last executing test programs: 6.794511992s ago: executing program 2 (id=293): mmap$auto(0x0, 0x9, 0xdf, 0xeb1, 0x401, 0x8000) (async) mmap$auto(0x0, 0x9, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) io_uring_setup$auto(0x40000002c55, 0x0) recvmsg$auto(0x4, 0x0, 0x33c) close_range$auto(0x2, 0x8, 0x0) r1 = socket(0xa, 0x2, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x0) (async) close_range$auto(0x0, 0xfffffffffffff000, 0x0) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x5, 0x21ea, 0x7ff, 0x3, 0x1, 0x80000001, 0x800002e}, 0x6f4) (async) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x5, 0x21ea, 0x7ff, 0x3, 0x1, 0x80000001, 0x800002e}, 0x6f4) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) bpf$auto(0x3, 0x0, 0x5) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) (async) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_INTERFACE(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000700)={0x14, r3, 0xb01, 0x70bd27, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4000049}, 0x4000080) io_uring_setup$auto(0x6, 0x0) (async) io_uring_setup$auto(0x6, 0x0) openat$auto_uhid_fops_uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) close_range$auto(0x2, 0x8, 0x0) openat$auto_bm_entry_operations_binfmt_misc(0xffffffffffffff9c, 0x0, 0x41, 0x0) socket(0x10, 0x2, 0x4) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="0c0000001400c7"], 0x2c}, 0x1, 0x0, 0x0, 0x4000004}, 0x4830) fcntl$auto_F_DUPFD(r2, 0x0, r1) (async) r4 = fcntl$auto_F_DUPFD(r2, 0x0, r1) write$auto(r4, &(0x7f0000000000)='-\x00', 0x2fb) 6.407397778s ago: executing program 2 (id=295): openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/timer_list\x00', 0x1c9802, 0x0) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) r0 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001680), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_ETHTOOL_MSG_LINKMODES_GET(r1, &(0x7f0000002300)={0x0, 0x0, &(0x7f00000022c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16=r0, @ANYBLOB="110325bd7000fedbdf2501"], 0x14}}, 0x10040) syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000000), r1) syz_genetlink_get_family_id$auto_ovs_datapath(0x0, r1) mmap$auto(0x0, 0x2020009, 0x3, 0x15, 0xffffffffffffffff, 0x7fff) openat$auto_ecryptfs_miscdev_fops_miscdev(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) sysfs$auto(0x2, 0x10000000000045, 0x0) fsopen$auto(0x0, 0x1) close_range$auto(0x2, 0x8, 0x0) prctl$auto(0x41, 0x3, 0x0, 0x0, 0x0) prctl$auto(0x80000041, 0x10000, 0x0, 0x40, 0x2000000000000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x28, 0x801, 0x0) socket(0xf, 0x3, 0x2) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) open(&(0x7f0000000100)='./bus\x00', 0x14d27e, 0x72) socket(0x2, 0x1, 0x0) select$auto(0x6, 0x0, 0x0, &(0x7f00000002c0)={[0x100000001, 0x3, 0xfff, 0x1, 0x948b, 0x3, 0x95f4da2d, 0xc, 0x6, 0x62, 0x7, 0x7, 0x6d3f, 0xa, 0x4, 0x5]}, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r3 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000140), 0x60a41, 0x0) ioctl$auto_RTC_WKALM_RD(r3, 0x80287010, &(0x7f0000000180)={0x1, 0xee, {0x9c, 0x1000, 0x7ff, 0x7, 0x7, 0x81, 0xfffffffa, 0x1, 0x2}}) mprotect$auto(0x110c238000, 0x1, 0x3) select$auto(0xe, 0x0, 0x0, &(0x7f0000000100)={[0x1ff, 0x6, 0x1, 0xfffffffffffffff7, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000021, 0x7, 0x6d3e, 0x7fff, 0x2, 0x6]}, 0x0) ioctl$auto_PROCMAP_QUERY(0xffffffffffffffff, 0xc0686611, &(0x7f0000000340)={0x8000000000000001, 0xfffffffffffffffe, 0xfffffffffffffffb, 0xfffffffffffffff8, 0x8, 0xe, 0x3, 0x9, 0x0, 0x200, 0xe223, 0x80000000, 0x2000009, 0x7, 0xfffffffffffffff7}) 5.066744699s ago: executing program 2 (id=299): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendfile$auto(0xffffffffffffffff, 0x3, 0x0, 0xc01) r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x1, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_XFS_IOC_COMMIT_RANGE(r0, 0x40585883, &(0x7f0000000280)={r1, 0x0, 0x1, 0x6, 0x9, 0x10001, [0x22, 0x5, 0x3, 0x8, 0x5, 0x8]}) set_mempolicy$auto(0x6, &(0x7f0000000000)=0x7fffffffffffffff, 0x4) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffff7fffff0005, 0x8) r2 = openat$auto_fops_u32_(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/netdevsim/netdevsim0/ports/1/ethtool/ring/rx_max_pending\x00', 0x400, 0x0) read$auto_fops_u32_(r2, 0x0, 0x0) setfsgid$auto(0xee01) madvise$auto(0x0, 0xffffffffffff0005, 0x17) r3 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/smaps_rollup\x00', 0x40000, 0x0) sendmsg$auto_SMC_NETLINK_DUMP_HS_LIMITATION(r1, &(0x7f0000000440)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000400)={&(0x7f0000000480)=ANY=[@ANYBLOB="b0000000", @ANYRES16=0x0, @ANYBLOB="4fb76398bb000326bd7000fedbdf2510000000cba71e465ee0d04dfba8985020d0cbedc44222c7ea081b0916b64983f28be8dcf9e3fa8534ff331ed64a89d1abc8f9ce048f7db4d0162c7d21fc3ffec990425dafbf490729dd49c2b797beb9a709a1f842d12ed6b1366f7900c672051c086afe14010000000100000063a2615bf0100007377377d3db7b75ed491a8e1e210d48a63c5f7b0c0fcea50100"/175], 0xb0}, 0x1, 0x0, 0x0, 0x8000}, 0x0) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a) read$auto_proc_pid_maps_operations_internal(r3, &(0x7f00000010c0)=""/4096, 0x1000) setsockopt$auto_SO_MARK(r1, 0xd, 0x24, &(0x7f0000000540)=']}&##/\'.\x00Q\xc7Ho:!\xdfO\x18Y-M\x17\xed}\xb8EgO\xb7\xe6\x81\x1fh\xadn\xf7d\xc4s\x97,\x81\x197-\xbeO\fE3\x1e\'P\xf3\xf5*q\xc4\xff\xc5S\xec\xf8\xff\x9a\xa7;v\x9f\xf6\xc4:<\xeb\xf7\x83%\x8c\x9dB\x96\xb8f\xa7\xe4\x1b#\xdd\xd1^I\x7f\xcc\x192\x0fO\xa7$\xa3\x92\x97\xa3\x8a\x149\x0f\xc1\x8e\x9f\xa2\xde\x84->\x8a\xf3\x7f\xb8\x88\x93R\xb4;\xa3c\x85lo\\ig]M\xce\xfb\x1e\xf4\xc3\x8bux~\x86\xb3\x85_>\xa3S;\xd3\xda\xca\xa8\xd3v\x96\x81P\xf6s\xff\xa477\ah\xf2\xfd\x0f\xc8\xa7\xddo\"\x85Y\xe2\x88\xf8\x88\xab\xf7\xaf$$k\xb6\x16\xf4\x1e<1a\xb7]dc\xa4l\fH1\xb2\x85\xa2n\b\x8a\xaf\xca\xd8x\fm\x1bW\x9e\xd9 \x04\xfd\x83u\x88A\xba-\xfb\xcf*^]\x189K\x84\te\xe8\xcb\xaf\xe3\x94\xfe\xd9\xa9u\xe6p!\x93\xdb\xaa2hc{\\\xa0J{\xcb\xa50J\xe5g\x03\x9aD\x17\x12aB\xe8Yd\x80*w\x827d\xaf\x83\xf2\"\xafC|_\x84J\xf40\xbf\xe1ba?g\xcc\xa0[v\xca\xdaobL\xd0\x8d\x94\xeeP\vH}\xb9\x86\xa0\xf0\x8b\xdf\x8a\xd5\xaa\x96MH[\x0f\x02,\x18\x11@\xa0\xaf\x15\xe3\x16\x91\xe2VL\x1bh6\xd3\x80\x1cY\x02\xe3\xe1\xfd\xd5i\xf7,\xf1\xf2\xb5\xb0\xa1r\xd2\xb9\xae\xf8bZw\x97\x1f_C\x92\xb0\x9b\xd8\xfc\x9c\xd9,8+^\xd4\xb8\xfev\x8b6tW\xa8\xaf\x88l\\\xae\xe2\x92\xfe\xcf\x9e\xa2\x9bG\xb8\x99\xf4|\x97\t\x16\x9c\x10\x1a\xbf\xe0\xf7\xb6\xf64O\xb1\xd9\x0fV%90\xc0\x90\x8b#\xef{\xeeQ\xf9\x8c#\x8c\x05\x92\xf0\x94\xb7\x01\x98\xb0\x96FO\x19\x1a\xea\xf7!\xd5\xd3\x0f\xaeF\x04\xb7|*g\x82\xe8\xe13\xad\x98X\x035', 0x6) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/psaux\x00', 0x2, 0x0) r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/udp_early_demux\x00', 0x28802, 0x0) ioctl$auto_BCH_IOCTL_DISK_OFFLINE(r0, 0x4010bc07, &(0x7f0000000040)={0xd9, 0x0, 0x7}) read$auto(0x3, 0x0, 0x80) r5 = openat$auto_nsim_pp_hold_fops_netdev(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/netdevsim/netdevsim0/ports/3/pp_hold\x00', 0xc0b02, 0x0) write$auto(r5, 0x0, 0xc70) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0x10001, 0x2, 0x12d, 0x9, 0x8, r2, 0x200, "bcb8e3dc9054c40b6c77a6c6dbdccc12", 0x0, r4, 0x3, 0x81, 0x0, 0x7}, 0x8005) socket(0x1, 0x2, 0x4) quotactl_fd$auto(r0, 0x4, 0xffffffffffffffff, 0x0) 4.860019197s ago: executing program 3 (id=302): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/platform/dummy_hcd.7/usb8/interface_authorized_default\x00', 0xc2481, 0x0) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) (async) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/exception_policy\x00', 0x606000, 0x0) 4.519455659s ago: executing program 3 (id=303): socket(0x2, 0x80002, 0x73) bind$auto(0x3, &(0x7f0000000080), 0x6b) ioctl$auto_UBI_IOCDET(0xffffffffffffffff, 0x40046f41, &(0x7f0000000000)=0xd) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) socket(0x18, 0x5, 0x0) socket(0xa, 0x2, 0x73) socket(0x2, 0x80002, 0x73) bind$auto(0x3, &(0x7f0000000080), 0x6b) kcmp$auto(0x1, 0x1, 0x7, 0x4, 0xe) 4.279364529s ago: executing program 3 (id=304): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) r0 = open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x130) r1 = open(&(0x7f0000000080)='./file0\x00', 0xeee00, 0x31) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) unlink$auto(&(0x7f0000000380)='./file0\x00') mmap$auto(0xf000, 0x1, 0x2000000000003ff, 0x12, r1, 0x0) read$auto_ptdump_fops_(r1, &(0x7f00000005c0)=""/4096, 0x1000) read$auto_l2cap_debugfs_fops_(0xffffffffffffffff, &(0x7f0000000240)=""/177, 0xb1) timer_settime$auto(0x0, 0xd80, &(0x7f0000000040)={{0x40000000000026b, 0x4}, {0x0, 0x83}}, 0x0) syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cec18\x00', 0x0, 0x0) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r3, 0xc05c6104, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r4 = socketpair$auto(0x1, 0x5, 0x1, 0x0) ioctl$auto_BTRFS_IOC_SEND_32(r4, 0x40449426, &(0x7f00000000c0)={@inferred=r0, 0x9, 0x6, 0x8, 0xb, 0x101, "2598cd5945aa80b8788acf7b11d6ce09422a6ec374230fe41cb5b63d"}) fanotify_init$auto(0x65, 0x2) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2b, 0x1, 0x0) sendmsg$auto_NL802154_CMD_SET_CCA_MODE(r2, 0x0, 0x800) 4.048446981s ago: executing program 0 (id=305): r0 = socket(0x1d, 0x2, 0x7) r1 = socket(0xa, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(0x3, &(0x7f0000000000)=@can={0x1d, r2}, 0x6a) mmap$auto(0x0, 0x6, 0xdf, 0x9b72, 0x2, 0x8000) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'vcan0\x00'}) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @broadcast, 0x100003}, 0xfff) write$auto(0x3, 0x0, 0xfdef) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000026d00)='/dev/dri/card1\x00', 0x2000, 0x0) ioctl$auto_PPPIOCSMRU(0xffffffffffffffff, 0xc004743e, 0x0) ioperm$auto(0x7, 0x5ad2, 0x8) modify_ldt$auto(0x1, 0x0, 0x10) ioctl$auto_USBDEVFS_ALLOW_SUSPEND(0xffffffffffffffff, 0x5522, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0x0, 0x0) socket(0x1e, 0x1, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket(0x21, 0x3, 0x9) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000180)='/dev/bus/usb/015/001\x00', 0x80000, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) write$auto(r3, &(0x7f0000000540)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89\xa7\'\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbb\x05\x00\x00\x005`\xa4m\xffb\x17\xbb\x7f\xea\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc\x00\x00\x00\x00\x00\x00\x00\x19\x00\x00\xba4\x8e\xa4E\"\x19\xf0n\xf4P\xdb]\x1c\xe1\xb6\xc14\x9c^\x9a+\xceC\v\xb0c\xc7:\x93\x9a\xac8`{\xd8\xa2\xbaCXt\x95\x81)\"Y\b\x90zxP\xde\x8cq\xf0YT\xdd\xc1\x85#\xc7Z7;Ay~\xe4\xb7\xb3\xb3mb\x1d\xef\xab\xa9\x85\xa2\x02\xd9^\xf8\xc5V\xce\xa5\a@\xb0y\xa2\xa31\xa0W\xffse\xc5~B\x06\xb1\xf5\xc3\xd3st]\xf1\x8d!