last executing test programs: 4.747226159s ago: executing program 1 (id=105): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio1\x00', 0x8000, 0x0) read$auto(r0, 0x0, 0x9) close_range$auto(0x2, 0x8, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0) ioctl$auto(0x3, 0x40045532, 0x38) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snd/pcmC1D0c\x00', 0x100, 0x0) r1 = socket(0xa, 0x2, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000d40), r2) sendmsg$auto_NFSD_CMD_THREADS_GET(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, r3, 0x1, 0x70bd2d, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x400c801}, 0x4) sendmsg$auto_NFSD_CMD_THREADS_SET(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x4c, r3, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@NFSD_A_SERVER_GRACETIME={0x8, 0x2, 0x6}, @NFSD_A_SERVER_SCOPE={0xb, 0x4, '/\\])/}\x00'}, @NFSD_A_SERVER_SCOPE={0xb, 0x4, '{\\)^/^\x00'}, @NFSD_A_SERVER_LEASETIME={0x8, 0x3, 0x2a6c}, @NFSD_A_SERVER_THREADS={0x8, 0x1, 0x10}, @NFSD_A_SERVER_SCOPE={0x6, 0x4, '))'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000}, 0x800c1) 4.277382959s ago: executing program 3 (id=109): openat$auto_tap_fops_tap(0xffffffffffffff9c, 0x0, 0x1, 0x0) r0 = socket(0x1a, 0x1, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80802, 0x0) r2 = socket(0x2b, 0x1, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) statx$auto(0xffffffffffffffff, 0x0, 0x6d7, 0x8, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mlock$auto(0x112, 0x80006) mlockall$auto(0x800000000000005) madvise$auto(0x0, 0x200007, 0x19) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @loopback}, 0x6a) getsockopt$auto_SO_TXREHASH(r0, 0xced5, 0x4a, &(0x7f0000000080)='/dev/kvm\x00', &(0x7f0000000180)=0x7) sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, 0x0, 0x9, 0x0, 0x1f, 0x9}, 0x800009}, 0x7, 0x20000000) io_uring_setup$auto(0x6, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) mbind$auto(0x2000, 0x100000004, 0x5, 0x0, 0xffffffffffffff39, 0xffffffff) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) write$auto(0x3, 0x0, 0xfffffdef) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) socket(0x2, 0x5, 0x0) 3.885982621s ago: executing program 1 (id=112): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)={0x44, r1, 0x1b, 0x70bd26, 0x25dfdbfd, {}, [@OVS_PACKET_ATTR_ACTIONS={0x28, 0x3, 0x0, 0x1, [@nested={0x24, 0x1, 0x0, 0x1, [@nested={0x20, 0x106, 0x0, 0x1, [@nested={0x19, 0x74, 0x0, 0x1, [@nested={0x4, 0x4d}, @typed={0x8, 0xd0, 0x0, 0x0, @u32=0xa888}, @generic="2a9d272f66", @nested={0x4, 0x33}]}]}]}]}, @OVS_PACKET_ATTR_ACTIONS={0x4}, @OVS_PACKET_ATTR_KEY={0x4}]}, 0x44}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) 3.423675528s ago: executing program 1 (id=115): ioctl$auto_KVM_GET_MSRS(0xffffffffffffffff, 0xc008ae88, 0x0) ioctl$auto_TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, &(0x7f0000000000)=0xdef) ioctl$auto_TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, &(0x7f0000000140)={0x0, &(0x7f0000000100)={0x5, 0x62, 0x7, @raw=0x1}}) semctl$auto_GETPID(0x18000000, 0xfff, 0xb, 0x1) r0 = getpid() process_vm_readv$auto(r0, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) fstat$auto(0xffffffffffffffff, &(0x7f0000000180)={0x6, 0x7be089c1, 0x100000000, 0x2, 0x0, 0x0, 0x0, 0x4, 0x7, 0x0, 0x9, 0xe, 0xfffffffffffffffb, 0xdd, 0xd, 0x3ff, 0x4}) r1 = getpid() process_vm_readv$auto(r1, &(0x7f0000000080)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={&(0x7f0000000140), 0x40000000001243}, 0xa, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x200007, 0x19) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/conf/all/drop_gratuitous_arp\x00', 0x400, 0x0) syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'batadv0\x00'}) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, 0x0, 0x8080) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000340), 0x8100, 0x0) mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x752502, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) setsockopt$auto_SO_TIMESTAMPING_NEW(0xffffffffffffffff, 0x7ff, 0x41, 0x0, 0x9) r4 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000001cc0), 0x101440, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r4, 0x40345410, &(0x7f0000000140)={{0x0, 0x2, 0x200800, 0xffffffff, 0xfffffffb}, "0dd7fd004929347eeeccdf0732f77b1f6de0d6d51768a257a97ca5e9ca6310ea"}) ioctl$auto_SNDRV_TIMER_IOCTL_PARAMS(r4, 0x40505412, 0x0) write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) close_range$auto(0x2, 0x8, 0x0) 3.138913107s ago: executing program 2 (id=116): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x80002, 0x0) write$auto_ocfs2_control_fops_stack_user(r0, &(0x7f0000003900)='\t', 0x1) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/module/apparmor/parameters/path_max\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f00000000c0)=""/17, 0x11) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0xf, 0x2, 0x2000000) io_uring_setup$auto(0xee7, 0x0) clone$auto(0x1ff00, 0x0, 0x0, 0x0, 0x9) exit$auto(0x7) mmap$auto(0xfffffffffffffff3, 0x0, 0x4, 0x17, 0xffffffffffffffff, 0x80000008000) timer_create$auto_CLOCK_TAI(0xb, &(0x7f0000000240)={@sival_int=0x2, @raw=0xc246, 0x0, @_sigev_thread={&(0x7f0000000200)=&(0x7f0000000040)=0x10, &(0x7f0000000100)="6ef45161a40d13a7a01bcfe740b462ffb3d89ccbd32092190ea51306589174007442189eb3a17615308c5d35b4ad827677edd5ad47d1983943973b2b8ef46011b5262e153443ad191bb34bfce3bfb9e2a57d91d396373c30193e8e14ae2190b43d96c07f68ab966fd70e7cf454265eaf3fdab1bbf0ed8b81693c8c809754ef10f29988ae8ab1aee74c028dcc2953ce051dea72522d62b3e5b430ed2ed6415ab9bbe5ce17a493a5764c9a70eca0345e2056d367b2c3b25135762eed8fe918f2cd71e75aa2094ccd95f336d89620c05ae57828e8e3552f95"}}, 0x0) openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, 0x0, 0x141100, 0x0) lseek$auto(0x3, 0x7fffffffffffffff, 0x1) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/bus/usb/drivers/navman/unbind\x00', 0x400141, 0x0) read$auto(r2, 0x0, 0x7) write$auto_tty_fops_tty_io(0xffffffffffffffff, &(0x7f0000000400), 0x0) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x40001, 0x0) ioctl$auto_TCFLSH2(r3, 0x80045439, 0x0) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS0\x00', 0x1, 0x0) ioctl$auto_TIOCSETD2(r4, 0x5423, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) r5 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r5, 0xaf01, 0x5) ioctl$auto(r5, 0x10, 0xffffffffffffffff) 3.037204565s ago: executing program 0 (id=117): mmap$auto(0xfffffffffffffffd, 0x400408, 0xe0, 0x9b72, 0x2, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptys2\x00', 0x1aec1, 0x0) ioctl$auto(r2, 0x4b47, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_wireguard(&(0x7f0000000240), 0xffffffffffffffff) r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), r4) sendmsg$auto_NL80211_CMD_FLUSH_PMKSA(r4, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000500)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="040029bd7000eedbdf253600000040001a00aa265d893e167e35a9e596a4ca20bd4bb7fdf820c01e55e294765dde1b88385e3cf48af6d1c100c9387a0173c45393de53e8dfb9b2457621da7767730800ef0006080000040035bcdf34fb1b36ce682ff21601080035030600000008005d00f400000045a9df2a717b015535a8077e01b15a6517c5cc48789a801a6386bff50bb421b7af19ba0021f998bd8ca8b7c9aa1a11209f3a622bb0180fa64f0cee8376949c07f9a7bb3bbf74ac76a733f5bc81f6649d37fa5916d460930fa8fe301422ecb7bcf95763f1ffece88a3628225276bcd6d03bb52c16ab7993a919f7a40553d4fa0d0c650a1ade04b6cac86d23f4843e9aa1d2e651d3ab2319fa6eb47072223f446ab23de00fa18b0ffba92f05fb4bb77f52a8d0da24a6ac539b9ee89c47d2f5c85812dfabc4451bdf31b07c91017a392035195644c0a38eff1922ee55636daae16ab594d6e12649ec8d1a6a903554f0ca16f4818abe6eeb47df797fe484be6ba6ae9ca6c801175168155c88fa6d7e02e954dcac68"], 0x70}, 0x1, 0x0, 0x0, 0x880}, 0x4000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000340)='/dev/v4l-subdev2\x00', 0x80000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) r7 = getpid() process_vm_readv$auto(r7, &(0x7f0000000080)={0x0, 0xfff}, 0x800000001, &(0x7f0000000280)={&(0x7f0000000000), 0x7f}, 0x6, 0x0) ioctl$auto(0x3, 0xc0585605, 0x38) ioctl$auto_TIOCSETD2(0xffffffffffffffff, 0x5423, &(0x7f0000000080)="2391ebc4fdc5c2d69eac79cac4f759145a7a83448c05febf55744fcf34082d065a5102b8964da07b2136e74c4a79ad8a059a60e58555a73b2b5d90f974a445ff35ace6bddd04a0c623458df40286a5606e1af16b326575") sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_TEMP(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="770e0000", @ANYRES16=0x0, @ANYBLOB="080028bd7000fddbdf250300000008000600020000000c0014"], 0x28}, 0x1, 0x0, 0x0, 0x4}, 0x405b) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000336bd7000fedbdf2502"], 0x24}, 0x1, 0x0, 0x0, 0xc005}, 0x4) r8 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000180)='/dev/bus/usb/006/001\x00', 0xa901, 0x0) ioctl$auto_USBDEVFS_CLEAR_HALT(r8, 0x80045515, &(0x7f00000004c0)=0xe3) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x44814}, 0x2004c0c4) sendmsg$auto_WG_CMD_SET_DEVICE(r4, &(0x7f00000028c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x30, r5, 0x21, 0x70bd26, 0x25dfdbfe, {}, [@WGDEVICE_A_IFNAME={0x14, 0x2, 'wg1\x00'}, @WGDEVICE_A_LISTEN_PORT={0x6, 0x6, 0x4e20}]}, 0x30}, 0x1, 0x0, 0x0, 0x20004084}, 0x2800c88c) r9 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/ipv4/vs/sync_threshold\x00', 0xd97f760c479e8c8e, 0x0) pread64$auto(r9, 0x0, 0x3, 0x1000007ffe) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="2f212dbd7000fcdbdf252100000008000300", @ANYRES32=r3], 0x24}}, 0x4000000) setreuid$auto(0x9, 0x1) socket$nl_generic(0x10, 0x3, 0x10) 2.548847433s ago: executing program 2 (id=118): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x80002, 0x0) write$auto_ocfs2_control_fops_stack_user(r0, &(0x7f0000003900)='\t', 0x1) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f00000000c0)=""/17, 0x11) close_range$auto(0x0, 0xfffffffffffff000, 0x2) 2.384740797s ago: executing program 1 (id=119): r0 = openat$auto_transactions_fops_(0xffffffffffffff9c, &(0x7f0000001100), 0x40, 0x0) read$auto_transactions_fops_(r0, &(0x7f0000001140)=""/67, 0x43) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) madvise$auto(0x0, 0x2003f0, 0x15) r1 = fanotify_init$auto(0x5, 0x2000000000002) fanotify_mark$auto(r1, 0x201, 0x9, 0x4, 0x0) fanotify_mark$auto(r1, 0x1, 0x9, 0x4, 0x0) r2 = bpf$auto_BPF_ENABLE_STATS(0x20, &(0x7f0000000080)=@enable_stats={0x6}, 