last executing test programs: 20m47.634482648s ago: executing program 0 (id=1169): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/binder/parameters/stop_on_user_error\x00', 0x2, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000100)='1', 0x1) 20m47.444041616s ago: executing program 0 (id=1172): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000080), 0x2000, 0x0) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, 0x0) r1 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000980)='/proc/self/pagemap\x00', 0x80800, 0x0) read$auto(r1, 0x0, 0x39b8) r2 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000180)='ns/uts\x00') ioctl$auto(0x3, 0xc0383e04, r2) 20m47.342375025s ago: executing program 0 (id=1173): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000062c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bond_slave_0\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_LINKMODES_GET(r0, &(0x7f00000000c0)={0xfffffffffffffffd, 0x0, &(0x7f0000006340)={&(0x7f0000000100)={0x28, r1, 0x38f, 0x70bd29, 0x25dfdbfb, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x4044040}, 0x4000) r3 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000840), r4) sendmsg$auto_OVS_CT_LIMIT_CMD_SET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000006400)=ANY=[@ANYBLOB="8e560000", @ANYRES16=r5, @ANYBLOB="01002ebd5100fbcbdf250100000004000180072e0180"], 0x2e20}, 0x1, 0x0, 0x0, 0x2000c040}, 0x4) openat$auto_dvb_dvr_fops_dmxdev(0xffffffffffffff9c, 0x0, 0x42a120, 0x0) r6 = getpid() r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_OVS_CT_LIMIT_CMD_DEL(r7, &(0x7f0000003480)={0x0, 0x0, &(0x7f0000003440)={&(0x7f0000000480)=ANY=[@ANYBLOB="42000000d32f9d30eedbea29a383b6ac3f338d8295d4810510763b3d7bc1913b16efa5b73e1c2a9681cf7d2ebe600d3dfe7d26927add6765975f1b08b919f9fb450a598fb7c0f25d66bf16271b7ce971306417fade772d3d82555f1fb45beb1b72ae684454153feed1578f0ea689bd3c6cce469611c724b2ff6fb1a46276fcfb20e418b098993c0ecae6f07b00bd4072c77b2411701faf426f40533e8fbd834b53b0168cfff6b046c2e90198a18001e65828e6749a680f4b34ac9666c5209113c3f1e1331e910e4b798732a28266ad60b9faf3a5930e5970e9d2a2704c46daedc9914d736d6c45acad3c9c0f7c902c57cd5993d3a733bc3140a28950ee5fc0bbc150a226e90717a2f94c43073457f80184a98f659070e113669a90ad5d6acc2a72e68eaf74e12da78cf06e768f3fc9ab511529", @ANYRES16=r8, @ANYBLOB="010029bd7000fedbdf250200000004000180200001801c002f8014004200fe8000000000000000000000000000aa0400f780"], 0x38}, 0x1, 0x0, 0x0, 0x40c4}, 0xc000) process_vm_readv$auto(r6, &(0x7f0000000000)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={&(0x7f0000000140), 0x40000000001243}, 0xa, 0x0) sendmsg$auto_NL802154_CMD_SET_CCA_ED_LEVEL(r0, &(0x7f0000000440)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000400)={&(0x7f00000001c0)={0x54, 0x0, 0x20, 0x70bd25, 0x25dfdbfc, {}, [@NL802154_ATTR_SEC_OUT_LEVEL={0x8, 0x2a, 0x8}, @NL802154_ATTR_MAX_BE={0x5, 0x10, 0x7}, @NL802154_ATTR_TX_POWER={0x8, 0xb, 0x1a9}, @NL802154_ATTR_PAN_ID={0x6, 0x9, 0x7}, @NL802154_ATTR_CHANNEL={0x5, 0x8, 0xff}, @NL802154_ATTR_MAX_CSMA_BACKOFFS={0x5, 0x12, 0x33}, @NL802154_ATTR_SCAN_TYPE={0x5, 0x1f, 0x3}, @NL802154_ATTR_CCA_ED_LEVEL={0x8, 0xe, 0x3ff}]}, 0x54}, 0x1, 0x0, 0x0, 0x85}, 0x80c1) r9 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000bc0)='/dev/dsp\x00', 0x1, 0x0) ioctl$auto_SNDCTL_DSP_GETODELAY(r9, 0x80045017, &(0x7f0000000c00)) socket(0x1d, 0x1, 0x2300) pwrite64$auto(0xc8, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x89\x06s\x1cJ\x99\x8a>c\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3) ioctl$auto(0x3, 0x400454ca, 0x38) r10 = openat$auto_safesetid_uid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000b00), 0x40042, 0x0) read$auto(r10, 0x0, 0x4) ioctl$auto_TUNSETTXFILTER(r3, 0x400454d1, 0x0) r11 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r11, 0xaf01, 0x5) ioctl$auto(r11, 0x4004af07, 0xffffffffffffffff) socket(0x26, 0x2, 0x100) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x40, 0x10006, 0x0) shutdown$auto(0x200000003, 0x2) 20m47.137154596s ago: executing program 0 (id=1178): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8400) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r0 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) pread64$auto(r0, 0x0, 0x7ff, 0x400) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x0, 0x27, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da07, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/ipv4/conf/ip6tnl0/bootp_relay\x00', 0x5014c0, 0x0) select$auto(0x8, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0xfffffffffffffffa, 0x948b, 0x3, 0x15f4da0a, 0x7, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0xc, 0x2, 0x6]}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x8800) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) ioctl$auto(0x3, 0x2287, 0xffffffffffffffff) socket(0x23, 0x80805, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x9, 0x8000) r2 = socket(0x15, 0xa, 0xfffffffb) getsockopt$auto(r2, 0x114, 0x2714, 0xfffffffffffffffc, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcsu\x00', 0x108002, 0x0) read$auto_vcs_fops_vc_screen(r3, &(0x7f0000000080)=""/238, 0xffffffe9) r4 = openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) read$auto_nvram_misc_fops_nvram(r4, &(0x7f0000000080)=""/209, 0xd1) ioctl$auto_NVRAM_INIT(r4, 0x7040, 0x0) membarrier$auto(0x2, 0x0, 0x9) r5 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x401, 0x0) write$auto_proc_mem_operations_base(r5, &(0x7f0000001680)="a7", 0x80000) prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0) prctl$auto(0x43, 0x0, 0x0, 0x0, 0x0) msync$auto(0xf, 0x5, 0xd362) 20m45.603013957s ago: executing program 0 (id=1183): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2b, 0x1, 0x1) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) (async) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0x8a240, 0x0) (async) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, 0x0, 0x440, 0x0) (async) r0 = socket(0x29, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20b82, 0x0) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/block/ram0/io-timeout-fail\x00', 0x2, 0x0) (rerun: 64) write$auto(r2, &(0x7f0000000100)='9\x00d1L\xff\x15\xba\xa17=(\xc1\xf8\xff\xff\v\xb5^\xa1/[', 0x8) (async) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket(0x10, 0x2, 0x14) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000000a14af"], 0x14}, 0x1, 0x0, 0x0, 0x80c3}, 0x0) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0xffffffffffffff14, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYRES8=r3], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x200440c0) (async, rerun: 64) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfc7c, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x40c0}, 0x48050) (async, rerun: 64) sendmmsg$auto(r4, &(0x7f0000000080)={{0x0, 0x8001c01, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x1}, 0x7}, 0x3d55, 0x0) (async) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000080), r5) sendto$auto(r0, &(0x7f0000000300)="04cb8b0728edf11b884069e25b7e362364e7bf9b673fd5734da596556884a909e59d74cca9445100eab59b029cf8767f8564248a1b2b7f4e7bc9ac29692823c5326823bc5be7b365eb3e373fb88f6f55546eec6a151a84e5c03bd4f058834f8aab0ccbb87a363a5a7a9b0b28263780043f52272b72344f7e4ee4d71102afb99f7b80e9a1ed0572b7afa4eedb70230bff8f06694c1cf55a75f7816c75ccf3f412b949b0e7a5a4a41077", 0x8001, 0x400, &(0x7f0000000280)=@nl=@unspec, 0x7) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000dc0)={&(0x7f0000000100)=ANY=[@ANYBLOB="6800cb101ab48ac98faf406b5e324160b42a74e372ee305b556f8bf05f173e640f89bd449c71a4962d2b9a2775d7138c20e7a3257233bdb95a7dc16937154cafafcf5c355f7d9d49bc9ae73b1b675f0549509a284526298724eadac8ce0030b1f8b6b162d2207594a1598ef28f32afc899fbb28d03d7f132a4c996419624ea9e1f2b1f5ca68c7dda8679b14862789e147b4851587d2c5d55e53724407ef0ee63848aee4ba858a5c479ada7b727812b461526318781269efd86da187b6ea516ef448be31b2b4be09b1da9b0a800"/218, @ANYRES16=r6, @ANYBLOB="08002abd7000fbdbdf250400000014001a80100004800c0001800500070004000000"], 0x28}, 0x1, 0x0, 0x0, 0x4008040}, 0x20000801) 20m45.170362711s ago: executing program 0 (id=1185): mmap$auto(0x0, 0x20007, 0x80000000000000df, 0x10004000eb1, 0x8, 0x8000) (async) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) (async) sendmmsg$auto(0xffffffffffffffff, &(0x7f00000000c0)={{0x0, 0x6, 0x0, 0x87, &(0x7f0000000040)="c74e1ce1137494fde9df2f64834c6096c269be2f844fddb8680f4ae8bc2700"/40, 0x8001, 0x5f7676ca}, 0x8008}, 0x1, 0x6) (async) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0xff, 0x0, 0x1, 0x3}, 0xed7138c}, 0xb, 0x0) (async) r0 = openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, &(0x7f0000004080)='/sys/kernel/debug/zswap/pool_total_size\x00', 0x2, 0x0) (async) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/jbd2/sda1-8/info\x00', 0x2, 0x0) (async) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) r2 = ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) init_module$auto(0x0, 0xffff9, 0x0) (async) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) (async) mmap$auto(0xeffd, 0x8, 0x1000000003, 0x19, r2, 0x8000) move_pages$auto(0x0, 0x2e747e76, 0x0, 0x0, 0x0, 0x2) socketpair$auto(0x1d, 0x6, 0x3, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) (async) open(0x0, 0x22240, 0x118) socket(0x2, 0x1, 0x0) setsockopt$auto(0x3, 0x6, 0x17, 0x0, 0xfb3) (async) r3 = getpid() process_vm_readv$auto(r3, &(0x7f0000000140)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) bpf$auto(0x5, 0x0, 0x7) close_range$auto(0x0, 0xfffffffffffff001, 0x2) (async) socket(0x11, 0x80003, 0x300) (async) socket(0x29, 0x5, 0x0) (async) open(0x0, 0xea640, 0xb5d1af1605322d96) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/workqueue/nvme-reset-wq/cpumask\x00', 0x8802, 0x0) (async) write$auto(0x3, 0x0, 0xfdef) (async) read$auto(r0, &(0x7f0000000000)='#.&\x00', 0xc1) (async) madvise$auto(0x0, 0x8000000000000000, 0x15) socket(0x18, 0x2, 0x0) 20m29.987991063s ago: executing program 32 (id=1185): mmap$auto(0x0, 0x20007, 0x80000000000000df, 0x10004000eb1, 0x8, 0x8000) (async) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) (async) sendmmsg$auto(0xffffffffffffffff, &(0x7f00000000c0)={{0x0, 0x6, 0x0, 0x87, &(0x7f0000000040)="c74e1ce1137494fde9df2f64834c6096c269be2f844fddb8680f4ae8bc2700"/40, 0x8001, 0x5f7676ca}, 0x8008}, 0x1, 0x6) (async) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0xff, 0x0, 0x1, 0x3}, 0xed7138c}, 0xb, 0x0) (async) r0 = openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, &(0x7f0000004080)='/sys/kernel/debug/zswap/pool_total_size\x00', 0x2, 0x0) (async) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/jbd2/sda1-8/info\x00', 0x2, 0x0) (async) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) r2 = ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) init_module$auto(0x0, 0xffff9, 0x0) (async) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) (async) mmap$auto(0xeffd, 0x8, 0x1000000003, 0x19, r2, 0x8000) move_pages$auto(0x0, 0x2e747e76, 0x0, 0x0, 0x0, 0x2) socketpair$auto(0x1d, 0x6, 0x3, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) (async) open(0x0, 0x22240, 0x118) socket(0x2, 0x1, 0x0) setsockopt$auto(0x3, 0x6, 0x17, 0x0, 0xfb3) (async) r3 = getpid() process_vm_readv$auto(r3, &(0x7f0000000140)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) bpf$auto(0x5, 0x0, 0x7) close_range$auto(0x0, 0xfffffffffffff001, 0x2) (async) socket(0x11, 0x80003, 0x300) (async) socket(0x29, 0x5, 0x0) (async) open(0x0, 0xea640, 0xb5d1af1605322d96) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/workqueue/nvme-reset-wq/cpumask\x00', 0x8802, 0x0) (async) write$auto(0x3, 0x0, 0xfdef) (async) read$auto(r0, &(0x7f0000000000)='#.&\x00', 0xc1) (async) madvise$auto(0x0, 0x8000000000000000, 0x15) socket(0x18, 0x2, 0x0) 17m36.056734076s ago: executing program 2 (id=1829): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/loop5/mq/0/nr_reserved_tags\x00', 0x80880, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_mac80211_hwsim(0x0, 0xffffffffffffffff) openat$auto_transactions_fops_(0xffffffffffffff9c, 0x0, 0x40, 0x0) sendmsg$auto_WG_CMD_GET_DEVICE(0xffffffffffffffff, 0x0, 0x4) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_REPORT_PMSR(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000240)={0x20, r1, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@HWSIM_ATTR_ADDR_TRANSMITTER={0xa, 0x2, "9e6a5f99bb0e"}]}, 0x20}, 0x1, 0x0, 0x0, 0x4}, 0x0) r2 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/security/tomoyo/audit\x00', 0x20080, 0x0) read$auto_tomoyo_operations_securityfs_if(r2, 0x0, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) socket(0x11, 0x3, 0x9) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_NET_GET(r3, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000400)={0x14, r4, 0x492a92567041df2f, 0x70bd2d, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x20000000) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) read$auto(0x3, 0x0, 0x8) 17m35.024478067s ago: executing program 2 (id=1830): openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000340)='/sys/kernel/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x96141, 0x0) r0 = socket(0x1b, 0x3, 0x76) madvise$auto(0x0, 0x2000040080000004, 0xe) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r1, &(0x7f0000000040)='//\xf2\x00', 0x80000000) getsockopt$auto_SO_RCVPRIORITY(r0, 0x2, 0x52, 0x0, &(0x7f0000000240)=0x7) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) syz_clone(0x4040400, 0x0, 0x0, 0x0, 0x0, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xaa102, 0x0) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82040, 0x0) socket(0xa, 0x1, 0x100) modify_ldt$auto(0x1, 0x0, 0x10) r3 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0xc0000, 0x0) pread64$auto(r3, 0x0, 0x7ff, 0x400) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x7, 0x0, 0x0, &(0x7f0000000240)={[0x1ff, 0x7, 0xd, 0x1, 0x400000000000948f, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x90000001, 0x3, 0x1, 0x5, 0x5]}, 0x0) write$auto(r4, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) ioctl$auto(0xffffffffffffffff, 0x400454cb, 0x5) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) mmap$auto(0xc, 0x20009, 0x5, 0x14, 0xffffffffffffffff, 0x0) unshare$auto(0x40000080) 17m31.171097831s ago: executing program 2 (id=1837): prctl$auto(0x23, 0x7, 0x2008, 0x0, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r0, 0x0, 0x0) 17m30.985848189s ago: executing program 2 (id=1838): mmap$auto(0x0, 0x8, 0xe2, 0x9b72, 0x2, 0x8000) r0 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8040, 0x0) io_uring_setup$auto(0xc, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r0, 0x403c6f2b, 0x0) read$auto(0x3, 0x0, 0x80) readv$auto(0x3, &(0x7f00000002c0)={0x0, 0x8}, 0x8) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0xa00006, 0x400002, 0x40eb1, 0x602, 0x300000000000) r1 = socket(0x2, 0x1, 0x106) bind$auto(r1, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) r2 = openat$auto_trace_time_stamp_mode_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/tracing/timestamp_mode\x00', 0x300, 0x0) read$auto_trace_time_stamp_mode_fops_trace(r2, &(0x7f0000008340)=""/88, 0x58) bind$auto(0x3, 0x0, 0x6a) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x109001, 0x0) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/pcmC1D1p\x00', 0x80201, 0x0) 17m30.493136445s ago: executing program 2 (id=1841): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20342, 0x0) close_range$auto(0x2, 0xfffffffffffff000, 0x2) bpf$auto(0x8000000000000020, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x4) sendmsg$auto_HWSIM_CMD_TX_INFO_FRAME(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)={0x24, 0x0, 0x300, 0x70bd26, 0x25dfdbfb, {}, [@HWSIM_ATTR_ADDR_TRANSMITTER={0x9, 0x2, "cacd2dff11"}, @HWSIM_ATTR_NO_VIF={0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x800}, 0xb06af94f6e038a6) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x10, 0x2, 0x14) socket$nl_generic(0x10, 0x3, 0x10) pidfd_open$auto(0x1, 0x0) socket(0x10, 0x2, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x0) read$auto(0x3, 0x0, 0x7) 17m29.300631968s ago: executing program 2 (id=1842): r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x13, 0x202000a, 0x8000000000000003, 0x4000000019, r0, 0xffffffffffffffff) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), 0xffffffffffffffff) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, r1, 0x8000) close_range$auto(r1, 0x8, 0x0) ioctl$auto_dma_heap_fops_dma_heap(0xffffffffffffffff, 0xffffffffffdffe00, &(0x7f0000000140)=';') socket(0x21, 0x2, 0x2) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) accept$auto(0x3, 0xffffffffffffffff, 0xffffffffffffffff) openat$auto_ecryptfs_miscdev_fops_miscdev(0xffffffffffffff9c, &(0x7f0000000040), 0x18000, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, 0x0, 0x42c883, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, r0, 0x28000) prctl$auto(0x1000000003b, 0x4, 0x0, 0x9, 0x7) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) setgroups$auto(0x10001, &(0x7f0000000080)=0x1) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) getpid() openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0}, 0x5) r3 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r3, &(0x7f0000000040)='nbd\x00', 0x4) setresuid$auto(0x2, 0x7, 0x8080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(0x3, 0x6, 0x15, 0x0, 0xfb3) 17m14.15318546s ago: executing program 33 (id=1842): r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x13, 0x202000a, 0x8000000000000003, 0x4000000019, r0, 0xffffffffffffffff) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), 0xffffffffffffffff) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, r1, 0x8000) close_range$auto(r1, 0x8, 0x0) ioctl$auto_dma_heap_fops_dma_heap(0xffffffffffffffff, 0xffffffffffdffe00, &(0x7f0000000140)=';') socket(0x21, 0x2, 0x2) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) accept$auto(0x3, 0xffffffffffffffff, 0xffffffffffffffff) openat$auto_ecryptfs_miscdev_fops_miscdev(0xffffffffffffff9c, &(0x7f0000000040), 0x18000, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, 0x0, 0x42c883, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, r0, 0x28000) prctl$auto(0x1000000003b, 0x4, 0x0, 0x9, 0x7) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) setgroups$auto(0x10001, &(0x7f0000000080)=0x1) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) getpid() openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0}, 0x5) r3 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r3, &(0x7f0000000040)='nbd\x00', 0x4) setresuid$auto(0x2, 0x7, 0x8080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(0x3, 0x6, 0x15, 0x0, 0xfb3) 9m5.743949529s ago: executing program 4 (id=3753): r0 = prctl$auto(0x3a, 0x1, 0x0, 0x2, 0x203) bind$auto(r0, 0x0, 0x7fffffff) openat$auto_tun_fops_tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D3\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r3 = socket(0x1d, 0x3, 0x1) getsockopt$auto(r3, 0x65, 0x2, 0xffffffffffffffff, 0x0) write$auto(r1, &(0x7f00000000c0)='/dev/audio1\x00', 0x100000a3d9) write$auto(r2, 0x0, 0x9) mmap$auto(0x0, 0x40009, 0xdf, 0x10000000009b72, 0x7, 0x28000) arch_prctl$auto_ARCH_MAP_VDSO_32(0x2002, 0x1490) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) socket(0xa, 0x3, 0x3a) semctl$auto(0x80001ff, 0x804, 0x13, 0x4) setsockopt$auto(0x400000000000003, 0x29, 0xd2, 0x0, 0x567) openat$auto_virtual_ncidev_fops_virtual_ncidev(0xffffffffffffff9c, &(0x7f0000000080), 0x80, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0xa, 0xecc6, 0x0, 0x7352, 0x2d, 0x200000000045f, 0x6, 0x7, 0x3, 0x2, 0x9, 0x36e, 0x6, 0x2, 0x3000, 0x9, 0x8, 0x10003, 0x8, 0xffffffffffffffff, 0x0, 0x5, 0x1ffb, 0x203, 0x400, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x9, 0x4, 0x0, 0xffffffffffffff00, 0x0, 0x0, 0x3, 0x3ba0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x3, 0x0, 0xfffffffffffffff3, 0x0, 0x0, 0xffffffffffffffff]}, 0x9, 0x11) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r4 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) memfd_create$auto(0x0, 0xb) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000380)={'ip6tnl0\x00'}) rt_sigqueueinfo$auto(0x0, 0xc74, &(0x7f0000000000)={@siginfo_0_0={0xf9, 0x14, 0x7e73, @_timer={0x0, 0x80000001, @sival_ptr=0x0, 0x5}}}) r5 = socket(0x11, 0x3, 0x9) sendmmsg$auto(r5, 0x0, 0x5, 0x100) 9m4.321913176s ago: executing program 4 (id=3756): rt_sigtimedwait$auto(0x0, 0x0, 0x0, 0x8) mmap$auto(0x0, 0x2000d, 0x4000000000df, 0xeb1, 0x404, 0x8000) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x8000, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) statmount$auto(&(0x7f0000000000)={0x7e, @raw, 0x80000028, 0xd98, 0x2}, 0x0, 0x7ffffffff000, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r0, 0xc0045002, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x10f, 0x82, 0x0, 0x14) read$auto(r0, 0x0, 0xcefbce6) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) fstat$auto(0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r2, 0x301, 0x70bd2d, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x4000) ioctl$auto(0xc8, 0x401054d5, 0x0) read$auto_nsim_dev_trap_fa_cookie_fops_dev(r0, &(0x7f0000000000)=""/156, 0x9c) shmat$auto(0x0, &(0x7f0000000580)='(\x00', 0xfffffffa) kill$auto(0x0, 0x11) syz_clone3(&(0x7f0000000500)={0x400, 0x0, 0x0, 0x0, {0x2c}, 0x0, 0x0, 0x0, 0x0}, 0x58) 9m3.410058528s ago: executing program 4 (id=3761): openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) socket(0x2, 0x1, 0x106) r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, 0x0, 0x101, 0x0) ioctl$auto_EVIOCGRAB(r0, 0x40044590, &(0x7f0000000f40)=0x9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) close_range$auto(r0, r0, 0x7be9) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_ima_ascii_measurements_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) sendmsg$auto_NFSD_CMD_LISTENER_SET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x404cc91}, 0x24040081) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x6) r1 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x200, 0xb}, 0x800009}, 0x80005, 0x20000000) sendfile$auto(0x1, 0x3, 0x0, 0x40000000c07) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x802, 0x0, 0x1, 0x0, 0x2, 0x3}, 0x7}, 0x5, 0xcad7) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0xb) write$auto(0x3, 0x0, 0xffd8) 9m3.208186633s ago: executing program 4 (id=3762): r0 = gettid() kexec_load$auto(0x5, 0x2, &(0x7f0000000040)={@kbuf=0x0, 0x2aa7, 0x6c0000c000, 0xc000}, 0x4) ioperm$auto(0x3, 0x5, 0x149) socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) setsockopt$auto(0x3, 0x10000000084, 0x78, 0x0, 0x4) socket(0xa, 0x5, 0x84) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/sctp/assocs\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000000), 0xc0040, 0x0) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000080)={0x1, "36a2662b59209f6bd4aafa4ed15fdb9c791daf044ae6ff089930def80ce28999", @raw=0x3cf51fcb}) newfstatat$auto(0xffffffffffffff9c, 0x0, &(0x7f0000000380)={0x5, 0x6, 0xa9, 0x4, 0x0, 0xee01, 0x0, 0x6, 0x3, 0x0, 0x4, 0x8, 0xbc, 0x1, 0xb456, 0x9, 0x53}, 0x1) ppoll$auto(&(0x7f0000000140)={0xffffffffffffffff, 0x3ff, 0x4}, 0x7f, 0x0, 0x0, 0x8) ioctl$auto_SW_SYNC_IOC_INC(r1, 0x40045701, &(0x7f0000000040)=0x8) kill$auto(r0, 0x11) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x8000000401, 0x8000) clock_adjtime$auto(0x0, &(0x7f0000000040)={0xfbb, 0x0, 0x7f, 0xfffffffff7fffffe, 0x602, 0x8, 0x3, 0x0, 0x7, 0xb, 0x3, {0x3ff, 0x7}, 0xfffffffffffffffa, 0x200000a5, 0xa, 0x13c, 0x0, 0xc3, 0x7, 0x2, 0x5, 0x90, 0xfffffff5}) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00211459a600fbdbf4250200080008000300000000001b0004"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0x80) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_SURVEY(0xffffffffffffffff, &(0x7f0000002780)={0x0, 0x0, &(0x7f0000002740)={&(0x7f0000000040)={0x14, 0x0, 0x73d, 0x70bd25, 0x25dfdbfe}, 0x14}}, 0x8010) shmctl$auto_IPC_INFO(0x4, 0x3, &(0x7f0000000500)={{0x1, r2, 0x0, 0x7, 0xfc42, 0x10, 0x1bb3}, 0x10000, 0x9, 0x3, 0xc000000000000000, @raw=0x3, @raw=0xe28, 0x0, 0x0, &(0x7f0000000180)="d4cc8cb0", &(0x7f0000000440)="8435e1970f564d3e46aa187174d3c0e81683417238e9d2a2570430779f035010cc676306863a844115f7aeb08cb216f22560378c3203a49004f023c470f13e8b9c15a4465f27a3b5f5e55e8369bbe628699c0c85a85182ef9137c5bd538ac6010be0a6007f4e1a1c62366265b5627882d5431a8dc569d9739f6dd50a70f8ade11173183f380acbbfca53"}) r3 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$auto_BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="8b632abd7000fedbdf250a"], 0x1c}, 0x1, 0x0, 0x0, 0x14}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="18"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 9m0.76712597s ago: executing program 4 (id=3777): mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x108800, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x80102, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x2, 0x0) unshare$auto(0x40000080) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) syz_genetlink_get_family_id$auto_netdev(0x0, 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) syz_clone(0x40011, 0x0, 0x0, 0x0, 0x0, 0x0) syz_clone3(&(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, {0x1d}, 0x0, 0x0, 0x0, 0x0}, 0x58) select$auto(0xfff, &(0x7f00000001c0)={[0x8000000000000000, 