010}, 0x10) r4 = socket(0x10, 0x2, 0x0) r5 = socket(0x11, 0x3, 0x9) r6 = openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/ieee80211/phy1/aql_txq_limit\x00', 0x822, 0x0) write$auto(r6, 0x0, 0xa50f) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48}) sendmmsg$auto(r5, &(0x7f00000006c0)={{&(0x7f0000000000), 0x5ac, &(0x7f0000000100)={&(0x7f0000000200)="4c0300000000000000a3677337f9eca9075f6bba831b53", 0x49}, 0x5, &(0x7f0000000700), 0x5, 0x1}, 0x5}, 0x2, 0x100) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="1e00df45"], 0x1ac}}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB='R'], 0x1ac}}, 0x40000) 4.021481978s ago: executing program 3 (id=2511): ioctl$auto_TIOCSETD2(0xffffffffffffffff, 0x5423, &(0x7f0000000080)="51c842cd0cfa7a74300b49e73a6ab17c34929147791d4ecc300629d21e7a6e4b77c33b0ea31c9c5734c1a3897cd5280d7e4ac7731f62aa15e53b3a34100083e4862784aae1304d0e953560704fe94bd55395902005c2627046433f0bbb1785661c9b2144cfcf3fa1cb7eb70045e6447e939a6cbecd6b2fa54608f69a64dd685d59") openat$auto_tracing_err_log_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/error_log\x00', 0x80203, 0x0) 3.769346102s ago: executing program 1 (id=2512): mmap$auto(0x0, 0x40006, 0xdf, 0x9b72, 0x7, 0x28000) r0 = bpf$auto_BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)=@enable_stats={0x3}, 0xfff) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/mm/transparent_hugepage/hugepages-256kB/stats/anon_fault_fallback_charge\x00', 0x60c00, 0x0) read$auto(r1, &(0x7f00000000c0)='/sys/devices/~latform/vhci_hc$.7/usb23/23-0:1.0/~\xda=\x8eep_81/inver', 0x6864a34) close_range$auto(0x2, r0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket(0x1e, 0x4, 0x0) r3 = socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r3, 0x10f, 0x87, 0x0, 0x14) ioctl$auto(r2, 0x2, 0x6) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) close_range$auto(0x2, 0x8, 0x0) 3.743181337s ago: executing program 3 (id=2513): r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cec8\x00', 0x101901, 0x0) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r2, 0xc05c6104, &(0x7f0000000100)={'\x00', 0xffff, 0x6, 0x3, 0x9b4, 0x9, "ce7009002ce100", '\x00', "0201ccb7", '\x00', ["0000000000000000000000f9", "70d900001100", "0800000000000000000000ec", "00deff1000"]}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'virt_wifi0\x00', 0x0}) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) (async) r4 = open(0x0, 0xa61c2, 0x84) connect$auto(0xffffffffffffffff, &(0x7f0000000140)=@qipcrtr={0x2a, 0x1, 0x3fff}, 0x57) writev$auto(0x3, &(0x7f0000000100)={&(0x7f0000000000), 0x7110}, 0xffffffff) (async) sendmsg$auto_NL80211_CMD_SET_WIPHY(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="13000300"/18, @ANYRES32=r3, @ANYBLOB="0c0002000000000000000000"], 0x28}, 0x1, 0x0, 0x0, 0x4004080}, 0x0) ioctl$auto_XFS_IOC_FREESP64(0xffffffffffffffff, 0x40305825, &(0x7f0000000280)={0xfca5, 0xfc7d, 0xffff, 0x3, 0x6}) getpgid$auto(0xffffffffffffffff) r5 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60740, 0x0) write$auto(r5, &(0x7f0000000100)='//\xf2\x00cu\x102\x18\xe2\fv\xe3Tr\xa7\xa9\v\xfd\xa7:\x83O\xabL\x88#\"#\xf8<;E-\xd7z\b\x00\x00\x00\x00@\x00\x00])@\xe30\x95>^kw\x83~\xbe\xa0jZ\xa4', 0x80000000) write$auto(r5, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x6) (async) ioctl$auto_BLKTRACESETUP(r5, 0xc0481273, &(0x7f00000002c0)={"e849061bd7de5ce2700e14001c602c969917e9e2c01f4ed2f3bb7bc92645b0a3", 0x1, 0x8, 0xf3, 0x0, 0x2, 0xffffffffffffffff}) (async) waitid$auto_P_ALL(0x0, 0x9, &(0x7f0000000400)={@siginfo_0_0={0x3, 0xffffea39, 0x9, @_sigsys={&(0x7f0000000340)="e00768538d3e5da24758280fa2aed981d40c04b35b9742ffd69786868b65a876839b9d2349a3e67bc15bd75ad56644a9be84552ed43bb3bdb8171623217d010d56a688f90bf75cf969da84c94ab988373c8d9563a3fcf14ee2128766eae1a15b47dee445f429c2e5f64db240ee96093780432b4a53639da86b93ba7944d13d72e63877ef99b8613c560caf96da5af4892e36337ec634aab54d", 0x0, 0x40}}}, 0x9, &(0x7f0000000480)={{0x2f2adb5e, 0xfffffffffffffffb}, {0x4, 0xc}, 0x8000000000000001, 0x63d, 0x7, 0x5, 0x6, 0x2, 0x80100000, 0xfffffffffffffffb, 0x5, 0x4, 0x25b, 0x9, 0x4, 0x2}) (async) mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) r6 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio1\x00', 0x8000, 0x0) read$auto(r6, 0x0, 0x8) (async) close_range$auto(0x2, 0x8, 0x0) (async, rerun: 64) socket(0x1e, 0x805, 0x0) (rerun: 64) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0) (async, rerun: 32) ioctl$auto(0x3, 0x40045532, 0x38) (async, rerun: 32) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/pcmC1D0c\x00', 0x80, 0x0) r7 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) (async) ioctl$auto_USB_RAW_IOCTL_EP0_READ(r4, 0xc0085504, &(0x7f0000000640)={0x100, 0x6, 0x10001, "8f0505c49b1e865161d22d7d5e66e39191223a5dcc29f92fad6e4e9a8015835c49f11e10ffbc3667f26e8e5a4985058da6db34cd28ae06947a438996510f10bda3b9ff09aa7901dff7dd8d9e1f0503a7d0b9e4fb9e317b125e012a7d0f98bc23595171afabc2e767a0d2bcf5357db2790dab3357367e91e2b2588fe62fd1e1788661da44ff66e7257b0b7725baad732f72"}) (async) r8 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="130025bd7000dddbdf650208000008000300", @ANYRES32=r9, @ANYBLOB="05003e00ff"], 0x24}, 0x1, 0x0, 0x0, 0x20004050}, 0x20040894) 3.463425517s ago: executing program 1 (id=2514): sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB="c04b13129ebc9478eaa9f240752ec50ec50a40000000000000009b9782eb2b3aa2a52d3e736697127a5307c0bdb9386f8bc399ba76d0317253be7da737f212cd78cb72b2080ca2bb9d1d0e56832fc9e77773c6907136063056c9ee1bcd261540523d425110bf4881c43bffffff7f000000003f56c135050a0ca79ef9087c12d48200faf749e21f85c0", @ANYRESDEC=0x0, @ANYBLOB="100025bd7000fbdbdf250200000008000100fb19a1450c000e"], 0x28}}, 0x4004024) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, r0, 0x8000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x288202, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) close_range$auto(0x2, 0xa, 0x0) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/est_cpulist\x00', 0x0, 0x0) read$auto(r1, &(0x7f00000001c0)='\x80\b\xea\x01\xdeAk*\t\xb8\x01\x00', 0x461e) io_uring_setup$auto(0x1fd, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, 0x0, 0x100000e3d9) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/loop12/queue/max_integrity_segments\x00', 0x42a283, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f00000008c0)=""/61, 0x3d) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x1a1842, 0x0) write$auto(r3, &(0x7f0000000000)='9\x00d1L\xff\x15\xba\xa17=(\xc1\xf8\xff\xff\v\xb5^\xa1/[', 0x4) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ram7\x00', 0x16f602, 0x0) r5 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nbd10\x00', 0x1206c2, 0x0) write$auto(r5, &(0x7f0000000000)='//\xf2\x00', 0x80000000) ioctl$auto_BLKRRPART(r4, 0x125f, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x103e81, 0x0) r6 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x0, 0x0) ioctl$auto_TCFLSH2(r6, 0x5408, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) 3.344675516s ago: executing program 3 (id=2515): socket$nl_generic(0x10, 0x3, 0x10) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000002f80)={&(0x7f0000000040)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB="04002bbd7000ffdbdf250500000008000500030000000c0001800800030008000000"], 0x28}, 0x1, 0x0, 0x0, 0x278e18a297a8387c}, 0x24000802) mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) close_range$auto(0x2, 0x8000, 0x0) socket(0xa, 0x5, 0x0) socket(0x10, 0x2, 0x0) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000426bd7000fddbdf250300000004000800040003374b0008"], 0x20}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="db002cbd7000fbdbdf250a"], 0x1c}, 0x1, 0x0, 0x0, 0x20040004}, 0x20008810) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 3.190885863s ago: executing program 1 (id=2516): socket(0x2, 0x80002, 0x73) r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/cec6\x00', 0x121480, 0x0) ioctl$auto_CEC_ADAP_G_PHYS_ADDR(r0, 0x80026101, &(0x7f0000000200)=0x2) socket(0xa, 0x1, 0x84) socket(0x2, 0x2, 0x0) setsockopt$auto(0x4, 0x0, 0x480, 0xfffffffffffffffe, 0x0) 3.174672552s ago: executing program 3 (id=2517): sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB="c04b13129ebc9478eaa9f240752ec50ec50a40000000000000009b9782eb2b3aa2a52d3e736697127a5307c0bdb9386f8bc399ba76d0317253be7da737f212cd78cb72b2080ca2bb9d1d0e56832fc9e77773c6907136063056c9ee1bcd261540523d425110bf4881c43bffffff7f000000003f56c135050a0ca79ef9087c12d48200faf749e21f85c0", @ANYRESDEC=0x0, @ANYBLOB="100025bd7000fbdbdf250200000008000100fb19a1450c00"], 0x28}}, 0x4004024) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x288202, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) close_range$auto(0x2, 0xa, 0x0) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/est_cpulist\x00', 0x0, 0x0) read$auto(r0, &(0x7f00000001c0)='\x80\b\xea\x01\xdeAk*\t\xb8\x01\x00', 0x461e) io_uring_setup$auto(0x1fd, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, 0x0, 0x100000e3d9) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/loop12/queue/max_integrity_segments\x00', 0x42a283, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f00000008c0)=""/61, 0x3d) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x1a1842, 0x0) write$auto(r2, &(0x7f0000000000)='9\x00d1L\xff\x15\xba\xa17=(\xc1\xf8\xff\xff\v\xb5^\xa1/[', 0x4) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ram7\x00', 0x16f602, 0x0) mmap$auto(0x0, 0x2020009, 0x2, 0xf8, 0xfffffffffffffffa, 0x8000) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nbd10\x00', 0x1206c2, 0x0) write$auto(r4, &(0x7f0000000000)='//\xf2\x00', 0x80000000) ioctl$auto_BLKRRPART(r3, 0x125f, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x103e81, 0x0) r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x0, 0x0) ioctl$auto_TCFLSH2(r5, 0x5408, 0x0) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) 2.923417387s ago: executing program 1 (id=2518): openat$auto_show_traces_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/tracing/available_tracers\x00', 0x80000, 0x0) r0 = eventfd$auto(0x7f) read$auto_vhci_fops_hci_vhci(r0, &(0x7f0000000200)=""/36, 0x24) close_range$auto(0x2, 0x8, 0x0) fanotify_init$auto(0x5, 0x2000000000002) socket(0x2, 0x801, 0x100) connect$auto(0x3, &(0x7f00000000c0), 0x55) ioctl$auto(0x3, 0x5411, 0x10000000000402) socket(0x2, 0x2, 0x0) bind$auto(0x3, 0x0, 0x67) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x8, 0x1ff, 0x7c9, 0x25, 0x4909b6f5, 0x1ffe0, 0x7, 0x3, 0x20000009, 0x9, 0x3, 0x4, 0x1, 0x68d, 0x9, 0x8, 0x10003, 0x80, 0x3, 0x0, 0xa, 0x22000, 0x200, 0xffffff28, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x8000000000000000, 0x101, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0xfffffffffffffffb, 0x0, 0x0, 0x0, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xffffffffffffffff, 0x6, 0xfffffffffffffffc, 0x0, 0x0, 0x80000, 0x0, 0xffff, 0x10, 0x0, 0x8, 0x10000, 0x0, 0x0, 0x90, 0x6, 0xbdcc, 0x0, 0xfffffffffffffffe]}, 0x1fe, 0x9) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x20000008}, 0x40000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r1 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x1892, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f0000000140), 0xb, 0xa505}, 0x800}, 0x7, 0x4008) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000340), 0x82042, 0x0) mmap$auto(0x0, 0x3, 0xffb, 0x8100200008011, 0x3, 0xfffffdfffff00000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) memfd_secret$auto(0x3) socketpair$auto(0x1e, 0x6, 0x3, 0x0) madvise$auto(0x0, 0x2003f2, 0x15) mmap$auto(0x0, 0x2000c, 0xdf, 0x14, r2, 0x8000) madvise$auto(0x0, 0x200007, 0x19) keyctl$auto_KEYCTL_SETPERM(0x5, 0x12de, 0x200, 0x1, 0x100) 2.922084327s ago: executing program 0 (id=2526): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000336bd7000fedbdf2502"], 0x24}, 0x1, 0x0, 0x0, 0xc045}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wg1\x00', 0x0}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x1c, r2, 0x1, 0x70bd2c, 0x25dfdbfe, {}, [@HWSIM_ATTR_REG_CUSTOM_REG={0x8, 0xc, 0x9}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r3 = openat$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/tracing/dynamic_events\x00', 0x430e00, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x20004050}, 0x4000084) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x1c, 0x9, 0x63, 0x0, 0x0, 0x0, 0xffc, 0x8, 0x80000000000000a, 0x0, 0x9, 0x9, 0xffffffff80000000, 0xd, 0x6, 0x200000100103}) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r4, 0x89fc, &(0x7f0000000040)={'bridge0\x00'}) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/blkio.throttle.write_iops_device\x00', 0x121002, 0x0) socket(0x2, 0x80802, 0x0) socket(0x10, 0x2, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) socket$nl_generic(0x10, 0x3, 0x10) socket(0x11, 0x3, 0x9) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = socket(0x10, 0x2, 0x14) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000002fc0)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000000a14"], 0x14}, 0x1, 0x0, 0x0, 0x80c3}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0xffffffffffffff14, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYRES8=r5], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x200440c0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4c084}, 0x51) sendmmsg$auto(r6, &(0x7f0000000080)={{0x0, 0x8001c01, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x1}, 0x7}, 0x3d55, 0x0) bpf$auto(0x5, &(0x7f0000000000)=@bpf_attr_0={0x8, 0x111e1cf2, 0x8, 0x7, 0x5, 0xffffffffffffffff, 0x80000001, "787d66da4a620eab7f736e854ef61529", r0, r3, 0x7, 0xffff4e87, 0x2, 0x2}, 0x7) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB='!