0x200) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x6, 0x0) r3 = socket(0x2, 0x5, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0x2, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(r3, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1a000}, 0xe6, 0x0, 0x2, 0xb}, 0xfff}, 0x6, 0x311) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) r4 = socket(0x11, 0x80003, 0x300) sendfile$auto(0x1, r4, 0x0, 0x8fb5) dup2$auto(0x0, 0x3) ioctl$auto(0x3, 0x541b, 0x10000000000402) renameat$auto(r1, &(0x7f0000000040)='./file0\x00', r2, &(0x7f0000000140)='./file0\x00') 2.367764952s ago: executing program 0 (id=120): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) socket(0x2, 0x1, 0x0) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0xfffffffffffffffc, 0xfffffffffffffffd, 0xd4, 0x1, 0x6, 0x0, 0xffffffffffffff7f, 0x368e, 0x2, {0xffffffff, 0x20000000010000}, 0x5, 0x6, 0xfffffffffffffffd, 0x7, 0x0, 0x9, 0x81, 0xffffffffffff628e, 0xa747, 0xdead, 0x804}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x141300, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) ioctl$auto_XFS_IOC_ALLOCSP(0xffffffffffffffff, 0x4030580a, &(0x7f0000000440)={0xfff, 0x1, 0x1, 0x2, 0x7, 0xffffffffffffffff}) capset$auto(&(0x7f0000000480)={0xc}, &(0x7f0000000780)={0x40, 0xd21, 0x1}) inotify_init1$auto(0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio1\x00', 0x20b42, 0x0) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/card0/oss_mixer\x00', 0x121002, 0x0) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/net/rxrpc/calls\x00', 0x40380, 0x0) pread64$auto(r3, 0x0, 0x10001, 0x830) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/phonet\x00', 0x42000, 0x0) bpf$auto(0x1, &(0x7f0000000100)=@link_detach={r1}, 0x6f4) write$auto(r2, 0x0, 0x100) read$auto(0x3, 0x0, 0x80) close_range$auto(0x2, 0x8, 0x0) mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) open(&(0x7f0000000000)='./file0\x00', 0x101800, 0xbf) memfd_create$auto(0x0, 0x4) socket(0xa, 0x2, 0x3a) r4 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x64842, 0x0) ioctl$auto_TIOCSETD2(0xffffffffffffffff, 0x5423, 0x0) read$auto_tracing_readme_fops_trace(r4, &(0x7f0000000080)=""/150, 0x96) ioctl$auto(0x3, 0x8926, 0x10000000000402) 1.999490727s ago: executing program 3 (id=121): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio1\x00', 0x8000, 0x0) io_uring_setup$auto(0x8, &(0x7f0000000080)={0xe9, 0xd, 0x10000, 0x6, 0x8001, 0x7fffffff, r0, [], {0xa, 0x6, 0x4, 0x7, 0x100, 0x7ffffffb, 0x104, 0x800, 0x3}, {0x8, 0x3, 0x52, 0x5, 0x2, 0x40, 0x76c5, 0x2, 0xe}}) close_range$auto(0x2, 0x8, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0) ioctl$auto(0x3, 0x40045532, 0x38) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snd/pcmC1D0c\x00', 0x100, 0x0) r1 = socket(0xa, 0x2, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000d40), r2) sendmsg$auto_NFSD_CMD_THREADS_GET(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, r3, 0x1, 0x70bd2d, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x400c801}, 0x4) sendmsg$auto_NFSD_CMD_THREADS_SET(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x4c, r3, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@NFSD_A_SERVER_GRACETIME={0x8, 0x2, 0x6}, @NFSD_A_SERVER_SCOPE={0xb, 0x4, '/\\])/}\x00'}, @NFSD_A_SERVER_SCOPE={0xb, 0x4, '{\\)^/^\x00'}, @NFSD_A_SERVER_LEASETIME={0x8, 0x3, 0x2a6c}, @NFSD_A_SERVER_THREADS={0x8, 0x1, 0x10}, @NFSD_A_SERVER_SCOPE={0x6, 0x4, '))'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000}, 0x800c1) 1.853151521s ago: executing program 2 (id=122): r0 = prctl$auto(0x3e, 0x6558403, 0x0, 0x9, 0x3ff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/008/001\x00', 0xa901, 0x0) signalfd$auto(r2, 0x0, 0x100000000) fsopen$auto(0x0, 0x401) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) madvise$auto(0x2000, 0x20499d, 0x9) ioctl$auto_USBDEVFS_SETCONFIGURATION(r2, 0x80045505, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/fs/nilfs2/features/revision\x00', 0x400, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000000100)=""/19, 0x13) sendmsg$auto_GTP_CMD_NEWPDP(r1, &(0x7f0000003080)={0x0, 0x0, &(0x7f0000003040)={&(0x7f0000000440)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="6704be1675e4cb2ccecbe2838feb648f06002bbd7000fddbdf2500d529000800020001000000"], 0x1c}, 0x1, 0x0, 0x0, 0x4c000}, 0x80) r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x6e640, 0x90) io_uring_setup$auto(0x0, &(0x7f0000000140)={0x6, 0x7, 0x5, 0x388, 0x0, 0x3ac41994, r4, [0xc, 0x9, 0x8], {0x2, 0xa, 0x10, 0xbe, 0x81, 0xffff8544, 0xffff, 0xf02, 0xfffffffffffffffb}, {0x2, 0xa20, 0x7, 0x5, 0x930464b, 0x10000009, 0x1040, 0x7, 0x8}}) readahead$auto(r4, 0x7ff, 0xfffffffffffffff8) sendmsg$auto_NL80211_CMD_SET_INTERFACE(r0, 0x0, 0x4000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000840)='/proc/sys/vm/dirty_background_ratio\x00', 0x80000, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'vcan0\x00'}) sendmsg$auto_NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x801}, 0x2000805) r5 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0) ioctl$auto_TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, &(0x7f0000000080)=0x21) ioctl$auto_FBIOPUT_VSCREENINFO(r5, 0x4601, &(0x7f0000000080)) timerfd_create$auto(0x8, 0x3) socket(0x2, 0xa, 0x0) socketpair$auto(0x35, 0x8, 0xb02a, &(0x7f0000000040)=0x3) write$auto(0xca, &(0x7f0000000000)='\x04>\x01\x01\x00\x00\x00\x01\x00\xb6', 0x7f) 1.82425342s ago: executing program 3 (id=123): r0 = openat$auto_transactions_fops_(0xffffffffffffff9c, &(0x7f0000001100), 0x40, 0x0) read$auto_transactions_fops_(r0, &(0x7f0000001140)=""/67, 0x43) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) madvise$auto(0x0, 0x2003f0, 0x15) r1 = fanotify_init$auto(0x5, 0x2000000000002) fanotify_mark$auto(r1, 0x201, 0x9, 0x4, 0x0) fanotify_mark$auto(r1, 0x1, 0x9, 0x4, 0x0) bpf$auto_BPF_ENABLE_STATS(0x20, &(0x7f0000000080)=@enable_stats={0x6}, 0x200) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = socket(0x2, 0x5, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) sendmmsg$auto(r2, 0x0, 0x6, 0x311) 1.569902833s ago: executing program 0 (id=124): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)={0x44, r1, 0x1b, 0x70bd26, 0x25dfdbfd, {}, [@OVS_PACKET_ATTR_ACTIONS={0x28, 0x3, 0x0, 0x1, [@nested={0x24, 0x1, 0x0, 0x1, [@nested={0x20, 0x106, 0x0, 0x1, [@nested={0x19, 0x74, 0x0, 0x1, [@nested={0x4, 0x4d}, @typed={0x8, 0xd0, 0x0, 0x0, @u32=0xa888}, @generic="2a9d272f66", @nested={0x4, 0x33}]}]}]}]}, @OVS_PACKET_ATTR_ACTIONS={0x4}, @OVS_PACKET_ATTR_KEY={0x4}]}, 0x44}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) 1.447711865s ago: executing program 1 (id=125): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) r0 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aab4) flock$auto(r0, 0x1) read$auto_urandom_fops_random(r0, &(0x7f0000000540)=""/4096, 0x1000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000500)='/sys/devices/virtual/block/ram12/queue/read_ahead_kb\x00', 0x80000, 0x0) read$auto(r1, 0x0, 0x20) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x0, 0x3, 0xb, 0x55becab1, 0x5, 0x0) mmap$auto(0x0, 0xf2, 0xdf, 0xeb1, 0xf6f6, 0x8000) read$auto(0xffffffffffffffff, 0x0, 0x20) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/LNXSYSTM:00/LNXPWRBN:00/input/input0/inhibited\x00', 0x20b42, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x171e02, 0x0) ppoll$auto(&(0x7f0000000040)={0xffffffffffffffff, 0x2}, 0x10, &(0x7f00000000c0)={0x7, 0x65a29aea}, &(0x7f0000000100)={0x4}, 0x8) openat$auto_state_fops_(0xffffffffffffff9c, 0x0, 0x450003, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)={0x48, r4, 0x1b, 0x70bd26, 0x25dfdbfd, {}, [@OVS_PACKET_ATTR_ACTIONS={0x2c, 0x3, 0x0, 0x1, [@nested={0x28, 0x1, 0x0, 0x1, [@nested={0x24, 0x106, 0x0, 0x1, [@nested={0x1d, 0x74, 0x0, 0x1, [@nested={0xfffffffffffffe4c, 0x4d}, @typed={0xa888, 0xd0, 0x0, 0x0, @u32=0xa888}, @typed={0x4, 0x3}, @generic="2a9d272f66", @nested={0x4, 0x33}]}]}]}]}, @OVS_PACKET_ATTR_ACTIONS={0x4}, @OVS_PACKET_ATTR_KEY={0x4}]}, 0x48}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) r5 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/virt_wifi0/router_solicitations\x00', 0x101202, 0x0) r6 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/neigh/veth0_to_bridge/interval_probe_time_ms\x00', 0x202, 0x0) sendfile$auto(r6, r5, 0x0, 0x48) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/veth0/accept_ra_pinfo\x00', 0x2000, 0x0) sysfs$auto(0x2, 0x11, 0x0) fsopen$auto(0x0, 0x1) mmap$auto(0x0, 0x5, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x4, 0x0) r7 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) write$auto(r7, 0x0, 0xe) 1.430828797s ago: executing program 3 (id=126): socket$nl_generic(0x10, 0x3, 0x10) socket(0x15, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffff7, 0x8000) pipe2$auto(0x0, 0x0) io_uring_setup$auto(0x7e1b, 0x0) socket(0x2, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x11, 0x2, 0x14) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptya7\x00', 0x169701, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptyde\x00', 0xa0102, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) write$auto(0x3, 0x0, 0xfffffdef) close_range$auto(0x2, 0xa, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, 0xffffffffffffffff) ioctl$auto_KVM_GET_MSRS(r1, 0xc008ae88, &(0x7f0000000080)={0x2, 0x0, [{0xfffffffb, 0x400, 0x100000009}]}) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty45\x00', 0x201, 0x0) 1.364815103s ago: executing program 0 (id=127): ioctl$auto_KVM_GET_MSRS(0xffffffffffffffff, 0xc008ae88, 0x0) ioctl$auto_TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, &(0x7f0000000000)=0xdef) ioctl$auto_TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, &(0x7f0000000140)={0x0, &(0x7f0000000100)={0x5, 0x62, 0x7, @raw=0x1}}) semctl$auto_GETPID(0x18000000, 0xfff, 0xb, 0x1) r0 = getpid() process_vm_readv$auto(r0, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) fstat$auto(0xffffffffffffffff, &(0x7f0000000180)={0x6, 0x7be089c1, 0x100000000, 0x2, 0x0, 0x0, 0x0, 0x4, 0x7, 0x0, 0x9, 0xe, 0xfffffffffffffffb, 0xdd, 0xd, 0x3ff, 0x4}) r1 = getpid() process_vm_readv$auto(r1, &(0x7f0000000080)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={&(0x7f0000000140), 0x40000000001243}, 0xa, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x200007, 0x19) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/conf/all/drop_gratuitous_arp\x00', 