0xff14, 0x7, 0x8, 0xb, 0x3, 0x9, 0x5, 0x9, 0x7fff, 0x7, 0x27, 0x0, 0x5, 0xfff, 0xfffffffffffffffc]}, &(0x7f00000002c0)={[0x9, 0xfe0000000, 0x3, 0xfffffffffffff05b, 0xfffffffffffffff9, 0x7fff, 0x40, 0x5, 0x4, 0x5, 0x0, 0x8000000000000000, 0x0, 0x6, 0x81, 0x81]}, &(0x7f0000000340)={[0x9, 0xf, 0x40b48540, 0x876, 0x5, 0x8, 0x8000000000000000, 0x2, 0x9, 0x8, 0x29ff, 0x8c, 0x29, 0x11ce, 0x0, 0x3]}, &(0x7f00000000c0)={0x40, 0x3}) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000080)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x4000000000007, 0xa505}, 0x800}, 0x4, 0x4008) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) recvmmsg$auto(r1, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0) ioctl$auto(0x3, 0x4038ae7a, 0x38) 9m0.012565724s ago: executing program 4 (id=3773): r0 = openat$auto_tracing_thresh_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/tracing_thresh\x00', 0x6c0000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) eventfd$auto(0xc) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/kallsyms\x00', 0x20100, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) preadv2$auto(0x3, &(0x7f0000001000)={0x0, 0x9}, 0x5, 0xffffffffffffffff, 0x7, 0x0) mmap$auto(0x0, 0x9, 0x2, 0x10, r0, 0xffffffffffffffff) r1 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x402082, 0x0) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) ioctl$auto(0x3, 0x400454da, r1) fadvise64$auto_POSIX_FADV_WILLNEED(r0, 0x3, 0x3, 0x3) 8m44.433567554s ago: executing program 34 (id=3773): r0 = openat$auto_tracing_thresh_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/tracing_thresh\x00', 0x6c0000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) eventfd$auto(0xc) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/kallsyms\x00', 0x20100, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) preadv2$auto(0x3, &(0x7f0000001000)={0x0, 0x9}, 0x5, 0xffffffffffffffff, 0x7, 0x0) mmap$auto(0x0, 0x9, 0x2, 0x10, r0, 0xffffffffffffffff) r1 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x402082, 0x0) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) ioctl$auto(0x3, 0x400454da, r1) fadvise64$auto_POSIX_FADV_WILLNEED(r0, 0x3, 0x3, 0x3) 1m26.69109781s ago: executing program 5 (id=5460): prctl$auto(0x27, 0x0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000002680), 0xffffffffffffffff) (async) sendmsg$auto_IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x40014}, 0x24008040) openat$auto_objects_fops_(0xffffffffffffff9c, 0x0, 0x202200, 0x0) (async, rerun: 32) r0 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 32) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) (async) sendmsg$auto_ETHTOOL_MSG_TSINFO_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="1400000045480901764441b289606d51c9101931b7b0f0ce3caa17c83c2b33fc5e769e300e330cfb43a80d9a77c64094bebaa7ffac59a6e6eac1e1003f7389f9e9d88b5e1622fded80621502901f8bc69de546906084a9b93b2315318e818ce1faa22b8d59bc0d909849beb6b960af73e9e18b4820d7752eddf5dc1f0a1260f29e97d9fc0352296c9145f3255aaf6ea257ed57179625f23a18dbadedc65e8b4927b975c91fe670f84ca6a3960cad9a13b5f92150b89b5e", @ANYRES16=0x0, @ANYBLOB="e3b725bd7000fddbdf2519000000"], 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x48000) (async) write$auto_console_fops_tty_io(0xffffffffffffffff, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) mmap$auto(0xfffffffffffffffd, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/kcore\x00', 0x10b402, 0x0) pread64$auto(r1, 0x0, 0x800003, 0x800000000000e2a) (async) socket(0x2c, 0x80003, 0x0) (async) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x80040, 0x0) (async, rerun: 64) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) (async, rerun: 64) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x55) (async, rerun: 32) socket(0x2, 0x3, 0xa) (async, rerun: 32) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x8) (async) select$auto(0x981, 0x0, &(0x7f0000000980)={[0x5, 0x40, 0xffffffff, 0x72634de1, 0x4000000000, 0x9, 0x0, 0x9, 0x1, 0xd0d, 0xc76a, 0x5, 0x2, 0x2, 0x7, 0x9]}, &(0x7f0000000a00)={[0x4, 0xd, 0x5, 0x6e, 0x1, 0x8, 0x6, 0xfffffffffffff800, 0xfffffffffffffffc, 0x202, 0x7, 0x8, 0x2, 0x6, 0x9, 0x9]}, &(0x7f0000000a80)={0x100000000, 0x2}) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55) (async) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xe000) (async, rerun: 64) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async, rerun: 64) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) (async) move_pages$auto(0x0, 0x1002, 0x0, &(0x7f0000001140), 0x0, 0x2) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) (async) openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async) socket(0x11, 0x3, 0x9) 1m25.106888401s ago: executing program 5 (id=5472): openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x108800, 0x0) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x2, 0x2) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x80102, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x2, 0x0) openat$auto_tracing_saved_tgids_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/saved_tgids\x00', 0x0, 0x0) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x40400, 0x0) r0 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/pcmC0D0c\x00', 0x200, 0x0) r1 = openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/tracing/trace_options\x00', 0x40000, 0x0) listen$auto(r1, 0x611e) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) fcntl$auto_F_SETSIG(r2, 0xa, 0xfffffffffffffeff) poll$auto(0x0, 0x6, 0x8) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) open(0x0, 0x2c3fbc, 0x12) madvise$auto(0x0, 0x200007, 0x19) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x9, 0x3) close_range$auto(r1, r0, 0x9) socket(0x2, 0x80002, 0x73) read$auto(0x3, 0x0, 0x80) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) r3 = socket(0x11, 0x80003, 0x300) io_uring_enter$auto(0x3, 0xa84, 0x80000001, 0xa, 0x0, 0x46) sendmsg$auto_NL80211_CMD_SET_REKEY_OFFLOAD(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4040091}, 0x40850) io_uring_enter$auto(r0, 0x882, 0x3ffffff7, 0x7fb, 0x0, 0x375) io_uring_enter$auto(0x3, 0x5, 0x5f3, 0x3, 0x0, 0x2) 1m23.609170317s ago: executing program 5 (id=5480): r0 = socket(0x10, 0x2, 0x4) r1 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) r2 = syz_genetlink_get_family_id$auto_802_15_4_mac(&(0x7f0000000600), 0xffffffffffffffff) sendmsg$auto_IEEE802154_LLSEC_DEL_KEY(r1, &(0x7f00000006c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000840)=ANY=[@ANYBLOB="21007d9bb6a89d8db43b94bd0619eb18b171aaa2736e6d0d3977dc59472fa15983ecff6186c20ec0793db05ad94c9c35f519833067a0cb7203ff34337c14852505b023aa1f23395cf98870b0c93985b63c34668da10bc6c44c1b73efc6f89c616437bc2ad089cd109b281440b74a9c0a58023faea9fafbe63fd7d108505194975e6df18064c27d15fffbfe61f416cdfa727afcaf3137de8409041713cfa328093304f4f966764e8e2fba02d8f877fa07111ea9dc3c179ff426fd8221704f298cfdb69168abdce83a6b8b9d062bdb2d169a71bccfbe04a515fe8c66ccda98b8a52dbe70f003572cf670e391e2893b1c0611dbf5469c", @ANYRES16=r2, @ANYBLOB="00022abd7000fedbdf252800000009001f00265d26ca7b000000"], 0x20}, 0x1, 0x0, 0x0, 0x8000}, 0x24008800) sendmsg$auto_IEEE802154_LLSEC_ADD_SECLEVEL(r0, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, r2, 0x10, 0x70bd29, 0x25dfdbfb, {}, [@IEEE802154_ATTR_COORD_REALIGN={0x5, 0x1b, 0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4041}, 0x48090) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000180)='/dev/dmmidi2\x00', 0x600201, 0x0) openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000040), 0x41abc0, 0x0) r3 = openat$auto_ftrace_avail_fops_trace_events(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/tracing/available_events\x00', 0x2000, 0x0) close_range$auto(r3, r0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) madvise$auto(0x0, 0x200007, 0x8) madvise$auto(0x0, 0x2003f0, 0x15) r4 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x40000, 0x0) ioctl$auto_SNDCTL_SYNTH_MEMAVL(r4, 0xc004510e, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000080), 0xffffffffffffffff) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0C0F:00/status\x00', 0xa140, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r5, &(0x7f0000000000)=""/112, 0x70) mmap$auto(0x3, 0x25, 0x800007, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r6 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r7 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000080), 0x2000, 0x0) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r7, 0xc0285700, 0x0) ioctl$auto(0x3, 0xc0303e03, r6) socket$nl_generic(0x10, 0x3, 0x10) 1m22.512995808s ago: executing program 5 (id=5485): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) mkdir$auto(0x0, 0x353) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x2) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x4, 0xe983, 0xe6, 0xeb1, r1, 0x8001) r2 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) r3 = epoll_create$auto(0x4) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x9, 0x21eb, 0x7ff, 0x3ff, 0x0, 0x3, 0x5f, 0x0, 0x3}, 0x6f3) ptrace$auto(0xce6, r4, 0x9, 0x2) r5 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), r3) sendmsg$auto_ETHTOOL_MSG_RSS_GET(r2, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r5, 0x200, 0x70bd29, 0x25dfdbfc, {}, [@ETHTOOL_A_RSS_CONTEXT={0x8}]}, 0x1c}}, 0x805) 1m21.898615784s ago: executing program 5 (id=5489): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r2 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x8000, 0x0) ioctl$auto_PAGEMAP_SCAN(r2, 0xc0606610, &(0x7f000000c380)={0x60, 0x0, 0x100000, 0x7fffffffefff, 0xfffffffffffffffe, 0x1, 0x8, 0xc00, 0x2c, 0x2c, 0x3, 0x2}) r3 = openat$auto_aoe_fops_aoechr(0xffffffffffffff9c, &(0x7f0000000040)='/dev/etherd/flush\x00', 0x1, 0x0) writev$auto(r3, 0x0, 0x4) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/virtual/misc/userfaultfd/power/control\x00', 0x668000, 0x0) socket(0x2, 0x1, 0x106) ioctl$auto_SCSI_IOCTL_GET_IDLUN2(r1, 0x5382, &(0x7f00000002c0)="2023aa3b8a11942cf9fae0bf2ca907cd1910a3dacf56f742ff53aae49aabd00700c8acac61bd10a779f5b3e867b95d4f5a698773f30997a24e757a962868e6845e8c6362d445342a3718f7f42c8749a07401154ea06fce09442942b587aac7d8e5aa639304e308199eabefe8d5172cfe03f64f63a8929189a4ec71dfb31cc4322c49d662bdd54cc5e5b33561b0190e996d11af86") socket(0x2, 0x1, 0x0) shutdown$auto(0x200000003, 0x2) read$auto_proc_iter_file_ops_compat_inode(0xffffffffffffffff, &(0x7f0000000180)=""/286, 0x11e) read$auto_rng_chrdev_ops_core(r1, 0x0, 0x0) recvmmsg$auto(0x3, 0x0, 0x10900, 0x3ff, 0x0) setfsgid$auto(0xee00) listen$auto(0x3, 0x3) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/asound/card1/pcm1p/sub5/sw_params\x00', 0x8f3b7a51b8360c21, 0x0) mmap$auto(0x0, 0x20007, 0x4000000000df, 0xeb1, 0x401, 0xfffffffffffffffb) r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000300)='/proc/sys/net/ipv6/conf/default/forwarding\x00', 0x141241, 0x0) pwrite64$auto(r4, &(0x7f0000000000)='./cgroup/memory.pressure\x00', 0x6bc, 0x5) readahead$auto(r4, 0x4, 0x4) sysfs$auto(0x3, 0x401, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto_VHOST_SET_OWNER(0xffffffffffffffff, 0xaf01, 0x0) init_module$auto(0x0, 0xffff9, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) 1m21.510851893s ago: executing program 5 (id=5490): mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NFSD_CMD_LISTENER_SET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x404cc91}, 0x24040081) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x6) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{0x0, 0x12, 0x0, 0x9, 0x0, 0x200, 0xb}, 0x800009}, 0x80005, 0x20000000) sendfile$auto(0x1, 0x3, 0x0, 0x40000000c07) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x802, 0x0, 0x1, 0x0, 0x2, 0x3}, 0x7}, 0x5, 0xcad7) mmap$auto(0x0, 0xa00006, 0x400002, 0x40eb1, 0x602, 0x300000000000) madvise$auto(0x0, 0xffffffffffff0006, 0x17) mmap$auto(0x0, 0x8de, 0xdf, 0x591b, 0x2, 0xb) r1 = socket(0x2, 0x1, 0x106) bind$auto(r1, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x109001, 0x0) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da07, 0x3, 0x3, 0x65, 0x8000001f, 0x1000, 0x6d3e, 0x9, 0x2, 0x8]}, 0x0) sendmsg$auto(0xffffffffffffffff, 0x0, 0xfff) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) 1m21.215079006s ago: executing program 35 (id=5490): mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NFSD_CMD_LISTENER_SET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x404cc91}, 0x24040081) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x6) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{0x0, 0x12, 0x0, 0x9, 0x0, 0x200, 0xb}, 0x800009}, 0x80005, 0x20000000) sendfile$auto(0x1, 0x3, 0x0, 0x40000000c07) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x802, 0x0, 0x1, 0x0, 0x2, 0x3}, 0x7}, 0x5, 0xcad7) mmap$auto(0x0, 0xa00006, 0x400002, 0x40eb1, 0x602, 0x300000000000) madvise$auto(0x0, 0xffffffffffff0006, 0x17) mmap$auto(0x0, 0x8de, 0xdf, 0x591b, 0x2, 0xb) r1 = socket(0x2, 0x1, 0x106) bind$auto(r1, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x109001, 0x0) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da07, 0x3, 0x3, 0x65, 0x8000001f, 0x1000, 0x6d3e, 0x9, 0x2, 0x8]}, 0x0) sendmsg$auto(0xffffffffffffffff, 0x0, 0xfff) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) 7.251189656s ago: executing program 6 (id=5780): openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/pci/00/01.3\x00', 0x149041, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ttyS0\x00', 0x1, 0x0) socket(0x11, 0x80003, 0x300) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x801, 0x0) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x2, 0x3, 0x6) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getcwd$auto(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) mmap$auto(0x0, 0x400008, 0xb23, 0x9b72, 0x2, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x20) r2 = socket(0xa, 0x801, 0x106) setsockopt$auto(r2, 0x6, 0x22, 0x0, 0x10) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x9, 0xc, 0x1, 0x2, 0x4, 0x15f4da0e, 0x3, 0xd08, 0xc, 0x8, 0x4, 0x6d3f, 0x9, 0x2, 0x4000000000000d]}, 0x0) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) r3 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0) close_range$auto(0x2, 0x8, 0x0) write$auto(r3, &(0x7f0000000200)='/de\xef\xe7audio1\x00', 0xa3d9) 6.505448123s ago: executing program 6 (id=5782): capset$auto(0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x44) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/all/addr_gen_mode\x00', 0xa0202, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r0, 0x4b67, 0x1) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/sys/net/ipv6/neigh/tunl0/app_solicit\x00', 0x2000, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="0600000074542d2b23739cc4090d4c1200000000007ca8625432b812bbbadf96af1012051e08a6099a0bb2cfc08d3a00"/59, @ANYRES16=r3, @ANYBLOB="1b002cbd7000fedbdf2503000000"], 0x14}, 0x1, 0x0, 0x0, 0x4004040}, 0x4800) read$auto(r1, 0x0, 0x1ff) write$auto(0x3, 0x0, 0xfdef) unshare$auto(0x40000080) r4 = mq_open$auto(0x0, 0xdd1, 0x8, 0x0) mq_notify$auto(0x4, 0x0) mmap$auto(0x7, 0x2020008, 0x3, 0x10000ebe, 0xfffffffffffffffa, 0x8000) fsopen$auto(0x0, 0x1) adjtimex$auto(&(0x7f00000005c0)={0xf332b72, 0x0, 0xcea4, 0xfffffffffffffffd, 0xd4, 0x1, 0x0, 0x0, 0x400000000000001, 0x368e, 0x2, {0xf, 0x10000}, 0x6, 0x6, 0xfffffffffffffffd, 0x1007bfe, 0x0, 0x9, 0x81, 0xdfffffffffff628c, 0x2, 0x1a00, 0x101}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D1\x00', 0x400001, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x28, 0x1, 0x0) connect$auto(0x3, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x2710, @hyper}, 0x55) setsockopt$auto(0x400000000000003, 0x28, 0x0, 0x0, 0x56b) r5 = ioctl$auto_NS_GET_MNTNS_ID(r4, 0x8008b705, &(0x7f0000000200)) write$auto(r5, &(0x7f00000006c0)='\x00\x00\x00\x00\xb7\xb9w\b\x84\x12\x00|\"\f\x85kqhYS\xf25\xc5z\xa4{\x97\x00\x1b\xfe\xa9\xf0\xcc}\x1b\"\xf7\x84\xc9\xe2\xd5\xd3\x11\xb1O\xd1\xdd\xfeKr\xc3(s\xcf\x1b6\x94\xeeP\xed\xe5\x0f\xba\x0e\x1a\xbcqT\xc8;\xe6L>X \xcc7\xb40\xd1\x85\x8d\xeb\x0ee\x9d/\x7fX\xfa^\xcf\xe4\x01S\xac\x9d\x02\xec\xb3\xa1+\xe2\x7f\xce\xc7\xa2q\xb7^~g\xc8\x8152\x80]$\xfd\r\xed\xf9\xa6\x8b\x80{\xd3^ZK\xb8\x17\xdd\xaar\x04W\x1e\xbb\xe3\xa9\xa8\xe4\xac\xf7\xd4N\xea\x18\n\xad\x00\x12>v\b5S\xc0\xf08\f\xe1\xae\xb1\x9d\xfdM14\x99\r:.\x84\x8av\xb5a\xb9\xa2o\xbfiy\xd4\x1c\xdc\xed\xab\xcd\x9aj\x0fif\x9a\xf8N\xcfr\xefr\xbb\x14`\xc1E\xdc\xf8\xa0\xa4\xe6MF\xfc\x9a\xe7\x8a\xf6X)\x9e\x9dr\xf4\xca\xad%C\xb4M\xed\x90u`\xea\xa7\xda\x9c\x8b\xfc\xd3\x91F\f<\xd8\xf8\x8d\xf5Fp\xac\xaf(\xaf\vc\x84\xa5\xf9\xe3\xbc\x1bj\x8b\x96\xea\x10\xc1\nu\xe16\xaaR\xa2Uz\xdf\v\xd2\xcd\xad\xe0\xf5\xc37b\x91\xe1\x8f\x05\xe0wr\x11\x7f\x85v>L{x\xb5\x17\x1c!\xcf&H\xc9iE\x05-\x02[\xee\x00\xf7g\xa2P\x95\xa3\x91\xfc\x18(\x88\xbe\xab&\x00\x00\xeeZ\xd6\xe4A\x16\xdf+\x85\x95\x03We\b\xae\xe1T\xbb\xa3C/\xba\xe5]\xbc\xcf\xba.\xcd\f:s\x99\xb0\x9de\x17\xda\x03\x97\n\tz\x17\xf8\xbb\xa1q\xae\r\xber\bF\x04:\x03\xef\x90\x88\xec\x7f\xbe\x8er_\xdf\a\xd7\xca\xe1\x9cJ\xff\xaa:\xabo\x9f\xb4 \xe4\x05\xaf\x8aVA\xa5\xd2\xd2h5\x9dq\x18\xe5\x90', 0xa3db) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) 6.386473799s ago: executing program 3 (id=5783): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14f602, 0x0) (async) mmap$auto(0x0, 0x2020009, 0x2, 0xf8, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) (async) statmount$auto(0x0, 0x0, 0x1fa, 0xd) (async) r0 = socket(0x15, 0x5, 0x0) setsockopt$auto(r0, 0x114, 0x6, 0x0, 0x2) (async) openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000580), 0x2802, 0x0) (async) ioctl$auto_TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, &(0x7f0000000080)) openat$auto_media_devnode_fops_mc_devnode(0xffffffffffffff9c, &(0x7f0000000000)='/dev/media8\x00', 0x2, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x42200, 0x0) (async) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x80000000007, 0x7, 0x5, 0x948b, 0x3, 0x95f4da0a, 0xffffffffffffffff, 0x3, 0x62, 0x7ffffffd, 0x4, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da07, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) (async) ioctl$auto__ctl_fops_dm_ioctl(0xffffffffffffffff, 0x100, &(0x7f00000001c0)) (async) r2 = pipe$auto(0x0) splice$auto(0x4, 0x0, r2, 0x0, 0x80000001, 0x9) (async) ioctl$auto_MON_IOCQ_URB_LEN(r2, 0x9201, 0x0) (async) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) (async) socket(0xa, 0x3, 0x3a) (async) setsockopt$auto(0x400000000000003, 0x29, 0xc8, 0x0, 0x567) (async) syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) (async) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x6, 0x1ff, 0x1001, 0x5, 0x717e, 0x0, 0x7, 0x200000000000003, 0xd, 0x2, 0x80003, 0x4, 0x1ffffffffffd, 0xb4, 0xfffffffffffffffe, 0x7, 0x10002, 0x7f, 0x2a2, 0x2, 0xa, 0x22000, 0x200, 0x4, 0x84, 0x4, 0x0, 0x3, 0x0, 0x0, [0x0, 0x0, 0x0, 0x5, 0x6ad, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x200000000000, 0x0, 0x22, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x8000000000000000, 0x0, 0x40000, 0x1, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x10, 0x100000000000]}, 0x1fe, 0x6) (async) r3 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f00000003c0), 0x1541, 0x0) ioctl$auto__ctl_fops_dm_ioctl(r3, 0xfffffffffffffd03, &(0x7f00000001c0)) 5.426745858s ago: executing program 3 (id=5786): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xa083, 0x0) mmap$auto(0x0, 0x6, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) pipe$auto(0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) vmsplice$auto(0x4, &(0x7f0000000040)={0x0, 0x2}, 0x2, 0x5) r1 = ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) unshare$auto(0x40000080) socket$nl_generic(0x10, 0x3, 0x10) setsockopt$auto_SO_BUSY_POLL(r1, 0x1, 0x2e, &(0x7f0000000240)='#}#\xa7@\x00H\x8b\x9bc!\xfa\x88\xe2\x04\x00\x00\x00\x96V\xf2\x96L\x17\'\x13\xd3\x1e\x9bL\xf8\x8f\xe9\a\xc6]\'\x8fs:\xfc?*zbB\xadTqu\x16H\x95\n\\\xdd\xfd7\x02\xb2e\xf5A\x8e\f\xd6F\xd6\x97\xf6N\x0e\x8bn\x83\xf7\x02}#e\xd7Lv\xb0\xed2\x87\nt\xd0\xefc{\xd2C\xdd\x94\xe6)\x15`\x858k\xc0\xa0\x80>0\xfd\xa7\x8fd\xa0z\xc4]ZKh9\xa61\xc6\xe1\xd37OnC0\x06\x00\x8605\xd3\xab\b\x88\xd9H\xa1\x8b5\xc9\x0e\xe0\xe2\xd3\xae\xbe\xe0E\xea\xda\x9b~\x91+|\xc1\x0f0>kYH\x93\xf2\xd8]\xddV|\xab.\xa4\x1c%U.\xde\x93\xe8\x14K(\xd6\x19\xf7\x94\tig\x00\x8e\t\x14\xef\xe8`\xeaD\xb6\xadP\x98\xff\xb7\x13\x93\x925o51\x80}~Qv=\x06\xafI]$<\xff1\xab\'\xebp\x06\xcf\xcf\xab\xe2\xcc\xfe;a\xb3a\xad\x06\xe7fA{\x89\x9a\xe81\xd1\aJ\xfeD\xa4\xe8J\xa8\n\xd1\xcd,\xb5\xd39\x98\xb0s\x1dE\x92\xe9\xabg>W\'\xca\xb2t \r/;\t!\xaf\x94lj\\\x04!\x00\xb6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00#\xe0=\xe2\xca\xee\xad\xda\xb6\xa9\xee\xb2(z\xbfG\xf0\xb2#\xec\x9a\xbcR%=\x97P\xf1_/^\xf3\xde\xd3>\x7f\xc9\xddU\xf6\xd2C\xc5\x01wl\xaf\xde/', 0x9) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) close_range$auto(0x0, 0xfffffffffffff000, 0x2) (async) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) (async) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xa083, 0x0) (async) mmap$auto(0x0, 0x6, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) pipe$auto(0x0) (async) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) (async) vmsplice$auto(0x4, &(0x7f0000000040)={0x0, 0x2}, 0x2, 0x5) (async) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) (async) unshare$auto(0x40000080) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) setsockopt$auto_SO_BUSY_POLL(r1, 0x1, 0x2e, &(0x7f0000000240)='#}#\xa7@\x00H\x8b\x9bc!\xfa\x88\xe2\x04\x00\x00\x00\x96V\xf2\x96L\x17\'\x13\xd3\x1e\x9bL\xf8\x8f\xe9\a\xc6]\'\x8fs:\xfc?*zbB\xadTqu\x16H\x95\n\\\xdd\xfd7\x02\xb2e\xf5A\x8e\f\xd6F\xd6\x97\xf6N\x0e\x8bn\x83\xf7\x02}#e\xd7Lv\xb0\xed2\x87\nt\xd0\xefc{\xd2C\xdd\x94\xe6)\x15`\x858k\xc0\xa0\x80>0\xfd\xa7\x8fd\xa0z\xc4]ZKh9\xa61\xc6\xe1\xd37OnC0\x06\x00\x8605\xd3\xab\b\x88\xd9H\xa1\x8b5\xc9\x0e\xe0\xe2\xd3\xae\xbe\xe0E\xea\xda\x9b~\x91+|\xc1\x0f0>kYH\x93\xf2\xd8]\xddV|\xab.\xa4\x1c%U.\xde\x93\xe8\x14K(\xd6\x19\xf7\x94\tig\x00\x8e\t\x14\xef\xe8`\xeaD\xb6\xadP\x98\xff\xb7\x13\x93\x925o51\x80}~Qv=\x06\xafI]$<\xff1\xab\'\xebp\x06\xcf\xcf\xab\xe2\xcc\xfe;a\xb3a\xad\x06\xe7fA{\x89\x9a\xe81\xd1\aJ\xfeD\xa4\xe8J\xa8\n\xd1\xcd,\xb5\xd39\x98\xb0s\x1dE\x92\xe9\xabg>W\'\xca\xb2t \r/;\t!\xaf\x94lj\\\x04!