\xfe\x92\xf33H\x14\xab\xb5\xbdej\x9c\xd8\xdd\\\x15\xb73\x15N\xb55\xbe\"\x7f0PO\x9d\xdb\x1bJ)\x9eP\xb5r\';\x10\xf0\xf7#\xa4+\xf2\x11\x18\x98\xb5\x96\xf0\xbc\xc8\x88\xbc\xa9\x9e\xf2\xe0-\xc9\x1f\x85\xf8\v\x19]\xdd\xbc\x11`\x1f\x9aa\xe2\xa1Z\x06A\xc7\t`\xac\xe7\x10\xa12\x1b\xbe\x93?m\x14{w\xfe\\\xbd\xf3\xcdK\xa1\xdf@R\xa8\xae\xc1G\xc2ix~\xfb3\xbcL)Z\x1eQ\x80#\x85\a\xd6f\xf5\x9aQ\t&\xaf\xe6\xec\xd4\xff 1\x15/\xeb\xc9>3s\x05R\xf8f\x7f\xeaK\x02\x02\xbd\xe6\x8aa\xaf\xfe\xcd\x9f\x85', 0x32) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x6, 0x8000001f, 0x9, 0x6d3e, 0x3000000, 0x2, 0x6]}, 0x0) mmap$auto(0xc, 0x20009, 0x5, 0xeb1, 0x405, 0x8000) write$auto(0x3, 0x0, 0xffd8) unshare$auto(0x40000080) process_mrelease$auto(0xffffffffffffffff, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x50b41, 0x0) 4.041834622s ago: executing program 1 (id=306): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000229bd7000fbdbdf250200000008002e5ed528ba1a58137e5c71c4030000008183b9930100050000007998f9a87292dd41ddaa340ce82a1d83b5cbcf49754d20793824fd1677cfbd599cf4d55b47eb63ba07d68e12c730c3a864a2a7b4287e2ad38c9585a5917576c001"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00211459a600fbdbdf250200000008000300000000001b0004"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) socket(0x10, 0x2, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000229bd70001cdcdf250200000008000308"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="0700000000000000df250a4ec6ef096118f824a4029b73713fdf6d201477ec69fe9a328b82b7a5451a2fcce4cdd10cb0f7bbcae8352e6af5eb65a9b2b8a011b26439b7146cf04f6ed4770e8ef92862d6ff830015e207"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a00"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="18"], 0x1ac}}, 0x40000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x8800) futex_waitv$auto(&(0x7f0000000000)={0xf, 0x5d94, 0x4002, 0x4}, 0x77, 0xfffffffc, 0x0, 0x62bd) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1c003b", @ANYRES8], 0x1ac}, 0x1, 0x0, 0x0, 0x800}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 3.792152762s ago: executing program 1 (id=307): r0 = socket(0x2, 0x6, 0x0) io_uring_setup$auto(0x1, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, r0, 0x8000) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000001cc0), 0x101440, 0x0) mmap$auto(0x9, 0x40009, 0x80, 0x9b72, 0x7, 0x100) io_uring_setup$auto(0x7, 0x0) readv$auto(r1, &(0x7f0000000080)={0x0, 0xffff}, 0x6) close_range$auto(0x2, 0xa, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x141641, 0x0) pipe$auto(0x0) dup2$auto(0x5, 0x4) splice$auto(0x4, 0x0, 0x2, 0x0, 0x80000001, 0x9) write$auto(0x6, 0x0, 0x100000001) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snd/midiC2D0\x00', 0x109302, 0x0) prctl$auto(0x3e, 0xfffffffffffffffe, 0x0, 0x0, 0x2) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x80000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000000000)=""/53, 0x35) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) setsockopt$auto(0xffffffffffffffff, 0x3ff, 0x1, 0x0, 0x1e) write$auto(r2, 0x0, 0x100000a3d9) setsockopt$auto(0xffffffffffffffff, 0x29, 0x21, 0x0, 0x18000113) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa}, 0x58) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) openat$auto_ftrace_set_event_notrace_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/set_event_notrace_pid\x00', 0x420982, 0x0) socket(0x29, 0x2, 0x10001) mmap$auto(0x2000000004, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0xddf) 3.01092604s ago: executing program 3 (id=308): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/platform/i8042/serio0/description\x00', 0x20000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f00000001c0)=""/4111, 0x100f) mmap$auto(0xd00000000001, 0x5, 0x8005, 0x12, r0, 0x7) (async) mmap$auto(0xd00000000001, 0x5, 0x8005, 0x12, r0, 0x7) unshare$auto(0x9) (async) unshare$auto(0x9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x4c000, 0x0) r1 = socket(0x2, 0x1, 0x0) setsockopt$auto(r1, 0x6, 0x5, &(0x7f0000000040)=',#+!\\\x00', 0x9) mmap$auto(0x0, 0x10008, 0xdf, 0xeb1, 0x40000000000a5, 0x808000) openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000000), 0x2400, 0x0) (async) r2 = openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000000), 0x2400, 0x0) ioctl$auto_UBI_IOCATT(r2, 0x40186f40, 0x0) landlock_restrict_self$auto(r1, 0x80) setxattr$auto(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='/sys/devices/platform/i8042/serio0/description\x00', &(0x7f0000000100)="fe8fa6db1d831f7d316e2e14ddeb3b6685dcc3d527533c3b57c60ff1365f8cb14b717fcfaf4bb34fb89aaf8f76f90225dba74b3e1a146c01721acac86aeb26059fb5c75484188b46a54beeb57cb0f383a88f801c111b6c4907fdfe64c55201dbdce7005954cbbad7b4cd0cdbc5de73", 0x7, 0x2de68dd3) ioctl$auto_UBI_IOCDET(r2, 0x40046f41, 0x0) (async) ioctl$auto_UBI_IOCDET(r2, 0x40046f41, 0x0) 2.906247599s ago: executing program 2 (id=309): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x3) (async) r0 = openat$auto(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x3) process_madvise$auto(r0, &(0x7f00000000c0)={&(0x7f0000000040)="ff414beb92ff96a6618c5371e48e5745600edb1afb816aa65607605e8bf6c05208ba772496ef4bb88399fe90c2e44bae570ddac1d0d55576dbc260aace250d22ccf5fb83d7096e27126f8e53d6156425000af062a4f205a7bb1d0d7ee6877e30567b40455a7ca2", 0x80000001}, 0x5c7, 0x3, 0x6) (async) process_madvise$auto(r0, &(0x7f00000000c0)={&(0x7f0000000040)="ff414beb92ff96a6618c5371e48e5745600edb1afb816aa65607605e8bf6c05208ba772496ef4bb88399fe90c2e44bae570ddac1d0d55576dbc260aace250d22ccf5fb83d7096e27126f8e53d6156425000af062a4f205a7bb1d0d7ee6877e30567b40455a7ca2", 0x80000001}, 0x5c7, 0x3, 0x6) close_range$auto(0x2, 0x8000, 0x0) (async) close_range$auto(0x2, 0x8000, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) (async) r1 = socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x7fffffff, 0xeb1, 0x401, 0x8000) socket(0x2, 0x801, 0x106) open(&(0x7f0000000000)='./file0\x00', 0xa09c2, 0xa5) pipe$auto(0x0) (async) pipe$auto(0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) (async) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async) r2 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r3 = open(&(0x7f0000000100)='.\x00', 0x0, 0x110) getdents64$auto(r3, 0x0, 0x400) ioctl$auto_VHOST_SET_OWNER(r2, 0xaf01, 0x5) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0xcdf64455ab1a81c1, 0x0) poll$auto(&(0x7f0000000180)={r1, 0xeaae, 0x4}, 0x0, 0x401) r4 = socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) r5 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) ioctl$auto(r5, 0x4028af11, r4) socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) (async) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) accept$auto(0x3, 0x0, 0x0) (async) accept$auto(0x3, 0x0, 0x0) r6 = openat$auto_suspend_stats_fops_(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0) close_range$auto(r6, r0, 0x198) (async) close_range$auto(r6, r0, 0x198) 2.884920748s ago: executing program 0 (id=310): mq_open$auto(&(0x7f0000000000)='$:]@.\x00', 0x6, 0xe, &(0x7f0000000040)={0xffffffffffffffff, 0x2000000000, 0x2076f, 0xc}) bind$auto(0xffffffffffffffff, &(0x7f0000000080)=@nfc={0x27, 0x0, 0x1, 0x3}, 0xfffff805) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) r1 = io_uring_setup$auto(0x6, 0x0) socket(0x2, 0x80002, 0x73) r2 = socket(0x2, 0x1, 0x84) mmap$auto(0x0, 0x20009, 0x8000000000000df, 0xeb1, r0, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/vhci_hcd.12/usb34/34-0:1.0/ep_81/wMaxPacketSize\x00', 0x100, 0x0) socket(0xa, 0x1, 0x84) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/default/forwarding\x00', 0x141241, 0x0) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000100)={0x8, "2ba2080000eb00", @inferred=r2}) r3 = getpid() process_vm_readv$auto(r3, &(0x7f0000000000)={0x0, 0xfff}, 0x800000001, &(0x7f0000000280)={&(0x7f0000000080), 0x1ffffffff}, 0x6, 0x0) setsockopt$auto(0x3, 0x0, 0x60, 0x0, 0x10001) socket(0x2, 0x1, 0x0) mmap$auto(0x3, 0x2020009, 0x1, 0x19, 0xfffffffffffffffa, 0x3) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r4, 0x0, 0x20) r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r5, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) r6 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) sendmsg$auto(0xffffffffffffffff, &(0x7f0000000940)={&(0x7f00000007c0)="9777c20c95619e062a79918ddd12600bd9638792453a7af847cfce58c0b53a6500741de614ea", 0x1, &(0x7f0000000240)={&(0x7f00000001c0)="109f7689c3df", 0x9}, 0x6a69f887, &(0x7f0000000840)="095df0eea8cec90998026d0e90bd71102be382873e8e598b9723a6d00552c15e536218d931b3bb0bcf63cc7275ff7c9047c6ab9a9050f658c30db1a66e603dce35417cb5d8ac1534cf27f6d5a6f9ea113cb726799ef633408c6c067624bceb6952f8b66bc81d37038558e55f8303108d0a30c91fbd03b43cf4a0c0cd4e8185f476cb02f2e1ddc58f0569f7c828580c654d8e8d54aea71246d354ad1f03b80ce70e1cb83314ef1cd74c61872e797d92faec9955c99dbc9343dcab70a4d51e3fcf34a55c331a212b89576e4d08fb11316a2b2a8c4d9eee3518aea2adc1de492c87690bb69fd30896c64766330e6c280cc0d4b2af4d94", 0xffffffff, 0x1}, 0x257d) ioctl$auto_TIOCSETD2(r6, 0x5423, 0x0) r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x40001, 0x0) ioctl$auto_TCFLSH2(r7, 0x80045439, 0x0) ioctl$auto_TIOCSETD2(r7, 0x5423, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) 2.660793806s ago: executing program 1 (id=311): set_tid_address$auto(0x0) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffff6, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/tty45\x00', 0x201, 0x0) ioctl$auto_TIOCSTI2(r0, 0x5412, &(0x7f0000000080)) ioctl$auto_TIOCSTI2(r0, 0x5412, &(0x7f0000000100)="17") r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_thermal(0x0, r1) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r2 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) read$auto(r2, 0x0, 0x1f42) r3 = socket(0xa, 0x2, 0x3a) bind$auto(r3, &(0x7f0000000040)=@generic={0xa, "2c551d000000ff00"}, 0x66) r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r4, &(0x7f00000000c0)={0x0, 0x7}, 0x3) socket(0x2, 0x1, 0x106) mmap$auto(0x4, 0x7, 0x100000001, 0x8000000008011, 0xffffffffffffffff, 0x81000000) unshare$auto(0x40000080) 