0x400, 0x0) syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'batadv0\x00'}) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, 0x0, 0x8080) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000340), 0x8100, 0x0) mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x752502, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) setsockopt$auto_SO_TIMESTAMPING_NEW(0xffffffffffffffff, 0x7ff, 0x41, 0x0, 0x9) r4 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000001cc0), 0x101440, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r4, 0x40345410, &(0x7f0000000140)={{0x0, 0x2, 0x200800, 0xffffffff, 0xfffffffb}, "0dd7fd004929347eeeccdf0732f77b1f6de0d6d51768a257a97ca5e9ca6310ea"}) ioctl$auto_SNDRV_TIMER_IOCTL_PARAMS(r4, 0x40505412, 0x0) write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) close_range$auto(0x2, 0x8, 0x0) 1.347633672s ago: executing program 2 (id=128): mmap$auto(0xfffffffffffffffd, 0x400408, 0xe0, 0x9b72, 0x2, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptys2\x00', 0x1aec1, 0x0) ioctl$auto(r2, 0x4b47, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_wireguard(&(0x7f0000000240), 0xffffffffffffffff) r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), r4) sendmsg$auto_NL80211_CMD_FLUSH_PMKSA(r4, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000500)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="040029bd7000eedbdf253600000040001a00aa265d893e167e35a9e596a4ca20bd4bb7fdf820c01e55e294765dde1b88385e3cf48af6d1c100c9387a0173c45393de53e8dfb9b2457621da7767730800ef0006080000040035bcdf34fb1b36ce682ff21601080035030600000008005d00f400000045a9df2a717b015535a8077e01b15a6517c5cc48789a801a6386bff50bb421b7af19ba0021f998bd8ca8b7c9aa1a11209f3a622bb0180fa64f0cee8376949c07f9a7bb3bbf74ac76a733f5bc81f6649d37fa5916d460930fa8fe301422ecb7bcf95763f1ffece88a3628225276bcd6d03bb52c16ab7993a919f7a40553d4fa0d0c650a1ade04b6cac86d23f4843e9aa1d2e651d3ab2319fa6eb47072223f446ab23de00fa18b0ffba92f05fb4bb77f52a8d0da24a6ac539b9ee89c47d2f5c85812dfabc4451bdf31b07c91017a392035195644c0a38eff1922ee55636daae16ab594d6e12649ec8d1a6a903554f0ca16f4818abe6eeb47df797fe484be6ba6ae9ca6c801175168155c88fa6d7e02e954dcac68"], 0x70}, 0x1, 0x0, 0x0, 0x880}, 0x4000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000340)='/dev/v4l-subdev2\x00', 0x80000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) r7 = getpid() process_vm_readv$auto(r7, &(0x7f0000000080)={0x0, 0xfff}, 0x800000001, &(0x7f0000000280)={&(0x7f0000000000), 0x7f}, 0x6, 0x0) ioctl$auto(0x3, 0xc0585605, 0x38) ioctl$auto_TIOCSETD2(0xffffffffffffffff, 0x5423, &(0x7f0000000080)="2391ebc4fdc5c2d69eac79cac4f759145a7a83448c05febf55744fcf34082d065a5102b8964da07b2136e74c4a79ad8a059a60e58555a73b2b5d90f974a445ff35ace6bddd04a0c623458df40286a5606e1af16b326575") sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_TEMP(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="770e0000", @ANYRES16=0x0, @ANYBLOB="080028bd7000fddbdf250300000008000600020000000c0014"], 0x28}, 0x1, 0x0, 0x0, 0x4}, 0x405b) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000336bd7000fedbdf2502"], 0x24}, 0x1, 0x0, 0x0, 0xc005}, 0x4) r8 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000180)='/dev/bus/usb/006/001\x00', 0xa901, 0x0) ioctl$auto_USBDEVFS_CLEAR_HALT(r8, 0x80045515, &(0x7f00000004c0)=0xe3) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x44814}, 0x2004c0c4) sendmsg$auto_WG_CMD_SET_DEVICE(r4, &(0x7f00000028c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x30, r5, 0x21, 0x70bd26, 0x25dfdbfe, {}, [@WGDEVICE_A_IFNAME={0x14, 0x2, 'wg1\x00'}, @WGDEVICE_A_LISTEN_PORT={0x6, 0x6, 0x4e20}]}, 0x30}, 0x1, 0x0, 0x0, 0x20004084}, 0x2800c88c) r9 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/ipv4/vs/sync_threshold\x00', 0xd97f760c479e8c8e, 0x0) pread64$auto(r9, 0x0, 0x3, 0x1000007ffe) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="2f212dbd7000fcdbdf252100000008000300", @ANYRES32=r3], 0x24}}, 0x4000000) setreuid$auto(0x9, 0x1) socket$nl_generic(0x10, 0x3, 0x10) 873.954317ms ago: executing program 1 (id=129): r0 = openat$auto_transactions_fops_(0xffffffffffffff9c, &(0x7f0000001100), 0x40, 0x0) read$auto_transactions_fops_(r0, &(0x7f0000001140)=""/67, 0x43) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) madvise$auto(0x0, 0x2003f0, 0x15) r1 = fanotify_init$auto(0x5, 0x2000000000002) fanotify_mark$auto(r1, 0x201, 0x9, 0x4, 0x0) fanotify_mark$auto(r1, 0x1, 0x9, 0x4, 0x0) r2 = bpf$auto_BPF_ENABLE_STATS(0x20, &(0x7f0000000080)=@enable_stats={0x6}, 0x200) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x6, 0x0) r3 = socket(0x2, 0x5, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0x2, 0x1, 0x84) bind$auto(0x3, 0x0, 0x6a) sendmmsg$auto(r3, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1a000}, 0xe6, 0x0, 0x2, 0xb}, 0xfff}, 0x6, 0x311) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xffcc}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) r4 = socket(0x11, 0x80003, 0x300) sendfile$auto(0x1, r4, 0x0, 0x8fb5) dup2$auto(0x0, 0x3) ioctl$auto(0x3, 0x541b, 0x10000000000402) renameat$auto(r1, &(0x7f0000000040)='./file0\x00', r2, &(0x7f0000000140)='./file0\x00') 755.960186ms ago: executing program 3 (id=130): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x80002, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/module/apparmor/parameters/path_max\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f00000000c0)=""/17, 0x11) close_range$auto(0x0, 0xfffffffffffff000, 0x2) 697.59993ms ago: executing program 2 (id=131): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio1\x00', 0x8000, 0x0) io_uring_setup$auto(0x8, &(0x7f0000000080)={0xe9, 0xd, 0x10000, 0x6, 0x8001, 0x7fffffff, r0, [], {0xa, 0x6, 0x4, 0x7, 0x100, 0x7ffffffb, 0x104, 0x800, 0x3}, {0x8, 0x3, 0x52, 0x5, 0x2, 0x40, 0x76c5, 0x2, 0xe}}) close_range$auto(0x2, 0x8, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0) ioctl$auto(0x3, 0x40045532, 0x38) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snd/pcmC1D0c\x00', 0x100, 0x0) r1 = socket(0xa, 0x2, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000d40), r2) sendmsg$auto_NFSD_CMD_THREADS_GET(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, r3, 0x1, 0x70bd2d, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x400c801}, 0x4) sendmsg$auto_NFSD_CMD_THREADS_SET(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x4c, r3, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@NFSD_A_SERVER_GRACETIME={0x8, 0x2, 0x6}, @NFSD_A_SERVER_SCOPE={0xb, 0x4, '/\\])/}\x00'}, @NFSD_A_SERVER_SCOPE={0xb, 0x4, '{\\)^/^\x00'}, @NFSD_A_SERVER_LEASETIME={0x8, 0x3, 0x2a6c}, @NFSD_A_SERVER_THREADS={0x8, 0x1, 0x10}, @NFSD_A_SERVER_SCOPE={0x6, 0x4, '))'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000}, 0x800c1) 542.683709ms ago: executing program 3 (id=132): openat$auto_tap_fops_tap(0xffffffffffffff9c, 0x0, 0x1, 0x0) r0 = socket(0x1a, 0x1, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80802, 0x0) r2 = socket(0x2b, 0x1, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) statx$auto(0xffffffffffffffff, 0x0, 0x6d7, 0x8, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mlock$auto(0x112, 0x80006) mlockall$auto(0x800000000000005) madvise$auto(0x0, 0x200007, 0x19) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @loopback}, 0x6a) getsockopt$auto_SO_TXREHASH(r0, 0xced5, 0x4a, &(0x7f0000000080)='/dev/kvm\x00', &(0x7f0000000180)=0x7) sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, 0x0, 0x9, 0x0, 0x1f, 0x9}, 0x800009}, 0x7, 0x20000000) io_uring_setup$auto(0x6, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) mbind$auto(0x2000, 0x100000004, 0x5, 0x0, 0xffffffffffffff39, 0xffffffff) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) write$auto(0x3, 0x0, 0xfffffdef) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) socket(0x2, 0x5, 0x0) 446.34994ms ago: executing program 2 (id=133): r0 = openat$auto_transactions_fops_(0xffffffffffffff9c, &(0x7f0000001100), 0x40, 0x0) read$auto_transactions_fops_(r0, &(0x7f0000001140)=""/67, 0x43) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) madvise$auto(0x0, 0x2003f0, 0x15) r1 = fanotify_init$auto(0x5, 0x2000000000002) fanotify_mark$auto(r1, 0x201, 0x9, 0x4, 0x0) fanotify_mark$auto(r1, 0x1, 0x9, 0x4, 0x0) r2 = bpf$auto_BPF_ENABLE_STATS(0x20, &(0x7f0000000080)=@enable_stats={0x6}, 0x200) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x6, 0x0) r3 = socket(0x2, 0x5, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0x2, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(r3, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1a000}, 0xe6, 0x0, 0x2, 0xb}, 0xfff}, 0x6, 0x311) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) r4 = socket(0x11, 0x80003, 0x300) sendfile$auto(0x1, r4, 0x0, 0x8fb5) dup2$auto(0x0, 0x3) ioctl$auto(0x3, 0x541b, 0x10000000000402) renameat$auto(r1, &(0x7f0000000040)='./file0\x00', r2, &(0x7f0000000140)='./file0\x00') 262.498658ms ago: executing program 0 (id=134): r0 = openat$auto_transactions_fops_(0xffffffffffffff9c, &(0x7f0000001100), 0x40, 0x0) read$auto_transactions_fops_(r0, &(0x7f0000001140)=""/67, 0x43) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) madvise$auto(0x0, 0x2003f0, 0x15) r1 = fanotify_init$auto(0x5, 0x2000000000002) fanotify_mark$auto(r1, 0x201, 0x9, 0x4, 0x0) fanotify_mark$auto(r1, 0x1, 0x9, 0x4, 0x0) bpf$auto_BPF_ENABLE_STATS(0x20, &(0x7f0000000080)=@enable_stats={0x6}, 0x200) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = socket(0x2, 0x5, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) sendmmsg$auto(r2, 0x0, 0x6, 0x311) 0s ago: executing program 0 (id=135): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)={0x40, r1, 0x1b, 0x70bd26, 0x25dfdbfd, {}, [@OVS_PACKET_ATTR_ACTIONS={0x24, 0x3, 0x0, 0x1, [@nested={0x20, 0x1, 0x0, 0x1, [@nested={0x1c, 0x106, 0x0, 0x1, [@nested={0x15, 0x74, 0x0, 0x1, [@nested={0x4, 0x4d}, @typed={0x4, 0x3}, @generic="2a9d272f66", @nested={0x4, 0x33}]}]}]}]}, @OVS_PACKET_ATTR_ACTIONS={0x4}, @OVS_PACKET_ATTR_KEY={0x4}]}, 0x40}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.118' (ED25519) to the list of known hosts. [ 79.691507][ T5832] cgroup: Unknown subsys name 'net' [ 79.817435][ T5832] cgroup: Unknown subsys name 'cpuset' [ 79.825919][ T5832] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 81.305853][ T5832] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 83.281176][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 