last executing test programs: 1m20.645745539s ago: executing program 0 (id=155): socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x54) prctl$auto(0x8000003e, 0x1, 0x0, 0x1, 0x68f) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) mknod$auto(&(0x7f0000000400)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00', 0x8, 0xc) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x20100, 0x0) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) socket(0x11, 0x2, 0x5) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/platform/i8042/serio1/power/wakeup_count\x00', 0x40, 0x0) preadv2$auto(r0, &(0x7f0000000280)={0x0, 0x1}, 0x9, 0x3, 0x5, 0x3) socket(0x23, 0x80805, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000180)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) lstat$auto(&(0x7f0000000300)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00', 0x0) ioctl$auto(0x3, 0x5420, 0x38) ioctl$auto(0x3, 0x402c542d, 0x38) sendmmsg$auto(0x3, 0x0, 0x9a5, 0x7000000) setresuid$auto(0x0, 0x8, 0x0) r1 = setfsuid$auto(0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = socket(0x11, 0x3, 0x2) getsockopt$auto(r2, 0x107, 0x1, 0x0, 0x0) setuid$auto(r1) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, 0x0, 0x84000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0x240007, 0x19) migrate_pages$auto(0x0, 0xa, &(0x7f0000000100)=0x5, &(0x7f0000000140)=0x2) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) 1m19.471658327s ago: executing program 0 (id=159): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/power/state\x00', 0x20a42, 0x0) write$auto(r0, &(0x7f0000000080)='/\xe4ev/auYio\x00', 0x4) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000001d40), 0x141a40, 0x0) ioctl$auto(0x3, 0x541b, 0x10000000000402) 1m19.266653426s ago: executing program 0 (id=161): mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) r0 = ioctl$auto_TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptya5\x00', 0x62c00, 0x0) openat$auto_uinput_fops_uinput(0xffffffffffffff9c, 0x0, 0x101001, 0x0) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x109001, 0x0) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000500)='/dev/tty34\x00', 0x2200, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000080), r0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x4, 0x948b, 0x6, 0x15f4da07, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x8]}, 0x0) madvise$auto(0x2, 0x81, 0x7) ioctl$auto_KVM_GET_MSRS(r2, 0xc008ae88, &(0x7f0000000140)={0xfffff23c, 0x0, [{0x400, 0xe5a}, {0xffffff58, 0x4, 0x1}, {0x7, 0x3, 0x421}, {0xfff, 0xffffff80, 0x9}]}) mincore$auto(0x1000, 0x8001, 0x0) unshare$auto(0x20000080) connect$auto(0x3, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x2710}, 0x10) unshare$auto(0x40000080) mmap$auto(0x0, 0x40000c, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/workqueue/parameters/watchdog_thresh\x00', 0x1e2142, 0x0) sendfile$auto(r3, r3, 0x0, 0x7fff) munmap$auto(0x20001000, 0x7fb3) clock_nanosleep$auto(0x1, 0x7f, &(0x7f00000001c0)={0x1, 0x40}, &(0x7f0000000440)={0x4, 0x1}) ptrace$auto(0x10, 0x10000000000001, 0xffffffffffffff56, 0x868f) capset$auto(0x0, 0x0) select$auto(0x9, &(0x7f00000000c0)={[0xeeda, 0x5, 0x100000003, 0x9, 0x6, 0x1ff, 0x100000000, 0x3, 0x4, 0x401, 0x0, 0x8, 0x6, 0x9a8c, 0x9, 0x10001]}, &(0x7f0000000200)={[0x8, 0x8000000000000000, 0x2, 0xb, 0x1, 0x9, 0x0, 0x7fff, 0xa, 0x18f, 0xfffffffffffffff9, 0x3, 0x8000000000000001, 0x1000, 0x80000001, 0x1]}, 0x0, &(0x7f0000000280)={0x10006, 0xcc}) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/dummy0/ifalias\x00', 0x8041, 0x0) 1m16.905029873s ago: executing program 0 (id=169): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) writev$auto(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xfffffffffffefffd, 0x17) madvise$auto(0x0, 0xffffffffffff0005, 0x19) r0 = socket(0x2, 0x1, 0x0) r1 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) listen$auto(r0, 0x7) r2 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f00000000c0), r0) sendmsg$auto_HWSIM_CMD_TX_INFO_FRAME(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f0000001900)={0xdd8, r2, 0x100, 0x70bd2c, 0x25dfdbfe, {}, [@HWSIM_ATTR_RADIO_NAME={0xe, 0x11, '/dev/vbiD\x00'}, @HWSIM_ATTR_COOKIE={0xc, 0x8, 0x4}, @HWSIM_ATTR_FRAME={0x7bf, 0x3, "9730f230b7ca996451d90d4acb11084c1ce28c7e7adcdaa725624eebe82d554e4a7270c3276aab5a139a63d62a931df89acf698df95ea50f02f9c29fb60ffbf2866e21d609c54a82f16e3482548d5f2e4f6edc90b248227d214034167e7e94d145a82e93ffe7b736251d43092656c31fa1bb0b0be6d07f05457e73f6276ad330849838dce42c9395b0df7c17cce3b5fa79fbf88e0a275a9c3d3805402b273be4a18eec8a38656a29feea49cfe36a0ba1ba3035418e364d79460bea55a952d9de4d1af6970d43561267d63eef902f661fa0b372834a2949ec85958117cce4aeb9c2f47d94dd6b08942c78a81f009f5b1b90dd37419e92bbe9f0505cb4da6f27dda320a18185e38485bd425f95b9a2b8cdc52fc9d595154847db53a1aa77069dc32fa641a7d8c21d477a00c23c629fb130d410ed0b4ccf93a574bb3b40a28dc3615175409dfbaf8aeaf9f3de9e0b903dba34607b7194d253df3e07a4d8a02c51c44d1a1b9704a39999282e29e7aa93de46a0cd06139a367940ca2b49e4e6641e02599a8f5d9c7baf7f7749e823eacb377459f2685c7d027e10f5a26f241b460a54303bdbc37db489879d736e741848a1548637b370057c12e3332e090a43804f2af1023ee73b0d4d6a6b86944afc6d396b4a35e045439be26414f587e332d694e64b1fd7f63cc5a265ed6b136a8de66644d542d74387d51973232967442223737b85649ae7ae21f892da108c03cad339c85c89b0ad9df1d4448ca3952ef05afbdde98c41e5521b6355a3c1a9bffe8f6600335aec2961f85f58f3a8dc0812e8ab1b90a7777d37a74c1aac5f8392537e2bed12ced9bc937be71257d58b7c8acd8bd5eb2790333c2e37a5b94c5270eaa9786ea7d9989673de4bbffc76191214ffe228b811902d7e46918dda2d017478035cb9d1c22888bc418bb17839e89f32e6bebee27bc87221c784707e2925c3b27a755ac30dcc8d0ca031abc7d289ecf3ad1ae6fdb5cbb358bdb3370077373060069ff0e6fc0d25b8ba1293e9df7cbcb5cf9ebd038312c472d6309243900d53c7e8d10ee244ade21e9661e09ef3ab3f91c8ca07d2c1cd0fa8f1fe175d6df84baf2dc52dabbaa5281dfc9a3f9dc5663556a4b286e25320bef0f4033b1bcb93255e577a9c905b0f8c0f9c08e8ea25d975a3ac4828f4b0eeca94698d8bd09cc7dda76d043bf9c7e81610f3913c6a09135e027b5bcf0db4505fa01801a454b76b451f439a5005b4fc2648847513f85bf6c976886da814e88171589126c5bfbeb37cb1c630b639a61cddfc12ec0649166da4013b65ae2e12602338472b84a557d8f33070a0f31e5eed5d4574a6c3782202c6ef043ec374dea5d031a5395adaf1ba337fd1f3bbb403c966ead2fd7d634a5c1d947f08f98b755aa9a068398adcd2026788ec43f7af6cdf8fc6f0e72534b3b52899d23d024abd082b96a81eff540c67c488321d513f8632d38cbbd4324567773cccfe58b630eaa2e0366b6706c5310f62a38f0ffdbcc3986459d2591831a2aec6fcf33ec6bb68524c52b202f553fe90665b0af11d6bcbf4759faedcb1b538e1e9001ae9899f93ae973709856c4df60cde323b43b858be61ee50745c8d48eae55ba01b2184dd479a4f42acda19d4a21af458dc88a0020111e36ab7e91a6d9cc6c5645de2c05db0245485482c9865cda9c1232d29777d07cef39e2059835a31d462c1bb458c1aaf91298c7c1a5f0fca93ec6f6772e69d0d7519af7c6436d1f403cf3261faaccc443047ac7c60d8ab65bfd421f138dabcb3fe16eb2c1ab2c3c571344d46ab267377de00564b61654f597668a30f2c0010164b14cbc853e6d1ddf85b71a2191a070b398b903ff3d5aa7d97d8426cef3eb33d0f5a9a49fe50e541edc532414c1280ce870a3b8a649da93ef575aecd01200a694a71e3b393a0e8ff3e212e2611c3df38db9d679dc63a1eae849117c648944445bccc94d1482231b42c6282e4c2260b797d51e254b07858db0f43b31ab7b2e0ecd3aaec4a94c53fae18bea1a1057d51f1cba54cf843bab635796d336898db8746c63547168597a1782bab3c7ffc362bcd666f0c9fc4ae3ac577f4a65b0c4a4017d6daad019013bb05940974dc0f87ce1f7fcdaad64224f48470b59563183352e8212d5a9882aaee1809c11086a066ed1cd6365d16b0bf0a9bb9a2a5ee39ca8560d52375fd0ed9885120656ce1d2a1dfb5e77db905222dd78b11772d645dcd1dd071245e8ebd5620069b2c574b657ab30de6b0c2d4d3db23e7a875b17639fb7e605d4efb22af99505f678f47ebd04bdd1294e11901b3e7ac50c3c6544c785149110c68583cd00ba196ea508f6f7d787ee625f237fbd80d544116cff191e17ee9a3ddd7243c6ce11a07a20c36f1e1721a3239255cee40e8c3cf1474c892bf714945666a5429a9f9f2981f7a881cf2386e36defe3ecc82d38dae565de7803755f58dbbb7e3692d0d982021170fc7e0e991db671886871b65b5d5f9ece6fc7d1289e002e98593f0afc0ba49d512772375e4773ca7768631e77798da2cee39fe1e6ebc107557b6990bf0defe7a5dea7a547a178961a08f5c1da41b3e90cddfc770ae54ce96f91e3bf322db5a43d9271129114e181ea0be6768bbdfdbbd1e9025212eb223d1dcdc8796a1951cf5bc5d9dac735c60b4995c88fff3c6c70a9f74ebe06129265faa6ce785c4a5ac35686d667f5c839d9da74b127b89396e2cbc7fae30b68e41c03b364cbd4e420649113da3624d70ae196189d91620107c50d93811ebdb65a41cd9ef8f29e801f0"}, @HWSIM_ATTR_RADIO_ID={0x8, 0xa, 0x5}, @HWSIM_ATTR_COOKIE={0xc, 0x8, 0x9}, @HWSIM_ATTR_SUPPORT_P2P_DEVICE={0x4}, @HWSIM_ATTR_FRAME={0x5c1, 0x3, "ceebe46657d429406dc87f5a009432327fec111f6b3d77ad83fe0dd4a67942bac6efe565bd3774784f03f04eed3087072683159e525137fa4dea8b8f5391b3f7c6f4b9ead4bb9733eaa2329ace019e2395695aba64190fb3d2d268e57e6d603e3394105ba7c891f38437cf91cf0557b9d47f262c01268c7482a083182c3cef395b1ff91b7d02cd9362493b188016ba0003279b2f318d05a8715487d96aa245a11dc7b9e41cf411ab3d41717b1d438f86da350f2f1b6cf12d1a111f308c0b2d597a3d1f08c021dd5196e32f21ba77207d98c85b3d6751cbc318c3819305163c416e3be88045c2e3d5680fc2819405dc758f4202c732905b8d4433438cc10efd446d36a1bd9d5d8138dc8a44a1f06def65e34d4a389d9b45c8f319f12403385170a069e545451693b5e765dc7575c32188ec69c19ae4eb2f0d9e4fab3c06609f04b954ed9491979f0f922ca210fe5da590a31cc80cde5dcc557907d230825af0db788127845b044d62f78a8402c1398d0d1edd863c0439757e119a2414d5b778445971d3994e60a75d59c6c5222ddacb3a25603a0e7f2f0a18cbf5408e2489a3ad22b74e9f5636a0fae67096f68be522a3022c35572e08edbef65a659ad656bacf3fb27dd3fd4afd1dcd5d7235f7d1a8f2da77f269f8e60d8426bce3ed74fed5af0602caf62fdc4058f137853af82ede6beb446bb32cda328774a22c7bf515e4c4983d6e8af986d5c585d9e4ddedca2b14e2219cbf5b8ef7dfe988005202a49dcd91ac60c64f0b15720bfca71ad4c50a1b102baf23f0c6ff4d55171d01fad26bd105feac12a93dd38474894cc81e83f569b4230382013e784f1e0571d5661c6b737c878320e0079d391df861d3c5b48d70c78aa092c1d3b1d161055e2b7c04f353fd0442437378b2c58102e912455dbe9fc76f1025eb855af547e45618b4e1d2912edf4a0fc91662f4bafd900f8fc2ac39167c72b2b865ea72cd4f551563eb2455381387dc20c0fb72f5c6eb35a02d108f4e65de7ff98abf80bd50759e72e60a0312d493706cc5796fcd61d463042fffd8d6a131fb843585b2ac7911f0dd3ed0fb32a42988a73d8570c9e51d4abe859cbefaa86c89f7eab4efd7a50a70e91a24a55201295de038df8dc319aabaca22223695edeac8181ace2e368d8fac3011067957f9acf5e5d39b685c1899b107d647fa1307c5dfa205ca17b8b8160ed61bc8639f55e0a1df837754d962a6624256824ec0c7c020bb26d091530f1d650b16252ed9adcfe5a9548899363e7bd4ee9d8ce0bdbf9e272ea38650152d3ef072e46177f3b503a1bc8a95ed22e9f45576597175aef7ec296c956cdbfc8d2e126a7f9e25ba3d00ceb706c8e1fd5151164ef0f94232be4f8b16963e0d0c1adac0ec18726a0022ff2cdfa1e718478273a3783e2130634de2129f77dd45650deff9eca8dc219024408732242f6b22436f9dd5ffe1d22767fc589095fb7cca2f80f4a07955dc70777b6ad4f408814c49da0142910dff1d446b2143edbd0649a6071fb99fd228385fe41aa55972c066bcc888db0e7df2bec2acd8cf185a0f0a89948ec7ec9be0378192bf6577ca50f19c9603d90130aa843c143c30d66361ddd9b5a806e02313fb218e0f2cd198dc8efa29f22b1632365989d0bfaba8a2deb0534075a7596e91de69d148640128fbd961f55d73684e159af73705e035dab3f293bf5b71e1cdeefd3217cc300acf89d45d60f4c7f7f065af5bd0c1a169d82ae75b7dce1a4144f7467501c304c85bbf10f62c201dabb739d91147ebb23a962efc9d9b27844bd05010ae5cab29026b9843f51d7ebc99e1f29e02d7f9ed1d97fcba7858d388f95519e5af441c188c07f142b5642022b108a4424ff675f49375c5d2c2e84de84d9520d3b0b5d7e6bd5d8a671e090b4eb878a8c9695b684f2a0b1f3977aca6c6ab0aaf97e74a5416558824f527d3531463ab9589a40b89aa1a67a1f6fb0d7f1efda682acad99f4751063267a88947fcb2816b900e5eaa629fbffce6a1ea75904328f892f067eb6924710fff74905474cef538299a448744d2f19e0b3f070cb79"}, @HWSIM_ATTR_COOKIE={0xc, 0x8, 0xfffe}]}, 0xdd8}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000000) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1, 0xb}, 0x800009}, 0x5, 0x2000fdff) setsockopt$auto(0x3, 0x0, 0xc8, 0xfffffffffffffffc, 0x4) ioctl$auto_PPPIOCSMRU(0xffffffffffffffff, 0xc004743e, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x4020009, 0x2, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) r3 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(r3, r3, 0x0) r4 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vbi2\x00', 0xa200, 0x0) ioctl$auto(r4, 0xc0585611, r4) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55) sendmmsg$auto(r1, 0x0, 0x9a6, 0xe000) mmap$auto(0x0, 0x100000000001, 0xdb, 0x9b72, 0x5, 0x8000) socket(0x2, 0x1, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) 1m15.281063865s ago: executing program 0 (id=174): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) close_range$auto(0x0, 0xfffffffffffff000, 0x2) (async) open(&(0x7f0000000040)='./file0\x00', 0x149443, 0x0) (async) socket(0x22, 0x2, 0x3) r0 = socketpair$auto(0xcfe, 0x1, 0x8000000000000000, 0x0) (async) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x8) (async) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xa083, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(r0, 0x5, 0xffffffffffffffff) (async) r3 = ioctl$auto_KVM_CREATE_VM(r1, 0x8400ae8e, 0x0) io_uring_setup$auto(0xd, 0x0) (async) r4 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) read$auto_mISDN_fops_timerdev(r4, &(0x7f0000001a00)=""/4097, 0x1001) ioctl$auto_IMADDTIMER(r4, 0x80044940, 0x0) r5 = socket(0xa, 0x1, 0x84) bpf$auto(0x10, &(0x7f0000001700)=@query={@target_fd=r5, 0x2f, 0x1, 0x9, 0x7f, @prog_cnt=0x2, 0x0, 0xf, 0x8, 0x7, 0xfff}, 0x63a) (async) r6 = socket(0x26, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000380)={0x0}, 0x1, 0x0, 0x0, 0x4004810}, 0x4000800) (async) mmap$auto(0x7fe, 0xa8, 0x5, 0x3f, 0x401, 0x8) (async) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16, @ANYBLOB="1b0026bd7400fddbdf250300000004000800100003800c00098008"], 0x40}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) (async) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="010600bd7000fbdbdf250a"], 0x1c}, 0x1, 0x0, 0x0, 0x20040004}, 0x20008810) (async) r7 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f00000001c0), r6) sendmsg$auto_IOAM6_CMD_DUMP_NAMESPACES(r6, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x14, r7, 0x0, 0x70bd25, 0x25dfdbfc, {}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20004040}, 0x1) sendmsg$auto_NL80211_CMD_GET_REG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="18"], 0x1ac}}, 0x40000) (async) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0x7}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) (async) r8 = getpgid(0x0) rt_tgsigqueueinfo$auto(r8, r8, 0xe, &(0x7f0000000100)={@_si_pad}) openat$auto_proc_mounts_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/mounts\x00', 0x2002, 0x0) 1m14.221635786s ago: executing program 0 (id=179): r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000004c0)='v#\xd5\xaf>=\x14\xe6%\xf7\x8a\x8d\x9a\xae\x1a\xd6\xa8\xb8\x1d\xf5(\xb0\x1f\xbd\xcbV\n\"\xe3V\xfeP\xceN\xb2\xc32\xaf\xcc\x80\xfa\xf0\xd4\xd9|\xfe\x03y\xd16\x17\x99R\xca\xe5\xf4\xb4T\xfcv\xfc\xe6\x9cv\a\x00\xc2a\x16\xd1\x8a\x80\x90\x87\xa5s\x10\xed\x93\xd4\x15=\xc0\x1f\x0e\xb0\x18v}\x03!\xf0I\xe3}\x90\x9b\x92[\xfe2<7\xd3\x81\x9a~\xcd\r\x19\x9e\x10(5\xfd\x8b\x82\xd4\xc85\xc3\x93t\t\xd0\x9d\xca^n\xf3\xcb>\x1bO\xcej\xe0\xef\xf2\xd7\xc2}\x18\xd9`AO\x95<\x9aH\vu\xae\xd4\xea\x12\xb8\xd1\n\x01\x83r\x85\xbf*\x18\xa7 S:R\x14\x89Z3\x94\x8bP)\x00', 0x40140, 0x12d) (async) r1 = openat$auto_event_inject_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/events/vmalloc/purge_vmap_area_lazy/inject\x00', 0x511402, 0x0) (async) mmap$auto(0x0, 0x2020009, 0x8000000000000003, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) ioctl$auto_BLKTRACESETUP32(r2, 0xc0401273, &(0x7f0000000140)={"e863192c8e3f1a7155aed629c4952dc7dff02a0000b914e946d0796b8b00", 0x80, 0x7, 0x5, 0x8, 0x5}) (async) shmctl$auto_SHM_STAT_ANY(0x80, 0xf, 0x0) (async) sendmsg$auto_NL80211_CMD_SET_STATION(0xffffffffffffffff, 0x0, 0x800) (async) mmap$auto(0x0, 0x2020008, 0x1000000000000007, 0xeb1, 0x0, 0x1008000) (async) close_range$auto(r0, 0x8000, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_uhid_fops_uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2201, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer\x00', 0x101401, 0x0) (async) pipe$auto(0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x2, 0x73) (async) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) (async, rerun: 32) write$auto(0x3, 0x0, 0xfffffdef) (async, rerun: 32) close_range$auto(0x2, 0x8, 0x0) (async) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x48000, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x0, 0x4000c, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) (async) prctl$auto(0x1000000003b, 0x4, 0x0, 0x9, 0x7) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) (async) r4 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/tracing/set_event\x00', 0x301, 0x0) write$auto(r4, &(0x7f0000000200)='nbd\x00\xd5Ho%\xcd\xc6\xe4A\x88\x9fu\xafa\x89ZT\xbf\x88\x12\xde\xbb\x02\"I\xee\x9c\xc8\xde~j\xaaP.\xaa\f\xa7{/c\xf5\x11wz\x88)V\b/PH\xd4\a\xf1\xe7\x03\xadv\xe1\xf9+\x9e\xb2N4\x88\rtc\x95\xe0s@\x88|\xa4\xbaVU\xf8\xd1\xb3-\xe9\xfa\xec+1s\xceo\xd7\x1a\x9d:cC\x9e\xfb\tGr\xd4\xa9^\x18\x12\x05\x94\xf2n\xbc{\x83\xa8\xb9\x83\t\x81i\x04\x8b\xf0\'\x93\t\xadw4i\x97()u#\xe9\xc3\xc5\x17\xa3\xc9N\xc0\xf8\x80 7\xfa\xa9sZ?\xcbYt\xa7\xec\xd2v\xd5\xab\x8a\x02\xe2S \x11\x19\x9a\xce:\x8b%\xa4\r\x18y\xb0D%T\xf3Z\x02\x95D\xfe\xbc\xe4\x8b=\xb2\xbc\xbd\fq\xea\x94g%\x97\xf7\x98\xe9b\xc7\xff\xd1\xa2C\f\xb9\xdb\xca\x82\xea\xcb\x9d\x14\x953\x95O$\x06H#\xcb\xef\xa1 Zc\x1f\x00\xaf}\xd0\xb4', 0x4) (async) ioprio_get$auto(0x3, 0x2) (async) pread64$auto(r1, 0x0, 0x200, 0x80) 58.694423774s ago: executing program 32 (id=179): r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000004c0)='v#\xd5\xaf>=\x14\xe6%\xf7\x8a\x8d\x9a\xae\x1a\xd6\xa8\xb8\x1d\xf5(\xb0\x1f\xbd\xcbV\n\"\xe3V\xfeP\xceN\xb2\xc32\xaf\xcc\x80\xfa\xf0\xd4\xd9|\xfe\x03y\xd16\x17\x99R\xca\xe5\xf4\xb4T\xfcv\xfc\xe6\x9cv\a\x00\xc2a\x16\xd1\x8a\x80\x90\x87\xa5s\x10\xed\x93\xd4\x15=\xc0\x1f\x0e\xb0\x18v}\x03!\xf0I\xe3}\x90\x9b\x92[\xfe2<7\xd3\x81\x9a~\xcd\r\x19\x9e\x10(5\xfd\x8b\x82\xd4\xc85\xc3\x93t\t\xd0\x9d\xca^n\xf3\xcb>\x1bO\xcej\xe0\xef\xf2\xd7\xc2}\x18\xd9`AO\x95<\x9aH\vu\xae\xd4\xea\x12\xb8\xd1\n\x01\x83r\x85\xbf*\x18\xa7 S:R\x14\x89Z3\x94\x8bP)\x00', 0x40140, 0x12d) (async) r1 = openat$auto_event_inject_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/events/vmalloc/purge_vmap_area_lazy/inject\x00', 0x511402, 0x0) (async) mmap$auto(0x0, 0x2020009, 0x8000000000000003, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) ioctl$auto_BLKTRACESETUP32(r2, 0xc0401273, &(0x7f0000000140)={"e863192c8e3f1a7155aed629c4952dc7dff02a0000b914e946d0796b8b00", 0x80, 0x7, 0x5, 0x8, 0x5}) (async) shmctl$auto_SHM_STAT_ANY(0x80, 0xf, 0x0) (async) sendmsg$auto_NL80211_CMD_SET_STATION(0xffffffffffffffff, 0x0, 0x800) (async) mmap$auto(0x0, 0x2020008, 0x1000000000000007, 0xeb1, 0x0, 0x1008000) (async) close_range$auto(r0, 0x8000, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_uhid_fops_uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2201, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer\x00', 0x101401, 0x0) (async) pipe$auto(0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x2, 0x73) (async) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) (async, rerun: 32) write$auto(0x3, 0x0, 0xfffffdef) (async, rerun: 32) close_range$auto(0x2, 0x8, 0x0) (async) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x48000, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x0, 0x4000c, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) (async) prctl$auto(0x1000000003b, 0x4, 0x0, 0x9, 0x7) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) (async) r4 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/tracing/set_event\x00', 0x301, 0x0) write$auto(r4, &(0x7f0000000200)='nbd\x00\xd5Ho%\xcd\xc6\xe4A\x88\x9fu\xafa\x89ZT\xbf\x88\x12\xde\xbb\x02\"I\xee\x9c\xc8\xde~j\xaaP.