1.523462088s ago: executing program 0 (id=312): personality$auto(0xfffffffc) close_range$auto(0x0, 0xfffffffffffff001, 0x2) socket(0x1e, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x3, 0xbf) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) memfd_secret$auto(0x0) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/radio2\x00', 0x0, 0x0) read$auto_v4l2_fops_v4l2_dev(r0, &(0x7f0000000100)=""/4096, 0x1000) 1.521544228s ago: executing program 1 (id=313): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000180), r0) r2 = prctl$auto_PR_SCHED_CORE_SHARE_FROM(0xb, 0x3, 0x0, 0x7, 0x0) r3 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), r0) sendmsg$auto_NL802154_CMD_DEL_SEC_DEV(r2, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r3, 0x100, 0x70bd26, 0x25dfdbfd, {}, [@NL802154_ATTR_SHORT_ADDR={0x6, 0xa, 0x7}]}, 0x1c}, 0x1, 0x0, 0x0, 0x44}, 0x8040) sendmsg$auto_OVS_DP_CMD_NEW(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000200)={0x2c, r1, 0x1, 0x2070bd26, 0x25dfdbf8, {}, [@OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x4}, @OVS_DP_ATTR_NAME={0x8, 0x1, 'HfR\x00'}, @OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x801}, 0x80) r4 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000080), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_DP_CMD_DEL(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000200)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0109080000000000002502"], 0x38}, 0x1, 0x0, 0x0, 0x20040011}, 0x20000000) 1.521117451s ago: executing program 2 (id=314): bpf$auto(0x0, &(0x7f0000000100)=@bpf_attr_4={0x16, 0x4, 0x80000001, 0x8}, 0x6f4) (async) socket(0x10, 0x5, 0x4) (async, rerun: 64) mmap$auto(0x0, 0x2020009, 0x126, 0xf8, 0xffffffffffffffff, 0x8000) (rerun: 64) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0x0, 0x0) (async) unshare$auto(0x40000080) (async) r0 = socket(0x1e, 0x1, 0x0) (async, rerun: 64) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (rerun: 64) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x80102, 0x0) (async) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) r3 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async) madvise$auto(0x0, 0xffffffffffff0005, 0x19) (async) madvise$auto(0x0, 0x2003f0, 0x15) madvise$auto(0x0, 0x200007, 0x19) (async) fsconfig$auto_FSCONFIG_SET_PATH_EMPTY(r3, 0x4, 0x0, 0x0, 0x38b) (async) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000005800), 0xffffffffffffffff) (async) r4 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000240)='/proc/filesystems\x00', 0x2, 0x0) read$auto_proc_iter_file_ops_compat_inode(r4, &(0x7f0000000280)=""/144, 0x90) sendmsg$auto_HWSIM_CMD_TX_INFO_FRAME(r2, 0x0, 0x800) (async) mmap$auto(0xfffffffffffffffd, 0x2020009, 0x8000000003, 0xeb4, r0, 0x8000) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0x5) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x1, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000080)) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x1, 0x8000) rename$auto(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='./file0/file0\x00') 1.520409611s ago: executing program 3 (id=315): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="72010000", @ANYBLOB='/\x00\'', @ANYBLOB="5de1523353782950330a"], 0x1ac}}, 0x4) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x2a00, 0x0) ioctl$auto_KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f0000000280)={0x3, 0x0, [{0x8, 0x19, 0x2}, {0xf2f, 0x4, 0x71e}, {0xedc, 0x4, 0x100}, {0x0, 0x5, 0xfffffffffffffe86}, {0x7f, 0xb, 0x8000}, {0x0, 0x6, 0x3}]}) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/v4l-touch6\x00', 0x800000, 0x0) r1 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000540), 0x20000, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_NEXT_DEVICE(r1, 0xc0145401, &(0x7f0000000580)={0x80000006, 0x0, 0xd12b, 0xffffffff, 0x300a}) mmap$auto(0x8, 0x6, 0x8dd, 0x8009b72, 0xffffffffffffffff, 0x8100) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x6) r2 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x4e22, @remote}, 0x6a) sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x98eb, 0x0, 0x1f, 0xb}, 0x40}, 0x5, 0x20000000) r3 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0x0, 0x0) mmap$auto(0x0, 0xfff, 0xdf, 0xeb1, 0x401, 0x8000) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) fallocate$auto(0x8000000000000003, 0x0, 0xd, 0xcbd5d) writev$auto(0xffffffffffffffff, 0x0, 0x4) close_range$auto(0xffffffffffffffff, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x2, 0x0) getsockopt$auto(0xffffffffffffffff, 0x10, 0xe, 0x0, 0x0) openat$auto_proc_pid_set_comm_operations_base(0xffffffffffffff9c, 0x0, 0x10500, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x20000, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r3, 0xc0045516, &(0x7f00000001c0)=0x6) unshare$auto(0x40000080) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) socket(0x1e, 0x1, 0x0) 1.228585995s ago: executing program 0 (id=316): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/net/eql/testing\x00', 0x0, 0x0) (async) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/net/eql/testing\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f00000001c0)=""/4096, 0x1000) 1.022634622s ago: executing program 0 (id=317): mmap$auto(0x0, 0x4020009, 0xdf, 0x400000000e31, 0xffffffffffffffff, 0x0) (async) mmap$auto(0x0, 0x4020009, 0xdf, 0x400000000e31, 0xffffffffffffffff, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sg0\x00', 0x8402, 0x0) (async) r0 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sg0\x00', 0x8402, 0x0) ioctl$auto_SG_SET_FORCE_PACK_ID(r0, 0x227b, &(0x7f0000000080)="ec") read$auto(r0, 0x0, 0x8) io_uring_setup$auto(0x6, 0x0) madvise$auto(0x0, 0x200204, 0x15) mincore$auto(0x0, 0x10007f, 0x0) 1.019977026s ago: executing program 1 (id=318): madvise$auto_MADV_NORMAL(0x7, 0x7, 0x0) madvise$auto_MADV_NORMAL(0x2000000000000000, 0x200, 0x0) read$auto_suspend_stats_fops_(0xffffffffffffffff, &(0x7f0000000000)=""/144, 0x90) madvise$auto_MADV_NORMAL(0x5, 0x3, 0x0) madvise$auto_MADV_NORMAL(0x4, 0x8, 0x0) madvise$auto_MADV_NORMAL(0x1, 0x0, 0x0) madvise$auto_MADV_NORMAL(0x4, 0x1, 0x0) madvise$auto_MADV_NORMAL(0x1ff, 0xb943, 0x0) madvise$auto_MADV_NORMAL(0x7, 0xffffffffffffffff, 0x0) madvise$auto_MADV_NORMAL(0x4, 0xe4, 0x0) madvise$auto_MADV_NORMAL(0x4f97, 0x4, 0x0) madvise$auto_MADV_NORMAL(0x0, 0x4, 0x0) madvise$auto_MADV_NORMAL(0x2, 0x3, 0x0) madvise$auto_MADV_NORMAL(0x69, 0x3, 0x0) madvise$auto_MADV_NORMAL(0x6, 0xc78, 0x0) ppoll$auto(&(0x7f00000000c0)={0xffffffffffffffff, 0x101, 0x6}, 0xa0000, &(0x7f0000000100)={0x200, 0x4}, &(0x7f0000000140)={0x100000001}, 0x8) sendmmsg$auto(r0, &(0x7f00000012c0)={{&(0x7f0000000180)="1dae3c26ed3d144001460d906b27959146f284c9bd589b941c8dfed33c9f239bdc00c435", 0x3af, &(0x7f00000011c0)={&(0x7f00000001c0)="09a2266da45d884b153b910c28306d5adaeb28669bf87c99ea2cfdf761d3a0e7e3256c59e378a214251da096ac73b75955acc7f558a4d26418291e84e4d253668fe63d68b5dfa3a038927335c0a42635ac4a1f6cbf18dfc1e57d8adbc8a945aa4eee5f4b170b190a7715439a7055a3f311cb66d00154632d0b61230ac1fcc92f10a776d16da0955d32dc3727b6e1271434b21744d8902a73d117c5ae7a6c09631295df9b458c3ca4adc70dce280b9a0b5aaae276da03b68bb78276ef70b353d69628073b5a63662022fa0a9c645276ae44924966d18c6c946b8bd67ac687585b57f65486a2059504ee86395d17bcdf0053b0cb4a800492c2072fc547b15b532704ba387880a6f4fbb1df90b5f88edb8b4be29bde705aaf4c8fc86b3e674016f4067019ed376102dc3347b93546e5d73b82d8c77c58c8aa30727e471a3032b86c6d5e1be54c71b5af4adcacdc126f1823920ae8e1c09a5cce400ed751b9aee8c1712990b6b3f7a986e0215aeb2dd5f259e29e531f15f8006b15dcb61cce6826da97733db5c2fc1f7f905b1a4e08910e83473bddf6848bcdf90ad037e59e286ae3b2cd8818d403f5cd1d5c4a0062d5992abc3e368d6b9645c70f2a1e87dceebafc070ecac54e41f37f1ae59c48f7a650692b52d8136405285c571fbc7c9edffe349620c7b39b6596e8211d907a84d01b1ec47a9a4fb32310c3aa4ceb934c00dc97aea85281ead62fb7f79c566cbd52e7ad41ab513a1414319891ed711ea3671ec780e71d14e32fe78b6b45f69cc786533a12b4ac3fdb747543de79544aa16d7b6982755c9139b0643e4cff7c1b57cf5553496e22501217cd5141dda8b3602e3621c6b9788c3e48e5710ad11aff812709c3ac9a8f2baf309194b3dd19bbbfcdbdd67e4ff73697b70c2689b573638f86c17b865f689559946138a9aedfff215cf79e6984a392d6282c068c7e05f789c45e162dd23a4731b3c4db4ba73712aaa87fe7181b894e9885a1bddd52c58fdc7fe2ccc76edfcb19b16efee03ef05e44c0d66011a22345b4f9635a388f47735dc5f432e6ae649f43c5d967ffe7cb0be68d332eb3a316e0dbf0c8be8bb71a139fe60c3741911e2d85a062e73a6d8bc61f10287ed548e7ac9e7b3553939c8ad57019156259c94deea14fc3531641c0bc2320e1aa31663b4f44707963ca17d66b06806dce194dc0dd95cb726b6e11462d77aaf75a0e81e6a3f607137f31d292a0423bb982046197e9e6ee94753a750f8240971c0f33c587c68db20cc4db6c135fa1970940ae46cb50ff41e77ea4d1cfa39547f32fdaa244b5070f44ab15568bf26e39808aa85266632c32f66c1463d0bfa57285d040bd88ed3fdb39a5fca69365e89c0161856c3a9f4798f1b69a946f94f7035a7a3f0423a1c73931ff59fb8cf8ef52441d9bee98a8d082f36e2b7074e59bc7a9a7006fc638a33993f6c349e72ee07fb8ef6cea31817621b8d7e8a93ff70159e313460b576d6e79207dccd6b6836d707a54d0ad5c4bb1c6d78c73501928b56e4dab82217de8543838e570a6bc458d3f3ea625cbb6ee73543423b0b5ab236ce3171c776ccfaab4c5826a08c47e047f5e5739055fbbfbb727a0a46da2f0360760033a6921767b18ce7900bb3111d70893d12ec3e004623b02f6eb3e30b7b4cd1c008cb50bd704006380347d20ec2773ea9b3c9dfdf257cdd4608688bd09eb21a55a474320dfa5ab12a4003e2f6251e6af35316ad0e9371dd06fec8215615232a67380b07da2d25653bf7b6c0df7fe1ab97fe1d9a89a7d362872daad39faad55e7f0ada23f806fd0fc887fed3167feaafaded6793ab6f7eb6814df9dfb5c92d65f67d10bf639c90718df952aad381b77e426ab8125d6711edd7700bbbd34fb4444d08bf6f4f211441521101bbac377eeaaa13459e7c1c0ae2d9f38cc3cb2a2d2c06df2493bab92de3b13bfdbcbc94a09791b59ae9699544b16acbdd7938b9e14a8dd2d82ec0b5a76ed7b3341f778604f1dc25c04b71018cbdb2190427bed35f8ea3e0294fe2f48d3b466c002159cbd353beb1ada75e86dd073cfee45c44d63d16a44a9bd84a0e95ee05492581b5e4b27da285fa8db09c6944087df754db1a2e902be68f6f19676e92a954b59967503e93ce622c67ccda2133ed2634c3cb08c460de959831e5da18c7bd48731392c69e7d671990009a2ada1c7689de3bdf00d7030ca1e940128f5d2250d11853160442ed7c1ec3d45958062f9ce792999412f1fd15e65b0a5c79eaa4fdcd1fc47b6244e88626c7a8f9dc39338834c8190a05f3f9752a1a3201f64fa42236382b46a92228bb0dadc7abc22b49613fc691ac2cba4ec8c6165050308cd6b9379938e16f80e8ffcaddadf38bd204e79ef835a202ece9dc8457e81a0645003c19236fec07b74369063ce4beda29d08d71776ae3808a14d576287a9209c3253ddd7b2c4c8cdc129a44909797f5810fe85c134485166ab2a1591811f5622940e4042108625ba36bb308248fb54d278df15d37b104b4220eac89b2d9d81ce069472