last executing test programs: 11.033420723s ago: executing program 3 (id=186): r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/neigh/ipvlan1/retrans_time\x00', 0x242, 0x0) sendfile$auto(r0, r0, 0x0, 0x200) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/seq/clients\x00', 0x280, 0x0) socket(0xf, 0x3, 0x2) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) ioctl$auto_SIOCSIFHWADDR2(r2, 0x8924, &(0x7f0000000440)) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000100), r2) socket(0x2, 0x2, 0x0) socket(0x1a, 0x5, 0xfffffffd) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) ioctl$auto_posix_clock_file_operations_posix_clock(0xffffffffffffffff, 0x2, 0x0) write$auto(r1, &(0x7f0000000240)='/\xc46\x9e\xe4audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x90, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x3, 0x8000001f, 0x2, 0x6d3c, 0x9, 0x2, 0x6]}, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_DEL_PMK(0xffffffffffffffff, 0x0, 0x8000) close_range$auto(0x2, 0x8, 0x0) unshare$auto(0x40000080) madvise$auto(0x110c234000, 0x1, 0x9) ioctl$auto_SOUND_MIXER_READ_DEVMASK2(0xffffffffffffffff, 0x80044dfe, &(0x7f0000000040)) unshare$auto(0x40000080) socket(0xa, 0x2, 0x3a) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptyde\x00', 0xa0102, 0x0) ioctl$auto_TIOCVHANGUP2(r3, 0x5437, 0x0) readv$auto(0x3, &(0x7f0000000600)={0x0, 0xc}, 0x1da) 11.032145246s ago: executing program 1 (id=195): mknod$auto(&(0x7f0000000080)=':,\x00', 0xcb, 0xfffffffa) r0 = pidfd_open$auto(0x1, 0x0) mmap$auto(0x0, 0x2, 0x3, 0x7fffffffffffffff, r0, 0x6) r1 = io_uring_setup$auto(0x6, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/system/memory/memory15/online\x00', 0xa001, 0x0) write$auto(r2, &(0x7f0000000140)='0[.[\x00', 0xcd04) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/mm/lru_gen/enabled\x00', 0xb02, 0x0) sendfile$auto(r3, r3, 0x0, 0x1) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r4 = open$dir(0x0, 0x42, 0x20) open_tree$auto(r4, 0x0, 0x9001) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x5ed900, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r5 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a) sendmsg$auto_KSMBD_EVENT_SPNEGO_AUTHEN_REQUEST(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000140)={0x14, 0x0, 0x20, 0x70bd29, 0x25dfdbfc, {}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x804) sendmmsg$auto(r5, 0x0, 0x5, 0x20000000) prctl$auto_PR_GET_TID_ADDRESS(0x28, 0x2, 0x0, 0x0, 0x40) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mbind$auto(0x0, 0x2091d1, 0x1, 0x0, 0x6, 0x2) bind$auto(0x3, 0x0, 0x6a) connect$auto(0xffffffffffffffff, &(0x7f00000000c0)=@ax25={0x3, @default, 0x4000001}, 0x8) lsm_list_modules$auto(0x0, 0x0, 0x0) socket(0x10, 0x6, 0x0) prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x3, 0x3, 0x0, 0x0, 0x4) socket(0x1d, 0x5, 0x6) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) lsm_set_self_attr$auto(0x9, 0x0, 0x80, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) 8.731777228s ago: executing program 2 (id=189): mmap$auto(0x0, 0x2020007, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0x900, 0x0) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x5) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) lseek$auto(0x3, 0x0, 0x1) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x0) semctl$auto(0xb47, 0x100002, 0x13, 0x0) ioctl$auto(0xffffffffffffffff, 0x560a, 0x7) r0 = socket(0xa, 0x5, 0x84) mmap$auto(0x0, 0x400108, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) r1 = socket(0x2, 0x5, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0x2, 0x1, 0x84) setsockopt$auto(0x3, 0x10000000084, 0x81, 0x0, 0x8) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1a000}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) setsockopt$auto(r0, 0x10000000084, 0x23, 0x0, 0x8) r2 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video64\x00', 0x103040, 0x0) ioctl$auto(r2, 0xc058560f, r2) socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto(0xc8, 0x400454ce, 0x5c8d) 8.73148089s ago: executing program 3 (id=190): mmap$auto(0x7, 0x200040009, 0xdf, 0x800000000009b72, 0xffffffffffffffff, 0x8da) r0 = socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) r1 = socket(0x10, 0x3, 0x6) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_TSINFO_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYRES8=r1, @ANYBLOB="0107000000000000000000000000000000000000000000000000000061dc217bd3f375114d43271e9d342d564be237545bdfafb46f8aba762787e7c60ab7d2f6e11acbf2c1e9b0152a318fd0860c8670c9b20553d55953ae536ba7d43ed29c14e4263549f25970030970c5675f3b71188a136a9ef182c73ad9941605a170dc133598fc573f723e8bf58c8f9a4e520119cd9cfb3733e0c5c0ef42af531bae56e5ebe9863a4d2a5801b76da72f7634c7a39d669e6d24255cad300a789468c7de0c24"], 0x14}, 0x1, 0x0, 0x0, 0x20048810}, 0x4804) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) sendmsg$auto_ETHTOOL_MSG_LINKINFO_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x4000840}, 0x2000c840) sendmmsg$auto(0x3, &(0x7f00000000c0)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0x34000}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x3f3) prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0x6) socket(0x10, 0x4, 0xffffffc0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r3 = openat$auto_ecryptfs_miscdev_fops_miscdev(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) write$auto(r3, 0x0, 0x5) sendfile$auto(0xffffffffffffffff, 0x3, 0x0, 0x7) mmap$auto(0x0, 0x400408, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r4 = socket(0x2b, 0x1, 0x0) r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000fc0)=ANY=[@ANYBLOB="1c400000", @ANYRES16=r5, @ANYBLOB="010025bd7000fedbdf257700000008000300", @ANYRES32=r7, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0xc1}, 0x90) sendmmsg$auto(r4, &(0x7f0000000000)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xfffffffd}, 0x10001}, 0x5, 0x20000000) bind$auto(0x3, 0x0, 0x6a) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) 7.808695299s ago: executing program 0 (id=191): r0 = openat$auto_safesetid_uid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000b00), 0x40042, 0x0) write$auto_safesetid_uid_file_fops_securityfs(r0, &(0x7f0000000b40)="33e06908f7cef2ef9652d5e3d0f91cdb9aa7fcd4f56b3ae50e2e7a3fce17ad39061182af048f047adfa552adf5a64941ae9a2564ce32560a", 0x38) prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0x2) socket(0x10, 0x4, 0xffffffc0) mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0xffffffffffffffff, 0x8000) r1 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$auto(r1, 0x104000000000010e, 0x8, 0x0, 0x2000400) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d7) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) write$auto(r3, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) write$auto(r3, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) r4 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x20881, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x401bf, 0x7351, 0x10003c, 0x1, 0x1ffde, 0x7, 0x3, 0xfffffffffffffffe, 0x9, 0x3, 0x6, 0x4, 0xb4, 0x9, 0x9, 0x10005, 0x80, 0x4, 0xffefffff, 0x7, 0x2000, 0x203, 0x0, 0x20e9d17d, 0x400300000000000, 0xdb, 0x6, 0x80000000, 0xf04, [0xfffffffffffffffe, 0x0, 0x2, 0xfffffffffffffffd, 0x2, 0xfffffffffffffffe, 0x0, 0x20000000000007, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0xff5b, 0xc72, 0xffffffffffffffff, 0x9, 0x0, 0x66, 0x2, 0x1, 0x0, 0x0, 0x80000, 0x9, 0x8, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, 0x8c]}, 0x2, 0xd) ioctl$auto_EVIOCGRAB(r4, 0x40044590, &(0x7f0000000000)=0x2) write$auto(r4, &(0x7f0000000040)='/dev/input/event1\x00', 0x10001) mmap$auto(0x0, 0x898, 0xdf, 0x10, 0x2, 0x8000) madvise$auto(0x0, 0x4, 0x15) madvise$auto(0xffdffffffffffffc, 0x200006, 0x0) r5 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f00000001c0), 0x20000, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r5, 0x40345410, &(0x7f0000000280)={{0x3, 0x1000, 0x1, 0x1, 0x4}, "654c6dbc7a4d30983899a7e1325b6a29ba1e184410ba9f74e82a3fa6c3ccf1bf"}) ioctl$auto_SNDRV_TIMER_IOCTL_CONTINUE(r5, 0x54a2, 0x0) close_range$auto(0x2, 0x8, 0x0) setresuid$auto(0x2, 0x7, 0x8080) socket(0x2b, 0x2, 0x20a) syz_genetlink_get_family_id$auto_nl802154(0x0, 0xffffffffffffffff) write$auto_tomoyo_operations_securityfs_if(0xffffffffffffffff, 0x0, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) 7.708678467s ago: executing program 1 (id=193): r0 = socket(0x9, 0x80000, 0xfffffff8) setsockopt$auto(r0, 0x29, 0x18, &(0x7f0000000040)='!\x00', 0x1ff) socket(0x2b, 0x1, 0x1) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) writev$auto(0x3, 0x0, 0x8009) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$auto_OVS_FLOW_CMD_DEL(0xffffffffffffffff, 0x0, 0x800) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x4, 0x300000000000) mmap$auto(0x3, 0x402000b, 0x2000006, 0xeb1, 0x401, 0xfff) openat$auto_udf_dir_operations_udfdecl(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/bluetooth/hci4\x00', 0x2000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8400) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x81, 0x0, 0x0, 0x0, 0x0) write$auto(r1, &(0x7f0000000240)='//ev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x48e1, 0xa, 0x7, 0xd4d7, r1, 0x8000) select$auto(0x0, &(0x7f0000000340)={[0x200, 0x2, 0x7, 0xffffffff, 0x1, 0x76, 0x200000000000000, 0x4000000, 0xfff, 0x1, 0x2, 0x80000000, 0x3a67, 0x8, 0x3, 0x10000]}, &(0x7f00000003c0)={[0x6bb6, 0x8, 0x1000, 0x600000000000, 0x8, 0xe, 0x9, 0xd, 0x1, 0x80, 0x3, 0x0, 0x5, 0x81, 0x4b, 0x4]}, &(0x7f0000000480)={[0x1, 0x10001, 0x9, 0x8, 0xe4, 0x6, 0x30e5, 0x0, 0x8, 0x350660ac, 0x7ff, 0x5, 0x6, 0xb9, 0xf4, 0x4]}, &(0x7f0000000080)={0x5, 0x74b}) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/kallsyms\x00', 0x0, 0x0) pread64$auto(r2, 0x0, 0x8, 0x8000) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) shmctl$auto_SHM_INFO(0x4, 0xe, &(0x7f0000000880)={{0x1, 0xee00, 0xee01, 0x6, 0x69, 0x0, 0xb34}, 0xf145, 0x5, 0xd45, 0x0, @inferred, @raw=0x9, 0x6, 0x0, 0x0, 0x0}) unshare$auto(0x40000080) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/virtual/net/bond0/bonding/all_slaves_active\x00', 0x902, 0x0) pwritev$auto(0x3, &(0x7f0000000100)={0x0, 0xfffffffffffffff1}, 0x5, 0x3, 0x9) read$auto(0xffffffffffffffff, &(0x7f0000000300)='/sys/device\a\x00\x00\x00\x00\x00\x00\x00l/net/bod0/bondactive\x00', 0x5) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) 5.834794003s ago: executing program 3 (id=194): prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0x2) socket(0x10, 0x4, 0xffffffc0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x406, 0x0, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x4000000000005, 0x6, 0x62, 0x8, 0x7, 0x1, 0xb, 0x100, 0x16]}, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d7) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) write$auto(r1, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) write$auto(r1, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x4, 0x15) r2 = open(&(0x7f0000000000)='./cgroup\x00', 0x0, 0x64) fchdir$auto(r2) mkdir$auto(&(0x7f0000000480)='./cgroup\x00', 0x6) bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x9, 0x21eb, 0x7ff, 0x6, 0xa, 0x1000009, 0x5f, 0x0, 0x3}, 0x6f3) r4 = socket(0xa, 0x2, 0x88) bpf$auto(0x0, &(0x7f0000000000)=@link_update={r4, @new_prog_fd=0x4, 0x4, @old_map_fd=r3}, 0xa3) mmap$auto(0x5, 0x4020008, 0x1001, 0xeb1, r4, 0x8003) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp1\x00', 0x20b42, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mremap$auto(0x4fff, 0xb8, 0x13fd4, 0x3, 0xfffff000) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x4002, 0x6, 0x7, 0x8, 0xffffffffffffffff, [0x0, 0x20000], {0xa, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x101, 0x6, 0x2000}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}}) r5 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/net/tcp\x00', 0x181800, 0x0) pread64$auto(r5, &(0x7f0000000000)='/proc/thread-self/net/tcp6\x00\xd2)\x8e\x892\x82\x19\xfd\x03\xc3\x8d\xd7D\bz\xde5u4\xddS\xe6\x1a\x8a`\xad0\x98|\xbc\x00\x98\b\x0ey\xcb`\x9b\x91r\xd5\x13\x9e\xdd4\xe7\xb7\x94P\x8fBlm\x04eAW\xbc0\x9b\xbd\x8f\xf5];\x94\x18\xf0\v\xd7\xf4P\xd3\x9e,Q\xd8\x16\x989l\x03\a\xcc\x1e\xb9\xe9{\xeeS\xa9\xc60\x00\xb5&\x9e\xdbk{F\x18\xa8\xba*G\xd3\x80\xb1G.