\xaa\f\xa7{/c\xf5\x11wz\x88)V\b/PH\xd4\a\xf1\xe7\x03\xadv\xe1\xf9+\x9e\xb2N4\x88\rtc\x95\xe0s@\x88|\xa4\xbaVU\xf8\xd1\xb3-\xe9\xfa\xec+1s\xceo\xd7\x1a\x9d:cC\x9e\xfb\tGr\xd4\xa9^\x18\x12\x05\x94\xf2n\xbc{\x83\xa8\xb9\x83\t\x81i\x04\x8b\xf0\'\x93\t\xadw4i\x97()u#\xe9\xc3\xc5\x17\xa3\xc9N\xc0\xf8\x80 7\xfa\xa9sZ?\xcbYt\xa7\xec\xd2v\xd5\xab\x8a\x02\xe2S \x11\x19\x9a\xce:\x8b%\xa4\r\x18y\xb0D%T\xf3Z\x02\x95D\xfe\xbc\xe4\x8b=\xb2\xbc\xbd\fq\xea\x94g%\x97\xf7\x98\xe9b\xc7\xff\xd1\xa2C\f\xb9\xdb\xca\x82\xea\xcb\x9d\x14\x953\x95O$\x06H#\xcb\xef\xa1 Zc\x1f\x00\xaf}\xd0\xb4', 0x4) (async) ioprio_get$auto(0x3, 0x2) (async) pread64$auto(r1, 0x0, 0x200, 0x80) 12.121817226s ago: executing program 3 (id=328): mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) (async) mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00'}) (async) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x1c, r0, 0x1, 0x70bd26, 0x25dfdbfd, {0x2, 0x0, 0xfd}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004081}, 0x20000084) r3 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyw5\x00', 0x28341, 0x0) (async) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyw5\x00', 0x28341, 0x0) ioctl$auto_TIOCMGET2(r4, 0x5415, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), r3) (async) syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), r3) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) (async) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_ID(0xffffffffffffffff, 0x0, 0x4000080) ioctl$auto_IOCTL_VMCI_DATAGRAM_SEND(0xffffffffffffffff, 0x7ab, 0x0) mknod$auto(&(0x7f0000000080)=':,\x00', 0xcb, 0xfffffffa) execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0) (async) execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0) mknod$auto(&(0x7f0000000280)='X))\x00', 0x63c5, 0x7bf) mknod$auto(&(0x7f0000000340)='\xe1\x9eHU\x00', 0x63c1, 0x7fc) sendmmsg$auto(0x4, 0x0, 0x100003, 0x6) (async) sendmmsg$auto(0x4, 0x0, 0x100003, 0x6) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001280)='/sys/devices/virtual/net/bond0/bonding/arp_validate\x00', 0x20042, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000280), 0xffffffffffffffff) (async) syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$auto_OVS_CT_LIMIT_CMD_DEL(r5, 0x0, 0x4000048) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x66ab80, 0x0) (async) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x66ab80, 0x0) mmap$auto(0x0, 0x400008, 0x200, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x2000040080000004, 0xe) r6 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x401, 0x0) write$auto_proc_mem_operations_base(r6, &(0x7f0000001680)="a7", 0x80000) openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, &(0x7f0000000600)='/proc/thread-self/clear_refs\x00', 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r7 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB=']'], 0x1ac}}, 0x40000) 11.358471669s ago: executing program 3 (id=330): r0 = openat$auto_ecryptfs_dir_fops_ecryptfs_kernel(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/bluetooth/hci1/hci1:201\x00', 0x209400, 0x0) mmap$auto(0x0, 0x4020009, 0xfffffffffffffffc, 0x90, r0, 0x8000) close_range$auto(0x2, 0x8, 0x0) clone$auto(0x3fff, 0xad3, 0x0, 0x0, 0x8000002) r1 = socket(0x11, 0x3, 0x2) mmap$auto(0x0, 0x20009, 0x7fffffff, 0xeb1, 0x401, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/lapb4/carrier\x00', 0x0, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) statmount$auto(0x0, 0x0, 0xe, 0xfffffff8) r2 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r2, 0xc004743e, 0x0) ioctl$auto_PPPIOCSPASS(r2, 0x40107447, &(0x7f0000000040)={0x6, 0x0}) setresuid$auto(0xffffffffffffffff, 0x8, 0x8000) ioctl$sock_SIOCGIFINDEX(r1, 0x8955, 0x0) 10.205917735s ago: executing program 3 (id=333): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x500, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000080)=""/23, 0x17) syncfs$auto(r0) r1 = socket(0x15, 0xa, 0x7) setsockopt$auto(r1, 0x114, 0x8, 0x0, 0x4) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptydc\x00', 0x720841, 0x0) close_range$auto(0x0, 0x5, 0x0) r2 = prctl$auto_PR_SET_MM_ARG_END(0x48a, 0x9, 0x0, 0x8001, 0x5) mkdirat$auto(r2, &(0x7f0000000300)='./file0\x00', 0x5) socket(0x8, 0x2, 0xffffffb9) r3 = accept$auto(0x3, 0xffffffffffffffff, 0xffffffffffffffff) getsockopt$auto_SO_LOCK_FILTER(r2, 0x0, 0x2c, 0x0, &(0x7f0000000100)=0xa) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_NL80211_CMD_SET_STATION(r3, &(0x7f00000003c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80010000}, 0xc, &(0x7f0000000340)={&(0x7f0000000400)=ANY=[@ANYRES16=r2, @ANYRES16=0x0, @ANYBLOB="00082abd7000fddbdf251200000040002c8008000100021c00000800010005000000040002800800010009000000080001000000000108000100090000000800010006000000080001000b00000008009e0000010000"], 0x5c}, 0x1, 0x0, 0x0, 0x40010}, 0x4000044) mq_unlink$auto(&(0x7f0000000180)='/dev/rtc0\x00\n[\xca\\\x8aJ?Ht\xbd\x8a\x19A\x1d\x9b\xb0\a\xe8\x1a4uG9\xae\xf2\x1b\xa7#\x01:\x13m;\x1aw\x85g\xf5 \\\x80s\xe59\xc0W\xf4\xdf^UD\x17\nS\xd4\x1f\xce\x8a\xafSz*o\x1a+\xd1H\"\x83\xa8\x8a\x91\x00'/93) pread64$auto(0xffffffffffffffff, 0x0, 0x594c, 0x9fffffffd) pwrite64$auto(0xc8, &(0x7f0000001cc0)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbe\x01\x00\x00\x00\'\x03\x00\x00\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e#\xae\xa9i8W\xe5Iq\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+1\xc3\xc2g\x01JZ\xbb*\xca\xa1;0\x81\x11\x9a?\xaae\x9d\xb6\x1aI\x00\x11\x16\x93\x7f\xc0%\xb0\r\x82\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x13O/J\xbdC\xd1\xfa@\x96\xcfc5=\xd1\xe5\x85\x9a\xdd9\xa9\x00M\xe9\x10tv\xb2\xbf\xf0T\x94\xbc\x17/Rc2\xe29\x8a\xe5q\xd7E\xd0\xc0\xa6\x91\x8d\xd7\x89\xb6G\x89\x1cd\xd8\x99\x0et\xfb\xcfKQ\x9dl\xe7\x83\xdf\x90\xe7\x9az\xa2v\xd3wuW\xbb1\xea[B_\xa96\xe5\x92=\t\tk\x9b\x17\xb4\x88K\xe7\xf4\x06J\x98G\x1c|x\x82ge\x1b(w1\xb2Gd\a\xb0\x11Z\xeb3\xd7d\x84kW\xde\xb0\x1d\x95\x8e\x7fM\xd4ko[\xe7\x91%\x1b^\x8d\xcb\x82S\xfa\xf1\xa3\xb8\x1f`\xf4C\xbb\xd8M\'\xc7(BB\x1ep\xb1\x810\xf5\xfe\x85g\x17\x99\x12:P}\x1c?\xa4GxJ', 0xfdf2, 0x4) write$auto_ecryptfs_miscdev_fops_miscdev(0xffffffffffffffff, 0x0, 0x0) unshare$auto(0x40000080) openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cec13\x00', 0x2000, 0x0) r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/igmp\x00', 0x100, 0x0) pread64$auto(r4, 0x0, 0x40000000f42c, 0x585) getsockopt$auto(0xffffffffffffffff, 0x84, 0x70, 0x0, &(0x7f0000000240)=0x10009b) r5 = openat$auto_nsim_nexthop_bucket_activity_fops_fib(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/fib/nexthop_bucket_activity\x00', 0x1, 0x0) write$auto(r5, 0x0, 0x9) 5.674196861s ago: executing program 3 (id=341): r0 = openat$auto_ecryptfs_dir_fops_ecryptfs_kernel(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/bluetooth/hci1/hci1:201\x00', 0x209400, 0x0) mmap$auto(0x0, 0x4020009, 0xfffffffffffffffc, 0x90, r0, 0x8000) close_range$auto(0x2, 0x8, 0x0) clone$auto(0x3fff, 0xad3, 0x0, 0x0, 0x8000002) r1 = socket(0x11, 0x3, 0x2) mmap$auto(0x0, 0x20009, 0x7fffffff, 0xeb1, 0x401, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/lapb4/carrier\x00', 0x0, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) statmount$auto(0x0, 0x0, 0xe, 0xfffffff8) r2 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r2, 0xc004743e, 0x0) setresuid$auto(0xffffffffffffffff, 0x8, 0x8000) ioctl$sock_SIOCGIFINDEX(r1, 0x8955, 0x0) 5.2688968s ago: executing program 4 (id=345): unshare$auto(0x40000080) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, 0x0, 0x92000, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000d40), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_LISTENER_GET(r0, 0x0, 0x24000005) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) shmctl$auto(0x691, 0x3, 0x0) setsockopt$auto(0x3, 0x0, 0x32, 0x0, 0x4) 4.7944513s ago: executing program 3 (id=347): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x59, 0x0) r0 = io_uring_setup$auto(0x6, 0x0) statx$auto(0x2, 0x0, 0x1000, 0x8, 0x0) (async) statx$auto(0x2, 0x0, 0x1000, 0x8, 0x0) timerfd_settime$auto(0xffffffffffffffff, 0x3, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) (async) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) (async) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) (async) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_GET_MSRS(r1, 0xc008ae88, &(0x7f00000000c0)={0x2, 0x0, [{0xce, 0x3, 0x6}]}) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/gretap0/statistics/tx_packets\x00', 0x182b02, 0x0) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/gretap0/statistics/tx_packets\x00', 0x182b02, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r3 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) sendmsg$auto_NL802154_CMD_GET_SEC_DEV(0xffffffffffffffff, 0x0, 0x0) read$auto(r3, 0x0, 0x1f40) r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) setsockopt$auto(r0, 0x9, 0xff, &(0x7f00000002c0)='SEG6\x00', 0xeec) writev$auto(r4, &(0x7f0000000200)={0x0, 0x7}, 0x3) bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x9, 0x21eb, 0x7ff, 0x6, 0xa, 0x1000009, 0x5f, 0x0, 0x3}, 0x6f3) (async) bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x9, 0x21eb, 0x7ff, 0x6, 0xa, 0x1000009, 0x5f, 0x0, 0x3}, 0x6f3) getsockopt$auto_SO_PASSCRED(r5, 0x1, 0x10, 0x0, 0x0) (async) getsockopt$auto_SO_PASSCRED(r5, 0x1, 0x10, 0x0, 0x0) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000280), 0x440, 0x0) gettid() (async) r6 = gettid() openat$auto_uhid_fops_uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) kill$auto(r6, 0x11) (async) kill$auto(r6, 0x11) 4.539158053s ago: executing program 2 (id=348): socket(0x2, 0x1, 0x106) (async) r0 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000040), 0x2081, 0x0) ioctl$auto_USB_RAW_IOCTL_EP0_STALL(r0, 0x550c, 0x5f) shutdown$auto(0x200000003, 0x2) poll$auto(&(0x7f0000000d40)={0x3, 0x1, 0xa}, 0x5, 0x400) 4.413802028s ago: executing program 2 (id=349): prctl$auto(0x23, 0x7, 0x2008, 0x0, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) rt_sigaction$auto(0x1, &(0x7f00000001c0)={&(0x7f0000000080)=0x0, 0x7fffffffffffffff, 0x0, {0x5}}, 0x0, 0x8) rt_sigaction$auto(0x5, &(0x7f0000000140)={&(0x7f0000000040)=0x0, 0x9, 0x0, {0x81}}, 0x0, 0x8) r0 = gettid() sched_setaffinity$auto(0x0, 0x9899, &(0x7f00000000c0)=0xf19d) rt_sigqueueinfo$auto(r0, 0x1, 0x0) socket(0xa, 0x1, 0x100) r1 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000080), 0x101100, 0x0) ioctl$auto_SW_SYNC_GET_DEADLINE(r1, 0xc0105702, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r2 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000001980)={0x54, r2, 0x1b, 0x70bd26, 0x25dfdbfd, {}, [@OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_PACKET={0x12}, @OVS_PACKET_ATTR_KEY={0x4}, @OVS_PACKET_ATTR_ACTIONS={0x24, 0x3, 0x0, 0x1, [@nested={0x8, 0x14, 0x0, 0x1, [@generic="4818f1fa"]}, @typed={0x16, 0xa0, 0x0, 0x0, @str='/dev/snd/midiC2D0\x00'}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x44000884}, 0xc880) rt_sigaction$auto(0x1, &(0x7f00000001c0)={&(0x7f0000000080)=0x0, 0x7fffffffffffffff, 0x0, {0x5}}, 0x0, 0x8) rt_sigaction$auto(0x4, 0x0, 0x0, 0x8) rt_sigqueueinfo$auto(0x0, 0x1, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) r4 = socket(0x26, 0xa, 0x7) r5 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r5, &(0x7f0000003280)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) syz_genetlink_get_family_id$auto_psample(&(0x7f00000001c0), r4) r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000000c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r6, @ANYBLOB="01002dbd7000fcdbdf257e00000040eb602d220d2bfac9b4"], 0x14}, 0x1, 0x68, 0x0, 0x4000000}, 0x0) 4.132562613s ago: executing program 4 (id=350): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x20) writev$auto(r0, &(0x7f00000001c0)={0x0, 0x45}, 0x1) io_uring_setup$auto(0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_smbd_genl(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_KSMBD_EVENT_LOGIN_RESPONSE_EXT(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r3, 0x201, 0x70bd2d, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x4000810) mmap$auto(0x0, 0x100, 0x4000000000df, 0x80000000eb1, 0x401, 0x8000) 3.583940744s ago: executing program 4 (id=352): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000040)={0x9, 0x10000, 0xffffffffffffd2e4, 0x8, 0x6, 0x6da, 0x1, 0x1, 0x6, 0x8, 0x4, 0x2, 0x80, 0x3, 0x200000000008, 0xdd2, 0x5, 0xe91, 0x6, 0x81, 0x0, 0x401}, 0x7fff, 0x80000001) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00022abd7000fbdbdf25020000000800021d00020000080003"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' \x00\''], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002f00), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_SET(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x1c, r2, 0x1, 0x70bd2b, 0x25dfdbff, {}, [@NFSD_A_SERVER_THREADS={0x8, 0x1, 0x1ff}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4002000}, 0x40010) fanotify_init$auto(0x6, 0x7a4a) 3.017781441s ago: executing program 2 (id=353): r0 = socket(0x2, 0x1, 0x0) listen$auto(0x3, 0x81) sendfile$auto(r0, r0, 0x0, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/pci0000:00/waiting_for_supplier\x00', 0x80800, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0) read$auto(r2, 0x0, 0x20) close_range$auto(0x2, 0x8, 0x0) socket(0x1e, 0x805, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC0\x00', 0x44c42, 0x0) ioctl$auto(0x3, 0x40045532, r1) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/pcmC1D0c\x00', 0x80800, 0x0) madvise$auto(0x3, 0xfffffffffffffc00, 0xe) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) socket(0x2, 0x801, 0x106) socket(0x2b, 0x1, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "0000ffffff3b4000"}, 0x55) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x23}}, 0x54) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x802, 0x0) mmap$auto(0xf, 0x9, 0xe3, 0x100000ebe, 0x40000000000a1, 0x7) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8400) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000340)='/dev/v4l-subdev2\x00', 0x80000, 0x0) ioctl$auto(0x3, 0xc038563c, 0x38) socket(0xa, 0x1, 0x100) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) 2.809589196s ago: executing program 1 (id=354): r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = socket(0xa, 0x801, 0x84) r2 = getsockopt$auto(r1, 0x84, 0x82, 0x0, &(0x7f0000000300)=0x1000c) fcntl$auto(r2, 0xf, 0x0) (async) ioctl$auto_TIOCCONS(r2, 0x541d, &(0x7f0000000080)="e8fe3036a6111f0faaf2dc5f789ab7c63cb8e9508553550d9d375d2ac4a9fcb0898541476216dd8639ec2566c9ddbf3e4dceb29f4c28828b996e5a5191b8780f114c0a650e2de827b43df1f150e4174d2565ff85fbe0249a026140d7ace5a56d590713a59318dcc8c22e5faeb9b1b665943a8a877e3014093c8c6684938d73762400620036c0bf4ca00ac394e95663ca7e962938c9da47af1be996e6487b16177c0909cf9df49be8356620851e5f888569ee5e69e642c76b64d089e9a6527b51f0ad07bf81a683333224f72af58f54cbbdff40245ad05a40ead46f694956ca06c770d50c76") (async) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_batadv(&(0x7f00000001c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'caif0\x00', 0x0}) sendmsg$auto_BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)={0x24, r4, 0xb11, 0x70bd27, 0x25dfdbfb, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r5}, @BATADV_ATTR_HARD_IFINDEX={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x4001}, 0x8000) 2.555488742s ago: executing program 1 (id=355): r0 = openat$auto_ecryptfs_dir_fops_ecryptfs_kernel(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/bluetooth/hci1/hci1:201\x00', 0x209400, 0x0) mmap$auto(0x0, 0x4020009, 0xfffffffffffffffc, 0x90, r0, 0x8000) close_range$auto(0x2, 0x8, 0x0) clone$auto(0x3fff, 0xad3, 0x0, 0x0, 0x8000002) r1 = socket(0x11, 0x3, 0x2) mmap$auto(0x0, 0x20009, 0x7fffffff, 0xeb1, 0x401, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/lapb4/carrier\x00', 0x0, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) statmount$auto(0x0, 0x0, 0xe, 0xfffffff8) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) setresuid$auto(0xffffffffffffffff, 0x8, 0x8000) ioctl$sock_SIOCGIFINDEX(r1, 0x8955, 0x0) 2.374775657s ago: executing program 4 (id=356): close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) io_uring_register$auto_IORING_REGISTER_FILES2(r0, 0xd, &(0x7f0000000040)="2ecbe85f509c63cc395cc13804a89e7bf05345aa34a3010996e701fa224e20443c00c25e57e6fc6a512ba85a55a44a8f5be7b70dc8dd1b0f699f43060ea576449ecbffb46409151c2bbd28676975bf37407bf1731d9a5e9f0bb1d89665dfccc3e24975596a3524786b29b047d98747462ece4dd477fe8c7fb0fac839ccea4e3a7c90", 0xa) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)={0x30, r2, 0x1, 0x70bd2c, 0x25dfdbfb, {}, [@OVS_FLOW_ATTR_PROBE={0x4}, @OVS_FLOW_ATTR_KEY={0x18, 0x1, 0x0, 0x1, [@typed={0x14, 0x19, 0x0, 0x0, @ipv6=@dev={0xfe, 0x80, '\x00', 0xf}}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x40010}, 0x800) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r4) ioctl$auto_KVM_GET_MSRS(r1, 0xaea2, 0x0) 2.218892423s ago: executing program 1 (id=357): socket(0x28, 0x1, 0x0) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x1, 0x0) (async) get_mempolicy$auto(0x0, 0x0, 0xfffffffffffffffc, 0x200, 0x1) setsockopt$auto(0x3, 0x8c, 0x3c, 0x0, 0x9) 2.204481786s ago: executing program 2 (id=358): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f0000000140), 0x480, 0x0) msgctl$auto_IPC_SET(0x8d0b, 0x1, &(0x7f0000000300)={{0x0, 0x0, 0xee01, 0xd11, 0xfffffff9, 0x1, 0x7}, &(0x7f0000000180)=0x1, &(0x7f00000001c0)=0xb7, 0xfffffffffffffffa, 0x58, 0x1, 0x8, 0x9, 0x4f, 0x2000, 0x7f, @inferred, @raw=0x1e80}) close_range$auto(r0, 0x8, 0xe9d) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/platform/vhci_hcd.5/usb19/19-0:1.0/usb19-port7/location\x00', 0x0, 