last executing test programs: 3m13.212614549s ago: executing program 0 (id=1687): mmap$auto(0x100000000, 0x2000d, 0x1, 0xeb1, 0xffffffffffffffff, 0x100000000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty17\x00', 0x1, 0x0) semget$auto(0x0, 0x13c, 0x1ff) recvmmsg$auto(0xffffffffffffffff, &(0x7f00000001c0)={{0x0, 0x5, 0x0, 0x9, 0x0, 0x800000000005, 0x7ffffffd}, 0x8}, 0x3, 0x1, 0x0) semtimedop$auto(0x0, &(0x7f0000000140)={0x7, 0x81, 0x70}, 0x1f4, 0x0) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x0, 0x0) r2 = openat2$auto(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', &(0x7f0000000280)={0x982, 0x6, 0x4}, 0x7f) sendmsg$auto_IEEE802154_ADD_IFACE(r2, &(0x7f0000000440)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000003c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00012abd7000fece637c60a021360984cecd222f1aa9fcdbdf2521f3f4dafdaaa0bb4d0006000be909000000050028f2d3000000260010006aac000005001d0040a49c72"], 0x34}, 0x1, 0x0, 0x0, 0x40000}, 0x525a05df5b8ef67a) r3 = syz_genetlink_get_family_id$auto_ncsi(&(0x7f0000000180), r2) r4 = getpid() process_vm_readv$auto(r4, &(0x7f0000000080)={0x0, 0x10001}, 0x400040000000001, &(0x7f0000000180)={&(0x7f0000000140), 0x40000000001243}, 0xa, 0x200000000) sendmsg$auto_NCSI_CMD_SEND_CMD(r2, &(0x7f0000001600)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000015c0)={&(0x7f0000002240)=ANY=[@ANYBLOB="f00b0000", @ANYRES16=r3, @ANYBLOB="00022dbd7000fddbdf250400000049040280ee01f9800400f40004005f809152ed0bc658e5e2dc26b63bd1c464ff9250f5d81f470df322e0638e0d900cdc45c55f08c76f1eb84115c5cf1ac97a0a4420bbbbc43e98cc933265c65808ab2ee89b1f9831061314973d7f40cd913fd588920afda75cf9b615a351fb2df47768cdafd0891823a59d02e7314c5cc2fe201a07f0e62ed03193bfec853bddbd94c7ecd3d37d70d2846494f7b4c6328e9eb9175f0e6aa56f139c7c72a77d01db8b56a04758f971d3d7c7fe3687bacf8c5cb87149c96a110f1717563493fbc676f87f6e06a0f7c78965e733ae2ba11c0800e800ff000000040056809bc7cc18633ebb7405a69a75335625522f5edd9c57d062214bd7047126f0a4c0c2d6af67d765e6d2f7538336d5b57068cba50785655be8f9d4d391381db251378be9869a4b5fa8ed345bfd967245e4c6380904d6270524293252ee3d7f4674d8394a14a0a2fe3ae7f4f30131b457c20910f952fcdb04006d00b03e7e90dece3f94572d88354e9e657e5dc68391f9bfbe7efbc7e501634b5f8fc8b6e49f553a63257c3222ad72304cad6ba0403f58f5e30eb57240302c504e8995aef06b10249f25d680c666c3e35f578b98fe5b63414c53aa8ca88cd05ea04d72520e0450ca36192adb8b2b855760826708b0634b71d433663fec6cb086a06fc7d821ec8bc532e08d048cee51d22c4a00008d839b04032c1f677776804c34d4a502a008a3e53fd471ef51900be2f2eb8e6d71d7d83903661a9b80a28e3b7eba2854ee8f3840d04a33b629e94276f04c91c1cf6488a10ff11e9a5e1a779ed86d42078f3f7e26042eed36130d8c3612c4005c0abd37e24902a45040bba6e7ed4fdbe8f502879b89e5336df086e6ebb2ad37c5c6d78e932729489d39824f369211de6a968a9c28b5ab2ae0e49e726b4591903b55fc01013dbf8757407eaa2d4054e61f9fa41a8fa36eb01a54848198882b7abbf63bc962f6b7aeae4c7807f0cdd7831c871400bc00fc020000000000000000000000000000b300fb00c27af9e84690d71aed7c17150f9cab7adeae205966073a5caecbf58597c38c93b68c79891016547576c78b89e515a2d085cdb77ed0448a07af361c949ac83a39cc13667632426024331858d06ac7a5e5f5fea965c340a9cbbe31453a2121e70077e7b6ec1793e26573515f08246bf508840b71242918d494e9bdb75215e065b3221c81752ca92c4a95a142c777e30fb881dbe6e87e4bd1716f54f0b0d5b2369001757e66cf6982a1017f69514cea1300b4001600026c47db5c9783a00552bf620e858dfb1bc04eb805514cd1f724865552bf3315404f8c406145bded10f139819dc0cebfda3b7c970e8e55a09652b0f4d8d1aae4a2f2ba8540f904d72b57b5600050716762397945e8d951fc65b52cf05de1096c1ee9f8ab1717842dd3a179513fbf27ee4dd0bab06bf942ce769bd2c6bcf3e03ef9cc4d197c5eb5970cd455bb7a08b392a321e821d3b38bfc4ff078c9ce2e4fa2e9991a5c3b2a5862fe93e6f6e6be9df208003a00", @ANYRES32=r0, @ANYBLOB="00000008000800d87ba63b080003004d0b0000040006007a070500f928e09d7bd7fa2202977becacbfba05779299539e9087c29bdcfb7e759354020deebb22ec4bd883dbb7deea7425a87316ae9678267fecc436029b01e0ddc119fc3e4773eb5acadcfedf56a5cc5227743accf629c50812ae37af5cde21bcc23362ab755f2630ac53e3dfcc67731cb38a4be45a151fc54e296eab4b67d8e1816732a34c3255ee7541ff4e75615890783b19a98f05211738c03f34fa2113b6d768ccabd78c5ec2c0da118f0d282c44f4fb6133389f4ab50bb5c224255a6c7e9e3ae7314ea96ace9e25f2b3be2182b1eb0deff67feb536c5fe5f005b6a7a0b3b5582a69abc83c37a4d8038e829d60a991d7ffd9851edb138fdce06abb8867a2be56a5dbebd5e7ef3d7362ea7e6723b8ad49689b4363c54afdea8d7e7448499f38e48320398a4234fa61a3d20c09ba7d4baa283e7122deea61454d68879cdb549df69234ea91c57e5472579702e21a80a1537ec61e189b1fc21d7ffbbf5cf6962454217baa5d903e28f3a697a883b279e211f7ed6716fe84d6ff67f82602ff77a0e798d6692440fdebe9a433ae69b89b55aeba6241f29aef20ad6fcfc85fcbd4e9e59f159ce4a4cc77ccae8332290b4cde9437607273c950478e91905f51b234f42a18f6cd00da83811e1c385767bb91b1b792b79c154f4fc49dcf5876ffcb4e701d522917a0d253e3469bdc1c4900000000b8338e16bd44bcb04a28b79a71f4924e8f52ef66838f35ab5d569765b5b13860986c53cfe5a07018594b69ca399427013a1871f599564b7269f44edecaeaa1b84ed56c249d5968235b9e23c37bf71f0ab9a741176fb33b8c83afcbfb6efae66c56310915cddbd681b9dc72b8ec14a881f1fa9e193b9db73e0a2cba79616d28bda7bf0b31202c1a24711c2bfc85bf689d34e439409ad93bb4eadb1ecf761626375fbe5656e9760086eb85116f83b5d99d22a6bc0cce98cf77533b22f0d305a1e00f651dae93dc7bd3aacf3ff45d6df754f35d901ec6ac3014f505ac13dbfe184f3f37bb1c29482fcc86f419d8cfed35fee9e8a612574f9e3afe27e9ee3ae5f8ff22fe92165a0ed97e1ece3f5751e4df65eff481c7f2391c8f45f7d082b104e353ec2092e616bd9d83c663cb176deb7b25a216f8b903c461f93b3b771f9cee918043cc21fa9ea85c42326cb2dd3c846d0dcf1fe33fc61d2bff8f1cf63e38329e2d508b484106f1050a4f396b38449571995d111c345e6363388844bc7e7403199a52acdee14a4e661a8dbef77e25e57ad16a90dba607182afb1f891c7178f923130db86b4a501cd43de8571eed672cf02408586440be582c91b64f7212971886f75ac25cb9c3adedbccf226b5252f26d3f7fef415b748fa39cac970d1b07ac8b7ce6b026a95cfc1a1532d300345dd274259cf0602ada400278fd0d09c687b4c324cb9714be58e51cd8dd36619ad89e4090eae95e0589245f210cb05e9fa90318d39007ea4fc8ccbd9dae613027ea6c95940a7ed72efc660c622095bb42173939eb42f4400f5ad6184540d718946926f5b987fbffaf115bed18f27c946a77ae78ff5b5e72d2a64aac60aaed728ea3ede4d78de9f7559b11ec917623a885d4027d2a999b98298e2af8b9aeabf1380b5c3feeba52a1814a05e7a8ce3ee85d1b42a1dd9adb23381dbd76cb6688a238e76ce6f4098063ea755f1ef7abbfa23490a6544099a6f9530259faf5e3d0c07b2c8bf986aeb5028268ebe4d908e0413e964fd8b2d5ddb3d47b9b0e68de5096732bea7dc3b1b3466f7dff45721a9b1d5811a4e1874ec2be961d37a9d9d2ef50492bb75ab96504dafd326decc198ac8805a18e350c38e4de47ef2350d18f3501b50bb285023023d03fa66cf215ec6a34564affb95aca93f3677d4154b6aa9c1fbda430511f31eb6468825fbbe8a124a886ab881b7da7b71a1159bdeada0ce632d3e54e561468f4dd26640cc2d9f1587b7023928741d0f71fd00e58ae6f58d9eec0f2c07da2ccb093512d538bf1f4ea2311d4faeec03187739b1ff36129da3bf1c5999fafaeacb9be63fe3ae8765b827fe1711a0b134494c8a5f067642946e42ada782618ed9daac32eb165bc327e278c3ff030a593d85b93e3ccb751fe67c6d8bf647bcaa91c66b859db93c60a88686d07eb250e91d16a1f90c099d4835b71ba0bc03d950690a626fe5575633b90216163e1443d5213286194c0df5aa891ba17db5893fc758c282639bc7ec6ed7d27421dbdb73d01e9e149799ca2860748c06a69b41c74def7bbf31e42be43ccb4b8a5e64459f476eac90023c0677c94c6d785435e4ac8ab6891161f9b7e1d0be6bd44d17de9672aa470df2dee31ca60875388a25a90271c4b4fcf4ecc75651090ee9530d72cf969e4c1f0a3ab036bd131cc02b87bfbefa7472d8623ac7be17a1c56cf5b3c4818af0a0a2b910948e7492048f50d855efee2a12d8c63b7ddf9da4cef69ffdcf551b18936d45158aa1e6ade7060979b2f1e60e679dcdee9b45f203d4f23f30205596485409ed517525f2c922ba15574d1191711355495f0de907f42fea54bb1157d2eac8afa28574f6b460b519d8eeedacaec0815abc980a4b96289d3f9ae2a3145"], 0xbf0}, 0x1, 0x0, 0x0, 0x4010}, 0x811) ioctl$auto_SNDCTL_SEQ_GETINCOUNT(r1, 0x80045105, 0x0) r5 = socket(0x1e, 0x80000, 0x9) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptye9\x00', 0x101e81, 0x0) r6 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x2c402, 0x0) write$auto_dev_fops_plock(0xffffffffffffffff, &(0x7f0000000200)="ea579eafbef6a78ace20c66c3ed28a307811ba5a77e0d6f20eee070874ce267321ef2da8ccef77a2a57912658cfac38b23199ba898ef2c29ea039494e108e23fc3d3de801c6cdb8c585be1ec026d327ad05a0c7812805bb6d050f902f2e77e549ec276c282a2bb8c2847f2e7105018d493a4a1", 0x73) r7 = syz_genetlink_get_family_id$auto_gtp(&(0x7f00000004c0), r5) sendmsg$auto_GTP_CMD_GETPDP(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r7, @ANYBLOB="00002dbd7000fcdbdf250200"/22], 0x1c}, 0x1, 0x0, 0x0, 0x40000d0}, 0x4001) r8 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000980)='/dev/ttye9\x00', 0x102, 0x0) rseq$auto(&(0x7f0000000300)={0xe, 0x401, 0x0, 0x6, 0xffffffff, 0x2}, 0x8000, 0x0, 0x6) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0xf8f) prctl$auto(0x16, 0x21, 0x6, 0xfffffffffffffffe, 0x5) sendfile$auto(r8, r6, 0x0, 0x1fff5) close_range$auto(0x2, 0x8, 0x0) semctl$auto_GETNCNT(0x0, 0x4, 0xe, 0x4) r9 = io_uring_setup$auto(0x4bf15e08, 0x0) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000340), r9) recvfrom$auto(0x4, 0x0, 0x101d0, 0x3ffffd, 0x0, 0x0) unshare$auto(0x40000080) 3m12.213103938s ago: executing program 0 (id=1695): mmap$auto(0x7ffffffffffffffd, 0xb3b7, 0x4000000000e1, 0x2000000001a, 0x401, 0x7ffe) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) close_range$auto(0x0, 0xffffffffffffffff, 0x1) syz_open_procfs$namespace(0x0, &(0x7f0000000100)='ns/pid_for_children\x00') r0 = openat$auto_loop_ctl_fops_loop(0xffffffffffffff9c, &(0x7f0000000040), 0x40, 0x0) ioctl$auto_LOOP_CTL_ADD(r0, 0x4c80, 0xfffffffffffffffd) semctl$auto_SETALL(0x0, 0xc, 0x11, 0x81) unshare$auto(0x40000080) umount2$auto(0x0, 0x4) openat$auto_event_trigger_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/events/vmalloc/purge_vmap_area_lazy/trigger\x00', 0xc81, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x1a1302, 0x0) sendfile$auto(r1, r1, 0x0, 0x43) mmap$auto(0x0, 0x2020006, 0x1000000000000007, 0xeb1, 0x0, 0x1008000) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x400, 0x0) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) r2 = gettid() rt_sigqueueinfo$auto_SIGCONT(r2, 0x12, 0x0) writev$auto(0x3, 0x0, 0x8) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/001/001\x00', 0x29202, 0x0) r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card1/pcm1c/sub4/info\x00', 0x2200, 0x0) writev$auto(r4, &(0x7f0000000200)={0x0, 0x7ffffffff000}, 0xc) mmap$auto(0x2000, 0x80009, 0xb, 0x8000000008011, r3, 0x0) semctl$auto(0x201, 0xfffffffffffffffa, 0x3, 0x0) r5 = getpid() process_vm_readv$auto(r5, 0x0, 0x1, &(0x7f0000000280)={0x0, 0xffffffff}, 0x6, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dri/card0\x00', 0x121000, 0x0) openat$auto_proc_pid_smaps_operations_internal(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/smaps\x00', 0x42000, 0x0) mmap$auto(0x0, 0x2020009, 0x80000003, 0xeb1, 0xfffffffffffffffa, 0x8000) 3m11.509767799s ago: executing program 0 (id=1697): openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x0, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC1\x00', 0x42000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) mq_open$auto(&(0x7f0000000280)='\\*)A\x00', 0x7e, 0x9, 0x0) mq_open$auto(&(0x7f0000000280)='\\*)A\x00', 0x7e, 0x9, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_TCP_METRICS_CMD_GET(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0100f9020000fbdbdf250100000008000b00ac141420080001"], 0x24}, 0x1, 0x0, 0x0, 0x14}, 0x0) r0 = socket(0x11, 0xa, 0x9) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000400)='/dev/snd/controlC0\x00', 0x880, 0x0) openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cpuinfo\x00', 0x8800, 0x0) socket(0xa, 0x2, 0x0) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000001280)='/dev/sequencer2\x00', 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYRES32=0x0, @ANYRES8=r0, @ANYRES8=r1], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x2000c082) write$auto(r2, &(0x7f0000000000)='-\x00', 0xfdef) 3m11.249204363s ago: executing program 0 (id=1700): syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL802154_CMD_SET_CCA_MODE(r0, &(0x7f0000001f40)={0x0, 0x0, &(0x7f0000001f00)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0) mkdir$auto(&(0x7f00000000c0)='}[,&*}\x00', 0x7ffe) mount$auto(0x0, &(0x7f0000000540)='}[,&*}\x00', &(0x7f0000000040)='nfsd\x00', 0x3, 0x0) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) sysfs$auto(0x2, 0x10000000000002f, 0x0) r1 = fsopen$auto(0x0, 0x1) fsconfig$auto(r1, 0x8, 0x0, 0x0, 0x0) utime$auto(&(0x7f0000000000)='}[,&*}\x00', 0x0) mmap$auto(0x0, 0x400000020009, 0x6, 0x20014, 0x401, 0x7ffe) listmount$auto(&(0x7f0000000080)={0x1f, @raw=0x2ffe, 0x80000005, 0xfffffffffffffff7, 0x8}, 0x0, 0xf4240, 0x5) semctl$auto_SETALL(0x5, 0x6, 0x11, 0x7) 3m11.076254331s ago: executing program 0 (id=1703): socket(0x2, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) setsockopt$auto(0x3, 0x10000000084, 0x6, 0x0, 0x8) r0 = socket(0x10, 0x2, 0x0) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_WOL_SET(r0, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f0000000080)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0x801}, 0x40) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) shmctl$auto_SHM_STAT_ANY(0x0, 0xf, 0x0) 3m10.889385639s ago: executing program 0 (id=1705): unshare$auto(0x8000000) semtimedop$auto(0x0, &(0x7f0000000000)={0x7, 0x9, 0x36ec}, 0x1f4, 0x0) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/mcfilter\x00', 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000180), 0xffffffffffffffff) readv$auto(r0, &(0x7f0000000280)={&(0x7f0000000200)="2d46c3cfe3fffaa0fde976e8fd8165cfb75c33b7de32a2812ed9f1016bfc001f555c75de589fa63191c51d718b0fe5c6d528c24442a901a14580edf810513062530bfda03939d59f5b681c1942f8f58c991e6e01", 0xfffffffffffffff8}, 0x8000) sendmsg$auto_NFSD_CMD_LISTENER_SET(r1, &(0x7f0000003140)={0x0, 0x0, &(0x7f0000003100)={&(0x7f00000001c0)={0x34, r2, 0x1, 0x70bd26, 0x25dfdbfb, {}, [@NFSD_A_SERVER_SOCK_ADDR={0x20, 0x1, 0x0, 0x1, [@NFSD_A_SOCK_ADDR={0x14, 0x1, "5e1f970f497f9f23d63e72850177cde9"}, @NFSD_A_SOCK_TRANSPORT_NAME={0x6, 0x2, '-\x00'}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x0) read$auto_proc_pagemap_operations_internal(r0, &(0x7f0000001540)=""/209, 0xd1) execve$auto(&(0x7f0000000040)=':,\x00', 0x0, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x1, 0x84) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vbi28\x00', 0x0, 0x0) r3 = open(&(0x7f0000000100)='.\x00', 0x0, 0x408) getdents$auto(r3, 0x0, 0x400018) ioctl$auto(0x3, 0x4020565a, 0x38) ioctl$auto(0x3, 0x4020565b, 0x38) unshare$auto(0x40000080) unshare$auto(0x40000080) r4 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bus/usb/008/001\x00', 0x402, 0x0) mmap$auto(0x0, 0x2020009, 0x2, 0xf8, 0xfffffffffffffffa, 0x8000) move_pages$auto(0x0, 0x1002, 0x0, &(0x7f0000001140), 0x0, 0x2) r5 = epoll_create$auto(0x1) capset$auto(0x0, 0x0) epoll_ctl$auto(r5, 0x1, 0x8000000000000000, 0x0) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/wakeup_count\x00', 0xc0082, 0x0) read$auto(r6, 0x0, 0x8) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x4044001) close_range$auto(0xffffffffffffffff, r4, 0x0) 2m55.654472216s ago: executing program 32 (id=1705): unshare$auto(0x8000000) semtimedop$auto(0x0, &(0x7f0000000000)={0x7, 0x9, 0x36ec}, 0x1f4, 0x0) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/mcfilter\x00', 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000180), 0xffffffffffffffff) readv$auto(r0, &(0x7f0000000280)={&(0x7f0000000200)="2d46c3cfe3fffaa0fde976e8fd8165cfb75c33b7de32a2812ed9f1016bfc001f555c75de589fa63191c51d718b0fe5c6d528c24442a901a14580edf810513062530bfda03939d59f5b681c1942f8f58c991e6e01", 0xfffffffffffffff8}, 0x8000) sendmsg$auto_NFSD_CMD_LISTENER_SET(r1, &(0x7f0000003140)={0x0, 0x0, &(0x7f0000003100)={&(0x7f00000001c0)={0x34, r2, 0x1, 0x70bd26, 0x25dfdbfb, {}, [@NFSD_A_SERVER_SOCK_ADDR={0x20, 0x1, 0x0, 0x1, [@NFSD_A_SOCK_ADDR={0x14, 0x1, "5e1f970f497f9f23d63e72850177cde9"}, @NFSD_A_SOCK_TRANSPORT_NAME={0x6, 0x2, '-\x00'}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x0) read$auto_proc_pagemap_operations_internal(r0, &(0x7f0000001540)=""/209, 0xd1) execve$auto(&(0x7f0000000040)=':,\x00', 0x0, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x1, 0x84) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vbi28\x00', 0x0, 0x0) r3 = open(&(0x7f0000000100)='.\x00', 0x0, 0x408) getdents$auto(r3, 0x0, 0x400018) ioctl$auto(0x3, 0x4020565a, 0x38) ioctl$auto(0x3, 0x4020565b, 0x38) unshare$auto(0x40000080) unshare$auto(0x40000080) r4 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bus/usb/008/001\x00', 0x402, 0x0) mmap$auto(0x0, 0x2020009, 0x2, 0xf8, 0xfffffffffffffffa, 0x8000) move_pages$auto(0x0, 0x1002, 0x0, &(0x7f0000001140), 0x0, 0x2) r5 = epoll_create$auto(0x1) capset$auto(0x0, 0x0) epoll_ctl$auto(r5, 0x1, 0x8000000000000000, 0x0) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/wakeup_count\x00', 0xc0082, 0x0) read$auto(r6, 0x0, 0x8) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x4044001) close_range$auto(0xffffffffffffffff, r4, 0x0) 2m39.997933002s ago: executing program 1 (id=1827): mmap$auto(0x7ffffffffffffffd, 0xb3b7, 0x4000000000e1, 0x2000000001a, 0x401, 0x7ffe) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) close_range$auto(0x0, 0xffffffffffffffff, 0x1) syz_open_procfs$namespace(0x0, &(0x7f0000000100)='ns/pid_for_children\x00') r0 = openat$auto_loop_ctl_fops_loop(0xffffffffffffff9c, &(0x7f0000000040), 0x40, 0x0) ioctl$auto_LOOP_CTL_ADD(r0, 0x4c80, 0xfffffffffffffffd) semctl$auto_SETALL(0x0, 0xc, 0x11, 0x81) unshare$auto(0x40000080) umount2$auto(0x0, 0x4) openat$auto_event_trigger_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/events/vmalloc/purge_vmap_area_lazy/trigger\x00', 0xc81, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x1a1302, 0x0) sendfile$auto(r1, r1, 0x0, 0x43) mmap$auto(0x0, 0x2020006, 0x1000000000000007, 0xeb1, 0x0, 0x1008000) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dri/card0\x00', 0x400, 0x0) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) r2 = gettid() rt_sigqueueinfo$auto_SIGCONT(r2, 0x12, 0x0) writev$auto(0x3, 0x0, 0x8) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/001/001\x00', 0x29202, 0x0) r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x2200, 0x0) writev$auto(r4, &(0x7f0000000200)={0x0, 0x7ffffffff000}, 0xc) mmap$auto(0x2000, 0x80009, 0xb, 0x8000000008011, r3, 0x0) semctl$auto(0x201, 0xfffffffffffffffa, 0x3, 0x0) r5 = getpid() process_vm_readv$auto(r5, 0x0, 0x1, &(0x7f0000000280)={0x0, 0xffffffff}, 0x6, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dri/card0\x00', 0x121000, 0x0) openat$auto_proc_pid_smaps_operations_internal(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/smaps\x00', 0x42000, 0x0) mmap$auto(0x0, 0x2020009, 0x80000003, 0xeb1, 0xfffffffffffffffa, 0x8000) 2m39.056450775s ago: executing program 1 (id=1828): statmount$auto(0x0, 0x0, 0x1fe, 0xd) r0 = openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/pcmC0D0p\x00', 0x40002, 0x0) mmap$auto(0x800000, 0x7, 0xe9ed, 0x8000000008011, r0, 0x80000000) mmap$auto(0x0, 0x400008, 0xdf, 0x100000009b72, 0x2, 0x8000) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, r1, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r3) r4 = ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r4) mmap$auto(0x0, 0x128009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptya1\x00', 0x20080, 0x0) ioctl$auto(0x3, 0x5420, 0x38) readv$auto(0x3, &(0x7f0000000040)={0x0, 0x36a}, 0x3) ioctl$auto_SNDCTL_TMR_CONTINUE(r5, 0x5406, 0x0) 2m38.264733204s ago: executing program 1 (id=1832): mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) timer_create$auto_CLOCK_TAI(0xb, 0x0, &(0x7f0000000fc0)=0xa) mmap$auto(0x0, 0x4020005, 0xdf, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) write$auto(0xca, &(0x7f0000000000)='\x04>\x01\x01\x00\x00\x00\x00\x01_\x9e\x99:R\xcc\x96\b\'\x02\xb0\x93l\xeb\x87\r\b\x87\x14\xf8e6\x9c%\xb6\x9a\\S\xa2(Q\xcc', 0x7f) ioctl$auto(0xffffffffffffffff, 0x5646, 0xffffffffffffffff) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mq_open$auto(0x0, 0x1, 0x7e, &(0x7f0000000040)={0xfffffffffffffff8, 0x6, 0xffffffffffffffc0, 0x800000000000046}) socket(0x2, 0x80805, 0x0) r0 = eventfd$auto(0x9) writev$auto(0x4, &(0x7f0000000080)={&(0x7f0000000040), 0x8}, 0x1) read$auto_vhci_fops_hci_vhci(r0, &(0x7f0000000280)=""/40, 0x28) read$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, &(0x7f0000000280)=""/40, 0x28) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) madvise$auto(0x1, 0x10d3, 0x3ff) r1 = socket(0x15, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmsg$auto(r1, &(0x7f0000000180)={&(0x7f0000000040), 0x7fc, 0x0, 0x8, 0x0, 0x1, 0x4}, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000003f40)=""/156, 0x9c) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x2401, 0x0) r2 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc) fallocate$auto(r2, 0x0, 0x7, 0x4cbd5d) r3 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x80040, 0x40, 0xe}, 0x18) fremovexattr$auto(r3, &(0x7f0000000000)='system.posix_acl_access\x00') openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/power/resume\x00', 0x189002, 0x0) 2m36.373378895s ago: executing program 1 (id=1837): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = io_uring_setup$auto(0x59, &(0x7f0000000100)={0x0, 0x1d, 0x3000, 0x6, 0x6, 0x400a, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c48, 0x29b, 0x3, 0x7f, 0x0, 0x6}, {0xe63c, 0x1, 0x52, 0x85, 0x2, 0x1a7b870a, 0x76c2, 0x8000c, 0x100000000}}) r2 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a) sendmmsg$auto(r2, &(0x7f0000000000)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xfffbfffd}, 0xffff}, 0x4000, 0x20000043) r3 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000000), 0x42c02, 0x0) ioctl$auto_posix_clock_file_operations_posix_clock(r3, 0xffffffffc0403d11, 0x0) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) mmap$auto(0x3, 0x2020009, 0x3, 0xeb1, r2, 0x8000) r4 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r5 = socket(0x2, 0x2, 0x0) connect$auto(r0, &(0x7f0000000080)=@in={0x2, 0x2, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000340), r1) setfsuid$auto(0xee00) sendmsg$auto_NL80211_CMD_ADD_LINK_STA(r5, &(0x7f0000000440)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000400)={&(0x7f0000000480)=ANY=[@ANYBLOB="3404", @ANYRES16=r6, @ANYBLOB="000325bd7000fddbdf2596000000080040000400000008004b00fdffffffd803a680a000e980040085800c0013000300000000000000810042000fedfd7627d0496bd36a46d8b78549add0934ca69a6abeec111c62402363f5d4daf41b1bd294ec71987c0a606f98faf79035275094912e912f528485be3125caf0842aa08e555bab7506d4e9925043348136b682b0cc480a0761998903def9e406afe14c1852ee0f3deffd4da6e8f7a67caafe7a2bf19765288516c6eb0000000400dc8004004f80171d39b6fb3d539ea301408008002b00", @ANYRES32=0x0, @ANYBLOB="08008200ac1e010104000280040060800400798004005f80d2c425c6a46ad0447320cb9a4246d5c085d0cd8c778cd92e1e554fe4f113b4f27cf5301f7229ed849117ae13124d61092d7f5fef0a7fdfdf64db3191ad03b96e4ec186da1cf647c6d0dfb98d5ff40c227286c29032387acf5d3d75d8c0476ba71669e3bb095e3f003d632ff006a06e61074f0ef690a07027d6c9c526b4f66e521236859a58903b83c6c3941cc8076dd81053d36f4e8622d3f669803f2b239f56dee2a30d8542996e96bb1b21a9bfee9fba6f798f90d682a011e0e374453fde9566ec03c5c3f4dd8bf0b4aa1c21e95cf0d7cf390b5b6c9f6efed65a825e8626406b63663d69e58781b66481797359bda13dc9985ea2eea30b514175fef7fe6f6aad91506193a14a8ce5d884bccd0cdf09ec7bbab9b60ba7dd8f652bd0170c5a03b0c9170e50a4a10cba5546972cbd4d7b4d2d505e4d6310cc693b93e121a4e177f6c6f59cc707006b69e61d80fedd484fbf08260e58e5b9b3ab03b7ed5be134afa90c2ac426bd5f58bbc50004001c00fe0017805a0075001adf7a13e75febf6407b1742966278e35c0be787fa5fbed9ba0239ddedf1427272561bd135609dd30018a8f879de5aea6ff84587bb57dcea0c402156dce33ffce5584012439b337b5a921ec747f9a407b2a7f08a1388000008009d00"/516, @ANYRES32=0x0, @ANYBLOB="24002c002e2f6367726f75702f6367726f75702e737562747265655f636f6e74726f6c005ead8f529d6453e5f2512afd0449d5aa010caf08002500", @ANYRES32=0x0, @ANYBLOB="0400428004005180f6b4535f852d63216cf47e07d62448ce575804812d7f188a6c4068481e4c71da7a76212ff61a70fb2f5a3bc409fecb6e5fce32c38fc243bef130f12fccccd9ee663b2508006700", @ANYRES32=0x0, @ANYBLOB="04006e8000007a0058800c0014000700000000000000872d1671c64dd60b747618478d452da5637ec62f640cc9406e5c3bda9a3c76078ca365c60a1643c340b2a280f2262b10fd2c74c4cafeb495b01ec99c733f257fae26ac936e7260dad9128d33df5c918c1d6b4377924bcd06d9ae1a5e829ffe234248bd56fea6812a12de000008003000e000000208004a00000000f80600b4000200000005001d00df00000008001f01c600000008000c00ffff000008004b000100000006006d0003000000"], 0x434}, 0x1, 0x0, 0x0, 0x48841}, 0x4002) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) syz_genetlink_get_family_id$auto_nlbl_unlbl(&(0x7f00000001c0), 0xffffffffffffffff) mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) acct$auto(&(0x7f0000000100)='./cgroup/cgroup.subtree_control\x00') write$auto(0xffffffffffffffff, 0x0, 0x8000007f) r7 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ram8\x00', 0x16fa02, 0x0) write$auto_tty_fops_tty_io(r4, &(0x7f0000000240)="d981d87ec99f3f23acba3c083d4a8e144d24001c93ffa9c39039fb64f5318f66c7b3de8b9cd2b0726a8293b03b209e935cf5aeaa113a73560127c8f38f1a2a25af818443e737fca0d6ca3037e2dc95f4951fd06c8970c9eb33821a2cf3072b7d27556d2843e5341a45db35e4c6336a7d69a9999695a04ca94cd8fad6872e7a6a7f42d26cc0371e341af85bda23aa710c406095d3356bc0195b2a4e814085b4f55a1262c494cf5d8ae9b4629d734545aa0f034f4d0fbaf1d7b20984a3253927e078a682682c6d3dbd17dea206c18d37459135afdca2ff8f508b4831bef0b021508701", 0xe2) sendfile$auto(0x3, r7, 0x0, 0x400000000006) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/kernel/task_delayacct\x00', 0x80282, 0x0) rt_sigsuspend$auto(0x0, 0x8) shutdown$auto(0x200000003, 0x2) 2m35.212993837s ago: executing program 1 (id=1840): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x5, 0x84) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x14fa02, 0x0) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) close$auto(0xffffffffffffffff) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) open(0x0, 0x0, 0x408) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) preadv2$auto(r0, 0x0, 0x6, 0xffffffffffffffff, 0x4, 0x2e) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) madvise$auto(0x100000000000000, 0x400053, 0x9) ioctl$auto_TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, &(0x7f0000000040)=0xc) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810006, 0xffb, 0x8000000008012, 0x3, 0x0) msync$auto(0x0, 0xe0, 0x6) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) timer_create$auto(0x9, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x40000b, 0xdf, 0x9b72, 0x2, 0x108000) io_uring_setup$auto(0x1, 0x0) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x80000001) futex$auto(0x0, 0x1, 0x40000006, 0x0, 0x0, 0x80000001) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) connect$auto(0x3, &(0x7f0000000000)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x55) read$auto_proc_reg_file_ops_compat_inode(0xffffffffffffffff, &(0x7f0000000e80)=""/206, 0xce) madvise$auto(0x0, 0x2003f0, 0x17) 2m33.402466462s ago: executing program 1 (id=1844): r0 = socket(0xa, 0x3, 0x5) sendmmsg$auto(r0, &(0x7f0000000180)={{&(0x7f0000000040), 0xc8b, 0x0, 0x0, 0x0, 0x0, 0x80000000}, 0x8000005}, 0x3b8b, 0xa) write$auto(r0, &(0x7f0000000000)='\x00', 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = socket(0x2, 0x801, 0x6) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @empty}, 0x51) sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_ID(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="000425bd7004fedbdfbb4faebe77"], 0x14}, 0x1, 0x0, 0x0, 0x4040004}, 0x4000000) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) r2 = prctl$auto_PR_SET_MM_START_STACK(0x9, 0x5, 0x0, 0xd, 0x8) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_SET(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000003c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01002cbd7000fbdbdf250200000008000100070000000800030085000000ee1a3c6264d3db7cf6795158a1ac8560a66f31bdb824887895f5d4fb7d2423782b4e3284b1adc162dc733caebb1be8543b4d54cc4457a6fa7d4c700d37bbb60508007cb42be7d52cc4d7c75d3f0fe46ca9fc01"], 0x24}, 0x1, 0x0, 0x0, 0x20008000}, 0xc840) sendmsg$auto_NFSD_CMD_LISTENER_GET(r3, &(0x7f0000000380)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0x14, r5, 0x1, 0x70bd2c, 0x25dfdbfd, {}, ["", "", "", "", "", ""]}, 0x14}}, 0x20010090) sendmsg$auto_NFSD_CMD_LISTENER_SET(r2, &(0x7f0000000780)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200004}, 0xc, &(0x7f0000000740)={&(0x7f0000000180)={0x5b0, r5, 0x200, 0x70bd27, 0x25dfdbfd, {}, [@NFSD_A_SERVER_SOCK_ADDR={0x9c, 0x1, 0x0, 0x1, [@NFSD_A_SOCK_ADDR={0x4d, 0x1, "fc15acd5b771c79fd2dc24b9d144105fd8f3e20dcb22de4c4853856eb9668c8aa532417747ccac3df1a5f1e896ac9cc0f973cad1119d4a9a7fe8ee5fa3e8fdf13a531925e6a2fe04e5"}, @NFSD_A_SOCK_TRANSPORT_NAME={0x6, 0x2, '/\x00'}, @NFSD_A_SOCK_TRANSPORT_NAME={0x12, 0x2, '/dev/pts/ptmx\x00'}, @NFSD_A_SOCK_TRANSPORT_NAME={0x12, 0x2, '/dev/pts/ptmx\x00'}, @NFSD_A_SOCK_TRANSPORT_NAME={0x5, 0x2, '\x00'}, @NFSD_A_SOCK_TRANSPORT_NAME={0x10, 0x2, '{).\\[+}.^%#\x00'}]}, @NFSD_A_SERVER_SOCK_ADDR={0x2ec, 0x1, 0x0, 0x1, [@NFSD_A_SOCK_ADDR={0x9a, 0x1, "c7ec2daa063026cd8b252681c161f79f91de0c16e7f4066726e2374b52943a027c3a1867bfb8d94af9df2f3cfc158f558e9c8291795004628f9bedd861a793c874b98d92af22a60137f2d87e6be5a473390405fda8ad10bb054012a623d334f53c40b6042a0a86013f1b853e7b8251ef9e8ea4d7aa820cc9ebabacba3797a4d0dcdc2fa9974f6a32fa54e8c8f1b9c06fbe54341af1d4"}, @NFSD_A_SOCK_ADDR={0x73, 0x1, "022b63a0beaef5e711a69f58da0b0ba16c2cdec2901fa0903e81f727c9234bd005d315fa14814294ff4d42899b5470d94a068f00937c9ac5642a3d135c35a121265009375db3ee3f8992cc3d0e22471b9afc3ba6d9312afadb59a9d5b2f9b6e361cfc8cb7be89af5a981f8bc3e3fd3"}, @NFSD_A_SOCK_ADDR={0xc9, 0x1, "f1f3573092dd1ae7c30486a21bd1e05dee12228a1fb21172271ca3185b80145b2a03c93387732f5b0a0ba83e30bd9e9152b92d5f29c9deb5e9678fdae648a67b7885162119f151fc40583ae5f654acfafee902e46e63d3f4f66fa2ad398d7f05c12302adefe750872c5781ebac68177231cffad9e697dcd71a472ff82fb9eb5f198ac6703ebaa6d35ffedfe2c9a4834faf2c26b6e359430c81c92a44fcd24d89656e54dac31a26aa34625daa406419729d34465d887d0dd49edabd98a4a5f11ecd5387a55f"}, @NFSD_A_SOCK_TRANSPORT_NAME={0x12, 0x2, '/dev/pts/ptmx\x00'}, @NFSD_A_SOCK_ADDR={0x6, 0x1, "3501"}, @NFSD_A_SOCK_ADDR={0xd8, 0x1, "7d6dce6342ae29454a9adb498b4007e034e466357b249439d512f7cd94fcefd8df59e266b5991c6cdf6dfa95c7475653fbfc652100e413759a20b6d8eb7bb15c7a579969ca8ef2b9383b1fac751baf1e55134c4072a31d69ef8861eea0e2da4137d451d55e89ba10ced204e786ad7ed6b713c06a7d1092a9238b4647e77c7623c1199bdd95e68b0615d0f6ead589b52b41c136e73b0aba1d28e3bb8739e030b66954977b01f6b4f5c2494bdd492778c5f3a9d78bf72da4edab39e8163ff198abde69c4863ddd8854add4d4c69f5e831f28ecfd78"}, @NFSD_A_SOCK_TRANSPORT_NAME={0x9, 0x2, '-/@+\x00'}, @NFSD_A_SOCK_TRANSPORT_NAME={0xa, 0x2, '#:u-*\x00'}]}, @NFSD_A_SERVER_SOCK_ADDR={0xc, 0x1, 0x0, 0x1, [@NFSD_A_SOCK_TRANSPORT_NAME={0x7, 0x2, '!