508338632376e24a875675752b76ec015d453a254d0f411db5badfaf4ebf46c7a7cd450ed7bca56134ee7d3945c642129026e78393eaa257726adf18ecd421743a8620975ce99eb2370d4a22fdc61c2a8a0bf7f40b0b3f3605abfafe6ebf1cb8707ee98e4a591d6ecbdc5a170bcd0e21c15ede4640f2895cbcd01544c43a932c3eaaa13639afca970e863c7621e6456c4e36c88a5b3cdf1bf3a2cdf17dd2425f95a946d10fd96fd2222c3f424f91ef3c8dcee9a0933be229da9e7addcbdeb0c8b3e23ff94281bca706f820fd6cb3df10b56b3e62dd759f56273614d3f6458c32c7b9ada8a1836e871949913721feb69e82befebc1da474bdc58178432886df9f18e917ce817e0b05a210160b5141d582b815d19b348ebb8c070bf75ed40cca7e5a78a3854c2837a1c590c4a5438e47263cf47fe8f8da7b0e582685f322705b8d6c279ceb6dcfd0c41dee38822b2aa785c07737adde6ad2f835556bebae799ba45bc43760dbe17dd8360e4ea7a03528b99b2e6ff7ff7a243c02cd0450ea31da1fa6f2be237517b47699026596a7bd090c56d7ecd1560b0d3048b44dda2171c2176996ecedd8e39f4b95823f9085b5568fe0264aa510a62b1176424ca43c91b453be41397bc31eecbc05545b9c9162f1ad31cda40b9d2f0e1d0c0bfb29cbd84759a4438236716c714d30066ed1f445bf7bb521dadc773f4cb3059ae9f68725bf49d5807f79305435d78c116e1ae1315ef615c622206fced56e8c4c31b33ea41fad357cdd9e5d5e330595818b4f6fd3928cb3a3ca0931763dc922e5e7e63a52cf8a36c31a391eb30afd56547b576c02852f087d72df0b58976cf2bb6f0688bf9df808f9da5b23c0b4594eabcb96619b7bf8e996e9856f1dfe329316be9c67e7fccf87e13d46b3a5dc582a7f064a162c436a468e76520e176f26e0791a516ac9314393776f48bbf4bd453d92d64ba13e9c4d22608bf8f91819a4f68f81ae50a16dc70dc9b594ff2e14f6eed05a57714ab276b19c88796e4c7aa88d1b9920d7248e2f57d304deba67c71da348821d0f104595906dcddd73508764effef7eba436a45525fcf2e9b5e7116fdf44dc398777614c18be2113b5137d0f7606ee39f892f911d955bf65a22b76dc66ad4a9d661db5d41873dfba13fdb45a3ba9548295fc055946614b6c8d9ffe5612b31c09e4f0f05149347f38de9371d07ece97a4de4ca19e18204bf45d175d3a7d08c6c0485e42550dda950feadf4cbb6546099fa22c1ad5718c1c35ada7bfc4c357bb012baf0d39c406ca35212fb3357fb07329bb72baaf91e379e421dfdb8c1419fb467c124ef2bbcb244db28dedf39aa97d84c43ce2f8115ac167da76f150b2443721e3785b08f57cc0b40e236a16c4f32145884b6a596870c0fd9122c214aaf3b240dde031e50743a55ae9c8970fd1f123a48fd227ae2c7d5aa6c0129c1ce72f8e7ca1fbc5847b6fa2038fe0f987b12ce819ca3cca1f8e5139e431a1cf8364d1a3809cea3f2bdf7d615d94b04882e762d71575ad775a189baa5127854ae560aa7b49c75477bb7a203dc3abda5203f1fcaaa32ea33ac5d2c8aeb08c136afde1ece978d53c43b7643a40bbc23385ea86aebb0465680b78d2eb78f36d1de4e13cf095797234b9ce783c964dacea70e1a9aa3ef653fa3943fdde40e8e82c2c0a89fb08df2b40a1c32d04c2843cb94bce4884208306190a57ec9527480d66e73b9e6540df203f34cc8efadf3185d9a9846670e19e08e047e2ea32c3745aeb7c9596ca3e3872ccb6b0e7dfc2ce150048a38dc5451d090f24c55c768b604fa70dd5a1a73cc4e32b1f4a0fb77553bedab692ac68ddde1e0ec2d34e3003a131a4d7e7580c835a637db27cbc17caa831ac4a5d9ffdf27aa52b1996fee35c1cc55cceeccb6a80e626bb4307c7e6781da1aeea39e35895207f6baa9db76d0af2aabc493248ce35311b90f05284f3db63c30a23e104d026e20ace4d1c0d24a0e2e6380fec97d04c22221b3d24ebb2a68cf02178208b91722b75788eff2fc4a824edaa418295c5b322e6444c82787c171e7b59fcabd9209fe62bcddeb9e378f81f9c99f3c8d60f4569e1486f173181a5112759224c82a804e30c3b15a659ab308dd8449d6ddc22720c4e16190ce8b468e4a30d20fb4509f3f9aa2c7c489361c3e4adf18d5dbd880bc12f5702df9080c43eee3c9aa87f1f2c0001c62431a4d01e4fcaaf2a69d7e38ac0567917b8500ee512c49bbb9bda79510ca5ced71bed7c145ccaf4c0f550513dcf5ad71020d9a43e46e45c6c9fddee0e0fb84e696f84228c39303dcbd16871d5361b45f0250c5a7099d3a344fb5e31e7006ee5b07fa3bed80d05938d87b3a751c3cc49f92d9a6e8134932fbbf74e6ee6c2d0997555bf9503cd113a07d9ca06da3a80ed3308206d8753fe40ad337f3f69e2c6200a1e4b262da332e657de98c29974236f8443f42434bb5321847a779214abd1edc04203a974122f0c3b5f3d17217718c6098de2f0f8dc78482547171a18c606875916eb289d5011d018a9f74ee91f394befa94c56e6ff9df8bfd5e1dd0c11db39aeee74b7c9d2a5d578390dc0ff4d403592b32b8401a329733391d9b98292a19e5b01eb138240fe4030516618b2c3d85c7ebffaaf4a2a5c12984dba956e47df7e9c6c9765058deef2320d471ab3f13bd8987826fa754b13e6d0773a4650f345de183e5610fba13eab8b9c07e28b4b7d20626d966e6609ba4ff02c84a521f7eee6e0f810f68a4791611c8761cf550c7d13a13d3c37b3a57cfb73ea3160275aa52a8aeb752a6032104872f602b4718572b7738e122689f0ae55c75bafbfa4a442718b926894071af4620e1b4bc4b536c60e11acf4a9366534a82cc6f0af4397f0a6c639528a14e586b9cbbb0dca3cff0a520ad293024718aa0d7cf1ca963415ec1804d3214575829991c196e52647ee594a51e0701ac9f02bc722fae112a30c8855dceb5e5b11dae7c6e10fb34cc5d0a8baab44b653f8264d1e3c765b5a115cf054a41220bd94f81be96f55d6c5569d9ee15d2ded5ca3f3ca889ab22d741bb4b85f093d49444a3ffa3e50a85ac407a76c5c97684c3c23bf3cf946651659ef3119553c4feaabca30fd7a45407ec2747bcefe06b99d4f3d6fa4fd01fa7670de0e5be682265fc971e3e347cddc5b0697429f96509746e5c434d65543d127e9b5df6a2337164cea338e833cdd7a02018271ee3c9e2501eac99b4ab0595d8a", 0x5}, 0x1ce, &(0x7f0000001200)="f6cdcbeac38524aee6a6dade132634ed4afa77ad0320147155f9c0a679ff01ec15b4630a5884715cf9f85500c9a41d0c3929f9d118dc1a8d558ae52df9fc67265f12028abcd292e3bedb573789220d0ef82acc12cc5802d1966d53a409f765c733c545794ba8dffdf16806bc31f1dabf5133e3d632d74dd0d2e5b72e48c942c2a8", 0x9, 0x1}, 0x44af}, 0x4, 0x8) ioctl$auto_VHOST_SET_VRING_ERR2(r0, 0x4008af22, &(0x7f0000001300)={0x9, r0}) mremap$auto(0xffff, 0x10001, 0x10001, 0x2, 0x4) madvise$auto_MADV_NORMAL(0xfffffffffffffffd, 0x2, 0x0) madvise$auto_MADV_NORMAL(0x3, 0x7fffffff, 0x0) madvise$auto_MADV_NORMAL(0x4310000000000000, 0x5, 0x0) sendmmsg$auto(r0, &(0x7f0000001580)={{&(0x7f0000001340)="1c8b315afc6737bb2ce03e03987279a009f69ef3431326b356f42690ed10102411070cef5b982aefff6bfc20bb93a3837b83b154cfc75c9bd458084dc90f03c48dff70f52bb23957fdde2f9826edc782fec04a61a1292d170e559a7a6298cb3649f03dbe43eec81bc367cb1d1f62d56598b46c4e17745791caf95a6564adb31f36de8856c3b270a5787ad1307c292e41ecafa75a10eb3ca3ba163a4ab1c6367191d325cf3a943e847627ae0063f10d", 0x5, &(0x7f0000001500)={&(0x7f0000001400)="a70790250d1c31ab34f4932df011b2eb9fc52c8aa835579959fac395a7b4fc8939bd30de1a79f031a9ee6b140fc31a5d1acc2a536739b82021e3cc01c3fd25c708a4a3e34f883c1c7a794fe2f16823b4e725949fc76f5e88d2fe5afbd557fe61ad2b0aef99ea1b98d9697ada823b10ef82baee37c6263ea75609d63be3449f6a51d9b54b6743f2a9ef6daf123591ad415f9d56c9f68a673504af579abba5850fc489836300d48bbe0a7a7507ea9d231ffae3f9181f9e117f7210270363f23139c393706aec3290b8ce263e2e6b4f04890bf5d452dfd7c0a6ab7537a72d73cfec999e4992", 0x10a8}, 0x81, &(0x7f0000001540)="dc958511c8c85d48dd488d6850", 0x2, 0x8001}, 0x5}, 0x0, 0xffffffff) madvise$auto_MADV_NORMAL(0x3, 0x7ff, 0x0) madvise$auto_MADV_NORMAL(0x7, 0xa, 0x0) madvise$auto_MADV_NORMAL(0x4000000000000000, 0x7fff, 0x0) io_uring_setup$auto(0x40, &(0x7f00000015c0)={0xeb, 0x8f9, 0x8, 0x9, 0x7f, 0xe, r0, [0x0, 0x6, 0x3f7d], {0x8, 0x2, 0x7fff, 0x3, 0x0, 0x8e32, 0xff, 0x4, 0x5}, {0x5, 0xffffffb8, 0x2f5, 0x4, 0x2, 0x3570f931, 0xc, 0x200, 0x7}}) madvise$auto_MADV_NORMAL(0x9, 0x800, 0x0) madvise$auto_MADV_NORMAL(0xa923, 0x7, 0x0) ptrace$auto(0x400, 0x0, 0x9, 0x1) 810.371688ms ago: executing program 1 (id=319): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) write$auto(r0, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) write$auto(r0, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000600), r1) statmount$auto(0x0, &(0x7f0000000640)={0xa, 0x1, 0x1ff, 0x7, 0x1f, 0x394, 0x7, 0x7, 0x3, 0x9, 0x6, 0x3, 0x4, 0x1, 0xb4, 0x9, 0x8, 0x10003, 0x80, 0x4, 0x0, 0xa, 0x2, 0x200, 0x0, 0x3ff, 0x0, 0x1580, 0x0, 0x0, 0xfffffd66, [0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xfffffffffffffffd, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x2, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x100000000, 0xfffffffffffffffc, 0x80, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x9]}, 0x1fe, 0xd) r2 = socket(0x1d, 0x3, 0x1) fcntl$auto_F_GETOWNER_UIDS(r2, 0x11, 0xffffffffffffffff) mmap$auto(0xf, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8002) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xd, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) socket(0x1e, 0x1, 0x8) setsockopt$auto(0x3, 0x6, 0x100000000, 0xfffffffffffffffc, 0xa) getpid() mlockall$auto(0x1004) rt_sigprocmask$auto(0x26, &(0x7f0000000040)={0x80000000}, &(0x7f0000000100)={0x9}, 0x8) close_range$auto(0x2, 0x8, 0x0) writev$auto(0xc8, &(0x7f00000028c0)={&(0x7f00000000c0)="6542084a1459f5", 0x200}, 0x9) io_uring_setup$auto(0xffffff75, 0x0) unshare$auto(0x40000080) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) socket(0x1e, 0x4, 0x300) sendmmsg$auto(0x4, 0x0, 0x9a6, 0xa) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xa00) 647.39019ms ago: executing program 3 (id=320): r0 = openat$auto_component_list_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x10000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000140), 0xffffffffffffffff) bpf$auto_BPF_ENABLE_STATS(0x20, &(0x7f0000000280)=@link_detach={0xffffffffffffffff}, 0x1000) ioctl$auto(r0, 0x6, r1) r2 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x10400, 0x0) ioctl$auto_UI_DEV_SETUP(r2, 0x405c5503, &(0x7f00000000c0)={{0x9, 0xf2cf, 0x8, 0xcf}, "6a034a07c7b82d90b69a39e32576f893fba86c9dd051a0094a3836d61c9100fefbbabea6ef9368c7996e841f3f1561d4992f726b0a6c36b0b2fd1678e816201cf562367fe6596824588a2e3d84ba165f", 0xb}) r3 = socket(0x10, 0x2, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x1021, 0x202, 0x10007, 0x8, 0xffffffffffffffff, [], {0x26, 0x6, 0x8c48, 0x4, 0x100, 0x7f, 0x101, 0x6, 0x2}, {0x100, 0x10000008, 0x7, 0x1, 0x1, 0x3f, 0x76c4, 0x80008, 0x5}}) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c000000", @ANYBLOB="130027"], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) sendmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x8) mmap$auto(0x0, 0x2020009, 0x8000000003, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x10, 0x0, 0x9) io_uring_setup$auto(0x1, 0x0) connect$auto(0x3, 0x0, 0x55) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/dsp\x00', 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mremap$auto(0x0, 0xffffffffffffffff, 0x3fd6, 0x3, 0x7fffffffb000) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0x2}, 0x8001) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000300)='/proc/asound/card0/pcm0c/sub0/status\x00', 0x100, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x5, 0x2) prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0) prctl$auto(0x3f, 0x0, 0x0, 0x3, 0xffffffffffffffff) fanotify_init$auto(0x602, 0x1) r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/afs/addr_prefs\x00', 0x102, 0x0) writev$auto(r4, &(0x7f0000000080)={&(0x7f0000000040), 0x6}, 0x3) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_UI_DEV_CREATE(r2, 0x5501, 0x0) 23.314271ms ago: executing program 2 (id=321): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f0, 0x15) (async) madvise$auto(0x0, 0x2003f0, 0x15) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x48140, 0x0) (async) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x48140, 0x0) readv$auto(r0, 0x0, 0x3) ioctl$auto_TIOCVHANGUP2(r0, 0x5437, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio1\x00', 0x20b42, 0x0) mmap$auto(0x0, 0x9, 0x9, 0xeb3, 0xfffefffffffffffa, 0x8000) r1 = open(&(0x7f0000000000)='./file0\x00', 0x25c000, 0x14) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/netfilter/nf_log/3\x00', 0xa2202, 0x0) mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x8000000000000003, 0x8000) (async) mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x8000000000000003, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0x900, 0x0) io_uring_setup$auto(0x6, 0x0) (async) io_uring_setup$auto(0x6, 0x0) io_uring_setup$auto(0x7, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/009/001\x00', 0xa101, 0x0) socket(0x8, 0x2, 0x0) io_uring_setup$auto(0x4, 0x0) (async) io_uring_setup$auto(0x4, 0x0) openat$auto_ftrace_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/events/vmalloc/free_vmap_area_noflush/enable\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_lowpan_enable_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x109500, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x60c40, 0x0) (async) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x60c40, 0x0) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x533d00, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) (async) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) socketpair$auto(0x4004, 0x7, 0x4, 0x0) (async) socketpair$auto(0x4004, 0x7, 0x4, 0x0) ioctl$auto_TCFLSH2(r2, 0x5408, 0x0) r3 = fcntl$auto(r1, 0x409, 0x40003f) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) 0s ago: executing program 0 (id=322): timer_settime$auto(0xffffffff, 0x9, &(0x7f0000000140)={{0x7, 0x4}, {0x10}}, 0x0) unshare$auto(0x40000080) (async) unshare$auto(0x40000080) timer_gettime$auto(0x2, &(0x7f0000000180)={{0x4, 0x3}, {0x4, 0x3}}) socket(0x80000000000000a, 0x2, 0x0) (async) r0 = socket(0x80000000000000a, 0x2, 0x0) r1 = openat$auto_ext4_dir_operations_ext4(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/bluetooth/hci4/hci4:201\x00', 0x131000, 0x0) ioctl$auto_FS_IOC_GET_ENCRYPTION_PWSALT(r1, 0x40106614, &(0x7f00000000c0)="5362943f4ecf0513136385f1e1807371") (async) ioctl$auto_FS_IOC_GET_ENCRYPTION_PWSALT(r1, 0x40106614, &(0x7f00000000c0)="5362943f4ecf0513136385f1e1807371") sendto$auto(r0, 0x0, 0x402, 0x101, &(0x7f0000000000)=@generic={0xa, "01e983638bffff4993021400"}, 0x1c) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/ksm_stat\x00', 0x2, 0x0) read$auto_proc_single_file_operations_base(r2, &(0x7f0000000040)=""/228, 0xe4) madvise$auto(0x110c230000, 0x8031ca, 0x9) socket(0x1d, 0x3, 0x1) mmap$auto(0xfffffffffffffffd, 0x83, 0x4000000000df, 0x40eb1, r0, 0x300000000000) socket(0xa, 0x1, 0x100) r3 = openat$auto_userio_fops_userio(0xffffffffffffff9c, &(0x7f0000000040), 0xc8000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) (async) r5 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_FEC_SET(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x2c, r5, 0x1, 0x70bd25, 0x25dfdbfe, {}, [@ETHTOOL_A_FEC_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_1\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x80}, 0xac8fe2812c61ec00) (async) sendmsg$auto_ETHTOOL_MSG_FEC_SET(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x2c, r5, 0x1, 0x70bd25, 0x25dfdbfe, {}, [@ETHTOOL_A_FEC_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_1\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x80}, 0xac8fe2812c61ec00) setsockopt$auto(r3, 0x29, 0x3, 0x0, 0x56b) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.70' (ED25519) to the list of known hosts. [ 86.157116][ T5818] cgroup: Unknown subsys name 'net' [ 86.331658][ T5818] cgroup: Unknown subsys name 'cpuset' [ 86.341106][ T5818] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 88.018734][ T5818] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 90.175210][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 90.185347][ T5832] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 90.193287][ T5832] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 90.201608][ T5832] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 90.209321][ T5832] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 90.253455][ T5838] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 90.261427][ T5832] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 90.262765][ T5838] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 90.276754][ T5838] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 90.284408][ T5838] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 90.292127][ T5838] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 90.300723][ T5838] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 90.300732][ T5832] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 90.308475][ T5832] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 90.323510][ T5832] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 90.347579][ T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 90.355748][ T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 90.363648][ T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 90.372331][ T5832] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 90.380371][ T5832] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 90.710815][ T5827] chnl_net:caif_netlink_parms(): no params data found [ 90.936348][ T5834] chnl_net:caif_netlink_parms(): no params data found [ 91.014997][ T5831] chnl_net:caif_netlink_parms(): no params data found [ 91.034366][ T5827] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.042770][ T5827] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.050293][ T5827] bridge_slave_0: entered allmulticast mode [ 91.057609][ T5827] bridge_slave_0: entered promiscuous mode [ 91.082924][ T5827] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.090176][ T5827] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.097357][ T5827] bridge_slave_1: entered allmulticast mode [ 91.104594][ T5827] bridge_slave_1: entered promiscuous mode [ 91.151868][ T5841] chnl_net:caif_netlink_parms(): no params data found [ 91.185052][ T5827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.215297][ T5827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.328314][ T5834] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.335989][ T5834] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.343662][ T5834] bridge_slave_0: entered allmulticast mode [ 91.351017][ T5834] bridge_slave_0: entered promiscuous mode [ 91.359342][ T5834] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.366497][ T5834] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.373891][ T5834] bridge_slave_1: entered allmulticast mode [ 91.381681][ T5834] bridge_slave_1: entered promiscuous mode [ 91.403308][ T5827] team0: Port device team_slave_0 added [ 91.427367][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.434563][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.442505][ T5831] bridge_slave_0: entered allmulticast mode [ 91.450271][ T5831] bridge_slave_0: entered promiscuous mode [ 91.458768][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.465920][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.473250][ T5831] bridge_slave_1: entered allmulticast mode [ 91.480854][ T5831] bridge_slave_1: entered promiscuous mode [ 91.490044][ T5827] team0: Port device team_slave_1 added [ 91.517615][ T5834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.569649][ T5834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.647058][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.657865][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.664845][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.691092][ T5827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.707501][ T5841] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.714651][ T5841] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.722530][ T5841] bridge_slave_0: entered allmulticast mode [ 91.733546][ T5841] bridge_slave_0: entered promiscuous mode [ 91.742906][ T5841] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.753933][ T5841] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.761439][ T5841] bridge_slave_1: entered allmulticast mode [ 91.773011][ T5841] bridge_slave_1: entered promiscuous mode [ 91.783672][ T5834] team0: Port device team_slave_0 added [ 91.795270][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.825847][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.833390][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.859476][ T5827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.900419][ T5834] team0: Port device team_slave_1 added [ 91.944997][ T5831] team0: Port device team_slave_0 added [ 91.972790][ T5841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.985966][ T5831] team0: Port device team_slave_1 added [ 92.028864][ T5841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.054702][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.062115][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.088802][ T5834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.144587][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.151871][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.178252][ T5834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.195125][ T5827] hsr_slave_0: entered promiscuous mode [ 92.201730][ T5827] hsr_slave_1: entered promiscuous mode [ 92.221470][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.228843][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.238567][ T5830] Bluetooth: hci0: command tx timeout [ 92.255606][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.295757][ T5841] team0: Port device team_slave_0 added [ 92.302547][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.309806][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.336064][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.368878][ T5841] team0: Port device team_slave_1 added [ 92.397448][ T5830] Bluetooth: hci2: command tx timeout [ 92.397456][ T5832] Bluetooth: hci1: command tx timeout [ 92.446466][ T5834] hsr_slave_0: entered promiscuous mode [ 92.454992][ T5834] hsr_slave_1: entered