0x0) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cuse\x00', 0x20a301, 0x0) socket(0xf, 0x2, 0xffffff8a) r1 = ioctl$auto_NS_GET_MNTNS_ID(0xffffffffffffffff, 0x8008b705, 0x0) ioctl$auto_posix_clock_file_operations_posix_clock(r1, 0xfffffffffffff3f0, &(0x7f00000003c0)="b5e8ae3241f47aa8e8e3b4f8675786ccca5547373c1711f0956b0f7222958097946f7452dd539d864223b1b3167221c7a7ff5db865abbe8367db846c84aa518e") openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x10400, 0x0) epoll_ctl$auto_EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f00000004c0)={0x7, 0x6}) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) fadvise64$auto(r2, 0x7fff, 0x6, 0x1) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) r3 = fanotify_init$auto(0x1, 0x2) fanotify_mark$auto(r3, 0x205, 0x100002, 0x4, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/cifs/LookupCacheEnabled\x00', 0x48041, 0x0) setrlimit$auto(0x7, &(0x7f0000001380)={0x5, 0x6}) socket(0x22, 0x1, 0x0) socketpair$auto(0x3, 0x5, 0x7, 0x0) socket(0xa, 0x3, 0x3a) setsockopt$auto(0x400000000000003, 0x8029, 0xca, 0x0, 0x567) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0) openat$auto_iommufd_fops_main(0xffffffffffffff9c, &(0x7f0000000000), 0x80001, 0x0) ioctl$auto_KVM_CREATE_VM(r4, 0x8138ae83, 0x0) 1.89441951s ago: executing program 1 (id=359): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) setrlimit$auto(0x9, 0x0) r1 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/036/001\x00', 0x28080, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) getsockopt$auto_SO_TIMESTAMPNS_OLD(r1, 0x3, 0x23, &(0x7f0000000040)='\x00', &(0x7f0000000080)=0x10001) ioctl$auto(0x3, 0xae41, 0x38) 1.890984841s ago: executing program 4 (id=360): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x40, r1, 0x1b, 0x70bd26, 0x25dfdbfe, {}, [@OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_ACTIONS={0x10, 0x3, 0x0, 0x1, [@nested={0xc, 0x15, 0x0, 0x1, [@typed={0x8, 0x1, 0x0, 0x0, @fd=r0}]}]}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "898771f1c19f1779048590822ad9"}, @OVS_PACKET_ATTR_KEY={0x4}]}, 0x40}, 0x1, 0x0, 0x0, 0x4004040}, 0x4800) unshare$auto(0x40000080) r2 = socket(0x2, 0x1, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="000426ff7000eedbdf250100000008000100", @ANYRES32=0x0, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x8080}, 0x4004845) getsockopt$auto(r2, 0x6, 0x23, 0x0, &(0x7f0000000100)=0x14) r3 = syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000100), 0xffffffffffffffff) shmctl$auto(0x1, 0x3, &(0x7f00000002c0)={{0x6, 0x0, 0x0, 0xfffffd1f, 0x500000, 0x3d41, 0x96}, 0x6656faba, 0x304d281f, 0xd67, 0x2bc7, @raw=0x6, @inferred=0x0, 0xc, 0x0, &(0x7f0000000140)="81e46ec0e02f64440b8d640b220c7343", &(0x7f00000001c0)="587cd532541d7d183e5d4c5023f044a61cfae369fb0a42a208bbcc8b8d662faa04dcaee2c66a2b9c8c630cf3765c403bc42462d156978adea081f86629cf2e3c72cdf57dff3cd9ccb8b0c211d9f95111754dd5d2db490efc668744b02163fab4d94dc165e0acaeb3f6c02bac62bf600f2d69369ab78d58fee3fdaf79f346175d8ceebd5d5caec1ef7f97d8f189679c6b16106081e31796af884d1eddefcb9cfde8b29d4b5fc27ba7ebdc363511c4ea87c96f1ae2ce7c33510642a44b262408dcebb24309beaa502310951f10485d25bb2901"}) sendmsg$auto_OVS_CT_LIMIT_CMD_DEL(r2, &(0x7f0000001780)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000001740)={&(0x7f0000000340)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="020027bd7000ffdbdf250200000004000180100001800c00bf000e0000000000008a"], 0x28}}, 0x20008000) fcntl$auto_F_DUPFD_QUERY(0xffffffffffffffff, 0x403, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) syz_open_procfs$namespace(r4, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) close_range$auto(0x2, 0xffffffffffffffff, 0x0) sendmsg$auto_NL80211_CMD_GET_MPP(0xffffffffffffffff, 0x0, 0x80) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) socket(0xa, 0x5, 0x84) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/sctp/assocs\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r5 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000000), 0xc0040, 0x0) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r5, 0xc0285700, &(0x7f00000000c0)={0x1, "e6c26c22ab89af11056b0001ac097e0a0728d9300000c500"}) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r5, 0xc0285700, &(0x7f0000000080)={0x1, "36a2662b59209f6bd4aafa4ed15fdb9c791daf044ae6ff089930def80ce28999", @raw=0x3cf51fcb}) newfstatat$auto(0xffffffffffffff9c, 0x0, &(0x7f0000000380)={0x5, 0x6, 0xa9, 0x4, 0x0, 0xee01, 0x0, 0x6, 0x3, 0x0, 0x4, 0x8, 0xbc, 0x1, 0xb456, 0x9, 0x53}, 0x1) ppoll$auto(&(0x7f0000000140)={0xffffffffffffffff, 0x3ff, 0x4}, 0x7f, 0x0, 0x0, 0x8) 1.748004042s ago: executing program 2 (id=361): mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) semtimedop$auto(0x9, 0x0, 0x0, &(0x7f0000000040)={0x4, 0x1}) r0 = io_uring_setup$auto(0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card1/pcm0c/sub7/info\x00', 0xa8400, 0x0) fcntl$auto_F_DUPFD(r0, 0x0, r1) close_range$auto(0x2, 0x8, 0x0) socket(0x2b, 0x1, 0x0) mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) open(&(0x7f00000001c0)='./file0\x00', 0x121142, 0x13d) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) read$auto(0x3, 0x0, 0x7fffffff) write$auto(0x3, 0x0, 0xfffffdef) socket(0xa, 0x1, 0x0) listen$auto(0x3, 0x81) accept$auto(0x3, 0x0, 0x0) 1.545579199s ago: executing program 1 (id=362): sysfs$auto(0x2, 0x4d, 0x0) sysfs$auto(0x7, 0x8, 0xfffe) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/039/001\x00', 0x201, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) r0 = socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) r1 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) read$auto(r1, 0x0, 0x1f40) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) clock_gettime$auto(0x2, &(0x7f0000000000)={0x7, 0x7}) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) io_uring_register$auto(0xffffffffffffffff, 0xffff5594, 0x0, 0x1) prctl$auto(0x1000000001c, 0x6, 0x0, 0x40000000000c, 0x3fffffffff) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) poll$auto(&(0x7f0000000180)={r0, 0xfff7, 0x9816}, 0x7f, 0x9) ioctl$auto_VHOST_SET_OWNER(r3, 0xaf01, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ram3\x00', 0x8001, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x38, 0x6, 0x8000) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_BATADV_CMD_GET_BLA_CLAIM(r4, &(0x7f0000002040)={0x0, 0x0, &(0x7f0000002000)={&(0x7f0000000340)=ANY=[@ANYBLOB="6714bf7f", @ANYBLOB="7d3f2dbd7000fddbdf250b0000009a186fa3009c378575480d377bec17864aaab310d1f023c2a5cb12fdffb0bd4163942b191301bf33e2937efbe29aa7361d3097d3896ad0467eb3002aeda72c84aae892abafeee433c70514752c7ca49580b5075e72ada90a09f94f42dd8d6a8cb4cf2524e80d75c0a00a60c9e8b4f645ea8f87531f22811b6d7e41ef3c3432b3891fce3f71c25ad7bb1e6cc04afe5d75f8789199b6"], 0x14}, 0x1, 0x0, 0x0, 0x48018}, 0x400c880) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0xffffffffffffffc3, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x8805}, 0x2400c804) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) sysfs$auto(0x2, 0x23, 0x0) 1.205724177s ago: executing program 3 (id=363): swapon$auto(&(0x7f0000000040)='\x00', 0x8) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0xa, 0x1, 0x100) r2 = eventfd2$auto(0x56f3, 0x0) r3 = socket(0x1e, 0x1, 0x0) bpf$auto_BPF_MAP_GET_NEXT_ID(0xc, &(0x7f0000000280)=@link_update={r3, @new_map_fd=r0, 0x3, @old_prog_fd=r1}, 0x1) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) pipe2$auto(&(0x7f0000000040)=r2, 0x9) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000200)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x3, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7440, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r4, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f0000000180)={[0x100000001f9, 0x8, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x7, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x10008000009, 0x2, 0x6]}, 0x0) r5 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000032c0), 0x1000, 0x0) r6 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2, 0x0) write$auto_seq_oss_f_ops_seq_oss(r6, &(0x7f0000000040)="f6e6812018deadf7e88f819e30236ce79200d01532f2ed0d", 0x18) preadv$auto(r5, &(0x7f0000003340)={&(0x7f0000003300), 0x40}, 0x2, 0x2, 0x100000001) ioperm$auto(0x7, 0x6, 0x1) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x500, 0x0) unshare$auto(0x40000080) openat$dir(0xffffffffffffff9c, &(0x7f00000004c0)='v#\xd5\xaf>=\x14\xe6%\xf7\x8a\x8d\x9a\xae\x1a\xd6\xa8\xb8\x1d\xf5(\xb0\x1f\xbd\xcbV\n\"\xe3V\xfeP\xceN\xb2\xc32\xaf\xcc\x80\xfa\xf0\xd4\xd9|\xfe\x03y\xd16\x17\x99R\xca\xe5\xf4\xb4T\xfcv\xfc\xe6\x9cv\a\x00\xc2a\x16\xd1\x8a\x80\x90\x87\xa5s\x10\xed\x93\xd4\x15=\xc0\x1f\x0e\xb0\x18v}\x03!\xf0I\xe3}\x90\x9b\x92[\xfe2<7\xd3\x81\x9a~\xcd\r\x19\x9e\x10(5\xfd\x8b\x82\xd4\xc85\xc3\x93t\t\xd0\x9d\xca^n\xf3\xcb>\x1bO\xcej\xe0\xef\xf2\xd7\xc2}\x18\xd9`AO\x95<\x9aH\vu\xae\xd4\xea\x12\xb8\xd1\n\x01\x83r\x85\xbf*\x18\xa7 S:R\x14\x89Z3\x94\x8bP)\x00', 0x40140, 0x12d) rename$auto(&(0x7f00000003c0)='v#\xd5\xaf>=\x14\xe6%\xf7\x8a\x8d\x9a\xae\x1a\xd6\xa8\xb8\x1d\xf5(\xb0\x1f\xbd\xcbV\n\"\xe3V\xfeP\xceN\xb2\xc32\xaf\xcc\x80\xfa\xf0\xd4\xd9|\xfe\x03y\xd16\x17\x99R\xca\xe5\xf4\xb4T\xfcv\xfc\xe6\x9cv\a\x00\xc2a\x16\xd1\x8a\x80\x90\x87\xa5s\x10\xed\x93\xd4\x15=\xc0\x1f\x0e\xb0\x18v}\x03!\xf0I\xe3}\x90\x9b\x92[\xfe2<7\xd3\x81\x9a~\xcd\r\x19\x9e\x10(5\xfd\x8b\x82\xd4\xc85\xc3\x93t\t\xd0\x9d\xca^n\xf3\xcb>\x1bO\xcej\xe0\xef\xf2\xd7\xc2}\x18\xd9`AO\x95<\x9aH\vu\xae\xd4\xea\x12\xb8\xd1\n\x01\x83r\x85\xbf*\x18\xa7 S:R\x14\x89Z3\x94\x8bP)', &(0x7f0000000000)=':-.\x00') close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/flags\x00', 0x101142, 0x0) mmap$auto(0x10, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) execve$auto(0x0, 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/clocksource/clocksource0/current_clocksource\x00', 0x8502, 0x0) open(0x0, 0xd02, 0xc3) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) 530.056407ms ago: executing program 1 (id=364): openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000340)='/sys/kernel/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x96141, 0x0) r0 = socket(0x1b, 0x3, 0x76) madvise$auto(0x0, 0x2000040080000004, 0xe) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) getsockopt$auto_SO_RCVPRIORITY(r0, 0x2, 0x52, 0x0, &(0x7f0000000240)=0x7) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x500000a3d9) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) openat$auto_state_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x121040, 0x0) lseek$auto(0x3, 0x7fffffffffffffff, 0x0) mmap$auto(0x0, 0x0, 0xdf, 0x9b72, 0x2, 0x0) bind$auto(0x3, 0x0, 0x6a) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x6e00, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) mseal$auto(0x0, 0x7dda, 0x0) ioctl$auto(0x4000000000000c8, 0x400454d9, 0x3) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) getsockopt$auto(0xffffffffffffffff, 0xff, 0x90, 0x0, &(0x7f0000000140)=0x3) pwrite64$auto(0xc8, &(0x7f0000000080)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdde\x1cJ\x99\x00\x00/\x00\x00\x00\xfd\xfdX\xd3\x1d\xf8\xbebZ\xddL\x01\x00\x00\x00^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x88\v\xae\xa9i8W\xe5\x00W\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00'/232, 0xfded, 0x3) r2 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0) ioctl$auto_FBIOPUT_VSCREENINFO(r2, 0x4601, &(0x7f0000000080)) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) 78.488147ms ago: executing program 4 (id=365): openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000040), 0x7f52c1, 0x0) (async) r0 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000080), 0xffffffffffffffff) (async) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/afs/addr_prefs\x00', 0x102, 0x0) writev$auto(r1, &(0x7f0000000080)={&(0x7f0000000040), 0x6}, 0x3) r2 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) mmap$auto(0xfffffffffffffffb, 0x3, 0x8000000000000001, 0x17, r2, 0x1) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r3, 0x4b47, 0x1) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/usbmon6\x00', 0x2, 0x0) (async, rerun: 64) close_range$auto(0x2, 0x8, 0x0) (async, rerun: 64) select$auto(0x1, &(0x7f0000001340)={[0x1, 0x2, 0xfffffffffffffffa, 0x55ec, 0x4d, 0xcefc, 0xfffffffffffffffc, 0x5, 0x8, 0x7, 0x2, 0x9, 0x1, 0x401, 0x3ff, 0x1]}, &(0x7f00000013c0)={[0x5, 0x1, 0x7, 0x8, 0x1, 0x3, 0x10001, 0x6, 0x9, 0x8, 0x9, 0x5, 0x800, 0x2, 0x4, 0x6]}, &(0x7f0000001440)={[0x8, 0x40, 0x8, 0x0, 0xed1f, 0x5, 0xffffffff, 0x5, 0x7, 0x6, 0x0, 0x78, 0x2, 0x9, 0x100000001, 0xe]}, &(0x7f0000000200)={0xfb5, 0x100000000}) (async) r4 = io_uring_setup$auto(0x6, 0x0) (async, rerun: 32) r5 = socket(0x2, 0x5, 0x0) (rerun: 32) connect$auto(0x3, &(0x7f0000000000)=@in={0x2, 0x0, @rand_addr=0xfffffffe}, 0x55) (async) sendto$auto(0x3, 0x0, 0x2000f, 0x13f, &(0x7f0000000000)=@in={0x2, 0x4e26, @rand_addr=0x64010101}, 0x1) (async) r6 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32) r7 = syz_genetlink_get_family_id$auto_wireguard(&(0x7f0000000700), 0xffffffffffffffff) (rerun: 32) sendmsg$auto_WG_CMD_SET_DEVICE(r6, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000c80)={&(0x7f00000014c0)=ANY=[@ANYBLOB="00000000fc6890693afcc59dd67e0af750beb5306a212937ceee47618c35946cf12c62c6dcfe48ca215eed322eefc7deff69ffc87d82d98fdda1a3e674714050ab74fd43ad4be981a810f59f32253f45a6113bfc3d016500619346b6a1c65ea60dbea40601004fc867df2eaebf9025c5f52128b570b03ce5096f93f31d6698ff0a563cd4dee9d381f2092acfc93281b41088a9a23df37d2c6dbc4829d3238da4f487e61e1f1edb254082f663715a37a0862341f2cf6839885d813ebd6c4f551428cc0764ca1f9de3a6945c7366d61620a3645c66949c9bb9cd3973d5980d4dbf6b89104983ca8298945606901965e144017d2f9f9054788b10442b69498c105ae0adb13581b808d674f39c6c76bedba94125891f", @ANYRES16=r7, @ANYBLOB="010028bd7000ffdbdf2501000000240003007729ecac5e9239d0c4058eac0405576c2cd59ffc84b3098afa677190f34d1790"], 0x38}, 0x1, 0x0, 0x0, 0x80}, 0x10) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000000c0)={'veth1_macvtap\x00'}) (async, rerun: 32) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'vlan0\x00'}) (async, rerun: 32) sendmsg$auto_ETHTOOL_MSG_PAUSE_SET(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r0, @ANYBLOB="00042abd700000dbdf2516000000050003000a000000"], 0x1c}, 0x1, 0x0, 0x0, 0x240040c4}, 0xc1) (async) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000240)='/dev/loop4\x00', 0xc040, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) (async) read$auto_proc_page_owner_threshold_(0xffffffffffffffff, &(0x7f0000000280)=""/4096, 0x1000) sendmsg$auto_NFSD_CMD_THREADS_SET(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x1c, 0x0, 0x1, 0x70bd2b, 0x25dfdbff, {}, [@NFSD_A_SERVER_THREADS={0x8, 0x1, 0x1ff}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4002000}, 0x40010) (async) r9 = openat$auto_deferred_devs_fops_(0xffffffffffffff9c, &(0x7f0000000180), 0x602680, 0x0) sendmsg$auto_GTP_CMD_DELPDP(r4, &(0x7f0000001300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000012c0)={&(0x7f0000001280)={0x3c, 0x0, 0x0, 0x70bd26, 0x25dfdbfb, {}, [@GTPA_O_TEI={0x8, 0x9, 0x1}, @GTPA_PEER_ADDRESS={0x8, 0x4, @rand_addr=0x64010102}, @GTPA_PEER_ADDRESS={0x8, 0x4, @rand_addr=0x64010101}, @GTPA_VERSION={0x8, 0x2, 0x3ff}, @GTPA_FLOW={0x6, 0x6, 0x78}]}, 0x3c}, 0x1, 0x0, 0x0, 0x24000029}, 0x4) (async, rerun: 32) ioctl$auto(0x3, 0x8, r9) (async, rerun: 32) mmap$auto(0x80, 0x9, 0x200000000009cad, 0x5b, 0x3, 0x7ffe) 0s ago: executing program 2 (id=366): r0 = openat$auto_ecryptfs_dir_fops_ecryptfs_kernel(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/bluetooth/hci1/hci1:201\x00', 0x209400, 0x0) mmap$auto(0x0, 0x4020009, 0xfffffffffffffffc, 0x90, r0, 0x8000) close_range$auto(0x2, 0x8, 0x0) clone$auto(0x3fff, 0xad3, 0x0, 0x0, 0x8000002) r1 = socket(0x11, 0x3, 0x2) mmap$auto(0x0, 0x20009, 0x7fffffff, 0xeb1, 0x401, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/lapb4/carrier\x00', 0x0, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) statmount$auto(0x0, 0x0, 0xe, 0xfffffff8) setresuid$auto(0xffffffffffffffff, 0x8, 0x8000) ioctl$sock_SIOCGIFINDEX(r1, 0x8955, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.32' (ED25519) to the list of known hosts. [ 86.699300][ T5832] cgroup: Unknown subsys name 'net' [ 86.845640][ T5832] cgroup: Unknown subsys name 'cpuset' [ 86.855499][ T5832] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 88.786435][ T5832] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 91.053174][ T5856] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 91.062618][ T5856] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 91.070450][ T5856] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 91.079282][ T5856] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 91.087338][ T5856] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 91.095708][ T5856] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 91.099390][ T5857] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 91.103052][ T5856] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 91.120451][ T5856] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 91.127946][ T5856] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 91.137378][ T5856] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 91.144711][ T5857] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 91.153523][ T5861] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 91.161523][ T5857] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 91.171383][ T5860] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 91.177338][ T5857] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 91.186118][ T5859] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 91.196418][ T5859] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 91.205521][ T5857] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 91.224362][ T5859] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 91.772711][ T5843] chnl_net:caif_netlink_parms(): no params data found [ 91.879277][ T5844] chnl_net:caif_netlink_parms(): no params data found [ 91.967481][ T5842] chnl_net:caif_netlink_parms(): no params data found [ 92.027272][ T5841] chnl_net:caif_netlink_parms(): no params data found [ 92.051071][ T5843] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.059147][ T5843] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.067106][ T5843] bridge_slave_0: entered allmulticast mode [ 92.075128][ T5843] bridge_slave_0: entered promiscuous mode [ 92.117835][ T5843] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.125332][ T5843] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.132635][ T5843] bridge_slave_1: entered allmulticast mode [ 92.139750][ T5843] bridge_slave_1: entered