last executing test programs: 6.670562319s ago: executing program 1 (id=159): mmap$auto(0x0, 0x20009, 0x4000000000cf, 0xeb1, 0xffffffffffffffff, 0x8000) socket(0x2b, 0x1, 0x0) r0 = io_uring_setup$auto(0x6, 0x0) setsockopt$auto(r0, 0x1, 0x8, 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/fs/orangefs/dcache_timeout_msecs\x00', 0x8ea182, 0x0) r1 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x810, r1, 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) init_module$auto(0x0, 0xffff9, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x8000000000000000, 0x15) madvise$auto(0x0, 0x2000000080000001, 0x3) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r3 = ioctl$auto_dma_heap_fops_dma_heap(r2, 0xffffffffffdffe00, &(0x7f0000000140)=';') pselect6$auto(0x9, &(0x7f0000000300)={[0x9, 0x4, 0x9, 0x6, 0x8001, 0x4000000000002bc8, 0xffd, 0x9, 0x3, 0xffffffff, 0x8000000000000001, 0x0, 0x2f, 0x2, 0x8, 0xfffffffffffffffe]}, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x81, 0xeb1, r2, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x80, 0x0) move_mount$auto(0xffffffffffffffff, 0x0, r3, 0x0, 0x91e4) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x20000001, 0x2, 0x3, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, 0x6) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) adjtimex$auto(0x0) ioctl$auto_IOCTL_VMCI_QUEUEPAIR_ALLOC(0xffffffffffffffff, 0x7a8, 0x0) close_range$auto(0x2, 0x8, 0x0) 4.391443319s ago: executing program 1 (id=167): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0xffffffffffffffff, 0x0) r0 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$auto_dma_heap_fops_dma_heap(r0, 0xffffffffffdffe00, &(0x7f0000000140)=';') ioctl$auto(0x3, 0x40086200, 0x38) 4.119048451s ago: executing program 2 (id=168): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000002ec0), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000002f80)={&(0x7f0000000040)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010029bd700045000000185f74756e000000000000000000"], 0x34}, 0x1, 0x0, 0x0, 0x11}, 0x24000802) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = socket(0x2b, 0x1, 0x0) rmdir$auto(0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000003040), r3) sendmsg$auto_ETHTOOL_MSG_CHANNELS_SET(r3, &(0x7f0000003140)={0x0, 0x0, &(0x7f0000003100)={&(0x7f0000003080)={0x3c, r4, 0x1, 0x70bd25, 0x25dfdbfb, {}, [@ETHTOOL_A_CHANNELS_COMBINED_COUNT={0x8, 0x9, 0x1}, @ETHTOOL_A_CHANNELS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macsec0\x00'}]}, @ETHTOOL_A_CHANNELS_TX_COUNT={0x8, 0x7, 0x6}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000004}, 0x20008800) socket(0x11, 0x80003, 0x300) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000740), 0xffffffffffffffff) sendmmsg$auto(r2, 0x0, 0xffffffff, 0x1) syz_open_procfs$namespace(0x0, &(0x7f0000000280)='ns/uts\x00') madvise$auto(0x0, 0x7fffffffffffffff, 0xa) syz_clone(0x4001000, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) inotify_init1$auto(0xed) openat$auto_trace_fops_debugfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) keyctl$auto_KEYCTL_SETPERM(0x5, 0xfffffffffffffffb, 0x200, 0x1, 0x100) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, 0x0, 0x4800) mbind$auto(0x7f, 0x4, 0x4, 0x0, 0x6, 0x2) r5 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/swradio12\x00', 0x0, 0x0) poll$auto(&(0x7f0000000480)={r5, 0xffff, 0x29}, 0x3, 0x8) mmap$auto(0x2, 0x8, 0xdf, 0x9b73, 0xfffffffffffffffe, 0x7fff) openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0) r6 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) keyctl$auto_KEYCTL_SETPERM(0x5, 0x4, 0x7, 0x5, 0xcc90) keyctl$auto_KEYCTL_SETPERM(0x5, 0xfffffffffffffffc, 0x7, 0x93e, 0x9) write$auto(r6, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) 3.96423593s ago: executing program 1 (id=170): mmap$auto(0x0, 0x9, 0x3, 0x800019b72, 0x9, 0x0) (async) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f00000011c0)='/dev/snd/pcmC0D0p\x00', 0x20002, 0x0) (async) unshare$auto(0x40000080) r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) mmap$auto(0x0, 0x40000b, 0xde, 0x200009b72, 0xffffffffffffffff, 0x8000) (async) io_uring_setup$auto(0x1d4, 0x0) close_range$auto(0x2, 0x8, 0x0) (async, rerun: 64) r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC1\x00', 0x101082, 0x0) (rerun: 64) r2 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vbi11\x00', 0xc0c02, 0x0) ioctl$auto(r1, 0xc0045543, r2) (async) ioctl$auto(0x3, 0x40103e05, r0) close_range$auto(r0, 0x8, 0xffffffff) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) socket(0x2, 0x1, 0x0) (async) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dmmidi2\x00', 0x204900, 0x0) (async, rerun: 32) r3 = openat$auto_proc_gid_map_operations_base(0xffffffffffffff9c, &(0x7f0000001480)='/proc/thread-self/gid_map\x00', 0x0, 0x0) (rerun: 32) prctl$auto(0x3e, 0x2, 0x0, 0x1, 0x0) (async) r4 = setfsuid$auto(0xee00) r5 = setfsuid$auto(0xee01) setresuid$auto(r4, r5, 0x0) r6 = pidfd_open$auto(0x1, 0x0) setns(r6, 0x60020000) (async, rerun: 64) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x37}}, 0x6e) (async, rerun: 64) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f00000000c0)="3ef2eab5e34778f533f0cbffdc7437dd0300000000000006ce392a285ba2da29b2fb9440597933a3cd20376cf46038acb5733b", 0x12, 0x0, 0x9, 0x0, 0x1f, 0x420}, 0x800009}, 0x9, 0x20000000) (async) mmap$auto(0x5, 0x8a28, 0x7, 0x273, r3, 0x47) r7 = epoll_create$auto(0x20009) (async) r8 = epoll_create$auto(0x3d) epoll_ctl$auto(r8, 0x1, r7, 0x0) socket(0x2b, 0x1, 0x1) 3.809267968s ago: executing program 0 (id=171): r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) ioctl$auto_KVM_GET_MSRS(r0, 0x4008ae90, &(0x7f0000000080)={0xfc}) mmap$auto(0x0, 0x101, 0x4000000000df, 0xeb1, r0, 0x8000) capset$auto(&(0x7f0000000100)={0x20080522}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) rseq$auto(&(0x7f0000000000)={0x401, 0x80000401, 0x8000000000000000, 0x6, 0xfffffffe, 0x2, "2a9dd64827c6e0c8f3a61a732c3dcc83edd6ccf75c12471234c6708465783995423542a40801c8e9e152e1c219843abda4"}, 0x4000008, 0x0, 0x6) poll$auto(0x0, 0x0, 0x9f) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXPWRBN:00/power/wakeup_max_time_ms\x00', 0xb480, 0x0) mmap$auto(0xfffffffffffffffd, 0x9, 0xdf, 0x9b71, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto_kernfs_file_fops_kernfs_internal(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000009, 0x11, r1, 0xfff) r2 = openat$auto_aoe_fops_aoechr(0xffffffffffffff9c, &(0x7f0000000080)='/dev/etherd/err\x00', 0x101000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, 0x0, 0x0) close_range$auto(0x2, r2, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) mmap$auto(0xbd, 0x22020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = openat$auto_nsim_psample_enable_fops_psample(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/netdevsim/netdevsim2/psample/enable\x00', 0x161a82, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0x4040, 0x0) ioctl$auto(0x3, 0x5309, 0x38) write$auto_nsim_psample_enable_fops_psample(r3, &(0x7f00000005c0)="59c91998", 0x4) sysfs$auto(0x2, 0x1e, 0x0) r4 = fsopen$auto(0x0, 0x1) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) ioctl$auto_KVM_GET_MSRS(r5, 0xc008ae88, &(0x7f0000000040)={0x2, 0x0, [{0x480, 0x400, 0x9}]}) fsconfig$auto_SHMEM_HUGE_ADVISE(r4, 0x2, &(0x7f00000000c0)=',%!/\xd4\t\xfa\xe932\x1fn\xcd/q\x82\x0e-%,\x00', &(0x7f0000000180)="1db7b0499831b6253140ee308fd21e717e141b67bc326b6881cd5f489ac606b81406932804d8e23723efb38df37ee4e0643d95327c484bf8fbe21c2df07989a79b4cc032402a1e866e31bbfd8f61e13d7932bf8b8d8d1a0c841efc8372a5f1f2efc130c8eabf21da2e35a48ff1d49f29fe627b49803d650c6c9d555e83845e56b347", 0x3) mmap$auto(0x0, 0x100, 0x4000000000df, 0x80000000eb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x0, 0xa, 0x8) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) 3.50719629s ago: executing program 0 (id=174): openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x4082, 0x0) (async) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) utimensat$auto(r0, &(0x7f0000000040)='./file1\x00', &(0x7f0000000080)={0x4000000006, 0x40}, 0x38) (async) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) (async) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000002140)=""/4106, 0xfffffffffffffd1b) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) socket(0x2, 0x2, 0x0) (async) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) (async) setsockopt$auto(0x3, 0x0, 0x4, 0x0, 0x28) (async) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) (async) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) sendfile$auto(0x1, 0x3, 0x0, 0x6) (async) select$auto(0x6, &(0x7f0000000000)={[0x5, 0x4, 0x4, 0xa, 0xccf9, 0x9, 0xffffffffffffffff, 0x3, 0xb, 0x1, 0x100000000000000, 0x3, 0xfffffffffffffe8f, 0x3, 0x40000000000005, 0xfffffffffffffff5]}, &(0x7f0000000100)={[0x8, 0x200000000005, 0x7, 0x7, 0x8, 0x80000004, 0xc, 0x6, 0x8fc, 0xb80, 0xe34c, 0x9, 0x3, 0xfffffffffffff954, 0xfffffffffffffffc, 0xfff]}, &(0x7f0000000180)={[0x2, 0x8000, 0x4, 0x8000000000000001, 0x7f, 0x0, 0x7, 0x7, 0x8, 0x2, 0x8, 0x10, 0x5, 0xfffffffffffffff4, 0x9, 0x2]}, &(0x7f0000000080)={0x1ff, 0x401}) (async) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) (async) sendmmsg$auto(0x3, 0x0, 0x787b, 0x7000000) socket(0x10, 0x2, 0x0) (async) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) (async) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x800, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC0\x00', 0x40000, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) (async) socket(0x10, 0x2, 0x4) (async) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(0xffffffffffffffff, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f0000004300)=ANY=[@ANYRES16, @ANYBLOB='\v'], 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x810) (async) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) 3.346381987s ago: executing program 3 (id=175): close_range$auto(0x2, 0x8, 0x0) r0 = pidfd_open$auto(0x1, 0x0) ioctl$auto_FS_IOC_GETVERSION(r0, 0x80087601, &(0x7f0000000080)=0x80) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/nullb0\x00', 0x143e00, 0x0) r1 = openat$auto_random_fops_random(0xffffffffffffff9c, &(0x7f0000000080), 0x55b040, 0x0) read$auto_random_fops_random(r1, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, 0x0, 0xc9c98976ae0c7d98, 0x0) sendmsg$auto_MAC802154_HWSIM_CMD_NEW_RADIO(r2, &(0x7f00000002c0)={&(0x7f0000000100), 0xc, &(0x7f0000000280)={0x0, 0xa8}, 0x1, 0x0, 0x0, 0x4000010}, 0x40001) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x42082, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x3, 0xf2) r3 = openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000340), 0xa0741, 0x0) dup$auto(r3) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r4, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(0x0, r5) syz_genetlink_get_family_id$auto_ovs_packet(0x0, r0) clock_gettime$auto(0x0, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0x169000, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0) ioctl$auto_PAGEMAP_SCAN(r0, 0xc0606610, &(0x7f0000000180)={0xfa9, 0x0, 0x100000, 0x7fffffffefff, 0xffffffffffffffff, 0x1, 0x8, 0xbff, 0x2c, 0x2c, 0x4, 0x2}) r6 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, 0x0, 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r6, 0xc004743e, 0x0) ioctl$auto_PPPIOCSPASS(r6, 0x40107447, &(0x7f0000000040)={0x6, 0x0}) 2.669898171s ago: executing program 1 (id=176): prctl$auto_PR_SME_GET_VL(0x40, 0x2, 0x80000000, 0x6, 0x3ff) r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/012/001\x00', 0x29202, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) inotify_init1$auto(0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8000, 0x0) socket(0xa, 0x1, 0x84) sendto$auto(0x3, 0x0, 0x7, 0x101, &(0x7f0000000000)=@in={0x2, 0x4e22, @rand_addr=0x64010100}, 0x1c) listen$auto(0x3, 0x81) r1 = accept$auto(0x3, 0x0, 0x0) mmap$auto(0xffff8000, 0x280009, 0xb, 0x8000000008011, r0, 0x0) r2 = socket(0x2, 0x1, 0x106) setsockopt$auto(r2, 0x1, 0x40, &(0x7f0000000200)='\x00\x89e\xad\x97\xc5E\xea=\x0f\xf4\xba4\x05>y/21\xfd\'\xc7\x1c\xaeV`\xc7^\x05\"H\xb8\x12\x99\x1fF\xdc\xc4\x02FV\x04D&9?