last executing test programs: 7.178039806s ago: executing program 3 (id=109): r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tty12\x00', 0x800, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) mmap$auto(0x1, 0x3ff, 0x4000000000df, 0xebe, 0x200000401, 0x8000) unshare$auto(0x40000080) mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x100000000) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_GET_MSRS(r1, 0x4008ae89, &(0x7f0000000040)={0x2, 0x0, [{0x40000010, 0x400, 0x2}]}) setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b) r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x20b42, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r3, 0xc0045002, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f00000003c0)="80e08ca631b90e5e9a4997a0a2f075172c2529fea5d2b4b06119e7cc493e3c68f5e114fe74f6ec1d4e94daec10b05cb281b0922bcba475cea32ccf0eda11471e9c15d15fbcc3bebe4bc005053b7459c5ecbae956634304a2b3c20d024a0df7b468626e493968743cc5ed35ab320b6ffd85d87720f947e83e96c0") setsockopt$auto(r0, 0x7, 0x1000, 0x0, 0x56b) r4 = syz_clone(0x800000, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x6, 0x1, 0x2, 0x40eb1, 0x401, 0x300000000004) setsockopt$auto_SO_MAX_PACING_RATE(r3, 0x3, 0x2f, &(0x7f0000000300)='\xba\xf13\xa4o\xd3\xd2\xe0v\x95\xe6mAk\x90\xa1\xfd\xb0\xe1\xa6W\x85py\x91Q\xe7\xc9\x05\xce\x17\xe6<0e\x12\xe8/\x16\xf0\xd2\xe5\x06[\vFb\xd6\xc0sTv*\xa6\x97\xb4\xcf\xc8d^\xb1\x7f\xeeH\xd2\xa8\xeb\xad\xdfw\xad\x1e\xcf\x13\xd2\xbbh\xb7\xb1\xa2\x14\xbe=Q\xf3\xd6\x85\x8as\x04\x93\x8c3\n\x9e\xcc\xbdP\x89\xee\xa8\x82\x03\x97\xe6^\x85#\x11T\x8dE\xba\nF\xc2\xe2\x06k\xf0~\xa3\x86h\xc2\xb8\xcfk\x1f', 0x5) move_pages$auto(r4, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) bpf$auto_BPF_MAP_CREATE(0x0, &(0x7f0000000140)=@iter_create={r0, 0x4c}, 0x3) mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty0\x00', 0x102, 0x0) write$auto(0x3, 0x0, 0xfffffdef) ioctl$auto(0x3, 0x4b70, 0x38) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0xc00, 0x0) 6.575931956s ago: executing program 3 (id=113): unshare$auto(0x40000080) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) (async) mmap$auto(0x0, 0x2020009, 0xf, 0xeb1, 0xffffffffffffffff, 0x8000) (async) read$auto(0xffffffffffffffff, 0x0, 0x1f40) close_range$auto(0x0, 0xfffffffffffff000, 0x2) (async) r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x2) (async) landlock_create_ruleset$auto(&(0x7f0000000000)={0x6, 0x400, 0x7}, 0x9, 0x0) (async) landlock_restrict_self$auto(r0, 0x0) (async) move_mount$auto(0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x77) (async) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) (async) mincore$auto(0x1000, 0x8001, 0x0) (async) fcntl$auto(0x8000000000000001, 0x26, 0x8) (async) mmap$auto(0x0, 0x2020009, 0x10000000000000a, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) (async) fcntl$auto(0x8000000000000001, 0x26, 0x8) (async) fcntl$auto(0x8000000000000001, 0x26, 0x8) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/uevent_helper\x00', 0x20681, 0x0) (async) mmap$auto(0x0, 0x2020009, 0x9, 0xeb1, 0xfffefffffffffffa, 0x8000) write$auto(0x3, 0x0, 0x100082) (async) stat$auto(0x0, &(0x7f0000000380)={0x4, 0x3, 0x6, 0x3, 0x0, 0x0, 0x0, 0x9, 0x100, 0x4, 0xa, 0xffffffffffffffff, 0x100, 0x401, 0x5f57, 0x80000000, 0x80000001}) (async) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) (async) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x20) (async) io_setup$auto(0xffff, &(0x7f0000000580)) (async) write$auto(0x3, 0x0, 0xfffffdef) 6.428976619s ago: executing program 0 (id=115): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x2000009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, 0x0, 0x1000, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, r0, 0x0) socket(0x2, 0x1, 0x106) open(&(0x7f00000002c0)='./file0\x00', 0x111280, 0x10) socket(0x2, 0x1, 0x0) shutdown$auto(0x200000003, 0x2) r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x40, 0x0) read$auto_proc_iter_file_ops_compat_inode(r1, &(0x7f0000000180)=""/286, 0x11e) mmap$auto(0x0, 0x8, 0x80000000000000df, 0x10004000eb1, 0x8, 0x8000008000) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/adsp1\x00', 0x20342, 0x0) ioctl$auto_SOUND_MIXER_READ_DEVMASK2(r2, 0x80044dfe, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) listen$auto(0x3, 0x3) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, 0x0, 0xa2741, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) getrandom$auto(0x0, 0x6000000, 0x3) r4 = socket(0x15, 0x1, 0x0) r5 = signalfd$auto(r4, &(0x7f0000000000), 0x4) ioctl$auto_KVM_GET_MSRS(r5, 0xc008ae88, &(0x7f0000000040)={0x10000, 0x0, [{0x7a00c888, 0x1, 0xfffffffffffffc88}, {0x2, 0x5, 0x2}, {0x12, 0x7f, 0x1}, {0x9, 0x5, 0x5c89}, {0x7, 0x8, 0x8de7}, {0x3, 0x400, 0x204}]}) setsockopt$auto(r4, 0x114, 0x1d, 0x0, 0x4) futex$auto(0x0, 0x5, 0x9, 0x0, 0x0, 0xffff7fff) 6.155800228s ago: executing program 2 (id=116): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) (async) read$auto_fake_panic_fops_(0xffffffffffffffff, 0x0, 0x0) (async, rerun: 64) r0 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, 0x0, 0x9003, 0x0) (rerun: 64) ioctl$auto_SNDRV_PCM_IOCTL_HW_REFINE2(r0, 0xc2604110, &(0x7f0000000040)={0x6, [{[0x2, 0xf5e, 0x1ff, 0xd, 0x7f, 0x8, 0x4, 0x663d349e]}, {[0x2, 0xa6, 0x5c915993, 0xfffffffd, 0x6, 0xe, 0x80000001, 0x3]}, {[0x2, 0xfffffff4, 0x2, 0x579c8feb, 0x9, 0x6, 0x7, 0xa53]}], [{[0x75d, 0x9, 0x6, 0x17f29ee4, 0x400, 0x7, 0xc, 0x44]}, {[0x1, 0xeade, 0x1, 0x3, 0xf0, 0x5, 0x101, 0x1]}, {[0x7e61, 0x6, 0x7, 0x4, 0x5, 0x5, 0x100, 0x9]}, {[0x4, 0x5, 0x1, 0xfffffff7, 0x5, 0x0, 0xfffffffb, 0x1]}, {[0x3, 0x1000, 0x8, 0x8, 0x2, 0xe8c, 0xf, 0xd403]}], [{0xfffffffa, 0x4, 0x0, 0x0, 0x1, 0x1}, {0x7f, 0x6, 0x1, 0x0, 0x0, 0x1}, {0x3, 0x1, 0x1, 0x0, 0x0, 0x1}, {0x61, 0x1, 0x0, 0x0, 0x0, 0x1}, {0x5, 0x49c5fc8b, 0x0, 0x0, 0x0, 0x1}, {0x7ff, 0x2000007, 0x0, 0x1, 0x1, 0x1}, {0x3, 0x9, 0x0, 0x1, 0x1}, {0x9, 0x6, 0x0, 0x1}, {0x7fd, 0x7, 0x0, 0x1, 0x0, 0x1}, {0x7, 0xfffffffd, 0x1, 0x1, 0x1}, {0x8, 0x4, 0x0, 0x0, 0x1, 0x1}, {0x3, 0x5, 0x1, 0x1, 0x0, 0x1}], [{0xbe, 0xd5, 0x0, 0x1, 0x0, 0x1}, {0xc2, 0x7fffffff, 0x1, 0x1, 0x1}, {0xbd, 0xbb5e, 0x1, 0x0, 0x0, 0x1}, {0x8, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x100, 0x12e800, 0x1, 0x1, 0x1, 0x1}, {0x2, 0xf, 0x0, 0x1, 0x1}, {0xffff, 0x8, 0x0, 0x0, 0x0, 0x1}, {0x9, 0x3, 0x1, 0x1, 0x0, 0x1}, {0x80000000, 0x6, 0x0, 0x1}], 0x100, 0x2, 0x4, 0x9, 0x5, 0x1, 0x8, "938f570ba48ab1df6ea169301a0f4b75", "16fef137d6f6aa1d93e7fd319170d04be4063eb16bddc7a41e5782dfff02104539c9b5e571a002e14933724526d0c013"}) (async, rerun: 32) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/dri/card2\x00', 0x200100, 0x0) (async, rerun: 32) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), r1) sendmsg$auto_ETHTOOL_MSG_TSINFO_GET(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x2c, r2, 0x1, 0x70bd27, 0x25dfdbfd, {}, [@ETHTOOL_A_TSINFO_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20040840}, 0x40000) (async) close_range$auto(0x2, 0x8, 0x0) (async) socket(0xa, 0x5, 0x0) (async) socket(0xa, 0x801, 0x84) (async) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) (async, rerun: 64) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (rerun: 64) msgctl$auto_IPC_INFO(0x100, 0x3, &(0x7f00000012c0)={{0x632, 0xffffffffffffffff, 0xee00, 0x1, 0x5, 0x1, 0x6}, 0x0, 0x0, 0x1b, 0x7, 0x5, 0x7, 0x1, 0xc, 0x7, 0x8, @raw=0xffff}) (async) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) (async) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) (async) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/platform/vkms/drm/card1/card1-Virtual-1/modes\x00', 0x40000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f0000000040)=""/44, 0x2c) (async) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) (async) get_robust_list$auto(0x0, 0x0, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x1102, 0x0) read$auto(0x3, 0x0, 0xfdef) (async) madvise$auto(0x0, 0xffffffffffff0004, 0x19) mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000) 4.789385504s ago: executing program 2 (id=118): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) mmap$auto(0xffffffffffffffff, 0x9b, 0xdf, 0x9b72, 0x2, 0xd) (async) mmap$auto(0x0, 0x20009, 0x7fffffff, 0xeb1, 0x401, 0x8000) (async) mknod$auto(&(0x7f0000000180)=':,\x00', 0xcb, 0xfffffffa) (async) execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0) (async) r0 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) read$auto_uinput_fops_uinput(r0, 0x0, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000004c0)='/sys/devices/virtual/block/loop11/mq/0/nr_tags\x00', 0x8300, 0x0) read$auto(r1, 0x0, 0x400000000020) (async) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/fail-nth\x00', 0x802, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0xe4643, 0x0) (async) mmap$auto(0x0, 0x9, 0xe3, 0xeb1, 0xffffffffffffffff, 0x8000) write$auto(0xffffffffffffffff, 0x0, 0x1ff) (async) r3 = bpf$auto(0xd, &(0x7f0000000040)=@link_detach={r1}, 0x26) geteuid() shmctl$auto_SHM_INFO(0x7, 0xe, 0x0) (async) socket(0x10, 0x2, 0x0) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x1ac}}, 0x40000) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x81, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x101, 0x6, 0xfffffffffffffffe}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}}) mmap$auto(0x0, 0x2, 0xdb, 0x9b72, 0x6, 0x100000000) (async) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) open(0x0, 0x4040, 0x75) (async) socket(0xa, 0x2, 0x3a) (async) connect$auto(0x3, &(0x7f00000018c0)=@l2={0x1f, 0x1000, @any, 0x0, 0x1}, 0x55) fstat$auto(r3, 0x0) 4.689351869s ago: executing program 2 (id=119): openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event2\x00', 0x34d800, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) (async) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) (async) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) (async) r2 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)={0x40, r2, 0x1b, 0x70bd26, 0x25dfdbfd, {}, [@OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_ACTIONS={0xc, 0x3, 0x0, 0x1, [@typed={0x8, 0xc, 0x0, 0x0, @ipv4=@loopback}]}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "898771f1c19f17790485908286dd"}, @OVS_PACKET_ATTR_KEY={0x4}, @OVS_PACKET_ATTR_PROBE={0x4}]}, 0x40}, 0x1, 0x0, 0x0, 0x44000884}, 0xc880) ioctl$auto(0x3, 0xae41, r1) r4 = ioctl$auto_KVM_CREATE_VM(r0, 0xae80, 0x0) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_SNDCTL_DSP_GETOPTR(r4, 0x800c5012, &(0x7f0000000100)="9011e629aea8fae0cc8b3d8102e5b5ea1658384b8526a580f839bf2218b5103063f34aa60123228ce5ccdd0a12ab219a3a39e8e3bfac4557afbc1178eeef9a23a6c0e8dc0a2866fb1d8057dccde2a37bee70c146dafe8100a4a5b3f357d542ce805de141af69dff20c826688b2e92b172e817e83") ioctl$auto(0x3, 0xae41, r5) (async) ioctl$auto(0x3, 0xae41, r5) r6 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptyu3\x00', 0x1, 0x0) ioctl$auto_TIOCSETD2(r6, 0x5423, &(0x7f0000000080)) (async) ioctl$auto_TIOCSETD2(r6, 0x5423, &(0x7f0000000080)) mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x60742, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0xfffffffffffffffe, 0x580f, 0x112f4a03, 0x8000000008011, 0x3, 0x0) getresgid$auto(0x0, 0x0, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xe0002, 0x0) (async) r7 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xe0002, 0x0) close_range$auto(0x2, 0x8, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x2, 0x8) ioctl$auto_SNDCTL_DSP_SETTRIGGER(0xffffffffffffffff, 0x40045010, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2a, 0x2, 0x1) (async) r8 = socket(0x2a, 0x2, 0x1) connect$auto(r8, &(0x7f00000000c0)=@qipcrtr={0x2a, 0xffffffff, 0xfffffffe}, 0x55) (async) connect$auto(r8, &(0x7f00000000c0)=@qipcrtr={0x2a, 0xffffffff, 0xfffffffe}, 0x55) mmap$auto(0x0, 0x9, 0xdf, 0xeb1, r7, 0x8000) sendto$auto(0x3, 0x0, 0x79, 0x0, 0x0, 0x20) writev$auto(0x1, 0x0, 0x1) 4.678503998s ago: executing