\x00\xb6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00#\xe0=\xe2\xca\xee\xad\xda\xb6\xa9\xee\xb2(z\xbfG\xf0\xb2#\xec\x9a\xbcR%=\x97P\xf1_/^\xf3\xde\xd3>\x7f\xc9\xddU\xf6\xd2C\xc5\x01wl\xaf\xde/', 0x9) (async) 5.351736688s ago: executing program 6 (id=5787): openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/input/event1\x00', 0x141300, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x200000, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cgroup.threads\x00', 0x80302, 0x0) preadv$auto(0x3, &(0x7f0000000040)={0x0, 0x200005}, 0x4000007, 0x8000000000000000, 0x3ff) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, r1, 0x8001) readv$auto(r1, &(0x7f00000000c0)={0x0, 0xfffe}, 0x5) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0xa02842, 0x0) close_range$auto(r0, 0x8, 0x803) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) r3 = ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(r3, 0x3, 0xffffffffffffffff) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae80, 0x0) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto(0xffffffffffffffff, 0xae41, r4) r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x600d80, 0x0) ioctl$auto_TIOCSETD2(r5, 0x5423, &(0x7f0000000080)) mmap$auto(0x0, 0x7ff, 0xdf, 0x9b70, 0x2, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x60742, 0x0) socket$nl_generic(0x10, 0x3, 0x10) unshare$auto(0x40000080) mmap$auto(0xfffffffffffffffe, 0x580d, 0x112f4a03, 0x8000000008011, 0x3, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x20a100, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x6, 0x40) r6 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20b42, 0x0) write$auto(r0, 0x0, 0x110082) ioctl$auto_SNDCTL_DSP_SETTRIGGER(r6, 0x40045010, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) writev$auto(0x1, 0x0, 0x1) 4.326928806s ago: executing program 3 (id=5790): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/geneve1/ndisc_evict_nocarrier\x00', 0xc819f3dbe3a51a17, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xb) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) r1 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyw5\x00', 0x28341, 0x0) socket(0x2, 0x3, 0xa) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/net/ip6_tables_targets\x00', 0x608100, 0x0) bind$auto(0x3, 0x0, 0x6a) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) userfaultfd$auto(0x1) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) mmap$auto(0x0, 0xffffffffffffff8d, 0x3, 0xeb0, 0xffffffffffffffff, 0x8000) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb5, 0x401, 0x300000000000) prctl$auto(0x5, 0x8, 0x0, 0x400000000001, 0x4) epoll_pwait2$auto(r0, &(0x7f00000000c0)={0x5, 0x101}, 0x10001, &(0x7f0000000100)={0x400010000}, &(0x7f0000000140)={0x5}, 0x8) ioctl$auto_TIOCMGET2(r2, 0x5415, 0x0) sendmmsg$auto(r1, 0x0, 0x9a6, 0x7000000) sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_ID(0xffffffffffffffff, 0x0, 0x4000080) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x40400, 0x0) close_range$auto(0x2, 0x8, 0x0) 4.309555998s ago: executing program 6 (id=5791): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x3a}}, 0x6e) io_uring_setup$auto(0x1, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) r0 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/pcmC1D0c\x00', 0x0, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_STATUS322(r0, 0x806c4120, &(0x7f0000000100)={0x0, 0x6, 0x95d7, 0x7f, 0x3, 0x1, 0x9, 0x2, 0x2, 0x7, 0xb, 0x8, 0x100, 0x2, 0x40000003, 0x3ff, 0x400, 0x80000000, "0c1056e3480805f935e214e44f620fa9eba8238cacc3d9e6fc45cf541e509fc2457ae4ae"}) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) (async) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/bond0/bonding/lp_interval\x00', 0x1e2142, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) r1 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) read$auto(r1, 0x0, 0x1f40) (async) read$auto(r1, 0x0, 0x1f40) write$auto(0x3, 0x0, 0xfffffdef) write$auto(0x3, 0x0, 0xfffffdef) unshare$auto(0x40000080) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x3b87, 0xa) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) (async) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) openat$dir(0xffffffffffffff9c, 0x0, 0x381000, 0x100) (async) openat$dir(0xffffffffffffff9c, 0x0, 0x381000, 0x100) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) (async) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) writev$auto(r2, &(0x7f0000000080)={&(0x7f0000000040), 0x1000}, 0x3) close_range$auto(0x2, 0x8, 0x40000000) (async) close_range$auto(0x2, 0x8, 0x40000000) r3 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev3\x00', 0x169000, 0x0) ioctl$auto(r3, 0xc0285629, r3) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) (async) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) (async) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) lsm_list_modules$auto(0x0, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) syz_clone(0x40100100, 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_clone(0x40100100, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) 3.229933541s ago: executing program 3 (id=5793): close_range$auto(0x2, 0x8, 0x0) (async) socket(0x10, 0x2, 0xc) (async) socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x40400, 0x0) (async, rerun: 32) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020409, 0xa, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/fs/ocfs2/loaded_cluster_plugins\x00', 0x800, 0x0) read$auto(r0, 0x0, 0xc) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) (async) ioctl$auto(0x3, 0xae41, r1) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async, rerun: 32) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) (async, rerun: 32) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) close_range$auto(0x2, 0x8000, 0x0) (async, rerun: 64) socket(0x2, 0x1, 0x0) (async, rerun: 64) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) (async, rerun: 32) close_range$auto(0x2, 0x8, 0x0) (async, rerun: 32) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000040), 0x101000, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) (async) ioctl$auto(0x3, 0xae41, r3) ioctl$auto_KVM_CREATE_VM(r2, 0x4018aee1, 0x1000000) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffe2, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="906f1995", @ANYRES16=0x0, @ANYBLOB="10002cbd0000fddb79a71c"], 0x14}, 0x1, 0x0, 0x0, 0x20048000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="19"], 0x1ac}}, 0x40000) (async, rerun: 32) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x3, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) (rerun: 32) 3.157372008s ago: executing program 7 (id=5794): capset$auto(0x0, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ttyS0\x00', 0x1, 0x0) setsockopt$auto_SO_RCVTIMEO_OLD(r0, 0x9, 0x14, &(0x7f0000000000)='/dev/ttyS0\x00', 0x9) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4000804}, 0x0) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) ioctl$auto(r0, 0x540a, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop13\x00', 0x2000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/rpc/auth.rpcsec.context/channel\x00', 0x101002, 0x0) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/scsi/device_info\x00', 0x40100, 0x0) pread64$auto(r3, 0x0, 0x10001, 0x830) write$auto(r2, 0x0, 0x30fe) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r4 = socket(0x2, 0x1, 0x0) io_uring_setup$auto(0x1, 0x0) socket(0x1f, 0x80000, 0x6) sendmsg$auto_NL80211_CMD_PEER_MEASUREMENT_START(r4, 0x0, 0x4008080) socketpair$auto(0xffff, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0xfff, 0x3e, 0x0, 0x9) write$auto(0x3, 0x0, 0xfffffdef) unshare$auto(0x40000080) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x3b87, 0xa) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$dir(0xffffffffffffff9c, 0x0, 0x525c00, 0x100) mmap$auto(0x0, 0x4020009, 0xdf, 0x10000000000eb1, 0x401, 0x8000) capset$auto(0x0, 0x0) mprotect$auto(0x0, 0x806121, 0x6) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) writev$auto(r5, &(0x7f0000000080)={0x0, 0x1000}, 0x3) 2.586761398s ago: executing program 3 (id=5795): capset$auto(0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) select$auto(0x0, &(0x7f0000000040)={[0x9, 0x4, 0x34, 0x9, 0x1, 0x1, 0xa, 0x6, 0x5, 0x1, 0x0, 0xcf, 0x5, 0x213, 0x5, 0xb98]}, 0x0, 0x0, 0x0) sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x44) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24000041}, 0x800) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/all/addr_gen_mode\x00', 0xa0202, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) (async) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r0, 0x4b67, 0x1) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/veth0/accept_ra_pinfo\x00', 0x2000, 0x0) (async) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/veth0/accept_ra_pinfo\x00', 0x2000, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) (async) r3 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="48000200", @ANYRES16=r3, @ANYBLOB="1b002cbd7000fedbdf2503000000040003800c000b00ffffffffffffffff0400028012000100898035000000000000000000000000000c000380050017801f000000"], 0x48}, 0x1, 0x0, 0x0, 0x4004040}, 0x4800) (async) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="48000200", @ANYRES16=r3, @ANYBLOB="1b002cbd7000fedbdf2503000000040003800c000b00ffffffffffffffff0400028012000100898035000000000000000000000000000c000380050017801f000000"], 0x48}, 0x1, 0x0, 0x0, 0x4004040}, 0x4800) read$auto(r1, 0x0, 0x1ff) (async) read$auto(r1, 0x0, 0x1ff) write$auto(0x3, 0x0, 0xfdef) unshare$auto(0x40000080) (async) unshare$auto(0x40000080) r4 = mq_open$auto(0x0, 0xdd1, 0x8, 0x0) mq_notify$auto(0x4, 0x0) mq_notify$auto(0x4, 0x0) (async) mq_notify$auto(0x4, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) fsopen$auto(0x0, 0x1) (async) fsopen$auto(0x0, 0x1) adjtimex$auto(&(0x7f00000005c0)={0xf332b6e, 0x0, 0xcea4, 0xfffffffffffffffd, 0xd4, 0x1, 0x0, 0x0, 0x1, 0x368e, 0x2, {0x100000000, 0x10000}, 0x5, 0x6, 0xfffffffffffffffd, 0x1007bfe, 0x0, 0x9, 0x81, 0xdfffffffffff628c, 0x2, 0xdeb1, 0x808}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r5 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D1\x00', 0x1, 0x0) write$auto(r5, &(0x7f0000000400)='/dev/audio1\x00', 0xa3db) r6 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) ioctl$auto(r6, 0x401870cb, r6) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x381800, 0x0) read$auto_proc_uid_map_operations_base(r4, &(0x7f0000000140)=""/163, 0xa3) (async) read$auto_proc_uid_map_operations_base(r4, &(0x7f0000000140)=""/163, 0xa3) r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001080)='/sys/module/i915/parameters/mitigations\x00', 0x80302, 0x0) sendfile$auto(r7, r7, 0x0, 0x7ffff000) 2.130887261s ago: executing program 1 (id=5796): openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x2, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/irq/15/per_cpu_count\x00', 0x0, 0x0) r1 = openat$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffff9c, &(0x7f0000000bc0)='/sys/kernel/tracing/dynamic_events\x00', 0x1, 0x0) write$auto_dynamic_events_ops_trace_dynevent(r1, &(0x7f0000000300)="234751a0cc0bafad59f83847854e875d850a4d197ec4b029fba4d9ea9aee6b48844ea09e2bbf5fd0fd3bb02ffd2773db9383c7153478f9420e66317eed986a03b01f4e058639651a79481bb55990570866369eeccabb9dcc25ed8b92057516ae28b8cbbe6582f0e6e0b276407aaaa436ee10ac38c3afb7d5b517ae864eff15684ef3c720d504b99e878905e7e4b2bb6b5e01d0ce0cf498295599b79a7c028379dd", 0xbb) read$auto(r0, 0x0, 0x20) 1.776187718s ago: executing program 1 (id=5797): openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x2, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/irq/15/per_cpu_count\x00', 0x0, 0x0) r1 = openat$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffff9c, &(0x7f0000000bc0)='/sys/kernel/tracing/dynamic_events\x00', 0x1, 0x0) write$auto_dynamic_events_ops_trace_dynevent(r1, &(0x7f0000000300)="234751a0cc0bafad59f83847854e875d850a4d197ec4b029fba4d9ea9aee6b48844ea09e2bbf5fd0fd3bb02ffd2773db9383c7153478f9420e66317eed986a03b01f4e058639651a79481bb55990570866369eeccabb9dcc25ed8b92057516ae28b8cbbe6582f0e6e0b276407aaaa436ee10ac38c3afb7d5b517ae864eff15684ef3c720d504b99e878905e7e4b2bb6b5e01d0ce0cf498295599b79a", 0x9c) read$auto(r0, 0x0, 0x20) 1.656197293s ago: executing program 7 (id=5798): openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/arch_status\x00', 0x120682, 0x0) mmap$auto(0x0, 0x202000c, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0xa, 0x2, 0x3a) setsockopt$auto(r0, 0x29, 0x1d, &(0x7f0000000040)='!\x00', 0x1ff) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x40400, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000280)={'virt_wifi0\x00', 0x0}) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000826bd7000fedbdf250300000008000400b70a0000060007000080000008000200", @ANYRES32=r2, @ANYBLOB="0a0005000180c200000e00000a07000000000000000e00000a000100000000000000000008000200", @ANYRES32=r2, @ANYRES8=r1], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) r3 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x20282, 0x0) ioctl$auto_UI_DEV_SETUP(r3, 0x405c5503, 0x0) ioctl$auto_UI_DEV_CREATE(r3, 0x5501, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4008810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x89}, 0x7}, 0x3, 0x0) 1.571515279s ago: executing program 1 (id=5799): openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x2, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/irq/15/per_cpu_count\x00', 0x0, 0x0) r1 = openat$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffff9c, &(0x7f0000000bc0)='/sys/kernel/tracing/dynamic_events\x00', 0x1, 0x0) write$auto_dynamic_events_ops_trace_dynevent(r1, &(0x7f0000000300)="234751a0cc0bafad59f83847854e875d850a4d197ec4b029fba4d9ea9aee6b48844ea09e2bbf5fd0fd3bb02ffd2773db9383c7153478f9420e66317eed986a03b01f4e058639651a79481bb55990570866369eeccabb9dcc25ed8b92057516ae28b8cbbe6582f0e6e0b276407aaaa436ee10ac38c3afb7d5b517ae864eff15684ef3c720d504b99e878905e7e4b2bb6b5e01d0ce0cf498295599b79a7c028379dd", 0xbb) read$auto(r0, 0x0, 0x20) (fail_nth: 1) 1.470190336s ago: executing program 7 (id=5800): mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NFSD_CMD_LISTENER_SET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x404cc91}, 0x24040081) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x6) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x200, 0xb}, 0x800009}, 0x80005, 0x20000000) sendfile$auto(0x1, 0x3, 0x0, 0x40000000c07) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x802, 0x0, 0x1, 0x0, 0x2, 0x3}, 0x7}, 0x5, 0xcad7) mmap$auto(0x0, 0xa00006, 0x400002, 0x40eb1, 0x602, 0x300000000000) madvise$auto(0x0, 0xffffffffffff0006, 0x17) mmap$auto(0x0, 0x8de, 0xdf, 0x591b, 0x2, 0xb) r1 = socket(0x2, 0x1, 0x106) bind$auto(r1, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) bind$auto(0x3, 0x0, 0x6a) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, 0x0, 0x109001, 0x0) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da07, 0x3, 0x3, 0x65, 0x8000001f, 0x1000, 0x6d3e, 0x9, 0x2, 0x8]}, 0x0) sendmsg$auto(0xffffffffffffffff, 0x0, 0xfff) statmount$auto(&(0x7f0000000140)={0x9, @inferred=r3, 0x2, 0x3ff, 0x7f}, &(0x7f0000000440)={0x6, 0x6, 0x53, 0x4, 0x3, 0x101, 0x2, 0x3, 0x5, 0xffffffff80000001, 0x57d6, 0x8, 0x3, 0x1, 0x8, 0x3, 0x1, 0x8001, 0x400, 0x1ff, 0xfff, 0xd8, 0x4, 0x2, 0x9, 0xbef3, 0x411, 0x7, 0x0, 0x7, 0x7, [0x6, 0x7f, 0xbce7, 0x599, 0x56, 0x7, 0x6, 0x8, 0xffffffffffffffff, 0x0, 0x200000000000, 0x2, 0x1, 0x9, 0x100, 0x40004545, 0x4, 0xa, 0xb, 0xf5fd, 0x7, 0x4, 0x7fffffff, 0x1fc, 0x2, 0x5, 0x8, 0x4, 0x4, 0x7fffffff, 0x4, 0x0, 0x7, 0x80, 0x6, 0x4, 0x7, 0x4, 0xffc0000000000000, 0x1, 0x9, 0x8, 0x80000001], "73e9b0abe71d1e2aee680f7f0e812f294220578764aaba215588c48129939d0d8c6c8dcb488aeb5a653cee9f3407b9069269"}, 0x40, 0x36) msync$auto(0x2, 0x9, 0x40) select$auto(0x9, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x6, 0xcb}) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) write$auto(0x3, 0x0, 0xfffffdef) 1.370852591s ago: executing program 6 (id=5801): openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_CQM(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)={0x1c, r1, 0x1, 0x70bd26, 0x25dfdbfd, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x40800) socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000340)='/proc/thread-self/net/dev_mcast\x00', 0x404080, 0x0) write$auto(r3, 0x0, 0x7ef) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/mac80211_hwsim/hwsim1/net/wlan1/type\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f0000000040)=""/116, 0x74) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82040, 0x0) socket(0xa, 0x1, 0x100) modify_ldt$auto(0x1, 0x0, 0x10) pread64$auto(0xffffffffffffffff, 0x0, 0x7ff, 0x400) socket(0x2, 0x1, 0x0) r5 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x12, 0x0, 0x0, 0x0, 0x0) write$auto(r5, &(0x7f0000000440)='/Eev/audio1\x00VI\xa3\xaa\xb1\x05\x00\x00\x00\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\x89C:\xc3\xcbx*=\x12\xb4q\xeeC\x81\n\\_\x04D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\x9e\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x6, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x8cec, 0x6]}, 0x0) r6 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/kernel/kexec_load_disabled\x00', 0x202, 0x0) sendfile$auto(r6, r6, 0x0, 0x0) mmap$auto(0xc, 0x20009, 0x5, 0xeb1, 0x405, 0x8000) unshare$auto(0x40000080) mmap$auto(0x0, 0x80400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0xffffffffffffbfff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0004, 0x19) madvise$auto(0x0, 0x200007, 0x19) 1.127704647s ago: executing program 1 (id=5802): r0 = prctl$auto(0x3a, 0x1, 0x0, 0x2, 0x203) bind$auto(r0, 0x0, 0x7fffffff) openat$auto_tun_fops_tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D3\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r3 = socket(0x1d, 0x3, 0x1) getsockopt$auto(r3, 0x65, 0x2, 0xffffffffffffffff, 0x0) write$auto(r1, &(0x7f00000000c0)='/dev/audio1\x00', 0x100000a3d9) write$auto(r2, 0x0, 0x9) mmap$auto(0x0, 0x40009, 0xdf, 0x10000000009b72, 0x7, 0x28000) arch_prctl$auto_ARCH_MAP_VDSO_32(0x2002, 0x1490) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) socket(0xa, 0x3, 0x3a) semctl$auto(0x80001ff, 0x804, 0x13, 0x4) setsockopt$auto(0x400000000000003, 0x29, 0xd2, 0x0, 0x567) openat$auto_virtual_ncidev_fops_virtual_ncidev(0xffffffffffffff9c, &(0x7f0000000080), 0x80, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0xa, 0xecc6, 0x0, 0x7352, 0x2d, 0x200000000045f, 0x6, 0x7, 0x3, 0x2, 0x9, 0x36e, 0x6, 0x2, 0x3000, 0x9, 0x8, 0x10003, 0x8, 0xffffffffffffffff, 0x0, 0x5, 0x1ffb, 0x203, 0x400, 0x84, 0x0, 0x0, 0x0, 0x0, 0x2, [0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x9, 0x4, 0x0, 0xffffffffffffff00, 0x0, 0x0, 0x3, 0x3ba0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x3, 0x0, 0xfffffffffffffff3, 0x0, 0x0, 0xffffffffffffffff]}, 0x9, 0x11) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r4 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) r5 = memfd_create$auto(0x0, 0xb) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000380)={'ip6tnl0\x00'}) rt_sigqueueinfo$auto(0x0, 0xc74, &(0x7f0000000000)={@siginfo_0_0={0xf9, 0x14, 0x7e73, @_timer={0x0, 0x80000001, @sival_ptr=0x0, 0x5}}}) r6 = socket(0x11, 0x3, 0x9) sendmmsg$auto(r6, 0x0, 0x5, 0x100) 500.174284ms ago: executing program 3 (id=5803): r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/net\x00') mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x5, 0x2000000000002) r1 = socket(0x2b, 0x2, 0xfffffffd) r2 = socket(0x2, 0x801, 0x106) r3 = socket(0x26, 0x80805, 0x0) r4 = open(&(0x7f0000000000)='./bus\x00', 0x12ba7e, 0x145) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000006c0)={'erspan0\x00', 0x0}) bpf$auto_BPF_PROG_DETACH(0x9, &(0x7f0000000700)=@bpf_attr_0={0xb, 0xee6a, 0x4, 0x900000, 0x0, r0, 0x9, "a8fe22a3a53467643c21c27df6b15218", r5, r3, 0x1000, 0x7fffffff, 0x477b6c73, 0x173, r4, r2}, 0x6) fanotify_mark$auto(0x0, 0x1, 0x9, 0x4, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) readv$auto(0x0, &(0x7f0000000080)={0x0, 0x1e}, 0x3) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x40400, 0x0) mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) r6 = open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) write$auto(r6, 0x0, 0x4) splice$auto(0x4, 0x0, 0x2, 0x0, 0x1000, 0xf) r7 = socket(0x2, 0x3, 0x1) connect$auto(r7, &(0x7f0000000000), 0x55) r8 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), 0xffffffffffffffff) shmctl$auto_SHM_STAT_ANY(0x3, 0xf, &(0x7f0000000240)={{0x10, 0x0, 0x0, 0x0, 0x0, 0xc1, 0x5}, 0x101, 0x8, 0x3, 0x0, @raw=0xffffffa1, @raw=0x81, 0xd, 0x0, &(0x7f00000000c0)="abc1b8a92c753e4112903c89bcef952362c4682f3209575d831da3f3316575b6043cf7564f", &(0x7f0000000100)="431218aa2ada6617a975f17db8a6032b6470de07b2f3aa97112936393cf4ac878fea2c0668d6a05ac6a0fbd5cde6b1c77a7347a3aa12ca85b23afe9277767562f5b2a29a100e68d1b1abd88d3a334052e93d8172a65ac531ec574f7db0904849d9ed93b382da7fe328cdf7960f46c41ada2eea19b0e52d47eed8c8d770a320370d683c8c1fe1c9512d71e0c2e5849f8499105a06b75595bea01bce127707ee28be8bc960fb7dec83ae2099e4ffe16b690e8d0b48de03bb3416016f8cecbae7a62cb6f09d1f8d28c99d9b7ce77ba3d8b38805b2f55c3485ce741517dfc6800f432e51008dc6"}) msgctl$auto_IPC_STAT(0xd7f, 0x2, &(0x7f0000000340)={{0x5, 0x0, 0xffffffffffffffff, 0xc, 0x2}, &(0x7f00000002c0)=0xb, &(0x7f0000000300), 0x9, 0xfffffffffffffff8, 0x8, 0x1, 0x2, 0x101, 0x8, 0x2, @raw=0x7}) sendmsg$auto_NL80211_CMD_GET_REG(r7, &(0x7f0000000680)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40020000}, 0xc, &(0x7f0000000640)={&(0x7f00000003c0)={0x258, r8, 0x1, 0x70bd2b, 0x25dfdbfc, {}, [@NL80211_ATTR_CQM={0x241, 0x5e, 0x0, 0x1, [@typed={0x8, 0x64, 0x0, 0x0, @uid=r9}, @typed={0x8, 0xf5, 0x0, 0x0, @uid=r10}, @generic="debd3e77f8f5a518065e97b50a26439114e3", @generic="4844b5326bbe025f487e09a652a1ada98cf60c6e4ce896d24508a189516238c254f682c43e453d7a49200f6401eb7fb390b389efec4bd35e8c338b91666116ff1ce297c8da4efdddbb8b6247da061502e558a11d8793303e9a71b5c5ff3d5ac3d7f6cebe26945e54ea3f915e4239867225f66b27881fdaab9e8fd264e78cbb6c78c886fc6ad42dd2184ee9329148fa9c3f363719129be2843d0c6b8a5cb893adba0a5416ccdeeca497316021ed951bb6d1c7741b0031c56fea38ec", @typed={0x8, 0x7a, 0x0, 0x0, @u32=0x81}, @generic="2edb1e61a8f062a5b45035b7c72dfcf87c6adfe8", @nested={0x144, 0x124, 0x0, 0x1, [@generic="eb932c7438149160e232160a21af5500a899c39d70c0eb4362383e9c72cc30c1b01a558c325efe341564ba6dcc15f44d3709d7f3ff239464bc7e16ec4614da5c6405ea95f0f0150783544fb6eb280026370e4f20d8a222dc3dc3d4db404faab39fbc16ab031cf573cbd12661b534ff1b953dcf64756cf9160a14d6fc0ca5974ff7d7970f53053e16d0c331e2dc4ae078dd4b00e6293aa9bd1697c18da61785cc7446737f19f5c6b61830549c9fd606e51e3af24d289d52102ac75330", @generic="4bd9977de0697a698c13d538d5769bceac2efcf9ea7547dc4eb0b8fc7d895881754f9d9e13b08f3e67b1ab2e76749c8c61164c0e7c71e39c1f46a1176b0449337828d487058269c073aa00c9abc43e58061e0a6d40ce14242fadc0bdef352cf915fb57f8b6ce230b95f8b319403a1161d47b0c59997c196582f3ec0330cc9302ab0a76af"]}]}]}, 0x258}, 0x1, 0x0, 0x0, 0x20000880}, 0x4040000) syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/net\x00') 343.00543ms ago: executing program 1 (id=5804): r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) setsockopt$auto(r0, 0x110, 0x5, 0x0, 0x4) (async) mmap$auto(0x0, 0x61, 0x100001000000004, 0xfa31, 0x400, 0x8000) (async) mremap$auto(0x0, 0xffffffffffffffff, 0x3fd6, 0x3, 0x7fffffffb000) mremap$auto(0x0, 0x2, 0x9, 0x3, 0x7fffffffb000) 254.305607ms ago: executing program 7 (id=5805): openat$auto_deferred_devs_fops_(0xffffffffffffff9c, &(0x7f0000000180), 0x101080, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) r0 = epoll_create$auto(0x3e) epoll_ctl$auto(r0, 0x1, 0x8000000000000000, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_GTP_CMD_DELPDP(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[@ANYBLOB, @ANYRES16, @ANYRES8=r1], 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x0) mmap$auto(0xfffffffffffffffe, 0x99, 0xdf, 0x200000000000eb2, r0, 0x8004) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000380)='/sys/devices/system/cpu/cpu1/hotplug/target\x00', 0x800, 0x0) read$auto(r2, 0x0, 0x7) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3) socketpair$auto(0xffffffff, 0x10000, 0x9, 0x0) openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, 0x0, 0x12100, 0x0) fstatfs$auto(r3, &(0x7f0000000240)={0x1, 0x401, 0x72, 0x7fffffff, 0x4, 0x8000, 0x1, {[0x3, 0x3]}, 0xc2, 0xb23, 0x1eda, [0x10, 0x7, 0x100, 0xc]}) mmap$auto(0x100000000000000, 0x2020009, 0x3, 0xeb5, 0xfffffffffffffffa, 0x8000) r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x80a42, 0x0) socket(0x10, 0x2, 0x0) mmap$auto(0x2, 0x0, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="18"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0xff7fffff, &(0x7f0000000100)={0x0, 0xc4}, 0xffffffffffffffff, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x9) r5 = gettid() mmap$auto(0x0, 0x40009, 0xa, 0x9b72, 0x2, 0x28000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x1, 0xa) rt_sigqueueinfo$auto(r5, 0x1, 0x0) mmap$auto(0x0, 0x2000d, 0x4000000000df, 0xeb1, 0x401, 0x8000) writev$auto(r4, 0x0, 0x3) symlink$auto(&(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='./file0\x00') 135.949938ms ago: executing program 7 (id=5806): openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x2, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/irq/15/per_cpu_count\x00', 0x0, 0x0) r1 = openat$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffff9c, &(0x7f0000000bc0)='/sys/kernel/tracing/dynamic_events\x00', 0x1, 0x0) write$auto_dynamic_events_ops_trace_dynevent(r1, &(0x7f0000000300)="234751a0cc0bafad59f83847854e875d850a4d197ec4b029fba4d9ea9aee6b48844ea09e2bbf5fd0fd3bb02ffd2773db9383c7153478f9420e66317eed986a03b01f4e058639651a79481bb55990570866369eeccabb9dcc25ed8b92057516ae28b8cbbe6582f0e6e0b276407aaaa436ee10ac38c3afb7d5b517ae864eff15684ef3c720d504b99e878905e7e4b2bb6b5e01d0ce0cf498295599b79a7c028379dd", 0xbb) read$auto(r0, 0x0, 0x20) 18.959615ms ago: executing program 1 (id=5807): mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x100000000) r0 = socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0xa, 0x2, 0x88) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_CREATE_VM(r1, 0x4040aea0, 0x0) close_range$auto(0x2, r0, 0xffffffff) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x3, 0x2) getsockopt$auto(r0, 0x0, 0xcf, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) get_robust_list$auto(0x0, 0x0, 0x0) r3 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) write$auto(r3, 0x0, 0xe) fcntl$auto(0x8000000000000001, 0x5, 0x8) r4 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010029bd700002dcdf25030000000400087918000180140010800c"], 0x30}, 0x1, 0x0, 0x0, 0x200400f0}, 0x800) sendmmsg$auto(r5, &(0x7f00000000c0)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000002c0), 0x3, 0xa505}, 0x7ff}, 0x7, 0x4008) fcntl$auto(0x8000000000000001, 0x26, 0x8) 5.588567ms ago: executing program 6 (id=5808): capset$auto(0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x44) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24000041}, 0x800) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/all/addr_gen_mode\x00', 0xa0202, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r0, 0x4b67, 0x1) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/sys/net/ipv6/neigh/tunl0/app_solicit\x00', 0x2000, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x14, r3, 0x1b, 0x70bd2c, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4004040}, 0x4800) read$auto(r1, 0x0, 0x1ff) write$auto(0x3, 0x0, 0xfdef) unshare$auto(0x40000080) r4 = mq_open$auto(0x0, 0xdd1, 0x8, 0x0) mq_notify$auto(0x4, 0x0) mmap$auto(0x7, 0x2020008, 0x3, 0x10000ebe, 0xfffffffffffffffa, 0x8000) fsopen$auto(0x0, 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x2, 0x4, 0x8201, 0x8, 0x0, 0xc, 0xe3, 0x4e, 0x3}, 0x6f4) bpf$auto(0x2, 0x0, 0x103) adjtimex$auto(&(0x7f00000005c0)={0xf332b72, 0x0, 0xcea4, 0xfffffffffffffffd, 0xd4, 0x1, 0x0, 0x0, 0x400000000000001, 0x368e, 0x2, {0xf, 0x10000}, 0x6, 0x6, 0xfffffffffffffffd, 0x1007bfe, 0x0, 0x9, 0x81, 0xdfffffffffff628c, 0x2, 0x1a00, 0x101}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D1\x00', 0x1, 0x0) r5 = ioctl$auto_NS_GET_MNTNS_ID(r4, 0x8008b705, &(0x7f0000000200)) write$auto(r5, &(0x7f00000006c0)='\x00\x00\x00\x00\xb7\xb9w\b\x84\x12\x00|\"\f\x85kqhYS\xf25\xc5z\xa4{\x97\x00\x1b\xfe\xa9\xf0\xcc}\x1b\"\xf7\x84\xc9\xe2\xd5\xd3\x11\xb1O\xd1\xdd\xfeKr\xc3(s\xcf\x1b6\x94\xeeP\xed\xe5\x0f\xba\x0e\x1a\xbcqT\xc8;\xe6L>X \xcc7\xb40\xd1\x85\x8d\xeb\x0ee\x9d/\x7fX\xfa^\xcf\xe4\x01S\xac\x9d\x02\xec\xb3\xa1+\xe2\x7f\xce\xc7\xa2q\xb7^~g\xc8\x8152\x80]$\xfd\r\xed\xf9\xa6\x8b\x80{\xd3^ZK\xb8\x17\xdd\xaar\x04W\x1e\xbb\xe3\xa9\xa8\xe4\xac\xf7\xd4N\xea\x18\n\xad\x00\x12>v\b5S\xc0\xf08\f\xe1\xae\xb1\x9d\xfdM14\x99\r:.