(\x00'}]}, @NFSD_A_SERVER_SOCK_ADDR={0x1e0, 0x1, 0x0, 0x1, [@NFSD_A_SOCK_ADDR={0x60, 0x1, "407ba2664b1381a01044f70c4435c91393eff55d1f3ba9e42df760c91b5f01dfbb3c1f629cc72d4603f4219461ae3aff4bf4ec48b1537ea0a7a3a12842e0f8c1cdebe9843ef63aef1088e74cd54763cbe10ac453db902599a41aa1d9"}, @NFSD_A_SOCK_TRANSPORT_NAME={0xd, 0x2, '/dev/kvm\x00'}, @NFSD_A_SOCK_ADDR={0xf6, 0x1, "045cce43018600541d2362cf3f7aaa64356dbef2d59e299ff0a9fb47b0d1cf591db6fc9734bde65c6b2fb695eb3b5fa884551992496e23227214bcfe11df54cd8f203172a62903cd53d9673c31f0e6c460193337dc71579142379a9355f3c1d5258bf8f7d0b242168745b14b8699b25d894814a33478124dc66146288300b151410e27d59b5814e72891b6657f883453dbf1fc55bd63dfd30a2fcb13ddce7d897b6c7f8d65cb72071f5ba14d9aae712ce1755e6aa9797c279b11fcc9fbfaf84189d3e97f976ee6a63ee0718b0bbc5ae6dc52d7a69697af8cee1b64411d2ec04c04ea51cb6e8d7bd30b582bf16572dba0248b"}, @NFSD_A_SOCK_ADDR={0x5f, 0x1, "987507b32cbaea08ff59b3be4651c2000c1b44fa18e84eab130441e2b89ca7b62c099f142cbad243ce00fcb0ac0dd9484c66c4ab6605e51b9a8f5a19002346484a0c1190d6230fb17de3dfd3a217402709f8c13bd5c9f215380c30"}, @NFSD_A_SOCK_TRANSPORT_NAME={0x13, 0x2, '!-$%)\x18.:/[}\\-\x8b\x00'}]}, @NFSD_A_SERVER_SOCK_ADDR={0x28, 0x1, 0x0, 0x1, [@NFSD_A_SOCK_TRANSPORT_NAME={0x12, 0x2, '/dev/pts/ptmx\x00'}, @NFSD_A_SOCK_TRANSPORT_NAME={0xe, 0x2, '[.)(}.-/}\x00'}]}]}, 0x5b0}}, 0x24004045) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mlock$auto(0x1004, 0x6) mlockall$auto(0x800000000000005) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) getpgid$auto(0x0) openat$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/tracing/dynamic_events\x00', 0x202000, 0x0) close_range$auto(0x2, 0x8, 0x0) r6 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0xe0180, 0x0) read$auto_rng_chrdev_ops_core(0xffffffffffffffff, &(0x7f0000000040)=""/23, 0x17) ioctl$auto_KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r6) 2m18.354005161s ago: executing program 33 (id=1844): r0 = socket(0xa, 0x3, 0x5) sendmmsg$auto(r0, &(0x7f0000000180)={{&(0x7f0000000040), 0xc8b, 0x0, 0x0, 0x0, 0x0, 0x80000000}, 0x8000005}, 0x3b8b, 0xa) write$auto(r0, &(0x7f0000000000)='\x00', 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = socket(0x2, 0x801, 0x6) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @empty}, 0x51) sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_ID(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="000425bd7004fedbdfbb4faebe77"], 0x14}, 0x1, 0x0, 0x0, 0x4040004}, 0x4000000) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) r2 = prctl$auto_PR_SET_MM_START_STACK(0x9, 0x5, 0x0, 0xd, 0x8) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_SET(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000003c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01002cbd7000fbdbdf250200000008000100070000000800030085000000ee1a3c6264d3db7cf6795158a1ac8560a66f31bdb824887895f5d4fb7d2423782b4e3284b1adc162dc733caebb1be8543b4d54cc4457a6fa7d4c700d37bbb60508007cb42be7d52cc4d7c75d3f0fe46ca9fc01"], 0x24}, 0x1, 0x0, 0x0, 0x20008000}, 0xc840) sendmsg$auto_NFSD_CMD_LISTENER_GET(r3, &(0x7f0000000380)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0x14, r5, 0x1, 0x70bd2c, 0x25dfdbfd, {}, ["", "", "", "", "", ""]}, 0x14}}, 0x20010090) sendmsg$auto_NFSD_CMD_LISTENER_SET(r2, &(0x7f0000000780)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200004}, 0xc, &(0x7f0000000740)={&(0x7f0000000180)={0x5b0, r5, 0x200, 0x70bd27, 0x25dfdbfd, {}, [@NFSD_A_SERVER_SOCK_ADDR={0x9c, 0x1, 0x0, 0x1, [@NFSD_A_SOCK_ADDR={0x4d, 0x1, "fc15acd5b771c79fd2dc24b9d144105fd8f3e20dcb22de4c4853856eb9668c8aa532417747ccac3df1a5f1e896ac9cc0f973cad1119d4a9a7fe8ee5fa3e8fdf13a531925e6a2fe04e5"}, @NFSD_A_SOCK_TRANSPORT_NAME={0x6, 0x2, '/\x00'}, @NFSD_A_SOCK_TRANSPORT_NAME={0x12, 0x2, '/dev/pts/ptmx\x00'}, @NFSD_A_SOCK_TRANSPORT_NAME={0x12, 0x2, '/dev/pts/ptmx\x00'}, @NFSD_A_SOCK_TRANSPORT_NAME={0x5, 0x2, '\x00'}, @NFSD_A_SOCK_TRANSPORT_NAME={0x10, 0x2, '{).\\[+}.^%#\x00'}]}, @NFSD_A_SERVER_SOCK_ADDR={0x2ec, 0x1, 0x0, 0x1, [@NFSD_A_SOCK_ADDR={0x9a, 0x1, "c7ec2daa063026cd8b252681c161f79f91de0c16e7f4066726e2374b52943a027c3a1867bfb8d94af9df2f3cfc158f558e9c8291795004628f9bedd861a793c874b98d92af22a60137f2d87e6be5a473390405fda8ad10bb054012a623d334f53c40b6042a0a86013f1b853e7b8251ef9e8ea4d7aa820cc9ebabacba3797a4d0dcdc2fa9974f6a32fa54e8c8f1b9c06fbe54341af1d4"}, @NFSD_A_SOCK_ADDR={0x73, 0x1, "022b63a0beaef5e711a69f58da0b0ba16c2cdec2901fa0903e81f727c9234bd005d315fa14814294ff4d42899b5470d94a068f00937c9ac5642a3d135c35a121265009375db3ee3f8992cc3d0e22471b9afc3ba6d9312afadb59a9d5b2f9b6e361cfc8cb7be89af5a981f8bc3e3fd3"}, @NFSD_A_SOCK_ADDR={0xc9, 0x1, "f1f3573092dd1ae7c30486a21bd1e05dee12228a1fb21172271ca3185b80145b2a03c93387732f5b0a0ba83e30bd9e9152b92d5f29c9deb5e9678fdae648a67b7885162119f151fc40583ae5f654acfafee902e46e63d3f4f66fa2ad398d7f05c12302adefe750872c5781ebac68177231cffad9e697dcd71a472ff82fb9eb5f198ac6703ebaa6d35ffedfe2c9a4834faf2c26b6e359430c81c92a44fcd24d89656e54dac31a26aa34625daa406419729d34465d887d0dd49edabd98a4a5f11ecd5387a55f"}, @NFSD_A_SOCK_TRANSPORT_NAME={0x12, 0x2, '/dev/pts/ptmx\x00'}, @NFSD_A_SOCK_ADDR={0x6, 0x1, "3501"}, @NFSD_A_SOCK_ADDR={0xd8, 0x1, "7d6dce6342ae29454a9adb498b4007e034e466357b249439d512f7cd94fcefd8df59e266b5991c6cdf6dfa95c7475653fbfc652100e413759a20b6d8eb7bb15c7a579969ca8ef2b9383b1fac751baf1e55134c4072a31d69ef8861eea0e2da4137d451d55e89ba10ced204e786ad7ed6b713c06a7d1092a9238b4647e77c7623c1199bdd95e68b0615d0f6ead589b52b41c136e73b0aba1d28e3bb8739e030b66954977b01f6b4f5c2494bdd492778c5f3a9d78bf72da4edab39e8163ff198abde69c4863ddd8854add4d4c69f5e831f28ecfd78"}, @NFSD_A_SOCK_TRANSPORT_NAME={0x9, 0x2, '-/@+\x00'}, @NFSD_A_SOCK_TRANSPORT_NAME={0xa, 0x2, '#:u-*\x00'}]}, @NFSD_A_SERVER_SOCK_ADDR={0xc, 0x1, 0x0, 0x1, [@NFSD_A_SOCK_TRANSPORT_NAME={0x7, 0x2, '!(\x00'}]}, @NFSD_A_SERVER_SOCK_ADDR={0x1e0, 0x1, 0x0, 0x1, [@NFSD_A_SOCK_ADDR={0x60, 0x1, "407ba2664b1381a01044f70c4435c91393eff55d1f3ba9e42df760c91b5f01dfbb3c1f629cc72d4603f4219461ae3aff4bf4ec48b1537ea0a7a3a12842e0f8c1cdebe9843ef63aef1088e74cd54763cbe10ac453db902599a41aa1d9"}, @NFSD_A_SOCK_TRANSPORT_NAME={0xd, 0x2, '/dev/kvm\x00'}, @NFSD_A_SOCK_ADDR={0xf6, 0x1, "045cce43018600541d2362cf3f7aaa64356dbef2d59e299ff0a9fb47b0d1cf591db6fc9734bde65c6b2fb695eb3b5fa884551992496e23227214bcfe11df54cd8f203172a62903cd53d9673c31f0e6c460193337dc71579142379a9355f3c1d5258bf8f7d0b242168745b14b8699b25d894814a33478124dc66146288300b151410e27d59b5814e72891b6657f883453dbf1fc55bd63dfd30a2fcb13ddce7d897b6c7f8d65cb72071f5ba14d9aae712ce1755e6aa9797c279b11fcc9fbfaf84189d3e97f976ee6a63ee0718b0bbc5ae6dc52d7a69697af8cee1b64411d2ec04c04ea51cb6e8d7bd30b582bf16572dba0248b"}, @NFSD_A_SOCK_ADDR={0x5f, 0x1, "987507b32cbaea08ff59b3be4651c2000c1b44fa18e84eab130441e2b89ca7b62c099f142cbad243ce00fcb0ac0dd9484c66c4ab6605e51b9a8f5a19002346484a0c1190d6230fb17de3dfd3a217402709f8c13bd5c9f215380c30"}, @NFSD_A_SOCK_TRANSPORT_NAME={0x13, 0x2, '!-$%)\x18.:/[}\\-\x8b\x00'}]}, @NFSD_A_SERVER_SOCK_ADDR={0x28, 0x1, 0x0, 0x1, [@NFSD_A_SOCK_TRANSPORT_NAME={0x12, 0x2, '/dev/pts/ptmx\x00'}, @NFSD_A_SOCK_TRANSPORT_NAME={0xe, 0x2, '[.)(}.-/}\x00'}]}]}, 0x5b0}}, 0x24004045) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mlock$auto(0x1004, 0x6) mlockall$auto(0x800000000000005) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) getpgid$auto(0x0) openat$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/tracing/dynamic_events\x00', 0x202000, 0x0) close_range$auto(0x2, 0x8, 0x0) r6 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0xe0180, 0x0) read$auto_rng_chrdev_ops_core(0xffffffffffffffff, &(0x7f0000000040)=""/23, 0x17) ioctl$auto_KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r6) 1m6.37481911s ago: executing program 4 (id=2148): close_range$auto(0x2, 0x8, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0x1e, 0x5, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r4 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) execveat$auto(r4, 0x0, &(0x7f0000000080)=0x0, 0x0, 0x7) fsconfig$auto(0xffffffffffffffff, 0x8, 0x0, 0x0, 0x0) ioctl$auto(0x3, 0xae41, r3) ioctl$auto_KVM_GET_MSRS(r2, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0x4b564d04, 0x1, 0x8001}]}) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptyr4\x00', 0x8800, 0x0) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/dummy0/mtu\x00', 0xe3102, 0x0) sendfile$auto(r5, r5, 0x0, 0x2) symlink$auto(&(0x7f0000000140)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000240)='./file0\x00') open(&(0x7f0000000280)='./file0\x00', 0x109443, 0x10) futex$auto(&(0x7f0000000080)=0x1, 0x8, 0x3d, 0x0, 0x0, 0x0) open$dir(&(0x7f0000000000)='./file0\x00', 0x42, 0x20) open$dir(&(0x7f0000000380)='./file0\x00', 0x80, 0x104) r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000002c0), r1) sendmsg$auto_NL80211_CMD_EXTERNAL_AUTH(r0, &(0x7f0000000d40)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000d00)={&(0x7f00000003c0)={0x934, r6, 0x8, 0x70bd29, 0x25dfdbfd, {}, [@NL80211_ATTR_FRAME_TYPE={0x6}, @NL80211_ATTR_FILS_ERP_USERNAME={0x8, 0xf9, "8a485d6b"}, @NL80211_ATTR_COLOR_CHANGE_COUNT={0x5, 0x12f, 0x4}, @NL80211_ATTR_TDLS_DIALOG_TOKEN={0x5, 0x89, 0x4}, @NL80211_ATTR_IE_PROBE_RESP={0x8fd, 0x7f, "84856b5edc2dcded310cad01ec89ec5f0df2ede430eeb46c1cb3d3da2e7865d69b207fa11d44c1bfc6a7530e142864554ffa8fc065ba58f29215ba942329ed0ce0f1c2046e8826fc09455260619b697279b03478a5eb2680bb058adf91f8a679e26e7ac00764a30288a77a0ccf6dade641e24982d4a7fd7a2d639c02417832b211744cd951d3077d0760c5b361461b95f86e76f030bed6d1e7fd3bbf3775c6ac850091fc820bc4316bd3ff33ac9540e92d3321abdff2d045397ebe058a6ce527f7b098682e6d125b28451715a633bf1f135a7e28ff2093a934cce1768af30db3965bafc5769d5256d7378d794dca5ea62437b8de543e8d43578ba9b1cac3660da65795c0c5ccc10dfdc3bb3dd47c1222b22d4590ee8ae9fa90aa746e6a59c4a536a1b21079d762d0894f638f8d3fe440382af7c0b54e5a4db2c9c7506fb409807bdb76f202900c49dfe68eddc53cee865491fa8766806d7f2a521e59f06be23ea1950ce2bfd01e8ee4738cbf2eeb91c83b2db93e220a72c9213f634bee646f136761a57991bb86d733e87583d8ec2ef0399d0a31bd51a7c6c08f9cd0c7dcf6c78e2e799b784e9a3858d9fdd91914c993eca208306db39bce66240d7fa24895c2768b7a70e96bae1deb3160223a042051febabe520ae9a3d51615ce4c0cf3cb657f2aac0ae7eaa96bb6161954974624bc54138f8414052c9054190760fc74f14400b9861964831882a11878c11ce78c4832c8a43170c97ae2386c3b727f6f1adde21f80eefd767beff4f88057bde23d5c3f17bf47de035de3e5c28a7fcad07b81ebdffe1f4afeacc5245c588ff115a3dc89729d163c15c0989082e2b7878681730cbfefd6b4336d9e8cd7540be2ddcaf0318f7a3dd1733d3a42b84eba3794c22ce9bbced783e3c93870754d787353b9be0df6210b33eaad18eded7c98acc5f80fe2fca279b9e34db00b13f0fd6c304e7078c2a61f869fce553de2b98ed1c08dac026763109411b62475e131ddec4f2ed6a4c00d4e18e6e6dc818833a19a6cb731c54a940f251266ab36dbc92f922888c4d4f61adcc9bdbc9169f1d551c95ef3a9bde6101290d8379764544db3f63c5e1e782264660c35c85101601e032d010f84f9ca31d39f8325a2275082e1a53e8f2e3861477f0f901fb0bcd66f0a4acb96d3b8efdc36e4315a341b723cd74929769fb9a4be525dd8410450ce0d2252582249341e3262e3fe22be5c4bbfb73399a834a0514fde619e2dfd490045be64a7820092e39ff3143344c689a548dbfa1cd5fb57e07c8425dd317c0137c5bd2c7dd4359984e9249b3f348dff7ccb42d59b4c4ca0dc8308f9276378032a6ce1684e6ff00685a566efa52eb3c9c9a2e87a6388c9d9bca6851a07dad863d92c20425b6295384a399f0a9fbe19c4f60b0c8dc85df1cfd07b5160cdd8263bd2ac900b89f016f24e91932a64f5156a66caef6593f2e04cc5167dc62ba79dbc71d3effc8bfed4a9f3934dd2bb53b483618359084e530d3fb71d3bbc43583cb8f69c8fd571a40e58e46b2e6ab9fcd6c6d52b07516e87eae74774f13c11c2ae4e22d2384c3b6e765940be22d5765be31dc98f2a0adfa15412d950a22c5de05b2b97bd3f264e768a5320404d54dd8e22f6c95803a0a104c117512a7ef771162989142512ac759dc0db55ffc782d2a356d85ac7b7d2d0595da7379a25395bd8c40fe23352c8560f580c90b3383b67c6ef4f57364fbe323ea07f80c276d92ddf706b1784d97d3c8f7185a8932969e43f4b4db1519f73fc1a708c59556d89b7b8ab06418fb8d285d83fed72493535ae7ee4392bcf18c15afa68d9996d1832f9ba33f824f59caff240f447afd6ab8e7c4f1c7eee4fc03e2a62a394b742ab34b897d53db7021dc6bf801857d3c7434d22ee8f1781262fb85d36780573c135ec264a65c79b26f565451744d0f75a04ca73a826039bd6c974aa5ae699bda6ca589ec75c443bcdbd2c1a639b1f43acf02552ff08abad79637db67cafeb9ba04fde738d4af965d4a2cf3674bcb1f4880faf52a6329bc6eb6f3c2215576599a75d9fc4d6f424e57d1a0ff4198d7bd99a7d245c1a3410cf9a67eb718bafa95c6e15d769640ff095169af64033d0841f74d6a91df46916b3f37ef55237e751012cb8079a604182126e7e1c4731b3f4757ef1adbd45b827d28364541ed2791c707a435d9926810ea60c3866314a00ed7eff5cbd61ac83fc9a0d6fff38bc1ab0ed35f0b26954b3f5ab0e911ca1c09bedce564c4af2d25ccc49c48fe623b050e8d325281026492962c31131b9a87329c69606eb99e23cb5cc928b8c885725630ae774203071116598d78bd255737e04d92c0b7885ab534bbdc794d50b7f27a3533d7f68337e8eb7fe483d4ed521c5d59357ca0a08da4a5320246d261156215b0325e6c4207201f4546efe37abaa996e9723bc7dd3fba7f3bdb40f87f9b1492c67cc7cc7db04b745ccce0ec1b562fcded0e9a9c3f2658b5ad84999b73cfa024b22ae9d6c48c0477e7d3bc69ff39313133d51c8af8babf1399b4aca404e76a4d8eb8f9bb74d8582549a5b244cbb6377df09d0a9b6aa238876d945f5ca6ba5d1ca81aff5d88a9dd1179b80738aac8fa941c243179ed5f2b4a264474a818e36124cf4433be004039ed99d5b019615be629dc232095bd78f0a825432dcd38cb4114dc233af39e5541534d9c12f3a7fc94c6d13e092039d808e9053e797c9fcb81713bb1cd83f311d819002c0e45a958c977f761a80cd8b210da6382578f5ab0b9aca48548db731534012ef4719d36b299bf2535e29b037c99804902b3773e20590322c3ded141b9b58ec2f8b723ba15d4c697013bca21ada0d63f246318c773211e87a713988377fb084c0adec68edb0b6b340aabd4dbeeef2e24469ab02c209ea78ace4ae6873629f161f1964da34680420b2860dbf1467ba922434c30fbd4613213b78e5801f0f32790cefdfeb0a9e7655e9f5869ef67e07e7cb8ffe69dce476fb43effc1f39363336b5d2c667c8bfea06c17334e89d49bbc6ab21c056b5e8377f0e3d7666f4fd111828616a4204d7b5fecbc1906d9a91d812cee6312e733be3fd5b48d1446cf233833b6179b36bbc5305e211682232037a4dd9c64fcb7e45dc80539b4290f3d44b70694a56319e1f3460614f4027996d080ca57ad3a22b918da5d9c77e5922492e30db1bfd8de7610a6a5f37b673c06ee615b3c4607dbbc9009fa6ef7cef20a8920cac"}]}, 0x934}}, 0x0) 56.641725537s ago: executing program 4 (id=2170): mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) timer_create$auto_CLOCK_TAI(0xb, 0x0, &(0x7f0000000fc0)=0xa) mmap$auto(0x0, 0x4020005, 0xdf, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) write$auto(0xca, &(0x7f0000000000)='\x04>\x01\x01\x00\x00\x00\x00\x01_\x9e\x99:R\xcc\x96\b\'\x02\xb0\x93l\xeb\x87\r\b\x87\x14\xf8e6\x9c%\xb6\x9a\\S\xa2(Q\xcc', 0x7f) ioctl$auto(0xffffffffffffffff, 0x5646, 0xffffffffffffffff) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mq_open$auto(0x0, 0x1, 0x7e, &(0x7f0000000040)={0xfffffffffffffff8, 0x6, 0xffffffffffffffc0, 0x800000000000046}) socket(0x2, 0x80805, 0x0) r0 = eventfd$auto(0x9) writev$auto(0x4, &(0x7f0000000080)={&(0x7f0000000040), 0x8}, 0x1) read$auto_vhci_fops_hci_vhci(r0, &(0x7f0000000280)=""/40, 0x28) read$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, &(0x7f0000000280)=""/40, 0x28) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) madvise$auto(0x1, 0x10d3, 0x3ff) r1 = socket(0x15, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto(r1, &(0x7f0000000180)={&(0x7f0000000040), 0x7fc, 0x0, 0x8, 0x0, 0x1, 0x4}, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000003f40)=""/156, 0x9c) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x2401, 0x0) r2 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc) fallocate$auto(r2, 0x0, 0x7, 0x4cbd5d) r3 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x80040, 0x40, 0xe}, 0x18) fremovexattr$auto(r3, &(0x7f0000000000)='system.posix_acl_access\x00') openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/power/resume\x00', 0x189002, 0x0) bpf$auto_BPF_LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000180)=@raw_tracepoint={0x8, 0xffffffffffffffff, 0x0, 0x7}, 0x6) 55.0614272s ago: executing program 4 (id=2174): mmap$auto(0x7ffffffffffffffd, 0xb3b7, 0x4000000000e1, 0x2000000001a, 0x401, 0x7ffe) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) close_range$auto(0x0, 0xffffffffffffffff, 0x1) syz_open_procfs$namespace(0x0, &(0x7f0000000100)='ns/pid_for_children\x00') r0 = openat$auto_loop_ctl_fops_loop(0xffffffffffffff9c, &(0x7f0000000040), 0x40, 0x0) ioctl$auto_LOOP_CTL_ADD(r0, 0x4c80, 0xfffffffffffffffd) semctl$auto_SETALL(0x40, 0xc, 0x11, 0x81) unshare$auto(0x40000080) umount2$auto(0x0, 0x4) openat$auto_event_trigger_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/events/vmalloc/purge_vmap_area_lazy/trigger\x00', 0xc81, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x1a1302, 0x0) sendfile$auto(r1, r1, 0x0, 0x43) mmap$auto(0x0, 0x2020006, 0x1000000000000007, 0xeb1, 0x0, 0x1008000) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dri/card2\x00', 0x400, 0x0) r2 = prctl$auto(0x1000000003b, 0x400000000006, 0x0, 0xf5, 0x2) r3 = gettid() rt_sigqueueinfo$auto_SIGCONT(r3, 0x12, 0x0) writev$auto(0x3, 0x0, 0x8) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x2f0581, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r4 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/001/001\x00', 0x29202, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card1/pcm1c/sub4/info\x00', 0x2200, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x10000}, 0x1000000c) mmap$auto(0x2000, 0x80009, 0xb, 0x8000000008011, r4, 0x0) semctl$auto(0x201, 0xfffffffffffffffa, 0x3, 0xfffffffffffffffd) r5 = getpid() process_vm_readv$auto(r5, 0x0, 0x1, &(0x7f0000000280)={0x0, 0xffffffff}, 0x6, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dri/card0\x00', 0x121000, 0x0) openat$auto_proc_pid_smaps_operations_internal(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/smaps\x00', 0x42000, 0x0) mmap$auto(0x0, 0xb, 0x9, 0xeb1, 0xfffffffffffffffa, 0x8001) 51.787538077s ago: executing program 4 (id=2183): mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) timer_create$auto_CLOCK_TAI(0xb, 0x0, &(0x7f0000000fc0)=0xa) mmap$auto(0x0, 0x4020005, 0xdf, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) write$auto(0xca, &(0x7f0000000000)='\x04>\x01\x01\x00\x00\x00\x00\x01_\x9e\x99:R\xcc\x96\b\'\x02\xb0\x93l\xeb\x87\r\b\x87\x14\xf8e6\x9c%\xb6\x9a\\S\xa2(Q\xcc', 0x7f) ioctl$auto(0xffffffffffffffff, 0x5646, 0xffffffffffffffff) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mq_open$auto(0x0, 0x1, 0x7e, &(0x7f0000000040)={0xfffffffffffffff8, 0x6, 0xffffffffffffffc0, 0x800000000000046}) socket(0x2, 0x80805, 0x0) r0 = eventfd$auto(0x9) writev$auto(0x4, &(0x7f0000000080)={&(0x7f0000000040), 0x8}, 0x1) read$auto_vhci_fops_hci_vhci(r0, &(0x7f0000000280)=""/40, 0x28) read$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, &(0x7f0000000280)=""/40, 0x28) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) madvise$auto(0x1, 0x10d3, 0x3ff) r1 = socket(0x15, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto(r1, &(0x7f0000000180)={&(0x7f0000000040), 0x7fc, 0x0, 0x8, 0x0, 0x1, 0x4}, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000003f40)=""/156, 0x9c) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x2401, 0x0) r2 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc) fallocate$auto(r2, 0x0, 0x7, 0x4cbd5d) r3 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x80040, 0x40, 0xe}, 0x18) fremovexattr$auto(r3, &(0x7f0000000000)='system.posix_acl_access\x00') openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/power/resume\x00', 0x189002, 0x0) bpf$auto_BPF_LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000180)=@raw_tracepoint={0x8, 0xffffffffffffffff, 0x0, 0x7}, 0x6) 50.66195025s ago: executing program 4 (id=2189): mmap$auto(0x100000000, 0x2000d, 0x1, 0xeb1, 0xffffffffffffffff, 0x100000000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty17\x00', 0x1, 0x0) semget$auto(0x0, 0x13c, 0x1ff) recvmmsg$auto(0xffffffffffffffff, &(0x7f00000001c0)={{0x0, 0x5, 0x0, 0x9, 0x0, 0x800000000005, 0x7ffffffd}, 0x8}, 0x3, 0x1, 0x0) semtimedop$auto(0x0, &(0x7f0000000140)={0x7, 0x81, 0x70}, 0x1f4, 0x0) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x0, 0x0) r2 = openat2$auto(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', &(0x7f0000000280)={0x982, 0x6, 0x4}, 0x7f) sendmsg$auto_IEEE802154_ADD_IFACE(r2, &(0x7f0000000440)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000003c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00012abd7000fece637c60a021360984cecd222f1aa9fcdbdf2521f3f4dafdaaa0bb4d0006000be909000000050028f2d3000000260010006aac000005001d0040a49c72"], 0x34}, 0x1, 0x0, 0x0, 0x40000}, 0x525a05df5b8ef67a) r3 = syz_genetlink_get_family_id$auto_ncsi(&(0x7f0000000180), r2) r4 = getpid() process_vm_readv$auto(r4, &(0x7f0000000080)={0x0, 0x10001}, 0x400040000000001, &(0x7f0000000180)={&(0x7f0000000140), 0x40000000001243}, 0xa, 0x200000000) sendmsg$auto_NCSI_CMD_SEND_CMD(r2, &(0x7f0000001600)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000015c0)={&(0x7f0000002240)=ANY=[@ANYBLOB="f00b0000", @ANYRES16=r3, @ANYBLOB="00022dbd7000fddbdf250400000049040280ee01f9800400f40004005f809152ed0bc658e5e2dc26b63bd1c464ff9250f5d81f470df322e0638e0d900cdc45c55f08c76f1eb84115c5cf1ac97a0a4420bbbbc43e98cc933265c65808ab2ee89b1f9831061314973d7f40cd913fd588920afda75cf9b615a351fb2df47768cdafd0891823a59d02e7314c5cc2fe201a07f0e62ed03193bfec853bddbd94c7ecd3d37d70d2846494f7b4c6328e9eb9175f0e6aa56f139c7c72a77d01db8b56a04758f971d3d7c7fe3687bacf8c5cb87149c96a110f1717563493fbc676f87f6e06a0f7c78965e733ae2ba11c0800e800ff000000040056809bc7cc18633ebb7405a69a75335625522f5edd9c57d062214bd7047126f0a4c0c2d6af67d765e6d2f7538336d5b57068cba50785655be8f9d4d391381db251378be9869a4b5fa8ed345bfd967245e4c6380904d6270524293252ee3d7f4674d8394a14a0a2fe3ae7f4f30131b457c20910f952fcdb04006d00b03e7e90dece3f94572d88354e9e657e5dc68391f9bfbe7efbc7e501634b5f8fc8b6e49f553a63257c3222ad72304cad6ba0403f58f5e30eb57240302c504e8995aef06b10249f25d680c666c3e35f578b98fe5b63414c53aa8ca88cd05ea04d72520e0450ca36192adb8b2b855760826708b0634b71d433663fec6cb086a06fc7d821ec8bc532e08d048cee51d22c4a00008d839b04032c1f677776804c34d4a502a008a3e53fd471ef51900be2f2eb8e6d71d7d83903661a9b80a28e3b7eba2854ee8f3840d04a33b629e94276f04c91c1cf6488a10ff11e9a5e1a779ed86d42078f3f7e26042eed36130d8c3612c4005c0abd37e24902a45040bba6e7ed4fdbe8f502879b89e5336df086e6ebb2ad37c5c6d78e932729489d39824f369211de6a968a9c28b5ab2ae0e49e726b4591903b55fc01013dbf8757407eaa2d4054e61f9fa41a8fa36eb01a54848198882b7abbf63bc962f6b7aeae4c7807f0cdd7831c871400bc00fc020000000000000000000000000000b300fb00c27af9e84690d71aed7c17150f9cab7adeae205966073a5caecbf58597c38c93b68c79891016547576c78b89e515a2d085cdb77ed0448a07af361c949ac83a39cc13667632426024331858d06ac7a5e5f5fea965c340a9cbbe31453a2121e70077e7b6ec1793e26573515f08246bf508840b71242918d494e9bdb75215e065b3221c81752ca92c4a95a142c777e30fb881dbe6e87e4bd1716f54f0b0d5b2369001757e66cf6982a1017f69514cea1300b4001600026c47db5c9783a00552bf620e858dfb1bc04eb805514cd1f724865552bf3315404f8c406145bded10f139819dc0cebfda3b7c970e8e55a09652b0f4d8d1aae4a2f2ba8540f904d72b57b5600050716762397945e8d951fc65b52cf05de1096c1ee9f8ab1717842dd3a179513fbf27ee4dd0bab06bf942ce769bd2c6bcf3e03ef9cc4d197c5eb5970cd455bb7a08b392a321", @ANYRES32=r0, @ANYBLOB="00000008000800d87ba63b080003004d0b0000040006007a070500f928e09d7bd7fa2202977becacbfba05779299539e9087c29bdcfb7e759354020deebb22ec4bd883dbb7deea7425a87316ae9678267fecc436029b01e0ddc119fc3e4773eb5acadcfedf56a5cc5227743accf629c50812ae37af5cde21bcc23362ab755f2630ac53e3dfcc67731cb38a4be45a151fc54e296eab4b67d8e1816732a34c3255ee7541ff4e75615890783b19a98f05211738c03f34fa2113b6d768ccabd78c5ec2c0da118f0d282c44f4fb6133389f4ab50bb5c224255a6c7e9e3ae7314ea96ace9e25f2b3be2182b1eb0deff67feb536c5fe5f005b6a7a0b3b5582a69abc83c37a4d8038e829d60a991d7ffd9851edb138fdce06abb8867a2be56a5dbebd5e7ef3d7362ea7e6723b8ad49689b4363c54afdea8d7e7448499f38e48320398a4234fa61a3d20c09ba7d4baa283e7122deea61454d68879cdb549df69234ea91c57e5472579702e21a80a1537ec61e189b1fc21d7ffbbf5cf6962454217baa5d903e28f3a697a883b279e211f7ed6716fe84d6ff67f82602ff77a0e798d6692440fdebe9a433ae69b89b55aeba6241f29aef20ad6fcfc85fcbd4e9e59f159ce4a4cc77ccae8332290b4cde9437607273c950478e91905f51b234f42a18f6cd00da83811e1c385767bb91b1b792b79c154f4fc49dcf5876ffcb4e701d522917a0d253e3469bdc1c4900000000b8338e16bd44bcb04a28b79a71f4924e8f52ef66838f35ab5d569765b5b13860986c53cfe5a07018594b69ca399427013a1871f599564b7269f44edecaeaa1b84ed56c249d5968235b9e23c37bf71f0ab9a741176fb33b8c83afcbfb6efae66c56310915cddbd681b9dc72b8ec14a881f1fa9e193b9db73e0a2cba79616d28bda7bf0b31202c1a24711c2bfc85bf689d34e439409ad93bb4eadb1ecf761626375fbe5656e9760086eb85116f83b5d99d22a6bc0cce98cf77533b22f0d305a1e00f651dae93dc7bd3aacf3ff45d6df754f35d901ec6ac3014f505ac13dbfe184f3f37bb1c29482fcc86f419d8cfed35fee9e8a612574f9e3afe27e9ee3ae5f8ff22fe92165a0ed97e1ece3f5751e4df65eff481c7f2391c8f45f7d082b104e353ec2092e616bd9d83c663cb176deb7b25a216f8b903c461f93b3b771f9cee918043cc21fa9ea85c42326cb2dd3c846d0dcf1fe33fc61d2bff8f1cf63e38329e2d508b484106f1050a4f396b38449571995d111c345e6363388844bc7e7403199a52acdee14a4e661a8dbef77e25e57ad16a90dba607182afb1f891c7178f923130db86b4a501cd43de8571eed672cf02408586440be582c91b64f7212971886f75ac25cb9c3adedbccf226b5252f26d3f7fef415b748fa39cac970d1b07ac8b7ce6b026a95cfc1a1532d300345dd274259cf0602ada400278fd0d09c687b4c324cb9714be58e51cd8dd36619ad89e4090eae95e0589245f210cb05e9fa90318d39007ea4fc8ccbd9dae613027ea6c95940a7ed72efc660c622095bb42173939eb42f4400f5ad6184540d718946926f5b987fbffaf115bed18f27c946a77ae78ff5b5e72d2a64aac60aaed728ea3ede4d78de9f7559b11ec917623a885d4027d2a999b98298e2af8b9aeabf1380b5c3feeba52a1814a05e7a8ce3ee85d1b42a1dd9adb23381dbd76cb6688a238e76ce6f4098063ea755f1ef7abbfa23490a6544099a6f9530259faf5e3d0c07b2c8bf986aeb5028268ebe4d908e0413e964fd8b2d5ddb3d47b9b0e68de5096732bea7dc3b1b3466f7dff45721a9b1d5811a4e1874ec2be961d37a9d9d2ef50492bb75ab96504dafd326decc198ac8805a18e350c38e4de47ef2350d18f3501b50bb285023023d03fa66cf215ec6a34564affb95aca93f3677d4154b6aa9c1fbda430511f31eb6468825fbbe8a124a886ab881b7da7b71a1159bdeada0ce632d3e54e561468f4dd26640cc2d9f1587b7023928741d0f71fd00e58ae6f58d9eec0f2c07da2ccb093512d538bf1f4ea2311d4faeec03187739b1ff36129da3bf1c5999fafaeacb9be63fe3ae8765b827fe1711a0b134494c8a5f067642946e42ada782618ed9daac32eb165bc327e278c3ff030a593d85b93e3ccb751fe67c6d8bf647bcaa91c66b859db93c60a88686d07eb250e91d16a1f90c099d4835b71ba0bc03d950690a626fe5575633b90216163e1443d5213286194c0df5aa891ba17db5893fc758c282639bc7ec6ed7d27421dbdb73d01e9e149799ca2860748c06a69b41c74def7bbf31e42be43ccb4b8a5e64459f476eac90023c0677c94c6d785435e4ac8ab6891161f9b7e1d0be6bd44d17de9672aa470df2dee31ca60875388a25a90271c4b4fcf4ecc75651090ee9530d72cf969e4c1f0a3ab036bd131cc02b87bfbefa7472d8623ac7be17a1c56cf5b3c4818af0a0a2b910948e7492048f50d855efee2a12d8c63b7ddf9da4cef69ffdcf551b18936d45158aa1e6ade7060979b2f1e60e679dcdee9b45f203d4f23f30205596485409ed517525f2c922ba15574d1191711355495f0de907f42fea54bb1157d2eac8afa28574f6b460b519d8eeedacaec0815abc980a4b96289d3f9ae2a3145d15240fca1d5cbe7a53e149a6e083b7befb52f51c679e115a0a366197c0e95a4c2a1b5511155ec9815bc0402d19d9f125a7bc5c63290ac2900000000"], 0xbf0}, 0x1, 0x0, 0x0, 0x4010}, 0x811) ioctl$auto_SNDCTL_SEQ_GETINCOUNT(r1, 0x80045105, 0x0) r5 = socket(0x1e, 0x80000, 0x9) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptye9\x00', 0x101e81, 0x0) r6 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x2c402, 0x0) write$auto_dev_fops_plock(0xffffffffffffffff, &(0x7f0000000200)="ea579eafbef6a78ace20c66c3ed28a307811ba5a77e0d6f20eee070874ce267321ef2da8ccef77a2a57912658cfac38b23199ba898ef2c29ea039494e108e23fc3d3de801c6cdb8c585be1ec026d327ad05a0c7812805bb6d050f902f2e77e549ec276c282a2bb8c2847f2e7105018d493a4a1", 0x73) r7 = syz_genetlink_get_family_id$auto_gtp(&(0x7f00000004c0), r5) sendmsg$auto_GTP_CMD_GETPDP(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r7, @ANYBLOB="00002dbd7000fcdbdf250200"/22], 0x1c}, 0x1, 0x0, 0x0, 0x40000d0}, 0x4001) r8 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000980)='/dev/ttye9\x00', 0x102, 0x0) rseq$auto(&(0x7f0000000300)={0xe, 0x401, 0x0, 0x6, 0xffffffff, 0x2}, 0x8000, 0x0, 0x6) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0xf8f) prctl$auto(0x16, 0x21, 0x6, 0xfffffffffffffffe, 0x5) sendfile$auto(r8, r6, 0x0, 0x1fff5) close_range$auto(0x2, 0x8, 0x0) semctl$auto_GETNCNT(0x0, 0x4, 0xe, 0x4) r9 = io_uring_setup$auto(0x4bf15e08, 0x0) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000340), r9) recvfrom$auto(0x4, 0x0, 0x101d0, 0x3ffffd, 0x0, 0x0) unshare$auto(0x40000080) 49.447687232s ago: executing program 4 (id=2192): openat$auto_nsim_udp_tunnels_info_reset_fops_udp_tunnels(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/netdevsim/netdevsim0/ports/2/udp_ports_reset\x00', 0x20000, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/workqueue/nvmet-wq/affinity_strict\x00', 0x20461, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000000)='-7', 0xfffffc49) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty46\x00', 0x0, 0x0) ioctl$auto(r1, 0x4b2f, 0x0) mmap$auto(0x0, 0x20002020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x5) unshare$auto(0x20000) setsockopt$auto_SO_WIFI_STATUS(r0, 0x8, 0x29, &(0x7f00000002c0)='\x00', 0x2) ioctl$auto_USB_RAW_IOCTL_VBUS_DRAW(0xffffffffffffffff, 0x4004550a, 0x0) r2 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/swradio13\x00', 0x8a2c0, 0x0) prctl$auto_PR_GET_AUXV(0x41555856, 0x5400000000000000, 0x5, 0x0, 0x5) read$auto_proc_iter_file_ops_compat_inode(0xffffffffffffffff, &(0x7f00000001c0)=""/213, 0xd5) ioctl$auto(r2, 0x5646, r2) r3 = pidfd_open$auto(0x1, 0x0) mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)='nfsd\x00\xee\x1a\x8f\xa2~?