program 3 (id=120): socket(0x10, 0x2, 0x0) r0 = socket(0x1d, 0x2, 0x6) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'veth1_to_bond\x00'}) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x18, 0x0, 0x1b, 0x70bd25, 0x25dfdbfd, {}, [@OVS_PACKET_ATTR_ACTIONS={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0) read$auto(0x3, 0x0, 0x1f40) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd3/queue/iosched/write_expire\x00', 0x20681, 0x0) r2 = waitid$auto_P_PIDFD(0x3, 0xffffffffffffffff, &(0x7f0000000100)={@_si_pad}, 0x7fff, &(0x7f0000000340)={{0x8, 0x667}, {0xfffffffffffffffd, 0x8a}, 0x0, 0x4, 0x2, 0x9, 0x10, 0x8, 0x5, 0x8000000000000000, 0xbfe6, 0x8, 0x542, 0x58f, 0x1, 0x6}) prctl$auto(0x4202, 0x2000000020001, r2, 0xfffffffffffffffd, 0x10001080) socketpair$auto(0x6, 0x10001, 0x27d6af8e, &(0x7f0000000440)=0x5) write$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f00000000c0)='-7', 0x2) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYBLOB='N'], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x10400, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) ioctl$auto_BLKSECDISCARD(0xffffffffffffffff, 0x127d, 0x0) r3 = getpid() process_vm_readv$auto(r3, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000040)="caa3122c84b34037e4c159dbc6", 0xffffffff}, 0x6, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000480)='/dev/audio1\x00', 0x8102, 0x0) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) r5 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r4, 0x4b72, r5) 4.561237576s ago: executing program 0 (id=121): unlink$auto(&(0x7f0000000000)='./file0\x00') r0 = fanotify_init$auto(0xffffff3c, 0x6) openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cec26\x00', 0x42c900, 0x0) r1 = ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000080)={0x0, "31ed3623e14d7eaaa6ec27f51958cb657caed91fa9422e8237c8f0c5b0269298", @raw=0x5}) r2 = open$auto(&(0x7f00000000c0)='./file1\x00', 0x1ff, 0x1) utime$auto(&(0x7f0000000100)='./file1\x00', &(0x7f0000000140)={0x6, 0x5}) unshare$auto(0x7) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_VHOST_SET_LOG_FD2(r0, 0x4004af07, &(0x7f00000001c0)=r0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r4) io_uring_register$auto_IORING_REGISTER_EVENTFD_ASYNC(r2, 0x7, &(0x7f0000000200)="8220abbefbf8c8ebb5f76c733776890660bf90dec690d3abc0edf5836372f3ecc965f8972d66ad674aad44f0bbe2f09d7790c86828fcc2d3bf097c49cf486e5b86879f53d616ee766378", 0x1) r5 = landlock_create_ruleset$auto(&(0x7f0000000280)={0x1, 0x0, 0x6}, 0x1, 0x9) r6 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000300), r4) sendmsg$auto_NETDEV_CMD_DEV_GET2(r4, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x14, r6, 0x10, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x4048001}, 0x240048e5) r7 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000400)='/dev/snd/midiC2D2\x00', 0x1, 0x0) ioctl$auto_SNDRV_RAWMIDI_IOCTL_PVERSION(r7, 0x80045700, &(0x7f0000000440)=0x1) r8 = open(&(0x7f0000000480)='./file1\x00', 0x800200, 0x18) setsockopt$auto_SO_INCOMING_CPU(r1, 0x6, 0x31, &(0x7f00000004c0)='/dev/snd/midiC2D2\x00', 0x332) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000500)='/proc/mtrr\x00', 0x743441, 0x0) r9 = getsid$auto(0xffffffffffffffff) r10 = syz_clone3(&(0x7f0000000740)={0x101000000, &(0x7f0000000580), &(0x7f00000005c0), &(0x7f0000000600), {0x21}, &(0x7f0000000640)=""/104, 0x68, &(0x7f00000006c0)=""/20, &(0x7f0000000700)=[0x0, 0x0], 0x2, {r4}}, 0x58) r11 = waitid$auto_P_PID(0x1, 0xffffffffffffffff, &(0x7f0000000840)={@siginfo_0_0={0x800, 0x3, 0x3, @_sigfault={&(0x7f00000007c0)="f12e7d7a037a8393ce141d9829198f4aa4c375f8482334c33028a8d36d317ddcc9ae4d3e9f5ee3a705c4d423ab86b9377ef16a0ee441669503d7e710d7343ed3b3983b7a25113e365c3ea4c96dd940", @_perf={0xd, 0x7, 0x7}}}}, 0xc, &(0x7f00000008c0)={{0x0, 0x65f}, {0x5, 0x2}, 0xa5a, 0x2, 0x7, 0x4, 0x3, 0x9, 0x5dd, 0x5, 0x1, 0x8, 0x1, 0x10000000100000, 0x5}) r12 = setfsuid$auto(0xee01) ioctl$auto_XFS_IOC_ALLOCSP64(r0, 0x40305824, &(0x7f0000000980)={0x9, 0x6, 0x7, 0xa, 0xfffff000, 0x0}) r14 = openat$auto_severities_coverage_fops_severity(0xffffffffffffff9c, &(0x7f00000009c0), 0x100, 0x0) r15 = waitid$auto_P_PID(0x1, 0x0, &(0x7f0000000a00)={@_si_pad}, 0x200, &(0x7f0000000a80)={{}, {0x9, 0x5}, 0x2, 0x3, 0x1, 0x1ff, 0x5, 0x6, 0x8000, 0x101, 0x0, 0x3, 0xaa11, 0x1, 0x7}) sendmsg$auto_NLBL_CIPSOV4_C_REMOVE(r3, &(0x7f00000013c0)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000001380)={&(0x7f0000000b40)={0x828, 0x0, 0x200, 0x70bd25, 0x25dfdbff, {}, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xfff}, @NLBL_CIPSOV4_A_TAGLST={0x27f, 0x4, 0x0, 0x1, [@generic="ae28c88211b97bf9829bc53a274cf62203ebd91042e856d417242b1d25200269a6937aed024141cbec620dfffc4511cb8a6739dbd6961cf7844287c0a6695a47faa9e4c1a7161011527b5b9e73ecce99391495af567e", @typed={0x8, 0xee, 0x0, 0x0, @pid=r9}, @typed={0xf, 0x11e, 0x0, 0x0, @str='/proc/mtrr\x00'}, @generic="805a4bc1a085aee48ad41da33fda9f0e08d3ad09a15811c6a23997f9b55d7d1f246b500a10e95070f0208e530b49ad0e5a1df78e4c0592f0954373bc428c9765a0dfb13f34be87258f1ddecf90fe9d53f1e99b56", @generic="db0f4c162d52a24621dbae2fdb84fb8596d5008665a0dc886fcf", @typed={0x8, 0x5e, 0x0, 0x0, @ipv4=@rand_addr=0x64010100}, @typed={0x14, 0x132, 0x0, 0x0, @ipv6=@mcast2}, @generic="98f930c83ff14b5a3596ca87a9aa2d12a2819eaa0405412d8f791dcea78812bcf367a20e8043dd35377993a06f7cf88cd8903c8434cacc6ff8641326ae7539d968a6b65f0830f85172a6867f9d550cc2ee300f09a9047d2156acafd9c80f", @generic="42a4309e09d0a806aae8c1d5691cf6521da98e2c5697d8e53f546969b0abfa247c9066b9912c976934a4ca06ca9fe349fd2beda862dde5789664cafd61e6acf454b7fc1f27a9b9a9500153b6c7a0d4a92c681ecacfc95aa09be832d2072051b4b6505896920cca20c1f304f888e7b5c45bf136b6a9fc3127b15f449ac411d1517bfe50b9957e7ef6e54543a77d67dcb04ec71b56d3ff69fdab5cc56c1655d962876082c9cc0766c1eee0d6edaf9eb4f7d57cf2e7fad31cdccffaaa3e109afd16bca43b340165814a860a27508548593ae219186505680ca561bb9aa7efd66bfc117592325d934e81b2e00d", @generic="7300b49cd862f30908935bfd5a96c1812ae70f3278b03d7f6a2397ed7ac52b1d6f91305370ba0642ac7e9dc7df4618f0dd9cbb78f088d63a5980"]}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5}, @NLBL_CIPSOV4_A_MLSLVLLST={0x214, 0x8, 0x0, 0x1, [@nested={0x1c, 0xb4, 0x0, 0x1, [@typed={0x6, 0xd0, 0x0, 0x0, @str='#\x00'}, @typed={0x8, 0x89, 0x0, 0x0, @ipv4=@private=0xa010101}, @typed={0x8, 0x3a, 0x0, 0x0, @pid=r10}]}, @typed={0x8, 0x4f, 0x0, 0x0, @pid=r11}, @typed={0x8, 0x13, 0x0, 0x0, @ipv4=@local}, @nested={0x103, 0x12c, 0x0, 0x1, [@generic="7c4c5e78a6171eb2ca97eac484bcaf8d0f500e40a501ff6638b2cec3b0e097be91f18161fbd08fb27eb0676ab7f75e3fe70229c11f22f0977b256040efaa24ee7f1f899b5916ab2a37e729fa2272cedd9fa9ea2465d79dca2a0e990821b89fc1ebdf4fc1ee38e373b495ee68b71a4b3121f2f14ca3d91ba4e0dce0abe52533a9a0dae36b720a4ea3c6e59fa2cb481669be298cfbd24764a0b4f47fcefd", @generic="c4272fead255cd62273ea32fc4cda2524aff47064e6dbf1e8b833af5a56c3f8d7670c9a31c74025151aae6f75844f9a89486a9ae", @typed={0x8, 0x101, 0x0, 0x0, @fd=r5}, @typed={0x8, 0x6a, 0x0, 0x0, @uid=r12}, @generic="4fd16e421c6890b6b1935b11c8cfbcc4f9ebd150f29fe32cbcc5", @nested={0x4, 0xbc}]}, @nested={0xdf, 0x143, 0x0, 0x1, [@nested={0x4, 0xec}, @generic="046822a73b71b9fca02e0ead41c18221f7735ec2f9bdc3faa99842279ae89e39a925b58e0ef81444fd228ad222bfad94dba468601a51ff93c7ba403ed25796a75b5f74", @typed={0x8, 0xac, 0x0, 0x0, @u32=0xd718}, @generic="95a34012d727d4c12b4be04ae16669c4c0db4668a438329cb4b3297e3e1bbae7a83a449dc17152e31008fb4fb0765e71ba3610e6cde5d34e026e99b7f5fd09d70e866d656870a7ce5e0d7382bb751b7bfa11748dde0747a40894f53c01a0894b5e5c27d5caf5bed70733c355b832cb2c74fe66c3b6afbecd6992c71356d15a6a", @typed={0x8, 0xf4, 0x0, 0x0, @ipv4=@loopback}, @nested={0x4, 0x16}]}]}, @NLBL_CIPSOV4_A_MLSCAT={0x1d9, 0xb, 0x0, 0x1, [@typed={0x4, 0x1d}, @nested={0xd1, 0x11f, 0x0, 0x1, [@nested={0x4, 0x3b}, @typed={0xc, 0x88, 0x0, 0x0, @u64=0x8000000000000001}, @typed={0x8, 0x2b, 0x0, 0x0, @pid=r13}, @typed={0x8, 0x119, 0x0, 0x0, @u32=0x5}, @nested={0x4, 0xf}, @generic="162549a796858db1e3debb2380ac14801caf88992deab7c19726b3c8446d77c37bed3365c7cf032235a26d8ecbe8de214f18bca3d4e9f752933c43500d486aeadf62cb7061fd647da38cf9d5a6ce7dc5a94cbb0ef4b876fd1970c295bf475505e4906a4de3acf5110aeb33bbc74a8f44dbe858cd5ff37b0e6c5e44dbfafe3f272e273878ba55bab8b0", @nested={0x4, 0x6a}, @generic="9768a4b7ee75e6ef", @typed={0x14, 0x4, 0x0, 0x0, @ipv6=@mcast2}]}, @generic="998c8ada6c55c3b600f24fc312fca1b74ed8cd12c1d8e69dfb93cbdcadd6232a448a9057e563196c0404063e81afa274a8379364cb3a2c033da629018469d88fa907d788c7144db9ddf25efacc50169e3176a57d61", @typed={0x8, 0x110, 0x0, 0x0, @ipv4=@loopback}, @typed={0x8, 0x13f, 0x0, 0x0, @fd=r14}, @typed={0x1b, 0xec, 0x0, 0x0, @binary="08d6538bc4258af350ef3f899d21d0d258fd37b683ae87"}, @typed={0x7a, 0xa4, 0x0, 0x0, @binary="318e5cf6260fb50f6dcb6ccecec36a4c01111b41ba6893c6614e37c25b03d1b9ef9f726788714a6efecd27585a66fdf81df650c1887d0e683bc7d4a8b823a2200368fc299b5e7cfa8848e0fbd14f1ada75ae0c487ea0d131a0aed43e839de3eb438414f588ffa5586d3e8c5a1249da4e2e8f96ee5888"}]}, @NLBL_CIPSOV4_A_TAGLST={0x173, 0x4, 0x0, 0x1, [@generic="1772637e5d407dee93d0f892588d6c9a8f1abe6077d4256a4863a74b528cd7ae24cfd4618f8d726b133fc79c59c89572fef0cfdf801e263abd381e1e273b81c5b8618b9c3cbec1115188b9b822175174e7fb5eb0684fc74bcfdb9399c392f04cf37baa0a471278e6a7238b00365a5b4fa46d0e5f423c9bb44dd4c33f99d3d0486aa3e123e93e887883045be1203d340f5f7814b8bd3568d7b238e49149b09eb2", @nested={0x8, 0x25, 0x0, 0x1, [@nested={0x4, 0x3a}]}, @generic="0c1691423ac8c8697ff3b53f2c09073ee295526e61705d2ff7207327b4cf3e90478f3501b5e08528595b0159898b05ec68f963825e853cb8a2789004f45dea34683ccb82407112c7e8e451a60992b7f3abc0a62185342ec5601f09cb22142ff2d4826ca7e26c84fae39c2c295b47a22a3ecf7ff42a86e2713aaea941b65343735e6303d998fa80e44acb0391b767bc22ce8914cbf44a66c54f48b871ff562bc51557c73b68c48cf9ac7b5f2aea945304f2f9dc18039b219a54ca04711e94cb", @typed={0x8, 0x6c, 0x0, 0x0, @pid=r15}]}, @NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x9}, @NLBL_CIPSOV4_A_MTYPE={0x8}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x8}, @NLBL_CIPSOV4_A_TAG={0x5, 0x3, 0x6}]}, 0x828}, 0x1, 0x0, 0x0, 0x400}, 0x880) r16 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000001440), r0) sendmsg$auto_NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f0000001540)={&(0x7f0000001400)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000001500)={&(0x7f0000001480)={0x48, r16, 0x10, 0x70bd2b, 0x25dfdbfd, {}, [@NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES={0x19, 0xbe, "b27d44be960ee91fc8d55e1c136adcd7fe10fe9b68"}, @NL80211_ATTR_PEER_AID={0x6}, @NL80211_ATTR_NETNS_FD={0x8, 0xdb, r8}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x7}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000805}, 0x4000) sendmsg$auto_ETHTOOL_MSG_STATS_GET(r8, &(0x7f0000001680)={&(0x7f0000001580), 0xc, &(0x7f0000001640)={&(0x7f0000001600)={0x14, 0x0, 0x2, 0x70bd2b, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x14) 4.476296312s ago: executing program 1 (id=122): mmap$auto(0x0, 0x9, 0x2, 0x40eb2, 0x401, 0x300000000000) (async) io_uring_setup$auto(0x6, 0x0) r0 = socket(0xa, 0x5, 0x84) clone$auto(0x21, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x6) (async) r1 = getsockopt$auto(r0, 0x84, 0x1d, 0x0, 0x0) read$auto_proc_iter_file_ops_compat_inode(r1, &(0x7f0000000000)=""/41, 0x29) (async) userfaultfd$auto(0xfea) 4.213820618s ago: executing program 0 (id=123): mmap$auto(0x0, 0x8, 0x1000000004, 0x8b72, 0x2, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) memfd_create$auto(0x0, 0x7) r0 = fcntl$auto(0xff80000000000000, 0x409, 0x3f) fallocate$auto(r0, 0x0, 0x7, 0xb) bpf$auto(0x18, &(0x7f0000000040)=@bpf_attr_5={@target_fd, 0xffffffffffffffff, 0x5, 0x8, 0xffffffffffffffff, @relative_id=0x13, 0x41b5c1ff}, 0x92) r1 = socket(0x8, 0xa, 0xfffffff7) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB='d\x00'], 0x1ac}, 0x1, 0x0, 0x0, 0x44814}, 