last executing test programs: 29m10.106700612s ago: executing program 0 (id=283): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x0, 0xfffffffffffff000, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x9, 0x21eb, 0x7ff, 0x6, 0xa, 0x1000009, 0x5f, 0x0, 0x3}, 0x6f3) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) io_uring_setup$auto(0x48, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) eventfd$auto(0x0) socket(0x28, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x6) r0 = socket(0xa, 0x2, 0x88) bpf$auto(0x0, &(0x7f0000000000)=@link_update={r0, @new_prog_fd=0x4, 0x4}, 0xa3) 29m9.245080922s ago: executing program 0 (id=288): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x40008000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x2, 0x0) r0 = socket(0xa, 0x3, 0x3a) socket(0x29, 0x2, 0x0) r1 = socket(0x11, 0x3, 0x9) semctl$auto(0x201, 0xfffffffffffffffa, 0x3, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x5, 0x2000000000002) r2 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x26, 0x80805, 0x0) socket(0xa, 0x3, 0x6) bpf$auto(0x0, &(0x7f0000000040)=@bpf_attr_5={@target_fd=r2, r0, 0x99, 0x2, 0x1, @relative_fd=r1, 0x9}, 0xaf) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffffffffffffffff, 0x0, 0x3}, 0x6) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r1, 0x0, 0x3}, 0xc) 29m8.099368295s ago: executing program 0 (id=291): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x40008000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x2, 0x0) r0 = socket(0xa, 0x3, 0x3a) socket(0x29, 0x2, 0x0) r1 = socket(0x11, 0x3, 0x9) semctl$auto(0x201, 0xfffffffffffffffa, 0x3, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x5, 0x2000000000002) r2 = socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x6) clone$auto(0x21003b46, 0x2, 0x0, 0x0, 0x6) bpf$auto(0x0, &(0x7f0000000040)=@bpf_attr_5={@target_fd=r2, r0, 0x99, 0x2, 0x1, @relative_fd=r1, 0x9}, 0xaf) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffffffffffffffff, 0x0, 0x3}, 0x6) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r1, 0x0, 0x3}, 0xc) 29m7.391393106s ago: executing program 0 (id=292): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000580)='/sys/devices/virtual/workqueue/scsi_tmf_0/affinity_strict\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0xa, 0x2, 0x3a) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2b, 0x1, 0x1) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) r2 = socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) r3 = socket(0x10, 0x2, 0xc) sendmsg$auto_TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000003780)={0x0, 0x0, &(0x7f0000003740)={&(0x7f0000000000)=ANY=[@ANYBLOB="b1000000", @ANYRES16, @ANYBLOB="01002dbd7000fddbdf25030000000c0001"], 0x20}, 0x1, 0x0, 0x0, 0x41}, 0x40080) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYRES8=r3, @ANYBLOB="18000000", @ANYRES8=r1], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x40000f0) write$auto(r2, &(0x7f0000000000)='-\x00', 0xfdef) 29m6.242755802s ago: executing program 0 (id=293): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000280)='/proc/thread-self/net/sctp/assocs\x00', 0x400, 0x0) pread64$auto(r2, &(0x7f0000000080)='\xd5u+~\xa7x\xe0VQ\x1a6\xcf\xce\xfa\xfbN\x19\b\xf64\r\x122i\xd6\x0e\xfa\x96\x9aV:\xe1G\x14\xb2\xd4N\x0e#jX:\xd0\xe4\xa9\xda\xaf\x98\x94G\xa8\xb4\xa7uPc\x1ang\xdb\xb4\xa7\xad\x1b\xcbonh\xd8\x99\x03\x10\xb0\xa5\xfey\xd5F,70\xecG\x8a\fz\x95\x7f\xb0Y{\xdd\xa1\xa3E\x03\xd4\xc67U\x93\n\xfc\xa4\x0e_\xf8\x94\xc3a\x00\xe6\xea4\xa2\x7ft\xeb\x8b$\x16\x0e\xe8j\xcaI\xe0c\x05\x12(\v\xef\xc5Z\xfb\xed\xa3\x01\x001\xa5\x18%\xae/\x1b6\xaa\xf5ysD\xa6\xee\xbf\xc0v\"\x93\x96\"\xcak.\x0e_\xb3\xf7\xac\x9e\xbd/w\xdf\xfc\xe24z\x0f\x8f\b\xbe\xda\xfb\xd0Jj\x97\xfa{\x9d\xfd\xfb\x14\x1f\xb0\xe7\b#\xb9\x01\xf7\xf5\x1c1\xfbNX\xd9\xf0\x97@\xff(\x99\x13M\xadM\b\xf5\xcd\xa3\xe1Q|\r\x18\xd5\xb4\x1c\xa5\xfd\xdf\x98\xd9\xa7\xf3u\xa8ak\xfaHS\xfa\x12\x85\x85\x14\b\x9c\x15\xc10\xb3\xd5.\x13\xc6\xb6\xbak:\xbf\x8f\xcd\x7f\a\xb8\x00\x00\x00', 0x202, 0x7) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000001980)={0x30, r1, 0x1b, 0x74bd26, 0x25dfdbfd, {}, [@OVS_PACKET_ATTR_ACTIONS={0x4}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "9e8771f1c19f17010006000000dd"}, @OVS_PACKET_ATTR_KEY={0x4}]}, 0x30}, 0x1, 0x0, 0x0, 0x4004040}, 0xc880) mmap$auto(0x0, 0x9, 0xdf, 0x1000000eb1, 0x401, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, 0x0, 0x2000, 0x0) r3 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000980)='/proc/self/pagemap\x00', 0x80800, 0x0) read$auto(r3, 0x0, 0x39b8) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sg0\x00', 0x8402, 0x0) r4 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x1000000a, 0x1, 0x44b, 0x7, 0x5, 0x1007181, 0xd1, 0x7, 0x7, 0x7ff, 0x800c, 0x80000001, 0x4, 0x80200000000001, 0x800000000fff, 0xde3, 0x9809588, 0xfffffffd, 0x2, 0x0, 0x864, 0x6, 0x22000, 0x200, 0x0, 0xc3f, 0x2000000, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x7fdf, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44cd98b, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x6, 0x2a, 0x100000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x1, 0x0, 0x0, 0x3, 0x0, 0xfff]}, 0xa, 0xd) r5 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1441, 0x0) ioctl$auto__ctl_fops_dm_ioctl(r5, 0xfffffffffffffd10, &(0x7f00000001c0)) ioctl$auto__ctl_fops_dm_ioctl(r4, 0xfffffffffffffd02, &(0x7f00000001c0)) 29m4.879601388s ago: executing program 0 (id=300): pread64$auto(0xffffffffffffffff, 0x0, 0x6, 0x1ff) r0 = socket(0x1e, 0x80805, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) accept$auto(r0, 0x0, 0x0) mmap$auto(0x0, 0x202000a, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) ioctl$auto_IOCTL_VMCI_DATAGRAM_SEND(0xffffffffffffffff, 0x7ab, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x0) madvise$auto(0x0, 0x1000, 0x15) io_uring_setup$auto(0x5d, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) unshare$auto(0x40000080) mmap$auto(0x0, 0x7f, 0x1, 0xeb1, 0x401, 0xaa86) socket(0x1d, 0x2, 0x6) r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/kcore\x00', 0x101000, 0x0) preadv$auto(r1, &(0x7f00000002c0)={0x0, 0x8010000}, 0x5, 0xfb, 0x8100000001) 28m49.732626772s ago: executing program 32 (id=300): pread64$auto(0xffffffffffffffff, 0x0, 0x6, 0x1ff) r0 = socket(0x1e, 0x80805, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) accept$auto(r0, 0x0, 0x0) mmap$auto(0x0, 0x202000a, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) ioctl$auto_IOCTL_VMCI_DATAGRAM_SEND(0xffffffffffffffff, 0x7ab, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x0) madvise$auto(0x0, 0x1000, 0x15) io_uring_setup$auto(0x5d, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) unshare$auto(0x40000080) mmap$auto(0x0, 0x7f, 0x1, 0xeb1, 0x401, 0xaa86) socket(0x1d, 0x2, 0x6) r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/kcore\x00', 0x101000, 0x0) preadv$auto(r1, &(0x7f00000002c0)={0x0, 0x8010000}, 0x5, 0xfb, 0x8100000001) 8m34.099765893s ago: executing program 4 (id=3547): openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x8800, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_mac80211_hwsim(0x0, r0) sendmsg$auto_ETHTOOL_MSG_FEC_SET(0xffffffffffffffff, 0x0, 0x20004000) unshare$auto(0x40000080) r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r1, 0xc0045516, 0x0) unshare$auto(0x40000080) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket(0x10, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000003b40)={'veth0_to_hsr\x00', 0x0}) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25030000000800030000020000060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a000500000000000000000008000200", @ANYRES32], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x4048800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYRES16=r4], 0x1ac}}, 0x40001) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) sendmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) unshare$auto(0x7) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x2, 0x1, 0x0) 8m26.578185998s ago: executing program 4 (id=3561): statmount$auto(0x0, &(0x7f0000000180)={0x0, 0x1, 0x9, 0x3, 0x400026, 0x940, 0x1ffde, 0x3, 0x6, 0x7ff, 0xfffffff6, 0x400005, 0xfff, 0x0, 0xb0, 0x8, 0x9, 0x3, 0x5, 0x9, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000]}, 0xfffff7fffffff7fa, 0x281) r0 = openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, &(0x7f0000000440), 0x20201, 0x0) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000000000)) socket(0xa, 0x1, 0x100) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/rpc/auth.rpcsec.context/channel\x00', 0x101002, 0x0) modify_ldt$auto(0xc, 0x0, 0x100000000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptyd1\x00', 0x40, 0x0) write$auto(0x3, 0x0, 0xffd8) unshare$auto(0x40000080) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) r2 = socket(0xa, 0x2, 0x0) setsockopt$auto(r2, 0x0, 0x2, 0x0, 0x5) clone$auto(0x21, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x6) fcntl$auto(0x8000000000000001, 0x26, 0x8) write$auto(0x3, 0x0, 0x100082) ioctl$auto_SNDCTL_DSP_SYNC(r1, 0x5001, 0xfffffffffffffffc) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) clone$auto(0x100000001, 0x4, 0x0, 0x0, 0x200) r3 = socket(0x2, 0x80805, 0x0) getsockopt$auto(r3, 0x84, 0x22, 0x0, 0x0) ioctl$auto_I2C_RDWR(r0, 0x707, &(0x7f0000000180)) 8m21.467528055s ago: executing program 4 (id=3571): statmount$auto(0x0, &(0x7f0000000180)={0x0, 0x1, 0x9, 0x3, 0x400026, 0x940, 0x1ffde, 0x3, 0x6, 0x7ff, 0xfffffff6, 0x400005, 0xfff, 0x0, 0xb0, 0x8, 0x9, 0x3, 0x5, 0x9, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000]}, 0xfffff7fffffff7fa, 0x281) r0 = openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, &(0x7f0000000440), 0x20201, 0x0) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000000000)) socket(0xa, 0x1, 0x100) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/rpc/auth.rpcsec.context/channel\x00', 0x101002, 0x0) writev$auto(r2, &(0x7f0000000180)={&(0x7f0000000080)="3af6b96a4c1220ad", 0x10}, 0x7) modify_ldt$auto(0xc, 0x0, 0x100000000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptyd1\x00', 0x40, 0x0) unshare$auto(0x40000080) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) r3 = socket(0xa, 0x2, 0x0) setsockopt$auto(r3, 0x0, 0x2, 0x0, 0x5) clone$auto(0x21, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x6) fcntl$auto(0x8000000000000001, 0x26, 0x8) write$auto(0x3, 0x0, 0x100082) ioctl$auto_SNDCTL_DSP_SYNC(r1, 0x5001, 0xfffffffffffffffc) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) clone$auto(0x100000001, 0x4, 0x0, 0x0, 0x200) r4 = socket(0x2, 0x80805, 0x0) getsockopt$auto(r4, 0x84, 0x22, 0x0, 0x0) ioctl$auto_I2C_RDWR(r0, 0x707, &(0x7f0000000180)) 8m17.060516715s ago: executing program 4 (id=3584): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x10, 0x2, 0x14) socket(0x11, 0x80003, 0x300) socket(0x1d, 0x2, 0x7) socket(0x2, 0x1, 0x0) socket(0x10, 0x2, 0x0) socket(0x1d, 0x2, 0x7) socket(0xa, 0x2, 0x73) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x0) socket(0xa, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_ETHTOOL_MSG_RINGS_SET(r0, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f0000001d80)={&(0x7f0000000040)=ANY=[@ANYRES16, @ANYBLOB="010027bd7000ffdbdf25100000000c00018008000100", @ANYRES32, @ANYBLOB="080006"], 0x28}, 0x1, 0x0, 0x0, 0x90}, 0x0) r1 = socket(0x10, 0x2, 0x14) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r1, &(0x7f0000003000)={0x0, 0x0, &(0x7f0000002fc0)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000000a14af"], 0x14}, 0x1, 0x0, 0x0, 0x80c3}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYRES8=r1], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4c084}, 0x51) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) 8m14.826009977s ago: executing program 4 (id=3589): mmap$auto(0x0, 0x88b, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000500)='/sys/devices/virtual/block/ram12/queue/read_ahead_kb\x00', 0x80000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) read$auto(r0, 0x0, 0x20) r1 = openat$auto_btrfs_ctl_fops_super(0xffffffffffffff9c, &(0x7f0000000f40), 0x2100, 0x0) ioctl$auto_BTRFS_IOC_GET_SUPPORTED_FEATURES(r1, 0x80489439, &(0x7f0000000300)=[{0x800000000000006, 0x1b, 0x8000000000000001}, {0x1, 0x5, 0x1004000000002}, {0x7ff, 0x401, 0x2}]) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/bus/hid/drivers/shield/uevent\x00', 0x100042, 0x0) write$auto(r2, &(0x7f0000000100)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3C', 0x4) close_range$auto(0x2, 0x8, 0x0) r3 = io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) fsconfig$auto_SHMEM_HUGE_ALWAYS(r3, 0x9, &(0x7f00000001c0)='*]-,\x00', &(0x7f0000000200)="7c99fc0e6a0eb31fb80188e4620264f53255bc6282f9bd47a810b41a81c2680960a2aa0e27172f49a2bde1666a81332e1402a25b427f0281e6aed5be20", 0x1) r4 = socket$nl_generic(0x10, 0x3, 0x10) mprotect$auto(0x8, 0xc, 0x1000) getpeername$auto(0x3, 0x0, 0x0) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000400), r4) mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x804) open(&(0x7f0000000000)='./file0\x00', 0x28400, 0x82) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x16001, 0x0) mmap$auto(0x0, 0x1, 0x3, 0xeb1, 0xfffffffffffffffa, 0x4) ioprio_set$auto(0x2, 0x800000000, 0x8) r5 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/kallsyms\x00', 0x20100, 0x0) pread64$auto(r5, 0x0, 0x8, 0x8000) write$auto(0x3, 0x0, 0xfdef) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/pci0000:00/0000:00:00.0/enable\x00', 0x18b042, 0x0) mprotect$auto(0x1ffff000, 0xffffffffffffffff, 0xd) syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000280), 0xffffffffffffffff) 8m11.229582904s ago: executing program 4 (id=3599): socket(0x2, 0x1, 0x106) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) fanotify_init$auto(0x65, 0x2) pipe$auto(0x0) write$auto(0x6, 0x0, 0x100000001) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x9, @multicast1}, 0x54) epoll_pwait2$auto(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000002780)={0x10000000000, 0x5}, 0x0, 0x8) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) syz_clone3(0x0, 0x0) ioctl$auto_SG_GET_COMMAND_Q(0xffffffffffffffff, 0x2270, &(0x7f0000000240)="ff1c77e3e0c75de3e4b5b406551a5767a5356c9bd9de5c773f2e75e6819101f051269dc09510f21d26b8a47ea44ff3011466be44ee87e992ae7b381f46f7e8880f1e4e52a3aa37892fbbcee374327f019f5d1866ce7ce150a42b0a07517071aa68e5997c2bc1062a9b033ba7bfba2572aaa306a2725c16886e383a0973673e3ea024667ff4d2d10e01fd145039fbc221dcd97c590000000000000000005b0d5646bec3cc3e72e128b447ddfe9f9109d94bbbeeb889959201af3ee76e59ecacbc6cd4db93f60abb9223cbd86cb4ea79e84ec9c9bc05390d61c270dd5ea2a3334fd5db6942929d02c50bc254ecb9989258c9e074a6917a36f0") mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) mbind$auto(0x0, 0x800605, 0x2, &(0x7f0000000500)=0xffff, 0xa, 0x3) futex_wake$auto(0x0, 0x5, 0x4, 0xa) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/conf/vxcan1/forwarding\x00', 0x82002, 0x0) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/virt_wifi0/ra_defrtr_metric\x00', 0x0, 0x0) sendfile$auto(r1, r2, 0x0, 0x1) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0x8, 0x0) 7m55.599870628s ago: executing program 33 (id=3599): socket(0x2, 0x1, 0x106) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) fanotify_init$auto(0x65, 0x2) pipe$auto(0x0) write$auto(0x6, 0x0, 0x100000001) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x9, @multicast1}, 0x54) epoll_pwait2$auto(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000002780)={0x10000000000, 0x5}, 0x0, 0x8) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) syz_clone3(0x0, 0x0) ioctl$auto_SG_GET_COMMAND_Q(0xffffffffffffffff, 0x2270, &(0x7f0000000240)="ff1c77e3e0c75de3e4b5b406551a5767a5356c9bd9de5c773f2e75e6819101f051269dc09510f21d26b8a47ea44ff3011466be44ee87e992ae7b381f46f7e8880f1e4e52a3aa37892fbbcee374327f019f5d1866ce7ce150a42b0a07517071aa68e5997c2bc1062a9b033ba7bfba2572aaa306a2725c16886e383a0973673e3ea024667ff4d2d10e01fd145039fbc221dcd97c590000000000000000005b0d5646bec3cc3e72e128b447ddfe9f9109d94bbbeeb889959201af3ee76e59ecacbc6cd4db93f60abb9223cbd86cb4ea79e84ec9c9bc05390d61c270dd5ea2a3334fd5db6942929d02c50bc254ecb9989258c9e074a6917a36f0") mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) mbind$auto(0x0, 0x800605, 0x2, &(0x7f0000000500)=0xffff, 0xa, 0x3) futex_wake$auto(0x0, 0x5, 0x4, 0xa) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/conf/vxcan1/forwarding\x00', 0x82002, 0x0) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/virt_wifi0/ra_defrtr_metric\x00', 0x0, 0x0) sendfile$auto(r1, r2, 0x0, 0x1) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0x8, 0x0) 1m26.808279103s ago: executing program 2 (id=4376): unshare$auto(0x40000080) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xfdef) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x480882, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x6fb3ac5a, 0x5c47) madvise$auto(0x0, 0xffffffffffff0005, 0x19) setuid$auto(0xe) r0 = socket(0x23, 0x2, 0x0) ioctl$auto(r0, 0x1d4, r0) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0xa, 0x1, 0x84) getsockopt$auto(r1, 0x84, 0xe, 0x0, &(0x7f0000000040)=0xb0) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x40880, 0x0) ioctl$auto_UI_DEV_SETUP(r2, 0x405c5503, &(0x7f0000000400)={{0x5, 0x23, 0xa6, 0x84}, "66ac010005000000000068d590eb0d4a4cada7272464294b9183349eef4c1f028fdcc8ecc66fdd02316f064ebd893007abb4c0bbc3b822f66eb624ad63110d61771552c03de65800", 0x2}) ioctl$auto_UI_DEV_CREATE(r2, 0x5501, 0x0) read$auto(0x3, 0x0, 0x18) openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/ieee80211/phy1/statistics/dot11FCSErrorCount\x00', 0x100, 0x0) read$auto(0x3, 0x0, 0x8) ustat$auto(0x9, &(0x7f0000000080)={0xd, 0x1ff, "0128128462aa", "533a98866819"}) 1m23.992839273s ago: executing program 2 (id=4381): r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x1000, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16, @ANYBLOB="130026bd7000dddbcfc23e16000008000300", @ANYRES32=r1], 0x24}, 0x1, 0x0, 0x0, 0x8880}, 0x20040894) sendmsg$auto_ETHTOOL_MSG_PLCA_GET_STATUS(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x98, 0x0, 0x10, 0x70bd2d, 0x25dfdbfe, {}, [@ETHTOOL_A_PLCA_HEADER={0x54, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_PHY_INDEX={0x8, 0x4, 0x10000}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syzkaller1\x00'}, @ETHTOOL_A_HEADER_PHY_INDEX={0x8, 0x4, 0xcd}, @ETHTOOL_A_HEADER_PHY_INDEX={0x8, 0x4, 0x9}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @ETHTOOL_A_PLCA_HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'rose0\x00'}, @ETHTOOL_A_HEADER_PHY_INDEX={0x8, 0x4, 0x8}]}]}, 0x98}, 0x1, 0x0, 0x0, 0x4000800}, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) getitimer$auto(0x0, 0x0) geteuid() mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x9, 0x11, r0, 0x0) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x0, 0x2020007, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) userfaultfd$auto(0x1) socket(0x10, 0x2, 0xc) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/events/vmalloc/filter\x00', 0x303, 0x0) r3 = landlock_create_ruleset$auto(&(0x7f0000000000)={0x6, 0x400, 0x7}, 0x9, 0x0) landlock_add_rule$auto(r3, 0x2, 0x0, 0x0) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_GET_MSRS(0xffffffffffffffff, 0x4008ae90, &(0x7f0000000080)={0xfc}) close_range$auto(0x2, 0x8, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x2, 0x4, 0x8201, 0x8, 0x0, 0xc, 0xe3, 0x4e, 0x3}, 0x6f4) bpf$auto(0x2, 0x0, 0x103) r4 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card0\x00', 0x0, 0x0) ioctl$auto(r4, 0x64c8, r4) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttynull\x00', 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/loop6/range\x00', 0x202, 0x0) 1m23.602371895s ago: executing program 2 (id=4382): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/bus/netdevsim/del_device\x00', 0x501, 0x0) madvise$auto(0x0, 0x2000040080000004, 0xe) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0x0, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0xfffffffffffffffe, 0x202000b, 0x3, 0xeb1, 0xfffffffffffffffa, 0xf6) r2 = socket(0x2, 0x801, 0x6) setsockopt$auto(r2, 0x1, 0x12, 0x0, 0xa4) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/nbd9\x00', 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000000), 0xffffffffffffffff) socket(0xa, 0x801, 0x84) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(0x3, 0x10000000084, 0x78, 0x0, 0x8) sendmsg$auto_NBD_CMD_DISCONNECT(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000240)={0x1c, r4, 0x1, 0x70bd2a, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x9}]}, 0x1c}, 0x1, 0x0, 0x0, 0xc000}, 0x2000c800) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0xffffffffffffffff, 0x200007, 0x19) syslog$auto(0x3, 0x0, 0x5) poll$auto(0x0, 0x7f, 0x9) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000280), 0x101000, 0x0) r5 = openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000340), 0x80200, 0x0) pread64$auto(r5, &(0x7f0000000240)='\x03W\x96l\x15\x00'/21, 0x100000002, 0x100000001) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x182b02, 0x0) sendfile$auto(r6, r6, 0x0, 0x3) write$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000200)="34aeede841", 0x5) memfd_create$auto(&(0x7f0000000080)='!