83.289624][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 83.297301][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 83.306657][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 83.326032][ T5845] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 83.334939][ T5165] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 83.344280][ T5165] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 83.352101][ T5165] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 83.361016][ T5165] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 83.369519][ T5165] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 83.444438][ T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 83.452436][ T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 83.461162][ T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 83.470941][ T5845] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 83.471000][ T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 83.478973][ T5845] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 83.494041][ T5849] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 83.515834][ T5849] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 83.524318][ T5849] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 83.532231][ T5849] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 83.998724][ T5846] chnl_net:caif_netlink_parms(): no params data found [ 84.037098][ T5841] chnl_net:caif_netlink_parms(): no params data found [ 84.126662][ T5850] chnl_net:caif_netlink_parms(): no params data found [ 84.277555][ T5841] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.285400][ T5841] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.292776][ T5841] bridge_slave_0: entered allmulticast mode [ 84.301185][ T5841] bridge_slave_0: entered promiscuous mode [ 84.314264][ T5846] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.321403][ T5846] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.328706][ T5846] bridge_slave_0: entered allmulticast mode [ 84.335911][ T5846] bridge_slave_0: entered promiscuous mode [ 84.343279][ T5852] chnl_net:caif_netlink_parms(): no params data found [ 84.378676][ T5841] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.386252][ T5841] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.393396][ T5841] bridge_slave_1: entered allmulticast mode [ 84.400981][ T5841] bridge_slave_1: entered promiscuous mode [ 84.412782][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.420015][ T5846] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.427182][ T5846] bridge_slave_1: entered allmulticast mode [ 84.434228][ T5846] bridge_slave_1: entered promiscuous mode [ 84.531978][ T5846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 84.548979][ T5841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 84.558249][ T5850] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.565729][ T5850] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.572858][ T5850] bridge_slave_0: entered allmulticast mode [ 84.580962][ T5850] bridge_slave_0: entered promiscuous mode [ 84.590421][ T5846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.613064][ T5841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.623227][ T5850] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.630605][ T5850] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.638146][ T5850] bridge_slave_1: entered allmulticast mode [ 84.646337][ T5850] bridge_slave_1: entered promiscuous mode [ 84.723237][ T5846] team0: Port device team_slave_0 added [ 84.732515][ T5846] team0: Port device team_slave_1 added [ 84.738959][ T5852] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.746239][ T5852] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.753409][ T5852] bridge_slave_0: entered allmulticast mode [ 84.760599][ T5852] bridge_slave_0: entered promiscuous mode [ 84.781905][ T5850] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 84.795007][ T5850] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.830705][ T5852] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.838187][ T5852] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.845528][ T5852] bridge_slave_1: entered allmulticast mode [ 84.852534][ T5852] bridge_slave_1: entered promiscuous mode [ 84.878366][ T5841] team0: Port device team_slave_0 added [ 84.888507][ T5841] team0: Port device team_slave_1 added [ 84.945643][ T5850] team0: Port device team_slave_0 added [ 84.952350][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.960122][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.986645][ T5846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 85.002301][ T5852] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 85.014953][ T5852] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 85.036819][ T5850] team0: Port device team_slave_1 added [ 85.043313][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 85.050837][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 85.077772][ T5841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 85.090079][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 85.097177][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 85.123355][ T5846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.164718][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 85.171711][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 85.198038][ T5841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.249243][ T5852] team0: Port device team_slave_0 added [ 85.269963][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 85.277603][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 85.303697][ T5850] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 85.328081][ T5852] team0: Port device team_slave_1 added [ 85.346545][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 85.353512][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 85.381520][ T5850] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.398808][ T5846] hsr_slave_0: entered promiscuous mode [ 85.405138][ T5846] hsr_slave_1: entered promiscuous mode [ 85.454623][ T5165] Bluetooth: hci0: command tx timeout [ 85.457466][ T5849] Bluetooth: hci1: command tx timeout [ 85.489162][ T5852] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 85.496362][ T5852] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 85.522871][ T5852] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 85.535611][ T5849] Bluetooth: hci2: command tx timeout [ 85.553782][ T5841] hsr_slave_0: entered promiscuous mode [ 85.560132][ T5841] hsr_slave_1: entered promiscuous mode [ 85.566998][ T5841] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 85.574776][ T5841] Cannot create hsr debugfs directory [ 85.587783][ T5852] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 85.594987][ T5852] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 85.621738][ T5849] Bluetooth: hci3: command tx timeout [ 85.628536][ T5852] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.693323][ T5850] hsr_slave_0: entered promiscuous mode [ 85.699883][ T5850] hsr_slave_1: entered promiscuous mode [ 85.706368][ T5850] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 85.713930][ T5850] Cannot create hsr debugfs directory [ 85.842543][ T5852] hsr_slave_0: entered promiscuous mode [ 85.849581][ T5852] hsr_slave_1: entered promiscuous mode [ 85.855985][ T5852] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 85.863549][ T5852] Cannot create hsr debugfs directory [ 86.193495][ T5841] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 86.206998][ T5841] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 86.221488][ T5841] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 86.240099][ T5841] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 86.289960][ T5850] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 86.313210][ T5850] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 86.338846][ T5850] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 86.349808][ T5850] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 86.418605][ T5846] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 86.440720][ T5846] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 86.453701][ T5846] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 86.472441][ T5846] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 86.576186][ T5852] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 86.587326][ T5852] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 86.605491][ T5852] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 86.628340][ T5852] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 86.720807][ T5850] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.760765][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.824869][ T5850] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.839659][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.896757][ T5841] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.908120][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.915597][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 86.940062][ T5846] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.959544][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.966741][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.977147][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.984339][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.022451][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.029714][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 87.041689][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.048872][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.080748][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.087948][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 87.208417][ T5852] 8021q: adding VLAN 0 to HW filter on device bond0 [ 87.288635][ T5852] 8021q: adding VLAN 0 to HW filter on device team0 [ 87.341080][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.348304][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.398295][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.405498][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 87.539414][ T5849] Bluetooth: hci1: command tx timeout [ 87.539422][ T5165] Bluetooth: hci0: command tx timeout [ 87.614396][ T5849] Bluetooth: hci2: command tx timeout [ 87.704408][ T5849] Bluetooth: hci3: command tx timeout [ 87.734456][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 87.811159][ T5850] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 87.929513][ T5846] veth0_vlan: entered promiscuous mode [ 87.953612][ T5846] veth1_vlan: entered promiscuous mode [ 87.980339][ T5850] veth0_vlan: entered promiscuous mode [ 88.005941][ T5850] veth1_vlan: entered promiscuous mode [ 88.038420][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 88.072037][ T5846] veth0_macvtap: entered promiscuous mode [ 88.099361][ T5850] veth0_macvtap: entered promiscuous mode [ 88.118274][ T5846] veth1_macvtap: entered promiscuous mode [ 88.129596][ T5850] veth1_macvtap: entered promiscuous mode [ 88.151124][ T5852] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 88.173198][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 88.199787][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.226822][ T5841] veth0_vlan: entered promiscuous mode [ 88.237832][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 88.247448][ T5850] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.257537][ T5850] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.266725][ T5850] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.275958][ T5850] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.320655][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.361850][ T5846] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.371182][ T5846] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.380556][ T5846] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.389422][ T5846] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.401050][ T5841] veth1_vlan: entered promiscuous mode [ 88.433200][ T5852] veth0_vlan: entered promiscuous mode [ 88.486201][ T5852] veth1_vlan: entered promiscuous mode [ 88.505371][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.513378][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.575620][ T5841] veth0_macvtap: entered promiscuous mode [ 88.596512][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.602987][ T5841] veth1_macvtap: entered promiscuous mode [ 88.612884][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.640603][ T5852] veth0_macvtap: entered promiscuous mode [ 88.661658][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.682640][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 88.694960][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.697708][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.726777][ T5852] veth1_macvtap: entered promiscuous mode [ 88.737535][ T5841] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.746999][ T5841] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.757412][ T5841] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.766233][ T5841] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.792054][ T5850] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 88.828701][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.838019][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.857921][ T5852] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 88.896078][ T5852] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.923875][ T5852] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.939010][ T5852] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.947850][ T5852] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.957904][ T5852] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.058547][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.092489][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.114502][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 89.286965][ T5938] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 89.427537][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.446923][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.476081][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.486050][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.505021][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 89.614918][ T5849] Bluetooth: hci0: command tx timeout [ 89.620363][ T5849] Bluetooth: hci1: command tx timeout [ 89.695551][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 89.695738][ T5165] Bluetooth: hci2: command tx timeout [ 89.704359][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 89.768764][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.785391][ T5165] Bluetooth: hci3: command tx timeout [ 89.806914][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.154689][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 90.164482][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 90.324394][ T0] NOHZ tick-stop error: local softirq work is pending, handler #340!!! [ 90.639790][ T5951] zswap: compressor not available [ 90.897180][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 90.934670][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 91.475290][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 91.694579][ T5165] Bluetooth: hci1: command tx timeout [ 91.695217][ T5849] Bluetooth: hci0: command tx timeout [ 91.774592][ T5849] Bluetooth: hci2: command tx timeout [ 91.882513][ T5849] Bluetooth: hci3: command tx timeout [ 91.919674][ T9] cfg80211: failed to load regulatory.db [ 93.177461][ T5979] mkiss: ax0: crc mode is auto. [ 93.347737][ T5977] ALSA: mixer_oss: invalid OSS volume '0' [ 93.353518][ T5977] ALSA: mixer_oss: invalid OSS volume '' [ 93.490994][ T5990] openvswitch: netlink: IPv4 tunnel dst address is zero [ 93.762944][ T5996] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 94.880052][ T6016] syz.0.18 uses obsolete (PF_INET,SOCK_PACKET) [ 94.880858][ T5849] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 95.696287][ T6025] zswap: compressor not available [ 96.168516][ T6024] zswap: compressor not available [ 96.516463][ T6046] usb usb8: usbfs: interface 0 claimed by hub while 'syz.1.22' sets config #0 [ 96.643081][ T5165] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 syzkaller syzkaller login: [ 98.365117][ T6072] mkiss: ax0: crc mode is auto. [ 98.430716][ T6071] ALSA: mixer_oss: invalid OSS volume '0' [ 98.541839][ T6071] ALSA: mixer_oss: invalid OSS volume '' [ 98.929132][ T6097] FAULT_INJECTION: forcing a failure. [ 98.929132][ T6097] name failslab, interval 1, probability 0, space 0, times 1 [ 98.961678][ T6097] CPU: 1 UID: 0 PID: 6097 Comm: syz.3.31 Not tainted 6.16.0-rc7-syzkaller-00105-g2942242dde89 #0 PREEMPT(full) [ 98.961717][ T6097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 98.961736][ T6097] Call Trace: [ 98.961746][ T6097] [ 98.961759][ T6097] dump_stack_lvl+0x16c/0x1f0 [ 98.961795][ T6097] should_fail_ex+0x512/0x640 [ 98.961829][ T6097] should_failslab+0xc2/0x120 [ 98.961861][ T6097] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 98.961889][ T6097] ? skb_clone+0x190/0x3f0 [ 98.961922][ T6097] skb_clone+0x190/0x3f0 [ 98.961951][ T6097] netlink_deliver_tap+0xabd/0xd30 [ 98.961989][ T6097] netlink_unicast+0x62f/0x850 [ 98.962026][ T6097] ? __pfx_netlink_unicast+0x10/0x10 [ 98.962068][ T6097] netlink_sendmsg+0x8d1/0xdd0 [ 98.962105][ T6097] ? __pfx_netlink_sendmsg+0x10/0x10 [ 98.962150][ T6097] ____sys_sendmsg+0xa95/0xc70 [ 98.962184][ T6097] ? copy_msghdr_from_user+0x10a/0x160 [ 98.962212][ T6097] ? __pfx_____sys_sendmsg+0x10/0x10 [ 98.962252][ T6097] ? try_to_wake_up+0xa2f/0x1680 [ 98.962286][ T6097] ___sys_sendmsg+0x134/0x1d0 [ 98.962316][ T6097] ? __pfx____sys_sendmsg+0x10/0x10 [ 98.962340][ T6097] ? __lock_acquire+0x622/0x1c90 [ 98.962419][ T6097] __sys_sendmsg+0x16d/0x220 [ 98.962448][ T6097] ? __pfx___sys_sendmsg+0x10/0x10 [ 98.962474][ T6097] ? __x64_sys_futex+0x1e0/0x4c0 [ 98.962536][ T6097] do_syscall_64+0xcd/0x490 [ 98.962566][ T6097] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 98.962593][ T6097] RIP: 0033:0x7fae7c58e9a9 [ 98.962619][ T6097] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 98.962648][ T6097] RSP: 002b:00007fae7d368038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 98.962673][ T6097] RAX: ffffffffffffffda RBX: 00007fae7c7b5fa0 RCX: 00007fae7c58e9a9 [ 98.962690][ T6097] RDX: 000000000000c800 RSI: 0000200000000000 RDI: 0000000000000008 [ 98.962706][ T6097] RBP: 00007fae7c610d69 R08: 0000000000000000 R09: 0000000000000000 [ 98.962722][ T6097] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 98.962737][ T6097] R13: 0000000000000000 R14: 00007fae7c7b5fa0 R15: 00007ffe19603698 [ 98.962772][ T6097] [ 99.351839][ T6109] netlink: 8 bytes leftover after parsing attributes in process `syz.1.33'. [ 99.563243][ T6102] zswap: compressor not available [ 99.689485][ T6121] usb usb8: usbfs: interface 0 claimed by hub while 'syz.2.35' sets config #0 [ 99.820772][ T5849] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 101.047882][ T6145] FAULT_INJECTION: forcing a failure. [ 101.047882][ T6145] name failslab, interval 1, probability 0, space 0, times 0 [ 101.060847][ T6145] CPU: 1 UID: 0 PID: 6145 Comm: syz.0.42 Not tainted 6.16.0-rc7-syzkaller-00105-g2942242dde89 #0 PREEMPT(full) [ 101.060884][ T6145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 101.060900][ T6145] Call Trace: [ 101.060909][ T6145] [ 101.060919][ T6145] dump_stack_lvl+0x16c/0x1f0 [ 101.060952][ T6145] should_fail_ex+0x512/0x640 [ 101.060980][ T6145] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 101.061011][ T6145] should_failslab+0xc2/0x120 [ 101.061042][ T6145] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 101.061069][ T6145] ? security_file_alloc+0x34/0x2b0 [ 101.061112][ T6145] security_file_alloc+0x34/0x2b0 [ 101.061150][ T6145] init_file+0x93/0x4c0 [ 101.061181][ T6145] alloc_empty_file+0x73/0x1e0 [ 101.061213][ T6145] path_openat+0xda/0x2cb0 [ 101.061236][ T6145] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 101.061276][ T6145] ? __pfx_path_openat+0x10/0x10 [ 101.061303][ T6145] ? __lock_acquire+0xb8a/0x1c90 [ 101.061351][ T6145] do_filp_open+0x20b/0x470 [ 101.061379][ T6145] ? __pfx_do_filp_open+0x10/0x10 [ 101.061432][ T6145] ? alloc_fd+0x471/0x7d0 [ 101.061480][ T6145] do_sys_openat2+0x11b/0x1d0 [ 101.061514][ T6145] ? __pfx_do_sys_openat2+0x10/0x10 [ 101.061549][ T6145] ? __sys_sendmsg+0x18c/0x220 [ 101.061586][ T6145] __x64_sys_openat+0x174/0x210 [ 101.061619][ T6145] ? __pfx___x64_sys_openat+0x10/0x10 [ 101.061668][ T6145] do_syscall_64+0xcd/0x490 [ 101.061698][ T6145] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 101.061724][ T6145] RIP: 0033:0x7f2698b8e9a9 [ 101.061745][ T6145] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 101.061769][ T6145] RSP: 002b:00007f2699ae2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 101.061798][ T6145] RAX: ffffffffffffffda RBX: 00007f2698db5fa0 RCX: 00007f2698b8e9a9 [ 101.061816][ T6145] RDX: 0000000000101202 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 101.061833][ T6145] RBP: 00007f2698c10d69 R08: 0000000000000000 R09: 0000000000000000 [ 101.061849][ T6145] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 101.061865][ T6145] R13: 0000000000000000 R14: 00007f2698db5fa0 R15: 00007ffd44dec0c8 [ 101.061900][ T6145] [ 101.320486][ T6140] mkiss: ax0: crc mode is auto. [ 101.370167][ T6136] ALSA: mixer_oss: invalid OSS volume '0' [ 101.414898][ T6136] ALSA: mixer_oss: invalid OSS volume '' [ 101.580612][ T6155] usb usb8: usbfs: interface 0 claimed by hub while 'syz.2.46' sets config #0 [ 101.654513][ T5849] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 101.662213][ T5849] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 101.712930][ T6153] zswap: compressor not available [ 101.736316][ T6151] netlink: 8 bytes leftover after parsing attributes in process `syz.0.44'. [ 102.050874][ T6165] zswap: compressor not available [ 102.929553][ T6204] usb usb8: usbfs: interface 0 claimed by hub while 'syz.2.56' sets config #0 [ 103.232130][ T5849] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 103.245654][ T5849] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection syzkaller syzkaller login: [ 103.967165][ T6214] netlink: 8 bytes leftover after parsing attributes in process `syz.0.57'. [ 104.132055][ T6217] zswap: compressor not available [ 104.675958][ T6235] mkiss: ax0: crc mode is auto. [ 104.766767][ T6238] FAULT_INJECTION: forcing a failure. [ 104.766767][ T6238] name failslab, interval 1, probability 0, space 0, times 0 [ 104.849678][ T6238] CPU: 1 UID: 0 PID: 6238 Comm: syz.0.61 Not tainted 6.16.0-rc7-syzkaller-00105-g2942242dde89 #0 PREEMPT(full) [ 104.849724][ T6238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 104.849739][ T6238] Call Trace: [ 104.849748][ T6238] [ 104.849759][ T6238] dump_stack_lvl+0x16c/0x1f0 [ 104.849793][ T6238] should_fail_ex+0x512/0x640 [ 104.849820][ T6238] ? fs_reclaim_acquire+0xae/0x150 [ 104.849859][ T6238] should_failslab+0xc2/0x120 [ 104.849889][ T6238] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 104.849918][ T6238] ? security_inode_alloc+0x3b/0x2b0 [ 104.849955][ T6238] security_inode_alloc+0x3b/0x2b0 [ 104.849989][ T6238] inode_init_always_gfp+0xce4/0x1030 [ 104.850033][ T6238] alloc_inode+0x86/0x240 [ 104.850064][ T6238] new_inode+0x22/0x1c0 [ 104.850098][ T6238] proc_sys_make_inode+0x47/0x5c0 [ 104.850129][ T6238] proc_sys_lookup+0x282/0x410 [ 104.850156][ T6238] ? __pfx_proc_sys_lookup+0x10/0x10 [ 104.850188][ T6238] ? __d_lookup+0x266/0x4a0 [ 104.850228][ T6238] ? __pfx_proc_sys_lookup+0x10/0x10 [ 104.850254][ T6238] lookup_open.isra.0+0x4da/0x1580 [ 104.850298][ T6238] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 104.850355][ T6238] ? mnt_get_write_access+0x20c/0x300 [ 104.850395][ T6238] path_openat+0x893/0x2cb0 [ 104.850433][ T6238] ? __pfx_path_openat+0x10/0x10 [ 104.850461][ T6238] ? __lock_acquire+0xb8a/0x1c90 [ 104.850499][ T6238] do_filp_open+0x20b/0x470 [ 104.850525][ T6238] ? __pfx_do_filp_open+0x10/0x10 [ 104.850578][ T6238] ? alloc_fd+0x471/0x7d0 [ 104.850626][ T6238] do_sys_openat2+0x11b/0x1d0 [ 104.850659][ T6238] ? __pfx_do_sys_openat2+0x10/0x10 [ 104.850693][ T6238] ? __sys_sendmsg+0x18c/0x220 [ 104.850736][ T6238] __x64_sys_openat+0x174/0x210 [ 104.850771][ T6238] ? __pfx___x64_sys_openat+0x10/0x10 [ 104.850817][ T6238] do_syscall_64+0xcd/0x490 [ 104.850847][ T6238] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.850873][ T6238] RIP: 0033:0x7f2698b8e9a9 [ 104.850894][ T6238] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 104.850918][ T6238] RSP: 002b:00007f2699ae2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 104.850941][ T6238] RAX: ffffffffffffffda RBX: 00007f2698db5fa0 RCX: 00007f2698b8e9a9 [ 104.850957][ T6238] RDX: 0000000000101202 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 104.850973][ T6238] RBP: 00007f2698c10d69 R08: 0000000000000000 R09: 0000000000000000 [ 104.850987][ T6238] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 104.851001][ T6238] R13: 0000000000000000 R14: 00007f2698db5fa0 R15: 00007ffd44dec0c8 [ 104.851036][ T6238] [ 104.923544][ T6226] ALSA: mixer_oss: invalid OSS volume '0' [ 105.134091][ T6226] ALSA: mixer_oss: invalid OSS volume '' [ 105.634083][ T5165] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 105.643045][ T5165] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:0' [ 105.654020][ T5165] CPU: 1 UID: 0 PID: 5165 Comm: kworker/u9:1 Not tainted 6.16.0-rc7-syzkaller-00105-g2942242dde89 #0 PREEMPT(full) [ 105.654056][ T5165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 105.654074][ T5165] Workqueue: hci3 hci_rx_work [ 105.654104][ T5165] Call Trace: [ 105.654113][ T5165] [ 105.654123][ T5165] dump_stack_lvl+0x16c/0x1f0 [ 105.654153][ T5165] sysfs_warn_dup+0x7f/0xa0 [ 105.654190][ T5165] sysfs_create_dir_ns+0x24b/0x2b0 [ 105.654225][ T5165] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 105.654259][ T5165] ? find_held_lock+0x2b/0x80 [ 105.654289][ T5165] ? do_raw_spin_unlock+0x172/0x230 [ 105.654324][ T5165] kobject_add_internal+0x2c4/0x9b0 [ 105.654360][ T5165] kobject_add+0x16e/0x240 [ 105.654387][ T5165] ? __pfx_kobject_add+0x10/0x10 [ 105.654416][ T5165] ? do_raw_spin_unlock+0x172/0x230 [ 105.654452][ T5165] ? kobject_put+0xab/0x5a0 [ 105.654491][ T5165] device_add+0x288/0x1a70 [ 105.654522][ T5165] ? __pfx_dev_set_name+0x10/0x10 [ 105.654556][ T5165] ? __pfx_device_add+0x10/0x10 [ 105.654588][ T5165] ? mgmt_send_event_skb+0x2fb/0x460 [ 105.654633][ T5165] hci_conn_add_sysfs+0x17e/0x230 [ 105.654665][ T5165] le_conn_complete_evt+0x1075/0x1d70 [ 105.654713][ T5165] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 105.654747][ T5165] ? bt_warn+0xe4/0x120 [ 105.654778][ T5165] ? __pfx_bt_warn+0x10/0x10 [ 105.654819][ T5165] hci_le_conn_complete_evt+0x23c/0x370 [ 105.654860][ T5165] hci_le_meta_evt+0x357/0x5e0 [ 105.654883][ T5165] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 105.654921][ T5165] hci_event_packet+0x682/0x11c0 [ 105.654955][ T5165] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 105.654980][ T5165] ? __pfx_hci_event_packet+0x10/0x10 [ 105.655017][ T5165] ? kcov_remote_start+0x3c9/0x6d0 [ 105.655048][ T5165] ? lockdep_hardirqs_on+0x7c/0x110 [ 105.655077][ T5165] hci_rx_work+0x2c5/0x16b0 [ 105.655101][ T5165] ? rcu_is_watching+0x12/0xc0 [ 105.655129][ T5165] process_one_work+0x9cc/0x1b70 [ 105.655174][ T5165] ? __pfx_process_one_work+0x10/0x10 [ 105.655215][ T5165] ? assign_work+0x1a0/0x250 [ 105.655249][ T5165] worker_thread+0x6c8/0xf10 [ 105.655290][ T5165] ? __kthread_parkme+0x19e/0x250 [ 105.655318][ T5165] ? __pfx_worker_thread+0x10/0x10 [ 105.655350][ T5165] kthread+0x3c5/0x780 [ 105.655380][ T5165] ? __pfx_kthread+0x10/0x10 [ 105.655411][ T5165] ? rcu_is_watching+0x12/0xc0 [ 105.655434][ T5165] ? __pfx_kthread+0x10/0x10 [ 105.655465][ T5165] ret_from_fork+0x5d4/0x6f0 [ 105.655493][ T5165] ? __pfx_kthread+0x10/0x10 [ 105.655523][ T5165] ret_from_fork_asm+0x1a/0x30 [ 105.655562][ T5165] [ 105.655597][ T5165] kobject: kobject_add_internal failed for hci3:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 105.940893][ T5165] Bluetooth: hci3: failed to register connection device [ 106.339967][ T6269] netlink: 8 bytes leftover after parsing attributes in process `syz.3.69'. [ 106.512229][ T6275] zswap: compressor not available [ 106.653879][ T6283] FAULT_INJECTION: forcing a failure. [ 106.653879][ T6283] name fail_futex, interval 1, probability 0, space 0, times 1 [ 106.673811][ T6283] CPU: 0 UID: 0 PID: 6283 Comm: syz.3.72 Not tainted 6.16.0-rc7-syzkaller-00105-g2942242dde89 #0 PREEMPT(full) [ 106.673833][ T6283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 106.673843][ T6283] Call Trace: [ 106.673847][ T6283] [ 106.673853][ T6283] dump_stack_lvl+0x16c/0x1f0 [ 106.673872][ T6283] should_fail_ex+0x512/0x640 [ 106.673891][ T6283] get_futex_key+0x1d0/0x1540 [ 106.673911][ T6283] ? __pfx_get_futex_key+0x10/0x10 [ 106.673938][ T6283] futex_wake+0xe7/0x4e0 [ 106.673975][ T6283] ? __pfx_futex_wake+0x10/0x10 [ 106.674011][ T6283] ? kmem_cache_free+0x2d1/0x4d0 [ 106.674032][ T6283] ? fd_install+0x225/0x750 [ 106.674060][ T6283] ? putname+0x154/0x1a0 [ 106.674080][ T6283] do_futex+0x1e3/0x350 [ 106.674098][ T6283] ? __pfx_do_futex+0x10/0x10 [ 106.674117][ T6283] ? __sys_sendmsg+0x18c/0x220 [ 106.674134][ T6283] __x64_sys_futex+0x1e0/0x4c0 [ 106.674151][ T6283] ? __x64_sys_openat+0x174/0x210 [ 106.674170][ T6283] ? __pfx___x64_sys_futex+0x10/0x10 [ 106.674194][ T6283] do_syscall_64+0xcd/0x490 [ 106.674210][ T6283] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.674224][ T6283] RIP: 0033:0x7fae7c58e9a9 [ 106.674236][ T6283] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 106.674250][ T6283] RSP: 002b:00007fae7d3680e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 106.674263][ T6283] RAX: ffffffffffffffda RBX: 00007fae7c7b5fa8 RCX: 00007fae7c58e9a9 [ 106.674272][ T6283] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fae7c7b5fac [ 106.674280][ T6283] RBP: 00007fae7c7b5fa0 R08: 00007fae7d369000 R09: 0000000000000000 [ 106.674289][ T6283] R10: 0000000000000008 R11: 0000000000000246 R12: 00007fae7c7b5fac [ 106.674297][ T6283] R13: 0000000000000000 R14: 00007ffe196035b0 R15: 00007ffe19603698 [ 106.674314][ T6283] [ 106.858317][ C0] vkms_vblank_simulate: vblank timer overrun [ 108.652733][ T6299] mkiss: ax0: crc mode is auto. [ 108.743091][ T6296] ALSA: mixer_oss: invalid OSS volume '0' [ 108.773871][ T6296] ALSA: mixer_oss: invalid OSS volume '' [ 108.913075][ T5849] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 108.923695][ T5849] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:0' [ 108.936497][ T5849] CPU: 1 UID: 0 PID: 5849 Comm: kworker/u9:4 Not tainted 6.16.0-rc7-syzkaller-00105-g2942242dde89 #0 PREEMPT(full) [ 108.936518][ T5849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 108.936528][ T5849] Workqueue: hci1 hci_rx_work [ 108.936547][ T5849] Call Trace: [ 