\xa8d\xc97B\x9f)\xc6\xbb\x15_\xfd\xa5\xaf\xf8\xb8\x8a\x186\xa9\x0eY;\x9a\xe32T\xddn\xa6zK\xef\xf7\x04\x81\xb4\xb7;\x12\x1ch$\xbd\xd1x\x15\xa8\x9c\xba\x83\xa7\xbdwf8\xc03z|\xcd\xbc\xa1+8\xcet\x960\a\x80\x88!\x9e\x96\xcd\xb5dB\xc1L\xb2\xb1\xe6\xf9\x92\xd4\xcd\v0|G\xb7\xc3+\xb5\xa9\xb4E>ry\x8d(\xcb\xadaH<-h\xef8\x0678]`\x1f\xe5\\\x9c\xb4\xbd 6\x9fP\x16\xb5\xa1.;d\xf5F7TgT\x908=l\x89\x05\x03\xcb\x04\x9c\x0e\x04\xb5a\xe6\xa6\x13\xf8\xb2\xe1\xab\vI;\x10\xa7\xcc\x84\x1d\xff(\x1c\x99\x90M\xba\xfe\xaa\x8e\x83\x98\xbb8\xc3\x02\x8d(\xb0\x9c@n\xb7\xd3TF\xc7\x7f\x11\x9e\x00\x00\x00\x00\x00', 0xbb) close_range$auto(0x2, 0xa, 0x0) ioctl$auto_BLKTRACESETUP2(r1, 0xc0481273, &(0x7f0000000040)={"dfc79764a845c63557426d04d76c16efcc010fd21aa3ec09031bf422def962bd", 0x8562, 0x1, 0x6, 0x685, 0x1, 0xffffffffffffffff}) statmount$auto(0x0, &(0x7f0000000180)={0x407, 0xffffffff, 0xd29e, 0x47, 0x1, 0x1007182, 0x2, 0x7, 0x6, 0x7, 0x89, 0x26, 0x4, 0x200000000001, 0x3, 0xfffffffffffffffa, 0x500000000000000, 0x0, 0x30, 0x0, 0x862, 0xe, 0x2, 0x9, 0x4, 0x83, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x71, 0x0, 0x40000000000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x3, 0x3, 0x6, 0x0, 0x0, 0x0, 0xf, 0x20000004, 0x800, 0x0, 0x0, 0x4000000010001, 0x1000000000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x40000000000000, 0x0, 0x0, 0x2, 0xcc, 0x0, 0x3, 0xfffffffffffffffc, 0x1]}, 0x7, 0x9) ioctl$auto__ctl_fops_dm_ioctl(0xffffffffffffffff, 0xfffffff7effffd0a, &(0x7f00000001c0)) 2.471100633s ago: executing program 0 (id=177): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/mac80211/parameters/ieee80211_default_rc_algo\x00', 0x189002, 0x0) (async) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/memory/memory3/online\x00', 0x2062, 0x0) (async) r1 = socket(0x29, 0x2, 0x0) (async) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) (async) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) (async) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="17a8a1cef609ea354b5d5896a0698bfa2692c6181afe9f099e667a0ce39e0b49cdac4faf3d96f480e13116bd8f85e3789fefc3552f895fcd1fa4177db076d0958421c0dc5551fc391efb6daffe7ee8a3d682b480b7a5cbf2a03f4710d2ff0009d7efda20bb5f29d23bab6a50902419a2cda7", @ANYRES64=r2, @ANYBLOB="5de1"], 0x1ac}}, 0x40000) recvmmsg$auto(r2, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0) ioctl$auto(r1, 0x8910, 0x24) (async) write$auto(r0, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x3) (async) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/bus/scsi/drivers/st/version\x00', 0x8240, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000000040)=""/125, 0x7d) (async) openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, 0x0, 0x10082, 0x0) (async) close_range$auto(0xffffffffffffffff, 0x8, 0xfffffffc) (async) prctl$auto_PR_SCHED_CORE_CREATE(0x4a95f9a7, 0x1, 0xffffffffffffffff, 0x2, 0x5) (async) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x600000, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) socket(0x22, 0x2, 0x0) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) r4 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x2000c000}, 0x20040884) close_range$auto(0x2, 0x8, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) (async) r5 = socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) (async) setsockopt$auto(r5, 0x10f, 0x87, 0x0, 0x14) (async) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) (async) recvmmsg$auto(r5, &(0x7f0000000200)={{0x0, 0x2, &(0x7f0000000140)={0x0, 0x4da}, 0x6, 0x0, 0x8, 0x7ff}, 0x1000}, 0xffffffff, 0x4, 0x0) (async) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 2.301658038s ago: executing program 2 (id=178): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0xffffffffffffffff, 0x0) r0 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$auto_dma_heap_fops_dma_heap(r0, 0xffffffffffdffe00, &(0x7f0000000140)=';') ioctl$auto(0x3, 0x40086200, 0x38) 2.295884703s ago: executing program 3 (id=179): openat$auto_vrr_range_fops_(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/dri/vkms/Virtual-1/vrr_range\x00', 0x80500, 0x0) mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) r0 = socket(0x2, 0x1, 0x0) setsockopt$auto_SO_MAX_PACING_RATE(r0, 0x0, 0x2f, 0x0, 0x1) (async) setsockopt$auto_SO_MAX_PACING_RATE(r0, 0x0, 0x2f, 0x0, 0x1) close_range$auto(0x0, 0xfffffffffffff000, 0x2) (async) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) mlockall$auto(0x7) mmap$auto(0x0, 0x3, 0xb, 0x3132, 0xca4, 0x0) futex$auto(0x0, 0x84, 0x18, 0x0, 0x0, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) landlock_create_ruleset$auto(&(0x7f0000000000)={0xff, 0x400000000000401, 0x9}, 0x9, 0x0) (async) landlock_create_ruleset$auto(&(0x7f0000000000)={0xff, 0x400000000000401, 0x9}, 0x9, 0x0) landlock_restrict_self$auto(r1, 0x0) (async) landlock_restrict_self$auto(r1, 0x0) futex$auto(&(0x7f00000019c0), 0x0, 0xfffff8be, 0x0, 0x0, 0x4) (async) futex$auto(&(0x7f00000019c0), 0x0, 0xfffff8be, 0x0, 0x0, 0x4) r2 = openat$auto_uhid_fops_uhid(0xffffffffffffff9c, &(0x7f0000000340), 0x800, 0x0) read$auto(r2, 0x0, 0x6) mount$auto(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x8000, 0x0) lseek$auto(0x3, 0x2009, 0x1) 2.02132189s ago: executing program 3 (id=180): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000) capset$auto(0x0, 0x0) r0 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r0, 0x7a7, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_SNDCTL_TMR_CONTINUE(r1, 0x5404, &(0x7f0000000000)="a80b418e8458bf8c10d9") close_range$auto(0x0, 0xfffffffffffff000, 0x2) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop5\x00', 0x68b81, 0x0) ioctl$auto_BLKBSZSET(r2, 0x40081271, &(0x7f0000000000)=0x200) r3 = open$dir(&(0x7f0000000000)='./file0\x00', 0x42, 0x20) r4 = socket$nl_generic(0x11, 0x3, 0x10) bpf$auto(0x9, &(0x7f0000000a40)=@prog_bind_map={r4, r3, 0x2f}, 0x121) r6 = open(&(0x7f0000000040)='./file0\x00', 0x22240, 0x154) move_mount$auto(r6, 0x0, r6, 0x0, 0x277) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r6, 0x7a0, 0x6) ioctl$auto_IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, 0x0) r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/acpi/parameters/ec_event_clearing\x00', 0x129882, 0x0) sendfile$auto(r7, r7, 0x0, 0x8) write$auto_fuse_dev_operations_fuse_i(r5, &(0x7f0000000080)="8242603a8e6915e267d17d7534f0f718e97b5525225c1fd967c74d6eb977fca7af9c61cb80abcbe00f021197d7b54eedf308ad8f1e3d96ebb51b6e35b674f3219e1164ca05f31b4e8193d91ecfea2c622379c9be272ee70e713e1f29d9231e2d68edd6e1fc956e134a7ef538f061f5c9e1a7d5f7bf9d5d6c9b39179f561dca4e76f08a151a3215982e0b84ddafa7fc", 0x8f) close_range$auto(0x2, 0x8, 0x0) r8 = socket(0x2, 0x80002, 0x73) socket(0x2, 0x1, 0x84) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) capset$auto(0x0, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x76, 0x0, 0x8) r9 = socket$nl_generic(0x10, 0x3, 0x10) execve$auto(0x0, 0x0, 0x0) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000380), r8) r10 = syz_genetlink_get_family_id$auto_netdev(&(0x7f00000001c0), r5) sendmsg$auto_NETDEV_CMD_BIND_RX(r9, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000002c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="84000000", @ANYRES16=r10, @ANYBLOB="080028bd7000ffdbdf250d0000003c000280080001000300000008000300001000000800010007000000080001000200000008000300040000000800010008000000080003000000000008000300", @ANYRES32=r0, @ANYBLOB="24000280080003000000000008000300fdffffff0800030000020000080003000100000008000300", @ANYRES32=r6, @ANYBLOB="b65edacc1e998a238a32c0cf1566ea15bd7e0e3d9d88f20e3c199e44a5695b882e09de73ae235e0e1b9ef141cf5c25d4671ea4455425378ab09c650429a01179fcd8619f9eff522e519f3cc9af3012a6993de59ac2ac4ef31e04104e2689a8538cc04b78f747d71000280ef8faf38e49440204327a4018a92ef81374deb8b2cb94971ff07feaddc1e3577feb8d9ff0201556fe9bb313eea4152a4c20dc5417fe04bc8a0552ceccac22a66dee2ce44a874c14bbd089adcefa6477ff9060a95d8f397f8c20a17809ae8dea5113662acdc36c41bdd7e99989057bbc74e8f0cf21a137e5fb6ced3e1b4a4fb81e5b81"], 0x84}, 0x1, 0x0, 0x0, 0x4000045}, 0x0) 2.002503752s ago: executing program 2 (id=181): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0xa, 0x2, 0x3a) setsockopt$auto(r0, 0x29, 0x38, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'veth1_to_bridge\x00'}) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400c7"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) socket(0x10, 0x2, 0x4) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r3 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) lseek$auto(r3, 0x7fd, 0x1) sendfile$auto(0x1, 0xffffffffffffffff, 0x0, 0x400007ffff000) bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_map_fd=0x5, 0x4007, @old_prog_fd=0x13b}, 0xa3) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0xffffffffffffffff) set_mempolicy$auto(0x6, 0x0, 0x21) r4 = pidfd_open$auto(0x1, 0x0) setns(r4, 0x0) r5 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) setfsuid$auto(0xee00) sendmsg$auto_OVS_VPORT_CMD_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r5, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r6 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) read$auto(r6, 0x0, 0xb4d3) write$auto(0x3, 0x0, 0xffd8) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) fsconfig$auto(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) 1.811284579s ago: executing program 3 (id=182): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x80002, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) r3 = socket(0x2, 0x1, 0x0) close_range$auto(r1, 0xa, 0x0) r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/igmp\x00', 0x100, 0x0) pread64$auto(r4, 0x0, 0x40000000f42c, 0x80202) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x3, 0x2) getsockopt$auto(r3, 0x0, 0xcd, 0x0, 0x0) write$auto_ocfs2_control_fops_stack_user(r0, &(0x7f0000003900)='I', 0x1) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/gspca_gl860/parameters/sensor\x00', 0xa0302, 0x0) mmap$auto(0x0, 0x40006, 0xdf, 0x9b72, 0x7, 0x28000) timer_create$auto(0x9, &(0x7f0000000100)={@sival_ptr=0x0, @inferred, 0x1, @_tid=0xffffffffffffffff}, 0x0) timer_settime$auto(0x0, 0x4b, &(0x7f0000000040)={{0x3, 0x1}, {0xc, 0x4c}}, 0x0) timer_settime$auto(0x0, 0xaf, &(0x7f0000000200)={{0x401}, {0x101, 0x7fff}}, &(0x7f00000001c0)={{0x9cc6, 0xb649}, {0x0, 0x1}}) sendfile$auto(r5, r5, 0x0, 0x7ffff000) 1.619674283s ago: executing program 1 (id=183): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram13\x00', 0x6e642, 0x0) mmap$auto(0x0, 0x7fffffffffffffff, 0x0, 0xeb1, 0xffffffffffffffff, 0x100000000008000) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) (async) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r0 = openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, &(0x7f0000001600), 0x101082, 0x0) ioctl$auto_I2C_PEC(r0, 0x708, &(0x7f0000001640)) (async) openat$auto_cachefiles_daemon_fops_internal(0xffffffffffffff9c, &(0x7f0000000240), 0x8000, 