(@\\\x00', 0x8) 1m22.110937057s ago: executing program 2 (id=4384): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54) shutdown$auto(0x200000003, 0x2) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x9, @dev={0xac, 0x14, 0x14, 0x11}}, 0x54) r0 = socket(0x11, 0x2, 0x9) r1 = prctl$auto_PR_SET_MM_START_CODE(0x1, 0x1, 0xffffffffffffffff, 0x10, 0x1) getsockopt$auto(r1, 0x0, 0x4, &(0x7f00000000c0)='\\&)-,[\x00', &(0x7f0000000100)=0x4) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptytf\x00', 0x41102, 0x0) pwrite64$auto(0xc8, &(0x7f0000000340)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88d\x11\x00\x00\x00\x00\x00\x00W\x02\xba\xae\xb8-\x14\xe4\x00\x00\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\x00\x00\x9f\x1e\xf6\xa4*\x01\x00\x00\x00^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e#\xae\xa9\xc5\x93\x1dD\x811\xb9_\xdd*j\xfd\xeb\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;\x9e\x83\x120\x81\x11\x9a?g`sFh\x00\x00\xda,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xdex\xd8\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00'/228, 0xfdef, 0x2) ioctl$auto(r0, 0x8910, 0x24) r2 = openat$auto_ftrace_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f0000003b00)='/sys/kernel/debug/tracing/events/vmalloc/purge_vmap_area_lazy/enable\x00', 0x600, 0x0) readv$auto(r2, &(0x7f0000003dc0)={0x0, 0x2000000}, 0xb) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_taskstats(&(0x7f0000001c80), r3) sendmsg$auto_TASKSTATS_CMD_GET(r3, &(0x7f0000001d40)={0x0, 0x0, &(0x7f0000001d00)={&(0x7f0000001cc0)={0x24, r4, 0x1, 0x70bd28, 0x25dfdbfc, {}, [@TASKSTATS_CMD_ATTR_DEREGISTER_CPUMASK={0xe, 0x4, 'NLBL_MGMT\x00'}]}, 0x24}, 0x1, 0x0, 0x0, 0x8040}, 0x22008044) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/net/lapb4/ifalias\x00', 0x1a1842, 0x0) r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty51\x00', 0x40001, 0x0) ioctl$auto(0x3, 0x540a, r5) writev$auto(0xffffffffffffffff, &(0x7f00000035c0)={0x0, 0x4}, 0x4000000000006) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sg1\x00', 0x400, 0x0) 1m21.845406512s ago: executing program 2 (id=4385): semctl$auto_GETPID(0x0, 0x4df6, 0xb, 0x9) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x25, 0x1, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0xc0000, 0x0) r0 = openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000180), 0x8002, 0x0) io_uring_register$auto_IORING_UNREGISTER_FILES(r0, 0x3, &(0x7f0000000340)="a7a22ba9517e3e78ab2368cccc1b87e43b5db46416cabfb523c40a306777f88ea620726183aa9d04be80742c64ffcddc89385416065dcf7ff46f3c9dedfbcc4e6855fb96a2d4211d933c785ecfecc809aebd704206956c8191501a00981835078750365c3e4952561b363bb745493392d4ee0ed5477ef45004d7952b0b4daeedf8f149", 0x7) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r2, 0x107, 0xe, 0x0, 0x8) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_netdev(&(0x7f00000013c0), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', 0x0}) sendmsg$auto_NETDEV_CMD_BIND_RX(r3, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000001480)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYRES16=r4, @ANYBLOB="01002abd7000fddbdf250d00000008000300", @ANYRES32=r3, @ANYBLOB="08000100", @ANYRES32=r6, @ANYBLOB="0c0002800800010002000000"], 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x10) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0e, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0xc, 0x3, 0x6]}, 0x0) shmctl$auto_IPC_INFO(0xcaeb, 0x3, &(0x7f0000000480)={{0x2, 0xee00, 0xee00, 0x1, 0x6, 0x1, 0xff}, 0x1, 0x2, 0x5, 0xffffffff, @raw=0x6b, @raw=0x10000, 0x4, 0x0, &(0x7f0000000040)="a2ab2d4edfe5404e7e1a618bd20dc754af695a0e", &(0x7f0000000400)="8a1d5e41fb1b7b6ad1365b57dbdb7162ab3591b84d163ccc623bb092663979c6d0ee4238998fe4a998619a76f96b525e1cf111680b627d0768c4d5ac70a32772d1f8708a255f4a68ff5c16a3f54b887fe3faffcd"}) r7 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto(0x10, r7, 0x4, 0x7ff) ptrace$auto_PTRACE_GET_SYSCALL_INFO(0x420e, r7, 0x400, 0x1) r8 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, 0x0, 0x2, 0x0) fsconfig$auto_FSCONFIG_SET_PATH_EMPTY(r8, 0x4, &(0x7f0000000240)='/dev/snd/midiC2D0\x00', &(0x7f00000001c0)="6a6a08d54f7a000000", 0x1) r9 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x2, 0x0) timerfd_create$auto_CLOCK_MONOTONIC(0x1, 0x6) write$auto(r9, 0x0, 0x0) openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x401, 0x0) 1m20.726324577s ago: executing program 2 (id=4389): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) getpeername$auto(0x3, 0x0, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0xc642, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r0 = socket(0x2, 0x2, 0x1) cachestat$auto(0xffffffffffffffff, &(0x7f00000000c0)={0x401, 0x428a}, 0x0, 0x0) close_range$auto(r0, 0xffffffffffffffff, 0x2) bpf$auto(0x0, &(0x7f0000000000)=@bpf_attr_4={0x1b, r0, 0x10000}, 0x10) ppoll$auto(&(0x7f0000000080)={0xffffffffffffffff, 0xf7f, 0x81}, 0x10, 0x0, 0x0, 0x8) mmap$auto(0x0, 0x4, 0xffffffffffffffff, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) openat$auto_bm_entry_operations_binfmt_misc(0xffffffffffffff9c, 0x0, 0x400, 0x0) unshare$auto(0x40000080) setsockopt$auto(0x400000000000003, 0x2d, 0x1c, 0x0, 0x3) r1 = socket(0x18, 0x2, 0x200000c) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002f00), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_SET(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x24, r3, 0x1, 0x70bd2b, 0x25dfdbff, {}, [@NFSD_A_SERVER_THREADS={0x8, 0x1, 0xfffffffc}, @NFSD_A_SERVER_THREADS={0x8, 0x1, 0xffff}]}, 0x24}, 0x1, 0x0, 0x0, 0x4002000}, 0x40010) syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000002c0), 0xffffffffffffffff) r4 = socket(0x10, 0x2, 0xc) syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$auto_CTRL_CMD_GETPOLICY(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[], 0x51}, 0x1, 0x0, 0x0, 0x24050803}, 0x10000010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004859}, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="000000009efcd87b54041f88766c36ca2cfc8b99a63247be6e7e5f6bea0ec8d36ee4d8162a249a3ea4077c7c0b35599dcb61a7", @ANYBLOB="e0501373fb52099376ad80dbd361f6095cbe", @ANYBLOB="d3cb3c58d70cb245224fdf250a000a"], 0xf8}, 0x1, 0x0, 0x0, 0x10}, 0x140400d1) mmap$auto(0x0, 0x5, 0xffb, 0x8000000008011, 0x3, 0x0) socket(0x18, 0xa, 0x1) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) mmap$auto(0x4, 0x4, 0x5, 0x80000200009b72, 0x1000, 0x5) semctl$auto(0x201, 0xfffffffffffffffa, 0x3, 0x0) ioctl$auto(0x3, 0xc0104d03, 0x5) 1m5.216946544s ago: executing program 34 (id=4389): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) getpeername$auto(0x3, 0x0, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0xc642, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r0 = socket(0x2, 0x2, 0x1) cachestat$auto(0xffffffffffffffff, &(0x7f00000000c0)={0x401, 0x428a}, 0x0, 0x0) close_range$auto(r0, 0xffffffffffffffff, 0x2) bpf$auto(0x0, &(0x7f0000000000)=@bpf_attr_4={0x1b, r0, 0x10000}, 0x10) ppoll$auto(&(0x7f0000000080)={0xffffffffffffffff, 0xf7f, 0x81}, 0x10, 0x0, 0x0, 0x8) mmap$auto(0x0, 0x4, 0xffffffffffffffff, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) openat$auto_bm_entry_operations_binfmt_misc(0xffffffffffffff9c, 0x0, 0x400, 0x0) unshare$auto(0x40000080) setsockopt$auto(0x400000000000003, 0x2d, 0x1c, 0x0, 0x3) r1 = socket(0x18, 0x2, 0x200000c) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002f00), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_SET(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x24, r3, 0x1, 0x70bd2b, 0x25dfdbff, {}, [@NFSD_A_SERVER_THREADS={0x8, 0x1, 0xfffffffc}, @NFSD_A_SERVER_THREADS={0x8, 0x1, 0xffff}]}, 0x24}, 0x1, 0x0, 0x0, 0x4002000}, 0x40010) syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000002c0), 0xffffffffffffffff) r4 = socket(0x10, 0x2, 0xc) syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$auto_CTRL_CMD_GETPOLICY(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[], 0x51}, 0x1, 0x0, 0x0, 0x24050803}, 0x10000010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004859}, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="000000009efcd87b54041f88766c36ca2cfc8b99a63247be6e7e5f6bea0ec8d36ee4d8162a249a3ea4077c7c0b35599dcb61a7", @ANYBLOB="e0501373fb52099376ad80dbd361f6095cbe", @ANYBLOB="d3cb3c58d70cb245224fdf250a000a"], 0xf8}, 0x1, 0x0, 0x0, 0x10}, 0x140400d1) mmap$auto(0x0, 0x5, 0xffb, 0x8000000008011, 0x3, 0x0) socket(0x18, 0xa, 0x1) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) mmap$auto(0x4, 0x4, 0x5, 0x80000200009b72, 0x1000, 0x5) semctl$auto(0x201, 0xfffffffffffffffa, 0x3, 0x0) ioctl$auto(0x3, 0xc0104d03, 0x5) 33.225424966s ago: executing program 6 (id=4484): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) r0 = socket(0xa, 0x1, 0x84) rseq$auto(0x0, 0x8000, 0x0, 0x6) openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000240), 0x1e3c40, 0x0) mmap$auto(0x2, 0x20005, 0xe3, 0xeb1, r0, 0x8000) close_range$auto(0x0, 0x5, 0x0) socket(0x23, 0x80805, 0x0) epoll_create$auto(0x7) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, 0x0, 0x189002, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x20) write$auto(0x3, 0x0, 0x81) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vbi26\x00', 0x0, 0x0) ioctl$auto(0x3, 0xc0485619, 0x38) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x8800, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, 0x0, 0x40804) sendmsg$auto_ETHTOOL_MSG_FEC_SET(0xffffffffffffffff, 0x0, 0x840) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/usb/usbmon/0u\x00', 0x22202, 0x0) pread64$auto(r4, 0x0, 0x0, 0x9) read$auto_mon_fops_text_t_mon_text(r4, 0x0, 0x0) close$auto(0xffffffffffffffff) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/009/001\x00', 0x0, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) 29.554368851s ago: executing program 6 (id=4489): close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) mmap$auto(0x10000000, 0x1004, 0x10e3, 0xf030, 0xffffffffffffffff, 0x7) io_uring_setup$auto(0x401, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0xb, 0x3, 0x2) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x9, 0x6, 0x63, 0x0, 0x0, 0x0, 0xac, 0x200, 0x2, 0x40000402, 0x9, 0x9, 0xffffffffffffffff, 0x6, 0x6, 0x200000100103}) socket(0x23, 0x80805, 0x0) sysfs$auto(0x2, 0x10000000000002a, 0x81) r1 = io_uring_setup$auto(0x1d48, &(0x7f0000000340)={0x7fffffff, 0x10, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x3, 0x8, 0x1, 0x80000000, 0x100, 0x83, 0x101, 0x6, 0x8000000000000001}, {0x100, 0x1, 0x52, 0x5, 0x11, 0x101, 0x876c5, 0xc9, 0x3}}) io_uring_register$auto(r1, 0x15, 0x0, 0x9) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x2800, 0x0) getsockopt$auto(0xffffffffffffffff, 0xfffffffe, 0x800, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x8000000000000003, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/loop14/queue/dma_alignment\x00', 0x80000, 0x0) read$auto(r2, 0x0, 0x20) ioctl$auto_BLKSECDISCARD(0xffffffffffffffff, 0x127d, 0x0) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3) socket$nl_generic(0x10, 0x3, 0x10) r4 = open(0x0, 0x22240, 0x154) execveat$auto(r4, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) rename$auto(&(0x7f0000000000)='./file0\x00', 0x0) unshare$auto(0x40000080) lseek$auto(0x3, 0x7fffffffffffffff, 0x1) ioctl$auto_IOCTL_VMCI_CTX_ADD_NOTIFICATION(0xffffffffffffffff, 0x7af, 0x0) 25.905751702s ago: executing program 6 (id=4493): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nbd15/queue/scheduler\x00', 0x103a42, 0x0) r1 = syz_genetlink_get_family_id$auto_mac802154_hwsim(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$auto_MAC802154_HWSIM_CMD_NEW_RADIO(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="a8020000", @ANYRES16=r1, @ANYRES32=r0], 0x2a8}}, 0x40000) sendfile$auto(r0, r0, 0x0, 0x9) 24.881326124s ago: executing program 6 (id=4495): mmap$auto(0x6, 0x2000d, 0x0, 0xebe, 0x404, 0x10008000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x752502, 0x0) mmap$auto(0x20000, 0x400088, 0x6, 0x9b72, r0, 0x8000) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) socketpair$auto(0x20000001, 0x2, 0x3, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, 0x6) unshare$auto(0x40000080) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0f0026bd7000fcdbdf9907"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df45"], 0x1ac}}, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0xfffffffc, &(0x7f0000000100)={0x0, 0xfbe}, 0x8, 0x0, 0x7}, 0x880}, 0x7, 0x4008) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x202000a, 0x5, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) sendmsg$auto_NL80211_CMD_SET_CQM(0xffffffffffffffff, 0x0, 0x8000) write$auto(r2, &(0x7f0000000000)='//\xf2\x00', 0x80000000) mmap$auto(0x0, 0x810006, 0xffb, 0x8000000008011, 0x3, 0x0) getpid() msync$auto(0x0, 0xe0, 0x6) write$auto(0xffffffffffffffff, &(0x7f00000002c0)='/Eev/audio1\x00V\xa0I\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xb1Z|\xffGP\x97)\xcf\a\xfb\\Y\xda\xd0i\x05\x9c\x9d{\x11\x04p\xb8\x85!n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbdY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc\rn\x1d\t\xdbx\xc5\xed\xf28\xed\x88\v\x94\x1fl`\xb1\xd9^\x85\x00\x10qH\xbf3\\\xe4\x97\x84\xbb?\xf7\x8e\xc2\xb9\x87&\x90\x99\xa7\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00Q\x8daX-\x87', 0x5aaa) mount$auto(0x0, 0xfffffffffffffffe, 0x0, 0x80, 0xfffffffffffffffe) r3 = openat$auto_drm_connector_fops_drm_debugfs(0xffffffffffffff9c, 0x0, 0x2100, 0x0) write$auto_drm_connector_fops_drm_debugfs(r3, &(0x7f0000001240), 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x8440, 0x0) close_range$auto(0x2, 0x8, 0x0) mlock$auto(0xfbe8, 0x4) 21.163061117s ago: executing program 6 (id=4500): socket(0xa, 0x5, 0x0) socket(0x2, 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto(0x4000000000000c8, 0x800454cf, 0x3) r0 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x109001, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r0, 0x7a7, 0x0) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) mount$auto(0x0, &(0x7f00000000c0)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0xf, 0x0) openat2$dir(0xffffffffffffff9c, &(0x7f0000000200)='}[,&*}/file0\x00', &(0x7f0000000080)={0x220000, 0x0, 0x11}, 0x18) fstatfs$auto(0x3, 0x0) bind$auto(r0, 0x0, 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x3ff, 0x2, 0x6, 0x48, 0x4909b6f8, 0x5, 0x7, 0x200003, 0x2, 0xd27, 0x3, 0x5, 0x4, 0xb4, 0xa, 0x6, 0x10001, 0x80, 0x100000000, 0x800000, 0x7, 0x7, 0x200, 0xfffffffd, 0x84, 0x0, 0x6, 0x2, 0x0, 0x0, [0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x4000000, 0x0, 0x0, 0x0, 0x10000000000000, 0x0, 0x0, 0x5, 0x20000000000, 0x2, 0x0, 0x0, 0x0, 0xffffffffffffdf26, 0x0, 0x0, 0x2, 0x0, 0x0, 0xec4e, 0x0, 0x0, 0x0, 0x0, 0x7, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd]}, 0x1fe, 0xd) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ipvlan1\x00'}) ioctl$auto(0xffffffffffffffff, 0xc0585611, 0xffffffffffffffff) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x400c800}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) mmap$auto(0x0, 0xdb3, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) clone$auto(0x1002, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x9) madvise$auto(0x0, 0x2003f0, 0x15) mlockall$auto(0x800000000000005) r2 = mq_open$auto(&(0x7f00000000c0)='\x12\xe6D\b\x9e\x00\x80\x8d\f\xb9w-\xbd!\x9eb\xed\xfb\x0f\xe5\x9dZ\xc2\xd1\x01wBV\x91\x8f_\xc0.\x84\xfe\x84\xd1se\x01\x06\x00\xb3\x13_Y&\xa9\x88\xe4\xa2\xb0V\x85\x92<\xb6\xdcT \\\xf2\v\xb1\xe2\xd8\xfa\xd8V\xe5\x00\xfa\xe9!\xc5<\xce\x18=\x06\xdagq\xb5\r\t\xb2\xde\x99\xd50\xbb\x192\x1c4\x86\xc0\xc1-\xd5\x10\xc3\xfc*[8\x89h\xc5\xba\xff\xc8u5f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc\rn\x1d\t\xdbx\xc5\xed\xf28\xed\x88\v\x94\x1fl`\xb1\xd9^\x85\x00\x10qH\xbf3\\\xe4\x97\x84\xbb?\xf7\x8e\xc2\xb9\x87&\x90\x99\xa7\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00Q\x8daX-\x87', 0x5aaa) mount$auto(0x0, 0xfffffffffffffffe, 0x0, 0x80, 0xfffffffffffffffe) r3 = openat$auto_drm_connector_fops_drm_debugfs(0xffffffffffffff9c, 0x0, 0x2100, 0x0) write$auto_drm_connector_fops_drm_debugfs(r3, &(0x7f0000001240), 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x8440, 0x0) close_range$auto(0x2, 0x8, 0x0) mlock$auto(0xfbe8, 0x4) 16.723025521s ago: executing program 5 (id=4516): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) set_mempolicy$auto(0x6, &(0x7f0000000080)=0x3, 0x21) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000580)='/sys/devices/virtual/thermal/cooling_device0/max_state\x00', 0x500, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f00000005c0)=""/8, 0x8) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x2000c000}, 0x4004) openat$auto_msft_opcode_fops_(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/bluetooth/hci2/msft_opcode\x00', 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f0, 0x15) madvise$auto(0x0, 0x200007, 0x19) getrusage$auto_RUSAGE_BOTH(0xfffffffffffffffe, 0x0) openat$auto_suspend_stats_fops_(0xffffffffffffff9c, &(0x7f00000003c0), 0x1001, 0x0) socket(0x2, 0x801, 0x100) connect$auto(0x3, &(0x7f00000000c0), 0x55) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r1, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) recvmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x2, &(0x7f0000000140)={0x0, 0x4d7}, 0x6, 0x0, 0x8, 0x10007fe}, 0x1000}, 0xffffffff, 0x4, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) sendmmsg$auto(0x3, 0x0, 0xff, 0x7000000) close_range$auto(0x2, 0x8, 0x0) unshare$auto(0x40000080) 16.162611331s ago: executing program 3 (id=4517): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54) shutdown$auto(0x200000003, 0x2) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x9, @dev={0xac, 0x14, 0x14, 0x11}}, 0x54) r0 = socket(0x11, 0x2, 0x9) r1 = prctl$auto_PR_SET_MM_START_CODE(0x1, 0x1, 0xffffffffffffffff, 0x10, 0x1) getsockopt$auto(r1, 0x0, 0x4, &(0x7f00000000c0)='\\&)-,[\x00', &(0x7f0000000100)=0x4) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptytf\x00', 0x41102, 0x0) pwrite64$auto(0xc8, &(0x7f0000000340)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88d\x11\x00\x00\x00\x00\x00\x00W\x02\xba\xae\xb8-\x14\xe4\x00\x00\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\x00\x00\x9f\x1e\xf6\xa4*\x01\x00\x00\x00^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e#\xae\xa9\xc5\x93\x1dD\x811\xb9_\xdd*j\xfd\xeb\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;\x9e\x83\x120\x81\x11\x9a?g`sFh\x00\x00\xda,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xdex\xd8\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00'/228, 0xfdef, 0x2) ioctl$auto(r0, 0x8910, 0x24) r2 = openat$auto_ftrace_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f0000003b00)='/sys/kernel/debug/tracing/events/vmalloc/purge_vmap_area_lazy/enable\x00', 0x600, 0x0) readv$auto(r2, &(0x7f0000003dc0)={0x0, 0x2000000}, 0xb) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_taskstats(&(0x7f0000001c80), r3) sendmsg$auto_TASKSTATS_CMD_GET(r3, &(0x7f0000001d40)={0x0, 0x0, &(0x7f0000001d00)={&(0x7f0000001cc0)={0x24, r4, 0x1, 0x70bd28, 0x25dfdbfc, {}, [@TASKSTATS_CMD_ATTR_DEREGISTER_CPUMASK={0xe, 0x4, 'NLBL_MGMT\x00'}]}, 0x24}, 0x1, 0x0, 0x0, 0x8040}, 0x22008044) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/net/lapb4/ifalias\x00', 0x1a1842, 0x0) r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty51\x00', 0x40001, 0x0) ioctl$auto(0x3, 0x540a, r5) r6 = openat$auto_buffer_percent_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/tracing/buffer_percent\x00', 0x1, 0x0) writev$auto(r6, &(0x7f00000035c0)={0x0, 0x4}, 0x4000000000006) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sg1\x00', 0x400, 0x0) 15.494921524s ago: executing program 3 (id=4519): r0 = socket(0xa, 0x5, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop13\x00', 0x60742, 0x0) write$auto(r1, &(0x7f0000000040)='//\xf2\x00', 0x80000000) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) timer_create$auto(0x0, 0x0, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, 0x0, 0x0) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, r2, 0x7ffd) madvise$auto(0x0, 0xffffffffffff0005, 0x17) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x100, 0x83, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}}) io_uring_register$auto(0x2, 0x11, &(0x7f0000000180), 0x83) sendmsg$auto_NL80211_CMD_LEAVE_OCB(r3, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x30, 0x0, 0x0, 0x70bd28, 0x25dfdbfc, {}, [@NL80211_ATTR_KEY_SEQ={0x7, 0xa, "107c4c"}, @NL80211_ATTR_WIPHY_DYN_ACK={0x4}, @NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0x3}, @NL80211_ATTR_WIPHY_NAME={0x5, 0x2, '\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x24008840}, 0x40000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) timer_create$auto(0x1, 0x0, 0x0) timer_settime$auto(0x0, 0x9, &(0x7f00000000c0)={{0x400000000f, 0x10007}, {0x9}}, 0x0) timer_gettime$auto(0x0, 0x0) set_mempolicy_home_node$auto(0x0, 0x2010001, 0x0, 0x0) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) clone$auto(0x10051c, 0x6, 0x0, 0xffffffffffffffff, 0x80000001) shutdown$auto(r0, 0xfff) socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0x5, 0xfffffffffffffe01, 0x8011, 0x3, 0x8000) sendmsg$auto_NFSD_CMD_THREADS_SET(r4, &(0x7f00000011c0)={&(0x7f00000010c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000001180)={&(0x7f0000001140)={0x1c, 0x0, 0x20, 0x70bd26, 0x25dfdbff, {}, [@NFSD_A_SERVER_LEASETIME={0x8, 0x3, 0x6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20040081}, 0x0) r5 = openat$auto_proc_pid_numa_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/numa_maps\x00', 0x22000, 0x0) read$auto_proc_sessionid_operations_base(r5, &(0x7f00000000c0)=""/4096, 0x1000) 14.943181339s ago: executing program 5 (id=4520): select$auto(0x0, &(0x7f0000000040)={[0x9, 0x4, 0x34, 0x9, 0x1, 0x1, 0x0, 0x6, 0xf, 0x1, 0x0, 0xcf, 0x5, 0x213, 0x5, 0xb98]}, 0x0, 0x0, 0x0) r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) mmap$auto(0x4000007, 0x400, 0x1, 0x9b72, r0, 0x8000) writev$auto(r0, &(0x7f0000000080)={&(0x7f0000000240)="e3", 0x1}, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/module/fuse/parameters/max_user_bgreq\x00', 0xc0481, 0x0) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) bpf$auto(0x8000000000000020, 0xffffffffffffffff, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/bus/pci/drivers/vmwgfx/new_id\x00', 0xa001, 0x0) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) clone$auto(0x20003b42, 0x8400, 0x0, 0x0, 0xfffffffffffffff9) r2 = openat$auto_proc_tid_children_operations_internal(0xffffffffffffff9c, &(0x7f0000000080), 0x41180, 0x0) read$auto(r2, 0x0, 0x58b22256) write$auto(0x3, 0x0, 0xfdef) r3 = socket(0x10, 0x2, 0x4) sendmsg$auto_HWSIM_CMD_TX_INFO_FRAME(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=ANY=[@ANYBLOB='%!\x00\x00', @ANYRES16=0x0, @ANYBLOB="000326bd7000fbdbdf250300000009000200cacd2dff11000000040012"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0xb06af94f6e038a6) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x10, 0x2, 0x14) socket$nl_generic(0x10, 0x3, 0x10) pidfd_open$auto(0x1, 0x0) socket(0xa, 0x80000, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(r3, &(0x7f0000000140)={0x0, 0x3f, &(0x7f0000000100)={&(0x7f0000000340)=ANY=[@ANYBLOB="2c0000001200c7"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x0) 12.995719962s ago: executing program 3 (id=4525): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54) shutdown$auto(0x200000003, 0x2) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x9, @dev={0xac, 0x14, 0x14, 0x11}}, 0x54) r0 = socket(0x11, 0x2, 0x9) r1 = prctl$auto_PR_SET_MM_START_CODE(0x1, 0x1, 0xffffffffffffffff, 0x10, 0x1) getsockopt$auto(r1, 0x0, 0x4, &(0x7f00000000c0)='\\&)-,[\x00', &(0x7f0000000100)=0x4) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptytf\x00', 0x41102, 0x0) pwrite64$auto(0xc8, &(0x7f0000000340)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88d\x11\x00\x00\x00\x00\x00\x00W\x02\xba\xae\xb8-\x14\xe4\x00\x00\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\x00\x00\x9f\x1e\xf6\xa4*\x01\x00\x00\x00^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e#\xae\xa9\xc5\x93\x1dD\x811\xb9_\xdd*j\xfd\xeb\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;\x9e\x83\x120\x81\x11\x9a?g`sFh\x00\x00\xda,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xdex\xd8\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00'/228, 0xfdef, 0x2) ioctl$auto(r0, 0x8910, 0x24) r2 = openat$auto_ftrace_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f0000003b00)='/sys/kernel/debug/tracing/events/vmalloc/purge_vmap_area_lazy/enable\x00', 0x600, 0x0) readv$auto(r2, &(0x7f0000003dc0)={0x0, 0x2000000}, 0xb) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_taskstats(&(0x7f0000001c80), r3) sendmsg$auto_TASKSTATS_CMD_GET(r3, &(0x7f0000001d40)={0x0, 0x0, &(0x7f0000001d00)={&(0x7f0000001cc0)={0x24, r4, 0x1, 0x70bd28, 0x25dfdbfc, {}, [@TASKSTATS_CMD_ATTR_DEREGISTER_CPUMASK={0xe, 0x4, 'NLBL_MGMT\x00'}]}, 0x24}, 0x1, 0x0, 0x0, 0x8040}, 0x22008044) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/net/lapb4/ifalias\x00', 0x1a1842, 0x0) r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty51\x00', 0x40001, 0x0) ioctl$auto(0x3, 0x540a, r5) r6 = openat$auto_buffer_percent_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/tracing/buffer_percent\x00', 0x1, 0x0) writev$auto(r6, &(0x7f00000035c0)={0x0, 0x4}, 0x4000000000006) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sg1\x00', 0x400, 0x0) 12.848045058s ago: executing program 5 (id=4526): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = socket(0xa, 0x3, 0x3b) connect$auto(r0, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) 11.26526498s ago: executing program 5 (id=4527): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, &(0x7f0000000200)={{@inferred, 0x1, 0x1, 0x81, "313bf5eb195a060000002af9ffb683dba3931f33828bbfba40f03510bf6b7fe5e2f94ba460d57d448667798d", @inferred=0x0}, 0x401, 0x5, 0x4, @inferred, @integer={0xdbe, 0x255, 0x8}, "7a9fc199a16a2311eacf2fc7ae1d8778dc618090334fdd73340238d21000debe0eda71bdd709254592b67f9cb5adb17884a16f7ce8cbce0bb32791702b8d7c2d"}) bpf$auto(0x8000000, &(0x7f0000000000)=@test={0xffffffffffffffff, 0x5, 0x9, 0x3a8453d3, 0x80, 0x8, 0x4, 0x1, 0x200, 0x8, 0x401, 0x2, 0x2, 0x2, 0xc28}, 0x0) r2 = socket(0x11, 0x3, 0x9) sendmmsg$auto(r2, &(0x7f00000001c0)={{0x0, 0x5ac, &(0x7f0000000100)={&(0x7f0000000200), 0x12}, 0x5, 0x0, 0x5, 0xe}, 0x5}, 0x2, 0x100) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d7) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) sendmsg$auto_ETHTOOL_MSG_PAUSE_SET(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000400)={&(0x7f0000000800)=ANY=[@ANYBLOB="b4000000", @ANYRES8=r3, @ANYBLOB="0a070000000000000000ee00800f00051002000dc0b5fdea000180080003000700000008000100", @ANYRES32=0x0, @ANYRESDEC=r3, @ANYRES32=0x0, @ANYBLOB="08000100be601483455a782583847dc439605383610f5abaf07e7f12fed7e0e714eaa48452e0d8979e700e50cca83dbd91d1d86b56fd179aa0b217c639c114ca8e0d00d4082acd11e824c2dbd21e3b3820015bfbb2b0dc53a132dbce0e473b5e1b1b6088c8d546def5586de57375862308e7eb76cbcdae259a3b52112d09f1fbe92d5f80efb264db", @ANYRESOCT=r3, @ANYRESOCT, @ANYRESOCT, @ANYRES16, @ANYRES64=r4, @ANYRES16], 0xb4}, 0x1, 0x0, 0x0, 0x5}, 