108.936553][ T5849] [ 108.936559][ T5849] dump_stack_lvl+0x16c/0x1f0 [ 108.936577][ T5849] sysfs_warn_dup+0x7f/0xa0 [ 108.936601][ T5849] sysfs_create_dir_ns+0x24b/0x2b0 [ 108.936622][ T5849] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 108.936643][ T5849] ? find_held_lock+0x2b/0x80 [ 108.936661][ T5849] ? do_raw_spin_unlock+0x172/0x230 [ 108.936684][ T5849] kobject_add_internal+0x2c4/0x9b0 [ 108.936704][ T5849] kobject_add+0x16e/0x240 [ 108.936720][ T5849] ? __pfx_kobject_add+0x10/0x10 [ 108.936737][ T5849] ? do_raw_spin_unlock+0x172/0x230 [ 108.936759][ T5849] ? kobject_put+0xab/0x5a0 [ 108.936779][ T5849] device_add+0x288/0x1a70 [ 108.936798][ T5849] ? __pfx_dev_set_name+0x10/0x10 [ 108.936818][ T5849] ? __pfx_device_add+0x10/0x10 [ 108.936836][ T5849] ? mgmt_send_event_skb+0x2fb/0x460 [ 108.936855][ T5849] hci_conn_add_sysfs+0x17e/0x230 [ 108.936872][ T5849] le_conn_complete_evt+0x1075/0x1d70 [ 108.936901][ T5849] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 108.936922][ T5849] ? bt_warn+0xe4/0x120 [ 108.936942][ T5849] ? __pfx_bt_warn+0x10/0x10 [ 108.936967][ T5849] hci_le_conn_complete_evt+0x23c/0x370 [ 108.936994][ T5849] hci_le_meta_evt+0x357/0x5e0 [ 108.937008][ T5849] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 108.937034][ T5849] hci_event_packet+0x682/0x11c0 [ 108.937057][ T5849] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 108.937072][ T5849] ? __pfx_hci_event_packet+0x10/0x10 [ 108.937097][ T5849] ? kcov_remote_start+0x3c9/0x6d0 [ 108.937117][ T5849] ? lockdep_hardirqs_on+0x7c/0x110 [ 108.937135][ T5849] hci_rx_work+0x2c5/0x16b0 [ 108.937151][ T5849] ? rcu_is_watching+0x12/0xc0 [ 108.937168][ T5849] process_one_work+0x9cc/0x1b70 [ 108.937197][ T5849] ? __pfx_process_one_work+0x10/0x10 [ 108.937225][ T5849] ? assign_work+0x1a0/0x250 [ 108.937246][ T5849] worker_thread+0x6c8/0xf10 [ 108.937273][ T5849] ? __kthread_parkme+0x19e/0x250 [ 108.937291][ T5849] ? __pfx_worker_thread+0x10/0x10 [ 108.937312][ T5849] kthread+0x3c5/0x780 [ 108.937343][ T5849] ? __pfx_kthread+0x10/0x10 [ 108.937365][ T5849] ? rcu_is_watching+0x12/0xc0 [ 108.937380][ T5849] ? __pfx_kthread+0x10/0x10 [ 108.937401][ T5849] ret_from_fork+0x5d4/0x6f0 [ 108.937421][ T5849] ? __pfx_kthread+0x10/0x10 [ 108.937441][ T5849] ret_from_fork_asm+0x1a/0x30 [ 108.937466][ T5849] [ 108.937485][ T5849] kobject: kobject_add_internal failed for hci1:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 109.204095][ T5849] Bluetooth: hci1: failed to register connection device [ 109.549364][ T6318] FAULT_INJECTION: forcing a failure. [ 109.549364][ T6318] name failslab, interval 1, probability 0, space 0, times 0 [ 109.577536][ T6318] CPU: 0 UID: 0 PID: 6318 Comm: syz.2.82 Not tainted 6.16.0-rc7-syzkaller-00105-g2942242dde89 #0 PREEMPT(full) [ 109.577582][ T6318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 109.577599][ T6318] Call Trace: [ 109.577608][ T6318] [ 109.577618][ T6318] dump_stack_lvl+0x16c/0x1f0 [ 109.577651][ T6318] should_fail_ex+0x512/0x640 [ 109.577678][ T6318] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 109.577709][ T6318] should_failslab+0xc2/0x120 [ 109.577739][ T6318] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 109.577766][ T6318] ? security_file_alloc+0x34/0x2b0 [ 109.577809][ T6318] security_file_alloc+0x34/0x2b0 [ 109.577845][ T6318] init_file+0x93/0x4c0 [ 109.577875][ T6318] alloc_empty_file+0x73/0x1e0 [ 109.577907][ T6318] path_openat+0xda/0x2cb0 [ 109.577930][ T6318] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.577968][ T6318] ? __pfx_path_openat+0x10/0x10 [ 109.577995][ T6318] ? __lock_acquire+0xb8a/0x1c90 [ 109.578034][ T6318] do_filp_open+0x20b/0x470 [ 109.578059][ T6318] ? __pfx_do_filp_open+0x10/0x10 [ 109.578111][ T6318] ? alloc_fd+0x471/0x7d0 [ 109.578157][ T6318] do_sys_openat2+0x11b/0x1d0 [ 109.578189][ T6318] ? __pfx_do_sys_openat2+0x10/0x10 [ 109.578223][ T6318] ? __sys_sendmsg+0x18c/0x220 [ 109.578259][ T6318] __x64_sys_openat+0x174/0x210 [ 109.578291][ T6318] ? __pfx___x64_sys_openat+0x10/0x10 [ 109.578337][ T6318] do_syscall_64+0xcd/0x490 [ 109.578367][ T6318] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.578392][ T6318] RIP: 0033:0x7ff380f8e9a9 [ 109.578413][ T6318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 109.578436][ T6318] RSP: 002b:00007ff381d7f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 109.578457][ T6318] RAX: ffffffffffffffda RBX: 00007ff3811b5fa0 RCX: 00007ff380f8e9a9 [ 109.578473][ T6318] RDX: 0000000000000202 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 109.578487][ T6318] RBP: 00007ff381010d69 R08: 0000000000000000 R09: 0000000000000000 [ 109.578503][ T6318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 109.578516][ T6318] R13: 0000000000000000 R14: 00007ff3811b5fa0 R15: 00007ffc2cc3fe38 [ 109.578556][ T6318] [ 109.595803][ T6316] netlink: 8 bytes leftover after parsing attributes in process `syz.1.81'. [ 109.947950][ T6325] zswap: compressor not available [ 110.723471][ T6349] mkiss: ax0: crc mode is auto. [ 110.882123][ T5849] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 110.889810][ T5849] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 111.116672][ T6341] ALSA: mixer_oss: invalid OSS volume '0' [ 111.154247][ T6341] ALSA: mixer_oss: invalid OSS volume '' [ 111.247724][ T6358] usb usb8: usbfs: interface 0 claimed by hub while 'syz.0.92' sets config #0 [ 111.349735][ T5849] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 111.357264][ T5849] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 111.522030][ T6361] FAULT_INJECTION: forcing a failure. [ 111.522030][ T6361] name failslab, interval 1, probability 0, space 0, times 0 [ 111.547150][ T6361] CPU: 0 UID: 0 PID: 6361 Comm: syz.1.93 Not tainted 6.16.0-rc7-syzkaller-00105-g2942242dde89 #0 PREEMPT(full) [ 111.547190][ T6361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 111.547206][ T6361] Call Trace: [ 111.547215][ T6361] [ 111.547226][ T6361] dump_stack_lvl+0x16c/0x1f0 [ 111.547259][ T6361] should_fail_ex+0x512/0x640 [ 111.547294][ T6361] ? fs_reclaim_acquire+0xae/0x150 [ 111.547339][ T6361] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 111.547364][ T6361] should_failslab+0xc2/0x120 [ 111.547394][ T6361] __kmalloc_noprof+0xd2/0x510 [ 111.547431][ T6361] tomoyo_realpath_from_path+0xc2/0x6e0 [ 111.547475][ T6361] tomoyo_check_open_permission+0x2ab/0x3c0 [ 111.547512][ T6361] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 111.547546][ T6361] ? proc_sys_lookup+0x2ee/0x410 [ 111.547617][ T6361] ? find_held_lock+0x2b/0x80 [ 111.547655][ T6361] tomoyo_file_open+0x6b/0x90 [ 111.547686][ T6361] security_file_open+0x84/0x1e0 [ 111.547725][ T6361] do_dentry_open+0x596/0x1c10 [ 111.547768][ T6361] vfs_open+0x82/0x3f0 [ 111.547805][ T6361] path_openat+0x1de4/0x2cb0 [ 111.547844][ T6361] ? __pfx_path_openat+0x10/0x10 [ 111.547873][ T6361] ? __lock_acquire+0xb8a/0x1c90 [ 111.547917][ T6361] do_filp_open+0x20b/0x470 [ 111.547959][ T6361] ? __pfx_do_filp_open+0x10/0x10 [ 111.548016][ T6361] ? alloc_fd+0x471/0x7d0 [ 111.548065][ T6361] do_sys_openat2+0x11b/0x1d0 [ 111.548104][ T6361] ? __pfx_do_sys_openat2+0x10/0x10 [ 111.548142][ T6361] ? __sys_sendmsg+0x18c/0x220 [ 111.548179][ T6361] __x64_sys_openat+0x174/0x210 [ 111.548212][ T6361] ? __pfx___x64_sys_openat+0x10/0x10 [ 111.548271][ T6361] do_syscall_64+0xcd/0x490 [ 111.548300][ T6361] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.548335][ T6361] RIP: 0033:0x7f2708b8e9a9 [ 111.548357][ T6361] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 111.548384][ T6361] RSP: 002b:00007f2709a67038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 111.548413][ T6361] RAX: ffffffffffffffda RBX: 00007f2708db5fa0 RCX: 00007f2708b8e9a9 [ 111.548430][ T6361] RDX: 0000000000101202 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 111.548446][ T6361] RBP: 00007f2708c10d69 R08: 0000000000000000 R09: 0000000000000000 [ 111.548461][ T6361] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 111.548476][ T6361] R13: 0000000000000000 R14: 00007f2708db5fa0 R15: 00007fff9a215768 [ 111.548515][ T6361] [ 111.548561][ T6361] ERROR: Out of memory at tomoyo_realpath_from_path. [ 111.751404][ T6364] netlink: 8 bytes leftover after parsing attributes in process `syz.0.94'. [ 112.184508][ T6375] usb usb8: usbfs: interface 0 claimed by hub while 'syz.2.98' sets config #0 [ 112.231839][ T6369] zswap: compressor not available [ 112.281144][ T5165] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 112.290205][ T5165] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 113.025034][ T6394] FAULT_INJECTION: forcing a failure. [ 113.025034][ T6394] name failslab, interval 1, probability 0, space 0, times 0 [ 113.055979][ T6394] CPU: 1 UID: 0 PID: 6394 Comm: syz.1.104 Not tainted 6.16.0-rc7-syzkaller-00105-g2942242dde89 #0 PREEMPT(full) [ 113.056022][ T6394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 113.056038][ T6394] Call Trace: [ 113.056046][ T6394] [ 113.056057][ T6394] dump_stack_lvl+0x16c/0x1f0 [ 113.056087][ T6394] should_fail_ex+0x512/0x640 [ 113.056113][ T6394] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 113.056145][ T6394] should_failslab+0xc2/0x120 [ 113.056175][ T6394] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 113.056205][ T6394] ? getname_flags.part.0+0x4c/0x550 [ 113.056242][ T6394] getname_flags.part.0+0x4c/0x550 [ 113.056282][ T6394] getname_flags+0x93/0xf0 [ 113.056318][ T6394] do_sys_openat2+0xb8/0x1d0 [ 113.056349][ T6394] ? __pfx_do_sys_openat2+0x10/0x10 [ 113.056382][ T6394] ? __sys_sendmsg+0x18c/0x220 [ 113.056417][ T6394] __x64_sys_openat+0x174/0x210 [ 113.056448][ T6394] ? __pfx___x64_sys_openat+0x10/0x10 [ 113.056493][ T6394] do_syscall_64+0xcd/0x490 [ 113.056518][ T6394] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.056543][ T6394] RIP: 0033:0x7f2708b8e9a9 [ 113.056563][ T6394] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 113.056585][ T6394] RSP: 002b:00007f2709a67038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 113.056608][ T6394] RAX: ffffffffffffffda RBX: 00007f2708db5fa0 RCX: 00007f2708b8e9a9 [ 113.056624][ T6394] RDX: 0000000000000202 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 113.056640][ T6394] RBP: 00007f2708c10d69 R08: 0000000000000000 R09: 0000000000000000 [ 113.056655][ T6394] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 113.056670][ T6394] R13: 0000000000000000 R14: 00007f2708db5fa0 R15: 00007fff9a215768 [ 113.056704][ T6394] [ 113.199006][ T6386] mkiss: ax0: crc mode is auto. [ 113.200701][ T6385] ALSA: mixer_oss: invalid OSS volume '0' [ 113.200724][ T6385] ALSA: mixer_oss: invalid OSS volume '' [ 113.309943][ T6396] zswap: compressor not available [ 113.666998][ T6407] netlink: 8 bytes leftover after parsing attributes in process `syz.3.106'. [ 113.822385][ T6411] zswap: compressor not available [ 113.992527][ T6423] usb usb8: usbfs: interface 0 claimed by hub while 'syz.0.110' sets config #0 [ 114.149276][ T5849] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 114.156816][ T5849] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 114.318769][ T6431] FAULT_INJECTION: forcing a failure. [ 114.318769][ T6431] name failslab, interval 1, probability 0, space 0, times 0 [ 114.334346][ T6431] CPU: 1 UID: 0 PID: 6431 Comm: syz.2.113 Not tainted 6.16.0-rc7-syzkaller-00105-g2942242dde89 #0 PREEMPT(full) [ 114.334383][ T6431] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 114.334398][ T6431] Call Trace: [ 114.334407][ T6431] [ 114.334417][ T6431] dump_stack_lvl+0x16c/0x1f0 [ 114.334450][ T6431] should_fail_ex+0x512/0x640 [ 114.334477][ T6431] ? fs_reclaim_acquire+0xae/0x150 [ 114.334514][ T6431] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 114.334538][ T6431] should_failslab+0xc2/0x120 [ 114.334567][ T6431] __kmalloc_noprof+0xd2/0x510 [ 114.334602][ T6431] tomoyo_realpath_from_path+0xc2/0x6e0 [ 114.334630][ T6431] ? tomoyo_profile+0x47/0x60 [ 114.334661][ T6431] tomoyo_path_perm+0x274/0x460 [ 114.334692][ T6431] ? tomoyo_path_perm+0x260/0x460 [ 114.334728][ T6431] ? __pfx_tomoyo_path_perm+0x10/0x10 [ 114.334801][ T6431] ? __pfx_ima_file_check+0x10/0x10 [ 114.334835][ T6431] ? hook_file_truncate+0xc7/0x250 [ 114.334879][ T6431] security_file_truncate+0x84/0x1e0 [ 114.334919][ T6431] path_openat+0xc10/0x2cb0 [ 114.334958][ T6431] ? __pfx_path_openat+0x10/0x10 [ 114.334986][ T6431] ? __lock_acquire+0xb8a/0x1c90 [ 114.335024][ T6431] do_filp_open+0x20b/0x470 [ 114.335049][ T6431] ? __pfx_do_filp_open+0x10/0x10 [ 114.335102][ T6431] ? alloc_fd+0x471/0x7d0 [ 114.335150][ T6431] do_sys_openat2+0x11b/0x1d0 [ 114.335182][ T6431] ? __pfx_do_sys_openat2+0x10/0x10 [ 114.335216][ T6431] ? __sys_sendmsg+0x18c/0x220 [ 114.335252][ T6431] __x64_sys_openat+0x174/0x210 [ 114.335285][ T6431] ? __pfx___x64_sys_openat+0x10/0x10 [ 114.335333][ T6431] do_syscall_64+0xcd/0x490 [ 114.335363][ T6431] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.335389][ T6431] RIP: 0033:0x7ff380f8e9a9 [ 114.335409][ T6431] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 114.335434][ T6431] RSP: 002b:00007ff381d7f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 114.335458][ T6431] RAX: ffffffffffffffda RBX: 00007ff3811b5fa0 RCX: 00007ff380f8e9a9 [ 114.335476][ T6431] RDX: 0000000000101202 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 114.335492][ T6431] RBP: 00007ff381010d69 R08: 0000000000000000 R09: 0000000000000000 [ 114.335507][ T6431] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 114.335522][ T6431] R13: 0000000000000000 R14: 00007ff3811b5fa0 R15: 00007ffc2cc3fe38 [ 114.335559][ T6431] [ 114.335569][ T6431] ERROR: Out of memory at tomoyo_realpath_from_path. syzkaller syzkaller login: [ 115.314163][ T6444] zswap: compressor not available [ 115.480665][ T6449] netlink: 8 bytes leftover after parsing attributes in process `syz.0.117'. [ 115.912843][ T6459] zswap: compressor not available [ 116.343180][ T6464] ALSA: mixer_oss: invalid OSS volume '0' [ 116.389386][ T6464] ALSA: mixer_oss: invalid OSS volume '' [ 116.457977][ T6479] usb usb8: usbfs: interface 0 claimed by hub while 'syz.2.122' sets config #0 [ 116.514193][ T5849] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 116.521798][ T5849] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection syzkaller syzkaller login: [ 116.830015][ T6494] FAULT_INJECTION: forcing a failure. [ 116.830015][ T6494] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 116.873725][ T6494] CPU: 0 UID: 0 PID: 6494 Comm: syz.1.125 Not tainted 6.16.0-rc7-syzkaller-00105-g2942242dde89 #0 PREEMPT(full) [ 116.873766][ T6494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 116.873782][ T6494] Call Trace: [ 116.873790][ T6494] [ 116.873800][ T6494] dump_stack_lvl+0x16c/0x1f0 [ 116.873833][ T6494] should_fail_ex+0x512/0x640 [ 116.873867][ T6494] strncpy_from_user+0x3b/0x2e0 [ 116.873917][ T6494] getname_flags.part.0+0x8f/0x550 [ 116.873959][ T6494] getname_flags+0x93/0xf0 [ 116.873997][ T6494] do_sys_openat2+0xb8/0x1d0 [ 116.874028][ T6494] ? __pfx_do_sys_openat2+0x10/0x10 [ 116.874063][ T6494] ? __sys_sendmsg+0x18c/0x220 [ 116.874103][ T6494] __x64_sys_openat+0x174/0x210 [ 116.874136][ T6494] ? __pfx___x64_sys_openat+0x10/0x10 [ 116.874181][ T6494] do_syscall_64+0xcd/0x490 [ 116.874211][ T6494] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.874238][ T6494] RIP: 0033:0x7f2708b8e9a9 [ 116.874259][ T6494] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 116.874282][ T6494] RSP: 002b:00007f2709a67038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 116.874307][ T6494] RAX: ffffffffffffffda RBX: 00007f2708db5fa0 RCX: 00007f2708b8e9a9 [ 116.874325][ T6494] RDX: 0000000000000202 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 116.874342][ T6494] RBP: 00007f2708c10d69 R08: 0000000000000000 R09: 0000000000000000 [ 116.874358][ T6494] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 116.874373][ T6494] R13: 0000000000000000 R14: 00007f2708db5fa0 R15: 00007fff9a215768 [ 116.874407][ T6494] [ 117.036619][ C0] vkms_vblank_simulate: vblank timer overrun [ 117.200911][ T6499] netlink: 8 bytes leftover after parsing attributes in process `syz.2.128'. [ 118.095444][ T5165] ================================================================== [ 118.103559][ T5165] BUG: KASAN: vmalloc-out-of-bounds in hci_devcd_dump+0x142/0x240 [ 118.111389][ T5165] Read of size 140 at addr ffffc9000bd81000 by task kworker/u9:1/5165 [ 118.119542][ T5165] [ 118.121869][ T5165] CPU: 1 UID: 0 PID: 5165 Comm: kworker/u9:1 Not tainted 6.16.0-rc7-syzkaller-00105-g2942242dde89 #0 PREEMPT(full) [ 118.121896][ T5165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 118.121911][ T5165] Workqueue: hci0 hci_devcd_timeout [ 118.121943][ T5165] Call Trace: [ 118.121951][ T5165] [ 118.121960][ T5165] dump_stack_lvl+0x116/0x1f0 [ 118.121982][ T5165] print_report+0xcd/0x630 [ 118.122005][ T5165] ? __virt_addr_valid+0x81/0x610 [ 118.122031][ T5165] ? hci_devcd_dump+0x142/0x240 [ 118.122058][ T5165] kasan_report+0xe0/0x110 [ 118.122081][ T5165] ? hci_devcd_dump+0x142/0x240 [ 118.122113][ T5165] kasan_check_range+0x100/0x1b0 [ 118.122140][ T5165] __asan_memcpy+0x23/0x60 [ 118.122170][ T5165] hci_devcd_dump+0x142/0x240 [ 118.122200][ T5165] hci_devcd_timeout+0xb5/0x2e0 [ 118.122228][ T5165] ? rcu_is_watching+0x12/0xc0 [ 118.122252][ T5165] process_one_work+0x9cc/0x1b70 [ 118.122289][ T5165] ? __pfx_process_one_work+0x10/0x10 [ 118.122324][ T5165] ? assign_work+0x1a0/0x250 [ 118.122353][ T5165] worker_thread+0x6c8/0xf10 [ 118.122387][ T5165] ? __kthread_parkme+0x19e/0x250 [ 118.122412][ T5165] ? __pfx_worker_thread+0x10/0x10 [ 118.122443][ T5165] kthread+0x3c5/0x780 [ 118.122477][ T5165] ? __pfx_kthread+0x10/0x10 [ 118.122506][ T5165] ? rcu_is_watching+0x12/0xc0 [ 118.122527][ T5165] ? __pfx_kthread+0x10/0x10 [ 118.122556][ T5165] ret_from_fork+0x5d4/0x6f0 [ 118.122583][ T5165] ? __pfx_kthread+0x10/0x10 [ 118.122611][ T5165] ret_from_fork_asm+0x1a/0x30 [ 118.122641][ T5165] [ 118.122648][ T5165] [ 118.274617][ T5165] The buggy address belongs to a vmalloc virtual mapping [ 118.281657][ T5165] Memory state around the buggy address: [ 118.287290][ T5165] ffffc9000bd80f00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 118.295364][ T5165] ffffc9000bd80f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 118.303420][ T5165] >ffffc9000bd81000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 118.311478][ T5165] ^ [ 118.315540][ T5165] ffffc9000bd81080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 118.323596][ T5165] ffffc9000bd81100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 118.331650][ T5165] ================================================================== [ 118.354053][ T5165] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 118.361281][ T5165] CPU: 1 UID: 0 PID: 5165 Comm: kworker/u9:1 Not tainted 6.16.0-rc7-syzkaller-00105-g2942242dde89 #0 PREEMPT(full) [ 118.373429][ T5165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 118.383494][ T5165] Workqueue: hci0 hci_devcd_timeout [ 118.388717][ T5165] Call Trace: [ 118.391994][ T5165] [ 118.394925][ T5165] dump_stack_lvl+0x3d/0x1f0 [ 118.399522][ T5165] panic+0x71c/0x800 [ 118.403427][ T5165] ? __pfx_panic+0x10/0x10 [ 118.407857][ T5165] ? mark_held_locks+0x49/0x80 [ 118.412634][ T5165] ? preempt_schedule_thunk+0x16/0x30 [ 118.418013][ T5165] ? hci_devcd_dump+0x142/0x240 [ 118.422876][ T5165] ? preempt_schedule_common+0x44/0xc0 [ 118.428351][ T5165] ? check_panic_on_warn+0x1f/0xb0 [ 118.433479][ T5165] ? hci_devcd_dump+0x142/0x240 [ 118.438370][ T5165] check_panic_on_warn+0xab/0xb0 [ 118.443318][ T5165] end_report+0x107/0x170 [ 118.447655][ T5165] kasan_report+0xee/0x110 [ 118.452078][ T5165] ? hci_devcd_dump+0x142/0x240 [ 118.456946][ T5165] kasan_check_range+0x100/0x1b0 [ 118.461892][ T5165] __asan_memcpy+0x23/0x60 [ 118.466320][ T5165] hci_devcd_dump+0x142/0x240 [ 118.471007][ T5165] hci_devcd_timeout+0xb5/0x2e0 [ 118.475869][ T5165] ? rcu_is_watching+0x12/0xc0 [ 118.480641][ T5165] process_one_work+0x9cc/0x1b70 [ 118.485600][ T5165] ? __pfx_process_one_work+0x10/0x10 [ 118.490993][ T5165] ? assign_work+0x1a0/0x250 [ 118.495594][ T5165] worker_thread+0x6c8/0xf10 [ 118.500199][ T5165] ? __kthread_parkme+0x19e/0x250 [ 118.505230][ T5165] ? __pfx_worker_thread+0x10/0x10 [ 118.510353][ T5165] kthread+0x3c5/0x780 [ 118.514432][ T5165] ? __pfx_kthread+0x10/0x10 [ 118.519034][ T5165] ? rcu_is_watching+0x12/0xc0 [ 118.523799][ T5165] ? __pfx_kthread+0x10/0x10 [ 118.528397][ T5165] ret_from_fork+0x5d4/0x6f0 [ 118.533003][ T5165] ? __pfx_kthread+0x10/0x10 [ 118.537603][ T5165] ret_from_fork_asm+0x1a/0x30 [ 118.542378][ T5165] [ 118.545621][ T5165] Kernel Offset: disabled [ 118.549936][ T5165] Rebooting in 86400 seconds..