\x84\x8av\xb5a\xb9\xa2o\xbfiy\xd4\x1c\xdc\xed\xab\xcd\x9aj\x0fif\x9a\xf8N\xcfr\xefr\xbb\x14`\xc1E\xdc\xf8\xa0\xa4\xe6MF\xfc\x9a\xe7\x8a\xf6X)\x9e\x9dr\xf4\xca\xad%C\xb4M\xed\x90u`\xea\xa7\xda\x9c\x8b\xfc\xd3\x91F\f<\xd8\xf8\x8d\xf5Fp\xac\xaf(\xaf\vc\x84\xa5\xf9\xe3\xbc\x1bj\x8b\x96\xea\x10\xc1\nu\xe16\xaaR\xa2Uz\xdf\v\xd2\xcd\xad\xe0\xf5\xc37b\x91\xe1\x8f\x05\xe0wr\x11\x7f\x85v>L{x\xb5\x17\x1c!\xcf&H\xc9iE\x05-\x02[\xee\x00\xf7g\xa2P\x95\xa3\x91\xfc\x18(\x88\xbe\xab&\x00\x00\xeeZ\xd6\xe4A\x16\xdf+\x85\x95\x03We\b\xae\xe1T\xbb\xa3C/\xba\xe5]\xbc\xcf\xba.\xcd\f:s\x99\xb0\x9de\x17\xda\x03\x97\n\tz\x17\xf8\xbb\xa1q\xae\r\xber\bF\x04:\x03\xef\x90\x88\xec\x7f\xbe\x8er_\xdf\a\xd7\xca\xe1\x9cJ\xff\xaa:\xabo\x9f\xb4 \xe4\x05\xaf\x8aVA\xa5\xd2\xd2h5\x9dq\x18\xe5\x90', 0xa3db) r6 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) ioctl$auto(r6, 0x401870cb, r6) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x781902, 0x0) 0s ago: executing program 7 (id=5809): openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/arch_status\x00', 0x120682, 0x0) mmap$auto(0x0, 0x202000c, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0xa, 0x2, 0x3a) setsockopt$auto(r0, 0x29, 0x1d, &(0x7f0000000040)='!\x00', 0x1ff) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x40400, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000280)={'virt_wifi0\x00', 0x0}) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000826bd7000fedbdf250300000008000400b70a0000060007000080000008000200", @ANYRES32=r2, @ANYBLOB="0a0005000180c200000e00000a07000000000000000e00000a000100000000000000000008000200", @ANYRES32=r2, @ANYRES8=r1], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) r3 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x20282, 0x0) ioctl$auto_UI_DEV_SETUP(r3, 0x405c5503, 0x0) ioctl$auto_UI_DEV_CREATE(r3, 0x5501, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4008810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x89}, 0x7}, 0x3, 0x0) kernel console output (not intermixed with test programs): 8 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1408.288694][T30134] RSP: 002b:00007f3c16a46038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1408.288718][T30134] RAX: ffffffffffffffda RBX: 00007f3c15db6080 RCX: 00007f3c15b8e929 [ 1408.288735][T30134] RDX: 0000000000000038 RSI: 000000004038ae7a RDI: 0000000000000003 [ 1408.288751][T30134] RBP: 00007f3c16a46090 R08: 0000000000000000 R09: 0000000000000000 [ 1408.288766][T30134] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1408.288782][T30134] R13: 0000000000000000 R14: 00007f3c15db6080 R15: 00007ffd6242c968 [ 1408.288817][T30134] [ 1408.584991][T30134] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1409.350413][T30164] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input108 [ 1409.373593][T30164] netlink: 338 bytes leftover after parsing attributes in process `syz.5.4815'. [ 1410.008183][T30178] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.5.4816: iget: checksum invalid [ 1410.022201][T30178] platform regulatory.0: loading /lib/firmware/updates/6.16.0-rc3-syzkaller-00044-g7595b66ae9de/regulatory.db failed with error -74 [ 1410.038604][T30178] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.5.4816: iget: checksum invalid [ 1410.053880][T30178] platform regulatory.0: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 1410.064449][T30178] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.5.4816: iget: checksum invalid [ 1410.077006][T30178] platform regulatory.0: loading /lib/firmware/6.16.0-rc3-syzkaller-00044-g7595b66ae9de/regulatory.db failed with error -74 [ 1410.094414][T30178] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.5.4816: iget: checksum invalid [ 1410.113436][T30178] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -74 [ 1410.124590][T30178] platform regulatory.0: Direct firmware load for regulatory.db failed with error -74 [ 1410.134764][T30178] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 1410.600446][T30169] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 1411.245656][T30171] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 1411.909861][T30205] sd 0:0:1:0: PR command failed: 1026 [ 1411.938588][T30205] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1412.054729][T30205] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1412.482772][T30219] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input109 [ 1412.496221][T30219] netlink: 338 bytes leftover after parsing attributes in process `syz.1.4825'. [ 1413.029725][T30223] FAULT_INJECTION: forcing a failure. [ 1413.029725][T30223] name failslab, interval 1, probability 0, space 0, times 0 [ 1413.066280][T30223] CPU: 0 UID: 0 PID: 30223 Comm: syz.3.4826 Tainted: G U 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 1413.066323][T30223] Tainted: [U]=USER [ 1413.066331][T30223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1413.066346][T30223] Call Trace: [ 1413.066354][T30223] [ 1413.066364][T30223] dump_stack_lvl+0x16c/0x1f0 [ 1413.066403][T30223] should_fail_ex+0x512/0x640 [ 1413.066436][T30223] ? fs_reclaim_acquire+0xae/0x150 [ 1413.066466][T30223] ? tomoyo_encode2+0x100/0x3e0 [ 1413.066496][T30223] should_failslab+0xc2/0x120 [ 1413.066520][T30223] __kmalloc_noprof+0xd2/0x510 [ 1413.066561][T30223] tomoyo_encode2+0x100/0x3e0 [ 1413.066594][T30223] tomoyo_encode+0x29/0x50 [ 1413.066622][T30223] tomoyo_realpath_from_path+0x18f/0x6e0 [ 1413.066658][T30223] ? tomoyo_profile+0x47/0x60 [ 1413.066694][T30223] tomoyo_path_number_perm+0x245/0x580 [ 1413.066719][T30223] ? tomoyo_path_number_perm+0x237/0x580 [ 1413.066750][T30223] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1413.066779][T30223] ? find_held_lock+0x2b/0x80 [ 1413.066841][T30223] ? find_held_lock+0x2b/0x80 [ 1413.066864][T30223] ? hook_file_ioctl_common+0x145/0x410 [ 1413.066896][T30223] ? __fget_files+0x20e/0x3c0 [ 1413.066931][T30223] security_file_ioctl+0x9b/0x240 [ 1413.066961][T30223] __x64_sys_ioctl+0xb7/0x210 [ 1413.066991][T30223] do_syscall_64+0xcd/0x490 [ 1413.067028][T30223] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1413.067054][T30223] RIP: 0033:0x7f4b8778e929 [ 1413.067076][T30223] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1413.067097][T30223] RSP: 002b:00007f4b885f1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1413.067120][T30223] RAX: ffffffffffffffda RBX: 00007f4b879b6080 RCX: 00007f4b8778e929 [ 1413.067136][T30223] RDX: 0000000000000038 RSI: 000000004038ae7a RDI: 0000000000000003 [ 1413.067151][T30223] RBP: 00007f4b885f1090 R08: 0000000000000000 R09: 0000000000000000 [ 1413.067166][T30223] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1413.067181][T30223] R13: 0000000000000000 R14: 00007f4b879b6080 R15: 00007ffe138498e8 [ 1413.067215][T30223] [ 1413.067236][T30223] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1413.646321][T30250] raw_sendmsg: syz.5.4832 forgot to set AF_INET. Fix it! [ 1415.191706][T30284] netlink: 330 bytes leftover after parsing attributes in process `syz.5.4836'. [ 1415.296428][T30284] : renamed from hsr0 (while UP) [ 1416.116871][T30298] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1416.267924][T30298] [U]  [ 1416.270790][T30298] [U] [ 1416.273516][T30298] [U] [ 1416.276243][T30298] [U] [ 1416.280628][T30298] [U] [ 1416.283373][T30298] [U] [ 1416.286089][T30298] [U] [ 1416.288810][T30298] [U] [ 1416.329730][T30298] [U] [ 1416.332513][T30298] [U] [ 1416.335219][T30298] [U] [ 1416.337899][T30298] [U] [ 1416.343477][T30298] [U] [ 1416.346239][T30298] [U] [ 1416.348961][T30298] [U] [ 1416.351689][T30298] [U] [ 1416.388088][T30298] [U] [ 1416.390862][T30298] [U] [ 1416.393590][T30298] [U] [ 1416.396315][T30298] [U] [ 1416.406576][T30298] [U] [ 1416.409337][T30298] [U] [ 1416.412069][T30298] [U] [ 1416.414789][T30298] [U] [ 1416.418076][T30298] [U] [ 1416.420811][T30298] [U] [ 1416.423554][T30298] [U] [ 1416.426279][T30298] [U] [ 1416.441230][T30298] [U] [ 1416.443986][T30298] [U] [ 1416.446706][T30298] [U] [ 1416.449436][T30298] [U] [ 1416.459384][T30298] [U] [ 1416.462148][T30298] [U] [ 1416.464873][T30298] [U] [ 1416.467596][T30298] [U] [ 1416.471791][T30298] [U] [ 1416.474542][T30298] [U] [ 1416.477272][T30298] [U] [ 1416.480010][T30298] [U] [ 1416.499400][T30298] [U] [ 1416.502187][T30298] [U] [ 1416.504922][T30298] [U] [ 1416.507655][T30298] [U] [ 1416.532158][T30298] [U] [ 1416.534932][T30298] [U] [ 1416.537658][T30298] [U] [ 1416.540387][T30298] [U] [ 1416.599525][T30298] [U] [ 1416.602299][T30298] [U] [ 1416.603661][T30311] FAULT_INJECTION: forcing a failure. [ 1416.603661][T30311] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1416.604996][T30298] [U] [ 1416.620703][T30298] [U] [ 1416.635226][T30298] [U] [ 1416.637964][T30298] [U] [ 1416.640651][T30298] [U] [ 1416.643334][T30298] [U] [ 1416.647063][T30298] [U] [ 1416.649806][T30298] [U] [ 1416.652516][T30298] [U] [ 1416.655213][T30298] [U] [ 1416.678294][T30318] FAULT_INJECTION: forcing a failure. [ 1416.678294][T30318] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1416.693579][T30318] CPU: 0 UID: 0 PID: 30318 Comm: syz.6.4843 Tainted: G U 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 1416.693606][T30318] Tainted: [U]=USER [ 1416.693612][T30318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1416.693622][T30318] Call Trace: [ 1416.693628][T30318] [ 1416.693634][T30318] dump_stack_lvl+0x16c/0x1f0 [ 1416.693661][T30318] should_fail_ex+0x512/0x640 [ 1416.693686][T30318] should_fail_alloc_page+0xe7/0x130 [ 1416.693703][T30318] prepare_alloc_pages+0x3c2/0x610 [ 1416.693725][T30318] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 1416.693747][T30318] ? mas_next_slot+0x12d3/0x21b0 [ 1416.693761][T30318] ? __up_read+0x1f8/0x750 [ 1416.693786][T30318] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1416.693808][T30318] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1416.693829][T30318] ? mas_find+0x2f6/0x530 [ 1416.693842][T30318] ? validate_mm+0x40a/0x570 [ 1416.693868][T30318] ? __lock_acquire+0xb8a/0x1c90 [ 1416.693887][T30318] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1416.693911][T30318] ? policy_nodemask+0xea/0x4e0 [ 1416.693926][T30318] alloc_pages_mpol+0x1fb/0x550 [ 1416.693941][T30318] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1416.693954][T30318] ? __pud_alloc+0x521/0x750 [ 1416.693974][T30318] alloc_pages_noprof+0x131/0x390 [ 1416.693988][T30318] __pmd_alloc+0x3b/0x930 [ 1416.694006][T30318] move_page_tables+0x28c8/0x4070 [ 1416.694032][T30318] ? __pfx_copy_vma+0x10/0x10 [ 1416.694051][T30318] ? finish_task_switch.isra.0+0x21c/0xc10 [ 1416.694070][T30318] ? __pfx_move_page_tables+0x10/0x10 [ 1416.694090][T30318] ? register_lock_class+0x41/0x4c0 [ 1416.694108][T30318] ? rcu_is_watching+0x12/0xc0 [ 1416.694131][T30318] ? find_held_lock+0x2b/0x80 [ 1416.694147][T30318] copy_vma_and_data+0x216/0x750 [ 1416.694170][T30318] ? __pfx_copy_vma_and_data+0x10/0x10 [ 1416.694195][T30318] ? __vma_enter_locked+0x163/0x3f0 [ 1416.694215][T30318] ? find_held_lock+0x2b/0x80 [ 1416.694229][T30318] ? move_vma+0x536/0x1740 [ 1416.694253][T30318] move_vma+0x548/0x1740 [ 1416.694277][T30318] ? __pfx_move_vma+0x10/0x10 [ 1416.694296][T30318] ? mm_get_unmapped_area+0x95/0xe0 [ 1416.694313][T30318] ? shmem_get_unmapped_area+0x170/0xa00 [ 1416.694332][T30318] ? cap_mmap_addr+0x4b/0x120 [ 1416.694346][T30318] ? bpf_lsm_mmap_addr+0x9/0x10 [ 1416.694361][T30318] ? security_mmap_addr+0x6c/0x1e0 [ 1416.694379][T30318] ? __get_unmapped_area+0x267/0x440 [ 1416.694397][T30318] ? vrm_set_new_addr+0x208/0x290 [ 1416.694418][T30318] __do_sys_mremap+0xe07/0x1590 [ 1416.694441][T30318] ? __pfx___do_sys_mremap+0x10/0x10 [ 1416.694467][T30318] ? __fget_files+0x204/0x3c0 [ 1416.694491][T30318] ? __x64_sys_futex+0x1e0/0x4c0 [ 1416.694533][T30318] do_syscall_64+0xcd/0x490 [ 1416.694558][T30318] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1416.694573][T30318] RIP: 0033:0x7f18fe58e929 [ 1416.694586][T30318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1416.694601][T30318] RSP: 002b:00007f18ff35d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1416.694615][T30318] RAX: ffffffffffffffda RBX: 00007f18fe7b6240 RCX: 00007f18fe58e929 [ 1416.694625][T30318] RDX: 0000000000000008 RSI: 0000000000000002 RDI: 0000000000000000 [ 1416.694635][T30318] RBP: 00007f18fe610b39 R08: 00007effffffb000 R09: 0000000000000000 [ 1416.694644][T30318] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 1416.694653][T30318] R13: 0000000000000000 R14: 00007f18fe7b6240 R15: 00007ffd692d31c8 [ 1416.694672][T30318] [ 1417.066577][T30311] CPU: 0 UID: 0 PID: 30311 Comm: syz.3.4842 Tainted: G U 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 1417.066605][T30311] Tainted: [U]=USER [ 1417.066610][T30311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1417.066620][T30311] Call Trace: [ 1417.066625][T30311] [ 1417.066631][T30311] dump_stack_lvl+0x16c/0x1f0 [ 1417.066657][T30311] should_fail_ex+0x512/0x640 [ 1417.066682][T30311] _copy_from_user+0x2e/0xd0 [ 1417.066705][T30311] kvm_arch_vm_ioctl+0xa33/0x1cf0 [ 1417.066723][T30311] ? ima_match_policy+0x7f9/0x22e0 [ 1417.066740][T30311] ? __pfx_kvm_arch_vm_ioctl+0x10/0x10 [ 1417.066757][T30311] ? __lock_acquire+0x622/0x1c90 [ 1417.066780][T30311] ? __lock_acquire+0x622/0x1c90 [ 1417.066803][T30311] ? __lock_acquire+0x622/0x1c90 [ 1417.066841][T30311] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1417.066859][T30311] ? is_bpf_text_address+0x94/0x1a0 [ 1417.066880][T30311] ? kernel_text_address+0x8d/0x100 [ 1417.066903][T30311] ? __kernel_text_address+0xd/0x40 [ 1417.066924][T30311] ? unwind_get_return_address+0x59/0xa0 [ 1417.066947][T30311] ? arch_stack_walk+0xa6/0x100 [ 1417.066977][T30311] ? stack_trace_save+0x8e/0xc0 [ 1417.066992][T30311] ? __pfx_stack_trace_save+0x10/0x10 [ 1417.067008][T30311] ? stack_depot_save_flags+0x28/0xa40 [ 1417.067030][T30311] ? __lock_acquire+0xb8a/0x1c90 [ 1417.067050][T30311] ? kasan_save_stack+0x42/0x60 [ 1417.067071][T30311] ? kasan_save_stack+0x33/0x60 [ 1417.067091][T30311] ? kasan_save_track+0x14/0x30 [ 1417.067111][T30311] ? kasan_save_free_info+0x3b/0x60 [ 1417.067127][T30311] ? __kasan_slab_free+0x51/0x70 [ 1417.067148][T30311] ? kfree+0x2b4/0x4d0 [ 1417.067165][T30311] ? tomoyo_path_number_perm+0x470/0x580 [ 1417.067181][T30311] ? security_file_ioctl+0x9b/0x240 [ 1417.067197][T30311] ? __x64_sys_ioctl+0xb7/0x210 [ 1417.067213][T30311] ? do_syscall_64+0xcd/0x490 [ 1417.067238][T30311] kvm_vm_ioctl+0x19bb/0x3da0 [ 1417.067268][T30311] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 1417.067299][T30311] ? kasan_quarantine_put+0x10a/0x240 [ 1417.067320][T30311] ? lockdep_hardirqs_on+0x7c/0x110 [ 1417.067343][T30311] ? find_held_lock+0x2b/0x80 [ 1417.067357][T30311] ? tomoyo_path_number_perm+0x295/0x580 [ 1417.067377][T30311] ? tomoyo_path_number_perm+0x18d/0x580 [ 1417.067395][T30311] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1417.067412][T30311] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1417.067435][T30311] ? do_vfs_ioctl+0x523/0x1a60 [ 1417.067452][T30311] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 1417.067486][T30311] ? find_held_lock+0x2b/0x80 [ 1417.067499][T30311] ? hook_file_ioctl_common+0x145/0x410 [ 1417.067519][T30311] ? __fget_files+0x20e/0x3c0 [ 1417.067541][T30311] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 1417.067564][T30311] __x64_sys_ioctl+0x18b/0x210 [ 1417.067582][T30311] do_syscall_64+0xcd/0x490 [ 1417.067605][T30311] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1417.067620][T30311] RIP: 0033:0x7f4b8778e929 [ 1417.067633][T30311] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1417.067648][T30311] RSP: 002b:00007f4b885d0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1417.067662][T30311] RAX: ffffffffffffffda RBX: 00007f4b879b6160 RCX: 00007f4b8778e929 [ 1417.067672][T30311] RDX: 0000000000000038 RSI: 000000004038ae7a RDI: 0000000000000003 [ 1417.067681][T30311] RBP: 00007f4b885d0090 R08: 0000000000000000 R09: 0000000000000000 [ 1417.067690][T30311] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1417.067698][T30311] R13: 0000000000000000 R14: 00007f4b879b6160 R15: 00007ffe138498e8 [ 1417.067716][T30311] [ 1417.458719][T30298] [U] [ 1420.517359][T30381] FAULT_INJECTION: forcing a failure. [ 1420.517359][T30381] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1420.540514][T30386] sd 0:0:1:0: PR command failed: 1026 [ 1420.545973][T30386] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1420.557631][T30386] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1420.593980][T30381] CPU: 0 UID: 0 PID: 30381 Comm: syz.3.4853 Tainted: G U 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 1420.594024][T30381] Tainted: [U]=USER [ 1420.594032][T30381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1420.594048][T30381] Call Trace: [ 1420.594057][T30381] [ 1420.594067][T30381] dump_stack_lvl+0x16c/0x1f0 [ 1420.594107][T30381] should_fail_ex+0x512/0x640 [ 1420.594145][T30381] _copy_to_user+0x32/0xd0 [ 1420.594184][T30381] simple_read_from_buffer+0xcb/0x170 [ 1420.594217][T30381] proc_fail_nth_read+0x197/0x270 [ 1420.594248][T30381] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1420.594280][T30381] ? rw_verify_area+0xcf/0x680 [ 1420.594310][T30381] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1420.594338][T30381] vfs_read+0x1e4/0xc60 [ 1420.594375][T30381] ? __pfx___mutex_lock+0x10/0x10 [ 1420.594411][T30381] ? __pfx_vfs_read+0x10/0x10 [ 1420.594452][T30381] ? __fget_files+0x20e/0x3c0 [ 1420.594495][T30381] ksys_read+0x12a/0x250 [ 1420.594531][T30381] ? __pfx_ksys_read+0x10/0x10 [ 1420.594564][T30381] ? fput+0x70/0xf0 [ 1420.594593][T30381] do_syscall_64+0xcd/0x490 [ 1420.594630][T30381] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1420.594656][T30381] RIP: 0033:0x7f4b8778d33c [ 1420.594676][T30381] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1420.594699][T30381] RSP: 002b:00007f4b885f1030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1420.594723][T30381] RAX: ffffffffffffffda RBX: 00007f4b879b6080 RCX: 00007f4b8778d33c [ 1420.594741][T30381] RDX: 000000000000000f RSI: 00007f4b885f10a0 RDI: 0000000000000005 [ 1420.594756][T30381] RBP: 00007f4b885f1090 R08: 0000000000000000 R09: 0000000000000000 [ 1420.594772][T30381] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1420.594787][T30381] R13: 0000000000000000 R14: 00007f4b879b6080 R15: 00007ffe138498e8 [ 1420.594821][T30381] [ 1421.544312][T30404] ima: policy update failed [ 1421.580069][ T30] audit: type=1802 audit(4294972590.002:28): pid=30404 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.4861" res=0 errno=0 [ 1422.204274][T30424] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1423.056059][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1423.065246][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1423.822161][T30440] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1423.923521][T30447] FAULT_INJECTION: forcing a failure. [ 1423.923521][T30447] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1424.068777][T30447] CPU: 0 UID: 0 PID: 30447 Comm: syz.5.4867 Tainted: G U 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 1424.068822][T30447] Tainted: [U]=USER [ 1424.068832][T30447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1424.068849][T30447] Call Trace: [ 1424.068858][T30447] [ 1424.068869][T30447] dump_stack_lvl+0x16c/0x1f0 [ 1424.068911][T30447] should_fail_ex+0x512/0x640 [ 1424.068951][T30447] get_futex_key+0x1d0/0x1540 [ 1424.068994][T30447] ? __pfx_get_futex_key+0x10/0x10 [ 1424.069037][T30447] futex_wake+0xea/0x530 [ 1424.069069][T30447] ? __pfx_futex_wait+0x10/0x10 [ 1424.069101][T30447] ? __pfx_futex_wake+0x10/0x10 [ 1424.069140][T30447] ? find_held_lock+0x2b/0x80 [ 1424.069173][T30447] do_futex+0x1e3/0x350 [ 1424.069204][T30447] ? __pfx_do_futex+0x10/0x10 [ 1424.069243][T30447] __x64_sys_futex+0x1e0/0x4c0 [ 1424.069275][T30447] ? __pfx___do_sys_fsconfig+0x10/0x10 [ 1424.069301][T30447] ? __pfx___x64_sys_futex+0x10/0x10 [ 1424.069346][T30447] do_syscall_64+0xcd/0x490 [ 1424.069386][T30447] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1424.069412][T30447] RIP: 0033:0x7fee1498e929 [ 1424.069433][T30447] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1424.069456][T30447] RSP: 002b:00007fee1571b0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1424.069483][T30447] RAX: ffffffffffffffda RBX: 00007fee14bb5fa8 RCX: 00007fee1498e929 [ 1424.069502][T30447] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fee14bb5fac [ 1424.069519][T30447] RBP: 00007fee14bb5fa0 R08: 00007fee1571c000 R09: 0000000000000000 [ 1424.069536][T30447] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007fee14bb5fac [ 1424.069553][T30447] R13: 0000000000000000 R14: 00007ffd316f2660 R15: 00007ffd316f2748 [ 1424.069588][T30447] [ 1424.375623][T30438] kexec: Could not allocate control_code_buffer [ 1424.449547][T30450] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4868'. [ 1424.494010][T30450] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4868'. [ 1424.571896][T30450] netlink: 354 bytes leftover after parsing attributes in process `syz.1.4868'. [ 1425.729480][T30460] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1425.766387][T30460] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1425.799532][T30460] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1425.812632][T30460] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1425.828883][T30460] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1425.857976][T30460] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1425.967020][T30460] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1426.468229][T30502] usb usb8: usbfs: interface 0 claimed by hub while 'syz.5.4878' sets config #0 [ 1426.938900][T30526] FAULT_INJECTION: forcing a failure. [ 1426.938900][T30526] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1426.972128][T30526] CPU: 1 UID: 0 PID: 30526 Comm: syz.1.4883 Tainted: G U 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 1426.972163][T30526] Tainted: [U]=USER [ 1426.972169][T30526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1426.972178][T30526] Call Trace: [ 1426.972184][T30526] [ 1426.972191][T30526] dump_stack_lvl+0x16c/0x1f0 [ 1426.972219][T30526] should_fail_ex+0x512/0x640 [ 1426.972240][T30526] ? find_held_lock+0x2b/0x80 [ 1426.972257][T30526] get_futex_key+0x1d0/0x1540 [ 1426.972277][T30526] ? __pfx_get_futex_key+0x10/0x10 [ 1426.972299][T30526] futex_wake+0xea/0x530 [ 1426.972321][T30526] ? __pfx_futex_wake+0x10/0x10 [ 1426.972341][T30526] ? __pfx_proc_pid_cmdline_read+0x10/0x10 [ 1426.972361][T30526] ? ksys_read+0x190/0x250 [ 1426.972385][T30526] do_futex+0x1e3/0x350 [ 1426.972402][T30526] ? __pfx_do_futex+0x10/0x10 [ 1426.972425][T30526] __x64_sys_futex+0x1e0/0x4c0 [ 1426.972443][T30526] ? fput+0x70/0xf0 [ 1426.972456][T30526] ? __pfx___x64_sys_futex+0x10/0x10 [ 1426.972472][T30526] ? ksys_read+0x1ac/0x250 [ 1426.972491][T30526] ? __pfx_ksys_read+0x10/0x10 [ 1426.972516][T30526] do_syscall_64+0xcd/0x490 [ 1426.972538][T30526] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1426.972553][T30526] RIP: 0033:0x7f3c15b8e929 [ 1426.972566][T30526] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1426.972580][T30526] RSP: 002b:00007f3c16a670e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1426.972595][T30526] RAX: ffffffffffffffda RBX: 00007f3c15db5fa8 RCX: 00007f3c15b8e929 [ 1426.972605][T30526] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f3c15db5fac [ 1426.972613][T30526] RBP: 00007f3c15db5fa0 R08: 00007f3c16a68000 R09: 0000000000000000 [ 1426.972622][T30526] R10: 0000000000000014 R11: 0000000000000246 R12: 00007f3c15db5fac [ 1426.972632][T30526] R13: 0000000000000000 R14: 00007ffd6242c880 R15: 00007ffd6242c968 [ 1426.972650][T30526] [ 1427.229832][T30523] sd 0:0:1:0: PR command failed: 1026 [ 1427.235338][T30523] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1427.239106][T15634] Bluetooth: hci0: command 0x041b tx timeout [ 1427.242182][T30523] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1427.290028][T30526] netlink: 206 bytes leftover after parsing attributes in process `syz.1.4883'. [ 1427.829314][T15634] Bluetooth: hci2: command 0x0c1a tx timeout [ 1427.835661][T27382] Bluetooth: hci1: command 0x0c1a tx timeout [ 1427.842338][T15634] Bluetooth: hci4: command 0x0419 tx timeout [ 1428.346032][T15683] EXT4-fs (sda1): Delayed block allocation failed for inode 2031 at logical offset 3201 with max blocks 324 with error 117 [ 1428.686683][T15683] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1428.686683][T15683] [ 1429.029802][T30552] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4888'. [ 1429.912182][T15612] Bluetooth: hci2: command 0x0c1a tx timeout [ 1429.918725][T30539] Bluetooth: hci1: command 0x0c1a tx timeout [ 