last executing test programs: 6.800156621s ago: executing program 3 (id=703): setitimer$auto(0x2, &(0x7f0000000040)={{0x0, 0x5}, {0x0, 0x8}}, 0x0) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mtd0\x00', 0x48002, 0x0) r0 = socket(0x10, 0x2, 0xf) openat$auto_tracing_err_log_fops_trace(0xffffffffffffff9c, &(0x7f0000000440)='/sys/kernel/debug/tracing/error_log\x00', 0x603, 0x0) openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0) openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000000)='/proc/kpagecount\x00', 0x88000, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) pidfd_open$auto(0x1, 0x0) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x2) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x4, 0x15f4da0a, 0x1, 0x3, 0x0, 0x7fffffff, 0x7, 0x6d39, 0x5, 0x2, 0x1]}, 0x0) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x81ff, 0x7, 0xaec6, 0x0, 0x948d, 0x3, 0x8800000000000000, 0x3, 0x3, 0x62, 0x80000001, 0x4, 0x6d3f, 0xc, 0x40200000002, 0xfffffffffffffffb]}, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) getrandom$auto(0x0, 0x6000000, 0x3) openat$auto_ftrace_system_enable_fops_trace_events(0xffffffffffffff9c, 0x0, 0x20a01, 0x0) mmap$auto(0xb2, 0x14, 0xffb, 0x8000000008015, 0xffffffffffffffff, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) r2 = bpf$auto(0x0, &(0x7f0000000080)=@bpf_attr_4={0x1e, r0, 0xffffffff, 0xffffffffffffffff}, 0xd) bpf$auto(0x3, &(0x7f00000001c0)=@link_update={r2, @new_prog_fd, 0x403, @old_map_fd=r3}, 0x8) wait4$auto(0xffffffffffffffff, &(0x7f0000000000)=0x5, 0x3, &(0x7f0000000140)={{0x7, 0xfffffffffffffffa}, {0x4, 0xc9}, 0x40, 0xfff, 0x3, 0x16, 0x7fffffff, 0x400000000eac, 0x9, 0x5, 0x2, 0x10000000000000, 0x7fffffff, 0x87, 0x6, 0x7}) unshare$auto(0x40000080) 5.705711083s ago: executing program 0 (id=705): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) io_uring_setup$auto(0x5, 0x0) mknod$auto(&(0x7f0000000580)='u[,&*}\x00\a\x00\x00\x00?\xa4\x1fN\xa1~5Z\xc7\r\f}M4\xa8m\xe6\x19[11\xab\xff-E\xac9(\xb4O\xa0t4h\x9f-gn\x1f\x01\x00\x00\x00\x00\x00\x00\x00\xaeR\x81\r_\x0e\x19\b\x85\bvv(e\xdax)\t\x15\xf6\xc8\xee\x04\x16\xc1\x9a!\x87I7\x8cD&zg\xb0a\xab|E\xde\x14\xee[\xc8\xc0\xa8Nh\x0f\xa3\xdbT\xb3\xb8\xd2F\xa0\xc4]\xaf\xc43&\xe4\x01\x05\xd2\x15\xf8\xf1!\x9d\x92\xbbH\xd3^aD\x87\xd8\xe7\xd2\xf3[r\xc5S&}D[\x97\xf1\xd9\xf8Y\x1c\x03\x84\xb4\xd7\x16\x19\xe5\x17\x10\xd8fcG:\xfbY8\x17w\x98?\x03@\xe5\x02\x05\x93h\xb9\xf7\xef\x84\x8aGlN\a\x1e\x00\x00\x00\x00\x00\x00\x00\xf1p\xeb\xe9(%\x89\xef\x85\xdfr\xce\x00\x00\x00\x00\xff\x00\xa2M\'d\x12\x1c\x12\xca\xa5_\x8d\xdf\xc5\x8d\x19?\xfc~\xb3X\x14\xa7\xa9M\x87\xfcTW\x1bR\xbci\x8d\x8aNEO\xb3~~\xa8\xa6\x894\x80;s\xb7\xa3V\x1b\x14|\x9e\xd4\x05\x85\x0f!\xab-E\'\x97Y\xb7\xe8fMv_\xf8\xa0S\xef\xb7\b\xe7!T.g\x92\x87\t$\x06\xa4\xfb\x83\x8c\x17^\x82\xe7\xd3\xf6q\x1a\xa0\xf82[W\x90\xdd\xe3\xde\xa9\xde\x94`-\x9a\x1e}\xebO*\xb85,v.\xfc5\xba?vlt\xda%\x06a\x15I\x1f\xe3\x05+\x810T2\xf9\x9b\xc7\xd1\t\x03\xf2\x8d\x8a\x90\xb54\bH<9\xf1\x91 D\x85g,\xaa\xca\xcd\xd5\xcb\x9a\xb1j\xf2F\xce\x14\x92\xf9\xd7\xec\xc5\x1e\x8aq2\xce\x881f\xd7\xd4\x9e\xf6\xb6P\x01\xe8T\xb5X\xb9d-I\xd6\x91\xc3\xe2\x88S\x82l=\x02t$p\t\x8cY\x06\r\x83\xb0\x86\xc6\x84\x1c\xce\xb6\xf0\xdfC\x9fj<\xfe\xa4\x1f\x82L\xe4\x13+H\x00\x00\x00\x00\x00\x00\x00\x01M\x16\xa0\xbeB6\xfb\xa2-\x17\x93Q\x9fKusl5\xa2$M\xb4\x18\x1db\xf3\xce\x8c\xe5Rna\xd5\xbbQ\xc7\xa7+\vH\xc1l\x1bIv\xe8_', 0x1081, 0x9) acct$auto(&(0x7f0000000480)='u[,&*}\x00\a\x00\x00\x00?\xa4\x1fN\xa1~5Z\xc7\r\f}M4\xa8m\xe6\x19[11\xab\xff-E\xac9(\xb4O\xa0t4h\x9f-gn\x1f\x0f\x18\xc5\x82-s\x83\xe6\xaeR\x81\r_\x0e\x19\x12\x85\bvf(e\xday)\t\x15\xf6\xc8\xee\x04\x16\xc1\x9a!\x87I7\x8cD&zg\xb0a\xab|E\xde\x14\xee[\xc8\xc0\xa8Nh\x0f\xa3\xdbT\xb3\xb8\xd2F\xa0\xc4]\xaf\xc43&\xe4\x01\x05\xd2\x15\xf8\xf1!\x9d\x92\xbbHL9aD\xb4\x80\xed\xba>\"\xb6\x7f\xa3f\x1d\a\xa1\x87\x84uA\xd8\xe7\xd2\xf3[r\xc5S&}D[\x97\xf1\xd9\xf8Y\x03\x84\xb4\xd7\x16\x19\xe5\x17\x10\xd8fcG:\xfbY8\x17w\x98?\x03@\xe5\x02\x05\x93h\xb9\xf7\xef\x84\x8aGlN\a\x1e') r0 = open(&(0x7f0000000480)='./cgroup.cpu/cgroup.procs\x00', 0x880c2, 0x95) close_range$auto(0x2, 0x8, 0x0) acct$auto(&(0x7f0000000280)='/sys/devices/virtual/mtd/mtd0/size\x00') socket(0x2, 0x3, 0x100) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4044080}, 0x40090) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x40, 0x0, 0x1, 0x0, 0x0, 0x24008801}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x4) ioctl$auto_I2C_RDWR(r0, 0x707, 0x0) mmap$auto(0x0, 0x4020009, 0x7ff, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) socket(0x21, 0x5, 0x9) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000340), r1) sendmsg$auto_TIPC_NL_NET_SET(r1, &(0x7f00000079c0)={0x0, 0x0, &(0x7f0000007980)={&(0x7f0000000380)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002cbd7000ffdbdf250f0000000c00078008000200", @ANYRES32=0xee00, @ANYBLOB="e7fb7821abe7a4fd4a6d70030b1616cda87afe2b23b3c5e2e2c0b78d278229e30b5bb8b59e0406ccb4ea5cde5a30917002be620b0b37c9b9f86a80c460f153fb967a1104973aac8b34bcd766fd38962d1a9304103f34f9b1ac1b0c5143627e3fc41e40459f905038"], 0x20}, 0x1, 0x6000, 0x0, 0x40010}, 0x2) r3 = socket(0x1e, 0x4, 0x0) setsockopt$auto(r3, 0x10f, 0x87, 0x0, 0x14) write$auto(0x3, 0x0, 0xfdef) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x40000, 0x0) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) close_range$auto(0x2, 0x8, 0x0) 5.543147245s ago: executing program 2 (id=706): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) io_uring_setup$auto(0x5, 0x0) mknod$auto(&(0x7f0000000580)='u[,&*}\x00\a\x00\x00\x00?\xa4\x1fN\xa1~5Z\xc7\r\f}M4\xa8m\xe6\x19[11\xab\xff-E\xac9(\xb4O\xa0t4h\x9f-gn\x1f\x01\x00\x00\x00\x00\x00\x00\x00\xaeR\x81\r_\x0e\x19\b\x85\bvv(e\xdax)\t\x15\xf6\xc8\xee\x04\x16\xc1\x9a!\x87I7\x8cD&zg\xb0a\xab|E\xde\x14\xee[\xc8\xc0\xa8Nh\x0f\xa3\xdbT\xb3\xb8\xd2F\xa0\xc4]\xaf\xc43&\xe4\x01\x05\xd2\x15\xf8\xf1!\x9d\x92\xbbH\xd3^aD\x87\xd8\xe7\xd2\xf3[r\xc5S&}D[\x97\xf1\xd9\xf8Y\x1c\x03\x84\xb4\xd7\x16\x19\xe5\x17\x10\xd8fcG:\xfbY8\x17w\x98?\x03@\xe5\x02\x05\x93h\xb9\xf7\xef\x84\x8aGlN\a\x1e\x00\x00\x00\x00\x00\x00\x00\xf1p\xeb\xe9(%\x89\xef\x85\xdfr\xce\x00\x00\x00\x00\xff\x00\xa2M\'d\x12\x1c\x12\xca\xa5_\x8d\xdf\xc5\x8d\x19?\xfc~\xb3X\x14\xa7\xa9M\x87\xfcTW\x1bR\xbci\x8d\x8aNEO\xb3~~\xa8\xa6\x894\x80;s\xb7\xa3V\x1b\x14|\x9e\xd4\x05\x85\x0f!\xab-E\'\x97Y\xb7\xe8fMv_\xf8\xa0S\xef\xb7\b\xe7!T.g\x92\x87\t$\x06\xa4\xfb\x83\x8c\x17^\x82\xe7\xd3\xf6q\x1a\xa0\xf82[W\x90\xdd\xe3\xde\xa9\xde\x94`-\x9a\x1e}\xebO*\xb85,v.\xfc5\xba?vlt\xda%\x06a\x15I\x1f\xe3\x05+\x810T2\xf9\x9b\xc7\xd1\t\x03\xf2\x8d\x8a\x90\xb54\bH<9\xf1\x91 D\x85g,\xaa\xca\xcd\xd5\xcb\x9a\xb1j\xf2F\xce\x14\x92\xf9\xd7\xec\xc5\x1e\x8aq2\xce\x881f\xd7\xd4\x9e\xf6\xb6P\x01\xe8T\xb5X\xb9d-I\xd6\x91\xc3\xe2\x88S\x82l=\x02t$p\t\x8cY\x06\r\x83\xb0\x86\xc6\x84\x1c\xce\xb6\xf0\xdfC\x9fj<\xfe\xa4\x1f\x82L\xe4\x13+H\x00\x00\x00\x00\x00\x00\x00\x01M\x16\xa0\xbeB6\xfb\xa2-\x17\x93Q\x9fKusl5\xa2$M\xb4\x18\x1db\xf3\xce\x8c\xe5Rna\xd5\xbbQ\xc7\xa7+\vH\xc1l\x1bIv\xe8_', 0x1081, 0x9) acct$auto(&(0x7f0000000480)='u[,&*}\x00\a\x00\x00\x00?\xa4\x1fN\xa1~5Z\xc7\r\f}M4\xa8m\xe6\x19[11\xab\xff-E\xac9(\xb4O\xa0t4h\x9f-gn\x1f\x0f\x18\xc5\x82-s\x83\xe6\xaeR\x81\r_\x0e\x19\x12\x85\bvf(e\xday)\t\x15\xf6\xc8\xee\x04\x16\xc1\x9a!\x87I7\x8cD&zg\xb0a\xab|E\xde\x14\xee[\xc8\xc0\xa8Nh\x0f\xa3\xdbT\xb3\xb8\xd2F\xa0\xc4]\xaf\xc43&\xe4\x01\x05\xd2\x15\xf8\xf1!\x9d\x92\xbbHL9aD\xb4\x80\xed\xba>\"\xb6\x7f\xa3f\x1d\a\xa1\x87\x84uA\xd8\xe7\xd2\xf3[r\xc5S&}D[\x97\xf1\xd9\xf8Y\x03\x84\xb4\xd7\x16\x19\xe5\x17\x10\xd8fcG:\xfbY8\x17w\x98?\x03@\xe5\x02\x05\x93h\xb9\xf7\xef\x84\x8aGlN\a\x1e') r0 = open(&(0x7f0000000480)='./cgroup.cpu/cgroup.procs\x00', 0x880c2, 0x95) close_range$auto(0x2, 0x8, 0x0) acct$auto(&(0x7f0000000280)='/sys/devices/virtual/mtd/mtd0/size\x00') socket(0x2, 0x3, 0x100) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4044080}, 0x40090) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x40, 0x0, 0x1, 0x0, 0x0, 0x24008801}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x4) ioctl$auto_I2C_RDWR(r0, 0x707, 0x0) mmap$auto(0x0, 0x4020009, 0x7ff, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) socket(0x21, 0x5, 0x9) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000340), r1) sendmsg$auto_TIPC_NL_NET_SET(r1, &(0x7f00000079c0)={0x0, 0x0, &(0x7f0000007980)={&(0x7f0000000380)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002cbd7000ffdbdf250f0000000c00078008000200", @ANYRES32=0xee00, @ANYBLOB="e7fb7821abe7a4fd4a6d70030b1616cda87afe2b23b3c5e2e2c0b78d278229e30b5bb8b59e0406ccb4ea5cde5a30917002be620b0b37c9b9f86a80c460f153fb967a1104973aac8b34bcd766fd38962d1a9304103f34f9b1ac1b0c5143627e3fc41e40459f905038"], 0x20}, 0x1, 0x0, 0x0, 0x40010}, 0x2) r3 = socket(0x1e, 0x4, 0x0) setsockopt$auto(r3, 0x10f, 0x87, 0x0, 0x14) write$auto(0x3, 0x0, 0xfdef) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x40000, 0x0) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) close_range$auto(0x2, 0x8, 0x0) 5.502897449s ago: executing program 3 (id=707): setitimer$auto(0x2, &(0x7f0000000040)={{0x0, 0x5}, {0x0, 0x8}}, 0x0) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mtd0\x00', 0x48002, 0x0) r0 = socket(0x10, 0x2, 0xf) openat$auto_tracing_err_log_fops_trace(0xffffffffffffff9c, &(0x7f0000000440)='/sys/kernel/debug/tracing/error_log\x00', 0x603, 0x0) openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x60042, 0x0) pidfd_open$auto(0x1, 0x0) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x2) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x4, 0x15f4da0a, 0x1, 0x3, 0x0, 0x7fffffff, 0x7, 0x6d39, 0x5, 0x2, 0x1]}, 0x0) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x81ff, 0x7, 0xaec6, 0x0, 0x948d, 0x3, 0x8800000000000000, 0x3, 0x3, 0x62, 0x80000001, 0x4, 0x6d3f, 0xc, 0x40200000002, 0xfffffffffffffffb]}, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) getrandom$auto(0x0, 0x6000000, 0x3) openat$auto_ftrace_system_enable_fops_trace_events(0xffffffffffffff9c, 0x0, 0x20a01, 0x0) mmap$auto(0xb2, 0x14, 0xffb, 0x8000000008015, 0xffffffffffffffff, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) r2 = bpf$auto(0x0, &(0x7f0000000080)=@bpf_attr_4={0x1e, r0, 0xffffffff, 0xffffffffffffffff}, 0xd) bpf$auto(0x3, &(0x7f00000001c0)=@link_update={r2, @new_prog_fd, 0x403, @old_map_fd=r3}, 0x8) wait4$auto(0xffffffffffffffff, &(0x7f0000000000)=0x5, 0x3, &(0x7f0000000140)={{0x7, 0xfffffffffffffffa}, {0x4, 0xc9}, 0x40, 0xfff, 0x3, 0x16, 0x7fffffff, 0x400000000eac, 0x9, 0x5, 0x2, 0x10000000000000, 0x7fffffff, 0x87, 0x6, 0x7}) unshare$auto(0x40000080) 5.34038478s ago: executing program 1 (id=708): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002f00), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_LISTENER_SET(r0, &(0x7f0000005380)={0x0, 0x0, &(0x7f0000005340)={&(0x7f0000000180)={0x14, r1, 0x1, 0x870bd2b, 0x25dfdbfc}, 0x14}, 0x1, 0xffffff97, 0x0, 0xc000}, 0x20000000) 5.1755421s ago: executing program 1 (id=709): socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, 0x0, 0x81) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/interrupts\x00', 0x18b202, 0x0) pread64$auto(r0, &(0x7f0000000340)='/proc/Nes\x00'/22, 0x100000001, 0x100) readv$auto(0x3, 0x0, 0x4) unshare$auto(0x40000080) r1 = open(0x0, 0x161342, 0x130) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) ptrace$auto(0x11, 0x0, 0x4, 0x0) ptrace$auto(0x5, 0x0, 0xfffffffffffffffa, 0x8) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) mmap$auto(0x0, 0x100000001, 0xfd5, 0x12, 0xffffffffffffffff, 0x0) writev$auto(0x3, &(0x7f0000004100)={0x0, 0xb}, 0x3ff) r2 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x42, 0x0) write$auto(r2, 0x0, 0xa3d9) unshare$auto(0xa4) unshare$auto(0x40000080) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x200, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D3\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/snd/pcmC0D0p\x00', 0xa00, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/ip_vs_stats\x00', 0x121140, 0x0) 4.581791125s ago: executing program 2 (id=710): close_range$auto(0x2, 0x8, 0x0) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x80040, 0x0) openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000140), 0x8a700, 