0x20000054) write$auto(r4, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) write$auto(r4, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x4, 0x15) unshare$auto(0x40000080) mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000) r5 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r5, &(0x7f0000001bc0)="51426572911c17e9dd66bf94ea32689283bb895dbc0a97721ed6e250c974356905898b7d48acecddf280cf6dd4ba18c1aa3928071c6585025ceab0e2f34f37ddec138ea587fc4def825608b0ab2a6ecac42062bd3c58ba606307b7471b20a40ffa168b91dde6727571c4ec94bfbde1df90ccb265ffda374c98ffb1ee22069af38a3f200532dbbe5e98f4455170e9a137517b9b7b8840359940ab00f37125c2bec0ac36606b6c69edb35967d723fb81a15faea2bd280d1581ad1ef597bb4dc09f6a5d53aaff1877b77c4e425761dc09d34498c1fce72c0ba1041a99b8748a37597b9567cda1de2cbf6962798e5ee11bf7cb2c70a9502f33c43b8e5dc54de743a2e24cb94c22d669b434888a7ce4cb16cd77b324258e07af32adc0cb38f8c622085783f6804edc3913fb9e98c55713fa0bf8101ad0f6f43407ce4be0001d1bb201bec283ade79ab23484c1076e703864629ac9a6031533dc956f705f89f0e0ef7d3109e46859d1f2ad1b8cb3cfcedf868a3be101e8b9acd75e39e6a27a541aa9fe86ad3119b7049c3fad2a901222eb948cabb4b5c3e5ba6ffc02a15bf7d550b00ab0f3dd3002924f7bd0701269ae293c4cb231b9127d1f6b38dd6fbb3429905384eed7eed9330a9c5e732bdd510169d9ca3e420ea2102be3770a0ab598c037b8f01e8910cf8b0942aafb156ac90724cf552df158a7f59c26e62f3fcf32d860c2259cb1b3118a773ff3cfbaf9c5b068dade5cd7778f1ea98700629b62534735fef3071c30afa6ea26f7e651ec140936c07d9e90f1c9faef3e05376b1e121af6a6691616c10e19fd4f16b1858b44d99e597908cda0e8fa8c21d8b700987d7723a4b5a4ff3c371f2d1cb9fb2f054abc58727239ba67a173f1431083fedc7c4304488c13c75e4995a58ac9de085377356ddc5338aeb44e7f3d06f82a5e0c846159c881a0395a3dbf32a9f2530a520721431a752b13b01a89bdf2b38387b72e8a533936623ec396f6ef94ddfcca047bf20a6fe450a03dedb36a57355e2519ff579b5c63095f48407ece8a7c6c4f5b2582616f0a6bba059810c0a28355fb08dceec9e290026452c3135f8ad93f9617f22e590122d43f6fdc1ea0f9ec12c551b5127108443bb081f7a89660034ea4f3c4305108428cc91918dbb28c2a117f09609e40903b13055e92a727afa767b1f97df335ee729686c0113e4cc18aa50f4ad82b1d403cc6c11ac3bf63415560417d7d488df01b69c925ca3fce60ca7ac767fd11df61caf62f3ab67dad043faf1cc334903e0f419c2e97553ecaad5814bf097192e76e9a16bc5c9be932718aba32cd7dbcc6bc634a463c6f709cc81963b39442e710c14c7e107b0aeb7b6a0e3f3757860d10dd741863277c43ce4dcec49f4558959b08f59182baf4f250aa045fee383ceaec280817bf222dfbeeca8c1ec8473176326c1ffd49ea072b5f3c73f36865b6052a1595c1bb76cfe37f976848fbcb408381ddeff9c318a2e6bbfe6c18ef16531fec3c47874a5391238c0d6b0e033db3fce94127cc9c98a4211e5d873f7b4810846d96be2d6cac532fce0ddee737e4d1ddb65b8b2449984a897e4090449ed4fb4006fb9d133e51396d4664a3f0c395c5b24781f8389979ccb565c6461b66db7134d15cff5ae8f935a5bcb23caace2edd2b37a726575e3cb0528de05edd9f03e30feb617767b6a557280a0a288b52af44a1607b6063867e5c9d8d56c44968fd509b5983fa06e6b1eefb2f8cee0c1cb49b8b569cf13b77adbc22ce972cd718167ac571ee41a446d13931f849d5636c729996b36ec84171fde260a4e01e9770cf687591a79833ae6473c51e12c0faab96ef093e6178d485526dbf775c94324c76bd4af2652e9036b1cc0d3df05c9232ee6eef7c4f46a6cf8ad160ad087aba6928bf156bf3ade1d135a965c4a2b283485737da67fe99227f2fbfb3baa74d75fe29122adfd82fcb9325b7ea826a52559654e76d494a374d9535facfcd4ab248e388c516bb8a0dc151b1557e418fd7c625c67ab1c50d6f05b97ba15c55631aeea44b21131aa93ead176f7bfd1418856e38782f004f272738827a64bb695f6b6a08cff8d1917be52a8851bd2bfd57d08bb0660e2ffc23792a419c2e9b006e3b0ad05044d99b97391fd2cceb86cf26acebe089a861340b04fd01e1baa70583032a30ea2e605217b80f7ee16d7e28be43d12bb2b67937dd26a8aeb84fef2f2d52f75232a400e7b279dcfc01953b0c46203477a50b5853e8f7b14b2ba31db742504bca6ed95b18846706c9fd85bf2a3a2642029b9ff2828bf0f7cbd96109a237961be8fe5c62f0fcc04c994f123f4a22f048403eac9308cfd2f2e4350c72e9ef83416ce973d3aa90d281a0275886dd3858b5869784ae58e257aa5af6d373dcc9cf520e364be748833adbb10daa6f6a334b51d27529d86ea5ce874562f9f93da45d244224b936fced3b658abbe7aa1f0d502fffce823f528ab47ea3540722f144733666229ae08cfc7e61247742ea4e3c180938ae7c7b81c1ee975c831f79672e044cefc49894c2ab73bba2580ac476cc0e56b6748b8edbb37a3f8dda7ffad4ec07abce7c4d10fc32e40d5a9db37f7b1e3a6eabedbefa9dd8eef189b92363d3391d384af26b7d47958d3d82845c9b668da5bcbd64058dc9e1c6d903ab5d2aa049d197116a11309a1abe9e5b3f9e7f1c623242b1d8089bc369d145a7070e8a9bdf543dbffe899ff9366009a3b0424a634681b530dad9ef23f136a10c7287068e57f3c2de45adf0a105c328e0035b97168f4c17aa4610b2e6e1a6ba0b71c06417b7a9497be4a009b19d7162adfd4d7b6490faf3782a920281333ad09b848ab5f4d15534b8c4e43dc9604b0630f8d349b2c80a98fde04693c31cbed7d460edfc0138dcc5d3974e682bbd555ac19625bf6e0607d8803391ec9c2dc41fc4e8bceae4f53507137324dd02914a067d52a577b812ddac4a34765c26a98839b3edb6290abff0c75991d6f8c1bd7540f38a7f25fec2f3539f894c938e1f3cf0ff1e6994d6a6ecc457a482f045ba712a85e8e31afd49c8e3480dc1c36d56ab2eceac6e5a847455d8ef4e3d45cd463c421bd1bce2ca57dd88f0e7ab3446cdfa8cb3914c240936f1738af7009e9131b240b59af55d7e38307b91fc8f00410cfdcfacaa341607a801afa63640091eb00b860700ea882878a8d9838f5597b970366be7d167ddebfe3c9253b5dbf7f30a67ee4d87dccb3c723c20200aa5fc036caf12811b19ce49c81ce328d7b24587353ecb99bafd327e33303cf447b36800d1bed8ee10df527d55c0d5f7506fb11cb133", 0x930) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000340)='/dev/snd/midiC2D0\x00', 0x202003, 0x0) prctl$auto(0x3e, 0x1, r1, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0xe, 0x0, 0x20) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) io_uring_setup$auto(0x8008, 0x0) close_range$auto(0x2, 0x8, 0x0) clock_nanosleep$auto(0x2, 0x6, 0x0, 0x0) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) write$auto(r6, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) fsopen$auto(&(0x7f0000000280)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x6) open(&(0x7f0000000000)='./cgroup\x00', 0x50000, 0x169) 11.264842033s ago: executing program 3 (id=4529): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) set_mempolicy$auto(0x6, &(0x7f0000000080)=0x3, 0x21) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000580)='/sys/devices/virtual/thermal/cooling_device0/max_state\x00', 0x500, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f00000005c0)=""/8, 0x8) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x2000c000}, 0x4004) openat$auto_msft_opcode_fops_(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/bluetooth/hci2/msft_opcode\x00', 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f0, 0x15) madvise$auto(0x0, 0x200007, 0x19) getrusage$auto_RUSAGE_BOTH(0xfffffffffffffffe, 0x0) openat$auto_suspend_stats_fops_(0xffffffffffffff9c, &(0x7f00000003c0), 0x1001, 0x0) socket(0x2, 0x801, 0x100) connect$auto(0x3, &(0x7f00000000c0), 0x55) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r1, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) recvmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x2, &(0x7f0000000140)={0x0, 0x4d7}, 0x6, 0x0, 0x8, 0x10007fe}, 0x1000}, 0xffffffff, 0x4, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) sendmmsg$auto(0x3, 0x0, 0xff, 0x7000000) close_range$auto(0x2, 0x8, 0x0) unshare$auto(0x40000080) 7.841975947s ago: executing program 1 (id=4533): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = socket(0xa, 0x3, 0x3b) connect$auto(r0, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x8, 0x81, 0x3, 0x216, r0, 0x40000000008000) r1 = getpid() r2 = gettid() rt_tgsigqueueinfo$auto(r1, r2, 0x21, 0x0) timer_create$auto_CLOCK_TAI(0xb, &(0x7f0000000440)={@sival_int=0x5, @raw=0x8, 0x305, @_tid=r1}, &(0x7f0000000480)=0x80000001) mmap$auto(0x0, 0x5, 0x4000000000e2, 0xeb1, 0x401, 0x8000) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0xc02, 0x0) unshare$auto(0x20000) 6.881043095s ago: executing program 1 (id=4534): openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) ioctl$auto_BLKRRPART(0xffffffffffffffff, 0x125f, 0x700000000000000) socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x6, 0x1, 0xa, 0x7, 0x3b, 0x3ff, 0x1ffde, 0x7, 0x6, 0x2, 0x9, 0x6, 0x6, 0x4, 0xb2, 0x9, 0x3, 0xfffc, 0x80, 0x7, 0x40000, 0x7, 0x2000, 0x200, 0x0, 0x81, 0x0, 0x7, 0x0, 0x0, 0x0, [0x1000000001, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x5, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x401, 0x3, 0x3, 0x4eb, 0x0, 0x0, 0x0, 0x7]}, 0x202, 0xd) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x40005, 0xdf, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/smaps_rollup\x00', 0x40200, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) read$auto_proc_pid_maps_operations_internal(r0, &(0x7f00000020c0)=""/4093, 0xffd) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0xf0, 0x400009, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) msync$auto(0x1ffff000, 0x8, 0x400000004) open(0x0, 0x163340, 0x7b) ioctl$auto_TIOCVHANGUP2(0xffffffffffffffff, 0x5437, &(0x7f0000000280)="34516f7276dfaacf46facb8323edc3f98472075577769a1f838e20ecf400bfb58bb5") mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) process_vm_writev$auto(0x0, &(0x7f00000011c0)={&(0x7f00000001c0), 0x8}, 0x7, 0x0, 0x7, 0xb5) sendmsg$auto_TIPC_NL_LINK_SET(0xffffffffffffffff, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000002a80)={&(0x7f0000000200)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB="01000200000000006bbc9d65365cbf8013"], 0x18}, 0x1, 0x0, 0x0, 0x4000094}, 0x8080) socket(0x11, 0x3, 0x9) 5.816412099s ago: executing program 1 (id=4535): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0xc0000, 0x0) ioctl$auto(r0, 0xc0104d08, 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000001c0)='\x00\x00\x00\x00', 0x100000a3db) mremap$auto(0x4, 0x4000007, 0x3fd7, 0x0, 0x7fffffffffffffff) process_vm_readv$auto(0x0, &(0x7f0000000280)={0x0, 0x7}, 0xda, &(0x7f0000000180)={&(0x7f0000000140), 0x40000000001243}, 0xa, 0x0) lseek$auto(0x3, 0x8, 0x1) r2 = bpf$auto_BPF_LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000040)=@raw_tracepoint={0x1, 0xffffffffffffffff, 0x0, 0xee}, 0x78ec8) mmap$auto(0x0, 0x20007, 0x9, 0xeb1, r3, 0x8000) r4 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[@ANYRES32=r4, @ANYRES16=r4, @ANYRES64=r2], 0x1c}, 0x1, 0x0, 0x0, 0x40801}, 0x4008044) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x40814}, 0x2004c0c4) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtd0ro\x00', 0x284040, 0x0) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/zswap/parameters/compressor\x00', 0xc0002, 0x0) write$auto_ocfs2_control_fops_stack_user(r5, &(0x7f0000003900)='\t', 0x1) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/nfs/parameters/nfs_idmap_cache_timeout\x00', 0xc2902, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/bus/hdaudio/drivers/snd_hda_codec_ca0110/uevent\x00', 0x221001, 0x0) read$auto(r6, 0x0, 0x20) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) 5.54488614s ago: executing program 3 (id=4536): msgctl$auto_IPC_INFO(0xfffffff7, 0x3, &(0x7f0000000600)={{0x81, 0x0, 0x0, 0x8215, 0xae5, 0x3ff, 0x4}, 0x0, &(0x7f00000005c0)=0xd9, 0x2, 0x3, 0x9, 0x7, 0x101, 0x3, 0xe, 0x2, @raw=0x2, @raw=0x2}) open(0x0, 0x161342, 0x100) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000) getegid() prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x6) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) modify_ldt$auto(0x11, 0x0, 0x10) socket(0xa, 0x2, 0x0) setsockopt$auto(0x400000000000003, 0x29, 0x6, 0x0, 0x3) setreuid$auto(0x15, 0x5) setuid$auto(0xe) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) r0 = socket(0x10, 0x2, 0xc) sendmsg$auto_NETDEV_CMD_NAPI_GET2(r0, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0xdc93f75efa074bf9}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="080000040000fbdbdfdcd1000000"], 0x14}, 0x1, 0x0, 0x0, 0x400c080}, 0xd0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) r1 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f00000000c0), 0x440, 0x0) syncfs$auto(r1) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000380)='/proc/self/net/rpc/auth.rpcsec.context/channel\x00', 0xc8841, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000003c0)='\x03\x00\x04', 0x101) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) r2 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0xa, 0x3, 0xb, 0x5, 0x1ffde, 0x3, 0x6, 0x2, 0x6c8, 0x5, 0x20000000003, 0x5, 0xb0, 0x7, 0x10000002, 0x3, 0x5, 0x7, 0x0, 0x0, 0x42, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x1fe, 0x81) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x800}, 0x40000) socket(0xa, 0x2, 0x0) setsockopt$auto(0x400000000000003, 0x29, 0x3a, 0x0, 0x1000) bind$auto(0xffffffffffffffff, &(0x7f0000000080)=@generic={0x1d, "ffffff0b000000000000000700"}, 0x13) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0xc20f0000, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x8) 4.667315092s ago: executing program 1 (id=4537): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = socket(0xa, 0x3, 0x3b) connect$auto(r0, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) 4.599997916s ago: executing program 5 (id=4538): openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x8800, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000080), r0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000dc0)={&(0x7f0000000380)={0xf4, r1, 0x1, 0x70bd2a, 0x25dffbfb, {}, [@HWSIM_ATTR_RADIO_NAME={0x2d, 0x11, '/P\x13jE\f\xf9r\xf5\xa3\xd2\x84y\xf9*\x9b\"\x1c\xa4l-\x19\xfd\xa4\xf4y\x02\xc2\x96\xfa\x84L\x12\xcd\x83\xf7\x12\xd3\xc4\x1e]'}, @HWSIM_ATTR_ADDR_TRANSMITTER={0xb0, 0x2, "aa184e50567e94f919f58bf588545b86cb5179384bdc68e1049962b13a9b511cb7a8b4dae7dd4b4237ab22ed503312ad00f884924ad3af8da502ed519d1f1d4fbaf93ceca403c8cd0a745bb39b37071d27d5f24962ff06eef1e24da67b778c2f59568244ebaa86f9525a1887ed81aaee9048b3b36638c60a05697d10e6f594e0e883163b8fa6bc5fd63b64e4d5a3f71e96d30b7409548657453de679137917e0bb503526b096c800a4051658"}]}, 0xf4}, 0x1, 0x0, 0x0, 0x4008040}, 0x40800) sendmsg$auto_ETHTOOL_MSG_FEC_SET(0xffffffffffffffff, 0x0, 0x20004000) unshare$auto(0x40000080) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/usb/usbmon/0u\x00', 0x22202, 0x0) pread64$auto(r2, 0x0, 0x0, 0x9) read$auto_mon_fops_text_t_mon_text(r2, 0x0, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/009/001\x00', 0x0, 0x0) prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0x2) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x1dfbdb30) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sg1\x00', 0x646502, 0x0) openat$auto_set_tracer_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/current_tracer\x00', 0x41, 0x0) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x400, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/037/001\x00', 0x630001, 0x0) openat$auto_ftrace_set_event_notrace_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/tracing/set_event_notrace_pid\x00', 0x100242, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/bus/netdevsim/del_device\x00', 0x501, 0x0) madvise$auto(0x0, 0x2000040080000004, 0xb) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0x0, 0x0) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/platform/dummy_hcd.2/usb3/authorized\x00', 0x601, 0x0) write$auto(r5, &(0x7f00000002c0)='1\x81=\"\xad\xff\x8d\xf9P\x18\xa4\xb0\xb4\xd9\x82=\xe1P\x05\x00\xfb&\xe8\xbf\x901\a2\xa2X`\a\xf1y\xb3\"=', 0xd4d0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r4, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x202000b, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) 2.891430029s ago: executing program 35 (id=4508): openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) ioctl$auto_BLKRRPART(0xffffffffffffffff, 0x125f, 0x700000000000000) socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x6, 0x1, 0xa, 0x7, 0x3b, 0x3ff, 0x1ffde, 0x7, 0x6, 0x2, 0x9, 0x6, 0x6, 0x4, 0xb2, 0x9, 0x3, 0xfffc, 0x80, 0x7, 0x40000, 0x7, 0x2000, 0x200, 0x0, 0x81, 0x0, 0x7, 0x0, 0x0, 0x0, [0x1000000001, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x5, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x401, 0x3, 0x3, 0x4eb, 0x0, 0x0, 0x0, 0x7]}, 0x202, 0xd) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x40005, 0xdf, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/smaps_rollup\x00', 0x40200, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) read$auto_proc_pid_maps_operations_internal(r0, &(0x7f00000020c0)=""/4093, 0xffd) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0xf0, 0x400009, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) msync$auto(0x1ffff000, 0x8, 0x400000004) open(0x0, 0x163340, 0x7b) ioctl$auto_TIOCVHANGUP2(0xffffffffffffffff, 0x5437, &(0x7f0000000280)="34516f7276dfaacf46facb8323edc3f98472075577769a1f838e20ecf400bfb58bb5") mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) process_vm_writev$auto(0x0, &(0x7f00000011c0)={&(0x7f00000001c0), 0x8}, 0x7, 0x0, 0x7, 0xb5) sendmsg$auto_TIPC_NL_LINK_SET(0xffffffffffffffff, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000002a80)={&(0x7f0000000200)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB="01000200000000006bbc9d65365cbf8013"], 0x18}, 0x1, 0x0, 0x0, 0x4000094}, 0x8080) socket(0x11, 0x3, 0x9) 2.75664359s ago: executing program 1 (id=4540): mmap$auto(0x3f, 0x6, 0x3, 0xeb1, 0xffffffffffffffff, 0x3) socket(0x2, 0x3, 0xa) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/seq/clients\x00', 0x280, 0x0) pread64$auto(r0, 0x0, 0x8, 0x8) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) sendmmsg$auto(0x3, 0x0, 0x9a5, 0x47ffff7a) syz_genetlink_get_family_id$auto_ila(0x0, 0xffffffffffffffff) sendmsg$auto_ILA_CMD_ADD(0xffffffffffffffff, 0x0, 0x4) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000040), 0xffffffffffffffff) ftruncate$auto(0xffffffffffffffff, 0x3) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x28, 0x801, 0x0) connect$auto(0x3, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x2711}, 0x51) socket(0xf, 0x3, 0x2) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket(0x1e, 0x1, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000026d00)='/dev/dri/card0\x00', 0x2000, 0x0) fanotify_init$auto(0x5, 0x2000000000002) select$auto(0x6, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x6, 0xfff, 0x6, 0x5, 0x3, 0x95f4da2d, 0xc, 0x6, 0x62, 0x7, 0x7, 0x6d3f, 0xa, 0x4, 0x5]}, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x3, 0x400000000009, 0x1, 0x948b, 0x3, 0x15f4da0c, 0x1, 0x2000000000000004, 0x62, 0x80000001, 0x6, 0xffff, 0x9, 0x40000000002, 0xfffffffffffffffe]}, 0x0) prctl$auto(0x27, 0x0, 0x0, 0x0, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) write$auto_console_fops_tty_io(0xffffffffffffffff, 0x0, 0x0) 2.752294751s ago: executing program 3 (id=4541): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) set_mempolicy$auto(0x6, &(0x7f0000000080)=0x3, 0x21) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000580)='/sys/devices/virtual/thermal/cooling_device0/max_state\x00', 0x500, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f00000005c0)=""/8, 0x8) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x2000c000}, 0x4004) openat$auto_msft_opcode_fops_(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/bluetooth/hci2/msft_opcode\x00', 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f0, 0x15) madvise$auto(0x0, 0x200007, 0x19) getrusage$auto_RUSAGE_BOTH(0xfffffffffffffffe, 0x0) openat$auto_suspend_stats_fops_(0xffffffffffffff9c, &(0x7f00000003c0), 0x1001, 0x0) socket(0x2, 0x801, 0x100) connect$auto(0x3, &(0x7f00000000c0), 0x55) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) recvmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x2, &(0x7f0000000140)={0x0, 0x4d7}, 0x6, 0x0, 0x8, 0x10007fe}, 0x1000}, 0xffffffff, 0x4, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) sendmmsg$auto(0x3, 0x0, 0xff, 0x7000000) close_range$auto(0x2, 0x8, 0x0) unshare$auto(0x40000080) 0s ago: executing program 1 (id=4542): memfd_secret$auto(0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) mmap$auto(0x0, 0x20009, 0x20df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) openat$auto_iommufd_fops_main(0xffffffffffffff9c, &(0x7f00000001c0), 0x20200, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x38, 0x6, 0x8000) syz_genetlink_get_family_id$auto_nlctrl(0x0, 0xffffffffffffffff) request_key$auto_KEY_SPEC_PROCESS_KEYRING(&(0x7f00000006c0)='[{%\xbc::(\x00', 0xfffffffffffffffd, 0x0, 0xfffffffffffffffe) madvise$auto(0x0, 0x200, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r1 = socket(0x15, 0x5, 0x0) setsockopt$auto(r1, 0x114, 0x8, 0x0, 0x4) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) r3 = ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) mmap$auto(0x0, 0x400008, 0x5, 0x9b72, 0xffffffffffffffff, 0x8000) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000000), r3) madvise$auto(0x0, 0x20000a, 0x4) unshare$auto(0x40000080) open_by_handle_at$auto(0xffffffffffffffff, 0x0, 0x6) socket(0xa, 0x2, 0x10) socket(0xa, 0x2, 0x3a) r4 = socket(0xa, 0x2, 0x88) close_range$auto(0x0, 0xfffffffffffff000, 0x2) bpf$auto(0x0, &(0x7f0000000200)=@link_update={r4, @new_prog_fd=0x4, 0x8, @old_prog_fd=r4}, 0xa3) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$auto_MACSEC_CMD_UPD_RXSC(r5, &(0x7f0000000240)={0x0, 0x2c, &(0x7f0000000200)={&(0x7f00000003c0)={0x2c, r6, 0x201, 0x70bd2c, 0x25dfdbfd, {}, [@MACSEC_ATTR_RXSC_CONFIG={0x10, 0x2, 0x0, 0x1, [@typed={0xc, 0x1, 0x0, 0x0, @u64=0xa}]}, @MACSEC_ATTR_IFINDEX={0x8}]}, 0x2c}, 0x1, 0x1000000, 0x0, 0x20004054}, 0x480b0) kernel console output (not intermixed with test programs): ORIG_RAX: 0000000000000101 [ 1342.620103][T20122] RAX: ffffffffffffffda RBX: 00007f8c2b1e5fa0 RCX: 00007f8c2af8f6c9 [ 1342.620119][T20122] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1342.620135][T20122] RBP: 00007f8c2b011f91 R08: 0000000000000000 R09: 0000000000000000 [ 1342.620150][T20122] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1342.620164][T20122] R13: 00007f8c2b1e6038 R14: 00007f8c2b1e5fa0 R15: 00007fff6aa9a6d8 [ 1342.620197][T20122] [ 1344.620340][T20132] random: crng reseeded on system resumption [ 1345.570759][ T5888] usb usb38-port5: attempt power cycle [ 1345.680503][T20136] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1345.686785][T20136] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1345.703257][T20136] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1345.712719][T20127] kexec: Could not allocate control_code_buffer [ 1346.221263][ T5888] usb usb38-port5: unable to enumerate USB device [ 1346.552410][T20157] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3385'. [ 1346.680650][T20157] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1346.691238][T20160] Unable to find swap-space signature [ 1346.724710][T20157] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1346.834300][T20157] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1346.929521][T20157] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1347.144583][ T5888] usb usb38-port5: attempt power cycle [ 1347.699536][T13305] Bluetooth: hci1: command 0x0c1a tx timeout [ 1347.706086][T13305] Bluetooth: hci3: command 0x0c1a tx timeout [ 1347.712623][T17349] Bluetooth: hci4: command 0x0c1a tx timeout [ 1347.881806][ T5888] usb usb38-port5: unable to enumerate USB device [ 1349.912222][T20215] binder: 20212:20215 ioctl 4018620d 9 returned -22 [ 1349.949917][T20215] binder: 20212:20215 ioctl 4018620d 9 returned -22 [ 1351.539965][T20221] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3407'. [ 1351.822776][T20225] Unable to find swap-space signature [ 1354.733256][T20258] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3406'. [ 1354.974403][T20264] program syz.2.3408 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1355.889856][T20273] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3409'. [ 1358.149911][T20302] random: crng reseeded on system resumption [ 1358.242654][T20302] Restarting kernel threads ... [ 1358.270114][T20302] Done restarting kernel threads. [ 1358.979702][T20311] ACPI: EC: Assuming SCI_EVT clearing on QR_EC writes [ 1359.931431][T20329] random: crng reseeded on system resumption [ 1359.968399][T20329] Restarting kernel threads ... [ 1359.995495][T20329] Done restarting kernel threads. [ 1360.012595][T20329] FAULT_INJECTION: forcing a failure. [ 1360.012595][T20329] name failslab, interval 1, probability 0, space 0, times 0 [ 1360.053978][T20329] CPU: 0 UID: 0 PID: 20329 Comm: syz.1.3423 Not tainted syzkaller #0 PREEMPT(full) [ 1360.054011][T20329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1360.054026][T20329] Call Trace: [ 1360.054035][T20329] [ 1360.054044][T20329] dump_stack_lvl+0x16c/0x1f0 [ 