1430.386168][T15612] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1430.396747][T15612] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1430.408648][T15612] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1430.417642][T15612] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1430.425527][T15612] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1431.349507][T30592] sd 0:0:1:0: PR command failed: 1026 [ 1431.356614][T30592] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1431.389374][T30592] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1431.408800][T25073] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1431.455533][T30579] chnl_net:caif_netlink_parms(): no params data found [ 1431.705177][T25073] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1431.991020][T15612] Bluetooth: hci2: command 0x0c1a tx timeout [ 1431.999665][T25073] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1432.176080][T25073] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1432.534985][T30579] bridge0: port 1(bridge_slave_0) entered blocking state [ 1432.549236][T15612] Bluetooth: hci3: command tx timeout [ 1432.563301][T30579] bridge0: port 1(bridge_slave_0) entered disabled state [ 1432.589591][T30579] bridge_slave_0: entered allmulticast mode [ 1432.597506][T30579] bridge_slave_0: entered promiscuous mode [ 1432.664939][T30579] bridge0: port 2(bridge_slave_1) entered blocking state [ 1432.672260][T30579] bridge0: port 2(bridge_slave_1) entered disabled state [ 1432.679780][T30579] bridge_slave_1: entered allmulticast mode [ 1432.688855][T30579] bridge_slave_1: entered promiscuous mode [ 1432.820884][T30579] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1432.932742][T30579] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1433.597062][T30579] team0: Port device team_slave_0 added [ 1433.621090][T25073] bridge_slave_1: left allmulticast mode [ 1433.644528][T25073] bridge_slave_1: left promiscuous mode [ 1433.651929][T25073] bridge0: port 2(bridge_slave_1) entered disabled state [ 1433.702693][T25073] bridge_slave_0: left allmulticast mode [ 1433.708441][T25073] bridge_slave_0: left promiscuous mode [ 1433.716380][T25073] bridge0: port 1(bridge_slave_0) entered disabled state [ 1434.630076][T15612] Bluetooth: hci3: command tx timeout [ 1435.072809][T25073] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1435.090915][T25073] bond0 (unregistering): Released all slaves [ 1435.133723][T30579] team0: Port device team_slave_1 added [ 1435.158309][T30634] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 1435.381416][T30579] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1435.399086][T30579] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1435.619475][T30579] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1435.681068][T30579] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1435.688077][T30579] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1435.714796][T30579] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1436.082446][T30654] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1436.121890][T15612] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 1436.121924][T15612] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 1436.139512][T15612] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 1436.139584][T15612] Bluetooth: hci2: adv larger than maximum supported [ 1436.148795][T15612] Bluetooth: hci2: Malformed LE Event: 0x0d [ 1436.170729][T30579] hsr_slave_0: entered promiscuous mode [ 1436.178811][T30579] hsr_slave_1: entered promiscuous mode [ 1436.188106][T30579] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1436.208544][T30579] Cannot create hsr debugfs directory [ 1436.719284][T15612] Bluetooth: hci3: command tx timeout [ 1437.076733][T30669] usb usb28: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 1437.350790][T25073] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1437.362878][T25073] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1437.390430][T25073] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1437.399382][T25073] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1437.511237][T25073] veth1_macvtap: left promiscuous mode [ 1437.525761][T25073] veth0_macvtap: left promiscuous mode [ 1437.547535][T25073] veth1_vlan: left promiscuous mode [ 1437.567806][T25073] veth0_vlan: left promiscuous mode [ 1438.789130][T15612] Bluetooth: hci3: command tx timeout [ 1439.325277][T30715] Invalid ELF header magic: != ELF [ 1439.746450][T25073] team0 (unregistering): Port device team_slave_1 removed [ 1439.823169][T25073] team0 (unregistering): Port device team_slave_0 removed [ 1440.700758][T30579] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1440.728336][T30579] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1440.738050][T30579] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1440.754854][T30579] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1441.232560][T30579] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1441.535386][T30579] 8021q: adding VLAN 0 to HW filter on device team0 [ 1441.577436][T20684] bridge0: port 1(bridge_slave_0) entered blocking state [ 1441.584605][T20684] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1441.677093][T20684] bridge0: port 2(bridge_slave_1) entered blocking state [ 1441.684243][T20684] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1442.030883][T30760] FAULT_INJECTION: forcing a failure. [ 1442.030883][T30760] name failslab, interval 1, probability 0, space 0, times 0 [ 1442.069318][T30760] CPU: 0 UID: 0 PID: 30760 Comm: syz.5.4929 Tainted: G U 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 1442.069360][T30760] Tainted: [U]=USER [ 1442.069370][T30760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1442.069386][T30760] Call Trace: [ 1442.069394][T30760] [ 1442.069404][T30760] dump_stack_lvl+0x16c/0x1f0 [ 1442.069448][T30760] should_fail_ex+0x512/0x640 [ 1442.069482][T30760] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1442.069520][T30760] should_failslab+0xc2/0x120 [ 1442.069545][T30760] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1442.069580][T30760] ? __pmd_alloc+0xbf/0x930 [ 1442.069608][T30760] __pmd_alloc+0xbf/0x930 [ 1442.069657][T30760] ? __pud_alloc+0x526/0x750 [ 1442.069684][T30760] walk_to_pmd+0x3b1/0x4d0 [ 1442.069725][T30760] __get_locked_pte+0x25/0xc0 [ 1442.069758][T30760] map_ldt_struct+0x3b0/0xa60 [ 1442.069800][T30760] ? __pfx_map_ldt_struct+0x10/0x10 [ 1442.069837][T30760] ? alloc_pages_noprof+0x23c/0x390 [ 1442.069866][T30760] write_ldt+0x8fa/0xd20 [ 1442.069908][T30760] ? __pfx_write_ldt+0x10/0x10 [ 1442.069958][T30760] __x64_sys_modify_ldt+0xb1/0x170 [ 1442.069995][T30760] do_syscall_64+0xcd/0x490 [ 1442.070032][T30760] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1442.070059][T30760] RIP: 0033:0x7fee1498e929 [ 1442.070084][T30760] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1442.070109][T30760] RSP: 002b:00007fee1571b038 EFLAGS: 00000246 ORIG_RAX: 000000000000009a [ 1442.070134][T30760] RAX: ffffffffffffffda RBX: 00007fee14bb5fa0 RCX: 00007fee1498e929 [ 1442.070151][T30760] RDX: 0000000000000010 RSI: 00002000000001c0 RDI: 0000000000000001 [ 1442.070168][T30760] RBP: 00007fee14a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 1442.070184][T30760] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1442.070199][T30760] R13: 0000000000000000 R14: 00007fee14bb5fa0 R15: 00007ffd316f2748 [ 1442.070235][T30760] [ 1442.327186][T30579] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1442.443908][T30579] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1442.865370][T30579] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1442.974243][T30579] veth0_vlan: entered promiscuous mode [ 1442.992925][T30579] veth1_vlan: entered promiscuous mode [ 1443.086130][T30579] veth0_macvtap: entered promiscuous mode [ 1443.127246][T30579] veth1_macvtap: entered promiscuous mode [ 1443.163296][T30579] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1443.331897][T30579] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1443.374632][T30579] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1443.384056][T30579] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1443.393149][T30579] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1443.402195][T30579] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1444.178372][T15683] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1444.214617][T15683] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1444.419831][T15622] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1444.462507][T15622] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1445.463298][T30863] sd 0:0:1:0: PR command failed: 1026 [ 1445.468782][T30863] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1445.475671][T30863] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1446.203928][T30892] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4947'. [ 1446.339187][T30892] vlan1: left allmulticast mode [ 1446.344868][T30892] veth0_vlan: left allmulticast mode [ 1446.371157][T30892] vlan1: left promiscuous mode [ 1446.402223][T30892] bridge0: port 3(vlan1) entered disabled state [ 1446.411950][T30892] bridge_slave_1: left allmulticast mode [ 1446.466574][T30892] bridge_slave_1: left promiscuous mode [ 1446.568424][T30892] bridge0: port 2(bridge_slave_1) entered disabled state [ 1446.600925][T30892] bridge_slave_0: left allmulticast mode [ 1446.606626][T30892] bridge_slave_0: left promiscuous mode [ 1446.736928][T30892] bridge0: port 1(bridge_slave_0) entered disabled state [ 1447.343082][T30910] Invalid ELF header magic: != ELF [ 1448.040939][T30928] sd 0:0:1:0: PR command failed: 1026 [ 1448.046424][T30928] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1448.141243][T30928] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1448.249214][T30931] netlink: 342 bytes leftover after parsing attributes in process `syz.6.4954'. [ 1449.149473][T30954] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present [ 1450.604962][T31004] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4965'. [ 1450.615750][T31003] sd 0:0:1:0: PR command failed: 1026 [ 1450.624958][T31005] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4965'. [ 1450.644208][T31003] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1450.667614][T31003] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1452.302475][T31054] vivid-007: ================= START STATUS ================= [ 1452.310475][T31054] vivid-007: Generate PTS: true [ 1452.315420][T31054] vivid-007: Generate SCR: true [ 1452.324966][T31054] tpg source WxH: 320x240 (Y'CbCr) [ 1452.336864][T31054] tpg field: 1 [ 1452.349352][T31054] tpg crop: (0,0)/320x240 [ 1452.395137][T31054] tpg compose: (0,0)/320x240 [ 1452.448053][T31054] tpg colorspace: 8 [ 1452.489429][T31054] tpg transfer function: 0/0 [ 1452.506280][T31054] tpg Y'CbCr encoding: 0/0 [ 1452.524639][T31054] tpg quantization: 0/0 [ 1452.572782][T31054] tpg RGB range: 0/2 [ 1452.676559][T31054] vivid-007: ================== END STATUS ================== [ 1453.531174][T15612] Bluetooth: hci4: unexpected event 0x3e length: 508 > 260 [ 1453.531212][T15612] Bluetooth: hci4: unexpected subevent 0x02 length: 507 > 260 [ 1453.546238][T15612] Bluetooth: hci4: Dropping invalid advertising data [ 1453.562421][T15612] Bluetooth: hci4: unknown advertising packet type: 0xe9 [ 1453.562462][T15612] Bluetooth: hci4: Dropping invalid advertising data [ 1453.581884][T15612] Bluetooth: hci4: Malformed LE Event: 0x02 [ 1454.688458][T31120] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input111 [ 1455.415915][T31138] Invalid ELF header magic: != ELF [ 1456.699741][T31163] ubi0: attaching mtd0 [ 1456.705646][T31163] ubi0: scanning is finished [ 1456.744389][T31163] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1457.050424][T31157] netlink: 52 bytes leftover after parsing attributes in process `syz.3.4996'. [ 1457.108321][T31163] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1457.732917][T31174] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1458.471773][T31182] vivid-007: ================= START STATUS ================= [ 1458.539879][T31182] vivid-007: Generate PTS: true [ 1458.574714][T31184] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input112 [ 1458.653678][T31182] vivid-007: Generate SCR: true [ 1458.658626][T31182] tpg source WxH: 320x240 (Y'CbCr) [ 1458.696719][T31182] tpg field: 1 [ 1458.723382][T31182] tpg crop: (0,0)/320x240 [ 1458.743501][T31182] tpg compose: (0,0)/320x240 [ 1458.769388][T31182] tpg colorspace: 8 [ 1458.809175][T31182] tpg transfer function: 0/0 [ 1458.813826][T31182] tpg Y'CbCr encoding: 0/0 [ 1458.823544][T31182] tpg quantization: 0/0 [ 1458.827747][T31182] tpg RGB range: 0/2 [ 1458.835104][T31195] program syz.3.5002 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1458.884398][T31182] vivid-007: ================== END STATUS ================== [ 1458.894523][T31195] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 1460.373208][T31224] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5009'. [ 1460.448846][T31233] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input113 [ 1460.930405][T31247] Invalid ELF header magic: != ELF [ 1461.147815][T31245] zswap: compressor 000 not available [ 1461.693426][T31274] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5020'. [ 1462.050685][T31287] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input114 [ 1462.066430][T31288] netlink: 'syz.6.5023': attribute type 1 has an invalid length. [ 1462.100853][T31289] netlink: 338 bytes leftover after parsing attributes in process `syz.1.5022'. [ 1462.296659][T31295] sd 0:0:1:0: PR command failed: 1026 [ 1462.323223][T31295] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1462.336884][T31295] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1463.782312][T31307] kexec: Could not allocate control_code_buffer [ 1464.500606][T31355] sd 0:0:1:0: PR command failed: 1026 [ 1464.561420][T31355] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1464.609925][T31355] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1467.407724][T31420] sd 0:0:1:0: PR command failed: 1026 [ 1467.414934][T31420] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1467.464784][T31420] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1468.087901][T31438] openvswitch: netlink: Multiple metadata blocks provided [ 1470.514516][T31487] netlink: 330 bytes leftover after parsing attributes in process `syz.1.5070'. [ 1470.526473][T31497] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input115 [ 1470.538327][T31497] netlink: 338 bytes leftover after parsing attributes in process `syz.3.5071'. [ 1470.626845][T31487] device-mapper: ioctl: Invalid ioctl structure: uuid , name , dev 400008000010006 [ 1473.341955][T31558] vivid-007: ================= START STATUS ================= [ 1473.388441][T31558] vivid-007: Generate PTS: true [ 1473.413325][T31558] vivid-007: Generate SCR: true [ 1473.437046][T31558] tpg source WxH: 320x240 (Y'CbCr) [ 1473.445926][T31558] tpg field: 1 [ 1473.472730][T31558] tpg crop: (0,0)/320x240 [ 1473.524873][T31558] tpg compose: (0,0)/320x240 [ 1473.533168][T31558] tpg colorspace: 8 [ 1473.603636][T31558] tpg transfer function: 0/0 [ 1473.640199][T31558] tpg Y'CbCr encoding: 0/0 [ 1473.651776][T31558] tpg quantization: 0/0 [ 1473.659097][T31558] tpg RGB range: 0/2 [ 1473.663287][T31558] vivid-007: ================== END STATUS ================== [ 1474.737558][T31583] vivid-007: ================= START STATUS ================= [ 1474.829196][T31583] vivid-007: Generate PTS: true [ 1474.834136][T31583] vivid-007: Generate SCR: true [ 1474.869904][T31583] tpg source WxH: 320x240 (Y'CbCr) [ 1474.875095][T31583] tpg field: 1 [ 1474.878482][T31583] tpg crop: (0,0)/320x240 [ 1474.980511][T31587] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input116 [ 1474.999811][T31583] tpg compose: (0,0)/320x240 [ 1475.011203][T31583] tpg colorspace: 8 [ 1475.015086][T31583] tpg transfer function: 0/0 [ 1475.019784][T31583] tpg Y'CbCr encoding: 0/0 [ 1475.024371][T31583] tpg quantization: 0/0 [ 1475.028628][T31583] tpg RGB range: 0/2 [ 1475.033606][T31583] vivid-007: ================== END STATUS ================== [ 1475.319756][T31596] IPVS: length: 256 != 24 [ 1477.959606][T31656] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input117 [ 1478.380184][T31666] Line length is too long: Should be less than 4094 [ 1479.078210][T31682] netlink: 6168 bytes leftover after parsing attributes in process `syz.3.5116'. [ 1479.667900][T31691] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1481.000199][T31716] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input118 [ 1481.283679][T31728] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5125'. [ 1481.465859][T31733] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5126'. [ 1482.169658][T31749] FAULT_INJECTION: forcing a failure. [ 1482.169658][T31749] name failslab, interval 1, probability 0, space 0, times 0 [ 1482.169715][T31749] CPU: 1 UID: 0 PID: 31749 Comm: syz.3.5132 Tainted: G U 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 1482.169739][T31749] Tainted: [U]=USER [ 1482.169744][T31749] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1482.169753][T31749] Call Trace: [ 1482.169758][T31749] [ 1482.169764][T31749] dump_stack_lvl+0x16c/0x1f0 [ 1482.169790][T31749] should_fail_ex+0x512/0x640 [ 1482.169812][T31749] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1482.169834][T31749] should_failslab+0xc2/0x120 [ 1482.169848][T31749] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1482.169868][T31749] ? device_create_groups_vargs+0x8a/0x270 [ 1482.169901][T31749] device_create_groups_vargs+0x8a/0x270 [ 1482.169920][T31749] device_create+0xed/0x130 [ 1482.169936][T31749] ? __pfx_device_create+0x10/0x10 [ 1482.169950][T31749] ? do_raw_spin_lock+0x12c/0x2b0 [ 1482.169974][T31749] ? is_console_locked+0x9/0x20 [ 1482.169996][T31749] ? con_is_visible+0x65/0x150 [ 1482.170014][T31749] ? csi_J+0x54a/0xad0 [ 1482.170039][T31749] vcs_make_sysfs+0x32/0x80 [ 1482.170057][T31749] vc_allocate+0x501/0x880 [ 1482.170078][T31749] ? __pfx_vc_allocate+0x10/0x10 [ 1482.170106][T31749] con_install+0xa1/0x600 [ 1482.170128][T31749] ? __pfx_con_install+0x10/0x10 [ 1482.170153][T31749] ? __pfx_con_install+0x10/0x10 [ 1482.170175][T31749] tty_init_dev.part.0+0x99/0x500 [ 1482.170191][T31749] tty_open+0xa50/0xf90 [ 1482.170207][T31749] ? __pfx_tty_open+0x10/0x10 [ 1482.170221][T31749] ? chrdev_open+0x58c/0x6a0 [ 1482.170246][T31749] ? __pfx_tty_open+0x10/0x10 [ 1482.170259][T31749] chrdev_open+0x231/0x6a0 [ 1482.170282][T31749] ? __pfx_chrdev_open+0x10/0x10 [ 1482.170306][T31749] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 1482.170329][T31749] do_dentry_open+0x744/0x1c10 [ 1482.170351][T31749] ? __pfx_chrdev_open+0x10/0x10 [ 1482.170377][T31749] vfs_open+0x82/0x3f0 [ 1482.170395][T31749] path_openat+0x1de4/0x2cb0 [ 1482.170423][T31749] ? __pfx_path_openat+0x10/0x10 [ 1482.170445][T31749] ? __lock_acquire+0xb8a/0x1c90 [ 1482.170466][T31749] do_filp_open+0x20b/0x470 [ 1482.170487][T31749] ? __pfx_do_filp_open+0x10/0x10 [ 1482.170521][T31749] ? alloc_fd+0x471/0x7d0 [ 1482.170546][T31749] do_sys_openat2+0x11b/0x1d0 [ 1482.170561][T31749] ? __pfx_do_sys_openat2+0x10/0x10 [ 1482.170585][T31749] __x64_sys_openat+0x174/0x210 [ 1482.170602][T31749] ? __pfx___x64_sys_openat+0x10/0x10 [ 1482.170626][T31749] do_syscall_64+0xcd/0x490 [ 1482.170650][T31749] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1482.170665][T31749] RIP: 0033:0x7fbe1678e929 [ 1482.170678][T31749] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1482.170693][T31749] RSP: 002b:00007fbe17651038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1482.170707][T31749] RAX: ffffffffffffffda RBX: 00007fbe169b5fa0 RCX: 00007fbe1678e929 [ 1482.170717][T31749] RDX: 0000000000040002 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 1482.170726][T31749] RBP: 00007fbe16810b39 R08: 0000000000000000 R09: 0000000000000000 [ 1482.170735][T31749] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000000 [ 1482.170743][T31749] R13: 0000000000000000 R14: 00007fbe169b5fa0 R15: 00007ffc2586e128 [ 1482.170762][T31749] [ 1483.479550][T31749] tty tty26: ldisc open failed (-12), clearing slot 25 [ 1483.670841][T31778] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input119 [ 1484.484834][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1484.491280][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1485.326487][T31823] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5145'. [ 1485.348359][T31823] ipvlan1: entered allmulticast mode [ 1485.354023][T31823] veth0_vlan: entered allmulticast mode [ 1485.849939][T31832] netlink: set zone limit has 8 unknown bytes [ 1485.898942][T31831] netlink: set zone limit has 8 unknown bytes [ 1487.534000][T31861] FAULT_INJECTION: forcing a failure. [ 1487.534000][T31861] name failslab, interval 1, probability 0, space 0, times 0 [ 1487.547492][T31861] CPU: 0 UID: 0 PID: 31861 Comm: syz.5.5153 Tainted: G U 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 1487.547534][T31861] Tainted: [U]=USER [ 1487.547543][T31861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1487.547558][T31861] Call Trace: [ 1487.547568][T31861] [ 1487.547580][T31861] dump_stack_lvl+0x116/0x1f0 [ 1487.547625][T31861] should_fail_ex+0x512/0x640 [ 1487.547665][T31861] should_failslab+0xc2/0x120 [ 1487.547691][T31861] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1487.547731][T31861] ? __send_signal_locked+0x159/0x12c0 [ 1487.547774][T31861] __send_signal_locked+0x159/0x12c0 [ 1487.547820][T31861] do_send_specific+0x1e8/0x370 [ 1487.547851][T31861] ? __pfx_do_send_specific+0x10/0x10 [ 1487.547879][T31861] ? __task_pid_nr_ns+0x17c/0x500 [ 1487.547921][T31861] do_rt_tgsigqueueinfo+0xa9/0x100 [ 1487.547955][T31861] __x64_sys_rt_tgsigqueueinfo+0x17a/0x210 [ 1487.547991][T31861] ? __pfx___x64_sys_rt_tgsigqueueinfo+0x10/0x10 [ 1487.548044][T31861] do_syscall_64+0xcd/0x490 [ 1487.548083][T31861] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1487.548111][T31861] RIP: 0033:0x7fee1498e929 [ 1487.548134][T31861] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1487.548159][T31861] RSP: 002b:00007fee127f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000129 [ 1487.548184][T31861] RAX: ffffffffffffffda RBX: 00007fee14bb6080 RCX: 00007fee1498e929 [ 1487.548202][T31861] RDX: 000000000000001f RSI: 0000000000000361 RDI: 000000000000035f [ 1487.548218][T31861] RBP: 00007fee14a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 1487.548235][T31861] R10: 0000200000000400 R11: 0000000000000246 R12: 0000000000000000 [ 1487.548251][T31861] R13: 0000000000000000 R14: 00007fee14bb6080 R15: 00007ffd316f2748 [ 1487.548287][T31861] [ 1488.189294][T31877] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1488.281710][T31888] FAULT_INJECTION: forcing a failure. [ 1488.281710][T31888] name failslab, interval 1, probability 0, space 0, times 0 [ 1488.294521][T31888] CPU: 0 UID: 0 PID: 31888 Comm: syz.3.5161 Tainted: G U 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 1488.294547][T31888] Tainted: [U]=USER [ 1488.294553][T31888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1488.294561][T31888] Call Trace: [ 1488.294567][T31888] [ 1488.294573][T31888] dump_stack_lvl+0x16c/0x1f0 [ 1488.294600][T31888] should_fail_ex+0x512/0x640 [ 1488.294621][T31888] ? __kmalloc_cache_node_noprof+0x5a/0x420 [ 1488.294644][T31888] should_failslab+0xc2/0x120 [ 1488.294660][T31888] __kmalloc_cache_node_noprof+0x6d/0x420 [ 1488.294680][T31888] ? __get_vm_area_node+0x101/0x330 [ 1488.294700][T31888] __get_vm_area_node+0x101/0x330 [ 1488.294719][T31888] __vmalloc_node_range_noprof+0x271/0x14b0 [ 1488.294737][T31888] ? kvm_dev_ioctl+0x153/0x1ad0 [ 1488.294765][T31888] ? kvm_dev_ioctl+0x153/0x1ad0 [ 1488.294790][T31888] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1488.294809][T31888] ? snprintf+0xc7/0x100 [ 1488.294831][T31888] ? _raw_spin_unlock+0x28/0x50 [ 1488.294851][T31888] ? kvm_dev_ioctl+0x153/0x1ad0 [ 1488.294872][T31888] __vmalloc_node_noprof+0xad/0xf0 [ 1488.294890][T31888] ? kvm_dev_ioctl+0x153/0x1ad0 [ 1488.294913][T31888] kvm_dev_ioctl+0x153/0x1ad0 [ 1488.294938][T31888] ? find_held_lock+0x2b/0x80 [ 1488.294952][T31888] ? hook_file_ioctl_common+0x145/0x410 [ 1488.294969][T31888] ? __pfx_kvm_dev_ioctl+0x10/0x10 [ 1488.294992][T31888] ? __fget_files+0x20e/0x3c0 [ 1488.295014][T31888] ? __pfx_kvm_dev_ioctl+0x10/0x10 [ 1488.295037][T31888] __x64_sys_ioctl+0x18b/0x210 [ 1488.295056][T31888] do_syscall_64+0xcd/0x490 [ 1488.295078][T31888] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1488.295094][T31888] RIP: 0033:0x7fbe1678e929 [ 1488.295106][T31888] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1488.295121][T31888] RSP: 002b:00007fbe17630038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1488.295135][T31888] RAX: ffffffffffffffda RBX: 00007fbe169b6080 RCX: 00007fbe1678e929 [ 1488.295145][T31888] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000002 [ 1488.295154][T31888] RBP: 00007fbe16810b39 R08: 0000000000000000 R09: 0000000000000000 [ 1488.295163][T31888] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1488.295172][T31888] R13: 0000000000000000 R14: 00007fbe169b6080 R15: 00007ffc2586e128 [ 1488.295190][T31888] [ 1488.295199][T31888] warn_alloc: 