promiscuous mode [ 92.276488][ T5844] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.284560][ T5844] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.292111][ T5844] bridge_slave_0: entered allmulticast mode [ 92.299318][ T5844] bridge_slave_0: entered promiscuous mode [ 92.310246][ T5843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.324016][ T5843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.375554][ T5844] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.386179][ T5844] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.395883][ T5844] bridge_slave_1: entered allmulticast mode [ 92.406941][ T5844] bridge_slave_1: entered promiscuous mode [ 92.494751][ T5842] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.503983][ T5842] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.513302][ T5842] bridge_slave_0: entered allmulticast mode [ 92.524336][ T5842] bridge_slave_0: entered promiscuous mode [ 92.564868][ T5843] team0: Port device team_slave_0 added [ 92.588330][ T5842] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.598609][ T5842] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.607985][ T5842] bridge_slave_1: entered allmulticast mode [ 92.616451][ T5842] bridge_slave_1: entered promiscuous mode [ 92.647355][ T5843] team0: Port device team_slave_1 added [ 92.700803][ T5844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.741371][ T5841] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.748560][ T5841] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.756226][ T5841] bridge_slave_0: entered allmulticast mode [ 92.763610][ T5841] bridge_slave_0: entered promiscuous mode [ 92.791927][ T5844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.802286][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.809513][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.835777][ T5843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.848421][ T5841] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.855864][ T5841] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.863923][ T5841] bridge_slave_1: entered allmulticast mode [ 92.871056][ T5841] bridge_slave_1: entered promiscuous mode [ 92.880718][ T5842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.906984][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.914049][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.940823][ T5843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.971795][ T5842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.997426][ T5844] team0: Port device team_slave_0 added [ 93.072232][ T5844] team0: Port device team_slave_1 added [ 93.080673][ T5841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 93.110369][ T5843] hsr_slave_0: entered promiscuous mode [ 93.117045][ T5843] hsr_slave_1: entered promiscuous mode [ 93.140417][ T5841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.153209][ T5842] team0: Port device team_slave_0 added [ 93.164825][ T5842] team0: Port device team_slave_1 added [ 93.202704][ T51] Bluetooth: hci0: command tx timeout [ 93.202709][ T5859] Bluetooth: hci2: command tx timeout [ 93.231379][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.238401][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.266319][ T5844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.280162][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.287365][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.313673][ T51] Bluetooth: hci3: command tx timeout [ 93.314506][ T5859] Bluetooth: hci1: command tx timeout [ 93.319456][ T5844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.352532][ T5841] team0: Port device team_slave_0 added [ 93.373967][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.380987][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.407501][ T5842] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.449885][ T5841] team0: Port device team_slave_1 added [ 93.456719][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.464167][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.490296][ T5842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.624167][ T5844] hsr_slave_0: entered promiscuous mode [ 93.630725][ T5844] hsr_slave_1: entered promiscuous mode [ 93.637419][ T5844] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 93.645213][ T5844] Cannot create hsr debugfs directory [ 93.651655][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.658732][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.685163][ T5841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.703748][ T5842] hsr_slave_0: entered promiscuous mode [ 93.710137][ T5842] hsr_slave_1: entered promiscuous mode [ 93.716662][ T5842] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 93.724298][ T5842] Cannot create hsr debugfs directory [ 93.743377][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.750378][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.776641][ T5841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 94.010970][ T5841] hsr_slave_0: entered promiscuous mode [ 94.017436][ T5841] hsr_slave_1: entered promiscuous mode [ 94.024833][ T5841] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 94.032933][ T5841] Cannot create hsr debugfs directory [ 94.266208][ T5843] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 94.296853][ T5843] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 94.326682][ T5843] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 94.338520][ T5843] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 94.437391][ T5842] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 94.457723][ T5842] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 94.468402][ T5842] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 94.496750][ T5842] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 94.579772][ T5844] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 94.589875][ T5844] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 94.604175][ T5844] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 94.637441][ T5844] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 94.773330][ T5841] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 94.798018][ T5841] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 94.824191][ T5841] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 94.845489][ T5843] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.854635][ T5841] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 94.935889][ T5843] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.960129][ T5842] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.986806][ T56] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.994141][ T56] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.007263][ T56] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.014548][ T56] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.036695][ T5842] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.073419][ T56] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.080577][ T56] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.114786][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.122051][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.154724][ T5844] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.264331][ T5844] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.282383][ T5859] Bluetooth: hci0: command tx timeout [ 95.282392][ T51] Bluetooth: hci2: command tx timeout [ 95.361553][ T5859] Bluetooth: hci1: command tx timeout [ 95.361629][ T51] Bluetooth: hci3: command tx timeout [ 95.375874][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.383157][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.420155][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.427444][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.478440][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.619457][ T5841] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.669002][ T62] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.676281][ T62] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.740375][ T62] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.747665][ T62] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.876738][ T5843] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.948992][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.109966][ T5843] veth0_vlan: entered promiscuous mode [ 96.176248][ T5843] veth1_vlan: entered promiscuous mode [ 96.185822][ T5842] veth0_vlan: entered promiscuous mode [ 96.239812][ T5842] veth1_vlan: entered promiscuous mode [ 96.289846][ T5844] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.367633][ T5842] veth0_macvtap: entered promiscuous mode [ 96.382336][ T5842] veth1_macvtap: entered promiscuous mode [ 96.398529][ T5843] veth0_macvtap: entered promiscuous mode [ 96.419295][ T5843] veth1_macvtap: entered promiscuous mode [ 96.457989][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.490546][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.509097][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.522614][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.540735][ T5842] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.550240][ T5842] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.559151][ T5842] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.568669][ T5842] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.582412][ T5844] veth0_vlan: entered promiscuous mode [ 96.597904][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.614437][ T5844] veth1_vlan: entered promiscuous mode [ 96.634526][ T5843] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.645389][ T5843] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.654603][ T5843] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.665683][ T5843] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.835082][ T5841] veth0_vlan: entered promiscuous mode [ 96.860332][ T5844] veth0_macvtap: entered promiscuous mode [ 96.898601][ T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.914211][ T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.924086][ T5841] veth1_vlan: entered promiscuous mode [ 96.936482][ T5844] veth1_macvtap: entered promiscuous mode [ 96.983146][ T56] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.995061][ T56] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.051971][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.089366][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.097031][ T56] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.112071][ T56] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.136821][ T5841] veth0_macvtap: entered promiscuous mode [ 97.147141][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.158446][ T5844] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.177429][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.185003][ T5844] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.194443][ T5844] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.205898][ T5844] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.235299][ T5841] veth1_macvtap: entered promiscuous mode [ 97.258893][ T5842] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 97.315266][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.352684][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.362105][ T51] Bluetooth: hci0: command tx timeout [ 97.362337][ T5859] Bluetooth: hci2: command tx timeout [ 97.416503][ T5841] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.426016][ T5841] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.435983][ T5841] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.445501][ T5859] Bluetooth: hci3: command tx timeout [ 97.445637][ T51] Bluetooth: hci1: command tx timeout [ 97.452632][ T43] cfg80211: failed to load regulatory.db [ 97.463094][ T5841] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.638625][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.670061][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.744511][ T4820] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.771908][ T5937] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2'. [ 97.933651][ T5941] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input5 [ 97.959226][ T4820] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.072049][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.092074][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.135524][ T1155] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.190023][ T1155] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.221492][ T0] NOHZ tick-stop error: local softirq work is pending, handler #142!!! [ 98.432028][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.440037][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.153940][ T5951] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input6 [ 99.442475][ T51] Bluetooth: hci0: command tx timeout [ 99.443201][ T5859] Bluetooth: hci2: command tx timeout [ 99.521971][ T5859] Bluetooth: hci3: command tx timeout [ 99.523370][ T51] Bluetooth: hci1: command tx timeout [ 100.125914][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 100.680308][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 100.781828][ T0] NOHZ tick-stop error: local softirq work is pending, handler #242!!! [ 101.615395][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 101.703488][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 101.725051][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 101.733757][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 102.295788][ T5993] netlink: 20 bytes leftover after parsing attributes in process `syz.2.9'. [ 102.660395][ T6001] Zero length message leads to an empty skb [ 104.322945][ T6023] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 104.921503][ T6028] netlink: 28 bytes leftover after parsing attributes in process `syz.1.16'. [ 105.591913][ C0] vcan0: j1939_xtp_rx_dpo: no connection found [ 105.598524][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 105.605274][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 105.611910][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 105.618466][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 105.624986][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 105.631543][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 105.638125][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 105.644767][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 105.651400][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 105.658007][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 105.664566][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 106.421160][ C0] vcan0 (unregistered): j1939_tp_rxtimer: 0xffff88805904b800: rx timeout, send abort [ 106.931568][ C0] vcan0 (unregistered): j1939_tp_rxtimer: 0xffff88805904b800: abort rx timeout. Force session deactivation [ 107.489663][ T6062] syz.1.23 uses obsolete (PF_INET,SOCK_PACKET) [ 110.141109][ T6078] sctp: failed to load transform for md5: -4 [ 110.463963][ T6088] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 110.654476][ T6088] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 110.683222][ T6088] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 110.695465][ T6088] page_type: f5(slab) [ 110.699639][ T6088] raw: 00fff00000000040 ffff88801b842140 dead000000000122 0000000000000000 [ 110.808102][ T6097] mmap: syz.1.28 (6097) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 110.822541][ T6088] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 110.949950][ T6088] head: 00fff00000000040 ffff88801b842140 dead000000000122 0000000000000000 [ 110.979339][ T6088] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 111.013498][ T6088] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 111.025699][ T6088] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 111.036119][ T6088] page dumped because: unmovable page [ 111.045065][ T6088] page_owner tracks the page as allocated [ 111.052492][ T6088] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 62, tgid 62 (kworker/u8:5), ts 97502445792, free_ts 97487837636 [ 111.081531][ T6088] post_alloc_hook+0x1c0/0x230 [ 111.086960][ T6088] get_page_from_freelist+0x1321/0x3890 [ 111.096671][ T6088] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 111.103095][ T6088] alloc_pages_mpol+0x1fb/0x550 [ 111.108887][ T6088] new_slab+0x23b/0x330 [ 111.114226][ T6088] ___slab_alloc+0xd9c/0x1940 [ 111.119085][ T6088] __slab_alloc.constprop.0+0x56/0xb0 [ 111.170175][ T6088] __kmalloc_node_track_caller_noprof+0x2ee/0x510 [ 111.187092][ T6088] kmalloc_reserve+0xef/0x2c0 [ 111.192947][ T6088] __alloc_skb+0x166/0x380 [ 111.197539][ T6088] nsim_dev_trap_report_work+0x2b1/0xcf0 [ 111.206450][ T6088] process_one_work+0x9cc/0x1b70 [ 111.214585][ T6088] worker_thread+0x6c8/0xf10 [ 111.219912][ T6088] kthread+0x3c5/0x780 [ 111.230351][ T6088] ret_from_fork+0x5d4/0x6f0 [ 111.237734][ T6088] ret_from_fork_asm+0x1a/0x30 [ 111.242757][ T6088] page last free pid 5844 tgid 5844 stack trace: [ 111.249182][ T6088] __free_frozen_pages+0x7fe/0x1180 [ 111.257523][ T6088] __put_partials+0x16d/0x1c0 [ 111.262337][ T6088] qlist_free_all+0x4d/0x120 [ 111.266963][ T6088] kasan_quarantine_reduce+0x195/0x1e0 [ 111.272716][ T6088] __kasan_slab_alloc+0x69/0x90 [ 111.277840][ T6088] kmem_cache_alloc_lru_noprof+0x1d0/0x3b0 [ 111.283792][ T6088] __d_alloc+0x31/0xaa0 [ 111.288012][ T6088] d_alloc+0x4a/0x1e0 [ 111.292239][ T6088] d_alloc_parallel+0xe3/0x12e0 [ 111.297185][ T6088] __lookup_slow+0x193/0x460 [ 111.301937][ T6088] lookup_noperm+0xe1/0x110 [ 111.306531][ T6088] start_creating.part.0+0x15a/0x3e0 [ 111.313430][ T6088] debugfs_create_dir+0x6c/0x5f0 [ 111.318450][ T6088] wiphy_register+0x1dd7/0x2850 [ 111.323438][ T6088] ieee80211_register_hw+0x24ac/0x4140 [ 111.331319][ T6088] mac80211_hwsim_new_radio+0x3034/0x54d0 [ 112.069063][ T6115] netlink: 4 bytes leftover after parsing attributes in process `syz.3.32'. [ 112.112774][ T6112] netlink: 334 bytes leftover after parsing attributes in process `syz.2.31'. [ 112.171878][ T6115] netlink: 4 bytes leftover after parsing attributes in process `syz.3.32'. [ 113.083884][ T6134] Invalid ELF header magic: != ELF [ 113.286336][ T6136] netlink: 330 bytes leftover after parsing attributes in process `syz.2.36'. [ 113.373729][ T6141] FAULT_INJECTION: forcing a failure. [ 113.373729][ T6141] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 113.444381][ T6141] CPU: 1 UID: 0 PID: 6141 Comm: syz.1.38 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 113.444426][ T6141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 