0x0) ioctl$auto(0x3, 0xc040563e, 0x38) mmap$auto(0x83, 0x2020009, 0x8, 0xebf, 0xfffffffffffffffa, 0x2) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0xc0400, 0x0) ioctl$auto(0x3, 0x4020565a, 0x38) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000180)='/dev/binderfs/binder0\x00', 0x80080, 0x0) socket(0xa, 0x1, 0x100) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/tracing/trace_options\x00', 0x0, 0x0) socket(0x1e, 0x1, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D2\x00', 0x101, 0x0) r1 = openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x10303f, 0x0) ioctl$auto_SNAPSHOT_ATOMIC_RESTORE(r1, 0x3304, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x3739aae3, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x3, 0xd, 0x1, 0x948b, 0x1, 0x15f4da0a, 0x1, 0xffffffffd09d8d67, 0x62, 0x80000023, 0x7, 0x6d3e, 0x9, 0x2, 0x2]}, 0x0) close_range$auto(0x2, 0xa, 0x0) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) 4.42419799s ago: executing program 0 (id=711): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop6\x00', 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000500)='/dev/video0\x00', 0x0, 0x0) bind$auto(r0, &(0x7f0000000040)=@sco, 0x6a) connect$auto(0x3, 0x0, 0x54) socket(0xa, 0x5, 0x0) sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_TEMP(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x14}, 0x405b) socket(0x10, 0x2, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D3\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) semctl$auto(0x4, 0x804, 0x13, 0x46) r2 = getsockopt$auto(0xffffffffffffffff, 0xff, 0x90, 0x0, &(0x7f0000000140)=0x3) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xf, 0x1, 0x948b, 0x3, 0x15f4da07, 0x3, 0x8000000003, 0x62, 0x8000001f, 0x40007, 0x4, 0x9, 0x2, 0x8]}, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/module/apparmor/parameters/path_max\x00', 0x0, 0x0) read$auto(0x3, 0x0, 0x7) ioctl$auto_TUNSETOWNER(r2, 0x400454cc, &(0x7f0000000180)=0x101) close_range$auto(0x2, 0xa, 0x0) getsockopt$auto_SO_BROADCAST(0xffffffffffffffff, 0xf7f, 0x6, 0x0, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/virtual/net/rose12/queues/rx-0/rps_cpus\x00', 0x20001, 0x0) connect$auto(0x3, &(0x7f00000000c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xfffe) 3.388695983s ago: executing program 0 (id=712): r0 = setfsgid$auto(0xee00) shmctl$auto_IPC_RMID(0x3, 0x0, &(0x7f0000000200)={{0x7, 0xee01, r0, 0x8, 0x0, 0x2, 0x2}, 0x9, 0xfff, 0x3, 0x1, @inferred, @raw=0x7, 0xb, 0x0, &(0x7f0000000080)="234fde732086439642f8a2162ca4086d7b8281eb91914dcdafa8a0cdd22c", &(0x7f0000000680)="8363905c51fb05f731841c58b89ea3c7cd023c2606d584e9177099d5bb11f2afe9b90b7fe045d58309679c45c37130da9e3264de325940223b85bf45d64bdd10b8f02b556be3d4537fc7056eb5807b82f08422704dc26d63ee235fc07371d06d44504a99f5d282744224898f6cb6ffc84ffaa731abcdf3a44c32c18cb91126d7165c16ffc7954258fa4d742c3100dfe65b7d1d6d8d6dcac6cddb96ee73fac419ce3edddf5b4c185ab9db0aff0bc643cabc63d56c149fb0e7fe28f07a"}) shmctl$auto(0x5, 0x4, &(0x7f00000003c0)={{0x0, r1, r2, 0x24, 0x3, 0x226, 0x4d0}, 0x10, 0x2fe, 0x1, 0x7, @raw=0xc, @raw=0x2, 0x6, 0x0, &(0x7f0000000340)="023d61d17de3b99f92bae31d5d4408a997bb53461f91fdf401a7ef5ef883aa939d931a5bd125f972e70a7a0abe36b6b8f860026251ed380f8e22833a348de47dc1b955e18bb2f7d2bfb6b46fbd38", &(0x7f00000005c0)="da420f1e1e2ec505a55d1cec0820e8671ec20e003cc2ca1bee8289041dd5b27a1fbcda83dd1a39821f7c6963acae759c95604fcac5e59b409ba72eff973769c51446d775370aa8cd184e0ddc3d902215a4e9fc17c346364b2bf5224a17a74440d47c6b9b68c6cd96b009d158af9170ad88fdd7180834e58254b5280675039a365b9e92c893d24f71fe675038e8727205bdd0bf8e2a444a2a01167d989235a1a3b45e"}) setresgid$auto(r3, r3, r2) r4 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) bpf$auto(0x5, &(0x7f0000000000)=@iter_create={0x19, 0x5}, 0x7) r5 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r6 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x10800, 0x0) ioctl$auto(r6, 0x4b4d, 0xffffffffffffffff) write$auto(r5, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000001c0), r4) write$auto(0xffffffffffffffff, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) madvise$auto(0x0, 0xfffffffbffff0001, 0x15) r7 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) madvise$auto(0x0, 0xffffffffffff0004, 0x1a) setgroups$auto(0xe32, 0x0) madvise$auto(0x0, 0x200007, 0x19) madvise$auto(0x20000000, 0xfffffffffffefffd, 0x95) setgroups$auto(0x1e9, &(0x7f0000000180)=0x400000) madvise$auto(0x8, 0xc89, 0xffffff33) r8 = socket(0x11, 0x4, 0xc) setsockopt$auto(r8, 0x104000000000010e, 0x1, 0x0, 0x16) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x200, 0x7, 0xde, 0x9b72, r7, 0x8000) io_uring_setup$auto(0x4e8c, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/vhci_hcd.3/usb16/ep_00/bmAttributes\x00', 0x2000, 0x0) 3.388031618s ago: executing program 1 (id=713): statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x1, 0x7356, 0x33, 0x65f, 0x1ffde, 0x7, 0xffffffffffffffff, 0x20000009, 0x4, 0x3, 0x6, 0x2091, 0xb4, 0x9, 0x6, 0x6, 0x83, 0x4, 0x7ff, 0x400, 0x2000, 0x203, 0x0, 0x84}, 0x1fe, 0xd) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0x10, 0x2, 0x0) r1 = openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/ieee80211/phy0/netdev:wlan0/state\x00', 0x88002, 0x0) read$auto(r1, &(0x7f0000001200)='\x00', 0x100000004) mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) r2 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0) fsync$auto(r2) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0x40}, 0x4, 0x0, 0x7, 0xa509}, 0x800}, 0x1000, 0x4008) 3.38790283s ago: executing program 2 (id=714): writev$auto(0xffffffffffffffff, 0x0, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) capset$auto(0x0, &(0x7f0000000000)={0x4, 0xa, 0x48}) socket(0x15, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @multicast1}, 0x6a) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) close_range$auto(0x0, 0xfffffffffffff000, 0x101) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xca481, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) close_range$auto(0x2, 0xa, 0x0) socket(0xa, 0x2, 0x0) r0 = socket(0xa, 0x3, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0xa, 0x1, 0x6) socket(0x11, 0x80003, 0x300) socket(0x10, 0x2, 0x0) socket(0x2, 0x3, 0x2) socket(0x2, 0x3, 0x104) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2b, 0x1, 0x1) setsockopt$auto(0x400000000000003, 0x29, 0x6, 0x0, 0x3) socketpair$auto(0x3, 0x5, 0x7, 0x0) connect$auto(r0, 0x0, 0x55) 3.38783894s ago: executing program 3 (id=715): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0x10, &(0x7f00000000c0)={0x0, 0xffe0}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) (async) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0xc76, 0x8000) (async) mmap$auto(0x0, 0x1004, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='./cgroup.net/blkio.bfq.weight_device\x00', 0x101000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f00000004c0)=""/45, 0x2d) (async) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000040)={{0x0, 0x2, &(0x7f0000000080)={0x0, 0x1}, 0xa, 0x0, 0x4, 0x401}, 0xed7138c}, 0x0, 0x0) (async) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) (async) close_range$auto(0x0, 0xfffffffffffff000, 0x2) (async) r1 = socket(0x2, 0x2, 0x1) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_4={0x1f, r1, 0x10000}, 0x10) (async) io_uring_setup$auto(0x1, 0x0) bpf$auto(0x1, 0x0, 0x13) (async) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) (async) open(0x0, 0x22240, 0x155) socket(0x2, 0x80802, 0x0) (async) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) (async) connect$auto(0x3, 0x0, 0x55) (async) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x106, 0x0, 0x1, 0x697b}, 0xed7138c}, 0x9a6, 0xe000) 3.010869095s ago: executing program 1 (id=716): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/virtual/net/rose7/flags\x00', 0x2262, 0x0) write$auto(r0, &(0x7f0000000140)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k\xfc\xb2\x00\x00\x00\x00y\x113!\x05\xa7\xd6M\xce\xd6\'\xdf@\x9f\xf5 \x8b_hw\x8em\xd0\b\xe7~1\xf5\xf8\x93*jH\x85H\x05\xae\xdf\xf0\x15A\xdb$\'\x87', 0x81) write$auto(r0, &(0x7f0000000440)='0\xfd\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) 2.893125006s ago: executing program 3 (id=717): mmap$auto(0x0, 0x2000c, 0xfff, 0x20eb1, 0x40000000000a5, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) r0 = socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) capset$auto(0x0, 0x0) setsockopt$auto(r0, 0x10000000084, 0x8, 0x0, 0xc) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xffb8}, 0x1, 0x0, 0x0, 0x9}, 0x100007}, 0x3, 0x0) 2.866780786s ago: executing program 1 (id=718): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bus/usb/037/001\x00', 0x20882, 0x0) ioctl$auto_USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000240)={0x23, 0x3, 0x14, 0x5, 0x7fc, 0x7fb, &(0x7f00000002c0)}) pread64$auto(0xffffffffffffffff, 0x0, 0x7ff, 0x400) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc3\xdd\xa7\xee$\xf5\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xe6\x06g\x1a\xfc\xa8\x02\vw\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/ipv4/conf/ip6tnl0/bootp_relay\x00', 0x5014c0, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x8800) mmap$auto(0x0, 0x0, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcsu\x00', 0x108002, 0x0) read$auto_vcs_fops_vc_screen(r2, &(0x7f0000000080)=""/238, 0xffffffe9) r3 = openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) read$auto_nvram_misc_fops_nvram(r3, &(0x7f0000000080)=""/209, 0xd1) ioctl$auto_NVRAM_INIT(r3, 0x7040, 0x0) membarrier$auto(0x2, 0x0, 0x9) write$auto_proc_mem_operations_base(0xffffffffffffffff, &(0x7f0000001680)="a7", 0x80000) prctl$auto(0x42, 0x4, 0x0, 0x0, 0x4) prctl$auto(0x43, 0x0, 0x0, 0x0, 0x0) openat$auto_minstrel_ht_stat_csv_fops_rc80211_minstrel_ht_debugfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/ieee80211/phy3/netdev:wlan0/stations/08:02:11:00:00:01/rc_stats_csv\x00', 0x2000, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r4 = getsockopt$auto_SO_PEERPIDFD(0xffffffffffffffff, 0x1, 0x4d, &(0x7f0000000000)='.\x00', &(0x7f0000000040)=0x1060) ioctl$auto_FIONREAD(r4, 0x541b, 0x7ff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) setgroups$auto(0xe32, 0x0) futex$auto(0x0, 0x5, 0x9, 0x0, 0x0, 0xffff7fff) socket$nl_generic(0x10, 0x3, 0x10) 1.937640232s ago: executing program 0 (id=719): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) io_uring_setup$auto(0x5, 0x0) mknod$auto(&(0x7f0000000580)='u[,&*}\x00\a\x00\x00\x00?\xa4\x1fN\xa1~5Z\xc7\r\f}M4\xa8m\xe6\x19[11\xab\xff-E\xac9(\xb4O\xa0t4h\x9f-gn\x1f\x01\x00\x00\x00\x00\x00\x00\x00\xaeR\x81\r_\x0e\x19\b\x85\bvv(e\xdax)\t\x15\xf6\xc8\xee\x04\x16\xc1\x9a!\x87I7\x8cD&zg\xb0a\xab|E\xde\x14\xee[\xc8\xc0\xa8Nh\x0f\xa3\xdbT\xb3\xb8\xd2F\xa0\xc4]\xaf\xc43&\xe4\x01\x05\xd2\x15\xf8\xf1!\x9d\x92\xbbH\xd3^aD\x87\xd8\xe7\xd2\xf3[r\xc5S&}D[\x97\xf1\xd9\xf8Y\x1c\x03\x84\xb4\xd7\x16\x19\xe5\x17\x10\xd8fcG:\xfbY8\x17w\x98?\x03@\xe5\x02\x05\x93h\xb9\xf7\xef\x84\x8aGlN\a\x1e\x00\x00\x00\x00\x00\x00\x00\xf1p\xeb\xe9(%\x89\xef\x85\xdfr\xce\x00\x00\x00\x00\xff\x00\xa2M\'d\x12\x1c\x12\xca\xa5_\x8d\xdf\xc5\x8d\x19?\xfc~\xb3X\x14\xa7\xa9M\x87\xfcTW\x1bR\xbci\x8d\x8aNEO\xb3~~\xa8\xa6\x894\x80;s\xb7\xa3V\x1b\x14|\x9e\xd4\x05\x85\x0f!\xab-E\'\x97Y\xb7\xe8fMv_\xf8\xa0S\xef\xb7\b\xe7!T.g\x92\x87\t$\x06\xa4\xfb\x83\x8c\x17^\x82\xe7\xd3\xf6q\x1a\xa0\xf82[W\x90\xdd\xe3\xde\xa9\xde\x94`-\x9a\x1e}\xebO*\xb85,v.\xfc5\xba?vlt\xda%\x06a\x15I\x1f\xe3\x05+\x810T2\xf9\x9b\xc7\xd1\t\x03\xf2\x8d\x8a\x90\xb54\bH<9\xf1\x91 D\x85g,\xaa\xca\xcd\xd5\xcb\x9a\xb1j\xf2F\xce\x14\x92\xf9\xd7\xec\xc5\x1e\x8aq2\xce\x881f\xd7\xd4\x9e\xf6\xb6P\x01\xe8T\xb5X\xb9d-I\xd6\x91\xc3\xe2\x88S\x82l=\x02t$p\t\x8cY\x06\r\x83\xb0\x86\xc6\x84\x1c\xce\xb6\xf0\xdfC\x9fj<\xfe\xa4\x1f\x82L\xe4\x13+H\x00\x00\x00\x00\x00\x00\x00\x01M\x16\xa0\xbeB6\xfb\xa2-\x17\x93Q\x9fKusl5\xa2$M\xb4\x18\x1db\xf3\xce\x8c\xe5Rna\xd5\xbbQ\xc7\xa7+\vH\xc1l\x1bIv\xe8_', 0x1081, 0x9) acct$auto(&(0x7f0000000480)='u[,&*}\x00\a\x00\x00\x00?\xa4\x1fN\xa1~5Z\xc7\r\f}M4\xa8m\xe6\x19[11\xab\xff-E\xac9(\xb4O\xa0t4h\x9f-gn\x1f\x0f\x18\xc5\x82-s\x83\xe6\xaeR\x81\r_\x0e\x19\x12\x85\bvf(e\xday)\t\x15\xf6\xc8\xee\x04\x16\xc1\x9a!