1 callbacks suppressed [ 1488.295207][T31888] syz.3.5161: vmalloc error: size 39576, vm_struct allocation failed, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null) [ 1488.624155][T31893] sd 0:0:1:0: PR command failed: 1026 [ 1488.652278][T31893] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1488.659201][T31893] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1488.666556][T31888] ,cpuset=/,mems_allowed=0-1 [ 1488.764826][T31888] CPU: 0 UID: 0 PID: 31888 Comm: syz.3.5161 Tainted: G U 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 1488.764866][T31888] Tainted: [U]=USER [ 1488.764875][T31888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1488.764888][T31888] Call Trace: [ 1488.764897][T31888] [ 1488.764907][T31888] dump_stack_lvl+0x16c/0x1f0 [ 1488.764946][T31888] warn_alloc+0x248/0x3a0 [ 1488.764983][T31888] ? __pfx_warn_alloc+0x10/0x10 [ 1488.765017][T31888] ? rcu_is_watching+0x12/0xc0 [ 1488.765044][T31888] ? trace_kmalloc+0x2b/0xd0 [ 1488.765066][T31888] ? __kmalloc_cache_node_noprof+0x272/0x420 [ 1488.765105][T31888] ? __kasan_kmalloc+0x8a/0xb0 [ 1488.765140][T31888] ? __get_vm_area_node+0x208/0x330 [ 1488.765177][T31888] __vmalloc_node_range_noprof+0xb2d/0x14b0 [ 1488.765232][T31888] ? kvm_dev_ioctl+0x153/0x1ad0 [ 1488.765278][T31888] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1488.765310][T31888] ? snprintf+0xc7/0x100 [ 1488.765347][T31888] ? _raw_spin_unlock+0x28/0x50 [ 1488.765380][T31888] ? kvm_dev_ioctl+0x153/0x1ad0 [ 1488.765415][T31888] __vmalloc_node_noprof+0xad/0xf0 [ 1488.765444][T31888] ? kvm_dev_ioctl+0x153/0x1ad0 [ 1488.765483][T31888] kvm_dev_ioctl+0x153/0x1ad0 [ 1488.765525][T31888] ? find_held_lock+0x2b/0x80 [ 1488.765549][T31888] ? hook_file_ioctl_common+0x145/0x410 [ 1488.765577][T31888] ? __pfx_kvm_dev_ioctl+0x10/0x10 [ 1488.765617][T31888] ? __fget_files+0x20e/0x3c0 [ 1488.765655][T31888] ? __pfx_kvm_dev_ioctl+0x10/0x10 [ 1488.765693][T31888] __x64_sys_ioctl+0x18b/0x210 [ 1488.765725][T31888] do_syscall_64+0xcd/0x490 [ 1488.765763][T31888] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1488.765788][T31888] RIP: 0033:0x7fbe1678e929 [ 1488.765809][T31888] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1488.765833][T31888] RSP: 002b:00007fbe17630038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1488.765856][T31888] RAX: ffffffffffffffda RBX: 00007fbe169b6080 RCX: 00007fbe1678e929 [ 1488.765873][T31888] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000002 [ 1488.765888][T31888] RBP: 00007fbe16810b39 R08: 0000000000000000 R09: 0000000000000000 [ 1488.765904][T31888] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1488.765920][T31888] R13: 0000000000000000 R14: 00007fbe169b6080 R15: 00007ffc2586e128 [ 1488.765952][T31888] [ 1488.765962][T31888] Mem-Info: [ 1489.034653][T31888] active_anon:6372 inactive_anon:22203 isolated_anon:0 [ 1489.034653][T31888] active_file:21912 inactive_file:37431 isolated_file:0 [ 1489.034653][T31888] unevictable:768 dirty:610 writeback:0 [ 1489.034653][T31888] slab_reclaimable:12742 slab_unreclaimable:98167 [ 1489.034653][T31888] mapped:27785 shmem:1419 pagetables:1523 [ 1489.034653][T31888] sec_pagetables:0 bounce:0 [ 1489.034653][T31888] kernel_misc_reclaimable:0 [ 1489.034653][T31888] free:1280285 free_pcp:23880 free_cma:0 [ 1489.104883][T31888] Node 0 active_anon:25488kB inactive_anon:87312kB active_file:87600kB inactive_file:149592kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:111140kB dirty:2440kB writeback:0kB shmem:4140kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12252kB pagetables:5940kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1489.149482][T31888] Node 1 active_anon:0kB inactive_anon:0kB active_file:48kB inactive_file:132kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:152kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1489.184038][T31888] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1489.220484][T31888] lowmem_reserve[]: 0 2481 2482 2482 2482 [ 1489.370872][T31888] Node 0 DMA32 free:1212496kB boost:77236kB min:111568kB low:120148kB high:128728kB reserved_highatomic:0KB free_highatomic:0KB active_anon:25440kB inactive_anon:85040kB active_file:86368kB inactive_file:149520kB unevictable:1536kB writepending:2440kB present:3129332kB managed:2540868kB mlocked:0kB bounce:0kB free_pcp:68640kB local_pcp:17632kB free_cma:0kB [ 1489.417945][T31888] lowmem_reserve[]: 0 0 1 1 1 [ 1489.441695][T31888] Node 0 Normal free:16kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:1232kB inactive_file:72kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:20kB local_pcp:8kB free_cma:0kB [ 1489.566966][T31888] lowmem_reserve[]: 0 0 0 0 0 [ 1489.577095][T31888] Node 1 Normal free:3897368kB boost:0kB min:55552kB low:69440kB high:83328kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:48kB inactive_file:132kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:26468kB local_pcp:364kB free_cma:0kB [ 1489.623108][T31888] lowmem_reserve[]: 0 0 0 0 0 [ 1489.654656][T31888] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (UM) = 15360kB [ 1489.714348][T31888] Node 0 DMA32: 10606*4kB (UME) 2032*8kB (UME) 600*16kB (UM) 830*32kB (UME) 654*64kB (UME) 660*128kB (UME) 297*256kB (UME) 197*512kB (UME) 101*1024kB (UME) 9*2048kB (UM) 169*4096kB (UM) = 1212152kB [ 1489.792089][T31888] Node 0 Normal: 0*4kB 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1489.831442][T31888] Node 1 Normal: 9*4kB (UME) 8*8kB (UME) 13*16kB (UE) 71*32kB (UME) 26*64kB (UME) 19*128kB (UME) 5*256kB (UME) 3*512kB (UME) 3*1024kB (UME) 5*2048kB (UME) 946*4096kB (UM) = 3897620kB [ 1489.939159][T31888] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1489.968755][T31888] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1489.987079][T31888] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1489.997398][T31888] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1490.007948][T31888] 62787 total pagecache pages [ 1490.019658][T31888] 0 pages in swap cache [ 1490.027639][T31888] Free swap = 124996kB [ 1490.069111][T31888] Total swap = 124996kB [ 1490.084509][T31888] 2097051 pages RAM [ 1490.088392][T31888] 0 pages HighMem/MovableOnly [ 1490.093479][T31888] 429856 pages reserved [ 1490.097659][T31888] 0 pages cma reserved [ 1490.232574][T31908] netlink: 342 bytes leftover after parsing attributes in process `syz.3.5165'. [ 1490.341257][T31910] Line length is too long: Should be less than 4094 [ 1490.404121][T31908] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1490.977982][T31937] sd 0:0:1:0: PR command failed: 1026 [ 1490.987424][T31937] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1490.994462][T31937] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1491.647215][T31945] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1492.707758][T31975] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input120 [ 1492.781093][T31977] netlink: 338 bytes leftover after parsing attributes in process `syz.1.5179'. [ 1493.471522][T31995] sd 0:0:1:0: PR command failed: 1026 [ 1493.484488][T31995] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1493.498511][T31995] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1493.661287][T32001] vivid-007: ================= START STATUS ================= [ 1493.689235][T32001] vivid-007: Generate PTS: true [ 1493.711656][T32001] vivid-007: Generate SCR: true [ 1493.735419][T32001] tpg source WxH: 320x240 (Y'CbCr) [ 1493.755673][T32001] tpg field: 1 [ 1493.781467][T32001] tpg crop: (0,0)/320x240 [ 1493.802782][T32001] tpg compose: (0,0)/320x240 [ 1493.838355][T32001] tpg colorspace: 8 [ 1493.882847][T32001] tpg transfer function: 0/0 [ 1493.895393][T32001] tpg Y'CbCr encoding: 0/0 [ 1493.910609][T32001] tpg quantization: 0/0 [ 1493.924894][T32001] tpg RGB range: 0/2 [ 1493.940517][T32001] vivid-007: ================== END STATUS ================== [ 1494.387371][T32022] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5188'. [ 1494.486557][T32005] netlink: 330 bytes leftover after parsing attributes in process `syz.3.5186'. [ 1494.516050][T32005] : renamed from hsr0 (while UP) [ 1494.551658][T32029] netlink: 338 bytes leftover after parsing attributes in process `syz.6.5191'. [ 1494.583854][T32030] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1494.699227][T32007] device-mapper: ioctl: Invalid ioctl structure: uuid , name , dev 400008000010006 [ 1495.256120][T32048] sd 0:0:1:0: PR command failed: 1026 [ 1495.266040][T32048] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1495.273606][T32048] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1497.195041][T32100] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5206'. [ 1497.605207][T32085] netlink: 330 bytes leftover after parsing attributes in process `syz.5.5203'. [ 1497.751482][T32085] device-mapper: ioctl: Invalid ioctl structure: uuid , name , dev 400008000010006 [ 1499.934464][T32149] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input121 [ 1500.003869][T32149] netlink: 338 bytes leftover after parsing attributes in process `syz.1.5219'. [ 1500.572728][T32162] sd 0:0:1:0: PR command failed: 1026 [ 1500.591919][T32162] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1500.611959][T32162] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1500.823371][T32164] Device name cannot be null; rc = [-22] [ 1501.372632][T32185] netlink: 338 bytes leftover after parsing attributes in process `syz.6.5229'. [ 1502.761691][T32208] sd 0:0:1:0: PR command failed: 1026 [ 1502.786348][T32208] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1502.793680][T32208] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1503.914093][T32228] ubi0: attaching mtd0 [ 1503.952358][T32228] ubi0: scanning is finished [ 1503.981895][T32228] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1504.293120][T32228] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1505.716893][T32279] sd 0:0:1:0: PR command failed: 1026 [ 1505.728636][T32279] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1505.793870][T32279] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1507.120694][T32321] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5248'. [ 1507.253758][T32329] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input122 [ 1507.300696][T32329] netlink: 338 bytes leftover after parsing attributes in process `syz.5.5251'. [ 1507.577660][T32342] program syz.5.5254 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1507.608594][T32339] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.6.5253: iget: checksum invalid [ 1507.720792][T32339] platform regulatory.0: loading /lib/firmware/updates/6.16.0-rc3-syzkaller-00044-g7595b66ae9de/regulatory.db failed with error -74 [ 1507.765189][T32339] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.6.5253: iget: checksum invalid [ 1507.819392][T32339] platform regulatory.0: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 1507.885412][T32339] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.6.5253: iget: checksum invalid [ 1507.940652][T32339] platform regulatory.0: loading /lib/firmware/6.16.0-rc3-syzkaller-00044-g7595b66ae9de/regulatory.db failed with error -74 [ 1508.030828][T32342] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1508.038493][T32342] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1508.054837][T32342] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1508.086073][T32339] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.6.5253: iget: checksum invalid [ 1508.105009][T32342] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1508.119219][T32342] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 1508.166402][T32339] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -74 [ 1508.170176][T32342] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 1508.177175][T32339] platform regulatory.0: Direct firmware load for regulatory.db failed with error -74 [ 1508.199471][T32339] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 1508.538295][T32359] netlink: 338 bytes leftover after parsing attributes in process `syz.1.5258'. [ 1508.594064][T32356] block nbd8: NBD_DISCONNECT [ 1508.806751][T32371] FAULT_INJECTION: forcing a failure. [ 1508.806751][T32371] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1508.828675][T32371] CPU: 1 UID: 0 PID: 32371 Comm: syz.5.5259 Tainted: G U 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 1508.828703][T32371] Tainted: [U]=USER [ 1508.828708][T32371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1508.828717][T32371] Call Trace: [ 1508.828723][T32371] [ 1508.828729][T32371] dump_stack_lvl+0x16c/0x1f0 [ 1508.828755][T32371] should_fail_ex+0x512/0x640 [ 1508.828780][T32371] _copy_from_user+0x2e/0xd0 [ 1508.828803][T32371] kstrtouint_from_user+0xd6/0x1d0 [ 1508.828821][T32371] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 1508.828838][T32371] ? __lock_acquire+0xb8a/0x1c90 [ 1508.828860][T32371] ? iovec_from_user+0xbb/0x140 [ 1508.828888][T32371] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 1508.828905][T32371] proc_fail_nth_write+0x83/0x250 [ 1508.828922][T32371] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 1508.828945][T32371] vfs_writev+0x5dc/0xde0 [ 1508.828964][T32371] ? __pfx___mutex_trylock_common+0x10/0x10 [ 1508.828990][T32371] ? __pfx_vfs_writev+0x10/0x10 [ 1508.829016][T32371] ? __mutex_lock+0x1ca/0xb90 [ 1508.829054][T32371] ? kmem_cache_free+0x2d1/0x4d0 [ 1508.829090][T32371] ? __pfx___mutex_lock+0x10/0x10 [ 1508.829133][T32371] ? __fget_files+0x20e/0x3c0 [ 1508.829170][T32371] ? do_writev+0x132/0x340 [ 1508.829188][T32371] do_writev+0x132/0x340 [ 1508.829208][T32371] ? __pfx_do_writev+0x10/0x10 [ 1508.829233][T32371] do_syscall_64+0xcd/0x490 [ 1508.829257][T32371] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1508.829273][T32371] RIP: 0033:0x7fee1498e929 [ 1508.829286][T32371] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1508.829300][T32371] RSP: 002b:00007fee127f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1508.829314][T32371] RAX: ffffffffffffffda RBX: 00007fee14bb6080 RCX: 00007fee1498e929 [ 1508.829324][T32371] RDX: 0000000000000003 RSI: 0000200000000200 RDI: 0000000000000005 [ 1508.829333][T32371] RBP: 00007fee14a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 1508.829342][T32371] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1508.829351][T32371] R13: 0000000000000000 R14: 00007fee14bb6080 R15: 00007ffd316f2748 [ 1508.829369][T32371] [ 1510.082123][T15612] Bluetooth: hci2: command 0x0c1a tx timeout [ 1510.088778][T30539] Bluetooth: hci1: command 0x0c1a tx timeout [ 1510.095194][T15634] Bluetooth: hci4: command 0x0419 tx timeout [ 1510.149827][T15612] Bluetooth: hci3: command 0x0c1a tx timeout [ 1511.010447][T32412] ovs_: entered promiscuous mode [ 1511.674173][T32434] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input123 [ 1511.707405][T32434] netlink: 338 bytes leftover after parsing attributes in process `syz.5.5271'. [ 1511.887677][T32442] bond0: option all_slaves_active: invalid value () [ 1512.230265][T15612] Bluetooth: hci3: command 0x0c1a tx timeout [ 1513.098348][T32470] zswap: compressor not available [ 1514.310191][T15612] Bluetooth: hci3: command 0x0c1a tx timeout [ 1514.445339][T32505] HfR: entered promiscuous mode [ 1517.260892][T32581] kexec: Could not allocate control_code_buffer [ 1518.229342][T32612] kafs: addr_prefs: Invalid Command [ 1518.565454][T32617] netlink: 28 bytes leftover after parsing attributes in process `syz.6.5305'. [ 1518.911221][T32632] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5309'. [ 1518.934735][T32632] ipvlan1: entered allmulticast mode [ 1518.954113][T32632] veth0_vlan: entered allmulticast mode [ 1521.269843][T32673] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input124 [ 1521.421399][T32681] sysfs_service_op_show: Client not running :-5: [ 1523.411728][T32723] sd 0:0:1:0: PR command failed: 1026 [ 1523.441971][T32723] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1523.448749][T32723] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1524.292366][T32743] FAULT_INJECTION: forcing a failure. [ 1524.292366][T32743] name failslab, interval 1, probability 0, space 0, times 0 [ 1524.367083][T32743] CPU: 0 UID: 0 PID: 32743 Comm: syz.5.5331 Tainted: G U 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 1524.367125][T32743] Tainted: [U]=USER [ 1524.367133][T32743] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1524.367147][T32743] Call Trace: [ 1524.367156][T32743] [ 1524.367166][T32743] dump_stack_lvl+0x16c/0x1f0 [ 1524.367205][T32743] should_fail_ex+0x512/0x640 [ 1524.367238][T32743] ? fs_reclaim_acquire+0xae/0x150 [ 1524.367269][T32743] should_failslab+0xc2/0x120 [ 1524.367293][T32743] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1524.367327][T32743] ? security_inode_alloc+0x3b/0x2b0 [ 1524.367360][T32743] security_inode_alloc+0x3b/0x2b0 [ 1524.367387][T32743] inode_init_always_gfp+0xce4/0x1030 [ 1524.367425][T32743] alloc_inode+0x86/0x240 [ 1524.367450][T32743] sock_alloc+0x40/0x280 [ 1524.367475][T32743] __sock_create+0xc1/0x8d0 [ 1524.367510][T32743] __sys_socket+0x14d/0x260 [ 1524.367538][T32743] ? __pfx___sys_socket+0x10/0x10 [ 1524.367569][T32743] ? do_user_addr_fault+0x843/0x1370 [ 1524.367603][T32743] __x64_sys_socket+0x72/0xb0 [ 1524.367630][T32743] ? lockdep_hardirqs_on+0x7c/0x110 [ 1524.367663][T32743] do_syscall_64+0xcd/0x490 [ 1524.367700][T32743] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1524.367725][T32743] RIP: 0033:0x7fee14990847 [ 1524.367745][T32743] Code: f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1524.367769][T32743] RSP: 002b:00007fee127f4fa8 EFLAGS: 00000286 ORIG_RAX: 0000000000000029 [ 1524.367793][T32743] RAX: ffffffffffffffda RBX: 00007fee14bb6080 RCX: 00007fee14990847 [ 1524.367809][T32743] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 1524.367824][T32743] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000 [ 1524.367846][T32743] R10: 0000200000000280 R11: 0000000000000286 R12: 0000000000000000 [ 1524.367861][T32743] R13: 0000000000000000 R14: 00007fee14bb6080 R15: 00007ffd316f2748 [ 1524.367895][T32743] [ 1524.367928][T32743] socket: no more sockets [ 1524.609615][T32750] FAULT_INJECTION: forcing a failure. [ 1524.609615][T32750] name failslab, interval 1, probability 0, space 0, times 0 [ 1524.666600][T32750] CPU: 0 UID: 0 PID: 32750 Comm: syz.3.5332 Tainted: G U 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 1524.666645][T32750] Tainted: [U]=USER [ 1524.666654][T32750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1524.666668][T32750] Call Trace: [ 1524.666677][T32750] [ 1524.666687][T32750] dump_stack_lvl+0x16c/0x1f0 [ 1524.666728][T32750] should_fail_ex+0x512/0x640 [ 1524.666760][T32750] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1524.666798][T32750] should_failslab+0xc2/0x120 [ 1524.666823][T32750] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1524.666864][T32750] ? page_table_check_set+0x631/0x750 [ 1524.666899][T32750] ? alloc_empty_file+0x55/0x1e0 [ 1524.666929][T32750] alloc_empty_file+0x55/0x1e0 [ 1524.666956][T32750] path_openat+0xda/0x2cb0 [ 1524.666987][T32750] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1524.667024][T32750] ? __pfx_path_openat+0x10/0x10 [ 1524.667061][T32750] ? __lock_acquire+0xb8a/0x1c90 [ 1524.667096][T32750] do_filp_open+0x20b/0x470 [ 1524.667130][T32750] ? __pfx_do_filp_open+0x10/0x10 [ 1524.667188][T32750] ? alloc_fd+0x471/0x7d0 [ 1524.667230][T32750] do_sys_openat2+0x11b/0x1d0 [ 1524.667257][T32750] ? __pfx_do_sys_openat2+0x10/0x10 [ 1524.667282][T32750] ? find_held_lock+0x2b/0x80 [ 1524.667307][T32750] ? handle_mm_fault+0x2ab/0xd10 [ 1524.667345][T32750] __x64_sys_openat+0x174/0x210 [ 1524.667373][T32750] ? __pfx___x64_sys_openat+0x10/0x10 [ 1524.667404][T32750] ? do_user_addr_fault+0x843/0x1370 [ 1524.667445][T32750] do_syscall_64+0xcd/0x490 [ 1524.667483][T32750] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1524.667509][T32750] RIP: 0033:0x7fbe1678e929 [ 1524.667529][T32750] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1524.667553][T32750] RSP: 002b:00007fbe1760f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1524.667577][T32750] RAX: ffffffffffffffda RBX: 00007fbe169b6160 RCX: 00007fbe1678e929 [ 1524.667594][T32750] RDX: 0000000000141002 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 1524.667610][T32750] RBP: 00007fbe16810b39 R08: 0000000000000000 R09: 0000000000000000 [ 1524.667625][T32750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1524.667641][T32750] R13: 0000000000000000 R14: 00007fbe169b6160 R15: 00007ffc2586e128 [ 1524.667674][T32750] [ 1524.667891][T32748] FAULT_INJECTION: forcing a failure. [ 1524.667891][T32748] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1524.930957][T32748] CPU: 1 UID: 0 PID: 32748 Comm: syz.3.5332 Tainted: G U 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 1524.931001][T32748] Tainted: [U]=USER [ 1524.931010][T32748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1524.931024][T32748] Call Trace: [ 1524.931033][T32748] [ 1524.931043][T32748] dump_stack_lvl+0x16c/0x1f0 [ 1524.931087][T32748] should_fail_ex+0x512/0x640 [ 1524.931125][T32748] get_futex_key+0x1d0/0x1540 [ 1524.931158][T32748] ? __pfx_get_futex_key+0x10/0x10 [ 1524.931187][T32748] ? get_pid_task+0xfc/0x250 [ 1524.931226][T32748] futex_wake+0xea/0x530 [ 1524.931255][T32748] ? proc_fail_nth_write+0x9f/0x250 [ 1524.931289][T32748] ? __pfx_futex_wake+0x10/0x10 [ 1524.931327][T32748] ? ksys_write+0x190/0x250 [ 1524.931365][T32748] do_futex+0x1e3/0x350 [ 1524.931394][T32748] ? __pfx_do_futex+0x10/0x10 [ 1524.931430][T32748] __x64_sys_futex+0x1e0/0x4c0 [ 1524.931461][T32748] ? fput+0x70/0xf0 [ 1524.931483][T32748] ? __pfx___x64_sys_futex+0x10/0x10 [ 1524.931509][T32748] ? ksys_write+0x1ac/0x250 [ 1524.931538][T32748] ? __pfx_ksys_write+0x10/0x10 [ 1524.931584][T32748] do_syscall_64+0xcd/0x490 [ 1524.931620][T32748] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1524.931644][T32748] RIP: 0033:0x7fbe1678e929 [ 1524.931664][T32748] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1524.931688][T32748] RSP: 002b:00007fbe176510e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1524.931712][T32748] RAX: ffffffffffffffda RBX: 00007fbe169b5fa8 RCX: 00007fbe1678e929 [ 1524.931729][T32748] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fbe169b5fac [ 1524.931745][T32748] RBP: 00007fbe169b5fa0 R08: 00007fbe17652000 R09: 0000000000000000 [ 1524.931761][T32748] R10: 0000000000000081 R11: 0000000000000246 R12: 00007fbe169b5fac [ 1524.931777][T32748] R13: 0000000000000000 R14: 00007ffc2586e040 R15: 00007ffc2586e128 [ 1524.931810][T32748] [ 1527.419921][ T30] audit: type=1800 audit(4294972965.825:29): pid=318 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.5337" name="trace_pipe" dev="tracefs" ino=1290 res=0 errno=0 [ 1527.665161][ T332] sd 0:0:1:0: PR command failed: 1026 [ 1527.681712][ T332] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1527.749134][ T332] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1527.788741][ T335] netlink: 'syz.6.5349': attribute type 1 has an invalid length. [ 1527.885116][ T337] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input125 [ 1527.980497][ T339] netlink: 338 bytes leftover after parsing attributes in process `syz.3.5340'. [ 1529.359271][ T366] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5350'. [ 1529.668058][ T366] zswap: compressor not available [ 1529.882290][ T375] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5351'. [ 1530.125707][ T383] sd 0:0:1:0: PR command failed: 1026 [ 1530.149199][ T383] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1530.166648][ T383] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1530.878446][ T408] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input126 [ 1532.880524][ T447] sd 0:0:1:0: PR command failed: 1026 [ 1532.906084][ T447] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1532.913171][ T447] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1533.290434][ T463] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input127 [ 1534.929179][ T492] netlink: 28 bytes leftover after parsing attributes in process `syz.6.5373'. [ 1535.106281][ T492] : (slave bond_slave_1): Releasing backup interface [ 1535.162201][ T500] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1535.691473][ T517] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5381'. [ 1535.853704][T15612] Bluetooth: hci4: unexpected event for opcode 0x7c89 [ 1536.890920][ T543] Invalid ELF header magic: != ELF [ 1536.900999][ T541] Invalid ELF header magic: != ELF [ 1537.178397][ T548] ptrace attach of "./syz-executor exec"[24896] was attempted by ""[548] [ 1539.018753][ T591] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1539.057063][ T589] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1540.950806][ T639] FAULT_INJECTION: forcing a failure. [ 1540.950806][ T639] name failslab, interval 1, probability 0, space 0, times 0 [ 1541.006332][ T639] CPU: 1 UID: 0 PID: 639 Comm: syz.5.5407 Tainted: G U 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 1541.006385][ T639] Tainted: [U]=USER [ 1541.006394][ T639] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1541.006410][ T639] Call Trace: [ 1541.006419][ T639] [ 1541.006431][ T639] dump_stack_lvl+0x16c/0x1f0 [ 1541.006474][ T639] should_fail_ex+0x512/0x640 [ 1541.006511][ T639] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1541.006552][ T639] should_failslab+0xc2/0x120 [ 1541.006578][ T639] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1541.006614][ T639] ? lockdep_init_map_type+0x5c/0x280 [ 1541.006646][ T639] ? seq_open+0x55/0x170 [ 1541.006677][ T639] seq_open+0x55/0x170 [ 1541.006705][ T639] kernfs_fop_open+0x59f/0xda0 [ 1541.006734][ T639] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 1541.006774][ T639] do_dentry_open+0x744/0x1c10 [ 1541.006810][ T639] ? __pfx_kernfs_fop_open+0x10/0x10 [ 1541.006845][ T639] vfs_open+0x82/0x3f0 [ 1541.006877][ T639] path_openat+0x1de4/0x2cb0 [ 1541.006924][ T639] ? __pfx_path_openat+0x10/0x10 [ 1541.006961][ T639] ? __lock_acquire+0xb8a/0x1c90 [ 1541.006997][ T639] do_filp_open+0x20b/0x470 [ 1541.007032][ T639] ? __pfx_do_filp_open+0x10/0x10 [ 1541.007095][ T639] ? alloc_fd+0x471/0x7d0 [ 1541.007138][ T639] do_sys_openat2+0x11b/0x1d0 [ 1541.007166][ T639] ? __pfx_do_sys_openat2+0x10/0x10 [ 1541.007210][ T639] __x64_sys_openat+0x174/0x210 [ 1541.007239][ T639] ? __pfx___x64_sys_openat+0x10/0x10 [ 1541.007283][ T639] do_syscall_64+0xcd/0x490 [ 1541.007322][ T639] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1541.007348][ T639] RIP: 0033:0x7fee1498e929 [ 1541.007378][ T639] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1541.007405][ T639] RSP: 002b:00007fee1571b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1541.007431][ T639] RAX: ffffffffffffffda RBX: 00007fee14bb5fa0 RCX: 00007fee1498e929 [ 1541.007450][ T639] RDX: 0000000000040280 RSI: 0000200000001100 RDI: ffffffffffffff9c [ 1541.007467][ T639] RBP: 00007fee14a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 1541.007484][ T639] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1541.007500][ T639] R13: 0000000000000000 R14: 00007fee14bb5fa0 R15: 00007ffd316f2748 [ 1541.007536][ T639] [ 1542.574884][ T664] svc: failed to register nfsdv3 RPC service (errno 512). [ 1542.604801][ T664] svc: failed to register nfsaclv3 RPC service (errno 111). [ 1542.664531][ T675] Line length is too long: Should be less than 4094 [ 1542.684747][ T662] random: crng reseeded on system resumption [ 1543.025468][ T685] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input128 [ 1543.749951][ T694] program syz.3.5421 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1544.074409][ T710] Line length is too long: Should be less than 4094 [ 1544.280466][ T713] ptrace attach of "./syz-executor exec"[27379] was attempted by ""[713] [ 1544.336298][ T705] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1544.354082][ T705] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1544.375369][ T705] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1544.382450][ T705] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1544.672370][ T723] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input129 [ 1545.533415][ T751] sd 0:0:1:0: PR command failed: 1026 [ 1545.612943][ T751] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1545.754852][ T751] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1545.933324][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1545.939777][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1545.989568][T15612] Bluetooth: hci4: command 0x0419 tx timeout [ 1546.391654][T15612] Bluetooth: hci3: command 0x0c1a tx timeout [ 1546.397729][T30539] Bluetooth: hci2: command 0x0c1a tx timeout [ 1546.404972][T15634] Bluetooth: hci1: command 0x0c1a tx timeout [ 1546.440786][ T768] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input130 [ 1547.041729][ T791] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5442'. [ 1547.440940][ T799] Line length is too long: Should be less than 4094 [ 1548.775330][ T828] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5453'. [ 1548.938141][ T30] audit: type=1804 audit(4294973047.350:30): pid=833 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.5454" name="/newroot/sys/kernel/tracing/dynamic_events" dev="tracefs" ino=1062 res=1 errno=0 [ 1548.972731][ T833] Line length is too long: Should be less than 4094 [ 1549.361781][ T844] random: crng reseeded on system resumption [ 1550.437545][ T866] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input131 [ 1550.946669][ T30] audit: type=1804 audit(4294973049.360:31): pid=889 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.5465" name="/newroot/131/file0" dev="tmpfs" ino=700 res=1 errno=0 [ 1550.976837][ T30] audit: type=1800 audit(4294973049.360:32): pid=889 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.5465" name="file0" dev="tmpfs" ino=700 res=0 errno=0 [ 1551.526306][ T900] sd 0:0:1:0: PR command failed: 1026 [ 1551.540499][ T900] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1551.591674][ T900] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1552.735007][ T946] Line length is too long: Should be less than 4094 [ 1554.472993][ T982] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input132 [ 1554.570604][ T985] Line length is too long: Should be less than 4094 [ 1554.724724][ T990] vhci_hcd: invalid port number 16 [ 1554.750601][ T990] vhci_hcd: invalid port number 16 [ 1554.844925][ T994] vhci_hcd: invalid port number 16 [ 1554.874284][ T994] vhci_hcd: invalid port number 16 [ 1556.218806][ T1020] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input133 [ 1556.304793][T15634] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1556.314673][T15634] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1556.323786][T15634] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1556.332797][T15634] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1556.341141][T15634] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1557.435666][ T1023] chnl_net:caif_netlink_parms(): no params data found [ 1557.911774][ T1023] bridge0: port 1(bridge_slave_0) entered blocking state [ 1557.920579][ T1023] bridge0: port 1(bridge_slave_0) entered disabled state [ 1557.929889][ T1023] bridge_slave_0: entered allmulticast mode [ 1557.954276][ T1023] bridge_slave_0: entered promiscuous mode [ 1558.017554][ T1023] bridge0: port 2(bridge_slave_1) entered blocking state [ 1558.059257][ T1023] bridge0: port 2(bridge_slave_1) entered disabled state [ 1558.107688][ T1023] bridge_slave_1: entered allmulticast mode [ 1558.124555][ T1023] bridge_slave_1: entered promiscuous mode [ 1558.305529][ T1023] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1558.323257][ T1090] sd 0:0:1:0: PR command failed: 1026 [ 1558.328785][ T1090] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1558.339201][ T1090] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1558.383177][ T1023] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1558.479345][T15634] Bluetooth: hci1: command tx timeout [ 1558.586853][ T1023] team0: Port device team_slave_0 added [ 1558.600104][ T1023] team0: Port device team_slave_1 added [ 1558.742954][ T1023] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1558.761498][ T1023] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1558.912598][ T1023] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1558.962326][ T1023] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1558.975016][ T1023] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1559.062549][ T1023] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1559.539216][ T1023] hsr_slave_0: entered promiscuous mode [ 1559.545970][ T1023] hsr_slave_1: entered promiscuous mode [ 1559.570434][ T1023] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1559.578279][ T1023] Cannot create hsr debugfs directory [ 1560.326014][ T1023] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 1560.346492][ T1023] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 1560.365591][ T1023] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 1560.383221][ T1023] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 1560.549322][T15634] Bluetooth: hci1: command tx timeout [ 1560.878441][ T1023] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1560.958097][ T1023] 8021q: adding VLAN 0 to HW filter on device team0 [ 1560.975640][T25072] bridge0: port 1(bridge_slave_0) entered blocking state [ 1560.982773][T25072] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1561.020697][T25072] bridge0: port 2(bridge_slave_1) entered blocking state [ 1561.027827][T25072] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1561.630364][ T1023] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1562.574927][ T1023] veth0_vlan: entered promiscuous mode [ 1562.621659][ T1023] veth1_vlan: entered promiscuous mode [ 1562.629395][T15634] Bluetooth: hci1: command tx timeout [ 1562.913837][ T1023] veth0_macvtap: entered promiscuous mode [ 1563.022143][ T1023] veth1_macvtap: entered promiscuous mode [ 1563.181644][ T1168] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input135 [ 1563.202638][ T1023] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1563.317814][ T1023] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1563.333113][ T1023] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1563.342407][ T1023] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1563.351553][ T1023] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1563.360750][ T1023] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1563.879553][T25072] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1563.887433][T25072] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1563.996175][T25065] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1564.036002][T25065] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1564.739248][T15634] Bluetooth: hci1: command tx timeout [ 1564.930911][ T1200] netlink: 28 bytes leftover after parsing attributes in process `syz.6.5524'. [ 1566.478734][ T1245] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(5) [ 1567.511768][ T1259] sd 0:0:1:0: PR command failed: 1026 [ 1567.517207][ T1259] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1567.626878][ T1259] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1568.428179][ T1270] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input137 [ 1568.635788][ T1274] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5540'. [ 1568.922912][T32253] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1569.180997][ T1279] netlink: 146 bytes leftover after parsing attributes in process `syz.7.5541'. [ 1569.388478][T32253] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1569.631142][T32253] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1569.793442][T32253] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1569.912806][ T1294] ptrace attach of "./syz-executor exec"[1300] was attempted by "./syz-executor exec"[1294] [ 1569.912806][ T1298] ptrace attach of "./syz-executor exec"[1300] was attempted by "./syz-executor exec"[1298] [ 1569.987960][ T1298] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1569.998200][ T1303] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1570.019814][ T1293] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5542'. [ 1571.721453][ T1329] random: crng reseeded on system resumption [ 1572.112275][T32253] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1572.136522][T32253] bond0 (unregistering): Released all slaves [ 1572.366528][T32253] HfR: left promiscuous mode [ 1573.164824][T32253] hsr_slave_0: left promiscuous mode [ 1573.196625][T32253] hsr_slave_1: left promiscuous mode [ 1573.202916][T32253] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1573.221528][T32253] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1573.244724][T32253] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1573.252634][T32253] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1573.287341][T32253] veth1_macvtap: left promiscuous mode [ 1573.293432][T32253] veth0_macvtap: left promiscuous mode [ 1573.300617][T32253] veth1_vlan: left promiscuous mode [ 1573.305987][T32253] veth0_vlan: left promiscuous mode [ 1574.307654][T32253] team0 (unregistering): Port device team_slave_1 removed [ 1574.377565][T32253] team0 (unregistering): Port device team_slave_0 removed [ 1577.372778][ T1410] device-mapper: ioctl: dm_ctl_ioctl: unknown command 0xeffffd32 [ 1577.791794][T15634] Bluetooth: hci1: ACL packet for unknown connection handle 0 [ 1578.371345][ T1410] FAULT_INJECTION: forcing a failure. [ 1578.371345][ T1410] name failslab, interval 1, probability 0, space 0, times 0 [ 1578.386458][ T1410] CPU: 0 UID: 0 PID: 1410 Comm: syz.1.5563 Tainted: G U 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 1578.386485][ T1410] Tainted: [U]=USER [ 1578.386491][ T1410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1578.386500][ T1410] Call Trace: [ 1578.386506][ T1410] [ 1578.386513][ T1410] dump_stack_lvl+0x16c/0x1f0 [ 1578.386540][ T1410] should_fail_ex+0x512/0x640 [ 1578.386562][ T1410] ? __kmalloc_noprof+0xbf/0x510 [ 1578.386585][ T1410] ? sk_prot_alloc+0x1a8/0x2a0 [ 1578.386600][ T1410] should_failslab+0xc2/0x120 [ 1578.386617][ T1410] __kmalloc_noprof+0xd2/0x510 [ 1578.386638][ T1410] ? trace_cap_capable+0x18d/0x200 [ 1578.386656][ T1410] sk_prot_alloc+0x1a8/0x2a0 [ 1578.386673][ T1410] sk_alloc+0x36/0xc20 [ 1578.386693][ T1410] caif_create+0x10b/0x430 [ 1578.386715][ T1410] __sock_create+0x338/0x8d0 [ 1578.386735][ T1410] __sys_socket+0x14d/0x260 [ 1578.386752][ T1410] ? __pfx___sys_socket+0x10/0x10 [ 1578.386771][ T1410] ? syscall_user_dispatch+0x78/0x140 [ 1578.386797][ T1410] __x64_sys_socket+0x72/0xb0 [ 1578.386815][ T1410] do_syscall_64+0xcd/0x490 [ 1578.386838][ T1410] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1578.386853][ T1410] RIP: 0033:0x7f3c15b8e929 [ 1578.386872][ T1410] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1578.386888][ T1410] RSP: 002b:00007f3c16a67038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 1578.386903][ T1410] RAX: ffffffffffffffda RBX: 00007f3c15db5fa0 RCX: 00007f3c15b8e929 [ 1578.386914][ T1410] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000025 [ 1578.386923][ T1410] RBP: 00007f3c15c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 1578.386931][ T1410] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1578.386940][ T1410] R13: 0000000000000000 R14: 00007f3c15db5fa0 R15: 00007ffd6242c968 [ 1578.386959][ T1410] [ 1580.729931][ T1486] random: crng reseeded on system resumption [ 1582.686709][ T1525] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1583.145784][ T1512] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 1583.920455][ T1545] sd 0:0:1:0: PR command failed: 1026 [ 1583.984305][ T1545] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1584.019385][ T1545] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1585.466972][ T1587] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input138 [ 1585.765458][T25066] [drm:drm_crtc_add_crc_entry] *ERROR* Overflow of CRC buffer, userspace reads too slow. [ 1585.849577][ T30] audit: type=1800 audit(4294973189.245:33): pid=1594 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.7.5597" name="version" dev="configfs" ino=218426 res=0 errno=0 [ 1585.869858][ C1] vkms_vblank_simulate: vblank timer overrun [ 1587.308975][ T1634] netlink: 'syz.3.5606': attribute type 4 has an invalid length. [ 1587.349539][ T1634] netlink: 314 bytes leftover after parsing attributes in process `syz.3.5606'. [ 1587.383790][ T1637] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5605'. [ 1588.006099][ T1649] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input139 [ 1591.380897][ T1714] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5617'. [ 1591.701750][ T1723] sd 0:0:1:0: PR command failed: 1026 [ 1591.707263][ T1723] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1591.749394][ T1723] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1591.996248][ T1735] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5621'. [ 1592.537283][ T1732] FAULT_INJECTION: forcing a failure. [ 1592.537283][ T1732] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1592.586045][ T1737] FAULT_INJECTION: forcing a failure. [ 1592.586045][ T1737] name failslab, interval 1, probability 0, space 0, times 0 [ 1592.637423][ T1732] CPU: 1 UID: 0 PID: 1732 Comm: syz.3.5620 Tainted: G U 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 1592.637467][ T1732] Tainted: [U]=USER [ 1592.637476][ T1732] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1592.637490][ T1732] Call Trace: [ 1592.637499][ T1732] [ 1592.637510][ T1732] dump_stack_lvl+0x16c/0x1f0 [ 1592.637564][ T1732] should_fail_ex+0x512/0x640 [ 1592.637603][ T1732] get_futex_key+0x1d0/0x1540 [ 1592.637633][ T1732] ? find_held_lock+0x2b/0x80 [ 1592.637657][ T1732] ? __pfx_get_futex_key+0x10/0x10 [ 1592.637686][ T1732] ? __mutex_trylock_common+0xe9/0x250 [ 1592.637725][ T1732] futex_wake+0xea/0x530 [ 1592.637760][ T1732] ? __pfx_futex_wake+0x10/0x10 [ 1592.637790][ T1732] ? __lock_acquire+0xb8a/0x1c90 [ 1592.637836][ T1732] do_futex+0x1e3/0x350 [ 1592.637864][ T1732] ? __pfx_do_futex+0x10/0x10 [ 1592.637889][ T1732] ? __might_fault+0xe3/0x190 [ 1592.637932][ T1732] mm_release+0x24e/0x300 [ 1592.637959][ T1732] do_exit+0x68b/0x2bd0 [ 1592.637997][ T1732] ? __pfx_do_exit+0x10/0x10 [ 1592.638026][ T1732] ? do_raw_spin_lock+0x12c/0x2b0 [ 1592.638058][ T1732] ? find_held_lock+0x2b/0x80 [ 1592.638087][ T1732] do_group_exit+0xd3/0x2a0 [ 1592.638121][ T1732] get_signal+0x2673/0x26d0 [ 1592.638156][ T1732] ? up_write+0x1b2/0x520 [ 1592.638189][ T1732] ? __pfx_get_signal+0x10/0x10 [ 1592.638214][ T1732] ? do_futex+0x122/0x350 [ 1592.638242][ T1732] ? __pfx_do_futex+0x10/0x10 [ 1592.638274][ T1732] arch_do_signal_or_restart+0x8f/0x790 [ 1592.638303][ T1732] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1592.638340][ T1732] ? xfd_validate_state+0x61/0x180 [ 1592.638379][ T1732] exit_to_user_mode_loop+0x84/0x110 [ 1592.638415][ T1732] do_syscall_64+0x3f6/0x490 [ 1592.638453][ T1732] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1592.638478][ T1732] RIP: 0033:0x7fbe1678e929 [ 1592.638498][ T1732] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1592.638538][ T1732] RSP: 002b:00007fbe1760f0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1592.638567][ T1732] RAX: fffffffffffffe00 RBX: 00007fbe169b6168 RCX: 00007fbe1678e929 [ 1592.638584][ T1732] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fbe169b6168 [ 1592.638599][ T1732] RBP: 00007fbe169b6160 R08: 0000000000000000 R09: 0000000000000000 [ 1592.638614][ T1732] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbe169b616c [ 1592.638630][ T1732] R13: 0000000000000000 R14: 00007ffc2586e040 R15: 00007ffc2586e128 [ 1592.638663][ T1732] [ 1592.886709][ C1] vkms_vblank_simulate: vblank timer overrun [ 1592.919069][ T1737] CPU: 0 UID: 0 PID: 1737 Comm: syz.1.5621 Tainted: G U 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 1592.919113][ T1737] Tainted: [U]=USER [ 1592.919122][ T1737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1592.919137][ T1737] Call Trace: [ 1592.919145][ T1737] [ 1592.919155][ T1737] dump_stack_lvl+0x16c/0x1f0 [ 1592.919195][ T1737] should_fail_ex+0x512/0x640 [ 1592.919229][ T1737] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1592.919267][ T1737] should_failslab+0xc2/0x120 [ 1592.919292][ T1737] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1592.919324][ T1737] ? __pfx_acct_collect+0x10/0x10 [ 1592.919358][ T1737] ? taskstats_exit+0x654/0xbe0 [ 1592.919397][ T1737] taskstats_exit+0x654/0xbe0 [ 1592.919432][ T1737] ? __pfx_taskstats_exit+0x10/0x10 [ 1592.919474][ T1737] do_exit+0x5d9/0x2bd0 [ 1592.919512][ T1737] ? __pfx_do_exit+0x10/0x10 [ 1592.919542][ T1737] ? do_raw_spin_lock+0x12c/0x2b0 [ 1592.919576][ T1737] ? find_held_lock+0x2b/0x80 [ 1592.919605][ T1737] do_group_exit+0xd3/0x2a0 [ 1592.919638][ T1737] get_signal+0x2673/0x26d0 [ 1592.919677][ T1737] ? __pfx_get_signal+0x10/0x10 [ 1592.919703][ T1737] ? do_futex+0x122/0x350 [ 1592.919733][ T1737] ? __pfx_do_futex+0x10/0x10 [ 1592.919766][ T1737] arch_do_signal_or_restart+0x8f/0x790 [ 1592.919797][ T1737] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1592.919834][ T1737] ? xfd_validate_state+0x61/0x180 [ 1592.919879][ T1737] exit_to_user_mode_loop+0x84/0x110 [ 1592.919917][ T1737] do_syscall_64+0x3f6/0x490 [ 1592.919955][ T1737] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1592.919981][ T1737] RIP: 0033:0x7f3c15b8e929 [ 1592.920002][ T1737] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1592.920027][ T1737] RSP: 002b:00007f3c16a460e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1592.920051][ T1737] RAX: fffffffffffffe00 RBX: 00007f3c15db6088 RCX: 00007f3c15b8e929 [ 1592.920068][ T1737] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f3c15db6088 [ 1592.920084][ T1737] RBP: 00007f3c15db6080 R08: 0000000000000000 R09: 0000000000000000 [ 1592.920099][ T1737] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c15db608c [ 1592.920114][ T1737] R13: 0000000000000000 R14: 00007ffd6242c880 R15: 00007ffd6242c968 [ 1592.920148][ T1737] [ 1594.630963][ T1785] FAULT_INJECTION: forcing a failure. [ 1594.630963][ T1785] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1594.644479][ T1785] CPU: 0 UID: 0 PID: 1785 Comm: syz.7.5630 Tainted: G U 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 1594.644505][ T1785] Tainted: [U]=USER [ 1594.644511][ T1785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1594.644520][ T1785] Call Trace: [ 1594.644526][ T1785] [ 1594.644532][ T1785] dump_stack_lvl+0x16c/0x1f0 [ 1594.644560][ T1785] should_fail_ex+0x512/0x640 [ 1594.644585][ T1785] _copy_from_user+0x2e/0xd0 [ 1594.644608][ T1785] snd_rawmidi_kernel_write1+0x50a/0x8a0 [ 1594.644634][ T1785] snd_rawmidi_write+0x26e/0xc10 [ 1594.644666][ T1785] ? __pfx_snd_rawmidi_write+0x10/0x10 [ 1594.644685][ T1785] ? __pfx_default_wake_function+0x10/0x10 [ 1594.644703][ T1785] ? bpf_lsm_file_permission+0x9/0x10 [ 1594.644719][ T1785] ? security_file_permission+0x71/0x210 [ 1594.644738][ T1785] ? rw_verify_area+0xcf/0x680 [ 1594.644757][ T1785] ? __pfx_snd_rawmidi_write+0x10/0x10 [ 1594.644774][ T1785] vfs_write+0x29d/0x1150 [ 1594.644797][ T1785] ? __pfx_vfs_write+0x10/0x10 [ 1594.644816][ T1785] ? find_held_lock+0x2b/0x80 [ 1594.644830][ T1785] ? __fget_files+0x204/0x3c0 [ 1594.644852][ T1785] ? __fget_files+0x20e/0x3c0 [ 1594.644876][ T1785] ksys_write+0x1f8/0x250 [ 1594.644895][ T1785] ? __pfx_ksys_write+0x10/0x10 [ 1594.644920][ T1785] do_syscall_64+0xcd/0x490 [ 1594.644944][ T1785] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1594.644959][ T1785] RIP: 0033:0x7f475c38e929 [ 1594.644972][ T1785] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1594.644986][ T1785] RSP: 002b:00007f475d283038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1594.645000][ T1785] RAX: ffffffffffffffda RBX: 00007f475c5b6080 RCX: 00007f475c38e929 [ 1594.645010][ T1785] RDX: 000000100000a3d9 RSI: 00002000000005c0 RDI: 0000000000000007 [ 1594.645019][ T1785] RBP: 00007f475c410b39 R08: 0000000000000000 R09: 0000000000000000 [ 1594.645027][ T1785] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1594.645036][ T1785] R13: 0000000000000000 R14: 00007f475c5b6080 R15: 00007fff2b7b9318 [ 1594.645054][ T1785] [ 1595.988417][ T1809] netlink: 48 bytes leftover after parsing attributes in process `syz.6.5637'. [ 1595.998938][ T1808] netlink: 48 bytes leftover after parsing attributes in process `syz.6.5637'. [ 1596.997517][ T1835] netlink: 'syz.3.5640': attribute type 2 has an invalid length. [ 1597.068233][ T1835] openvswitch: netlink: Flow key attribute not present in set flow. [ 1597.511556][ T1844] netlink: 342 bytes leftover after parsing attributes in process `syz.6.5641'. [ 1597.555925][ T1847] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input140 [ 1597.856924][ T1860] sd 0:0:1:0: PR command failed: 1026 [ 1597.872792][ T1860] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1597.905656][ T1860] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1598.856630][ T1882] ubi0: attaching mtd0 [ 1598.868022][ T1882] ubi0: scanning is finished [ 1598.883251][ T1882] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1599.192617][ T1882] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1601.065934][ T1921] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input141 [ 1602.081142][ T1948] netlink: 28 bytes leftover after parsing attributes in process `syz.6.5659'. [ 1603.634547][ T1960] sd 0:0:1:0: PR command failed: 1026 [ 1603.765495][ T1960] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1603.783316][ T1960] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1604.046507][ T1984] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input143 [ 1606.464794][ T2053] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5680'. [ 1606.566694][ T2057] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1607.369306][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1607.375685][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1609.709590][ T2149] sd 0:0:1:0: PR command failed: 1026 [ 1609.715075][ T2149] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1609.758455][ T2149] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1610.390214][ T2169] FAULT_INJECTION: forcing a failure. [ 1610.390214][ T2169] name failslab, interval 1, probability 0, space 0, times 0 [ 1610.416732][ T2169] CPU: 