\xec1\x96uP\x97\x8co\xf1\xa6\xd5\xea\xc8L3|a\xb3\xaa\x90~Y\xb19\xad\xdc\x05o\x98g\xd4\x10]5\x95\xd0\xabJC\x06\xd0c\xd1Ra\xf7\xc4n\xdf\xe4\xc7\x03\x19x\xbb\v\x00\t\xde\xf5\x93\xfb\xfb#\xbd\xc0S\f57\x83\xdd\xaa\xf0\x9c\xd3G\xe1\x00'/232, 0x3ef, 0x9) 5.826638764s ago: executing program 0 (id=203): mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptya5\x00', 0x62c00, 0x0) openat$auto_uinput_fops_uinput(0xffffffffffffff9c, 0x0, 0x101001, 0x0) mmap$auto(0x0, 0x0, 0xe4, 0xeb1, r0, 0x8001) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) shutdown$auto(0x200000003, 0x2) read$auto(0x4, 0x0, 0x80) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0x23, 0x2, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000500)='/dev/tty34\x00', 0x2200, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x0, 0x240009, 0xdf, 0x9b72, 0x7, 0x28000) execve$auto(0x0, 0x0, 0x0) mmap$auto(0x80000000a, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2deb43, 0x0) read$auto(r4, 0x0, 0x20) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x400000000000000) syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000000040), r3) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0xc40, 0x0) r5 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0) write$auto(r5, 0x0, 0x1ff) prctl$auto_PR_SCHED_CORE_GET(0x9, 0x0, 0x0, 0x0, 0x26fa) 5.82558496s ago: executing program 2 (id=196): unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x3, 0x0, 0xfffffffffffffffc, 0x696b}, 0x6}, 0x1, 0x9) r0 = socket(0xa, 0x5, 0x84) sendto$auto(r0, 0x0, 0x34000, 0x7f, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fe8000"}, 0x1c) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000180), 0x4251c0, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) r1 = io_uring_setup$auto(0x59, 0x0) statx$auto(0x2, 0x0, 0x1000, 0x8, 0x0) timerfd_settime$auto(0xffffffffffffffff, 0x3, 0x0, 0x0) r2 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) read$auto(r2, 0x0, 0x1f40) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_3={0x8, 0xfffffffe, 0x7, 0x7, 0x6, 0xe, 0x8c, 0xa6c9, 0x4, "41caf4b00381ce6290bdaa3c5f0415b3", 0x0, 0x6, 0xffffffffffffffff, 0x7f, 0x8000, 0x8001, 0x4506, 0x10000, 0x4, 0x9, @attach_prog_fd=r2, 0x7, 0x5, 0x7fff, 0x8, 0xb9bf, r1, r3}, 0x6f3) getsockopt$auto_SO_PASSCRED(0xffffffffffffffff, 0x1, 0x10, 0x0, 0x0) clone$auto(0x1, 0x1, &(0x7f0000000340)=0x49b, 0x0, 0x0) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r4, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) connect$auto(r3, &(0x7f0000000040)=@hci={0x1f, 0x0, 0x2}, 0xe02) mmap$auto(0xfffffffffffffffd, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r5) 4.212938587s ago: executing program 0 (id=197): mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) r0 = getpgrp(0xffffffffffffffff) prctl$auto(0x0, 0x9, r0, 0x6, 0x9) (async) r1 = prctl$auto(0x0, 0x9, r0, 0x6, 0x9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r1, 0x8000) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r1, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) fstat$auto(0xffffffffffffffff, &(0x7f0000000000)={0x6, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0xfd3, 0x2, 0xec, 0x4, 0x80000000080, 0x8, 0x2, 0xfffffffffffffff8}) (async) fstat$auto(0xffffffffffffffff, &(0x7f0000000000)={0x6, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0xfd3, 0x2, 0xec, 0x4, 0x80000000080, 0x8, 0x2, 0xfffffffffffffff8}) msgsnd$auto(0x6, &(0x7f0000000140)={0x6, 0x8}, 0x2, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000", @ANYBLOB="1a7ce4933f9ff35bf517462e8d347767704e841aab8eeec1b30ba3fec2006845ddad72af80f39a625150d70bfe89772005ddd050f7b10cbb79dc0430bc6deabef34570f33c1db2729de6d27ba00be95e727a57a7ecd7a64388aa58cb3ddbab83d3eb6e2ee4c21ba8a4b0432b853cfb43690193a29fd47b73002402f83933b9a5abb2f88e098f0aaf7dba3848ce03613caf91c537d3e038dc29b5bc3f028688b599bd"], 0x1ac}}, 0x40000) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000", @ANYBLOB="1a7ce4933f9ff35bf517462e8d347767704e841aab8eeec1b30ba3fec2006845ddad72af80f39a625150d70bfe89772005ddd050f7b10cbb79dc0430bc6deabef34570f33c1db2729de6d27ba00be95e727a57a7ecd7a64388aa58cb3ddbab83d3eb6e2ee4c21ba8a4b0432b853cfb43690193a29fd47b73002402f83933b9a5abb2f88e098f0aaf7dba3848ce03613caf91c537d3e038dc29b5bc3f028688b599bd"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB='!'], 0x1ac}, 0x1, 0x0, 0x0, 0x4000844}, 0x40090) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB='!'], 0x1ac}, 0x1, 0x0, 0x0, 0x4000844}, 0x40090) r2 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r2, &(0x7f0000000080)={{0x0, 0x8002, &(0x7f00000002c0)={0x0, 0xc1}, 0x2, 0x0, 0x0, 0x1}, 0x5}, 0x3, 0x0) (async) sendmmsg$auto(r2, &(0x7f0000000080)={{0x0, 0x8002, &(0x7f00000002c0)={0x0, 0xc1}, 0x2, 0x0, 0x0, 0x1}, 0x5}, 0x3, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) close_range$auto(0x2, 0x8, 0x0) r3 = socket(0x80000000000000a, 0x2, 0x0) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) (async) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) io_uring_setup$auto(0xc, 0x0) r4 = openat$auto_bch_chardev_fops_chardev(0xffffffffffffff9c, &(0x7f0000000580), 0x400, 0x0) ioctl$auto_BCH_IOCTL_FSCK_OFFLINE(r4, 0x4018bc13, 0x0) socket(0x29, 0x800, 0x87) (async) socket(0x29, 0x800, 0x87) close_range$auto(r3, r3, 0x0) (async) close_range$auto(r3, r3, 0x0) socketpair$auto(0x3, 0x5, 0x7, 0x0) connect$auto(0x3, 0x0, 0x55) (async) connect$auto(0x3, 0x0, 0x55) mmap$auto(0x800000, 0x1ff, 0xdf, 0x9b72, r1, 0x8000) setrlimit$auto(0x1000000007, 0x0) socket(0x18, 0x2, 0x0) listen$auto(0x3, 0x81) accept$auto(0x3, 0x0, 0x0) listen$auto(0x3, 0x0) connect$auto(0x3, 0x0, 0x58) madvise$auto(0x0, 0xffffffffffff0001, 0x15) 4.152325652s ago: executing program 1 (id=198): close_range$auto(0x2, 0x8000, 0x0) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) close_range$auto(0x2, 0x8, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket(0x28, 0x1, 0x0) (async) socket(0x28, 0x1, 0x0) getpeername$auto(0x3, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) open(&(0x7f0000000080)='./file0\x00', 0xeee00, 0x31) (async) r1 = open(&(0x7f0000000080)='./file0\x00', 0xeee00, 0x31) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0x3, 0x0, 0x100082) lseek$auto(r1, 0x7fffffffffffffff, 0x3) (async) lseek$auto(r1, 0x7fffffffffffffff, 0x3) mprotect$auto(0x0, 0xfffffffffffffff9, 0x40) truncate$auto(&(0x7f00000000c0)='./file0\x00', 0x0) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) (async) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'virt_wifi0\x00'}) (async) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'virt_wifi0\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={0x24, r2, 0x13, 0x70bd26, 0x25dfdbfd, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r4}, @NL80211_ATTR_TXQ_QUANTUM={0x8, 0x10c, 0x8d0c}]}, 0x24}, 0x1, 0x0, 0x0, 0x4004080}, 0x0) (async) sendmsg$auto_NL80211_CMD_SET_WIPHY(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={0x24, r2, 0x13, 0x70bd26, 0x25dfdbfd, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r4}, @NL80211_ATTR_TXQ_QUANTUM={0x8, 0x10c, 0x8d0c}]}, 0x24}, 0x1, 0x0, 0x0, 0x4004080}, 0x0) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r1, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000140)={&(0x7f0000000380)={0x3bc, r2, 0x8, 0x70bd27, 0x25dfdbfc, {}, [@NL80211_ATTR_KEY_SEQ={0x14, 0xa, "f1d4aa4371952dc18720f864e294e7ef"}, @NL80211_ATTR_MLO_RECONF_REM_LINKS={0x6, 0x14f, 0x6}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x3}, @NL80211_ATTR_IE={0x383, 0x2a, "46efaa579c358b774fdedb2592eb8b31090c6fa2fed03108fd9b25546dc155ee84f49e364a2208d6b4b5044078736dc4c63a9c205a7f02e3f004b4cc827e6c94afeebc60b0c2c93e901eb8abbeacbb8530fba6429b19f2762bb4c654508298a7a2585de0e02f42bf7cc41a3b71af2079582eb7b32b514df343a49d85367f147f2da3f952e72e60b0ae0c87e0ea0288d532f0aa2058446dd39a17f036b0cf539975ec2cd382341149cc36db5b265686b5b088e4d53a8bb680fb6e7ac4fcf29f1d4d450e601f6e997973b8d8274f3d3e0b2f0ee19ed1cf966034036d918c9fa86eb11be5566d4c5d88b5571c2d5fdf6ea0a69ebe956c683d3d4cfc25ddd405c9b3cc0ffc70bc5afea55c96a5c78e82af2bac4b64029bd3e2b1e5b2780262e4976e590c92bac75ed99bc76a644a69334cbe416131fd3d952e82329d09e5fa5bb48673f01620ea3245047db79fa7ddfcb1521c40724f25a324ee651266e8ba9dc21244264b690416ee4f546203d17e246df98f97c9d9e30733385f0a6fffc12cc71c063b43f496eaf0a73af0a16b9f4ae97fd83a92b9918c343cd9a70faf96bc87f149a1c648ffb4b722b0e9640167c4c03dde919c69313f6cd217a829338df9997cdf43a13198ae45a70d33caf304858d1a8397a280edeb0dd5df8936c88c72d8c8559ea627c6ed2838fdb0f61257f7218044687ba7c1167b58de9556c1aa246f23b88b445d3263c8f9a9f8dba44e4f481b7115b693e2fd45c74c73c369bc383d690d27a176c4c301e4f28ca76fcd14a78874441dfc945219248d9c14a8bcfe600e46625a96e0d17d1ef6c2f255023052a56534152e98efe2ba9f896c39a99a1cf742c7970e84b11b73cd4038f9d445cfcc1eb4c94a39361febea79b67093d313f1ed2ecd14fcebdde7ed644be8732ff08d56a35b9e7498cee0abefbd23e90bde996d959a427c5acac55b9252ce5b5241b8ecf0e36262f22be3d6773eb584006c63953b717d9873fee89631e39ae2ae72f2aa97f6cc83e5a2894baab800721804bbbd7dea89af4e9cbce2666920ca14470ab8ffbfff6b33c1c250ede6a6e1aa91966c703bfedbd360478fb9f07d1830da1fac9d607fe9e9e3c46723bdd797ee6d95608075d6027c77b880249a12a6fb436c77eec572455a2435e8601d330e768258a4599b8a48f1dbcf7ca9ca73872a9f07ad04f8c6fe1e0fca1a1c9fc75bcbe31fb562a4d28996953e504550fabc58c5c842a6ca33e16763002545439bde6cb3"}]}, 0x3bc}, 0x1, 0x0, 0x0, 0x20008804}, 0x48080) (async) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r1, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000140)={&(0x7f0000000380)={0x3bc, r2, 0x8, 0x70bd27, 0x25dfdbfc, {}, [@NL80211_ATTR_KEY_SEQ={0x14, 0xa, "f1d4aa4371952dc18720f864e294e7ef"}, @NL80211_ATTR_MLO_RECONF_REM_LINKS={0x6, 0x14f, 0x6}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x3}, @NL80211_ATTR_IE={0x383, 0x2a, "46efaa579c358b774fdedb2592eb8b31090c6fa2fed03108fd9b25546dc155ee84f49e364a2208d6b4b5044078736dc4c63a9c205a7f02e3f004b4cc827e6c94afeebc60b0c2c93e901eb8abbeacbb8530fba6429b19f2762bb4c654508298a7a2585de0e02f42bf7cc41a3b71af2079582eb7b32b514df343a49d85367f147f2da3f952e72e60b0ae0c87e0ea0288d532f0aa2058446dd39a17f036b0cf539975ec2cd382341149cc36db5b265686b5b088e4d53a8bb680fb6e7ac4fcf29f1d4d450e601f6e997973b8d8274f3d3e0b2f0ee19ed1cf966034036d918c9fa86eb11be5566d4c5d88b5571c2d5fdf6ea0a69ebe956c683d3d4cfc25ddd405c9b3cc0ffc70bc5afea55c96a5c78e82af2bac4b64029bd3e2b1e5b2780262e4976e590c92bac75ed99bc76a644a69334cbe416131fd3d952e82329d09e5fa5bb48673f01620ea3245047db79fa7ddfcb1521c40724f25a324ee651266e8ba9dc21244264b690416ee4f546203d17e246df98f97c9d9e30733385f0a6fffc12cc71c063b43f496eaf0a73af0a16b9f4ae97fd83a92b9918c343cd9a70faf96bc87f149a1c648ffb4b722b0e9640167c4c03dde919c69313f6cd217a829338df9997cdf43a13198ae45a70d33caf304858d1a8397a280edeb0dd5df8936c88c72d8c8559ea627c6ed2838fdb0f61257f7218044687ba7c1167b58de9556c1aa246f23b88b445d3263c8f9a9f8dba44e4f481b7115b693e2fd45c74c73c369bc383d690d27a176c4c301e4f28ca76fcd14a78874441dfc945219248d9c14a8bcfe600e46625a96e0d17d1ef6c2f255023052a56534152e98efe2ba9f896c39a99a1cf742c7970e84b11b73cd4038f9d445cfcc1eb4c94a39361febea79b67093d313f1ed2ecd14fcebdde7ed644be8732ff08d56a35b9e7498cee0abefbd23e90bde996d959a427c5acac55b9252ce5b5241b8ecf0e36262f22be3d6773eb584006c63953b717d9873fee89631e39ae2ae72f2aa97f6cc83e5a2894baab800721804bbbd7dea89af4e9cbce2666920ca14470ab8ffbfff6b33c1c250ede6a6e1aa91966c703bfedbd360478fb9f07d1830da1fac9d607fe9e9e3c46723bdd797ee6d95608075d6027c77b880249a12a6fb436c77eec572455a2435e8601d330e768258a4599b8a48f1dbcf7ca9ca73872a9f07ad04f8c6fe1e0fca1a1c9fc75bcbe31fb562a4d28996953e504550fabc58c5c842a6ca33e16763002545439bde6cb3"}]}, 0x3bc}, 0x1, 0x0, 0x0, 0x20008804}, 0x48080) mmap$auto(0x0, 0x10000, 0xde, 0x11, r0, 0x28000) (async) mmap$auto(0x0, 0x10000, 0xde, 0x11, r0, 0x28000) openat$auto_proc_pid_smaps_operations_internal(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/smaps\x00', 0x42000, 0x0) (async) r5 = openat$auto_proc_pid_smaps_operations_internal(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/smaps\x00', 0x42000, 0x0) read$auto_proc_pid_smaps_operations_internal(r5, &(0x7f00000002c0)=""/190, 0xfffffe39) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r6 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r7 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r7) ioctl$auto_KVM_CREATE_VM(r6, 0x4004ae86, 0x0) 3.664814212s ago: executing program 0 (id=199): r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/neigh/ipvlan1/retrans_time\x00', 0x242, 0x0) sendfile$auto(r0, r0, 0x0, 0x200) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/seq/clients\x00', 0x280, 0x0) socket(0xf, 0x3, 0x2) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) ioctl$auto_SIOCSIFHWADDR2(r2, 0x8924, &(0x7f0000000440)) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000100), r2) socket(0x2, 0x2, 0x0) socket(0x1a, 0x5, 0xfffffffd) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) ioctl$auto_posix_clock_file_operations_posix_clock(0xffffffffffffffff, 0x2, 0x0) write$auto(r1, &(0x7f0000000240)='/\xc46\x9e\xe4audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x90, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x3, 0x8000001f, 0x2, 0x6d3c, 0x9, 0x2, 0x6]}, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_DEL_PMK(0xffffffffffffffff, 0x0, 0x8000) close_range$auto(0x2, 0x8, 0x0) unshare$auto(0x40000080) madvise$auto(0x110c234000, 0x1, 0x9) ioctl$auto_SOUND_MIXER_READ_DEVMASK2(0xffffffffffffffff, 0x80044dfe, &(0x7f0000000040)) unshare$auto(0x40000080) socket(0xa, 0x2, 0x3a) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptyde\x00', 0xa0102, 0x0) ioctl$auto_TIOCVHANGUP2(r3, 0x5437, 0x0) readv$auto(0x3, &(0x7f0000000600)={0x0, 0xc}, 0x1da) 3.664528567s ago: executing program 1 (id=200): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x2, 0x3, 0x100) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x4004) sendmsg$auto_ETHTOOL_MSG_PHY_GET(0xffffffffffffffff, &(0x7f0000003200)={0x0, 0x0, &(0x7f00000031c0)={&(0x7f0000000180)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16, @ANYBLOB="010326bd7000ffdbdf252d"], 0x20}, 0x1, 0x0, 0x0, 0x2404c012}, 0x80) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00"], 0x1ac}}, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/032/001\x00', 0x200000, 0x0) openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/stack\x00', 0x181100, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x182b02, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0) mmap$auto(0x0, 