1360.054079][T20329] should_fail_ex+0x512/0x640 [ 1360.054117][T20329] ? __kvmalloc_node_noprof+0x12e/0x9c0 [ 1360.054150][T20329] should_failslab+0xc2/0x120 [ 1360.054191][T20329] __kvmalloc_node_noprof+0x141/0x9c0 [ 1360.054226][T20329] ? alloc_fdtable+0x17f/0x2d0 [ 1360.054255][T20329] ? alloc_fdtable+0x17f/0x2d0 [ 1360.054276][T20329] alloc_fdtable+0x17f/0x2d0 [ 1360.054301][T20329] dup_fd+0x83b/0xb90 [ 1360.054335][T20329] __do_sys_close_range+0x4ca/0x730 [ 1360.054366][T20329] ? __pfx___do_sys_close_range+0x10/0x10 [ 1360.054403][T20329] do_syscall_64+0xcd/0xfa0 [ 1360.054435][T20329] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1360.054460][T20329] RIP: 0033:0x7fe13798f6c9 [ 1360.054479][T20329] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1360.054507][T20329] RSP: 002b:00007fe138825038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1360.054530][T20329] RAX: ffffffffffffffda RBX: 00007fe137be6090 RCX: 00007fe13798f6c9 [ 1360.054546][T20329] RDX: 0000000000000006 RSI: ffffffffffffffff RDI: ffffffffffffffff [ 1360.054561][T20329] RBP: 00007fe137a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 1360.054576][T20329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1360.054591][T20329] R13: 00007fe137be6128 R14: 00007fe137be6090 R15: 00007ffc2c02cc58 [ 1360.054622][T20329] [ 1360.994715][T20341] binder: 20336:20341 ioctl 4018620d 9 returned -22 [ 1361.047367][T20341] binder: 20336:20341 ioctl 4018620d 9 returned -22 [ 1362.577532][T20364] 0x000200000001-0xa29656a63616329 : "" [ 1362.641475][T20364] mtd: partition "" is out of reach -- disabled [ 1362.785980][T20364] ftl_cs: FTL header not found. [ 1364.103973][T20380] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3433'. [ 1365.437235][T20391] Process accounting paused [ 1366.763024][T20427] netlink: zone id is out of range [ 1367.612848][T20441] vhci_hcd: invalid port number 16 [ 1368.315402][T20455] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 1368.490101][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 1368.514370][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 1370.332162][T20480] binder: 20475:20480 ioctl 4018620d 9 returned -22 [ 1370.350360][T20480] binder: 20475:20480 ioctl 4018620d 9 returned -22 [ 1370.922022][T20483] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3453'. [ 1371.974614][T20501] binder: 20494:20501 ioctl 4018620d 9 returned -22 [ 1371.995824][T20501] binder: 20494:20501 ioctl 4018620d 9 returned -22 [ 1373.440844][T20518] binder: 20504:20518 ioctl 4018620d 9 returned -22 [ 1373.604601][T20518] binder: 20504:20518 ioctl 4018620d 9 returned -22 [ 1376.042334][T20543] random: crng reseeded on system resumption [ 1377.102394][T20558] random: crng reseeded on system resumption [ 1377.157115][T20559] FAULT_INJECTION: forcing a failure. [ 1377.157115][T20559] name failslab, interval 1, probability 0, space 0, times 0 [ 1377.281161][T20559] CPU: 0 UID: 0 PID: 20559 Comm: syz.1.3474 Not tainted syzkaller #0 PREEMPT(full) [ 1377.281195][T20559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1377.281211][T20559] Call Trace: [ 1377.281219][T20559] [ 1377.281229][T20559] dump_stack_lvl+0x16c/0x1f0 [ 1377.281263][T20559] should_fail_ex+0x512/0x640 [ 1377.281300][T20559] ? __kmalloc_cache_noprof+0x5f/0x780 [ 1377.281328][T20559] should_failslab+0xc2/0x120 [ 1377.281362][T20559] __kmalloc_cache_noprof+0x72/0x780 [ 1377.281386][T20559] ? do_raw_spin_lock+0x12c/0x2b0 [ 1377.281424][T20559] ? alloc_fdtable+0xbd/0x2d0 [ 1377.281451][T20559] ? alloc_fdtable+0xbd/0x2d0 [ 1377.281472][T20559] alloc_fdtable+0xbd/0x2d0 [ 1377.281496][T20559] dup_fd+0x83b/0xb90 [ 1377.281531][T20559] __do_sys_close_range+0x4ca/0x730 [ 1377.281562][T20559] ? __pfx___do_sys_close_range+0x10/0x10 [ 1377.281600][T20559] do_syscall_64+0xcd/0xfa0 [ 1377.281632][T20559] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1377.281657][T20559] RIP: 0033:0x7fe13798f6c9 [ 1377.281676][T20559] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1377.281700][T20559] RSP: 002b:00007fe138804038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1377.281723][T20559] RAX: ffffffffffffffda RBX: 00007fe137be6180 RCX: 00007fe13798f6c9 [ 1377.281739][T20559] RDX: 0000000000000006 RSI: ffffffffffffffff RDI: ffffffffffffffff [ 1377.281754][T20559] RBP: 00007fe137a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 1377.281769][T20559] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1377.281784][T20559] R13: 00007fe137be6218 R14: 00007fe137be6180 R15: 00007ffc2c02cc58 [ 1377.281815][T20559] [ 1381.623745][T20588] binder: 20582:20588 ioctl 4018620d 9 returned -22 [ 1381.784280][T20588] binder: 20582:20588 ioctl 4018620d 9 returned -22 syzkaller syzkaller login: [ 1391.413295][T20657] binder: 20650:20657 ioctl 4018620d 9 returned -22 [ 1391.597995][T20657] binder: 20650:20657 ioctl 4018620d 9 returned -22 [ 1393.105170][T20649] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1393.180663][T20649] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1393.282196][T20649] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1393.390767][T20653] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 1393.607052][T20676] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3487'. [ 1393.772496][T20676] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1393.790796][T20676] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1393.883521][T20676] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1393.892160][T20676] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1394.162798][ T9] usb usb38-port5: attempt power cycle [ 1394.788331][ T9] usb usb38-port5: unable to enumerate USB device [ 1395.132528][T20180] Bluetooth: hci3: command 0x0c1a tx timeout [ 1395.199871][T20651] kexec: Could not allocate control_code_buffer [ 1395.212127][T20180] Bluetooth: hci1: command 0x0c1a tx timeout [ 1395.292829][T11964] Bluetooth: hci4: command 0x0c1a tx timeout [ 1395.656452][T20642] Process accounting resumed [ 1396.047105][T20701] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(5) [ 1396.455567][T20707] random: crng reseeded on system resumption [ 1397.269231][T20720] [U] [ 1397.272080][T20720] [U] [ 1397.274801][T20720] [U] [ 1397.277513][T20720] [U] [ 1397.280226][T20720] [U] [ 1397.430272][T20720] [U] [ 1401.036603][T20788] binder: 20785:20788 ioctl 4018620d 9 returned -22 [ 1401.075895][T20788] binder: 20785:20788 ioctl 4018620d 9 returned -22 [ 1408.081685][T20841] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz.1.3517: bg 2: bad block bitmap checksum [ 1408.164893][T20841] EXT4-fs (sda1): Delayed block allocation failed for inode 2029 at logical offset 1366 with max blocks 11 with error 74 [ 1408.218742][T20841] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1408.218742][T20841] [ 1410.523207][T20873] EXT4-fs (sda1): Delayed block allocation failed for inode 2031 at logical offset 910 with max blocks 26 with error 117 [ 1410.596830][T20873] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1410.596830][T20873] [ 1411.024349][T20864] kexec: Could not allocate control_code_buffer [ 1412.107535][T20895] block nbd9: NBD_DISCONNECT [ 1412.408469][T20896] netlink: 25 bytes leftover after parsing attributes in process `syz.1.3528'. [ 1412.707510][T20893] ima: policy update failed [ 1412.730778][ T30] audit: type=1802 audit(4294967557.069:27): pid=20893 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.3528" res=0 errno=0 [ 1413.207806][T20906] Invalid ELF header magic: != ELF [ 1413.232014][T20898] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1413.458676][T20898] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1413.625326][T20898] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1413.864554][T20898] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1414.898313][T20922] random: crng reseeded on system resumption [ 1414.920877][T20922] Restarting kernel threads ... [ 1414.946557][T20922] Done restarting kernel threads. [ 1416.360612][T20940] binder: 20932:20940 ioctl 4018620d 9 returned -22 [ 1416.485197][T20940] binder: 20932:20940 ioctl 4018620d 9 returned -22 [ 1418.642801][T20951] netlink: zone id is out of range [ 1418.647997][T20951] netlink: del zone limit has 4 unknown bytes [ 1418.713199][T20950] netlink: set zone limit has 8 unknown bytes [ 1419.080964][T20947] netlink: 244 bytes leftover after parsing attributes in process `syz.1.3539'. [ 1419.211264][T20955] random: crng reseeded on system resumption [ 1420.079795][T20964] netlink: set zone limit has 8 unknown bytes [ 1421.615872][T20986] FAULT_INJECTION: forcing a failure. [ 1421.615872][T20986] name failslab, interval 1, probability 0, space 0, times 0 [ 1421.663264][T20986] CPU: 0 UID: 0 PID: 20986 Comm: syz.1.3546 Not tainted syzkaller #0 PREEMPT(full) [ 1421.663299][T20986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1421.663314][T20986] Call Trace: [ 1421.663322][T20986] [ 1421.663332][T20986] dump_stack_lvl+0x16c/0x1f0 [ 1421.663368][T20986] should_fail_ex+0x512/0x640 [ 1421.663405][T20986] ? fs_reclaim_acquire+0xae/0x150 [ 1421.663441][T20986] should_failslab+0xc2/0x120 [ 1421.663475][T20986] __kmalloc_noprof+0xdd/0x880 [ 1421.663513][T20986] ? kfree+0x252/0x6d0 [ 1421.663533][T20986] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 1421.663568][T20986] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 1421.663597][T20986] tomoyo_realpath_from_path+0xc2/0x6e0 [ 1421.663634][T20986] tomoyo_check_open_permission+0x2ab/0x3c0 [ 1421.663684][T20986] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 1421.663753][T20986] ? lock_acquire+0x179/0x350 [ 1421.663788][T20986] ? find_held_lock+0x2b/0x80 [ 1421.663814][T20986] ? mnt_get_write_access+0x52/0x2f0 [ 1421.663851][T20986] tomoyo_file_open+0x6b/0x90 [ 1421.663886][T20986] security_file_open+0x84/0x1e0 [ 1421.663914][T20986] do_dentry_open+0x596/0x1530 [ 1421.663952][T20986] vfs_open+0x82/0x3f0 [ 1421.663991][T20986] path_openat+0x1de4/0x2cb0 [ 1421.664028][T20986] ? __pfx_path_openat+0x10/0x10 [ 1421.664058][T20986] ? __lock_acquire+0xb8a/0x1c90 [ 1421.664095][T20986] do_filp_open+0x20b/0x470 [ 1421.664122][T20986] ? __pfx_do_filp_open+0x10/0x10 [ 1421.664172][T20986] ? alloc_fd+0x471/0x7d0 [ 1421.664208][T20986] do_sys_openat2+0x11b/0x1d0 [ 1421.664244][T20986] ? __pfx_do_sys_openat2+0x10/0x10 [ 1421.664293][T20986] __x64_sys_openat+0x174/0x210 [ 1421.664330][T20986] ? __pfx___x64_sys_openat+0x10/0x10 [ 1421.664380][T20986] do_syscall_64+0xcd/0xfa0 [ 1421.664413][T20986] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1421.664439][T20986] RIP: 0033:0x7fe13798f6c9 [ 1421.664458][T20986] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1421.664481][T20986] RSP: 002b:00007fe138846038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1421.664504][T20986] RAX: ffffffffffffffda RBX: 00007fe137be5fa0 RCX: 00007fe13798f6c9 [ 1421.664520][T20986] RDX: 0000000000000002 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 1421.664536][T20986] RBP: 00007fe137a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 1421.664551][T20986] R10: 00000000000000eb R11: 0000000000000246 R12: 0000000000000000 [ 1421.664565][T20986] R13: 00007fe137be6038 R14: 00007fe137be5fa0 R15: 00007ffc2c02cc58 [ 1421.664597][T20986] [ 1422.287718][T20982] kexec: Could not allocate control_code_buffer [ 1422.513581][T20986] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1423.410744][T21006] netlink: 334 bytes leftover after parsing attributes in process `syz.4.3547'. [ 1424.786539][T21023] ptp ptp0: guarantee physical clock free running [ 1424.991618][T21022] mkiss: ax0: crc mode is auto. [ 1426.190297][T21040] ubi: mtd0 is already attached to ubi31 [ 1426.627067][T21025] Process accounting paused [ 1429.603486][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 1429.609816][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 1430.180880][T21075] binder: 21073:21075 ioctl c018620c 0 returned -1 [ 1433.893710][T21120] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3570'. [ 1434.454179][T21123] [U] [ 1434.457131][T21123] [U] [ 1434.459859][T21123] [U] [ 1434.462580][T21123] [U] [ 1434.465294][T21123] [U] [ 1434.493828][T21123] [U] [ 1434.496602][T21123] [U] [ 1434.499321][T21123] [U] [ 1434.502033][T21123] [U] [ 1434.525344][T21123] [U] [ 1434.528108][T21123] [U] [ 1434.530822][T21123] [U] [ 1434.533540][T21123] [U] [ 1434.590316][T21127] zram: Removed device: zram0 [ 1434.607694][T21123] [U] [ 1434.610640][T21123] [U] [ 1434.613407][T21123] [U] [ 1434.616115][T21123] [U] [ 1434.652099][T21123] [U] [ 1434.654855][T21123] [U] [ 1434.657572][T21123] [U] [ 1434.660278][T21123] [U] [ 1434.744962][T21123] [U] [ 1434.747879][T21123] [U] [ 1434.750597][T21123] [U] [ 1434.753307][T21123] [U] [ 1434.817063][T21123] [U] [ 1435.100005][T21138] __vm_enough_memory: pid: 21138, comm: syz.2.3574, bytes: 4398046511104 not enough memory for the allocation [ 1435.131287][T21137] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3573'. [ 1435.573924][T21148] ptrace attach of "./syz-executor exec"[5825] was attempted by "=D¿Õ'\x5câú\x0cUù!WÝ5\x07ÛÙä6wï&õ¡búŽS¢üN•~”çÂù•ãÎhO3î—54W¦›°î1\x0bÒ HÚÁ2úF®VkBÇý‹»®òªm|MÇ\x22‰â™N„¢§_½®Ê$é“_XxCé'¹fN±ëlŠbÃPØÌe¯°¿þü\x0d¢DÊàɉ½EÃô¶Ò¹!ÀîÜèá`äR®\x0düÉê|öw^Œz*¤S§Õ,yí”S·ð—ÏáæÐV~(óz˜„c8oƒƒã–ÍÜþ.˜¼Ø&(\x0bûÍô‡°/›åºøRu{¦©3®ñ\x09pOº‘jžJðp·WÓ}¹‡2ÈŽa{·T<ˆ>Ú³Á‡Vðμ-ƒ—$Ûº·'œ.mË䊻Ÿ6OG¦:KŒ²ý$¥ý/|ëf—(bHa}G·\x5cݲ߂¸òd˜¼”­^:jè=&wÏX·t°6Ù`–«\x1bí1˜’‡ÆÝ÷$Žç—ýWÜ£´ã’uKƒâç¹óúW>¹Ñ×Nv´\x07yÃËO\x0dnì„ÂÊMeHº¬“BÚãîSSJ\x07’xs¨ˆõáQÚ@ñ÷\x07UµR¶Å|³°o÷O͸…ÿ\x0cµ”]±–”\x07\x0a¤\x1b}›Q΋Œ\x0aû|8°èÞãR,<Ž^}k–Fü<¡ÙžÙtA©éEG63„¾µ³§\x07¯VýÛà@;TE\x5c¢¿¥,ÕT>@¬z–Äãž;F´œ,Á*f~ó©oSu.Ìݨ\x09Ä÷(hlH\x5cïÈer]?1Ïÿ³\x22Ä1;þŠNËBç£\x07–{º·=¡$* ŠX6Ô¢}×öeb«ÌlÖǵÈYóK<#\x22rÐ\x07pÑì‘×Ú\x5cç‚“º}ÖÒî׿&V]x]íG/$º¿7o}uJzYáÚÅ.¥µÇ£\x1b+\x0a'6œ<¤–½=ôµ\x1b\x22í¨FNÓW˜\x22)]1š I\x0am·¦üessVíñyÉê`àâO ³Â5ËfãvÇDþ*@d(“6âÔÃå¨5\x0ct©vŸ§Ì¥›ï6\x22¬ßYгõ\x1bž &|¨\x0a½;L\x1bPÃv‚´ˆfŸ;¦ëo\x0c\x0bå [ 1436.069979][T21155] netlink: 'syz.2.3577': attribute type 1 has an invalid length. [ 1436.576741][T21167] binder: 21161:21167 ioctl 4018620d 9 returned -22 [ 1436.595681][T21167] binder: 21161:21167 ioctl 4018620d 9 returned -22 [ 1438.270007][T21189] ptp ptp0: max value is 15 [ 1439.862526][T21209] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3584'. [ 1441.052445][T21220] random: crng reseeded on system resumption [ 1442.050365][T21236] binder: 21230:21236 ioctl 4018620d 9 returned -22 [ 1442.070949][T21236] binder: 21230:21236 ioctl 4018620d 9 returned -22 [ 1443.463627][T21258] binder: 21252:21258 ioctl 4018620d 9 returned -22 [ 1443.491689][T21258] binder: 21252:21258 ioctl 4018620d 9 returned -22 [ 1444.036619][T21261] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3597'. [ 1446.694400][T21299] binder: 21292:21299 ioctl 4018620d 9 returned -22 [ 1446.738924][T21299] binder: 21292:21299 ioctl 4018620d 9 returned -22 [ 1447.383512][T21300] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.2.3607: iget: checksum invalid [ 1447.414384][T21300] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 1447.457183][T21300] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.2.3607: iget: checksum invalid [ 1447.488906][T21300] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 1447.527066][T21300] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.2.3607: iget: checksum invalid [ 1447.540468][T21300] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 1447.551594][T21300] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.2.3607: iget: checksum invalid [ 1447.563285][T21300] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 1447.618517][T21300] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 1447.669191][T21300] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 1448.449514][T21323] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3610'. [ 1449.460648][T21342] binder: 21336:21342 ioctl 4018620d 9 returned -22 [ 1449.490024][T21342] binder: 21336:21342 ioctl 4018620d 9 returned -22 [ 1449.805893][T21345] Invalid ELF header magic: != ELF [ 1450.326876][ T30] audit: type=1804 audit(4294967594.865:28): pid=21356 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.3616" name="/newroot/sys/kernel/tracing/per_cpu/cpu1/trace" dev="tracefs" ino=185 res=1 errno=0 [ 1450.741200][T21365] binder: 21361:21365 ioctl 4018620d 9 returned -22 [ 1450.784976][ T30] audit: type=1804 audit(4294967594.975:29): pid=21352 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.3616" name="/newroot/sys/kernel/tracing/per_cpu/cpu1/trace" dev="tracefs" ino=185 res=1 errno=0 [ 1450.810909][T21365] binder: 21361:21365 ioctl 4018620d 9 returned -22 [ 1451.068839][T21368] tipc: Started in network mode [ 1451.073924][T21368] tipc: Node identity ee00, cluster identity 4711 [ 1451.100528][T21368] tipc: Node number set to 60928 [ 1451.169464][T21364] Process accounting resumed [ 1451.250111][T21371] binder: 21370:21371 ioctl c018620c 0 returned -1 [ 1451.290760][T21371] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3619'. [ 1451.441366][T21377] random: crng reseeded on system resumption [ 1451.471187][T21377] Restarting kernel threads ... [ 1451.486694][T21377] Done restarting kernel threads. [ 1451.511502][T21377] FAULT_INJECTION: forcing a failure. [ 1451.511502][T21377] name failslab, interval 1, probability 0, space 0, times 0 [ 1451.550620][T21377] CPU: 0 UID: 0 PID: 21377 Comm: syz.1.3620 Not tainted syzkaller #0 PREEMPT(full) [ 1451.550653][T21377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1451.550668][T21377] Call Trace: [ 1451.550676][T21377] [ 1451.550686][T21377] dump_stack_lvl+0x16c/0x1f0 [ 1451.550720][T21377] should_fail_ex+0x512/0x640 [ 1451.550759][T21377] ? __kvmalloc_node_noprof+0x12e/0x9c0 [ 1451.550792][T21377] should_failslab+0xc2/0x120 [ 1451.550826][T21377] __kvmalloc_node_noprof+0x141/0x9c0 [ 1451.550858][T21377] ? alloc_fdtable+0x17f/0x2d0 [ 1451.550886][T21377] ? alloc_fdtable+0x17f/0x2d0 [ 1451.550908][T21377] alloc_fdtable+0x17f/0x2d0 [ 1451.550938][T21377] dup_fd+0x83b/0xb90 [ 1451.550973][T21377] __do_sys_close_range+0x4ca/0x730 [ 1451.551004][T21377] ? __pfx___do_sys_close_range+0x10/0x10 [ 1451.551041][T21377] do_syscall_64+0xcd/0xfa0 [ 1451.551074][T21377] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1451.551099][T21377] RIP: 0033:0x7fe13798f6c9 [ 1451.551120][T21377] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1451.551143][T21377] RSP: 002b:00007fe138825038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1451.551165][T21377] RAX: ffffffffffffffda RBX: 00007fe137be6090 RCX: 00007fe13798f6c9 [ 1451.551181][T21377] RDX: 0000000000000006 RSI: ffffffffffffffff RDI: ffffffffffffffff [ 1451.551197][T21377] RBP: 00007fe137a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 1451.551212][T21377] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1451.551226][T21377] R13: 00007fe137be6128 R14: 00007fe137be6090 R15: 00007ffc2c02cc58 [ 1451.551257][T21377] [ 1453.574738][T21401] netlink: 244 bytes leftover after parsing attributes in process `syz.2.3625'. [ 1453.652225][T21401] netlink: zone id is out of range [ 1453.661302][T21401] netlink: zone id is out of range [ 1453.669609][T21401] netlink: zone id is out of range [ 1453.677619][T21401] netlink: zone id is out of range [ 1453.689472][T21401] netlink: zone id is out of range [ 1453.697943][T21401] netlink: zone id is out of range [ 1453.706459][T21401] netlink: zone id is out of range [ 1453.721038][T21403] netlink: zone id is out of range [ 1453.729571][T21401] netlink: zone id is out of range [ 1453.736937][T21403] netlink: del zone limit has 4 unknown bytes [ 1455.081138][T21424] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 1455.195025][T21430] random: crng reseeded on system resumption [ 1455.213183][T21430] Restarting kernel threads ... [ 1455.233208][T21430] Done restarting kernel threads. [ 1455.264043][T21430] FAULT_INJECTION: forcing a failure. [ 1455.264043][T21430] name failslab, interval 1, probability 0, space 0, times 0 [ 1455.300158][T21424] CIFS mount error: No usable UNC path provided in device string! [ 1455.300158][T21424] [ 1455.313392][T21430] CPU: 0 UID: 0 PID: 21430 Comm: syz.1.3630 Not tainted syzkaller #0 PREEMPT(full) [ 1455.313427][T21430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1455.313441][T21430] Call Trace: [ 1455.313450][T21430] [ 1455.313459][T21430] dump_stack_lvl+0x16c/0x1f0 [ 1455.313494][T21430] should_fail_ex+0x512/0x640 [ 1455.313532][T21430] ? __kvmalloc_node_noprof+0x12e/0x9c0 [ 1455.313571][T21430] should_failslab+0xc2/0x120 [ 1455.313605][T21430] __kvmalloc_node_noprof+0x141/0x9c0 [ 1455.313637][T21430] ? alloc_fdtable+0x17f/0x2d0 [ 1455.313665][T21430] ? alloc_fdtable+0x17f/0x2d0 [ 1455.313687][T21430] alloc_fdtable+0x17f/0x2d0 [ 1455.313711][T21430] dup_fd+0x83b/0xb90 [ 1455.313746][T21430] __do_sys_close_range+0x4ca/0x730 [ 1455.313777][T21430] ? __pfx___do_sys_close_range+0x10/0x10 [ 1455.313817][T21430] do_syscall_64+0xcd/0xfa0 [ 1455.313849][T21430] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1455.313875][T21430] RIP: 0033:0x7fe13798f6c9 [ 1455.313894][T21430] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1455.313917][T21430] RSP: 002b:00007fe138825038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1455.313939][T21430] RAX: ffffffffffffffda RBX: 00007fe137be6090 RCX: 00007fe13798f6c9 [ 1455.313961][T21430] RDX: 0000000000000006 RSI: ffffffffffffffff RDI: ffffffffffffffff [ 1455.313976][T21430] RBP: 00007fe137a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 1455.313991][T21430] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1455.314006][T21430] R13: 00007fe137be6128 R14: 00007fe137be6090 R15: 00007ffc2c02cc58 [ 1455.314038][T21430] [ 1455.727812][T21424] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 1455.856291][T21431] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 1460.484515][T21479] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 0, inode_bitmap = 137 [ 1460.810771][T21479] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 1, inode_bitmap = 138 [ 1461.109147][T21479] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz-executor: bg 0: bad block bitmap checksum [ 1461.954759][T21496] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz-executor: bg 1: bad block bitmap checksum [ 1463.169891][T21507] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3645'. [ 1465.644613][T20180] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1465.655023][T20180] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1465.664734][T20180] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1465.674246][T20180] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1465.682093][T20180] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1467.807107][T20180] Bluetooth: hci2: command tx timeout [ 1469.863671][T20180] Bluetooth: hci2: command tx timeout [ 1471.934911][T20180] Bluetooth: hci2: command tx timeout [ 1473.703025][T12740] HfR: left promiscuous mode [ 1474.002211][T20180] Bluetooth: hci2: command tx timeout [ 1474.166930][T21532] chnl_net:caif_netlink_parms(): no params data found [ 1476.690576][T21532] bridge0: port 1(bridge_slave_0) entered blocking state [ 1476.697726][T21532] bridge0: port 1(bridge_slave_0) entered disabled state [ 1476.986828][T21532] bridge_slave_0: entered allmulticast mode [ 1477.076788][T21532] bridge_slave_0: entered promiscuous mode [ 1477.173127][T21532] bridge0: port 2(bridge_slave_1) entered blocking state [ 1477.282952][T21532] bridge0: port 2(bridge_slave_1) entered disabled state [ 1477.356192][T21532] bridge_slave_1: entered allmulticast mode [ 1477.444979][T21532] bridge_slave_1: entered promiscuous mode [ 1478.219103][T21532] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1478.336729][T21532] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1478.737916][T21635] delete_channel: no stack [ 1478.980481][T21532] team0: Port device team_slave_0 added [ 1479.077662][T12740] hsr_slave_0: left promiscuous mode [ 1479.136086][T12740] hsr_slave_1: left promiscuous mode [ 1479.277916][T12740] veth0_macvtap: left promiscuous mode [ 1479.374442][T12740] veth1_vlan: left promiscuous mode [ 1479.379871][T12740] veth0_vlan: left promiscuous mode [ 1480.480640][T12740] team0 (unregistering): Port