\x87I7\x8cD&zg\xb0a\xab|E\xde\x14\xee[\xc8\xc0\xa8Nh\x0f\xa3\xdbT\xb3\xb8\xd2F\xa0\xc4]\xaf\xc43&\xe4\x01\x05\xd2\x15\xf8\xf1!\x9d\x92\xbbHL9aD\xb4\x80\xed\xba>\"\xb6\x7f\xa3f\x1d\a\xa1\x87\x84uA\xd8\xe7\xd2\xf3[r\xc5S&}D[\x97\xf1\xd9\xf8Y\x03\x84\xb4\xd7\x16\x19\xe5\x17\x10\xd8fcG:\xfbY8\x17w\x98?\x03@\xe5\x02\x05\x93h\xb9\xf7\xef\x84\x8aGlN\a\x1e') r0 = open(&(0x7f0000000480)='./cgroup.cpu/cgroup.procs\x00', 0x880c2, 0x95) close_range$auto(0x2, 0x8, 0x0) acct$auto(&(0x7f0000000280)='/sys/devices/virtual/mtd/mtd0/size\x00') socket(0x2, 0x3, 0x100) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4044080}, 0x40090) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x40, 0x0, 0x1, 0x0, 0x0, 0x24008801}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x4) ioctl$auto_I2C_RDWR(r0, 0x707, 0x0) mmap$auto(0x0, 0x4020009, 0x7ff, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) socket(0x21, 0x5, 0x9) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000340), r1) sendmsg$auto_TIPC_NL_NET_SET(r1, &(0x7f00000079c0)={0x0, 0x0, &(0x7f0000007980)={&(0x7f0000000380)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002cbd7000ffdbdf250f0000000c00078008000200", @ANYRES32=0xee00, @ANYBLOB="e7fb7821abe7a4fd4a6d70030b1616cda87afe2b23b3c5e2e2c0b78d278229e30b5bb8b59e0406ccb4ea5cde5a30917002be620b0b37c9b9f86a80c460f153fb967a1104973aac8b34bcd766fd38962d1a9304103f34f9b1ac1b0c5143627e3fc41e40459f905038"], 0x20}, 0x1, 0x0, 0x0, 0x40010}, 0x2) r3 = socket(0x1e, 0x4, 0x0) setsockopt$auto(r3, 0x10f, 0x87, 0x0, 0x14) write$auto(0x3, 0x0, 0xfdef) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x40000, 0x0) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) close_range$auto(0x2, 0x8, 0x0) 1.937482222s ago: executing program 2 (id=720): setitimer$auto(0x2, &(0x7f0000000040)={{0x0, 0x5}, {0x0, 0x8}}, 0x0) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mtd0\x00', 0x48002, 0x0) r0 = socket(0x10, 0x2, 0xf) openat$auto_tracing_err_log_fops_trace(0xffffffffffffff9c, &(0x7f0000000440)='/sys/kernel/debug/tracing/error_log\x00', 0x603, 0x0) openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x60042, 0x0) pidfd_open$auto(0x1, 0x0) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x2) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x4, 0x15f4da0a, 0x1, 0x3, 0x0, 0x7fffffff, 0x7, 0x6d39, 0x5, 0x2, 0x1]}, 0x0) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x81ff, 0x7, 0xaec6, 0x0, 0x948d, 0x3, 0x8800000000000000, 0x3, 0x3, 0x62, 0x80000001, 0x4, 0x6d3f, 0xc, 0x40200000002, 0xfffffffffffffffb]}, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) getrandom$auto(0x0, 0x6000000, 0x3) openat$auto_ftrace_system_enable_fops_trace_events(0xffffffffffffff9c, 0x0, 0x20a01, 0x0) mmap$auto(0xb2, 0x14, 0xffb, 0x8000000008015, 0xffffffffffffffff, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) r2 = bpf$auto(0x0, &(0x7f0000000080)=@bpf_attr_4={0x1e, r0, 0xffffffff, 0xffffffffffffffff}, 0xd) bpf$auto(0x3, &(0x7f00000001c0)=@link_update={r2, @new_prog_fd, 0x403, @old_map_fd=r3}, 0x8) wait4$auto(0xffffffffffffffff, &(0x7f0000000000)=0x5, 0x3, &(0x7f0000000140)={{0x7, 0xfffffffffffffffa}, {0x4, 0xc9}, 0x40, 0xfff, 0x3, 0x16, 0x7fffffff, 0x400000000eac, 0x9, 0x5, 0x2, 0x10000000000000, 0x7fffffff, 0x87, 0x6, 0x7}) unshare$auto(0x40000080) 1.937253855s ago: executing program 3 (id=721): close_range$auto(0x2, 0x8, 0x0) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x80040, 0x0) openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000140), 0x8a700, 0x0) ioctl$auto(0x3, 0xc040563e, 0x38) mmap$auto(0x83, 0x2020009, 0x8, 0xebf, 0xfffffffffffffffa, 0x2) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0xc0400, 0x0) ioctl$auto(0x3, 0x4020565a, 0x38) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000180)='/dev/binderfs/binder0\x00', 0x80080, 0x0) socket(0xa, 0x1, 0x100) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/tracing/trace_options\x00', 0x0, 0x0) socket(0x1e, 0x1, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D2\x00', 0x101, 0x0) r1 = openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x10303f, 0x0) ioctl$auto_SNAPSHOT_ATOMIC_RESTORE(r1, 0x3304, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x3739aae3, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x3, 0xd, 0x1, 0x948b, 0x1, 0x15f4da0a, 0x1, 0xffffffffd09d8d67, 0x62, 0x80000023, 0x7, 0x6d3e, 0x9, 0x2, 0x2]}, 0x0) close_range$auto(0x2, 0xa, 0x0) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) 1.052273109s ago: executing program 2 (id=722): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002f00), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_LISTENER_SET(r0, &(0x7f0000005380)={0x0, 0x0, &(0x7f0000005340)={&(0x7f0000000180)={0x14, r1, 0x1, 0x870bd2b, 0x25dfdbfc}, 0x14}, 0x1, 0xffffff97, 0x0, 0xc000}, 0x20000000) 1.050833686s ago: executing program 1 (id=730): r0 = setfsgid$auto(0xee00) shmctl$auto_IPC_RMID(0x3, 0x0, &(0x7f0000000200)={{0x7, 0xee01, r0, 0x8, 0x0, 0x2, 0x2}, 0x9, 0xfff, 0x3, 0x1, @inferred, @raw=0x7, 0xb, 0x0, &(0x7f0000000080)="234fde732086439642f8a2162ca4086d7b8281eb91914dcdafa8a0cdd22c", &(0x7f0000000680)="8363905c51fb05f731841c58b89ea3c7cd023c2606d584e9177099d5bb11f2afe9b90b7fe045d58309679c45c37130da9e3264de325940223b85bf45d64bdd10b8f02b556be3d4537fc7056eb5807b82f08422704dc26d63ee235fc07371d06d44504a99f5d282744224898f6cb6ffc84ffaa731abcdf3a44c32c18cb91126d7165c16ffc7954258fa4d742c3100dfe65b7d1d6d8d6dcac6cddb96ee73fac419ce3edddf5b4c185ab9db0aff0bc643cabc63d56c149fb0e7fe28f07a"}) shmctl$auto(0x5, 0x4, &(0x7f00000003c0)={{0x0, r1, r2, 0x24, 0x3, 0x226, 0x4d0}, 0x10, 0x2fe, 0x1, 0x7, @raw=0xc, @raw=0x2, 0x6, 0x0, &(0x7f0000000340)="023d61d17de3b99f92bae31d5d4408a997bb53461f91fdf401a7ef5ef883aa939d931a5bd125f972e70a7a0abe36b6b8f860026251ed380f8e22833a348de47dc1b955e18bb2f7d2bfb6b46fbd38", &(0x7f00000005c0)="da420f1e1e2ec505a55d1cec0820e8671ec20e003cc2ca1bee8289041dd5b27a1fbcda83dd1a39821f7c6963acae759c95604fcac5e59b409ba72eff973769c51446d775370aa8cd184e0ddc3d902215a4e9fc17c346364b2bf5224a17a74440d47c6b9b68c6cd96b009d158af9170ad88fdd7180834e58254b5280675039a365b9e92c893d24f71fe675038e8727205bdd0bf8e2a444a2a01167d989235a1a3b45e"}) setresgid$auto(r3, r3, r2) r4 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) bpf$auto(0x5, &(0x7f0000000000)=@iter_create={0x19, 0x5}, 0x7) r5 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r6 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x10800, 0x0) ioctl$auto(r6, 0x4b4d, 0xffffffffffffffff) write$auto(r5, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000001c0), r4) write$auto(0xffffffffffffffff, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) madvise$auto(0x0, 0xfffffffbffff0001, 0x15) r7 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) madvise$auto(0x0, 0xffffffffffff0004, 0x1a) setgroups$auto(0xe32, 0x0) madvise$auto(0x0, 0x200007, 0x19) madvise$auto(0x20000000, 0xfffffffffffefffd, 0x95) setgroups$auto(0x1e9, &(0x7f0000000180)=0x400000) madvise$auto(0x8, 0xc89, 0xffffff33) r8 = socket(0x11, 0x4, 0xc) setsockopt$auto(r8, 0x104000000000010e, 0x1, 0x0, 0x16) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x200, 0x7, 0xde, 0x9b72, r7, 0x8000) io_uring_setup$auto(0x4e8c, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/vhci_hcd.3/usb16/ep_00/bmAttributes\x00', 0x2000, 0x0) 856.009112ms ago: executing program 0 (id=723): sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=ANY=[@ANYBLOB="1b000000", @ANYBLOB="1e0027"], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) bind$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) r0 = openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000180)='/proc/softirqs\x00', 0x400, 0x0) kill$auto(0x0, 0x12) preadv$auto(r0, &(0x7f0000009180)={&(0x7f0000008180), 0x7}, 0x26, 0x80, 0x5) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x26, 0x1, 0x0, 0x0, 0x0) clone$auto(0x20003b46, 0x100000000000005, 0x0, 0x0, 0x2) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000340)='/dev/input/event0\x00', 0x40000, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/mnt\x00') r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0xfffffffffffffffe, 0x200006, 0x6, 0x40eb1, 0x602, 0xcf05) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) madvise$auto(0x0, 0x20499d, 0x9) mmap$auto(0x0, 0xffffffffffffffff, 0xffb, 0x8000000008011, r1, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x48140, 0x0) ioctl$auto(r1, 0x541d, 0xffffffffffffffff) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0x2, 0x2) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) r3 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 754.162756ms ago: executing program 2 (id=724): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop6\x00', 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000500)='/dev/video0\x00', 0x0, 0x0) bind$auto(r0, &(0x7f0000000040)=@sco, 0x6a) connect$auto(0x3, 0x0, 0x54) socket(0xa, 0x5, 0x0) sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_TEMP(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x14}, 0x405b) socket(0x10, 0x2, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D3\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) semctl$auto(0x4, 0x804, 0x13, 0x46) r2 = getsockopt$auto(0xffffffffffffffff, 0xff, 0x90, 0x0, &(0x7f0000000140)=0x3) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xf, 0x1, 0x948b, 0x3, 0x15f4da07, 0x3, 0x8000000003, 0x62, 0x8000001f, 0x40007, 0x4, 0x9, 0x2, 0x8]}, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/module/apparmor/parameters/path_max\x00', 0x0, 0x0) read$auto(0x3, 0x0, 0x7) ioctl$auto_TUNSETOWNER(r2, 0x400454cc, &(0x7f0000000180)=0x101) close_range$auto(0x2, 0xa, 0x0) getsockopt$auto_SO_BROADCAST(0xffffffffffffffff, 0xf7f, 0x6, 0x0, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/virtual/net/rose12/queues/rx-0/rps_cpus\x00', 0x20001, 0x0) connect$auto(0x3, &(0x7f00000000c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xfffe) 144.563µs ago: executing program 0 (id=725): statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x1, 0x7356, 0x33, 0x65f, 0x1ffde, 0x7, 0xffffffffffffffff, 0x20000009, 0x4, 0x3, 0x6, 0x2091, 0xb4, 0x9, 0x6, 0x6, 0x83, 0x4, 0x7ff, 0x400, 0x2000, 0x203, 0x0, 0x84}, 0x1fe, 0xd) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0x10, 0x2, 0x0) r1 = openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/ieee80211/phy0/netdev:wlan0/state\x00', 0x88002, 0x0) read$auto(r1, &(0x7f0000001200)='\x00', 0x100000004) mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) r2 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0) fsync$auto(r2) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0x40}, 0x4, 0x0, 0x7, 0xa509}, 0x800}, 0x1000, 0x4008) 0s ago: executing program 3 (id=726): mmap$auto(0x0, 0x2000c, 0xfff, 0x20eb1, 0x40000000000a5, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) r0 = socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) capset$auto(0x0, 0x0) setsockopt$auto(r0, 0x10000000084, 0x8, 0x0, 0xc) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xb8ff}, 0x1, 0x0, 0x0, 0x9}, 0x100007}, 0x3, 0x0) (fail_nth: 4) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.145' (ED25519) to the list of known hosts. [ 76.319093][ T5835] cgroup: Unknown subsys name 'net' [ 76.459936][ T5835] cgroup: Unknown subsys name 'cpuset' [ 76.468713][ T5835] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 77.923322][ T5835] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 79.873235][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 79.883116][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 79.890955][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 79.899298][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 79.908748][ T5851] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 79.917531][ T5852] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 79.969053][ T5851] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 79.978633][ T5851] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 79.989047][ T5851] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 79.998340][ T5851] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 80.077013][ T5168] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 80.085082][ T5168] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 80.093962][ T5168] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 80.102165][ T5168] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 80.109980][ T5168] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 80.121308][ T5848] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 80.137342][ T5848] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 80.145209][ T5848] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 80.154981][ T5848] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 80.164185][ T5848] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 80.573596][ T5849] chnl_net:caif_netlink_parms(): no params data found [ 80.697718][ T5854] chnl_net:caif_netlink_parms(): no params data found [ 80.749455][ T5845] chnl_net:caif_netlink_parms(): no params data found [ 80.810639][ T5849] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.818358][ T5849] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.825665][ T5849] bridge_slave_0: entered allmulticast mode [ 80.834117][ T5849] bridge_slave_0: entered promiscuous mode [ 80.882450][ T5849] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.889795][ T5849] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.897486][ T5849] bridge_slave_1: entered allmulticast mode [ 80.904509][ T5849] bridge_slave_1: entered promiscuous mode [ 81.015051][ T5854] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.022394][ T5854] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.029944][ T5854] bridge_slave_0: entered allmulticast mode [ 81.037873][ T5854] bridge_slave_0: entered promiscuous mode [ 81.045090][ T5858] chnl_net:caif_netlink_parms(): no params data found [ 81.069265][ T5849] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.078836][ T5854] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.086097][ T5854] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.094671][ T5854] bridge_slave_1: entered allmulticast mode [ 81.103070][ T5854] bridge_slave_1: entered promiscuous mode [ 81.129807][ T5849] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.191782][ T5845] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.199135][ T5845] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.206445][ T5845] bridge_slave_0: entered allmulticast mode [ 81.213906][ T5845] bridge_slave_0: entered promiscuous mode [ 81.250318][ T5854] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.259903][ T5845] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.267401][ T5845] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.274751][ T5845] bridge_slave_1: entered allmulticast mode [ 81.282390][ T5845] bridge_slave_1: entered promiscuous mode [ 81.301747][ T5849] team0: Port device team_slave_0 added [ 81.317856][ T5854] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.356088][ T5849] team0: Port device team_slave_1 added [ 81.380980][ T5845] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.412022][ T5854] team0: Port device team_slave_0 added [ 81.420434][ T5854] team0: Port device team_slave_1 added [ 81.429100][ T5845] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.517981][ T5845] team0: Port device team_slave_0 added [ 81.536192][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.543564][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.570622][ T5849] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.591988][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.599040][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.625411][ T5854] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.639274][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.646252][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.672317][ T5854] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.684666][ T5845] team0: Port device team_slave_1 added [ 81.702777][ T5858] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.710375][ T5858] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.717884][ T5858] bridge_slave_0: entered allmulticast mode [ 81.725740][ T5858] bridge_slave_0: entered promiscuous mode [ 81.733700][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.741336][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.767385][ T5849] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.803385][ T5858] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.810774][ T5858] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.818161][ T5858] bridge_slave_1: entered allmulticast mode [ 81.825195][ T5858] bridge_slave_1: entered promiscuous mode [ 81.843245][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.850799][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.877372][ T5845] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.941867][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.949006][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.975909][ T5845] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.989295][ T5858] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.002945][ T5858] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 82.026995][ T5168] Bluetooth: hci0: command tx timeout [ 82.043287][ T5849] hsr_slave_0: entered promiscuous mode [ 82.049865][ T5849] hsr_slave_1: entered promiscuous mode [ 82.081505][ T5854] hsr_slave_0: entered promiscuous mode [ 82.087886][ T5854] hsr_slave_1: entered promiscuous mode [ 82.093912][ T5854] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 82.101755][ T5854] Cannot create hsr debugfs directory [ 82.107279][ T5168] Bluetooth: hci1: command tx timeout [ 82.186938][ T5168] Bluetooth: hci3: command tx timeout [ 82.188833][ T5858] team0: Port device team_slave_0 added [ 82.192724][ T5168] Bluetooth: hci2: command tx timeout [ 82.202554][ T5858] team0: Port device team_slave_1 added [ 82.279422][ T5845] hsr_slave_0: entered promiscuous mode [ 82.285695][ T5845] hsr_slave_1: entered promiscuous mode [ 82.292178][ T5845] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 82.301665][ T5845] Cannot create hsr debugfs directory [ 82.328266][ T5858] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 82.335420][ T5858] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.362721][ T5858] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 82.375677][ T5858] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 82.382906][ T5858] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.409312][ T5858] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 82.604375][ T5858] hsr_slave_0: entered promiscuous mode [ 82.611166][ T5858] hsr_slave_1: entered promiscuous mode [ 82.617963][ T5858] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 82.625546][ T5858] Cannot create hsr debugfs directory [ 82.808138][ T5854] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 82.828732][ T5854] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 82.854410][ T5854] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 82.879456][ T5854] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 82.975490][ T5845] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 83.001529][ T5845] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 83.022034][ T5845] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 83.054173][ T5845] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 83.081249][ T5849] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 83.099910][ T5849] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 83.115947][ T5849] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 83.148267][ T5849] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 83.220775][ T5858] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 83.261074][ T5858] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 83.279080][ T5858] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 83.297649][ T5858] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 83.442515][ T5854] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.455810][ T5845] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.521488][ T5854] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.543272][ T5845] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.561660][ T5858] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.572377][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.579681][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.611747][ T2122] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.618953][ T2122] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.631975][ T2122] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.639194][ T2122] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.649170][ T2122] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.656299][ T2122] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.692165][ T5849] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.730330][ T5858] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.766957][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.774097][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.799888][ T5113] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.807024][ T5113] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.834520][ T5849] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.861276][ T5113] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.868562][ T5113] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.917222][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.924436][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.107073][ T5168] Bluetooth: hci0: command tx timeout [ 84.186890][ T5168] Bluetooth: hci1: command tx timeout [ 84.271814][ T5168] Bluetooth: hci2: command tx timeout [ 84.277725][ T5848] Bluetooth: hci3: command tx timeout [ 84.371733][ T5854] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.464293][ T5845] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.502173][ T5854] veth0_vlan: entered promiscuous mode [ 84.546305][ T5854] veth1_vlan: entered promiscuous mode [ 84.605388][ T5849] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.630891][ T5845] veth0_vlan: entered promiscuous mode [ 84.664908][ T5845] veth1_vlan: entered promiscuous mode [ 84.673622][ T5854] veth0_macvtap: entered promiscuous mode [ 84.705191][ T5854] veth1_macvtap: entered promiscuous mode [ 84.730168][ T5858] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.755585][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.782376][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.798210][ T5849] veth0_vlan: entered promiscuous mode [ 84.812401][ T5854] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.823670][ T5854] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.833513][ T5854] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.843971][ T5854] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.876182][ T5849] veth1_vlan: entered promiscuous mode [ 84.911588][ T5845] veth0_macvtap: entered promiscuous mode [ 84.936197][ T5845] veth1_macvtap: entered promiscuous mode [ 85.022300][ T5858] veth0_vlan: entered promiscuous mode [ 85.035150][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.045147][ T5858] veth1_vlan: entered promiscuous mode [ 85.058009][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.088927][ T5849] veth0_macvtap: entered promiscuous mode [ 85.111526][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.139818][ T5849] veth1_macvtap: entered promiscuous mode [ 85.151288][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.175426][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.184417][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.192354][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.210867][ T5845] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.220293][ T5845] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.229741][ T5845] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.239223][ T5845] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.272007][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.299465][ T5858] veth0_macvtap: entered promiscuous mode [ 85.320116][ T5854] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 85.339706][ T5849] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.352022][ T5849] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.361344][ T5849] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.370706][ T5849] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.385445][ T5858] veth1_macvtap: entered promiscuous mode [ 85.507582][ T5858] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.560318][ T5858] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.594592][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.594769][ T5858] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.612723][ T5858] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.621938][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.622220][ T5858] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.642235][ T5858] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.696098][ T5934] tipc: Started in network mode [ 85.701422][ T5934] tipc: Node identity ee00, cluster identity 4711 [ 85.708831][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.710534][ T5934] tipc: Node number set to 60928 [ 85.719320][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.729868][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.755632][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.824428][ T5113] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.850738][ T5113] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.944439][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.985925][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.068092][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.088893][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.197089][ T5168] Bluetooth: hci0: command tx timeout [ 86.261823][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 86.277556][ T5168] Bluetooth: hci1: command tx timeout [ 86.346936][ T5168] Bluetooth: hci2: command tx timeout [ 86.352440][ T5848] Bluetooth: hci3: command tx timeout [ 86.356934][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 86.548437][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 86.557210][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 86.663191][ T5952] syz.3.6 uses obsolete (PF_INET,SOCK_PACKET) [ 86.691112][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 86.699738][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 86.708577][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 87.133246][ T5955] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 88.267658][ T5168] Bluetooth: hci0: command tx timeout [ 88.358818][ T5168] Bluetooth: hci1: command tx timeout [ 88.435881][ T5168] Bluetooth: hci2: command tx timeout [ 88.441697][ T5168] Bluetooth: hci3: command tx timeout [ 88.832553][ T5974] netlink: 2468 bytes leftover after parsing attributes in process `syz.0.10'. [ 88.972773][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 89.286623][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 89.434394][ T5974] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 90.574027][ T6008] FAULT_INJECTION: forcing a failure. [ 90.574027][ T6008] name failslab, interval 1, probability 0, space 0, times 1 [ 90.632329][ T6008] CPU: 0 UID: 0 PID: 6008 Comm: syz.2.17 Not tainted 6.16.0-rc7-syzkaller-00020-gf9af7b5d9349 #0 PREEMPT(full) [ 90.632366][ T6008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 90.632385][ T6008] Call Trace: [ 90.632393][ T6008] [ 90.632406][ T6008] dump_stack_lvl+0x16c/0x1f0 [ 90.632442][ T6008] should_fail_ex+0x512/0x640 [ 90.632469][ T6008] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 90.632500][ T6008] should_failslab+0xc2/0x120 [ 90.632532][ T6008] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 90.632561][ T6008] ? __thp_vma_allowable_orders+0x1c5/0xb10 [ 90.632594][ T6008] ? ptlock_alloc+0x1f/0x70 [ 90.632636][ T6008] ptlock_alloc+0x1f/0x70 [ 90.632680][ T6008] pte_alloc_one+0x82/0x3a0 [ 90.632706][ T6008] __handle_mm_fault+0x3a68/0x5490 [ 90.632753][ T6008] ? __pfx___handle_mm_fault+0x10/0x10 [ 90.632786][ T6008] ? __pfx_mt_find+0x10/0x10 [ 90.632834][ T6008] ? find_vma+0xbf/0x140 [ 90.632864][ T6008] ? __pfx_find_vma+0x10/0x10 [ 90.632899][ T6008] handle_mm_fault+0x589/0xd10 [ 90.632937][ T6008] ? __pkru_allows_pkey+0x51/0xb0 [ 90.632974][ T6008] do_user_addr_fault+0x7a6/0x1370 [ 90.633018][ T6008] ? rcu_is_watching+0x12/0xc0 [ 90.633051][ T6008] exc_page_fault+0x5c/0xb0 [ 90.633077][ T6008] asm_exc_page_fault+0x26/0x30 [ 90.633102][ T6008] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 90.633137][ T6008] Code: 11 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 90.633168][ T6008] RSP: 0018:ffffc900054d7ca0 EFLAGS: 00050202 [ 90.633189][ T6008] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000098 [ 90.633205][ T6008] RDX: fffff52000a9afcb RSI: 0000000000000000 RDI: ffffc900054d7dc0 [ 90.633222][ T6008] RBP: 0000000000000098 R08: 0000000000000001 R09: fffff52000a9afca [ 90.633238][ T6008] R10: ffffc900054d7e57 R11: 0000000000000000 R12: 0000000000000000 [ 90.633254][ T6008] R13: ffffc900054d7dc0 R14: 1ffff92000a9afa0 R15: ffffc900054d7dc0 [ 90.633291][ T6008] _copy_from_user+0x98/0xd0 [ 90.633322][ T6008] __sys_bpf+0x21d/0x4ea0 [ 90.633351][ T6008] ? __pfx___sys_bpf+0x10/0x10 [ 90.633375][ T6008] ? ksys_write+0x190/0x250 [ 90.633407][ T6008] ? do_futex+0x122/0x350 [ 90.633438][ T6008] ? __pfx_do_futex+0x10/0x10 [ 90.633486][ T6008] ? fput+0x70/0xf0 [ 90.633516][ T6008] ? xfd_validate_state+0x61/0x180 [ 90.633545][ T6008] ? __pfx_ksys_write+0x10/0x10 [ 90.633577][ T6008] __x64_sys_bpf+0x78/0xc0 [ 90.633600][ T6008] ? lockdep_hardirqs_on+0x7c/0x110 [ 90.633626][ T6008] do_syscall_64+0xcd/0x490 [ 90.633662][ T6008] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.633689][ T6008] RIP: 0033:0x7fef3dd8e9a9 [ 90.633716][ T6008] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 90.633740][ T6008] RSP: 002b:00007fef3ec5a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 90.633764][ T6008] RAX: ffffffffffffffda RBX: 00007fef3dfb6160 RCX: 00007fef3dd8e9a9 [ 90.633782][ T6008] RDX: 0000000000000098 RSI: 0000000000000000 RDI: 0000000000000000 [ 90.633797][ T6008] RBP: 00007fef3de10d69 R08: 0000000000000000 R09: 0000000000000000 [ 90.633812][ T6008] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 90.633828][ T6008] R13: 0000000000000000 R14: 00007fef3dfb6160 R15: 00007ffd166b5988 [ 90.633863][ T6008] [ 92.060610][ T9] cfg80211: failed to load regulatory.db [ 92.296908][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 92.903053][ T6037] Zero length message leads to an empty skb [ 93.137879][ T6046] netlink: 2468 bytes leftover after parsing attributes in process `syz.2.24'. [ 94.113357][ T6057] tipc: Started in network mode [ 94.118494][ T6057] tipc: Node identity ee00, cluster identity 4711 [ 94.136550][ T6057] tipc: Node number set to 60928 [ 95.054937][ T6077] netlink: 2468 bytes leftover after parsing attributes in process `syz.3.35'. [ 96.040401][ T6093] netlink: 524 bytes leftover after parsing attributes in process `syz.3.39'. [ 96.059151][ T6093] netlink: zone id is out of range [ 96.064618][ T6093] netlink: zone id is out of range [ 96.076277][ T6093] netlink: zone id is out of range [ 96.082626][ T6093] netlink: zone id is out of range [ 96.088373][ T6093] netlink: del zone limit has 8 unknown bytes [ 97.019749][ T6111] mkiss: ax0: crc mode is auto. [ 98.682726][ T6138] netlink: 2468 bytes leftover after parsing attributes in process `syz.1.48'. [ 100.871677][ T6154] netlink: 16 bytes leftover after parsing attributes in process `syz.1.52'. [ 103.991055][ T6194] netlink: 16 bytes leftover after parsing attributes in process `syz.0.64'. [ 105.011978][ T6211] netlink: 16 bytes leftover after parsing attributes in process `syz.2.73'. [ 106.855697][ T6238] netlink: 16 bytes leftover after parsing attributes in process `syz.0.78'. [ 107.669421][ T6244] Unable to find swap-space signature [ 111.341088][ T6323] tipc: Started in network mode [ 111.346009][ T6323] tipc: Node identity ee00, cluster identity 4711 [ 111.353311][ T6323] tipc: Node number set to 60928 [ 111.547938][ T6328] netlink: 8 bytes leftover after parsing attributes in process `syz.1.99'. [ 113.356726][ T6359] netlink: 28 bytes leftover after parsing attributes in process `syz.1.107'. [ 113.416252][ T6359] ipvlan1: entered allmulticast mode [ 113.455513][ T6359] veth0_vlan: entered allmulticast mode [ 114.471752][ T6373] netlink: 8 bytes leftover after parsing attributes in process `syz.2.113'. [ 115.960433][ T6400] netlink: 28 bytes leftover after parsing attributes in process `syz.3.119'. [ 116.002481][ T6400] ipvlan1: entered allmulticast mode [ 116.010025][ T6400] veth0_vlan: entered allmulticast mode [ 116.557826][ T6394] kexec: Could not allocate control_code_buffer [ 118.447386][ T6442] netlink: 8 bytes leftover after parsing attributes in process `syz.0.130'. [ 119.232878][ T6456] netlink: 28 bytes leftover after parsing attributes in process `syz.2.132'. [ 119.272515][ T6456] ipvlan1: entered allmulticast mode [ 119.296753][ T6456] veth0_vlan: entered allmulticast mode [ 123.541021][ T6511] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 123.829626][ T6530] netlink: 8 bytes leftover after parsing attributes in process `syz.3.147'. [ 126.268897][ T6554] netlink: 8 bytes leftover after parsing attributes in process `syz.0.163'. [ 131.559113][ T6612] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 131.803124][ T6611] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 131.812992][ T6611] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 131.866521][ T6611] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 131.891553][ T6611] page_type: f5(slab) [ 131.904548][ T6611] raw: 00fff00000000040 ffff88801b841dc0 0000000000000000 dead000000000001 [ 131.943333][ T6611] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 131.972204][ T6611] head: 00fff00000000040 ffff88801b841dc0 0000000000000000 dead000000000001 [ 132.048254][ T6611] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 132.079472][ T6611] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 132.096624][ T6611] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 132.132433][ T6611] page dumped because: unmovable page [ 132.163148][ T6611] page_owner tracks the page as allocated [ 132.215614][ T6611] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5854, tgid 5854 (syz-executor), ts 80591272283, free_ts 64874086021 [ 132.256946][ T6611] post_alloc_hook+0x1c0/0x230 [ 132.261813][ T6611] get_page_from_freelist+0x1321/0x3890 [ 132.269718][ T6611] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 132.275761][ T6611] alloc_pages_mpol+0x1fb/0x550 [ 132.280787][ T6611] new_slab+0x23b/0x330 [ 132.285034][ T6611] ___slab_alloc+0xd9c/0x1940 [ 132.290023][ T6611] __slab_alloc.constprop.0+0x56/0xb0 [ 132.297375][ T6611] __kmalloc_cache_noprof+0xfb/0x3e0 [ 132.303208][ T6611] batadv_hard_if_event+0xb13/0x1550 [ 132.312427][ T6611] notifier_call_chain+0xbc/0x410 [ 132.320768][ T6611] call_netdevice_notifiers_info+0xbe/0x140 [ 132.328744][ T6611] register_netdevice+0x182e/0x2270 [ 132.334268][ T6611] rtnl_newlink+0x1af0/0x2000 [ 132.339572][ T6611] rtnetlink_rcv_msg+0x95e/0xe90 [ 132.351721][ T6611] netlink_rcv_skb+0x158/0x420 [ 132.356612][ T6611] netlink_unicast+0x58a/0x850 [ 132.362141][ T6611] page last free pid 5511 tgid 5511 stack trace: [ 132.383447][ T6611] __free_frozen_pages+0x7fe/0x1180 [ 132.392392][ T6611] __put_partials+0x16d/0x1c0 [ 132.404311][ T6611] qlist_free_all+0x4d/0x120 [ 132.410765][ T6611] kasan_quarantine_reduce+0x195/0x1e0 [ 132.419520][ T6611] __kasan_slab_alloc+0x69/0x90 [ 132.424447][ T6611] kmem_cache_alloc_node_noprof+0x1d5/0x3b0 [ 132.432902][ T6611] __alloc_skb+0x2b2/0x380 [ 132.439336][ T6611] alloc_skb_with_frags+0xe0/0x860 [ 132.446498][ T6611] sock_alloc_send_pskb+0x7fb/0x990 [ 132.453112][ T6611] unix_dgram_sendmsg+0x3e9/0x17a0 [ 132.462233][ T6611] unix_seqpacket_sendmsg+0x12a/0x1c0 [ 132.467744][ T6611] sock_write_iter+0x4fc/0x5b0 [ 132.473339][ T6611] vfs_write+0x6c4/0x1150 [ 132.478013][ T6611] ksys_write+0x1f8/0x250 [ 132.482371][ T6611] do_syscall_64+0xcd/0x490 [ 132.487015][ T6611] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.923578][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.936424][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 151.174653][ T6852] netlink: 322 bytes leftover after parsing attributes in process `syz.0.220'. [ 151.419207][ T6858] netlink: 322 bytes leftover after parsing attributes in process `syz.0.220'. [ 155.495264][ T6914] Invalid ELF header magic: != ELF [ 155.655808][ T6920] tipc: Started in network mode [ 155.660884][ T6920] tipc: Node identity ee00, cluster identity 4711 [ 155.672575][ T6920] tipc: Node number set to 60928 [ 156.328878][ T6928] process 'syz.0.235' launched './file0' with NULL argv: empty string added [ 157.615818][ T6955] Invalid ELF header magic: != ELF [ 159.880753][ T6991] netlink: 342 bytes leftover after parsing attributes in process `syz.3.253'. [ 160.923353][ T7005] Invalid ELF header magic: != ELF [ 169.206420][ T7120] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input5 [ 169.724990][ T7150] FAULT_INJECTION: forcing a failure. [ 169.724990][ T7150] name failslab, interval 1, probability 0, space 0, times 0 [ 169.737876][ T7150] CPU: 1 UID: 0 PID: 7150 Comm: syz.2.288 Not tainted 6.16.0-rc7-syzkaller-00020-gf9af7b5d9349 #0 PREEMPT(full) [ 169.737909][ T7150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 169.737922][ T7150] Call Trace: [ 169.737929][ T7150] [ 169.737935][ T7150] dump_stack_lvl+0x16c/0x1f0 [ 169.737954][ T7150] should_fail_ex+0x512/0x640 [ 169.737969][ T7150] ? fs_reclaim_acquire+0xae/0x150 [ 169.737990][ T7150] should_failslab+0xc2/0x120 [ 169.738005][ T7150] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 169.738020][ T7150] ? jbd2_journal_add_journal_head+0x1e5/0x670 [ 169.738040][ T7150] jbd2_journal_add_journal_head+0x1e5/0x670 [ 169.738055][ T7150] ? jbd2_write_access_granted+0x61/0x3d0 [ 169.738073][ T7150] jbd2_journal_get_write_access+0x1c6/0x280 [ 169.738092][ T7150] __ext4_journal_get_write_access+0x6a/0x340 [ 169.738117][ T7150] ext4_ext_remove_space+0x168d/0x4530 [ 169.738152][ T7150] ? ext4_da_release_space+0x25/0x580 [ 169.738175][ T7150] ? __pfx_ext4_ext_remove_space+0x10/0x10 [ 169.738190][ T7150] ? ext4_es_remove_extent+0x103/0x4e0 [ 169.738208][ T7150] ? __pfx_ext4_es_remove_extent+0x10/0x10 [ 169.738227][ T7150] ? __ext4_journal_start_sb+0xfc/0x690 [ 169.738250][ T7150] ext4_punch_hole+0x912/0x1070 [ 169.738269][ T7150] ext4_fallocate+0xd42/0x3720 [ 169.738291][ T7150] ? __pfx_ext4_fallocate+0x10/0x10 [ 169.738310][ T7150] vfs_fallocate+0x608/0x10c0 [ 169.738340][ T7150] ? __pfx_vfs_fallocate+0x10/0x10 [ 169.738366][ T7150] ? madvise_vma_behavior+0x222c/0x2420 [ 169.738396][ T7150] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 169.738437][ T7150] madvise_vma_behavior+0x21ca/0x2420 [ 169.738457][ T7150] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 169.738474][ T7150] ? __pfx_mas_prev+0x10/0x10 [ 169.738494][ T7150] ? find_vma_prev+0xda/0x160 [ 169.738512][ T7150] ? __pfx_find_vma_prev+0x10/0x10 [ 169.738533][ T7150] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 169.738559][ T7150] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 169.738575][ T7150] madvise_walk_vmas+0x1ce/0x2c0 [ 169.738592][ T7150] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 169.738614][ T7150] madvise_do_behavior+0x15d/0x3f0 [ 169.738633][ T7150] ? __pfx_madvise_do_behavior+0x10/0x10 [ 169.738656][ T7150] ? do_sys_openat2+0x1b0/0x1d0 [ 169.738677][ T7150] do_madvise+0x161/0x230 [ 169.738694][ T7150] ? __pfx_do_madvise+0x10/0x10 [ 169.738723][ T7150] ? xfd_validate_state+0x61/0x180 [ 169.738746][ T7150] __x64_sys_madvise+0xa9/0x110 [ 169.738762][ T7150] ? lockdep_hardirqs_on+0x7c/0x110 [ 169.738775][ T7150] do_syscall_64+0xcd/0x490 [ 169.738791][ T7150] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 169.738805][ T7150] RIP: 0033:0x7fef3dd8e9a9 [ 169.738817][ T7150] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 169.738830][ T7150] RSP: 002b:00007fef3ec9c038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 169.738843][ T7150] RAX: ffffffffffffffda RBX: 00007fef3dfb5fa0 RCX: 00007fef3dd8e9a9 [ 169.738852][ T7150] RDX: 0000000000000009 RSI: 00000000008031ca RDI: 000000110c230000 [ 169.738860][ T7150] RBP: 00007fef3de10d69 R08: 0000000000000000 R09: 0000000000000000 [ 169.738868][ T7150] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 169.738876][ T7150] R13: 0000000000000000 R14: 00007fef3dfb5fa0 R15: 00007ffd166b5988 [ 169.738895][ T7150] [ 169.739030][ T7150] ENOMEM in journal_alloc_journal_head, retrying. [ 175.663381][ T7220] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input6 [ 175.998338][ T7256] syz.1.313 (7256) used greatest stack depth: 17544 bytes left [ 179.915204][ T7313] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input7 [ 184.278114][ T7371] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input8 [ 185.955350][ T7417] block2mtd: error: cannot open device inX±jFBB>U;߸Ilk [ 194.351095][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.357545][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 206.684615][ T7712] Bluetooth: hci0: command 0x0406 tx timeout [ 206.691901][ T7712] Bluetooth: hci2: command 0x0406 tx timeout [ 206.698002][ T7712] Bluetooth: hci1: command 0x0406 tx timeout [ 206.704099][ T7712] Bluetooth: hci3: command 0x0406 tx timeout [ 207.338206][ T7752] netlink: 28 bytes leftover after parsing attributes in process `syz.3.428'. [ 207.420730][ T7753] netlink: 338 bytes leftover after parsing attributes in process `syz.3.428'. [ 215.186016][ T7846] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input9 [ 216.037815][ T7854] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input10 [ 216.212291][ T7845] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 218.101710][ T7893] device-mapper: ioctl: Invalid ioctl structure: name , dev 8000010007 [ 219.521877][ T7906] ima: policy update failed [ 219.547137][ T30] audit: type=1802 audit(1753359865.876:2): pid=7906 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.466" res=0 errno=0 [ 219.662106][ T7911] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input11 [ 220.325181][ T7920] block nbd0: Unsupported socket: shutdown callout must be supported. [ 220.363395][ T7918] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input12 [ 220.941825][ T7907] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 221.318433][ T7935] device-mapper: ioctl: Invalid ioctl structure: name , dev 8000010007 [ 223.777332][ T30] audit: type=1800 audit(1753359870.106:3): pid=7979 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.484" name="discovery_nqn" dev="configfs" ino=20108 res=0 errno=0 [ 223.922564][ T7982] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input13 [ 224.134469][ T7985] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input14 [ 224.798922][ T7982] block nbd0: Unsupported socket: shutdown callout must be supported. [ 225.071716][ T8000] device-mapper: ioctl: Invalid ioctl structure: name , dev 8000010007 [ 225.129383][ T7977] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 226.654439][ T30] audit: type=1800 audit(1753359872.986:4): pid=8032 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.494" name="discovery_nqn" dev="configfs" ino=19408 res=0 errno=0 [ 228.168707][ T8054] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input15 [ 228.423645][ T8055] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input16 [ 228.709731][ T8054] block nbd0: Unsupported socket: shutdown callout must be supported. [ 229.254314][ T8070] device-mapper: ioctl: Invalid ioctl structure: name , dev 8000010007 [ 229.287258][ T8049] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 230.264919][ T30] audit: type=1800 audit(1753359876.596:5): pid=8086 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.506" name="discovery_nqn" dev="configfs" ino=20666 res=0 errno=0 [ 231.775408][ T8111] FAULT_INJECTION: forcing a failure. [ 231.775408][ T8111] name failslab, interval 1, probability 0, space 0, times 0 [ 231.834552][ T8111] CPU: 0 UID: 0 PID: 8111 Comm: syz.2.513 Not tainted 6.16.0-rc7-syzkaller-00020-gf9af7b5d9349 #0 PREEMPT(full) [ 231.834591][ T8111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 231.834606][ T8111] Call Trace: [ 231.834615][ T8111] [ 231.834625][ T8111] dump_stack_lvl+0x16c/0x1f0 [ 231.834659][ T8111] should_fail_ex+0x512/0x640 [ 231.834684][ T8111] ? __kmalloc_noprof+0xbf/0x510 [ 231.834712][ T8111] ? kernfs_fop_write_iter+0x237/0x510 [ 231.834741][ T8111] should_failslab+0xc2/0x120 [ 231.834770][ T8111] __kmalloc_noprof+0xd2/0x510 [ 231.834805][ T8111] kernfs_fop_write_iter+0x237/0x510 [ 231.834842][ T8111] vfs_write+0x6c4/0x1150 [ 231.834867][ T8111] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 231.834901][ T8111] ? __pfx___mutex_lock+0x10/0x10 [ 231.834927][ T8111] ? __pfx_vfs_write+0x10/0x10 [ 231.834984][ T8111] ksys_write+0x12a/0x250 [ 231.835008][ T8111] ? __pfx_ksys_write+0x10/0x10 [ 231.835043][ T8111] do_syscall_64+0xcd/0x490 [ 231.835073][ T8111] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 231.835098][ T8111] RIP: 0033:0x7fef3dd8e9a9 [ 231.835119][ T8111] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 231.835142][ T8111] RSP: 002b:00007fef3ec7b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 231.835165][ T8111] RAX: ffffffffffffffda RBX: 00007fef3dfb6080 RCX: 00007fef3dd8e9a9 [ 231.835182][ T8111] RDX: 00000000000098c7 RSI: 0000200000000440 RDI: 0000000000000003 [ 231.835196][ T8111] RBP: 00007fef3ec7b090 R08: 0000000000000000 R09: 0000000000000000 [ 231.835210][ T8111] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 231.835225][ T8111] R13: 0000000000000001 R14: 00007fef3dfb6080 R15: 00007ffd166b5988 [ 231.835259][ T8111] [ 232.014831][ C0] vkms_vblank_simulate: vblank timer overrun [ 232.345736][ T8116] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input17 [ 232.604854][ T8117] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input18 [ 233.128496][ T8113] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 233.561593][ T8136] netlink: 'syz.0.521': attribute type 1 has an invalid length. [ 233.599831][ T8136] netlink: 330 bytes leftover after parsing attributes in process `syz.0.521'. [ 233.671996][ T8140] netlink: zone id is out of range [ 233.712036][ T8140] netlink: zone id is out of range [ 233.761817][ T8140] netlink: zone id is out of range [ 233.779488][ T8140] netlink: zone id is out of range [ 233.793963][ T8140] netlink: zone id is out of range [ 233.832038][ T8140] netlink: zone id is out of range [ 233.853274][ T8140] netlink: zone id is out of range [ 233.900467][ T8140] netlink: zone id is out of range [ 233.905730][ T8140] netlink: zone id is out of range [ 233.911466][ T8140] netlink: zone id is out of range [ 235.130376][ T8165] block2mtd: parameter too long [ 236.124729][ T8190] random: crng reseeded on system resumption [ 237.968736][ T30] audit: type=1400 audit(1753359884.306:6): apparmor="DENIED" operation="setprocattr" info="exec" error=-22 profile="unconfined" pid=8212 comm="syz.0.540" [ 238.009741][ T8219] FAULT_INJECTION: forcing a failure. [ 238.009741][ T8219] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 238.026911][ T8219] CPU: 1 UID: 0 PID: 8219 Comm: syz.2.538 Not tainted 6.16.0-rc7-syzkaller-00020-gf9af7b5d9349 #0 PREEMPT(full) [ 238.026948][ T8219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 238.026962][ T8219] Call Trace: [ 238.026970][ T8219] [ 238.026979][ T8219] dump_stack_lvl+0x16c/0x1f0 [ 238.027011][ T8219] should_fail_ex+0x512/0x640 [ 238.027042][ T8219] _copy_from_user+0x2e/0xd0 [ 238.027071][ T8219] copy_msghdr_from_user+0x98/0x160 [ 238.027099][ T8219] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 238.027132][ T8219] ? __pfx__kstrtoull+0x10/0x10 [ 238.027173][ T8219] ___sys_sendmsg+0xfe/0x1d0 [ 238.027201][ T8219] ? __pfx____sys_sendmsg+0x10/0x10 [ 238.027245][ T8219] ? find_held_lock+0x2b/0x80 [ 238.027293][ T8219] __sys_sendmmsg+0x200/0x420 [ 238.027330][ T8219] ? __pfx___sys_sendmmsg+0x10/0x10 [ 238.027379][ T8219] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 238.027421][ T8219] ? fput+0x70/0xf0 [ 238.027449][ T8219] ? ksys_write+0x1ac/0x250 [ 238.027470][ T8219] ? __pfx_ksys_write+0x10/0x10 [ 238.027500][ T8219] __x64_sys_sendmmsg+0x9c/0x100 [ 238.027526][ T8219] ? lockdep_hardirqs_on+0x7c/0x110 [ 238.027550][ T8219] do_syscall_64+0xcd/0x490 [ 238.027578][ T8219] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 238.027603][ T8219] RIP: 0033:0x7fef3dd8e9a9 [ 238.027623][ T8219] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 238.027646][ T8219] RSP: 002b:00007fef3ec5a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 238.027670][ T8219] RAX: ffffffffffffffda RBX: 00007fef3dfb6160 RCX: 00007fef3dd8e9a9 [ 238.027687][ T8219] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 238.027702][ T8219] RBP: 00007fef3ec5a090 R08: 0000000000000000 R09: 0000000000000000 [ 238.027724][ T8219] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 238.027738][ T8219] R13: 0000000000000001 R14: 00007fef3dfb6160 R15: 00007ffd166b5988 [ 238.027771][ T8219] [ 238.296558][ T8217] block2mtd: parameter too long [ 238.556673][ T8225] FAULT_INJECTION: forcing a failure. [ 238.556673][ T8225] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 238.583337][ T8225] CPU: 0 UID: 0 PID: 8225 Comm: syz.1.543 Not tainted 6.16.0-rc7-syzkaller-00020-gf9af7b5d9349 #0 PREEMPT(full) [ 238.583376][ T8225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 238.583391][ T8225] Call Trace: [ 238.583399][ T8225] [ 238.583409][ T8225] dump_stack_lvl+0x16c/0x1f0 [ 238.583441][ T8225] should_fail_ex+0x512/0x640 [ 238.583471][ T8225] _copy_from_iter+0x29f/0x16f0 [ 238.583510][ T8225] ? __pfx__copy_from_iter+0x10/0x10 [ 238.583541][ T8225] ? rcu_is_watching+0x12/0xc0 [ 238.583569][ T8225] ? trace_kmalloc+0x2b/0xd0 [ 238.583598][ T8225] ? __kmalloc_noprof+0x242/0x510 [ 238.583634][ T8225] kernfs_fop_write_iter+0x19a/0x510 [ 238.583673][ T8225] vfs_write+0x6c4/0x1150 [ 238.583699][ T8225] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 238.583739][ T8225] ? __pfx___mutex_lock+0x10/0x10 [ 238.583766][ T8225] ? __pfx_vfs_write+0x10/0x10 [ 238.583817][ T8225] ksys_write+0x12a/0x250 [ 238.583841][ T8225] ? __pfx_ksys_write+0x10/0x10 [ 238.583878][ T8225] do_syscall_64+0xcd/0x490 [ 238.583908][ T8225] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 238.583934][ T8225] RIP: 0033:0x7fa53b18e9a9 [ 238.583954][ T8225] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 238.583978][ T8225] RSP: 002b:00007fa53c0cd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 238.584002][ T8225] RAX: ffffffffffffffda RBX: 00007fa53b3b5fa0 RCX: 00007fa53b18e9a9 [ 238.584019][ T8225] RDX: 00000000000098c7 RSI: 0000200000000440 RDI: 0000000000000003 [ 238.584035][ T8225] RBP: 00007fa53c0cd090 R08: 0000000000000000 R09: 0000000000000000 [ 238.584050][ T8225] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 238.584065][ T8225] R13: 0000000000000000 R14: 00007fa53b3b5fa0 R15: 00007ffe62c94a78 [ 238.584101][ T8225] [ 238.768609][ C0] vkms_vblank_simulate: vblank timer overrun [ 238.860269][ T8223] netlink: 342 bytes leftover after parsing attributes in process `syz.0.541'. [ 239.079146][ T8237] random: crng reseeded on system resumption [ 240.906139][ T8265] random: crng reseeded on system resumption [ 242.262078][ T8280] block2mtd: parameter too long [ 243.747724][ T8305] random: crng reseeded on system resumption [ 246.001511][ T8334] block2mtd: parameter too long [ 248.235864][ T8366] random: crng reseeded on system resumption [ 253.267604][ T8435] netlink: 12 bytes leftover after parsing attributes in process `syz.3.590'. [ 255.792654][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.799397][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.683902][ T8482] netlink: 12 bytes leftover after parsing attributes in process `syz.1.602'. [ 256.952967][ T8493] random: crng reseeded on system resumption [ 258.213373][ T8503] random: crng reseeded on system resumption [ 258.624567][ T8516] FAULT_INJECTION: forcing a failure. [ 258.624567][ T8516] name failslab, interval 1, probability 0, space 0, times 0 [ 258.676431][ T8516] CPU: 1 UID: 0 PID: 8516 Comm: syz.1.608 Not tainted 6.16.0-rc7-syzkaller-00020-gf9af7b5d9349 #0 PREEMPT(full) [ 258.676453][ T8516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 258.676461][ T8516] Call Trace: [ 258.676466][ T8516] [ 258.676472][ T8516] dump_stack_lvl+0x16c/0x1f0 [ 258.676491][ T8516] should_fail_ex+0x512/0x640 [ 258.676506][ T8516] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 258.676529][ T8516] should_failslab+0xc2/0x120 [ 258.676545][ T8516] __kmalloc_cache_noprof+0x6a/0x3e0 [ 258.676565][ T8516] ? sctp_stream_init_ext+0x4e/0x1b0 [ 258.676583][ T8516] sctp_stream_init_ext+0x4e/0x1b0 [ 258.676598][ T8516] sctp_sendmsg_to_asoc+0x16c1/0x1bf0 [ 258.676622][ T8516] ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10 [ 258.676639][ T8516] ? do_raw_spin_lock+0x12c/0x2b0 [ 258.676660][ T8516] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 258.676684][ T8516] ? sctp_sendmsg_check_sflags+0x176/0x320 [ 258.676702][ T8516] sctp_sendmsg+0xef5/0x1ee0 [ 258.676719][ T8516] ? __lock_acquire+0x622/0x1c90 [ 258.676741][ T8516] ? __pfx_sctp_sendmsg+0x10/0x10 [ 258.676761][ T8516] ? __pfx___might_resched+0x10/0x10 [ 258.676782][ T8516] ? import_ubuf+0x1b6/0x220 [ 258.676797][ T8516] ? __pfx_aa_sk_perm+0x10/0x10 [ 258.676815][ T8516] ? __import_iovec+0x1dd/0x650 [ 258.676831][ T8516] ? __might_fault+0xe3/0x190 [ 258.676844][ T8516] ? __might_fault+0x13b/0x190 [ 258.676857][ T8516] ? __pfx_sctp_sendmsg+0x10/0x10 [ 258.676876][ T8516] inet_sendmsg+0x11c/0x140 [ 258.676897][ T8516] ____sys_sendmsg+0x973/0xc70 [ 258.676917][ T8516] ? copy_msghdr_from_user+0x10a/0x160 [ 258.676931][ T8516] ? __pfx_____sys_sendmsg+0x10/0x10 [ 258.676952][ T8516] ? __pfx__kstrtoull+0x10/0x10 [ 258.676974][ T8516] ___sys_sendmsg+0x134/0x1d0 [ 258.676989][ T8516] ? __pfx____sys_sendmsg+0x10/0x10 [ 258.677013][ T8516] ? find_held_lock+0x2b/0x80 [ 258.677041][ T8516] __sys_sendmmsg+0x200/0x420 [ 258.677058][ T8516] ? __pfx___sys_sendmmsg+0x10/0x10 [ 258.677087][ T8516] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 258.677110][ T8516] ? fput+0x70/0xf0 [ 258.677125][ T8516] ? ksys_write+0x1ac/0x250 [ 258.677138][ T8516] ? __pfx_ksys_write+0x10/0x10 [ 258.677154][ T8516] __x64_sys_sendmmsg+0x9c/0x100 [ 258.677168][ T8516] ? lockdep_hardirqs_on+0x7c/0x110 [ 258.677180][ T8516] do_syscall_64+0xcd/0x490 [ 258.677196][ T8516] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 258.677210][ T8516] RIP: 0033:0x7fa53b18e9a9 [ 258.677222][ T8516] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 258.677234][ T8516] RSP: 002b:00007fa53c0ac038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 258.677248][ T8516] RAX: ffffffffffffffda RBX: 00007fa53b3b6080 RCX: 00007fa53b18e9a9 [ 258.677257][ T8516] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 258.677271][ T8516] RBP: 00007fa53c0ac090 R08: 0000000000000000 R09: 0000000000000000 [ 258.677279][ T8516] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 258.677287][ T8516] R13: 0000000000000000 R14: 00007fa53b3b6080 R15: 00007ffe62c94a78 [ 258.677308][ T8516] [ 259.292773][ T8524] netlink: 326 bytes leftover after parsing attributes in process `syz.3.612'. [ 259.761552][ T8538] FAULT_INJECTION: forcing a failure. [ 259.761552][ T8538] name failslab, interval 1, probability 0, space 0, times 0 [ 259.836616][ T8538] CPU: 1 UID: 0 PID: 8538 Comm: syz.3.623 Not tainted 6.16.0-rc7-syzkaller-00020-gf9af7b5d9349 #0 PREEMPT(full) [ 259.836652][ T8538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 259.836666][ T8538] Call Trace: [ 259.836675][ T8538] [ 259.836684][ T8538] dump_stack_lvl+0x16c/0x1f0 [ 259.836717][ T8538] should_fail_ex+0x512/0x640 [ 259.836749][ T8538] should_failslab+0xc2/0x120 [ 259.836783][ T8538] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 259.836811][ T8538] ? __alloc_skb+0x2b2/0x380 [ 259.836841][ T8538] __alloc_skb+0x2b2/0x380 [ 259.836876][ T8538] ? __pfx___alloc_skb+0x10/0x10 [ 259.836914][ T8538] ? if_nlmsg_size+0x475/0xaf0 [ 259.836947][ T8538] rtmsg_ifinfo_build_skb+0x81/0x280 [ 259.836986][ T8538] rtmsg_ifinfo+0x9f/0x1a0 [ 259.837025][ T8538] __dev_notify_flags+0x24c/0x2e0 [ 259.837053][ T8538] ? __pfx___dev_notify_flags+0x10/0x10 [ 259.837078][ T8538] ? __dev_change_flags+0x3d5/0x720 [ 259.837107][ T8538] ? __pfx___dev_change_flags+0x10/0x10 [ 259.837147][ T8538] netif_change_flags+0x108/0x160 [ 259.837178][ T8538] dev_change_flags+0xba/0x250 [ 259.837212][ T8538] flags_store+0x187/0x1e0 [ 259.837235][ T8538] ? __pfx_flags_store+0x10/0x10 [ 259.837260][ T8538] ? find_held_lock+0x2b/0x80 [ 259.837293][ T8538] ? __pfx_flags_store+0x10/0x10 [ 259.837314][ T8538] dev_attr_store+0x58/0x80 [ 259.837345][ T8538] ? __pfx_dev_attr_store+0x10/0x10 [ 259.837374][ T8538] sysfs_kf_write+0xf2/0x150 [ 259.837412][ T8538] kernfs_fop_write_iter+0x354/0x510 [ 259.837442][ T8538] ? __pfx_sysfs_kf_write+0x10/0x10 [ 259.837480][ T8538] vfs_write+0x6c4/0x1150 [ 259.837506][ T8538] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 259.837539][ T8538] ? __pfx___mutex_lock+0x10/0x10 [ 259.837566][ T8538] ? __pfx_vfs_write+0x10/0x10 [ 259.837616][ T8538] ksys_write+0x12a/0x250 [ 259.837642][ T8538] ? __pfx_ksys_write+0x10/0x10 [ 259.837678][ T8538] do_syscall_64+0xcd/0x490 [ 259.837707][ T8538] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 259.837733][ T8538] RIP: 0033:0x7f14a238e9a9 [ 259.837753][ T8538] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 259.837774][ T8538] RSP: 002b:00007f14a3206038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 259.837795][ T8538] RAX: ffffffffffffffda RBX: 00007f14a25b6080 RCX: 00007f14a238e9a9 [ 259.837811][ T8538] RDX: 00000000000098c7 RSI: 0000200000000440 RDI: 0000000000000003 [ 259.837825][ T8538] RBP: 00007f14a3206090 R08: 0000000000000000 R09: 0000000000000000 [ 259.837840][ T8538] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 259.837854][ T8538] R13: 0000000000000001 R14: 00007f14a25b6080 R15: 00007ffc8ca3c358 [ 259.837890][ T8538] [ 260.255066][ T8540] netlink: 12 bytes leftover after parsing attributes in process `syz.2.615'. [ 262.166620][ T8563] random: crng reseeded on system resumption [ 262.585304][ T8576] netlink: 326 bytes leftover after parsing attributes in process `syz.1.622'. [ 263.729999][ T8589] netlink: 12 bytes leftover after parsing attributes in process `syz.0.627'. [ 265.673309][ T8624] netlink: 326 bytes leftover after parsing attributes in process `syz.0.634'. [ 265.789065][ T8626] random: crng reseeded on system resumption [ 266.801660][ T8642] random: crng reseeded on system resumption [ 269.811735][ T8695] random: crng reseeded on system resumption [ 270.733438][ T8705] netlink: 346 bytes leftover after parsing attributes in process `syz.0.653'. [ 270.765750][ T8708] random: crng reseeded on system resumption [ 272.415986][ T8734] random: crng reseeded on system resumption [ 273.742398][ T8754] netlink: 8 bytes leftover after parsing attributes in process `syz.0.665'. [ 273.832518][ T8761] netlink: 28 bytes leftover after parsing attributes in process `syz.0.665'. [ 273.841728][ T8761] nbd: must specify at least one socket [ 274.487700][ T8769] mmap: syz.3.669 (8769) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 274.641635][ T8771] FAULT_INJECTION: forcing a failure. [ 274.641635][ T8771] name failslab, interval 1, probability 0, space 0, times 0 [ 274.674930][ T8771] CPU: 1 UID: 0 PID: 8771 Comm: syz.1.668 Not tainted 6.16.0-rc7-syzkaller-00020-gf9af7b5d9349 #0 PREEMPT(full) [ 274.674965][ T8771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 274.674979][ T8771] Call Trace: [ 274.674987][ T8771] [ 274.674997][ T8771] dump_stack_lvl+0x16c/0x1f0 [ 274.675029][ T8771] should_fail_ex+0x512/0x640 [ 274.675052][ T8771] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 274.675090][ T8771] should_failslab+0xc2/0x120 [ 274.675118][ T8771] __kmalloc_cache_noprof+0x6a/0x3e0 [ 274.675154][ T8771] ? sctp_datamsg_from_user+0x8d/0x1320 [ 274.675197][ T8771] sctp_datamsg_from_user+0x8d/0x1320 [ 274.675243][ T8771] ? __sk_mem_raise_allocated+0x94d/0x1670 [ 274.675277][ T8771] ? sctp_sched_init_sid+0x8b/0x160 [ 274.675313][ T8771] ? __sk_mem_schedule+0xd0/0x100 [ 274.675343][ T8771] sctp_sendmsg_to_asoc+0xaf5/0x1bf0 [ 274.675388][ T8771] ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10 [ 274.675418][ T8771] ? do_raw_spin_lock+0x12c/0x2b0 [ 274.675457][ T8771] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 274.675502][ T8771] ? sctp_sendmsg_check_sflags+0x176/0x320 [ 274.675536][ T8771] sctp_sendmsg+0xef5/0x1ee0 [ 274.675566][ T8771] ? __lock_acquire+0x622/0x1c90 [ 274.675608][ T8771] ? __pfx_sctp_sendmsg+0x10/0x10 [ 274.675644][ T8771] ? __pfx___might_resched+0x10/0x10 [ 274.675683][ T8771] ? import_ubuf+0x1b6/0x220 [ 274.675709][ T8771] ? __pfx_aa_sk_perm+0x10/0x10 [ 274.675741][ T8771] ? __import_iovec+0x1dd/0x650 [ 274.675767][ T8771] ? __might_fault+0xe3/0x190 [ 274.675789][ T8771] ? __might_fault+0x13b/0x190 [ 274.675814][ T8771] ? __pfx_sctp_sendmsg+0x10/0x10 [ 274.675849][ T8771] inet_sendmsg+0x11c/0x140 [ 274.675887][ T8771] ____sys_sendmsg+0x973/0xc70 [ 274.675921][ T8771] ? copy_msghdr_from_user+0x10a/0x160 [ 274.675947][ T8771] ? __pfx_____sys_sendmsg+0x10/0x10 [ 274.675984][ T8771] ? __pfx__kstrtoull+0x10/0x10 [ 274.676023][ T8771] ___sys_sendmsg+0x134/0x1d0 [ 274.676050][ T8771] ? __pfx____sys_sendmsg+0x10/0x10 [ 274.676094][ T8771] ? find_held_lock+0x2b/0x80 [ 274.676143][ T8771] __sys_sendmmsg+0x200/0x420 [ 274.676175][ T8771] ? __pfx___sys_sendmmsg+0x10/0x10 [ 274.676222][ T8771] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 274.676266][ T8771] ? fput+0x70/0xf0 [ 274.676295][ T8771] ? ksys_write+0x1ac/0x250 [ 274.676315][ T8771] ? __pfx_ksys_write+0x10/0x10 [ 274.676344][ T8771] __x64_sys_sendmmsg+0x9c/0x100 [ 274.676375][ T8771] ? lockdep_hardirqs_on+0x7c/0x110 [ 274.676398][ T8771] do_syscall_64+0xcd/0x490 [ 274.676423][ T8771] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 274.676447][ T8771] RIP: 0033:0x7fa53b18e9a9 [ 274.676467][ T8771] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 274.676488][ T8771] RSP: 002b:00007fa53c0ac038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 274.676512][ T8771] RAX: ffffffffffffffda RBX: 00007fa53b3b6080 RCX: 00007fa53b18e9a9 [ 274.676526][ T8771] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 274.676540][ T8771] RBP: 00007fa53c0ac090 R08: 0000000000000000 R09: 0000000000000000 [ 274.676555][ T8771] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 274.676569][ T8771] R13: 0000000000000000 R14: 00007fa53b3b6080 R15: 00007ffe62c94a78 [ 274.676603][ T8771] [ 275.068660][ T8769] program syz.3.669 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 276.371974][ T8793] random: crng reseeded on system resumption [ 277.545983][ T8817] random: crng reseeded on system resumption [ 279.747976][ T8861] program syz.0.686 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 280.148859][ T8866] random: crng reseeded on system resumption [ 282.538164][ T8893] random: crng reseeded on system resumption [ 283.596691][ T8913] random: crng reseeded on system resumption [ 283.940576][ T8920] netlink: 28 bytes leftover after parsing attributes in process `syz.3.701'. [ 284.025726][ T8922] program syz.2.700 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 287.029013][ T8963] random: crng reseeded on system resumption [ 287.974693][ T8980] netlink: 28 bytes leftover after parsing attributes in process `syz.1.713'. [ 288.908203][ T8997] futex_wake_op: syz.1.718 tries to shift op by -9; fix this program [ 289.473576][ T9003] random: crng reseeded on system resumption [ 291.483187][ T9032] FAULT_INJECTION: forcing a failure. [ 291.483187][ T9032] name failslab, interval 1, probability 0, space 0, times 0 [ 291.549189][ T9032] CPU: 0 UID: 0 PID: 9032 Comm: syz.3.726 Not tainted 6.16.0-rc7-syzkaller-00020-gf9af7b5d9349 #0 PREEMPT(full) [ 291.549216][ T9032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 291.549224][ T9032] Call Trace: [ 291.549229][ T9032] [ 291.549235][ T9032] dump_stack_lvl+0x16c/0x1f0 [ 291.549255][ T9032] should_fail_ex+0x512/0x640 [ 291.549269][ T9032] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 291.549286][ T9032] should_failslab+0xc2/0x120 [ 291.549302][ T9032] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 291.549315][ T9032] ? __sys_sendmmsg+0x200/0x420 [ 291.549329][ T9032] ? __x64_sys_sendmmsg+0x9c/0x100 [ 291.549341][ T9032] ? __alloc_skb+0x2b2/0x380 [ 291.549357][ T9032] __alloc_skb+0x2b2/0x380 [ 291.549370][ T9032] ? __pfx___alloc_skb+0x10/0x10 [ 291.549390][ T9032] _sctp_make_chunk+0x51/0x270 [ 291.549413][ T9032] sctp_make_datafrag_empty+0x16f/0x240 [ 291.549429][ T9032] ? __pfx_sctp_make_datafrag_empty+0x10/0x10 [ 291.549449][ T9032] sctp_datamsg_from_user+0x595/0x1320 [ 291.549479][ T9032] sctp_sendmsg_to_asoc+0xaf5/0x1bf0 [ 291.549504][ T9032] ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10 [ 291.549521][ T9032] ? __pfx_autoremove_wake_function+0x10/0x10 [ 291.549543][ T9032] ? sctp_sendmsg_check_sflags+0x176/0x320 [ 291.549561][ T9032] sctp_sendmsg+0xef5/0x1ee0 [ 291.549578][ T9032] ? __lock_acquire+0x622/0x1c90 [ 291.549601][ T9032] ? __pfx_sctp_sendmsg+0x10/0x10 [ 291.549620][ T9032] ? __pfx___might_resched+0x10/0x10 [ 291.549642][ T9032] ? import_ubuf+0x1b6/0x220 [ 291.549657][ T9032] ? __pfx_aa_sk_perm+0x10/0x10 [ 291.549675][ T9032] ? __import_iovec+0x1dd/0x650 [ 291.549689][ T9032] ? __might_fault+0xe3/0x190 [ 291.549701][ T9032] ? __might_fault+0x13b/0x190 [ 291.549717][ T9032] ? __pfx_sctp_sendmsg+0x10/0x10 [ 291.549736][ T9032] inet_sendmsg+0x11c/0x140 [ 291.549757][ T9032] ____sys_sendmsg+0x973/0xc70 [ 291.549776][ T9032] ? copy_msghdr_from_user+0x10a/0x160 [ 291.549790][ T9032] ? __pfx_____sys_sendmsg+0x10/0x10 [ 291.549811][ T9032] ? __pfx__kstrtoull+0x10/0x10 [ 291.549833][ T9032] ___sys_sendmsg+0x134/0x1d0 [ 291.549848][ T9032] ? __pfx____sys_sendmsg+0x10/0x10 [ 291.549872][ T9032] ? find_held_lock+0x2b/0x80 [ 291.549897][ T9032] __sys_sendmmsg+0x200/0x420 [ 291.549914][ T9032] ? __pfx___sys_sendmmsg+0x10/0x10 [ 291.549934][ T9032] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 291.549963][ T9032] ? fput+0x70/0xf0 [ 291.549979][ T9032] ? ksys_write+0x1ac/0x250 [ 291.549991][ T9032] ? __pfx_ksys_write+0x10/0x10 [ 291.550002][ T9032] ? xfd_validate_state+0x61/0x180 [ 291.550023][ T9032] __x64_sys_sendmmsg+0x9c/0x100 [ 291.550037][ T9032] ? lockdep_hardirqs_on+0x7c/0x110 [ 291.550050][ T9032] do_syscall_64+0xcd/0x490 [ 291.550066][ T9032] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 291.550080][ T9032] RIP: 0033:0x7f14a238e9a9 [ 291.550091][ T9032] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 291.550103][ T9032] RSP: 002b:00007f14a31e5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 291.550117][ T9032] RAX: ffffffffffffffda RBX: 00007f14a25b6160 RCX: 00007f14a238e9a9 [ 291.550126][ T9032] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 291.550134][ T9032] RBP: 00007f14a31e5090 R08: 0000000000000000 R09: 0000000000000000 [ 291.550142][ T9032] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 291.550150][ T9032] R13: 0000000000000001 R14: 00007f14a25b6160 R15: 00007ffc8ca3c358 [ 291.550168][ T9032] [ 291.898130][ C0] vkms_vblank_simulate: vblank timer overrun [ 291.912982][ T5852] ================================================================== [ 291.921102][ T5852] BUG: KASAN: vmalloc-out-of-bounds in hci_devcd_dump+0x142/0x240 [ 291.928945][ T5852] Read of size 140 at addr ffffc9000c2f0000 by task kworker/u9:4/5852 [ 291.937105][ T5852] [ 291.939441][ T5852] CPU: 0 UID: 0 PID: 5852 Comm: kworker/u9:4 Not tainted 6.16.0-rc7-syzkaller-00020-gf9af7b5d9349 #0 PREEMPT(full) [ 291.939472][ T5852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 291.939488][ T5852] Workqueue: hci0 hci_devcd_timeout [ 291.939524][ T5852] Call Trace: [ 291.939532][ T5852] [ 291.939542][ T5852] dump_stack_lvl+0x116/0x1f0 [ 291.939566][ T5852] print_report+0xcd/0x610 [ 291.939591][ T5852] ? __virt_addr_valid+0x81/0x610 [ 291.939617][ T5852] ? hci_devcd_dump+0x142/0x240 [ 291.939647][ T5852] kasan_report+0xe0/0x110 [ 291.939672][ T5852] ? hci_devcd_dump+0x142/0x240 [ 291.939706][ T5852] kasan_check_range+0x100/0x1b0 [ 291.939736][ T5852] __asan_memcpy+0x23/0x60 [ 291.939768][ T5852] hci_devcd_dump+0x142/0x240 [ 291.939801][ T5852] hci_devcd_timeout+0xb5/0x2e0 [ 291.939832][ T5852] ? rcu_is_watching+0x12/0xc0 [ 291.939858][ T5852] process_one_work+0x9cf/0x1b70 [ 291.939899][ T5852] ? __pfx_process_one_work+0x10/0x10 [ 291.939936][ T5852] ? assign_work+0x1a0/0x250 [ 291.939968][ T5852] worker_thread+0x6c8/0xf10 [ 291.940010][ T5852] ? __kthread_parkme+0x19e/0x250 [ 291.940037][ T5852] ? __pfx_worker_thread+0x10/0x10 [ 291.940070][ T5852] kthread+0x3c2/0x780 [ 291.940100][ T5852] ? __pfx_kthread+0x10/0x10 [ 291.940131][ T5852] ? rcu_is_watching+0x12/0xc0 [ 291.940154][ T5852] ? __pfx_kthread+0x10/0x10 [ 291.940185][ T5852] ret_from_fork+0x5d4/0x6f0 [ 291.940214][ T5852] ? __pfx_kthread+0x10/0x10 [ 291.940244][ T5852] ret_from_fork_asm+0x1a/0x30 [ 291.940276][ T5852] [ 291.940283][ T5852] [ 292.092631][ T5852] The buggy address ffffc9000c2f0000 belongs to a vmalloc virtual mapping [ 292.101128][ T5852] Memory state around the buggy address: [ 292.106761][ T5852] ffffc9000c2eff00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 292.114830][ T5852] ffffc9000c2eff80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 292.122910][ T5852] >ffffc9000c2f0000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 292.130974][ T5852] ^ [ 292.135039][ T5852] ffffc9000c2f0080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 292.143121][ T5852] ffffc9000c2f0100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 292.151185][ T5852] ================================================================== [ 292.159309][ C0] vkms_vblank_simulate: vblank timer overrun [ 292.167533][ T5852] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 292.174766][ T5852] CPU: 0 UID: 0 PID: 5852 Comm: kworker/u9:4 Not tainted 6.16.0-rc7-syzkaller-00020-gf9af7b5d9349 #0 PREEMPT(full) [ 292.187123][ T5852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 292.197282][ T5852] Workqueue: hci0 hci_devcd_timeout [ 292.202507][ T5852] Call Trace: [ 292.205784][ T5852] [ 292.208800][ T5852] dump_stack_lvl+0x3d/0x1f0 [ 292.213429][ T5852] panic+0x71c/0x800 [ 292.217351][ T5852] ? __pfx_panic+0x10/0x10 [ 292.221780][ T5852] ? mark_held_locks+0x49/0x80 [ 292.226570][ T5852] ? preempt_schedule_thunk+0x16/0x30 [ 292.232063][ T5852] ? hci_devcd_dump+0x142/0x240 [ 292.237119][ T5852] ? preempt_schedule_common+0x44/0xc0 [ 292.242625][ T5852] ? check_panic_on_warn+0x1f/0xb0 [ 292.247760][ T5852] ? hci_devcd_dump+0x142/0x240 [ 292.252716][ T5852] check_panic_on_warn+0xab/0xb0 [ 292.257938][ T5852] end_report+0x107/0x170 [ 292.262281][ T5852] kasan_report+0xee/0x110 [ 292.266709][ T5852] ? hci_devcd_dump+0x142/0x240 [ 292.271631][ T5852] kasan_check_range+0x100/0x1b0 [ 292.276584][ T5852] __asan_memcpy+0x23/0x60 [ 292.281025][ T5852] hci_devcd_dump+0x142/0x240 [ 292.285719][ T5852] hci_devcd_timeout+0xb5/0x2e0 [ 292.290598][ T5852] ? rcu_is_watching+0x12/0xc0 [ 292.295374][ T5852] process_one_work+0x9cf/0x1b70 [ 292.300344][ T5852] ? __pfx_process_one_work+0x10/0x10 [ 292.305744][ T5852] ? assign_work+0x1a0/0x250 [ 292.310350][ T5852] worker_thread+0x6c8/0xf10 [ 292.314976][ T5852] ? __kthread_parkme+0x19e/0x250 [ 292.320013][ T5852] ? __pfx_worker_thread+0x10/0x10 [ 292.325147][ T5852] kthread+0x3c2/0x780 [ 292.329230][ T5852] ? __pfx_kthread+0x10/0x10 [ 292.333841][ T5852] ? rcu_is_watching+0x12/0xc0 [ 292.338619][ T5852] ? __pfx_kthread+0x10/0x10 [ 292.343219][ T5852] ret_from_fork+0x5d4/0x6f0 [ 292.347827][ T5852] ? __pfx_kthread+0x10/0x10 [ 292.352427][ T5852] ret_from_fork_asm+0x1a/0x30 [ 292.357211][ T5852] [ 292.360465][ T5852] Kernel Offset: disabled [ 292.364783][ T5852] Rebooting in 86400 seconds..