1 UID: 0 PID: 2169 Comm: syz.7.5698 Tainted: G U 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 1610.416778][ T2169] Tainted: [U]=USER [ 1610.416788][ T2169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1610.416802][ T2169] Call Trace: [ 1610.416812][ T2169] [ 1610.416822][ T2169] dump_stack_lvl+0x16c/0x1f0 [ 1610.416866][ T2169] should_fail_ex+0x512/0x640 [ 1610.416901][ T2169] ? fs_reclaim_acquire+0xae/0x150 [ 1610.416936][ T2169] should_failslab+0xc2/0x120 [ 1610.416962][ T2169] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1610.416997][ T2169] ? tomoyo_init_log+0x197/0x2140 [ 1610.417036][ T2169] tomoyo_init_log+0x197/0x2140 [ 1610.417072][ T2169] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1610.417124][ T2169] ? __pfx_tomoyo_init_log+0x10/0x10 [ 1610.417156][ T2169] ? tomoyo_profile+0x47/0x60 [ 1610.417192][ T2169] ? tomoyo_domain_quota_is_ok+0x2f6/0x5a0 [ 1610.417251][ T2169] tomoyo_supervisor+0x302/0x13b0 [ 1610.417298][ T2169] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 1610.417353][ T2169] ? lockdep_hardirqs_on+0x7c/0x110 [ 1610.417394][ T2169] ? kfree+0x2b4/0x4d0 [ 1610.417421][ T2169] ? tomoyo_check_path_acl+0xad/0x210 [ 1610.417452][ T2169] ? tomoyo_check_acl+0x1f7/0x410 [ 1610.417485][ T2169] tomoyo_path_permission+0x270/0x3b0 [ 1610.417525][ T2169] tomoyo_path_perm+0x362/0x460 [ 1610.417559][ T2169] ? __pfx_tomoyo_path_perm+0x10/0x10 [ 1610.417632][ T2169] ? __d_lookup+0x25c/0x4a0 [ 1610.417673][ T2169] tomoyo_path_unlink+0x91/0xe0 [ 1610.417710][ T2169] ? __pfx_tomoyo_path_unlink+0x10/0x10 [ 1610.417745][ T2169] ? d_lookup+0xe7/0x190 [ 1610.417782][ T2169] security_path_unlink+0x145/0x2b0 [ 1610.417812][ T2169] do_unlinkat+0x463/0x6a0 [ 1610.417851][ T2169] ? __pfx_do_unlinkat+0x10/0x10 [ 1610.417902][ T2169] ? getname_flags.part.0+0x1c5/0x550 [ 1610.417935][ T2169] __x64_sys_unlink+0xc5/0x110 [ 1610.417972][ T2169] do_syscall_64+0xcd/0x490 [ 1610.418011][ T2169] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1610.418038][ T2169] RIP: 0033:0x7f475c38e929 [ 1610.418060][ T2169] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1610.418087][ T2169] RSP: 002b:00007f475d2a4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 1610.418113][ T2169] RAX: ffffffffffffffda RBX: 00007f475c5b5fa0 RCX: 00007f475c38e929 [ 1610.418132][ T2169] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000640 [ 1610.418149][ T2169] RBP: 00007f475c410b39 R08: 0000000000000000 R09: 0000000000000000 [ 1610.418166][ T2169] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1610.418182][ T2169] R13: 0000000000000000 R14: 00007f475c5b5fa0 R15: 00007fff2b7b9318 [ 1610.418220][ T2169] [ 1611.183096][ T2189] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5700'. [ 1612.465096][ T2230] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1612.627327][ T2241] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5707'. [ 1612.676709][ T2247] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5706'. [ 1612.688422][ T2249] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5707'. [ 1613.518943][ T2269] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input145 [ 1613.951127][ T2287] device-mapper: ioctl: Invalid ioctl structure: name , dev 7f00010002 [ 1614.008693][ T2287] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5716'. [ 1614.549935][ T2309] netlink: 28 bytes leftover after parsing attributes in process `syz.6.5720'. [ 1614.566417][ T2308] netlink: 28 bytes leftover after parsing attributes in process `syz.7.5721'. [ 1614.761734][ T2313] netlink: 'syz.1.5722': attribute type 2 has an invalid length. [ 1614.879741][ T2313] openvswitch: netlink: Flow key attribute not present in set flow. [ 1615.470261][T15634] Bluetooth: hci3: unexpected event 0x35 length: 13 > 6 [ 1615.728440][ T2359] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.6.5730: iget: checksum invalid [ 1615.750461][ T2367] netlink: 326 bytes leftover after parsing attributes in process `syz.3.5732'. [ 1615.862069][ T2359] platform regulatory.0: loading /lib/firmware/updates/6.16.0-rc3-syzkaller-00044-g7595b66ae9de/regulatory.db failed with error -74 [ 1615.914909][ T2359] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.6.5730: iget: checksum invalid [ 1616.098844][ T2359] platform regulatory.0: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 1616.210371][ T2359] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.6.5730: iget: checksum invalid [ 1616.287665][ T2359] platform regulatory.0: loading /lib/firmware/6.16.0-rc3-syzkaller-00044-g7595b66ae9de/regulatory.db failed with error -74 [ 1616.332145][ T2359] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm syz.6.5730: iget: checksum invalid [ 1616.349716][ T2359] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -74 [ 1616.433679][ T2359] platform regulatory.0: Direct firmware load for regulatory.db failed with error -74 [ 1616.506123][ T2359] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 1616.525803][T20686] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1616.755977][T20686] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1616.874255][T20686] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1617.027351][T20686] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1617.121651][ T2404] FAULT_INJECTION: forcing a failure. [ 1617.121651][ T2404] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1617.134955][ T2404] CPU: 1 UID: 0 PID: 2404 Comm: syz.3.5739 Tainted: G U 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 1617.134999][ T2404] Tainted: [U]=USER [ 1617.135007][ T2404] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1617.135022][ T2404] Call Trace: [ 1617.135031][ T2404] [ 1617.135040][ T2404] dump_stack_lvl+0x16c/0x1f0 [ 1617.135067][ T2404] should_fail_ex+0x512/0x640 [ 1617.135091][ T2404] _copy_to_user+0x32/0xd0 [ 1617.135116][ T2404] simple_read_from_buffer+0xcb/0x170 [ 1617.135136][ T2404] proc_fail_nth_read+0x197/0x270 [ 1617.135155][ T2404] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1617.135173][ T2404] ? rw_verify_area+0xcf/0x680 [ 1617.135191][ T2404] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1617.135209][ T2404] vfs_read+0x1e4/0xc60 [ 1617.135231][ T2404] ? __pfx___mutex_lock+0x10/0x10 [ 1617.135254][ T2404] ? __pfx_vfs_read+0x10/0x10 [ 1617.135280][ T2404] ? __fget_files+0x20e/0x3c0 [ 1617.135305][ T2404] ksys_read+0x12a/0x250 [ 1617.135325][ T2404] ? __pfx_ksys_read+0x10/0x10 [ 1617.135351][ T2404] do_syscall_64+0xcd/0x490 [ 1617.135374][ T2404] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1617.135390][ T2404] RIP: 0033:0x7fbe1678d33c [ 1617.135402][ T2404] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1617.135417][ T2404] RSP: 002b:00007fbe17630030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1617.135431][ T2404] RAX: ffffffffffffffda RBX: 00007fbe169b6080 RCX: 00007fbe1678d33c [ 1617.135441][ T2404] RDX: 000000000000000f RSI: 00007fbe176300a0 RDI: 0000000000000004 [ 1617.135449][ T2404] RBP: 00007fbe17630090 R08: 0000000000000000 R09: 0000000000000000 [ 1617.135458][ T2404] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1617.135467][ T2404] R13: 0000000000000000 R14: 00007fbe169b6080 R15: 00007ffc2586e128 [ 1617.135485][ T2404] [ 1617.540834][T15612] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1617.585136][T15612] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1617.596033][ T2418] netlink: 198 bytes leftover after parsing attributes in process `syz.7.5740'. [ 1617.634053][T15612] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1617.680250][T15612] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1617.701996][T15612] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1617.814815][T20686] bridge_slave_1: left allmulticast mode [ 1617.834678][T20686] bridge_slave_1: left promiscuous mode [ 1617.841059][T20686] bridge0: port 2(bridge_slave_1) entered disabled state [ 1617.892208][T20686] bridge_slave_0: left allmulticast mode [ 1617.897914][T20686] bridge_slave_0: left promiscuous mode [ 1617.929288][T20686] bridge0: port 1(bridge_slave_0) entered disabled state [ 1618.271524][ T2445] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input146 [ 1618.492246][ T2447] syz.7.5746 (2447): attempted to duplicate a private mapping with mremap. This is not supported. [ 1618.851788][T20686] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1618.863246][T20686] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1618.878834][T20686] bond0 (unregistering): Released all slaves [ 1618.927292][ T2453] ptrace attach of "./syz-executor exec"[1023] was attempted by "./syz-executor exec"[2453] [ 1619.455121][T20686] hsr_slave_0: left promiscuous mode [ 1619.476448][T20686] hsr_slave_1: left promiscuous mode [ 1619.484596][T20686] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1619.494294][T20686] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1619.506352][T20686] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1619.517566][T20686] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1619.557922][T20686] veth1_macvtap: left promiscuous mode [ 1619.573959][T20686] veth0_macvtap: left promiscuous mode [ 1619.579901][T20686] veth1_vlan: left promiscuous mode [ 1619.586329][T20686] veth0_vlan: left promiscuous mode [ 1619.749604][T15612] Bluetooth: hci2: command tx timeout [ 1620.237458][T20686] team0 (unregistering): Port device team_slave_1 removed [ 1620.292494][T20686] team0 (unregistering): Port device team_slave_0 removed [ 1621.098389][ T2406] chnl_net:caif_netlink_parms(): no params data found [ 1621.358504][ T30] audit: type=1400 audit(4294973344.771:34): apparmor="DENIED" operation="setprocattr" info="invalid" error=-22 profile="unconfined" pid=2480 comm="syz.3.5748" [ 1621.377810][ T2493] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1621.477128][ T2406] bridge0: port 1(bridge_slave_0) entered blocking state [ 1621.500202][ T2406] bridge0: port 1(bridge_slave_0) entered disabled state [ 1621.508460][ T2406] bridge_slave_0: entered allmulticast mode [ 1621.516750][ T2406] bridge_slave_0: entered promiscuous mode [ 1621.586314][ T2406] bridge0: port 2(bridge_slave_1) entered blocking state [ 1621.593776][ T2406] bridge0: port 2(bridge_slave_1) entered disabled state [ 1621.601697][ T2406] bridge_slave_1: entered allmulticast mode [ 1621.611045][ T2406] bridge_slave_1: entered promiscuous mode [ 1621.646693][ T2406] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1621.672508][ T2406] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1621.724594][ T2406] team0: Port device team_slave_0 added [ 1621.745007][ T2406] team0: Port device team_slave_1 added [ 1621.804617][ T2406] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1621.812879][ T2406] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1621.839369][T15612] Bluetooth: hci2: command tx timeout [ 1621.845576][ T2406] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1621.861682][ T2406] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1621.868890][ T2406] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1621.894836][ C1] vkms_vblank_simulate: vblank timer overrun [ 1621.938144][ T2406] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1622.094482][ T2406] hsr_slave_0: entered promiscuous mode [ 1622.128931][ T2406] hsr_slave_1: entered promiscuous mode [ 1622.541244][ T2526] netlink: 28 bytes leftover after parsing attributes in process `syz.6.5753'. [ 1622.741111][ T2532] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input147 [ 1623.109880][ T2547] netlink: get zone limit has 8 unknown bytes [ 1623.909835][T15612] Bluetooth: hci2: command tx timeout [ 1623.935096][ T2565] sd 0:0:1:0: PR command failed: 1026 [ 1623.941157][ T2565] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1623.947900][ T2565] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1624.517876][ T2406] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1624.559606][ T2406] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1624.603322][ T2406] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1624.687066][ T2406] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1625.288633][ T2406] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1625.397126][ T2406] 8021q: adding VLAN 0 to HW filter on device team0 [ 1625.430766][T32254] bridge0: port 1(bridge_slave_0) entered blocking state [ 1625.437986][T32254] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1625.541860][T20684] bridge0: port 2(bridge_slave_1) entered blocking state [ 1625.549073][T20684] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1625.989817][T15612] Bluetooth: hci2: command tx timeout [ 1626.071469][ T2624] netlink: 28 bytes leftover after parsing attributes in process `syz.7.5765'. [ 1626.724855][ T2655] netlink: 338 bytes leftover after parsing attributes in process `syz.7.5768'. [ 1626.741959][ T2406] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1626.840405][ T2406] veth0_vlan: entered promiscuous mode [ 1626.884669][ T2406] veth1_vlan: entered promiscuous mode [ 1626.897364][ T2658] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1626.977454][ T2406] veth0_macvtap: entered promiscuous mode [ 1627.001734][ T2406] veth1_macvtap: entered promiscuous mode [ 1627.087972][ T2406] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1627.118541][ T2406] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1627.149308][ T2672] FAULT_INJECTION: forcing a failure. [ 1627.149308][ T2672] name failslab, interval 1, probability 0, space 0, times 0 [ 1627.152378][ T2406] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1627.190929][ T2672] CPU: 1 UID: 0 PID: 2672 Comm: syz.7.5771 Tainted: G U 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 1627.190975][ T2672] Tainted: [U]=USER [ 1627.190985][ T2672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1627.190999][ T2672] Call Trace: [ 1627.191007][ T2672] [ 1627.191018][ T2672] dump_stack_lvl+0x16c/0x1f0 [ 1627.191073][ T2672] should_fail_ex+0x512/0x640 [ 1627.191108][ T2672] ? __kvmalloc_node_noprof+0x124/0x620 [ 1627.191148][ T2672] should_failslab+0xc2/0x120 [ 1627.191173][ T2672] __kvmalloc_node_noprof+0x137/0x620 [ 1627.191209][ T2672] ? io_alloc_cache_init+0x33/0x170 [ 1627.191250][ T2672] ? io_alloc_cache_init+0x33/0x170 [ 1627.191282][ T2672] io_alloc_cache_init+0x33/0x170 [ 1627.191319][ T2672] io_uring_setup+0x63b/0x2080 [ 1627.191354][ T2672] ? __pfx_io_uring_setup+0x10/0x10 [ 1627.191386][ T2672] ? do_futex+0x122/0x350 [ 1627.191417][ T2672] ? __pfx_do_futex+0x10/0x10 [ 1627.191444][ T2672] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1627.191502][ T2672] ? xfd_validate_state+0x61/0x180 [ 1627.191533][ T2672] ? __pfx_do_writev+0x10/0x10 [ 1627.191571][ T2672] __x64_sys_io_uring_setup+0xc2/0x170 [ 1627.191605][ T2672] do_syscall_64+0xcd/0x490 [ 1627.191643][ T2672] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1627.191669][ T2672] RIP: 0033:0x7f475c38e929 [ 1627.191691][ T2672] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1627.191717][ T2672] RSP: 002b:00007f475d2a4038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 1627.191742][ T2672] RAX: ffffffffffffffda RBX: 00007f475c5b5fa0 RCX: 00007f475c38e929 [ 1627.191759][ T2672] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1627.191774][ T2672] RBP: 00007f475c410b39 R08: 0000000000000000 R09: 0000000000000000 [ 1627.191790][ T2672] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1627.191806][ T2672] R13: 0000000000000000 R14: 00007f475c5b5fa0 R15: 00007fff2b7b9318 [ 1627.191840][ T2672] [ 1627.437088][ T2406] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1627.445919][ T2406] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1627.454688][ T2406] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1627.940018][T32254] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1628.072609][ T2672] ubi0: attaching mtd0 [ 1628.077789][ T2672] ubi0: scanning is finished [ 1628.092881][ T2672] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1628.808927][T32254] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1628.881851][ T2672] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1628.922953][T25072] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1628.933749][T25072] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1629.294534][ T2742] netlink: 338 bytes leftover after parsing attributes in process `syz.6.5778'. [ 1630.292039][ T2777] zram: Added device: zram0 [ 1631.201050][T25072] EXT4-fs (sda1): Delayed block allocation failed for inode 2031 at logical offset 3354 with max blocks 171 with error 117 [ 1631.240077][T25072] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1631.240077][T25072] [ 1631.635723][ T2822] ubi0: attaching mtd0 [ 1631.753466][ T2822] ubi0: scanning is finished [ 1631.852570][ T2822] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1632.285426][ T2822] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1632.322502][ T2871] netlink: 338 bytes leftover after parsing attributes in process `syz.7.5788'. [ 1634.786603][ T2927] sd 0:0:1:0: PR command failed: 1026 [ 1634.817393][ T2922] Setting dangerous option i915.mitigations - tainting kernel [ 1634.871935][ T2927] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1634.878947][ T2927] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1634.962031][ T2931] Line length is too long: Should be less than 4094 [ 1635.305440][ T2936] netlink: 338 bytes leftover after parsing attributes in process `syz.7.5798'. [ 1635.481858][ T2939] Line length is too long: Should be less than 4094 [ 1635.510827][ T2939] FAULT_INJECTION: forcing a failure. [ 1635.510827][ T2939] name failslab, interval 1, probability 0, space 0, times 0 [ 1635.554265][ T2939] CPU: 0 UID: 0 PID: 2939 Comm: syz.1.5799 Tainted: G U 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 1635.554307][ T2939] Tainted: [U]=USER [ 1635.554315][ T2939] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1635.554330][ T2939] Call Trace: [ 1635.554339][ T2939] [ 1635.554349][ T2939] dump_stack_lvl+0x16c/0x1f0 [ 1635.554395][ T2939] should_fail_ex+0x512/0x640 [ 1635.554428][ T2939] ? __kvmalloc_node_noprof+0x124/0x620 [ 1635.554465][ T2939] should_failslab+0xc2/0x120 [ 1635.554488][ T2939] __kvmalloc_node_noprof+0x137/0x620 [ 1635.554521][ T2939] ? seq_read_iter+0x826/0x12c0 [ 1635.554548][ T2939] ? __lock_acquire+0xb8a/0x1c90 [ 1635.554584][ T2939] ? seq_read_iter+0x826/0x12c0 [ 1635.554610][ T2939] seq_read_iter+0x826/0x12c0 [ 1635.554641][ T2939] ? __mutex_trylock_common+0xe9/0x250 [ 1635.554683][ T2939] kernfs_fop_read_iter+0x40f/0x5a0 [ 1635.554709][ T2939] ? rw_verify_area+0xcf/0x680 [ 1635.554743][ T2939] vfs_read+0x8bc/0xc60 [ 1635.554780][ T2939] ? __pfx___mutex_lock+0x10/0x10 [ 1635.554815][ T2939] ? __pfx_vfs_read+0x10/0x10 [ 1635.554872][ T2939] ksys_read+0x12a/0x250 [ 1635.554904][ T2939] ? __pfx_ksys_read+0x10/0x10 [ 1635.554948][ T2939] do_syscall_64+0xcd/0x490 [ 1635.554986][ T2939] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1635.555011][ T2939] RIP: 0033:0x7f7cea18e929 [ 1635.555032][ T2939] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1635.555057][ T2939] RSP: 002b:00007f7ceb0d3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1635.555081][ T2939] RAX: ffffffffffffffda RBX: 00007f7cea3b5fa0 RCX: 00007f7cea18e929 [ 1635.555098][ T2939] RDX: 0000000000000020 RSI: 0000000000000000 RDI: 0000000000000004 [ 1635.555113][ T2939] RBP: 00007f7ceb0d3090 R08: 0000000000000000 R09: 0000000000000000 [ 1635.555128][ T2939] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1635.555143][ T2939] R13: 0000000000000000 R14: 00007f7cea3b5fa0 R15: 00007ffded4cefa8 [ 1635.555178][ T2939] [ 1636.831614][ T2968] Line length is too long: Should be less than 4094 [ 1636.985108][ T2970] Oops: general protection fault, probably for non-canonical address 0xdffffc000000000e: 0000 [#1] SMP KASAN PTI [ 1636.991372][ T2973] uinput: write device info first [ 1636.997046][ T2970] KASAN: null-ptr-deref in range [0x0000000000000070-0x0000000000000077] [ 1636.997075][ T2970] CPU: 0 UID: 0 PID: 2970 Comm: syz.1.5807 Tainted: G U 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 1637.004374][ T2973] netlink: 338 bytes leftover after parsing attributes in process `syz.7.5809'. [ 1637.010478][ T2970] Tainted: [U]=USER [ 1637.010490][ T2970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1637.010506][ T2970] RIP: 0010:__mutex_lock+0x14f/0xb90 [ 1637.052128][ T2970] Code: d0 7c 08 84 d2 0f 85 ab 07 00 00 8b 35 3a 6a 5d 0f 85 f6 75 29 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 60 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 93 07 00 00 48 3b 5b 60 0f 85 e0 01 00 00 bf 01 [ 1637.071728][ T2970] RSP: 0018:ffffc90003c1fa80 EFLAGS: 00010202 [ 1637.077786][ T2970] RAX: dffffc0000000000 RBX: 0000000000000010 RCX: 1ffffffff35b6e08 [ 1637.084908][ T2975] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 1637.085742][ T2970] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000070 [ 1637.085760][ T2970] RBP: ffffc90003c1fbc0 R08: ffffffff8a87ea37 R09: ffffed100d8a4138 [ 1637.094535][ T2975] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 1637.101415][ T2970] R10: ffffc90003c1fbe0 R11: 0000000000000000 R12: dffffc0000000000 [ 1637.101435][ T2970] R13: ffffc90003c1fb00 R14: 0000000000000000 R15: 1ffff92000783f5a [ 1637.101450][ T2970] FS: 00007f7ceb0d36c0(0000) GS:ffff888124760000(0000) knlGS:0000000000000000 [ 1637.101473][ T2970] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1637.101488][ T2970] CR2: 0000001b31cfcff8 CR3: 0000000045378000 CR4: 00000000003526f0 [ 1637.101503][ T2970] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1637.164518][ T2970] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1637.172499][ T2970] Call Trace: [ 1637.175781][ T2970] [ 1637.178709][ T2970] ? trace_kmem_cache_alloc+0x28/0xc0 [ 1637.184087][ T2970] ? kmem_cache_alloc_node_noprof+0x225/0x3b0 [ 1637.190167][ T2970] ? hci_devcd_register+0x47/0x170 [ 1637.195288][ T2970] ? __pfx___mutex_lock+0x10/0x10 [ 1637.200325][ T2970] ? __asan_memset+0x23/0x50 [ 1637.204921][ T2970] ? __build_skb_around+0x278/0x3b0 [ 1637.210124][ T2970] ? __alloc_skb+0x200/0x380 [ 1637.214720][ T2970] ? __pfx___alloc_skb+0x10/0x10 [ 1637.219665][ T2970] ? __pfx_vhci_coredump_hdr+0x10/0x10 [ 1637.225137][ T2970] ? __pfx_vhci_coredump+0x10/0x10 [ 1637.230255][ T2970] ? hci_devcd_register+0x47/0x170 [ 1637.235370][ T2970] hci_devcd_register+0x47/0x170 [ 1637.240315][ T2970] force_devcd_write+0x16c/0x340 [ 1637.245261][ T2970] ? __pfx_force_devcd_write+0x10/0x10 [ 1637.250736][ T2970] full_proxy_write+0x13c/0x200 [ 1637.255589][ T2970] ? __pfx_full_proxy_write+0x10/0x10 [ 1637.260961][ T2970] vfs_write+0x29d/0x1150 [ 1637.265303][ T2970] ? __pfx___mutex_lock+0x10/0x10 [ 1637.270339][ T2970] ? __pfx_vfs_write+0x10/0x10 [ 1637.275113][ T2970] ? __fget_files+0x20e/0x3c0 [ 1637.279807][ T2970] ksys_write+0x12a/0x250 [ 1637.284146][ T2970] ? __pfx_ksys_write+0x10/0x10 [ 1637.289007][ T2970] do_syscall_64+0xcd/0x490 [ 1637.293530][ T2970] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1637.299427][ T2970] RIP: 0033:0x7f7cea18e929 [ 1637.303841][ T2970] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1637.323452][ T2970] RSP: 002b:00007f7ceb0d3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1637.331868][ T2970] RAX: ffffffffffffffda RBX: 00007f7cea3b5fa0 RCX: 00007f7cea18e929 [ 1637.339842][ T2970] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000009 [ 1637.347813][ T2970] RBP: 00007f7cea210b39 R08: 0000000000000000 R09: 0000000000000000 [ 1637.355781][ T2970] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1637.363755][ T2970] R13: 0000000000000000 R14: 00007f7cea3b5fa0 R15: 00007ffded4cefa8 [ 1637.371736][ T2970] [ 1637.374749][ T2970] Modules linked in: [ 1637.379975][ T2970] ---[ end trace 0000000000000000 ]--- SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1637.466599][ T2970] RIP: 0010:__mutex_lock+0x14f/0xb90 [ 1637.504516][ T2970] Code: d0 7c 08 84 d2 0f 85 ab 07 00 00 8b 35 3a 6a 5d 0f 85 f6 75 29 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 60 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 93 07 00 00 48 3b 5b 60 0f 85 e0 01 00 00 bf 01 [ 1637.547683][ T2970] RSP: 0018:ffffc90003c1fa80 EFLAGS: 00010202 [ 1637.555599][ T2970] RAX: dffffc0000000000 RBX: 0000000000000010 RCX: 1ffffffff35b6e08 [ 1637.563934][ T2970] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000070 [ 1637.572208][ T2970] RBP: ffffc90003c1fbc0 R08: ffffffff8a87ea37 R09: ffffed100d8a4138 [ 1637.580908][ T2970] R10: ffffc90003c1fbe0 R11: 0000000000000000 R12: dffffc0000000000 [ 1637.589382][ T2970] R13: ffffc90003c1fb00 R14: 0000000000000000 R15: 1ffff92000783f5a [ 1637.597554][ T2970] FS: 00007f7ceb0d36c0(0000) GS:ffff888124860000(0000) knlGS:0000000000000000 [ 1637.608191][ T2970] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1637.615066][ T2970] CR2: 00007f475c581178 CR3: 0000000045378000 CR4: 00000000003526f0 [ 1637.623402][ T2970] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1637.631880][ T2970] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1637.640272][ T2970] Kernel panic - not syncing: Fatal exception [ 1637.646624][ T2970] Kernel Offset: disabled [ 1637.650945][ T2970] Rebooting in 86400 seconds..