promiscuous mode [ 92.461198][ T5834] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 92.469045][ T5834] Cannot create hsr debugfs directory [ 92.478880][ T5830] Bluetooth: hci3: command tx timeout [ 92.496959][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.503979][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.530160][ T5841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.542766][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.550053][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.576225][ T5841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.623471][ T5831] hsr_slave_0: entered promiscuous mode [ 92.629829][ T5831] hsr_slave_1: entered promiscuous mode [ 92.635846][ T5831] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 92.643538][ T5831] Cannot create hsr debugfs directory [ 92.731992][ T5841] hsr_slave_0: entered promiscuous mode [ 92.738941][ T5841] hsr_slave_1: entered promiscuous mode [ 92.745072][ T5841] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 92.752692][ T5841] Cannot create hsr debugfs directory [ 93.107121][ T5827] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 93.121446][ T5827] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 93.137005][ T5827] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 93.149380][ T5827] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 93.219154][ T5834] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 93.237985][ T5834] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 93.258289][ T5834] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 93.271502][ T5834] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 93.323574][ T5831] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 93.359485][ T5831] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 93.388606][ T5831] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 93.400072][ T5831] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 93.484917][ T5841] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 93.503873][ T5841] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 93.514400][ T5841] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 93.526030][ T5841] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 93.600698][ T5827] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.664280][ T5827] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.684291][ T1341] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.692120][ T1341] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.715131][ T1341] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.722288][ T1341] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.743448][ T5834] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.798737][ T5834] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.811853][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.856037][ T5831] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.866889][ T3565] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.874118][ T3565] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.890108][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.929288][ T1341] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.936468][ T1341] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.954299][ T1341] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.961488][ T1341] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.994888][ T3565] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.002046][ T3565] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.017166][ T5841] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.130196][ T3565] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.137510][ T3565] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.147130][ T3565] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.154349][ T3565] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.325160][ T5830] Bluetooth: hci0: command tx timeout [ 94.380035][ T5827] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.479145][ T5830] Bluetooth: hci1: command tx timeout [ 94.479195][ T5832] Bluetooth: hci2: command tx timeout [ 94.523729][ T5827] veth0_vlan: entered promiscuous mode [ 94.560023][ T5832] Bluetooth: hci3: command tx timeout [ 94.568207][ T5827] veth1_vlan: entered promiscuous mode [ 94.612669][ T5827] veth0_macvtap: entered promiscuous mode [ 94.623057][ T5827] veth1_macvtap: entered promiscuous mode [ 94.705219][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.735940][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.772172][ T5827] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.782404][ T5827] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.794194][ T5827] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.806400][ T5827] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.842396][ T5834] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.898713][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.931999][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.020862][ T5834] veth0_vlan: entered promiscuous mode [ 95.054678][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.083743][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.096786][ T5834] veth1_vlan: entered promiscuous mode [ 95.155332][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.167605][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.170741][ T5831] veth0_vlan: entered promiscuous mode [ 95.201579][ T5841] veth0_vlan: entered promiscuous mode [ 95.220891][ T5831] veth1_vlan: entered promiscuous mode [ 95.253274][ T5841] veth1_vlan: entered promiscuous mode [ 95.280428][ T5834] veth0_macvtap: entered promiscuous mode [ 95.282511][ T5827] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 95.321532][ T5834] veth1_macvtap: entered promiscuous mode [ 95.396272][ T5841] veth0_macvtap: entered promiscuous mode [ 95.415565][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.435321][ T5831] veth0_macvtap: entered promiscuous mode [ 95.445606][ T5841] veth1_macvtap: entered promiscuous mode [ 95.471347][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.489202][ T5831] veth1_macvtap: entered promiscuous mode [ 95.530972][ T5834] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.542309][ T5834] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.552861][ T5834] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.562152][ T5834] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.601894][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.638324][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.665054][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.729863][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.744638][ T5841] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.754633][ T5841] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.767821][ T5841] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.776643][ T5841] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.823667][ T5831] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.841397][ T5831] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.850683][ T5831] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.859842][ T5831] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.990439][ T3534] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.009729][ T3534] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.112180][ T3534] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.129552][ T3534] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.244166][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.255880][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.316419][ T3565] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.331626][ T3565] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.397848][ T5832] Bluetooth: hci0: command tx timeout [ 96.419400][ T65] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.430916][ T65] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.558864][ T5832] Bluetooth: hci1: command tx timeout [ 96.564375][ T5832] Bluetooth: hci2: command tx timeout [ 96.638752][ T5832] Bluetooth: hci3: command tx timeout [ 96.769499][ T3534] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.803318][ T3534] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.811995][ T982] cfg80211: failed to load regulatory.db [ 97.292595][ T5941] syz.1.2 uses obsolete (PF_INET,SOCK_PACKET) [ 97.506674][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 97.588004][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 97.596854][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 97.606178][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.497546][ T5832] Bluetooth: hci0: command tx timeout [ 98.638344][ T5832] Bluetooth: hci2: command tx timeout [ 98.647419][ T5832] Bluetooth: hci1: command tx timeout [ 98.725361][ T5832] Bluetooth: hci3: command tx timeout syzkaller syzkaller login: [ 99.108289][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 99.116599][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 99.837971][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 100.127725][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 100.177703][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 100.186385][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 100.347682][ T5966] FAULT_INJECTION: forcing a failure. [ 100.347682][ T5966] name failslab, interval 1, probability 0, space 0, times 1 [ 100.371002][ T5966] CPU: 0 UID: 0 PID: 5966 Comm: syz.2.9 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 100.371043][ T5966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 100.371063][ T5966] Call Trace: [ 100.371073][ T5966] [ 100.371087][ T5966] dump_stack_lvl+0x16c/0x1f0 [ 100.371140][ T5966] should_fail_ex+0x512/0x640 [ 100.371179][ T5966] ? fs_reclaim_acquire+0xae/0x150 [ 100.371215][ T5966] ? ext4_find_extent+0x844/0xa70 [ 100.371256][ T5966] should_failslab+0xc2/0x120 [ 100.371282][ T5966] __kmalloc_noprof+0xd2/0x510 [ 100.371333][ T5966] ext4_find_extent+0x844/0xa70 [ 100.371383][ T5966] ext4_ext_map_blocks+0x290/0x5ff0 [ 100.371430][ T5966] ? lockdep_unlock+0x64/0xe0 [ 100.371467][ T5966] ? check_irq_usage+0xcb/0x920 [ 100.371514][ T5966] ? __pfx_ext4_ext_map_blocks+0x10/0x10 [ 100.371577][ T5966] ? lockdep_unlock+0x64/0xe0 [ 100.371602][ T5966] ? __lock_acquire+0x1053/0x1c90 [ 100.371665][ T5966] ext4_map_query_blocks+0x114/0x8a0 [ 100.371698][ T5966] ? __pfx_ext4_map_query_blocks+0x10/0x10 [ 100.371726][ T5966] ? __pfx_down_read+0x10/0x10 [ 100.371753][ T5966] ? ext4_es_lookup_extent+0xc7/0xc50 [ 100.371792][ T5966] ext4_map_blocks+0x510/0x14b0 [ 100.371835][ T5966] ? __pfx_ext4_map_blocks+0x10/0x10 [ 100.371873][ T5966] ? xa_load+0x153/0x2c0 [ 100.371897][ T5966] ? __pfx_xa_load+0x10/0x10 [ 100.371946][ T5966] ext4_mpage_readpages+0xdf2/0x19d0 [ 100.372007][ T5966] ? __pfx_ext4_mpage_readpages+0x10/0x10 [ 100.372043][ T5966] ? __filemap_add_folio+0xb94/0x11d0 [ 100.372099][ T5966] ext4_readahead+0x102/0x140 [ 100.372129][ T5966] ? __pfx_ext4_readahead+0x10/0x10 [ 100.372158][ T5966] read_pages+0x1c4/0xc70 [ 100.372207][ T5966] ? __pfx_read_pages+0x10/0x10 [ 100.372261][ T5966] page_cache_ra_unbounded+0x421/0x7d0 [ 100.372317][ T5966] page_cache_ra_order+0x9c8/0xd00 [ 100.372375][ T5966] page_cache_sync_ra+0x4b4/0x9c0 [ 100.372422][ T5966] filemap_get_pages+0xb62/0x1c20 [ 100.372482][ T5966] ? __pfx_filemap_get_pages+0x10/0x10 [ 100.372536][ T5966] ? __pfx___might_resched+0x10/0x10 [ 100.372572][ T5966] filemap_read+0x3d2/0xe40 [ 100.372634][ T5966] ? __pfx_filemap_read+0x10/0x10 [ 100.372708][ T5966] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 100.372769][ T5966] ? stack_depot_save_flags+0x3e0/0xa40 [ 100.372830][ T5966] generic_file_read_iter+0x344/0x450 [ 100.372881][ T5966] ? kasan_save_stack+0x33/0x60 [ 100.372936][ T5966] ? kasan_save_track+0x14/0x30 [ 100.372988][ T5966] ext4_file_read_iter+0x1d6/0x6a0 [ 100.373031][ T5966] __kernel_read+0x3f0/0xb60 [ 100.373080][ T5966] ? __pfx___kernel_read+0x10/0x10 [ 100.373124][ T5966] ? ____sys_sendmsg+0xa98/0xc70 [ 100.373162][ T5966] ? do_syscall_64+0xcd/0x490 [ 100.373209][ T5966] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.373274][ T5966] integrity_kernel_read+0x7e/0xb0 [ 100.373319][ T5966] ? __pfx_integrity_kernel_read+0x10/0x10 [ 100.373367][ T5966] ? kasan_save_track+0x14/0x30 [ 100.373418][ T5966] ima_calc_file_hash_tfm+0x259/0x350 [ 100.373473][ T5966] ? __pfx_ima_calc_file_hash_tfm+0x10/0x10 [ 100.373575][ T5966] ? ext4_getattr+0x348/0xa20 [ 100.373615][ T5966] ? __lock_acquire+0x1053/0x1c90 [ 100.373660][ T5966] ? ima_alloc_tfm+0x21a/0x2e0 [ 100.373708][ T5966] ? ext4_file_getattr+0x25f/0x380 [ 100.373768][ T5966] ima_calc_file_hash+0x1ba/0x490 [ 100.373826][ T5966] ima_collect_measurement+0x897/0xa40 [ 100.373884][ T5966] ? __pfx_ima_collect_measurement+0x10/0x10 [ 100.373961][ T5966] ? __pfx_ext4_xattr_get+0x10/0x10 [ 100.373988][ T5966] ? __mutex_lock+0x1ca/0xb90 [ 100.374032][ T5966] ? xattr_resolve_name+0x27b/0x3f0 [ 100.374074][ T5966] ? vfs_getxattr_alloc+0xec/0x340 [ 100.374120][ T5966] ? ima_get_hash_algo+0x27c/0x400 [ 100.374159][ T5966] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 100.374205][ T5966] ? process_measurement+0x11fa/0x23e0 [ 100.374247][ T5966] process_measurement+0x11fa/0x23e0 [ 100.374302][ T5966] ? __pfx_process_measurement+0x10/0x10 [ 100.374351][ T5966] ? find_held_lock+0x2b/0x80 [ 100.374380][ T5966] ? fscrypt_file_open+0x47c/0x590 [ 100.374455][ T5966] ? __pfx___fsnotify_parent+0x10/0x10 [ 100.374500][ T5966] ima_file_check+0xc5/0x110 [ 100.374542][ T5966] ? __pfx_ima_file_check+0x10/0x10 [ 100.374585][ T5966] ? vfs_open+0x2e3/0x3f0 [ 100.374617][ T5966] security_file_post_open+0x8e/0x210 [ 100.374653][ T5966] path_openat+0x1404/0x2cb0 [ 100.374703][ T5966] ? trace_kmem_cache_alloc+0x28/0xc0 [ 100.374731][ T5966] ? kmem_cache_alloc_noprof+0x21e/0x3b0 [ 100.374773][ T5966] ? __pfx_path_openat+0x10/0x10 [ 100.374815][ T5966] ? __asan_memcpy+0x3c/0x60 [ 100.374857][ T5966] do_file_open_root+0x322/0x610 [ 100.374901][ T5966] ? __pfx_do_file_open_root+0x10/0x10 [ 100.374987][ T5966] ? vsnprintf+0x318/0x1160 [ 100.375031][ T5966] file_open_root+0x2a7/0x450 [ 100.375074][ T5966] ? __pfx_file_open_root+0x10/0x10 [ 100.375114][ T5966] ? find_held_lock+0x2b/0x80 [ 100.375144][ T5966] ? kernel_read_file_from_path_initns+0x17a/0x260 [ 100.375182][ T5966] kernel_read_file_from_path_initns+0x189/0x260 [ 100.375218][ T5966] ? __pfx_kernel_read_file_from_path_initns+0x10/0x10 [ 100.375260][ T5966] _request_firmware+0x744/0x1470 [ 100.375311][ T5966] ? __pfx__request_firmware+0x10/0x10 [ 100.375346][ T5966] ? __pfx_netdev_run_todo+0x10/0x10 [ 100.375371][ T5966] ? __pfx___mutex_lock+0x10/0x10 [ 100.375423][ T5966] request_firmware+0x35/0x50 [ 100.375459][ T5966] reg_reload_regdb+0x89/0x460 [ 100.375492][ T5966] ? __pfx_reg_reload_regdb+0x10/0x10 [ 100.375528][ T5966] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 100.375567][ T5966] ? nl80211_pre_doit+0x1b0/0xb10 [ 100.375613][ T5966] genl_family_rcv_msg_doit+0x209/0x2f0 [ 100.375652][ T5966] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 100.375686][ T5966] ? rcu_is_watching+0x12/0xc0 [ 100.375726][ T5966] ? bpf_lsm_capable+0x9/0x10 [ 100.375759][ T5966] ? security_capable+0x7e/0x260 [ 100.375812][ T5966] genl_rcv_msg+0x55c/0x800 [ 100.375851][ T5966] ? __pfx_genl_rcv_msg+0x10/0x10 [ 100.375887][ T5966] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 100.375932][ T5966] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 100.375962][ T5966] ? __pfx_nl80211_post_doit+0x10/0x10 [ 100.376018][ T5966] netlink_rcv_skb+0x158/0x420 [ 100.376049][ T5966] ? __pfx_genl_rcv_msg+0x10/0x10 [ 100.376085][ T5966] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 100.376131][ T5966] ? netlink_deliver_tap+0x1ae/0xd30 [ 100.376165][ T5966] genl_rcv+0x28/0x40 [ 100.376194][ T5966] netlink_unicast+0x53a/0x7f0 [ 100.376228][ T5966] ? __pfx_netlink_unicast+0x10/0x10 [ 100.376268][ T5966] netlink_sendmsg+0x8d1/0xdd0 [ 100.376305][ T5966] ? __pfx_netlink_sendmsg+0x10/0x10 [ 100.376349][ T5966] ____sys_sendmsg+0xa98/0xc70 [ 100.376383][ T5966] ? copy_msghdr_from_user+0x10a/0x160 [ 100.376425][ T5966] ? __pfx_____sys_sendmsg+0x10/0x10 [ 100.376466][ T5966] ? __pfx_futex_wake_mark+0x10/0x10 [ 100.376512][ T5966] ___sys_sendmsg+0x134/0x1d0 [ 100.376557][ T5966] ? __pfx____sys_sendmsg+0x10/0x10 [ 100.376597][ T5966] ? __lock_acquire+0x622/0x1c90 [ 100.376681][ T5966] __sys_sendmsg+0x16d/0x220 [ 100.376725][ T5966] ? __pfx___sys_sendmsg+0x10/0x10 [ 100.376767][ T5966] ? __x64_sys_futex+0x1e0/0x4c0 [ 100.376810][ T5966] ? syscall_user_dispatch+0x78/0x140 [ 100.376866][ T5966] do_syscall_64+0xcd/0x490 [ 100.376918][ T5966] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.376947][ T5966] RIP: 0033:0x7f0f6878e929 [ 100.376983][ T5966] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 100.377015][ T5966] RSP: 002b:00007f0f69685038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 100.377043][ T5966] RAX: ffffffffffffffda RBX: 00007f0f689b5fa0 RCX: 00007f0f6878e929 [ 100.377061][ T5966] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000005 [ 100.377078][ T5966] RBP: 00007f0f68810b39 R08: 0000000000000000 R09: 0000000000000000 [ 100.377094][ T5966] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 100.377110][ T5966] R13: 0000000000000000 R14: 00007f0f689b5fa0 R15: 00007ffd6269a9d8 [ 100.377147][ T5966] [ 101.229349][ T5966] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12 [ 101.336243][ T30] audit: type=1800 audit(1750849885.860:2): pid=5966 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.9" name="regulatory.db" dev="sda1" ino=448 res=0 errno=0 [ 101.863420][ T5966] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12 [ 101.997615][ T5966] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 102.114165][ T5966] syz.2.9 (5966) used greatest stack depth: 18120 bytes left [ 104.134729][ T5993] usb usb36: usbfs: process 5993 (syz.2.15) did not claim interface 0 before use [ 105.670209][ T30] audit: type=1800 audit(1750849890.300:3): pid=6005 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.18" name="dbroot" dev="configfs" ino=7030 res=0 errno=0 [ 106.511839][ T6027] netlink: 8 bytes leftover after parsing attributes in process `syz.1.21'. [ 106.709655][ T6033] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 106.768220][ T6033] KVM: debugfs: duplicate directory 6033-4 [ 107.589112][ T30] audit: type=1804 audit(1750849892.220:4): pid=6050 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.27" name="/newroot/8/file0" dev="tmpfs" ino=59 res=1 errno=0 [ 108.233354][ T6058] netlink: 330 bytes leftover after parsing attributes in process `syz.1.30'. [ 108.255751][ T6061] netlink: 330 bytes leftover after parsing attributes in process `syz.1.30'. [ 113.416249][ T6142] FAULT_INJECTION: forcing a failure. [ 113.416249][ T6142] name failslab, interval 1, probability 0, space 0, times 0 [ 113.530020][ T6142] CPU: 0 UID: 0 PID: 6142 Comm: syz.3.45 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 113.530050][ T6142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 113.530063][ T6142] Call Trace: [ 113.530070][ T6142] [ 113.530077][ T6142] dump_stack_lvl+0x16c/0x1f0 [ 113.530112][ T6142] should_fail_ex+0x512/0x640 [ 113.530141][ T6142] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 113.530174][ T6142] should_failslab+0xc2/0x120 [ 113.530194][ T6142] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 113.530223][ T6142] ? mark_held_locks+0x49/0x80 [ 113.530249][ T6142] ? key_alloc+0x3e0/0x1330 [ 113.530277][ T6142] key_alloc+0x3e0/0x1330 [ 113.530310][ T6142] ? __pfx_key_alloc+0x10/0x10 [ 113.530335][ T6142] ? __pfx_key_default_cmp+0x10/0x10 [ 113.530364][ T6142] ? __pfx_keyring_search_iterator+0x10/0x10 [ 113.530397][ T6142] keyring_alloc+0x44/0xc0 [ 113.530427][ T6142] look_up_user_keyrings+0x510/0x760 [ 113.530454][ T6142] ? __pfx_look_up_user_keyrings+0x10/0x10 [ 113.530486][ T6142] lookup_user_key+0x1a3/0x1300 [ 113.530512][ T6142] ? __pfx_lookup_user_key+0x10/0x10 [ 113.530533][ T6142] ? do_futex+0x122/0x350 [ 113.530563][ T6142] ? __pfx_lookup_user_key_possessed+0x10/0x10 [ 113.530591][ T6142] ? fput+0x70/0xf0 [ 113.530614][ T6142] keyctl_keyring_clear+0x24/0x1a0 [ 113.530634][ T6142] __do_sys_keyctl+0x355/0x590 [ 113.530656][ T6142] do_syscall_64+0xcd/0x490 [ 113.530694][ T6142] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.530716][ T6142] RIP: 0033:0x7fd990d8e929 [ 113.530732][ T6142] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 113.530750][ T6142] RSP: 002b:00007fd991b7e038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 113.530769][ T6142] RAX: ffffffffffffffda RBX: 00007fd990fb6160 RCX: 00007fd990d8e929 [ 113.530782][ T6142] RDX: 0000000000000002 RSI: 