113.444444][ T6141] Call Trace: [ 113.444453][ T6141] [ 113.444465][ T6141] dump_stack_lvl+0x16c/0x1f0 [ 113.444514][ T6141] should_fail_ex+0x512/0x640 [ 113.444565][ T6141] should_fail_alloc_page+0xe7/0x130 [ 113.444598][ T6141] prepare_alloc_pages+0x3c2/0x610 [ 113.444634][ T6141] ? rcu_is_watching+0x12/0xc0 [ 113.444671][ T6141] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 113.444719][ T6141] ? __lock_acquire+0xb8a/0x1c90 [ 113.444777][ T6141] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 113.444823][ T6141] ? do_raw_spin_lock+0x12c/0x2b0 [ 113.444870][ T6141] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 113.444916][ T6141] ? find_held_lock+0x2b/0x80 [ 113.444960][ T6141] ? __lock_acquire+0xb8a/0x1c90 [ 113.444999][ T6141] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 113.445047][ T6141] ? policy_nodemask+0xea/0x4e0 [ 113.445079][ T6141] alloc_pages_mpol+0x1fb/0x550 [ 113.445110][ T6141] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 113.445161][ T6141] folio_alloc_mpol_noprof+0x36/0x2f0 [ 113.445198][ T6141] shmem_alloc_folio+0x135/0x160 [ 113.445237][ T6141] shmem_alloc_and_add_folio+0x499/0xc20 [ 113.445287][ T6141] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 113.445333][ T6141] ? shmem_allowable_huge_orders+0xcb/0x2f0 [ 113.445383][ T6141] shmem_get_folio_gfp+0x67f/0x1600 [ 113.445436][ T6141] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 113.445483][ T6141] ? __lock_acquire+0x622/0x1c90 [ 113.445528][ T6141] shmem_fault+0x1fe/0xa30 [ 113.445574][ T6141] ? __pfx_shmem_fault+0x10/0x10 [ 113.445626][ T6141] ? __lock_acquire+0xb8a/0x1c90 [ 113.445677][ T6141] __do_fault+0x10d/0x490 [ 113.445722][ T6141] ? __pfx_filemap_map_pages+0x10/0x10 [ 113.445768][ T6141] __handle_mm_fault+0x374c/0x5490 [ 113.445821][ T6141] ? __pfx___handle_mm_fault+0x10/0x10 [ 113.445862][ T6141] ? __pte_offset_map_lock+0x174/0x310 [ 113.445891][ T6141] ? find_held_lock+0x2b/0x80 [ 113.445918][ T6141] ? find_held_lock+0x2b/0x80 [ 113.445958][ T6141] ? follow_page_pte+0x3af/0x14c0 [ 113.446002][ T6141] handle_mm_fault+0x589/0xd10 [ 113.446051][ T6141] __get_user_pages+0x589/0x3b80 [ 113.446103][ T6141] ? __pfx___get_user_pages+0x10/0x10 [ 113.446150][ T6141] ? __pfx_down_read_killable+0x10/0x10 [ 113.446181][ T6141] ? __lock_acquire+0xb8a/0x1c90 [ 113.446229][ T6141] faultin_page_range+0x249/0x980 [ 113.446275][ T6141] madvise_do_behavior+0x268/0x3f0 [ 113.446314][ T6141] ? __pfx_madvise_do_behavior+0x10/0x10 [ 113.446374][ T6141] do_madvise+0x161/0x230 [ 113.446408][ T6141] ? __pfx_do_madvise+0x10/0x10 [ 113.446463][ T6141] ? xfd_validate_state+0x61/0x180 [ 113.446502][ T6141] ? __pfx_do_writev+0x10/0x10 [ 113.446550][ T6141] __x64_sys_madvise+0xa9/0x110 [ 113.446581][ T6141] ? lockdep_hardirqs_on+0x7c/0x110 [ 113.446623][ T6141] do_syscall_64+0xcd/0x490 [ 113.446670][ T6141] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.446700][ T6141] RIP: 0033:0x7f83f518e929 [ 113.446725][ T6141] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 113.446753][ T6141] RSP: 002b:00007f83f5fb3038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 113.446782][ T6141] RAX: ffffffffffffffda RBX: 00007f83f53b5fa0 RCX: 00007f83f518e929 [ 113.446799][ T6141] RDX: 0000000000000017 RSI: 0000000000100000 RDI: 0000000000000000 [ 113.446817][ T6141] RBP: 00007f83f5210b39 R08: 0000000000000000 R09: 0000000000000000 [ 113.446833][ T6141] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 113.446850][ T6141] R13: 0000000000000000 R14: 00007f83f53b5fa0 R15: 00007ffe29160568 [ 113.446887][ T6141] [ 114.160365][ T6154] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 114.413397][ T6162] process 'syz.0.43' launched '/dev/fd/3' with NULL argv: empty string added [ 114.924939][ T6160] capability: warning: `syz.2.41' uses deprecated v2 capabilities in a way that may be insecure [ 115.213941][ T6175] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 115.489660][ T6176] zswap: compressor not available [ 115.490166][ T6182] netlink: 4 bytes leftover after parsing attributes in process `syz.3.44'. [ 115.545804][ T6179] Setting dangerous option i915.mitigations - tainting kernel [ 116.582689][ T6203] netlink: 'syz.3.51': attribute type 2 has an invalid length. [ 117.294831][ T6216] Invalid ELF header magic: != ELF [ 119.853977][ T6258] warning: `syz.1.63' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 119.866614][ T51] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 119.866658][ T51] Bluetooth: hci2: unexpected subevent 0x0e length: 725 > 15 [ 119.882896][ T51] Bluetooth: hci2: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f [ 120.347351][ T51] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 120.347454][ T51] Bluetooth: hci2: unexpected subevent 0x0e length: 725 > 15 [ 120.381347][ T51] Bluetooth: hci2: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f [ 124.391710][ T6312] program syz.2.72 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 124.649288][ T6316] sp0: Synchronizing with TNC [ 124.717513][ T6315] [U] [ 124.931693][ T6323] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.709585][ T6330] synth uevent: /devices/platform/vicodec.0/video4linux/video2: unknown uevent action string [ 125.731028][ T6330] video4linux video2: uevent: failed to send synthetic uevent: -22 [ 125.757018][ T6330] synth uevent: /devices/platform/vicodec.0/video4linux/video2: unknown uevent action string [ 125.767998][ T6330] video4linux video2: uevent: failed to send synthetic uevent: -22 [ 127.656740][ T6378] netlink: 'syz.3.85': attribute type 16 has an invalid length. [ 127.736287][ T6378] netlink: 330 bytes leftover after parsing attributes in process `syz.3.85'. [ 128.843357][ T30] audit: type=1804 audit(1751979515.789:2): pid=6403 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.89" name="/newroot/24/file0" dev="tmpfs" ino=139 res=1 errno=0 [ 128.958199][ T30] audit: type=1800 audit(1751979515.839:3): pid=6403 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.89" name="file0" dev="tmpfs" ino=139 res=0 errno=0 [ 129.292909][ T6408] FAULT_INJECTION: forcing a failure. [ 129.292909][ T6408] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 129.378648][ T6408] CPU: 0 UID: 0 PID: 6408 Comm: syz.0.91 Tainted: G U 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 129.378689][ T6408] Tainted: [U]=USER [ 129.378695][ T6408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 129.378705][ T6408] Call Trace: [ 129.378712][ T6408] [ 129.378719][ T6408] dump_stack_lvl+0x16c/0x1f0 [ 129.378749][ T6408] should_fail_ex+0x512/0x640 [ 129.378778][ T6408] should_fail_alloc_page+0xe7/0x130 [ 129.378798][ T6408] prepare_alloc_pages+0x3c2/0x610 [ 129.378818][ T6408] ? lockdep_hardirqs_on+0x7c/0x110 [ 129.378846][ T6408] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 129.378874][ T6408] ? trace_sched_exit_tp+0xde/0x130 [ 129.378897][ T6408] ? __schedule+0x1181/0x5de0 [ 129.378930][ T6408] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 129.378961][ T6408] ? __pfx___schedule+0x10/0x10 [ 129.378983][ T6408] ? irqentry_exit+0x3b/0x90 [ 129.379016][ T6408] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 129.379045][ T6408] ? policy_nodemask+0xea/0x4e0 [ 129.379064][ T6408] alloc_pages_mpol+0x1fb/0x550 [ 129.379082][ T6408] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 129.379098][ T6408] ? _raw_spin_unlock+0x3e/0x50 [ 129.379120][ T6408] ? swap_entry_swapped+0x122/0x190 [ 129.379149][ T6408] ? __pfx_swap_entry_swapped+0x10/0x10 [ 129.379180][ T6408] folio_alloc_mpol_noprof+0x36/0x2f0 [ 129.379202][ T6408] __read_swap_cache_async+0x3b6/0x5a0 [ 129.379232][ T6408] ? __pfx___read_swap_cache_async+0x10/0x10 [ 129.379255][ T6408] ? find_held_lock+0x2b/0x80 [ 129.379273][ T6408] ? swapcache_clear+0x10/0x30 [ 129.379290][ T6408] ? __pfx_swp_swap_info+0x10/0x10 [ 129.379306][ T6408] ? mark_held_locks+0x49/0x80 [ 129.379329][ T6408] ? _raw_spin_unlock_irq+0x23/0x50 [ 129.379355][ T6408] swap_cluster_readahead+0x3eb/0x710 [ 129.379384][ T6408] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 129.379408][ T6408] ? __pfx_workingset_update_node+0x10/0x10 [ 129.379449][ T6408] ? get_vma_policy+0x242/0x3c0 [ 129.379469][ T6408] swapin_readahead+0x13a/0xd60 [ 129.379500][ T6408] ? __pfx_swapin_readahead+0x10/0x10 [ 129.379522][ T6408] ? __filemap_get_folio+0x32b/0xc30 [ 129.379544][ T6408] ? swap_cache_get_folio+0x1df/0x450 [ 129.379569][ T6408] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 129.379591][ T6408] ? __pfx_get_swap_device+0x10/0x10 [ 129.379620][ T6408] ? do_swap_page+0x125/0x65c0 [ 129.379643][ T6408] do_swap_page+0x635/0x65c0 [ 129.379670][ T6408] ? __lock_acquire+0x622/0x1c90 [ 129.379701][ T6408] ? __pfx_do_swap_page+0x10/0x10 [ 129.379723][ T6408] ? __pfx_default_wake_function+0x10/0x10 [ 129.379744][ T6408] ? __lock_acquire+0xb8a/0x1c90 [ 129.379769][ T6408] ? rcu_is_watching+0x12/0xc0 [ 129.379788][ T6408] ? ___pte_offset_map+0x1d5/0x570 [ 129.379811][ T6408] __handle_mm_fault+0x162f/0x5490 [ 129.379841][ T6408] ? __pfx___handle_mm_fault+0x10/0x10 [ 129.379865][ T6408] ? __pte_offset_map_lock+0x174/0x310 [ 129.379883][ T6408] ? find_held_lock+0x2b/0x80 [ 129.379900][ T6408] ? find_held_lock+0x2b/0x80 [ 129.379924][ T6408] ? follow_page_pte+0x3af/0x14c0 [ 129.379949][ T6408] handle_mm_fault+0x589/0xd10 [ 129.379977][ T6408] __get_user_pages+0x589/0x3b80 [ 129.380006][ T6408] ? __pfx___get_user_pages+0x10/0x10 [ 129.380026][ T6408] ? __pfx_down_read_killable+0x10/0x10 [ 129.380050][ T6408] __gup_longterm_locked+0x5e7/0x1840 [ 129.380074][ T6408] ? find_held_lock+0x2b/0x80 [ 129.380094][ T6408] ? __pfx___gup_longterm_locked+0x10/0x10 [ 129.380117][ T6408] ? try_get_folio+0x255/0x730 [ 129.380134][ T6408] ? find_held_lock+0x2b/0x80 [ 129.380152][ T6408] ? sanity_check_pinned_pages+0x3bf/0x1200 [ 129.380176][ T6408] gup_fast_fallback+0x1ab3/0x29e0 [ 129.380212][ T6408] ? __pfx_gup_fast_fallback+0x10/0x10 [ 129.380235][ T6408] ? ___kmalloc_large_node+0x183/0x1e0 [ 129.380255][ T6408] ? lockdep_hardirqs_on+0x7c/0x110 [ 129.380283][ T6408] ? rcu_is_watching+0x12/0xc0 [ 129.380305][ T6408] pin_user_pages_fast+0xa7/0xf0 [ 129.380326][ T6408] ? __pfx_pin_user_pages_fast+0x10/0x10 [ 129.380353][ T6408] io_pin_pages+0xe1/0x1e0 [ 129.380380][ T6408] io_sqe_buffer_register+0x16f/0x2010 [ 129.380422][ T6408] ? __pfx_io_sqe_buffer_register+0x10/0x10 [ 129.380450][ T6408] ? rcu_is_watching+0x12/0xc0 [ 129.380474][ T6408] ? iovec_from_user+0xbb/0x140 [ 129.380504][ T6408] io_sqe_buffers_register+0x1ed/0x860 [ 129.380539][ T6408] ? __pfx_io_sqe_buffers_register+0x10/0x10 [ 129.380575][ T6408] ? __pfx___mutex_trylock_common+0x10/0x10 [ 129.380604][ T6408] __io_uring_register+0x21e2/0x23c0 [ 129.380630][ T6408] ? trace_contention_end+0xdd/0x130 [ 129.380661][ T6408] ? __pfx___io_uring_register+0x10/0x10 [ 129.380684][ T6408] ? __mutex_lock+0x1ca/0xb90 [ 129.380712][ T6408] ? __x64_sys_io_uring_register+0x159/0x280 [ 129.380740][ T6408] ? __pfx___mutex_lock+0x10/0x10 [ 129.380772][ T6408] ? __fget_files+0x20e/0x3c0 [ 129.380795][ T6408] ? fput+0x20/0xf0 [ 129.380817][ T6408] __x64_sys_io_uring_register+0x169/0x280 [ 129.380846][ T6408] do_syscall_64+0xcd/0x490 [ 129.380874][ T6408] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.380892][ T6408] RIP: 0033:0x7f8376d8e929 [ 129.380907][ T6408] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 129.380924][ T6408] RSP: 002b:00007f8377cb8038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ab [ 129.380941][ T6408] RAX: ffffffffffffffda RBX: 00007f8376fb5fa0 RCX: 00007f8376d8e929 [ 129.380951][ T6408] RDX: 0000200000000000 RSI: 0000000000000000 RDI: 0000000000000002 [ 129.380962][ T6408] RBP: 00007f8377cb8090 R08: 0000000000000000 R09: 0000000000000000 [ 129.380972][ T6408] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 129.380981][ T6408] R13: 0000000000000000 R14: 00007f8376fb5fa0 R15: 00007ffec4c06ba8 [ 129.381003][ T6408] [ 129.935458][ C0] vkms_vblank_simulate: vblank timer overrun [ 134.679300][ T6496] FAULT_INJECTION: forcing a failure. [ 134.679300][ T6496] name fail_futex, interval 1, probability 0, space 0, times 1 [ 134.715845][ T6496] CPU: 1 UID: 0 PID: 6496 Comm: syz.0.111 Tainted: G U 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 134.715894][ T6496] Tainted: [U]=USER [ 134.715904][ T6496] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 134.715921][ T6496] Call Trace: [ 134.715931][ T6496] [ 134.715943][ T6496] dump_stack_lvl+0x16c/0x1f0 [ 134.715992][ T6496] should_fail_ex+0x512/0x640 [ 134.716041][ T6496] get_futex_key+0x1d0/0x1540 [ 134.716079][ T6496] ? __pfx_try_to_wake_up+0x10/0x10 [ 134.716110][ T6496] ? __pfx_get_futex_key+0x10/0x10 [ 134.716140][ T6496] ? plist_check_head+0xa3/0x150 [ 134.716173][ T6496] ? find_held_lock+0x2b/0x80 [ 134.716217][ T6496] futex_wake+0xe7/0x4e0 [ 134.716261][ T6496] ? __pfx_futex_wake+0x10/0x10 [ 134.716311][ T6496] ? find_held_lock+0x2b/0x80 [ 134.716340][ T6496] ? __might_fault+0xe3/0x190 [ 134.716383][ T6496] ? __might_fault+0xe3/0x190 [ 134.716430][ T6496] do_futex+0x1e3/0x350 [ 134.716468][ T6496] ? __pfx_do_futex+0x10/0x10 [ 134.716503][ T6496] ? cap_validate_magic+0xab/0x200 [ 134.716537][ T6496] ? __do_sys_capset+0xf9/0x460 [ 134.716584][ T6496] __x64_sys_futex+0x1e0/0x4c0 [ 134.716627][ T6496] ? __pfx___x64_sys_futex+0x10/0x10 [ 134.716664][ T6496] ? xfd_validate_state+0x61/0x180 [ 134.716720][ T6496] do_syscall_64+0xcd/0x490 [ 134.716764][ T6496] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 134.716793][ T6496] RIP: 0033:0x7f8376d8e929 [ 134.716818][ T6496] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 134.716846][ T6496] RSP: 002b:00007f8377c970e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 134.716874][ T6496] RAX: ffffffffffffffda RBX: 00007f8376fb6088 RCX: 00007f8376d8e929 [ 134.716894][ T6496] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f8376fb608c [ 134.716911][ T6496] RBP: 00007f8376fb6080 R08: 00007f8377cb9000 R09: 0000000000000000 [ 134.716930][ T6496] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007f8376fb608c [ 134.716947][ T6496] R13: 0000000000000000 R14: 00007ffec4c06ac0 R15: 00007ffec4c06ba8 [ 134.716986][ T6496] [ 134.938583][ T6493] FAULT_INJECTION: forcing a failure. [ 134.938583][ T6493] name failslab, interval 1, probability 0, space 0, times 1 [ 134.951498][ T6493] CPU: 1 UID: 0 PID: 6493 Comm: syz.0.111 Tainted: G U 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 134.951545][ T6493] Tainted: [U]=USER [ 134.951563][ T6493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 134.951581][ T6493] Call Trace: [ 134.951591][ T6493] [ 134.951603][ T6493] dump_stack_lvl+0x16c/0x1f0 [ 134.951653][ T6493] should_fail_ex+0x512/0x640 [ 134.951695][ T6493] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 134.951741][ T6493] should_failslab+0xc2/0x120 [ 134.951770][ T6493] __kmalloc_cache_noprof+0x6a/0x3e0 [ 134.951814][ T6493] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 134.951854][ T6493] ? lockdep_hardirqs_on+0x7c/0x110 [ 134.951893][ T6493] ? __request_module+0x2ad/0x690 [ 134.951945][ T6493] __request_module+0x2ad/0x690 [ 134.951991][ T6493] ? __pfx___request_module+0x10/0x10 [ 134.952058][ T6493] ? find_held_lock+0x2b/0x80 [ 134.952101][ T6493] inet6_create+0xc09/0x1300 [ 134.952151][ T6493] ? inet6_create+0x7f/0x1300 [ 134.952202][ T6493] __sock_create+0x338/0x8d0 [ 134.952244][ T6493] __sys_socket+0x14d/0x260 [ 134.952278][ T6493] ? __pfx___sys_socket+0x10/0x10 [ 134.952312][ T6493] ? xfd_validate_state+0x61/0x180 [ 134.952364][ T6493] __x64_sys_socket+0x72/0xb0 [ 134.952396][ T6493] ? lockdep_hardirqs_on+0x7c/0x110 [ 134.952437][ T6493] do_syscall_64+0xcd/0x490 [ 134.952485][ T6493] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 134.952514][ T6493] RIP: 0033:0x7f8376d8e929 [ 134.952537][ T6493] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 134.952573][ T6493] RSP: 002b:00007f8377cb8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 134.952601][ T6493] RAX: ffffffffffffffda RBX: 00007f8376fb5fa0 RCX: 00007f8376d8e929 [ 134.952620][ T6493] RDX: 0000000000000084 RSI: 0000000000080000 RDI: 000000000000000a [ 134.952637][ T6493] RBP: 00007f8376e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 134.952655][ T6493] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 134.952672][ T6493] R13: 0000000000000000 R14: 00007f8376fb5fa0 R15: 00007ffec4c06ba8 [ 134.952716][ T6493] [ 135.466952][ T6499] FAULT_INJECTION: forcing a failure. [ 135.466952][ T6499] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 135.523028][ T6499] CPU: 0 UID: 0 PID: 6499 Comm: syz.2.110 Tainted: G U 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 135.523075][ T6499] Tainted: [U]=USER [ 135.523086][ T6499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 135.523102][ T6499] Call Trace: [ 135.523112][ T6499] [ 135.523123][ T6499] dump_stack_lvl+0x16c/0x1f0 [ 135.523169][ T6499] should_fail_ex+0x512/0x640 [ 135.523216][ T6499] should_fail_alloc_page+0xe7/0x130 [ 135.523246][ T6499] prepare_alloc_pages+0x3c2/0x610 [ 135.523287][ T6499] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 135.523343][ T6499] ? __lock_acquire+0x622/0x1c90 [ 135.523386][ T6499] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 135.523430][ T6499] ? xa_load+0x153/0x2c0 [ 135.523469][ T6499] ? filemap_get_entry+0x1a7/0x3b0 [ 135.523501][ T6499] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 135.523546][ T6499] ? policy_nodemask+0xea/0x4e0 [ 135.523578][ T6499] alloc_pages_mpol+0x1fb/0x550 [ 135.523608][ T6499] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 135.523645][ T6499] ? _raw_spin_unlock+0x28/0x50 [ 135.523679][ T6499] ? swap_entry_swapped+0x122/0x190 [ 135.523724][ T6499] ? __pfx_swap_entry_swapped+0x10/0x10 [ 135.523774][ T6499] folio_alloc_mpol_noprof+0x36/0x2f0 [ 135.523810][ T6499] __read_swap_cache_async+0x3b6/0x5a0 [ 135.523856][ T6499] ? __pfx___read_swap_cache_async+0x10/0x10 [ 135.523892][ T6499] ? find_held_lock+0x2b/0x80 [ 135.523921][ T6499] ? swapcache_clear+0x10/0x30 [ 135.523949][ T6499] ? __pfx_swp_swap_info+0x10/0x10 [ 135.523974][ T6499] ? mark_held_locks+0x49/0x80 [ 135.524010][ T6499] ? _raw_spin_unlock_irq+0x23/0x50 [ 135.524052][ T6499] swap_cluster_readahead+0x3eb/0x710 [ 135.524101][ T6499] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 135.524138][ T6499] ? __pfx_workingset_update_node+0x10/0x10 [ 135.524208][ T6499] ? get_vma_policy+0x242/0x3c0 [ 135.524241][ T6499] swapin_readahead+0x13a/0xd60 [ 135.524287][ T6499] ? __pfx_swapin_readahead+0x10/0x10 [ 135.524320][ T6499] ? __filemap_get_folio+0x32b/0xc30 [ 135.524355][ T6499] ? swap_cache_get_folio+0x1df/0x450 [ 135.524395][ T6499] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 135.524429][ T6499] ? __pfx_get_swap_device+0x10/0x10 [ 135.524479][ T6499] ? do_swap_page+0x125/0x65c0 [ 135.524517][ T6499] do_swap_page+0x635/0x65c0 [ 135.524553][ T6499] ? __lock_acquire+0x622/0x1c90 [ 135.524604][ T6499] ? __pfx_do_swap_page+0x10/0x10 [ 135.524648][ T6499] ? __pfx_default_wake_function+0x10/0x10 [ 135.524683][ T6499] ? __lock_acquire+0xb8a/0x1c90 [ 135.524723][ T6499] ? rcu_is_watching+0x12/0xc0 [ 135.524754][ T6499] ? ___pte_offset_map+0x1d5/0x570 [ 135.524792][ T6499] __handle_mm_fault+0x162f/0x5490 [ 135.524843][ T6499] ? __pfx___handle_mm_fault+0x10/0x10 [ 135.524880][ T6499] ? __pte_offset_map_lock+0x174/0x310 [ 135.524910][ T6499] ? find_held_lock+0x2b/0x80 [ 135.524937][ T6499] ? find_held_lock+0x2b/0x80 [ 135.524978][ T6499] ? follow_page_pte+0x3af/0x14c0 [ 135.525020][ T6499] handle_mm_fault+0x589/0xd10 [ 135.525067][ T6499] __get_user_pages+0x589/0x3b80 [ 135.525118][ T6499] ? __pfx___get_user_pages+0x10/0x10 [ 135.525151][ T6499] ? __pfx_down_read_killable+0x10/0x10 [ 135.525195][ T6499] __gup_longterm_locked+0x5e7/0x1840 [ 135.525233][ T6499] ? find_held_lock+0x2b/0x80 [ 135.525267][ T6499] ? __pfx___gup_longterm_locked+0x10/0x10 [ 135.525305][ T6499] ? try_get_folio+0x255/0x730 [ 135.525333][ T6499] ? find_held_lock+0x2b/0x80 [ 135.525362][ T6499] ? sanity_check_pinned_pages+0x3bf/0x1200 [ 135.525403][ T6499] gup_fast_fallback+0x1ab3/0x29e0 [ 135.525469][ T6499] ? __pfx_gup_fast_fallback+0x10/0x10 [ 135.525506][ T6499] ? ___kmalloc_large_node+0x183/0x1e0 [ 135.525537][ T6499] ? lockdep_hardirqs_on+0x7c/0x110 [ 135.525583][ T6499] ? rcu_is_watching+0x12/0xc0 [ 135.525619][ T6499] pin_user_pages_fast+0xa7/0xf0 [ 135.525661][ T6499] ? __pfx_pin_user_pages_fast+0x10/0x10 [ 135.525708][ T6499] io_pin_pages+0xe1/0x1e0 [ 135.525751][ T6499] io_sqe_buffer_register+0x16f/0x2010 [ 135.525804][ T6499] ? lockdep_hardirqs_on+0x7c/0x110 [ 135.525859][ T6499] ? __pfx_io_sqe_buffer_register+0x10/0x10 [ 135.525903][ T6499] ? copy_iovec_from_user+0x84/0x170 [ 135.525956][ T6499] ? iovec_from_user+0xbb/0x140 [ 135.526005][ T6499] io_sqe_buffers_register+0x1ed/0x860 [ 135.526062][ T6499] ? __pfx_io_sqe_buffers_register+0x10/0x10 [ 135.526120][ T6499] ? __pfx___mutex_trylock_common+0x10/0x10 [ 135.526166][ T6499] __io_uring_register+0x21e2/0x23c0 [ 135.526207][ T6499] ? trace_contention_end+0xdd/0x130 [ 135.526247][ T6499] ? __pfx___io_uring_register+0x10/0x10 [ 135.526284][ T6499] ? __mutex_lock+0x1ca/0xb90 [ 135.526329][ T6499] ? __x64_sys_io_uring_register+0x159/0x280 [ 135.526373][ T6499] ? __pfx___mutex_lock+0x10/0x10 [ 135.526426][ T6499] ? __fget_files+0x20e/0x3c0 [ 135.526462][ T6499] ? fput+0x20/0xf0 [ 135.526501][ T6499] __x64_sys_io_uring_register+0x169/0x280 [ 135.526548][ T6499] do_syscall_64+0xcd/0x490 [ 135.526593][ T6499] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 135.526629][ T6499] RIP: 0033:0x7f2e9fd8e929 [ 135.526655][ T6499] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 135.526682][ T6499] RSP: 002b:00007f2ea0b92038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ab [ 135.526710][ T6499] RAX: ffffffffffffffda RBX: 00007f2e9ffb6160 RCX: 00007f2e9fd8e929 [ 135.526729][ T6499] RDX: 0000200000000000 RSI: 0000000000000000 RDI: 0000000000000002 [ 135.526746][ T6499] RBP: 00007f2ea0b92090 R08: 0000000000000000 R09: 0000000000000000 [ 135.526762][ T6499] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 135.526779][ T6499] R13: 0000000000000001 R14: 00007f2e9ffb6160 R15: 00007ffffb093c98 [ 135.526819][ T6499] [ 136.081291][ C0] vkms_vblank_simulate: vblank timer overrun [ 136.161280][ T6483] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 136.173754][ T6483] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 136.481754][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 136.504460][ T6483] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 136.649530][ T6483] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 136.727951][ T6483] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 136.821922][ T6483] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 136.914692][ T6483] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 137.021940][ T6483] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 137.364922][ T6483] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 137.419190][ T6483] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 137.525993][ T6483] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 137.604398][ T6483] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 138.240279][ T6508] syz.3.113 (6508) used greatest stack depth: 19800 bytes left [ 138.304069][ T6525] ======================================================= [ 138.304069][ T6525] WARNING: The mand mount option has been deprecated and [ 138.304069][ T6525] and is ignored by this kernel. Remove the mand [ 138.304069][ T6525] option from the mount to silence this warning. [ 138.304069][ T6525] ======================================================= [ 138.409198][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.421292][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 138.571181][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 138.721366][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 138.961353][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 139.441668][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 140.653859][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 140.811253][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 141.041326][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 141.223660][ T6577] FAULT_INJECTION: forcing a failure. [ 141.223660][ T6577] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 141.332020][ T6577] CPU: 0 UID: 0 PID: 6577 Comm: syz.0.127 Tainted: G U 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 141.332071][ T6577] Tainted: [U]=USER [ 141.332080][ T6577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 141.332095][ T6577] Call Trace: [ 141.332104][ T6577] [ 141.332115][ T6577] dump_stack_lvl+0x16c/0x1f0 [ 141.332162][ T6577] should_fail_ex+0x512/0x640 [ 141.332209][ T6577] should_fail_alloc_page+0xe7/0x130 [ 141.332241][ T6577] prepare_alloc_pages+0x3c2/0x610 [ 141.332283][ T6577] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 141.332343][ T6577] ? __lock_acquire+0x622/0x1c90 [ 141.332386][ T6577] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 141.332431][ T6577] ? xa_load+0x153/0x2c0 [ 141.332471][ T6577] ? filemap_get_entry+0x1a7/0x3b0 [ 141.332504][ T6577] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 141.332550][ T6577] ? policy_nodemask+0xea/0x4e0 [ 141.332581][ T6577] alloc_pages_mpol+0x1fb/0x550 [ 141.332611][ T6577] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 141.332638][ T6577] ? _raw_spin_unlock+0x28/0x50 [ 141.332672][ T6577] ? swap_entry_swapped+0x122/0x190 [ 141.332716][ T6577] ? __pfx_swap_entry_swapped+0x10/0x10 [ 141.332765][ T6577] folio_alloc_mpol_noprof+0x36/0x2f0 [ 141.332802][ T6577] __read_swap_cache_async+0x3b6/0x5a0 [ 141.332858][ T6577] ? __pfx___read_swap_cache_async+0x10/0x10 [ 141.332895][ T6577] ? find_held_lock+0x2b/0x80 [ 141.332924][ T6577] ? swapcache_clear+0x10/0x30 [ 141.332952][ T6577] ? __pfx_swp_swap_info+0x10/0x10 [ 141.332979][ T6577] ? mark_held_locks+0x49/0x80 [ 141.333016][ T6577] ? _raw_spin_unlock_irq+0x23/0x50 [ 141.333059][ T6577] swap_cluster_readahead+0x3eb/0x710 [ 141.333109][ T6577] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 141.333145][ T6577] ? __pfx_workingset_update_node+0x10/0x10 [ 141.333217][ T6577] ? get_vma_policy+0x242/0x3c0 [ 141.333252][ T6577] swapin_readahead+0x13a/0xd60 [ 141.333305][ T6577] ? __pfx_swapin_readahead+0x10/0x10 [ 141.333341][ T6577] ? __filemap_get_folio+0x32b/0xc30 [ 141.333376][ T6577] ? swap_cache_get_folio+0x1df/0x450 [ 141.333417][ T6577] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 141.333440][ T6577] ? __pfx_get_swap_device+0x10/0x10 [ 141.333469][ T6577] ? do_swap_page+0x125/0x65c0 [ 141.333492][ T6577] do_swap_page+0x635/0x65c0 [ 141.333513][ T6577] ? __lock_acquire+0x622/0x1c90 [ 141.333544][ T6577] ? __pfx_do_swap_page+0x10/0x10 [ 141.333569][ T6577] ? __pfx_default_wake_function+0x10/0x10 [ 141.333590][ T6577] ? __lock_acquire+0xb8a/0x1c90 [ 141.333615][ T6577] ? rcu_is_watching+0x12/0xc0 [ 141.333634][ T6577] ? ___pte_offset_map+0x1d5/0x570 [ 141.333656][ T6577] __handle_mm_fault+0x162f/0x5490 [ 141.333686][ T6577] ? __pfx___handle_mm_fault+0x10/0x10 [ 141.333710][ T6577] ? __pte_offset_map_lock+0x174/0x310 [ 141.333729][ T6577] ? find_held_lock+0x2b/0x80 [ 141.333745][ T6577] ? find_held_lock+0x2b/0x80 [ 141.333769][ T6577] ? follow_page_pte+0x3af/0x14c0 [ 141.333794][ T6577] handle_mm_fault+0x589/0xd10 [ 141.333829][ T6577] __get_user_pages+0x589/0x3b80 [ 141.333859][ T6577] ? __pfx___get_user_pages+0x10/0x10 [ 141.333879][ T6577] ? __pfx_down_read_killable+0x10/0x10 [ 141.333904][ T6577] __gup_longterm_locked+0x5e7/0x1840 [ 141.333928][ T6577] ? find_held_lock+0x2b/0x80 [ 141.333948][ T6577] ? __pfx___gup_longterm_locked+0x10/0x10 [ 141.333971][ T6577] ? try_get_folio+0x255/0x730 [ 141.333988][ T6577] ? find_held_lock+0x2b/0x80 [ 141.334006][ T6577] ? sanity_check_pinned_pages+0x3bf/0x1200 [ 141.334030][ T6577] gup_fast_fallback+0x1ab3/0x29e0 [ 141.334067][ T6577] ? __pfx_gup_fast_fallback+0x10/0x10 [ 141.334090][ T6577] ? ___kmalloc_large_node+0x183/0x1e0 [ 141.334110][ T6577] ? lockdep_hardirqs_on+0x7c/0x110 [ 141.334139][ T6577] ? rcu_is_watching+0x12/0xc0 [ 141.334161][ T6577] pin_user_pages_fast+0xa7/0xf0 [ 141.334182][ T6577] ? __pfx_pin_user_pages_fast+0x10/0x10 [ 141.334209][ T6577] io_pin_pages+0xe1/0x1e0 [ 141.334236][ T6577] io_sqe_buffer_register+0x16f/0x2010 [ 141.334278][ T6577] ? __pfx_io_sqe_buffer_register+0x10/0x10 [ 141.334307][ T6577] ? rcu_is_watching+0x12/0xc0 [ 141.334330][ T6577] ? iovec_from_user+0xbb/0x140 [ 141.334361][ T6577] io_sqe_buffers_register+0x1ed/0x860 [ 141.334396][ T6577] ? __pfx_io_sqe_buffers_register+0x10/0x10 [ 141.334431][ T6577] ? __pfx___mutex_trylock_common+0x10/0x10 [ 141.334460][ T6577] __io_uring_register+0x21e2/0x23c0 [ 141.334486][ T6577] ? trace_contention_end+0xdd/0x130 [ 141.334511][ T6577] ? __pfx___io_uring_register+0x10/0x10 [ 141.334535][ T6577] ? __mutex_lock+0x1ca/0xb90 [ 141.334566][ T6577] ? __x64_sys_io_uring_register+0x159/0x280 [ 141.334595][ T6577] ? __pfx___mutex_lock+0x10/0x10 [ 141.334627][ T6577] ? __fget_files+0x20e/0x3c0 [ 141.334650][ T6577] ? fput+0x20/0xf0 [ 141.334672][ T6577] __x64_sys_io_uring_register+0x169/0x280 [ 141.334701][ T6577] do_syscall_64+0xcd/0x490 [ 141.334730][ T6577] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 141.334748][ T6577] RIP: 0033:0x7f8376d8e929 [ 141.334764][ T6577] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 141.334781][ T6577] RSP: 002b:00007f8377cb8038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ab [ 141.334798][ T6577] RAX: ffffffffffffffda RBX: 00007f8376fb5fa0 RCX: 00007f8376d8e929 [ 141.334816][ T6577] RDX: 0000200000000000 RSI: 0000000000000000 RDI: 0000000000000002 [ 141.334826][ T6577] RBP: 00007f8377cb8090 R08: 0000000000000000 R09: 0000000000000000 [ 141.334836][ T6577] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 141.334846][ T6577] R13: 0000000000000000 R14: 00007f8376fb5fa0 R15: 00007ffec4c06ba8 [ 141.334868][ T6577] [ 141.911900][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 142.028073][ T6588] random: crng reseeded on system resumption [ 142.086100][ T6592] tipc: Started in network mode [ 142.104762][ T6592] tipc: Node identity ee00, cluster identity 4711 [ 142.132652][ T6578] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 142.142332][ T6578] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 142.174735][ T6592] tipc: Node number set to 60928 [ 142.645929][ T6600] nbd: must specify at least one socket [ 142.815372][ T6606] netlink: 342 bytes leftover after parsing attributes in process `syz.3.134'. [ 142.846992][ T6606] netlink: 342 bytes leftover after parsing attributes in process `syz.3.134'. [ 142.884646][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 142.902995][ T6606] netlink: 342 bytes leftover after parsing attributes in process `syz.3.134'. [ 142.949136][ T6606] netlink: 342 bytes leftover after parsing attributes in process `syz.3.134'. [ 142.989981][ T6606] netlink: 342 bytes leftover after parsing attributes in process `syz.3.134'. [ 143.122917][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 143.135711][ T6606] netlink: 326 bytes leftover after parsing attributes in process `syz.3.134'. [ 143.168247][ T6606] bridge0: port 2(bridge_slave_1) entered disabled state [ 143.177119][ T6606] bridge0: port 1(bridge_slave_0) entered disabled state [ 143.921345][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 145.283542][ T6651] netlink: 342 bytes leftover after parsing attributes in process `syz.3.144'. [ 150.712881][ T6755] sysfs_service_op_show: Client not running :-5: [ 150.849703][ T6727] ptrace attach of "./syz-executor exec"[5841] was attempted by "./syz-executor exec"[6727] [ 153.045470][ T6794] nfs4: Unknown parameter '׉ZYL7~' [ 153.903722][ T6815] WARNING! power/level is deprecated; use power/control instead [ 154.124104][ T6820] vivid-003: ================= START STATUS ================= [ 154.146317][ T6820] vivid-003: Radio HW Seek Mode: Bounded [ 154.175098][ T6820] vivid-003: Radio Programmable HW Seek: false [ 154.251297][ T6820] vivid-003: RDS Rx I/O Mode: Block I/O [ 154.265221][ T6820] vivid-003: Generate RBDS Instead of RDS: false [ 154.291256][ T6820] vivid-003: RDS Reception: true [ 154.308859][ T6820] vivid-003: RDS Program Type: 0 inactive [ 154.314765][ T6820] vivid-003: RDS PS Name: inactive [ 154.320611][ T6820] vivid-003: RDS Radio Text: inactive [ 154.326600][ T6820] vivid-003: RDS Traffic Announcement: false inactive [ 154.334650][ T6820] vivid-003: RDS Traffic Program: false inactive [ 154.344114][ T6820] vivid-003: RDS Music: false inactive [ 154.359421][ T6820] vivid-003: ================== END STATUS ================== [ 156.163214][ T30] audit: type=1800 audit(1751979543.099:4): pid=6837 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.181" name="SYSV00000400" dev="tmpfs" ino=0 res=0 errno=0 [ 163.171571][ T6916] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input7 [ 163.933416][ T6921] netlink: 206 bytes leftover after parsing attributes in process `syz.1.199'. [ 163.951626][ T6925] FAULT_INJECTION: forcing a failure. [ 163.951626][ T6925] name fail_futex, interval 1, probability 0, space 0, times 0 [ 163.991836][ T6925] CPU: 1 UID: 0 PID: 6925 Comm: syz.2.200 Tainted: G U 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 163.991886][ T6925] Tainted: [U]=USER [ 163.991896][ T6925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 163.991913][ T6925] Call Trace: [ 163.991923][ T6925] [ 163.991935][ T6925] dump_stack_lvl+0x16c/0x1f0 [ 163.991984][ T6925] should_fail_ex+0x512/0x640 [ 163.992034][ T6925] get_futex_key+0x1d0/0x1540 [ 163.992075][ T6925] ? __pfx_get_futex_key+0x10/0x10 [ 163.992125][ T6925] futex_wake+0xe7/0x4e0 [ 163.992171][ T6925] ? __pfx_futex_wake+0x10/0x10 [ 163.992218][ T6925] ? kasan_quarantine_put+0x10a/0x240 [ 163.992261][ T6925] ? lockdep_hardirqs_on+0x7c/0x110 [ 163.992310][ T6925] do_futex+0x1e3/0x350 [ 163.992348][ T6925] ? __pfx_do_futex+0x10/0x10 [ 163.992385][ T6925] ? __do_sys_getcwd+0x4d6/0x930 [ 163.992421][ T6925] __x64_sys_futex+0x1e0/0x4c0 [ 163.992464][ T6925] ? __pfx___x64_sys_futex+0x10/0x10 [ 163.992501][ T6925] ? xfd_validate_state+0x61/0x180 [ 163.992564][ T6925] do_syscall_64+0xcd/0x490 [ 163.992611][ T6925] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 163.992640][ T6925] RIP: 0033:0x7f2e9fd8e929 [ 163.992664][ T6925] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 163.992693][ T6925] RSP: 002b:00007f2ea0bd40e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 163.992726][ T6925] RAX: ffffffffffffffda RBX: 00007f2e9ffb5fa8 RCX: 00007f2e9fd8e929 [ 163.992746][ T6925] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f2e9ffb5fac [ 163.992763][ T6925] RBP: 00007f2e9ffb5fa0 R08: 00007f2ea0bd5000 R09: 0000000000000000 [ 163.992782][ T6925] R10: 0000000000000004 R11: 0000000000000246 R12: 00007f2e9ffb5fac [ 163.992799][ T6925] R13: 0000000000000000 R14: 00007ffffb093bb0 R15: 00007ffffb093c98 [ 163.992838][ T6925] [ 164.187083][ C1] vkms_vblank_simulate: vblank timer overrun [ 165.913912][ T6933] openvswitch: netlink: nsh attribute has 2 unknown bytes. [ 166.331542][ T6932] netlink: zone id is out of range [ 171.005028][ T5859] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 171.014075][ T5859] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 171.022784][ T5859] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 171.052156][ T5859] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 171.062437][ T5859] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 172.465599][ T6994] chnl_net:caif_netlink_parms(): no params data found [ 172.975067][ T6994] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.985005][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 173.006809][ T6994] bridge_slave_0: entered allmulticast mode [ 173.022591][ T6994] bridge_slave_0: entered promiscuous mode [ 173.041871][ T6994] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.061625][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 173.089917][ T6994] bridge_slave_1: entered allmulticast mode [ 173.121547][ T51] Bluetooth: hci1: command tx timeout [ 173.125612][ T6994] bridge_slave_1: entered promiscuous mode [ 173.642984][ T6994] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 173.874999][ T6994] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 174.006518][ T6994] team0: Port device team_slave_0 added [ 174.041123][ T6994] team0: Port device team_slave_1 added [ 174.912086][ T6994] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 174.945233][ T6994] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 175.051539][ T6994] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 175.111853][ T6994] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 175.118846][ T6994] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 175.213254][ T51] Bluetooth: hci1: command tx timeout [ 175.236613][ T7032] FAULT_INJECTION: forcing a failure. [ 175.236613][ T7032] name failslab, interval 1, probability 0, space 0, times 0 [ 175.268032][ T7032] CPU: 1 UID: 0 PID: 7032 Comm: syz.3.222 Tainted: G U 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 