device team_slave_1 removed [ 1480.525487][T12740] team0 (unregistering): Port device team_slave_0 removed [ 1480.872272][T12740] smc: removing net device dummy0 with user defined pnetid DUMMY0 [ 1481.047745][T21532] team0: Port device team_slave_1 added [ 1481.101845][T21648] Process accounting paused [ 1481.262182][T21654] random: crng reseeded on system resumption [ 1481.293418][T21654] Restarting kernel threads ... [ 1481.315209][T21654] Done restarting kernel threads. [ 1481.665795][T21532] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1481.818239][T21532] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1482.181217][T21532] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1482.352174][T21532] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1482.389105][T21532] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1482.425915][T21532] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1482.724403][T21659] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1482.731281][T21659] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1482.738132][T21659] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1482.756839][T21659] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1482.794907][T21659] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1483.314710][T21677] netlink: 252 bytes leftover after parsing attributes in process `syz.2.3669'. [ 1483.342642][T21677] netlink: 252 bytes leftover after parsing attributes in process `syz.2.3669'. [ 1483.417989][T21532] hsr_slave_0: entered promiscuous mode [ 1483.544903][T21532] hsr_slave_1: entered promiscuous mode [ 1483.551149][T21532] debugfs: 'hsr0' already exists in 'hsr' [ 1483.801399][T21532] Cannot create hsr debugfs directory [ 1484.348513][T20180] Bluetooth: hci3: command 0x0c1a tx timeout [ 1484.746857][T20180] Bluetooth: hci2: command 0x0c1a tx timeout [ 1484.754316][T11964] Bluetooth: hci1: command 0x0c1a tx timeout [ 1486.730980][T21532] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1486.816145][T20180] Bluetooth: hci2: command 0x0c1a tx timeout [ 1486.903508][T21532] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1486.951828][T21532] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1487.025958][T21532] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1487.175585][T21706] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1487.183073][T21706] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1487.192433][T21706] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1488.183184][T21532] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1488.581564][T21532] 8021q: adding VLAN 0 to HW filter on device team0 [ 1488.785643][T10052] bridge0: port 1(bridge_slave_0) entered blocking state [ 1488.792822][T10052] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1488.805409][T20180] Bluetooth: hci3: command 0x0c1a tx timeout [ 1489.179727][T10052] bridge0: port 2(bridge_slave_1) entered blocking state [ 1489.187006][T10052] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1489.205663][T20180] Bluetooth: hci2: command 0x0c1a tx timeout [ 1489.211783][T11964] Bluetooth: hci1: command 0x0c1a tx timeout [ 1489.964918][T21532] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1490.038802][T21532] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1490.073768][T21771] tipc: Started in network mode [ 1490.079699][T21771] tipc: Node identity ee00, cluster identity 4711 [ 1490.086391][T21771] tipc: Node number set to 60928 [ 1490.122890][T21770] Process accounting resumed [ 1490.719928][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 1490.728123][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 1491.375535][T21796] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3692'. [ 1492.266072][T21532] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1493.143083][T21822] random: crng reseeded on system resumption [ 1493.173129][T21822] Restarting kernel threads ... [ 1493.201521][T21822] Done restarting kernel threads. [ 1493.717766][T21831] binder: 21825:21831 ioctl 4018620d 9 returned -22 [ 1493.755748][T21831] binder: 21825:21831 ioctl 4018620d 9 returned -22 [ 1496.735130][T21532] veth0_vlan: entered promiscuous mode [ 1496.964828][T21532] veth1_vlan: entered promiscuous mode [ 1498.241749][T21532] veth0_macvtap: entered promiscuous mode [ 1498.496108][T21532] veth1_macvtap: entered promiscuous mode [ 1498.730987][T21532] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1498.966131][T21532] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1499.241644][T12740] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1499.447025][T12740] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1499.573589][T12740] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1499.836195][T12740] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1500.142344][T21875] netlink: 330 bytes leftover after parsing attributes in process `syz.2.3704'. [ 1501.205517][T12232] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1501.359863][T12232] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1502.639541][T10224] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1502.752928][T10224] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1506.347990][T21926] serio: Serial port ttyS2 [ 1507.893621][T21943] random: crng reseeded on system resumption [ 1508.089880][T21943] Restarting kernel threads ... [ 1508.229468][T21943] Done restarting kernel threads. [ 1508.763509][T21958] random: crng reseeded on system resumption [ 1508.778502][T21958] Restarting kernel threads ... [ 1508.787069][T21958] Done restarting kernel threads. [ 1510.004198][T21977] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 1510.032960][T21977] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 1510.218045][T21980] blktrace: Concurrent blktraces are not allowed on loop2 [ 1513.272865][T22000] Process accounting resumed [ 1517.302716][T22080] net_ratelimit: 974 callbacks suppressed [ 1517.302738][T22080] netlink: zone id is out of range [ 1519.367918][T22074] netlink: 330 bytes leftover after parsing attributes in process `syz.5.3735'. [ 1520.953633][T22041] Process accounting paused [ 1521.998646][T22093] random: crng reseeded on system resumption [ 1522.670400][ T5919] usb usb38-port5: attempt power cycle [ 1523.320264][ T5919] usb usb38-port5: unable to enumerate USB device [ 1524.022801][T22109] delete_channel: no stack [ 1524.191920][T22116] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3748'. [ 1526.106817][T22124] kexec: Could not allocate control_code_buffer [ 1526.680468][T22145] binder: 22138:22145 ioctl 4018620d 9 returned -22 [ 1526.709392][T22145] binder: 22138:22145 ioctl 4018620d 9 returned -22 [ 1531.731001][T22194] delete_channel: no stack [ 1534.448584][T22224] netlink: 178 bytes leftover after parsing attributes in process `syz.2.3768'. [ 1534.727617][T10060] EXT4-fs (sda1): Delayed block allocation failed for inode 2026 at logical offset 3 with max blocks 1 with error 117 [ 1534.936372][T10060] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1534.936372][T10060] [ 1535.738265][T22231] binder: 22228:22231 ioctl 4018620d 9 returned -22 [ 1535.890986][T22231] binder: 22228:22231 ioctl 4018620d 9 returned -22 [ 1537.920205][T22250] binder: 22244:22250 ioctl 4018620d 9 returned -22 [ 1537.980902][T22246] binder: 22244:22246 ioctl 4018620d 9 returned -22 [ 1542.673403][ T30] audit: type=1326 audit(4294967387.693:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22270 comm="syz.1.3776" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe13798f6c9 code=0x0 [ 1543.973115][T22254] Process accounting paused [ 1551.311902][T22320] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3783'. [ 1551.627343][T22313] Process accounting resumed [ 1551.844049][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 1551.858735][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 1554.565656][T12232] EXT4-fs (sda1): Delayed block allocation failed for inode 2029 at logical offset 934 with max blocks 1 with error 117 [ 1554.698369][T22358] Console: switching to colour frame buffer device 4x6 [ 1554.796472][T22358] netlink: 124 bytes leftover after parsing attributes in process `syz.1.3791'. [ 1554.842428][T12232] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1554.842428][T12232] [ 1555.518405][T22350] delete_channel: no stack [ 1555.752496][T22370] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 1556.184842][ T30] audit: type=1326 audit(4294967401.284:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22368 comm="syz.2.3793" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f42ec78f6c9 code=0x0 [ 1556.681109][T22384] binder: 22377:22384 ioctl 4018620d 9 returned -22 [ 1556.712716][T22379] binder: 22377:22379 ioctl 4018620d 9 returned -22 [ 1557.261138][T22386] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 1558.999333][T22408] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3802'. [ 1560.110761][T22416] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 1562.136389][T22428] binder: 22422:22428 ioctl 4018620d 9 returned -22 [ 1562.178077][T22428] binder: 22422:22428 ioctl 4018620d 9 returned -22 [ 1562.733553][T22432] Console: switching to colour VGA+ 80x25 [ 1562.900136][T11964] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 1563.068105][T22431] Console: switching to colour frame buffer device 4x6 [ 1563.223004][T22430] netlink: 124 bytes leftover after parsing attributes in process `syz.5.3804'. [ 1565.328988][T22441] ptp ptp0: guarantee physical clock free running [ 1565.982031][T22450] binder: 22444:22450 ioctl 4018620d 9 returned -22 [ 1566.095718][T22453] binder: 22444:22453 ioctl 4018620d 9 returned -22 [ 1567.175031][T22462] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3810'. [ 1571.106082][T22511] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input35 [ 1571.273356][T22512] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input36 [ 1571.965080][T22529] ubi: mtd0 is already attached to ubi31 [ 1573.112458][T22548] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3826'. [ 1574.109316][T22551] Process accounting resumed [ 1574.221085][T22566] EXT4-fs error (device sda1): trigger_test_error:129: comm syz.2.3831: [ 1580.129560][T22620] netlink: zone id is out of range [ 1580.148816][T22619] netlink: 244 bytes leftover after parsing attributes in process `syz.2.3840'. [ 1580.174203][T22620] netlink: zone id is out of range [ 1580.179364][T22620] netlink: zone id is out of range [ 1580.201582][T22620] netlink: zone id is out of range [ 1580.206821][T22620] netlink: zone id is out of range [ 1580.231371][T22620] netlink: zone id is out of range [ 1580.241581][T22620] netlink: zone id is out of range [ 1580.246730][T22620] netlink: zone id is out of range [ 1580.276200][T22619] netlink: zone id is out of range [ 1580.289508][T22619] netlink: del zone limit has 4 unknown bytes [ 1580.651372][T22625] netlink: 334 bytes leftover after parsing attributes in process `syz.2.3841'. [ 1581.636027][T22611] Process accounting paused [ 1582.632750][T22647] netlink: 338 bytes leftover after parsing attributes in process `syz.2.3845'. [ 1582.682281][T22647] netlink: 338 bytes leftover after parsing attributes in process `syz.2.3845'. [ 1582.708895][T22647] netlink: 250 bytes leftover after parsing attributes in process `syz.2.3845'. [ 1583.414125][T22664] binder: 22655:22664 ioctl 4018620d 9 returned -22 [ 1583.526855][T22667] binder: 22655:22667 ioctl 4018620d 9 returned -22 [ 1583.757939][T22669] netlink: 124 bytes leftover after parsing attributes in process `syz.3.3849'. [ 1584.880325][T22685] vhci_hcd: invalid port number 16 [ 1585.771863][ T30] audit: type=1804 audit(4294967431.038:32): pid=22698 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.3852" name="/newroot/sys/kernel/tracing/per_cpu/cpu1/trace" dev="tracefs" ino=185 res=1 errno=0 [ 1586.171709][ T30] audit: type=1804 audit(4294967431.158:33): pid=22694 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.3852" name="/newroot/sys/kernel/tracing/per_cpu/cpu1/trace" dev="tracefs" ino=185 res=1 errno=0 [ 1587.432294][T22715] sysfs: cannot create duplicate filename '/class/ieee80211/!PjE ùrõ£Ò„yù*›"¤l-ý¤ôy–ú„L̓÷ÓÄ]' [ 1587.575483][T22715] CPU: 0 UID: 0 PID: 22715 Comm: syz.2.3855 Not tainted syzkaller #0 PREEMPT(full) [ 1587.575517][T22715] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1587.575535][T22715] Call Trace: [ 1587.575545][T22715] [ 1587.575556][T22715] dump_stack_lvl+0x16c/0x1f0 [ 1587.575592][T22715] sysfs_warn_dup+0x7f/0xa0 [ 1587.575630][T22715] sysfs_do_create_link_sd+0x124/0x140 [ 1587.575665][T22715] sysfs_create_link+0x61/0xc0 [ 1587.575697][T22715] device_add+0x62c/0x1aa0 [ 1587.575740][T22715] ? __pfx_device_add+0x10/0x10 [ 1587.575778][T22715] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1587.575823][T22715] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 1587.575860][T22715] wiphy_register+0x1eb0/0x2b20 [ 1587.575895][T22715] ? netdev_run_todo+0x864/0x1320 [ 1587.575932][T22715] ? __pfx_wiphy_register+0x10/0x10 [ 1587.575984][T22715] ieee80211_register_hw+0x253d/0x4120 [ 1587.576034][T22715] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 1587.576070][T22715] ? __pfx___debug_object_init+0x10/0x10 [ 1587.576108][T22715] ? find_held_lock+0x2b/0x80 [ 1587.576136][T22715] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1587.576179][T22715] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 1587.576215][T22715] ? __hrtimer_setup+0x176/0x280 [ 1587.576257][T22715] mac80211_hwsim_new_radio+0x32d8/0x50b0 [ 1587.576304][T22715] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1587.576342][T22715] hwsim_new_radio_nl+0xba2/0x1330 [ 1587.576373][T22715] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1587.576411][T22715] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1587.576450][T22715] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1587.576491][T22715] genl_family_rcv_msg_doit+0x209/0x2f0 [ 1587.576526][T22715] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1587.576568][T22715] ? bpf_lsm_capable+0x9/0x10 [ 1587.576600][T22715] ? security_capable+0x7e/0x260 [ 1587.576642][T22715] ? ns_capable+0xd7/0x110 [ 1587.576671][T22715] genl_rcv_msg+0x55c/0x800 [ 1587.576706][T22715] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1587.576739][T22715] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1587.576777][T22715] netlink_rcv_skb+0x158/0x420 [ 1587.576804][T22715] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1587.576837][T22715] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1587.576877][T22715] ? netlink_deliver_tap+0x1ae/0xd30 [ 1587.576906][T22715] genl_rcv+0x28/0x40 [ 1587.576932][T22715] netlink_unicast+0x5aa/0x870 [ 1587.576963][T22715] ? __pfx_netlink_unicast+0x10/0x10 [ 1587.576990][T22715] ? __pfx___might_resched+0x10/0x10 [ 1587.577026][T22715] netlink_sendmsg+0x8c8/0xdd0 [ 1587.577058][T22715] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1587.577089][T22715] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 1587.577131][T22715] ____sys_sendmsg+0xa98/0xc70 [ 1587.577164][T22715] ? copy_msghdr_from_user+0x10a/0x160 [ 1587.577188][T22715] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1587.577228][T22715] ? __pfx_futex_wake_mark+0x10/0x10 [ 1587.577271][T22715] ___sys_sendmsg+0x134/0x1d0 [ 1587.577293][T22715] ? find_held_lock+0x2b/0x80 [ 1587.577320][T22715] ? __pfx____sys_sendmsg+0x10/0x10 [ 1587.577342][T22715] ? __lock_acquire+0x622/0x1c90 [ 1587.577413][T22715] __sys_sendmsg+0x16d/0x220 [ 1587.577438][T22715] ? __pfx___sys_sendmsg+0x10/0x10 [ 1587.577462][T22715] ? __x64_sys_futex+0x1e0/0x4c0 [ 1587.577514][T22715] do_syscall_64+0xcd/0xfa0 [ 1587.577548][T22715] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1587.577573][T22715] RIP: 0033:0x7f42ec78f6c9 [ 1587.577594][T22715] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1587.577623][T22715] RSP: 002b:00007f42ed5e0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1587.577646][T22715] RAX: ffffffffffffffda RBX: 00007f42ec9e5fa0 RCX: 00007f42ec78f6c9 [ 1587.577661][T22715] RDX: 0000000000040800 RSI: 00002000000000c0 RDI: 0000000000000003 [ 1587.577677][T22715] RBP: 00007f42ec811f91 R08: 0000000000000000 R09: 0000000000000000 [ 1587.577691][T22715] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1587.577706][T22715] R13: 00007f42ec9e6038 R14: 00007f42ec9e5fa0 R15: 00007ffe249fe168 [ 1587.577739][T22715] [ 1588.004108][T22707] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1588.011270][T22707] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1588.017335][T22707] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1588.716015][T11964] Bluetooth: hci3: command 0x0c1a tx timeout [ 1590.804766][T11964] Bluetooth: hci2: command 0x0c1a tx timeout [ 1590.810832][T11964] Bluetooth: hci1: command 0x0c1a tx timeout [ 1593.720973][T12740] EXT4-fs (sda1): Delayed block allocation failed for inode 2029 at logical offset 1368 with max blocks 9 with error 117 [ 1593.847858][T12740] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1593.847858][T12740] [ 1594.571851][T22762] ptrace attach of "./syz-executor exec"[5828] was attempted by "{£–ƒþµçÍ,%ã]ìnØRí\x09ü:|‹ëm©¼u¸¦Ž„MôëÛrd«æQùDV…th»ËN µ’*<ÄñM:ŸZƧÀV¢1 3ã;WkF{)þ57Ú=ÏÌ©þy1F?«ù,m}hÓÞCð¸~æ×¥Õéįã®0~bϧ7Ê‘ÚÛ€ÿT‡\x0dè+Ž:䀥™²þæ®C9N`_uV\x5cm|Ô\x1b`…iñ^xRÐæ]¿m¨þÏv²k¼„?ýó?ª zÇ1õjÆýc>¶j€È¶osÞPm\x07o廓AvºË•YíïçEšÛ’bÜè\x1bÉù¦m®N¡žmútkòó‹·H&t?jƒ—P°Šm™,b\x22×­2#݉ÞZØÅÿ{í‚àé]m´©\x0dç‘ÑñÇUˆ¡ˆÙö÷ýø±@Ãø˜+ñ,aúJr*h8Ðòhš”ù+uaüÅì˜ãƒ‘{2jÌ\x0978×\x5cÎF\x22LL:ÄÔÜŽNÞÙݹñXwf;Ú‡å zÍ#Âáù”Z¥Þµ–×JÿõŒï³êmF‡»¦è}äl¼à­‰Õ#”Çj\x22÷Œ[<öt\x07HÂ5RÄ^Ißåå\x0cTඑȓŸI\x0c’U R\x1b†›”ö[•!(ºMG²Æyù¯Î\x5cÞA :^ø‚h«¶cÄ´Åáìï •gÙ«·‚£kF¬òö}C'G†:_‹!'Ùì$éóiËÖÓP®ö„Ó04²‘¥-F|‹ÑÉh]¯Hv|±åÕ{ׄþZp­ÎŒÑD°9`‹%{.Ê·v&æ]Âú­ùÁ\x0aW5Iè3÷<ü¾Wûâ} êÍjµ•á8\x09†'… eE\x0a'ª/„•’£g¬+ŒjC<Ô8PÌ7|÷2m·M[3yÍ:¨4×6Tã,xÉ·ž\x0b¾ŽŠ-:dÀžoNï©iüpf€g»n><~èó>÷¢˜õÿœ¾ÌQOp{…îÐvÿ[ûÖoük…õ\x0c‘¡/0¿ñ\x0dÏ\x1b#ŽÎöwU^H¤ÊTN7‘Æ=«*œ’¡ 9Z m0|F€Ï—åB1\x0bxš¹Üko‹¬¿™‰¬ÍɇF™ï1!=ä.šZÉŽûj4Ë=Å–ßíKÎ  FW¶­ágÆ7HCCtôÁ _'ú¾äøNuƒ“L _5 [ 1594.803112][T22766] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3864'. [ 1595.309015][T22774] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3865'. [ 1596.282979][T22788] binder: 22779:22788 ioctl 4018620d 9 returned -22 [ 1596.331812][T22788] binder: 22779:22788 ioctl 4018620d 9 returned -22 [ 1597.265649][T22801] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3871'. [ 1599.131469][T10060] EXT4-fs (sda1): Delayed block allocation failed for inode 2031 at logical offset 1363 with max blocks 11 with error 117 [ 1599.268680][T10060] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1599.268680][T10060] [ 1599.488135][T22833] netlink: 334 bytes leftover after parsing attributes in process `syz.3.3876'. [ 1603.472644][T10054] Trying to write to read-only block-device sda1 [ 1604.034963][T22863] Process accounting paused [ 1606.859363][T22909] binder: 22904:22909 ioctl 4018620d 9 returned -22 [ 1606.899352][T22909] binder: 22904:22909 ioctl 4018620d 9 returned -22 [ 1608.765476][T22923] nvme_fabrics: missing parameter 'transport=%s' [ 1608.781561][T22923] nvme_fabrics: missing parameter 'nqn=%s' [ 1611.554476][T22990] hub 8-0:1.0: USB hub found [ 1611.567694][T22992] random: crng reseeded on system resumption [ 1611.606653][T22990] hub 8-0:1.0: 1 port detected [ 1612.966547][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 1612.979442][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 1613.788570][T22984] Process accounting resumed [ 1614.266698][T23011] netlink: 338 bytes leftover after parsing attributes in process `syz.5.3914'. [ 1614.574836][T23010] netlink: 338 bytes leftover after parsing attributes in process `syz.5.3914'. [ 1614.680774][T23011] netlink: 134 bytes leftover after parsing attributes in process `syz.5.3914'. [ 1615.262180][T23020] binder: 23014:23020 ioctl 4018620d 9 returned -22 [ 1615.296831][T23020] binder: 23014:23020 ioctl 4018620d 9 returned -22 [ 1615.951946][T23027] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3918'. [ 1615.976596][T23027] netlink: 354 bytes leftover after parsing attributes in process `syz.2.3918'. [ 1618.139557][T23065] binder: 23057:23065 ioctl 4018620d 9 returned -22 [ 1618.184601][T23065] binder: 23057:23065 ioctl 4018620d 9 returned -22 [ 1618.309943][T23066] netlink: 338 bytes leftover after parsing attributes in process `syz.1.3925'. [ 1618.526857][T23067] netlink: 338 bytes leftover after parsing attributes in process `syz.1.3925'. [ 1618.878191][T23071] QAT: Stopping all acceleration devices. [ 1624.286212][T23130] binder: 23128:23130 ioctl 4018620d 9 returned -22 [ 1624.338409][T23134] binder: 23128:23134 ioctl 4018620d 9 returned -22 [ 1626.622662][T23150] random: crng reseeded on system resumption [ 1627.317769][ T5888] usb usb38-port5: attempt power cycle [ 1628.081314][ T5888] usb usb38-port5: unable to enumerate USB device [ 1632.498086][T23204] binder: 23199:23204 ioctl 4018620d 9 returned -22 [ 1632.524017][T23204] binder: 23199:23204 ioctl 4018620d 9 returned -22 [ 1633.208091][T23218] binder: 23210:23218 ioctl 4018620d 9 returned -22 [ 1633.249969][T23218] binder: 23210:23218 ioctl 4018620d 9 returned -22 [ 1633.257510][T23219] netlink: 'syz.1.3950': attribute type 1 has an invalid length. [ 1633.538622][T23222] serio: Serial port ttyS2 [ 1634.007230][T23228] Process accounting resumed [ 1638.586519][T20180] Bluetooth: hci3: unexpected subevent 0x05 length: 123 > 12 [ 1640.656695][T20180] Bluetooth: hci3: command 0x0c1a tx timeout [ 1641.568531][T23306] netlink: 'syz.5.3971': attribute type 17 has an invalid length. [ 1641.710048][T23306] netlink: 326 bytes leftover after parsing attributes in process `syz.5.3971'. [ 1642.446726][T23308] futex_wake_op: syz.2.3970 tries to shift op by -2048; fix this program [ 1644.540013][T23327] Process accounting paused [ 1644.640783][T23335] random: crng reseeded on system resumption [ 1645.376153][T23342] netlink: 'syz.2.3976': attribute type 1 has an invalid length. [ 1645.951854][T23348] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 1649.327894][T23379] debugfs: '!PjE ùrõ£Ò„yù*›"¤l-ý¤ôy–ú„L̓÷ÓÄ]' already exists in 'ieee80211' [ 1653.769099][T23430] netlink: 'syz.3.3993': attribute type 1 has an invalid length. [ 1656.388435][T23451] ovs_ÿþ: entered promiscuous mode [ 1657.925389][T23459] binder: 23457:23459 ioctl 4018620d 9 returned -22 [ 1657.996696][T23459] binder: 23457:23459 ioctl 4018620d 9 returned -22 [ 1658.944746][T23471] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4004'. [ 1658.967065][T23471] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1658.992463][T23471] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1659.336411][T23482] snd_virmidi snd_virmidi.0: control 5:9:1:IAªƒ>/Æ[k<÷ÎÇmgx­Ž¬<Ú5ºœ+-Cî°ÜYÈÝ5:0 is already present [ 1659.374139][T23482] IPVS: length: 131 != 8 [ 1659.392123][T23482] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input37 [ 1659.478521][T23483] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input38 [ 1659.528336][ T9] usb usb38-port5: attempt power cycle [ 1660.145152][ T9] usb usb38-port5: unable to enumerate USB device [ 1661.207077][T23511] binder: 23509:23511 ioctl 4018620d 9 returned -22 [ 1661.248721][T23511] binder: 23509:23511 ioctl 4018620d 9 returned -22 [ 1662.957517][T23536] EXT4-fs (sda1): Delayed block allocation failed for inode 2029 at logical offset 1358 with max blocks 19 with error 117 [ 1663.063981][T23536] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1663.063981][T23536] [ 1663.219108][T23537] netlink: 150 bytes leftover after parsing attributes in process `syz.1.4023'. [ 1663.267145][T23536] netlink: 2 bytes leftover after parsing attributes in process `syz.1.4023'. [ 1664.022828][T23540] Process accounting paused [ 1667.393203][T23587] serio: Serial port ttyS2 [ 1670.258051][T23627] debugfs: '!PjE ùrõ£Ò„yù*›"¤l-ý¤ôy–ú„L̓÷ÓÄ]' already exists in 'ieee80211' [ 1670.495542][T23633] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4036'. [ 1673.962979][T20180] Bluetooth: hci1: unexpected subevent 0x03 length: 253 > 9 [ 1674.092482][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 1674.098945][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 