\x00\''], 0x1ac}, 0x1, 0x0, 0x0, 0x44}, 0x40090) socket(0x10, 0x2, 0x0) 2.539486821s ago: executing program 0 (id=2519): unshare$auto(0x40000080) mmap$auto(0x0, 0x20009, 0x7, 0x12, 0xffffffffffffffff, 0xf4e) mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000) r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r0, &(0x7f0000001bc0)="51426572911c17e9dd66bf94ea32689283bb895dbc0a97721ed6e250c974356905898b7d48acecddf280cf6dd4ba18c1aa3928071c6585025ceab0e2f34f37ddec138ea587fc4def825608b0ab2a6ecac42062bd3c58ba606307b7471b20a40ffa168b91dde6727571c4ec94bfbde1df90ccb265ffda374c98ffb1ee22069af38a3f200532dbbe5e98f4455170e9a137517b9b7b8840359940ab00f37125c2bec0ac36606b6c69edb35967d723fb81a15faea2bd280d1581ad1ef597bb4dc09f6a5d53aaff1877b77c4e425761dc09d34498c1fce72c0ba1041a99b8748a37597b9567cda1de2cbf6962798e5ee11bf7cb2c70a9502f33c43b8e5dc54de743a2e24cb94c22d669b434888a7ce4cb16cd77b324258e07af32adc0cb38f8c622085783f6804edc3913fb9e98c55713fa0bf8101ad0f6f43407ce4be0001d1bb201bec283ade79ab23484c1076e703864629ac9a6031533dc956f705f89f0e0ef7d3109e46859d1f2ad1b8cb3cfcedf868a3be101e8b9acd75e39e6a27a541aa9fe86ad3119b7049c3fad2a901222eb948cabb4b5c3e5ba6ffc02a15bf7d550b00ab0f3dd3002924f7bd0701269ae293c4cb231b9127d1f6b38dd6fbb3429905384eed7eed9330a9c5e732bdd510169d9ca3e420ea2102be3770a0ab598c037b8f01e8910cf8b0942aafb156ac90724cf552df158a7f59c26e62f3fcf32d860c2259cb1b3118a773ff3cfbaf9c5b068dade5cd7778f1ea98700629b62534735fef3071c30afa6ea26f7e651ec140936c07d9e90f1c9faef3e05376b1e121af6a6691616c10e19fd4f16b1858b44d99e597908cda0e8fa8c21d8b700987d7723a4b5a4ff3c371f2d1cb9fb2f054abc58727239ba67a173f1431083fedc7c4304488c13c75e4995a58ac9de085377356ddc5338aeb44e7f3d06f82a5e0c846159c881a0395a3dbf32a9f2530a520721431a752b13b01a89bdf2b38387b72e8a533936623ec396f6ef94ddfcca047bf20a6fe450a03dedb36a57355e2519ff579b5c63095f48407ece8a7c6c4f5b2582616f0a6bba059810c0a28355fb08dceec9e290026452c3135f8ad93f9617f22e590122d43f6fdc1ea0f9ec12c551b5127108443bb081f7a89660034ea4f3c4305108428cc91918dbb28c2a117f09609e40903b13055e92a727afa767b1f97df335ee729686c0113e4cc18aa50f4ad82b1d403cc6c11ac3bf63415560417d7d488df01b69c925ca3fce60ca7ac767fd11df61caf62f3ab67dad043faf1cc334903e0f419c2e97553ecaad5814bf097192e76e9a16bc5c9be932718aba32cd7dbcc6bc634a463c6f709cc81963b39442e710c14c7e107b0aeb7b6a0e3f3757860d10dd741863277c43ce4dcec49f4558959b08f59182baf4f250aa045fee383ceaec280817bf222dfbeeca8c1ec8473176326c1ffd49ea072b5f3c73f36865b6052a1595c1bb76cfe37f976848fbcb408381ddeff9c318a2e6bbfe6c18ef16531fec3c47874a5391238c0d6b0e033db3fce94127cc9c98a4211e5d873f7b4810846d96be2d6cac532fce0ddee737e4d1ddb65b8b2449984a897e4090449ed4fb4006fb9d133e51396d4664a3f0c395c5b24781f8389979ccb565c6461b66db7134d15cff5ae8f935a5bcb23caace2edd2b37a726575e3cb0528de05edd9f03e30feb617767b6a557280a0a288b52af44a1607b6063867e5c9d8d56c44968fd509b5983fa06e6b1eefb2f8cee0c1cb49b8b569cf13b77adbc22ce972cd718167ac571ee41a446d13931f849d5636c729996b36ec84171fde260a4e01e9770cf687591a79833ae6473c51e12c0faab96ef093e6178d485526dbf775c94324c76bd4af2652e9036b1cc0d3df05c9232ee6eef7c4f46a6cf8ad160ad087aba6928bf156bf3ade1d135a965c4a2b283485737da67fe99227f2fbfb3baa74d75fe29122adfd82fcb9325b7ea826a52559654e76d494a374d9535facfcd4ab248e388c516bb8a0dc151b1557e418fd7c625c67ab1c50d6f05b97ba15c55631aeea44b21131aa93ead176f7bfd1418856e38782f004f272738827a64bb695f6b6a08cff8d1917be52a8851bd2bfd57d08bb0660e2ffc23792a419c2e9b006e3b0ad05044d99b97391fd2cceb86cf26acebe089a861340b04fd01e1baa70583032a30ea2e605217b80f7ee16d7e28be43d12bb2b67937dd26a8aeb84fef2f2d52f75232a400e7b279dcfc01953b0c46203477a50b5853e8f7b14b2ba31db742504bca6ed95b18846706c9fd85bf2a3a2642029b9ff2828bf0f7cbd96109a237961be8fe5c62f0fcc04c994f123f4a22f048403eac9308cfd2f2e4350c72e9ef83416ce973d3aa90d281a0275886dd3858b5869784ae58e257aa5af6d373dcc9cf520e364be748833adbb10daa6f6a334b51d27529d86ea5ce874562f9f93da45d244224b936fced3b658abbe7aa1f0d502fffce823f528ab47ea3540722f144733666229ae08cfc7e61247742ea4e3c180938ae7c7b81c1ee975c831f79672e044cefc49894c2ab73bba2580ac476cc0e56b6748b8edbb37a3f8dda7ffad4ec07abce7c4d10fc32e40d5a9db37f7b1e3a6eabedbefa9dd8eef189b92363d3391d384af26b7d47958d3d82845c9b668da5bcbd64058dc9e1c6d903ab5d2aa049d197116a11309a1abe9e5b3f9e7f1c623242b1d8089bc369d145a7070e8a9bdf543dbffe899ff9366009a3b0424a634681b530dad9ef23f136a10c7287068e57f3c2de45adf0a105c328e0035b97168f4c17aa4610b2e6e1a6ba0b71c06417b7a9497be4a009b19d7162adfd4d7b6490faf3782a920281333ad09b848ab5f4d15534b8c4e43dc9604b0630f8d349b2c80a98fde04693c31cbed7d460edfc0138dcc5d3974e682bbd555ac19625bf6e0607d8803391ec9c2dc41fc4e8bceae4f53507137324dd02914a067d52a577b812ddac4a34765c26a98839b3edb6290abff0c75991d6f8c1bd7540f38a7f25fec2f3539f894c938e1f3cf0ff1e6994d6a6ecc457a482f045ba712a85e8e31afd49c8e3480dc1c36d56ab2eceac6e5a847455d8ef4e3d45cd463c421bd1bce2ca57dd88f0e7ab3446cdfa8cb3914c240936f1738af7009e9131b240b59af55d7e38307b91fc8f00410cfdcfacaa341607a801afa63640091eb00b860700ea882878a8d9838f5597b970366be7d167ddebfe3c9253b5dbf7f30a67ee4d87dccb3c723c20200aa5fc036caf12811b19ce49c81ce328d7b24587353ecb99bafd327e33303cf447b36800d1bed8ee10df527d55c0d5f7506fb11cb1338074113579e665c6f3cffde5a8ee98a7bf3f8157986cf7c1c5dbdedaacbe3946b3d8809dec7387f006c062b93b6b481a806e5544ddeea7218fcc15c25a88164bfd0735e6290167cb2dbf4b4a317ba00b1fc27d203a6cff71ef8fe97a97d8e07af2ce1d0a0a2aa9ede7dd0572325075c83c2ecf866aa01654eff55ebe4e489e72152e6a3090e2348732704eb02997ffd23a63faabfbbbd1fb124cab606faed24a393058cea1c1286001ee5c0c1fa26b6a81ebdd4718a94cebdb45bfe812c771df398d3305da03d37ced9d0242b6da212dc9f5c14d7ff999bee20f6621792d1442e449eba8589a823e5e99c65fdffbaefe89e2e32406ec4cf574e335e2d288e4cdad56f4b1b57c364ed3e28809e480d6f410c7ebf43bd2a605d6a8c9facae6b7f8f2c56f792ae21fc0cc5dd9beae0cab3547ebb5467183c2f01bc315bd7bd191088886752dc5108093bdbc91348743440130f33d3dfa9c25490245e5fa904f8660e82253c826b7bea4e9a7a1c627e10c56d71878a644bd176016f29cf5398be14cc0fdec45c65e2b967aedb75212eed1eb05a44da62190009d1c08163b74813b82c27f1e6cd681a4b5150f967444b7bc930da68603fd706e96ba8663b2e50ef0a9b04e321a8a337b08fea7288a3fef5062c7e4c17ad3d490870d39c10b78a74eab25c993527e313a4f59d86de55aa9a8a63f734c2db556692fe993b0cd08e0ab5434c9ec02d5127354f55e6b5d5a7b61685d02edae21ece71d203abf7408211229a9ebbfdeffa2c0f38db274066d0706d80398c172e6daf4a0dce62c2287cbf0d30cfa313d7baf4e5caa18f594f0ab0d854f3cef76ff83e96fa49d0e0f8a47193b51a0a45aee2e1d9a5b372b8ee828f645a06979ec351d798480c7824e846028c02f58b5641acbae1e2079abd86182a662bb1642c9346d7fba628fb012da293acef33b8b76a8885c2e5d685348b6148c5b44409f58d8d5f29344fe8a2e4c2432ae622bb1912ea65d55745eff6aa689e859dcaeff39bff895025bd72cd780d59cbaa0886afd5d6676d2de6266903115525c075cc3f75ce9eba3787a890e1f758f0e502c4c9c0538dc942cf4e2d69742edeeddb66b1d459fcf6f744b2c40111104ab21fd4e99b4477e25cc5a9af59108c8b2f569d4ba227c754f294fdc1e6b383fd89861a203f4d4ee33814aeb21ee411a0d6918533aa2450b1e35c97ab6f01f3829c8a4c33fe0fbc81dd579bbdb44eda4f335d2bc512ca7f38f603c29033c94df2c9533f4422432f574a021e90a0fe3a4cf54de46e25986315b30956face49e26e8dcbcc9e1363627a9f38a2ee8304307dab4013d77f4c337551e2a6ac230788513cdd15e734263e4973c75757d9809c510977adc3be6c5b110597b09c7dad1f54e4506744710b53221e4a7982ac4c59bfae6370258b5af7864a4ca680addd736e35da579cc0e975e6cdefa3d082c8b4b10b205415c32797d9450c002895c9b40", 0xd4f) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) r2 = openat$auto_cachefiles_daemon_fops_internal(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) write$auto_cachefiles_daemon_fops_internal(r2, &(0x7f00000001c0)="bc8bf5621a19afeb196c155b38eb59661efa0f8a27f958ba85af7e05bc3ebc7ecb949f3585573e1e8ce631d8702b3367bda5e3187dc0e36784d2c65d38dfccdf95517b0d961e7fb1b5dd63a7782be67d14538e99df2e86d05254de107b64acc76b014c5238817fcfde5bb4575dc5915798ea9e93040a", 0x76) io_uring_register$auto(0x2, 0xa9a9, 0x0, 0x20) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0xb9442, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty58\x00', 0x800, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0xc0000, 0x0) mknod$auto(&(0x7f0000000040)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00'/263, 0x1, 0x4) lstat$auto(&(0x7f0000000200)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00', 0x0) ioctl$auto(0x3, 0x40104d06, 0x5) r4 = fcntl$auto(r3, 0x409, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) semctl$auto(0x201, 0x2, 0x13, 0x1) r5 = signalfd4$auto(0xffffffff, 0x0, 0x8, 0x0) r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000001c0), r4) sendmsg$auto_NL80211_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000300)={&(0x7f0000000440)={0x1e8, r6, 0x100, 0x70bd26, 0x25dfdbfc, {}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x1}, @NL80211_ATTR_PBSS={0x4}, @NL80211_ATTR_HE_OBSS_PD={0xd0, 0x117, 0x0, 0x1, [@NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP={0x17, 0x5, "407bc88a98103635b4a82606b9ac886f1d8fb1"}, @NL80211_HE_OBSS_PD_ATTR_SR_CTRL={0x5, 0x6, 0x7}, @NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP={0xa1, 0x4, "abd0a145c27fabd22b59b7eb6866455faac5f5dcb62f5c3b6a64cf6b31b4a60fa871fe8ab60dcf17baf1dc46a19897521136dcd32bc28a598ee531c4f0de038b2b9ad9d8b4980c36cf3908c7873c63a1a9cfba6313999deb2fb9ce4db0dbb2733b93ca5e5d405631af634ffbebc3df284cafb932ec6a69d16cfe613eba217bcd802c1320a6c9ccb90acbfa79354bc916c7045866eb3836d49164adc526"}, @NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET={0x5, 0x1, 0x2c}]}, @NL80211_ATTR_FREQ_FIXED={0x4}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x7fff}, @NL80211_ATTR_IE={0xe6, 0x2a, "4a5fd7c8dba448b7c9e4c6e0b67f31851695e59663dc42fa1dcbe85b6a3ecaa9e34a5ba6af29a1baf111a444b22aff0c862093353c5f056fd3f528d3c196546e251aaccdc7e33245894edea6c04c387841a8874185dd8e25c0c2a63999c6654b0914294ecccdb02dde3858e8c49182ce25611d2f0222a02996452dd863bc2f4a60699b41d63a628c3c6b4dfcba88314015caa8b31b9bed52d8cd9fcaadc0d18bcecc62d30c70243b48abbddb2112a0b4f7469bddaece88c1ef1bb95dbe028c51776dfbdd750961ea3717e3af737f49ad28835d185aa8e1b35549bfb0f5b0d3a0425c"}]}, 0x1e8}, 0x1, 0x0, 0x0, 0x20000000}, 0x8000) read$auto_l2cap_debugfs_fops_(r5, &(0x7f0000000240)=""/173, 0xad) mmap$auto(0x100000, 0xffffffffffffffff, 0x4000000000df, 0x19, r5, 0x5) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mprotect$auto(0x1ffff000, 0x8000000000000004, 0xd) 2.002350919s ago: executing program 3 (id=2520): r0 = socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0x5) r1 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000080)) lseek$auto(r1, 0x8000000000000000, 0x2) r2 = socket(0x15, 0x5, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x6, 0x0) setsockopt$auto(0x3, 0x1, 0x1d, 0x0, 0x8) setsockopt$auto(0x3, 0x1, 0x41, 0x0, 0x88) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x4, 0x8000) read$auto(0x3, 0x0, 0x80) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @loopback}, 0x6a) sendmsg$auto(r2, &(0x7f0000000180)={&(0x7f0000000040), 0x7fc, 0x0, 0x8, 0x0, 0x1, 0x4}, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp\x00', 0x367002, 0x0) getsockopt$auto(r0, 0x84, 0x7d, 0x0, &(0x7f0000000000)=0x9b) 768.638573ms ago: executing program 2 (id=2522): r0 = socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) gettid() close_range$auto(0x0, 0xfffffffffffff000, 0x2) r1 = eventfd$auto(0x4) r2 = getpid() process_vm_readv$auto(r2, &(0x7f0000000000)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={&(0x7f0000000140), 0x40000000001243}, 0xa, 0x0) prctl$auto_PR_SET_MM_START_DATA(0x0, 0x3, r2, 0xbf, 0x100000001) r3 = socketpair$auto(0xfffffffd, 0x5, 0xffffffff, 0x0) ioctl$auto_BLKTRACETEARDOWN(r3, 0x1276, 0x0) unshare$auto(0x40000080) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_ovs_meter(&(0x7f0000002dc0), 0xffffffffffffffff) sendmsg$auto_OVS_METER_CMD_DEL(r5, &(0x7f0000002ec0)={0x0, 0x0, &(0x7f0000002e80)={&(0x7f0000002e00)={0x20, r6, 0x1, 0x70bd26, 0x25dfdbfb, {}, [@OVS_METER_ATTR_KBPS={0x4}, @OVS_METER_ATTR_ID={0x8, 0x1, 0x6}]}, 0x20}, 0x1, 0x0, 0x0, 0x80}, 0x0) msgctl$auto(0x9, 0x6, &(0x7f00000001c0)={{0x0, 0xffffffffffffffff, 0x0, 0x7fffffff, 0xe0, 0x4, 0x37}, &(0x7f0000000100)=0x79, &(0x7f0000000140)=0x1, 0x1, 0x9ef5, 0x100, 0xcc63, 0x7, 0x4, 0x401, 0x6, @inferred=r2, @raw=0x1}) sendmsg$auto_OVS_METER_CMD_SET(r4, &(0x7f0000000400)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000003c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="7c010000", @ANYRES16=r6, @ANYBLOB="20002dbd7000fcdbdf2502000000080008004201000014000300080000000000000003000000000000001400030008000000000000000300000000000000040006003101048089470ea8d88a4b55bcb19af67887ffb7bf4ee909fb247c545dddc75165a908001100ac14141d080052800400618004007b00080082001000000098366167851261869f2b974afc7b24cfa4644d1975dc0778b97ae5aeedf0832b087e843c1bc5ef0816be2776b20f249a06d31a0b8dcfde5bf7eda7a19bc83f95b4e2e8578d67ac48d4ba2c4fad8b503ccb88b287a73b95a2f5b0f21ec42b238c5afba6c4518d918905dfa23a1ec84f3bb52b82a32be4844c2961ac69beb56f163645ccdc6c81cf057a49fa067e1ed67ed61da9f8a24ff39e88a5ebd26b5e0abc7b9114160a54d1a1746d68aff292aea9b5691bb45775728392fab6f7ea9428c6b87d1c22a0db370d07af7dd3adbc3cba3cc0865fb3afe7bbb8fe1608005700ac1414aa0800bb00", @ANYRES32=r3, @ANYBLOB="6a2a320f", @ANYRES32=r7, @ANYBLOB='\x00\x00\x00'], 0x17c}, 0x1, 0x0, 0x0, 0x800}, 0x94) setsockopt$auto(0x3, 0x83, 0x7b, 0x0, 0x9) sendmsg$auto_TIPC_NL_KEY_FLUSH(r1, 0x0, 0x2437b59cbfe687a8) setsockopt$auto(0x3, 0x10000000084, 0x7c, 0x0, 0x8) getsockopt$auto(r0, 0x84, 0x7c, 0x0, &(0x7f0000000000)=0x7ffe) 0s ago: executing program 3 (id=2523): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, 0x0, 0x4000000) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x140242, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x20) writev$auto(r0, &(0x7f0000000200)={0x0, 0x10}, 0x3) openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000000), 0x181080, 0x0) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) rt_sigaction$auto(0x1, &(0x7f00000001c0)={&(0x7f0000000080)=0x0, 0x7fffffffffffffff, 0x0, {0x5}}, 0x0, 0x8) rt_sigaction$auto(0x5, &(0x7f0000000140)={&(0x7f0000000040)=0x0, 0x9, 0x0, {0x81}}, 0x0, 0x8) r2 = gettid() sched_setaffinity$auto(0x0, 0x9899, &(0x7f00000000c0)=0xf19d) rt_sigqueueinfo$auto(r2, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) kernel console output (not intermixed with test programs):                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     syzkaller syzkaller login: [ 577.115426][T13703] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 