0x99, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x2000, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/tty45\x00', 0x201, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket(0x6, 0x2, 0x10) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000002fc0)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000000a14af"], 0x14}, 0x1, 0x0, 0x0, 0x80c3}, 0x0) mmap$auto(0x0, 0x400008, 0x3, 0x9b72, 0x2, 0x8000) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x1c, 0x63af, 0x63, 0x0, 0x0, 0x0, 0x0, 0x8, 0x80000008000000a, 0x40000402, 0x6, 0x7, 0xffffffff80000004, 0x8000000002009, 0x6, 0x2400001000ff}) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0f"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) r3 = socket(0x10, 0x2, 0x6) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0xffffffffffffff14, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYRES8=r1], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x200440c0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4c084}, 0x51) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/suspend_stats/failed_resume_noirq\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f0000000140)=""/208, 0xd0) sendmmsg$auto(r0, &(0x7f0000000080)={{0x0, 0x8001c03, &(0x7f00000002c0)={0x0, 0x800c7}, 0x3, 0x0, 0x3, 0x1}, 0x7}, 0x3d55, 0x0) 3.664155672s ago: executing program 2 (id=201): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x10, 0x2, 0x14) socket(0x11, 0x80003, 0x300) openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/mem\x00', 0x0, 0x0) socket(0x2, 0x1, 0x0) socket(0x10, 0x2, 0x0) socket(0x1d, 0x2, 0x7) socket(0xa, 0x2, 0x73) socket$nl_generic(0x10, 0x3, 0x10) socket(0x25, 0x800, 0x1) socket(0x2, 0x1, 0x0) socket(0xa, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x10, 0x2, 0x14) semctl$auto(0x2, 0x7fffffff, 0x4, 0x415) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r0, &(0x7f0000003000)={0x0, 0x0, &(0x7f0000002fc0)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000000a14af"], 0x14}, 0x1, 0x0, 0x0, 0x80c3}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYRES8=r0], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4c084}, 0x51) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/loop11\x00', 0x20000, 0x0) ioctl$auto_BLKBSZGET(r1, 0x80081270, &(0x7f00000001c0)=0xbbc) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x2}, 0x3, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_SEG6_CMD_SET_TUNSRC(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)={0x28, r3, 0x1, 0x70bd28, 0x25dfdbfb, {}, [@SEG6_ATTR_DST={0x14, 0x1, @loopback}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x800) sendmsg$auto_SEG6_CMD_SET_TUNSRC(r0, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000280)={&(0x7f0000000180)={0x60, r3, 0x100, 0x70bd2a, 0x25dfdbfd, {}, [@SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x20b}, @SEG6_ATTR_HMACINFO={0xc, 0x7, 0x0, 0x1, [@typed={0x8, 0x11, 0x0, 0x0, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}}]}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x7}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x7fff}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x9}, @SEG6_ATTR_ALGID={0x5}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x3}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x1}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0xe}]}, 0x60}, 0x1, 0x0, 0x0, 0x20000000}, 0x800) 3.187282815s ago: executing program 2 (id=202): socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x9, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x10000000400008, 0xdf, 0x9b72, 0x2, 0x40000008000) write$auto_fuse_dev_operations_fuse_i(0xffffffffffffffff, &(0x7f00000000c0)="11000000", 0x4) socket(0xf, 0x5, 0x2) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) mmap$auto(0x2, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) io_uring_setup$auto(0x1, 0x0) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x80000001) r0 = gettid() futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x80000001) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) kill$auto(r0, 0x11) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/all/forwarding\x00', 0x42a81, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/bdi/43:288/max_ratio_fine\x00', 0x10b142, 0x0) sendfile$auto(r1, r2, 0x0, 0x1000200) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, 0x0, 0x111800, 0x0) mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, 0x0, 0x80100, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0x2, 0x1, 0x84) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) 2.579747631s ago: executing program 3 (id=204): openat$auto_ftrace_set_event_notrace_pid_fops_trace_events(0xffffffffffffff9c, 0x0, 0x582, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0xc0400, 0x0) ioctl$auto(0x3, 0x4020565a, 0x38) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000100)='/dev/binderfs/binder0\x00', 0x800, 0x0) socket(0xa, 0x1, 0x100) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) socket(0x1e, 0x1, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D2\x00', 0x101, 0x0) r1 = openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x10303f, 0x0) ioctl$auto_SNAPSHOT_ATOMIC_RESTORE(r1, 0x3304, 0x0) r2 = prctl$auto(0x3e, 0x6, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x3739aae3, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) close_range$auto(0x2, 0xa, 0x0) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000001080), r2) sendmsg$auto_NL80211_CMD_SET_QOS_MAP(r2, &(0x7f0000001140)={&(0x7f0000001040)={0x10, 0x0, 0x0, 0x220}, 0xc, &(0x7f0000001100)={&(0x7f00000010c0)={0x24, r3, 0x200, 0x70bd25, 0x25dfdbfd, {}, [@NL80211_ATTR_ADMITTED_TIME={0x6, 0xd4, 0xff}, @NL80211_ATTR_TDLS_SUPPORT={0x4}, @NL80211_ATTR_TDLS_EXTERNAL_SETUP={0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x4081}, 0x20040011) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS1\x00', 0x0, 0x0) r4 = openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) read$auto_rng_chrdev_ops_core(r4, &(0x7f0000000040)=""/4096, 0xfffffe82) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) 1.849710873s ago: executing program 1 (id=205): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) mmap$auto(0x0, 0x4020009, 0xdf, 0x400000000e31, 0xffffffffffffffff, 0x0) (async) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:17/sun\x00', 0x20000, 0x0) read$auto(r0, 0x0, 0x20) (async) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x1c9180, 0x0) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x47, 0x8000) (async) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) (async) sendmsg$auto_ETHTOOL_MSG_PLCA_GET_STATUS(0xffffffffffffffff, 0x0, 0x40) (async, rerun: 32) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/dummy0/addr_gen_mode\x00', 0x1, 0x0) (rerun: 32) write$auto(r1, &(0x7f0000001680)='\v\x90\xd1\xda\xbc>1\x8ag\x14\x18\xbe\xdc\x00', 0x1) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) (async, rerun: 32) capset$auto(0x0, &(0x7f0000000000)={0x2, 0x10000002, 0x6}) (async, rerun: 32) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/kexec_loaded\x00', 0x20000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000002100)=""/4110, 0x100e) (async) setpriority$auto_PRIO_USER(0x2, 0x0, 0x5) (async, rerun: 64) mincore$auto(0x1000, 0x8001, 0x0) (rerun: 64) fcntl$auto(0x8000000000000001, 0x7, 0x8) fcntl$auto(0x8000000000000001, 0x26, 0x8) (async) clone$auto(0x21, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x6) (async) fcntl$auto(0x8000000000000001, 0x26, 0x8) (async, rerun: 64) close_range$auto(0x2, 0x8, 0x0) (rerun: 64) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004) (async) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x5, 0x2) (async) mprotect$auto(0xc000, 0xa71, 0xa) 1.553468282s ago: executing program 0 (id=206): prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket(0x25, 0x1, 0x0) r0 = openat$auto_snapshot_fops_user(0xffffffffffffff9c, 0x0, 0x180b03, 0x0) ioctl$auto_SNAPSHOT_ALLOC_SWAP_PAGE(r0, 0x80083314, 0x0) mmap$auto(0x6, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) io_uring_setup$auto(0x5b, &(0x7f0000000080)={0x7fffffff, 0xd, 0x3000, 0x6, 0x8, 0x7fffffff, 0xffffffffffffffff, [], {0x6, 0x6, 0x3, 0x29f, 0xfe, 0x7ffffffb, 0x101, 0x800, 0x3}, {0x2000008, 0x1, 0x52, 0xfffffff9, 0x2, 0x40, 0x76c5, 0x9, 0x100000000}}) r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0) ioctl$auto(r1, 0xc0b45545, 0x0) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) io_uring_enter$auto(0x3, 0x5, 0xffffffff, 0x3, 0x0, 0x2) mmap$auto(0x0, 0x20008, 0x4000000000df, 0xeb1, 0x401, 0xae8) shutdown$auto(0xffffffffffffffff, 0x2) socket(0xa, 0x1, 0x100) r2 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/route\x00', 0x0, 0x0) pread64$auto(r3, 0x0, 0x8, 0x8000) pread64$auto(r2, 0x0, 0x7ff, 0x400) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x1, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x5, 0x8000000000d, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x9, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0x1]}, 0x0) write$auto(r4, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0xc, 0x2, 0x6]}, 0x0) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) ioctl$auto(0x3, 0x2287, 0xffffffffffffffff) r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/tty45\x00', 0x201, 0x0) ioctl$auto_TIOCSTI2(r5, 0x5412, &(0x7f0000000040)="1a38") socket(0x23, 0x80805, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x401, 0x0) 1.017589672s ago: executing program 3 (id=207): mmap$auto(0x0, 0x402000b, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$auto_dma_heap_fops_dma_heap(0xffffffffffffffff, 0xfffffffffffffc00, &(0x7f0000000100)="a2b36d0449473b7bcbcd6d7f6186e9de29e708c62b9db37658c96e1ed364c5d867daa7438de65e6d2aa369df7e32e2c897c4bd029f0845c6b5196ced8ef9b1a53b4011ed14a904f19072629f7cc6ed922acba72edc667e917861d1e7dc8a72ee61bc9c") r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000500)='/sys/devices/virtual/block/ram12/queue/read_ahead_kb\x00', 0x80000, 0x0) read$auto(r0, 0x0, 0x20) r1 = mq_open$auto(&(0x7f0000000200)='\\\x00\xa9A\x00', 0x83, 0x7, 0x0) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0x2, 0x5, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x11, 0x0, 0x8) writev$auto(r2, &(0x7f0000000200)={0x0, 0x380000}, 0x3) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000340), 0xffffffffffffffff) shmctl$auto_IPC_RMID(0x7, 0x0, &(0x7f0000000100)={{0x171a4c29, 0x0, 0xee01, 0x401, 0x9, 0xb, 0x2}, 0x8, 0x100, 0x1a56, 0x1, @inferred, @raw=0x8000, 0xe7d, 0x0, &(0x7f0000000000), &(0x7f0000000040)="1783a8"}) mmap$auto(0x0, 0x8, 0x4, 0x9b72, 0x2, 0x8000) timer_create$auto(0x2, 0x0, 0x0) timer_create$auto(0x9, 0x0, 0x0) timer_delete$auto(0x1) sendmsg$auto_NBD_CMD_CONNECT(r3, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000740)={0x78, r4, 0x1, 0x70bd2d, 0x25dfdbfb, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x1020}, @NBD_ATTR_SOCKETS={0x50, 0x7, 0x0, 0x1, [@nested={0x2c, 0x7e, 0x0, 0x1, [@typed={0x22, 0xbd, 0x0, 0x0, @binary="a7379b928b2fe53f4a96cc49fa078eb62dca03ca1694ea60fe7c14e53bd8"}, @nested={0x4, 0x9a}]}, @nested={0x20, 0x3b, 0x0, 0x1, [@typed={0x14, 0x1a, 0x0, 0x0, @ipv6=@loopback}, @typed={0x8, 0xf4, 0x0, 0x0, @str='+&+\x00'}]}]}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x1}]}, 0x78}, 0x1, 0x0, 0x0, 0x40080}, 0x20040000) sendmsg$auto_NBD_CMD_STATUS(r1, &(0x7f0000000440)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0xf4, r4, 0x200, 0x70bd28, 0x25dfdbfe, {}, [@NBD_ATTR_BACKEND_IDENTIFIER={0x7, 0xa, '{]-'}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x7}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_SOCKETS={0xc0, 0x7, 0x0, 0x1, [@typed={0xbc, 0x15, 0x0, 0x0, @binary="302137a9e1d1f6f465e7b5ea737a141e7d0dffa0ae07279f954c91fed78bf096aec08879b327de084dd01d906c867b790b16d1f55733fd277fa4e762428b7bcf5c031942400d1df0218ab1e61fa8e20320b5f511028f08d9ef3ccbc7005b58d818724409ee013adfd6253eb309d933da1588412e91def926938dfef2b341582487ba2a326dd81877faf5f0e3cdd55cc03aacc012e5e83098c9afba210ccb1ed5223d1562e0033486f411b783a1e20ce3d768a4c9d162e0bd"}]}]}, 0xf4}}, 0x14) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), 0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) r5 = openat$auto_bsg_fops_bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg/0:0:0:0\x00', 0x121641, 0x0) ioctl$auto_SG_GET_RESERVED_SIZE(r5, 0x2272, &(0x7f0000000280)="5fff575a2747b07cd670b8e58610c96d64ba76b6a60cc9bb1796ae711afdd441fab265037d00077ea24bbfc6e776cca12c7aa02bb1ff33618736aa4b3bb525987d076bbb472da95efc") openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ttyp4\x00', 0x1010c2, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000de, 0xeb1, 0x401, 0x8000) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0xb, 0xb5, 0x10, 0x4, 0x53000000, r1, 0x9, "2af051b26b658a20d8dc6b36c83ce63f", 0x0, 0xffffffffffffffff, 0x9, 0x2, 0x4f4, 0x5}, 0x10) r6 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/028/001\x00', 0xa901, 0x0) ioctl$auto_USBDEVFS_SUBMITURB32(r6, 0x802c550a, &(0x7f00000001c0)=ANY=[@ANYBLOB="020000000000000005"]) ioctl$auto_IMADDTIMER(0xffffffffffffffff, 0x80044940, 0x0) 595.889027ms ago: executing program 2 (id=208): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0xa, 0x801, 