1674.181285][T23670] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4043'. [ 1674.197563][T23670] veth0_vlan: left promiscuous mode [ 1675.186497][T23672] Process accounting resumed [ 1675.256117][T23685] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4046'. [ 1675.306367][T23685] ptrace attach of ""[23687] was attempted by "./syz-executor exec"[23685] [ 1676.193015][T23686] netlink: 98 bytes leftover after parsing attributes in process `syz.5.4045'. [ 1676.519411][T23710] netlink: 2 bytes leftover after parsing attributes in process `syz.5.4045'. [ 1679.199035][T23743] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 1679.211184][T23744] debugfs: '!PjE ùrõ£Ò„yù*›"¤l-ý¤ôy–ú„L̓÷ÓÄ]' already exists in 'ieee80211' [ 1680.120303][T23761] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4059'. [ 1680.582170][T23761] team0: Port device team_slave_0 removed [ 1682.085003][T23783] ptrace attach of "./syz-executor exec"[23784] was attempted by "./syz-executor exec"[23783] [ 1686.159004][T23827] netlink: 'syz.1.4070': attribute type 1 has an invalid length. [ 1686.631412][T23833] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4071'. [ 1687.270876][T23833] team0: Port device team_slave_0 removed [ 1687.688563][T23843] random: crng reseeded on system resumption [ 1688.129820][T23847] EXT4-fs (sda1): Delayed block allocation failed for inode 2029 at logical offset 1367 with max blocks 10 with error 117 [ 1688.177554][T23847] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1688.177554][T23847] [ 1688.533846][T23850] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 1688.703855][T23856] sysfs: cannot create duplicate filename '/class/ieee80211/!PjE ùrõ£Ò„yù*›"¤l-ý¤ôy–ú„L̓÷ÓÄ]' [ 1688.735787][T23856] CPU: 0 UID: 0 PID: 23856 Comm: syz.1.4076 Not tainted syzkaller #0 PREEMPT(full) [ 1688.735822][T23856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1688.735838][T23856] Call Trace: [ 1688.735847][T23856] [ 1688.735857][T23856] dump_stack_lvl+0x16c/0x1f0 [ 1688.735894][T23856] sysfs_warn_dup+0x7f/0xa0 [ 1688.735926][T23856] sysfs_do_create_link_sd+0x124/0x140 [ 1688.735961][T23856] sysfs_create_link+0x61/0xc0 [ 1688.735993][T23856] device_add+0x62c/0x1aa0 [ 1688.736037][T23856] ? __pfx_device_add+0x10/0x10 [ 1688.736075][T23856] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1688.736119][T23856] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 1688.736157][T23856] wiphy_register+0x1eb0/0x2b20 [ 1688.736192][T23856] ? netdev_run_todo+0x864/0x1320 [ 1688.736229][T23856] ? __pfx_wiphy_register+0x10/0x10 [ 1688.736280][T23856] ieee80211_register_hw+0x253d/0x4120 [ 1688.736328][T23856] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 1688.736364][T23856] ? __pfx___debug_object_init+0x10/0x10 [ 1688.736402][T23856] ? find_held_lock+0x2b/0x80 [ 1688.736428][T23856] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1688.736471][T23856] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 1688.736517][T23856] ? __hrtimer_setup+0x176/0x280 [ 1688.736559][T23856] mac80211_hwsim_new_radio+0x32d8/0x50b0 [ 1688.736605][T23856] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1688.736643][T23856] hwsim_new_radio_nl+0xba2/0x1330 [ 1688.736674][T23856] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1688.736711][T23856] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1688.736746][T23856] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1688.736790][T23856] genl_family_rcv_msg_doit+0x209/0x2f0 [ 1688.736825][T23856] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1688.736868][T23856] ? bpf_lsm_capable+0x9/0x10 [ 1688.736901][T23856] ? security_capable+0x7e/0x260 [ 1688.736937][T23856] ? ns_capable+0xd7/0x110 [ 1688.736965][T23856] genl_rcv_msg+0x55c/0x800 [ 1688.737000][T23856] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1688.737032][T23856] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1688.737070][T23856] netlink_rcv_skb+0x158/0x420 [ 1688.737096][T23856] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1688.737128][T23856] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1688.737167][T23856] ? netlink_deliver_tap+0x1ae/0xd30 [ 1688.737197][T23856] genl_rcv+0x28/0x40 [ 1688.737223][T23856] netlink_unicast+0x5aa/0x870 [ 1688.737254][T23856] ? __pfx_netlink_unicast+0x10/0x10 [ 1688.737281][T23856] ? __pfx___might_resched+0x10/0x10 [ 1688.737317][T23856] netlink_sendmsg+0x8c8/0xdd0 [ 1688.737348][T23856] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1688.737379][T23856] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 1688.737422][T23856] ____sys_sendmsg+0xa98/0xc70 [ 1688.737455][T23856] ? copy_msghdr_from_user+0x10a/0x160 [ 1688.737480][T23856] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1688.737525][T23856] ? __pfx_futex_wake_mark+0x10/0x10 [ 1688.737569][T23856] ___sys_sendmsg+0x134/0x1d0 [ 1688.737592][T23856] ? find_held_lock+0x2b/0x80 [ 1688.737619][T23856] ? __pfx____sys_sendmsg+0x10/0x10 [ 1688.737641][T23856] ? __lock_acquire+0x622/0x1c90 [ 1688.737713][T23856] __sys_sendmsg+0x16d/0x220 [ 1688.737738][T23856] ? __pfx___sys_sendmsg+0x10/0x10 [ 1688.737762][T23856] ? __x64_sys_futex+0x1e0/0x4c0 [ 1688.737815][T23856] do_syscall_64+0xcd/0xfa0 [ 1688.737847][T23856] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1688.737872][T23856] RIP: 0033:0x7fe13798f6c9 [ 1688.737892][T23856] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1688.737916][T23856] RSP: 002b:00007fe138846038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1688.737940][T23856] RAX: ffffffffffffffda RBX: 00007fe137be5fa0 RCX: 00007fe13798f6c9 [ 1688.737957][T23856] RDX: 0000000000040800 RSI: 00002000000000c0 RDI: 0000000000000003 [ 1688.737974][T23856] RBP: 00007fe137a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 1688.737990][T23856] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1688.738005][T23856] R13: 00007fe137be6038 R14: 00007fe137be5fa0 R15: 00007ffc2c02cc58 [ 1688.738040][T23856] [ 1692.366295][T23907] binder: 23903:23907 ioctl 4018620d 9 returned -22 [ 1692.384073][T23907] binder: 23903:23907 ioctl 4018620d 9 returned -22 [ 1693.221659][T23916] netlink: 330 bytes leftover after parsing attributes in process `syz.3.4085'. [ 1693.391243][T23917] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.3.4085: iget: checksum invalid [ 1693.563799][T23917] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 1693.753941][T23917] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.3.4085: iget: checksum invalid [ 1693.983553][T23917] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 1694.144143][T23917] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.3.4085: iget: checksum invalid [ 1694.296957][T23917] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 1694.406457][T23917] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.3.4085: iget: checksum invalid [ 1694.541495][T23917] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 1694.631483][T23917] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 1694.697372][T10060] EXT4-fs (sda1): Delayed block allocation failed for inode 2029 at logical offset 1364 with max blocks 13 with error 117 [ 1694.794310][T23917] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 1694.883473][T10060] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1694.883473][T10060] [ 1695.014112][T10060] EXT4-fs (sda1): Delayed block allocation failed for inode 2031 at logical offset 920 with max blocks 16 with error 117 [ 1695.171285][T10060] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1695.171285][T10060] [ 1695.257272][T23906] Process accounting resumed [ 1698.806787][T23971] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4094'. [ 1699.171189][T23966] Invalid ELF header magic: != ELF [ 1699.632626][T23978] binder: 23976:23978 unknown command 0 [ 1699.638230][T23978] binder: 23976:23978 ioctl c0306201 2000000000c0 returned -22 [ 1699.863770][T23977] __vm_enough_memory: pid: 23977, comm: syz.1.4095, bytes: 4398046511104 not enough memory for the allocation [ 1699.888107][T23971] team0: Port device team_slave_0 removed [ 1702.708528][T23995] FAULT_INJECTION: forcing a failure. [ 1702.708528][T23995] name failslab, interval 1, probability 0, space 0, times 0 [ 1702.854428][T23995] CPU: 0 UID: 0 PID: 23995 Comm: syz.1.4100 Not tainted syzkaller #0 PREEMPT(full) [ 1702.854464][T23995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1702.854480][T23995] Call Trace: [ 1702.854489][T23995] [ 1702.854499][T23995] dump_stack_lvl+0x16c/0x1f0 [ 1702.854534][T23995] should_fail_ex+0x512/0x640 [ 1702.854572][T23995] ? __kmalloc_cache_noprof+0x5f/0x780 [ 1702.854601][T23995] should_failslab+0xc2/0x120 [ 1702.854636][T23995] __kmalloc_cache_noprof+0x72/0x780 [ 1702.854661][T23995] ? single_open+0x4d/0x1f0 [ 1702.854699][T23995] ? __pfx_snd_info_seq_show+0x10/0x10 [ 1702.854730][T23995] ? single_open+0x4d/0x1f0 [ 1702.854762][T23995] ? kasan_save_track+0x14/0x30 [ 1702.854789][T23995] single_open+0x4d/0x1f0 [ 1702.854824][T23995] snd_info_text_entry_open+0x179/0x2e0 [ 1702.854860][T23995] ? __pfx_snd_info_text_entry_open+0x10/0x10 [ 1702.854894][T23995] ? proc_reg_open+0x23f/0x5f0 [ 1702.854930][T23995] ? __pfx_snd_info_text_entry_open+0x10/0x10 [ 1702.854965][T23995] proc_reg_open+0x2ab/0x5f0 [ 1702.855000][T23995] do_dentry_open+0x982/0x1530 [ 1702.855029][T23995] ? __pfx_proc_reg_open+0x10/0x10 [ 1702.855067][T23995] vfs_open+0x82/0x3f0 [ 1702.855112][T23995] path_openat+0x1de4/0x2cb0 [ 1702.855151][T23995] ? __pfx_path_openat+0x10/0x10 [ 1702.855179][T23995] ? __lock_acquire+0xb8a/0x1c90 [ 1702.855217][T23995] do_filp_open+0x20b/0x470 [ 1702.855245][T23995] ? __pfx_do_filp_open+0x10/0x10 [ 1702.855294][T23995] ? alloc_fd+0x471/0x7d0 [ 1702.855327][T23995] do_sys_openat2+0x11b/0x1d0 [ 1702.855363][T23995] ? __pfx_do_sys_openat2+0x10/0x10 [ 1702.855411][T23995] __x64_sys_openat+0x174/0x210 [ 1702.855449][T23995] ? __pfx___x64_sys_openat+0x10/0x10 [ 1702.855499][T23995] do_syscall_64+0xcd/0xfa0 [ 1702.855532][T23995] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1702.855557][T23995] RIP: 0033:0x7fe13798f6c9 [ 1702.855575][T23995] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1702.855599][T23995] RSP: 002b:00007fe138825038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1702.855622][T23995] RAX: ffffffffffffffda RBX: 00007fe137be6090 RCX: 00007fe13798f6c9 [ 1702.855638][T23995] RDX: 8f3b7a51b80ebd01 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 1702.855654][T23995] RBP: 00007fe137a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 1702.855669][T23995] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1702.855684][T23995] R13: 00007fe137be6128 R14: 00007fe137be6090 R15: 00007ffc2c02cc58 [ 1702.855716][T23995] [ 1706.330349][T23986] Process accounting paused [ 1708.761888][T24045] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4106'. [ 1709.242685][T24045] vlan1: entered promiscuous mode [ 1709.248017][T24045] vlan1: entered allmulticast mode [ 1709.417887][T24045] veth0_vlan: entered allmulticast mode [ 1710.086225][T24053] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4108'. [ 1716.841776][T24094] ë4—fRd: entered promiscuous mode [ 1716.868620][T24092] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 1716.868620][T24092] The task syz.1.4116 (24092) triggered the difference, watch for misbehavior. [ 1717.613629][T20180] Bluetooth: hci3: unexpected subevent 0x03 length: 253 > 9 [ 1719.362832][T24129] FAULT_INJECTION: forcing a failure. [ 1719.362832][T24129] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 1719.397664][T24129] CPU: 0 UID: 0 PID: 24129 Comm: syz.1.4122 Not tainted syzkaller #0 PREEMPT(full) [ 1719.397698][T24129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1719.397713][T24129] Call Trace: [ 1719.397722][T24129] [ 1719.397732][T24129] dump_stack_lvl+0x16c/0x1f0 [ 1719.397765][T24129] should_fail_ex+0x512/0x640 [ 1719.397807][T24129] strncpy_from_user+0x3b/0x2e0 [ 1719.397846][T24129] getname_flags.part.0+0x8f/0x550 [ 1719.397887][T24129] getname_flags+0x93/0xf0 [ 1719.397912][T24129] __x64_sys_mknod+0x74/0xb0 [ 1719.397941][T24129] do_syscall_64+0xcd/0xfa0 [ 1719.397973][T24129] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1719.397997][T24129] RIP: 0033:0x7fe13798f6c9 [ 1719.398016][T24129] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1719.398039][T24129] RSP: 002b:00007fe138846038 EFLAGS: 00000246 ORIG_RAX: 0000000000000085 [ 1719.398061][T24129] RAX: ffffffffffffffda RBX: 00007fe137be5fa0 RCX: 00007fe13798f6c9 [ 1719.398078][T24129] RDX: 00000000000007fc RSI: 00000000000063c1 RDI: 0000200000000340 [ 1719.398093][T24129] RBP: 00007fe137a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 1719.398108][T24129] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1719.398123][T24129] R13: 00007fe137be6038 R14: 00007fe137be5fa0 R15: 00007ffc2c02cc58 [ 1719.398155][T24129] [ 1723.169412][T24171] binder: 24164:24171 ioctl 4018620d 9 returned -22 [ 1723.265177][T24171] binder: 24164:24171 ioctl 4018620d 9 returned -22 [ 1724.339461][T24180] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4131'. [ 1724.479879][T24182] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input40 [ 1725.272728][T24191] Process accounting paused [ 1725.995147][T24181] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input41 [ 1726.161483][T24209] FAULT_INJECTION: forcing a failure. [ 1726.161483][T24209] name failslab, interval 1, probability 0, space 0, times 0 [ 1726.340388][T24209] CPU: 0 UID: 0 PID: 24209 Comm: syz.5.4132 Not tainted syzkaller #0 PREEMPT(full) [ 1726.340423][T24209] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1726.340439][T24209] Call Trace: [ 1726.340447][T24209] [ 1726.340457][T24209] dump_stack_lvl+0x16c/0x1f0 [ 1726.340490][T24209] should_fail_ex+0x512/0x640 [ 1726.340527][T24209] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 1726.340555][T24209] ? __pfx_edid_open+0x10/0x10 [ 1726.340580][T24209] should_failslab+0xc2/0x120 [ 1726.340614][T24209] kmem_cache_alloc_noprof+0x75/0x6e0 [ 1726.340638][T24209] ? seq_open+0x55/0x170 [ 1726.340674][T24209] ? __pfx_edid_open+0x10/0x10 [ 1726.340698][T24209] ? __pfx_edid_show+0x10/0x10 [ 1726.340723][T24209] ? seq_open+0x55/0x170 [ 1726.340753][T24209] seq_open+0x55/0x170 [ 1726.340783][T24209] ? __pfx_edid_show+0x10/0x10 [ 1726.340810][T24209] single_open+0xfc/0x1f0 [ 1726.340844][T24209] full_proxy_open_regular+0x1b9/0x360 [ 1726.340884][T24209] do_dentry_open+0x982/0x1530 [ 1726.340912][T24209] ? __pfx_full_proxy_open_regular+0x10/0x10 [ 1726.340955][T24209] vfs_open+0x82/0x3f0 [ 1726.340992][T24209] path_openat+0x1de4/0x2cb0 [ 1726.341028][T24209] ? __pfx_path_openat+0x10/0x10 [ 1726.341057][T24209] ? __lock_acquire+0xb8a/0x1c90 [ 1726.341093][T24209] do_filp_open+0x20b/0x470 [ 1726.341120][T24209] ? __pfx_do_filp_open+0x10/0x10 [ 1726.341167][T24209] ? alloc_fd+0x471/0x7d0 [ 1726.341198][T24209] do_sys_openat2+0x11b/0x1d0 [ 1726.341232][T24209] ? __pfx_do_sys_openat2+0x10/0x10 [ 1726.341277][T24209] ? find_held_lock+0x2b/0x80 [ 1726.341308][T24209] __x64_sys_openat+0x174/0x210 [ 1726.341345][T24209] ? __pfx___x64_sys_openat+0x10/0x10 [ 1726.341394][T24209] do_syscall_64+0xcd/0xfa0 [ 1726.341425][T24209] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1726.341449][T24209] RIP: 0033:0x7f3d1f98f6c9 [ 1726.341467][T24209] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1726.341490][T24209] RSP: 002b:00007f3d2075f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1726.341512][T24209] RAX: ffffffffffffffda RBX: 00007f3d1fbe6090 RCX: 00007f3d1f98f6c9 [ 1726.341527][T24209] RDX: 0000000000109000 RSI: 0000200000000180 RDI: ffffffffffffff9c [ 1726.341542][T24209] RBP: 00007f3d1fa11f91 R08: 0000000000000000 R09: 0000000000000000 [ 1726.341557][T24209] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1726.341571][T24209] R13: 00007f3d1fbe6128 R14: 00007f3d1fbe6090 R15: 00007ffd24661028 [ 1726.341602][T24209] [ 1730.724185][T24240] binder: 24239:24240 ioctl 4018620d 9 returned -22 [ 1730.748140][T24240] binder: 24239:24240 ioctl 4018620d 9 returned -22 [ 1731.520389][T24248] ecryptfs_miscdev_write: Minimum acceptable packet size is [14], but amount of data written is only [5]. Discarding response packet. [ 1731.612702][T24249] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(8.0.1), cmd(1) [ 1732.958288][T24258] netlink: 268 bytes leftover after parsing attributes in process `syz.1.4142'. [ 1733.144095][T24258] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.1.4142: iget: checksum invalid [ 1733.359433][T24258] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 1733.616022][T24258] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.1.4142: iget: checksum invalid [ 1733.810570][T24258] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 1734.030084][T24258] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.1.4142: iget: checksum invalid [ 1734.137381][T24274] net_ratelimit: 974 callbacks suppressed [ 1734.137402][T24274] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 1734.236283][T24258] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 1734.346558][T24258] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.1.4142: iget: checksum invalid [ 1734.447501][T24258] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 1734.526610][T24258] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 1734.599847][T24258] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 1735.209886][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 1735.223643][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 1736.336376][T24263] Process accounting resumed [ 1736.492724][T24297] FAULT_INJECTION: forcing a failure. [ 1736.492724][T24297] name failslab, interval 1, probability 0, space 0, times 0 [ 1736.506159][T24297] CPU: 0 UID: 0 PID: 24297 Comm: syz.1.4151 Not tainted syzkaller #0 PREEMPT(full) [ 1736.506192][T24297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1736.506207][T24297] Call Trace: [ 1736.506215][T24297] [ 1736.506224][T24297] dump_stack_lvl+0x16c/0x1f0 [ 1736.506258][T24297] should_fail_ex+0x512/0x640 [ 1736.506296][T24297] ? __kmalloc_noprof+0xca/0x880 [ 1736.506338][T24297] should_failslab+0xc2/0x120 [ 1736.506372][T24297] __kmalloc_noprof+0xdd/0x880 [ 1736.506412][T24297] ? slhc_init+0x3dd/0x570 [ 1736.506455][T24297] ? slhc_init+0x3dd/0x570 [ 1736.506498][T24297] slhc_init+0x3dd/0x570 [ 1736.506535][T24297] ? kasan_save_track+0x14/0x30 [ 1736.506569][T24297] slip_open+0x8ee/0x1150 [ 1736.506607][T24297] ? __pfx_n_tty_close+0x10/0x10 [ 1736.506644][T24297] ? __pfx_slip_open+0x10/0x10 [ 1736.506680][T24297] ? down_write+0x14d/0x200 [ 1736.506722][T24297] ? __pfx_slip_open+0x10/0x10 [ 1736.506760][T24297] tty_ldisc_open+0x9f/0x120 [ 1736.506784][T24297] tty_set_ldisc+0x32b/0x780 [ 1736.506812][T24297] tty_ioctl+0xc2d/0x1680 [ 1736.506845][T24297] ? __pfx_tty_ioctl+0x10/0x10 [ 1736.506881][T24297] ? find_held_lock+0x2b/0x80 [ 1736.506907][T24297] ? hook_file_ioctl_common+0x145/0x410 [ 1736.506941][T24297] ? __fget_files+0x20e/0x3c0 [ 1736.506970][T24297] ? __pfx_tty_ioctl+0x10/0x10 [ 1736.506999][T24297] __x64_sys_ioctl+0x18e/0x210 [ 1736.507038][T24297] do_syscall_64+0xcd/0xfa0 [ 1736.507071][T24297] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1736.507135][T24297] RIP: 0033:0x7fe13798f6c9 [ 1736.507156][T24297] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1736.507182][T24297] RSP: 002b:00007fe138846038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1736.507206][T24297] RAX: ffffffffffffffda RBX: 00007fe137be5fa0 RCX: 00007fe13798f6c9 [ 1736.507224][T24297] RDX: 0000000000000000 RSI: 0000000000005423 RDI: 0000000000000008 [ 1736.507240][T24297] RBP: 00007fe137a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 1736.507256][T24297] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1736.507271][T24297] R13: 00007fe137be6038 R14: 00007fe137be5fa0 R15: 00007ffc2c02cc58 [ 1736.507304][T24297] [ 1742.613261][T24367] binder: 24366:24367 ioctl 4018620d 9 returned -22 [ 1747.644318][T10052] EXT4-fs (sda1): Delayed block allocation failed for inode 2029 at logical offset 1374 with max blocks 3 with error 117 [ 1747.941780][T10052] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1747.941780][T10052] [ 1751.362576][T24439] delete_channel: no stack [ 1752.886600][T24454] netlink: zone id is out of range [ 1752.931847][T24454] netlink: zone id is out of range [ 1752.989388][T24454] netlink: zone id is out of range [ 1753.068583][T24454] netlink: zone id is out of range [ 1753.686121][T24471] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4182'. [ 1753.770589][T24472] hub 8-0:1.0: USB hub found [ 1753.788308][T24472] hub 8-0:1.0: 1 port detected [ 1756.270593][T24478] Process accounting resumed [ 1757.906148][T24522] netlink: 'syz.5.4186': attribute type 1 has an invalid length. [ 1761.070127][T24557] binder: 24555:24557 ioctl 4018620d 9 returned -22 [ 1761.717108][T24569] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4197'. [ 1765.277142][T24628] FAULT_INJECTION: forcing a failure. [ 1765.277142][T24628] name failslab, interval 1, probability 0, space 0, times 0 [ 1765.295710][T24625] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4210'. [ 1765.318365][T24628] CPU: 0 UID: 0 PID: 24628 Comm: syz.1.4211 Not tainted syzkaller #0 PREEMPT(full) [ 1765.318399][T24628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1765.318414][T24628] Call Trace: [ 1765.318423][T24628] [ 1765.318432][T24628] dump_stack_lvl+0x16c/0x1f0 [ 1765.318467][T24628] should_fail_ex+0x512/0x640 [ 1765.318506][T24628] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 1765.318534][T24628] should_failslab+0xc2/0x120 [ 1765.318574][T24628] kmem_cache_alloc_noprof+0x75/0x6e0 [ 1765.318599][T24628] ? ima_d_path+0xbd/0x2a0 [ 1765.318626][T24628] ? ima_d_path+0xbd/0x2a0 [ 1765.318646][T24628] ima_d_path+0xbd/0x2a0 [ 1765.318666][T24628] ? vfs_getxattr_alloc+0xec/0x350 [ 1765.318692][T24628] ? __pfx_ima_d_path+0x10/0x10 [ 1765.318719][T24628] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 1765.318760][T24628] process_measurement+0x1d86/0x23e0 [ 1765.318804][T24628] ? __lock_acquire+0x622/0x1c90 [ 1765.318838][T24628] ? __pfx_process_measurement+0x10/0x10 [ 1765.318873][T24628] ? __kasan_slab_alloc+0x89/0x90 [ 1765.318903][T24628] ? security_file_alloc+0x34/0x2b0 [ 1765.318928][T24628] ? alloc_empty_file+0x73/0x1e0 [ 1765.318961][T24628] ? alloc_file_pseudo+0x13a/0x230 [ 1765.319003][T24628] ? find_held_lock+0x2b/0x80 [ 1765.319064][T24628] ima_file_mmap+0x1b1/0x1d0 [ 1765.319099][T24628] ? __pfx_ima_file_mmap+0x10/0x10 [ 1765.319143][T24628] security_mmap_file+0x88c/0x990 [ 1765.319171][T24628] vm_mmap_pgoff+0xec/0x470 [ 1765.319207][T24628] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1765.319237][T24628] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 1765.319275][T24628] ? hugetlbfs_get_inode+0x31f/0x730 [ 1765.319313][T24628] ksys_mmap_pgoff+0x1c8/0x5c0 [ 1765.319350][T24628] __x64_sys_mmap+0x125/0x190 [ 1765.319396][T24628] do_syscall_64+0xcd/0xfa0 [ 1765.319429][T24628] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1765.319454][T24628] RIP: 0033:0x7fe13798f6c9 [ 1765.319474][T24628] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1765.319501][T24628] RSP: 002b:00007fe138825038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1765.319525][T24628] RAX: ffffffffffffffda RBX: 00007fe137be6090 RCX: 00007fe13798f6c9 [ 1765.319542][T24628] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000003 [ 1765.319563][T24628] RBP: 00007fe137a11f91 R08: ffffffffffffffff R09: 0000000000008000 [ 1765.319579][T24628] R10: 0000000000049b72 R11: 0000000000000246 R12: 0000000000000000 [ 1765.319595][T24628] R13: 00007fe137be6128 R14: 00007fe137be6090 R15: 00007ffc2c02cc58 [ 1765.319629][T24628] [ 1765.925158][T24624] FAULT_INJECTION: forcing a failure. [ 1765.925158][T24624] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1765.939959][T24624] CPU: 0 UID: 0 PID: 24624 Comm: syz.1.4211 Not tainted syzkaller #0 PREEMPT(full) [ 1765.939992][T24624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1765.940008][T24624] Call Trace: [ 1765.940016][T24624] [ 1765.940025][T24624] dump_stack_lvl+0x16c/0x1f0 [ 1765.940059][T24624] should_fail_ex+0x512/0x640 [ 1765.940104][T24624] get_futex_key+0x293/0x1560 [ 1765.940140][T24624] ? __pfx_get_futex_key+0x10/0x10 [ 1765.940175][T24624] ? __mutex_trylock_common+0xe9/0x250 [ 1765.940217][T24624] futex_wake+0xea/0x530 [ 1765.940258][T24624] ? __pfx_futex_wake+0x10/0x10 [ 1765.940293][T24624] ? __lock_acquire+0xb8a/0x1c90 [ 1765.940338][T24624] do_futex+0x1e3/0x350 [ 1765.940371][T24624] ? __pfx_do_futex+0x10/0x10 [ 1765.940402][T24624] ? __might_fault+0xe3/0x190 [ 1765.940435][T24624] mm_release+0x24e/0x300 [ 1765.940469][T24624] do_exit+0x68e/0x2bf0 [ 1765.940509][T24624] ? __pfx_do_exit+0x10/0x10 [ 1765.940541][T24624] ? do_raw_spin_lock+0x12c/0x2b0 [ 1765.940578][T24624] ? find_held_lock+0x2b/0x80 [ 1765.940608][T24624] do_group_exit+0xd3/0x2a0 [ 1765.940643][T24624] get_signal+0x2671/0x26d0 [ 1765.940674][T24624] ? kmem_cache_free+0x2d4/0x6c0 [ 1765.940707][T24624] ? __pfx_get_signal+0x10/0x10 [ 1765.940734][T24624] ? do_futex+0x122/0x350 [ 1765.940767][T24624] ? __pfx_do_futex+0x10/0x10 [ 1765.940802][T24624] arch_do_signal_or_restart+0x8f/0x790 [ 1765.940835][T24624] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1765.940873][T24624] ? xfd_validate_state+0x61/0x180 [ 1765.940915][T24624] exit_to_user_mode_loop+0x85/0x130 [ 1765.940953][T24624] do_syscall_64+0x426/0xfa0 [ 1765.940985][T24624] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1765.941009][T24624] RIP: 0033:0x7fe13798f6c9 [ 1765.941028][T24624] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1765.941054][T24624] RSP: 002b:00007fe1388460e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1765.941077][T24624] RAX: fffffffffffffe00 RBX: 00007fe137be5fa8 RCX: 00007fe13798f6c9 [ 1765.941094][T24624] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fe137be5fa8 [ 1765.941110][T24624] RBP: 00007fe137be5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1765.941125][T24624] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1765.941141][T24624] R13: 00007fe137be6038 R14: 00007ffc2c02cb70 R15: 00007ffc2c02cc58 [ 1765.941173][T24624] [ 1770.193272][T24647] Process accounting paused [ 1773.220883][ T30] audit: type=1800 audit(4294967425.544:34): pid=24691 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.4222" name="features" dev="configfs" ino=96326 res=0 errno=0 [ 1780.668452][T24757] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4237'. [ 1781.545644][ T30] audit: type=1800 audit(4294967433.918:35): pid=24766 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.4231" name="features" dev="configfs" ino=96762 res=0 errno=0 [ 1785.834993][T24785] netlink: 'syz.5.4242': attribute type 1 has an invalid length. [ 1786.193690][T24782] Process accounting paused [ 1786.846204][T24787] could not allocate digest TFM handle [ 1793.205742][T24868] Unable to find swap-space signature [ 1795.587783][T24893] netlink: 'syz.3.4261': attribute type 1 has an invalid length. [ 1796.332367][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 1796.339001][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 1798.602275][T24921] FAULT_INJECTION: forcing a failure. [ 1798.602275][T24921] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1798.624550][T24921] CPU: 0 UID: 0 PID: 24921 Comm: syz.1.4266 Not tainted syzkaller #0 PREEMPT(full) [ 1798.624583][T24921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1798.624598][T24921] Call Trace: [ 1798.624606][T24921] [ 1798.624615][T24921] dump_stack_lvl+0x16c/0x1f0 [ 1798.624650][T24921] should_fail_ex+0x512/0x640 [ 1798.624690][T24921] get_futex_key+0x1d0/0x1560 [ 1798.624743][T24921] ? __pfx_get_futex_key+0x10/0x10 [ 1798.624776][T24921] ? __mutex_trylock_common+0xe9/0x250 [ 1798.624818][T24921] futex_wake+0xea/0x530 [ 1798.624858][T24921] ? __pfx_futex_wake+0x10/0x10 [ 1798.624892][T24921] ? __lock_acquire+0xb8a/0x1c90 [ 1798.624936][T24921] do_futex+0x1e3/0x350 [ 1798.624968][T24921] ? __pfx_do_futex+0x10/0x10 [ 1798.624998][T24921] ? __might_fault+0xe3/0x190 [ 1798.625030][T24921] mm_release+0x24e/0x300 [ 1798.625056][T24921] do_exit+0x68e/0x2bf0 [ 1798.625094][T24921] ? __pfx_do_exit+0x10/0x10 [ 1798.625126][T24921] ? do_raw_spin_lock+0x12c/0x2b0 [ 1798.625161][T24921] ? find_held_lock+0x2b/0x80 [ 1798.625189][T24921] do_group_exit+0xd3/0x2a0 [ 1798.625223][T24921] get_signal+0x2671/0x26d0 [ 1798.625260][T24921] ? __pfx_get_signal+0x10/0x10 [ 1798.625287][T24921] ? do_futex+0x122/0x350 [ 1798.625318][T24921] ? __pfx_do_futex+0x10/0x10 [ 1798.625352][T24921] arch_do_signal_or_restart+0x8f/0x790 [ 1798.625383][T24921] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1798.625419][T24921] ? set_cred_ucounts+0x10f/0x200 [ 1798.625463][T24921] exit_to_user_mode_loop+0x85/0x130 [ 1798.625505][T24921] do_syscall_64+0x426/0xfa0 [ 1798.625538][T24921] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1798.625562][T24921] RIP: 0033:0x7fe13798f6c9 [ 1798.625581][T24921] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1798.625604][T24921] RSP: 002b:00007fe1387e30e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1798.625626][T24921] RAX: fffffffffffffe00 RBX: 00007fe137be6278 RCX: 00007fe13798f6c9 [ 1798.625642][T24921] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fe137be6278 [ 1798.625656][T24921] RBP: 00007fe137be6270 R08: 0000000000000000 R09: 0000000000000000 [ 1798.625670][T24921] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1798.625684][T24921] R13: 00007fe137be6308 R14: 00007ffc2c02cb70 R15: 00007ffc2c02cc58 [ 1798.625715][T24921] [ 1800.244333][T24939] Process accounting resumed [ 1802.146831][T24972] FAULT_INJECTION: forcing a failure. [ 1802.146831][T24972] name failslab, interval 1, probability 0, space 0, times 0 [ 1802.181334][T24972] CPU: 0 UID: 0 PID: 24972 Comm: syz.1.4274 Not tainted syzkaller #0 PREEMPT(full) [ 1802.181369][T24972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1802.181384][T24972] Call Trace: [ 1802.181393][T24972] [ 1802.181404][T24972] dump_stack_lvl+0x16c/0x1f0 [ 1802.181440][T24972] should_fail_ex+0x512/0x640 [ 1802.181480][T24972] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 1802.181510][T24972] should_failslab+0xc2/0x120 [ 1802.181545][T24972] kmem_cache_alloc_noprof+0x75/0x6e0 [ 1802.181572][T24972] ? alloc_uid+0x13d/0x4c0 [ 1802.181610][T24972] ? alloc_uid+0x13d/0x4c0 [ 1802.181640][T24972] alloc_uid+0x13d/0x4c0 [ 1802.181673][T24972] ? __pfx_alloc_uid+0x10/0x10 [ 1802.181707][T24972] ? bpf_lsm_capable+0x9/0x10 [ 1802.181741][T24972] ? security_capable+0x7e/0x260 [ 1802.181782][T24972] __sys_setuid+0x1cc/0x440 [ 1802.181811][T24972] do_syscall_64+0xcd/0xfa0 [ 1802.181845][T24972] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1802.181871][T24972] RIP: 0033:0x7fe13798f6c9 [ 1802.181890][T24972] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1802.181914][T24972] RSP: 002b:00007fe138846038 EFLAGS: 00000246 ORIG_RAX: 0000000000000069 [ 1802.181937][T24972] RAX: ffffffffffffffda RBX: 00007fe137be5fa0 RCX: 00007fe13798f6c9 [ 1802.181954][T24972] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000e [ 1802.181969][T24972] RBP: 00007fe137a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 1802.181984][T24972] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1802.181998][T24972] R13: 00007fe137be6038 R14: 00007fe137be5fa0 R15: 00007ffc2c02cc58 [ 1802.182031][T24972] [ 1806.627299][ T30] audit: type=1800 audit(4294967459.118:36): pid=25028 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.4282" name="features" dev="configfs" ino=97967 res=0 errno=0 [ 1809.036971][T25051] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.2.4285: iget: checksum invalid [ 1809.089902][T25051] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 1809.124999][T25051] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.2.4285: iget: checksum invalid [ 1809.179370][T25051] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 1809.228608][T25051] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.2.4285: iget: checksum invalid [ 1809.272730][T25051] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 1809.320256][T25051] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.2.4285: iget: checksum invalid [ 1809.354640][T25051] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 1809.383134][T25051] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 1809.414792][T25051] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 1809.949949][T20180] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 1810.301157][T25060] netlink: 334 bytes leftover after parsing attributes in process `syz.1.4287'. [ 1810.373420][T25064] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4290'. [ 1810.425305][T25065] nbd: socks must be embedded in a SOCK_ITEM attr [ 1811.009819][T12740] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1811.233724][T12740] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1811.434961][T12740] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1811.625118][T12740] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1811.796299][T12740] netdevsim netdevsim2 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1812.023214][T25059] Bluetooth: hci3: command 0x0c1a tx timeout [ 1816.645596][T25110] Process accounting resumed [ 1818.298663][T25130] futex_wake_op: syz.5.4302 tries to shift op by -2048; fix this program [ 1818.374415][T25130] futex_wake_op: syz.5.4302 tries to shift op by -2048; fix this program [ 1824.248235][T25202] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4316'. [ 1824.436268][T25209] sctp: [Deprecated]: syz.1.4316 (pid 25209) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1824.436268][T25209] Use struct sctp_sack_info instead [ 1828.088234][T10056] EXT4-fs (sda1): Delayed block allocation failed for inode 2029 at logical offset 932 with max blocks 3 with error 117 [ 1828.353901][T10056] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1828.353901][T10056] [ 1829.106949][T10056] EXT4-fs (sda1): Delayed block allocation failed for inode 2029 at logical offset 932 with max blocks 1 with error 117 [ 1829.258061][T10056] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1829.258061][T10056] [ 1830.154410][T25290] Process accounting paused [ 1830.289535][T25296] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4331'. [ 1830.851934][T25305] Unable to find swap-space signature [ 1831.684719][ T30] audit: type=1800 audit(4294967484.308:37): pid=25301 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.4332" name="features" dev="configfs" ino=99077 res=0 errno=0 [ 1831.819814][T10056] EXT4-fs (sda1): Delayed block allocation failed for inode 2029 at logical offset 1361 with max blocks 16 with error 117 [ 1832.040973][T10056] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1832.040973][T10056] [ 1832.394123][T10056] EXT4-fs (sda1): Delayed block allocation failed for inode 2029 at logical offset 1356 with max blocks 5 with error 117 [ 1832.821470][T10056] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1832.821470][T10056] [ 1833.693688][T25339] netlink: 330 bytes leftover after parsing attributes in process `syz.1.4340'. [ 1834.526957][T25277] kexec: Could not allocate control_code_buffer [ 1836.658209][T25380] futex_wake_op: syz.2.4347 tries to shift op by -2048; fix this program [ 1836.698255][T25380] futex_wake_op: syz.2.4347 tries to shift op by -2048; fix this program [ 1843.916310][T25460] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input43 [ 1844.763294][T25462] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input44 [ 1845.039423][T25476] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4366'. [ 1845.481152][T25476] veth1_macvtap: left allmulticast mode [ 1845.703384][T25476] veth1_macvtap: left promiscuous mode [ 1847.144514][T25504] base or size exceeds the MTRR width [ 1848.784910][T25493] Process accounting paused [ 1851.778658][T25535] ubi0: attaching mtd1 [ 1851.997860][T25535] ubi0: scanning is finished [ 1852.002908][T25535] ubi0 error: ubi_read_volume_table: LEB size too small for a volume record [ 1852.206825][T25547] block nbd9: NBD_DISCONNECT [ 1853.063402][T25535] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd1, error -22 [ 1857.453654][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 1857.460228][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 1859.227122][T25622] FAULT_INJECTION: forcing a failure. [ 1859.227122][T25622] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1859.288665][T25622] CPU: 0 UID: 0 PID: 25622 Comm: syz.1.4396 Not tainted syzkaller #0 PREEMPT(full) [ 1859.288697][T25622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1859.288711][T25622] Call Trace: [ 1859.288719][T25622] [ 1859.288728][T25622] dump_stack_lvl+0x16c/0x1f0 [ 1859.288762][T25622] should_fail_ex+0x512/0x640 [ 1859.288802][T25622] get_futex_key+0x1d0/0x1560 [ 1859.288836][T25622] ? __pfx_get_futex_key+0x10/0x10 [ 1859.288871][T25622] ? __mutex_trylock_common+0xe9/0x250 [ 1859.288914][T25622] futex_wake+0xea/0x530 [ 1859.288954][T25622] ? __pfx_futex_wake+0x10/0x10 [ 1859.288989][T25622] ? __lock_acquire+0xb8a/0x1c90 [ 1859.289034][T25622] do_futex+0x1e3/0x350 [ 1859.289068][T25622] ? __pfx_do_futex+0x10/0x10 [ 1859.289098][T25622] ? __might_fault+0xe3/0x190 [ 1859.289131][T25622] mm_release+0x24e/0x300 [ 1859.289159][T25622] do_exit+0x68e/0x2bf0 [ 1859.289198][T25622] ? __pfx_do_exit+0x10/0x10 [ 1859.289231][T25622] ? do_raw_spin_lock+0x12c/0x2b0 [ 1859.289268][T25622] ? find_held_lock+0x2b/0x80 [ 1859.289304][T25622] do_group_exit+0xd3/0x2a0 [ 1859.289341][T25622] get_signal+0x2671/0x26d0 [ 1859.289379][T25622] ? __pfx_get_signal+0x10/0x10 [ 1859.289407][T25622] ? do_futex+0x122/0x350 [ 1859.289439][T25622] ? __pfx_do_futex+0x10/0x10 [ 1859.289475][T25622] arch_do_signal_or_restart+0x8f/0x790 [ 1859.289507][T25622] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1859.289545][T25622] ? set_cred_ucounts+0x10f/0x200 [ 1859.289590][T25622] exit_to_user_mode_loop+0x85/0x130 [ 1859.289629][T25622] do_syscall_64+0x426/0xfa0 [ 1859.289661][T25622] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1859.289686][T25622] RIP: 0033:0x7fe13798f6c9 [ 1859.289706][T25622] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1859.289732][T25622] RSP: 002b:00007fe1387e30e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1859.289756][T25622] RAX: fffffffffffffe00 RBX: 00007fe137be6278 RCX: 00007fe13798f6c9 [ 1859.289773][T25622] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fe137be6278 [ 1859.289789][T25622] RBP: 00007fe137be6270 R08: 0000000000000000 R09: 0000000000000000 [ 1859.289804][T25622] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1859.289819][T25622] R13: 00007fe137be6308 R14: 00007ffc2c02cb70 R15: 00007ffc2c02cc58 [ 1859.289851][T25622] [ 1859.661396][T25629] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4398'. [ 1860.157480][T25588] Process accounting resumed [ 1860.411403][T25629] veth1_macvtap: left promiscuous mode [ 1862.016086][T25653] random: crng reseeded on system resumption [ 1862.341916][T25059] Bluetooth: hci3: unexpected event 0x14 length: 16 > 6 [ 1868.124101][T25707] kexec: Could not allocate control_code_buffer [ 1869.566226][T25736] binder: 25735:25736 ioctl c018620c 0 returned -1 [ 1869.593981][T25736] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4415'. [ 1870.767929][T25748] netlink: 338 bytes leftover after parsing attributes in process `syz.1.4421'. [ 1871.488854][T10060] EXT4-fs (sda1): Delayed block allocation failed for inode 2029 at logical offset 934 with max blocks 1 with error 117 [ 1871.582570][T10060] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1871.582570][T10060] [ 1871.943133][T11964] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1871.968182][T11964] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1871.990233][T11964] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1872.002501][T11964] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1872.012423][T11964] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1873.157492][T10060] EXT4-fs (sda1): Delayed block allocation failed for inode 2029 at logical offset 933 with max blocks 1 with error 117 [ 1873.280058][T10060] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1873.280058][T10060] [ 1873.370133][T25761] chnl_net:caif_netlink_parms(): no params data found [ 1873.617668][T25783] netlink: 'syz.1.4428': attribute type 4 has an invalid length. [ 1873.636411][T25783] netlink: 314 bytes leftover after parsing attributes in process `syz.1.4428'. [ 1874.084224][T11964] Bluetooth: hci4: command tx timeout [ 1874.704910][T25782] kexec: Could not allocate control_code_buffer [ 1875.367527][T25761] bridge0: port 1(bridge_slave_0) entered blocking state [ 1875.457967][T25761] bridge0: port 1(bridge_slave_0) entered disabled state [ 1875.548416][T25761] bridge_slave_0: entered allmulticast mode [ 1875.648215][T25761] bridge_slave_0: entered promiscuous mode [ 1875.779506][T25761] bridge0: port 2(bridge_slave_1) entered blocking state [ 1875.913578][T25761] bridge0: port 2(bridge_slave_1) entered disabled state [ 1875.994118][T25761] bridge_slave_1: entered allmulticast mode [ 1876.070565][T25761] bridge_slave_1: entered promiscuous mode [ 1876.151228][T11964] Bluetooth: hci4: command tx timeout [ 1876.533118][T25761] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1876.660813][T25761] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1877.296657][T25801] Invalid ELF header magic: != ELF [ 1877.375559][T25761] team0: Port device team_slave_0 added [ 1877.465585][T25761] team0: Port device team_slave_1 added [ 1878.160746][T25806] netlink: 20 bytes leftover after parsing attributes in process `syz.5.4431'. [ 1878.180332][T25761] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1878.187541][T25761] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1878.238979][T11964] Bluetooth: hci4: command tx timeout [ 1878.528452][T25761] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1878.639833][T25761] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1878.667855][T25761] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1878.757209][T25761] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1879.078113][T25761] hsr_slave_0: entered promiscuous mode [ 1879.084897][T25761] hsr_slave_1: entered promiscuous mode [ 1879.225632][T25761] debugfs: 'hsr0' already exists in 'hsr' [ 1879.231623][T25761] Cannot create hsr debugfs directory [ 1879.847917][T25815] random: crng reseeded on system resumption [ 1880.295458][T11964] Bluetooth: hci4: command tx timeout [ 1880.643689][T25761] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 1880.673583][T25761] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 1880.709278][T25761] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 1880.734839][T25761] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 1880.921117][T25761] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1880.968991][T25761] 8021q: adding VLAN 0 to HW filter on device team0 [ 1880.994346][T25818] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1881.010378][T10060] bridge0: port 1(bridge_slave_0) entered blocking state [ 1881.017922][T10060] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1881.048856][T25818] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 1881.056645][T10060] bridge0: port 2(bridge_slave_1) entered blocking state [ 1881.064537][T10060] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1881.147737][T25818] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1881.194225][T25818] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1881.268941][T25818] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1881.305885][T25818] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 1881.421959][T25818] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 1881.552375][T25761] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1882.438403][T11964] Bluetooth: hci3: command 0x0c1a tx timeout [ 1883.154940][T11964] Bluetooth: hci1: command 0x0c1a tx timeout [ 1883.234302][T11964] Bluetooth: hci2: command 0x0c1a tx timeout [ 1883.314442][T11964] Bluetooth: hci4: command 0x0c1a tx timeout [ 1883.616920][T25761] veth0_vlan: entered promiscuous mode [ 1883.753892][T25761] veth1_vlan: entered promiscuous mode [ 1884.021365][T25761] veth0_macvtap: entered promiscuous mode [ 1884.121844][T25761] veth1_macvtap: entered promiscuous mode [ 1884.285625][T25761] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1884.472746][T25761] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1884.507562][T11964] Bluetooth: hci3: command 0x0c1a tx timeout [ 1884.667929][T10060] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1884.755467][T10060] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1884.908169][T10060] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1884.996844][T10060] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1885.033339][T25862] Invalid ELF header magic: != ELF [ 1885.383251][T11964] Bluetooth: hci4: command 0x0c1a tx timeout [ 1885.772090][T10060] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1885.803534][T10060] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1886.160181][T24036] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1886.168084][T24036] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1886.699654][T25885] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input45 [ 1887.454819][T11964] Bluetooth: hci4: command 0x0c1a tx timeout [ 1887.549864][T25898] base or size exceeds the MTRR width [ 1890.800918][T25923] Process accounting paused [ 1891.015933][T25940] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 1897.375014][T26010] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4472'. [ 1897.641944][T26021] FAULT_INJECTION: forcing a failure. [ 1897.641944][T26021] name failslab, interval 1, probability 0, space 0, times 0 [ 1897.673058][T26021] CPU: 0 UID: 0 PID: 26021 Comm: syz.1.4474 Not tainted syzkaller #0 PREEMPT(full) [ 1897.673094][T26021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1897.673110][T26021] Call Trace: [ 1897.673120][T26021] [ 1897.673131][T26021] dump_stack_lvl+0x16c/0x1f0 [ 1897.673169][T26021] should_fail_ex+0x512/0x640 [ 1897.673209][T26021] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 1897.673240][T26021] should_failslab+0xc2/0x120 [ 1897.673276][T26021] kmem_cache_alloc_noprof+0x75/0x6e0 [ 1897.673302][T26021] ? vm_area_alloc+0x1f/0x160 [ 1897.673331][T26021] ? vm_area_alloc+0x1f/0x160 [ 1897.673352][T26021] vm_area_alloc+0x1f/0x160 [ 1897.673374][T26021] __mmap_region+0xf85/0x27a0 [ 1897.673401][T26021] ? find_held_lock+0x2b/0x80 [ 1897.673432][T26021] ? __pfx___mmap_region+0x10/0x10 [ 1897.673455][T26021] ? finish_task_switch.isra.0+0x21c/0xc10 [ 1897.673484][T26021] ? rcu_is_watching+0x12/0xc0 [ 1897.673519][T26021] ? finish_task_switch.isra.0+0x221/0xc10 [ 1897.673545][T26021] ? lockdep_hardirqs_on+0x7c/0x110 [ 1897.673577][T26021] ? finish_task_switch.isra.0+0x221/0xc10 [ 1897.673631][T26021] ? __pfx___schedule+0x10/0x10 [ 1897.673696][T26021] ? trace_cap_capable+0x18d/0x200 [ 1897.673745][T26021] mmap_region+0x1ab/0x3f0 [ 1897.673774][T26021] ? __get_unmapped_area+0x267/0x440 [ 1897.673819][T26021] do_mmap+0xa3e/0x1210 [ 1897.673857][T26021] ? __pfx_do_mmap+0x10/0x10 [ 1897.673891][T26021] ? __pfx_down_write_killable+0x10/0x10 [ 1897.673935][T26021] vm_mmap_pgoff+0x29e/0x470 [ 1897.673974][T26021] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1897.674007][T26021] ? do_sigaltstack.constprop.0+0x547/0x800 [ 1897.674051][T26021] ? __x64_sys_futex+0x1e0/0x4c0 [ 1897.674085][T26021] ? __x64_sys_futex+0x1e9/0x4c0 [ 1897.674125][T26021] ksys_mmap_pgoff+0x7d/0x5c0 [ 1897.674157][T26021] ? xfd_validate_state+0x61/0x180 [ 1897.674199][T26021] __x64_sys_mmap+0x125/0x190 [ 1897.674241][T26021] do_syscall_64+0xcd/0xfa0 [ 1897.674275][T26021] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1897.674302][T26021] RIP: 0033:0x7fe13798f6c9 [ 1897.674322][T26021] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1897.674350][T26021] RSP: 002b:00007fe138825038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1897.674375][T26021] RAX: ffffffffffffffda RBX: 00007fe137be6090 RCX: 00007fe13798f6c9 [ 