577.141034][T13703] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 577.159641][T13703] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 577.189501][T13703] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 579.156461][ T7858] Bluetooth: hci0: command 0x0c1a tx timeout [ 579.227382][ T7858] Bluetooth: hci3: command 0x0c1a tx timeout [ 579.237427][ T6101] Bluetooth: hci2: command 0x0c1a tx timeout [ 579.243486][ T6101] Bluetooth: hci1: command 0x0c1a tx timeout [ 580.265057][ T6133] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm kworker/u10:5: bg 2: bad block bitmap checksum [ 580.281535][ T6133] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 1371 with max blocks 1 with error 74 [ 580.360562][ T6133] EXT4-fs (sda1): This should not happen!! Data will be lost [ 580.360562][ T6133] [ 580.396949][ T6133] EXT4-fs (sda1): Delayed block allocation failed for inode 2026 at logical offset 8 with max blocks 1 with error 117 [ 580.415618][ T6133] EXT4-fs (sda1): This should not happen!! Data will be lost [ 580.415618][ T6133] [ 583.524923][T13830] netlink: 'syz.0.1769': attribute type 22 has an invalid length. [ 583.583040][T13830] netlink: 252 bytes leftover after parsing attributes in process `syz.0.1769'. [ 583.643831][T13830] netlink: 'syz.0.1769': attribute type 22 has an invalid length. [ 583.676929][T13830] netlink: 252 bytes leftover after parsing attributes in process `syz.0.1769'. [ 584.246608][T13828] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 584.254190][T13828] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 584.260643][T13828] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 584.267072][T13828] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 585.049293][T13849] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1781'. [ 585.639870][T13746] Bluetooth: hci0: command 0x0c1a tx timeout [ 586.295956][T13746] Bluetooth: hci2: command 0x0c1a tx timeout [ 586.302361][T13746] Bluetooth: hci1: command 0x0c1a tx timeout [ 586.346943][T13745] Bluetooth: hci3: command 0x0c1a tx timeout [ 588.244751][T13917] binder: 13915:13917 ioctl c00c6211 0 returned -14 [ 588.252841][T13917] binder: 13915:13917 ioctl c0306201 200000000000 returned -14 [ 588.649359][T13929] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1794'. [ 593.421627][T14025] : entered promiscuous mode [ 593.970108][T14039] netlink: 21 bytes leftover after parsing attributes in process `syz.2.1822'. syzkaller syzkaller login: [ 595.658798][T14065] : entered promiscuous mode [ 599.290552][T14139] random: crng reseeded on system resumption [ 599.306241][T14139] FAULT_INJECTION: forcing a failure. [ 599.306241][T14139] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 599.396842][T14139] CPU: 0 UID: 0 PID: 14139 Comm: syz.0.1846 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 599.396914][T14139] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 599.396933][T14139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 599.396953][T14139] Call Trace: [ 599.396963][T14139] [ 599.396976][T14139] dump_stack_lvl+0x16c/0x1f0 [ 599.397023][T14139] should_fail_ex+0x512/0x640 [ 599.397082][T14139] should_fail_alloc_page+0xe7/0x130 [ 599.397132][T14139] prepare_alloc_pages+0x3c2/0x610 [ 599.397178][T14139] ? rcu_is_watching+0x12/0xc0 [ 599.397220][T14139] __alloc_frozen_pages_noprof+0x18b/0x2470 [ 599.397269][T14139] ? stack_trace_save+0x8e/0xc0 [ 599.397308][T14139] ? __pfx_stack_trace_save+0x10/0x10 [ 599.397353][T14139] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 599.397401][T14139] ? kasan_save_stack+0x42/0x60 [ 599.397438][T14139] ? kasan_save_stack+0x33/0x60 [ 599.397480][T14139] ? do_dentry_open+0x982/0x1530 [ 599.397516][T14139] ? vfs_open+0x82/0x3f0 [ 599.397556][T14139] ? path_openat+0x1de4/0x2cb0 [ 599.397588][T14139] ? do_filp_open+0x20b/0x470 [ 599.397619][T14139] ? do_sys_openat2+0x11b/0x1d0 [ 599.397663][T14139] ? __x64_sys_openat+0x174/0x210 [ 599.397708][T14139] ? do_syscall_64+0xcd/0xfa0 [ 599.397745][T14139] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 599.397780][T14139] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 599.397832][T14139] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 599.397889][T14139] ? policy_nodemask+0xea/0x4e0 [ 599.397935][T14139] alloc_pages_mpol+0x1fb/0x550 [ 599.397980][T14139] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 599.398037][T14139] alloc_pages_noprof+0x131/0x390 [ 599.398081][T14139] get_zeroed_page_noprof+0x18/0xb0 [ 599.398122][T14139] get_image_page+0x18/0x190 [ 599.398156][T14139] alloc_rtree_node+0x3c/0xb0 [ 599.398190][T14139] memory_bm_create+0x519/0x810 [ 599.398243][T14139] create_basic_memory_bitmaps+0xbd/0x320 [ 599.398289][T14139] snapshot_open+0x235/0x2b0 [ 599.398331][T14139] ? __pfx_snapshot_open+0x10/0x10 [ 599.398382][T14139] misc_open+0x26d/0x450 [ 599.398436][T14139] ? __pfx_misc_open+0x10/0x10 [ 599.398488][T14139] chrdev_open+0x234/0x6a0 [ 599.398529][T14139] ? __pfx_apparmor_file_open+0x10/0x10 [ 599.398578][T14139] ? __pfx_chrdev_open+0x10/0x10 [ 599.398624][T14139] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 599.398669][T14139] do_dentry_open+0x982/0x1530 [ 599.398709][T14139] ? __pfx_chrdev_open+0x10/0x10 [ 599.398758][T14139] vfs_open+0x82/0x3f0 [ 599.398811][T14139] path_openat+0x1de4/0x2cb0 [ 599.398868][T14139] ? __pfx_path_openat+0x10/0x10 [ 599.398909][T14139] ? __lock_acquire+0xb8a/0x1c90 [ 599.398961][T14139] do_filp_open+0x20b/0x470 [ 599.398999][T14139] ? __pfx_do_filp_open+0x10/0x10 [ 599.399070][T14139] ? alloc_fd+0x471/0x7d0 [ 599.399116][T14139] do_sys_openat2+0x11b/0x1d0 [ 599.399163][T14139] ? __pfx_do_sys_openat2+0x10/0x10 [ 599.399216][T14139] ? __fput+0x68d/0xb70 [ 599.399270][T14139] __x64_sys_openat+0x174/0x210 [ 599.399345][T14139] ? __pfx___x64_sys_openat+0x10/0x10 [ 599.399427][T14139] do_syscall_64+0xcd/0xfa0 [ 599.399474][T14139] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 599.399507][T14139] RIP: 0033:0x7fe41578f6c9 [ 599.399535][T14139] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 599.399566][T14139] RSP: 002b:00007fe41666e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 599.399598][T14139] RAX: ffffffffffffffda RBX: 00007fe4159e5fa0 RCX: 00007fe41578f6c9 [ 599.399620][T14139] RDX: 00000000001438bf RSI: 0000200000000000 RDI: ffffffffffffff9c [ 599.399642][T14139] RBP: 00007fe415811f91 R08: 0000000000000000 R09: 0000000000000000 [ 599.399661][T14139] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 599.399681][T14139] R13: 00007fe4159e6038 R14: 00007fe4159e5fa0 R15: 00007ffe2308d5b8 [ 599.399726][T14139] [ 600.406093][T14158] netlink: 21 bytes leftover after parsing attributes in process `syz.0.1851'. [ 602.683105][T14193] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 602.931161][T14194] random: crng reseeded on system resumption [ 603.525454][T14219] random: crng reseeded on system resumption [ 604.279604][T14231] FAULT_INJECTION: forcing a failure. [ 604.279604][T14231] name failslab, interval 1, probability 0, space 0, times 0 [ 604.369440][T14231] CPU: 0 UID: 0 PID: 14231 Comm: syz.1.1863 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 604.369508][T14231] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 604.369526][T14231] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 604.369545][T14231] Call Trace: [ 604.369555][T14231] [ 604.369568][T14231] dump_stack_lvl+0x16c/0x1f0 [ 604.369613][T14231] should_fail_ex+0x512/0x640 [ 604.369663][T14231] ? fs_reclaim_acquire+0xae/0x150 [ 604.369711][T14231] should_failslab+0xc2/0x120 [ 604.369764][T14231] __kmalloc_noprof+0xdd/0x880 [ 604.369814][T14231] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 604.369861][T14231] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 604.369898][T14231] tomoyo_realpath_from_path+0xc2/0x6e0 [ 604.369941][T14231] ? tomoyo_profile+0x47/0x60 [ 604.369987][T14231] tomoyo_path_number_perm+0x245/0x580 [ 604.370037][T14231] ? tomoyo_path_number_perm+0x237/0x580 [ 604.370094][T14231] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 604.370151][T14231] ? find_held_lock+0x2b/0x80 [ 604.370222][T14231] ? find_held_lock+0x2b/0x80 [ 604.370256][T14231] ? hook_file_ioctl_common+0x145/0x410 [ 604.370297][T14231] ? __fget_files+0x20e/0x3c0 [ 604.370338][T14231] security_file_ioctl+0x9b/0x240 [ 604.370372][T14231] __x64_sys_ioctl+0xb7/0x210 [ 604.370429][T14231] do_syscall_64+0xcd/0xfa0 [ 604.370472][T14231] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 604.370504][T14231] RIP: 0033:0x7fcd16b8f6c9 [ 604.370529][T14231] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 604.370559][T14231] RSP: 002b:00007fcd17957038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 604.370589][T14231] RAX: ffffffffffffffda RBX: 00007fcd16de5fa0 RCX: 00007fcd16b8f6c9 [ 604.370610][T14231] RDX: 0000000000000006 RSI: 0000000000004b41 RDI: 0000000000000003 [ 604.370629][T14231] RBP: 00007fcd17957090 R08: 0000000000000000 R09: 0000000000000000 [ 604.370649][T14231] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 604.370668][T14231] R13: 00007fcd16de6038 R14: 00007fcd16de5fa0 R15: 00007ffd76a81a98 [ 604.370713][T14231] [ 604.375375][T14231] ERROR: Out of memory at tomoyo_realpath_from_path. [ 607.731227][T14277] netlink: zone id is out of range [ 607.736430][T14277] netlink: del zone limit has 4 unknown bytes [ 607.987553][T14279] Invalid ELF header magic: != ELF [ 608.327550][T14285] FAULT_INJECTION: forcing a failure. [ 608.327550][T14285] name failslab, interval 1, probability 0, space 0, times 0 [ 608.401990][T14285] CPU: 1 UID: 0 PID: 14285 Comm: syz.0.1874 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 608.402055][T14285] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 608.402072][T14285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 608.402090][T14285] Call Trace: [ 608.402100][T14285] [ 608.402113][T14285] dump_stack_lvl+0x16c/0x1f0 [ 608.402157][T14285] should_fail_ex+0x512/0x640 [ 608.402206][T14285] ? fs_reclaim_acquire+0xae/0x150 [ 608.402253][T14285] should_failslab+0xc2/0x120 [ 608.402296][T14285] __kmalloc_noprof+0xdd/0x880 [ 608.402350][T14285] ? tomoyo_encode2+0x100/0x3e0 [ 608.402405][T14285] ? tomoyo_encode2+0x100/0x3e0 [ 608.402440][T14285] tomoyo_encode2+0x100/0x3e0 [ 608.402484][T14285] tomoyo_encode+0x29/0x50 [ 608.402519][T14285] tomoyo_realpath_from_path+0x18f/0x6e0 [ 608.402570][T14285] tomoyo_path_number_perm+0x245/0x580 [ 608.402622][T14285] ? tomoyo_path_number_perm+0x237/0x580 [ 608.402681][T14285] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 608.402735][T14285] ? find_held_lock+0x2b/0x80 [ 608.402807][T14285] ? find_held_lock+0x2b/0x80 [ 608.402839][T14285] ? hook_file_ioctl_common+0x145/0x410 [ 608.402882][T14285] ? __fget_files+0x20e/0x3c0 [ 608.402922][T14285] security_file_ioctl+0x9b/0x240 [ 608.402957][T14285] __x64_sys_ioctl+0xb7/0x210 [ 608.403010][T14285] do_syscall_64+0xcd/0xfa0 [ 608.403051][T14285] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 608.403084][T14285] RIP: 0033:0x7fe41578f6c9 [ 608.403111][T14285] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 608.403143][T14285] RSP: 002b:00007fe41666e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 608.403175][T14285] RAX: ffffffffffffffda RBX: 00007fe4159e5fa0 RCX: 00007fe41578f6c9 [ 608.403195][T14285] RDX: 0000000000000006 RSI: 0000000000004b41 RDI: 0000000000000003 [ 608.403216][T14285] RBP: 00007fe41666e090 R08: 0000000000000000 R09: 0000000000000000 [ 608.403236][T14285] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 608.403256][T14285] R13: 00007fe4159e6038 R14: 00007fe4159e5fa0 R15: 00007ffe2308d5b8 [ 608.403301][T14285] [ 608.404218][T14285] ERROR: Out of memory at tomoyo_realpath_from_path. [ 609.812941][T14297] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1877'. [ 610.918096][ T6133] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 1371 with max blocks 1 with error 117 [ 610.996888][ T6133] EXT4-fs (sda1): This should not happen!! Data will be lost [ 610.996888][ T6133] [ 612.396328][ T30] audit: type=1800 audit(1763293313.543:12): pid=14340 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1888" name="members" dev="configfs" ino=47387 res=0 errno=0 [ 612.430910][T14342] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1887'. [ 615.150521][T14377] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 617.557811][T14411] random: crng reseeded on system resumption [ 619.577892][T14434] netlink: zone id is out of range [ 619.583098][T14434] netlink: del zone limit has 4 unknown bytes [ 619.854555][T14449] Invalid ELF header magic: != ELF [ 634.765515][T14757] FAULT_INJECTION: forcing a failure. [ 634.765515][T14757] name failslab, interval 1, probability 0, space 0, times 0 [ 634.812226][T14757] CPU: 0 UID: 0 PID: 14757 Comm: syz.0.1981 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 634.812284][T14757] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 634.812298][T14757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 634.812312][T14757] Call Trace: [ 634.812320][T14757] [ 634.812329][T14757] dump_stack_lvl+0x16c/0x1f0 [ 634.812363][T14757] should_fail_ex+0x512/0x640 [ 634.812401][T14757] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 634.812429][T14757] ? __pfx_filemap_map_pages+0x10/0x10 [ 634.812453][T14757] should_failslab+0xc2/0x120 [ 634.812489][T14757] kmem_cache_alloc_noprof+0x75/0x6e0 [ 634.812520][T14757] ? __lock_acquire+0xb8a/0x1c90 [ 634.812553][T14757] ? ptlock_alloc+0x1f/0x70 [ 634.812595][T14757] ? __pfx_filemap_map_pages+0x10/0x10 [ 634.812619][T14757] ? ptlock_alloc+0x1f/0x70 [ 634.812655][T14757] ptlock_alloc+0x1f/0x70 [ 634.812692][T14757] pte_alloc_one+0x84/0x350 [ 634.812721][T14757] __do_fault+0x320/0x490 [ 634.812744][T14757] ? do_raw_spin_lock+0x12c/0x2b0 [ 634.812795][T14757] ? __pfx_filemap_map_pages+0x10/0x10 [ 634.812826][T14757] do_pte_missing+0x1a6/0x3ba0 [ 634.812879][T14757] ? __thp_vma_allowable_orders+0x1c8/0xcd0 [ 634.812934][T14757] ? __pmd_alloc+0x64f/0x8b0 [ 634.812985][T14757] __handle_mm_fault+0x1556/0x2aa0 [ 634.813045][T14757] ? mt_find+0x3e2/0xa20 [ 634.813093][T14757] ? __pfx___handle_mm_fault+0x10/0x10 [ 634.813143][T14757] ? __pfx_mt_find+0x10/0x10 [ 634.813212][T14757] ? find_vma+0xbf/0x140 [ 634.813252][T14757] ? __pfx_find_vma+0x10/0x10 [ 634.813298][T14757] handle_mm_fault+0x589/0xd10 [ 634.813354][T14757] ? __pkru_allows_pkey+0x21/0xb0 [ 634.813412][T14757] do_user_addr_fault+0x7a6/0x1370 [ 634.813449][T14757] ? rcu_is_watching+0x12/0xc0 [ 634.813491][T14757] exc_page_fault+0x64/0xc0 [ 634.813543][T14757] asm_exc_page_fault+0x26/0x30 [ 634.813576][T14757] RIP: 0010:rep_movs_alternative+0x11/0x90 [ 634.813631][T14757] Code: e9 84 3c 04 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 f9 40 73 44 83 f9 08 73 25 85 c9 74 0f 8a 06 <88> 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 4d 3c 04 00 66 66 2e 0f [ 634.813665][T14757] RSP: 0018:ffffc9001938fb58 EFLAGS: 00050202 [ 634.813694][T14757] RAX: 0000000000000035 RBX: 0000000000000002 RCX: 0000000000000002 [ 634.813714][T14757] RDX: fffff52003271f82 RSI: ffffc9001938fc08 RDI: 0000000000000000 [ 634.813736][T14757] RBP: 0000000000000000 R08: 0000000000000000 R09: fffff52003271f81 [ 634.813756][T14757] R10: ffffc9001938fc09 R11: 0000000000000001 R12: ffffc9001938fc08 [ 634.813778][T14757] R13: 0000000000000002 R14: 00007ffffffff000 R15: 0000000000000000 [ 634.813823][T14757] _copy_to_user+0xbb/0xd0 [ 634.813880][T14757] simple_read_from_buffer+0xcb/0x170 [ 634.813937][T14757] proc_fail_nth_read+0x197/0x240 [ 634.813979][T14757] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 634.814020][T14757] ? rw_verify_area+0xcf/0x6c0 [ 634.814054][T14757] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 634.814088][T14757] vfs_readv+0x5c1/0x8b0 [ 634.814130][T14757] ? __pfx_vfs_readv+0x10/0x10 [ 634.814161][T14757] ? __mutex_lock+0x1c5/0x1060 [ 634.814216][T14757] ? __pfx___mutex_lock+0x10/0x10 [ 634.814275][T14757] ? __fget_files+0x20e/0x3c0 [ 634.814320][T14757] ? do_readv+0x132/0x340 [ 634.814350][T14757] do_readv+0x132/0x340 [ 634.814382][T14757] ? __pfx_do_readv+0x10/0x10 [ 634.814429][T14757] do_syscall_64+0xcd/0xfa0 [ 634.814472][T14757] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 634.814517][T14757] RIP: 0033:0x7fe41578f6c9 [ 634.814543][T14757] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 634.814575][T14757] RSP: 002b:00007fe41666e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 634.814604][T14757] RAX: ffffffffffffffda RBX: 00007fe4159e5fa0 RCX: 00007fe41578f6c9 [ 634.814624][T14757] RDX: 000000000000006f RSI: 00002000000000c0 RDI: 0000000000000004 [ 634.814643][T14757] RBP: 00007fe415811f91 R08: 0000000000000000 R09: 0000000000000000 [ 634.814663][T14757] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 634.814682][T14757] R13: 00007fe4159e6038 R14: 00007fe4159e5fa0 R15: 00007ffe2308d5b8 [ 634.814727][T14757] [ 634.883579][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 635.286934][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 635.875156][T14764] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1983'. [ 636.392319][T14758] kexec: Could not allocate control_code_buffer [ 636.852904][T14799] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 637.933668][T14825] FAULT_INJECTION: forcing a failure. [ 637.933668][T14825] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 637.947097][T14825] CPU: 0 UID: 0 PID: 14825 Comm: syz.3.2001 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 637.947166][T14825] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 637.947184][T14825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 637.947203][T14825] Call Trace: [ 637.947213][T14825] [ 637.947223][T14825] dump_stack_lvl+0x16c/0x1f0 [ 637.947270][T14825] should_fail_ex+0x512/0x640 [ 637.947327][T14825] _copy_from_iter+0x463/0x1720 [ 637.947392][T14825] ? __pfx__copy_from_iter+0x10/0x10 [ 637.947440][T14825] ? sctp_addto_chunk+0xfa/0x2a0 [ 637.947475][T14825] ? __asan_memcpy+0x3c/0x60 [ 637.947508][T14825] ? sctp_make_datafrag_empty+0x1c3/0x240 [ 637.947549][T14825] ? __pfx_sctp_make_datafrag_empty+0x10/0x10 [ 637.947595][T14825] sctp_user_addto_chunk+0x84/0x240 [ 637.947640][T14825] sctp_datamsg_from_user+0x5b6/0x1330 [ 637.947695][T14825] sctp_sendmsg_to_asoc+0xae2/0x1bd0 [ 637.947740][T14825] ? sctp_assoc_set_primary+0x177/0x300 [ 637.947786][T14825] ? sctp_assoc_add_peer+0x252/0x1550 [ 637.947841][T14825] ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10 [ 637.947884][T14825] ? sctp_connect_new_asoc+0x41e/0x770 [ 637.947934][T14825] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 637.947993][T14825] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 637.948065][T14825] sctp_sendmsg+0xe99/0x1e00 [ 637.948132][T14825] ? __pfx_sctp_sendmsg+0x10/0x10 [ 637.948179][T14825] ? __pfx___might_resched+0x10/0x10 [ 637.948224][T14825] ? aa_sk_perm+0x2f4/0xb10 [ 637.948263][T14825] ? __pfx_aa_sk_perm+0x10/0x10 [ 637.948298][T14825] ? __pfx_sctp_sendmsg+0x10/0x10 [ 637.948336][T14825] inet_sendmsg+0x11c/0x140 [ 637.948375][T14825] ____sys_sendmsg+0x973/0xc70 [ 637.948411][T14825] ? __pfx_____sys_sendmsg+0x10/0x10 [ 637.948446][T14825] ? find_held_lock+0x2b/0x80 [ 637.948472][T14825] ? futex_unqueue+0x133/0x2c0 [ 637.948509][T14825] ___sys_sendmsg+0x134/0x1d0 [ 637.948534][T14825] ? __pfx____sys_sendmsg+0x10/0x10 [ 637.948574][T14825] ? find_held_lock+0x2b/0x80 [ 637.948617][T14825] __sys_sendmmsg+0x200/0x420 [ 637.948646][T14825] ? __pfx___sys_sendmmsg+0x10/0x10 [ 637.948679][T14825] ? __pfx_do_futex+0x10/0x10 [ 637.948730][T14825] ? xfd_validate_state+0x61/0x180 [ 637.948772][T14825] __x64_sys_sendmmsg+0x9c/0x100 [ 637.948796][T14825] ? lockdep_hardirqs_on+0x7c/0x110 [ 637.948826][T14825] do_syscall_64+0xcd/0xfa0 [ 637.948859][T14825] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 637.948884][T14825] RIP: 0033:0x7fa87338f6c9 [ 637.948903][T14825] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 637.948927][T14825] RSP: 002b:00007fa8742bc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 637.948949][T14825] RAX: ffffffffffffffda RBX: 00007fa8735e5fa0 RCX: 00007fa87338f6c9 [ 637.948966][T14825] RDX: 0000000000000008 RSI: 0000200000000140 RDI: 0000000000000004 [ 637.948981][T14825] RBP: 00007fa873411f91 R08: 0000000000000000 R09: 0000000000000000 [ 637.948995][T14825] R10: 0000000000000311 R11: 0000000000000246 R12: 0000000000000000 [ 637.949019][T14825] R13: 00007fa8735e6038 R14: 00007fa8735e5fa0 R15: 00007ffd53bf03e8 [ 637.949051][T14825] [ 638.716549][T14833] random: crng reseeded on system resumption [ 638.834326][T14839] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2006'. [ 638.879292][T14844] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2006'. [ 639.155635][T14841] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 1338 with max blocks 33 with error 117 [ 639.169652][T14841] EXT4-fs (sda1): This should not happen!! Data will be lost [ 639.169652][T14841] [ 640.863003][T14880] openvswitch: netlink: Geneve option length err (len 256, max 255). [ 641.055324][T14885] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2017'. [ 643.055570][T14916] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 648.392953][T15000] random: crng reseeded on system resumption [ 648.486919][T15003] FAULT_INJECTION: forcing a failure. [ 648.486919][T15003] name failslab, interval 1, probability 0, space 0, times 0 [ 648.514848][T15003] CPU: 1 UID: 0 PID: 15003 Comm: syz.0.2046 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 648.514904][T15003] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 648.514918][T15003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 648.514933][T15003] Call Trace: [ 648.514941][T15003] [ 648.514950][T15003] dump_stack_lvl+0x16c/0x1f0 [ 648.514985][T15003] should_fail_ex+0x512/0x640 [ 648.515022][T15003] ? __kmalloc_cache_noprof+0x5f/0x780 [ 648.515051][T15003] should_failslab+0xc2/0x120 [ 648.515085][T15003] __kmalloc_cache_noprof+0x72/0x780 [ 648.515108][T15003] ? allocate_file_region_entries+0x1a0/0x620 [ 648.515144][T15003] ? allocate_file_region_entries+0x1a0/0x620 [ 648.515173][T15003] ? _raw_spin_unlock+0x28/0x50 [ 648.515197][T15003] allocate_file_region_entries+0x1a0/0x620 [ 648.515233][T15003] ? __pfx_allocate_file_region_entries+0x10/0x10 [ 648.515274][T15003] region_chg+0x85/0x140 [ 648.515315][T15003] __vma_reservation_common+0x43b/0x740 [ 648.515351][T15003] ? __pfx___vma_reservation_common+0x10/0x10 [ 648.515395][T15003] ? __pfx___might_resched+0x10/0x10 [ 648.515421][T15003] ? folio_zero_user+0x1db/0x7c0 [ 648.515465][T15003] hugetlb_fault+0x198e/0x2f40 [ 648.515495][T15003] ? __pfx_hugetlb_fault+0x10/0x10 [ 648.515532][T15003] ? find_vma+0xbf/0x140 [ 648.515560][T15003] ? __pfx_find_vma+0x10/0x10 [ 648.515602][T15003] handle_mm_fault+0xbfa/0xd10 [ 648.515649][T15003] ? __pkru_allows_pkey+0x21/0xb0 [ 648.515691][T15003] do_user_addr_fault+0x7a6/0x1370 [ 648.515718][T15003] ? rcu_is_watching+0x12/0xc0 [ 648.515748][T15003] exc_page_fault+0x64/0xc0 [ 648.515778][T15003] asm_exc_page_fault+0x26/0x30 [ 648.515807][T15003] RIP: 0010:__put_user_4+0xd/0x20 [ 648.515836][T15003] Code: 66 89 01 31 c9 0f 01 ca e9 c0 80 03 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <89> 01 31 c9 0f 01 ca e9 97 80 03 00 0f 1f 80 00 00 00 00 90 90 90 [ 648.515861][T15003] RSP: 0018:ffffc9001868fe18 EFLAGS: 00050246 [ 648.515881][T15003] RAX: 0000000000000006 RBX: 0000000000000000 RCX: 0000000000000000 [ 648.515895][T15003] RDX: 0000000000080000 RSI: ffffffff8924c8f4 RDI: ffffffff8bf075c0 [ 648.515911][T15003] RBP: 1ffff920030d1fc7 R08: dee0e9b4d3d7e67f R09: 0000000000000000 [ 648.515927][T15003] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000006 [ 648.515942][T15003] R13: 0000000000000007 R14: 0000000000000005 R15: dffffc0000000000 [ 648.515966][T15003] ? __sys_socketpair+0x114/0x5a0 [ 648.516007][T15003] __sys_socketpair+0x120/0x5a0 [ 648.516043][T15003] ? __pfx___sys_socketpair+0x10/0x10 [ 648.516081][T15003] ? fput+0x9b/0xd0 [ 648.516124][T15003] ? xfd_validate_state+0x61/0x180 [ 648.516159][T15003] ? __pfx_ksys_write+0x10/0x10 [ 648.516192][T15003] __x64_sys_socketpair+0x96/0x100 [ 648.516228][T15003] ? lockdep_hardirqs_on+0x7c/0x110 [ 648.516257][T15003] do_syscall_64+0xcd/0xfa0 [ 648.516290][T15003] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 648.516319][T15003] RIP: 0033:0x7fe41578f6c9 [ 648.516338][T15003] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 648.516362][T15003] RSP: 002b:00007fe41666e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 648.516384][T15003] RAX: ffffffffffffffda RBX: 00007fe4159e5fa0 RCX: 00007fe41578f6c9 [ 648.516401][T15003] RDX: 8000000000000000 RSI: 0000000000000005 RDI: 000000000000001e [ 648.516417][T15003] RBP: 00007fe415811f91 R08: 0000000000000000 R09: 0000000000000000 [ 648.516432][T15003] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 648.516447][T15003] R13: 00007fe4159e6038 R14: 00007fe4159e5fa0 R15: 00007ffe2308d5b8 [ 648.516480][T15003] [ 648.878263][ C1] vkms_vblank_simulate: vblank timer overrun [ 649.277534][T15014] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2047'. [ 652.362357][T15076] random: crng reseeded on system resumption [ 653.674856][T15099] Format for unlinking a device is "netnsfd:ifidx" (int uint). [ 660.457037][T15213] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 660.555882][T15215] random: crng reseeded on system resumption [ 663.885960][T15261] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 663.900167][T15261] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 663.906560][T15261] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 663.927457][T15261] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 665.157005][T13745] Bluetooth: hci0: command 0x0c1a tx timeout [ 665.950239][T13745] Bluetooth: hci3: command 0x0c1a tx timeout [ 665.956362][T13746] Bluetooth: hci2: command 0x0c1a tx timeout [ 665.962634][ T7858] Bluetooth: hci1: command 0x0c1a tx timeout [ 670.328120][T15404] futex_wake_op: syz.2.2140 tries to shift op by -2048; fix this program [ 670.362793][T15404] futex_wake_op: syz.2.2140 tries to shift op by -2048; fix this program [ 674.152629][T15482] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2158'. [ 674.275515][T15482] netlink: 'syz.3.2158': attribute type 1 has an invalid length. [ 676.604088][T15536] Console: switching to colour frame buffer device 128x48 [ 678.788874][T15575] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2179'. [ 681.857805][T15642] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2196'. [ 682.149734][T15645] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 0, inode_bitmap = 137 [ 682.171047][T15645] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 1, inode_bitmap = 138 [ 682.200768][T15645] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz-executor: bg 0: bad block bitmap checksum [ 682.602257][T15648] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz-executor: bg 1: bad block bitmap checksum [ 683.817373][T13746] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 683.827542][T13746] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 683.835766][T13746] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 683.866424][T13746] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 683.874288][T13746] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 684.308224][T15686] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 684.570832][ T6124] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 684.859927][ T6124] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 685.119340][ T6124] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 685.276247][T15693] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2207'. [ 685.310736][ T6124] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 685.335626][T15693] batadv0: left allmulticast mode [ 685.340928][T15693] batadv0: left promiscuous mode [ 685.353325][T15693] bridge0: port 3(batadv0) entered disabled state [ 685.365309][T15693] bridge_slave_1: left allmulticast mode [ 685.371381][T15693] bridge_slave_1: left promiscuous mode [ 685.393284][T15693] bridge0: port 2(bridge_slave_1) entered disabled state [ 685.427269][T15693] bridge_slave_0: left allmulticast mode [ 685.443289][T15693] bridge_slave_0: left promiscuous mode [ 685.453649][T15693] bridge0: port 1(bridge_slave_0) entered disabled state [ 685.947722][T13745] Bluetooth: hci4: command tx timeout [ 686.074161][T15666] chnl_net:caif_netlink_parms(): no params data found [ 686.134326][ T6124] bridge_slave_1: left allmulticast mode [ 686.147462][ T6124] bridge_slave_1: left promiscuous mode [ 686.170374][ T6124] bridge0: port 2(bridge_slave_1) entered disabled state [ 686.299249][ T6124] bridge_slave_0: left allmulticast mode [ 686.316522][ T6124] bridge_slave_0: left promiscuous mode [ 686.332671][ T6124] bridge0: port 1(bridge_slave_0) entered disabled state [ 687.615361][ T6124] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 687.646342][ T6124] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 687.661336][ T6124] bond0 (unregistering): Released all slaves [ 687.851558][ T6124] ovs_ÿþ: left promiscuous mode [ 688.005426][ T6124] ë4—fRd: left promiscuous mode [ 688.028269][T13745] Bluetooth: hci4: command tx timeout [ 688.079233][ T6124] : left promiscuous mode [ 688.123292][T15666] bridge0: port 1(bridge_slave_0) entered blocking state [ 688.151058][T15666] bridge0: port 1(bridge_slave_0) entered disabled state [ 688.182970][T15666] bridge_slave_0: entered allmulticast mode [ 688.210046][T15666] bridge_slave_0: entered promiscuous mode [ 688.274635][T15666] bridge0: port 2(bridge_slave_1) entered blocking state [ 688.310904][T15666] bridge0: port 2(bridge_slave_1) entered disabled state [ 688.343597][T15666] bridge_slave_1: entered allmulticast mode [ 688.378008][T15666] bridge_slave_1: entered promiscuous mode [ 688.659591][T15666] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 688.791110][T15666] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 688.831380][T15765] netlink: 310 bytes leftover after parsing attributes in process `syz.3.2219'. [ 689.117739][T15776] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 689.149658][T15666] team0: Port device team_slave_0 added [ 689.173379][T15666] team0: Port device team_slave_1 added [ 689.549585][T15666] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 689.575497][T15666] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 689.644490][T15666] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 689.668342][T15666] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 689.675355][T15666] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 689.762017][T15666] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 690.108782][T13745] Bluetooth: hci4: command tx timeout [ 690.226612][T15666] hsr_slave_0: entered promiscuous mode [ 690.233807][T15666] hsr_slave_1: entered promiscuous mode [ 690.241016][T15666] debugfs: 'hsr0' already exists in 'hsr' [ 690.247378][T15666] Cannot create hsr debugfs directory [ 690.365577][ T6124] hsr_slave_0: left promiscuous mode [ 690.373165][ T6124] hsr_slave_1: left promiscuous mode [ 690.413186][ T6124] veth1_vlan: left promiscuous mode [ 690.419362][ T6124] veth0_vlan: left promiscuous mode [ 690.444277][T15787] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 690.457900][T15787] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 690.464128][T15787] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 690.478809][T15787] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 690.495236][T15787] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 690.528189][T15787] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 691.539288][ T6124] team0 (unregistering): Port device team_slave_1 removed [ 691.698469][ T6124] team0 (unregistering): Port device team_slave_0 removed [ 691.761109][T15816] netlink: 310 bytes leftover after parsing attributes in process `syz.3.2229'. [ 692.106991][T13745] Bluetooth: hci0: command 0x0c1a tx timeout [ 692.513183][T13745] Bluetooth: hci4: command 0x0c1a tx timeout [ 692.521107][T13746] Bluetooth: hci3: command 0x0c1a tx timeout [ 692.529297][ T7858] Bluetooth: hci2: command 0x0c1a tx timeout [ 694.383428][T15867] FAULT_INJECTION: forcing a failure. [ 694.383428][T15867] name failslab, interval 1, probability 0, space 0, times 0 [ 694.442797][T15867] CPU: 0 UID: 0 PID: 15867 Comm: syz.0.2239 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 694.442869][T15867] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 694.442886][T15867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 694.442904][T15867] Call Trace: [ 694.442915][T15867] [ 694.442927][T15867] dump_stack_lvl+0x16c/0x1f0 [ 694.442973][T15867] should_fail_ex+0x512/0x640 [ 694.443024][T15867] ? __kmalloc_cache_noprof+0x5f/0x780 [ 694.443063][T15867] should_failslab+0xc2/0x120 [ 694.443114][T15867] __kmalloc_cache_noprof+0x72/0x780 [ 694.443143][T15867] ? vhost_net_open+0x2d/0x8a0 [ 694.443194][T15867] ? vhost_net_open+0x73/0x8a0 [ 694.443249][T15867] ? __pfx_vhost_net_open+0x10/0x10 [ 694.443297][T15867] ? vhost_net_open+0x73/0x8a0 [ 694.443345][T15867] vhost_net_open+0x73/0x8a0 [ 694.443396][T15867] ? __pfx_vhost_net_open+0x10/0x10 [ 694.443450][T15867] misc_open+0x26d/0x450 [ 694.443500][T15867] ? __pfx_misc_open+0x10/0x10 [ 694.443551][T15867] chrdev_open+0x234/0x6a0 [ 694.443590][T15867] ? __pfx_apparmor_file_open+0x10/0x10 [ 694.443641][T15867] ? __pfx_chrdev_open+0x10/0x10 [ 694.443696][T15867] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 694.443745][T15867] do_dentry_open+0x982/0x1530 [ 694.443787][T15867] ? __pfx_chrdev_open+0x10/0x10 [ 694.443839][T15867] vfs_open+0x82/0x3f0 [ 694.443907][T15867] path_openat+0x1de4/0x2cb0 [ 694.443960][T15867] ? __pfx_path_openat+0x10/0x10 [ 694.444003][T15867] ? __lock_acquire+0xb8a/0x1c90 [ 694.444058][T15867] do_filp_open+0x20b/0x470 [ 694.444095][T15867] ? __pfx_do_filp_open+0x10/0x10 [ 694.444162][T15867] ? alloc_fd+0x471/0x7d0 [ 694.444207][T15867] do_sys_openat2+0x11b/0x1d0 [ 694.444255][T15867] ? __pfx_do_sys_openat2+0x10/0x10 [ 694.444322][T15867] __x64_sys_openat+0x174/0x210 [ 694.444373][T15867] ? __pfx___x64_sys_openat+0x10/0x10 [ 694.444438][T15867] do_syscall_64+0xcd/0xfa0 [ 694.444483][T15867] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 694.444514][T15867] RIP: 0033:0x7fe41578f6c9 [ 694.444540][T15867] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 694.444574][T15867] RSP: 002b:00007fe41666e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 694.444606][T15867] RAX: ffffffffffffffda RBX: 00007fe4159e5fa0 RCX: 00007fe41578f6c9 [ 694.444627][T15867] RDX: 000000000000a000 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 694.444648][T15867] RBP: 00007fe415811f91 R08: 0000000000000000 R09: 0000000000000000 [ 694.444676][T15867] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 694.444696][T15867] R13: 00007fe4159e6038 R14: 00007fe4159e5fa0 R15: 00007ffe2308d5b8 [ 694.444742][T15867] [ 694.716600][ C0] vkms_vblank_simulate: vblank timer overrun [ 694.839441][T13745] Bluetooth: hci4: command 0x0c1a tx timeout [ 694.923858][T15666] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 695.061148][T15666] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 695.117694][T15874] netlink: 310 bytes leftover after parsing attributes in process `syz.0.2247'. [ 695.150938][T15666] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 695.204858][T15666] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 695.572285][T15666] 8021q: adding VLAN 0 to HW filter on device bond0 [ 695.652924][T15666] 8021q: adding VLAN 0 to HW filter on device team0 [ 695.736154][ T6124] bridge0: port 1(bridge_slave_0) entered blocking state [ 695.743447][ T6124] bridge0: port 1(bridge_slave_0) entered forwarding state [ 695.805123][ T6124] bridge0: port 2(bridge_slave_1) entered blocking state [ 695.812442][ T6124] bridge0: port 2(bridge_slave_1) entered forwarding state [ 695.829236][T15894] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.3.2242: iget: checksum invalid [ 695.864303][T15894] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 695.876130][T15894] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.3.2242: iget: checksum invalid [ 695.920565][T15892] FAULT_INJECTION: forcing a failure. [ 695.920565][T15892] name failslab, interval 1, probability 0, space 0, times 0 [ 695.939571][T15894] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 695.957302][T15894] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.3.2242: iget: checksum invalid [ 695.972542][T15894] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 695.984998][T15894] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.3.2242: iget: checksum invalid [ 695.997386][T15894] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 696.007088][T15894] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 696.017243][T15894] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 696.106813][T15892] CPU: 1 UID: 0 PID: 15892 Comm: syz.0.2241 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 696.106901][T15892] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 696.106920][T15892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 696.106942][T15892] Call Trace: [ 696.106953][T15892] [ 696.106967][T15892] dump_stack_lvl+0x16c/0x1f0 [ 696.107015][T15892] should_fail_ex+0x512/0x640 [ 696.107072][T15892] ? kmem_cache_alloc_lru_noprof+0x66/0x6e0 [ 696.107133][T15892] should_failslab+0xc2/0x120 [ 696.107181][T15892] kmem_cache_alloc_lru_noprof+0x79/0x6e0 [ 696.107216][T15892] ? stack_trace_save+0x8e/0xc0 [ 696.107257][T15892] ? __d_alloc+0x32/0xae0 [ 696.107306][T15892] ? __d_alloc+0x32/0xae0 [ 696.107342][T15892] __d_alloc+0x32/0xae0 [ 696.107386][T15892] d_alloc_parallel+0x111/0x1510 [ 696.107480][T15892] ? find_held_lock+0x2b/0x80 [ 696.107521][T15892] ? __pfx_d_alloc_parallel+0x10/0x10 [ 696.107580][T15892] ? __d_lookup+0x266/0x4a0 [ 696.107644][T15892] lookup_open.isra.0+0x665/0x1580 [ 696.107709][T15892] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 696.107789][T15892] ? mnt_get_write_access+0x1e9/0x2f0 [ 696.107845][T15892] path_openat+0x893/0x2cb0 [ 696.107900][T15892] ? __pfx_path_openat+0x10/0x10 [ 696.107941][T15892] ? __lock_acquire+0xb8a/0x1c90 [ 696.107994][T15892] do_filp_open+0x20b/0x470 [ 696.108035][T15892] ? __pfx_do_filp_open+0x10/0x10 [ 696.108115][T15892] ? alloc_fd+0x471/0x7d0 [ 696.108166][T15892] do_sys_openat2+0x11b/0x1d0 [ 696.108219][T15892] ? __pfx_do_sys_openat2+0x10/0x10 [ 696.108291][T15892] __x64_sys_openat+0x174/0x210 [ 696.108347][T15892] ? __pfx___x64_sys_openat+0x10/0x10 [ 696.108430][T15892] do_syscall_64+0xcd/0xfa0 [ 696.108487][T15892] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 696.108525][T15892] RIP: 0033:0x7fe41578f6c9 [ 696.108553][T15892] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 696.108590][T15892] RSP: 002b:00007fe41664d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 696.108625][T15892] RAX: ffffffffffffffda RBX: 00007fe4159e6090 RCX: 00007fe41578f6c9 [ 696.108649][T15892] RDX: 0000000000040001 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 696.108674][T15892] RBP: 00007fe415811f91 R08: 0000000000000000 R09: 0000000000000000 [ 696.108696][T15892] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 696.108719][T15892] R13: 00007fe4159e6128 R14: 00007fe4159e6090 R15: 00007ffe2308d5b8 [ 696.108768][T15892] [ 696.384735][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 696.391219][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 696.911712][T13745] Bluetooth: hci4: command 0x0c1a tx timeout [ 697.514948][T15666] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 697.690278][T15666] veth0_vlan: entered promiscuous mode [ 697.717085][T15666] veth1_vlan: entered promiscuous mode [ 697.878033][T15666] veth0_macvtap: entered promiscuous mode [ 697.895776][T15666] veth1_macvtap: entered promiscuous mode [ 697.943447][T15931] netlink: 310 bytes leftover after parsing attributes in process `syz.0.2249'. [ 698.010074][T15666] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 698.041966][T15666] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 698.091073][ T6106] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 698.106382][ T6106] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 698.141262][ T6106] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 698.236603][ T6106] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 698.494358][ T9836] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 698.532275][ T9836] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 698.704795][ T9837] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 698.731485][ T9837] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 700.104095][T15985] writing to auto_msgmni has no effect [ 702.695924][T16038] futex_wake_op: syz.0.2266 tries to shift op by -9; fix this program [ 708.836252][T16165] can: request_module (can-proto-0) failed. [ 710.717392][T16203] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2314'. [ 711.957310][T16221] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2319'. [ 713.288478][T16265] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2326'. [ 713.931302][T16282] FAULT_INJECTION: forcing a failure. [ 713.931302][T16282] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 713.952765][T16282] CPU: 1 UID: 0 PID: 16282 Comm: syz.0.2330 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 713.952839][T16282] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 713.952856][T16282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 713.952873][T16282] Call Trace: [ 713.952883][T16282] [ 713.952894][T16282] dump_stack_lvl+0x16c/0x1f0 [ 