175.268086][ T7032] Tainted: [U]=USER [ 175.268096][ T7032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 175.268113][ T7032] Call Trace: [ 175.268123][ T7032] [ 175.268135][ T7032] dump_stack_lvl+0x16c/0x1f0 [ 175.268199][ T7032] should_fail_ex+0x512/0x640 [ 175.268242][ T7032] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 175.268293][ T7032] should_failslab+0xc2/0x120 [ 175.268322][ T7032] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 175.268369][ T7032] ? __d_alloc+0x31/0xaa0 [ 175.268420][ T7032] __d_alloc+0x31/0xaa0 [ 175.268469][ T7032] d_alloc_pseudo+0x1c/0xc0 [ 175.268502][ T7032] alloc_file_pseudo+0xcf/0x230 [ 175.268537][ T7032] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 175.268570][ T7032] ? alloc_fd+0x471/0x7d0 [ 175.268616][ T7032] sock_alloc_file+0x50/0x210 [ 175.268665][ T7032] __sys_socket+0x1c0/0x260 [ 175.268697][ T7032] ? fput+0x70/0xf0 [ 175.268724][ T7032] ? __pfx___sys_socket+0x10/0x10 [ 175.268757][ T7032] ? xfd_validate_state+0x61/0x180 [ 175.268796][ T7032] ? __pfx_ksys_write+0x10/0x10 [ 175.268846][ T7032] __x64_sys_socket+0x72/0xb0 [ 175.268878][ T7032] ? lockdep_hardirqs_on+0x7c/0x110 [ 175.268920][ T7032] do_syscall_64+0xcd/0x490 [ 175.268968][ T7032] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 175.268997][ T7032] RIP: 0033:0x7fc323b8e929 [ 175.269021][ T7032] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 175.269050][ T7032] RSP: 002b:00007fc3249ed038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 175.269079][ T7032] RAX: ffffffffffffffda RBX: 00007fc323db5fa0 RCX: 00007fc323b8e929 [ 175.269099][ T7032] RDX: 0000000000000000 RSI: 0000000000080003 RDI: 0000000000000011 [ 175.269116][ T7032] RBP: 00007fc323c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 175.269134][ T7032] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 175.269151][ T7032] R13: 0000000000000000 R14: 00007fc323db5fa0 R15: 00007ffd26b97578 [ 175.269200][ T7032] [ 175.502878][ T6994] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 175.989150][ T6994] hsr_slave_0: entered promiscuous mode [ 176.022697][ T6994] hsr_slave_1: entered promiscuous mode [ 176.036834][ T6994] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 176.078675][ T6994] Cannot create hsr debugfs directory [ 177.282031][ T51] Bluetooth: hci1: command tx timeout [ 177.400062][ T6994] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 177.480803][ T6994] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 177.533185][ T6994] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 177.761495][ T6994] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 178.584015][ T7063] netlink: 252 bytes leftover after parsing attributes in process `syz.1.226'. [ 178.597679][ T7063] netlink: 252 bytes leftover after parsing attributes in process `syz.1.226'. [ 178.607980][ T7063] netlink: 252 bytes leftover after parsing attributes in process `syz.1.226'. [ 178.617774][ T7063] netlink: 252 bytes leftover after parsing attributes in process `syz.1.226'. [ 178.656982][ T7063] netlink: 252 bytes leftover after parsing attributes in process `syz.1.226'. [ 178.699866][ T7063] netlink: 252 bytes leftover after parsing attributes in process `syz.1.226'. [ 178.749118][ T7063] netlink: 252 bytes leftover after parsing attributes in process `syz.1.226'. [ 178.881764][ T7063] netlink: 252 bytes leftover after parsing attributes in process `syz.1.226'. [ 178.919151][ T6994] 8021q: adding VLAN 0 to HW filter on device bond0 [ 178.934935][ T7063] netlink: 252 bytes leftover after parsing attributes in process `syz.1.226'. [ 178.986273][ T6994] 8021q: adding VLAN 0 to HW filter on device team0 [ 179.001471][ T7063] netlink: 252 bytes leftover after parsing attributes in process `syz.1.226'. [ 179.161507][ T62] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.168674][ T62] bridge0: port 1(bridge_slave_0) entered forwarding state [ 179.209748][ T7046] ptrace attach of "./syz-executor exec"[5843] was attempted by "./syz-executor exec"[7046] [ 179.244223][ T6773] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.252088][ T6773] bridge0: port 2(bridge_slave_1) entered forwarding state [ 179.363086][ T51] Bluetooth: hci1: command tx timeout [ 180.504903][ T6994] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 183.090855][ T6994] veth0_vlan: entered promiscuous mode [ 183.139935][ T6994] veth1_vlan: entered promiscuous mode [ 183.386438][ T7122] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input9 [ 183.435212][ T6994] veth0_macvtap: entered promiscuous mode [ 183.608147][ T6994] veth1_macvtap: entered promiscuous mode [ 184.251015][ T6994] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 184.306839][ T6994] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 184.539255][ T6994] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 184.584691][ T6994] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 184.601374][ T6994] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 184.611490][ T6994] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 184.733161][ T7134] netlink: 'syz.1.236': attribute type 19 has an invalid length. [ 184.751337][ T7134] __nla_validate_parse: 25 callbacks suppressed [ 184.751363][ T7134] netlink: 334 bytes leftover after parsing attributes in process `syz.1.236'. [ 185.369031][ T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 185.396182][ T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 185.727590][ T6782] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 185.753269][ T6779] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 185.761896][ T6779] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 185.932422][ T6782] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 186.368060][ T6782] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 187.139092][ T6782] bridge_slave_1: left allmulticast mode [ 187.192034][ T6782] bridge_slave_1: left promiscuous mode [ 187.213181][ T6782] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.286238][ T6782] bridge_slave_0: left allmulticast mode [ 187.292082][ T6782] bridge_slave_0: left promiscuous mode [ 187.302108][ T6782] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.026063][ T6782] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 189.062567][ T6782] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 189.096134][ T6782] bond0 (unregistering): Released all slaves [ 189.130994][ T7181] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 189.344128][ T7186] netlink: 8 bytes leftover after parsing attributes in process `syz.4.244'. [ 189.855996][ T7207] netlink: 342 bytes leftover after parsing attributes in process `syz.2.250'. [ 190.021327][ T6782] hsr_slave_0: left promiscuous mode [ 190.061743][ T6782] hsr_slave_1: left promiscuous mode [ 190.069956][ T6782] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 190.117916][ T6782] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 190.167670][ T6782] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 190.197998][ T6782] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 190.300028][ T6782] veth1_macvtap: left promiscuous mode [ 190.345339][ T6782] veth0_macvtap: left promiscuous mode [ 190.371531][ T6782] veth1_vlan: left promiscuous mode [ 190.393453][ T6782] veth0_vlan: left promiscuous mode [ 192.175934][ T7250] netlink: 'syz.3.255': attribute type 1 has an invalid length. [ 192.422482][ T6782] team0 (unregistering): Port device team_slave_1 removed [ 192.678493][ T6782] team0 (unregistering): Port device team_slave_0 removed [ 196.157346][ T7308] netlink: 346 bytes leftover after parsing attributes in process `syz.1.266'. [ 198.863740][ T51] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 199.256948][ T7407] netlink: 8 bytes leftover after parsing attributes in process `syz.2.278'. [ 199.606275][ T7411] FAULT_INJECTION: forcing a failure. [ 199.606275][ T7411] name failslab, interval 1, probability 0, space 0, times 0 [ 199.606387][ T7411] CPU: 1 UID: 0 PID: 7411 Comm: syz.2.279 Tainted: G U 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 199.606430][ T7411] Tainted: [U]=USER [ 199.606439][ T7411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 199.606456][ T7411] Call Trace: [ 199.606466][ T7411] [ 199.606478][ T7411] dump_stack_lvl+0x16c/0x1f0 [ 199.606529][ T7411] should_fail_ex+0x512/0x640 [ 199.606571][ T7411] ? __kmalloc_noprof+0xbf/0x510 [ 199.606621][ T7411] ? drm_atomic_state_init+0xe4/0x320 [ 199.606653][ T7411] should_failslab+0xc2/0x120 [ 199.606679][ T7411] __kmalloc_noprof+0xd2/0x510 [ 199.606736][ T7411] drm_atomic_state_init+0xe4/0x320 [ 199.606768][ T7411] ? __kasan_kmalloc+0xaa/0xb0 [ 199.606813][ T7411] drm_atomic_state_alloc+0xd3/0x120 [ 199.606859][ T7411] drm_client_modeset_commit_atomic+0xcc/0x7e0 [ 199.606895][ T7411] ? __pfx___might_resched+0x10/0x10 [ 199.606937][ T7411] ? trace_contention_end+0xdd/0x130 [ 199.606981][ T7411] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 199.607013][ T7411] ? __mutex_lock+0x1ca/0xb90 [ 199.607055][ T7411] ? trace_contention_end+0xdd/0x130 [ 199.607145][ T7411] drm_client_modeset_dpms+0x17e/0x210 [ 199.607182][ T7411] drm_fb_helper_blank+0x19f/0x260 [ 199.607231][ T7411] fb_blank+0xb8/0x200 [ 199.607278][ T7411] store_blank+0xae/0x130 [ 199.607314][ T7411] ? __pfx_store_blank+0x10/0x10 [ 199.607351][ T7411] ? find_held_lock+0x2b/0x80 [ 199.607385][ T7411] ? sysfs_file_kobj+0xe4/0x290 [ 199.607424][ T7411] ? __pfx_store_blank+0x10/0x10 [ 199.607458][ T7411] dev_attr_store+0x58/0x80 [ 199.607487][ T7411] ? __pfx_dev_attr_store+0x10/0x10 [ 199.607515][ T7411] sysfs_kf_write+0xf2/0x150 [ 199.607555][ T7411] kernfs_fop_write_iter+0x354/0x510 [ 199.607584][ T7411] ? __pfx_sysfs_kf_write+0x10/0x10 [ 199.607626][ T7411] vfs_write+0x6c4/0x1150 [ 199.607670][ T7411] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 199.607705][ T7411] ? __pfx___mutex_lock+0x10/0x10 [ 199.607749][ T7411] ? __pfx_vfs_write+0x10/0x10 [ 199.607835][ T7411] ksys_write+0x12a/0x250 [ 199.607878][ T7411] ? __pfx_ksys_write+0x10/0x10 [ 199.607937][ T7411] do_syscall_64+0xcd/0x490 [ 199.607985][ T7411] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 199.608015][ T7411] RIP: 0033:0x7f2e9fd8e929 [ 199.608040][ T7411] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 199.608068][ T7411] RSP: 002b:00007f2ea0bd4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 199.608097][ T7411] RAX: ffffffffffffffda RBX: 00007f2e9ffb5fa0 RCX: 00007f2e9fd8e929 [ 199.608116][ T7411] RDX: 0000000000000081 RSI: 0000000000000000 RDI: 000000000000000a [ 199.608134][ T7411] RBP: 00007f2e9fe10b39 R08: 0000000000000000 R09: 0000000000000000 [ 199.608152][ T7411] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 199.608169][ T7411] R13: 0000000000000000 R14: 00007f2e9ffb5fa0 R15: 00007ffffb093c98 [ 199.608213][ T7411] [ 199.846602][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.846718][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 200.456497][ T7398] tty tty1: ldisc open failed (-12), clearing slot 0 [ 201.218797][ T7429] UHID_CREATE from different security context by process 312 (syz.2.281), this is not allowed. [ 201.474502][ T7423] zswap: compressor 000 not available [ 202.292373][ T7466] FAULT_INJECTION: forcing a failure. [ 202.292373][ T7466] name failslab, interval 1, probability 0, space 0, times 0 [ 202.345692][ T7466] CPU: 1 UID: 0 PID: 7466 Comm: syz.2.287 Tainted: G U 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 202.345745][ T7466] Tainted: [U]=USER [ 202.345755][ T7466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 202.345771][ T7466] Call Trace: [ 202.345780][ T7466] [ 202.345792][ T7466] dump_stack_lvl+0x16c/0x1f0 [ 202.345841][ T7466] should_fail_ex+0x512/0x640 [ 202.345881][ T7466] ? fs_reclaim_acquire+0xae/0x150 [ 202.345920][ T7466] should_failslab+0xc2/0x120 [ 202.345949][ T7466] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 202.345994][ T7466] ? security_inode_alloc+0x3b/0x2b0 [ 202.346033][ T7466] security_inode_alloc+0x3b/0x2b0 [ 202.346067][ T7466] inode_init_always_gfp+0xce4/0x1030 [ 202.346115][ T7466] alloc_inode+0x86/0x240 [ 202.346155][ T7466] sock_alloc+0x40/0x280 [ 202.346184][ T7466] __sock_create+0xc1/0x8d0 [ 202.346228][ T7466] __sys_socket+0x14d/0x260 [ 202.346263][ T7466] ? __pfx___sys_socket+0x10/0x10 [ 202.346297][ T7466] ? xfd_validate_state+0x61/0x180 [ 202.346336][ T7466] ? __pfx___do_sys_close_range+0x10/0x10 [ 202.346391][ T7466] __x64_sys_socket+0x72/0xb0 [ 202.346423][ T7466] ? lockdep_hardirqs_on+0x7c/0x110 [ 202.346466][ T7466] do_syscall_64+0xcd/0x490 [ 202.346514][ T7466] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 202.346544][ T7466] RIP: 0033:0x7f2e9fd8e929 [ 202.346568][ T7466] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 202.346595][ T7466] RSP: 002b:00007f2ea0bd4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 202.346625][ T7466] RAX: ffffffffffffffda RBX: 00007f2e9ffb5fa0 RCX: 00007f2e9fd8e929 [ 202.346644][ T7466] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 202.346662][ T7466] RBP: 00007f2e9fe10b39 R08: 0000000000000000 R09: 0000000000000000 [ 202.346680][ T7466] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 202.346697][ T7466] R13: 0000000000000000 R14: 00007f2e9ffb5fa0 R15: 00007ffffb093c98 [ 202.346736][ T7466] [ 202.346777][ T7466] socket: no more sockets [ 203.218189][ T7488] dyndbg: expected <4096 bytes into control [ 203.490402][ T7440] delete_channel: no stack [ 206.198618][ T7541] netlink: 4 bytes leftover after parsing attributes in process `syz.4.298'. [ 208.214331][ T7598] random: crng reseeded on system resumption [ 208.794831][ T5859] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 208.811918][ T5859] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:0' [ 208.823370][ T5859] CPU: 1 UID: 0 PID: 5859 Comm: kworker/u9:6 Tainted: G U 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 208.823421][ T5859] Tainted: [U]=USER [ 208.823431][ T5859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 208.823451][ T5859] Workqueue: hci0 hci_rx_work [ 208.823502][ T5859] Call Trace: [ 208.823512][ T5859] [ 208.823524][ T5859] dump_stack_lvl+0x16c/0x1f0 [ 208.823571][ T5859] sysfs_warn_dup+0x7f/0xa0 [ 208.823612][ T5859] sysfs_create_dir_ns+0x24b/0x2b0 [ 208.823652][ T5859] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 208.823689][ T5859] ? find_held_lock+0x2b/0x80 [ 208.823727][ T5859] ? do_raw_spin_unlock+0x172/0x230 [ 208.823777][ T5859] kobject_add_internal+0x2c4/0x9b0 [ 208.823824][ T5859] kobject_add+0x16e/0x240 [ 208.823852][ T5859] ? __pfx_kobject_add+0x10/0x10 [ 208.823883][ T5859] ? do_raw_spin_unlock+0x172/0x230 [ 208.823932][ T5859] ? kobject_put+0xab/0x5a0 [ 208.823991][ T5859] device_add+0x288/0x1a70 [ 208.824024][ T5859] ? __pfx_dev_set_name+0x10/0x10 [ 208.824059][ T5859] ? __pfx_device_add+0x10/0x10 [ 208.824090][ T5859] ? mgmt_send_event_skb+0x2fb/0x460 [ 208.824146][ T5859] hci_conn_add_sysfs+0x17e/0x230 [ 208.824196][ T5859] le_conn_complete_evt+0x1075/0x1d70 [ 208.824245][ T5859] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 208.824282][ T5859] ? bt_warn+0xe4/0x120 [ 208.824320][ T5859] ? __pfx_bt_warn+0x10/0x10 [ 208.824370][ T5859] hci_le_conn_complete_evt+0x23c/0x370 [ 208.824433][ T5859] hci_le_meta_evt+0x357/0x5e0 [ 208.824476][ T5859] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 208.824526][ T5859] hci_event_packet+0x682/0x11c0 [ 208.824567][ T5859] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 208.824613][ T5859] ? __pfx_hci_event_packet+0x10/0x10 [ 208.824658][ T5859] ? kcov_remote_start+0x3c9/0x6d0 [ 208.824700][ T5859] ? lockdep_hardirqs_on+0x7c/0x110 [ 208.824750][ T5859] hci_rx_work+0x2c5/0x16b0 [ 208.824799][ T5859] ? rcu_is_watching+0x12/0xc0 [ 208.824847][ T5859] process_one_work+0x9cc/0x1b70 [ 208.824916][ T5859] ? __pfx_process_one_work+0x10/0x10 [ 208.824980][ T5859] ? assign_work+0x1a0/0x250 [ 208.825030][ T5859] worker_thread+0x6c8/0xf10 [ 208.825099][ T5859] ? __pfx_worker_thread+0x10/0x10 [ 208.825145][ T5859] kthread+0x3c5/0x780 [ 208.825190][ T5859] ? __pfx_kthread+0x10/0x10 [ 208.825234][ T5859] ? rcu_is_watching+0x12/0xc0 [ 208.825265][ T5859] ? __pfx_kthread+0x10/0x10 [ 208.825312][ T5859] ret_from_fork+0x5d4/0x6f0 [ 208.825352][ T5859] ? __pfx_kthread+0x10/0x10 [ 208.825397][ T5859] ret_from_fork_asm+0x1a/0x30 [ 208.825457][ T5859] [ 208.826251][ T5859] kobject: kobject_add_internal failed for hci0:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 209.095337][ T5859] Bluetooth: hci0: failed to register connection device [ 209.392735][ T7606] zswap: compressor 000 not available [ 211.094426][ T7668] FAULT_INJECTION: forcing a failure. [ 211.094426][ T7668] name fail_futex, interval 1, probability 0, space 0, times 0 [ 211.112786][ T7668] CPU: 0 UID: 0 PID: 7668 Comm: syz.4.316 Tainted: G U 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 211.112834][ T7668] Tainted: [U]=USER [ 211.112845][ T7668] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 211.112862][ T7668] Call Trace: [ 211.112873][ T7668] [ 211.112885][ T7668] dump_stack_lvl+0x16c/0x1f0 [ 211.112937][ T7668] should_fail_ex+0x512/0x640 [ 211.112986][ T7668] get_futex_key+0x1d0/0x1540 [ 211.113023][ T7668] ? unwind_get_return_address+0x59/0xa0 [ 211.113071][ T7668] ? __pfx_get_futex_key+0x10/0x10 [ 211.113120][ T7668] futex_wait_setup+0x84/0x510 [ 211.113173][ T7668] __futex_wait+0x194/0x2f0 [ 211.113218][ T7668] ? __pfx___futex_wait+0x10/0x10 [ 211.113258][ T7668] ? kasan_save_free_info+0x3b/0x60 [ 211.113292][ T7668] ? __kasan_slab_free+0x51/0x70 [ 211.113335][ T7668] ? kmem_cache_free+0x2d1/0x4d0 [ 211.113382][ T7668] ? __pfx_futex_wake_mark+0x10/0x10 [ 211.113441][ T7668] ? __futex_hash.constprop.0+0x1e9/0x440 [ 211.113480][ T7668] futex_wait+0xe8/0x380 [ 211.113518][ T7668] ? __pfx_futex_wait+0x10/0x10 [ 211.113569][ T7668] ? rcu_is_watching+0x12/0xc0 [ 211.113600][ T7668] ? kasan_quarantine_put+0x10a/0x240 [ 211.113642][ T7668] ? lockdep_hardirqs_on+0x7c/0x110 [ 211.113688][ T7668] do_futex+0x229/0x350 [ 211.113723][ T7668] ? __pfx_do_futex+0x10/0x10 [ 211.113779][ T7668] __x64_sys_futex+0x1e0/0x4c0 [ 211.113821][ T7668] ? __pfx___x64_sys_futex+0x10/0x10 [ 211.113859][ T7668] ? getname_flags.part.0+0x1c5/0x550 [ 211.113906][ T7668] do_syscall_64+0xcd/0x490 [ 211.113950][ T7668] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.113980][ T7668] RIP: 0033:0x7f0f6a78e929 [ 211.114003][ T7668] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 211.114030][ T7668] RSP: 002b:00007f0f6b5b40e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 211.114057][ T7668] RAX: ffffffffffffffda