1897.674393][T26021] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 1897.674410][T26021] RBP: 00007fe137a11f91 R08: fffffffffffffffa R09: 0000000000008000 [ 1897.674427][T26021] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 1897.674443][T26021] R13: 00007fe137be6128 R14: 00007fe137be6090 R15: 00007ffc2c02cc58 [ 1897.674478][T26021] [ 1898.958715][T26032] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 1900.352166][T26013] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 1902.464484][T26076] futex_wake_op: syz.1.4482 tries to shift op by -2048; fix this program [ 1902.524361][T26074] 0x000000000001-0x000000020000 : "" [ 1902.618033][T26074] ftl_cs: FTL header corrupt! [ 1902.739255][T26076] syz.1.4482(26076): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 1903.179722][T26085] random: crng reseeded on system resumption [ 1906.881381][T26113] FAULT_INJECTION: forcing a failure. [ 1906.881381][T26113] name failslab, interval 1, probability 0, space 0, times 0 [ 1906.984038][T26104] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 1907.011280][T26113] CPU: 0 UID: 0 PID: 26113 Comm: syz.6.4489 Not tainted syzkaller #0 PREEMPT(full) [ 1907.011313][T26113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1907.011330][T26113] Call Trace: [ 1907.011338][T26113] [ 1907.011349][T26113] dump_stack_lvl+0x16c/0x1f0 [ 1907.011384][T26113] should_fail_ex+0x512/0x640 [ 1907.011421][T26113] ? __kmalloc_noprof+0xca/0x880 [ 1907.011463][T26113] should_failslab+0xc2/0x120 [ 1907.011514][T26113] __kmalloc_noprof+0xdd/0x880 [ 1907.011554][T26113] ? lsm_blob_alloc+0x68/0x90 [ 1907.011590][T26113] ? lsm_blob_alloc+0x68/0x90 [ 1907.011626][T26113] lsm_blob_alloc+0x68/0x90 [ 1907.011658][T26113] security_sk_alloc+0x30/0x270 [ 1907.011697][T26113] sk_prot_alloc+0xfb/0x2a0 [ 1907.011731][T26113] sk_alloc+0x36/0xc20 [ 1907.011769][T26113] inet6_create+0x381/0x12b0 [ 1907.011802][T26113] ? inet6_create+0x7f/0x12b0 [ 1907.011835][T26113] __sock_create+0x338/0x8d0 [ 1907.011874][T26113] inet_ctl_sock_create+0x94/0x230 [ 1907.011911][T26113] ? __pfx_inet_ctl_sock_create+0x10/0x10 [ 1907.011949][T26113] ? __asan_memcpy+0x3c/0x60 [ 1907.011976][T26113] ? __pfx_tcpv6_net_init+0x10/0x10 [ 1907.012008][T26113] tcpv6_net_init+0x31/0xc0 [ 1907.012040][T26113] ops_init+0x1e2/0x5f0 [ 1907.012072][T26113] setup_net+0x100/0x390 [ 1907.012099][T26113] ? __pfx_setup_net+0x10/0x10 [ 1907.012126][T26113] ? debug_mutex_init+0x37/0x70 [ 1907.012155][T26113] copy_net_ns+0x2f8/0x690 [ 1907.012187][T26113] create_new_namespaces+0x3ea/0xa90 [ 1907.012222][T26113] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 1907.012254][T26113] ksys_unshare+0x45b/0xa40 [ 1907.012288][T26113] ? __pfx_ksys_unshare+0x10/0x10 [ 1907.012322][T26113] ? xfd_validate_state+0x61/0x180 [ 1907.012367][T26113] __x64_sys_unshare+0x31/0x40 [ 1907.012399][T26113] do_syscall_64+0xcd/0xfa0 [ 1907.012432][T26113] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1907.012457][T26113] RIP: 0033:0x7f7dca78f6c9 [ 1907.012477][T26113] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1907.012504][T26113] RSP: 002b:00007f7dcb586038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1907.012528][T26113] RAX: ffffffffffffffda RBX: 00007f7dca9e5fa0 RCX: 00007f7dca78f6c9 [ 1907.012545][T26113] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1907.012561][T26113] RBP: 00007f7dca811f91 R08: 0000000000000000 R09: 0000000000000000 [ 1907.012577][T26113] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1907.012593][T26113] R13: 00007f7dca9e6038 R14: 00007f7dca9e5fa0 R15: 00007fffc963b418 [ 1907.012715][T26113] [ 1909.849701][T26129] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input46 [ 1910.838731][T26129] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input47 [ 1912.024067][T26143] netlink: 338 bytes leftover after parsing attributes in process `syz.6.4495'. [ 1913.471580][T26154] FAULT_INJECTION: forcing a failure. [ 1913.471580][T26154] name failslab, interval 1, probability 0, space 0, times 0 [ 1913.581045][T26154] CPU: 0 UID: 0 PID: 26154 Comm: syz.1.4497 Not tainted syzkaller #0 PREEMPT(full) [ 1913.581081][T26154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1913.581095][T26154] Call Trace: [ 1913.581112][T26154] [ 1913.581122][T26154] dump_stack_lvl+0x16c/0x1f0 [ 1913.581157][T26154] should_fail_ex+0x512/0x640 [ 1913.581196][T26154] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 1913.581224][T26154] should_failslab+0xc2/0x120 [ 1913.581258][T26154] kmem_cache_alloc_noprof+0x75/0x6e0 [ 1913.581284][T26154] ? vm_area_alloc+0x1f/0x160 [ 1913.581312][T26154] ? vm_area_alloc+0x1f/0x160 [ 1913.581333][T26154] vm_area_alloc+0x1f/0x160 [ 1913.581355][T26154] create_init_stack_vma+0x29/0x700 [ 1913.581390][T26154] alloc_bprm+0x420/0x710 [ 1913.581419][T26154] do_execveat_common.isra.0+0x1ce/0x610 [ 1913.581452][T26154] __x64_sys_execve+0x8e/0xb0 [ 1913.581480][T26154] do_syscall_64+0xcd/0xfa0 [ 1913.581514][T26154] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1913.581610][T26154] RIP: 0033:0x7fe13798f6c9 [ 1913.581631][T26154] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1913.581658][T26154] RSP: 002b:00007fe138846038 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 1913.581683][T26154] RAX: ffffffffffffffda RBX: 00007fe137be5fa0 RCX: 00007fe13798f6c9 [ 1913.581700][T26154] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000 [ 1913.581716][T26154] RBP: 00007fe137a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 1913.581737][T26154] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1913.581753][T26154] R13: 00007fe137be6038 R14: 00007fe137be5fa0 R15: 00007ffc2c02cc58 [ 1913.581786][T26154] [ 1913.766495][ C0] vkms_vblank_simulate: vblank timer overrun [ 1914.638366][T26162] Invalid ELF header magic: != ELF [ 1914.984015][T26170] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4502'. [ 1915.226930][T26170] zero sized request [ 1915.464103][T26176] netlink: 20 bytes leftover after parsing attributes in process `syz.6.4500'. [ 1915.915444][T26179] input: f¬ as /devices/virtual/input/input49 [ 1916.174845][T26176] mac80211_hwsim hwsim58 wlan1: entered allmulticast mode [ 1917.666957][T26199] netlink: 338 bytes leftover after parsing attributes in process `syz.5.4509'. [ 1918.458662][T26214] Invalid ELF header magic: != ELF [ 1918.587652][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 1918.602812][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 1920.450822][T26235] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 1920.774209][T26242] Process accounting resumed [ 1921.192522][T26256] random: crng reseeded on system resumption [ 1921.784742][T26264] Invalid ELF header magic: != ELF [ 1922.105303][T26270] Invalid ELF header magic: != ELF [ 1925.113597][T26291] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 1925.296105][T26299] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input50 [ 1927.921672][T26300] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input51 [ 1928.422356][T26300] input: failed to attach handler evdev to device input51, error: -4 [ 1930.802123][T26335] zswap: compressor not available [ 1931.065608][T26347] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4536'. [ 1931.269890][T10224] EXT4-fs (sda1): Delayed block allocation failed for inode 2029 at logical offset 1328 with max blocks 49 with error 117 [ 1931.320289][T10224] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1931.320289][T10224] [ 1931.489077][T26350] netlink: 'syz.5.4538': attribute type 11 has an invalid length. [ 1931.634194][T26350] sysfs: cannot create duplicate filename '/class/ieee80211/!PjE ùrõ£Ò„yù*›"¤l-ý¤ôy–ú„L̓÷ÓÄ]' [ 1931.752487][T26350] CPU: 0 UID: 0 PID: 26350 Comm: syz.5.4538 Not tainted syzkaller #0 PREEMPT(full) [ 1931.752522][T26350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1931.752538][T26350] Call Trace: [ 1931.752547][T26350] [ 1931.752557][T26350] dump_stack_lvl+0x16c/0x1f0 [ 1931.752593][T26350] sysfs_warn_dup+0x7f/0xa0 [ 1931.752625][T26350] sysfs_do_create_link_sd+0x124/0x140 [ 1931.752662][T26350] sysfs_create_link+0x61/0xc0 [ 1931.752694][T26350] device_add+0x62c/0x1aa0 [ 1931.752738][T26350] ? __pfx_device_add+0x10/0x10 [ 1931.752775][T26350] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1931.752819][T26350] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 1931.752854][T26350] wiphy_register+0x1eb0/0x2b20 [ 1931.752889][T26350] ? netdev_run_todo+0x864/0x1320 [ 1931.752925][T26350] ? __pfx_wiphy_register+0x10/0x10 [ 1931.752975][T26350] ieee80211_register_hw+0x253d/0x4120 [ 1931.753022][T26350] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 1931.753057][T26350] ? __pfx___debug_object_init+0x10/0x10 [ 1931.753097][T26350] ? find_held_lock+0x2b/0x80 [ 1931.753125][T26350] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1931.753167][T26350] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 1931.753202][T26350] ? __hrtimer_setup+0x176/0x280 [ 1931.753244][T26350] mac80211_hwsim_new_radio+0x32d8/0x50b0 [ 1931.753290][T26350] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1931.753320][T26350] ? __asan_memcpy+0x3c/0x60 [ 1931.753351][T26350] hwsim_new_radio_nl+0xba2/0x1330 [ 1931.753392][T26350] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1931.753430][T26350] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1931.753466][T26350] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1931.753509][T26350] genl_family_rcv_msg_doit+0x209/0x2f0 [ 1931.753544][T26350] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1931.753587][T26350] ? bpf_lsm_capable+0x9/0x10 [ 1931.753620][T26350] ? security_capable+0x7e/0x260 [ 1931.753658][T26350] ? ns_capable+0xd7/0x110 [ 1931.753687][T26350] genl_rcv_msg+0x55c/0x800 [ 1931.753722][T26350] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1931.753754][T26350] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1931.753793][T26350] netlink_rcv_skb+0x158/0x420 [ 1931.753820][T26350] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1931.753853][T26350] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1931.753893][T26350] ? netlink_deliver_tap+0x1ae/0xd30 [ 1931.753923][T26350] genl_rcv+0x28/0x40 [ 1931.753949][T26350] netlink_unicast+0x5aa/0x870 [ 1931.753981][T26350] ? __pfx_netlink_unicast+0x10/0x10 [ 1931.754007][T26350] ? __pfx___might_resched+0x10/0x10 [ 1931.754044][T26350] netlink_sendmsg+0x8c8/0xdd0 [ 1931.754076][T26350] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1931.754107][T26350] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 1931.754148][T26350] ____sys_sendmsg+0xa98/0xc70 [ 1931.754181][T26350] ? copy_msghdr_from_user+0x10a/0x160 [ 1931.754205][T26350] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1931.754244][T26350] ? __pfx_futex_wake_mark+0x10/0x10 [ 1931.754287][T26350] ___sys_sendmsg+0x134/0x1d0 [ 1931.754313][T26350] ? __pfx____sys_sendmsg+0x10/0x10 [ 1931.754335][T26350] ? __lock_acquire+0x622/0x1c90 [ 1931.754413][T26350] __sys_sendmsg+0x16d/0x220 [ 1931.754439][T26350] ? __pfx___sys_sendmsg+0x10/0x10 [ 1931.754470][T26350] ? __x64_sys_futex+0x1e0/0x4c0 [ 1931.754523][T26350] do_syscall_64+0xcd/0xfa0 [ 1931.754558][T26350] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1931.754584][T26350] RIP: 0033:0x7f3d1f98f6c9 [ 1931.754604][T26350] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1931.754628][T26350] RSP: 002b:00007f3d20780038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1931.754651][T26350] RAX: ffffffffffffffda RBX: 00007f3d1fbe5fa0 RCX: 00007f3d1f98f6c9 [ 1931.754668][T26350] RDX: 0000000000040800 RSI: 00002000000000c0 RDI: 0000000000000003 [ 1931.754683][T26350] RBP: 00007f3d1fa11f91 R08: 0000000000000000 R09: 0000000000000000 [ 1931.754698][T26350] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1931.754712][T26350] R13: 00007f3d1fbe6038 R14: 00007f3d1fbe5fa0 R15: 00007ffd24661028 [ 1931.754744][T26350] [ 1933.663231][T25059] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1933.682632][T25059] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1933.691315][T25059] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1933.702438][T25059] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1933.710248][T25059] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1935.761749][T25059] Bluetooth: hci5: command tx timeout [ 1936.508378][T26381] binder: 26380:26381 ioctl c018620c 0 returned -22 [ 1936.543024][T26381] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4543'. [ 1936.899344][T26387] Invalid ELF header magic: != ELF [ 1937.423348][T26394] FAULT_INJECTION: forcing a failure. [ 1937.423348][T26394] name failslab, interval 1, probability 0, space 0, times 0 [ 1937.436919][T26394] CPU: 0 UID: 0 PID: 26394 Comm: syz.1.4547 Not tainted syzkaller #0 PREEMPT(full) [ 1937.436953][T26394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1937.436969][T26394] Call Trace: [ 1937.436977][T26394] [ 1937.436987][T26394] dump_stack_lvl+0x16c/0x1f0 [ 1937.437022][T26394] should_fail_ex+0x512/0x640 [ 1937.437060][T26394] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 1937.437090][T26394] should_failslab+0xc2/0x120 [ 1937.437123][T26394] kmem_cache_alloc_noprof+0x75/0x6e0 [ 1937.437159][T26394] ? mas_preallocate+0xe6a/0x11f0 [ 1937.437198][T26394] ? mas_preallocate+0xe6a/0x11f0 [ 1937.437228][T26394] mas_preallocate+0xe6a/0x11f0 [ 1937.437266][T26394] ? __pfx_mas_preallocate+0x10/0x10 [ 1937.437305][T26394] ? vm_area_alloc+0x1f/0x160 [ 1937.437331][T26394] ? lockdep_init_map_type+0x5c/0x280 [ 1937.437370][T26394] __mmap_region+0x117f/0x27a0 [ 1937.437400][T26394] ? __pfx___mmap_region+0x10/0x10 [ 1937.437423][T26394] ? lock_acquire+0x179/0x350 [ 1937.437457][T26394] ? find_held_lock+0x2b/0x80 [ 1937.437483][T26394] ? finish_task_switch.isra.0+0x21c/0xc10 [ 1937.437511][T26394] ? rcu_is_watching+0x12/0xc0 [ 1937.437538][T26394] ? finish_task_switch.isra.0+0x221/0xc10 [ 1937.437571][T26394] ? trace_sched_exit_tp+0xd1/0x120 [ 1937.437611][T26394] ? __schedule+0x11a3/0x5de0 [ 1937.437688][T26394] ? trace_cap_capable+0x18d/0x200 [ 1937.437734][T26394] mmap_region+0x1ab/0x3f0 [ 1937.437759][T26394] ? __get_unmapped_area+0x267/0x440 [ 1937.437796][T26394] do_mmap+0xa3e/0x1210 [ 1937.437833][T26394] ? __pfx_do_mmap+0x10/0x10 [ 1937.437869][T26394] ? __pfx_down_write_killable+0x10/0x10 [ 1937.437911][T26394] vm_mmap_pgoff+0x29e/0x470 [ 1937.437949][T26394] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1937.437981][T26394] ? do_sigaltstack.constprop.0+0x547/0x800 [ 1937.438024][T26394] ? __x64_sys_futex+0x1e0/0x4c0 [ 1937.438057][T26394] ? __x64_sys_futex+0x1e9/0x4c0 [ 1937.438095][T26394] ksys_mmap_pgoff+0x7d/0x5c0 [ 1937.438131][T26394] ? xfd_validate_state+0x61/0x180 [ 1937.438173][T26394] __x64_sys_mmap+0x125/0x190 [ 1937.438215][T26394] do_syscall_64+0xcd/0xfa0 [ 1937.438249][T26394] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1937.438275][T26394] RIP: 0033:0x7fe13798f6c9 [ 1937.438294][T26394] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1937.438321][T26394] RSP: 002b:00007fe138825038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1937.438345][T26394] RAX: ffffffffffffffda RBX: 00007fe137be6090 RCX: 00007fe13798f6c9 [ 1937.438362][T26394] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 1937.438378][T26394] RBP: 00007fe137a11f91 R08: fffffffffffffffa R09: 0000000000008000 [ 1937.438394][T26394] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 1937.438411][T26394] R13: 00007fe137be6128 R14: 00007fe137be6090 R15: 00007ffc2c02cc58 [ 1937.438444][T26394] [ 1938.090368][T25059] Bluetooth: hci5: command tx timeout [ 1938.649315][T26367] chnl_net:caif_netlink_parms(): no params data found [ 1939.101278][T26367] bridge0: port 1(bridge_slave_0) entered blocking state [ 1939.119947][T26367] bridge0: port 1(bridge_slave_0) entered disabled state [ 1939.179240][T26367] bridge_slave_0: entered allmulticast mode [ 1939.199766][T26367] bridge_slave_0: entered promiscuous mode [ 1939.236198][T26367] bridge0: port 2(bridge_slave_1) entered blocking state [ 1939.248335][T26367] bridge0: port 2(bridge_slave_1) entered disabled state [ 1939.265070][T26367] bridge_slave_1: entered allmulticast mode [ 1939.281882][T26367] bridge_slave_1: entered promiscuous mode [ 1939.435499][T26367] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1939.484497][T26367] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1939.761917][T26367] team0: Port device team_slave_0 added [ 1939.789679][T26367] team0: Port device team_slave_1 added [ 1939.911885][T26367] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1939.921561][T26367] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1939.988893][T26367] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1940.010487][T26367] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1940.017681][T26367] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1940.088301][T26367] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1940.139186][T25059] Bluetooth: hci5: command tx timeout [ 1940.263533][T26367] hsr_slave_0: entered promiscuous mode [ 1940.278402][T26367] hsr_slave_1: entered promiscuous mode [ 1940.297405][T26367] debugfs: 'hsr0' already exists in 'hsr' [ 1940.307151][T26367] Cannot create hsr debugfs directory [ 1940.677449][T26367] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 1940.707269][T26367] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 1940.731052][T26367] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 1940.758790][T26367] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 1940.945403][T26367] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1940.994438][T26367] 8021q: adding VLAN 0 to HW filter on device team0 [ 1941.020022][T10060] bridge0: port 1(bridge_slave_0) entered blocking state [ 1941.027329][T10060] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1941.069326][T10060] bridge0: port 2(bridge_slave_1) entered blocking state [ 1941.076669][T10060] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1941.521367][T26367] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1941.982752][T26367] veth0_vlan: entered promiscuous mode [ 1942.019623][T26367] veth1_vlan: entered promiscuous mode [ 1942.074987][T26367] veth0_macvtap: entered promiscuous mode [ 1942.100822][T26367] veth1_macvtap: entered promiscuous mode [ 1942.142265][T26367] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1942.177933][T26367] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1942.208588][T25059] Bluetooth: hci5: command tx timeout [ 1942.248965][T12232] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1942.302858][T12232] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1942.333474][T12232] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1942.397810][T12232] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1942.511500][T10060] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1942.529026][T10060] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1942.610997][T10060] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1942.625616][T10060] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1945.639569][T26276] syz.5.4520 (26276) used greatest stack depth: 19176 bytes left [ 1979.697770][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 1979.704326][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 2040.819921][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 2040.826550][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 2040.954155][T25580] svc: failed to register nfsdv3 RPC service (errno 512). [ 2040.972239][T25580] svc: failed to register nfsaclv3 RPC service (errno 512). [ 2058.186026][T11964] Bluetooth: hci5: command 0x0406 tx timeout [ 2075.833481][ T31] INFO: task syz-executor:25761 blocked for more than 143 seconds. [ 2075.841440][ T31] Not tainted syzkaller #0 [ 2075.862685][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 2075.871414][ T31] task:syz-executor state:D stack:24024 pid:25761 tgid:25761 ppid:1 task_flags:0x400140 flags:0x00080002 [ 2075.886862][ T31] Call Trace: [ 2075.893206][ T31] [ 2075.896185][ T31] __schedule+0x1190/0x5de0 [ 2075.900715][ T31] ? check_path.constprop.0+0x24/0x50 [ 2075.917821][ T31] ? __lock_acquire+0x622/0x1c90 [ 2075.929513][ T31] ? __pfx___schedule+0x10/0x10 [ 2075.938072][ T31] ? find_held_lock+0x2b/0x80 [ 2075.945431][ T31] ? schedule+0x2d7/0x3a0 [ 2075.949901][ T31] ? nfsd_shutdown_threads+0x5b/0xf0 [ 2075.967408][ T31] schedule+0xe7/0x3a0 [ 2075.975832][ T31] schedule_preempt_disabled+0x13/0x30 [ 2075.981463][ T31] __mutex_lock+0x818/0x1060 [ 2075.995632][ T31] ? __lock_acquire+0x622/0x1c90 [ 2076.000633][ T31] ? nfsd_shutdown_threads+0x5b/0xf0 [ 2076.008976][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 2076.018873][ T31] ? net_generic+0xea/0x2a0 [ 2076.023722][ T31] ? nfsd_shutdown_threads+0x5b/0xf0 [ 2076.029046][ T31] nfsd_shutdown_threads+0x5b/0xf0 [ 2076.038990][ T31] nfsd_umount+0x48/0xe0 [ 2076.043732][ T31] deactivate_locked_super+0xc1/0x1a0 [ 2076.049160][ T31] deactivate_super+0xde/0x100 [ 2076.054437][ T31] cleanup_mnt+0x225/0x450 [ 2076.060072][ T31] task_work_run+0x150/0x240 [ 2076.066125][ T31] ? __pfx_task_work_run+0x10/0x10 [ 2076.072112][ T31] ? __pfx___x64_sys_umount+0x10/0x10 [ 2076.077559][ T31] exit_to_user_mode_loop+0xec/0x130 [ 2076.083623][ T31] do_syscall_64+0x426/0xfa0 [ 2076.088254][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2076.095629][ T31] RIP: 0033:0x7f7dca7909f7 [ 2076.100078][ T31] RSP: 002b:00007fffc963a6a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 2076.109963][ T31] RAX: 0000000000000000 RBX: 00007f7dca811d7d RCX: 00007f7dca7909f7 [ 2076.118437][ T31] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffc963a760 [ 2076.127520][ T31] RBP: 00007fffc963a760 R08: 0000000000000000 R09: 0000000000000000 [ 2076.135916][ T31] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fffc963b7f0 [ 2076.148249][ T31] R13: 00007f7dca811d7d R14: 00000000001d5842 R15: 00007fffc963b830 [ 2076.156587][ T31] [ 2076.159682][ T31] [ 2076.159682][ T31] Showing all locks held in the system: [ 2076.176105][ T31] 1 lock held by khungtaskd/31: [ 2076.181490][ T31] #0: ffffffff8e3c45e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0 [ 2076.191778][ T31] 2 locks held by getty/20645: [ 2076.197101][ T31] #0: ffff888033db90a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 2076.207549][ T31] #1: ffffc90002ed42f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0 [ 2076.218804][ T31] 2 locks held by syz.2.4389/25580: [ 2076.224499][ T31] #0: ffffffff9018ec50 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 2076.233262][ T31] #1: ffffffff8e7ed248 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_threads_set_doit+0x687/0xbc0 [ 2076.243788][ T31] 2 locks held by syz-executor/25761: [ 2076.249174][ T31] #0: ffff88807bc9c0e0 (&type->s_umount_key#60){++++}-{4:4}, at: deactivate_super+0xd6/0x100 [ 2076.265447][ T31] #1: ffffffff8e7ed248 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0 [ 2076.276810][ T31] [ 2076.279427][ T31] ============================================= [ 2076.279427][ T31] [ 2076.288412][ T31] NMI backtrace for cpu 0 [ 2076.288432][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) [ 2076.288460][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 2076.288476][ T31] Call Trace: [ 2076.288484][ T31] [ 2076.288493][ T31] dump_stack_lvl+0x116/0x1f0 [ 2076.288528][ T31] nmi_cpu_backtrace+0x27b/0x390 [ 2076.288565][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 2076.288602][ T31] nmi_trigger_cpumask_backtrace+0x29c/0x300 [ 2076.288649][ T31] watchdog+0xf3f/0x1170 [ 2076.288678][ T31] ? rcu_is_watching+0x12/0xc0 [ 2076.288704][ T31] ? __pfx_watchdog+0x10/0x10 [ 2076.288725][ T31] ? lockdep_hardirqs_on+0x7c/0x110 [ 2076.288756][ T31] ? __kthread_parkme+0x19e/0x250 [ 2076.288787][ T31] ? __pfx_watchdog+0x10/0x10 [ 2076.288810][ T31] kthread+0x3c5/0x780 [ 2076.288845][ T31] ? __pfx_kthread+0x10/0x10 [ 2076.288882][ T31] ? rcu_is_watching+0x12/0xc0 [ 2076.288907][ T31] ? __pfx_kthread+0x10/0x10 [ 2076.288943][ T31] ret_from_fork+0x675/0x7d0 [ 2076.288978][ T31] ? __pfx_kthread+0x10/0x10 [ 2076.289014][ T31] ret_from_fork_asm+0x1a/0x30 [ 2076.289062][ T31]