\xe2\x82fg\xb3G\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xf6\x04W\xcc\xa3\xce\tI\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd_\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xed\x98\xe3T\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xfd\rw\xca1\x88|\xe5\x1e\x10\x89X\x01\xe9\x9bg\x95xx\xaf\xa9~m\x05\xe1\xa8\xda\x80\xc5\x8f\xb41\x81\xf0\xa3\xa2\xe4\x81\xb9\x92\xda\x13\xfe5\xfb\xc6\xd8>\x01\xd4\x14', 0x7, 0x0) close_range$auto(r0, r0, 0x4) setns(r3, 0x60020000) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) syz_clone3(&(0x7f0000000300)={0x153326100, 0x0, 0x0, 0x0, {0x23}, 0x0, 0x0, 0x0, 0x0, 0x0, {r3}}, 0xa7) r4 = setfsuid$auto(0xee00) ioctl$auto(r2, 0x2, r0) r5 = setfsuid$auto(0xee01) setrlimit$auto(0x7, &(0x7f0000000080)={0x0, 0x6}) ioctl$auto(0xc8, 0x54e3, 0x5c8d) setresuid$auto(r4, r5, r4) ioctl$auto(0xffffffffffffffff, 0x8936, 0x1) read$auto(r2, &(0x7f0000000200)='{\x00', 0x4) close_range$auto(0x2, 0x8, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/nbd7/queue/logical_block_size\x00', 0x80280, 0x0) 37.07102336s ago: executing program 2 (id=2224): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = io_uring_setup$auto(0x5, 0x0) close_range$auto(0x2, r0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2b, 0x1, 0x0) unshare$auto(0x40000080) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) ioctl$auto_BLKFLSBUF(r1, 0x1261, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x2404c000) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x6, 0xd, 0xfffffffe, 0x6, 0x7fff, 0x8, 0xffffffffffffffff, [], {0x6, 0x10001, 0xb, 0x2de, 0x504, 0x1, 0x80, 0x6, 0x6}, {0xfff7ffff, 0x2, 0x52, 0x5, 0x10001, 0x40, 0x76c5, 0x8, 0x8000000000000000}}) getpid() close_range$auto(0x2, 0x8, 0x0) socket(0x2b, 0x1, 0x1) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x0) socket(0x2, 0x1, 0x106) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_generic(0xffffffffffffff9c, &(0x7f00000032c0)='/proc/kmsg\x00', 0x80002, 0x0) r3 = open(&(0x7f0000000480)='./cgroup.cpu/cgroup.procs\x00', 0xc0842, 0x95) sendfile$auto(r3, r3, 0x0, 0x1) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x3, 0x1, 0x9488, 0x9, 0x15f4da07, 0x6, 0x2, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0x1, 0xd8]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x8000000000001fd, 0x20000000007, 0x4, 0x1000000000000bc3, 0x7ff, 0x3, 0xff, 0x10005, 0x400000000003, 0x3, 0x801f, 0xfffffffffffffffe, 0x6, 0x335b0eef, 0xffffdfffffffff81, 0x4]}, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) close_range$auto(0x2, 0x8, 0x0) 35.54260984s ago: executing program 2 (id=2231): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = io_uring_setup$auto(0x5, 0x0) close_range$auto(0x2, r0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2b, 0x1, 0x0) unshare$auto(0x40000080) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) ioctl$auto_BLKFLSBUF(r1, 0x1261, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x2404c000) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x6, 0xd, 0xfffffffe, 0x6, 0x7fff, 0x8, 0xffffffffffffffff, [], {0x6, 0x10001, 0xb, 0x2de, 0x504, 0x1, 0x80, 0x6, 0x6}, {0xfff7ffff, 0x2, 0x52, 0x5, 0x10001, 0x40, 0x76c5, 0x8, 0x8000000000000000}}) getpid() close_range$auto(0x2, 0x8, 0x0) socket(0x2b, 0x1, 0x1) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x0) socket(0x2, 0x1, 0x106) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_generic(0xffffffffffffff9c, &(0x7f00000032c0)='/proc/kmsg\x00', 0x80002, 0x0) r3 = open(&(0x7f0000000480)='./cgroup.cpu/cgroup.procs\x00', 0xc0842, 0x95) sendfile$auto(r3, r3, 0x0, 0x1) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x3, 0x1, 0x9488, 0x9, 0x15f4da07, 0x6, 0x2, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0x1, 0xd8]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x8000000000001fd, 0x20000000007, 0x4, 0x1000000000000bc3, 0x7ff, 0x3, 0xff, 0x10005, 0x400000000003, 0x3, 0x801f, 0xfffffffffffffffe, 0x6, 0x335b0eef, 0xffffdfffffffff81, 0x4]}, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) close_range$auto(0x2, 0x8, 0x0) 34.397193212s ago: executing program 34 (id=2192): openat$auto_nsim_udp_tunnels_info_reset_fops_udp_tunnels(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/netdevsim/netdevsim0/ports/2/udp_ports_reset\x00', 0x20000, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/workqueue/nvmet-wq/affinity_strict\x00', 0x20461, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000000)='-7', 0xfffffc49) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty46\x00', 0x0, 0x0) ioctl$auto(r1, 0x4b2f, 0x0) mmap$auto(0x0, 0x20002020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x5) unshare$auto(0x20000) setsockopt$auto_SO_WIFI_STATUS(r0, 0x8, 0x29, &(0x7f00000002c0)='\x00', 0x2) ioctl$auto_USB_RAW_IOCTL_VBUS_DRAW(0xffffffffffffffff, 0x4004550a, 0x0) r2 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/swradio13\x00', 0x8a2c0, 0x0) prctl$auto_PR_GET_AUXV(0x41555856, 0x5400000000000000, 0x5, 0x0, 0x5) read$auto_proc_iter_file_ops_compat_inode(0xffffffffffffffff, &(0x7f00000001c0)=""/213, 0xd5) ioctl$auto(r2, 0x5646, r2) r3 = pidfd_open$auto(0x1, 0x0) mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)='nfsd\x00\xee\x1a\x8f\xa2~?\xe2\x82fg\xb3G\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xf6\x04W\xcc\xa3\xce\tI\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd_\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xed\x98\xe3T\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xfd\rw\xca1\x88|\xe5\x1e\x10\x89X\x01\xe9\x9bg\x95xx\xaf\xa9~m\x05\xe1\xa8\xda\x80\xc5\x8f\xb41\x81\xf0\xa3\xa2\xe4\x81\xb9\x92\xda\x13\xfe5\xfb\xc6\xd8>\x01\xd4\x14', 0x7, 0x0) close_range$auto(r0, r0, 0x4) setns(r3, 0x60020000) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) syz_clone3(&(0x7f0000000300)={0x153326100, 0x0, 0x0, 0x0, {0x23}, 0x0, 0x0, 0x0, 0x0, 0x0, {r3}}, 0xa7) r4 = setfsuid$auto(0xee00) ioctl$auto(r2, 0x2, r0) r5 = setfsuid$auto(0xee01) setrlimit$auto(0x7, &(0x7f0000000080)={0x0, 0x6}) ioctl$auto(0xc8, 0x54e3, 0x5c8d) setresuid$auto(r4, r5, r4) ioctl$auto(0xffffffffffffffff, 0x8936, 0x1) read$auto(r2, &(0x7f0000000200)='{\x00', 0x4) close_range$auto(0x2, 0x8, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/nbd7/queue/logical_block_size\x00', 0x80280, 0x0) 33.540328764s ago: executing program 2 (id=2238): statmount$auto(0x0, 0x0, 0x1fe, 0xd) r0 = openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/pcmC0D0p\x00', 0x40002, 0x0) mmap$auto(0x800000, 0x7, 0xe9ed, 0x8000000008011, r0, 0x80000000) mmap$auto(0x0, 0x400008, 0xdf, 0x100000009b72, 0x2, 0x8000) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) r3 = ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r3) mmap$auto(0x0, 0x128009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) io_uring_setup$auto(0x6, 0x0) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x3f) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptya1\x00', 0x20080, 0x0) ioctl$auto(0x3, 0x5420, 0x38) readv$auto(0x3, &(0x7f0000000040)={0x0, 0x36a}, 0x3) ioctl$auto_SNDCTL_TMR_CONTINUE(r4, 0x5406, 0x0) 32.425261871s ago: executing program 2 (id=2243): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000001c40), 0xffffffffffffffff) sendmsg$auto_OVS_FLOW_CMD_NEW(r0, &(0x7f0000005e80)={0x0, 0x0, &(0x7f0000005e40)={&(0x7f0000000580)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r1, @ANYBLOB="f0ff2bbd7000fedbdf2501000000040002800400018004000280"], 0x20}, 0x1, 0x0, 0x0, 0x40080}, 0x0) close_range$auto(0x2, 0x8, 0x0) mkdir$auto(&(0x7f0000000040)='./file0\x00', 0x2) mkdir$auto(&(0x7f00000000c0)='./file1\x00', 0x9) rename$auto(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)='./file0/file0\x00') r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x8000, 0x70) mkdir$auto(&(0x7f0000000000)='./file1\x00', 0x4) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) futex$auto(&(0x7f0000000080)=0x1, 0xb, 0x1, 0x0, 0x0, 0xfffffffa) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r3 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x2) landlock_create_ruleset$auto(&(0x7f0000000000)={0x7ef1, 0x8080000000021, 0x3}, 0xe, 0x0) landlock_restrict_self$auto(r3, 0x8) futex$auto(&(0x7f0000000080)=0xfffffffa, 0xc, 0x1, 0x0, 0x0, 0xfffffffa) renameat2$auto(r2, &(0x7f00000000c0)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x2) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @multicast2}, 0x54) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ram0\x00', 0x16f300, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f00000000c0), 0xf2a01, 0x0) sendfile$auto(0x3, r4, 0x0, 0x400000000006) mmap$auto(0x0, 0x1, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x801}, 0x40000) socket$nl_generic(0x10, 0x3, 0x10) 32.110266243s ago: executing program 2 (id=2245): mmap$auto(0x0, 0x4, 0xc00000072, 0x8b72, 0x1000000002, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) mount$auto(0x0, &(0x7f00000000c0)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0x13, 0x0) chdir$auto(&(0x7f0000000000)='}[,&*}\x00') open(&(0x7f0000000100)='.\x00', 0x0, 0x0) mremap$auto(0x0, 0xffffffffffffffff, 0x3fda, 0x3, 0x7fffffffb000) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000001380)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xfc\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\r&\xec\xb8\xb1Z\\\xc9L\xb2\t\xddbH|\xffGP\x97)\xb9:nqn\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc$\xa0\xa5\xce\xca\xe1P\xf7\xe5_\xca\xd5\xd8\xa4g_\xb1\x88\x8cAJS\x11\x8b\xd1%a\xe5DPk\x8c\xf9\xfb\xe0+\xdb\x12\x10.F\x00\xc37\xc7\xbf\x80\xbeu\xe1V\xb2\xc5\xc9\x1a\xc7\xdc}!\x10\xb1\",1%\x0e\xeb\x15\x15me\xe1a\x03\x18{\xb03+\x93*vB\xc6\xf1\xc6\xff\xbbt\x04!\xb6\v\xde2\xc9\x89#\xbaR\xee\x13jF%\xf2\x15\x9a\x82&\x89o\xa9\xd9\xbfFY\x90\x8c\xa0\xe4\x9d\xa2\xcd\x9a\xb5TC\xc4\x9d\x9ePb]\xaa\xc7f\x06N\xc5\xfa{\x02Y\xae\xf4(\xaa\x06);{?\x1e\fu\x19b\xdf$,\x01\"\x94\x00\x00\x00\x00\x003\xcfZ\xaf~<\xba\xb7\xa03\x8c\n*krS\x19Q#\x8f\xfbW\xad\xe0\xb3o\xcb\xf7\xda\x87C\x99\x1a\xa8\xc1\xe3\xc6%\xac\x01@*\xa0\xc4\xedn-lT\xe6*?\'\x9dW=\xa7\x03\x06\x83 IT\xa3\x7ff\xb6\x95\xe5\xd2\n\xaf\x87`\xce%\xf6 &\xa7M5I\x9c\x17h\x8c\xa4\x98\x16\xe0\xd9?Y\x7f\xf6\x85_{\xfd9p$B9_\xd8\xf4\x0e\xd0\xfa\xe7\xb0\xb8\xa0\xd7\a\xff.\"\x81\b\xb0\xb4\x84\xac\xad\x1b\x93~_\xea\xfe7\x03\"\xd9\x1d.\xe5{bHX\x14\xa1\bO\x03[^\x85jP\x89\t\x06GI\xb7\x99\xb2zZf\xc8\xd4\x8d\x1c\x1e\x03\xb9\xa7Nt\xae\xfff\xf9\tx\xae\xa8\x05\xb14\xc6\x9b\x1f\xd3\x01#\xc6\nb\xd4\xb4\xc8?\xa7\xe2R\xc1\xcf\xd2\xbc\xae\xd1\xc2\x88\"\xf3\xf0\xc0uQy\xec\xfab\xd6\xcd\x16)\x19*E\vm\x8d\x1bG:\x80\'pJ', 0x4100000a3d7) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/asound/card1/pcm0p/sub7/info\x00', 0x8040, 0x0) read$auto_proc_reg_file_ops_compat_inode(r1, &(0x7f0000000100)=""/184, 0xb8) mmap$auto(0x80000000000000, 0x2020009, 0x1000000003, 0xeb1, 0xfffffffffffffffa, 0x8003) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x200007, 0x19) pread64$auto(r0, 0x0, 0x300000002, 0x100000001) mmap$auto(0x0, 0x202000a, 0x5, 0xeb1, 0xfffffffffffffffa, 0x8000) io_setup$auto(0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r2, &(0x7f0000000280)={0x0, 0x80000000}, 0x6, 0x3, 0x4, 0x2e) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_mac80211_hwsim(0x0, 0xffffffffffffffff) r3 = socket(0x29, 0x5, 0x0) write$auto(r3, &(0x7f0000000080)='/de$-audio1\x00', 0x100000a3dc) close_range$auto(0x2, 0x8, 0x0) 29.827417778s ago: executing program 2 (id=2251): r0 = socket(0x10, 0x2, 0x0) r1 = socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) socket(0x2, 0x2, 0x0) setsockopt$auto(0x4, 0x0, 0x480, 0xfffffffffffffffe, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x3, 0x80000000000df, 0x9b72, 0x7, 0x28000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x80040, 0x42, 0xf}, 0x18) lremovexattr$auto(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='system.posix_acl_access\x00') r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'virt_wifi0\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)={0x24, 0x0, 0x1, 0x70bd2a, 0x25dfdbfd, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r3}, @NL80211_ATTR_WIPHY_RTS_THRESHOLD={0x8, 0x40, 0x80003}]}, 0x24}, 0x1, 0x0, 0x0, 0x404c0c0}, 0x80) sendmsg$auto_ETHTOOL_MSG_RSS_GET(r1, &(0x7f0000000600)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000005c0)={&(0x7f0000000640)={0x174, 0x0, 0x1, 0x70bd2c, 0x25dfdbfe, {}, [@ETHTOOL_A_RSS_HEADER={0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7ff}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'tunl0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x6}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xf9}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan0\x00'}]}, @ETHTOOL_A_RSS_HEADER={0x64, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x55dd}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x9}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syzkaller0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x80000001}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x4}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x4}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syzkaller0\x00'}]}, @ETHTOOL_A_RSS_CONTEXT={0x8, 0x2, 0x7}, @ETHTOOL_A_RSS_HEADER={0x60, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_team\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7fffffff}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xffff}]}, @ETHTOOL_A_RSS_START_CONTEXT={0x8, 0x7, 0x6}, @ETHTOOL_A_RSS_CONTEXT={0x8, 0x2, 0x1}, @ETHTOOL_A_RSS_HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x6}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg2\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0x174}, 0x1, 0x0, 0x0, 0xc000}, 0x8800) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'team0\x00', 0x0}) r5 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r5, 0xaf01, 0x5) ioctl$auto(r5, 0x4001af84, 0xffffffffffffffff) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000280)='/dev/sequencer\x00', 0x40600, 0x0) sysfs$auto(0x2, 0xd, 0x0) fsconfig$auto(0xffffffffffffffff, 0x8, 0x0, 0x0, 0x0) fsconfig$auto(0xffffffffffffffff, 0x8, 0x0, 0x0, 0x0) openat$auto_iommufd_fops_main(0xffffffffffffff9c, &(0x7f0000000000), 0x80001, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="02000000", @ANYRES16=0x0, @ANYBLOB="00082dbd7000fedbdf250300000008000400b70a0000060007000080000008000200", @ANYRES32=r4, @ANYBLOB="0a0005000180c200000e00000a0001000180c200000e00000a000100aaaaaaaaaa35000008000200", @ANYRES32=r4, @ANYBLOB="0600060005000000080004003d4b0000"], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 14.788285953s ago: executing program 35 (id=2251): r0 = socket(0x10, 0x2, 0x0) r1 = socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) socket(0x2, 0x2, 0x0) setsockopt$auto(0x4, 0x0, 0x480, 0xfffffffffffffffe, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x3, 0x80000000000df, 0x9b72, 0x7, 0x28000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x80040, 0x42, 0xf}, 0x18) lremovexattr$auto(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='system.posix_acl_access\x00') r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'virt_wifi0\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)={0x24, 0x0, 0x1, 0x70bd2a, 0x25dfdbfd, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r3}, @NL80211_ATTR_WIPHY_RTS_THRESHOLD={0x8, 0x40, 0x80003}]}, 0x24}, 0x1, 0x0, 0x0, 0x404c0c0}, 0x80) sendmsg$auto_ETHTOOL_MSG_RSS_GET(r1, &(0x7f0000000600)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000005c0)={&(0x7f0000000640)={0x174, 0x0, 0x1, 0x70bd2c, 0x25dfdbfe, {}, [@ETHTOOL_A_RSS_HEADER={0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7ff}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'tunl0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x6}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xf9}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan0\x00'}]}, @ETHTOOL_A_RSS_HEADER={0x64, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x55dd}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x9}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syzkaller0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x80000001}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x4}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x4}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syzkaller0\x00'}]}, @ETHTOOL_A_RSS_CONTEXT={0x8, 0x2, 0x7}, @ETHTOOL_A_RSS_HEADER={0x60, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_team\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7fffffff}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xffff}]}, @ETHTOOL_A_RSS_START_CONTEXT={0x8, 0x7, 0x6}, @ETHTOOL_A_RSS_CONTEXT={0x8, 0x2, 0x1}, @ETHTOOL_A_RSS_HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x6}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg2\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0x174}, 0x1, 0x0, 0x0, 0xc000}, 0x8800) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'team0\x00', 0x0}) r5 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r5, 0xaf01, 0x5) ioctl$auto(r5, 0x4001af84, 0xffffffffffffffff) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000280)='/dev/sequencer\x00', 0x40600, 0x0) sysfs$auto(0x2, 0xd, 0x0) fsconfig$auto(0xffffffffffffffff, 0x8, 0x0, 0x0, 0x0) fsconfig$auto(0xffffffffffffffff, 0x8, 0x0, 0x0, 0x0) openat$auto_iommufd_fops_main(0xffffffffffffff9c, &(0x7f0000000000), 0x80001, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="02000000", @ANYRES16=0x0, @ANYBLOB="00082dbd7000fedbdf250300000008000400b70a0000060007000080000008000200", @ANYRES32=r4, @ANYBLOB="0a0005000180c200000e00000a0001000180c200000e00000a000100aaaaaaaaaa35000008000200", @ANYRES32=r4, @ANYBLOB="0600060005000000080004003d4b0000"], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 8.815914721s ago: executing program 6 (id=2329): openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe8181, 0x0) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$auto(0x3, 0x4040ae77, 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) waitid$auto_P_PID(0x1, 0x0, 0x0, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x9, 0xdf, 0x9b72, 0x2, 0x8000) select$auto(0x5, 0x0, 0x0, 0x0, 0x0) setfsgid$auto(0x9) setresgid$auto(0xffffffffffffffff, 0x0, 0x7fffffffffffffff) r1 = prctl$auto_PR_SET_MM_BRK(0x6f, 0x7, 0x0, 0x2, 0x100000001) r2 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/swaps\x00', 0x42100, 0x0) close_range$auto(r2, r1, 0x400006) r3 = socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) epoll_create$auto(0x200006) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vbi22\x00', 0x1, 0x0) ioctl$auto(0x3, 0xc0585609, r3) bind$auto(r0, &(0x7f0000000080)=@tipc=@nameseq={0x1e, 0x1, 0x3, {0x41, 0x0, 0x3}}, 0xff) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x183802, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) mmap$auto(0x0, 0x400008, 0xdc, 0x9b72, 0x2, 0x800008000) openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace\x00', 0x1a6b75d6388a8612, 0x0) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/config/target/core/alua/lu_gps/default_lu_gp/members\x00', 0x0, 0x0) 7.746775258s ago: executing program 6 (id=2331): mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) timer_create$auto_CLOCK_TAI(0xb, 0x0, &(0x7f0000000fc0)=0xa) mmap$auto(0x0, 0x4020005, 0xdf, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) write$auto(0xca, &(0x7f0000000000)='\x04>\x01\x01\x00\x00\x00\x00\x01_\x9e\x99:R\xcc\x96\b\'\x02\xb0\x93l\xeb\x87\r\b\x87\x14\xf8e6\x9c%\xb6\x9a\\S\xa2(Q\xcc', 0x7f) ioctl$auto(0xffffffffffffffff, 0x5646, 0xffffffffffffffff) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mq_open$auto(0x0, 0x1, 0x7e, &(0x7f0000000040)={0xfffffffffffffff8, 0x6, 0xffffffffffffffc0, 0x800000000000046}) socket(0x2, 0x80805, 0x0) r0 = eventfd$auto(0x9) writev$auto(0x4, &(0x7f0000000080)={&(0x7f0000000040), 0x8}, 0x1) read$auto_vhci_fops_hci_vhci(r0, &(0x7f0000000280)=""/40, 0x28) read$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, &(0x7f0000000280)=""/40, 0x28) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) r1 = socket(0x15, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmsg$auto(r1, &(0x7f0000000180)={&(0x7f0000000040), 0x7fc, 0x0, 0x8, 0x0, 0x1, 0x4}, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000003f40)=""/156, 0x9c) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x2401, 0x0) r2 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc) fallocate$auto(r2, 0x0, 0x7, 0x4cbd5d) r3 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x80040, 0x40, 0xe}, 0x18) fremovexattr$auto(r3, &(0x7f0000000000)='system.posix_acl_access\x00') openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/power/resume\x00', 0x189002, 0x0) bpf$auto_BPF_LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000180)=@raw_tracepoint={0x8, 0xffffffffffffffff, 0x0, 0x7}, 0x6) 7.531324343s ago: executing program 5 (id=2332): connect$auto(0x3, 0x0, 0x55) vmsplice$auto(0x1, &(0x7f0000000000)={0x0, 0x5}, 0x6, 0x8) 7.242131795s ago: executing program 5 (id=2333): sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000140), 0xffffffffffffffff) setsockopt$auto_SO_RCVTIMEO_OLD(r0, 0x5, 0x14, &(0x7f0000000040)='/proc/self/net/fib_triestat\x00', 0x2737) sendmsg$auto_IOAM6_CMD_DEL_NAMESPACE(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000100)=ANY=[@ANYBLOB="1444", @ANYRES16=r1, @ANYBLOB="010027bd7000ffdbdf2502000000"], 0x14}, 0x1, 0x0, 0x0, 0x50}, 0x40000) r2 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) mmap$auto(0x0, 0x20009, 0x3, 0x40000000000eb1, 0x401, 0x8000) socket(0x11, 0x3, 0x2) getsockopt$auto(r2, 0x7, 0x12, 0x0, 0x0) r3 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x0) r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/fib_triestat\x00', 0x8000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) read$auto(r4, &(0x7f00000001c0)='\xa4x\xd9\x8ak}\xd3\xd2\xa9\xaf\xbd\xb9\x8e/\x99\a\xb74\a\x95\xcf\x1bLa(g\x90\xa2\xc1P\x1b[\xdb\xfb\xc1G\xf2\x9e\x9d\n\xbb\xbbR\x18\xf9`\xde\x1e\t\xd3\x8b(\xb8\xfaR\xd4\xa6\x80lx@Ath\xbe\xc6\xd5\'R\x00\xc0\xd4\xd3\x8e\xe1b+o+\x83O\xca@\xd1\x14n\xba\x7f\x98\xcb\x1dm+\xedy\xe8t\xf9R\xc1D_V@\xf4\xe1\x1e\xe1\xfc_[(\xdd],\xeb7)\f\x99\xd3\x19\xdb\vC\xf0\xb4\xa8\x0e\x9b\f2\xd4>\xeb\xd1o\xe8*2#\x8f\xdae\xdd\xe7\xe1\x9b\xdfb\xa5{\x7f\xa1\x19\x1e]\x89gv\x0fd\xf3\xa0E\xd4\xe8F\x84\xad\xf1S}\xbc\xa2a\x18\xcd\x95y\xfb\x0f>\xd0\xba\xf8\x93!\xc9\xd0\xc2}U\x9c\x1e\x1e\xcb\x12`\xe90e\x96(\xecC\x1a\xf6\xa3*\xc4:F\xdc_(\x01A_\xa4t\x9a\x18\xe3\xc6\x8e\xb8;I\x04\xb5\xd0b\"\xcfq\xff\x80q\xa9\xaf\x9aq\xbc\x04\xda\x11[\xeb\xe2\xdah\x02\x91\xd5', 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r5 = socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) statx$auto(r3, 0x0, 0xe1bf, 0x6, 0x0) r6 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000180)='/dev/tty60\x00', 0x161203, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio\x00', 0x20b42, 0x0) close_range$auto(r5, r6, 0x1000) io_uring_setup$auto(0xb, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000140), 0x382, 0x0) r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r7, 0x5423, 0x0) write$auto(r7, 0x0, 0x1) 6.769015143s ago: executing program 5 (id=2335): mmap$auto(0x0, 0x5, 0xdf, 0x9b72, 0x7, 0x28000) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000200)='/dev/input/event0\x00', 0x68000, 0x0) io_uring_setup$auto(0x7, 0x0) readv$auto(0x3, &(0x7f0000001100)={0x0, 0xffff}, 0x1) close_range$auto(0x2, 0x8, 0x0) r0 = io_uring_setup$auto(0xa, 0x0) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x8020009, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000) r1 = open(0x0, 0x0, 0xe0) fchdir$auto(r1) r2 = open(&(0x7f0000000100)='.\x00', 0x10000, 0x4c5) getdents64$auto(r2, 0x0, 0x18) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) r4 = timerfd_create$auto(0x8, 0x800) ioctl$auto_MON_IOCX_GET(r4, 0x40189206, 0x0) read$auto_proc_pid_attr_operations_base(r4, &(0x7f0000000240)=""/126, 0x7e) request_key$auto_KEY_SPEC_PROCESS_KEYRING(&(0x7f00000006c0)='[{%\xbc::(\x00', 0xfffffffffffffffd, 0x0, 0xfffffffffffffffe) r5 = syz_genetlink_get_family_id$auto_nl802154(0x0, 0xffffffffffffffff) io_cancel$auto(0x1, &(0x7f0000000140)={0x9, 0x0, 0xe, 0x7, 0x1e, r3, 0x7fffffffffffffff, 0x7, 0xb5, 0x0, 0x8000, 0xffffffffffffffff}, &(0x7f0000000180)={0x7e, 0x180000000, 0x5, 0x80}) sendmsg$auto_NL802154_CMD_SET_MAX_ASSOCIATIONS(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r5, 0x200, 0x70bd26, 0x25dfdbff, {}, [@NL802154_ATTR_NETNS_FD={0x8, 0x1d, r6}, @NL802154_ATTR_IFNAME={0x14, 0x4, 'macvlan1\x00'}, @NL802154_ATTR_MAX_ASSOCIATIONS={0x8, 0x27, 0xfffff800}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) sendmsg$auto_NL802154_CMD_DEL_INTERFACE(r2, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x28, r5, 0x10, 0x70bd2b, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000001}, 0x14) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0xc090) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4044810}, 0x800) r7 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), r0) sendmsg$auto_NL80211_CMD_VENDOR(r0, &(0x7f0000000380)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x14, r7, 0x1, 0x70bd27, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x400c800}, 0x814) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) pwritev$auto(0xffffffffffffffff, 0x0, 0x2, 0xfffffffffffff274, 0x6) 6.189906994s ago: executing program 6 (id=2336): r0 = socket(0xa, 0x3, 0x3b) connect$auto(r0, &(0x7f0000000080)=@generic={0x28, "02000000000000010100004be201"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0x16, 0x401, 0x8000) ioctl$auto(0xffffffffffffffff, 0x40104d01, 0xffffffffffffffff) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0x8, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0) pwrite64$auto(r0, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88\xa8s\x1c\b\x06\x8a>)\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x5, 0x21ea, 0x7ff, 0x3, 0x9, 0x7, 0x2e}, 0x6f4) readv$auto(0x3, &(0x7f00000000c0)={0x0, 0x8}, 0x400) readv$auto(0x3, 0x0, 0x1) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x0, 0x0) ioctl$auto_MON_IOCX_MFETCH(r1, 0xc0109207, 0x0) ioctl$auto_MON_IOCX_MFETCH(r1, 0xc0109207, &(0x7f0000000100)={0x0, 0x2000004, 0x7}) pread64$auto(r1, 0x0, 0x7ff, 0xd) 5.743228202s ago: executing program 6 (id=2337): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.cpu/tasks\x00', 0x63102, 0x0) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000080)='ns/time\x00') mmap$auto(0x0, 0x20009, 0x7, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x0, 0x5, 0x0) r0 = pipe$auto(0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000040)=""/4096, 0x1000) write$auto(0x1, 0x0, 0x80000000) close_range$auto(0x2, 0xffffffffffffffff, 0x0) 5.726150973s ago: executing program 3 (id=2338): mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) timer_create$auto_CLOCK_TAI(0xb, 0x0, &(0x7f0000000fc0)=0xa) unshare$auto(0x40000080) write$auto(0xca, &(0x7f0000000000)='\x04>\x01\x01\x00\x00\x00\x00\x01_\x9e\x99:R\xcc\x96\b\'\x02\xb0\x93l\xeb\x87\r\b\x87\x14\xf8e6\x9c%\xb6\x9a\\S\xa2(Q\xcc', 0x7f) ioctl$auto(0xffffffffffffffff, 0x5646, 0xffffffffffffffff) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mq_open$auto(0x0, 0x1, 0x7e, &(0x7f0000000040)={0xfffffffffffffff8, 0x6, 0xffffffffffffffc0, 0x800000000000046}) socket(0x2, 0x80805, 0x0) r0 = eventfd$auto(0x9) writev$auto(0x4, &(0x7f0000000080)={&(0x7f0000000040), 0x8}, 0x1) read$auto_vhci_fops_hci_vhci(r0, &(0x7f0000000280)=""/40, 0x28) 5.697936958s ago: executing program 5 (id=2339): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = io_uring_setup$auto(0x59, &(0x7f0000000100)={0x0, 0x1d, 0x3000, 0x6, 0x6, 0x400a, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c48, 0x29b, 0x3, 0x7f, 0x0, 0x6}, {0xe63c, 0x1, 0x52, 0x85, 0x2, 0x1a7b870a, 0x76c2, 0x8000c, 0x100000000}}) r2 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a) sendmmsg$auto(r2, &(0x7f0000000000)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xfffbfffd}, 0xffff}, 0x4000, 0x20000043) r3 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000000), 0x42c02, 0x0) ioctl$auto_posix_clock_file_operations_posix_clock(r3, 0xffffffffc0403d11, 0x0) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) mmap$auto(0x3, 0x2020009, 0x3, 0xeb1, r2, 0x8000) r4 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r5 = socket(0x2, 0x2, 0x0) connect$auto(r0, &(0x7f0000000080)=@in={0x2, 0x2, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000340), r1) setfsuid$auto(0xee00) sendmsg$auto_NL80211_CMD_ADD_LINK_STA(r5, &(0x7f0000000440)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000400)={&(0x7f0000000480)=ANY=[@ANYBLOB="34040000", @ANYRES16=r6, @ANYBLOB="000325bd7000fddbdf2596000000080040000400000008004b00fdffffffd803a680a000e980040085800c0013000300000000000000810042000fedfd7627d0496bd36a46d8b78549add0934ca69a6abeec111c62402363f5d4daf41b1bd294ec71987c0a606f98faf79035275094912e912f528485be3125caf0842aa08e555bab7506d4e9925043348136b682b0cc480a0761998903def9e406afe14c1852ee0f3deffd4da6e8f7a67caafe7a2bf19765288516c6eb0000000400dc8004004f80171d39b6fb3d539ea301408008002b00", @ANYRES32=0x0, @ANYBLOB="08008200ac1e010104000280040060800400798004005f80d2c425c6a46ad0447320cb9a4246d5c085d0cd8c778cd92e1e554fe4f113b4f27cf5301f7229ed849117ae13124d61092d7f5fef0a7fdfdf64db3191ad03b96e4ec186da1cf647c6d0dfb98d5ff40c227286c29032387acf5d3d75d8c0476ba71669e3bb095e3f003d632ff006a06e61074f0ef690a07027d6c9c526b4f66e521236859a58903b83c6c3941cc8076dd81053d36f4e8622d3f669803f2b239f56dee2a30d8542996e96bb1b21a9bfee9fba6f798f90d682a011e0e374453fde9566ec03c5c3f4dd8bf0b4aa1c21e95cf0d7cf390b5b6c9f6efed65a825e8626406b63663d69e58781b66481797359bda13dc9985ea2eea30b514175fef7fe6f6aad91506193a14a8ce5d884bccd0cdf09ec7bbab9b60ba7dd8f652bd0170c5a03b0c9170e50a4a10cba5546972cbd4d7b4d2d505e4d6310cc693b93e121a4e177f6c6f59cc707006b69e61d80fedd484fbf08260e58e5b9b3ab03b7ed5be134afa90c2ac426bd5f58bbc50004001c00fe0017805a0075001adf7a13e75febf6407b1742966278e35c0be787fa5fbed9ba0239ddedf1427272561bd135609dd30018a8f879de5aea6ff84587bb57dcea0c402156dce33ffce5584012439b337b5a921ec747f9a407b2a7f08a1388000008009d00"/516, @ANYRES32=0x0, @ANYBLOB="24002c002e2f6367726f75702f6367726f75702e737562747265655f636f6e74726f6c005ead8f529d6453e5f2512afd0449d5aa010caf08002500", @ANYRES32=0x0, @ANYBLOB="0400428004005180f6b4535f852d63216cf47e07d62448ce575804812d7f188a6c4068481e4c71da7a76212ff61a70fb2f5a3bc409fecb6e5fce32c38fc243bef130f12fccccd9ee663b2508006700", @ANYRES32=0x0, @ANYBLOB="04006e8000007a0058800c0014000700000000000000872d1671c64dd60b747618478d452da5637ec62f640cc9406e5c3bda9a3c76078ca365c60a1643c340b2a280f2262b10fd2c74c4cafeb495b01ec99c733f257fae26ac936e7260dad9128d33df5c918c1d6b4377924bcd06d9ae1a5e829ffe234248bd56fea6812a12de000008003000e000000208004a00000000f80600b4000200000005001d00df00000008001f01c600000008000c00ffff000008004b000100000006006d0003000000"], 0x434}, 0x1, 0x0, 0x0, 0x48841}, 0x4002) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) syz_genetlink_get_family_id$auto_nlbl_unlbl(&(0x7f00000001c0), 0xffffffffffffffff) mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) acct$auto(&(0x7f0000000100)='./cgroup/cgroup.subtree_control\x00') write$auto(0xffffffffffffffff, 0x0, 0x8000007f) r7 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ram8\x00', 0x16fa02, 0x0) write$auto_tty_fops_tty_io(r4, &(0x7f0000000240)="d981d87ec99f3f23acba3c083d4a8e144d24001c93ffa9c39039fb64f5318f66c7b3de8b9cd2b0726a8293b03b209e935cf5aeaa113a73560127c8f38f1a2a25af818443e737fca0d6ca3037e2dc95f4951fd06c8970c9eb33821a2cf3072b7d27556d2843e5341a45db35e4c6336a7d69a9999695a04ca94cd8fad6872e7a6a7f42d26cc0371e341af85bda23aa710c406095d3356bc0195b2a4e814085b4f55a1262c494cf5d8ae9b4629d734545aa0f034f4d0fbaf1d7b20984a3253927e078a682682c6d3dbd17dea206c18d37459135afdca2ff8f508b4831bef0b0215087", 0xe1) sendfile$auto(0x3, r7, 0x0, 0x400000000006) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/kernel/task_delayacct\x00', 0x80282, 0x0) rt_sigsuspend$auto(0x0, 0x8) shutdown$auto(0x200000003, 0x2) 5.028178661s ago: executing program 3 (id=2340): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = io_uring_setup$auto(0x5, 0x0) close_range$auto(0x2, r0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2b, 0x1, 0x0) unshare$auto(0x40000080) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) ioctl$auto_BLKFLSBUF(r1, 0x1261, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x2404c000) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x6, 0xd, 0xfffffffe, 0x6, 0x7fff, 0x8, 0xffffffffffffffff, [], {0x6, 0x10001, 0xb, 0x2de, 0x504, 0x1, 0x80, 0x6, 0x6}, {0xfff7ffff, 0x2, 0x52, 0x5, 0x10001, 0x40, 0x76c5, 0x8, 0x8000000000000000}}) getpid() close_range$auto(0x2, 0x8, 0x0) socket(0x2b, 0x1, 0x1) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x0) socket(0x2, 0x1, 0x106) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_generic(0xffffffffffffff9c, &(0x7f00000032c0)='/proc/kmsg\x00', 0x80002, 0x0) r3 = open(&(0x7f0000000480)='./cgroup.cpu/cgroup.procs\x00', 0xc0842, 0x95) sendfile$auto(r3, r3, 0x0, 0x1) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x3, 0x1, 0x9488, 0x9, 0x15f4da07, 0x6, 0x2, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0x1, 0xd8]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x8000000000001fd, 0x20000000007, 0x4, 0x1000000000000bc3, 0x7ff, 0x3, 0xff, 0x10005, 0x400000000003, 0x3, 0x801f, 0xfffffffffffffffe, 0x6, 0x335b0eef, 0xffffdfffffffff81, 0x4]}, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) close_range$auto(0x2, 0x8, 0x0) 4.718750159s ago: executing program 6 (id=2341): statmount$auto(0x0, 0x0, 0x1fe, 0xd) r0 = openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/pcmC0D0p\x00', 0x40002, 0x0) mmap$auto(0x800000, 0x7, 0xe9ed, 