0x0) (async) r1 = epoll_create$auto(0x3b) epoll_ctl$auto(r1, 0x1, 0x8000000000000000, 0x0) (async) socket(0xa, 0x801, 0x84) (async) syz_genetlink_get_family_id$auto_802_15_4_mac(&(0x7f0000000140), r1) r2 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f0000003b80)='/dev/snd/pcmC0D0c\x00', 0x8100, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_HW_REFINE2(r2, 0xc2604110, 0x0) (async) r3 = socket(0xa, 0x5, 0x84) getsockopt$auto(r3, 0x84, 0x9, 0x0, &(0x7f0000000000)=0x9b) (async) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) write$auto(r4, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) (async) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) (async) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) setrlimit$auto(0x1000000007, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000080), 0xffffffffffffffff) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), 0xffffffffffffffff) (async) ioctl$auto_MON_IOCX_MFETCH(0xffffffffffffffff, 0xc0109207, 0x0) (async) ioctl$auto_MON_IOCX_MFETCH(0xffffffffffffffff, 0xc0109207, 0x0) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mlockall$auto(0x7) (async) bpf$auto(0x5, &(0x7f0000000080)=@bpf_attr_7={@prog_id=0xc, 0x92f1, 0x4}, 0xa) 1.488442378s ago: executing program 3 (id=184): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto_force_wakeup_fops_hci_vhci(0xffffffffffffffff, &(0x7f0000000080)='0', 0x1) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttynull\x00', 0x201, 0x0) ioctl$auto_TIOCSTI2(r0, 0x5412, &(0x7f0000000180)) ioctl$auto_TIOCSTI2(r0, 0x5412, &(0x7f0000000080)) ioctl$auto_TIOCSTI2(r0, 0x5412, &(0x7f0000000100)="17") openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x1000, 0x0) socket(0xa, 0x1, 0x84) io_uring_setup$auto(0x2, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0x8) openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x20881, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0x10, 0x0, 0x0, &(0x7f0000000140)={[0x1ff, 0x4, 0xd3e, 0x1, 0x948b, 0x3, 0x800295f4da0a, 0x2, 0x3, 0x5, 0x80000001, 0x40, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7f, 0xd, 0x1, 0x948f, 0x1005, 0x206, 0x7, 0xfffffffffffffff6, 0x7, 0x9, 0x79d, 0x6, 0x100000000000000, 0xfffffffffffffffe, 0xf]}, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0xa901, 0x0) pread64$auto(0xffffffffffffffff, 0x0, 0x100000001, 0x100) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0xffffffffffffffff) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0xa00005, 0x9, 0x40abe, r2, 0x7) io_uring_setup$auto(0x6, 0x0) madvise$auto(0x2000, 0x20499d, 0x9) 1.398463707s ago: executing program 0 (id=185): r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101840, 0x0) setresuid$auto(0x0, 0x8, 0x8000) setgid$auto(0x0) mmap$auto(0x0, 0x20009, 0xdb, 0xeb1, 0x40000000000a5, 0x8000) r1 = pidfd_open$auto(0x1, 0x0) setns(r1, 0x60020000) getcwd$auto(0x0, 0xffffffffffffffff) r2 = pidfd_open$auto(0x1, 0x0) move_mount$auto(0xffffffffffffffff, 0x0, r2, 0x0, 0x273) r3 = setfsuid$auto(0xee00) r4 = setfsuid$auto(0xee01) setresuid$auto(r3, r4, r3) ioctl$auto(r0, 0x541c, 0xffffffffffffffff) 1.192850887s ago: executing program 0 (id=186): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/kernel/seccomp/actions_logged\x00', 0x8202, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyu5\x00', 0x220440, 0x0) socket(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) pipe2$auto(0x0, 0x0) io_uring_setup$auto(0x7e1b, 0x0) socket(0x2, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0xa6, 0x5, 0x43, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x2040, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tty17\x00', 0xa0102, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'veth0_to_team\x00'}) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/adsp1\x00', 0x80502, 0x0) madvise$auto(0x0, 0x2000040080000004, 0xe) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) r1 = socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6) connect$auto(0x3, &(0x7f00000000c0)=@nl=@kern={0x10, 0x0, 0x0, 0x100000}, 0x40000054) write$auto(0x3, 0x0, 0xfdef) read$auto(r1, 0x0, 0x1f3c) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000001c0)=0x6) 560.776717ms ago: executing program 2 (id=187): statmount$auto(0x0, &(0x7f0000000180)={0x3, 0x1, 0x9, 0x7352, 0x41, 0x65f, 0x1ffde, 0x7, 0x3, 0x2, 0xb, 0x3, 0x5, 0x101, 0xb4, 0x9, 0x6, 0x7ff, 0x84, 0x4, 0x0, 0x7, 0x2000, 0x203, 0x0, 0xb4, 0x4, 0x0, 0x0, 0x0, 0xfffffff9, [0x7, 0x4, 0x68, 0x0, 0x100000000, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x2000000000, 0x0, 0x0, 0x0, 0x9d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x1000000000000, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, 0x0, 0x3, 0x800000000000000, 0x7e30e0be]}, 0x1fe, 0xf) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) (async) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x24008004) (async) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) (async) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xdc5e}, 0x800}, 0x7, 0x4008) 397.565704ms ago: executing program 1 (id=188): close_range$auto(0x2, 0x8, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/nullb0\x00', 0x143e00, 0x0) openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/ieee80211/phy9/reset\x00', 0x8101, 0x0) r0 = socket(0x10, 0x2, 0x0) r1 = syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$auto_OVS_CT_LIMIT_CMD_DEL(r0, &(0x7f0000001740)={0x0, 0x0, &(0x7f0000001700)={&(0x7f0000002f00)={0x20, r1, 0x201, 0x70bd2b, 0x25dfdbff, {}, [@OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0xc, 0x1, 0x0, 0x1, [@typed={0x8, 0xbd, 0x0, 0x0, @uid}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x44000}, 0x4000048) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_DEL_INTERFACE(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000280)={0x18, r2, 0x1, 0x70bd2d, 0x25dfdbfc, {}, [@NL80211_ATTR_SUPPORTED_SELECTORS={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x20000195}, 0x40084) r4 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_NBD_CMD_RECONFIGURE(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x28, r4, 0x100, 0x70bd25, 0x25dfdbfd, {}, [@NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x7a87}, @NBD_ATTR_INDEX={0x8, 0x1, 0xfff}]}, 0x28}, 0x1, 0x0, 0x0, 0x4005}, 0x4000000) write$auto(0x3, 0x0, 0xfffffdef) 249.751579ms ago: executing program 2 (id=189): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) r1 = socket(0x10, 0x2, 0x4) openat$auto_binder_ctl_fops_binderfs(0xffffffffffffff9c, &(0x7f0000000000), 0x82c00, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYRES8=r2, @ANYBLOB="18000000", @ANYRES8=r0], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x40000f0) write$auto(r1, &(0x7f0000000000)='-\x00', 0x30) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/fs/ext4/sda1/journal_task\x00', 0x100, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) read$auto(0x3, 0x0, 0x7fffffff) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) bind$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x6a) r3 = socket(0x2, 0x5, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x2404c000) sendmmsg$auto(r3, &(0x7f0000000100)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0xff80}, 0x7, 0x0, 0x4, 0xb}, 0x8}, 0x5, 0x7fffffff) 126.548418ms ago: executing program 3 (id=190): clock_adjtime$auto(0x0, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) r0 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$auto_dma_heap_fops_dma_heap(r0, 0xffffffffffdffe00, &(0x7f0000000140)=';') ioctl$auto(0x3, 0x40086200, 0x38) 84.070406ms ago: executing program 0 (id=191): prctl$auto_PR_SME_GET_VL(0x40, 0x2, 0x80000000, 0x6, 0x3ff) r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/012/001\x00', 0x29202, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) inotify_init1$auto(0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8000, 0x0) socket(0xa, 0x1, 0x84) sendto$auto(0x3, 0x0, 0x7, 0x101, &(0x7f0000000000)=@in={0x2, 0x4e22, @rand_addr=0x64010100}, 0x1c) listen$auto(0x3, 0x81) r1 = accept$auto(0x3, 0x0, 0x0) mmap$auto(0xffff8000, 0x280009, 0xb, 0x8000000008011, r0, 0x0) r2 = socket(0x2, 0x1, 0x106) setsockopt$auto(r2, 0x1, 0x40, &(0x7f0000000200)='\x00\x89e\xad\x97\xc5E\xea=\x0f\xf4\xba4\x05>y/21\xfd\'\xc7\x1c\xaeV`\xc7^\x05\"H\xb8\x12\x99\x1fF\xdc\xc4\x02FV\x04D&9?\xa8d\xc97B\x9f)\xc6\xbb\x15_\xfd\xa5\xaf\xf8\xb8\x8a\x186\xa9\x0eY;\x9a\xe32T\xddn\xa6zK\xef\xf7\x04\x81\xb4\xb7;\x12\x1ch$\xbd\xd1x\x15\xa8\x9c\xba\x83\xa7\xbdwf8\xc03z|\xcd\xbc\xa1+8\xcet\x960\a\x80\x88!\x9e\x96\xcd\xb5dB\xc1L\xb2\xb1\xe6\xf9\x92\xd4\xcd\v0|G\xb7\xc3+\xb5\xa9\xb4E>ry\x8d(\xcb\xadaH<-h\xef8\x0678]`\x1f\xe5\\\x9c\xb4\xbd 6\x9fP\x16\xb5\xa1.;d\xf5F7TgT\x908=l\x89\x05\x03\xcb\x04\x9c\x0e\x04\xb5a\xe6\xa6\x13\xf8\xb2\xe1\xab\vI;\x10\xa7\xcc\x84\x1d\xff(\x1c\x99\x90M\xba\xfe\xaa\x8e\x83\x98\xbb8\xc3\x02\x8d(\xb0\x9c@n\xb7\xd3TF\xc7\x7f\x11\x9e\x00\x00\x00\x00\x00', 0xbb) close_range$auto(0x2, 0xa, 0x0) ioctl$auto_BLKTRACESETUP2(r1, 0xc0481273, &(0x7f0000000040)={"dfc79764a845c63557426d04d76c16efcc010fd21aa3ec09031bf422def962bd", 0x8562, 0x1, 0x6, 0x685, 0x1, 0xffffffffffffffff}) statmount$auto(0x0, &(0x7f0000000180)={0x407, 0xffffffff, 0xd29e, 0x47, 0x1, 0x1007182, 0x2, 0x7, 0x6, 0x7, 0x89, 0x26, 0x4, 0x200000000001, 0x3, 0xfffffffffffffffa, 0x500000000000000, 0x0, 0x30, 0x0, 0x862, 0xe, 0x2, 0x9, 0x4, 0x83, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x71, 0x0, 0x40000000000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x3, 0x3, 0x6, 0x0, 0x0, 0x0, 0xf, 0x20000004, 0x800, 0x0, 0x0, 0x4000000010001, 0x1000000000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x40000000000000, 0x0, 0x0, 0x2, 0xcc, 0x0, 0x3, 0xfffffffffffffffc, 0x1]}, 0x7, 0x9) ioctl$auto__ctl_fops_dm_ioctl(0xffffffffffffffff, 0xfffffff7effffd0a, &(0x7f00000001c0)) 0s ago: executing program 2 (id=192): io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x1, 0x6, 0x8, 0x7fffffff, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c47, 0x4, 0x100, 0x7ffffffb, 0x101, 0x800, 0x3}, {0x8, 0x1, 0x52, 0x5, 0x2, 0x40, 0x76c5, 0x8, 0x100000000}}) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) prctl$auto(0x59616d61, 0x1, 0x0, 0x1, 0x0) process_vm_writev$auto(0x1, &(0x7f0000002980)={0x0, 0x4}, 0x3, &(0x7f0000002a40)={0x0, 0x81}, 0x4, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x5b, &(0x7f0000000080)={0x7fffffff, 0xd, 0x10000, 0x7, 0x3, 0x7ffffffd, 0xffffffffffffffff, [], {0x6, 0x1ff, 0x8c48, 0x2a2, 0x100, 0x7ffffffb, 0x101, 0x6, 0x3}, {0x100, 0x1, 0x0, 0x5, 0x3, 0x40, 0x76c5, 0x8, 0x100000000}}) mmap$auto(0x0, 0x9, 0x3, 0x8012, 0x3, 0x8300f000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x261c2, 0x184) openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000080)='/proc/kpageflags\x00', 0x2, 0x0) readv$auto(0x3, &(0x7f00000000c0)={0x0, 0x101d0}, 0x400) ustat$auto(0x801, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x2, 0x0) socket(0xa, 0x3, 0xff) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa}, 0x55) mmap$auto(0x0, 0x5f, 0x4000000000df, 0xeb1, 0x401, 0x8000) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7114}, 0x8) r0 = socket(0x2, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x1, 0x0) socket(0x2, 0x1, 0x106) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) listen$auto(0x3, 0x81) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) accept$auto(0x3, 0xffffffffffffffff, 0xfffffffffffffffd) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.76' (ED25519) to the list of known hosts. [ 88.633547][ T5819] cgroup: Unknown subsys name 'net' [ 88.804722][ T5819] cgroup: Unknown subsys name 'cpuset' [ 88.814697][ T5819] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 90.592592][ T5819] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 92.755488][ T5844] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 92.772487][ T5845] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 92.791467][ T5848] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 92.801243][ T5845] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 92.810246][ T5846] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 92.818879][ T5844] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 92.826651][ T5845] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 92.830913][ T5848] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 92.837830][ T5845] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 92.843238][ T5848] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 92.848962][ T5845] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 92.855983][ T5848] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 92.870914][ T5848] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 92.871967][ T5845] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 92.879063][ T5848] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 92.886286][ T5845] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 92.893164][ T5848] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 92.901791][ T5845] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 92.914946][ T5844] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 92.956694][ T5844] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 93.523632][ T5831] chnl_net:caif_netlink_parms(): no params data found [ 93.569679][ T5835] chnl_net:caif_netlink_parms(): no params data found [ 93.658036][ T5832] chnl_net:caif_netlink_parms(): no params data found [ 93.725212][ T5834] chnl_net:caif_netlink_parms(): no params data found [ 93.843510][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.851653][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.859420][ T5831] bridge_slave_0: entered allmulticast mode [ 93.867482][ T5831] bridge_slave_0: entered promiscuous mode [ 93.899823][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.907495][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.915203][ T5831] bridge_slave_1: entered allmulticast mode [ 93.922507][ T5831] bridge_slave_1: entered promiscuous mode [ 93.931273][ T5835] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.938513][ T5835] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.946492][ T5835] bridge_slave_0: entered allmulticast mode [ 93.953982][ T5835] bridge_slave_0: entered promiscuous mode [ 93.994571][ T5835] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.002032][ T5835] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.009443][ T5835] bridge_slave_1: entered allmulticast mode [ 94.017102][ T5835] bridge_slave_1: entered promiscuous mode [ 94.072703][ T5832] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.080126][ T5832] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.087877][ T5832] bridge_slave_0: entered allmulticast mode [ 94.096417][ T5832] bridge_slave_0: entered promiscuous mode [ 94.118831][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.142886][ T5835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.152621][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.159745][ T5832] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.168484][ T5832] bridge_slave_1: entered allmulticast mode [ 94.176182][ T5832] bridge_slave_1: entered promiscuous mode [ 94.196279][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 94.207942][ T5835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 94.228580][ T5834] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.235935][ T5834] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.244019][ T5834] bridge_slave_0: entered allmulticast mode [ 94.251354][ T5834] bridge_slave_0: entered promiscuous mode [ 94.289183][ T5834] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.297008][ T5834] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.304334][ T5834] bridge_slave_1: entered allmulticast mode [ 94.311773][ T5834] bridge_slave_1: entered promiscuous mode [ 94.342602][ T5832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.364970][ T5831] team0: Port device team_slave_0 added [ 94.373402][ T5835] team0: Port device team_slave_0 added [ 94.381948][ T5831] team0: Port device team_slave_1 added [ 94.390084][ T5832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 94.412504][ T5835] team0: Port device team_slave_1 added [ 94.447642][ T5834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.491116][ T5834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 94.511647][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 94.518704][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 94.545293][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 94.560218][ T5832] team0: Port device team_slave_0 added [ 94.577878][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 94.585237][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 94.612812][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 94.625168][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 94.632574][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 94.659805][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 94.672896][ T5832] team0: Port device team_slave_1 added [ 94.690210][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 94.697258][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 94.724484][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 94.755383][ T5834] team0: Port device team_slave_0 added [ 94.781569][ T5834] team0: Port device team_slave_1 added [ 94.792099][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 94.799347][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 94.826608][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 94.869054][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 94.876491][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 94.904379][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 94.957957][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 94.962025][ T5844] Bluetooth: hci1: command tx timeout [ 94.966222][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 94.971404][ T5845] Bluetooth: hci3: command tx timeout [ 94.998309][ T5834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.011038][ T5841] Bluetooth: hci0: command tx timeout [ 95.022590][ T5831] hsr_slave_0: entered promiscuous mode [ 95.029463][ T5831] hsr_slave_1: entered promiscuous mode [ 95.040773][ T5841] Bluetooth: hci2: command tx timeout [ 95.048933][ T5835] hsr_slave_0: entered promiscuous mode [ 95.056180][ T5835] hsr_slave_1: entered promiscuous mode [ 95.062736][ T5835] debugfs: 'hsr0' already exists in 'hsr' [ 95.068925][ T5835] Cannot create hsr debugfs directory [ 95.077042][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.085260][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 95.112169][ T5834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 95.233508][ T5832] hsr_slave_0: entered promiscuous mode [ 95.240536][ T5832] hsr_slave_1: entered promiscuous mode [ 95.247339][ T5832] debugfs: 'hsr0' already exists in 'hsr' [ 95.253423][ T5832] Cannot create hsr debugfs directory [ 95.322672][ T5834] hsr_slave_0: entered promiscuous mode [ 95.329258][ T5834] hsr_slave_1: entered promiscuous mode [ 95.336082][ T5834] debugfs: 'hsr0' already exists in 'hsr' [ 95.341991][ T5834] Cannot create hsr debugfs directory [ 95.748572][ T5835] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 95.775531][ T5835] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 95.787343][ T5835] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 95.807228][ T5835] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 95.862909][ T5831] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 95.875108][ T5831] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 95.888920][ T5831] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 95.905053][ T5831] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 95.999919][ T5832] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 96.021960][ T5832] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 96.044971][ T5832] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 96.075492][ T5832] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 96.178661][ T5834] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 96.197588][ T5834] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 96.216717][ T5834] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 96.229280][ T5834] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 96.286827][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.362392][ T5835] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.393503][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.422958][ T1164] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.430411][ T1164] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.455451][ T1164] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.462830][ T1164] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.496678][ T5831] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.506824][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.545121][ T1147] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.552298][ T1147] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.588862][ T3465] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.596327][ T3465] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.649007][ T5832] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.672128][ T5834] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.697334][ T1164] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.704643][ T1164] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.753534][ T3465] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.760885][ T3465] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.824904][ T5834] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.870219][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.877546][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.926232][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.933571][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.041048][ T5845] Bluetooth: hci3: command tx timeout [ 97.046610][ T5844] Bluetooth: hci1: command tx timeout [ 97.052510][ T5841] Bluetooth: hci0: command tx timeout [ 97.121167][ T5844] Bluetooth: hci2: command tx timeout [ 97.126209][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.263249][ T5835] veth0_vlan: entered promiscuous mode [ 97.342571][ T5835] veth1_vlan: entered promiscuous mode [ 97.453843][ T9] cfg80211: failed to load regulatory.db [ 97.546655][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.574074][ T5835] veth0_macvtap: entered promiscuous mode [ 97.619804][ T5835] veth1_macvtap: entered promiscuous mode [ 97.682985][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.693960][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.704769][ T5834] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.733754][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.766861][ T1164] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.783287][ T5831] veth0_vlan: entered promiscuous mode [ 97.791978][ T1164] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.813602][ T1164] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.823517][ T1164] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.855769][ T5831] veth1_vlan: entered promiscuous mode [ 97.987271][ T5832] veth0_vlan: entered promiscuous mode [ 98.009657][ T5834] veth0_vlan: entered promiscuous mode [ 98.020171][ T69] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.024788][ T5832] veth1_vlan: entered promiscuous mode [ 98.036976][ T69] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.096546][ T5831] veth0_macvtap: entered promiscuous mode [ 98.110474][ T1164] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.112433][ T5834] veth1_vlan: entered promiscuous mode [ 98.124087][ T1164] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.143486][ T5831] veth1_macvtap: entered promiscuous mode [ 98.216212][ T5832] veth0_macvtap: entered promiscuous mode [ 98.245160][ T5834] veth0_macvtap: entered promiscuous mode [ 98.257036][ T5835] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 98.281211][ T5832] veth1_macvtap: entered promiscuous mode [ 98.294931][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.307572][ T5834] veth1_macvtap: entered promiscuous mode [ 98.329810][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.397497][ T3559] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.408952][ T3559] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.424312][ T3559] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.444629][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.453353][ T3559] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.474829][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.508075][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.564824][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.573198][ T3559] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.600873][ T3559] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.635208][ T3559] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.636114][ T5925] FAULT_INJECTION: forcing a failure. [ 98.636114][ T5925] name failslab, interval 1, probability 0, space 0, times 1 [ 98.658168][ T3559] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.670253][ T5925] CPU: 0 UID: 0 PID: 5925 Comm: syz.2.3 Not tainted syzkaller #0 PREEMPT(full) [ 98.670299][ T5925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 98.670318][ T5925] Call Trace: [ 98.670328][ T5925] [ 98.670340][ T5925] dump_stack_lvl+0x16c/0x1f0 [ 98.670396][ T5925] should_fail_ex+0x512/0x640 [ 98.670430][ T5925] ? kmem_cache_alloc_noprof+0x62/0x770 [ 98.670469][ T5925] should_failslab+0xc2/0x120 [ 98.670508][ T5925] kmem_cache_alloc_noprof+0x83/0x770 [ 98.670537][ T5925] ? stack_depot_save_flags+0x29/0x9b0 [ 98.670563][ T5925] ? alloc_empty_file+0x55/0x1e0 [ 98.670596][ T5925] ? alloc_empty_file+0x55/0x1e0 [ 98.670629][ T5925] ? kasan_save_track+0x14/0x30 [ 98.670661][ T5925] alloc_empty_file+0x55/0x1e0 [ 98.670688][ T5925] path_openat+0xde/0x3140 [ 98.670721][ T5925] ? do_syscall_64+0xcd/0xf80 [ 98.670743][ T5925] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 98.670784][ T5925] ? __pfx_path_openat+0x10/0x10 [ 98.670834][ T5925] do_filp_open+0x20b/0x470 [ 98.670885][ T5925] ? __pfx_do_filp_open+0x10/0x10 [ 98.670952][ T5925] ? alloc_fd+0x471/0x7d0 [ 98.671002][ T5925] do_sys_openat2+0x121/0x290 [ 98.671028][ T5925] ? __pfx_do_sys_openat2+0x10/0x10 [ 98.671067][ T5925] __x64_sys_openat+0x174/0x210 [ 98.671096][ T5925] ? __pfx___x64_sys_openat+0x10/0x10 [ 98.671142][ T5925] do_syscall_64+0xcd/0xf80 [ 98.671169][ T5925] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 98.671195][ T5925] RIP: 0033:0x7fa31258f7c9 [ 98.671218][ T5925] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 98.671244][ T5925] RSP: 002b:00007fa3133c4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 98.671274][ T5925] RAX: ffffffffffffffda RBX: 00007fa3127e5fa0 RCX: 00007fa31258f7c9 [ 98.671293][ T5925] RDX: 0000000000490182 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 98.671310][ T5925] RBP: 00007fa312613f91 R08: 0000000000000000 R09: 0000000000000000 [ 98.671327][ T5925] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 98.671343][ T5925] R13: 00007fa3127e6038 R14: 00007fa3127e5fa0 R15: 00007ffdf9cc4658 [ 98.671377][ T5925] [ 98.915588][ T3559] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.925078][ T3559] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.944767][ T3559] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.984886][ T3559] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.054589][ T69] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.067479][ T69] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.121189][ T5845] Bluetooth: hci3: command tx timeout [ 99.126764][ T5841] Bluetooth: hci0: command tx timeout [ 99.133134][ T5844] Bluetooth: hci1: command tx timeout [ 99.180223][ T1164] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.192498][ T1164] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.211528][ T5844] Bluetooth: hci2: command tx timeout [ 99.398942][ T69] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.419061][ T69] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.610335][ T5935] vivid-007: ================= START STATUS ================= [ 99.618734][ T5935] vivid-007: Generate PTS: true [ 99.627543][ T5935] vivid-007: Generate SCR: true [ 99.633336][ T5935] tpg source WxH: 320x240 (Y'CbCr) [ 99.638636][ T5935] tpg field: 1 [ 99.643528][ T5935] tpg crop: (0,0)/320x240 [ 99.647992][ T5935] tpg compose: (0,0)/320x240 [ 99.654102][ T5935] tpg colorspace: 8 [ 99.658126][ T5935] tpg transfer function: 0/0 [ 99.679349][ T5935] tpg Y'CbCr encoding: 0/0 [ 99.694924][ T5935] tpg quantization: 0/0 [ 99.701027][ T5935] tpg RGB range: 0/2 [ 99.718576][ T5935] vivid-007: ================== END STATUS ================== [ 99.759311][ T1147] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.770926][ T1147] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.839519][ T1147] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.866310][ T1147] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.010007][ T1164] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.029757][ T1164] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.121881][ T5933] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 100.255085][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 100.750960][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 100.759950][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 101.201802][ T5844] Bluetooth: hci1: command tx timeout [ 101.204481][ T5845] Bluetooth: hci3: command tx timeout [ 101.214082][ T5841] Bluetooth: hci0: command tx timeout [ 101.220118][ T5947] random: crng reseeded on system resumption [ 101.227670][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 101.281512][ T5845] Bluetooth: hci2: command tx timeout [ 101.327594][ T5956] binder: 5949:5956 ioctl 4018620d ffffffffffffffff returned -22 [ 101.517961][ T30] audit: type=1800 audit(1768639590.712:2): pid=5935 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.4" name="lu_gp_id" dev="configfs" ino=7157 res=0 errno=0 [ 101.543460][ T5948] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2'. [ 101.702546][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 101.761819][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 101.770326][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 102.061694][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 102.071270][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 102.132701][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 102.159683][ T5964] netlink: 28 bytes leftover after parsing attributes in process `syz.0.8'. [ 102.382869][ T5964] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 102.450072][ T5964] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 102.476031][ T5964] bond0 (unregistering): Released all slaves [ 102.576723][ T5964] Zero length message leads to an empty skb [ 105.164183][ T5987] netlink: 338 bytes leftover after parsing attributes in process `syz.2.12'. [ 105.244292][ T5991] FAULT_INJECTION: forcing a failure. [ 105.244292][ T5991] name failslab, interval 1, probability 0, space 0, times 0 [ 105.284997][ T5991] CPU: 1 UID: 0 PID: 5991 Comm: syz.1.14 Not tainted syzkaller #0 PREEMPT(full) [ 105.285040][ T5991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 105.285057][ T5991] Call Trace: [ 105.285067][ T5991] [ 105.285078][ T5991] dump_stack_lvl+0x16c/0x1f0 [ 105.285134][ T5991] should_fail_ex+0x512/0x640 [ 105.285168][ T5991] ? __kmalloc_node_track_caller_noprof+0xcb/0x930 [ 105.285218][ T5991] should_failslab+0xc2/0x120 [ 105.285259][ T5991] __kmalloc_node_track_caller_noprof+0xec/0x930 [ 105.285298][ T5991] ? drm_atomic_get_connector_state+0x267/0x900 [ 105.285336][ T5991] ? krealloc_node_align_noprof+0x2ea/0x3d0 [ 105.285373][ T5991] krealloc_node_align_noprof+0x2ea/0x3d0 [ 105.285420][ T5991] drm_atomic_get_connector_state+0x267/0x900 [ 105.285459][ T5991] drm_atomic_add_affected_connectors+0x2e0/0x3f0 [ 105.285500][ T5991] ? __pfx_drm_atomic_add_affected_connectors+0x10/0x10 [ 105.285533][ T5991] ? modeset_lock+0x114/0x6d0 [ 105.285569][ T5991] __drm_atomic_helper_set_config+0x5ef/0xea0 [ 105.285611][ T5991] ? __pfx___drm_atomic_helper_set_config+0x10/0x10 [ 105.285648][ T5991] ? drm_client_rotation+0x4da/0x6a0 [ 105.285689][ T5991] drm_client_modeset_commit_atomic+0x53d/0x7e0 [ 105.285740][ T5991] ? __mutex_lock+0x27b/0x1ca0 [ 105.285770][ T5991] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 105.285809][ T5991] ? trace_contention_end+0xdd/0x110 [ 105.285886][ T5991] drm_client_modeset_commit_locked+0x14d/0x580 [ 105.285955][ T5991] drm_client_modeset_commit+0x4f/0x80 [ 105.285997][ T5991] __drm_fb_helper_restore_fbdev_mode_unlocked.part.0+0x137/0x160 [ 105.286051][ T5991] drm_fb_helper_restore_fbdev_mode_unlocked+0x93/0xc0 [ 105.286097][ T5991] drm_fbdev_client_restore+0x1b/0x30 [ 105.286126][ T5991] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 105.286152][ T5991] drm_client_dev_restore+0x200/0x2a0 [ 105.286198][ T5991] drm_release+0x2c6/0x360 [ 105.286237][ T5991] ? __pfx_drm_release+0x10/0x10 [ 105.286268][ T5991] __fput+0x402/0xb70 [ 105.286309][ T5991] task_work_run+0x150/0x240 [ 105.286343][ T5991] ? __pfx_task_work_run+0x10/0x10 [ 105.286370][ T5991] ? __do_sys_close_range+0x278/0x730 [ 105.286427][ T5991] exit_to_user_mode_loop+0xfb/0x540 [ 105.286470][ T5991] do_syscall_64+0x4ee/0xf80 [ 105.286501][ T5991] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.286530][ T5991] RIP: 0033:0x7fcf89f8f7c9 [ 105.286557][ T5991] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 105.286585][ T5991] RSP: 002b:00007fcf8addb038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 105.286614][ T5991] RAX: 0000000000000000 RBX: 00007fcf8a1e5fa0 RCX: 00007fcf89f8f7c9 [ 105.286633][ T5991] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 105.286649][ T5991] RBP: 00007fcf8a013f91 R08: 0000000000000000 R09: 0000000000000000 [ 105.286664][ T5991] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 105.286681][ T5991] R13: 00007fcf8a1e6038 R14: 00007fcf8a1e5fa0 R15: 00007ffdc2dc6f48 [ 105.286728][ T5991] [ 105.600225][ T5988] vivid-003: ================= START STATUS ================= [ 105.613341][ T5988] vivid-003: Radio HW Seek Mode: Bounded [ 105.619314][ T5988] vivid-003: Radio Programmable HW Seek: false [ 105.626918][ T5988] vivid-003: RDS Rx I/O Mode: Block I/O [ 105.632629][ T5988] vivid-003: Generate RBDS Instead of RDS: false [ 105.639569][ T5988] vivid-003: RDS Reception: true [ 105.644776][ T5988] vivid-003: RDS Program Type: 0 inactive [ 105.651357][ T5988] vivid-003: RDS PS Name: inactive [ 105.656733][ T5988] vivid-003: RDS Radio Text: inactive [ 105.662587][ T5988] vivid-003: RDS Traffic Announcement: false inactive [ 105.669639][ T5988] vivid-003: RDS Traffic Program: false inactive [ 105.676192][ T5988] vivid-003: RDS Music: false inactive [ 105.685175][ T5988] vivid-003: ================== END STATUS ================== [ 105.694750][ T5991] netlink: 28 bytes leftover after parsing attributes in process `syz.1.14'. [ 105.758923][ T5991] hsr_slave_0: left promiscuous mode [ 105.781116][ T5991] hsr_slave_1: left promiscuous mode [ 106.433929][ T6000] netlink: 28 bytes leftover after parsing attributes in process `syz.1.15'. [ 106.591522][ T5845] Bluetooth: hci2: unexpected event 0x23 length: 127 > 13 [ 106.785048][ T6006] process 'syz.1.15' launched './file0' with NULL argv: empty string added [ 106.894543][ T6000] bond0: (slave bond_slave_1): Releasing backup interface [ 107.552440][ T6004] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78c00 [ 107.590760][ T6004] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 107.660268][ T6004] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 107.726630][ T6004] page_type: f5(slab) [ 107.736539][ T6004] raw: 00fff00000000040 ffff88813ff26b40 dead000000000122 0000000000000000 [ 107.746775][ T6004] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 107.871003][ T6004] head: 00fff00000000040 ffff88813ff26b40 dead000000000122 0000000000000000 [ 107.880298][ T6004] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 108.027634][ T6004] head: 00fff00000000001 ffffea0001e30001 00000000ffffffff 00000000ffffffff [ 108.056190][ T6016] netlink: 4 bytes leftover after parsing attributes in process `syz.1.18'. [ 108.104056][ T6004] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 108.255360][ T6004] page dumped because: unmovable page [ 108.290930][ T6004] page_owner tracks the page as allocated [ 108.297419][ T6004] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5986, tgid 5982 (syz.2.12), ts 104888344386, free_ts 104878389681 [ 108.401972][ T6004] post_alloc_hook+0x1af/0x220 [ 108.481026][ T6004] get_page_from_freelist+0xd0b/0x31a0 [ 108.486605][ T6004] __alloc_frozen_pages_noprof+0x25f/0x2430 [ 108.570799][ T6004] alloc_pages_mpol+0x1fb/0x550 [ 108.575849][ T6004] new_slab+0x2c3/0x430 [ 108.580253][ T6004] ___slab_alloc+0xe18/0x1c90 [ 108.675628][ T6004] __slab_alloc.constprop.0+0x63/0x110 [ 108.700814][ T6004] __kmalloc_cache_noprof+0x485/0x800 [ 108.706700][ T6004] gact_init_net+0x56/0x270 [ 108.721963][ T6004] ops_init+0x1e2/0x5f0 [ 108.726237][ T6004] setup_net+0x11d/0x3a0 [ 108.767553][ T6004] copy_net_ns+0x351/0x7c0 [ 108.780696][ T6004] create_new_namespaces+0x3ea/0xab0 [ 108.786238][ T6004] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 108.816083][ T6004] ksys_unshare+0x45b/0xa40 [ 108.838027][ T6004] __x64_sys_unshare+0x31/0x40 [ 108.850826][ T6004] page last free pid 5202 tgid 5202 stack trace: [ 108.864010][ T6004] __free_frozen_pages+0x7df/0x1170 [ 108.900786][ T6004] qlist_free_all+0x4c/0xf0 [ 108.905475][ T6004] kasan_quarantine_reduce+0x195/0x1e0 [ 108.930831][ T6004] __kasan_slab_alloc+0x69/0x90 [ 108.935878][ T6004] __kmalloc_cache_noprof+0x282/0x800 [ 108.980846][ T6004] kernfs_fop_open+0x244/0xda0 [ 108.985732][ T6004] do_dentry_open+0x748/0x1590 [ 108.990572][ T6004] vfs_open+0x82/0x3f0 [ 109.025122][ T6004] path_openat+0x2078/0x3140 [ 109.040328][ T6004] do_filp_open+0x20b/0x470 [ 109.045487][ T6004] do_sys_openat2+0x121/0x290 [ 109.050237][ T6004] __x64_sys_openat+0x174/0x210 [ 109.067421][ T6004] do_syscall_64+0xcd/0xf80 [ 109.080786][ T6004] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.176481][ T6050] FAULT_INJECTION: forcing a failure. [ 112.176481][ T6050] name failslab, interval 1, probability 0, space 0, times 0 [ 112.210073][ T6050] CPU: 1 UID: 0 PID: 6050 Comm: syz.0.24 Not tainted syzkaller #0 PREEMPT(full) [ 112.210117][ T6050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 112.210132][ T6050] Call Trace: [ 112.210142][ T6050] [ 112.210150][ T6050] dump_stack_lvl+0x16c/0x1f0 [ 112.210199][ T6050] should_fail_ex+0x512/0x640 [ 112.210227][ T6050] ? kmem_cache_alloc_node_noprof+0x65/0x800 [ 112.210263][ T6050] should_failslab+0xc2/0x120 [ 112.210305][ T6050] kmem_cache_alloc_node_noprof+0x86/0x800 [ 112.210335][ T6050] ? mem_cgroup_css_alloc+0xad2/0x1e20 [ 112.210382][ T6050] ? mem_cgroup_css_alloc+0xad2/0x1e20 [ 112.210420][ T6050] mem_cgroup_css_alloc+0xad2/0x1e20 [ 112.210469][ T6050] cgroup_apply_control_enable+0x4b0/0xbb0 [ 112.210522][ T6050] cgroup_mkdir+0x5d9/0x12d0 [ 112.210567][ T6050] ? __pfx_cgroup_mkdir+0x10/0x10 [ 112.210605][ T6050] kernfs_iop_mkdir+0x111/0x190 [ 112.210642][ T6050] ? bpf_lsm_inode_mkdir+0x9/0x10 [ 112.210682][ T6050] vfs_mkdir+0x731/0xb60 [ 112.210727][ T6050] do_mkdirat+0x442/0x5e0 [ 112.210777][ T6050] ? __pfx_do_mkdirat+0x10/0x10 [ 112.210820][ T6050] ? strncpy_from_user+0x203/0x2e0 [ 112.210856][ T6050] ? getname_flags.part.0+0x1c5/0x550 [ 112.210893][ T6050] __x64_sys_mkdir+0xef/0x140 [ 112.210938][ T6050] do_syscall_64+0xcd/0xf80 [ 112.210969][ T6050] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.210998][ T6050] RIP: 0033:0x7f00adf8f7c9 [ 112.211024][ T6050] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 112.211053][ T6050] RSP: 002b:00007f00aee93038 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 112.211084][ T6050] RAX: ffffffffffffffda RBX: 00007f00ae1e6090 RCX: 00007f00adf8f7c9 [ 112.211103][ T6050] RDX: 0000000000000000 RSI: 00000000000008cd RDI: 0000200000000000 [ 112.211121][ T6050] RBP: 00007f00ae013f91 R08: 0000000000000000 R09: 0000000000000000 [ 112.211138][ T6050] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 112.211154][ T6050] R13: 00007f00ae1e6128 R14: 00007f00ae1e6090 R15: 00007ffd88b81578 [ 112.211196][ T6050] [ 112.825855][ T6061] futex_wake_op: syz.3.25 tries to shift op by -2048; fix this program [ 112.854737][ T6061] futex_wake_op: syz.3.25 tries to shift op by -2048; fix this program [ 113.121933][ T6061] 0x000000000001-0x000000020000 : "" [ 113.190001][ T6061] ftl_cs: FTL header corrupt! [ 115.890825][ T6088] FAULT_INJECTION: forcing a failure. [ 115.890825][ T6088] name failslab, interval 1, probability 0, space 0, times 0 [ 116.159273][ T6088] CPU: 1 UID: 0 PID: 6088 Comm: syz.1.32 Not tainted syzkaller #0 PREEMPT(full) [ 116.159303][ T6088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 116.159315][ T6088] Call Trace: [ 116.159323][ T6088] [ 116.159332][ T6088] dump_stack_lvl+0x16c/0x1f0 [ 116.159369][ T6088] should_fail_ex+0x512/0x640 [ 116.159391][ T6088] ? kmem_cache_alloc_noprof+0x62/0x770 [ 116.159417][ T6088] should_failslab+0xc2/0x120 [ 116.159444][ T6088] kmem_cache_alloc_noprof+0x83/0x770 [ 116.159465][ T6088] ? do_epoll_ctl+0x24d7/0x3790 [ 116.159499][ T6088] ? do_epoll_ctl+0x24d7/0x3790 [ 116.159523][ T6088] do_epoll_ctl+0x24d7/0x3790 [ 116.159558][ T6088] ? __pfx_do_epoll_ctl+0x10/0x10 [ 116.159582][ T6088] ? find_held_lock+0x2b/0x80 [ 116.159603][ T6088] ? __might_fault+0xe3/0x190 [ 116.159630][ T6088] ? __might_fault+0xe3/0x190 [ 116.159657][ T6088] ? __x64_sys_epoll_ctl+0x15c/0x1e0 [ 116.159670][ T6088] __x64_sys_epoll_ctl+0x15c/0x1e0 [ 116.159686][ T6088] ? __pfx___x64_sys_epoll_ctl+0x10/0x10 [ 116.159719][ T6088] do_syscall_64+0xcd/0xf80 [ 116.159737][ T6088] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.159756][ T6088] RIP: 0033:0x7fcf89f8f7c9 [ 116.159773][ T6088] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 116.159789][ T6088] RSP: 002b:00007fcf8addb038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 116.159806][ T6088] RAX: ffffffffffffffda RBX: 00007fcf8a1e5fa0 RCX: 00007fcf89f8f7c9 [ 116.159817][ T6088] RDX: 0000000000000003 RSI: 0000000000000001 RDI: 0000000000000004 [ 116.159826][ T6088] RBP: 00007fcf8a013f91 R08: 0000000000000000 R09: 0000000000000000 [ 116.159835][ T6088] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 116.159845][ T6088] R13: 00007fcf8a1e6038 R14: 00007fcf8a1e5fa0 R15: 00007ffdc2dc6f48 [ 116.159869][ T6088] [ 116.680395][ T6096] netlink: 346 bytes leftover after parsing attributes in process `syz.3.34'. [ 117.669848][ T6109] netlink: 302 bytes leftover after parsing attributes in process `syz.0.37'. [ 117.901432][ T6111] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 117.955448][ T6111] netlink: 25 bytes leftover after parsing attributes in process `syz.2.38'. [ 118.971353][ T6123] mmap: syz.2.41 (6123) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 119.286597][ T6127] NFSD: Failed to start, no listeners configured. [ 121.624460][ T6151] FAULT_INJECTION: forcing a failure. [ 121.624460][ T6151] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 121.658073][ T6151] CPU: 0 UID: 0 PID: 6151 Comm: syz.2.45 Not tainted syzkaller #0 PREEMPT(full) [ 121.658116][ T6151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 121.658134][ T6151] Call Trace: [ 121.658145][ T6151] [ 121.658157][ T6151] dump_stack_lvl+0x16c/0x1f0 [ 121.658211][ T6151] should_fail_ex+0x512/0x640 [ 121.658252][ T6151] strncpy_from_user+0x3b/0x2e0 [ 121.658289][ T6151] getname_flags.part.0+0x8f/0x550 [ 121.658329][ T6151] getname_flags+0x93/0xf0 [ 121.658367][ T6151] do_sys_openat2+0xb9/0x290 [ 121.658395][ T6151] ? __pfx_do_sys_openat2+0x10/0x10 [ 121.658436][ T6151] __x64_sys_openat+0x174/0x210 [ 121.658471][ T6151] ? __pfx___x64_sys_openat+0x10/0x10 [ 121.658521][ T6151] do_syscall_64+0xcd/0xf80 [ 121.658561][ T6151] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.658591][ T6151] RIP: 0033:0x7fa31258f7c9 [ 121.658617][ T6151] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 121.658643][ T6151] RSP: 002b:00007fa3133a2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 121.658672][ T6151] RAX: ffffffffffffffda RBX: 00007fa3127e6090 RCX: 00007fa31258f7c9 [ 121.658691][ T6151] RDX: 0000000000048041 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 121.658709][ T6151] RBP: 00007fa312613f91 R08: 0000000000000000 R09: 0000000000000000 [ 121.658725][ T6151] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 121.658741][ T6151] R13: 00007fa3127e6128 R14: 00007fa3127e6090 R15: 00007ffdf9cc4658 [ 121.658788][ T6151] [ 121.835707][ T6154] netlink: 338 bytes leftover after parsing attributes in process `syz.1.46'. [ 121.876902][ T6150] FAULT_INJECTION: forcing a failure. [ 121.876902][ T6150] name failslab, interval 1, probability 0, space 0, times 0 [ 121.895496][ T6150] CPU: 0 UID: 0 PID: 6150 Comm: syz.2.45 Not tainted syzkaller #0 PREEMPT(full) [ 121.895560][ T6150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 121.895578][ T6150] Call Trace: [ 121.895590][ T6150] [ 121.895602][ T6150] dump_stack_lvl+0x16c/0x1f0 [ 121.895661][ T6150] should_fail_ex+0x512/0x640 [ 121.895698][ T6150] ? __kmalloc_cache_noprof+0x5f/0x800 [ 121.895736][ T6150] should_failslab+0xc2/0x120 [ 121.895783][ T6150] __kmalloc_cache_noprof+0x80/0x800 [ 121.895814][ T6150] ? __sys_socket+0xac/0x260 [ 121.895844][ T6150] ? fput+0x70/0xf0 [ 121.895871][ T6150] ? do_eventfd+0x67/0x390 [ 121.895913][ T6150] ? do_eventfd+0x67/0x390 [ 121.895947][ T6150] do_eventfd+0x67/0x390 [ 121.895980][ T6150] ? rcu_is_watching+0x12/0xc0 [ 121.896025][ T6150] __x64_sys_eventfd+0x32/0x50 [ 121.896064][ T6150] do_syscall_64+0xcd/0xf80 [ 121.896096][ T6150] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.896126][ T6150] RIP: 0033:0x7fa31258f7c9 [ 121.896151][ T6150] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 121.896179][ T6150] RSP: 002b:00007fa3133c4038 EFLAGS: 00000246 ORIG_RAX: 000000000000011c [ 121.896208][ T6150] RAX: ffffffffffffffda RBX: 00007fa3127e5fa0 RCX: 00007fa31258f7c9 [ 121.896226][ T6150] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000080 [ 121.896242][ T6150] RBP: 00007fa312613f91 R08: 0000000000000000 R09: 0000000000000000 [ 121.896259][ T6150] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 121.896274][ T6150] R13: 00007fa3127e6038 R14: 00007fa3127e5fa0 R15: 00007ffdf9cc4658 [ 121.896309][ T6150] [ 122.083539][ T6154] bond_slave_0: entered allmulticast mode [ 125.570086][ T6157] FAULT_INJECTION: forcing a failure. [ 125.570086][ T6157] name failslab, interval 1, probability 0, space 0, times 0 [ 125.619519][ T6157] CPU: 0 UID: 0 PID: 6157 Comm: syz.0.47 Not tainted syzkaller #0 PREEMPT(full) [ 125.619560][ T6157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 125.619576][ T6157] Call Trace: [ 125.619587][ T6157] [ 125.619597][ T6157] dump_stack_lvl+0x16c/0x1f0 [ 125.619651][ T6157] should_fail_ex+0x512/0x640 [ 125.619687][ T6157] ? fs_reclaim_acquire+0xae/0x150 [ 125.619745][ T6157] should_failslab+0xc2/0x120 [ 125.619790][ T6157] kmem_cache_alloc_noprof+0x83/0x770 [ 125.619827][ T6157] ? __pfx_map_id_range_down+0x10/0x10 [ 125.619870][ T6157] ? security_inode_alloc+0x3b/0x2b0 [ 125.619929][ T6157] ? security_inode_alloc+0x3b/0x2b0 [ 125.619961][ T6157] security_inode_alloc+0x3b/0x2b0 [ 125.619996][ T6157] inode_init_always_gfp+0xced/0x1040 [ 125.620049][ T6157] alloc_inode+0x86/0x240 [ 125.620084][ T6157] sock_alloc+0x40/0x280 [ 125.620126][ T6157] __sock_create+0xc2/0x8a0 [ 125.620158][ T6157] __sys_socket+0x14d/0x260 [ 125.620184][ T6157] ? __pfx___sys_socket+0x10/0x10 [ 125.620214][ T6157] ? xfd_validate_state+0x61/0x180 [ 125.620240][ T6157] ? __pfx_ksys_write+0x10/0x10 [ 125.620290][ T6157] __x64_sys_socket+0x72/0xb0 [ 125.620319][ T6157] ? lockdep_hardirqs_on+0x7c/0x110 [ 125.620347][ T6157] do_syscall_64+0xcd/0xf80 [ 125.620377][ T6157] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 125.620406][ T6157] RIP: 0033:0x7f00adf8f7c9 [ 125.620430][ T6157] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 125.620455][ T6157] RSP: 002b:00007f00aeeb4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 125.620483][ T6157] RAX: ffffffffffffffda RBX: 00007f00ae1e5fa0 RCX: 00007f00adf8f7c9 [ 125.620501][ T6157] RDX: 0000000000000002 RSI: 0000000000000001 RDI: 000000000000002b [ 125.620518][ T6157] RBP: 00007f00ae013f91 R08: 0000000000000000 R09: 0000000000000000 [ 125.620535][ T6157] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 125.620552][ T6157] R13: 00007f00ae1e6038 R14: 00007f00ae1e5fa0 R15: 00007ffd88b81578 [ 125.620592][ T6157] [ 125.853714][ T6157] socket: no more sockets [ 126.310765][ T6203] netlink: 342 bytes leftover after parsing attributes in process `syz.1.55'. [ 126.334705][ T6205] nbd: illegal input index 37139 [ 126.973677][ T6209] netlink: 8 bytes leftover after parsing attributes in process `syz.0.58'. [ 127.021068][ T6215] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 127.506986][ T6220] zswap: compressor not available [ 128.106949][ T6238] netlink: 186 bytes leftover after parsing attributes in process `syz.2.64'. [ 128.212855][ T6239] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input5 [ 132.507047][ T6289] FAULT_INJECTION: forcing a failure. [ 132.507047][ T6289] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 132.572011][ T6289] CPU: 1 UID: 0 PID: 6289 Comm: syz.0.74 Not tainted syzkaller #0 PREEMPT(full) [ 132.572056][ T6289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 132.572075][ T6289] Call Trace: [ 132.572085][ T6289] [ 132.572097][ T6289] dump_stack_lvl+0x16c/0x1f0 [ 132.572157][ T6289] should_fail_ex+0x512/0x640 [ 132.572202][ T6289] _copy_from_iter+0x2a4/0x16c0 [ 132.572244][ T6289] ? __alloc_skb+0x220/0x410 [ 132.572279][ T6289] ? __alloc_skb+0x35d/0x410 [ 132.572313][ T6289] ? __pfx__copy_from_iter+0x10/0x10 [ 132.572348][ T6289] ? netlink_autobind.isra.0+0x158/0x370 [ 132.572395][ T6289] netlink_sendmsg+0x820/0xdd0 [ 132.572442][ T6289] ? __pfx_netlink_sendmsg+0x10/0x10 [ 132.572490][ T6289] ? aa_sock_msg_perm.constprop.0+0x100/0x1b0 [ 132.572530][ T6289] __sys_sendto+0x4a3/0x520 [ 132.572565][ T6289] ? __pfx___sys_sendto+0x10/0x10 [ 132.572619][ T6289] ? count_memcg_events_mm.constprop.0+0xfa/0x2a0 [ 132.572658][ T6289] ? count_memcg_events+0x122/0x290 [ 132.572724][ T6289] __x64_sys_sendto+0xe0/0x1c0 [ 132.572759][ T6289] ? do_syscall_64+0x91/0xf80 [ 132.572785][ T6289] ? lockdep_hardirqs_on+0x7c/0x110 [ 132.572811][ T6289] do_syscall_64+0xcd/0xf80 [ 132.572839][ T6289] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.572867][ T6289] RIP: 0033:0x7f00adf9165c [ 132.572892][ T6289] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b [ 132.572919][ T6289] RSP: 002b:00007f00aee91ec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 132.572948][ T6289] RAX: ffffffffffffffda RBX: 00007f00aee91fc0 RCX: 00007f00adf9165c [ 132.572967][ T6289] RDX: 0000000000000020 RSI: 00007f00aee92010 RDI: 0000000000000003 [ 132.572984][ T6289] RBP: 0000000000000000 R08: 00007f00aee91f14 R09: 000000000000000c [ 132.573001][ T6289] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 132.573017][ T6289] R13: 00007f00aee91f68 R14: 00007f00aee92010 R15: 0000000000000000 [ 132.573057][ T6289] [ 132.622857][ T6289] netlink: 8 bytes leftover after parsing attributes in process `syz.0.74'. [ 132.979121][ T6296] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 133.074581][ T30] audit: type=1804 audit(1768639622.292:3): pid=6297 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.76" name="/newroot/sys/kernel/debug/tracing/events/vmalloc/alloc_vmap_area/filter" dev="tracefs" ino=19680823 res=1 errno=0 [ 134.166666][ T6306] netlink: 8 bytes leftover after parsing attributes in process `syz.1.78'. [ 136.743272][ T6335] netlink: 8 bytes leftover after parsing attributes in process `syz.0.84'. [ 137.008769][ T30] audit: type=1804 audit(1768639626.222:4): pid=6337 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.86" name="/newroot/sys/kernel/debug/tracing/events/vmalloc/alloc_vmap_area/filter" dev="tracefs" ino=19680823 res=1 errno=0 [ 137.460024][ T6345] Invalid ELF header magic: != ELF [ 137.924956][ T6358] netlink: 56 bytes leftover after parsing attributes in process `syz.2.91'. [ 138.421779][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.428572][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 138.478597][ T6362] netlink: 28 bytes leftover after parsing attributes in process `syz.3.93'. [ 138.500800][ T6362] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 138.510907][ T6362] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 138.558948][ T6362] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 138.605520][ T6362] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 138.808603][ T6378] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 138.911674][ T30] audit: type=1804 audit(1768639628.132:5): pid=6378 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.97" name="/newroot/sys/kernel/debug/tracing/events/vmalloc/alloc_vmap_area/filter" dev="tracefs" ino=19680823 res=1 errno=0 [ 140.499595][ T6410] capability: warning: `syz.2.99' uses 32-bit capabilities (legacy support in use) [ 141.484347][ T6416] kexec: Could not allocate control_code_buffer [ 142.053116][ T30] audit: type=1804 audit(1768639631.252:6): pid=6446 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.109" name="/newroot/sys/kernel/debug/tracing/events/vmalloc/alloc_vmap_area/filter" dev="tracefs" ino=19680823 res=1 errno=0 [ 142.472249][ T6451] serio: Serial port pty6 [ 145.242593][ T6493] random: crng reseeded on system resumption [ 149.139578][ T30] audit: type=1800 audit(1768647438.354:7): pid=6552 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.132" name="features" dev="configfs" ino=11001 res=0 errno=0 [ 149.211738][ T6555] sd 0:0:1:0: device reset [ 149.251471][ T6515] FAULT_INJECTION: forcing a failure. [ 149.251471][ T6515] name failslab, interval 1, probability 0, space 0, times 0 [ 149.264533][ T6515] CPU: 0 UID: 0 PID: 6515 Comm: syz.1.123 Not tainted syzkaller #0 PREEMPT(full) [ 149.264566][ T6515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 149.264577][ T6515] Call Trace: [ 149.264586][ T6515] [ 149.264595][ T6515] dump_stack_lvl+0x16c/0x1f0 [ 149.264630][ T6515] should_fail_ex+0x512/0x640 [ 149.264653][ T6515] ? __kmalloc_cache_noprof+0x5f/0x800 [ 149.264677][ T6515] should_failslab+0xc2/0x120 [ 149.264705][ T6515] __kmalloc_cache_noprof+0x80/0x800 [ 149.264726][ T6515] ? __x64_sys_statmount+0x2d5/0x6c0 [ 149.264750][ T6515] ? __x64_sys_statmount+0x2d5/0x6c0 [ 149.264768][ T6515] __x64_sys_statmount+0x2d5/0x6c0 [ 149.264785][ T6515] ? __x64_sys_futex+0x1e0/0x4c0 [ 149.264805][ T6515] ? __x64_sys_futex+0x1e9/0x4c0 [ 149.264826][ T6515] ? __pfx___x64_sys_statmount+0x10/0x10 [ 149.264851][ T6515] do_syscall_64+0xcd/0xf80 [ 149.264869][ T6515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 149.264887][ T6515] RIP: 0033:0x7fcf89f8f7c9 [ 149.264902][ T6515] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 149.264918][ T6515] RSP: 002b:00007fcf8adba038 EFLAGS: 00000246 ORIG_RAX: 00000000000001c9 [ 149.264935][ T6515] RAX: ffffffffffffffda RBX: 00007fcf8a1e6090 RCX: 00007fcf89f8f7c9 [ 149.264945][ T6515] RDX: 00007ffffffff000 RSI: 0000000000000000 RDI: 0000200000000040 [ 149.264955][ T6515] RBP: 00007fcf8a013f91 R08: 0000000000000000 R09: 0000000000000000 [ 149.264964][ T6515] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 149.264974][ T6515] R13: 00007fcf8a1e6128 R14: 00007fcf8a1e6090 R15: 00007ffdc2dc6f48 [ 149.264994][ T6515] [ 150.625437][ T6577] netlink: del zone limit has 4 unknown bytes [ 151.117999][ T6581] Invalid ELF header magic: != ELF [ 151.555928][ T6592] netlink: 302 bytes leftover after parsing attributes in process `syz.0.144'. [ 151.796394][ T6597] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(10) [ 152.448588][ T6607] FAULT_INJECTION: forcing a failure. [ 152.448588][ T6607] name failslab, interval 1, probability 0, space 0, times 0 [ 152.461676][ T6607] CPU: 0 UID: 0 PID: 6607 Comm: syz.2.148 Not tainted syzkaller #0 PREEMPT(full) [ 152.461718][ T6607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 152.461736][ T6607] Call Trace: [ 152.461747][ T6607] [ 152.461759][ T6607] dump_stack_lvl+0x16c/0x1f0 [ 152.461816][ T6607] should_fail_ex+0x512/0x640 [ 152.461850][ T6607] ? __kmalloc_noprof+0xca/0x910 [ 152.461914][ T6607] should_failslab+0xc2/0x120 [ 152.461952][ T6607] __kmalloc_noprof+0xeb/0x910 [ 152.461977][ T6607] ? __pfx_map_id_range_down+0x10/0x10 [ 152.462014][ T6607] ? security_inode_alloc+0x3b/0x2b0 [ 152.462043][ T6607] ? sk_prot_alloc+0x1a8/0x2a0 [ 152.462076][ T6607] ? sk_prot_alloc+0x1a8/0x2a0 [ 152.462095][ T6607] sk_prot_alloc+0x1a8/0x2a0 [ 152.462122][ T6607] sk_alloc+0x36/0xe30 [ 152.462156][ T6607] packet_create+0x127/0x8e0 [ 152.462195][ T6607] __sock_create+0x339/0x8a0 [ 152.462229][ T6607] __sys_socket+0x14d/0x260 [ 152.462256][ T6607] ? __fget_files+0x20e/0x3c0 [ 152.462296][ T6607] ? __pfx___sys_socket+0x10/0x10 [ 152.462325][ T6607] ? xfd_validate_state+0x61/0x180 [ 