0x2004c0c4) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000740), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'netdevsim0\x00'}) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x1000000, &(0x7f0000000100)={&(0x7f0000000080), 0x1}, 0x3, &(0x7f0000000180), 0xf, 0xa504}, 0x800}, 0x7, 0x8) 4.137402254s ago: executing program 1 (id=124): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = io_uring_setup$auto(0x6, 0x0) mknod$auto(0x0, 0x1081, 0x3) r1 = open(0x0, 0xa240, 0x15e) close_range$auto(0x2, 0x8, 0x0) syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000040), r1) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00'}) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYRES16=r2, @ANYBLOB="010029bd6938400000423aa0000008000300", @ANYRES32=r4], 0x24}, 0x1, 0x0, 0x0, 0x404c050}, 0x80) r5 = socket(0x2b, 0x1, 0x1) sendmsg$auto_NL80211_CMD_GET_REG(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x48014}, 0x20040000) setsockopt$auto(r5, 0x29, 0x36, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'xfrm0\x00'}) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_macsec(&(0x7f00000001c0), 0xffffffffffffffff) ioperm$auto(0x7, 0x6, 0x2) fstat$auto(0x1, &(0x7f0000001a40)={0x2, 0x3, 0x1, 0x2, 0x3, 0x0, 0x0, 0x6, 0xe, 0x7, 0x7e0, 0x200000000007, 0x7ff, 0xffffffff80000000, 0x7, 0xa, 0x81}) mmap$auto(0x13, 0x2020009, 0x7, 0x800000000000eb4, r6, 0x4) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f00000011c0)='/dev/snd/pcmC0D0p\x00', 0x40, 0x0) mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(r3, 0xffffffffffffffff, 0x40000) socket(0x2, 0x80002, 0x73) socket(0xa, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x0, @rand_addr=0xfffffffe}, 0x55) setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) 3.987753607s ago: executing program 0 (id=125): mmap$auto(0x0, 0x2020009, 0x2000000000000003, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0x3, 0x4, 0x84) r0 = openat$auto_event_inject_fops_trace(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/tracing/events/vmalloc/alloc_vmap_area/inject\x00', 0x143402, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) r1 = socket(0x1e, 0x4, 0x0) setsockopt$auto(r1, 0x10f, 0x87, 0x0, 0x14) select$auto(0x8, &(0x7f0000000040)={[0x9, 0xfffffffffffffff9, 0x100000000, 0x8, 0x84, 0x1, 0x7, 0x3, 0xfffffffffffffffd, 0x0, 0x6, 0x6, 0x5, 0x1, 0x100000001, 0x8]}, 0x0, 0x0, 0x0) writev$auto(r0, &(0x7f0000000000)={0x0, 0x4}, 0x2) 3.68813074s ago: executing program 1 (id=126): r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000040), 0x400000, 0x0) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/exception_policy\x00', 0x480, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x0, 0x5, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, &(0x7f0000000600)='/proc/thread-self/clear_refs\x00', 0x2, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/nr13/mtu\x00', 0x489e80, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0xc01) r1 = ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'veth0\x00', 0x0}) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000140), r4) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2020000}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)={0x98, r5, 0x20, 0x70bd2a, 0x25dfdbfb, {}, [@NL80211_ATTR_WIPHY_COVERAGE_CLASS={0x5, 0x59, 0xc}, @NL80211_ATTR_SAR_SPEC={0xc, 0x12c, 0x0, 0x1, [@NL80211_SAR_ATTR_TYPE={0x8, 0x1, 0xfff}]}, @NL80211_ATTR_MAC={0x69, 0x6, "2c763b642914f87395385f0883e9b8a30b9d59eadec810e666091eac6d9cbee5cbf91555910bab314158accd9ef9588f05ba4e973742d4795aecc389b204f9d8a128eac4d2d98f1cf93e5e4cd9faa16efc31f9571fc2e57da6495564e9c8916fca73505e44"}, @NL80211_ATTR_RECEIVE_MULTICAST={0x4}]}, 0x98}, 0x1, 0x0, 0x0, 0x20040054}, 0x4084) socket(0x2, 0x5, 0x0) sysfs$auto(0x2, 0x9, 0x0) getsockopt$auto(0x6, 0x84, 0x6f, 0x0, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_MACSEC_CMD_ADD_RXSC(r6, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r3, @ANYBLOB="f51b26bd7000fedbdf2513"], 0x14}, 0x1, 0x0, 0x0, 0x8090}, 0x4000) mlockall$auto(0x7) ioctl$auto(r1, 0xae44, 0x38) 3.473163147s ago: executing program 3 (id=127): r0 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) (rerun: 64) setuid$auto(0xe) (async) select$auto(0x7, 0x0, &(0x7f0000000080)={[0x209c, 0xe9e, 0x4, 0x15, 0x1000, 0x47, 0xc, 0xf, 0x0, 0x0, 0xe, 0xd59, 0x101, 0xff, 0x2, 0x3]}, 0x0, 0x0) (async, rerun: 64) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async, rerun: 64) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) (async) r1 = socket(0xa, 0x5, 0x84) getsockopt$auto(r1, 0x84, 0x1f, 0x0, &(0x7f0000000080)=0x49b) (async) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x6, 0x0) (async) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x1000) (async) io_uring_register$auto(0x2, 0x1, 0x0, 0x0) (async, rerun: 64) r2 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0) (rerun: 64) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x20, r2, 0x800, 0x70bd25, 0x25dfdbff, {}, [@HWSIM_ATTR_PERM_ADDR={0xa, 0x16, "000200000000"}]}, 0x20}, 0x1, 0x0, 0x0, 0x41}, 0x4004040) 3.269264827s ago: executing program 2 (id=128): openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/cifs/Stats\x00', 0x28102, 0x0) (async) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0x20000000000000d4, 0x1, 0x6, 0x0, 0x7, 0x368a, 0x2, {0x100000000, 0x10000}, 0x5, 0x8, 0xfffffffffffffffd, 0x1007fff, 0x0, 0x8, 0x7d, 0xdfffffffffff628e, 0x6, 0xdeb1, 0x808}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D1\x00', 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0xa3db) mmap$auto(0x0, 0x10000, 0xffb, 0x8000000008011, 0x3, 0x8000) (async) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$auto(r1, 0x5453, r1) (async) getrandom$auto(0x0, 0x8, 0x7) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff) sendmsg$auto_NBD_CMD_CONNECT(r2, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000001280)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010025bd7000fddbdf2503000000040007800c00020005000000000000000800010007"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x8880) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) (async) madvise$auto(0x110c230000, 0x1, 0x9) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/i8042/serio0/force_release\x00', 0xc2082, 0x0) (async) close_range$auto(0x0, 0xfffffffffffff000, 0x2) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x5, 0x21ea, 0x7ff, 0x3, 0x9, 0x7, 0x2e}, 0x6f4) bpf$auto(0x3, &(0x7f0000000040)=@query={@target_ifindex, 0x4, 0x7, 0x9, 0x6, @prog_cnt=0x4, 0x0, 0x7ffffffc, 0xc, 0xb, 0x1}, 0x7) write$auto(r4, &(0x7f00000004c0)='N\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x7ff) (async) read$auto_proc_iter_file_ops_compat_inode(0xffffffffffffffff, &(0x7f00000007c0)=""/153, 0x99) (async) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0C0F:01/status\x00', 0x80840, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r5, &(0x7f0000000000)=""/46, 0x2e) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x4) (async) statx$auto(0xffffff9c, 0x0, 0x1000, 0x803, 0x0) (async) mmap$auto(0x0, 0x40009, 0x36, 0x9b72, 0x7, 0x28000) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) socket(0x10, 0x2, 0xc) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) 3.207924025s ago: executing program 1 (id=129): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/pid_for_children\x00') socket$nl_generic(0x10, 0x3, 0x10) open(&(0x7f0000000100)='.\x00', 0x40000, 0x0) r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) mmap$auto(0x3, 0x40000a, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) getsockopt$auto(0x3, 0x6, 0xb, 0x0, 0x0) mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x8e051, r0, 0x0) mmap$auto(0x2, 0x20009, 0x4000000004df, 0xeb1, 0x401, 0xffffffff) socket(0xa, 0x1, 0x100) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/all/forwarding\x00', 0x42a81, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/bdi/43:288/max_ratio_fine\x00', 0x10b142, 0x0) sendfile$auto(r1, r2, 0x0, 0x1000200) r3 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000080), 0x54d102, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x2000, 0x0) socket(0x25, 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r4 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) read$auto(r4, 0x0, 0x1f40) r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r5, &(0x7f00000000c0)={0x0, 0xffffffff}, 0x6) ioctl$auto_RTC_WKALM_SET(0xffffffffffffffff, 0x4028700f, 0x0) recvfrom$auto(0x3, 0x0, 0x800000000e, 0xfd, 0x0, 0xfffffffffffffffd) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_SW_SYNC_GET_DEADLINE(r3, 0xc0105702, &(0x7f0000000180)={0x200000000000000, 0x0, r3}) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) 2.988105591s ago: executing program 0 (id=130): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/pcm0p/oss\x00', 0xaa102, 0x0) write$auto(r0, 0x0, 0x7ef) (async) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82040, 0x0) socket(0xa, 0x1, 0x100) (async) ioperm$auto(0x7, 0x5ad2, 0xc) (async, rerun: 32) r1 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) (rerun: 32) pread64$auto(r1, 0x0, 0x7ff, 0x400) socket(0x2, 0x1, 0x0) (async) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) select$auto(0x0, 0x0, 0x0, &(0x7f0000000240)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x400000000000948f, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x3, 0x1, 0x9, 0x1]}, 0x0) (async) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) (async, rerun: 32) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async, rerun: 32) socketpair$auto(0x800001e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) (async) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) (async) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x51) (async) setsockopt$auto(0x3, 0x10000000084, 0x1e, 0x0, 0x8) (async, rerun: 64) setsockopt$auto(0x3, 0x10000000084, 0x1e, 0x0, 0x8) (async, rerun: 64) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x4, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/kernel/kexec_load_disabled\x00', 0x202, 0x0) (async) mmap$auto(0xc, 0x20009, 0x5, 0xeb1, 0x405, 0x8000) (async) unshare$auto(0x40000080) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) madvise$auto(0x0, 0xffffffffffff0004, 0x19) (async) madvise$auto(0x0, 0x200007, 0x19) (async) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x50b41, 0x0) (async) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) 2.617164206s ago: executing program 0 (id=131): prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) (async) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@phonet={0x23, 0x2, 0x3, 0x8}, 0xc0) (async, rerun: 64) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) (async, rerun: 64) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) prctl$auto(0x26, 0x1, 0x0, 0x0, 0x0) clone$auto(0x20003b46, 0x7, 0x0, 0x0, 0x2) (async) socket(0x15, 0x1, 0x0) (async, rerun: 32) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/input/event0\x00', 0x40000, 0x0) (rerun: 32) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/mnt\x00') (async) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) (async) mmap$auto(0x0, 0x0, 0x1000000000005109, 0x14, 0x602, 0x3ffffffffffb) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) (async) madvise$auto(0x0, 0x20499d, 0x9) (async) setsockopt$auto(r0, 0x6, 0x3, &(0x7f0000000040)='/dev/ram7\x00', 0x8) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, r0, 0x8000) (async) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x48140, 0x0) ioctl$auto(r2, 0x541d, 0xffffffffffffffff) madvise$auto(0x0, 0xffffffffffff0001, 0x15) (async) madvise$auto(0x0, 0x2, 0x2) (async) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) (async) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) (async) sendmmsg$auto(0x3, 0x0, 0x787b, 0x7000000) (async) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) 2.532806218s ago: executing program 2 (id=132): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) select$auto(0x7, 