0x8000000008011, r0, 0x80000000) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, r1, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r3) r4 = ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r4) mmap$auto(0x0, 0x128009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) io_uring_setup$auto(0x6, 0x0) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x3f) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptya1\x00', 0x20080, 0x0) ioctl$auto(0x3, 0x5420, 0x38) readv$auto(0x3, &(0x7f0000000040)={0x0, 0x36a}, 0x3) ioctl$auto_SNDCTL_TMR_CONTINUE(r5, 0x5406, 0x0) 4.51456125s ago: executing program 5 (id=2342): ioctl$auto_RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, &(0x7f0000000440)=0x77b) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000240)='/proc/dynamic_debug/control\x00', 0x682, 0x0) write$auto(r0, &(0x7f0000001100)=':\x01h\xd2\xe7\x8b\x8a\xff\xd9\xc3\x9d\x80', 0x0) openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/kernel/debug/ieee80211/phy16/netdev:wlan0/rc_rateidx_vht_mcs_mask_2ghz\x00', 0x18900, 0x0) read$auto(0x3, 0x0, 0x8) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/tty/ttyv7/power/control\x00', 0x22902, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x189401, 0x0) close_range$auto(0x2, 0x8, 0x0) r4 = socketcall$auto(0xa, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xa4142, 0x0) sendmmsg$auto(0xffffffffffffffff, &(0x7f00000000c0)={{0x0, 0x9, &(0x7f0000000140)={&(0x7f0000000180), 0x5}, 0xfffffffffffff7f7, 0x0, 0x6, 0xc805}, 0x800}, 0x8, 0xff) ioctl$auto(0x3, 0xae41, r4) ioctl$auto_KVM_GET_MSRS(r3, 0x4400ae8f, &(0x7f0000000080)={0x40000dd, 0x0, [{0x7, 0xffffff66, 0x80}, {0x14, 0x1, 0x9}, {0x3, 0xfffffff6, 0x400}]}) mmap$auto(0x4, 0x202000c, 0xaec, 0xeb1, r2, 0x8000) madvise$auto(0x4, 0xffffffffffff0005, 0x400016) r5 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x8a402, 0x0) ioctl$auto_SOUND_MIXER_READ_STEREODEVS2(r5, 0x80044dfb, &(0x7f0000000300)="ec4bcef7084bed6827898f4ab9c84a45d17d0d6d4b9203d602cdedd0d34290a722d18a08b953ee074b77eb4cb76d69fdbf2028710d3053f6e6bc38bb187169981e4eb40e80c9a53aa63fd656f818d9e6973c64b4df27d06a7408f547a98aa8fdf8feee258bc2b6f14fa54846a9f52538c1f187c3d225e683ade83d641d6739a789fb72d3a53e04fcb0d05eeef53f2b72e5858b2a1be41a3d3e643198d951b1005686d8bff9077912e9fc1dd27049e858e31b1f77070fc69ffb5aa76cdf4f32ecb8c23754a8807aed8d10c507ebb13a1c9e68af743a85e5e0604a0363347d75e8bcb4d999155f700f76e83b0f6f1480451995c5a13b87d939dda7") set_mempolicy$auto(0x3, &(0x7f0000000000)=0x7, 0x9) mmap$auto(0x1000000, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mlockall$auto(0x7) acct$auto(&(0x7f0000000200)='/dev/cachefiles\x00') mremap$auto(0x4000, 0xfee0, 0x3fd5, 0x3, 0xfffff000) munmap$auto(0x8000, 0xffffffff) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r6 = socket(0x2, 0x80002, 0x73) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000200), r6) sendmsg$auto_NL80211_CMD_AUTHENTICATE(r1, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000280)={&(0x7f0000000100)=ANY=[@ANYRESHEX=r6, @ANYRES16=r2, @ANYBLOB="00012abd7000ffdbdf03000000000000000006a3000004000b00"], 0x20}, 0x1, 0x0, 0x0, 0x1}, 0x0) mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) 3.883393079s ago: executing program 3 (id=2343): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = io_uring_setup$auto(0x5, 0x0) close_range$auto(0x2, r0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2b, 0x1, 0x0) unshare$auto(0x40000080) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) ioctl$auto_BLKFLSBUF(r1, 0x1261, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x2404c000) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x6, 0xd, 0xfffffffe, 0x6, 0x7fff, 0x8, 0xffffffffffffffff, [], {0x6, 0x10001, 0xb, 0x2de, 0x504, 0x1, 0x80, 0x6, 0x6}, {0xfff7ffff, 0x2, 0x52, 0x5, 0x10001, 0x40, 0x76c5, 0x8, 0x8000000000000000}}) getpid() close_range$auto(0x2, 0x8, 0x0) socket(0x2b, 0x1, 0x1) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x0) socket(0x2, 0x1, 0x106) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, 0x0, 0x100000a3d9) openat$auto_generic(0xffffffffffffff9c, &(0x7f00000032c0)='/proc/kmsg\x00', 0x80002, 0x0) r3 = open(&(0x7f0000000480)='./cgroup.cpu/cgroup.procs\x00', 0xc0842, 0x95) sendfile$auto(r3, r3, 0x0, 0x1) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x3, 0x1, 0x9488, 0x9, 0x15f4da07, 0x6, 0x2, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0x1, 0xd8]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x8000000000001fd, 0x20000000007, 0x4, 0x1000000000000bc3, 0x7ff, 0x3, 0xff, 0x10005, 0x400000000003, 0x3, 0x801f, 0xfffffffffffffffe, 0x6, 0x335b0eef, 0xffffdfffffffff81, 0x4]}, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) close_range$auto(0x2, 0x8, 0x0) 3.26408344s ago: executing program 3 (id=2344): mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) timer_create$auto_CLOCK_TAI(0xb, 0x0, &(0x7f0000000fc0)=0xa) mmap$auto(0x0, 0x4020005, 0xdf, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) write$auto(0xca, &(0x7f0000000000)='\x04>\x01\x01\x00\x00\x00\x00\x01_\x9e\x99:R\xcc\x96\b\'\x02\xb0\x93l\xeb\x87\r\b\x87\x14\xf8e6\x9c%\xb6\x9a\\S\xa2(Q\xcc', 0x7f) ioctl$auto(0xffffffffffffffff, 0x5646, 0xffffffffffffffff) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mq_open$auto(0x0, 0x1, 0x7e, &(0x7f0000000040)={0xfffffffffffffff8, 0x6, 0xffffffffffffffc0, 0x800000000000046}) socket(0x2, 0x80805, 0x0) r0 = eventfd$auto(0x9) writev$auto(0x4, &(0x7f0000000080)={&(0x7f0000000040), 0x8}, 0x1) read$auto_vhci_fops_hci_vhci(r0, 0x0, 0x0) 2.355944889s ago: executing program 3 (id=2345): socket$nl_generic(0x10, 0x3, 0x10) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000cc0)='/dev/binderfs/binder0\x00', 0x40100, 0x0) r0 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000d00)='/dev/binderfs/binder1\x00', 0x8000, 0x0) ioctl$auto_BINDER_GET_FROZEN_INFO(r0, 0xc00c620f, &(0x7f0000000d40)="8b158e7ac923108f65fc7d81d112ceb219d0e13da4ddef9fa04d530ed0b28b0d0029bd728df84369411bc17cc1580059922287bd38465247e6f60548957ce47895d5aa21e902c4638685c1fe005da4c2") 91.173405ms ago: executing program 5 (id=2346): mmap$auto(0x0, 0xfffffffffffffff8, 0x4000000000df, 0xeb1, 0x401, 0x8003) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop2\x00', 0x24040, 0x0) ioctl$auto_BLKTRACESETUP(r1, 0xc0481273, &(0x7f00000000c0)={"ef65ce6c00cf81000000ffffffffffffff291d000000000700000000000300", 0x3ff, 0x408, 0xfff, 0x400004, 0x200000000040000d}) ioctl$auto_BLKTRACETEARDOWN(r1, 0x1276, 0x0) read$auto_transaction_log_fops_(0xffffffffffffffff, &(0x7f0000000100)=""/3, 0x3) r2 = socket(0x2, 0x1, 0x106) setfsuid$auto(0xee00) mmap$auto(0xfff, 0x7, 0xffffffffffffffc0, 0x100000000000017, 0x7, 0x28000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/bus/usb/drivers/usbip-host/rebind\x00', 0x121681, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000740), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'virt_wifi0\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_COALESCE_SET(r3, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000c80)={&(0x7f0000000380)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002ebd7400fcdbdf25140000000c000180da0001004caac9cae587e7042c37249dba7ea3fab59ef094567acd12b2c34eabcb8494051bb94ee6b3d7bfc09a7fa1d28a65d46ff45691b79b420b58ec33ecb096c0de848a7fd624314807edfd01fdb0dd2de0737650c9bd210a54bdf03b", @ANYRES32=r5, @ANYBLOB="08001a0003000000"], 0x28}, 0x1, 0x0, 0x0, 0x48c1}, 0x20000000) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'sit0\x00', 0x0}) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000826bd7000fedbdf250300000008000400b70a0000060007000080000008000200", @ANYRES32=r6, @ANYBLOB="0a0005000180c200000e00000a0001000180c200000e00000a000100000000000000000008000200", @ANYRES32=r6, @ANYBLOB="060006ff05000000080003009b"], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) r7 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r7, &(0x7f0000000000)="c80d1b5d399b3b", 0xfdef) io_uring_register$auto_IORING_REGISTER_EVENTFD_ASYNC(r2, 0x7, &(0x7f0000000300)="10c89b2981206b3bf9f3533688b35173dfe92a8da7f698388434e3e551db3dbd927aee7fc520a8c3917d42845ab3c22f3327c9f354e8145907c1f73dbab9b36bb1be8ebff326ecba1801a4b48c5500cf9c11874fe6dbbe64cc29be45422899da8a875c8d4bfe19005ef15c306c80f11d7225d18de138", 0x100) 90.944142ms ago: executing program 3 (id=2347): mmap$auto(0x100000000, 0x2000d, 0x1, 0xeb1, 0xffffffffffffffff, 0x100000000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty17\x00', 0x1, 0x0) semget$auto(0x0, 0x13c, 0x1ff) recvmmsg$auto(0xffffffffffffffff, &(0x7f00000001c0)={{0x0, 0x5, 0x0, 0x9, 0x0, 0x800000000005, 0x7ffffffd}, 0x8}, 0x3, 0x1, 0x0) semtimedop$auto(0x0, &(0x7f0000000140)={0x7, 0x81, 0x70}, 0x1f4, 0x0) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x0, 0x0) r2 = openat2$auto(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', &(0x7f0000000280)={0x982, 0x6, 0x4}, 0x7f) sendmsg$auto_IEEE802154_ADD_IFACE(r2, &(0x7f0000000440)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000003c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00012abd7000fece637c60a021360984cecd222f1aa9fcdbdf2521f3f4dafdaaa0bb4d0006000be909000000050028f2d3000000260010006aac000005001d0040a49c72"], 0x34}, 0x1, 0x0, 0x0, 0x40000}, 0x525a05df5b8ef67a) r3 = syz_genetlink_get_family_id$auto_ncsi(&(0x7f0000000180), r2) r4 = getpid() process_vm_readv$auto(r4, &(0x7f0000000080)={0x0, 0x10001}, 0x400040000000001, &(0x7f0000000180)={&(0x7f0000000140), 0x40000000001243}, 0xa, 0x200000000) sendmsg$auto_NCSI_CMD_SEND_CMD(r2, &(0x7f0000001600)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000015c0)={&(0x7f0000002240)=ANY=[@ANYBLOB="f00b0000", @ANYRES16=r3, @ANYBLOB="00022dbd7000fddbdf250400000049040280ee01f9800400f40004005f809152ed0bc658e5e2dc26b63bd1c464ff9250f5d81f470df322e0638e0d900cdc45c55f08c76f1eb84115c5cf1ac97a0a4420bbbbc43e98cc933265c65808ab2ee89b1f9831061314973d7f40cd913fd588920afda75cf9b615a351fb2df47768cdafd0891823a59d02e7314c5cc2fe201a07f0e62ed03193bfec853bddbd94c7ecd3d37d70d2846494f7b4c6328e9eb9175f0e6aa56f139c7c72a77d01db8b56a04758f971d3d7c7fe3687bacf8c5cb87149c96a110f1717563493fbc676f87f6e06a0f7c78965e733ae2ba11c0800e800ff000000040056809bc7cc18633ebb7405a69a75335625522f5edd9c57d062214bd7047126f0a4c0c2d6af67d765e6d2f7538336d5b57068cba50785655be8f9d4d391381db251378be9869a4b5fa8ed345bfd967245e4c6380904d6270524293252ee3d7f4674d8394a14a0a2fe3ae7f4f30131b457c20910f952fcdb04006d00b03e7e90dece3f94572d88354e9e657e5dc68391f9bfbe7efbc7e501634b5f8fc8b6e49f553a63257c3222ad72304cad6ba0403f58f5e30eb57240302c504e8995aef06b10249f25d680c666c3e35f578b98fe5b63414c53aa8ca88cd05ea04d72520e0450ca36192adb8b2b855760826708b0634b71d433663fec6cb086a06fc7d821ec8bc532e08d048cee51d22c4a00008d839b04032c1f677776804c34d4a502a008a3e53fd471ef51900be2f2eb8e6d71d7d83903661a9b80a28e3b7eba2854ee8f3840d04a33b629e94276f04c91c1cf6488a10ff11e9a5e1a779ed86d42078f3f7e26042eed36130d8c3612c4005c0abd37e24902a45040bba6e7ed4fdbe8f502879b89e5336df086e6ebb2ad37c5c6d78e932729489d39824f369211de6a968a9c28b5ab2ae0e49e726b4591903b55fc01013dbf8757407eaa2d4054e61f9fa41a8fa36eb01a54848198882b7abbf63bc962f6b7aeae4c7807f0cdd7831c871400bc00fc020000000000000000000000000000b300fb00c27af9e84690d71aed7c17150f9cab7adeae205966073a5caecbf58597c38c93b68c79891016547576c78b89e515a2d085cdb77ed0448a07af361c949ac83a39cc13667632426024331858d06ac7a5e5f5fea965c340a9cbbe31453a2121e70077e7b6ec1793e26573515f08246bf508840b71242918d494e9bdb75215e065b3221c81752ca92c4a95a142c777e30fb881dbe6e87e4bd1716f54f0b0d5b2369001757e66cf6982a1017f69514cea1300b4001600026c47db5c9783a00552bf620e858dfb1bc04eb805514cd1f724865552bf3315404f8c406145bded10f139819dc0cebfda3b7c970e8e55a09652b0f4d8d1aae4a2f2ba8540f904d72b57b5600050716762397945e8d951fc65b52cf05de1096c1ee9f8ab1717842dd3a179513fbf27ee4dd0bab06bf942ce769bd2c6bcf3e03ef9cc4d197c5eb5970cd455bb7a08b392a321e821d3b38bfc4ff078c9ce2e4fa2e9991a5c3b2a5862fe93e6f6e6be9df208003a", @ANYRES32=r0, @ANYBLOB="00000008000800d87ba63b080003004d0b0000040006007a070500f928e09d7bd7fa2202977becacbfba05779299539e9087c29bdcfb7e759354020deebb22ec4bd883dbb7deea7425a87316ae9678267fecc436029b01e0ddc119fc3e4773eb5acadcfedf56a5cc5227743accf629c50812ae37af5cde21bcc23362ab755f2630ac53e3dfcc67731cb38a4be45a151fc54e296eab4b67d8e1816732a34c3255ee7541ff4e75615890783b19a98f05211738c03f34fa2113b6d768ccabd78c5ec2c0da118f0d282c44f4fb6133389f4ab50bb5c224255a6c7e9e3ae7314ea96ace9e25f2b3be2182b1eb0deff67feb536c5fe5f005b6a7a0b3b5582a69abc83c37a4d8038e829d60a991d7ffd9851edb138fdce06abb8867a2be56a5dbebd5e7ef3d7362ea7e6723b8ad49689b4363c54afdea8d7e7448499f38e48320398a4234fa61a3d20c09ba7d4baa283e7122deea61454d68879cdb549df69234ea91c57e5472579702e21a80a1537ec61e189b1fc21d7ffbbf5cf6962454217baa5d903e28f3a697a883b279e211f7ed6716fe84d6ff67f82602ff77a0e798d6692440fdebe9a433ae69b89b55aeba6241f29aef20ad6fcfc85fcbd4e9e59f159ce4a4cc77ccae8332290b4cde9437607273c950478e91905f51b234f42a18f6cd00da83811e1c385767bb91b1b792b79c154f4fc49dcf5876ffcb4e701d522917a0d253e3469bdc1c4900000000b8338e16bd44bcb04a28b79a71f4924e8f52ef66838f35ab5d569765b5b13860986c53cfe5a07018594b69ca399427013a1871f599564b7269f44edecaeaa1b84ed56c249d5968235b9e23c37bf71f0ab9a741176fb33b8c83afcbfb6efae66c56310915cddbd681b9dc72b8ec14a881f1fa9e193b9db73e0a2cba79616d28bda7bf0b31202c1a24711c2bfc85bf689d34e439409ad93bb4eadb1ecf761626375fbe5656e9760086eb85116f83b5d99d22a6bc0cce98cf77533b22f0d305a1e00f651dae93dc7bd3aacf3ff45d6df754f35d901ec6ac3014f505ac13dbfe184f3f37bb1c29482fcc86f419d8cfed35fee9e8a612574f9e3afe27e9ee3ae5f8ff22fe92165a0ed97e1ece3f5751e4df65eff481c7f2391c8f45f7d082b104e353ec2092e616bd9d83c663cb176deb7b25a216f8b903c461f93b3b771f9cee918043cc21fa9ea85c42326cb2dd3c846d0dcf1fe33fc61d2bff8f1cf63e38329e2d508b484106f1050a4f396b38449571995d111c345e6363388844bc7e7403199a52acdee14a4e661a8dbef77e25e57ad16a90dba607182afb1f891c7178f923130db86b4a501cd43de8571eed672cf02408586440be582c91b64f7212971886f75ac25cb9c3adedbccf226b5252f26d3f7fef415b748fa39cac970d1b07ac8b7ce6b026a95cfc1a1532d300345dd274259cf0602ada400278fd0d09c687b4c324cb9714be58e51cd8dd36619ad89e4090eae95e0589245f210cb05e9fa90318d39007ea4fc8ccbd9dae613027ea6c95940a7ed72efc660c622095bb42173939eb42f4400f5ad6184540d718946926f5b987fbffaf115bed18f27c946a77ae78ff5b5e72d2a64aac60aaed728ea3ede4d78de9f7559b11ec917623a885d4027d2a999b98298e2af8b9aeabf1380b5c3feeba52a1814a05e7a8ce3ee85d1b42a1dd9adb23381dbd76cb6688a238e76ce6f4098063ea755f1ef7abbfa23490a6544099a6f9530259faf5e3d0c07b2c8bf986aeb5028268ebe4d908e0413e964fd8b2d5ddb3d47b9b0e68de5096732bea7dc3b1b3466f7dff45721a9b1d5811a4e1874ec2be961d37a9d9d2ef50492bb75ab96504dafd326decc198ac8805a18e350c38e4de47ef2350d18f3501b50bb285023023d03fa66cf215ec6a34564affb95aca93f3677d4154b6aa9c1fbda430511f31eb6468825fbbe8a124a886ab881b7da7b71a1159bdeada0ce632d3e54e561468f4dd26640cc2d9f1587b7023928741d0f71fd00e58ae6f58d9eec0f2c07da2ccb093512d538bf1f4ea2311d4faeec03187739b1ff36129da3bf1c5999fafaeacb9be63fe3ae8765b827fe1711a0b134494c8a5f067642946e42ada782618ed9daac32eb165bc327e278c3ff030a593d85b93e3ccb751fe67c6d8bf647bcaa91c66b859db93c60a88686d07eb250e91d16a1f90c099d4835b71ba0bc03d950690a626fe5575633b90216163e1443d5213286194c0df5aa891ba17db5893fc758c282639bc7ec6ed7d27421dbdb73d01e9e149799ca2860748c06a69b41c74def7bbf31e42be43ccb4b8a5e64459f476eac90023c0677c94c6d785435e4ac8ab6891161f9b7e1d0be6bd44d17de9672aa470df2dee31ca60875388a25a90271c4b4fcf4ecc75651090ee9530d72cf969e4c1f0a3ab036bd131cc02b87bfbefa7472d8623ac7be17a1c56cf5b3c4818af0a0a2b910948e7492048f50d855efee2a12d8c63b7ddf9da4cef69ffdcf551b18936d45158aa1e6ade7060979b2f1e60e679dcdee9b45f203d4f23f30205596485409ed517525f2c922ba15574d1191711355495f0de907f42fea54bb1157d2eac8afa28574f6b460b519d8eeedacaec0815abc980a4b96289d3f9ae2a3145d15240fca1d5cbe7a53e149a6e083b7befb52f51c679e115a0a366197c0e95a4c2a1b5511155ec9815bc0402d19d9f125a7bc5c63290ac2900000000"], 0xbf0}, 0x1, 0x0, 0x0, 0x4010}, 0x811) ioctl$auto_SNDCTL_SEQ_GETINCOUNT(r1, 0x80045105, 0x0) r5 = socket(0x1e, 0x80000, 0x9) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptye9\x00', 0x101e81, 0x0) r6 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x2c402, 0x0) write$auto_dev_fops_plock(0xffffffffffffffff, &(0x7f0000000200)="ea579eafbef6a78ace20c66c3ed28a307811ba5a77e0d6f20eee070874ce267321ef2da8ccef77a2a57912658cfac38b23199ba898ef2c29ea039494e108e23fc3d3de801c6cdb8c585be1ec026d327ad05a0c7812805bb6d050f902f2e77e549ec276c282a2bb8c2847f2e7105018d493a4a1", 0x73) r7 = syz_genetlink_get_family_id$auto_gtp(&(0x7f00000004c0), r5) sendmsg$auto_GTP_CMD_GETPDP(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r7, @ANYBLOB="00002dbd7000fcdbdf250200"/22], 0x1c}, 0x1, 0x0, 0x0, 0x40000d0}, 0x4001) r8 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000980)='/dev/ttye9\x00', 0x102, 0x0) rseq$auto(&(0x7f0000000300)={0xe, 0x401, 0x0, 0x6, 0xffffffff, 0x2}, 0x8000, 0x0, 0x6) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0xf8f) prctl$auto(0x16, 0x21, 0x6, 0xfffffffffffffffe, 0x5) sendfile$auto(r8, r6, 0x0, 0x1fff5) close_range$auto(0x2, 0x8, 0x0) semctl$auto_GETNCNT(0x0, 0x4, 0xe, 0x4) r9 = io_uring_setup$auto(0x4bf15e08, 0x0) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000340), r9) recvfrom$auto(0x4, 0x0, 0x101d0, 0x3ffffd, 0x0, 0x0) unshare$auto(0x40000080) 0s ago: executing program 6 (id=2348): mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) timer_create$auto_CLOCK_TAI(0xb, 0x0, &(0x7f0000000fc0)=0xa) mmap$auto(0x0, 0x4020005, 0xdf, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) write$auto(0xca, &(0x7f0000000000)='\x04>\x01\x01\x00\x00\x00\x00\x01_\x9e\x99:R\xcc\x96\b\'\x02\xb0\x93l\xeb\x87\r\b\x87\x14\xf8e6\x9c%\xb6\x9a\\S\xa2(Q\xcc', 0x7f) ioctl$auto(0xffffffffffffffff, 0x5646, 0xffffffffffffffff) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mq_open$auto(0x0, 0x1, 0x7e, &(0x7f0000000040)={0xfffffffffffffff8, 0x6, 0xffffffffffffffc0, 0x800000000000046}) socket(0x2, 0x80805, 0x0) r0 = eventfd$auto(0x9) writev$auto(0x4, &(0x7f0000000080)={0x0, 0x8}, 0x1) read$auto_vhci_fops_hci_vhci(r0, &(0x7f0000000280)=""/40, 0x28) kernel console output (not intermixed with test programs): _one_work+0x10/0x10 [ 552.313692][T11837] ? __pfx_hci_rx_work+0x10/0x10 [ 552.313713][T11837] worker_thread+0x5ef/0xe50 [ 552.313734][T11837] ? __pfx_worker_thread+0x10/0x10 [ 552.313750][T11837] ? kthread+0x13a/0x450 [ 552.313772][T11837] ? __pfx_worker_thread+0x10/0x10 [ 552.313786][T11837] kthread+0x370/0x450 [ 552.313807][T11837] ? __pfx_kthread+0x10/0x10 [ 552.313830][T11837] ret_from_fork+0x72b/0xd50 [ 552.313848][T11837] ? __pfx_ret_from_fork+0x10/0x10 [ 552.313865][T11837] ? __switch_to+0x800/0x1100 [ 552.313885][T11837] ? __switch_to_asm+0x39/0x70 [ 552.313903][T11837] ? __pfx_kthread+0x10/0x10 [ 552.313926][T11837] ret_from_fork_asm+0x1a/0x30 [ 552.313960][T11837] [ 552.313981][T11837] kobject: kobject_add_internal failed for hci2:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 552.635784][T14743] Process accounting paused [ 552.654854][T11837] Bluetooth: hci2: failed to register connection device [ 552.886120][T11837] Bluetooth: hci3: unexpected event for opcode 0x7c89 [ 553.476267][T14770] random: crng reseeded on system resumption [ 553.665533][T14785] busy [ 553.688505][T14785] i2c i2c-0: new_device: Invalid device name [ 553.840179][T11837] Bluetooth: hci2: command 0x2016 tx timeout [ 553.847321][T14789] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1836'. [ 553.944129][T14771] Process accounting paused [ 555.133272][T14793] Process accounting resumed [ 555.745555][T11837] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 556.398557][T11837] Bluetooth: hci2: command 0x2016 tx timeout [ 556.406234][T14794] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 556.429433][T14794] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 556.460821][T14794] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 556.488288][T14794] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 557.136944][T14827] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1843'. [ 558.477511][T11766] Bluetooth: hci0: command 0x2016 tx timeout [ 558.484080][T11837] Bluetooth: hci3: command 0x2016 tx timeout [ 558.490380][T11766] Bluetooth: hci2: command 0x2016 tx timeout [ 558.557436][T14839] Bluetooth: hci1: command 0x2016 tx timeout [ 558.565401][T11844] Bluetooth: hci4: command 0x041b tx timeout [ 558.578248][T14794] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 558.803678][T14843] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1848'. [ 558.941279][T14847] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 558.966982][ T1318] ieee802154 phy0 wpan0: encryption failed: -22 [ 558.974653][ T1318] ieee802154 phy1 wpan1: encryption failed: -22 [ 559.011181][ T29] audit: type=1804 audit(4294967652.857:18): pid=14847 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1847" name="/newroot/sys/kernel/debug/tracing/events/vmalloc/filter" dev="tracefs" ino=19680823 res=1 errno=0 [ 559.504362][T14862] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1850'. [ 559.628634][T14849] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 559.641176][T14849] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 559.654541][T14849] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 559.667625][T14849] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 559.673856][T14849] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 560.249704][T14877] i2c i2c-0: new_device: Invalid device name [ 560.398610][T14877] netlink: 338 bytes leftover after parsing attributes in process `syz.4.1854'. [ 560.489797][T11822] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 561.047768][T14892] bond0: invalid ARP target specified [ 561.075496][T14890] nbd: must specify a size in bytes for the device [ 561.091022][T14890] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1857'. [ 561.400383][T14882] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 561.408161][T14882] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 561.675935][T11844] Bluetooth: hci4: command 0x041b tx timeout [ 561.681997][T14839] Bluetooth: hci1: command 0x2016 tx timeout [ 562.637342][ T1318] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.643733][ T1318] ieee802154 phy1 wpan1: encryption failed: -22 [ 562.715216][T11844] Bluetooth: hci2: command 0x2016 tx timeout [ 563.435052][T11844] Bluetooth: hci0: command 0x2016 tx timeout [ 563.441659][T14839] Bluetooth: hci3: command 0x2016 tx timeout [ 563.456225][T14882] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 563.466834][T14882] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 563.473199][T14882] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 563.758013][T14904] FAULT_INJECTION: forcing a failure. [ 563.758013][T14904] name failslab, interval 1, probability 0, space 0, times 0 [ 563.813267][T14901] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1859'. [ 563.837117][T14904] CPU: 0 UID: 0 PID: 14904 Comm: syz.4.1861 Tainted: G U L syzkaller #0 PREEMPT(full) [ 563.837143][T14904] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 563.837149][T14904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 563.837158][T14904] Call Trace: [ 563.837164][T14904] [ 563.837170][T14904] dump_stack_lvl+0x100/0x190 [ 563.837200][T14904] should_fail_ex.cold+0x5/0xa [ 563.837220][T14904] ? kernfs_fop_write_iter+0x26a/0x5f0 [ 563.837243][T14904] should_failslab+0xc2/0x120 [ 563.837262][T14904] __kmalloc_noprof+0xe0/0x850 [ 563.837281][T14904] kernfs_fop_write_iter+0x26a/0x5f0 [ 563.837305][T14904] vfs_write+0x6ac/0x1070 [ 563.837325][T14904] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 563.837349][T14904] ? __pfx_vfs_write+0x10/0x10 [ 563.837378][T14904] ksys_write+0x12a/0x250 [ 563.837395][T14904] ? __pfx_ksys_write+0x10/0x10 [ 563.837414][T14904] ? rcu_is_watching+0x12/0xc0 [ 563.837435][T14904] do_syscall_64+0x115/0x840 [ 563.837457][T14904] ? clear_bhb_loop+0x40/0x90 [ 563.837476][T14904] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 563.837491][T14904] RIP: 0033:0x7f9dbc39ce59 [ 563.837505][T14904] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 563.837520][T14904] RSP: 002b:00007f9dbd20e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 563.837538][T14904] RAX: ffffffffffffffda RBX: 00007f9dbc615fa0 RCX: 00007f9dbc39ce59 [ 563.837548][T14904] RDX: 0000000000000008 RSI: 0000200000000080 RDI: 0000000000000009 [ 563.837557][T14904] RBP: 00007f9dbd20e090 R08: 0000000000000000 R09: 0000000000000000 [ 563.837567][T14904] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 563.837575][T14904] R13: 00007f9dbc616038 R14: 00007f9dbc615fa0 R15: 00007ffe4db71b08 [ 563.837596][T14904] [ 564.061803][T11822] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 564.617209][T14922] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1863'. [ 564.690235][T14925] netlink: 25 bytes leftover after parsing attributes in process `syz.3.1863'. [ 565.019878][T14931] busy [ 565.029882][T14931] i2c i2c-0: new_device: Invalid device name [ 565.186395][T14936] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1865'. [ 565.513879][T11844] Bluetooth: hci4: command 0x041b tx timeout [ 565.519965][T11844] Bluetooth: hci1: command 0x2016 tx timeout [ 565.526266][T14839] Bluetooth: hci0: command 0x2016 tx timeout [ 566.370794][T14839] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 566.860025][T14839] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 566.867973][T14839] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:0' [ 566.879787][T14839] CPU: 0 UID: 0 PID: 14839 Comm: kworker/u11:4 Tainted: G U L syzkaller #0 PREEMPT(full) [ 566.879833][T14839] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 566.879839][T14839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 566.879850][T14839] Workqueue: hci4 hci_rx_work [ 566.879874][T14839] Call Trace: [ 566.879880][T14839] [ 566.879886][T14839] dump_stack_lvl+0x100/0x190 [ 566.879915][T14839] sysfs_warn_dup.cold+0x1c/0x28 [ 566.879938][T14839] sysfs_create_dir_ns+0x24b/0x2b0 [ 566.879955][T14839] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 566.879971][T14839] ? find_held_lock+0x2b/0x80 [ 566.879991][T14839] ? kobject_add_internal+0x25f/0x930 [ 566.880007][T14839] ? kobject_add_internal+0x25f/0x930 [ 566.880024][T14839] ? do_raw_spin_unlock+0x145/0x1e0 [ 566.880042][T14839] kobject_add_internal+0x2c8/0x930 [ 566.880060][T14839] kobject_add+0x16a/0x1e0 [ 566.880075][T14839] ? __pfx_kobject_add+0x10/0x10 [ 566.880090][T14839] ? class_to_subsys+0x10f/0x150 [ 566.880111][T14839] ? kobject_put+0xb9/0x640 [ 566.880132][T14839] ? _raw_spin_unlock+0x28/0x50 [ 566.880156][T14839] device_add+0x294/0x1950 [ 566.880174][T14839] ? __pfx_dev_set_name+0x10/0x10 [ 566.880194][T14839] ? __pfx_device_add+0x10/0x10 [ 566.880211][T14839] ? mgmt_send_event_skb+0x2fb/0x460 [ 566.880236][T14839] hci_conn_add_sysfs+0x1a3/0x260 [ 566.880259][T14839] le_conn_complete_evt+0x11eb/0x1f60 [ 566.880284][T14839] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 566.880302][T14839] ? __pfx_bt_warn+0x10/0x10 [ 566.880329][T14839] hci_le_conn_complete_evt+0x23c/0x3a0 [ 566.880350][T14839] ? skb_pull_data+0x15f/0x1e0 [ 566.880372][T14839] hci_le_meta_evt+0x34a/0x5f0 [ 566.880393][T14839] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 566.880416][T14839] hci_event_packet+0x51c/0xcd0 [ 566.880435][T14839] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 566.880456][T14839] ? __pfx_hci_event_packet+0x10/0x10 [ 566.880477][T14839] ? kcov_remote_start+0x374/0x660 [ 566.880497][T14839] ? lockdep_hardirqs_on+0x78/0x100 [ 566.880526][T14839] hci_rx_work+0x451/0xfc0 [ 566.880548][T14839] process_one_work+0xa0e/0x1980 [ 566.880573][T14839] ? __pfx_process_one_work+0x10/0x10 [ 566.880594][T14839] ? __pfx_hci_rx_work+0x10/0x10 [ 566.880616][T14839] worker_thread+0x5ef/0xe50 [ 566.880637][T14839] ? __pfx_worker_thread+0x10/0x10 [ 566.880653][T14839] ? kthread+0x13a/0x450 [ 566.880682][T14839] ? __pfx_worker_thread+0x10/0x10 [ 566.880696][T14839] kthread+0x370/0x450 [ 566.880717][T14839] ? __pfx_kthread+0x10/0x10 [ 566.880741][T14839] ret_from_fork+0x72b/0xd50 [ 566.880759][T14839] ? __pfx_ret_from_fork+0x10/0x10 [ 566.880776][T14839] ? __switch_to+0x800/0x1100 [ 566.880796][T14839] ? __switch_to_asm+0x39/0x70 [ 566.880814][T14839] ? __pfx_kthread+0x10/0x10 [ 566.880837][T14839] ret_from_fork_asm+0x1a/0x30 [ 566.880865][T14839] [ 566.880914][T14839] kobject: kobject_add_internal failed for hci4:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 567.198016][T14839] Bluetooth: hci4: failed to register connection device [ 567.593983][T11766] Bluetooth: hci4: command 0x041b tx timeout [ 567.600280][T14839] Bluetooth: hci0: command 0x2016 tx timeout [ 568.086052][T14961] random: crng reseeded on system resumption [ 568.805186][T11822] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 568.813066][T11822] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:0' [ 568.823168][T11822] CPU: 0 UID: 0 PID: 11822 Comm: kworker/u11:1 Tainted: G U L syzkaller #0 PREEMPT(full) [ 568.823197][T11822] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 568.823204][T11822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 568.823215][T11822] Workqueue: hci4 hci_rx_work [ 568.823240][T11822] Call Trace: [ 568.823246][T11822] [ 568.823253][T11822] dump_stack_lvl+0x100/0x190 [ 568.823281][T11822] sysfs_warn_dup.cold+0x1c/0x28 [ 568.823303][T11822] sysfs_create_dir_ns+0x24b/0x2b0 [ 568.823321][T11822] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 568.823337][T11822] ? find_held_lock+0x2b/0x80 [ 568.823355][T11822] ? kobject_add_internal+0x25f/0x930 [ 568.823371][T11822] ? kobject_add_internal+0x25f/0x930 [ 568.823389][T11822] ? do_raw_spin_unlock+0x145/0x1e0 [ 568.823411][T11822] kobject_add_internal+0x2c8/0x930 [ 568.823430][T11822] kobject_add+0x16a/0x1e0 [ 568.823445][T11822] ? __pfx_kobject_add+0x10/0x10 [ 568.823461][T11822] ? class_to_subsys+0x10f/0x150 [ 568.823483][T11822] ? kobject_put+0xb9/0x640 [ 568.823504][T11822] ? _raw_spin_unlock+0x28/0x50 [ 568.823528][T11822] device_add+0x294/0x1950 [ 568.823546][T11822] ? __pfx_dev_set_name+0x10/0x10 [ 568.823565][T11822] ? __pfx_device_add+0x10/0x10 [ 568.823582][T11822] ? mgmt_send_event_skb+0x2fb/0x460 [ 568.823607][T11822] hci_conn_add_sysfs+0x1a3/0x260 [ 568.823631][T11822] le_conn_complete_evt+0x11eb/0x1f60 [ 568.823664][T11822] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 568.823683][T11822] ? __pfx_bt_warn+0x10/0x10 [ 568.823712][T11822] hci_le_conn_complete_evt+0x23c/0x3a0 [ 568.823733][T11822] ? skb_pull_data+0x15f/0x1e0 [ 568.823756][T11822] hci_le_meta_evt+0x34a/0x5f0 [ 568.823777][T11822] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 568.823799][T11822] hci_event_packet+0x51c/0xcd0 [ 568.823821][T11822] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 568.823842][T11822] ? __pfx_hci_event_packet+0x10/0x10 [ 568.823864][T11822] ? kcov_remote_start+0x374/0x660 [ 568.823884][T11822] ? lockdep_hardirqs_on+0x78/0x100 [ 568.823909][T11822] hci_rx_work+0x451/0xfc0 [ 568.823932][T11822] process_one_work+0xa0e/0x1980 [ 568.823956][T11822] ? __pfx_process_one_work+0x10/0x10 [ 568.823976][T11822] ? __pfx_hci_rx_work+0x10/0x10 [ 568.823997][T11822] worker_thread+0x5ef/0xe50 [ 568.824016][T11822] ? __pfx_worker_thread+0x10/0x10 [ 568.824032][T11822] ? kthread+0x13a/0x450 [ 568.824052][T11822] ? __pfx_worker_thread+0x10/0x10 [ 568.824065][T11822] kthread+0x370/0x450 [ 568.824086][T11822] ? __pfx_kthread+0x10/0x10 [ 568.824109][T11822] ret_from_fork+0x72b/0xd50 [ 568.824129][T11822] ? __pfx_ret_from_fork+0x10/0x10 [ 568.824146][T11822] ? __switch_to+0x800/0x1100 [ 568.824166][T11822] ? __switch_to_asm+0x39/0x70 [ 568.824184][T11822] ? __pfx_kthread+0x10/0x10 [ 568.824207][T11822] ret_from_fork_asm+0x1a/0x30 [ 568.824235][T11822] [ 568.824276][T11822] kobject: kobject_add_internal failed for hci4:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 569.128941][T11822] Bluetooth: hci4: failed to register connection device [ 569.673017][T14839] Bluetooth: hci4: command 0x041b tx timeout [ 569.679522][T11822] Bluetooth: hci0: command 0x2016 tx timeout [ 569.919325][T14982] random: crng reseeded on system resumption [ 570.644277][T15017] FAULT_INJECTION: forcing a failure. [ 570.644277][T15017] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 570.675783][T15017] CPU: 0 UID: 0 PID: 15017 Comm: syz.4.1882 Tainted: G U L syzkaller #0 PREEMPT(full) [ 570.675811][T15017] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 570.675817][T15017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 570.675826][T15017] Call Trace: [ 570.675832][T15017] [ 570.675839][T15017] dump_stack_lvl+0x100/0x190 [ 570.675869][T15017] should_fail_ex.cold+0x5/0xa [ 570.675890][T15017] _copy_from_user+0x2e/0xd0 [ 570.675914][T15017] __sys_bpf+0x243/0x4b90 [ 570.675959][T15017] ? __pfx___sys_bpf+0x10/0x10 [ 570.675972][T15017] ? proc_fail_nth_write+0x9f/0x220 [ 570.675997][T15017] ? find_held_lock+0x2b/0x80 [ 570.676020][T15017] ? find_held_lock+0x2b/0x80 [ 570.676037][T15017] ? ksys_write+0x190/0x250 [ 570.676059][T15017] ? ksys_write+0x190/0x250 [ 570.676090][T15017] ? __mutex_unlock_slowpath+0x15d/0x8a0 [ 570.676114][T15017] ? kernel_write+0x603/0x6c0 [ 570.676131][T15017] ? __fget_files+0x215/0x3d0 [ 570.676160][T15017] ? fput+0x79/0x100 [ 570.676180][T15017] ? ksys_write+0x1ac/0x250 [ 570.676197][T15017] ? __pfx_ksys_write+0x10/0x10 [ 570.676217][T15017] __x64_sys_bpf+0x7b/0xc0 [ 570.676232][T15017] ? lockdep_hardirqs_on+0x78/0x100 [ 570.676253][T15017] do_syscall_64+0x115/0x840 [ 570.676274][T15017] ? clear_bhb_loop+0x40/0x90 [ 570.676293][T15017] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 570.676308][T15017] RIP: 0033:0x7f9dbc39ce59 [ 570.676322][T15017] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 570.676337][T15017] RSP: 002b:00007f9dbd20e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 570.676353][T15017] RAX: ffffffffffffffda RBX: 00007f9dbc615fa0 RCX: 00007f9dbc39ce59 [ 570.676363][T15017] RDX: 0000000000000198 RSI: 0000200000000100 RDI: 0000000000000000 [ 570.676373][T15017] RBP: 00007f9dbd20e090 R08: 0000000000000000 R09: 0000000000000000 [ 570.676382][T15017] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 570.676403][T15017] R13: 00007f9dbc616038 R14: 00007f9dbc615fa0 R15: 00007ffe4db71b08 [ 570.676423][T15017] [ 570.996904][T15023] busy [ 571.000451][T15023] i2c i2c-0: new_device: Invalid device name [ 571.037780][T15023] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1884'. [ 571.750722][T11822] Bluetooth: hci0: command 0x2016 tx timeout [ 571.756844][T11822] Bluetooth: hci4: command 0x041b tx timeout [ 571.960958][T11822] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 572.464523][T14839] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 572.479661][T14839] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 572.488317][T14839] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 572.499094][T14839] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 572.517369][T14839] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 572.699702][T14839] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 572.707934][T14839] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:0' [ 572.721356][T14839] CPU: 0 UID: 0 PID: 14839 Comm: kworker/u11:4 Tainted: G U L syzkaller #0 PREEMPT(full) [ 572.721383][T14839] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 572.721389][T14839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 572.721401][T14839] Workqueue: hci4 hci_rx_work [ 572.721424][T14839] Call Trace: [ 572.721430][T14839] [ 572.721437][T14839] dump_stack_lvl+0x100/0x190 [ 572.721466][T14839] sysfs_warn_dup.cold+0x1c/0x28 [ 572.721488][T14839] sysfs_create_dir_ns+0x24b/0x2b0 [ 572.721506][T14839] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 572.721521][T14839] ? find_held_lock+0x2b/0x80 [ 572.721540][T14839] ? kobject_add_internal+0x25f/0x930 [ 572.721556][T14839] ? kobject_add_internal+0x25f/0x930 [ 572.721575][T14839] ? do_raw_spin_unlock+0x145/0x1e0 [ 572.721594][T14839] kobject_add_internal+0x2c8/0x930 [ 572.721612][T14839] kobject_add+0x16a/0x1e0 [ 572.721627][T14839] ? __pfx_kobject_add+0x10/0x10 [ 572.721641][T14839] ? class_to_subsys+0x10f/0x150 [ 572.721662][T14839] ? kobject_put+0xb9/0x640 [ 572.721684][T14839] ? _raw_spin_unlock+0x28/0x50 [ 572.721708][T14839] device_add+0x294/0x1950 [ 572.721725][T14839] ? __pfx_dev_set_name+0x10/0x10 [ 572.721745][T14839] ? __pfx_device_add+0x10/0x10 [ 572.721762][T14839] ? mgmt_send_event_skb+0x2fb/0x460 [ 572.721787][T14839] hci_conn_add_sysfs+0x1a3/0x260 [ 572.721811][T14839] le_conn_complete_evt+0x11eb/0x1f60 [ 572.721835][T14839] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 572.721853][T14839] ? __pfx_bt_warn+0x10/0x10 [ 572.721880][T14839] hci_le_conn_complete_evt+0x23c/0x3a0 [ 572.721901][T14839] ? skb_pull_data+0x15f/0x1e0 [ 572.721922][T14839] hci_le_meta_evt+0x34a/0x5f0 [ 572.721943][T14839] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 572.721966][T14839] hci_event_packet+0x51c/0xcd0 [ 572.721986][T14839] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 572.722006][T14839] ? __pfx_hci_event_packet+0x10/0x10 [ 572.722028][T14839] ? kcov_remote_start+0x374/0x660 [ 572.722048][T14839] ? lockdep_hardirqs_on+0x78/0x100 [ 572.722073][T14839] hci_rx_work+0x451/0xfc0 [ 572.722095][T14839] process_one_work+0xa0e/0x1980 [ 572.722119][T14839] ? __pfx_process_one_work+0x10/0x10 [ 572.722139][T14839] ? __pfx_hci_rx_work+0x10/0x10 [ 572.722160][T14839] worker_thread+0x5ef/0xe50 [ 572.722180][T14839] ? __pfx_worker_thread+0x10/0x10 [ 572.722195][T14839] ? kthread+0x13a/0x450 [ 572.722215][T14839] ? __pfx_worker_thread+0x10/0x10 [ 572.722229][T14839] kthread+0x370/0x450 [ 572.722250][T14839] ? __pfx_kthread+0x10/0x10 [ 572.722282][T14839] ret_from_fork+0x72b/0xd50 [ 572.722300][T14839] ? __pfx_ret_from_fork+0x10/0x10 [ 572.722318][T14839] ? __switch_to+0x800/0x1100 [ 572.722338][T14839] ? __switch_to_asm+0x39/0x70 [ 572.722358][T14839] ? __pfx_kthread+0x10/0x10 [ 572.722381][T14839] ret_from_fork_asm+0x1a/0x30 [ 572.722409][T14839] [ 572.722439][T14839] kobject: kobject_add_internal failed for hci4:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 573.043357][T14839] Bluetooth: hci4: failed to register connection device [ 573.831376][T14839] Bluetooth: hci4: command 0x041b tx timeout [ 573.957701][T15052] random: crng reseeded on system resumption [ 574.412125][T15080] busy [ 574.444607][T15080] i2c i2c-0: new_device: Invalid device name [ 574.452436][T15082] FAULT_INJECTION: forcing a failure. [ 574.452436][T15082] name failslab, interval 1, probability 0, space 0, times 0 [ 574.501755][T15082] CPU: 0 UID: 0 PID: 15082 Comm: syz.4.1896 Tainted: G U L syzkaller #0 PREEMPT(full) [ 574.501784][T15082] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 574.501791][T15082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 574.501801][T15082] Call Trace: [ 574.501807][T15082] [ 574.501813][T15082] dump_stack_lvl+0x100/0x190 [ 574.501844][T15082] should_fail_ex.cold+0x5/0xa [ 574.501864][T15082] ? __netif_set_xps_queue+0x8a3/0x2340 [ 574.501946][T15082] should_failslab+0xc2/0x120 [ 574.501966][T15082] __kmalloc_noprof+0xe0/0x850 [ 574.501985][T15082] __netif_set_xps_queue+0x8a3/0x2340 [ 574.502012][T15082] xps_rxqs_store+0x238/0x320 [ 574.502067][T15082] ? sysfs_file_kobj+0xe4/0x290 [ 574.502092][T15082] ? __pfx_xps_rxqs_store+0x10/0x10 [ 574.502106][T15082] netdev_queue_attr_store+0x61/0x90 [ 574.502155][T15082] ? __pfx_netdev_queue_attr_store+0x10/0x10 [ 574.502175][T15082] sysfs_kf_write+0xf2/0x150 [ 574.502200][T15082] kernfs_fop_write_iter+0x3e0/0x5f0 [ 574.502221][T15082] ? __pfx_sysfs_kf_write+0x10/0x10 [ 574.502247][T15082] vfs_write+0x6ac/0x1070 [ 574.502265][T15082] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 574.502289][T15082] ? __pfx_vfs_write+0x10/0x10 [ 574.502320][T15082] ksys_write+0x12a/0x250 [ 574.502337][T15082] ? __pfx_ksys_write+0x10/0x10 [ 574.502356][T15082] ? rcu_is_watching+0x12/0xc0 [ 574.502376][T15082] do_syscall_64+0x115/0x840 [ 574.502398][T15082] ? clear_bhb_loop+0x40/0x90 [ 574.502417][T15082] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 574.502433][T15082] RIP: 0033:0x7f9dbc39ce59 [ 574.502446][T15082] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 574.502461][T15082] RSP: 002b:00007f9dbd20e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 574.502476][T15082] RAX: ffffffffffffffda RBX: 00007f9dbc615fa0 RCX: 00007f9dbc39ce59 [ 574.502486][T15082] RDX: 0000000000000008 RSI: 0000200000000080 RDI: 0000000000000009 [ 574.502495][T15082] RBP: 00007f9dbd20e090 R08: 0000000000000000 R09: 0000000000000000 [ 574.502504][T15082] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 574.502512][T15082] R13: 00007f9dbc616038 R14: 00007f9dbc615fa0 R15: 00007ffe4db71b08 [ 574.502533][T15082] [ 574.860492][T15086] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1895'. [ 575.032214][T14839] Bluetooth: hci5: command tx timeout [ 575.702173][T11822] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 575.912230][T14839] Bluetooth: hci4: command 0x041b tx timeout [ 576.017305][T15048] bridge0: port 1(bridge_slave_0) entered blocking state [ 576.058932][T15048] bridge0: port 1(bridge_slave_0) entered disabled state [ 576.082704][T15048] bridge_slave_0: entered allmulticast mode [ 576.090993][T14839] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 576.100210][T14839] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:0' [ 576.109854][T14839] CPU: 0 UID: 0 PID: 14839 Comm: kworker/u11:4 Tainted: G U L syzkaller #0 PREEMPT(full) [ 576.109881][T14839] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 576.109888][T14839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 576.109899][T14839] Workqueue: hci4 hci_rx_work [ 576.109922][T14839] Call Trace: [ 576.109928][T14839] [ 576.109935][T14839] dump_stack_lvl+0x100/0x190 [ 576.109963][T14839] sysfs_warn_dup.cold+0x1c/0x28 [ 576.109986][T14839] sysfs_create_dir_ns+0x24b/0x2b0 [ 576.110004][T14839] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 576.110020][T14839] ? find_held_lock+0x2b/0x80 [ 576.110040][T14839] ? kobject_add_internal+0x25f/0x930 [ 576.110055][T14839] ? kobject_add_internal+0x25f/0x930 [ 576.110072][T14839] ? do_raw_spin_unlock+0x145/0x1e0 [ 576.110090][T14839] kobject_add_internal+0x2c8/0x930 [ 576.110118][T14839] kobject_add+0x16a/0x1e0 [ 576.110134][T14839] ? __pfx_kobject_add+0x10/0x10 [ 576.110148][T14839] ? class_to_subsys+0x10f/0x150 [ 576.110170][T14839] ? kobject_put+0xb9/0x640 [ 576.110192][T14839] ? _raw_spin_unlock+0x28/0x50 [ 576.110216][T14839] device_add+0x294/0x1950 [ 576.110234][T14839] ? __pfx_dev_set_name+0x10/0x10 [ 576.110253][T14839] ? __pfx_device_add+0x10/0x10 [ 576.110270][T14839] ? mgmt_send_event_skb+0x2fb/0x460 [ 576.110295][T14839] hci_conn_add_sysfs+0x1a3/0x260 [ 576.110319][T14839] le_conn_complete_evt+0x11eb/0x1f60 [ 576.110343][T14839] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 576.110361][T14839] ? __pfx_bt_warn+0x10/0x10 [ 576.110388][T14839] hci_le_conn_complete_evt+0x23c/0x3a0 [ 576.110409][T14839] ? skb_pull_data+0x15f/0x1e0 [ 576.110431][T14839] hci_le_meta_evt+0x34a/0x5f0 [ 576.110452][T14839] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 576.110474][T14839] hci_event_packet+0x51c/0xcd0 [ 576.110494][T14839] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 576.110514][T14839] ? __pfx_hci_event_packet+0x10/0x10 [ 576.110535][T14839] ? kcov_remote_start+0x374/0x660 [ 576.110556][T14839] ? lockdep_hardirqs_on+0x78/0x100 [ 576.110581][T14839] hci_rx_work+0x451/0xfc0 [ 576.110603][T14839] process_one_work+0xa0e/0x1980 [ 576.110627][T14839] ? __pfx_process_one_work+0x10/0x10 [ 576.110647][T14839] ? __pfx_hci_rx_work+0x10/0x10 [ 576.110668][T14839] worker_thread+0x5ef/0xe50 [ 576.110688][T14839] ? __pfx_worker_thread+0x10/0x10 [ 576.110704][T14839] ? kthread+0x13a/0x450 [ 576.110724][T14839] ? __pfx_worker_thread+0x10/0x10 [ 576.110738][T14839] kthread+0x370/0x450 [ 576.110759][T14839] ? __pfx_kthread+0x10/0x10 [ 576.110782][T14839] ret_from_fork+0x72b/0xd50 [ 576.110800][T14839] ? __pfx_ret_from_fork+0x10/0x10 [ 576.110817][T14839] ? __switch_to+0x800/0x1100 [ 576.110836][T14839] ? __switch_to_asm+0x39/0x70 [ 576.110855][T14839] ? __pfx_kthread+0x10/0x10 [ 576.110878][T14839] ret_from_fork_asm+0x1a/0x30 [ 576.110907][T14839] [ 576.110926][T14839] kobject: kobject_add_internal failed for hci4:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 576.420334][T11766] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 576.427980][T11766] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:0' [ 576.440039][T11766] CPU: 0 UID: 0 PID: 11766 Comm: kworker/u11:0 Tainted: G U L syzkaller #0 PREEMPT(full) [ 576.440066][T11766] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 576.440073][T11766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 576.440084][T11766] Workqueue: hci3 hci_rx_work [ 576.440108][T11766] Call Trace: [ 576.440115][T11766] [ 576.440122][T11766] dump_stack_lvl+0x100/0x190 [ 576.440151][T11766] sysfs_warn_dup.cold+0x1c/0x28 [ 576.440174][T11766] sysfs_create_dir_ns+0x24b/0x2b0 [ 576.440192][T11766] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 576.440207][T11766] ? find_held_lock+0x2b/0x80 [ 576.440227][T11766] ? kobject_add_internal+0x25f/0x930 [ 576.440243][T11766] ? kobject_add_internal+0x25f/0x930 [ 576.440260][T11766] ? do_raw_spin_unlock+0x145/0x1e0 [ 576.440279][T11766] kobject_add_internal+0x2c8/0x930 [ 576.440297][T11766] kobject_add+0x16a/0x1e0 [ 576.440312][T11766] ? __pfx_kobject_add+0x10/0x10 [ 576.440326][T11766] ? class_to_subsys+0x10f/0x150 [ 576.440347][T11766] ? kobject_put+0xb9/0x640 [ 576.440368][T11766] ? _raw_spin_unlock+0x28/0x50 [ 576.440392][T11766] device_add+0x294/0x1950 [ 576.440409][T11766] ? __pfx_dev_set_name+0x10/0x10 [ 576.440429][T11766] ? __pfx_device_add+0x10/0x10 [ 576.440446][T11766] ? mgmt_send_event_skb+0x2fb/0x460 [ 576.440471][T11766] hci_conn_add_sysfs+0x1a3/0x260 [ 576.440494][T11766] le_conn_complete_evt+0x11eb/0x1f60 [ 576.440519][T11766] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 576.440537][T11766] ? __pfx_bt_warn+0x10/0x10 [ 576.440564][T11766] hci_le_conn_complete_evt+0x23c/0x3a0 [ 576.440584][T11766] ? skb_pull_data+0x15f/0x1e0 [ 576.440606][T11766] hci_le_meta_evt+0x34a/0x5f0 [ 576.440626][T11766] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 576.440656][T11766] hci_event_packet+0x51c/0xcd0 [ 576.440677][T11766] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 576.440698][T11766] ? __pfx_hci_event_packet+0x10/0x10 [ 576.440720][T11766] ? kcov_remote_start+0x374/0x660 [ 576.440741][T11766] ? lockdep_hardirqs_on+0x78/0x100 [ 576.440766][T11766] hci_rx_work+0x451/0xfc0 [ 576.440788][T11766] process_one_work+0xa0e/0x1980 [ 576.440812][T11766] ? __pfx_process_one_work+0x10/0x10 [ 576.440833][T11766] ? __pfx_hci_rx_work+0x10/0x10 [ 576.440853][T11766] worker_thread+0x5ef/0xe50 [ 576.440875][T11766] ? kthread+0x13a/0x450 [ 576.440895][T11766] ? __pfx_worker_thread+0x10/0x10 [ 576.440909][T11766] kthread+0x370/0x450 [ 576.440930][T11766] ? __pfx_kthread+0x10/0x10 [ 576.440952][T11766] ret_from_fork+0x72b/0xd50 [ 576.440969][T11766] ? __pfx_ret_from_fork+0x10/0x10 [ 576.440986][T11766] ? __switch_to+0x800/0x1100 [ 576.441006][T11766] ? __switch_to_asm+0x39/0x70 [ 576.441024][T11766] ? __pfx_kthread+0x10/0x10 [ 576.441047][T11766] ret_from_fork_asm+0x1a/0x30 [ 576.441075][T11766] [ 576.441096][T11766] kobject: kobject_add_internal failed for hci3:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 576.736651][T14839] Bluetooth: hci4: failed to register connection device [ 576.777675][T11766] Bluetooth: hci3: failed to register connection device [ 576.792184][T15048] bridge_slave_0: entered promiscuous mode [ 576.861894][T15048] bridge0: port 2(bridge_slave_1) entered blocking state [ 576.895681][T15048] bridge0: port 2(bridge_slave_1) entered disabled state [ 576.920509][T15048] bridge_slave_1: entered allmulticast mode [ 576.942995][T15048] bridge_slave_1: entered promiscuous mode [ 577.109584][T11766] Bluetooth: hci5: command tx timeout [ 577.127068][T15048] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 577.173151][T15109] random: crng reseeded on system resumption [ 577.187557][T15048] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 577.522357][T15048] team0: Port device team_slave_0 added [ 577.637631][T15048] team0: Port device team_slave_1 added [ 577.754634][T11766] Bluetooth: hci3: command 0x2016 tx timeout [ 577.850088][T15048] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 577.863938][T15048] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 577.933492][T15048] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 577.983802][T15048] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 578.005646][T11766] Bluetooth: hci4: command 0x041b tx timeout [ 578.042035][T15048] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 578.164023][T15048] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 578.336433][T15094] Process accounting resumed [ 578.355643][T15048] hsr_slave_0: entered promiscuous mode [ 578.394073][T15048] hsr_slave_1: entered promiscuous mode [ 578.434277][T15048] debugfs: 'hsr0' already exists in 'hsr' [ 578.480870][T15048] Cannot create hsr debugfs directory [ 578.827647][T15122] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 579.095554][T15115] Process accounting resumed [ 579.187381][T11766] Bluetooth: hci5: command tx timeout [ 579.395973][T15048] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 579.453447][T15048] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 579.480748][T15048] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 579.514420][T15048] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 579.559910][T15048] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 579.605198][T15048] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 579.628871][T15048] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 579.659350][T15048] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 579.927890][T15048] 8021q: adding VLAN 0 to HW filter on device bond0 [ 579.983842][T15048] 8021q: adding VLAN 0 to HW filter on device team0 [ 580.020453][T11847] bridge0: port 1(bridge_slave_0) entered blocking state [ 580.027613][T11847] bridge0: port 1(bridge_slave_0) entered forwarding state [ 580.067344][T11766] Bluetooth: hci4: command 0x041b tx timeout [ 580.081025][T11927] bridge0: port 2(bridge_slave_1) entered blocking state [ 580.088165][T11927] bridge0: port 2(bridge_slave_1) entered forwarding state [ 580.239068][T15145] RGB/YUV Input: ================= START STATUS ================= [ 580.287977][T15145] RGB/YUV Input: Test Pattern: 75% Colorbar [ 580.299246][T15129] Process accounting resumed [ 580.325777][T15145] RGB/YUV Input: Show Information: All [ 580.412400][T15145] RGB/YUV Input: Vertical Flip: false [ 580.439926][T15145] RGB/YUV Input: Horizontal Flip: false [ 580.465303][T15145] RGB/YUV Input: Brightness: 128 [ 580.488312][T15145] RGB/YUV Input: Contrast: 128 [ 580.504726][T15145] RGB/YUV Input: Hue: 0 [ 580.524483][T15145] RGB/YUV Input: Saturation: 128 [ 580.538076][T15145] RGB/YUV Input: Pixel Rate: 160000000 [ 580.564936][T15145] RGB/YUV Input: Horizontal Blanking: 800 [ 580.571106][T15145] RGB/YUV Input: Vertical Blanking: 3223 [ 580.583501][T15145] RGB/YUV Input: ================== END STATUS ================== [ 580.598717][T15153] FAULT_INJECTION: forcing a failure. [ 580.598717][T15153] name failslab, interval 1, probability 0, space 0, times 0 [ 580.615070][T15153] CPU: 0 UID: 0 PID: 15153 Comm: syz.2.1908 Tainted: G U L syzkaller #0 PREEMPT(full) [ 580.615095][T15153] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 580.615101][T15153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 580.615111][T15153] Call Trace: [ 580.615117][T15153] [ 580.615123][T15153] dump_stack_lvl+0x100/0x190 [ 580.615153][T15153] should_fail_ex.cold+0x5/0xa [ 580.615173][T15153] ? __netif_set_xps_queue+0x48f/0x2340 [ 580.615190][T15153] should_failslab+0xc2/0x120 [ 580.615208][T15153] __kmalloc_noprof+0xe0/0x850 [ 580.615227][T15153] __netif_set_xps_queue+0x48f/0x2340 [ 580.615254][T15153] xps_rxqs_store+0x238/0x320 [ 580.615270][T15153] ? sysfs_file_kobj+0xe4/0x290 [ 580.615295][T15153] ? __pfx_xps_rxqs_store+0x10/0x10 [ 580.615309][T15153] netdev_queue_attr_store+0x61/0x90 [ 580.615329][T15153] ? __pfx_netdev_queue_attr_store+0x10/0x10 [ 580.615349][T15153] sysfs_kf_write+0xf2/0x150 [ 580.615374][T15153] kernfs_fop_write_iter+0x3e0/0x5f0 [ 580.615395][T15153] ? __pfx_sysfs_kf_write+0x10/0x10 [ 580.615421][T15153] vfs_write+0x6ac/0x1070 [ 580.615439][T15153] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 580.615463][T15153] ? __pfx_vfs_write+0x10/0x10 [ 580.615494][T15153] ksys_write+0x12a/0x250 [ 580.615511][T15153] ? __pfx_ksys_write+0x10/0x10 [ 580.615530][T15153] ? rcu_is_watching+0x12/0xc0 [ 580.615550][T15153] do_syscall_64+0x115/0x840 [ 580.615572][T15153] ? clear_bhb_loop+0x40/0x90 [ 580.615590][T15153] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 580.615606][T15153] RIP: 0033:0x7f2dca99ce59 [ 580.615620][T15153] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 580.615635][T15153] RSP: 002b:00007f2dcb7e1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 580.615650][T15153] RAX: ffffffffffffffda RBX: 00007f2dcac16090 RCX: 00007f2dca99ce59 [ 580.615660][T15153] RDX: 0000000000000008 RSI: 0000200000000080 RDI: 0000000000000009 [ 580.615669][T15153] RBP: 00007f2dcb7e1090 R08: 0000000000000000 R09: 0000000000000000 [ 580.615679][T15153] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 580.615687][T15153] R13: 00007f2dcac16128 R14: 00007f2dcac16090 R15: 00007ffc5b7cd248 [ 580.615708][T15153] [ 580.910954][T11766] Bluetooth: hci3: command 0x2016 tx timeout [ 580.917076][T11766] Bluetooth: hci2: command 0x2016 tx timeout [ 580.935986][T15122] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 580.946798][T15122] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 580.954184][T15122] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 580.960734][T15122] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 581.185228][T15048] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 581.272430][T11822] Bluetooth: hci5: command tx timeout [ 581.403194][T15048] veth0_vlan: entered promiscuous mode [ 581.415610][T15048] veth1_vlan: entered promiscuous mode [ 581.446505][T15048] veth0_macvtap: entered promiscuous mode [ 581.456678][T15048] veth1_macvtap: entered promiscuous mode [ 581.477078][T15048] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 581.493728][T15048] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 581.508771][T11774] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 581.575796][T11774] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 581.622901][T11774] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 581.634735][T11774] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 583.028539][T15122] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 583.034514][T11766] Bluetooth: hci1: command 0x2016 tx timeout [ 583.040631][T11837] Bluetooth: hci0: command 0x2016 tx timeout [ 583.047330][T11837] Bluetooth: hci3: command 0x2016 tx timeout [ 583.053413][T11822] Bluetooth: hci4: command 0x041b tx timeout [ 583.062301][T15122] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 583.070443][T15122] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 583.078596][T15122] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 583.084658][T15122] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 583.092719][T15122] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 583.278584][T11927] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 583.319210][T15124] Process accounting resumed [ 583.328865][T11927] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 583.428996][T11927] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 583.480779][T11927] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 584.449574][T15200] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1914'. [ 584.538250][T15203] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1914'. [ 585.016706][T15207] random: crng reseeded on system resumption [ 585.104359][T15174] Bluetooth: hci4: command 0x041b tx timeout [ 585.110467][T15174] Bluetooth: hci3: command 0x2016 tx timeout [ 585.116647][T11844] Bluetooth: hci5: command 0x0c1a tx timeout [ 585.347772][T15213] busy [ 585.373549][T15213] i2c i2c-0: new_device: Invalid device name [ 585.632832][T15213] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1916'. [ 585.781019][T15215] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1917'. [ 585.792389][T11844] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 585.870034][T15215] netlink: 330 bytes leftover after parsing attributes in process `syz.5.1917'. [ 586.030939][T15215] ›: renamed from sit0 (while UP) [ 586.548751][T15233] busy [ 586.621117][T15233] i2c i2c-0: new_device: Invalid device name [ 586.647496][T15226] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 586.762257][T15228] zswap: compressor not available [ 586.862753][T15244] netlink: 338 bytes leftover after parsing attributes in process `syz.4.1922'. [ 587.187062][T15174] Bluetooth: hci5: command 0x0c1a tx timeout [ 587.193623][T15174] Bluetooth: hci4: command 0x041b tx timeout [ 587.442740][T15249] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1924'. [ 587.508215][T15252] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1924'. [ 588.703123][T15174] Bluetooth: hci3: command 0x2016 tx timeout [ 588.709203][T14839] Bluetooth: hci2: command 0x2016 tx timeout [ 588.720180][T15226] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 588.728652][T15226] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 588.735217][T15226] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 588.741422][T15226] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 588.748496][T15226] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 588.756031][T15241] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 589.194276][T11844] Bluetooth: hci5: unexpected subevent 0x01 length: 123 > 18 [ 589.282396][T15267] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1927'. [ 589.396731][T15272] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1927'. [ 590.781936][T14839] Bluetooth: hci4: command 0x041b tx timeout [ 590.788863][T11822] Bluetooth: hci1: command 0x2016 tx timeout [ 590.795114][T11837] Bluetooth: hci0: command 0x2016 tx timeout [ 590.801390][T11837] Bluetooth: hci3: command 0x2016 tx timeout [ 590.807580][T11844] Bluetooth: hci5: command 0x0c1a tx timeout [ 591.003381][T15299] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 591.570125][T15304] random: crng reseeded on system resumption [ 592.078280][T15318] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1936'. [ 592.358003][T15324] busy [ 592.398277][T15324] i2c i2c-0: new_device: Invalid device name [ 592.661971][T15330] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1938'. [ 592.793867][T15324] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1938'. [ 592.860742][T11766] Bluetooth: hci5: command 0x0c1a tx timeout [ 592.866772][T11844] Bluetooth: hci4: command 0x041b tx timeout [ 593.768286][T15174] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 594.534867][T15349] random: crng reseeded on system resumption [ 594.939335][T15174] Bluetooth: hci4: command 0x041b tx timeout [ 594.945425][T11766] Bluetooth: hci5: command 0x0c1a tx timeout [ 595.194076][T15367] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 595.241349][T15367] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 596.211618][T15382] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1950'. [ 596.301659][T15382] netlink: 330 bytes leftover after parsing attributes in process `syz.5.1950'. [ 597.018326][T15299] Bluetooth: hci4: command 0x041b tx timeout [ 597.039696][T15398] busy [ 597.044075][T15398] i2c i2c-0: new_device: Invalid device name [ 597.137594][T15399] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1955'. [ 597.151984][T15399] netlink: 338 bytes leftover after parsing attributes in process `syz.4.1955'. [ 597.259161][T15174] Bluetooth: hci2: command 0x2016 tx timeout [ 597.265229][T15299] Bluetooth: hci3: command 0x2016 tx timeout [ 597.337976][T15299] Bluetooth: hci0: command 0x2016 tx timeout [ 597.345568][T15367] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 597.352808][T15367] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 597.359988][T15367] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 597.366102][T15367] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 597.796489][T15415] : Can't lookup blockdev [ 599.041090][T15299] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 599.396657][T15438] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1963'. [ 599.418455][T11844] Bluetooth: hci5: command 0x0c1a tx timeout [ 599.425354][T15174] Bluetooth: hci4: command 0x041b tx timeout [ 599.431443][T11766] Bluetooth: hci1: command 0x2016 tx timeout [ 599.438191][T11837] Bluetooth: hci0: command 0x2016 tx timeout [ 599.539367][T15439] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1963'. [ 599.609063][T15444] i2c i2c-0: new_device: Invalid device name [ 599.812883][T15447] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1964'. [ 599.876007][T15434] random: crng reseeded on system resumption [ 599.920788][T15447] netlink: 338 bytes leftover after parsing attributes in process `syz.5.1964'. [ 600.807970][T15462] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1969'. [ 601.014975][T15465] busy [ 601.041330][T15465] i2c i2c-0: new_device: Invalid device name [ 601.188074][T15465] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1970'. [ 601.255080][T15465] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1970'. [ 601.295510][T15467] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1971'. [ 601.330890][T15450] Process accounting resumed [ 601.496760][T11766] Bluetooth: hci4: command 0x041b tx timeout [ 601.766905][T15455] Process accounting resumed [ 601.986925][T15488] FAULT_INJECTION: forcing a failure. [ 601.986925][T15488] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 602.083634][T15488] CPU: 0 UID: 0 PID: 15488 Comm: syz.4.1975 Tainted: G U L syzkaller #0 PREEMPT(full) [ 602.083661][T15488] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 602.083667][T15488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 602.083677][T15488] Call Trace: [ 602.083682][T15488] [ 602.083689][T15488] dump_stack_lvl+0x100/0x190 [ 602.083720][T15488] should_fail_ex.cold+0x5/0xa [ 602.083740][T15488] _copy_from_user+0x2e/0xd0 [ 602.083763][T15488] semctl_main+0xf27/0x2b10 [ 602.083853][T15488] ? __pfx_semctl_main+0x10/0x10 [ 602.083897][T15488] ? __mutex_unlock_slowpath+0x15d/0x8a0 [ 602.083921][T15488] ? kernel_write+0x603/0x6c0 [ 602.083938][T15488] ? __fget_files+0x215/0x3d0 [ 602.083959][T15488] ksys_semctl.constprop.0+0x201/0x2e0 [ 602.083978][T15488] ? __pfx_ksys_semctl.constprop.0+0x10/0x10 [ 602.084003][T15488] ? rcu_is_watching+0x12/0xc0 [ 602.084023][T15488] do_syscall_64+0x115/0x840 [ 602.084044][T15488] ? clear_bhb_loop+0x40/0x90 [ 602.084062][T15488] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 602.084078][T15488] RIP: 0033:0x7f9dbc39ce59 [ 602.084092][T15488] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 602.084106][T15488] RSP: 002b:00007f9dbd1ed028 EFLAGS: 00000246 ORIG_RAX: 0000000000000042 [ 602.084122][T15488] RAX: ffffffffffffffda RBX: 00007f9dbc616090 RCX: 00007f9dbc39ce59 [ 602.084132][T15488] RDX: 0000000000000011 RSI: 000000000000000c RDI: 0000000000000000 [ 602.084141][T15488] RBP: 00007f9dbd1ed090 R08: 0000000000000000 R09: 0000000000000000 [ 602.084150][T15488] R10: 0000000000000081 R11: 0000000000000246 R12: 0000000000000001 [ 602.084159][T15488] R13: 00007f9dbc616128 R14: 00007f9dbc616090 R15: 00007ffe4db71b08 [ 602.084178][T15488] [ 602.742449][T15299] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 603.581786][T11766] Bluetooth: hci4: command 0x041b tx timeout [ 603.601668][T15513] __nla_validate_parse: 3 callbacks suppressed [ 603.601684][T15513] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1982'. [ 603.747571][T15513] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1982'. [ 603.915954][T11837] Bluetooth: hci5: unexpected subevent 0x01 length: 123 > 18 [ 604.105026][T15504] Process accounting resumed [ 604.774463][T15299] Bluetooth: hci3: command 0x2016 tx timeout [ 605.264372][T15541] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 605.294594][T15541] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 605.325907][T15541] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 605.359371][T15541] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 605.402651][T15541] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 605.909974][T15299] Bluetooth: hci5: unexpected subevent 0x01 length: 123 > 18 [ 605.917892][T15299] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci5/hci5:0' [ 605.927610][T15299] CPU: 0 UID: 0 PID: 15299 Comm: kworker/u11:6 Tainted: G U L syzkaller #0 PREEMPT(full) [ 605.927638][T15299] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 605.927644][T15299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 605.927655][T15299] Workqueue: hci5 hci_rx_work [ 605.927680][T15299] Call Trace: [ 605.927686][T15299] [ 605.927693][T15299] dump_stack_lvl+0x100/0x190 [ 605.927725][T15299] sysfs_warn_dup.cold+0x1c/0x28 [ 605.927747][T15299] sysfs_create_dir_ns+0x24b/0x2b0 [ 605.927765][T15299] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 605.927780][T15299] ? find_held_lock+0x2b/0x80 [ 605.927799][T15299] ? kobject_add_internal+0x25f/0x930 [ 605.927815][T15299] ? kobject_add_internal+0x25f/0x930 [ 605.927832][T15299] ? do_raw_spin_unlock+0x145/0x1e0 [ 605.927850][T15299] kobject_add_internal+0x2c8/0x930 [ 605.927868][T15299] kobject_add+0x16a/0x1e0 [ 605.927883][T15299] ? __pfx_kobject_add+0x10/0x10 [ 605.927897][T15299] ? class_to_subsys+0x10f/0x150 [ 605.927919][T15299] ? kobject_put+0xb9/0x640 [ 605.927940][T15299] ? _raw_spin_unlock+0x28/0x50 [ 605.927965][T15299] device_add+0x294/0x1950 [ 605.927983][T15299] ? __pfx_dev_set_name+0x10/0x10 [ 605.928003][T15299] ? __pfx_device_add+0x10/0x10 [ 605.928019][T15299] ? mgmt_send_event_skb+0x2fb/0x460 [ 605.928045][T15299] hci_conn_add_sysfs+0x1a3/0x260 [ 605.928068][T15299] le_conn_complete_evt+0x11eb/0x1f60 [ 605.928093][T15299] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 605.928111][T15299] ? __pfx_bt_warn+0x10/0x10 [ 605.928138][T15299] hci_le_conn_complete_evt+0x23c/0x3a0 [ 605.928158][T15299] ? skb_pull_data+0x15f/0x1e0 [ 605.928181][T15299] hci_le_meta_evt+0x34a/0x5f0 [ 605.928201][T15299] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 605.928233][T15299] hci_event_packet+0x51c/0xcd0 [ 605.928254][T15299] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 605.928276][T15299] ? __pfx_hci_event_packet+0x10/0x10 [ 605.928299][T15299] ? kcov_remote_start+0x374/0x660 [ 605.928320][T15299] ? lockdep_hardirqs_on+0x78/0x100 [ 605.928347][T15299] hci_rx_work+0x451/0xfc0 [ 605.928370][T15299] process_one_work+0xa0e/0x1980 [ 605.928394][T15299] ? __pfx_process_one_work+0x10/0x10 [ 605.928414][T15299] ? __pfx_hci_rx_work+0x10/0x10 [ 605.928435][T15299] worker_thread+0x5ef/0xe50 [ 605.928455][T15299] ? __pfx_worker_thread+0x10/0x10 [ 605.928470][T15299] ? kthread+0x13a/0x450 [ 605.928491][T15299] ? __pfx_worker_thread+0x10/0x10 [ 605.928504][T15299] kthread+0x370/0x450 [ 605.928525][T15299] ? __pfx_kthread+0x10/0x10 [ 605.928548][T15299] ret_from_fork+0x72b/0xd50 [ 605.928565][T15299] ? __pfx_ret_from_fork+0x10/0x10 [ 605.928582][T15299] ? __switch_to+0x800/0x1100 [ 605.928601][T15299] ? __switch_to_asm+0x39/0x70 [ 605.928620][T15299] ? __pfx_kthread+0x10/0x10 [ 605.928643][T15299] ret_from_fork_asm+0x1a/0x30 [ 605.928671][T15299] [ 605.928739][T15299] kobject: kobject_add_internal failed for hci5:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 606.254291][T15299] Bluetooth: hci5: failed to register connection device [ 607.333030][T11766] Bluetooth: hci3: command 0x2016 tx timeout [ 607.339137][T11766] Bluetooth: hci2: command 0x2016 tx timeout [ 607.345302][T15299] Bluetooth: hci0: command 0x2016 tx timeout [ 607.413810][T11766] Bluetooth: hci1: command 0x2016 tx timeout [ 607.420285][T15299] Bluetooth: hci4: command 0x041b tx timeout [ 607.492823][T15299] Bluetooth: hci5: command 0x0c1a tx timeout [ 609.571876][T15299] Bluetooth: hci5: command 0x0c1a tx timeout [ 609.580588][T15541] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 610.512551][ T1318] ieee802154 phy0 wpan0: encryption failed: -22 [ 610.525616][ T1318] ieee802154 phy1 wpan1: encryption failed: -22 [ 610.878299][T15599] netlink: 330 bytes leftover after parsing attributes in process `syz.4.2000'. [ 610.947481][T15582] Process accounting resumed [ 611.581182][T15614] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 611.598032][T15618] busy [ 611.615774][T15614] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 611.628963][T15618] i2c i2c-0: new_device: Invalid device name [ 611.651016][T15299] Bluetooth: hci5: command 0x0c1a tx timeout [ 611.675517][T15614] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 611.707869][T15614] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 611.755400][T15614] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 611.789224][T15614] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 611.977969][T15618] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2004'. [ 612.241604][T15632] random: crng reseeded on system resumption [ 612.290271][T15635] blktrace: Concurrent blktraces are not allowed on loop2 [ 612.389660][T15634] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2008'. [ 612.409511][T15635] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2009'. [ 612.445564][T15634] netlink: 330 bytes leftover after parsing attributes in process `syz.4.2008'. [ 612.494846][T15637] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2009'. [ 612.568545][T15634] ›: renamed from sit0 (while UP) [ 612.854582][T15647] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 612.854699][T15647] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 612.854808][T15647] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 612.855412][T15647] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 612.855508][T15647] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 612.855598][T15647] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 613.119234][T15650] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2011'. [ 613.165713][T15653] netlink: 334 bytes leftover after parsing attributes in process `syz.5.2012'. [ 613.229288][T15655] netlink: 330 bytes leftover after parsing attributes in process `syz.4.2011'. [ 613.842037][ T1318] ieee802154 phy0 wpan0: encryption failed: -22 [ 613.848456][ T1318] ieee802154 phy1 wpan1: encryption failed: -22 [ 614.222068][T15675] busy [ 614.256320][T15675] i2c i2c-0: new_device: Invalid device name [ 614.470611][T15675] netlink: 338 bytes leftover after parsing attributes in process `syz.5.2017'. [ 614.798417][ T1318] ieee802154 phy0 wpan0: encryption failed: -22 [ 614.806698][ T1318] ieee802154 phy1 wpan1: encryption failed: -22 [ 614.929799][T11837] Bluetooth: hci5: command 0x0c1a tx timeout [ 614.935867][T15299] Bluetooth: hci4: command 0x041b tx timeout [ 614.941972][T11766] Bluetooth: hci1: command 0x2016 tx timeout [ 614.947966][T15174] Bluetooth: hci0: command 0x2016 tx timeout [ 614.953991][T11844] Bluetooth: hci3: command 0x2016 tx timeout [ 614.960079][T11822] Bluetooth: hci2: command 0x2016 tx timeout [ 615.144368][T11844] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 615.324786][ T29] audit: type=1800 audit(4294967709.205:19): pid=15685 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2016" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 615.909007][T15693] random: crng reseeded on system resumption [ 617.169108][T11822] Bluetooth: hci0: command 0x2016 tx timeout [ 617.411027][T15713] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 617.456802][T15713] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 617.480764][T15720] netlink: 330 bytes leftover after parsing attributes in process `syz.4.2026'. [ 617.513556][T15713] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 617.544046][T15713] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 617.589377][T15713] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 617.625198][T15713] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 618.039270][T11822] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 618.709789][T15727] Process accounting resumed [ 619.135492][T15748] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2033'. [ 619.259845][T15751] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2033'. [ 619.407741][T11844] Bluetooth: hci2: command 0x2016 tx timeout [ 619.487986][T11844] Bluetooth: hci3: command 0x2016 tx timeout [ 619.567722][T11844] Bluetooth: hci1: command 0x2016 tx timeout [ 619.567750][T11844] Bluetooth: hci0: command 0x2016 tx timeout [ 619.647546][T11766] Bluetooth: hci5: command 0x0c1a tx timeout [ 619.647587][T11766] Bluetooth: hci4: command 0x041b tx timeout [ 619.926982][T15765] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 619.942372][T15765] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 619.942482][T15765] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 619.942582][T15765] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 619.942681][T15765] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 619.942773][T15765] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 620.424547][T11822] Bluetooth: hci5: unexpected subevent 0x01 length: 123 > 18 [ 620.522830][T15773] device-mapper: ioctl: Unable to rename non-existent device, to „ [ 620.584442][T15749] Process accounting resumed [ 620.659313][T15777] input: jJǸ-¶š9ã%vø“ûJ86Ö‘ as /devices/virtual/input/input10 [ 620.804417][T15781] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2043'. [ 620.948010][T15780] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 620.974424][T15780] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 621.004316][T15780] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 621.064436][T15780] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 621.091341][T15780] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 621.130851][T15789] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2044'. [ 621.213388][T15791] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2044'. [ 621.987679][T15787] Process accounting resumed [ 622.499704][T15800] Process accounting resumed [ 622.925362][T11822] Bluetooth: hci2: command 0x2016 tx timeout [ 623.005409][T11844] Bluetooth: hci3: command 0x2016 tx timeout [ 623.011503][T11822] Bluetooth: hci0: command 0x2016 tx timeout [ 623.085001][T11822] Bluetooth: hci1: command 0x2016 tx timeout [ 623.171363][T11766] Bluetooth: hci5: command 0x0c1a tx timeout [ 623.177933][T11822] Bluetooth: hci4: command 0x041b tx timeout [ 623.187354][T15780] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 623.419921][T15813] Process accounting resumed [ 623.665009][T11766] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 624.050312][ T1318] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.059988][ T1318] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.683920][T15845] FAULT_INJECTION: forcing a failure. [ 624.683920][T15845] name failslab, interval 1, probability 0, space 0, times 0 [ 624.758607][T15845] CPU: 0 UID: 0 PID: 15845 Comm: syz.5.2058 Tainted: G U L syzkaller #0 PREEMPT(full) [ 624.758636][T15845] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 624.758642][T15845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 624.758653][T15845] Call Trace: [ 624.758658][T15845] [ 624.758665][T15845] dump_stack_lvl+0x100/0x190 [ 624.758697][T15845] should_fail_ex.cold+0x5/0xa [ 624.758718][T15845] should_failslab+0xc2/0x120 [ 624.758737][T15845] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 624.758761][T15845] ? bdev_alloc_inode+0x26/0x90 [ 624.758878][T15845] ? __pfx_bdev_alloc_inode+0x10/0x10 [ 624.758899][T15845] bdev_alloc_inode+0x26/0x90 [ 624.758918][T15845] ? __pfx_bdev_alloc_inode+0x10/0x10 [ 624.758937][T15845] alloc_inode+0x68/0x250 [ 624.758960][T15845] new_inode+0x22/0x1c0 [ 624.758984][T15845] bdev_alloc+0x2b/0x420 [ 624.759003][T15845] ? bdi_init+0x3f4/0x5b0 [ 624.759020][T15845] ? bdi_init+0x49f/0x5b0 [ 624.759042][T15845] __alloc_disk_node+0x116/0x6b0 [ 624.759063][T15845] __blk_mq_alloc_disk+0x89/0x120 [ 624.759104][T15845] loop_add+0x498/0xb60 [ 624.759126][T15845] ? __pfx_loop_add+0x10/0x10 [ 624.759157][T15845] ? find_held_lock+0x2b/0x80 [ 624.759176][T15845] ? __fget_files+0x215/0x3d0 [ 624.759195][T15845] loop_control_ioctl+0xae/0x620 [ 624.759217][T15845] ? __pfx_loop_control_ioctl+0x10/0x10 [ 624.759240][T15845] ? __pfx_loop_control_ioctl+0x10/0x10 [ 624.759261][T15845] __x64_sys_ioctl+0x18e/0x210 [ 624.759278][T15845] do_syscall_64+0x115/0x840 [ 624.759299][T15845] ? clear_bhb_loop+0x40/0x90 [ 624.759317][T15845] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 624.759334][T15845] RIP: 0033:0x7f954959ce59 [ 624.759348][T15845] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 624.759363][T15845] RSP: 002b:00007f954a419028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 624.759379][T15845] RAX: ffffffffffffffda RBX: 00007f9549815fa0 RCX: 00007f954959ce59 [ 624.759389][T15845] RDX: 000000000000008c RSI: 0000000000004c80 RDI: 0000000000000009 [ 624.759399][T15845] RBP: 00007f9549632d6f R08: 0000000000000000 R09: 0000000000000000 [ 624.759409][T15845] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 624.759418][T15845] R13: 00007f9549816038 R14: 00007f9549815fa0 R15: 00007ffeb903aa18 [ 624.759438][T15845] [ 625.117442][T15842] Process accounting resumed [ 625.242954][T15858] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2061'. [ 625.264991][T11822] Bluetooth: hci3: command 0x2016 tx timeout [ 625.271139][T11822] Bluetooth: hci5: command 0x0c1a tx timeout [ 625.341312][T15860] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2061'. [ 625.608443][T15867] blktrace: Concurrent blktraces are not allowed on loop2 [ 625.749401][T15867] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2063'. [ 625.861521][T15873] netlink: 330 bytes leftover after parsing attributes in process `syz.4.2063'. [ 627.323976][T11844] Bluetooth: hci5: command 0x0c1a tx timeout [ 627.330091][T11822] Bluetooth: hci3: command 0x2016 tx timeout [ 629.402082][T11766] Bluetooth: hci3: command 0x2016 tx timeout [ 629.636923][T15946] FAULT_INJECTION: forcing a failure. [ 629.636923][T15946] name failslab, interval 1, probability 0, space 0, times 0 [ 629.718206][T15946] CPU: 0 UID: 0 PID: 15946 Comm: syz.3.2078 Tainted: G U L syzkaller #0 PREEMPT(full) [ 629.718235][T15946] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 629.718241][T15946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 629.718252][T15946] Call Trace: [ 629.718257][T15946] [ 629.718264][T15946] dump_stack_lvl+0x100/0x190 [ 629.718295][T15946] should_fail_ex.cold+0x5/0xa [ 629.718315][T15946] should_failslab+0xc2/0x120 [ 629.718334][T15946] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 629.718357][T15946] ? __pmd_alloc+0xbf/0x950 [ 629.718380][T15946] __pmd_alloc+0xbf/0x950 [ 629.718401][T15946] __handle_mm_fault+0xa9c/0x2a00 [ 629.718426][T15946] ? mt_find+0x45e/0x8e0 [ 629.718450][T15946] ? __pfx___handle_mm_fault+0x10/0x10 [ 629.718470][T15946] ? __pfx_mt_find+0x10/0x10 [ 629.718502][T15946] ? find_vma+0xbf/0x140 [ 629.718517][T15946] ? __pfx_find_vma+0x10/0x10 [ 629.718544][T15946] handle_mm_fault+0x37b/0xa30 [ 629.718570][T15946] do_user_addr_fault+0x74c/0x12f0 [ 629.718592][T15946] ? trace_page_fault_kernel+0x7a/0x200 [ 629.718612][T15946] exc_page_fault+0x6f/0xd0 [ 629.718634][T15946] asm_exc_page_fault+0x26/0x30 [ 629.718649][T15946] RIP: 0010:rep_movs_alternative+0x30/0x90 [ 629.718666][T15946] Code: 83 f9 08 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 0d 9d 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 [ 629.718680][T15946] RSP: 0018:ffffc900048bfb40 EFLAGS: 00050246 [ 629.718694][T15946] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000008 [ 629.718706][T15946] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffc900048bfbb8 [ 629.718716][T15946] RBP: 0000000000000008 R08: 0000000000000001 R09: fffff52000917f77 [ 629.718725][T15946] R10: ffffc900048bfbbf R11: 0000000000000000 R12: 0000000000000000 [ 629.718734][T15946] R13: ffffc900048bfbb8 R14: dffffc0000000000 R15: 0000000000000008 [ 629.718754][T15946] _copy_from_user+0x98/0xd0 [ 629.718776][T15946] fanotify_write+0xde/0x770 [ 629.718827][T15946] ? __pfx_fanotify_write+0x10/0x10 [ 629.718846][T15946] ? bpf_lsm_file_permission+0x9/0x10 [ 629.718869][T15946] ? security_file_permission+0x76/0x210 [ 629.718890][T15946] ? rw_verify_area+0xce/0x6d0 [ 629.718907][T15946] ? __pfx_fanotify_write+0x10/0x10 [ 629.718922][T15946] vfs_writev+0x5ea/0xe10 [ 629.718943][T15946] ? __pfx_vfs_writev+0x10/0x10 [ 629.718973][T15946] ? __fget_files+0x21f/0x3d0 [ 629.718995][T15946] ? do_writev+0x13e/0x340 [ 629.719010][T15946] do_writev+0x13e/0x340 [ 629.719026][T15946] ? __pfx_do_writev+0x10/0x10 [ 629.719044][T15946] ? rcu_is_watching+0x12/0xc0 [ 629.719064][T15946] do_syscall_64+0x115/0x840 [ 629.719084][T15946] ? clear_bhb_loop+0x40/0x90 [ 629.719102][T15946] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 629.719117][T15946] RIP: 0033:0x7fda95f9ce59 [ 629.719131][T15946] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 629.719145][T15946] RSP: 002b:00007fda941f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 629.719158][T15946] RAX: ffffffffffffffda RBX: 00007fda96215fa0 RCX: 00007fda95f9ce59 [ 629.719168][T15946] RDX: 0000000000000008 RSI: 0000200000000100 RDI: 0000000000000003 [ 629.719182][T15946] RBP: 00007fda96032d6f R08: 0000000000000000 R09: 0000000000000000 [ 629.719194][T15946] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 629.719203][T15946] R13: 00007fda96216038 R14: 00007fda96215fa0 R15: 00007ffcb19bdaa8 [ 629.719223][T15946] [ 630.248895][T15954] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2081'. [ 630.342140][T15954] netlink: 330 bytes leftover after parsing attributes in process `syz.4.2081'. [ 630.383460][T15960] blktrace: Concurrent blktraces are not allowed on loop2 [ 630.396050][T15960] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2082'. [ 630.466715][T15964] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2082'. [ 630.491386][T11766] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 631.158954][T15981] netlink: 330 bytes leftover after parsing attributes in process `syz.5.2086'. [ 631.182545][T15971] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 631.188720][T15971] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 631.239994][T15971] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 631.282817][T15971] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 631.606331][T15980] sysfs_service_op_store: Client not running :-5: [ 632.733424][T15987] aoe: skb alloc failure [ 632.738592][ T1318] ieee802154 phy0 wpan0: encryption failed: -22 [ 632.745778][ T1318] ieee802154 phy1 wpan1: encryption failed: -22 [ 633.240502][T11844] Bluetooth: hci0: command 0x2016 tx timeout [ 633.246584][T11822] Bluetooth: hci3: command 0x2016 tx timeout [ 633.252659][T11822] Bluetooth: hci2: command 0x2016 tx timeout [ 633.320562][T11844] Bluetooth: hci4: command 0x041b tx timeout [ 633.326621][T11822] Bluetooth: hci1: command 0x2016 tx timeout [ 633.334992][T15971] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 633.342190][T15971] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 634.744423][T11766] Bluetooth: hci5: unexpected subevent 0x01 length: 123 > 18 [ 635.399829][T11822] Bluetooth: hci5: command 0x0c1a tx timeout [ 635.405876][T11844] Bluetooth: hci4: command 0x041b tx timeout [ 635.530489][T16039] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 635.563676][T16039] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 635.594916][T16039] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 635.658733][T16039] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 635.692832][T16027] Process accounting resumed [ 635.704807][T16039] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 635.750885][T16039] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 635.939269][T16055] busy [ 635.953703][T16055] i2c i2c-0: new_device: Invalid device name [ 636.004141][T11766] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 636.066326][T16059] busy [ 636.078395][T16059] i2c i2c-0: new_device: Invalid device name [ 636.146324][T16055] netlink: 338 bytes leftover after parsing attributes in process `syz.5.2104'. [ 636.271156][T16059] netlink: 338 bytes leftover after parsing attributes in process `syz.2.2106'. [ 636.519906][T16056] random: crng reseeded on system resumption [ 636.555603][T11766] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 636.654321][T16078] binder: 16072:16078 ioctl c00c620f 200000000d40 returned -22 [ 637.255444][T16086] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2111'. [ 637.389729][T16086] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2111'. [ 637.553850][T16095] block2mtd: error: cannot open device  [ 637.576942][T11844] Bluetooth: hci2: command 0x2016 tx timeout [ 637.647291][T11844] Bluetooth: hci0: command 0x2016 tx timeout [ 637.647328][T11844] Bluetooth: hci3: command 0x2016 tx timeout [ 637.717841][T11837] Bluetooth: hci4: command 0x041b tx timeout [ 637.717870][T11837] Bluetooth: hci1: command 0x2016 tx timeout [ 637.797704][T11822] Bluetooth: hci5: command 0x0c1a tx timeout [ 638.118365][T16102] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 638.135369][T16102] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 638.152254][T16102] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 638.166278][T16102] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 638.182331][T16102] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 638.196772][T16102] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 638.372824][T16115] aoe: skb alloc failure [ 638.384072][ T1318] ieee802154 phy0 wpan0: encryption failed: -22 [ 638.393526][ T1318] ieee802154 phy1 wpan1: encryption failed: -22 [ 638.401824][T11766] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 638.731754][T16127] busy [ 638.737523][T16113] random: crng reseeded on system resumption [ 638.746315][T16127] i2c i2c-0: new_device: Invalid device name [ 638.798483][T16127] netlink: 338 bytes leftover after parsing attributes in process `syz.2.2124'. [ 639.418322][T16139] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 639.452437][T16139] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 639.504374][T16139] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 639.559256][T16139] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 640.197283][T11766] Bluetooth: hci5: command 0x0c1a tx timeout [ 640.410274][ T1318] ieee802154 phy0 wpan0: encryption failed: -22 [ 640.419823][ T1318] ieee802154 phy1 wpan1: encryption failed: -22 [ 640.470933][T16134] Process accounting resumed [ 640.580768][T16163] busy [ 640.600327][T16163] i2c i2c-0: new_device: Invalid device name [ 641.017694][T16175] netlink: 338 bytes leftover after parsing attributes in process `syz.2.2133'. [ 641.396100][T11766] Bluetooth: hci2: command 0x2016 tx timeout [ 641.403529][T16184] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2136'. [ 641.478761][T11766] Bluetooth: hci3: command 0x2016 tx timeout [ 641.556116][T11766] Bluetooth: hci0: command 0x2016 tx timeout [ 641.639926][T11822] Bluetooth: hci1: command 0x2016 tx timeout [ 641.646141][T11766] Bluetooth: hci4: command 0x041b tx timeout [ 641.655352][T16139] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 641.678084][T16139] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 641.845003][T16197] netlink: 330 bytes leftover after parsing attributes in process `syz.5.2137'. [ 642.041173][T16201] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2138'. [ 642.050955][T16204] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2139'. [ 642.164215][T16211] netlink: 330 bytes leftover after parsing attributes in process `syz.4.2139'. [ 643.234673][ T1318] ieee802154 phy0 wpan0: encryption failed: -22 [ 643.249758][ T1318] ieee802154 phy1 wpan1: encryption failed: -22 [ 643.510430][T16233] busy [ 643.551645][T16233] i2c i2c-0: new_device: Invalid device name [ 643.560200][T11844] Bluetooth: hci3: command 0x2016 tx timeout [ 643.644317][T11844] Bluetooth: hci0: command 0x2016 tx timeout [ 643.683846][T16236] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2145'. [ 643.723236][T11844] Bluetooth: hci5: command 0x0c1a tx timeout [ 643.729353][T11844] Bluetooth: hci4: command 0x041b tx timeout [ 643.792087][T16233] netlink: 338 bytes leftover after parsing attributes in process `syz.4.2146'. [ 644.180246][T16247] binder: 16245:16247 ioctl c00c620f 200000000d40 returned -22 [ 644.204357][T16246] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2149'. [ 644.303168][T16250] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2149'. [ 644.484884][T16252] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2151'. [ 645.793781][T11844] Bluetooth: hci4: command 0x041b tx timeout [ 645.961149][ T1318] ieee802154 phy0 wpan0: encryption failed: -22 [ 645.972296][ T1318] ieee802154 phy1 wpan1: encryption failed: -22 [ 650.006849][T16309] Process accounting paused [ 650.172390][T16313] binder: 16312:16313 ioctl c00c620f 200000000d40 returned -22 [ 650.350055][T16323] __nla_validate_parse: 1 callbacks suppressed [ 650.350070][T16323] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2159'. [ 650.451930][T16326] FAULT_INJECTION: forcing a failure. [ 650.451930][T16326] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 650.548792][T16326] CPU: 0 UID: 0 PID: 16326 Comm: syz.2.2162 Tainted: G U L syzkaller #0 PREEMPT(full) [ 650.548821][T16326] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 650.548827][T16326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 650.548836][T16326] Call Trace: [ 650.548842][T16326] [ 650.548849][T16326] dump_stack_lvl+0x100/0x190 [ 650.548879][T16326] should_fail_ex.cold+0x5/0xa [ 650.548896][T16326] ? prepare_alloc_pages+0x16d/0x5f0 [ 650.548918][T16326] should_fail_alloc_page+0xeb/0x140 [ 650.548937][T16326] prepare_alloc_pages+0x1f0/0x5f0 [ 650.548956][T16326] ? is_bpf_text_address+0x94/0x1a0 [ 650.548979][T16326] __alloc_frozen_pages_noprof+0x19a/0x2bc0 [ 650.549005][T16326] ? __lock_acquire+0x4a5/0x2630 [ 650.549036][T16326] ? lock_acquire+0x1b1/0x370 [ 650.549058][T16326] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 650.549082][T16326] ? find_held_lock+0x2b/0x80 [ 650.549100][T16326] ? __kfree_rcu_sheaf+0x195/0x710 [ 650.549117][T16326] ? __kfree_rcu_sheaf+0x195/0x710 [ 650.549145][T16326] ? __lock_acquire+0x4a5/0x2630 [ 650.549169][T16326] ? vma_is_special_huge+0x23f/0x2d0 [ 650.549188][T16326] ? __pfx_vma_is_special_huge+0x10/0x10 [ 650.549206][T16326] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 650.549228][T16326] ? policy_nodemask+0xed/0x4f0 [ 650.549248][T16326] alloc_pages_mpol+0x1fb/0x540 [ 650.549267][T16326] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 650.549285][T16326] ? __lock_acquire+0x4a5/0x2630 [ 650.549308][T16326] ? __pfx___thp_vma_allowable_orders+0x10/0x10 [ 650.549331][T16326] alloc_pages_noprof+0x1a/0x160 [ 650.549352][T16326] __pmd_alloc+0x3b/0x950 [ 650.549373][T16326] __handle_mm_fault+0xa9c/0x2a00 [ 650.549399][T16326] ? mt_find+0x45e/0x8e0 [ 650.549424][T16326] ? __pfx___handle_mm_fault+0x10/0x10 [ 650.549445][T16326] ? __pfx_mt_find+0x10/0x10 [ 650.549482][T16326] handle_mm_fault+0x37b/0xa30 [ 650.549507][T16326] __get_user_pages+0x1178/0x32a0 [ 650.549532][T16326] ? down_read_killable+0x307/0x4b0 [ 650.549548][T16326] ? __pfx___get_user_pages+0x10/0x10 [ 650.549572][T16326] __gup_longterm_locked+0x87d/0x16f0 [ 650.549590][T16326] ? process_measurement+0x4c8/0x2350 [ 650.549681][T16326] ? __pfx___gup_longterm_locked+0x10/0x10 [ 650.549710][T16326] gup_fast_fallback+0x16dc/0x2790 [ 650.549743][T16326] ? __pfx_gup_fast_fallback+0x10/0x10 [ 650.549763][T16326] ? __lock_acquire+0x4a5/0x2630 [ 650.549787][T16326] ? find_held_lock+0x2b/0x80 [ 650.549805][T16326] ? is_bpf_text_address+0x8a/0x1a0 [ 650.549830][T16326] get_user_pages_fast+0xa7/0xf0 [ 650.549852][T16326] ? __pfx_get_user_pages_fast+0x10/0x10 [ 650.549877][T16326] __iov_iter_get_pages_alloc+0x8f2/0x1f20 [ 650.549904][T16326] ? pipe_lock+0x69/0x80 [ 650.549923][T16326] ? __pfx___iov_iter_get_pages_alloc+0x10/0x10 [ 650.549945][T16326] ? __pfx___mutex_lock+0x10/0x10 [ 650.549969][T16326] ? iovec_from_user+0xda/0x140 [ 650.549994][T16326] iov_iter_get_pages2+0xa3/0x100 [ 650.550015][T16326] ? __pfx_iov_iter_get_pages2+0x10/0x10 [ 650.550035][T16326] ? wait_for_space+0x2ca/0x3b0 [ 650.550057][T16326] __do_sys_vmsplice+0x7dd/0x13c0 [ 650.550084][T16326] ? __pfx___do_sys_vmsplice+0x10/0x10 [ 650.550106][T16326] ? get_pid_task+0x106/0x250 [ 650.550129][T16326] ? find_held_lock+0x2b/0x80 [ 650.550158][T16326] ? find_held_lock+0x2b/0x80 [ 650.550175][T16326] ? ksys_write+0x190/0x250 [ 650.550192][T16326] ? ksys_write+0x190/0x250 [ 650.550219][T16326] ? __fget_files+0x21f/0x3d0 [ 650.550243][T16326] ? __pfx_ksys_write+0x10/0x10 [ 650.550266][T16326] ? do_syscall_64+0x115/0x840 [ 650.550286][T16326] do_syscall_64+0x115/0x840 [ 650.550306][T16326] ? clear_bhb_loop+0x40/0x90 [ 650.550324][T16326] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 650.550340][T16326] RIP: 0033:0x7f2dca99ce59 [ 650.550353][T16326] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 650.550369][T16326] RSP: 002b:00007f2dcb802028 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 650.550384][T16326] RAX: ffffffffffffffda RBX: 00007f2dcac15fa0 RCX: 00007f2dca99ce59 [ 650.550394][T16326] RDX: 0000000000000006 RSI: 0000200000000000 RDI: 0000000000000001 [ 650.550403][T16326] RBP: 00007f2dcb802090 R08: 0000000000000000 R09: 0000000000000000 [ 650.550413][T16326] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001 [ 650.550421][T16326] R13: 00007f2dcac16038 R14: 00007f2dcac15fa0 R15: 00007ffc5b7cd248 [ 650.550442][T16326] [ 652.391501][T16361] aoe: skb alloc failure [ 652.445861][ T1318] ieee802154 phy0 wpan0: encryption failed: -22 [ 652.457508][ T1318] ieee802154 phy1 wpan1: encryption failed: -22 [ 653.944149][T11844] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 654.037633][T11844] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 654.734028][T16386] random: crng reseeded on system resumption [ 655.289094][T16389] random: crng reseeded on system resumption [ 655.480292][T16401] Process accounting paused [ 656.028621][T11766] Bluetooth: hci4: command 0x041b tx timeout [ 656.108562][T11822] Bluetooth: hci3: command 0x2016 tx timeout [ 656.295977][T16442] FAULT_INJECTION: forcing a failure. [ 656.295977][T16442] name failslab, interval 1, probability 0, space 0, times 0 [ 656.366719][T16442] CPU: 0 UID: 0 PID: 16442 Comm: syz.2.2179 Tainted: G U L syzkaller #0 PREEMPT(full) [ 656.366747][T16442] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 656.366753][T16442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 656.366763][T16442] Call Trace: [ 656.366768][T16442] [ 656.366774][T16442] dump_stack_lvl+0x100/0x190 [ 656.366812][T16442] should_fail_ex.cold+0x5/0xa [ 656.366831][T16442] should_failslab+0xc2/0x120 [ 656.366850][T16442] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 656.366874][T16442] ? __pmd_alloc+0xbf/0x950 [ 656.366897][T16442] __pmd_alloc+0xbf/0x950 [ 656.366918][T16442] __handle_mm_fault+0xa9c/0x2a00 [ 656.366944][T16442] ? mt_find+0x45e/0x8e0 [ 656.366968][T16442] ? __pfx___handle_mm_fault+0x10/0x10 [ 656.366988][T16442] ? __pfx_mt_find+0x10/0x10 [ 656.367025][T16442] handle_mm_fault+0x37b/0xa30 [ 656.367051][T16442] __get_user_pages+0x1178/0x32a0 [ 656.367075][T16442] ? down_read_killable+0x307/0x4b0 [ 656.367091][T16442] ? __pfx___get_user_pages+0x10/0x10 [ 656.367116][T16442] __gup_longterm_locked+0x87d/0x16f0 [ 656.367135][T16442] ? process_measurement+0x4c8/0x2350 [ 656.367156][T16442] ? __pfx___gup_longterm_locked+0x10/0x10 [ 656.367185][T16442] gup_fast_fallback+0x16dc/0x2790 [ 656.367217][T16442] ? __pfx_gup_fast_fallback+0x10/0x10 [ 656.367238][T16442] ? __lock_acquire+0x4a5/0x2630 [ 656.367263][T16442] ? find_held_lock+0x2b/0x80 [ 656.367281][T16442] ? is_bpf_text_address+0x8a/0x1a0 [ 656.367304][T16442] get_user_pages_fast+0xa7/0xf0 [ 656.367324][T16442] ? __pfx_get_user_pages_fast+0x10/0x10 [ 656.367348][T16442] __iov_iter_get_pages_alloc+0x8f2/0x1f20 [ 656.367374][T16442] ? pipe_lock+0x69/0x80 [ 656.367394][T16442] ? __pfx___iov_iter_get_pages_alloc+0x10/0x10 [ 656.367416][T16442] ? __pfx___mutex_lock+0x10/0x10 [ 656.367439][T16442] ? iovec_from_user+0xda/0x140 [ 656.367464][T16442] iov_iter_get_pages2+0xa3/0x100 [ 656.367485][T16442] ? __pfx_iov_iter_get_pages2+0x10/0x10 [ 656.367506][T16442] ? wait_for_space+0x2ca/0x3b0 [ 656.367528][T16442] __do_sys_vmsplice+0x7dd/0x13c0 [ 656.367555][T16442] ? __pfx___do_sys_vmsplice+0x10/0x10 [ 656.367577][T16442] ? get_pid_task+0x106/0x250 [ 656.367600][T16442] ? find_held_lock+0x2b/0x80 [ 656.367621][T16442] ? find_held_lock+0x2b/0x80 [ 656.367642][T16442] ? ksys_write+0x190/0x250 [ 656.367658][T16442] ? ksys_write+0x190/0x250 [ 656.367685][T16442] ? __fget_files+0x21f/0x3d0 [ 656.367710][T16442] ? __pfx_ksys_write+0x10/0x10 [ 656.367732][T16442] ? do_syscall_64+0x115/0x840 [ 656.367752][T16442] do_syscall_64+0x115/0x840 [ 656.367772][T16442] ? clear_bhb_loop+0x40/0x90 [ 656.367795][T16442] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 656.367811][T16442] RIP: 0033:0x7f2dca99ce59 [ 656.367823][T16442] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 656.367838][T16442] RSP: 002b:00007f2dcb802028 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 656.367854][T16442] RAX: ffffffffffffffda RBX: 00007f2dcac15fa0 RCX: 00007f2dca99ce59 [ 656.367864][T16442] RDX: 0000000000000006 RSI: 0000200000000000 RDI: 0000000000000001 [ 656.367873][T16442] RBP: 00007f2dcb802090 R08: 0000000000000000 R09: 0000000000000000 [ 656.367882][T16442] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001 [ 656.367891][T16442] R13: 00007f2dcac16038 R14: 00007f2dcac15fa0 R15: 00007ffc5b7cd248 [ 656.367911][T16442] [ 657.149974][T16453] FAULT_INJECTION: forcing a failure. [ 657.149974][T16453] name failslab, interval 1, probability 0, space 0, times 0 [ 657.174744][T16453] CPU: 0 UID: 0 PID: 16453 Comm: syz.2.2181 Tainted: G U L syzkaller #0 PREEMPT(full) [ 657.174773][T16453] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 657.174780][T16453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 657.174790][T16453] Call Trace: [ 657.174796][T16453] [ 657.174802][T16453] dump_stack_lvl+0x100/0x190 [ 657.174833][T16453] should_fail_ex.cold+0x5/0xa [ 657.174853][T16453] should_failslab+0xc2/0x120 [ 657.174872][T16453] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 657.174896][T16453] ? __d_alloc+0x34/0xa40 [ 657.174915][T16453] ? lockdep_hardirqs_on+0x78/0x100 [ 657.174937][T16453] ? ktime_get_coarse_real_ts64_mg+0x249/0x300 [ 657.174956][T16453] __d_alloc+0x34/0xa40 [ 657.174978][T16453] d_alloc_pseudo+0x1c/0xc0 [ 657.174993][T16453] alloc_file_pseudo+0xcf/0x230 [ 657.175017][T16453] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 657.175041][T16453] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 657.175063][T16453] create_pipe_files+0x360/0x970 [ 657.175085][T16453] do_pipe2+0xbd/0x1e0 [ 657.175104][T16453] ? __pfx_do_pipe2+0x10/0x10 [ 657.175121][T16453] ? xfd_validate_state+0x129/0x190 [ 657.175136][T16453] ? ksys_write+0x1ac/0x250 [ 657.175159][T16453] __x64_sys_pipe+0x33/0x50 [ 657.175177][T16453] do_syscall_64+0x115/0x840 [ 657.175198][T16453] ? clear_bhb_loop+0x40/0x90 [ 657.175216][T16453] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 657.175231][T16453] RIP: 0033:0x7f2dca99ce59 [ 657.175245][T16453] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 657.175260][T16453] RSP: 002b:00007f2dcb7c0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000016 [ 657.175275][T16453] RAX: ffffffffffffffda RBX: 00007f2dcac16180 RCX: 00007f2dca99ce59 [ 657.175286][T16453] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000500 [ 657.175296][T16453] RBP: 00007f2dcaa32d6f R08: 0000000000000000 R09: 0000000000000000 [ 657.175305][T16453] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 657.175315][T16453] R13: 00007f2dcac16218 R14: 00007f2dcac16180 R15: 00007ffc5b7cd248 [ 657.175335][T16453] [ 658.161409][T11844] Bluetooth: hci4: command 0x041b tx timeout [ 658.190501][T11844] Bluetooth: hci3: command 0x2016 tx timeout [ 658.730937][T16469] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2182'. [ 658.760971][T16476] busy [ 658.773236][T16476] i2c i2c-0: new_device: Invalid device name [ 658.782195][T11822] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 658.796202][T16469] netlink: 330 bytes leftover after parsing attributes in process `syz.5.2182'. [ 659.169434][T16485] busy [ 659.198670][T16485] i2c i2c-0: new_device: Invalid device name [ 659.347876][T16472] random: crng reseeded on system resumption [ 659.450128][T16485] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2186'. [ 659.695337][T16494] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2188'. [ 660.826455][T11766] Bluetooth: hci4: command 0x041b tx timeout [ 661.079561][T11822] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 661.766545][T16511] random: crng reseeded on system resumption [ 661.868731][T16527] busy [ 661.886781][T16527] i2c i2c-0: new_device: Invalid device name [ 662.905247][T11822] Bluetooth: hci4: command 0x041b tx timeout [ 663.147721][T11844] Bluetooth: hci3: command 0x2016 tx timeout [ 663.497681][T11766] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 663.668507][T16545] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 663.741897][T16545] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 663.839881][T16550] busy [ 663.864269][T16550] i2c i2c-0: new_device: Invalid device name [ 664.043656][T16553] netlink: 338 bytes leftover after parsing attributes in process `syz.5.2198'. [ 665.166066][T16562] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2200'. [ 665.634900][T16571] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2202'. [ 665.704989][T11844] Bluetooth: hci2: command 0x2016 tx timeout [ 665.786733][T11844] Bluetooth: hci3: command 0x2016 tx timeout [ 665.867975][T11844] Bluetooth: hci0: command 0x2016 tx timeout [ 665.885325][T16545] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 665.892127][T16545] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 665.899498][T16545] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 665.907328][T16545] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 666.021997][T16547] Process accounting paused [ 667.388737][T16585] Process accounting resumed [ 667.490930][T16600] busy [ 667.504338][T16600] i2c i2c-0: new_device: Invalid device name [ 667.943075][T11822] Bluetooth: hci5: command 0x0c1a tx timeout [ 667.949984][T11844] Bluetooth: hci4: command 0x041b tx timeout [ 667.956114][T11766] Bluetooth: hci1: command 0x2016 tx timeout [ 667.962114][T11837] Bluetooth: hci0: command 0x2016 tx timeout [ 667.984370][T16594] Process accounting resumed [ 668.594914][T16602] Process accounting resumed [ 669.251976][T11844] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 669.725264][T16633] netlink: 330 bytes leftover after parsing attributes in process `syz.5.2216'. [ 669.959388][T16626] random: crng reseeded on system resumption [ 670.057297][T16638] busy [ 670.084601][T16638] i2c i2c-0: new_device: Invalid device name [ 670.509823][T16624] Process accounting resumed [ 670.610896][T16645] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2218'. [ 670.727882][T11822] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 670.979106][T16653] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 671.301236][T11822] Bluetooth: hci0: command 0x2016 tx timeout [ 672.981074][T11844] Bluetooth: hci2: command 0x2016 tx timeout [ 673.060767][T11837] Bluetooth: hci3: command 0x2016 tx timeout [ 673.068999][T16653] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 673.078423][T16653] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 673.085119][T16653] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 673.092140][T16653] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 673.101543][T16653] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 673.362249][T16668] binder: 16661:16668 ioctl c00c620f 200000000d40 returned -22 [ 673.775120][T16676] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2225'. [ 673.862356][T16680] netlink: 330 bytes leftover after parsing attributes in process `syz.5.2225'. [ 674.380766][T16696] busy [ 674.393819][T16696] i2c i2c-0: new_device: Invalid device name [ 674.738571][T16702] netlink: 330 bytes leftover after parsing attributes in process `syz.5.2230'. [ 675.010380][T16709] busy [ 675.035214][T16709] i2c i2c-0: new_device: Invalid device name [ 675.139115][T11837] Bluetooth: hci4: command 0x041b tx timeout [ 675.145406][T11844] Bluetooth: hci1: command 0x2016 tx timeout [ 675.151471][T11766] Bluetooth: hci0: command 0x2016 tx timeout [ 675.157470][T15174] Bluetooth: hci3: command 0x2016 tx timeout [ 675.164387][T11822] Bluetooth: hci5: command 0x0c1a tx timeout [ 675.176171][T16712] netlink: 338 bytes leftover after parsing attributes in process `syz.5.2232'. [ 675.563302][T16720] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2233'. [ 675.706843][T16717] netlink: 330 bytes leftover after parsing attributes in process `syz.5.2233'. [ 676.023944][T14447] Process accounting paused [ 676.225464][T16727] random: crng reseeded on system resumption [ 676.413480][T11844] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 676.426560][T11844] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 676.435457][T11844] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 676.450497][T11844] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 676.461702][T11844] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 676.927816][T16743] busy [ 676.954283][T16743] i2c i2c-0: new_device: Invalid device name [ 677.443890][T16760] netlink: 330 bytes leftover after parsing attributes in process `syz.5.2240'. [ 677.468367][T16744] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 677.509568][T16744] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 677.536311][T16744] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 677.560624][T16744] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 677.581137][T16744] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 677.606384][T16744] Bluetooth: hci6: Opcode 0x0c1a failed: -4 [ 677.655574][T16744] Bluetooth: hci6: Opcode 0x0406 failed: -4 [ 677.697194][T16744] Bluetooth: hci6: Opcode 0x0406 failed: -4 [ 677.754245][T16764] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2241'. [ 678.054184][T16770] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2244'. [ 678.432768][T16784] busy [ 678.457023][T16784] i2c i2c-0: new_device: Invalid device name [ 678.786339][T16734] bridge0: port 1(bridge_slave_0) entered blocking state [ 678.813679][T16734] bridge0: port 1(bridge_slave_0) entered disabled state [ 678.830721][T16734] bridge_slave_0: entered allmulticast mode [ 678.848178][T16734] bridge_slave_0: entered promiscuous mode [ 678.892923][T16734] bridge0: port 2(bridge_slave_1) entered blocking state [ 678.924436][T16734] bridge0: port 2(bridge_slave_1) entered disabled state [ 678.954121][T16734] bridge_slave_1: entered allmulticast mode [ 679.006457][T16734] bridge_slave_1: entered promiscuous mode [ 679.407608][T16734] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 679.475632][T16734] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 679.537170][T11822] Bluetooth: hci0: command 0x2016 tx timeout [ 679.543290][T11822] Bluetooth: hci3: command 0x2016 tx timeout [ 679.549382][T11844] Bluetooth: hci2: command 0x2016 tx timeout [ 679.617062][T11844] Bluetooth: hci6: command 0x041b tx timeout [ 679.625445][T15174] Bluetooth: hci5: command 0x0c1a tx timeout [ 679.631640][T11822] Bluetooth: hci1: command 0x2016 tx timeout [ 679.809272][T16734] team0: Port device team_slave_0 added [ 679.835374][T16734] team0: Port device team_slave_1 added [ 680.010666][T16734] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 680.036617][T16734] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 680.120170][T16734] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 680.231509][T16734] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 680.255431][T16734] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 680.319116][T16734] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 680.435640][T16734] hsr_slave_0: entered promiscuous mode [ 680.443620][T16734] hsr_slave_1: entered promiscuous mode [ 680.453102][T16734] debugfs: 'hsr0' already exists in 'hsr' [ 680.468992][T16734] Cannot create hsr debugfs directory [ 680.499153][T16795] Process accounting resumed [ 680.645174][T11844] Bluetooth: hci5: unexpected subevent 0x01 length: 123 > 18 [ 680.827190][T16812] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 680.843577][T16812] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 680.868016][T16812] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 680.890236][T16812] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 681.143674][T16734] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 681.153495][T16734] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 681.162623][T16734] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 681.172916][T16734] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 681.184764][T16734] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 681.210761][T16734] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 681.227355][T16734] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 681.260666][T16734] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 681.379659][T16734] 8021q: adding VLAN 0 to HW filter on device bond0 [ 681.405204][T16734] 8021q: adding VLAN 0 to HW filter on device team0 [ 681.423071][T12788] bridge0: port 1(bridge_slave_0) entered blocking state [ 681.430296][T12788] bridge0: port 1(bridge_slave_0) entered forwarding state [ 681.463522][T12788] bridge0: port 2(bridge_slave_1) entered blocking state [ 681.470713][T12788] bridge0: port 2(bridge_slave_1) entered forwarding state [ 681.697897][T11822] Bluetooth: hci6: command 0x041b tx timeout [ 681.830997][T16734] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 682.041558][T16734] veth0_vlan: entered promiscuous mode [ 682.053503][T16734] veth1_vlan: entered promiscuous mode [ 682.084906][T16734] veth0_macvtap: entered promiscuous mode [ 682.095190][T16734] veth1_macvtap: entered promiscuous mode [ 682.114596][T16734] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 682.136499][T16734] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 682.151012][T15559] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 682.166627][T15559] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 682.184667][T15559] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 682.239792][T15559] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 682.815589][T11822] Bluetooth: hci2: command 0x2016 tx timeout [ 682.895616][T11822] Bluetooth: hci1: command 0x2016 tx timeout [ 682.901665][T15174] Bluetooth: hci0: command 0x2016 tx timeout [ 682.907771][T11837] Bluetooth: hci3: command 0x2016 tx timeout [ 682.975205][T11822] Bluetooth: hci5: command 0x0c1a tx timeout [ 682.983351][T16812] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 682.994339][T16812] Bluetooth: hci6: Opcode 0x0c1a failed: -4 [ 683.208152][T15559] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 683.273166][T15559] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 683.410137][T11847] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 683.420186][T11847] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 683.783420][T16850] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2236'. [ 683.821859][T16850] netlink: 330 bytes leftover after parsing attributes in process `syz.6.2236'. [ 683.841703][T16850] ›: renamed from sit0 (while UP) [ 684.077310][T16845] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 684.100192][T16845] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 684.120664][T16845] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 684.145765][T16845] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 684.185599][T16845] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 684.207922][T16845] Bluetooth: hci6: Opcode 0x0c1a failed: -4 [ 684.353750][T16857] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2256'. [ 684.450852][T16859] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2256'. [ 684.632936][T16868] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2257'. [ 684.685472][T16870] busy [ 684.700937][T16870] i2c i2c-0: new_device: Invalid device name [ 684.836470][T16870] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2258'. [ 684.878000][T16870] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2258'. [ 685.115193][T11822] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 685.456494][ T1318] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.462823][ T1318] ieee802154 phy1 wpan1: encryption failed: -22 [ 685.469220][T11844] Bluetooth: hci2: command 0x2016 tx timeout [ 685.522579][T16878] random: crng reseeded on system resumption [ 686.175132][T11844] Bluetooth: hci1: command 0x2016 tx timeout [ 686.181191][T11837] Bluetooth: hci0: command 0x2016 tx timeout [ 686.187275][T11844] Bluetooth: hci3: command 0x2016 tx timeout [ 686.237146][T16895] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2264'. [ 686.253858][T11844] Bluetooth: hci6: command 0x041b tx timeout [ 686.259967][T11837] Bluetooth: hci5: command 0x0c1a tx timeout [ 686.314111][T16896] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 686.328071][T16897] netlink: 330 bytes leftover after parsing attributes in process `syz.5.2264'. [ 686.347015][T16896] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 686.388324][T16896] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 686.421278][T16896] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 686.480510][T16896] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 686.481227][T16896] Bluetooth: hci6: Opcode 0x0c1a failed: -4 [ 686.847513][T16909] busy [ 686.872371][T16909] i2c i2c-0: new_device: Invalid device name [ 686.995230][T16909] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2266'. [ 687.248437][T16915] i2c i2c-0: new_device: Invalid device name [ 687.535847][T11822] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 688.090191][T16919] random: crng reseeded on system resumption [ 688.169559][T16912] Process accounting resumed [ 688.332493][T11822] Bluetooth: hci2: command 0x2016 tx timeout [ 688.413230][T11822] Bluetooth: hci0: command 0x2016 tx timeout [ 688.419291][T11837] Bluetooth: hci3: command 0x2016 tx timeout [ 688.492455][T11837] Bluetooth: hci5: command 0x0c1a tx timeout [ 688.499979][T15174] Bluetooth: hci1: command 0x2016 tx timeout [ 688.506078][T11822] Bluetooth: hci6: command 0x041b tx timeout [ 689.041723][T16947] __nla_validate_parse: 1 callbacks suppressed [ 689.041740][T16947] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2274'. [ 689.711279][T16936] Process accounting resumed [ 689.749629][T16942] Process accounting resumed [ 689.824429][T16956] busy [ 689.842616][T16956] i2c i2c-0: new_device: Invalid device name [ 689.922396][T16961] binder: 16957:16961 ioctl c00c620f 200000000d40 returned -22 [ 690.253139][T16968] binder: 16965:16968 ioctl c00c620f 200000000d40 returned -22 [ 690.429884][T16952] Process accounting resumed [ 690.491701][T11822] Bluetooth: hci3: command 0x2016 tx timeout [ 690.572684][T11822] Bluetooth: hci6: command 0x041b tx timeout [ 690.686056][T16983] FAULT_INJECTION: forcing a failure. [ 690.686056][T16983] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 690.720841][T16983] CPU: 0 UID: 0 PID: 16983 Comm: syz.3.2286 Tainted: G U L syzkaller #0 PREEMPT(full) [ 690.720869][T16983] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 690.720875][T16983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 690.720884][T16983] Call Trace: [ 690.720890][T16983] [ 690.720896][T16983] dump_stack_lvl+0x100/0x190 [ 690.720931][T16983] should_fail_ex.cold+0x5/0xa [ 690.720949][T16983] ? prepare_alloc_pages+0x16d/0x5f0 [ 690.720972][T16983] should_fail_alloc_page+0xeb/0x140 [ 690.720992][T16983] prepare_alloc_pages+0x1f0/0x5f0 [ 690.721014][T16983] __alloc_frozen_pages_noprof+0x19a/0x2bc0 [ 690.721040][T16983] ? stack_trace_save+0x8e/0xc0 [ 690.721061][T16983] ? __pfx_stack_trace_save+0x10/0x10 [ 690.721080][T16983] ? __alloc_frozen_pages_noprof+0x2b1/0x2bc0 [ 690.721104][T16983] ? stack_depot_save_flags+0x27/0x9d0 [ 690.721137][T16983] ? kasan_save_stack+0x3f/0x50 [ 690.721151][T16983] ? kasan_save_stack+0x30/0x50 [ 690.721165][T16983] ? kasan_save_track+0x14/0x30 [ 690.721179][T16983] ? __kasan_slab_alloc+0x89/0x90 [ 690.721195][T16983] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 690.721219][T16983] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 690.721243][T16983] ? __get_user_pages+0x1178/0x32a0 [ 690.721260][T16983] ? __gup_longterm_locked+0x87d/0x16f0 [ 690.721278][T16983] ? gup_fast_fallback+0x16dc/0x2790 [ 690.721296][T16983] ? __iov_iter_get_pages_alloc+0x8f2/0x1f20 [ 690.721318][T16983] ? __do_sys_vmsplice+0x7dd/0x13c0 [ 690.721337][T16983] ? do_syscall_64+0x115/0x840 [ 690.721358][T16983] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 690.721382][T16983] ? __lock_acquire+0x4a5/0x2630 [ 690.721405][T16983] ? __css_rstat_updated+0x1ce/0x5a0 [ 690.721429][T16983] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 690.721452][T16983] ? policy_nodemask+0xed/0x4f0 [ 690.721472][T16983] alloc_pages_mpol+0x1fb/0x540 [ 690.721491][T16983] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 690.721509][T16983] ? __thp_vma_allowable_orders+0x1d9/0xce0 [ 690.721531][T16983] ? do_raw_spin_lock+0x128/0x260 [ 690.721549][T16983] alloc_pages_noprof+0x1a/0x160 [ 690.721570][T16983] pte_alloc_one+0x1c/0x3d0 [ 690.721597][T16983] do_fault+0x86c/0x1750 [ 690.721616][T16983] ? __pmd_alloc+0x3fb/0x950 [ 690.721637][T16983] __handle_mm_fault+0x187d/0x2a00 [ 690.721663][T16983] ? mt_find+0x45e/0x8e0 [ 690.721687][T16983] ? __pfx___handle_mm_fault+0x10/0x10 [ 690.721708][T16983] ? __pfx_mt_find+0x10/0x10 [ 690.721745][T16983] handle_mm_fault+0x37b/0xa30 [ 690.721770][T16983] __get_user_pages+0x1178/0x32a0 [ 690.721794][T16983] ? down_read_killable+0x307/0x4b0 [ 690.721811][T16983] ? __pfx___get_user_pages+0x10/0x10 [ 690.721835][T16983] __gup_longterm_locked+0x87d/0x16f0 [ 690.721855][T16983] ? process_measurement+0x4c8/0x2350 [ 690.721876][T16983] ? __pfx___gup_longterm_locked+0x10/0x10 [ 690.721904][T16983] gup_fast_fallback+0x16dc/0x2790 [ 690.721937][T16983] ? __pfx_gup_fast_fallback+0x10/0x10 [ 690.721958][T16983] ? __lock_acquire+0x4a5/0x2630 [ 690.721981][T16983] ? find_held_lock+0x2b/0x80 [ 690.721999][T16983] ? is_bpf_text_address+0x8a/0x1a0 [ 690.722023][T16983] get_user_pages_fast+0xa7/0xf0 [ 690.722042][T16983] ? __pfx_get_user_pages_fast+0x10/0x10 [ 690.722066][T16983] __iov_iter_get_pages_alloc+0x8f2/0x1f20 [ 690.722092][T16983] ? pipe_lock+0x69/0x80 [ 690.722111][T16983] ? __pfx___iov_iter_get_pages_alloc+0x10/0x10 [ 690.722133][T16983] ? __pfx___mutex_lock+0x10/0x10 [ 690.722157][T16983] ? iovec_from_user+0xda/0x140 [ 690.722182][T16983] iov_iter_get_pages2+0xa3/0x100 [ 690.722203][T16983] ? __pfx_iov_iter_get_pages2+0x10/0x10 [ 690.722223][T16983] ? wait_for_space+0x2ca/0x3b0 [ 690.722245][T16983] __do_sys_vmsplice+0x7dd/0x13c0 [ 690.722272][T16983] ? __pfx___do_sys_vmsplice+0x10/0x10 [ 690.722294][T16983] ? get_pid_task+0x106/0x250 [ 690.722318][T16983] ? find_held_lock+0x2b/0x80 [ 690.722340][T16983] ? find_held_lock+0x2b/0x80 [ 690.722358][T16983] ? ksys_write+0x190/0x250 [ 690.722375][T16983] ? ksys_write+0x190/0x250 [ 690.722402][T16983] ? __fget_files+0x21f/0x3d0 [ 690.722427][T16983] ? __pfx_ksys_write+0x10/0x10 [ 690.722449][T16983] ? do_syscall_64+0x115/0x840 [ 690.722469][T16983] do_syscall_64+0x115/0x840 [ 690.722489][T16983] ? clear_bhb_loop+0x40/0x90 [ 690.722507][T16983] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 690.722523][T16983] RIP: 0033:0x7fda95f9ce59 [ 690.722536][T16983] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 690.722550][T16983] RSP: 002b:00007fda941f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 690.722566][T16983] RAX: ffffffffffffffda RBX: 00007fda96215fa0 RCX: 00007fda95f9ce59 [ 690.722579][T16983] RDX: 0000000000000006 RSI: 0000200000000000 RDI: 0000000000000001 [ 690.722589][T16983] RBP: 00007fda941f6090 R08: 0000000000000000 R09: 0000000000000000 [ 690.722598][T16983] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001 [ 690.722607][T16983] R13: 00007fda96216038 R14: 00007fda96215fa0 R15: 00007ffcb19bdaa8 [ 690.722627][T16983] [ 691.339515][T11844] Bluetooth: hci6: unexpected subevent 0x01 length: 123 > 18 [ 691.898389][T16985] random: crng reseeded on system resumption [ 692.284941][T16997] binder: 16994:16997 ioctl c00c620f 200000000d40 returned -22 [ 692.571839][T11822] Bluetooth: hci3: command 0x2016 tx timeout [ 692.650286][T11822] Bluetooth: hci6: command 0x041b tx timeout [ 693.412535][T17014] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2293'. [ 693.510305][T17016] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2293'. [ 693.834993][T17019] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2294'. [ 693.916830][T17021] netlink: 330 bytes leftover after parsing attributes in process `syz.6.2294'. [ 694.372888][T17035] busy [ 694.386006][T17035] i2c i2c-0: new_device: Invalid device name [ 694.430008][T17037] busy [ 694.444806][T17037] i2c i2c-0: new_device: Invalid device name [ 694.649371][T11844] Bluetooth: hci3: command 0x2016 tx timeout [ 694.733438][T11844] Bluetooth: hci6: command 0x041b tx timeout [ 694.898729][ T1318] ieee802154 phy0 wpan0: encryption failed: -22 [ 694.906872][ T1318] ieee802154 phy1 wpan1: encryption failed: -22 [ 694.920619][ T1318] ieee802154 phy0 wpan0: encryption failed: -22 [ 694.937443][ T1318] ieee802154 phy1 wpan1: encryption failed: -22 [ 695.923653][T17068] busy [ 695.956955][T17068] i2c i2c-0: new_device: Invalid device name [ 696.018444][T11844] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 696.042243][T11844] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 696.054824][T11844] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 696.062820][T11844] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 696.071516][T11844] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 696.808369][T11844] Bluetooth: hci6: command 0x041b tx timeout [ 696.983354][T17064] Process accounting resumed [ 698.134551][T17117] FAULT_INJECTION: forcing a failure. [ 698.134551][T17117] name failslab, interval 1, probability 0, space 0, times 0 [ 698.168914][T11844] Bluetooth: hci4: command tx timeout [ 698.216404][T17117] CPU: 0 UID: 0 PID: 17117 Comm: syz.3.2317 Tainted: G U L syzkaller #0 PREEMPT(full) [ 698.216432][T17117] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 698.216438][T17117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 698.216448][T17117] Call Trace: [ 698.216453][T17117] [ 698.216460][T17117] dump_stack_lvl+0x100/0x190 [ 698.216492][T17117] should_fail_ex.cold+0x5/0xa [ 698.216517][T17117] should_failslab+0xc2/0x120 [ 698.216537][T17117] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 698.216560][T17117] ? ptlock_alloc+0x1f/0x70 [ 698.216582][T17117] ? do_raw_spin_lock+0x128/0x260 [ 698.216602][T17117] ptlock_alloc+0x1f/0x70 [ 698.216623][T17117] pte_alloc_one+0x82/0x3d0 [ 698.216644][T17117] do_fault+0x86c/0x1750 [ 698.216663][T17117] ? __pmd_alloc+0x3fb/0x950 [ 698.216684][T17117] __handle_mm_fault+0x187d/0x2a00 [ 698.216709][T17117] ? mt_find+0x45e/0x8e0 [ 698.216734][T17117] ? __pfx___handle_mm_fault+0x10/0x10 [ 698.216755][T17117] ? __pfx_mt_find+0x10/0x10 [ 698.216791][T17117] handle_mm_fault+0x37b/0xa30 [ 698.216817][T17117] __get_user_pages+0x1178/0x32a0 [ 698.216842][T17117] ? down_read_killable+0x307/0x4b0 [ 698.216858][T17117] ? __pfx___get_user_pages+0x10/0x10 [ 698.216882][T17117] __gup_longterm_locked+0x87d/0x16f0 [ 698.216901][T17117] ? process_measurement+0x4c8/0x2350 [ 698.216921][T17117] ? __pfx___gup_longterm_locked+0x10/0x10 [ 698.216950][T17117] gup_fast_fallback+0x16dc/0x2790 [ 698.216982][T17117] ? __pfx_gup_fast_fallback+0x10/0x10 [ 698.217003][T17117] ? __lock_acquire+0x4a5/0x2630 [ 698.217027][T17117] ? find_held_lock+0x2b/0x80 [ 698.217045][T17117] ? is_bpf_text_address+0x8a/0x1a0 [ 698.217068][T17117] get_user_pages_fast+0xa7/0xf0 [ 698.217087][T17117] ? __pfx_get_user_pages_fast+0x10/0x10 [ 698.217111][T17117] __iov_iter_get_pages_alloc+0x8f2/0x1f20 [ 698.217138][T17117] ? pipe_lock+0x69/0x80 [ 698.217157][T17117] ? __pfx___iov_iter_get_pages_alloc+0x10/0x10 [ 698.217179][T17117] ? __pfx___mutex_lock+0x10/0x10 [ 698.217203][T17117] ? iovec_from_user+0xda/0x140 [ 698.217227][T17117] iov_iter_get_pages2+0xa3/0x100 [ 698.217248][T17117] ? __pfx_iov_iter_get_pages2+0x10/0x10 [ 698.217269][T17117] ? wait_for_space+0x2ca/0x3b0 [ 698.217291][T17117] __do_sys_vmsplice+0x7dd/0x13c0 [ 698.217319][T17117] ? __pfx___do_sys_vmsplice+0x10/0x10 [ 698.217340][T17117] ? get_pid_task+0x106/0x250 [ 698.217366][T17117] ? find_held_lock+0x2b/0x80 [ 698.217388][T17117] ? find_held_lock+0x2b/0x80 [ 698.217405][T17117] ? ksys_write+0x190/0x250 [ 698.217422][T17117] ? ksys_write+0x190/0x250 [ 698.217450][T17117] ? __fget_files+0x21f/0x3d0 [ 698.217475][T17117] ? __pfx_ksys_write+0x10/0x10 [ 698.217497][T17117] ? do_syscall_64+0x115/0x840 [ 698.217521][T17117] do_syscall_64+0x115/0x840 [ 698.217541][T17117] ? clear_bhb_loop+0x40/0x90 [ 698.217559][T17117] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 698.217575][T17117] RIP: 0033:0x7fda95f9ce59 [ 698.217589][T17117] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 698.217604][T17117] RSP: 002b:00007fda941f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 698.217618][T17117] RAX: ffffffffffffffda RBX: 00007fda96215fa0 RCX: 00007fda95f9ce59 [ 698.217629][T17117] RDX: 0000000000000006 RSI: 0000200000000000 RDI: 0000000000000001 [ 698.217637][T17117] RBP: 00007fda941f6090 R08: 0000000000000000 R09: 0000000000000000 [ 698.217646][T17117] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001 [ 698.217655][T17117] R13: 00007fda96216038 R14: 00007fda96215fa0 R15: 00007ffcb19bdaa8 [ 698.217675][T17117] [ 698.723300][T17121] busy [ 698.726858][T17121] i2c i2c-0: new_device: Invalid device name [ 698.979372][T11844] Bluetooth: hci5: unexpected subevent 0x01 length: 123 > 18 [ 699.052473][T17132] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2320'. [ 699.066179][T17119] random: crng reseeded on system resumption [ 699.402734][T17071] bridge0: port 1(bridge_slave_0) entered blocking state [ 699.421378][T17071] bridge0: port 1(bridge_slave_0) entered disabled state [ 699.437561][T17071] bridge_slave_0: entered allmulticast mode [ 699.452895][T17071] bridge_slave_0: entered promiscuous mode [ 699.546438][T17071] bridge0: port 2(bridge_slave_1) entered blocking state [ 699.575424][T17071] bridge0: port 2(bridge_slave_1) entered disabled state [ 699.615708][T17071] bridge_slave_1: entered allmulticast mode [ 699.658032][T17071] bridge_slave_1: entered promiscuous mode [ 699.845589][T17143] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2322'. [ 699.965711][T17144] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2322'. [ 700.251521][T11822] Bluetooth: hci4: command tx timeout [ 700.270360][T17071] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 700.463483][T17071] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 700.621121][T17071] team0: Port device team_slave_0 added [ 700.649043][T17071] team0: Port device team_slave_1 added [ 700.785495][T17071] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 700.798173][T17156] blktrace: Concurrent blktraces are not allowed on loop2 [ 700.821136][T17071] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 700.903236][T17071] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 700.953508][T17071] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 700.981611][T17071] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 701.047664][T11844] Bluetooth: hci5: command 0x0c1a tx timeout [ 701.087643][T17071] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 701.336196][T17071] hsr_slave_0: entered promiscuous mode [ 701.342370][T17161] busy [ 701.353837][T17161] i2c i2c-0: new_device: Invalid device name [ 701.364313][T17071] hsr_slave_1: entered promiscuous mode [ 701.375072][T17071] debugfs: 'hsr0' already exists in 'hsr' [ 701.382583][T17071] Cannot create hsr debugfs directory [ 701.626474][T11822] Bluetooth: hci5: unexpected subevent 0x01 length: 123 > 18 [ 701.634323][T11822] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci5/hci5:0' [ 701.643964][T11822] CPU: 0 UID: 0 PID: 11822 Comm: kworker/u11:1 Tainted: G U L syzkaller #0 PREEMPT(full) [ 701.643991][T11822] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 701.643998][T11822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 701.644009][T11822] Workqueue: hci5 hci_rx_work [ 701.644034][T11822] Call Trace: [ 701.644040][T11822] [ 701.644046][T11822] dump_stack_lvl+0x100/0x190 [ 701.644075][T11822] sysfs_warn_dup.cold+0x1c/0x28 [ 701.644097][T11822] sysfs_create_dir_ns+0x24b/0x2b0 [ 701.644115][T11822] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 701.644132][T11822] ? find_held_lock+0x2b/0x80 [ 701.644153][T11822] ? kobject_add_internal+0x25f/0x930 [ 701.644169][T11822] ? kobject_add_internal+0x25f/0x930 [ 701.644186][T11822] ? do_raw_spin_unlock+0x145/0x1e0 [ 701.644204][T11822] kobject_add_internal+0x2c8/0x930 [ 701.644223][T11822] kobject_add+0x16a/0x1e0 [ 701.644238][T11822] ? __pfx_kobject_add+0x10/0x10 [ 701.644253][T11822] ? class_to_subsys+0x10f/0x150 [ 701.644276][T11822] ? kobject_put+0xb9/0x640 [ 701.644298][T11822] ? _raw_spin_unlock+0x28/0x50 [ 701.644322][T11822] device_add+0x294/0x1950 [ 701.644339][T11822] ? __pfx_dev_set_name+0x10/0x10 [ 701.644360][T11822] ? __pfx_device_add+0x10/0x10 [ 701.644377][T11822] ? mgmt_send_event_skb+0x2fb/0x460 [ 701.644403][T11822] hci_conn_add_sysfs+0x1a3/0x260 [ 701.644426][T11822] le_conn_complete_evt+0x11eb/0x1f60 [ 701.644451][T11822] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 701.644469][T11822] ? __pfx_bt_warn+0x10/0x10 [ 701.644497][T11822] hci_le_conn_complete_evt+0x23c/0x3a0 [ 701.644517][T11822] ? skb_pull_data+0x15f/0x1e0 [ 701.644541][T11822] hci_le_meta_evt+0x34a/0x5f0 [ 701.644562][T11822] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 701.644584][T11822] hci_event_packet+0x51c/0xcd0 [ 701.644603][T11822] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 701.644624][T11822] ? __pfx_hci_event_packet+0x10/0x10 [ 701.644646][T11822] ? kcov_remote_start+0x374/0x660 [ 701.644666][T11822] ? lockdep_hardirqs_on+0x78/0x100 [ 701.644692][T11822] hci_rx_work+0x451/0xfc0 [ 701.644715][T11822] process_one_work+0xa0e/0x1980 [ 701.644738][T11822] ? __pfx_process_one_work+0x10/0x10 [ 701.644759][T11822] ? __pfx_hci_rx_work+0x10/0x10 [ 701.644779][T11822] worker_thread+0x5ef/0xe50 [ 701.644799][T11822] ? __pfx_worker_thread+0x10/0x10 [ 701.644815][T11822] ? kthread+0x13a/0x450 [ 701.644843][T11822] ? __pfx_worker_thread+0x10/0x10 [ 701.644858][T11822] kthread+0x370/0x450 [ 701.644880][T11822] ? __pfx_kthread+0x10/0x10 [ 701.644904][T11822] ret_from_fork+0x72b/0xd50 [ 701.644922][T11822] ? __pfx_ret_from_fork+0x10/0x10 [ 701.644939][T11822] ? __switch_to+0x800/0x1100 [ 701.644959][T11822] ? __switch_to_asm+0x39/0x70 [ 701.644978][T11822] ? __pfx_kthread+0x10/0x10 [ 701.645000][T11822] ret_from_fork_asm+0x1a/0x30 [ 701.645029][T11822] [ 701.645074][T11822] kobject: kobject_add_internal failed for hci5:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 701.956162][T11822] Bluetooth: hci5: failed to register connection device [ 702.068421][T17169] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 702.094517][T17154] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2324'. [ 702.156172][ T29] audit: type=1800 audit(4294967796.089:20): pid=17170 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.2329" name="members" dev="configfs" ino=85453 res=0 errno=0 [ 702.203490][T17172] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2324'. [ 702.326249][T11822] Bluetooth: hci4: command tx timeout [ 702.468589][T17167] random: crng reseeded on system resumption [ 702.740151][T11822] Bluetooth: hci6: unexpected subevent 0x01 length: 123 > 18 [ 702.932068][T17180] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2330'. [ 703.065645][T17182] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2330'. [ 703.125964][T11822] Bluetooth: hci5: command 0x0c1a tx timeout [ 703.562010][T17181] random: crng reseeded on system resumption [ 703.632750][T17071] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 703.682220][T17071] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 703.708215][T17071] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 703.781086][T17071] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 703.873606][T17071] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 703.913310][T17071] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 703.947499][T17071] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 703.995473][T17071] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 704.406446][T11822] Bluetooth: hci4: command tx timeout [ 704.804441][T11822] Bluetooth: hci6: command 0x041b tx timeout [ 704.882777][T11837] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 704.896094][T17071] 8021q: adding VLAN 0 to HW filter on device bond0 [ 705.120406][T17071] 8021q: adding VLAN 0 to HW filter on device team0 [ 705.187401][T15559] bridge0: port 1(bridge_slave_0) entered blocking state [ 705.194592][T15559] bridge0: port 1(bridge_slave_0) entered forwarding state [ 705.204670][T15174] Bluetooth: hci5: command 0x0c1a tx timeout [ 705.282904][T15559] bridge0: port 2(bridge_slave_1) entered blocking state [ 705.290095][T15559] bridge0: port 2(bridge_slave_1) entered forwarding state [ 705.801750][T17225] Process accounting resumed [ 705.916216][T17239] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 706.687980][T17071] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 706.884495][T11822] Bluetooth: hci6: command 0x041b tx timeout [ 707.018736][T17071] veth0_vlan: entered promiscuous mode [ 707.044547][T17071] veth1_vlan: entered promiscuous mode [ 707.210579][T11822] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 707.219730][T11822] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:0' [ 707.230404][T11822] CPU: 0 UID: 0 PID: 11822 Comm: kworker/u11:1 Tainted: G U L syzkaller #0 PREEMPT(full) [ 707.230431][T11822] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 707.230438][T11822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 707.230449][T11822] Workqueue: hci3 hci_rx_work [ 707.230472][T11822] Call Trace: [ 707.230478][T11822] [ 707.230485][T11822] dump_stack_lvl+0x100/0x190 [ 707.230513][T11822] sysfs_warn_dup.cold+0x1c/0x28 [ 707.230536][T11822] sysfs_create_dir_ns+0x24b/0x2b0 [ 707.230554][T11822] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 707.230570][T11822] ? find_held_lock+0x2b/0x80 [ 707.230589][T11822] ? kobject_add_internal+0x25f/0x930 [ 707.230605][T11822] ? kobject_add_internal+0x25f/0x930 [ 707.230621][T11822] ? do_raw_spin_unlock+0x145/0x1e0 [ 707.230639][T11822] kobject_add_internal+0x2c8/0x930 [ 707.230658][T11822] kobject_add+0x16a/0x1e0 [ 707.230673][T11822] ? __pfx_kobject_add+0x10/0x10 [ 707.230687][T11822] ? class_to_subsys+0x10f/0x150 [ 707.230709][T11822] ? kobject_put+0xb9/0x640 [ 707.230730][T11822] ? _raw_spin_unlock+0x28/0x50 [ 707.230754][T11822] device_add+0x294/0x1950 [ 707.230773][T11822] ? __pfx_dev_set_name+0x10/0x10 [ 707.230793][T11822] ? __pfx_device_add+0x10/0x10 [ 707.230809][T11822] ? mgmt_send_event_skb+0x2fb/0x460 [ 707.230834][T11822] hci_conn_add_sysfs+0x1a3/0x260 [ 707.230858][T11822] le_conn_complete_evt+0x11eb/0x1f60 [ 707.230882][T11822] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 707.230904][T11822] ? __pfx_bt_warn+0x10/0x10 [ 707.230931][T11822] hci_le_conn_complete_evt+0x23c/0x3a0 [ 707.230952][T11822] ? skb_pull_data+0x15f/0x1e0 [ 707.230975][T11822] hci_le_meta_evt+0x34a/0x5f0 [ 707.230997][T11822] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 707.231019][T11822] hci_event_packet+0x51c/0xcd0 [ 707.231039][T11822] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 707.231059][T11822] ? __pfx_hci_event_packet+0x10/0x10 [ 707.231080][T11822] ? kcov_remote_start+0x374/0x660 [ 707.231101][T11822] ? lockdep_hardirqs_on+0x78/0x100 [ 707.231126][T11822] hci_rx_work+0x451/0xfc0 [ 707.231149][T11822] process_one_work+0xa0e/0x1980 [ 707.231173][T11822] ? __pfx_process_one_work+0x10/0x10 [ 707.231193][T11822] ? __pfx_hci_rx_work+0x10/0x10 [ 707.231214][T11822] worker_thread+0x5ef/0xe50 [ 707.231233][T11822] ? __pfx_worker_thread+0x10/0x10 [ 707.231249][T11822] ? kthread+0x13a/0x450 [ 707.231270][T11822] ? __pfx_worker_thread+0x10/0x10 [ 707.231283][T11822] kthread+0x370/0x450 [ 707.231305][T11822] ? __pfx_kthread+0x10/0x10 [ 707.231327][T11822] ret_from_fork+0x72b/0xd50 [ 707.231345][T11822] ? __pfx_ret_from_fork+0x10/0x10 [ 707.231361][T11822] ? __switch_to+0x800/0x1100 [ 707.231389][T11822] ? __switch_to_asm+0x39/0x70 [ 707.231408][T11822] ? __pfx_kthread+0x10/0x10 [ 707.231432][T11822] ret_from_fork_asm+0x1a/0x30 [ 707.231461][T11822] [ 707.231492][T11822] kobject: kobject_add_internal failed for hci3:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 707.535294][T11844] Bluetooth: hci5: command 0x0c1a tx timeout [ 707.556742][T17071] veth0_macvtap: entered promiscuous mode [ 707.563280][T11822] Bluetooth: hci3: failed to register connection device [ 707.598425][T17071] veth1_macvtap: entered promiscuous mode [ 707.637236][T17071] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 707.661879][T17071] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 707.688653][T11774] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 707.705083][T11774] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 707.732139][T11774] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 707.830692][T11774] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 707.923291][T11822] Bluetooth: hci2: command 0x2016 tx timeout [ 708.002982][T11822] Bluetooth: hci3: command 0x2016 tx timeout [ 708.043239][T17276] binder: 17275:17276 ioctl c00c620f 200000000d40 returned -22 [ 710.083711][T11822] Bluetooth: hci3: command 0x2016 tx timeout [ 710.093186][T17239] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 710.100392][T17239] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 710.106944][T17239] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 710.113843][T17239] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 710.122222][T17239] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 710.128356][T17239] Bluetooth: hci6: Opcode 0x0c1a failed: -4 [ 710.134755][T17239] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 710.140740][T17239] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 710.148924][T17239] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 710.276626][T11774] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 710.328369][T11774] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 710.405070][ T30] INFO: task syz.1.1844:14831 blocked for more than 143 seconds. SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 710.448176][ T30] Tainted: G U L syzkaller #0 [ 710.466063][T11783] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 710.504499][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 710.528319][T11783] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 710.540896][T11837] Bluetooth: hci6: unexpected subevent 0x01 length: 123 > 18 [ 710.574532][ T30] task:syz.1.1844 state:D stack:27528 pid:14831 tgid:14830 ppid:5635 task_flags:0x400140 flags:0x00080002 [ 710.588203][T17280] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2346'. [ 710.658814][ T30] Call Trace: [ 710.698528][ T30] [ 710.705706][T17288] netlink: 330 bytes leftover after parsing attributes in process `syz.5.2346'. [ 710.744286][ T30] __schedule+0x1295/0x67a0 [ 710.776514][ T30] ? __pfx___schedule+0x10/0x10 [ 710.810410][ T30] ? find_held_lock+0x2b/0x80 [ 710.841700][ T30] ? schedule+0x2bf/0x390 [ 710.863664][ T30] schedule+0xdd/0x390 [ 710.863705][ T30] schedule_preempt_disabled+0x13/0x30 [ 710.863727][ T30] __mutex_lock+0xced/0x1b10 [ 710.863751][ T30] ? nfsd_nl_threads_set_doit+0x8c8/0x1100 [ 710.863809][ T30] ? __nla_validate_parse+0x1e7/0x28b0 [ 710.863831][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 710.863860][ T30] ? net_generic+0xea/0x2a0 [ 710.863883][ T30] ? net_generic+0xea/0x2a0 [ 710.863909][ T30] ? nfsd_nl_threads_set_doit+0x8c8/0x1100 [ 710.863925][ T30] nfsd_nl_threads_set_doit+0x8c8/0x1100 [ 710.863947][ T30] genl_family_rcv_msg_doit+0x214/0x300 [ 710.864039][ T30] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 710.864063][ T30] ? genl_get_cmd+0x3e7/0x760 [ 710.864091][ T30] ? bpf_lsm_capable+0x9/0x10 [ 710.864109][ T30] ? security_capable+0x80/0x260 [ 710.864130][ T30] genl_rcv_msg+0x560/0x800 [ 710.864156][ T30] ? __pfx_genl_rcv_msg+0x10/0x10 [ 710.864185][ T30] ? __pfx_nfsd_nl_threads_set_doit+0x10/0x10 [ 710.864209][ T30] netlink_rcv_skb+0x159/0x420 [ 710.864231][ T30] ? __pfx_genl_rcv_msg+0x10/0x10 [ 710.864255][ T30] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 710.864285][ T30] ? netlink_deliver_tap+0x1ae/0xcc0 [ 710.864308][ T30] genl_rcv+0x28/0x40 [ 710.864328][ T30] netlink_unicast+0x585/0x850 [ 710.864352][ T30] ? __pfx_netlink_unicast+0x10/0x10 [ 710.864379][ T30] netlink_sendmsg+0x8b0/0xda0 [ 710.864403][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 710.864423][ T30] ? __import_iovec+0x1d2/0x640 [ 710.864448][ T30] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 710.864498][ T30] ____sys_sendmsg+0x9e1/0xb70 [ 710.864519][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 710.864542][ T30] ? __pfx_____sys_sendmsg+0x10/0x10 [ 710.864567][ T30] ? __pfx_futex_wake_mark+0x10/0x10 [ 710.864591][ T30] ___sys_sendmsg+0x190/0x1e0 [ 710.864614][ T30] ? __pfx____sys_sendmsg+0x10/0x10 [ 710.864659][ T30] __sys_sendmsg+0x170/0x220 [ 710.864676][ T30] ? __pfx___sys_sendmsg+0x10/0x10 [ 710.864693][ T30] ? __x64_sys_futex+0x34f/0x4d0 [ 710.864718][ T30] ? rcu_is_watching+0x12/0xc0 [ 710.864740][ T30] do_syscall_64+0x115/0x840 [ 710.864761][ T30] ? clear_bhb_loop+0x40/0x90 [ 710.864782][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 710.864799][ T30] RIP: 0033:0x7f3037f9ce59 [ 710.864813][ T30] RSP: 002b:00007f3038e16028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 710.864831][ T30] RAX: ffffffffffffffda RBX: 00007f3038215fa0 RCX: 00007f3037f9ce59 [ 710.864842][ T30] RDX: 000000000000c840 RSI: 0000200000000480 RDI: 0000000000000004 [ 710.864853][ T30] RBP: 00007f3038032d6f R08: 0000000000000000 R09: 0000000000000000 [ 710.864864][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 710.864874][ T30] R13: 00007f3038216038 R14: 00007f3038215fa0 R15: 00007ffd6f82f128 [ 710.864895][ T30] [ 710.868954][ T30] INFO: task syz.1.1844:14832 blocked for more than 143 seconds. [ 710.868974][ T30] Tainted: G U L syzkaller #0 [ 710.868984][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 710.868991][ T30] task:syz.1.1844 state:D stack:28136 pid:14832 tgid:14830 ppid:5635 task_flags:0x400140 flags:0x00080002 [ 710.874762][ T30] Call Trace: [ 710.874771][ T30] [ 710.874781][ T30] __schedule+0x1295/0x67a0 [ 710.874819][ T30] ? __pfx___schedule+0x10/0x10 [ 710.874838][ T30] ? find_held_lock+0x2b/0x80 [ 710.874859][ T30] ? schedule+0x2bf/0x390 [ 710.874882][ T30] schedule+0xdd/0x390 [ 710.874902][ T30] schedule_preempt_disabled+0x13/0x30 [ 710.874923][ T30] __mutex_lock+0xced/0x1b10 [ 710.874956][ T30] ? nfsd_nl_listener_get_doit+0x13e/0x7b0 [ 710.874976][ T30] ? __kmalloc_node_track_caller_noprof+0x321/0x850 [ 710.874997][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 710.875021][ T30] ? kmalloc_reserve+0xf9/0x350 [ 710.875044][ T30] ? skb_put+0x138/0x180 [ 710.875064][ T30] ? __nlmsg_put+0x152/0x1c0 [ 710.875086][ T30] ? nfsd_nl_listener_get_doit+0x13e/0x7b0 [ 710.875103][ T30] nfsd_nl_listener_get_doit+0x13e/0x7b0 [ 710.875121][ T30] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1e5/0x2f0 [ 710.875145][ T30] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1ef/0x2f0 [ 710.875174][ T30] genl_family_rcv_msg_doit+0x214/0x300 [ 710.875222][ T30] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 710.875246][ T30] ? genl_get_cmd+0x3e7/0x760 [ 710.875273][ T30] ? __dev_queue_xmit+0xa10/0x4950 [ 710.875295][ T30] ? __radix_tree_lookup+0x217/0x2b0 [ 710.875378][ T30] genl_rcv_msg+0x560/0x800 [ 710.875403][ T30] ? __pfx_genl_rcv_msg+0x10/0x10 [ 710.875427][ T30] ? __pfx_nfsd_nl_listener_get_doit+0x10/0x10 [ 710.875452][ T30] netlink_rcv_skb+0x159/0x420 [ 710.875473][ T30] ? __pfx_genl_rcv_msg+0x10/0x10 [ 710.875497][ T30] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 710.875526][ T30] ? netlink_deliver_tap+0x1ae/0xcc0 [ 710.875549][ T30] genl_rcv+0x28/0x40 [ 710.875570][ T30] netlink_unicast+0x585/0x850 [ 710.875594][ T30] ? __pfx_netlink_unicast+0x10/0x10 [ 710.875620][ T30] netlink_sendmsg+0x8b0/0xda0 [ 710.875644][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 710.875664][ T30] ? __import_iovec+0x1d2/0x640 [ 710.875689][ T30] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 710.875710][ T30] ____sys_sendmsg+0x9e1/0xb70 [ 710.875730][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 710.875753][ T30] ? __pfx_____sys_sendmsg+0x10/0x10 [ 710.875778][ T30] ? kasan_quarantine_put+0x104/0x240 [ 710.875794][ T30] ? lockdep_hardirqs_on+0x78/0x100 [ 710.875820][ T30] ___sys_sendmsg+0x190/0x1e0 [ 710.875843][ T30] ? __pfx____sys_sendmsg+0x10/0x10 [ 710.875865][ T30] ? tomoyo_path_number_perm+0x188/0x580 [ 710.875935][ T30] __sys_sendmsg+0x170/0x220 [ 710.875953][ T30] ? __pfx___sys_sendmsg+0x10/0x10 [ 710.875968][ T30] ? kcov_ioctl+0x16a/0x720 [ 710.875989][ T30] ? rcu_is_watching+0x12/0xc0 [ 710.876012][ T30] ? kcov_ioctl+0x16a/0x720 [ 710.876034][ T30] ? rcu_is_watching+0x12/0xc0 [ 710.876054][ T30] do_syscall_64+0x115/0x840 [ 710.876076][ T30] ? clear_bhb_loop+0x40/0x90 [ 710.876096][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 710.876113][ T30] RIP: 0033:0x7f3037f9ce59 [ 710.876127][ T30] RSP: 002b:00007f3038df5028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 710.876144][ T30] RAX: ffffffffffffffda RBX: 00007f3038216090 RCX: 00007f3037f9ce59 [ 710.876156][ T30] RDX: 0000000020010090 RSI: 0000200000000380 RDI: 0000000000000003 [ 710.876166][ T30] RBP: 00007f3038032d6f R08: 0000000000000000 R09: 0000000000000000 [ 710.876182][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 710.876193][ T30] R13: 00007f3038216128 R14: 00007f3038216090 R15: 00007ffd6f82f128 [ 710.892964][ T30] [ 710.893015][ T30] [ 710.893015][ T30] Showing all locks held in the system: [ 710.893031][ T30] 1 lock held by khungtaskd/30: [ 710.893042][ T30] #0: ffffffff8e7e5420 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184 [ 710.893118][ T30] 2 locks held by syz-executor/5633: [ 710.893127][ T30] #0: ffff88807931a0d8 (&type->s_umount_key#56){+.+.}-{4:4}, at: deactivate_super+0xdf/0x110 [ 710.893171][ T30] #1: ffffffff8ec622a0 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0 [ 710.893227][ T30] 2 locks held by syz.3.285/7134: [ 710.893237][ T30] 2 locks held by syz.3.311/7260: [ 710.893246][ T30] 2 locks held by syz.3.1005/10822: [ 710.893256][ T30] 2 locks held by syz.3.1089/11270: [ 710.893265][ T30] 3 locks held by kworker/u10:3/11783: [ 710.893275][ T30] #0: ffff88813fe94140 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x12d6/0x1980 [ 710.893313][ T30] #1: ffffc9000495fd08 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x973/0x1980 [ 710.893351][ T30] #2: ffffffff90605c20 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0x51/0xc0 [ 710.893472][ T30] 3 locks held by kworker/u11:1/11822: [ 710.893481][ T30] #0: ffff8880595c2940 ((wq_completion)hci6){+.+.}-{0:0}, at: process_one_work+0x12d6/0x1980 [ 710.893519][ T30] #1: ffffc90004a97d08 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work+0x973/0x1980 [ 710.893557][ T30] #2: ffff88803f064ea0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x18a/0x470 [ 710.893633][ T30] 2 locks held by syz.3.1522/13363: [ 710.893643][ T30] 2 locks held by getty/13637: [ 710.893652][ T30] #0: ffff8880372a00a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 710.893750][ T30] #1: ffffc90000bb62e8 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x419/0x14f0 [ 710.893798][ T30] 2 locks held by syz.0.1705/14150: [ 710.893807][ T30] #0: ffffffff906b4088 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 710.893851][ T30] #1: ffffffff8ec622a0 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_listener_set_doit+0xd5/0x1a80 [ 710.893892][ T30] 2 locks held by syz.1.1844/14831: [ 710.893901][ T30] #0: ffffffff906b4088 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 710.893943][ T30] #1: ffffffff8ec622a0 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_threads_set_doit+0x8c8/0x1100 [ 710.893986][ T30] 2 locks held by syz.1.1844/14832: [ 710.893995][ T30] #0: ffffffff906b4088 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 710.894037][ T30] #1: ffffffff8ec622a0 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_listener_get_doit+0x13e/0x7b0 [ 710.894076][ T30] 2 locks held by syz-executor/15048: [ 710.894087][ T30] 4 locks held by kworker/0:4/15173: [ 710.894096][ T30] #0: ffff88813fe57140 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x12d6/0x1980 [ 710.894134][ T30] #1: ffffc90003c6fd08 ((work_completion)(&helper->damage_work)){+.+.}-{0:0}, at: process_one_work+0x973/0x1980 [ 710.894172][ T30] #2: ffff88802070fa70 (&helper->lock){+.+.}-{4:4}, at: drm_fb_helper_damage_work+0x159/0x640 [ 710.894252][ T30] #3: ffff8880272a4128 (&dev->master_mutex){+.+.}-{4:4}, at: drm_master_internal_acquire+0x21/0x80 [ 710.894348][ T30] 2 locks held by kworker/u10:8/15559: [ 710.894358][ T30] #0: ffff88813fe94940 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_one_work+0x12d6/0x1980 [ 710.894400][ T30] #1: ffffc90003aafd08 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x973/0x1980 [ 710.902261][ T30] 2 locks held by syz.4.2192/16517: [ 710.902275][ T30] #0: ffff88802d7ae0d8 (&type->s_umount_key#56){+.+.}-{4:4}, at: deactivate_super+0xdf/0x110 [ 710.902326][ T30] #1: ffffffff8ec622a0 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0 [ 710.902374][ T30] 2 locks held by syz-executor/17071: [ 710.902383][ T30] #0: ffffffff90605c20 (rtnl_mutex){+.+.}-{4:4}, at: rtnetlink_rcv_msg+0x371/0xe90 [ 710.902425][ T30] #1: ffffffff8e7f0f68 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x19e/0x3c0 [ 710.902471][ T30] 2 locks held by syz.3.2347/17281: [ 710.902480][ T30] #0: ffffffff905ecec8 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x451/0x7c0 [ 710.902572][ T30] #1: ffffffff90605c20 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x23/0xb0 [ 710.902642][ T30] 2 locks held by syz.5.2346/17284: [ 710.902652][ T30] 1 lock held by syz.5.2346/17288: [ 710.902662][ T30] #0: ffffffff90605c20 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_setlink+0x4e6/0xae0 [ 710.902701][ T30] 6 locks held by syz.5.2346/17290: [ 710.902711][ T30] 2 locks held by syz.6.2348/17283: [ 710.902720][ T30] #0: ffffffff905ecec8 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x451/0x7c0 [ 710.902761][ T30] #1: ffffffff90605c20 (rtnl_mutex){+.+.}-{4:4}, at: register_nexthop_notifier+0x1b/0x70 [ 710.902845][ T30] 1 lock held by modprobe/17291: [ 710.902856][ T30] [ 710.902861][ T30] ============================================= [ 710.902861][ T30] [ 710.902869][ T30] NMI backtrace for cpu 0 [ 710.902881][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Tainted: G U L syzkaller #0 PREEMPT(full) [ 710.902905][ T30] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 710.902910][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 710.902920][ T30] Call Trace: [ 710.902925][ T30] [ 710.902932][ T30] dump_stack_lvl+0x100/0x190 [ 710.902959][ T30] nmi_cpu_backtrace.cold+0x12d/0x151 [ 710.902976][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 710.902993][ T30] nmi_trigger_cpumask_backtrace+0x1d7/0x230 [ 710.903014][ T30] sys_info+0x141/0x190 [ 710.903028][ T30] watchdog+0xcb1/0x1030 [ 710.903052][ T30] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 710.903073][ T30] ? __pfx_watchdog+0x10/0x10 [ 710.903094][ T30] ? __kthread_parkme+0x18c/0x230 [ 710.903116][ T30] ? kthread+0x13a/0x450 [ 710.903136][ T30] ? __pfx_watchdog+0x10/0x10 [ 710.903155][ T30] kthread+0x370/0x450 [ 710.903182][ T30] ? __pfx_kthread+0x10/0x10 [ 710.903205][ T30] ret_from_fork+0x72b/0xd50 [ 710.903223][ T30] ? __pfx_ret_from_fork+0x10/0x10 [ 710.903239][ T30] ? __switch_to+0x800/0x1100 [ 710.903259][ T30] ? __switch_to_asm+0x39/0x70 [ 710.903278][ T30] ? __pfx_kthread+0x10/0x10 [ 710.903300][ T30] ret_from_fork_asm+0x1a/0x30 [ 710.903327][ T30] [ 710.903346][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 710.903357][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Tainted: G U L syzkaller #0 PREEMPT(full) [ 710.903379][ T30] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 710.903385][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 710.903394][ T30] Call Trace: [ 710.903399][ T30] [ 710.903404][ T30] dump_stack_lvl+0x100/0x190 [ 710.903429][ T30] vpanic+0x552/0x970 [ 710.903445][ T30] ? __pfx_vpanic+0x10/0x10 [ 710.903460][ T30] ? nmi_trigger_cpumask_backtrace+0x182/0x230 [ 710.903477][ T30] ? rcu_is_watching+0x12/0xc0 [ 710.903493][ T30] ? nmi_trigger_cpumask_backtrace+0x182/0x230 [ 710.903513][ T30] panic+0xd1/0xe0 [ 710.903528][ T30] ? __pfx_panic+0x10/0x10 [ 710.903543][ T30] ? nmi_cpu_backtrace+0x79/0x200 [ 710.903561][ T30] ? nmi_trigger_cpumask_backtrace+0x1be/0x230 [ 710.903577][ T30] ? watchdog.cold+0x1ec/0x234 [ 710.903594][ T30] ? watchdog+0xcc1/0x1030 [ 710.903615][ T30] watchdog.cold+0x1fd/0x234 [ 710.903635][ T30] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 710.903655][ T30] ? __pfx_watchdog+0x10/0x10 [ 710.903676][ T30] ? __kthread_parkme+0x18c/0x230 [ 710.903700][ T30] ? kthread+0x13a/0x450 [ 710.903721][ T30] ? __pfx_watchdog+0x10/0x10 [ 710.903741][ T30] kthread+0x370/0x450 [ 710.903762][ T30] ? __pfx_kthread+0x10/0x10 [ 710.903785][ T30] ret_from_fork+0x72b/0xd50 [ 710.903802][ T30] ? __pfx_ret_from_fork+0x10/0x10 [ 710.903818][ T30] ? __switch_to+0x800/0x1100 [ 710.903838][ T30] ? __switch_to_asm+0x39/0x70 [ 710.903856][ T30] ? __pfx_kthread+0x10/0x10 [ 710.903880][ T30] ret_from_fork_asm+0x1a/0x30 [ 710.903907][ T30] [ 710.903963][ T30] Kernel Offset: disabled