0x84) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000140), 0x80, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/bdi/43:96/stable_pages_required\x00', 0x0, 0x0) open(&(0x7f0000000080)='./file0\x00', 0x40, 0x24) socketpair$auto(0x3, 0x4, 0x8000000000000000, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r0 = socket(0x2, 0x2, 0x1) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_4={0x1f, r0, 0x10000}, 0x10) io_uring_setup$auto(0x1, 0x0) bpf$auto(0x1, 0x0, 0x13) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$auto(0x3, 0x40106f52, r1) 234.185306ms ago: executing program 0 (id=209): r0 = ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) close_range$auto(r0, r0, 0x5) socket(0x6, 0x2, 0x8001) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) clone3$auto(0x0, 0x1ffffffffff) getrandom$auto(0x0, 0x6000000, 0x3) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000100), 0x153101, 0x0) close_range$auto(r0, 0x8, 0xffffff81) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_GET_MSRS(r1, 0x4008ae89, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x0, 0x4000000000df, 0xeb2, 0x401, 0x8200) close_range$auto(0x2, 0x8, 0x0) personality$auto(0x40004010410ffc) mmap$auto(0x0, 0x200003, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) socket(0x2, 0x80002, 0x73) r3 = socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000080)={{0x0, 0xfffffff9, &(0x7f00000002c0)={0x0, 0x19fff}, 0x5, 0x0, 0x3, 0x100009}, 0x7}, 0x3, 0x2) r4 = socket(0x2, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@phonet={0x23, 0xfe, 0x3, 0x6}, 0x406a) mmap$auto(0x19c0, 0xfffffffffffff472, 0xdf, 0x9b7d, 0xffffffffffffffff, 0x8000) io_setup$auto(0x1, 0x0) setsockopt$auto(r3, 0x6, 0x9, 0x0, 0x4) sendmmsg$auto(r4, &(0x7f0000000140)={{&(0x7f0000000100), 0x10, &(0x7f00000000c0)={0x0, 0x1fff8}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) shutdown$auto(0x200000003, 0x2) 189.892253ms ago: executing program 2 (id=210): openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x802, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_packet(0x0, 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r0, 0x0, 0xc800) socket(0xa, 0x804, 0x100) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000040), 0xffffffffffffffff) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) mmap$auto(0x0, 0x400008, 0xe2, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x40, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x40) execve$auto(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) r2 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x8a403, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r2, 0x7a7, 0x0) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r3, &(0x7f0000000180)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k\xd8\xb7\x93\x12\xcb;\x85~ qT\xdc\x11\x892\x91\xdd\x1cTI\xe9\"}Hh\xdc{\x15\xcd\xdaE\xf8\xe2y\xf6\xae\vB\f\x86<\x93y\xbd#\x1ej\x86\xc3\xbb\xee1O\xb9\x9dD~\xb9b)\xe6)i\xe1\x9d\t7K\x82\xfc\xdf|\xcf\x91\x96tC\xc7\xe4Y\x06,\xe1\xe5r\'\xf3_\xcf\x17\x97q\xe8\x88\x88\xa5\xd3\x87\x88\xe0#\x89n\xe81\xb6f\x98\xe3\xdc\xf4\xdb+r\x95\xc7Z3\xcff\x8c \xc5\x1eR%\x9dr$t\xd5\x8a?M\x16yM\x02\xa0H\x82\x12\xcb\xe7\x94fV\xcb\xa8\xb6\xdc8a\xf7\x96\xaa\xf1\xb0\x93\xa1\xe2\xe4\x92x\xa1\xcc\x9cn_\xfdW\xbe=\xb8\x99d\x89l\x10\x1c\x81\xbf\x97[\xb8\x1c\x1dv1F\xe2\xf6\xa7\x9aC=\xc8\x9d\x9d\x92r\xe9$\xf9\xcf\x81\x1f\b\x1eI\xd8\xab\xb3M\xdf\aJ`F\b\x91\xfa:\x16F\x81\x8a\x94\xb1\x98\xf0\'\xd0Un \"\x9b\xf2\x90d\x86\x00\x02C\xbcb6\x96odBf\t\x0f-\xcb\xd4\xb2\xf7\xd7\x0f\xd5\xe9', 0x82) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x1) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, 0x6) r4 = socket(0x2a, 0x2, 0x0) open(&(0x7f00000002c0)='./file0\x00', 0x140, 0x1d0) ioctl$auto(r4, 0x8912, 0x38) r5 = openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, &(0x7f0000000600)='/proc/thread-self/clear_refs\x00', 0x2, 0x0) r6 = syz_genetlink_get_family_id$auto_nfc(&(0x7f0000000180), r4) sendmsg$auto_NFC_CMD_LLC_GET_PARAMS(r4, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, r6, 0x703, 0x70bd27, 0x25dfdbff, {}, [@NFC_ATTR_LLC_PARAM_MIUX={0x6, 0x11, 0x5ffe}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4) write$auto(r5, &(0x7f0000000340)='3\x00', 0x6) 94.970928ms ago: executing program 1 (id=211): capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48}) r0 = fanotify_init$auto(0x5, 0x2000000000002) r1 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000100), 0x2400, 0x0) ioctl$auto(r1, 0x0, 0x38) prctl$auto(0x26, 0x6, 0x7fffffffefff, 0x0, 0x1fcf6003) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio1\x00', 0x10dc00, 0x0) mmap$auto(0x0, 0x100400009, 0xdf, 0x9b72, r0, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x8000003, 0x7) unshare$auto(0x40000080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8003) process_madvise$auto_MADV_COLLAPSE(r0, &(0x7f00000000c0)={&(0x7f0000000040)="dfc751223bdd3668c891bd1b12c07034f379644387f9780004dd643222577e83c2981a1231fc5ba9e4afeacf27d561295dc97313a2fa5b9c50991941233159c3805d57d4c29a7f666d25b62b69dc70d9cf5da580dbd528fd4754fe784bef1e0e4f07af9a2dc508fd99073a5b0710227ea8aa", 0x9}, 0x7ea, 0x19, 0x51eed569) dup3$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x101) write$auto(0x3, 0x0, 0x81) read$auto(0xffffffffffffffff, 0x0, 0x67b) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/mnt\x00') socket(0x2, 0xa, 0x1) statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0) r2 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0) socket(0x2d, 0x2, 0x0) getsockopt$auto(0x3, 0x6, 0xb, 0x0, 0x0) ioctl$auto(r2, 0x4611, r2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x3c, 0xffffffffffffffff, 0x0, 0x6, 0xfffffffffffffffe) io_uring_setup$auto(0x1, 0x0) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x80000001) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x6, 0xeb1, 0xfffffffffffffffa, 0x8000) 0s ago: executing program 3 (id=212): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x2c, 0x1, 0x106) accept$auto(0x3, 0xffffffffffffffff, 0xffffffffffffffff) mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x8000000000000003, 0x8000) sendmsg$auto_NL80211_CMD_START_P2P_DEVICE(r1, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x4010) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x82, 0x0) socket(0x2, 0x3, 0x8) socket(0x2, 0x1, 0x0) r2 = epoll_create$auto(0x7) r3 = socket$nl_generic(0x10, 0x3, 0x10) epoll_ctl$auto(0x5, 0x1, r3, 0x0) r4 = bpf$auto(0x0, &(0x7f00000001c0)=@token_create, 0x6f6) capset$auto(0x0, 0x0) epoll_ctl$auto(0x5, 0x3, r3, 0x0) epoll_wait$auto(r2, 0x0, 0xe007, 0x1) r5 = openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x2a801, 0x0) pwrite64$auto(r5, &(0x7f0000000040)='/dev/vcsa\x00', 0x7b05, 0x5) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) unshare$auto(0x40000080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) writev$auto(r6, &(0x7f0000000080)={&(0x7f0000000040)="99e7daa24511691d42a9", 0x1000}, 0x3) close_range$auto(r4, r5, 0x0) socket(0x6, 0x2, 0x6) semctl$auto_SETVAL(0x0, 0xfffffff5, 0x10, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.146' (ED25519) to the list of known hosts. [ 88.680949][ T5854] cgroup: Unknown subsys name 'net' [ 88.874517][ T5854] cgroup: Unknown subsys name 'cpuset' [ 88.884922][ T5854] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 90.636356][ T5854] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 93.028284][ T5868] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 93.037216][ T5868] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 93.045426][ T5868] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 93.055244][ T5868] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 93.063156][ T5868] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 93.066905][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 93.078679][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 93.089876][ T5867] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 93.097499][ T5868] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 93.105823][ T5868] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 93.114832][ T5868] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 93.115117][ T5867] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 93.134037][ T5868] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 93.141712][ T5867] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 93.150201][ T5867] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 93.176291][ T5188] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 93.184666][ T5188] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 93.192893][ T5188] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 93.208633][ T5188] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 93.217347][ T5188] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 93.709759][ T5865] chnl_net:caif_netlink_parms(): no params data found [ 93.755267][ T5871] chnl_net:caif_netlink_parms(): no params data found [ 93.948040][ T5864] chnl_net:caif_netlink_parms(): no params data found [ 94.020073][ T5865] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.029611][ T5865] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.040072][ T5865] bridge_slave_0: entered allmulticast mode [ 94.047435][ T5865] bridge_slave_0: entered promiscuous mode [ 94.078464][ T5871] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.090347][ T5871] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.098089][ T5871] bridge_slave_0: entered allmulticast mode [ 94.105681][ T5871] bridge_slave_0: entered promiscuous mode [ 94.118849][ T5871] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.126212][ T5871] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.133610][ T5871] bridge_slave_1: entered allmulticast mode [ 94.140885][ T5871] bridge_slave_1: entered promiscuous mode [ 94.148066][ T5865] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.155419][ T5865] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.162657][ T5865] bridge_slave_1: entered allmulticast mode [ 94.169818][ T5865] bridge_slave_1: entered promiscuous mode [ 94.189647][ T5876] chnl_net:caif_netlink_parms(): no params data found [ 94.292777][ T5871] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.306099][ T5871] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 94.318519][ T5865] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.355139][ T5865] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 94.450109][ T5871] team0: Port device team_slave_0 added [ 94.458267][ T5865] team0: Port device team_slave_0 added [ 94.467697][ T5865] team0: Port device team_slave_1 added [ 94.473994][ T5864] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.481621][ T5864] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.488777][ T5864] bridge_slave_0: entered allmulticast mode [ 94.496271][ T5864] bridge_slave_0: entered promiscuous mode [ 94.518526][ T5871] team0: Port device team_slave_1 added [ 94.566013][ T5864] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.574487][ T5864] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.582391][ T5864] bridge_slave_1: entered allmulticast mode [ 94.589512][ T5864] bridge_slave_1: entered promiscuous mode [ 94.643949][ T5871] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 94.651168][ T5871] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 94.677470][ T5871] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 94.689730][ T5865] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 94.696963][ T5865] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 94.723029][ T5865] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 94.747846][ T5876] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.755346][ T5876] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.762628][ T5876] bridge_slave_0: entered allmulticast mode [ 94.769701][ T5876] bridge_slave_0: entered promiscuous mode [ 94.777781][ T5876] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.784959][ T5876] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.792800][ T5876] bridge_slave_1: entered allmulticast mode [ 94.800476][ T5876] bridge_slave_1: entered promiscuous mode [ 94.807846][ T5871] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 94.814886][ T5871] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 94.841223][ T5871] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 94.861869][ T5865] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 94.868820][ T5865] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 94.894796][ T5865] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 94.908519][ T5864] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.952937][ T5876] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.003387][ T5864] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.029753][ T5876] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.057422][ T5871] hsr_slave_0: entered promiscuous mode [ 95.063881][ T5871] hsr_slave_1: entered promiscuous mode [ 95.087747][ T5864] team0: Port device team_slave_0 added [ 95.101268][ T5188] Bluetooth: hci1: command tx timeout [ 95.111941][ T5876] team0: Port device team_slave_0 added [ 95.147866][ T5864] team0: Port device team_slave_1 added [ 95.170311][ T5876] team0: Port device team_slave_1 added [ 95.171366][ T5188] Bluetooth: hci0: command tx timeout [ 95.196713][ T5865] hsr_slave_0: entered promiscuous mode [ 95.203854][ T5865] hsr_slave_1: entered promiscuous mode [ 95.209897][ T5865] debugfs: 'hsr0' already exists in 'hsr' [ 95.216323][ T5865] Cannot create hsr debugfs directory [ 95.250846][ T5188] Bluetooth: hci2: command tx timeout [ 95.251225][ T5867] Bluetooth: hci3: command tx timeout [ 95.293652][ T5864] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.301413][ T5864] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.328038][ T5864] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.342537][ T5876] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.349524][ T5876] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.375613][ T5876] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.407143][ T5864] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.414469][ T5864] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.440894][ T5864] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 95.460369][ T5876] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.467520][ T5876] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.493593][ T5876] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 95.656899][ T5864] hsr_slave_0: entered promiscuous mode [ 95.663819][ T5864] hsr_slave_1: entered promiscuous mode [ 95.669889][ T5864] debugfs: 'hsr0' already exists in 'hsr' [ 95.676789][ T5864] Cannot create hsr debugfs directory [ 95.745510][ T5876] hsr_slave_0: entered promiscuous mode [ 95.752707][ T5876] hsr_slave_1: entered promiscuous mode [ 95.758932][ T5876] debugfs: 'hsr0' already exists in 'hsr' [ 95.765368][ T5876] Cannot create hsr debugfs directory [ 96.042250][ T5871] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 96.055747][ T5871] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 96.099792][ T5871] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 96.134794][ T5871] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 96.212991][ T5865] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 96.234817][ T5865] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 96.248649][ T5865] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 96.260333][ T5865] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 96.364269][ T5864] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 96.381231][ T5864] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 96.420112][ T5864] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 96.438324][ T5864] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 96.525848][ T5876] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 96.537172][ T5876] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 96.562294][ T5876] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 96.594884][ T5876] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 96.622711][ T5871] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.703999][ T5871] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.726698][ T4594] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.734006][ T4594] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.745340][ T4594] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.752488][ T4594] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.776744][ T5865] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.865913][ T5865] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.894438][ T1336] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.902282][ T1336] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.919705][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.926909][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.059442][ T5876] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.095343][ T5864] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.171576][ T5867] Bluetooth: hci1: command tx timeout [ 97.176896][ T979] cfg80211: failed to load regulatory.db [ 97.184896][ T5864] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.228357][ T5876] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.250805][ T5867] Bluetooth: hci0: command tx timeout [ 97.263295][ T4594] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.270490][ T4594] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.288379][ T4594] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.295618][ T4594] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.333237][ T5867] Bluetooth: hci3: command tx timeout [ 97.335377][ T4594] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.338683][ T5867] Bluetooth: hci2: command tx timeout [ 97.345814][ T4594] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.389531][ T4594] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.396807][ T4594] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.676733][ T5871] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.692811][ T5865] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.825271][ T5871] veth0_vlan: entered promiscuous mode [ 97.886831][ T5865] veth0_vlan: entered promiscuous mode [ 97.914811][ T5871] veth1_vlan: entered promiscuous mode [ 97.955953][ T5865] veth1_vlan: entered promiscuous mode [ 98.031379][ T5871] veth0_macvtap: entered promiscuous mode [ 98.049667][ T5871] veth1_macvtap: entered promiscuous mode [ 98.126174][ T5871] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.162297][ T5865] veth0_macvtap: entered promiscuous mode [ 98.176897][ T5871] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.204111][ T5865] veth1_macvtap: entered promiscuous mode [ 98.212847][ T59] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.245654][ T59] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.255018][ T59] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.266711][ T59] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.297469][ T5864] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.312969][ T5876] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.343651][ T5865] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.408364][ T5865] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.455205][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.465234][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.468185][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.482222][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.516910][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.527147][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.570329][ T5876] veth0_vlan: entered promiscuous mode [ 98.597643][ T5864] veth0_vlan: entered promiscuous mode [ 98.609428][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.621296][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.645642][ T5876] veth1_vlan: entered promiscuous mode [ 98.670185][ T5864] veth1_vlan: entered promiscuous mode [ 98.776366][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.792770][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.796797][ T5871] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 98.824345][ T5876] veth0_macvtap: entered promiscuous mode [ 98.860208][ T5864] veth0_macvtap: entered promiscuous mode [ 98.917542][ T5864] veth1_macvtap: entered promiscuous mode [ 98.957127][ T1336] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.957236][ T5876] veth1_macvtap: entered promiscuous mode [ 98.970876][ T1336] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.990428][ T5957] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 99.139396][ T5959] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3'. [ 99.159487][ T5876] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.232170][ T5864] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.260905][ T5188] Bluetooth: hci1: command tx timeout [ 99.304814][ T5959] veth0_macvtap: left promiscuous mode [ 99.343111][ T5188] Bluetooth: hci0: command tx timeout [ 99.411693][ T5188] Bluetooth: hci2: command tx timeout [ 99.412992][ T5867] Bluetooth: hci3: command tx timeout [ 99.443291][ T5876] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.459400][ T5864] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.477609][ T4578] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.748230][ T4578] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.825692][ T4578] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.859573][ T4578] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.928048][ T4578] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.964430][ T4578] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.036788][ T4578] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.045975][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 100.057716][ T4578] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.297154][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.315697][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.440605][ T4578] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.457004][ T4578] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.746020][ T4578] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.813845][ T4578] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.925316][ T4578] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.004529][ T4578] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.261889][ T5973] ALSA: mixer_oss: invalid OSS volume '0' [ 101.281640][ T5973] ALSA: mixer_oss: invalid OSS volume '' [ 101.331303][ T5867] Bluetooth: hci1: command tx timeout [ 101.412004][ T5982] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 101.423847][ T5867] Bluetooth: hci0: command tx timeout [ 101.477520][ T5982] Zero length message leads to an empty skb [ 101.491476][ T5867] Bluetooth: hci3: command tx timeout [ 101.494662][ T5188] Bluetooth: hci2: command tx timeout [ 102.206412][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 102.239715][ T5991] netlink: 56 bytes leftover after parsing attributes in process `syz.1.8'. [ 102.309781][ T5991] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !Pj*"l-y–L̓ [ 102.402955][ T6001] can: request_module (can-proto-3) failed. [ 102.959006][ T6007] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 103.011486][ T6008] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 103.333631][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 103.343397][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 103.692692][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 104.051487][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 104.181386][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 104.190050][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 104.472381][ T6035] netlink: 342 bytes leftover after parsing attributes in process `syz.0.16'. [ 104.511952][ T0] NOHZ tick-stop error: local softirq work is pending, handler #242!!! [ 104.521476][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 105.456371][ T6048] ubi0: attaching mtd0 [ 105.468398][ T6048] ubi0: scanning is finished [ 105.473180][ T6048] ubi0: empty MTD device detected [ 105.622269][ T6048] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 105.629850][ T6048] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 105.652845][ T6048] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 105.700778][ T6048] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 105.710800][ T6048] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 105.717636][ T6048] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 105.729329][ T6048] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 3740846076 [ 105.748706][ T6048] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 105.760289][ T6051] ubi0: background thread "ubi_bgt0d" started, PID 6051 [ 106.190882][ T6055] ICMPv6: process `syz.3.20' is using deprecated sysctl (syscall) net.ipv6.neigh.ipvlan1.retrans_time - use net.ipv6.neigh.ipvlan1.retrans_time_ms instead [ 106.602849][ T6066] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input5 [ 107.648441][ T6068] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input6 [ 109.835362][ T6092] FAULT_INJECTION: forcing a failure. [ 109.835362][ T6092] name failslab, interval 1, probability 0, space 0, times 1 [ 109.946433][ T6092] CPU: 1 UID: 0 PID: 6092 Comm: syz.0.25 Not tainted syzkaller #0 PREEMPT(full) [ 109.946479][ T6092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 109.946496][ T6092] Call Trace: [ 109.946506][ T6092] [ 109.946518][ T6092] dump_stack_lvl+0x16c/0x1f0 [ 109.946569][ T6092] should_fail_ex+0x512/0x640 [ 109.946614][ T6092] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 109.946653][ T6092] should_failslab+0xc2/0x120 [ 109.946702][ T6092] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 109.946734][ T6092] ? __proc_create+0xc3/0x8e0 [ 109.946778][ T6092] ? __proc_create+0x2ce/0x8e0 [ 109.946826][ T6092] __proc_create+0x2ce/0x8e0 [ 109.946869][ T6092] ? __pfx___proc_create+0x10/0x10 [ 109.946926][ T6092] proc_mkdir+0x81/0x170 [ 109.946967][ T6092] ? __pfx_proc_mkdir+0x10/0x10 [ 109.947011][ T6092] ? cache_register_net+0x137/0x5e0 [ 109.947063][ T6092] cache_register_net+0x18f/0x5e0 [ 109.947108][ T6092] gss_svc_init_net+0x151/0x660 [ 109.947144][ T6092] ? __pfx_canbcm_pernet_init+0x10/0x10 [ 109.947191][ T6092] ? __pfx_rpcsec_gss_init_net+0x10/0x10 [ 109.947226][ T6092] ops_init+0x1df/0x5f0 [ 109.947278][ T6092] setup_net+0x10f/0x380 [ 109.947301][ T6092] ? lockdep_init_map_type+0x5c/0x280 [ 109.947343][ T6092] ? __pfx_setup_net+0x10/0x10 [ 109.947371][ T6092] ? debug_mutex_init+0x37/0x70 [ 109.947405][ T6092] copy_net_ns+0x2a6/0x5f0 [ 109.947439][ T6092] create_new_namespaces+0x3ea/0xa90 [ 109.947482][ T6092] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 109.947520][ T6092] ksys_unshare+0x45b/0xa40 [ 109.947560][ T6092] ? __pfx_ksys_unshare+0x10/0x10 [ 109.947601][ T6092] ? xfd_validate_state+0x61/0x180 [ 109.947656][ T6092] __x64_sys_unshare+0x31/0x40 [ 109.947708][ T6092] do_syscall_64+0xcd/0x490 [ 109.947757][ T6092] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.947786][ T6092] RIP: 0033:0x7f965bb8eba9 [ 109.947809][ T6092] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 109.947836][ T6092] RSP: 002b:00007f965c989038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 109.947864][ T6092] RAX: ffffffffffffffda RBX: 00007f965bdd5fa0 RCX: 00007f965bb8eba9 [ 109.947883][ T6092] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 109.947899][ T6092] RBP: 00007f965bc11e19 R08: 0000000000000000 R09: 0000000000000000 [ 109.947916][ T6092] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 109.947932][ T6092] R13: 00007f965bdd6038 R14: 00007f965bdd5fa0 R15: 00007ffebd630fb8 [ 109.947973][ T6092] [ 110.262064][ T6098] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 112.002443][ T6120] netlink: 28 bytes leftover after parsing attributes in process `syz.1.29'. [ 112.053746][ T6120] veth0_macvtap: left promiscuous mode [ 112.840248][ T6132] ubi: mtd0 is already attached to ubi0 [ 113.804212][ T6136] process 'syz.1.40' launched ':,' with NULL argv: empty string added [ 113.895031][ T6138] netlink: 56 bytes leftover after parsing attributes in process `syz.3.32'. [ 114.071602][ T6138] debugfs: '!Pj*"l-y–L̓]' already exists in 'ieee80211' [ 114.107586][ T6150] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input7 [ 114.524768][ T6151] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input8 [ 116.858631][ T6175] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 116.880252][ T6175] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 117.075433][ T6175] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 117.086970][ T6175] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 117.094200][ T6175] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 117.219957][ T6175] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 117.300387][ T6175] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 117.312558][ T6175] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 117.523482][ T6175] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 117.680233][ T6175] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 117.687533][ T6175] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 117.738296][ T6198] ICMPv6: process `syz.1.43' is using deprecated sysctl (syscall) net.ipv6.neigh.ipvlan1.retrans_time - use net.ipv6.neigh.ipvlan1.retrans_time_ms instead [ 117.787914][ T6175] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 117.894253][ T6189] workqueue: Failed to create a rescuer kthread for wq "nfc3_nci_cmd_wq": -EINTR [ 118.948155][ T5188] Bluetooth: hci0: command 0x0c1a tx timeout [ 119.122537][ T6219] ubi: mtd0 is already attached to ubi0 [ 119.171028][ T5188] Bluetooth: hci1: command 0x0c1a tx timeout [ 119.331691][ T5188] Bluetooth: hci2: command 0x0c1a tx timeout [ 119.741171][ T5188] Bluetooth: hci3: command 0x0c1a tx timeout [ 121.010747][ T5188] Bluetooth: hci0: command 0x0c1a tx timeout [ 121.250733][ T5188] Bluetooth: hci1: command 0x0c1a tx timeout [ 121.410773][ T5188] Bluetooth: hci2: command 0x0c1a tx timeout [ 121.823762][ T5188] Bluetooth: hci3: command 0x0c1a tx timeout [ 122.957782][ T6259] FAULT_INJECTION: forcing a failure. [ 122.957782][ T6259] name failslab, interval 1, probability 0, space 0, times 0 [ 123.007121][ T6259] CPU: 1 UID: 0 PID: 6259 Comm: syz.3.50 Not tainted syzkaller #0 PREEMPT(full) [ 123.007164][ T6259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 123.007181][ T6259] Call Trace: [ 123.007191][ T6259] [ 123.007203][ T6259] dump_stack_lvl+0x16c/0x1f0 [ 123.007256][ T6259] should_fail_ex+0x512/0x640 [ 123.007303][ T6259] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 123.007346][ T6259] should_failslab+0xc2/0x120 [ 123.007385][ T6259] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 123.007419][ T6259] ? __proc_create+0xc3/0x8e0 [ 123.007463][ T6259] ? __proc_create+0x2ce/0x8e0 [ 123.007511][ T6259] __proc_create+0x2ce/0x8e0 [ 123.007557][ T6259] ? __pfx___proc_create+0x10/0x10 [ 123.007618][ T6259] proc_mkdir+0x81/0x170 [ 123.007663][ T6259] ? __pfx_proc_mkdir+0x10/0x10 [ 123.007718][ T6259] ? cache_register_net+0x137/0x5e0 [ 123.007771][ T6259] cache_register_net+0x18f/0x5e0 [ 123.007820][ T6259] gss_svc_init_net+0x98/0x660 [ 123.007856][ T6259] ? __pfx_canbcm_pernet_init+0x10/0x10 [ 123.007906][ T6259] ? __pfx_rpcsec_gss_init_net+0x10/0x10 [ 123.007946][ T6259] ops_init+0x1df/0x5f0 [ 123.007998][ T6259] setup_net+0x10f/0x380 [ 123.008023][ T6259] ? lockdep_init_map_type+0x5c/0x280 [ 123.008067][ T6259] ? __pfx_setup_net+0x10/0x10 [ 123.008097][ T6259] ? debug_mutex_init+0x37/0x70 [ 123.008133][ T6259] copy_net_ns+0x2a6/0x5f0 [ 123.008169][ T6259] create_new_namespaces+0x3ea/0xa90 [ 123.008212][ T6259] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 123.008250][ T6259] ksys_unshare+0x45b/0xa40 [ 123.008290][ T6259] ? __pfx_ksys_unshare+0x10/0x10 [ 123.008330][ T6259] ? xfd_validate_state+0x61/0x180 [ 123.008386][ T6259] __x64_sys_unshare+0x31/0x40 [ 123.008427][ T6259] do_syscall_64+0xcd/0x490 [ 123.008475][ T6259] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.008504][ T6259] RIP: 0033:0x7faac338eba9 [ 123.008528][ T6259] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 123.008553][ T6259] RSP: 002b:00007faac15f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 123.008581][ T6259] RAX: ffffffffffffffda RBX: 00007faac35d5fa0 RCX: 00007faac338eba9 [ 123.008600][ T6259] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 123.008616][ T6259] RBP: 00007faac3411e19 R08: 0000000000000000 R09: 0000000000000000 [ 123.008634][ T6259] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 123.008650][ T6259] R13: 00007faac35d6038 R14: 00007faac35d5fa0 R15: 00007ffd820e9bf8 [ 123.008691][ T6259] [ 123.276429][ T5188] Bluetooth: hci0: command 0x0c1a tx timeout [ 123.551136][ T5188] Bluetooth: hci1: command 0x0c1a tx timeout [ 123.557987][ T5867] Bluetooth: hci2: command 0x0c1a tx timeout [ 123.890795][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 124.382983][ T6278] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input9 [ 125.103144][ T6279] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input10 [ 126.057285][ T6282] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 128.948123][ T6329] FAULT_INJECTION: forcing a failure. [ 128.948123][ T6329] name failslab, interval 1, probability 0, space 0, times 0 [ 128.961282][ T6329] CPU: 0 UID: 0 PID: 6329 Comm: syz.1.62 Not tainted syzkaller #0 PREEMPT(full) [ 128.961308][ T6329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 128.961319][ T6329] Call Trace: [ 128.961325][ T6329] [ 128.961332][ T6329] dump_stack_lvl+0x16c/0x1f0 [ 128.961364][ T6329] should_fail_ex+0x512/0x640 [ 128.961393][ T6329] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 128.961425][ T6329] should_failslab+0xc2/0x120 [ 128.961449][ T6329] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 128.961470][ T6329] ? __proc_create+0xc3/0x8e0 [ 128.961497][ T6329] ? __proc_create+0x2ce/0x8e0 [ 128.961526][ T6329] __proc_create+0x2ce/0x8e0 [ 128.961553][ T6329] ? __pfx___proc_create+0x10/0x10 [ 128.961584][ T6329] ? _raw_write_unlock+0x28/0x50 [ 128.961609][ T6329] ? proc_register+0x501/0x840 [ 128.961638][ T6329] proc_create_reg+0x7d/0x180 [ 128.961667][ T6329] proc_create_net_data+0x8e/0x1c0 [ 128.961695][ T6329] ? __pfx_proc_create_net_data+0x10/0x10 [ 128.961729][ T6329] sctp_proc_init+0x14c/0x270 [ 128.961754][ T6329] ? __pfx_sctp_defaults_init+0x10/0x10 [ 128.961779][ T6329] sctp_defaults_init+0x74a/0xd80 [ 128.961805][ T6329] ? __pfx_sctp_defaults_init+0x10/0x10 [ 128.961829][ T6329] ops_init+0x1df/0x5f0 [ 128.961861][ T6329] setup_net+0x10f/0x380 [ 128.961875][ T6329] ? lockdep_init_map_type+0x5c/0x280 [ 128.961901][ T6329] ? __pfx_setup_net+0x10/0x10 [ 128.961918][ T6329] ? debug_mutex_init+0x37/0x70 [ 128.961939][ T6329] copy_net_ns+0x2a6/0x5f0 [ 128.961960][ T6329] create_new_namespaces+0x3ea/0xa90 [ 128.961986][ T6329] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 128.962009][ T6329] ksys_unshare+0x45b/0xa40 [ 128.962035][ T6329] ? __pfx_ksys_unshare+0x10/0x10 [ 128.962060][ T6329] ? xfd_validate_state+0x61/0x180 [ 128.962094][ T6329] __x64_sys_unshare+0x31/0x40 [ 128.962118][ T6329] do_syscall_64+0xcd/0x490 [ 128.962148][ T6329] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.962168][ T6329] RIP: 0033:0x7fc706d8eba9 [ 128.962183][ T6329] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 128.962200][ T6329] RSP: 002b:00007fc707ccf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 128.962217][ T6329] RAX: ffffffffffffffda RBX: 00007fc706fd5fa0 RCX: 00007fc706d8eba9 [ 128.962229][ T6329] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 128.962239][ T6329] RBP: 00007fc706e11e19 R08: 0000000000000000 R09: 0000000000000000 [ 128.962249][ T6329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 128.962259][ T6329] R13: 00007fc706fd6038 R14: 00007fc706fd5fa0 R15: 00007ffd1129f368 [ 128.962282][ T6329] [ 132.410149][ T6382] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 132.472949][ T6382] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 133.943398][ T6416] netlink: 4 bytes leftover after parsing attributes in process `syz.2.79'. [ 134.160293][ T6413] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input11 [ 134.565055][ T6424] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input12 [ 134.832504][ T6437] netlink: Unknown conntrack attr (type=146, max=9) [ 135.198709][ T6413] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input13 [ 135.955012][ T6452] random: crng reseeded on system resumption [ 135.991938][ T6448] FAULT_INJECTION: forcing a failure. [ 135.991938][ T6448] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 136.029513][ T6448] CPU: 0 UID: 0 PID: 6448 Comm: syz.2.86 Not tainted syzkaller #0 PREEMPT(full) [ 136.029544][ T6448] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 136.029554][ T6448] Call Trace: [ 136.029560][ T6448] [ 136.029567][ T6448] dump_stack_lvl+0x16c/0x1f0 [ 136.029600][ T6448] should_fail_ex+0x512/0x640 [ 136.029639][ T6448] _copy_from_user+0x2e/0xd0 [ 136.029660][ T6448] get_timespec64+0x8b/0x1b0 [ 136.029683][ T6448] ? __pfx_get_timespec64+0x10/0x10 [ 136.029703][ T6448] ? ktime_get+0x200/0x310 [ 136.029729][ T6448] __x64_sys_futex+0x288/0x4c0 [ 136.029756][ T6448] ? __pfx___x64_sys_futex+0x10/0x10 [ 136.029779][ T6448] ? xfd_validate_state+0x61/0x180 [ 136.029818][ T6448] do_syscall_64+0xcd/0x490 [ 136.029847][ T6448] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.029866][ T6448] RIP: 0033:0x7f4cd7b8eba9 [ 136.029880][ T6448] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 136.029897][ T6448] RSP: 002b:00007ffc99d69f68 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 136.029914][ T6448] RAX: ffffffffffffffda RBX: 000000000002130f RCX: 00007f4cd7b8eba9 [ 136.029925][ T6448] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f4cd7dd5fac [ 136.029936][ T6448] RBP: 0000000000000032 R08: 00007f4cd8ab7000 R09: 0000001a99d6a25f [ 136.029947][ T6448] R10: 00007ffc99d6a060 R11: 0000000000000246 R12: 00007f4cd7dd5fac [ 136.029957][ T6448] R13: 00007ffc99d6a060 R14: 0000000000021341 R15: 00007ffc99d6a080 [ 136.029979][ T6448] [ 138.136275][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.143437][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 139.363090][ T6543] netlink: 16 bytes leftover after parsing attributes in process `syz.3.106'. [ 140.493048][ T6553] FAULT_INJECTION: forcing a failure. [ 140.493048][ T6553] name failslab, interval 1, probability 0, space 0, times 0 [ 140.545904][ T6553] CPU: 1 UID: 0 PID: 6553 Comm: syz.1.109 Not tainted syzkaller #0 PREEMPT(full) [ 140.545944][ T6553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 140.545961][ T6553] Call Trace: [ 140.545971][ T6553] [ 140.545990][ T6553] dump_stack_lvl+0x16c/0x1f0 [ 140.546041][ T6553] should_fail_ex+0x512/0x640 [ 140.546090][ T6553] ? aa_label_asxprint+0x75/0x140 [ 140.546121][ T6553] should_failslab+0xc2/0x120 [ 140.546150][ T6553] __kmalloc_noprof+0xd2/0x510 [ 140.546178][ T6553] aa_label_asxprint+0x75/0x140 [ 140.546201][ T6553] apparmor_lsmprop_to_secctx+0xb2/0x1a0 [ 140.546230][ T6553] security_lsmprop_to_secctx+0x94/0x260 [ 140.546257][ T6553] audit_log_task_context+0x134/0x1a0 [ 140.546282][ T6553] ? __pfx_audit_log_task_context+0x10/0x10 [ 140.546306][ T6553] ? from_kuid+0x8d/0xd0 [ 140.546339][ T6553] ? __pfx_from_kuid+0x10/0x10 [ 140.546370][ T6553] integrity_audit_message+0x269/0x580 [ 140.546401][ T6553] ? take_dentry_name_snapshot+0x314/0x7d0 [ 140.546428][ T6553] ? __pfx_integrity_audit_message+0x10/0x10 [ 140.546459][ T6553] ? take_dentry_name_snapshot+0x319/0x7d0 [ 140.546494][ T6553] integrity_audit_msg+0x41/0x60 [ 140.546525][ T6553] ima_collect_measurement+0x786/0xa40 [ 140.546556][ T6553] ? __pfx_ima_collect_measurement+0x10/0x10 [ 140.546596][ T6553] ? __mutex_lock+0x1c5/0x1060 [ 140.546635][ T6553] ? is_bad_inode+0xd/0x40 [ 140.546650][ T6553] ? xattr_resolve_name+0x27b/0x3f0 [ 140.546673][ T6553] ? vfs_getxattr_alloc+0xec/0x340 [ 140.546698][ T6553] ? ima_get_hash_algo+0x27c/0x400 [ 140.546715][ T6553] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 140.546738][ T6553] ? process_measurement+0x11fa/0x23e0 [ 140.546757][ T6553] process_measurement+0x11fa/0x23e0 [ 140.546783][ T6553] ? __pfx_process_measurement+0x10/0x10 [ 140.546804][ T6553] ? mark_lock+0x32d/0x610 [ 140.546826][ T6553] ? look_up_lock_class+0x6b/0x150 [ 140.546853][ T6553] ? lockdep_unlock+0x64/0xe0 [ 140.546869][ T6553] ? register_lock_class+0x151/0x4c0 [ 140.546899][ T6553] ? lockdep_unlock+0x64/0xe0 [ 140.546936][ T6553] ? rcu_is_watching+0x12/0xc0 [ 140.546954][ T6553] ? _raw_spin_unlock_irq+0x23/0x50 [ 140.546979][ T6553] ? lockdep_hardirqs_on+0x7c/0x110 [ 140.547004][ T6553] ? inode_to_bdi+0x9e/0x160 [ 140.547031][ T6553] ima_file_check+0xc5/0x110 [ 140.547050][ T6553] ? __pfx_ima_file_check+0x10/0x10 [ 140.547076][ T6553] security_file_post_open+0x8e/0x210 [ 140.547100][ T6553] path_openat+0x1404/0x2cb0 [ 140.547130][ T6553] ? __pfx_path_openat+0x10/0x10 [ 140.547157][ T6553] do_filp_open+0x20b/0x470 [ 140.547179][ T6553] ? __pfx_do_filp_open+0x10/0x10 [ 140.547217][ T6553] ? alloc_fd+0x471/0x7d0 [ 140.547242][ T6553] do_sys_openat2+0x11b/0x1d0 [ 140.547270][ T6553] ? __pfx_do_sys_openat2+0x10/0x10 [ 140.547307][ T6553] __x64_sys_openat+0x174/0x210 [ 140.547340][ T6553] ? __pfx___x64_sys_openat+0x10/0x10 [ 140.547380][ T6553] do_syscall_64+0xcd/0x490 [ 140.547410][ T6553] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 140.547429][ T6553] RIP: 0033:0x7fc706d8eba9 [ 140.547445][ T6553] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 140.547462][ T6553] RSP: 002b:00007fc707ccf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 140.547480][ T6553] RAX: ffffffffffffffda RBX: 00007fc706fd5fa0 RCX: 00007fc706d8eba9 [ 140.547492][ T6553] RDX: 00000000001cb803 RSI: 00002000000001c0 RDI: ffffffffffffff9c [ 140.547503][ T6553] RBP: 00007fc706e11e19 R08: 0000000000000000 R09: 0000000000000000 [ 140.547513][ T6553] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 140.547523][ T6553] R13: 00007fc706fd6038 R14: 00007fc706fd5fa0 R15: 00007ffd1129f368 [ 140.547547][ T6553] [ 140.547564][ T6553] audit: error in audit_log_task_context [ 140.950080][ T30] audit: type=1800 audit(4294967310.572:2): pid=6553 uid=0 auid=4294967295 ses=4294967295 op=collect_data cause=failed comm="syz.1.109" name="dummy_udc" dev="gadgetfs" ino=6976 res=0 errno=0 [ 141.288693][ T6561] netlink: 342 bytes leftover after parsing attributes in process `syz.3.111'. [ 141.298700][ T6561] netlink: 342 bytes leftover after parsing attributes in process `syz.3.111'. [ 141.310456][ T6561] netlink: 342 bytes leftover after parsing attributes in process `syz.3.111'. [ 141.328932][ T6561] netlink: 342 bytes leftover after parsing attributes in process `syz.3.111'. [ 141.811483][ T30] audit: type=1800 audit(4294967311.882:3): pid=6583 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.112" name="features" dev="configfs" ino=10237 res=0 errno=0 [ 143.260052][ T6601] sp0: Synchronizing with TNC [ 143.583613][ T6607] ERROR: Out of memory at tomoyo_memory_ok. [ 143.607474][ T6607] ERROR: Domain ' /sbin/init /etc/init.d/rcS /etc/init.d/S50sshd /sbin/start-stop-daemon /usr/sbin/sshd /usr/libexec/sshd-session /bin/sh /root/syz-executor /root/syz-executor /newroot/29/:,' not defined. [ 143.756116][ T6607] netlink: 8 bytes leftover after parsing attributes in process `syz.2.119'. [ 144.124222][ T6609] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 144.131532][ T6609] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 144.138387][ T6609] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 144.147383][ T6609] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 145.821024][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 146.126350][ T51] Bluetooth: hci1: unexpected event 0x20 length: 123 > 7 [ 146.131726][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 146.210873][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 146.210945][ T5188] Bluetooth: hci2: command 0x0c1a tx timeout [ 147.016026][ T6670] netlink: 12 bytes leftover after parsing attributes in process `syz.1.130'. [ 147.063761][ T6670] ERROR: Out of memory at tomoyo_memory_ok. [ 148.752295][ T6700] synth uevent: /module/intel_ishtp: unknown uevent action string [ 149.013199][ T6707] netlink: 16 bytes leftover after parsing attributes in process `syz.0.137'. [ 149.288747][ T6711] netlink: 28 bytes leftover after parsing attributes in process `syz.1.138'. [ 149.853629][ T6708] netlink: 93 bytes leftover after parsing attributes in process `syz.0.137'. [ 150.236323][ T6719] FAULT_INJECTION: forcing a failure. [ 150.236323][ T6719] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 150.278802][ T6719] CPU: 1 UID: 0 PID: 6719 Comm: syz.3.140 Not tainted syzkaller #0 PREEMPT(full) [ 150.278845][ T6719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 150.278862][ T6719] Call Trace: [ 150.278871][ T6719] [ 150.278882][ T6719] dump_stack_lvl+0x16c/0x1f0 [ 150.278933][ T6719] should_fail_ex+0x512/0x640 [ 150.278985][ T6719] _copy_from_user+0x2e/0xd0 [ 150.279017][ T6719] memdup_user_nul+0x6c/0x120 [ 150.279057][ T6719] evm_write_xattrs+0x1f3/0x8d0 [ 150.279098][ T6719] ? __pfx_evm_write_xattrs+0x10/0x10 [ 150.279157][ T6719] ? __pfx_evm_write_xattrs+0x10/0x10 [ 150.279196][ T6719] vfs_write+0x29d/0x11d0 [ 150.279238][ T6719] ? __pfx___mutex_lock+0x10/0x10 [ 150.279295][ T6719] ? __pfx_vfs_write+0x10/0x10 [ 150.279345][ T6719] ? __fget_files+0x20e/0x3c0 [ 150.279392][ T6719] ksys_write+0x12a/0x250 [ 150.279428][ T6719] ? __pfx_ksys_write+0x10/0x10 [ 150.279478][ T6719] do_syscall_64+0xcd/0x490 [ 150.279529][ T6719] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 150.279560][ T6719] RIP: 0033:0x7faac338eba9 [ 150.279585][ T6719] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 150.279614][ T6719] RSP: 002b:00007faac15f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 150.279644][ T6719] RAX: ffffffffffffffda RBX: 00007faac35d5fa0 RCX: 00007faac338eba9 [ 150.279664][ T6719] RDX: 000000000000001a RSI: 0000000000000000 RDI: 000000000000000b [ 150.279681][ T6719] RBP: 00007faac3411e19 R08: 0000000000000000 R09: 0000000000000000 [ 150.279699][ T6719] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 150.279717][ T6719] R13: 00007faac35d6038 R14: 00007faac35d5fa0 R15: 00007ffd820e9bf8 [ 150.279758][ T6719] [ 150.454343][ T30] audit: type=1806 audit(4294967320.312:4): res=-14 [ 150.759724][ T6723] sp0: Synchronizing with TNC [ 151.444024][ T6732] LfLER: entered promiscuous mode [ 151.556242][ T13] netdevsim netdevsim15 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 151.877015][ T6741] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input16 [ 153.670970][ T6759] netlink: 28 bytes leftover after parsing attributes in process `syz.2.148'. [ 155.135621][ T6779] netlink: 8 bytes leftover after parsing attributes in process `syz.2.151'. [ 155.577208][ T6792] ICMPv6: process `syz.2.153' is using deprecated sysctl (syscall) net.ipv6.neigh.ipvlan1.retrans_time - use net.ipv6.neigh.ipvlan1.retrans_time_ms instead [ 156.671934][ T6811] syz.1.157 uses obsolete (PF_INET,SOCK_PACKET) [ 157.763605][ T6831] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input17 [ 158.242947][ T6835] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 158.249507][ T6835] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 158.256820][ T6835] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 158.269371][ T6835] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 158.604503][ T6834] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input18 [ 159.976964][ T5188] Bluetooth: hci0: command 0x0c1a tx timeout [ 160.291071][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 160.293138][ T5867] Bluetooth: hci1: command 0x0c1a tx timeout [ 160.297161][ T5188] Bluetooth: hci3: command 0x0c1a tx timeout [ 160.471324][ T6860] netlink: 1 bytes leftover after parsing attributes in process `syz.1.167'. [ 161.331342][ T6878] ICMPv6: process `syz.1.172' is using deprecated sysctl (syscall) net.ipv6.neigh.ipvlan1.retrans_time - use net.ipv6.neigh.ipvlan1.retrans_time_ms instead [ 161.685252][ T6885] netlink: 342 bytes leftover after parsing attributes in process `syz.3.173'. [ 161.748470][ T6881] ima: policy update failed [ 161.757260][ T30] audit: type=1802 audit(4294967331.832:5): pid=6881 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.173" res=0 errno=0 [ 167.517977][ T6962] bcachefs: bch2_ioctl_fsck_offline() ret EFAULT [ 168.216391][ T6972] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888078000000 pfn:0x78000 [ 168.235346][ T6972] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 168.243085][ T6972] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 168.253062][ T6972] raw: ffff888078000000 0000000000000000 00000001ffffffff 0000000000000000 [ 168.291104][ T6972] page dumped because: unmovable page [ 168.296541][ T6972] page_owner tracks the page as allocated [ 168.303385][ T6972] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xcc0(GFP_KERNEL), pid 6517, tgid 6517 (syz.0.101), ts 138757749333, free_ts 138717682029 [ 168.326753][ T5220] ERROR: Out of memory at tomoyo_memory_ok. [ 168.340712][ T6972] post_alloc_hook+0x1c0/0x230 [ 168.353359][ T6972] get_page_from_freelist+0x132b/0x38e0 [ 168.359086][ T6972] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 168.365900][ T6972] alloc_pages_bulk_noprof+0x71c/0x1410 [ 168.381081][ T6972] kasan_populate_vmalloc+0xf1/0x1f0 [ 168.398138][ T6972] alloc_vmap_area+0x959/0x29c0 [ 168.431428][ T6972] __get_vm_area_node+0x1ca/0x330 [ 168.450996][ T6972] __vmalloc_node_range_noprof+0x271/0x14b0 [ 168.463777][ T6972] __vmalloc_node_noprof+0xad/0xf0 [ 168.480939][ T6972] copy_process+0x2c70/0x7690 [ 168.500793][ T6972] kernel_clone+0xfc/0x930 [ 168.505297][ T6972] __do_sys_clone3+0x212/0x290 [ 168.510175][ T6972] do_syscall_64+0xcd/0x490 [ 168.523514][ T6972] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.538504][ T6972] page last free pid 6508 tgid 6486 stack trace: [ 168.683571][ T6972] __free_frozen_pages+0x7d5/0x10f0 [ 168.709018][ T6972] tlb_remove_table_rcu+0x116/0x1a0 [ 168.749645][ T6972] rcu_core+0x799/0x1530 [ 168.758649][ T6972] handle_softirqs+0x216/0x8e0 [ 168.768655][ T6972] do_softirq+0xb2/0xf0 [ 168.776858][ T6972] __local_bh_enable_ip+0x100/0x120 [ 168.791242][ T6972] hwsim_exit_net+0x2ef/0x7d0 [ 168.801074][ T6972] ops_undo_list+0x2eb/0xab0 [ 168.805745][ T6972] setup_net+0x1f1/0x380 [ 168.841056][ T6972] copy_net_ns+0x2a6/0x5f0 [ 168.845570][ T6972] create_new_namespaces+0x3ea/0xa90 [ 168.856192][ T6972] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 168.861992][ T6972] ksys_unshare+0x45b/0xa40 [ 168.866540][ T6972] __x64_sys_unshare+0x31/0x40 [ 168.884295][ T6972] do_syscall_64+0xcd/0x490 [ 168.894508][ T6972] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 169.501206][ T6992] kernel read not supported for file /gMQ_g _N{7vGlq wĉu}OUVW.uw.