RBX: 00007f0f6a9b6088 RCX: 00007f0f6a78e929 [ 211.114076][ T7668] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f0f6a9b6088 [ 211.114094][ T7668] RBP: 00007f0f6a9b6080 R08: 0000000000000000 R09: 0000000000000000 [ 211.114112][ T7668] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0f6a9b608c [ 211.114129][ T7668] R13: 0000000000000000 R14: 00007ffd521373f0 R15: 00007ffd521374d8 [ 211.114167][ T7668] [ 212.610392][ T7684] QAT: Stopping all acceleration devices. [ 213.810888][ T7706] program syz.1.322 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 213.851803][ T7706] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 214.712337][ T7721] FAULT_INJECTION: forcing a failure. [ 214.712337][ T7721] name failslab, interval 1, probability 0, space 0, times 0 [ 214.712394][ T7721] CPU: 1 UID: 0 PID: 7721 Comm: syz.1.324 Tainted: G U 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 214.712440][ T7721] Tainted: [U]=USER [ 214.712450][ T7721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 214.712467][ T7721] Call Trace: [ 214.712478][ T7721] [ 214.712490][ T7721] dump_stack_lvl+0x16c/0x1f0 [ 214.712540][ T7721] should_fail_ex+0x512/0x640 [ 214.712585][ T7721] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 214.712631][ T7721] should_failslab+0xc2/0x120 [ 214.712662][ T7721] __kmalloc_cache_noprof+0x6a/0x3e0 [ 214.712704][ T7721] ? drm_atomic_state_alloc+0xb8/0x120 [ 214.712740][ T7721] ? drm_modeset_acquire_init+0x237/0x410 [ 214.712792][ T7721] drm_atomic_state_alloc+0xb8/0x120 [ 214.712829][ T7721] drm_client_modeset_commit_atomic+0xcc/0x7e0 [ 214.712867][ T7721] ? __pfx___might_resched+0x10/0x10 [ 214.712910][ T7721] ? trace_contention_end+0xdd/0x130 [ 214.712956][ T7721] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 214.712989][ T7721] ? __mutex_lock+0x1ca/0xb90 [ 214.713041][ T7721] ? trace_contention_end+0xdd/0x130 [ 214.713133][ T7721] drm_client_modeset_dpms+0x17e/0x210 [ 214.713173][ T7721] drm_fb_helper_blank+0x19f/0x260 [ 214.713223][ T7721] fb_blank+0xb8/0x200 [ 214.713270][ T7721] store_blank+0xae/0x130 [ 214.713308][ T7721] ? __pfx_store_blank+0x10/0x10 [ 214.713345][ T7721] ? find_held_lock+0x2b/0x80 [ 214.713378][ T7721] ? sysfs_file_kobj+0xe4/0x290 [ 214.713418][ T7721] ? __pfx_store_blank+0x10/0x10 [ 214.713458][ T7721] dev_attr_store+0x58/0x80 [ 214.713488][ T7721] ? __pfx_dev_attr_store+0x10/0x10 [ 214.713517][ T7721] sysfs_kf_write+0xf2/0x150 [ 214.713558][ T7721] kernfs_fop_write_iter+0x354/0x510 [ 214.713589][ T7721] ? __pfx_sysfs_kf_write+0x10/0x10 [ 214.713632][ T7721] vfs_write+0x6c4/0x1150 [ 214.713677][ T7721] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 214.713713][ T7721] ? __pfx___mutex_lock+0x10/0x10 [ 214.713757][ T7721] ? __pfx_vfs_write+0x10/0x10 [ 214.713836][ T7721] ksys_write+0x12a/0x250 [ 214.713879][ T7721] ? __pfx_ksys_write+0x10/0x10 [ 214.713939][ T7721] do_syscall_64+0xcd/0x490 [ 214.713988][ T7721] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 214.714027][ T7721] RIP: 0033:0x7f83f518e929 [ 214.714052][ T7721] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 214.714081][ T7721] RSP: 002b:00007f83f5fb3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 214.714112][ T7721] RAX: ffffffffffffffda RBX: 00007f83f53b5fa0 RCX: 00007f83f518e929 [ 214.714132][ T7721] RDX: 0000000000000081 RSI: 0000000000000000 RDI: 000000000000000a [ 214.714149][ T7721] RBP: 00007f83f5210b39 R08: 0000000000000000 R09: 0000000000000000 [ 214.714166][ T7721] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 214.714184][ T7721] R13: 0000000000000000 R14: 00007f83f53b5fa0 R15: 00007ffe29160568 [ 214.714229][ T7721] [ 217.789896][ T7781] netlink: 'syz.1.331': attribute type 4 has an invalid length. [ 217.801451][ T7781] netlink: 314 bytes leftover after parsing attributes in process `syz.1.331'. [ 217.850033][ T7781] IPv6: NLM_F_CREATE should be specified when creating new route [ 217.897517][ T7781] IPv6: Can't replace route, no match found [ 222.016243][ T7824] random: crng reseeded on system resumption [ 222.311396][ T7824] Unrecognized hibernate image header format! [ 222.328139][ T7824] PM: hibernation: Image mismatch: architecture specific data [ 224.181118][ T7876] FAULT_INJECTION: forcing a failure. [ 224.181118][ T7876] name failslab, interval 1, probability 0, space 0, times 0 [ 224.272152][ T7876] CPU: 1 UID: 0 PID: 7876 Comm: syz.4.350 Tainted: G U 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 224.272199][ T7876] Tainted: [U]=USER [ 224.272205][ T7876] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 224.272217][ T7876] Call Trace: [ 224.272224][ T7876] [ 224.272231][ T7876] dump_stack_lvl+0x16c/0x1f0 [ 224.272264][ T7876] should_fail_ex+0x512/0x640 [ 224.272289][ T7876] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 224.272319][ T7876] should_failslab+0xc2/0x120 [ 224.272336][ T7876] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 224.272363][ T7876] ? lockdep_init_map_type+0x5c/0x280 [ 224.272389][ T7876] ? __d_alloc+0x31/0xaa0 [ 224.272420][ T7876] __d_alloc+0x31/0xaa0 [ 224.272451][ T7876] d_alloc_pseudo+0x1c/0xc0 [ 224.272472][ T7876] alloc_file_pseudo+0xcf/0x230 [ 224.272493][ T7876] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 224.272512][ T7876] ? alloc_fd+0x471/0x7d0 [ 224.272540][ T7876] sock_alloc_file+0x50/0x210 [ 224.272569][ T7876] __sys_socket+0x1c0/0x260 [ 224.272590][ T7876] ? __pfx___sys_socket+0x10/0x10 [ 224.272610][ T7876] ? xfd_validate_state+0x61/0x180 [ 224.272634][ T7876] ? __pfx_do_writev+0x10/0x10 [ 224.272664][ T7876] __x64_sys_socket+0x72/0xb0 [ 224.272683][ T7876] ? lockdep_hardirqs_on+0x7c/0x110 [ 224.272708][ T7876] do_syscall_64+0xcd/0x490 [ 224.272736][ T7876] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 224.272755][ T7876] RIP: 0033:0x7f0f6a78e929 [ 224.272770][ T7876] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 224.272787][ T7876] RSP: 002b:00007f0f6b5d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 224.272804][ T7876] RAX: ffffffffffffffda RBX: 00007f0f6a9b5fa0 RCX: 00007f0f6a78e929 [ 224.272815][ T7876] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 224.272826][ T7876] RBP: 00007f0f6a810b39 R08: 0000000000000000 R09: 0000000000000000 [ 224.272836][ T7876] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 224.272846][ T7876] R13: 0000000000000000 R14: 00007f0f6a9b5fa0 R15: 00007ffd521374d8 [ 224.272868][ T7876] [ 224.596429][ T7881] FAULT_INJECTION: forcing a failure. [ 224.596429][ T7881] name failslab, interval 1, probability 0, space 0, times 0 [ 224.609786][ T7881] CPU: 1 UID: 0 PID: 7881 Comm: syz.1.351 Tainted: G U 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 224.609814][ T7881] Tainted: [U]=USER [ 224.609819][ T7881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 224.609829][ T7881] Call Trace: [ 224.609836][ T7881] [ 224.609842][ T7881] dump_stack_lvl+0x16c/0x1f0 [ 224.609876][ T7881] should_fail_ex+0x512/0x640 [ 224.609910][ T7881] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 224.609943][ T7881] should_failslab+0xc2/0x120 [ 224.609960][ T7881] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 224.609991][ T7881] ? xfrm_sysctl_init+0x10a/0x2d0 [ 224.610021][ T7881] kmemdup_noprof+0x29/0x60 [ 224.610048][ T7881] xfrm_sysctl_init+0x10a/0x2d0 [ 224.610076][ T7881] xfrm_net_init+0x842/0xcc0 [ 224.610105][ T7881] ? __pfx_xfrm_net_init+0x10/0x10 [ 224.610129][ T7881] ops_init+0x1df/0x5f0 [ 224.610160][ T7881] setup_net+0x1ff/0x510 [ 224.610186][ T7881] ? lockdep_init_map_type+0x5c/0x280 [ 224.610213][ T7881] ? __pfx_setup_net+0x10/0x10 [ 224.610242][ T7881] ? debug_mutex_init+0x37/0x70 [ 224.610262][ T7881] copy_net_ns+0x2a6/0x5f0 [ 224.610282][ T7881] create_new_namespaces+0x3ea/0xa90 [ 224.610308][ T7881] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 224.610330][ T7881] ksys_unshare+0x45b/0xa40 [ 224.610355][ T7881] ? __pfx_ksys_unshare+0x10/0x10 [ 224.610381][ T7881] ? xfd_validate_state+0x61/0x180 [ 224.610412][ T7881] __x64_sys_unshare+0x31/0x40 [ 224.610436][ T7881] do_syscall_64+0xcd/0x490 [ 224.610464][ T7881] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 224.610482][ T7881] RIP: 0033:0x7f83f518e929 [ 224.610496][ T7881] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 224.610513][ T7881] RSP: 002b:00007f83f5fb3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 224.610530][ T7881] RAX: ffffffffffffffda RBX: 00007f83f53b5fa0 RCX: 00007f83f518e929 [ 224.610541][ T7881] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 224.610551][ T7881] RBP: 00007f83f5210b39 R08: 0000000000000000 R09: 0000000000000000 [ 224.610561][ T7881] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 224.610571][ T7881] R13: 0000000000000000 R14: 00007f83f53b5fa0 R15: 00007ffe29160568 [ 224.610592][ T7881] [ 224.862124][ T7894] netlink: 334 bytes leftover after parsing attributes in process `syz.4.352'. [ 224.913885][ T7895] netlink: 334 bytes leftover after parsing attributes in process `syz.4.352'. [ 225.273172][ T7894] svc: failed to register nfsdv3 RPC service (errno 111). [ 225.327150][ T7894] svc: failed to register nfsaclv3 RPC service (errno 111). [ 225.987193][ T7917] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 226.467423][ T7929] netlink: 'syz.4.360': attribute type 1 has an invalid length. [ 228.244321][ T7968] ================================================================== [ 228.252447][ T7968] BUG: KASAN: slab-out-of-bounds in afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 228.261133][ T7968] Read of size 1 at addr ffff8881453737e7 by task syz.4.365/7968 [ 228.268850][ T7968] [ 228.271183][ T7968] CPU: 1 UID: 0 PID: 7968 Comm: syz.4.365 Tainted: G U 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 228.271209][ T7968] Tainted: [U]=USER [ 228.271215][ T7968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 228.271226][ T7968] Call Trace: [ 228.271233][ T7968] [ 228.271239][ T7968] dump_stack_lvl+0x116/0x1f0 [ 228.271268][ T7968] print_report+0xcd/0x680 [ 228.271284][ T7968] ? __virt_addr_valid+0x81/0x610 [ 228.271303][ T7968] ? __phys_addr+0xe8/0x180 [ 228.271321][ T7968] ? afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 228.271340][ T7968] kasan_report+0xe0/0x110 [ 228.271355][ T7968] ? afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 228.271376][ T7968] afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 228.271395][ T7968] ? __lock_acquire+0xb8a/0x1c90 [ 228.271422][ T7968] ? __pfx_afs_proc_addr_prefs_write+0x10/0x10 [ 228.271442][ T7968] ? find_held_lock+0x2b/0x80 [ 228.271459][ T7968] ? __might_fault+0xe3/0x190 [ 228.271484][ T7968] ? __might_fault+0xe3/0x190 [ 228.271508][ T7968] ? __might_fault+0x13b/0x190 [ 228.271537][ T7968] ? proc_simple_write+0x114/0x1b0 [ 228.271554][ T7968] proc_simple_write+0x114/0x1b0 [ 228.271572][ T7968] ? __pfx_proc_simple_write+0x10/0x10 [ 228.271589][ T7968] proc_reg_write+0x23d/0x330 [ 228.271616][ T7968] ? __pfx_proc_reg_write+0x10/0x10 [ 228.271641][ T7968] vfs_writev+0x5df/0xde0 [ 228.271663][ T7968] ? __pfx___mutex_trylock_common+0x10/0x10 [ 228.271691][ T7968] ? __pfx_vfs_writev+0x10/0x10 [ 228.271714][ T7968] ? __mutex_lock+0x1ca/0xb90 [ 228.271739][ T7968] ? kmem_cache_free+0x2d1/0x4d0 [ 228.271766][ T7968] ? __pfx___mutex_lock+0x10/0x10 [ 228.271801][ T7968] ? __fget_files+0x20e/0x3c0 [ 228.271827][ T7968] ? do_writev+0x132/0x340 [ 228.271849][ T7968] do_writev+0x132/0x340 [ 228.271877][ T7968] ? __pfx_do_writev+0x10/0x10 [ 228.271903][ T7968] do_syscall_64+0xcd/0x490 [ 228.271929][ T7968] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 228.271947][ T7968] RIP: 0033:0x7f0f6a78e929 [ 228.271962][ T7968] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 228.271980][ T7968] RSP: 002b:00007f0f6b5d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 228.271997][ T7968] RAX: ffffffffffffffda RBX: 00007f0f6a9b5fa0 RCX: 00007f0f6a78e929 [ 228.272008][ T7968] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000004 [ 228.272019][ T7968] RBP: 00007f0f6a810b39 R08: 0000000000000000 R09: 0000000000000000 [ 228.272029][ T7968] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 228.272039][ T7968] R13: 0000000000000000 R14: 00007f0f6a9b5fa0 R15: 00007ffd521374d8 [ 228.272054][ T7968] [ 228.272060][ T7968] [ 228.536027][ T7968] Allocated by task 7968: [ 228.540352][ T7968] kasan_save_stack+0x33/0x60 [ 228.545048][ T7968] kasan_save_track+0x14/0x30 [ 228.549734][ T7968] __kasan_kmalloc+0xaa/0xb0 [ 228.554351][ T7968] __kmalloc_node_track_caller_noprof+0x221/0x510 [ 228.560781][ T7968] memdup_user_nul+0x2b/0x120 [ 228.565458][ T7968] proc_simple_write+0xc7/0x1b0 [ 228.570310][ T7968] proc_reg_write+0x23d/0x330 [ 228.575009][ T7968] vfs_writev+0x5df/0xde0 [ 228.579344][ T7968] do_writev+0x132/0x340 [ 228.583683][ T7968] do_syscall_64+0xcd/0x490 [ 228.588209][ T7968] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 228.594217][ T7968] [ 228.596541][ T7968] The buggy address belongs to the object at ffff8881453737e0 [ 228.596541][ T7968] which belongs to the cache kmalloc-8 of size 8 [ 228.610354][ T7968] The buggy address is located 0 bytes to the right of [ 228.610354][ T7968] allocated 7-byte region [ffff8881453737e0, ffff8881453737e7) [ 228.624680][ T7968] [ 228.627005][ T7968] The buggy address belongs to the physical page: [ 228.633424][ T7968] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x145373 [ 228.642621][ T7968] flags: 0x57ff00000000000(node=1|zone=2|lastcpupid=0x7ff) [ 228.649916][ T7968] page_type: f5(slab) [ 228.653896][ T7968] raw: 057ff00000000000 ffff88801b841500 ffffea0005361040 dead000000000002 [ 228.662480][ T7968] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 228.671069][ T7968] page dumped because: kasan: bad access detected [ 228.677474][ T7968] page_owner tracks the page as allocated [ 228.683180][ T7968] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid 1 (swapper/0), ts 17841936750, free_ts 0 [ 228.700900][ T7968] post_alloc_hook+0x1c0/0x230 [ 228.705691][ T7968] get_page_from_freelist+0x1321/0x3890 [ 228.711250][ T7968] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 228.717153][ T7968] alloc_pages_mpol+0x1fb/0x550 [ 228.722008][ T7968] new_slab+0x23b/0x330 [ 228.726168][ T7968] ___slab_alloc+0xd9c/0x1940 [ 228.730853][ T7968] __slab_alloc.constprop.0+0x56/0xb0 [ 228.736230][ T7968] __kmalloc_cache_noprof+0xfb/0x3e0 [ 228.741525][ T7968] hub_probe+0xd98/0x3480 [ 228.745861][ T7968] usb_probe_interface+0x303/0x9c0 [ 228.750995][ T7968] really_probe+0x241/0xa90 [ 228.755989][ T7968] __driver_probe_device+0x1de/0x440 [ 228.761287][ T7968] driver_probe_device+0x4c/0x1b0 [ 228.766322][ T7968] __device_attach_driver+0x1df/0x310 [ 228.771704][ T7968] bus_for_each_drv+0x159/0x1e0 [ 228.776558][ T7968] __device_attach+0x1e4/0x4b0 [ 228.781337][ T7968] page_owner free stack trace missing [ 228.786716][ T7968] [ 228.789059][ T7968] Memory state around the buggy address: [ 228.794685][ T7968] ffff888145373680: 06 fc fc fc 06 fc fc fc fa fc fc fc 06 fc fc fc [ 228.802761][ T7968] ffff888145373700: 00 fc fc fc 00 fc fc fc 05 fc fc fc 00 fc fc fc [ 228.810828][ T7968] >ffff888145373780: fa fc fc fc fa fc fc fc fa fc fc fc 07 fc fc fc [ 228.818974][ T7968] ^ [ 228.826170][ T7968] ffff888145373800: 06 fc fc fc 06 fc fc fc 05 fc fc fc 06 fc fc fc [ 228.834230][ T7968] ffff888145373880: 06 fc fc fc 07 fc fc fc 06 fc fc fc fa fc fc fc [ 228.842290][ T7968] ================================================================== SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 229.143373][ T7968] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 229.150631][ T7968] CPU: 1 UID: 0 PID: 7968 Comm: syz.4.365 Tainted: G U 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 229.162364][ T7968] Tainted: [U]=USER [ 229.166163][ T7968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 229.176249][ T7968] Call Trace: [ 229.179543][ T7968] [ 229.182488][ T7968] dump_stack_lvl+0x3d/0x1f0 [ 229.187115][ T7968] panic+0x71c/0x800 [ 229.191083][ T7968] ? __pfx_panic+0x10/0x10 [ 229.195547][ T7968] ? mark_held_locks+0x49/0x80 [ 229.200363][ T7968] ? preempt_schedule_thunk+0x16/0x30 [ 229.205782][ T7968] ? afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 229.211806][ T7968] ? preempt_schedule_common+0x44/0xc0 [ 229.217334][ T7968] ? check_panic_on_warn+0x1f/0xb0 [ 229.222483][ T7968] ? afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 229.228485][ T7968] check_panic_on_warn+0xab/0xb0 [ 229.233487][ T7968] end_report+0x107/0x170 [ 229.237859][ T7968] kasan_report+0xee/0x110 [ 229.242312][ T7968] ? afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 229.248327][ T7968] afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 229.254161][ T7968] ? __lock_acquire+0xb8a/0x1c90 [ 229.259143][ T7968] ? __pfx_afs_proc_addr_prefs_write+0x10/0x10 [ 229.265325][ T7968] ? find_held_lock+0x2b/0x80 [ 229.270051][ T7968] ? __might_fault+0xe3/0x190 [ 229.274764][ T7968] ? __might_fault+0xe3/0x190 [ 229.279476][ T7968] ? __might_fault+0x13b/0x190 [ 229.284371][ T7968] ? proc_simple_write+0x114/0x1b0 [ 229.289508][ T7968] proc_simple_write+0x114/0x1b0 [ 229.294465][ T7968] ? __pfx_proc_simple_write+0x10/0x10 [ 229.299966][ T7968] proc_reg_write+0x23d/0x330 [ 229.304704][ T7968] ? __pfx_proc_reg_write+0x10/0x10 [ 229.309946][ T7968] vfs_writev+0x5df/0xde0 [ 229.314320][ T7968] ? __pfx___mutex_trylock_common+0x10/0x10 [ 229.320273][ T7968] ? __pfx_vfs_writev+0x10/0x10 [ 229.325161][ T7968] ? __mutex_lock+0x1ca/0xb90 [ 229.329873][ T7968] ? kmem_cache_free+0x2d1/0x4d0 [ 229.334856][ T7968] ? __pfx___mutex_lock+0x10/0x10 [ 229.339917][ T7968] ? __fget_files+0x20e/0x3c0 [ 229.344635][ T7968] ? do_writev+0x132/0x340 [ 229.349162][ T7968] do_writev+0x132/0x340 [ 229.353431][ T7968] ? __pfx_do_writev+0x10/0x10 [ 229.358239][ T7968] do_syscall_64+0xcd/0x490 [ 229.362784][ T7968] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 229.368704][ T7968] RIP: 0033:0x7f0f6a78e929 [ 229.373242][ T7968] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 229.392871][ T7968] RSP: 002b:00007f0f6b5d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 229.401314][ T7968] RAX: ffffffffffffffda RBX: 00007f0f6a9b5fa0 RCX: 00007f0f6a78e929 [ 229.409320][ T7968] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000004 [ 229.417318][ T7968] RBP: 00007f0f6a810b39 R08: 0000000000000000 R09: 0000000000000000 [ 229.425312][ T7968] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 229.433298][ T7968] R13: 0000000000000000 R14: 00007f0f6a9b5fa0 R15: 00007ffd521374d8 [ 229.441299][ T7968] [ 229.444604][ T7968] Kernel Offset: disabled [ 229.449040][ T7968] Rebooting in 86400 seconds..