0x0, &(0x7f0000000080)={[0x209c, 0xe9e, 0x4, 0x15, 0x1000, 0x47, 0xc, 0xf, 0x0, 0x0, 0xe, 0xd59, 0x101, 0xff, 0x2, 0x3]}, 0x0, 0x0) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x1000) io_uring_register$auto(0x2, 0x1, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x1e, 0x4, 0x0) r1 = socket(0x1e, 0x4, 0x1) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r1, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) recvmmsg$auto(0x4, &(0x7f0000000200)={{0x0, 0x4, &(0x7f0000000140)={0x0, 0x4da}, 0x4, 0x0, 0x8, 0x800}, 0x1000}, 0xffffffff, 0x0, 0x0) shutdown$auto(r0, 0xc3a) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 2.224614248s ago: executing program 3 (id=133): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x2000009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, 0x0, 0x1000, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, r0, 0x0) socket(0x2, 0x1, 0x106) open(&(0x7f00000002c0)='./file0\x00', 0x111280, 0x18) socket(0x2, 0x1, 0x0) shutdown$auto(0x200000003, 0x2) r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x40, 0x0) read$auto_proc_iter_file_ops_compat_inode(r1, &(0x7f0000000180)=""/286, 0x11e) mmap$auto(0x0, 0x8, 0x80000000000000df, 0x10004000eb1, 0x8, 0x8000008000) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/adsp1\x00', 0x20342, 0x0) ioctl$auto_SOUND_MIXER_READ_DEVMASK2(r2, 0x80044dfe, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) (fail_nth: 11) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) listen$auto(0x3, 0x3) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, 0x0, 0xa2741, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) getrandom$auto(0x0, 0x6000000, 0x3) r4 = socket(0x15, 0x1, 0x0) r5 = signalfd$auto(r4, &(0x7f0000000000), 0x4) ioctl$auto_KVM_GET_MSRS(r5, 0xc008ae88, &(0x7f0000000040)={0x10000, 0x0, [{0x7a00c888, 0x1, 0xfffffffffffffc88}, {0x2, 0x5, 0x2}, {0x12, 0x7f, 0x1}, {0x9, 0x5, 0x5c89}, {0x7, 0x8, 0x8de7}, {0x3, 0x400, 0x204}]}) setsockopt$auto(r4, 0x114, 0x1d, 0x0, 0x4) futex$auto(0x0, 0x5, 0x9, 0x0, 0x0, 0xffff7fff) 1.881388668s ago: executing program 1 (id=134): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = io_uring_setup$auto(0x6, 0x0) mknod$auto(0x0, 0x1081, 0x3) r1 = open(0x0, 0xa240, 0x15e) close_range$auto(0x2, 0x8, 0x0) syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000040), r1) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00'}) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYRES16=r2, @ANYBLOB="010029bd6938400000423aa0000008000300", @ANYRES32=r4], 0x24}, 0x1, 0x0, 0x0, 0x404c050}, 0x80) r5 = socket(0x2b, 0x1, 0x1) sendmsg$auto_NL80211_CMD_GET_REG(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x48014}, 0x20040000) setsockopt$auto(r5, 0x29, 0x36, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'xfrm0\x00'}) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_macsec(&(0x7f00000001c0), 0xffffffffffffffff) ioperm$auto(0x7, 0x6, 0x2) fstat$auto(0x1, &(0x7f0000001a40)={0x2, 0x3, 0x1, 0x2, 0x3, 0x0, 0x0, 0x6, 0xe, 0x7, 0x7e0, 0x200000000007, 0x7ff, 0xffffffff80000000, 0x7, 0xa, 0x81}) mmap$auto(0x13, 0x2020009, 0x7, 0x800000000000eb4, r6, 0x4) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f00000011c0)='/dev/snd/pcmC0D0p\x00', 0x40, 0x0) mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(r3, 0xffffffffffffffff, 0x40000) socket(0x2, 0x80002, 0x73) socket(0xa, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x0, @rand_addr=0xfffffffe}, 0x55) setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) 1.189730971s ago: executing program 2 (id=135): socket(0x10, 0x2, 0x0) r0 = socket(0x1d, 0x2, 0x6) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'veth1_to_bond\x00'}) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x18, 0x0, 0x1b, 0x70bd25, 0x25dfdbfd, {}, [@OVS_PACKET_ATTR_ACTIONS={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0) read$auto(0x3, 0x0, 0x1f40) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd3/queue/iosched/write_expire\x00', 0x20681, 0x0) r2 = waitid$auto_P_PIDFD(0x3, 0xffffffffffffffff, &(0x7f0000000100)={@_si_pad}, 0x7fff, &(0x7f0000000340)={{0x8, 0x667}, {0xfffffffffffffffd, 0x8a}, 0x0, 0x4, 0x2, 0x9, 0x10, 0x8, 0x5, 0x8000000000000000, 0xbfe6, 0x8, 0x542, 0x58f, 0x1, 0x6}) prctl$auto(0x4202, 0x2000000020001, r2, 0xfffffffffffffffd, 0x10001080) socketpair$auto(0x6, 0x10001, 0x27d6af8e, &(0x7f0000000440)=0x5) write$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f00000000c0)='-7', 0x2) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYBLOB='N'], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x10400, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) ioctl$auto_BLKSECDISCARD(0xffffffffffffffff, 0x127d, 0x0) r3 = getpid() process_vm_readv$auto(r3, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000040)="caa3122c84b34037e4c159dbc6", 0xffffffff}, 0x6, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000480)='/dev/audio1\x00', 0x8102, 0x0) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) r5 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r4, 0x4b72, r5) 654.505947ms ago: executing program 3 (id=136): mkdir$auto(&(0x7f0000000040)='./file0\x00', 0x2) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x2) landlock_create_ruleset$auto(&(0x7f0000000000)={0x6, 0x400, 0x7}, 0x9, 0x0) landlock_restrict_self$auto(r0, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x8000, 0x70) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x40000}, 0x80) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/001/001\x00', 0x29202, 0x0) ioctl$auto(0x3, 0x541b, 0x7f) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000080)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x4000000000007, 0xa505}, 0x800}, 0x4, 0x4008) r2 = socket(0x29, 0x2, 0x0) r3 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) recvmmsg$auto(r3, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0) setuid$auto(0xe) ioctl$auto(r2, 0x89f1, 0x24) mknodat$auto(r1, &(0x7f00000003c0)='./file0\x00', 0xfff, 0xfffffff8) renameat2$auto(r1, &(0x7f0000000200)='./file0\x00', r1, &(0x7f0000000240)='./file1\x00', 0x1) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000280), r0) sendmsg$auto_NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f0000000400)={&(0x7f00000001c0), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x74, r4, 0x8, 0x70bd26, 0x25dfdbfd, {}, [@NL80211_ATTR_CNTDWN_OFFS_BEACON={0x18, 0xba, "b97a3d25909eb36e9721bf3b7e51c5106415dcc6"}, @NL80211_ATTR_WIPHY_FREQ_HINT={0x8, 0xc9, 0x800}, @NL80211_ATTR_VHT_CAPABILITY_MASK={0x10, 0xb0, "8a075da562b33b1916db42a7"}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "ab4e0e303cad621f0a9480755c8e0e92503f9c26ff7b1da6"}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x4}, @NL80211_ATTR_KEY_DEFAULT_TYPES={0x4}, @NL80211_ATTR_STA_PLINK_STATE={0x5, 0x74, 0x8}]}, 0x74}, 0x1, 0x0, 0x0, 0x40040c1}, 0x20008804) r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="011d3da4420008bd7100f9db5f250200000000000010"], 0x24}, 0x1, 0x0, 0x0, 0x404c0c0}, 0x80) r6 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r6, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) r7 = openat$dir(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x8000, 0x70) mknodat$auto(r7, &(0x7f00000003c0)='./file0\x00', 0xfff, 0xfffffff8) renameat2$auto(r7, &(0x7f0000000200)='./file0\x00', r7, &(0x7f0000000240)='./file1\x00', 0x2) 0s ago: executing program 1 (id=137): socket(0x9, 0x6, 0x4) r0 = openat$auto_ima_measure_policy_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) pread64$auto(r0, 0x0, 0x4, 0x80000000000006) bpf$auto_BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x2) r1 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r1, &(0x7f0000000440)="671d264add69b6440843b6e6688a2b5ad9df2669e6f9cd236532b20ed763ac8caf4bde4c30b530ac6ebbff950e1a647d6a08a1b55dde5a409b4d", 0x3a) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.15' (ED25519) to the list of known hosts. [ 98.500236][ T5821] cgroup: Unknown subsys name 'net' [ 98.659034][ T5821] cgroup: Unknown subsys name 'cpuset' [ 98.669282][ T5821] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 100.505949][ T5821] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 102.295902][ T10] cfg80211: failed to load regulatory.db [ 102.868747][ T5844] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 102.876652][ T5844] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 102.885784][ T5844] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 102.893571][ T5844] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 102.901600][ T5844] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 102.909210][ T5844] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 102.918281][ T5844] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 102.925888][ T5844] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 102.934045][ T5844] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 102.938235][ T5846] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 102.950833][ T5842] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 102.956516][ T5847] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 102.966372][ T5844] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 102.967611][ T5847] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 102.980862][ T5849] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 102.984243][ T5847] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 102.996296][ T5847] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 103.003840][ T5847] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 103.012683][ T5847] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 103.016417][ T5848] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 103.519804][ T5835] chnl_net:caif_netlink_parms(): no params data found [ 103.580855][ T5833] chnl_net:caif_netlink_parms(): no params data found [ 103.888161][ T5835] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.896533][ T5835] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.904881][ T5835] bridge_slave_0: entered allmulticast mode [ 103.912445][ T5835] bridge_slave_0: entered promiscuous mode [ 103.940288][ T5834] chnl_net:caif_netlink_parms(): no params data found [ 103.952504][ T5833] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.959789][ T5833] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.967263][ T5833] bridge_slave_0: entered allmulticast mode [ 103.975017][ T5833] bridge_slave_0: entered promiscuous mode [ 103.983170][ T5835] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.990530][ T5835] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.998302][ T5835] bridge_slave_1: entered allmulticast mode [ 104.006335][ T5835] bridge_slave_1: entered promiscuous mode [ 104.014331][ T5832] chnl_net:caif_netlink_parms(): no params data found [ 104.038680][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.046447][ T5833] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.053727][ T5833] bridge_slave_1: entered allmulticast mode [ 104.061185][ T5833] bridge_slave_1: entered promiscuous mode [ 104.108064][ T5835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 104.172922][ T5835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 104.199647][ T5833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 104.212326][ T5833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 104.340936][ T5835] team0: Port device team_slave_0 added [ 104.365906][ T5833] team0: Port device team_slave_0 added [ 104.421325][ T5835] team0: Port device team_slave_1 added [ 104.470857][ T5833] team0: Port device team_slave_1 added [ 104.507112][ T5834] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.514576][ T5834] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.521979][ T5834] bridge_slave_0: entered allmulticast mode [ 104.529612][ T5834] bridge_slave_0: entered promiscuous mode [ 104.552003][ T5832] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.559281][ T5832] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.566896][ T5832] bridge_slave_0: entered allmulticast mode [ 104.574616][ T5832] bridge_slave_0: entered promiscuous mode [ 104.582935][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 104.590210][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.616962][ T5833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 104.629328][ T5834] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.636985][ T5834] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.644380][ T5834] bridge_slave_1: entered allmulticast mode [ 104.651784][ T5834] bridge_slave_1: entered promiscuous mode [ 104.660516][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 104.667585][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.695761][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 104.707528][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.714920][ T5832] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.722145][ T5832] bridge_slave_1: entered allmulticast mode [ 104.730366][ T5832] bridge_slave_1: entered promiscuous mode [ 104.738228][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 104.745554][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.771606][ T5833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 104.803525][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 104.810829][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.836926][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 104.890760][ T5832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 104.936201][ T5832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 104.964719][ T5834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 105.004706][ T5847] Bluetooth: hci1: command tx timeout [ 105.025999][ T5834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 105.040842][ T5835] hsr_slave_0: entered promiscuous mode [ 105.048728][ T5835] hsr_slave_1: entered promiscuous mode [ 105.073332][ T5832] team0: Port device team_slave_0 added [ 105.084870][ T5847] Bluetooth: hci2: command tx timeout [ 105.084884][ T51] Bluetooth: hci3: command tx timeout [ 105.085066][ T51] Bluetooth: hci0: command tx timeout [ 105.124447][ T5834] team0: Port device team_slave_0 added [ 105.137060][ T5833] hsr_slave_0: entered promiscuous mode [ 105.143535][ T5833] hsr_slave_1: entered promiscuous mode [ 105.149992][ T5833] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 105.158447][ T5833] Cannot create hsr debugfs directory [ 105.166780][ T5832] team0: Port device team_slave_1 added [ 105.193331][ T5834] team0: Port device team_slave_1 added [ 105.265556][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 105.272653][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.298698][ T5834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 105.346748][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 105.353744][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.380777][ T5834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 105.407579][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 105.414680][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.440846][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 105.491547][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 105.498794][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.525259][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 105.680810][ T5834] hsr_slave_0: entered promiscuous mode [ 105.687873][ T5834] hsr_slave_1: entered promiscuous mode [ 105.694259][ T5834] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 105.701855][ T5834] Cannot create hsr debugfs directory [ 105.730809][ T5832] hsr_slave_0: entered promiscuous mode [ 105.737592][ T5832] hsr_slave_1: entered promiscuous mode [ 105.744287][ T5832] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 105.751886][ T5832] Cannot create hsr debugfs directory [ 106.073325][ T5833] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 106.088358][ T5833] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 106.121920][ T5833] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 106.151096][ T5833] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 106.232245][ T5834] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 106.268715][ T5834] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 106.289509][ T5834] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 106.320290][ T5834] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 106.360061][ T5835] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 106.376698][ T5835] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 106.399025][ T5835] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 106.437977][ T5835] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 106.517977][ T5832] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 106.531476][ T5832] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 106.562008][ T5832] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 106.585389][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.596132][ T5832] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 106.657043][ T5833] 8021q: adding VLAN 0 to HW filter on device team0 [ 106.714138][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.721443][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 106.732582][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.739751][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 106.804740][ T5834] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.826561][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.907027][ T5834] 8021q: adding VLAN 0 to HW filter on device team0 [ 106.917494][ T5835] 8021q: adding VLAN 0 to HW filter on device team0 [ 106.956719][ T1036] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.964098][ T1036] bridge0: port 1(bridge_slave_0) entered forwarding state [ 106.987029][ T3023] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.994274][ T3023] bridge0: port 2(bridge_slave_1) entered forwarding state [ 107.018163][ T1036] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.025415][ T1036] bridge0: port 1(bridge_slave_0) entered forwarding state [ 107.090315][ T1036] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.097615][ T1036] bridge0: port 2(bridge_slave_1) entered forwarding state [ 107.098755][ T51] Bluetooth: hci1: command tx timeout [ 107.165256][ T51] Bluetooth: hci0: command tx timeout [ 107.165275][ T5848] Bluetooth: hci2: command tx timeout [ 107.170731][ T51] Bluetooth: hci3: command tx timeout [ 107.232860][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0 [ 107.337548][ T5832] 8021q: adding VLAN 0 to HW filter on device team0 [ 107.362926][ T3023] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.370213][ T3023] bridge0: port 1(bridge_slave_0) entered forwarding state [ 107.420584][ T3023] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.427813][ T3023] bridge0: port 2(bridge_slave_1) entered forwarding state [ 107.578946][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 107.758862][ T5833] veth0_vlan: entered promiscuous mode [ 107.791735][ T5833] veth1_vlan: entered promiscuous mode [ 107.870093][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 107.952914][ T5834] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 107.999870][ T5833] veth0_macvtap: entered promiscuous mode [ 108.028715][ T5833] veth1_macvtap: entered promiscuous mode [ 108.090419][ T5835] veth0_vlan: entered promiscuous mode [ 108.113297][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 108.138929][ T5835] veth1_vlan: entered promiscuous mode [ 108.159562][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 108.181572][ T5833] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.190594][ T5833] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.200018][ T5833] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.209173][ T5833] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.220967][ T5834] veth0_vlan: entered promiscuous mode [ 108.242632][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 108.285201][ T5834] veth1_vlan: entered promiscuous mode [ 108.337201][ T5835] veth0_macvtap: entered promiscuous mode [ 108.356443][ T5835] veth1_macvtap: entered promiscuous mode [ 108.432128][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.438623][ T5834] veth0_macvtap: entered promiscuous mode [ 108.453371][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.477357][ T5834] veth1_macvtap: entered promiscuous mode [ 108.534715][ T3023] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.546630][ T5832] veth0_vlan: entered promiscuous mode [ 108.555687][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 108.563019][ T3023] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.565828][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 108.595394][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 108.613369][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 108.638969][ T5835] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.648701][ T5835] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.658205][ T5835] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.667269][ T5835] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.683086][ T5832] veth1_vlan: entered promiscuous mode [ 108.696588][ T5834] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.706230][ T5834] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.715268][ T5834] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.724326][ T5834] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.752397][ T5833] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 108.942585][ T5832] veth0_macvtap: entered promiscuous mode [ 109.029594][ T5832] veth1_macvtap: entered promiscuous mode [ 109.046475][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.069473][ T1036] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.085101][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.107486][ T1036] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.155677][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 109.167793][ T51] Bluetooth: hci1: command tx timeout [ 109.180060][ T30] audit: type=1800 audit(1749117934.829:2): pid=5903 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.5" name="features" dev="configfs" ino=5801 res=0 errno=0 [ 109.206068][ T1036] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.222307][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 109.231189][ T1036] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.244053][ T51] Bluetooth: hci2: command tx timeout [ 109.244073][ T5847] Bluetooth: hci0: command tx timeout [ 109.249509][ T5848] Bluetooth: hci3: command tx timeout [ 109.292004][ T5832] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.300947][ T5832] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.311092][ T5832] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.319872][ T5832] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.401743][ T3511] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.425038][ T3511] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.489575][ T5906] Zero length message leads to an empty skb [ 109.774752][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.792594][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.953099][ T1036] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.977443][ T1036] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.139870][ T5848] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 111.139902][ T5848] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 111.156126][ T5848] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 111.156173][ T5848] Bluetooth: hci0: adv larger than maximum supported [ 111.163338][ T5848] Bluetooth: hci0: Unknown advertising packet type: 0x72 [ 111.171580][ T5848] Bluetooth: hci0: Unknown advertising packet type: 0x72 [ 111.178874][ T5848] Bluetooth: hci0: adv larger than maximum supported [ 111.187007][ T5848] Bluetooth: hci0: Malformed LE Event: 0x0d [ 111.245630][ T5848] Bluetooth: hci1: command tx timeout [ 111.325394][ T5848] Bluetooth: hci0: command tx timeout [ 111.330860][ T51] Bluetooth: hci3: command tx timeout [ 111.330892][ T5847] Bluetooth: hci2: command tx timeout [ 112.373357][ T5965] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input5 [ 113.534966][ T5968] CIFS: VFS: Invalid SecurityFlags: [ 113.544319][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 113.604695][ T5998] FAULT_INJECTION: forcing a failure. [ 113.604695][ T5998] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 113.654969][ T5998] CPU: 0 UID: 0 PID: 5998 Comm: syz.2.20 Not tainted 6.15.0-syzkaller-11802-g1af80d00e1e0 #0 PREEMPT(full) [ 113.655013][ T5998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 113.655036][ T5998] Call Trace: [ 113.655050][ T5998] [ 113.655065][ T5998] dump_stack_lvl+0x16c/0x1f0 [ 113.655122][ T5998] should_fail_ex+0x512/0x640 [ 113.655163][ T5998] _copy_from_user+0x2e/0xd0 [ 113.655204][ T5998] copy_msghdr_from_user+0x98/0x160 [ 113.655237][ T5998] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 113.655275][ T5998] ? kfree+0x24f/0x4d0 [ 113.655315][ T5998] ? __lock_acquire+0x622/0x1c90 [ 113.655366][ T5998] ___sys_recvmsg+0xdb/0x1a0 [ 113.655397][ T5998] ? __pfx____sys_recvmsg+0x10/0x10 [ 113.655451][ T5998] ? __pfx___might_resched+0x10/0x10 [ 113.655492][ T5998] do_recvmmsg+0x2fe/0x750 [ 113.655528][ T5998] ? __pfx_do_recvmmsg+0x10/0x10 [ 113.655566][ T5998] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 113.655609][ T5998] ? __fget_files+0x20e/0x3c0 [ 113.655673][ T5998] __x64_sys_recvmmsg+0x22a/0x280 [ 113.655707][ T5998] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 113.655750][ T5998] do_syscall_64+0xcd/0x490 [ 113.655784][ T5998] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.655816][ T5998] RIP: 0033:0x7fdd8078e929 [ 113.655844][ T5998] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 113.655872][ T5998] RSP: 002b:00007fdd81684038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 113.655901][ T5998] RAX: ffffffffffffffda RBX: 00007fdd809b6080 RCX: 00007fdd8078e929 [ 113.655924][ T5998] RDX: 0000000000010000 RSI: 0000000000000000 RDI: 0000000000000003 [ 113.655941][ T5998] RBP: 00007fdd81684090 R08: 0000000000000000 R09: 0000000000000000 [ 113.655960][ T5998] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 113.655978][ T5998] R13: 0000000000000000 R14: 00007fdd809b6080 R15: 00007ffe2614f518 [ 113.656018][ T5998] [ 113.663292][ T5997] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 114.129424][ T5999] futex_wake_op: syz.2.20 tries to shift op by -9; fix this program [ 114.218835][ T5997] futex_wake_op: syz.0.21 tries to shift op by -9; fix this program [ 114.564277][ T0] NOHZ tick-stop error: local softirq work is pending, handler #340!!! [ 114.664399][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 115.054593][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 115.063320][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 115.071976][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 115.305409][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 115.318684][ T6011] futex_wake_op: syz.1.23 tries to shift op by -9; fix this program [ 115.599746][ T0] NOHZ tick-stop error: local softirq work is pending, handler #242!!! [ 115.921373][ T6024] FAULT_INJECTION: forcing a failure. [ 115.921373][ T6024] name failslab, interval 1, probability 0, space 0, times 1 [ 115.984247][ T6024] CPU: 0 UID: 0 PID: 6024 Comm: syz.2.24 Not tainted 6.15.0-syzkaller-11802-g1af80d00e1e0 #0 PREEMPT(full) [ 115.984290][ T6024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 115.984308][ T6024] Call Trace: [ 115.984318][ T6024] [ 115.984330][ T6024] dump_stack_lvl+0x16c/0x1f0 [ 115.984389][ T6024] should_fail_ex+0x512/0x640 [ 115.984423][ T6024] ? __kmalloc_noprof+0xbf/0x510 [ 115.984475][ T6024] ? sk_prot_alloc+0x1a8/0x2a0 [ 115.984510][ T6024] should_failslab+0xc2/0x120 [ 115.984541][ T6024] __kmalloc_noprof+0xd2/0x510 [ 115.984587][ T6024] ? trace_cap_capable+0x18d/0x200 [ 115.984633][ T6024] sk_prot_alloc+0x1a8/0x2a0 [ 115.984672][ T6024] sk_alloc+0x36/0xc20 [ 115.984721][ T6024] caif_create+0x10b/0x430 [ 115.984769][ T6024] __sock_create+0x335/0x8d0 [ 115.984816][ T6024] __sys_socket+0x14d/0x260 [ 115.984858][ T6024] ? __pfx___sys_socket+0x10/0x10 [ 115.984898][ T6024] ? xfd_validate_state+0x61/0x180 [ 115.984937][ T6024] ? __pfx_ksys_write+0x10/0x10 [ 115.985010][ T6024] __x64_sys_socket+0x72/0xb0 [ 115.985051][ T6024] ? lockdep_hardirqs_on+0x7c/0x110 [ 115.985103][ T6024] do_syscall_64+0xcd/0x490 [ 115.985137][ T6024] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.985171][ T6024] RIP: 0033:0x7fdd8078e929 [ 115.985195][ T6024] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 115.985236][ T6024] RSP: 002b:00007fdd81663038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 115.985266][ T6024] RAX: ffffffffffffffda RBX: 00007fdd809b6160 RCX: 00007fdd8078e929 [ 115.985286][ T6024] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000025 [ 115.985305][ T6024] RBP: 00007fdd80810b39 R08: 0000000000000000 R09: 0000000000000000 [ 115.985324][ T6024] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 115.985342][ T6024] R13: 0000000000000000 R14: 00007fdd809b6160 R15: 00007ffe2614f518 [ 115.985382][ T6024] [ 116.804353][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 117.480943][ T6045] sctp: Changing rto_alpha or rto_beta may lead to suboptimal rtt/srtt estimations! [ 117.895610][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 118.569084][ T6055] FAULT_INJECTION: forcing a failure. [ 118.569084][ T6055] name failslab, interval 1, probability 0, space 0, times 0 [ 118.598445][ T6065] FAULT_INJECTION: forcing a failure. [ 118.598445][ T6065] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 118.611716][ T6065] CPU: 0 UID: 0 PID: 6065 Comm: syz.2.34 Not tainted 6.15.0-syzkaller-11802-g1af80d00e1e0 #0 PREEMPT(full) [ 118.611757][ T6065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 118.611775][ T6065] Call Trace: [ 118.611785][ T6065] [ 118.611796][ T6065] dump_stack_lvl+0x16c/0x1f0 [ 118.611853][ T6065] should_fail_ex+0x512/0x640 [ 118.611896][ T6065] _copy_from_user+0x2e/0xd0 [ 118.611938][ T6065] copy_msghdr_from_user+0x98/0x160 [ 118.611971][ T6065] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 118.612018][ T6065] ? kfree+0x24f/0x4d0 [ 118.612060][ T6065] ? __lock_acquire+0x622/0x1c90 [ 118.612109][ T6065] ___sys_recvmsg+0xdb/0x1a0 [ 118.612141][ T6065] ? __pfx____sys_recvmsg+0x10/0x10 [ 118.612197][ T6065] ? __pfx___might_resched+0x10/0x10 [ 118.612240][ T6065] do_recvmmsg+0x2fe/0x750 [ 118.612277][ T6065] ? __pfx_do_recvmmsg+0x10/0x10 [ 118.612317][ T6065] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 118.612364][ T6065] ? __fget_files+0x20e/0x3c0 [ 118.612420][ T6065] __x64_sys_recvmmsg+0x22a/0x280 [ 118.612456][ T6065] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 118.612502][ T6065] do_syscall_64+0xcd/0x490 [ 118.612538][ T6065] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.612570][ T6065] RIP: 0033:0x7fdd8078e929 [ 118.612595][ T6065] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 118.612625][ T6065] RSP: 002b:00007fdd81684038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 118.612661][ T6065] RAX: ffffffffffffffda RBX: 00007fdd809b6080 RCX: 00007fdd8078e929 [ 118.612682][ T6065] RDX: 0000000000010000 RSI: 0000000000000000 RDI: 0000000000000003 [ 118.612700][ T6065] RBP: 00007fdd81684090 R08: 0000000000000000 R09: 0000000000000000 [ 118.612719][ T6065] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 118.612736][ T6065] R13: 0000000000000000 R14: 00007fdd809b6080 R15: 00007ffe2614f518 [ 118.612777][ T6065] [ 118.809389][ T6055] CPU: 1 UID: 0 PID: 6055 Comm: syz.0.31 Not tainted 6.15.0-syzkaller-11802-g1af80d00e1e0 #0 PREEMPT(full) [ 118.809428][ T6055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 118.809442][ T6055] Call Trace: [ 118.809449][ T6055] [ 118.809458][ T6055] dump_stack_lvl+0x16c/0x1f0 [ 118.809501][ T6055] should_fail_ex+0x512/0x640 [ 118.809526][ T6055] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 118.809562][ T6055] should_failslab+0xc2/0x120 [ 118.809586][ T6055] __kmalloc_cache_noprof+0x6a/0x3e0 [ 118.809618][ T6055] ? ip_vs_protocol_net_init+0xbe/0x300 [ 118.809655][ T6055] ip_vs_protocol_net_init+0xbe/0x300 [ 118.809691][ T6055] __ip_vs_init+0x239/0x520 [ 118.809714][ T6055] ? __pfx___ip_vs_init+0x10/0x10 [ 118.809735][ T6055] ops_init+0x1df/0x5f0 [ 118.809762][ T6055] setup_net+0x1ff/0x510 [ 118.809785][ T6055] ? lockdep_init_map_type+0x5c/0x280 [ 118.809818][ T6055] ? __pfx_setup_net+0x10/0x10 [ 118.809844][ T6055] ? debug_mutex_init+0x37/0x70 [ 118.809869][ T6055] copy_net_ns+0x2a6/0x5f0 [ 118.809900][ T6055] create_new_namespaces+0x3ea/0xa90 [ 118.809932][ T6055] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 118.809960][ T6055] ksys_unshare+0x45b/0xa40 [ 118.809994][ T6055] ? __pfx_ksys_unshare+0x10/0x10 [ 118.810027][ T6055] ? xfd_validate_state+0x61/0x180 [ 118.810067][ T6055] __x64_sys_unshare+0x31/0x40 [ 118.810098][ T6055] do_syscall_64+0xcd/0x490 [ 118.810123][ T6055] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.810146][ T6055] RIP: 0033:0x7ffa7198e929 [ 118.810163][ T6055] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 118.810184][ T6055] RSP: 002b:00007ffa7276a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 118.810210][ T6055] RAX: ffffffffffffffda RBX: 00007ffa71bb5fa0 RCX: 00007ffa7198e929 [ 118.810226][ T6055] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 118.810246][ T6055] RBP: 00007ffa71a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 118.810261][ T6055] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 118.810274][ T6055] R13: 0000000000000000 R14: 00007ffa71bb5fa0 R15: 00007ffd193c0468 [ 118.810303][ T6055] [ 119.031194][ C1] vkms_vblank_simulate: vblank timer overrun [ 119.367018][ T6066] futex_wake_op: syz.2.34 tries to shift op by -9; fix this program [ 120.991425][ T6098] process 'syz.1.43' launched ':,' with NULL argv: empty string added [ 121.062864][ T6098] FAULT_INJECTION: forcing a failure. [ 121.062864][ T6098] name failslab, interval 1, probability 0, space 0, times 0 [ 121.078874][ T6098] CPU: 1 UID: 0 PID: 6098 Comm: syz.1.43 Not tainted 6.15.0-syzkaller-11802-g1af80d00e1e0 #0 PREEMPT(full) [ 121.078915][ T6098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 121.078934][ T6098] Call Trace: [ 121.078944][ T6098] [ 121.078956][ T6098] dump_stack_lvl+0x16c/0x1f0 [ 121.079023][ T6098] should_fail_ex+0x512/0x640 [ 121.079061][ T6098] ? __kmalloc_noprof+0xbf/0x510 [ 121.079114][ T6098] ? __register_sysctl_table+0xea2/0x1900 [ 121.079144][ T6098] should_failslab+0xc2/0x120 [ 121.079176][ T6098] __kmalloc_noprof+0xd2/0x510 [ 121.079224][ T6098] ? __register_sysctl_table+0xe8e/0x1900 [ 121.079268][ T6098] __register_sysctl_table+0xea2/0x1900 [ 121.079308][ T6098] ? __pfx___register_sysctl_table+0x10/0x10 [ 121.079338][ T6098] ? is_module_address+0x69/0xf0 [ 121.079383][ T6098] ? register_net_sysctl_sz+0x228/0x3e0 [ 121.079431][ T6098] __devinet_sysctl_register+0x1b9/0x360 [ 121.079483][ T6098] ? __pfx___devinet_sysctl_register+0x10/0x10 [ 121.079532][ T6098] ? devinet_init_net+0xeb/0x910 [ 121.079577][ T6098] ? __asan_memcpy+0x3c/0x60 [ 121.079626][ T6098] devinet_init_net+0x315/0x910 [ 121.079673][ T6098] ? __pfx_devinet_init_net+0x10/0x10 [ 121.079718][ T6098] ops_init+0x1df/0x5f0 [ 121.079757][ T6098] setup_net+0x1ff/0x510 [ 121.079791][ T6098] ? lockdep_init_map_type+0x5c/0x280 [ 121.079836][ T6098] ? __pfx_setup_net+0x10/0x10 [ 121.079871][ T6098] ? debug_mutex_init+0x37/0x70 [ 121.079906][ T6098] copy_net_ns+0x2a6/0x5f0 [ 121.079942][ T6098] create_new_namespaces+0x3ea/0xa90 [ 121.079977][ T6098] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 121.080018][ T6098] ksys_unshare+0x45b/0xa40 [ 121.080056][ T6098] ? __pfx_ksys_unshare+0x10/0x10 [ 121.080095][ T6098] ? ksys_mmap_pgoff+0x85/0x5c0 [ 121.080136][ T6098] __x64_sys_unshare+0x31/0x40 [ 121.080169][ T6098] do_syscall_64+0xcd/0x490 [ 121.080196][ T6098] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.080225][ T6098] RIP: 0033:0x7f2619b8e929 [ 121.080249][ T6098] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 121.080278][ T6098] RSP: 002b:00007f261aadd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 121.080303][ T6098] RAX: ffffffffffffffda RBX: 00007f2619db5fa0 RCX: 00007f2619b8e929 [ 121.080321][ T6098] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 121.080338][ T6098] RBP: 00007f2619c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 121.080355][ T6098] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 121.080371][ T6098] R13: 0000000000000000 R14: 00007f2619db5fa0 R15: 00007fff459ab8c8 [ 121.080406][ T6098] [ 121.082733][ T6096] ubi0: attaching mtd0 [ 121.114017][ T6098] sysctl could not get directory: [ 121.280385][ T6096] ubi0: scanning is finished [ 121.299890][ T6098] /net/ipv4 -12 [ 121.383729][ T6096] ubi0: empty MTD device detected [ 122.135355][ T6096] ubi0 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt0d", error -4 [ 122.608675][ T6118] Invalid ELF header magic: != ELF [ 122.700922][ T6119] FAULT_INJECTION: forcing a failure. [ 122.700922][ T6119] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 122.714297][ T6119] CPU: 0 UID: 0 PID: 6119 Comm: syz.2.46 Not tainted 6.15.0-syzkaller-11802-g1af80d00e1e0 #0 PREEMPT(full) [ 122.714336][ T6119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 122.714353][ T6119] Call Trace: [ 122.714364][ T6119] [ 122.714376][ T6119] dump_stack_lvl+0x16c/0x1f0 [ 122.714434][ T6119] should_fail_ex+0x512/0x640 [ 122.714478][ T6119] _copy_from_user+0x2e/0xd0 [ 122.714520][ T6119] copy_msghdr_from_user+0x98/0x160 [ 122.714553][ T6119] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 122.714592][ T6119] ? kfree+0x24f/0x4d0 [ 122.714633][ T6119] ? __lock_acquire+0x622/0x1c90 [ 122.714691][ T6119] ___sys_recvmsg+0xdb/0x1a0 [ 122.714723][ T6119] ? __pfx____sys_recvmsg+0x10/0x10 [ 122.714778][ T6119] ? __pfx___might_resched+0x10/0x10 [ 122.714820][ T6119] do_recvmmsg+0x2fe/0x750 [ 122.714858][ T6119] ? __pfx_do_recvmmsg+0x10/0x10 [ 122.714898][ T6119] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 122.714945][ T6119] ? __fget_files+0x20e/0x3c0 [ 122.715000][ T6119] __x64_sys_recvmmsg+0x22a/0x280 [ 122.715035][ T6119] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 122.715082][ T6119] do_syscall_64+0xcd/0x490 [ 122.715117][ T6119] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.715149][ T6119] RIP: 0033:0x7fdd8078e929 [ 122.715173][ T6119] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 122.715203][ T6119] RSP: 002b:00007fdd81684038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 122.715233][ T6119] RAX: ffffffffffffffda RBX: 00007fdd809b6080 RCX: 00007fdd8078e929 [ 122.715253][ T6119] RDX: 0000000000010000 RSI: 0000000000000000 RDI: 0000000000000003 [ 122.715271][ T6119] RBP: 00007fdd81684090 R08: 0000000000000000 R09: 0000000000000000 [ 122.715289][ T6119] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 122.715307][ T6119] R13: 0000000000000000 R14: 00007fdd809b6080 R15: 00007ffe2614f518 [ 122.715348][ T6119] [ 123.158045][ T6119] futex_wake_op: syz.2.46 tries to shift op by -9; fix this program [ 123.214565][ T6122] netlink: 8 bytes leftover after parsing attributes in process `syz.1.47'. [ 123.367853][ T6123] Invalid ELF header magic: != ELF [ 123.427526][ T6122] .SR: entered promiscuous mode [ 124.401540][ T6127] netlink: 98 bytes leftover after parsing attributes in process `syz.1.48'. [ 124.431863][ T6127] netlink: 2 bytes leftover after parsing attributes in process `syz.1.48'. [ 125.077333][ T6142] random: crng reseeded on system resumption [ 125.164208][ T6138] syz.0.52 uses obsolete (PF_INET,SOCK_PACKET) [ 126.934808][ T5847] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 130.171906][ T6228] netlink: 8 bytes leftover after parsing attributes in process `syz.0.73'. [ 131.538088][ T6249] FAULT_INJECTION: forcing a failure. [ 131.538088][ T6249] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 131.551336][ T6249] CPU: 0 UID: 0 PID: 6249 Comm: syz.0.77 Not tainted 6.15.0-syzkaller-11802-g1af80d00e1e0 #0 PREEMPT(full) [ 131.551373][ T6249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 131.551390][ T6249] Call Trace: [ 131.551400][ T6249] [ 131.551411][ T6249] dump_stack_lvl+0x16c/0x1f0 [ 131.551468][ T6249] should_fail_ex+0x512/0x640 [ 131.551499][ T6249] _copy_from_user+0x2e/0xd0 [ 131.551529][ T6249] copy_msghdr_from_user+0x98/0x160 [ 131.551552][ T6249] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 131.551580][ T6249] ? kfree+0x24f/0x4d0 [ 131.551609][ T6249] ? __lock_acquire+0x622/0x1c90 [ 131.551645][ T6249] ___sys_recvmsg+0xdb/0x1a0 [ 131.551667][ T6249] ? __pfx____sys_recvmsg+0x10/0x10 [ 131.551706][ T6249] ? __pfx___might_resched+0x10/0x10 [ 131.551737][ T6249] do_recvmmsg+0x2fe/0x750 [ 131.551763][ T6249] ? __pfx_do_recvmmsg+0x10/0x10 [ 131.551791][ T6249] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 131.551823][ T6249] ? __fget_files+0x20e/0x3c0 [ 131.551881][ T6249] __x64_sys_recvmmsg+0x22a/0x280 [ 131.551907][ T6249] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 131.551939][ T6249] do_syscall_64+0xcd/0x490 [ 131.551964][ T6249] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.551992][ T6249] RIP: 0033:0x7ffa7198e929 [ 131.552010][ T6249] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 131.552032][ T6249] RSP: 002b:00007ffa72749038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 131.552053][ T6249] RAX: ffffffffffffffda RBX: 00007ffa71bb6080 RCX: 00007ffa7198e929 [ 131.552068][ T6249] RDX: 0000000000010000 RSI: 0000000000000000 RDI: 0000000000000003 [ 131.552082][ T6249] RBP: 00007ffa72749090 R08: 0000000000000000 R09: 0000000000000000 [ 131.552096][ T6249] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 131.552109][ T6249] R13: 0000000000000000 R14: 00007ffa71bb6080 R15: 00007ffd193c0468 [ 131.552138][ T6249] [ 132.182315][ T6249] futex_wake_op: syz.0.77 tries to shift op by -9; fix this program [ 133.345028][ T6267] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 135.238891][ T6301] FAULT_INJECTION: forcing a failure. [ 135.238891][ T6301] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 135.255713][ T6301] CPU: 0 UID: 0 PID: 6301 Comm: syz.1.89 Not tainted 6.15.0-syzkaller-11802-g1af80d00e1e0 #0 PREEMPT(full) [ 135.255755][ T6301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 135.255773][ T6301] Call Trace: [ 135.255784][ T6301] [ 135.255795][ T6301] dump_stack_lvl+0x16c/0x1f0 [ 135.255853][ T6301] should_fail_ex+0x512/0x640 [ 135.255897][ T6301] _copy_from_user+0x2e/0xd0 [ 135.255937][ T6301] copy_msghdr_from_user+0x98/0x160 [ 135.255970][ T6301] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 135.256009][ T6301] ? kfree+0x24f/0x4d0 [ 135.256050][ T6301] ? __lock_acquire+0x622/0x1c90 [ 135.256100][ T6301] ___sys_recvmsg+0xdb/0x1a0 [ 135.256132][ T6301] ? __pfx____sys_recvmsg+0x10/0x10 [ 135.256187][ T6301] ? __pfx___might_resched+0x10/0x10 [ 135.256230][ T6301] do_recvmmsg+0x2fe/0x750 [ 135.256267][ T6301] ? __pfx_do_recvmmsg+0x10/0x10 [ 135.256308][ T6301] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 135.256354][ T6301] ? __fget_files+0x20e/0x3c0 [ 135.256410][ T6301] __x64_sys_recvmmsg+0x22a/0x280 [ 135.256445][ T6301] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 135.256493][ T6301] do_syscall_64+0xcd/0x490 [ 135.256528][ T6301] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 135.256561][ T6301] RIP: 0033:0x7f2619b8e929 [ 135.256586][ T6301] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 135.256615][ T6301] RSP: 002b:00007f261aabc038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 135.256644][ T6301] RAX: ffffffffffffffda RBX: 00007f2619db6080 RCX: 00007f2619b8e929 [ 135.256665][ T6301] RDX: 0000000000010000 RSI: 0000000000000000 RDI: 0000000000000003 [ 135.256683][ T6301] RBP: 00007f261aabc090 R08: 0000000000000000 R09: 0000000000000000 [ 135.256714][ T6301] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 135.256732][ T6301] R13: 0000000000000000 R14: 00007f2619db6080 R15: 00007fff459ab8c8 [ 135.256774][ T6301] [ 135.643509][ T6304] futex_wake_op: syz.1.89 tries to shift op by -9; fix this program [ 137.660429][ T6329] random: crng reseeded on system resumption [ 139.397986][ T6359] FAULT_INJECTION: forcing a failure. [ 139.397986][ T6359] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 139.412518][ T6359] CPU: 0 UID: 0 PID: 6359 Comm: syz.2.102 Not tainted 6.15.0-syzkaller-11802-g1af80d00e1e0 #0 PREEMPT(full) [ 139.412556][ T6359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 139.412570][ T6359] Call Trace: [ 139.412578][ T6359] [ 139.412586][ T6359] dump_stack_lvl+0x16c/0x1f0 [ 139.412629][ T6359] should_fail_ex+0x512/0x640 [ 139.412659][ T6359] _copy_from_user+0x2e/0xd0 [ 139.412688][ T6359] copy_msghdr_from_user+0x98/0x160 [ 139.412712][ T6359] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 139.412739][ T6359] ? kfree+0x24f/0x4d0 [ 139.412768][ T6359] ? __lock_acquire+0x622/0x1c90 [ 139.412804][ T6359] ___sys_recvmsg+0xdb/0x1a0 [ 139.412826][ T6359] ? __pfx____sys_recvmsg+0x10/0x10 [ 139.412864][ T6359] ? __pfx___might_resched+0x10/0x10 [ 139.412894][ T6359] do_recvmmsg+0x2fe/0x750 [ 139.412920][ T6359] ? __pfx_do_recvmmsg+0x10/0x10 [ 139.412948][ T6359] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 139.412980][ T6359] ? __fget_files+0x20e/0x3c0 [ 139.413020][ T6359] __x64_sys_recvmmsg+0x22a/0x280 [ 139.413047][ T6359] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 139.413079][ T6359] do_syscall_64+0xcd/0x490 [ 139.413102][ T6359] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 139.413124][ T6359] RIP: 0033:0x7fdd8078e929 [ 139.413141][ T6359] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 139.413162][ T6359] RSP: 002b:00007fdd81684038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 139.413183][ T6359] RAX: ffffffffffffffda RBX: 00007fdd809b6080 RCX: 00007fdd8078e929 [ 139.413197][ T6359] RDX: 0000000000010000 RSI: 0000000000000000 RDI: 0000000000000003 [ 139.413210][ T6359] RBP: 00007fdd81684090 R08: 0000000000000000 R09: 0000000000000000 [ 139.413223][ T6359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 139.413237][ T6359] R13: 0000000000000000 R14: 00007fdd809b6080 R15: 00007ffe2614f518 [ 139.413270][ T6359] [ 140.054506][ T6362] futex_wake_op: syz.2.102 tries to shift op by -9; fix this program [ 140.228720][ T6363] futex_wake_op: syz.1.103 tries to shift op by -9; fix this program [ 141.682331][ T6392] [ 141.682630][ T6392] XFmSv3[;'/Vex~| z#$'9,JΫ@xW\Q6iLLT [ 141.682630][ T6392] sNp+F5!ubM[zK/LB!f[7*$NnvW^Yʳz)hR [ 142.726007][ T6418] futex_wake_op: syz.0.115 tries to shift op by -9; fix this program [ 143.257020][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 143.281526][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 146.229380][ T6490] FAULT_INJECTION: forcing a failure. [ 146.229380][ T6490] name failslab, interval 1, probability 0, space 0, times 0 [ 146.374512][ T6490] CPU: 1 UID: 0 PID: 6490 Comm: syz.1.129 Not tainted 6.15.0-syzkaller-11802-g1af80d00e1e0 #0 PREEMPT(full) [ 146.374557][ T6490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 146.374576][ T6490] Call Trace: [ 146.374587][ T6490] [ 146.374599][ T6490] dump_stack_lvl+0x16c/0x1f0 [ 146.374657][ T6490] should_fail_ex+0x512/0x640 [ 146.374703][ T6490] ? __kmalloc_noprof+0xbf/0x510 [ 146.374758][ T6490] ? drm_atomic_state_init+0x17b/0x320 [ 146.374803][ T6490] should_failslab+0xc2/0x120 [ 146.374835][ T6490] __kmalloc_noprof+0xd2/0x510 [ 146.374896][ T6490] drm_atomic_state_init+0x17b/0x320 [ 146.374944][ T6490] ? __kasan_kmalloc+0xaa/0xb0 [ 146.374994][ T6490] drm_atomic_state_alloc+0xd3/0x120 [ 146.375042][ T6490] drm_client_modeset_commit_atomic+0xcc/0x7e0 [ 146.375092][ T6490] ? __pfx___might_resched+0x10/0x10 [ 146.375129][ T6490] ? rcu_is_watching+0x12/0xc0 [ 146.375161][ T6490] ? trace_contention_end+0xdd/0x130 [ 146.375208][ T6490] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 146.375302][ T6490] drm_client_modeset_commit_locked+0x14d/0x580 [ 146.375356][ T6490] drm_client_modeset_commit+0x4f/0x80 [ 146.375405][ T6490] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 146.375449][ T6490] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 146.375483][ T6490] drm_fbdev_client_restore+0x2c/0x40 [ 146.375514][ T6490] drm_client_dev_restore+0x1f6/0x2a0 [ 146.375569][ T6490] drm_release+0x2c4/0x360 [ 146.375613][ T6490] ? __pfx_drm_release+0x10/0x10 [ 146.375654][ T6490] __fput+0x3ff/0xb70 [ 146.375706][ T6490] task_work_run+0x150/0x240 [ 146.375758][ T6490] ? __pfx_task_work_run+0x10/0x10 [ 146.375810][ T6490] ? __pfx___do_sys_close_range+0x10/0x10 [ 146.375874][ T6490] exit_to_user_mode_loop+0xeb/0x110 [ 146.375928][ T6490] do_syscall_64+0x3f6/0x490 [ 146.375966][ T6490] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 146.376000][ T6490] RIP: 0033:0x7f2619b8e929 [ 146.376027][ T6490] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 146.376058][ T6490] RSP: 002b:00007f261aabc038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 146.376089][ T6490] RAX: 0000000000000000 RBX: 00007f2619db6080 RCX: 00007f2619b8e929 [ 146.376110][ T6490] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 146.376129][ T6490] RBP: 00007f2619c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 146.376148][ T6490] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 146.376166][ T6490] R13: 0000000000000000 R14: 00007f2619db6080 R15: 00007fff459ab8c8 [ 146.376211][ T6490] [ 146.640386][ C1] vkms_vblank_simulate: vblank timer overrun [ 147.015289][ T6502] FAULT_INJECTION: forcing a failure. [ 147.015289][ T6502] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 147.073732][ T6502] CPU: 1 UID: 0 PID: 6502 Comm: syz.3.133 Not tainted 6.15.0-syzkaller-11802-g1af80d00e1e0 #0 PREEMPT(full) [ 147.073780][ T6502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 147.073798][ T6502] Call Trace: [ 147.073808][ T6502] [ 147.073819][ T6502] dump_stack_lvl+0x16c/0x1f0 [ 147.073882][ T6502] should_fail_ex+0x512/0x640 [ 147.073925][ T6502] _copy_from_user+0x2e/0xd0 [ 147.073964][ T6502] copy_msghdr_from_user+0x98/0x160 [ 147.073996][ T6502] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 147.074034][ T6502] ? kfree+0x24f/0x4d0 [ 147.074075][ T6502] ? __lock_acquire+0x622/0x1c90 [ 147.074124][ T6502] ___sys_recvmsg+0xdb/0x1a0 [ 147.074153][ T6502] ? __pfx____sys_recvmsg+0x10/0x10 [ 147.074209][ T6502] ? __pfx___might_resched+0x10/0x10 [ 147.074251][ T6502] do_recvmmsg+0x2fe/0x750 [ 147.074288][ T6502] ? __pfx_do_recvmmsg+0x10/0x10 [ 147.074328][ T6502] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 147.074374][ T6502] ? __fget_files+0x20e/0x3c0 [ 147.074431][ T6502] __x64_sys_recvmmsg+0x22a/0x280 [ 147.074467][ T6502] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 147.074513][ T6502] do_syscall_64+0xcd/0x490 [ 147.074547][ T6502] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 147.074578][ T6502] RIP: 0033:0x7f00e698e929 [ 147.074602][ T6502] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 147.074632][ T6502] RSP: 002b:00007f00e78a1038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 147.074661][ T6502] RAX: ffffffffffffffda RBX: 00007f00e6bb5fa0 RCX: 00007f00e698e929 [ 147.074681][ T6502] RDX: 0000000000010000 RSI: 0000000000000000 RDI: 0000000000000003 [ 147.074699][ T6502] RBP: 00007f00e78a1090 R08: 0000000000000000 R09: 0000000000000000 [ 147.074717][ T6502] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 147.074735][ T6502] R13: 0000000000000000 R14: 00007f00e6bb5fa0 R15: 00007ffe2f1d3708 [ 147.074775][ T6502] [ 147.658165][ T6502] futex_wake_op: syz.3.133 tries to shift op by -9; fix this program [ 149.082415][ T6521] ================================================================== [ 149.082434][ T6521] BUG: KASAN: vmalloc-out-of-bounds in sys_fillrect+0x15d4/0x17b0 [ 149.082501][ T6521] Write of size 8 at addr ffffc900039d0000 by task syz.1.137/6521 [ 149.082527][ T6521] [ 149.082541][ T6521] CPU: 0 UID: 0 PID: 6521 Comm: syz.1.137 Not tainted 6.15.0-syzkaller-11802-g1af80d00e1e0 #0 PREEMPT(full) [ 149.082579][ T6521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 149.082598][ T6521] Call Trace: [ 149.082609][ T6521] [ 149.082621][ T6521] dump_stack_lvl+0x116/0x1f0 [ 149.082677][ T6521] print_report+0xcd/0x680 [ 149.082707][ T6521] ? __virt_addr_valid+0x81/0x610 [ 149.082746][ T6521] ? sys_fillrect+0x15d4/0x17b0 [ 149.082794][ T6521] kasan_report+0xe0/0x110 [ 149.082826][ T6521] ? sys_fillrect+0x15d4/0x17b0 [ 149.082880][ T6521] sys_fillrect+0x15d4/0x17b0 [ 149.082935][ T6521] ? __pfx_sys_fillrect+0x10/0x10 [ 149.082996][ T6521] ? __pfx_bit_putcs+0x10/0x10 [ 149.083032][ T6521] ? bit_cursor+0xeca/0x17e0 [ 149.083073][ T6521] drm_fbdev_shmem_defio_fillrect+0x22/0x140 [ 149.083127][ T6521] bit_clear+0x17d/0x220 [ 149.083164][ T6521] ? __pfx_bit_clear+0x10/0x10 [ 149.083202][ T6521] ? __pfx___might_resched+0x10/0x10 [ 149.083235][ T6521] ? fb_get_color_depth+0x120/0x250 [ 149.083270][ T6521] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 149.083320][ T6521] ? __pfx_bit_clear+0x10/0x10 [ 149.083357][ T6521] __fbcon_clear+0x603/0x780 [ 149.083397][ T6521] fbcon_scroll+0x48b/0x690 [ 149.083433][ T6521] con_scroll+0x45f/0x690 [ 149.083492][ T6521] do_con_write+0x6869/0x7c90 [ 149.083544][ T6521] ? __pfx_do_con_write+0x10/0x10 [ 149.083594][ T6521] con_write+0x23/0xb0 [ 149.083632][ T6521] n_tty_write+0x40f/0x1160 [ 149.083686][ T6521] ? __pfx_n_tty_write+0x10/0x10 [ 149.083731][ T6521] ? rcu_is_watching+0x12/0xc0 [ 149.083766][ T6521] ? __pfx_woken_wake_function+0x10/0x10 [ 149.083816][ T6521] ? kfree+0x24f/0x4d0 [ 149.083853][ T6521] ? file_tty_write.constprop.0+0x6ef/0x9b0 [ 149.083894][ T6521] ? __pfx_n_tty_write+0x10/0x10 [ 149.083939][ T6521] file_tty_write.constprop.0+0x501/0x9b0 [ 149.083982][ T6521] redirected_tty_write+0xd4/0x150 [ 149.084021][ T6521] vfs_write+0x6c7/0x1150 [ 149.084066][ T6521] ? __pfx_redirected_tty_write+0x10/0x10 [ 149.084107][ T6521] ? __pfx_vfs_write+0x10/0x10 [ 149.084150][ T6521] ? find_held_lock+0x2b/0x80 [ 149.084194][ T6521] ksys_write+0x12a/0x250 [ 149.084240][ T6521] ? __pfx_ksys_write+0x10/0x10 [ 149.084291][ T6521] do_syscall_64+0xcd/0x490 [ 149.084323][ T6521] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 149.084354][ T6521] RIP: 0033:0x7f2619b8e929 [ 149.084378][ T6521] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 149.084409][ T6521] RSP: 002b:00007f261aadd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 149.084438][ T6521] RAX: ffffffffffffffda RBX: 00007f2619db5fa0 RCX: 00007f2619b8e929 [ 149.084458][ T6521] RDX: 000000000000003a RSI: 0000200000000440 RDI: 0000000000000004 [ 149.084486][ T6521] RBP: 00007f2619c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 149.084505][ T6521] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 149.084523][ T6521] R13: 0000000000000000 R14: 00007f2619db5fa0 R15: 00007fff459ab8c8 [ 149.084553][ T6521] [ 149.084563][ T6521] [ 149.084576][ T6521] The buggy address belongs to the virtual mapping at [ 149.084576][ T6521] [ffffc900039c8000, ffffc900039d1000) created by: [ 149.084576][ T6521] kernel_clone+0xfc/0x960 [ 149.084628][ T6521] [ 149.084636][ T6521] Memory state around the buggy address: [ 149.084653][ T6521] ffffc900039cff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 149.084675][ T6521] ffffc900039cff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 149.084697][ T6521] >ffffc900039d0000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 149.084715][ T6521] ^ [ 149.084731][ T6521] ffffc900039d0080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 149.084754][ T6521] ffffc900039d0100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 149.084772][ T6521] ================================================================== [ 149.094761][ T6521] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 149.094789][ T6521] CPU: 0 UID: 0 PID: 6521 Comm: syz.1.137 Not tainted 6.15.0-syzkaller-11802-g1af80d00e1e0 #0 PREEMPT(full) [ 149.094833][ T6521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 149.094852][ T6521] Call Trace: [ 149.094864][ T6521] [ 149.094876][ T6521] dump_stack_lvl+0x3d/0x1f0 [ 149.094935][ T6521] panic+0x71c/0x800 [ 149.094981][ T6521] ? __pfx_panic+0x10/0x10 [ 149.095025][ T6521] ? mark_held_locks+0x49/0x80 [ 149.095072][ T6521] ? preempt_schedule_thunk+0x16/0x30 [ 149.095112][ T6521] ? sys_fillrect+0x15d4/0x17b0 [ 149.095161][ T6521] ? preempt_schedule_common+0x44/0xc0 [ 149.095217][ T6521] ? sys_fillrect+0x15d4/0x17b0 [ 149.095264][ T6521] check_panic_on_warn+0xab/0xb0 [ 149.095312][ T6521] end_report+0x107/0x170 [ 149.095342][ T6521] kasan_report+0xee/0x110 [ 149.095375][ T6521] ? sys_fillrect+0x15d4/0x17b0 [ 149.095430][ T6521] sys_fillrect+0x15d4/0x17b0 [ 149.095497][ T6521] ? __pfx_sys_fillrect+0x10/0x10 [ 149.095551][ T6521] ? __pfx_bit_putcs+0x10/0x10 [ 149.095590][ T6521] ? bit_cursor+0xeca/0x17e0 [ 149.095634][ T6521] drm_fbdev_shmem_defio_fillrect+0x22/0x140 [ 149.095691][ T6521] bit_clear+0x17d/0x220 [ 149.095731][ T6521] ? __pfx_bit_clear+0x10/0x10 [ 149.095770][ T6521] ? __pfx___might_resched+0x10/0x10 [ 149.095804][ T6521] ? fb_get_color_depth+0x120/0x250 [ 149.095841][ T6521] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 149.095893][ T6521] ? __pfx_bit_clear+0x10/0x10 [ 149.095932][ T6521] __fbcon_clear+0x603/0x780 [ 149.095973][ T6521] fbcon_scroll+0x48b/0x690 [ 149.096012][ T6521] con_scroll+0x45f/0x690 [ 149.096054][ T6521] do_con_write+0x6869/0x7c90 [ 149.096106][ T6521] ? __pfx_do_con_write+0x10/0x10 [ 149.096157][ T6521] con_write+0x23/0xb0 [ 149.096197][ T6521] n_tty_write+0x40f/0x1160 [ 149.096253][ T6521] ? __pfx_n_tty_write+0x10/0x10 [ 149.096299][ T6521] ? rcu_is_watching+0x12/0xc0 [ 149.096333][ T6521] ? __pfx_woken_wake_function+0x10/0x10 [ 149.096389][ T6521] ? kfree+0x24f/0x4d0 [ 149.096428][ T6521] ? file_tty_write.constprop.0+0x6ef/0x9b0 [ 149.096476][ T6521] ? __pfx_n_tty_write+0x10/0x10 [ 149.096525][ T6521] file_tty_write.constprop.0+0x501/0x9b0 [ 149.096571][ T6521] redirected_tty_write+0xd4/0x150 [ 149.096612][ T6521] vfs_write+0x6c7/0x1150 [ 149.096661][ T6521] ? __pfx_redirected_tty_write+0x10/0x10 [ 149.096704][ T6521] ? __pfx_vfs_write+0x10/0x10 [ 149.096752][ T6521] ? find_held_lock+0x2b/0x80 [ 149.096798][ T6521] ksys_write+0x12a/0x250 [ 149.096845][ T6521] ? __pfx_ksys_write+0x10/0x10 [ 149.096899][ T6521] do_syscall_64+0xcd/0x490 [ 149.096933][ T6521] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 149.096967][ T6521] RIP: 0033:0x7f2619b8e929 [ 149.096993][ T6521] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 149.097026][ T6521] RSP: 002b:00007f261aadd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 149.097054][ T6521] RAX: ffffffffffffffda RBX: 00007f2619db5fa0 RCX: 00007f2619b8e929 [ 149.097073][ T6521] RDX: 000000000000003a RSI: 0000200000000440 RDI: 0000000000000004 [ 149.097090][ T6521] RBP: 00007f2619c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 149.097107][ T6521] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 149.097123][ T6521] R13: 0000000000000000 R14: 00007f2619db5fa0 R15: 00007fff459ab8c8 [ 149.097149][ T6521] [ 149.098298][ T6521] Kernel Offset: disabled