`O:KdYѮaj7nwKQHg[壣%'ϖX:DktހX [$O8 bŹ9F@eMU;$Q8҇ŝ赵DtS^0YJpu (pid: 6992 comm: syz.2.188) [ 169.603846][ T30] audit: type=1800 audit(4294967339.682:6): pid=6992 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.188" name=BEF282E71467B5EE4D5113A25F67BF09FAF25F4EB07BF9B53776EE47D96CBF8671207796D9E9A8E1F0C71F1EC4C4897583E87DBD7F4F91C15556572EB6AD047502772EEC604FC10E15E73AC91B4BCD64590395D1AEC19B969F616AD2FCFC1F37AFCA6EF6C0774BCEE751AEC9486701EFDA5BE5A3A325278FCF96583A04446B747FDE8001DD589188A109C3F1FE5B93244F382062B492F4BCC5B99839FC46ECDC40DDDA654DE055C83BF5E7245138D287DDC59DC5E8B5B5B8DF44D0E8748A53AABEAABA9E5E301AF859F54A700875BA98 dev="mqueue" ino=13402 res=0 errno=0 [ 169.664872][ T6997] ======================================================= [ 169.664872][ T6997] WARNING: The mand mount option has been deprecated and [ 169.664872][ T6997] and is ignored by this kernel. Remove the mand [ 169.664872][ T6997] option from the mount to silence this warning. [ 169.664872][ T6997] ======================================================= [ 170.566502][ T7005] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 171.013971][ T7015] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input19 [ 171.544343][ T7017] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input20 [ 172.968885][ T7037] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input21 [ 173.075360][ T7039] syz.2.196: vmalloc error: size 4096, failed to allocate pages, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 173.261490][ T7039] CPU: 0 UID: 0 PID: 7039 Comm: syz.2.196 Not tainted syzkaller #0 PREEMPT(full) [ 173.261530][ T7039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 173.261547][ T7039] Call Trace: [ 173.261556][ T7039] [ 173.261567][ T7039] dump_stack_lvl+0x16c/0x1f0 [ 173.261617][ T7039] warn_alloc+0x248/0x3a0 [ 173.261649][ T7039] ? __pfx_warn_alloc+0x10/0x10 [ 173.261672][ T7039] ? alloc_pages_mpol+0x25a/0x550 [ 173.261697][ T7039] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 173.261731][ T7039] __vmalloc_node_range_noprof+0x11d4/0x14b0 [ 173.261757][ T7039] ? kernel_clone+0xfc/0x930 [ 173.261787][ T7039] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 173.261813][ T7039] ? kernel_clone+0xfc/0x930 [ 173.261835][ T7039] __vmalloc_node_noprof+0xad/0xf0 [ 173.261853][ T7039] ? kernel_clone+0xfc/0x930 [ 173.261878][ T7039] copy_process+0x2c70/0x7690 [ 173.261901][ T7039] ? __pfx___futex_wait+0x10/0x10 [ 173.261937][ T7039] ? __pfx_copy_process+0x10/0x10 [ 173.261962][ T7039] ? find_held_lock+0x2b/0x80 [ 173.261987][ T7039] kernel_clone+0xfc/0x930 [ 173.262008][ T7039] ? finish_task_switch.isra.0+0x2fa/0xc10 [ 173.262029][ T7039] ? __pfx_kernel_clone+0x10/0x10 [ 173.262065][ T7039] __do_sys_clone+0xce/0x120 [ 173.262090][ T7039] ? __pfx___do_sys_clone+0x10/0x10 [ 173.262113][ T7039] ? __pfx___schedule+0x10/0x10 [ 173.262146][ T7039] ? xfd_validate_state+0x61/0x180 [ 173.262181][ T7039] do_syscall_64+0xcd/0x490 [ 173.262210][ T7039] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 173.262228][ T7039] RIP: 0033:0x7f4cd7b8eba9 [ 173.262243][ T7039] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 173.262261][ T7039] RSP: 002b:00007f4cd8a74038 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 173.262287][ T7039] RAX: ffffffffffffffda RBX: 00007f4cd7dd6180 RCX: 00007f4cd7b8eba9 [ 173.262306][ T7039] RDX: 0000200000000340 RSI: 0000000000000001 RDI: 0000000000000001 [ 173.262331][ T7039] RBP: 00007f4cd7c11e19 R08: 0000000000000000 R09: 0000000000000000 [ 173.262344][ T7039] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 173.262354][ T7039] R13: 00007f4cd7dd6218 R14: 00007f4cd7dd6180 R15: 00007ffc99d69e08 [ 173.262376][ T7039] [ 173.262512][ T7039] Mem-Info: [ 173.493011][ T7039] active_anon:8137 inactive_anon:2519 isolated_anon:0 [ 173.493011][ T7039] active_file:19387 inactive_file:40223 isolated_file:0 [ 173.493011][ T7039] unevictable:768 dirty:882 writeback:0 [ 173.493011][ T7039] slab_reclaimable:11154 slab_unreclaimable:93503 [ 173.493011][ T7039] mapped:29056 shmem:1376 pagetables:1170 [ 173.493011][ T7039] sec_pagetables:0 bounce:0 [ 173.493011][ T7039] kernel_misc_reclaimable:0 [ 173.493011][ T7039] free:1327099 free_pcp:10249 free_cma:0 [ 173.607674][ T7039] Node 0 active_anon:32548kB inactive_anon:11376kB active_file:77416kB inactive_file:160756kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:120460kB dirty:3524kB writeback:0kB shmem:4168kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12036kB pagetables:4528kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 173.672247][ T7039] Node 1 active_anon:0kB inactive_anon:0kB active_file:132kB inactive_file:136kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:64kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:152kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 173.873530][ T7039] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 173.966908][ T7039] lowmem_reserve[]: 0 2480 2481 2481 2481 [ 173.977259][ T7040] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input22 [ 173.987244][ T7039] Node 0 DMA32 free:1400044kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:32500kB inactive_anon:12520kB active_file:76576kB inactive_file:160276kB unevictable:1536kB writepending:3668kB present:3129332kB managed:2539556kB mlocked:0kB bounce:0kB free_pcp:20316kB local_pcp:5476kB free_cma:0kB [ 174.055108][ T7039] lowmem_reserve[]: 0 0 1 1 1 [ 174.067395][ T7039] Node 0 Normal free:8kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:52kB inactive_anon:0kB active_file:840kB inactive_file:480kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 174.120867][ T7039] lowmem_reserve[]: 0 0 0 0 0 [ 174.125643][ T7039] Node 1 Normal free:3892248kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:132kB inactive_file:136kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:17984kB local_pcp:8608kB free_cma:0kB [ 174.223664][ T7039] lowmem_reserve[]: 0 0 0 0 0 [ 174.229084][ T7039] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 174.270515][ T7039] Node 0 DMA32: 154*4kB (ME) 433*8kB (UM) 199*16kB (UM) 368*32kB (UME) 315*64kB (UME) 229*128kB (UME) 120*256kB (UME) 32*512kB (UME) 12*1024kB (UM) 4*2048kB (UM) 308*4096kB (UM) = 1397664kB [ 174.330144][ T7039] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 174.361544][ T7039] Node 1 Normal: 234*4kB (UME) 58*8kB (UME) 48*16kB (UME) 115*32kB (UME) 39*64kB (UME) 11*128kB (UME) 4*256kB (UME) 5*512kB (UM) 2*1024kB (ME) 1*2048kB (E) 946*4096kB (M) = 3892248kB [ 174.416554][ T7039] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 174.480853][ T7039] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 174.523286][ T7039] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 174.584622][ T7039] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 174.600822][ T7039] 60977 total pagecache pages [ 174.605863][ T7039] 0 pages in swap cache [ 174.610045][ T7039] Free swap = 124996kB [ 174.626549][ T7039] Total swap = 124996kB [ 174.636569][ T7039] 2097051 pages RAM [ 174.640400][ T7039] 0 pages HighMem/MovableOnly [ 174.646581][ T7039] 430200 pages reserved [ 174.651182][ T7039] 0 pages cma reserved [ 175.062203][ T7055] netlink: 4 bytes leftover after parsing attributes in process `syz.2.201'. [ 175.110842][ T7058] ICMPv6: process `syz.0.199' is using deprecated sysctl (syscall) net.ipv6.neigh.ipvlan1.retrans_time - use net.ipv6.neigh.ipvlan1.retrans_time_ms instead [ 175.141335][ T7055] netlink: 354 bytes leftover after parsing attributes in process `syz.2.201'. [ 175.899398][ T7056] netlink: 186 bytes leftover after parsing attributes in process `syz.1.200'. [ 175.918700][ T7056] netlink: 338 bytes leftover after parsing attributes in process `syz.1.200'. [ 176.386711][ T7073] random: crng reseeded on system resumption [ 178.189538][ T7098] usb usb28: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 178.297363][ T7095] nbd: socks must be embedded in a SOCK_ITEM attr [ 179.052298][ T7106] ERROR: Out of memory at tomoyo_memory_ok. [ 179.152271][ T7119] ================================================================== [ 179.152284][ T7119] BUG: KASAN: vmalloc-out-of-bounds in sys_imageblit+0x1a6f/0x1e60 [ 179.152313][ T7119] Write of size 8 at addr ffffc90003789000 by task syz.3.212/7119 [ 179.152328][ T7119] [ 179.152336][ T7119] CPU: 0 UID: 0 PID: 7119 Comm: syz.3.212 Not tainted syzkaller #0 PREEMPT(full) [ 179.152357][ T7119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 179.152369][ T7119] Call Trace: [ 179.152376][ T7119] [ 179.152383][ T7119] dump_stack_lvl+0x116/0x1f0 [ 179.152410][ T7119] print_report+0xcd/0x630 [ 179.152433][ T7119] ? __virt_addr_valid+0x81/0x610 [ 179.152459][ T7119] ? sys_imageblit+0x1a6f/0x1e60 [ 179.152478][ T7119] kasan_report+0xe0/0x110 [ 179.152502][ T7119] ? sys_imageblit+0x1a6f/0x1e60 [ 179.152524][ T7119] sys_imageblit+0x1a6f/0x1e60 [ 179.152546][ T7119] ? __pfx_sys_imageblit+0x10/0x10 [ 179.152567][ T7119] ? do_raw_spin_lock+0x12c/0x2b0 [ 179.152596][ T7119] ? find_held_lock+0x2b/0x80 [ 179.152615][ T7119] ? queue_work_on+0x12a/0x1f0 [ 179.152631][ T7119] ? lockdep_hardirqs_on+0x7c/0x110 [ 179.152656][ T7119] ? queue_work_on+0x8b/0x1f0 [ 179.152673][ T7119] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 179.152701][ T7119] bit_putcs+0x90f/0xde0 [ 179.152733][ T7119] ? __pfx_bit_putcs+0x10/0x10 [ 179.152761][ T7119] ? fb_get_color_depth+0x120/0x250 [ 179.152787][ T7119] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 179.152816][ T7119] ? __pfx_bit_putcs+0x10/0x10 [ 179.152842][ T7119] fbcon_putcs+0x384/0x4a0 [ 179.152867][ T7119] do_update_region+0x2e6/0x3f0 [ 179.152889][ T7119] update_region+0xc1/0x160 [ 179.152913][ T7119] vcs_write+0x7c7/0xdb0 [ 179.152938][ T7119] ? __pfx_vcs_write+0x10/0x10 [ 179.152959][ T7119] ? common_file_perm+0x1a9/0x340 [ 179.152982][ T7119] ? bpf_lsm_file_permission+0x9/0x10 [ 179.153009][ T7119] ? security_file_permission+0x71/0x210 [ 179.153034][ T7119] ? rw_verify_area+0xcf/0x6c0 [ 179.153052][ T7119] ? __pfx_vcs_write+0x10/0x10 [ 179.153073][ T7119] vfs_write+0x29d/0x11d0 [ 179.153095][ T7119] ? __pfx_vfs_write+0x10/0x10 [ 179.153114][ T7119] ? find_held_lock+0x2b/0x80 [ 179.153131][ T7119] ? __fget_files+0x204/0x3c0 [ 179.153151][ T7119] ? __fget_files+0x20e/0x3c0 [ 179.153172][ T7119] __x64_sys_pwrite64+0x1eb/0x250 [ 179.153195][ T7119] ? __pfx___x64_sys_pwrite64+0x10/0x10 [ 179.153230][ T7119] do_syscall_64+0xcd/0x490 [ 179.153259][ T7119] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 179.153278][ T7119] RIP: 0033:0x7faac338eba9 [ 179.153292][ T7119] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 179.153310][ T7119] RSP: 002b:00007faac15d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000012 [ 179.153327][ T7119] RAX: ffffffffffffffda RBX: 00007faac35d6090 RCX: 00007faac338eba9 [ 179.153339][ T7119] RDX: 0000000000007b05 RSI: 0000200000000040 RDI: 0000000000000007 [ 179.153350][ T7119] RBP: 00007faac3411e19 R08: 0000000000000000 R09: 0000000000000000 [ 179.153361][ T7119] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 179.153371][ T7119] R13: 00007faac35d6128 R14: 00007faac35d6090 R15: 00007ffd820e9bf8 [ 179.153387][ T7119] [ 179.153394][ T7119] [ 179.153399][ T7119] The buggy address belongs to a 0-page vmalloc region starting at 0xffffc90003489000 allocated at drm_gem_shmem_vmap_locked+0x561/0x7e0 [ 179.153438][ T7119] Memory state around the buggy address: [ 179.153447][ T7119] ffffc90003788f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 179.153459][ T7119] ffffc90003788f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 179.153472][ T7119] >ffffc90003789000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 179.153481][ T7119] ^ [ 179.153490][ T7119] ffffc90003789080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 179.153502][ T7119] ffffc90003789100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 179.153513][ T7119] ================================================================== [ 179.153523][ T7119] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 179.153534][ T7119] CPU: 0 UID: 0 PID: 7119 Comm: syz.3.212 Not tainted syzkaller #0 PREEMPT(full) [ 179.153554][ T7119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 179.153564][ T7119] Call Trace: [ 179.153570][ T7119] [ 179.153576][ T7119] dump_stack_lvl+0x3d/0x1f0 [ 179.153603][ T7119] vpanic+0x6e8/0x7a0 [ 179.153629][ T7119] ? __pfx_vpanic+0x10/0x10 [ 179.153658][ T7119] ? __pfx_vprintk_emit+0x10/0x10 [ 179.153679][ T7119] ? sys_imageblit+0x1a6f/0x1e60 [ 179.153698][ T7119] panic+0xca/0xd0 [ 179.153722][ T7119] ? __pfx_panic+0x10/0x10 [ 179.153751][ T7119] check_panic_on_warn+0xab/0xb0 [ 179.153778][ T7119] end_report+0x107/0x170 [ 179.153800][ T7119] kasan_report+0xee/0x110 [ 179.153824][ T7119] ? sys_imageblit+0x1a6f/0x1e60 [ 179.153846][ T7119] sys_imageblit+0x1a6f/0x1e60 [ 179.153869][ T7119] ? __pfx_sys_imageblit+0x10/0x10 [ 179.153890][ T7119] ? do_raw_spin_lock+0x12c/0x2b0 [ 179.153918][ T7119] ? find_held_lock+0x2b/0x80 [ 179.153937][ T7119] ? queue_work_on+0x12a/0x1f0 [ 179.153953][ T7119] ? lockdep_hardirqs_on+0x7c/0x110 [ 179.153979][ T7119] ? queue_work_on+0x8b/0x1f0 [ 179.153995][ T7119] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 179.154023][ T7119] bit_putcs+0x90f/0xde0 [ 179.154054][ T7119] ? __pfx_bit_putcs+0x10/0x10 [ 179.154084][ T7119] ? fb_get_color_depth+0x120/0x250 [ 179.154108][ T7119] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 179.154137][ T7119] ? __pfx_bit_putcs+0x10/0x10 [ 179.154163][ T7119] fbcon_putcs+0x384/0x4a0 [ 179.154188][ T7119] do_update_region+0x2e6/0x3f0 [ 179.154217][ T7119] update_region+0xc1/0x160 [ 179.154241][ T7119] vcs_write+0x7c7/0xdb0 [ 179.154268][ T7119] ? __pfx_vcs_write+0x10/0x10 [ 179.154289][ T7119] ? common_file_perm+0x1a9/0x340 [ 179.154313][ T7119] ? bpf_lsm_file_permission+0x9/0x10 [ 179.154340][ T7119] ? security_file_permission+0x71/0x210 [ 179.154365][ T7119] ? rw_verify_area+0xcf/0x6c0 [ 179.154384][ T7119] ? __pfx_vcs_write+0x10/0x10 [ 179.154405][ T7119] vfs_write+0x29d/0x11d0 [ 179.154427][ T7119] ? __pfx_vfs_write+0x10/0x10 [ 179.154446][ T7119] ? find_held_lock+0x2b/0x80 [ 179.154463][ T7119] ? __fget_files+0x204/0x3c0 [ 179.154484][ T7119] ? __fget_files+0x20e/0x3c0 [ 179.154506][ T7119] __x64_sys_pwrite64+0x1eb/0x250 [ 179.154528][ T7119] ? __pfx___x64_sys_pwrite64+0x10/0x10 [ 179.154553][ T7119] do_syscall_64+0xcd/0x490 [ 179.154581][ T7119] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 179.154599][ T7119] RIP: 0033:0x7faac338eba9 [ 179.154612][ T7119] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 179.154629][ T7119] RSP: 002b:00007faac15d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000012 [ 179.154646][ T7119] RAX: ffffffffffffffda RBX: 00007faac35d6090 RCX: 00007faac338eba9 [ 179.154657][ T7119] RDX: 0000000000007b05 RSI: 0000200000000040 RDI: 0000000000000007 [ 179.154668][ T7119] RBP: 00007faac3411e19 R08: 0000000000000000 R09: 0000000000000000 [ 179.154679][ T7119] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 179.154689][ T7119] R13: 00007faac35d6128 R14: 00007faac35d6090 R15: 00007ffd820e9bf8 [ 179.154705][ T7119] [ 179.154999][ T7119] Kernel Offset: disabled