152.462361][ T6607] __x64_sys_socket+0x72/0xb0 [ 152.462390][ T6607] ? lockdep_hardirqs_on+0x7c/0x110 [ 152.462422][ T6607] do_syscall_64+0xcd/0xf80 [ 152.462453][ T6607] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 152.462484][ T6607] RIP: 0033:0x7fa31258f7c9 [ 152.462509][ T6607] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 152.462537][ T6607] RSP: 002b:00007fa3133c4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 152.462565][ T6607] RAX: ffffffffffffffda RBX: 00007fa3127e5fa0 RCX: 00007fa31258f7c9 [ 152.462584][ T6607] RDX: 0000000000000009 RSI: 0000000000000003 RDI: 0000000000000011 [ 152.462599][ T6607] RBP: 00007fa312613f91 R08: 0000000000000000 R09: 0000000000000000 [ 152.462615][ T6607] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 152.462631][ T6607] R13: 00007fa3127e6038 R14: 00007fa3127e5fa0 R15: 00007ffdf9cc4658 [ 152.462671][ T6607] [ 153.273708][ T6618] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 154.415626][ T6628] syz.2.153 uses obsolete (PF_INET,SOCK_PACKET) [ 154.694821][ T6631] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(10) [ 155.290709][ T6635] FAULT_INJECTION: forcing a failure. [ 155.290709][ T6635] name failslab, interval 1, probability 0, space 0, times 0 [ 155.311835][ T6635] CPU: 0 UID: 0 PID: 6635 Comm: syz.0.158 Not tainted syzkaller #0 PREEMPT(full) [ 155.311877][ T6635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 155.311896][ T6635] Call Trace: [ 155.311905][ T6635] [ 155.311917][ T6635] dump_stack_lvl+0x16c/0x1f0 [ 155.311973][ T6635] should_fail_ex+0x512/0x640 [ 155.312006][ T6635] ? __kmalloc_node_noprof+0xcd/0x930 [ 155.312043][ T6635] should_failslab+0xc2/0x120 [ 155.312087][ T6635] __kmalloc_node_noprof+0xee/0x930 [ 155.312128][ T6635] ? alloc_slab_obj_exts+0x43/0xf0 [ 155.312163][ T6635] ? alloc_slab_obj_exts+0x43/0xf0 [ 155.312191][ T6635] alloc_slab_obj_exts+0x43/0xf0 [ 155.312223][ T6635] __memcg_slab_post_alloc_hook+0x24b/0x880 [ 155.312263][ T6635] ? kasan_save_track+0x14/0x30 [ 155.312304][ T6635] kmem_cache_alloc_noprof+0x589/0x770 [ 155.312338][ T6635] ? futex_wait+0x110/0x380 [ 155.312374][ T6635] ? do_epoll_ctl+0x1170/0x3790 [ 155.312428][ T6635] ? do_epoll_ctl+0x1170/0x3790 [ 155.312468][ T6635] do_epoll_ctl+0x1170/0x3790 [ 155.312510][ T6635] ? ksys_write+0x190/0x250 [ 155.312553][ T6635] ? __pfx_do_epoll_ctl+0x10/0x10 [ 155.312590][ T6635] ? find_held_lock+0x2b/0x80 [ 155.312624][ T6635] ? __might_fault+0xe3/0x190 [ 155.312657][ T6635] ? __might_fault+0xe3/0x190 [ 155.312703][ T6635] ? __x64_sys_epoll_ctl+0x15c/0x1e0 [ 155.312728][ T6635] __x64_sys_epoll_ctl+0x15c/0x1e0 [ 155.312756][ T6635] ? __pfx___x64_sys_epoll_ctl+0x10/0x10 [ 155.312815][ T6635] do_syscall_64+0xcd/0xf80 [ 155.312847][ T6635] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.312877][ T6635] RIP: 0033:0x7f00adf8f7c9 [ 155.312902][ T6635] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 155.312929][ T6635] RSP: 002b:00007f00aeeb4038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 155.312958][ T6635] RAX: ffffffffffffffda RBX: 00007f00ae1e5fa0 RCX: 00007f00adf8f7c9 [ 155.312976][ T6635] RDX: 0000000000000003 RSI: 0000000000000001 RDI: 0000000000000004 [ 155.312992][ T6635] RBP: 00007f00ae013f91 R08: 0000000000000000 R09: 0000000000000000 [ 155.313008][ T6635] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 155.313023][ T6635] R13: 00007f00ae1e6038 R14: 00007f00ae1e5fa0 R15: 00007ffd88b81578 [ 155.313065][ T6635] [ 156.083500][ T6657] ubi0: attaching mtd0 [ 156.089387][ T6657] ubi0: scanning is finished [ 156.140907][ T6657] ubi0: empty MTD device detected [ 156.184677][ T6644] Invalid ELF header magic: != ELF [ 156.458458][ T6657] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 156.466647][ T6657] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 156.499388][ T6657] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 156.538304][ T6657] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 156.577412][ T6657] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 156.605898][ T6657] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 156.650801][ T6657] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 3198282129 [ 156.714593][ T6657] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 156.778323][ T6669] ubi0: background thread "ubi_bgt0d" started, PID 6669 [ 156.806066][ T6658] ubi0: detaching mtd0 [ 156.854944][ T6658] ubi0: mtd0 is detached [ 157.530971][ T6689] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(10) [ 157.885355][ T6695] netlink: 32 bytes leftover after parsing attributes in process `syz.2.168'. [ 159.637543][ T6737] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x18000 [ 159.670773][ T6737] flags: 0xfff00000002000(reserved|node=0|zone=1|lastcpupid=0x7ff) [ 159.711000][ T6737] raw: 00fff00000002000 ffffea0000600008 ffffea0000600008 0000000000000000 [ 159.719915][ T6737] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 159.770821][ T6737] page dumped because: unmovable page [ 159.776277][ T6737] page_owner info is not present (never set?) [ 159.829721][ T6748] ACPI: EC: Assuming SCI_EVT clearing on QR_EC writes [ 161.293504][ T6777] netlink: 28 bytes leftover after parsing attributes in process `syz.2.187'. [ 161.664047][ T6782] netlink: 25 bytes leftover after parsing attributes in process `syz.2.189'. [ 161.776383][ T6780] ------------[ cut here ]------------ [ 161.782938][ T6780] WARNING: net/mac80211/pm.c:171 at __ieee80211_suspend+0x1003/0x12b0, CPU#0: syz.1.188/6780 [ 161.793702][ T6780] Modules linked in: [ 161.799228][ T6780] CPU: 0 UID: 0 PID: 6780 Comm: syz.1.188 Not tainted syzkaller #0 PREEMPT(full) [ 161.809637][ T6780] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 161.819810][ T6780] RIP: 0010:__ieee80211_suspend+0x1003/0x12b0 [ 161.826180][ T6780] Code: 1a f7 f0 41 80 a4 24 81 01 00 00 fe 4c 89 e0 48 c1 e8 03 42 80 3c 30 00 74 c4 4c 89 e7 e8 b5 5e 1a f7 eb ba e8 1e 7a b1 f6 90 <0f> 0b 90 e9 a7 f8 ff ff e8 10 7a b1 f6 90 0f 0b 90 e9 88 f6 ff ff [ 161.846629][ T6780] RSP: 0018:ffffc90003fdfc40 EFLAGS: 00010283 [ 161.852816][ T6780] RAX: 0000000000005f70 RBX: ffff8880203f0e80 RCX: ffffc9000ceea000 [ 161.861171][ T6780] RDX: 0000000000080000 RSI: ffffffff8b0ce462 RDI: 0000000000000001 [ 161.869390][ T6780] RBP: ffff8880203f2b10 R08: 0000000000000001 R09: 0000000000000000 [ 161.877528][ T6780] R10: 0000000000000001 R11: ffff88802879c830 R12: dffffc0000000000 [ 161.885682][ T6780] R13: ffffed100407e1d9 R14: ffff8880203f2910 R15: 0000000000000001 [ 161.893820][ T6780] FS: 00007fcf8addb6c0(0000) GS:ffff8881248f6000(0000) knlGS:0000000000000000 [ 161.903763][ T6780] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 161.910413][ T6780] CR2: 00007fa3127b42f8 CR3: 000000003212c000 CR4: 00000000003526f0 [ 161.919516][ T6780] Call Trace: [ 161.923514][ T6780] [ 161.926694][ T6780] reset_write+0x7a/0x290 [ 161.931422][ T6780] short_proxy_write+0x135/0x1a0 [ 161.936622][ T6780] ? __pfx_short_proxy_write+0x10/0x10 [ 161.942372][ T6780] vfs_write+0x2a0/0x11d0 [ 161.947001][ T6780] ? __pfx___mutex_lock+0x10/0x10 [ 161.952571][ T6780] ? __pfx_vfs_write+0x10/0x10 [ 161.957608][ T6780] ? __fget_files+0x20e/0x3c0 [ 161.962460][ T6780] ksys_write+0x12a/0x250 [ 161.966868][ T6780] ? __pfx_ksys_write+0x10/0x10 [ 161.972281][ T6780] do_syscall_64+0xcd/0xf80 [ 161.976950][ T6780] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.983141][ T6780] RIP: 0033:0x7fcf89f8f7c9 [ 161.987611][ T6780] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 162.008256][ T6780] RSP: 002b:00007fcf8addb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 162.017600][ T6780] RAX: ffffffffffffffda RBX: 00007fcf8a1e5fa0 RCX: 00007fcf89f8f7c9 [ 162.025800][ T6780] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003 [ 162.034096][ T6780] RBP: 00007fcf8a013f91 R08: 0000000000000000 R09: 0000000000000000 [ 162.042195][ T6780] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 162.050489][ T6780] R13: 00007fcf8a1e6038 R14: 00007fcf8a1e5fa0 R15: 00007ffdc2dc6f48 [ 162.058633][ T6780] [ 162.061742][ T6780] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 162.069158][ T6780] CPU: 0 UID: 0 PID: 6780 Comm: syz.1.188 Not tainted syzkaller #0 PREEMPT(full) [ 162.078755][ T6780] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 162.089145][ T6780] Call Trace: [ 162.092468][ T6780] [ 162.095434][ T6780] dump_stack_lvl+0x3d/0x1f0 [ 162.100185][ T6780] vpanic+0x640/0x6f0 [ 162.104216][ T6780] ? __ieee80211_suspend+0x1003/0x12b0 [ 162.109731][ T6780] panic+0xca/0xd0 [ 162.113508][ T6780] ? __pfx_panic+0x10/0x10 [ 162.118084][ T6780] check_panic_on_warn+0xab/0xb0 [ 162.123507][ T6780] __warn+0x108/0x3c0 [ 162.127740][ T6780] __report_bug+0x2a0/0x520 [ 162.132655][ T6780] ? __ieee80211_suspend+0x1003/0x12b0 [ 162.138231][ T6780] ? __pfx___report_bug+0x10/0x10 [ 162.143276][ T6780] ? dput.part.0+0xd8/0x570 [ 162.147864][ T6780] ? dput+0x1f/0x30 [ 162.151774][ T6780] ? __debugfs_create_file+0x40d/0x530 [ 162.157429][ T6780] ? debugfs_create_file_short+0x41/0x60 [ 162.163078][ T6780] ? __ieee80211_suspend+0x1003/0x12b0 [ 162.168560][ T6780] report_bug+0xb2/0x220 [ 162.173002][ T6780] ? __ieee80211_suspend+0x1003/0x12b0 [ 162.178477][ T6780] handle_bug+0x127/0x260 [ 162.182824][ T6780] exc_invalid_op+0x17/0x50 [ 162.187353][ T6780] asm_exc_invalid_op+0x1a/0x20 [ 162.192313][ T6780] RIP: 0010:__ieee80211_suspend+0x1003/0x12b0 [ 162.198414][ T6780] Code: 1a f7 f0 41 80 a4 24 81 01 00 00 fe 4c 89 e0 48 c1 e8 03 42 80 3c 30 00 74 c4 4c 89 e7 e8 b5 5e 1a f7 eb ba e8 1e 7a b1 f6 90 <0f> 0b 90 e9 a7 f8 ff ff e8 10 7a b1 f6 90 0f 0b 90 e9 88 f6 ff ff [ 162.218508][ T6780] RSP: 0018:ffffc90003fdfc40 EFLAGS: 00010283 [ 162.224701][ T6780] RAX: 0000000000005f70 RBX: ffff8880203f0e80 RCX: ffffc9000ceea000 [ 162.232717][ T6780] RDX: 0000000000080000 RSI: ffffffff8b0ce462 RDI: 0000000000000001 [ 162.240724][ T6780] RBP: ffff8880203f2b10 R08: 0000000000000001 R09: 0000000000000000 [ 162.248731][ T6780] R10: 0000000000000001 R11: ffff88802879c830 R12: dffffc0000000000 [ 162.256721][ T6780] R13: ffffed100407e1d9 R14: ffff8880203f2910 R15: 0000000000000001 [ 162.264825][ T6780] ? __ieee80211_suspend+0x1002/0x12b0 [ 162.270505][ T6780] reset_write+0x7a/0x290 [ 162.275039][ T6780] short_proxy_write+0x135/0x1a0 [ 162.280299][ T6780] ? __pfx_short_proxy_write+0x10/0x10 [ 162.285907][ T6780] vfs_write+0x2a0/0x11d0 [ 162.290279][ T6780] ? __pfx___mutex_lock+0x10/0x10 [ 162.295416][ T6780] ? __pfx_vfs_write+0x10/0x10 [ 162.300312][ T6780] ? __fget_files+0x20e/0x3c0 [ 162.305130][ T6780] ksys_write+0x12a/0x250 [ 162.309539][ T6780] ? __pfx_ksys_write+0x10/0x10 [ 162.314547][ T6780] do_syscall_64+0xcd/0xf80 [ 162.320065][ T6780] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.326100][ T6780] RIP: 0033:0x7fcf89f8f7c9 [ 162.330635][ T6780] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 162.350365][ T6780] RSP: 002b:00007fcf8addb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 162.359074][ T6780] RAX: ffffffffffffffda RBX: 00007fcf8a1e5fa0 RCX: 00007fcf89f8f7c9 [ 162.367266][ T6780] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003 [ 162.375896][ T6780] RBP: 00007fcf8a013f91 R08: 0000000000000000 R09: 0000000000000000 [ 162.384457][ T6780] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 162.392652][ T6780] R13: 00007fcf8a1e6038 R14: 00007fcf8a1e5fa0 R15: 00007ffdc2dc6f48 [ 162.400771][ T6780] [ 162.405013][ T6780] Kernel Offset: disabled [ 162.409460][ T6780] Rebooting in 86400 seconds..