713.952936][T16282] should_fail_ex+0x512/0x640 [ 713.952989][T16282] _copy_from_user+0x2e/0xd0 [ 713.953040][T16282] copy_msghdr_from_user+0x98/0x160 [ 713.953073][T16282] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 713.953130][T16282] ___sys_sendmsg+0xfe/0x1d0 [ 713.953165][T16282] ? __pfx____sys_sendmsg+0x10/0x10 [ 713.953195][T16282] ? __lock_acquire+0x622/0x1c90 [ 713.953293][T16282] __sys_sendmsg+0x16d/0x220 [ 713.953326][T16282] ? __pfx___sys_sendmsg+0x10/0x10 [ 713.953388][T16282] do_syscall_64+0xcd/0xfa0 [ 713.953428][T16282] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 713.953462][T16282] RIP: 0033:0x7fe41578f6c9 [ 713.953486][T16282] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 713.953518][T16282] RSP: 002b:00007fe41666e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 713.953549][T16282] RAX: ffffffffffffffda RBX: 00007fe4159e5fa0 RCX: 00007fe41578f6c9 [ 713.953568][T16282] RDX: 0000000000040000 RSI: 0000200000000240 RDI: 0000000000000004 [ 713.953587][T16282] RBP: 00007fe41666e090 R08: 0000000000000000 R09: 0000000000000000 [ 713.953606][T16282] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 713.953624][T16282] R13: 00007fe4159e6038 R14: 00007fe4159e5fa0 R15: 00007ffe2308d5b8 [ 713.953667][T16282] [ 714.822509][T16293] FAULT_INJECTION: forcing a failure. [ 714.822509][T16293] name failslab, interval 1, probability 0, space 0, times 0 [ 714.924927][T16293] CPU: 1 UID: 0 PID: 16293 Comm: syz.0.2334 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 714.924997][T16293] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 714.925017][T16293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 714.925037][T16293] Call Trace: [ 714.925048][T16293] [ 714.925060][T16293] dump_stack_lvl+0x16c/0x1f0 [ 714.925103][T16293] should_fail_ex+0x512/0x640 [ 714.925151][T16293] ? __kmalloc_cache_noprof+0x5f/0x780 [ 714.925185][T16293] should_failslab+0xc2/0x120 [ 714.925228][T16293] __kmalloc_cache_noprof+0x72/0x780 [ 714.925256][T16293] ? bpf_lsm_msg_msg_alloc_security+0x9/0x10 [ 714.925303][T16293] ? security_msg_msg_alloc+0x9c/0x230 [ 714.925342][T16293] ? do_mq_timedsend+0x89b/0xc40 [ 714.925393][T16293] ? do_mq_timedsend+0x89b/0xc40 [ 714.925437][T16293] do_mq_timedsend+0x89b/0xc40 [ 714.925482][T16293] ? __pfx_do_mq_timedsend+0x10/0x10 [ 714.925527][T16293] ? do_futex+0x122/0x350 [ 714.925585][T16293] ? __x64_sys_futex+0x1e0/0x4c0 [ 714.925631][T16293] __x64_sys_mq_timedsend+0x1cd/0x260 [ 714.925678][T16293] ? __pfx___x64_sys_mq_timedsend+0x10/0x10 [ 714.925738][T16293] do_syscall_64+0xcd/0xfa0 [ 714.925792][T16293] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 714.925824][T16293] RIP: 0033:0x7fe41578f6c9 [ 714.925849][T16293] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 714.925880][T16293] RSP: 002b:00007fe41664d038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f2 [ 714.925910][T16293] RAX: ffffffffffffffda RBX: 00007fe4159e6090 RCX: 00007fe41578f6c9 [ 714.925932][T16293] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000005 [ 714.925951][T16293] RBP: 00007fe415811f91 R08: 0000000000000000 R09: 0000000000000000 [ 714.925970][T16293] R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000000 [ 714.925989][T16293] R13: 00007fe4159e6128 R14: 00007fe4159e6090 R15: 00007ffe2308d5b8 [ 714.926033][T16293] [ 716.065159][T16318] FAULT_INJECTION: forcing a failure. [ 716.065159][T16318] name failslab, interval 1, probability 0, space 0, times 0 [ 716.084186][T16318] CPU: 1 UID: 0 PID: 16318 Comm: syz.1.2341 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 716.084237][T16318] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 716.084249][T16318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 716.084262][T16318] Call Trace: [ 716.084270][T16318] [ 716.084279][T16318] dump_stack_lvl+0x16c/0x1f0 [ 716.084313][T16318] should_fail_ex+0x512/0x640 [ 716.084348][T16318] ? kmem_cache_alloc_node_noprof+0x65/0x770 [ 716.084377][T16318] should_failslab+0xc2/0x120 [ 716.084410][T16318] kmem_cache_alloc_node_noprof+0x78/0x770 [ 716.084454][T16318] ? __alloc_skb+0x2b2/0x380 [ 716.084498][T16318] ? __alloc_skb+0x2b2/0x380 [ 716.084534][T16318] ? __pfx_netlink_insert+0x10/0x10 [ 716.084556][T16318] __alloc_skb+0x2b2/0x380 [ 716.084594][T16318] ? __pfx___alloc_skb+0x10/0x10 [ 716.084638][T16318] ? netlink_autobind.isra.0+0x158/0x370 [ 716.084670][T16318] netlink_alloc_large_skb+0x69/0x140 [ 716.084699][T16318] netlink_sendmsg+0x698/0xdd0 [ 716.084730][T16318] ? __pfx_netlink_sendmsg+0x10/0x10 [ 716.084760][T16318] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 716.084801][T16318] ____sys_sendmsg+0xa98/0xc70 [ 716.084833][T16318] ? copy_msghdr_from_user+0x10a/0x160 [ 716.084857][T16318] ? __pfx_____sys_sendmsg+0x10/0x10 [ 716.084903][T16318] ___sys_sendmsg+0x134/0x1d0 [ 716.084928][T16318] ? __pfx____sys_sendmsg+0x10/0x10 [ 716.084951][T16318] ? __lock_acquire+0x622/0x1c90 [ 716.085019][T16318] __sys_sendmsg+0x16d/0x220 [ 716.085044][T16318] ? __pfx___sys_sendmsg+0x10/0x10 [ 716.085088][T16318] do_syscall_64+0xcd/0xfa0 [ 716.085120][T16318] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 716.085144][T16318] RIP: 0033:0x7fcd16b8f6c9 [ 716.085161][T16318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 716.085188][T16318] RSP: 002b:00007fcd17957038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 716.085210][T16318] RAX: ffffffffffffffda RBX: 00007fcd16de5fa0 RCX: 00007fcd16b8f6c9 [ 716.085226][T16318] RDX: 0000000000040000 RSI: 0000200000000240 RDI: 0000000000000004 [ 716.085241][T16318] RBP: 00007fcd17957090 R08: 0000000000000000 R09: 0000000000000000 [ 716.085255][T16318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 716.085269][T16318] R13: 00007fcd16de6038 R14: 00007fcd16de5fa0 R15: 00007ffd76a81a98 [ 716.085300][T16318] [ 717.079200][T16331] netlink: 14 bytes leftover after parsing attributes in process `syz.3.2347'. [ 717.129957][T16333] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 717.598389][T13746] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 717.610523][T13746] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 717.618769][T13746] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 717.637296][T13746] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 717.647275][T13746] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 717.824030][ T9837] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 718.220564][ T9837] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 718.355036][ T9837] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 718.504110][ T9837] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 719.183253][T16341] chnl_net:caif_netlink_parms(): no params data found [ 719.711533][T13746] Bluetooth: hci1: command tx timeout [ 720.481013][ T9837] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 720.510281][ T9837] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 720.535167][ T9837] bond0 (unregistering): Released all slaves [ 720.932863][T16341] bridge0: port 1(bridge_slave_0) entered blocking state [ 720.940343][T16341] bridge0: port 1(bridge_slave_0) entered disabled state [ 720.949409][T16341] bridge_slave_0: entered allmulticast mode [ 720.957981][T16341] bridge_slave_0: entered promiscuous mode [ 720.998326][T16341] bridge0: port 2(bridge_slave_1) entered blocking state [ 721.005549][T16341] bridge0: port 2(bridge_slave_1) entered disabled state [ 721.030158][T16341] bridge_slave_1: entered allmulticast mode [ 721.038826][T16341] bridge_slave_1: entered promiscuous mode [ 721.262258][T16341] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 721.340995][ T9837] hsr_slave_0: left promiscuous mode [ 721.368037][ T9837] hsr_slave_1: left promiscuous mode [ 721.379030][ T9837] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 721.407554][ T9837] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 721.436343][ T9837] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 721.444136][ T9837] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 721.514917][ T9837] veth1_vlan: left promiscuous mode [ 721.527316][ T9837] veth0_vlan: left promiscuous mode [ 721.790181][T13746] Bluetooth: hci1: command tx timeout [ 722.713886][T16341] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 722.839956][T16341] team0: Port device team_slave_0 added [ 722.865820][T16341] team0: Port device team_slave_1 added [ 722.920936][T16341] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 722.928753][T16341] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 722.984257][T16341] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 723.000120][T16341] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 723.008772][T16341] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 723.034838][T16341] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 723.154816][T16341] hsr_slave_0: entered promiscuous mode [ 723.161642][T16341] hsr_slave_1: entered promiscuous mode [ 723.170023][T16341] debugfs: 'hsr0' already exists in 'hsr' [ 723.175802][T16341] Cannot create hsr debugfs directory [ 723.869450][T13746] Bluetooth: hci1: command tx timeout [ 724.887240][T16341] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 724.940861][T16341] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 725.015024][T16341] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 725.079727][T16341] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 725.551411][T16497] netlink: 266 bytes leftover after parsing attributes in process `syz.0.2373'. [ 725.576867][T16497] IPv6: NLM_F_CREATE should be specified when creating new route [ 725.653414][T16341] 8021q: adding VLAN 0 to HW filter on device bond0 [ 725.789537][T16341] 8021q: adding VLAN 0 to HW filter on device team0 [ 725.826055][ T6100] bridge0: port 1(bridge_slave_0) entered blocking state [ 725.833330][ T6100] bridge0: port 1(bridge_slave_0) entered forwarding state [ 725.865272][ T6106] bridge0: port 2(bridge_slave_1) entered blocking state [ 725.872592][ T6106] bridge0: port 2(bridge_slave_1) entered forwarding state [ 725.948641][T13746] Bluetooth: hci1: command tx timeout [ 726.941575][T16341] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 727.141644][T16341] veth0_vlan: entered promiscuous mode [ 727.186270][T16341] veth1_vlan: entered promiscuous mode [ 727.279634][T16341] veth0_macvtap: entered promiscuous mode [ 727.306563][T16341] veth1_macvtap: entered promiscuous mode [ 727.400427][T16341] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 727.446359][T16341] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 727.532395][ T6124] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 727.562567][ T6124] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 727.592403][ T6124] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 727.604206][ T6124] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 727.702274][ T9837] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 727.726580][ T9837] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 727.771762][ T6106] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 727.780907][ T6106] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 727.977017][T16572] netlink: 266 bytes leftover after parsing attributes in process `syz.2.2393'. [ 727.991124][T16572] IPv6: NLM_F_CREATE should be specified when creating new route [ 728.268636][T16580] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2388'. [ 731.217091][T16679] sp0: Synchronizing with TNC [ 731.714783][T16699] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2421'. [ 731.729238][T16699] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2421'. [ 731.767914][T16703] FAULT_INJECTION: forcing a failure. [ 731.767914][T16703] name failslab, interval 1, probability 0, space 0, times 0 [ 731.903419][T16703] CPU: 1 UID: 0 PID: 16703 Comm: syz.1.2422 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 731.903489][T16703] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 731.903507][T16703] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 731.903526][T16703] Call Trace: [ 731.903536][T16703] [ 731.903548][T16703] dump_stack_lvl+0x16c/0x1f0 [ 731.903596][T16703] should_fail_ex+0x512/0x640 [ 731.903647][T16703] ? __kmalloc_cache_noprof+0x5f/0x780 [ 731.903683][T16703] should_failslab+0xc2/0x120 [ 731.903730][T16703] __kmalloc_cache_noprof+0x72/0x780 [ 731.903764][T16703] ? vhost_net_open+0xb9/0x8a0 [ 731.903825][T16703] ? vhost_net_open+0xb9/0x8a0 [ 731.903875][T16703] vhost_net_open+0xb9/0x8a0 [ 731.903924][T16703] ? __pfx_vhost_net_open+0x10/0x10 [ 731.903976][T16703] misc_open+0x26d/0x450 [ 731.904029][T16703] ? __pfx_misc_open+0x10/0x10 [ 731.904077][T16703] chrdev_open+0x234/0x6a0 [ 731.904117][T16703] ? __pfx_apparmor_file_open+0x10/0x10 [ 731.904168][T16703] ? __pfx_chrdev_open+0x10/0x10 [ 731.904210][T16703] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 731.904257][T16703] do_dentry_open+0x982/0x1530 [ 731.904298][T16703] ? __pfx_chrdev_open+0x10/0x10 [ 731.904359][T16703] vfs_open+0x82/0x3f0 [ 731.904414][T16703] path_openat+0x1de4/0x2cb0 [ 731.904464][T16703] ? __pfx_path_openat+0x10/0x10 [ 731.904503][T16703] ? __lock_acquire+0xb8a/0x1c90 [ 731.904554][T16703] do_filp_open+0x20b/0x470 [ 731.904589][T16703] ? __pfx_do_filp_open+0x10/0x10 [ 731.904662][T16703] ? alloc_fd+0x471/0x7d0 [ 731.904708][T16703] do_sys_openat2+0x11b/0x1d0 [ 731.904759][T16703] ? __pfx_do_sys_openat2+0x10/0x10 [ 731.904826][T16703] __x64_sys_openat+0x174/0x210 [ 731.904875][T16703] ? __pfx___x64_sys_openat+0x10/0x10 [ 731.904943][T16703] do_syscall_64+0xcd/0xfa0 [ 731.904986][T16703] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 731.905015][T16703] RIP: 0033:0x7fe62b78f6c9 [ 731.905041][T16703] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 731.905074][T16703] RSP: 002b:00007fe62c655038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 731.905105][T16703] RAX: ffffffffffffffda RBX: 00007fe62b9e5fa0 RCX: 00007fe62b78f6c9 [ 731.905127][T16703] RDX: 000000000000a000 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 731.905149][T16703] RBP: 00007fe62b811f91 R08: 0000000000000000 R09: 0000000000000000 [ 731.905169][T16703] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 731.905188][T16703] R13: 00007fe62b9e6038 R14: 00007fe62b9e5fa0 R15: 00007ffdec9373d8 [ 731.905235][T16703] [ 734.151548][T13745] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 734.162636][T13745] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 734.172830][T13745] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 734.182378][T13745] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 734.192451][T13745] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 735.105430][ T9837] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 735.392327][ T9837] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 735.573062][ T9837] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 735.744084][ T9837] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 735.952185][T16762] chnl_net:caif_netlink_parms(): no params data found [ 736.268015][T13745] Bluetooth: hci2: command tx timeout [ 736.310488][ T9837] netdevsim netdevsim15 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 736.675205][T16762] bridge0: port 1(bridge_slave_0) entered blocking state [ 736.689664][T16762] bridge0: port 1(bridge_slave_0) entered disabled state [ 736.716036][T16762] bridge_slave_0: entered allmulticast mode [ 736.730837][T16762] bridge_slave_0: entered promiscuous mode [ 736.791623][T16762] bridge0: port 2(bridge_slave_1) entered blocking state [ 736.809476][T16762] bridge0: port 2(bridge_slave_1) entered disabled state [ 736.820806][T16762] bridge_slave_1: entered allmulticast mode [ 736.837431][T16762] bridge_slave_1: entered promiscuous mode [ 736.852827][ T9837] bridge_slave_1: left allmulticast mode [ 736.861001][ T9837] bridge_slave_1: left promiscuous mode [ 736.871373][ T9837] bridge0: port 2(bridge_slave_1) entered disabled state [ 736.892050][ T9837] bridge_slave_0: left allmulticast mode [ 736.905153][ T9837] bridge_slave_0: left promiscuous mode [ 736.920331][ T9837] bridge0: port 1(bridge_slave_0) entered disabled state [ 738.354214][T13745] Bluetooth: hci2: command tx timeout [ 738.654396][ T9837] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 738.673959][ T9837] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 738.685090][ T9837] bond0 (unregistering): Released all slaves [ 738.881382][ T9837] .^: left promiscuous mode [ 738.942511][T16762] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 738.959928][T16762] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 738.969167][ T9837] : left promiscuous mode [ 739.058833][T16762] team0: Port device team_slave_0 added [ 739.094138][T16762] team0: Port device team_slave_1 added [ 739.208354][T16762] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 739.226537][T16762] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 739.267675][T16762] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 739.299347][T16762] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 739.328229][T16762] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 739.426869][T16762] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 739.971976][T16762] hsr_slave_0: entered promiscuous mode [ 740.008072][T16762] hsr_slave_1: entered promiscuous mode [ 740.046567][T16762] debugfs: 'hsr0' already exists in 'hsr' [ 740.057085][T16762] Cannot create hsr debugfs directory [ 740.068475][T16883] FAULT_INJECTION: forcing a failure. [ 740.068475][T16883] name failslab, interval 1, probability 0, space 0, times 0 [ 740.144764][T16883] CPU: 0 UID: 0 PID: 16883 Comm: syz.1.2455 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 740.144845][T16883] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 740.144865][T16883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 740.144886][T16883] Call Trace: [ 740.144897][T16883] [ 740.144919][T16883] dump_stack_lvl+0x16c/0x1f0 [ 740.144970][T16883] should_fail_ex+0x512/0x640 [ 740.145024][T16883] ? __kmalloc_cache_noprof+0x5f/0x780 [ 740.145064][T16883] should_failslab+0xc2/0x120 [ 740.145113][T16883] __kmalloc_cache_noprof+0x72/0x780 [ 740.145148][T16883] ? vhost_net_open+0xb9/0x8a0 [ 740.145208][T16883] ? vhost_net_open+0xb9/0x8a0 [ 740.145262][T16883] vhost_net_open+0xb9/0x8a0 [ 740.145316][T16883] ? __pfx_vhost_net_open+0x10/0x10 [ 740.145372][T16883] misc_open+0x26d/0x450 [ 740.145427][T16883] ? __pfx_misc_open+0x10/0x10 [ 740.145479][T16883] chrdev_open+0x234/0x6a0 [ 740.145523][T16883] ? __pfx_apparmor_file_open+0x10/0x10 [ 740.145578][T16883] ? __pfx_chrdev_open+0x10/0x10 [ 740.145623][T16883] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 740.145672][T16883] do_dentry_open+0x982/0x1530 [ 740.145714][T16883] ? __pfx_chrdev_open+0x10/0x10 [ 740.145773][T16883] vfs_open+0x82/0x3f0 [ 740.145831][T16883] path_openat+0x1de4/0x2cb0 [ 740.145886][T16883] ? __pfx_path_openat+0x10/0x10 [ 740.145938][T16883] ? __lock_acquire+0xb8a/0x1c90 [ 740.145996][T16883] do_filp_open+0x20b/0x470 [ 740.146038][T16883] ? __pfx_do_filp_open+0x10/0x10 [ 740.146107][T16883] ? alloc_fd+0x471/0x7d0 [ 740.146153][T16883] do_sys_openat2+0x11b/0x1d0 [ 740.146205][T16883] ? __pfx_do_sys_openat2+0x10/0x10 [ 740.146272][T16883] __x64_sys_openat+0x174/0x210 [ 740.146325][T16883] ? __pfx___x64_sys_openat+0x10/0x10 [ 740.146396][T16883] do_syscall_64+0xcd/0xfa0 [ 740.146445][T16883] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 740.146482][T16883] RIP: 0033:0x7fe62b78f6c9 [ 740.146508][T16883] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 740.146542][T16883] RSP: 002b:00007fe62c655038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 740.146579][T16883] RAX: ffffffffffffffda RBX: 00007fe62b9e5fa0 RCX: 00007fe62b78f6c9 [ 740.146602][T16883] RDX: 000000000000a000 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 740.146623][T16883] RBP: 00007fe62b811f91 R08: 0000000000000000 R09: 0000000000000000 [ 740.146643][T16883] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 740.146663][T16883] R13: 00007fe62b9e6038 R14: 00007fe62b9e5fa0 R15: 00007ffdec9373d8 [ 740.146707][T16883] [ 740.487528][T13745] Bluetooth: hci2: command tx timeout [ 741.062852][ T9837] hsr_slave_0: left promiscuous mode [ 741.103906][ T9837] hsr_slave_1: left promiscuous mode [ 741.120645][ T9837] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 741.136952][ T9837] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 741.157938][ T9837] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 741.168598][ T9837] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 741.267851][ T9837] veth1_macvtap: left promiscuous mode [ 741.273512][ T9837] veth0_macvtap: left promiscuous mode [ 742.506895][T13745] Bluetooth: hci2: command tx timeout [ 743.529478][ T9837] team0 (unregistering): Port device team_slave_1 removed [ 746.200365][T16966] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2474'. [ 747.476146][T16762] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 747.528625][T16762] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 747.596207][T16762] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 747.756354][T16762] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 748.543256][T16762] 8021q: adding VLAN 0 to HW filter on device bond0 [ 748.644581][T16762] 8021q: adding VLAN 0 to HW filter on device team0 [ 748.677950][T16813] bridge0: port 1(bridge_slave_0) entered blocking state [ 748.685216][T16813] bridge0: port 1(bridge_slave_0) entered forwarding state [ 748.753744][T16813] bridge0: port 2(bridge_slave_1) entered blocking state [ 748.760996][T16813] bridge0: port 2(bridge_slave_1) entered forwarding state [ 749.741406][T16762] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 749.877251][T16762] veth0_vlan: entered promiscuous mode [ 749.919573][T16762] veth1_vlan: entered promiscuous mode [ 750.062519][T16762] veth0_macvtap: entered promiscuous mode [ 750.130405][T16762] veth1_macvtap: entered promiscuous mode [ 750.234310][T16762] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 750.303407][T16762] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 750.361601][T16813] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 750.399088][T16813] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 750.440144][T16813] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 750.469698][T16813] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 750.911232][T16813] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 750.939464][T16813] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 751.123662][ T9837] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 751.160993][ T9837] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 752.523681][T17080] vhci_hcd: invalid port number 10 [ 752.533162][T17080] vhci_hcd: invalid port number 10 [ 753.086177][T17091] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2491'. [ 755.500348][T17130] FAULT_INJECTION: forcing a failure. [ 755.500348][T17130] name fail_futex, interval 1, probability 0, space 0, times 0 [ 755.602583][T17130] CPU: 0 UID: 0 PID: 17130 Comm: syz.1.2497 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 755.602661][T17130] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 755.602681][T17130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 755.602700][T17130] Call Trace: [ 755.602710][T17130] [ 755.602722][T17130] dump_stack_lvl+0x16c/0x1f0 [ 755.602771][T17130] should_fail_ex+0x512/0x640 [ 755.602823][T17130] ? kasan_save_stack+0x42/0x60 [ 755.602870][T17130] get_futex_key+0x1d0/0x1560 [ 755.602921][T17130] ? __pfx_get_futex_key+0x10/0x10 [ 755.602983][T17130] futex_wait_setup+0x9d/0x550 [ 755.603027][T17130] __futex_wait+0x193/0x2f0 [ 755.603060][T17130] ? __pfx___futex_wait+0x10/0x10 [ 755.603097][T17130] ? __pfx_futex_wake_mark+0x10/0x10 [ 755.603160][T17130] ? futex_hash+0x2c5/0x380 [ 755.603209][T17130] ? futex_private_hash_put+0xd5/0x190 [ 755.603257][T17130] futex_wait+0xe8/0x380 [ 755.603286][T17130] ? __pfx_futex_wait+0x10/0x10 [ 755.603333][T17130] ? do_vfs_ioctl+0x128/0x14f0 [ 755.603391][T17130] do_futex+0x229/0x350 [ 755.603451][T17130] ? __pfx_do_futex+0x10/0x10 [ 755.603501][T17130] ? find_held_lock+0x2b/0x80 [ 755.603542][T17130] __x64_sys_futex+0x1e0/0x4c0 [ 755.603593][T17130] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 755.603649][T17130] ? __pfx___x64_sys_futex+0x10/0x10 [ 755.603700][T17130] ? pipe_ioctl+0x7a/0x2b0 [ 755.603738][T17130] ? fput+0x9b/0xd0 [ 755.603791][T17130] do_syscall_64+0xcd/0xfa0 [ 755.603838][T17130] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 755.603874][T17130] RIP: 0033:0x7fe62b78f6c9 [ 755.603901][T17130] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 755.603935][T17130] RSP: 002b:00007fe62c6550e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 755.603969][T17130] RAX: ffffffffffffffda RBX: 00007fe62b9e5fa8 RCX: 00007fe62b78f6c9 [ 755.603991][T17130] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fe62b9e5fa8 [ 755.604012][T17130] RBP: 00007fe62b9e5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 755.604034][T17130] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 755.604055][T17130] R13: 00007fe62b9e6038 R14: 00007ffdec9372f0 R15: 00007ffdec9373d8 [ 755.604102][T17130] [ 756.992040][T17168] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2505'. [ 757.506598][T17185] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 757.561624][T17184] netlink: 268 bytes leftover after parsing attributes in process `syz.0.2508'. [ 757.664885][T17184] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.0.2508: iget: checksum invalid [ 757.712514][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 757.718981][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 757.746978][T17184] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 757.777304][T17184] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.0.2508: iget: checksum invalid [ 757.824999][T17184] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 757.859983][T17197] blktrace: Concurrent blktraces are not allowed on nullb0 [ 757.888032][T17184] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.0.2508: iget: checksum invalid [ 757.934005][T17184] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 757.975755][T17184] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.0.2508: iget: checksum invalid [ 758.015866][T17184] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 758.030395][T17184] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 758.043430][T17184] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 758.703343][T17217] bridge0: port 4(veth0_to_bridge) entered blocking state [ 758.737161][T17217] bridge0: port 4(veth0_to_bridge) entered disabled state [ 758.737813][T17218] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2518'. [ 758.744581][T17217] veth0_to_bridge: entered allmulticast mode [ 758.769841][T17217] veth0_to_bridge: entered promiscuous mode [ 758.776189][T17217] bridge0: adding interface veth0_to_bridge with same address as a received packet (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 758.791547][T17217] bridge0: port 4(veth0_to_bridge) entered blocking state [ 758.798904][T17217] bridge0: port 4(veth0_to_bridge) entered forwarding state [ 758.934942][T17218] team0: Port device team_slave_0 removed [ 761.778206][T17234] FAULT_INJECTION: forcing a failure. [ 761.778206][T17234] name failslab, interval 1, probability 0, space 0, times 0 [ 761.947060][T17234] CPU: 1 UID: 0 PID: 17234 Comm: syz.3.2523 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 761.947149][T17234] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 761.947177][T17234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 761.947197][T17234] Call Trace: [ 761.947207][T17234] [ 761.947219][T17234] dump_stack_lvl+0x16c/0x1f0 [ 761.947266][T17234] should_fail_ex+0x512/0x640 [ 761.947316][T17234] ? __kmalloc_cache_noprof+0x5f/0x780 [ 761.947353][T17234] should_failslab+0xc2/0x120 [ 761.947398][T17234] __kmalloc_cache_noprof+0x72/0x780 [ 761.947429][T17234] ? vhost_net_open+0x2d/0x8a0 [ 761.947478][T17234] ? vhost_net_open+0x73/0x8a0 [ 761.947532][T17234] ? __pfx_vhost_net_open+0x10/0x10 [ 761.947583][T17234] ? vhost_net_open+0x73/0x8a0 [ 761.947632][T17234] vhost_net_open+0x73/0x8a0 [ 761.947682][T17234] ? __pfx_vhost_net_open+0x10/0x10 [ 761.947735][T17234] misc_open+0x26d/0x450 [ 761.947805][T17234] ? __pfx_misc_open+0x10/0x10 [ 761.947856][T17234] chrdev_open+0x234/0x6a0 [ 761.947894][T17234] ? __pfx_apparmor_file_open+0x10/0x10 [ 761.947944][T17234] ? __pfx_chrdev_open+0x10/0x10 [ 761.947990][T17234] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 761.948036][T17234] do_dentry_open+0x982/0x1530 [ 761.948077][T17234] ? __pfx_chrdev_open+0x10/0x10 [ 761.948127][T17234] vfs_open+0x82/0x3f0 [ 761.948278][T17234] path_openat+0x1de4/0x2cb0 [ 761.948335][T17234] ? __pfx_path_openat+0x10/0x10 [ 761.948376][T17234] ? __lock_acquire+0xb8a/0x1c90 [ 761.948428][T17234] do_filp_open+0x20b/0x470 [ 761.948467][T17234] ? __pfx_do_filp_open+0x10/0x10 [ 761.948536][T17234] ? alloc_fd+0x471/0x7d0 [ 761.948582][T17234] do_sys_openat2+0x11b/0x1d0 [ 761.948631][T17234] ? __pfx_do_sys_openat2+0x10/0x10 [ 761.948699][T17234] __x64_sys_openat+0x174/0x210 [ 761.948750][T17234] ? __pfx___x64_sys_openat+0x10/0x10 [ 761.948817][T17234] do_syscall_64+0xcd/0xfa0 [ 761.948862][T17234] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 761.948896][T17234] RIP: 0033:0x7f8bc1d8f6c9 [ 761.948923][T17234] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 761.948958][T17234] RSP: 002b:00007f8bc2c6a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 761.948989][T17234] RAX: ffffffffffffffda RBX: 00007f8bc1fe5fa0 RCX: 00007f8bc1d8f6c9 [ 761.949012][T17234] RDX: 0000000000181080 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 761.949035][T17234] RBP: 00007f8bc1e11f91 R08: 0000000000000000 R09: 0000000000000000 [ 761.949056][T17234] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 761.949076][T17234] R13: 00007f8bc1fe6038 R14: 00007f8bc1fe5fa0 R15: 00007ffcb8122cb8 [ 761.949123][T17234] [ 762.227200][ C1] vkms_vblank_simulate: vblank timer overrun [ 773.316754][ C0] sched: DL replenish lagged too much [ 845.675459][T13746] Bluetooth: hci1: command 0x0406 tx timeout [ 860.819434][ T7858] Bluetooth: hci2: command 0x0406 tx timeout [ 877.526697][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 877.533701][ C0] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P17232/1:b..l P17234/1:b..l [ 877.543456][ C0] rcu: (detected by 0, t=10502 jiffies, g=92985, q=1247 ncpus=2) [ 877.551277][ C0] task:syz.3.2523 state:R running task stack:27016 pid:17234 tgid:17233 ppid:16762 task_flags:0x40054c flags:0x00080002 [ 877.566446][ C0] Call Trace: [ 877.569775][ C0] [ 877.572724][ C0] __schedule+0x1190/0x5de0 [ 877.577270][ C0] ? __pfx___schedule+0x10/0x10 [ 877.582141][ C0] ? lock_acquire+0x179/0x350 [ 877.586855][ C0] ? const_folio_flags+0x5b/0x100 [ 877.591929][ C0] ? preempt_schedule_thunk+0x16/0x30 [ 877.597358][ C0] preempt_schedule_common+0x44/0xc0 [ 877.602703][ C0] preempt_schedule_thunk+0x16/0x30 [ 877.608045][ C0] _raw_spin_unlock+0x3e/0x50 [ 877.612745][ C0] unmap_page_range+0xf71/0x41b0 [ 877.617733][ C0] ? __pfx_unmap_page_range+0x10/0x10 [ 877.623132][ C0] ? mas_next_slot+0x12d3/0x1cb0 [ 877.628100][ C0] ? uprobe_munmap+0x20/0x600 [ 877.632888][ C0] unmap_single_vma.constprop.0+0x153/0x240 [ 877.638834][ C0] unmap_vmas+0x218/0x470 [ 877.643187][ C0] ? __pfx_unmap_vmas+0x10/0x10 [ 877.648082][ C0] exit_mmap+0x1b2/0xb90 [ 877.652395][ C0] ? __pfx_exit_mmap+0x10/0x10 [ 877.657189][ C0] ? rcu_is_watching+0x12/0xc0 [ 877.661967][ C0] ? kasan_quarantine_put+0x10a/0x240 [ 877.667377][ C0] __mmput+0x12a/0x410 [ 877.671470][ C0] mmput+0x62/0x70 [ 877.675225][ C0] do_exit+0x7c7/0x2bf0 [ 877.679422][ C0] ? __pfx_do_exit+0x10/0x10 [ 877.684037][ C0] ? do_raw_spin_lock+0x12c/0x2b0 [ 877.689090][ C0] ? find_held_lock+0x2b/0x80 [ 877.693815][ C0] do_group_exit+0xd3/0x2a0 [ 877.698372][ C0] get_signal+0x2671/0x26d0 [ 877.702972][ C0] ? __sched_setaffinity+0x173/0x280 [ 877.708302][ C0] ? rcu_is_watching+0x12/0xc0 [ 877.713096][ C0] ? __pfx_get_signal+0x10/0x10 [ 877.717980][ C0] ? do_futex+0x122/0x350 [ 877.722343][ C0] ? __pfx_do_futex+0x10/0x10 [ 877.727144][ C0] arch_do_signal_or_restart+0x8f/0x790 [ 877.732756][ C0] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 877.738941][ C0] ? xfd_validate_state+0x61/0x180 [ 877.744084][ C0] exit_to_user_mode_loop+0x85/0x130 [ 877.749404][ C0] do_syscall_64+0x426/0xfa0 [ 877.754029][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 877.759966][ C0] RIP: 0033:0x7f8bc1d8f6c9 [ 877.764434][ C0] RSP: 002b:00007f8bc2c6a0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 877.772859][ C0] RAX: 0000000000000000 RBX: 00007f8bc1fe5fa8 RCX: 00007f8bc1d8f6c9 [ 877.780874][ C0] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f8bc1fe5fa8 [ 877.788888][ C0] RBP: 00007f8bc1fe5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 877.796892][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 877.804903][ C0] R13: 00007f8bc1fe6038 R14: 00007ffcb8122bd0 R15: 00007ffcb8122cb8 [ 877.812913][ C0] [ 877.815948][ C0] task:syz-executor state:R running task stack:25912 pid:17232 tgid:17232 ppid:5818 task_flags:0x400000 flags:0x00080001 [ 877.829514][ C0] Call Trace: [ 877.832830][ C0] [ 877.835817][ C0] __schedule+0x1190/0x5de0 [ 877.840426][ C0] ? lock_acquire+0x179/0x350 [ 877.845154][ C0] ? find_held_lock+0x2b/0x80 [ 877.849915][ C0] ? finish_task_switch.isra.0+0x21c/0xc10 [ 877.855771][ C0] ? finish_task_switch.isra.0+0x221/0xc10 [ 877.861636][ C0] ? lockdep_hardirqs_on+0x7c/0x110 [ 877.866876][ C0] ? __pfx___schedule+0x10/0x10 [ 877.871747][ C0] ? __schedule+0x11a3/0x5de0 [ 877.876446][ C0] ? bpf_ksym_find+0xe0/0x1c0 [ 877.881153][ C0] preempt_schedule_irq+0x51/0x90 [ 877.886206][ C0] irqentry_exit+0x36/0x90 [ 877.890664][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 877.896680][ C0] RIP: 0010:lock_release+0x183/0x2f0 [ 877.902132][ C0] Code: 0f c1 05 38 24 09 12 83 f8 01 0f 85 1d 01 00 00 9c 58 f6 c4 02 0f 85 08 01 00 00 41 f7 c5 00 02 00 00 74 01 fb 48 8b 44 24 10 <65> 48 2b 05 4d e2 08 12 0f 85 58 01 00 00 48 83 c4 18 5b 41 5c 41 [ 877.921768][ C0] RSP: 0018:ffffc90003d37470 EFLAGS: 00000206 [ 877.927866][ C0] RAX: 09e713b2bb022800 RBX: ffffffff8e3c45e0 RCX: ffffc90003d3747c [ 877.935856][ C0] RDX: 0000000000000000 RSI: ffffffff8da033a0 RDI: ffffffff8bf075c0 [ 877.943855][ C0] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 [ 877.951836][ C0] R10: 0000000000000000 R11: 0000000000006280 R12: ffffffff816bb704 [ 877.959825][ C0] R13: 0000000000000206 R14: ffff88805b3edac0 R15: 0000000000000001 [ 877.967829][ C0] ? unwind_next_frame+0x3f4/0x20a0 [ 877.973074][ C0] unwind_next_frame+0x3f9/0x20a0 [ 877.978123][ C0] ? arch_stack_walk+0x73/0x100 [ 877.982999][ C0] __unwind_start+0x45f/0x7f0 [ 877.987709][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 877.993898][ C0] arch_stack_walk+0x73/0x100 [ 877.998627][ C0] ? stack_trace_save+0x8e/0xc0 [ 878.003537][ C0] stack_trace_save+0x8e/0xc0 [ 878.008246][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 878.013657][ C0] ? __lock_acquire+0x622/0x1c90 [ 878.018633][ C0] save_stack+0x160/0x1f0 [ 878.023015][ C0] ? __pfx_save_stack+0x10/0x10 [ 878.027895][ C0] ? __lock_acquire+0x622/0x1c90 [ 878.032863][ C0] __set_page_owner+0x91/0x560 [ 878.037756][ C0] ? __pfx___set_page_owner+0x10/0x10 [ 878.043197][ C0] ? rcu_is_watching+0x12/0xc0 [ 878.047980][ C0] ? bad_range+0x261/0x4c0 [ 878.052449][ C0] ? lockdep_hardirqs_on+0x7c/0x110 [ 878.057702][ C0] post_alloc_hook+0x1c0/0x230 [ 878.062621][ C0] get_page_from_freelist+0x10a3/0x3a30 [ 878.068206][ C0] ? prepare_alloc_pages+0x3c2/0x610 [ 878.073520][ C0] ? rcu_is_watching+0x12/0xc0 [ 878.078349][ C0] __alloc_frozen_pages_noprof+0x25f/0x2470 [ 878.084293][ C0] ? __pfx_vmap_small_pages_range_noflush+0x10/0x10 [ 878.090920][ C0] ? alloc_pages_bulk_noprof+0xa67/0x1410 [ 878.096673][ C0] ? __vmap_pages_range_noflush+0x1d0/0x230 [ 878.102609][ C0] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 878.108957][ C0] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 878.114955][ C0] ? __vmalloc_node_range_noprof+0xf53/0x1480 [ 878.121085][ C0] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 878.127020][ C0] ? policy_nodemask+0xea/0x4e0 [ 878.131901][ C0] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 878.137882][ C0] ? policy_nodemask+0xea/0x4e0 [ 878.142780][ C0] alloc_pages_mpol+0x1fb/0x550 [ 878.147677][ C0] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 878.153077][ C0] ? __pfx_alloc_pages_bulk_mempolicy_noprof+0x10/0x10 [ 878.159969][ C0] ? kcov_ioctl+0x4c/0x730 [ 878.164434][ C0] alloc_pages_noprof+0x131/0x390 [ 878.169530][ C0] __vmalloc_node_range_noprof+0x6f8/0x1480 [ 878.175496][ C0] ? kcov_ioctl+0x4c/0x730 [ 878.179948][ C0] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 878.186308][ C0] ? hook_file_ioctl_common+0x145/0x410 [ 878.191956][ C0] ? kcov_ioctl+0x4c/0x730 [ 878.196387][ C0] vmalloc_user_noprof+0x9e/0xe0 [ 878.201353][ C0] ? kcov_ioctl+0x4c/0x730 [ 878.205790][ C0] kcov_ioctl+0x4c/0x730 [ 878.210054][ C0] ? __pfx_kcov_ioctl+0x10/0x10 [ 878.214939][ C0] __x64_sys_ioctl+0x18e/0x210 [ 878.219748][ C0] do_syscall_64+0xcd/0xfa0 [ 878.224274][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 878.230185][ C0] RIP: 0033:0x7f377218f2cb [ 878.234613][ C0] RSP: 002b:00007fffd2918ed0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 878.243079][ C0] RAX: ffffffffffffffda RBX: 0000000000080000 RCX: 00007f377218f2cb [ 878.251061][ C0] RDX: 0000000000080000 RSI: ffffffff80086301 RDI: 00000000000000dd [ 878.259077][ C0] RBP: 00007f37723e64e8 R08: 00000000000000da R09: 0000000000000000 [ 878.267073][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 878.275053][ C0] R13: 0000000000000003 R14: 00007fffd2919218 R15: 0000000000000000 [ 878.283053][ C0] [ 878.286081][ C0] rcu: rcu_preempt kthread starved for 10571 jiffies! g92985 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 878.297289][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 878.307550][ C0] rcu: RCU grace-period kthread stack dump: [ 878.313452][ C0] task:rcu_preempt state:R running task stack:28136 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00080000 [ 878.327080][ C0] Call Trace: [ 878.330367][ C0] [ 878.333312][ C0] __schedule+0x1190/0x5de0 [ 878.337864][ C0] ? __lock_acquire+0x622/0x1c90 [ 878.342879][ C0] ? __pfx___schedule+0x10/0x10 [ 878.347773][ C0] ? find_held_lock+0x2b/0x80 [ 878.352465][ C0] ? schedule+0x2d7/0x3a0 [ 878.356817][ C0] schedule+0xe7/0x3a0 [ 878.360952][ C0] schedule_timeout+0x123/0x290 [ 878.365915][ C0] ? __pfx_schedule_timeout+0x10/0x10 [ 878.371334][ C0] ? __pfx_process_timeout+0x10/0x10 [ 878.376674][ C0] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 878.382536][ C0] ? prepare_to_swait_event+0xf5/0x480 [ 878.388024][ C0] rcu_gp_fqs_loop+0x1ea/0xaf0 [ 878.392819][ C0] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 878.398129][ C0] ? lockdep_hardirqs_on+0x7c/0x110 [ 878.403350][ C0] ? __pfx_rcu_gp_init+0x10/0x10 [ 878.408310][ C0] ? rcu_gp_cleanup+0x7c1/0xd90 [ 878.413199][ C0] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 878.419046][ C0] rcu_gp_kthread+0x26d/0x380 [ 878.424185][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 878.429402][ C0] ? rcu_is_watching+0x12/0xc0 [ 878.434185][ C0] ? lockdep_hardirqs_on+0x7c/0x110 [ 878.439419][ C0] ? __kthread_parkme+0x19e/0x250 [ 878.444476][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 878.449727][ C0] kthread+0x3c5/0x780 [ 878.453830][ C0] ? __pfx_kthread+0x10/0x10 [ 878.458458][ C0] ? rcu_is_watching+0x12/0xc0 [ 878.463299][ C0] ? __pfx_kthread+0x10/0x10 [ 878.468065][ C0] ret_from_fork+0x675/0x7d0 [ 878.472709][ C0] ? __pfx_kthread+0x10/0x10 [ 878.477359][ C0] ret_from_fork_asm+0x1a/0x30 [ 878.482173][ C0] [ 878.485205][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 878.492080][ C0] Sending NMI from CPU 0 to CPUs 1: [ 878.497457][ C1] NMI backtrace for cpu 1 [ 878.497488][ C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 878.497543][ C1] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 878.497558][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 878.497573][ C1] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 878.497610][ C1] Code: 77 6f 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 23 94 2c 00 fb f4 3c 0a 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 878.497637][ C1] RSP: 0018:ffffc90000197de8 EFLAGS: 000002c6 [ 878.497657][ C1] RAX: 000000000054902f RBX: 0000000000000001 RCX: ffffffff8b5d92a9 [ 878.497674][ C1] RDX: 0000000000000000 RSI: ffffffff8da28d25 RDI: ffffffff8bf075c0 [ 878.497691][ C1] RBP: ffffed1003a51b58 R08: 0000000000000001 R09: ffffed10170a6655 [ 878.497720][ C1] R10: ffff8880b85332ab R11: 0000000000000001 R12: 0000000000000001 [ 878.497737][ C1] R13: ffff88801d28dac0 R14: ffffffff908248d0 R15: 0000000000000000 [ 878.497754][ C1] FS: 0000000000000000(0000) GS:ffff888124b0d000(0000) knlGS:0000000000000000 [ 878.497779][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 878.497796][ C1] CR2: 0000560d4a6cea38 CR3: 000000004b204000 CR4: 00000000003526f0 [ 878.497813][ C1] Call Trace: [ 878.497823][ C1] [ 878.497832][ C1] default_idle+0x13/0x20 [ 878.497868][ C1] default_idle_call+0x6c/0xb0 [ 878.497905][ C1] do_idle+0x38d/0x500 [ 878.497933][ C1] ? __pfx_do_idle+0x10/0x10 [ 878.497959][ C1] ? do_idle+0x13/0x500 [ 878.497985][ C1] cpu_startup_entry+0x4f/0x60 [ 878.498012][ C1] start_secondary+0x21d/0x2b0 [ 878.498047][ C1] ? __pfx_start_secondary+0x10/0x10 [ 878.498086][ C1] common_startup_64+0x13e/0x148 [ 878.498122][ C1]