00000000fffffffb RDI: 0000000000000007 [ 113.530793][ T6142] RBP: 00007fd990e10b39 R08: 0000000000000008 R09: 0000000000000000 [ 113.530805][ T6142] R10: 000000000000003e R11: 0000000000000246 R12: 0000000000000000 [ 113.530817][ T6142] R13: 0000000000000000 R14: 00007fd990fb6160 R15: 00007ffcb585aef8 [ 113.530842][ T6142] [ 114.815503][ T6154] warning: `syz.2.47' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 118.566232][ T6204] Zero length message leads to an empty skb [ 118.960364][ T6218] FAULT_INJECTION: forcing a failure. [ 118.960364][ T6218] name failslab, interval 1, probability 0, space 0, times 0 [ 118.993824][ T6218] CPU: 0 UID: 0 PID: 6218 Comm: syz.3.62 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 118.993903][ T6218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 118.993982][ T6218] Call Trace: [ 118.993991][ T6218] [ 118.994001][ T6218] dump_stack_lvl+0x16c/0x1f0 [ 118.994046][ T6218] should_fail_ex+0x512/0x640 [ 118.994082][ T6218] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 118.994124][ T6218] should_failslab+0xc2/0x120 [ 118.994148][ T6218] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 118.994188][ T6218] ? __d_alloc+0x31/0xaa0 [ 118.994230][ T6218] __d_alloc+0x31/0xaa0 [ 118.994272][ T6218] d_alloc_pseudo+0x1c/0xc0 [ 118.994299][ T6218] alloc_file_pseudo+0xcf/0x230 [ 118.994328][ T6218] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 118.994363][ T6218] __shmem_file_setup+0x1a3/0x330 [ 118.994398][ T6218] shmem_zero_setup+0x93/0x1a0 [ 118.994436][ T6218] __mmap_region+0x1ece/0x25e0 [ 118.994480][ T6218] ? __pfx___mmap_region+0x10/0x10 [ 118.994523][ T6218] ? rcu_is_watching+0x12/0xc0 [ 118.994557][ T6218] ? rcu_is_watching+0x12/0xc0 [ 118.994584][ T6218] ? trace_sched_exit_tp+0xde/0x130 [ 118.994618][ T6218] ? __schedule+0x1181/0x5de0 [ 118.994674][ T6218] ? __pfx___schedule+0x10/0x10 [ 118.994751][ T6218] ? trace_cap_capable+0x18d/0x200 [ 118.994790][ T6218] mmap_region+0x1ab/0x3f0 [ 118.994830][ T6218] ? __get_unmapped_area+0x267/0x440 [ 118.994865][ T6218] do_mmap+0xa3e/0x1210 [ 118.994902][ T6218] ? __pfx_do_mmap+0x10/0x10 [ 118.994943][ T6218] ? __pfx_down_write_killable+0x10/0x10 [ 118.994979][ T6218] vm_mmap_pgoff+0x281/0x450 [ 118.995014][ T6218] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 118.995052][ T6218] ? __x64_sys_futex+0x1e0/0x4c0 [ 118.995083][ T6218] ? __x64_sys_futex+0x1e9/0x4c0 [ 118.995122][ T6218] ksys_mmap_pgoff+0x7d/0x5c0 [ 118.995149][ T6218] ? xfd_validate_state+0x61/0x180 [ 118.995182][ T6218] ? __pfx_ksys_write+0x10/0x10 [ 118.995226][ T6218] __x64_sys_mmap+0x125/0x190 [ 118.995267][ T6218] do_syscall_64+0xcd/0x490 [ 118.995312][ T6218] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.995341][ T6218] RIP: 0033:0x7fd990d8e929 [ 118.995364][ T6218] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 118.995390][ T6218] RSP: 002b:00007fd991bc0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 118.995416][ T6218] RAX: ffffffffffffffda RBX: 00007fd990fb5fa0 RCX: 00007fd990d8e929 [ 118.995434][ T6218] RDX: 0000000000000003 RSI: 000000000202000a RDI: 0000000000000000 [ 118.995449][ T6218] RBP: 00007fd990e10b39 R08: fffffffffffffffa R09: 0000000000000000 [ 118.995466][ T6218] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 118.995481][ T6218] R13: 0000000000000000 R14: 00007fd990fb5fa0 R15: 00007ffcb585aef8 [ 118.995515][ T6218] [ 120.463225][ T6235] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 128.130309][ T6326] random: crng reseeded on system resumption [ 133.378472][ T6402] netlink: 186 bytes leftover after parsing attributes in process `syz.0.100'. [ 136.113582][ T6439] netdevsim netdevsim16 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 136.393041][ T6458] syz.1.112 (6458): /proc/6457/oom_adj is deprecated, please use /proc/6457/oom_score_adj instead. [ 136.429413][ T6458] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input5 [ 136.514865][ T6462] netlink: 'syz.1.112': attribute type 1 has an invalid length. [ 136.562686][ T6462] netlink: 33 bytes leftover after parsing attributes in process `syz.1.112'. [ 137.568595][ T6487] bcache: register_bcache() error : failed to open device [ 137.782628][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 137.789495][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 139.438724][ T6522] netlink: 1524 bytes leftover after parsing attributes in process `syz.0.123'. [ 140.544152][ T6506] kexec: Could not allocate control_code_buffer [ 141.623554][ T6549] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input6 [ 143.677981][ T6589] process 'syz.2.136' launched './file0' with NULL argv: empty string added [ 145.058062][ T6612] random: crng reseeded on system resumption [ 145.426527][ T6599] zswap: compressor not available [ 145.452590][ T6598] Setting dangerous option i915.mitigations - tainting kernel [ 147.669262][ T6640] netlink: 26 bytes leftover after parsing attributes in process `syz.0.145'. [ 147.777872][ T6640] openvswitch: netlink: IP tunnel dst address not specified [ 147.919749][ T6641] netlink: 28 bytes leftover after parsing attributes in process `syz.0.145'. [ 148.146659][ T6656] nvme_fabrics: missing parameter 'transport=%s' [ 148.165395][ T6656] nvme_fabrics: missing parameter 'nqn=%s' [ 149.656867][ T6686] loop6: detected capacity change from 0 to 8192 [ 150.748906][ T6712] HfR: entered promiscuous mode [ 150.859284][ T6712] netlink: 12 bytes leftover after parsing attributes in process `syz.0.162'. [ 150.898073][ T6712] HfR: left promiscuous mode [ 152.135426][ T6736] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 155.972213][ T6797] netlink: 28 bytes leftover after parsing attributes in process `syz.3.179'. [ 158.311135][ T6834] FAULT_INJECTION: forcing a failure. [ 158.311135][ T6834] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 158.327836][ T6834] CPU: 0 UID: 0 PID: 6834 Comm: syz.0.186 Tainted: G U 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 158.327882][ T6834] Tainted: [U]=USER [ 158.327891][ T6834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 158.327907][ T6834] Call Trace: [ 158.327917][ T6834] [ 158.327927][ T6834] dump_stack_lvl+0x16c/0x1f0 [ 158.327990][ T6834] should_fail_ex+0x512/0x640 [ 158.328034][ T6834] _copy_from_user+0x2e/0xd0 [ 158.328078][ T6834] post_copy_siginfo_from_user.isra.0+0x16e/0x300 [ 158.328120][ T6834] ? __pfx_post_copy_siginfo_from_user.isra.0+0x10/0x10 [ 158.328161][ T6834] ? find_held_lock+0x2b/0x80 [ 158.328205][ T6834] __x64_sys_rt_tgsigqueueinfo+0x151/0x210 [ 158.328245][ T6834] ? __pfx___x64_sys_rt_tgsigqueueinfo+0x10/0x10 [ 158.328301][ T6834] do_syscall_64+0xcd/0x490 [ 158.328346][ T6834] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.328374][ T6834] RIP: 0033:0x7fd43518e929 [ 158.328403][ T6834] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 158.328429][ T6834] RSP: 002b:00007fd435f41038 EFLAGS: 00000246 ORIG_RAX: 0000000000000129 [ 158.328457][ T6834] RAX: ffffffffffffffda RBX: 00007fd4353b5fa0 RCX: 00007fd43518e929 [ 158.328474][ T6834] RDX: 000000000000001f RSI: 00000000000000e4 RDI: 00000000000000e3 [ 158.328489][ T6834] RBP: 00007fd435210b39 R08: 0000000000000000 R09: 0000000000000000 [ 158.328505][ T6834] R10: 0000200000000400 R11: 0000000000000246 R12: 0000000000000000 [ 158.328520][ T6834] R13: 0000000000000000 R14: 00007fd4353b5fa0 R15: 00007fff92eb3198 [ 158.328554][ T6834] [ 159.241843][ T6849] netlink: 330 bytes leftover after parsing attributes in process `syz.3.190'. [ 159.814333][ T6857] netlink: 350 bytes leftover after parsing attributes in process `syz.3.193'. [ 160.754611][ T5895] smpboot: CPU 1 is now offline [ 163.207444][ T6900] ptrace attach of "./syz-executor exec"[5831] was attempted by "./syz-executor exec"[6900] [ 165.088434][ T6926] netdevsim netdevsim15 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 166.275187][ T6954] FAULT_INJECTION: forcing a failure. [ 166.275187][ T6954] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 166.357538][ T6954] CPU: 0 UID: 0 PID: 6954 Comm: syz.1.215 Tainted: G U 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 166.357571][ T6954] Tainted: [U]=USER [ 166.357578][ T6954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 166.357589][ T6954] Call Trace: [ 166.357596][ T6954] [ 166.357609][ T6954] dump_stack_lvl+0x16c/0x1f0 [ 166.357645][ T6954] should_fail_ex+0x512/0x640 [ 166.357678][ T6954] should_fail_alloc_page+0xe7/0x130 [ 166.357700][ T6954] prepare_alloc_pages+0x3c2/0x610 [ 166.357724][ T6954] ? rcu_is_watching+0x12/0xc0 [ 166.357746][ T6954] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 166.357777][ T6954] ? kasan_save_stack+0x42/0x60 [ 166.357808][ T6954] ? css_rstat_updated+0x9d/0xd30 [ 166.357832][ T6954] ? rcu_is_watching+0x12/0xc0 [ 166.357852][ T6954] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 166.357882][ T6954] ? __mod_zone_page_state+0xcc/0x1a0 [ 166.357915][ T6954] ? __lock_acquire+0x622/0x1c90 [ 166.357944][ T6954] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 166.357976][ T6954] ? policy_nodemask+0xea/0x4e0 [ 166.357996][ T6954] alloc_pages_mpol+0x1fb/0x550 [ 166.358016][ T6954] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 166.358041][ T6954] folio_alloc_mpol_noprof+0x36/0x2f0 [ 166.358065][ T6954] vma_alloc_folio_noprof+0xed/0x1e0 [ 166.358087][ T6954] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 166.358109][ T6954] ? find_held_lock+0x2b/0x80 [ 166.358128][ T6954] ? __handle_mm_fault+0x1092/0x5490 [ 166.358158][ T6954] __handle_mm_fault+0x2f21/0x5490 [ 166.358191][ T6954] ? __pfx___handle_mm_fault+0x10/0x10 [ 166.358218][ T6954] ? __pte_offset_map_lock+0x174/0x310 [ 166.358238][ T6954] ? find_held_lock+0x2b/0x80 [ 166.358256][ T6954] ? find_held_lock+0x2b/0x80 [ 166.358281][ T6954] ? follow_page_pte+0x3af/0x14c0 [ 166.358309][ T6954] handle_mm_fault+0x589/0xd10 [ 166.358341][ T6954] __get_user_pages+0x589/0x3b80 [ 166.358370][ T6954] ? __pfx_mt_find+0x10/0x10 [ 166.358389][ T6954] ? __pfx___get_user_pages+0x10/0x10 [ 166.358420][ T6954] populate_vma_page_range+0x278/0x3a0 [ 166.358446][ T6954] ? __pfx_populate_vma_page_range+0x10/0x10 [ 166.358471][ T6954] ? __pfx_find_vma_intersection+0x10/0x10 [ 166.358494][ T6954] ? do_mmap+0x69c/0x1210 [ 166.358519][ T6954] __mm_populate+0x1d8/0x380 [ 166.358543][ T6954] ? __pfx___mm_populate+0x10/0x10 [ 166.358569][ T6954] ? up_write+0x1b2/0x520 [ 166.358611][ T6954] vm_mmap_pgoff+0x362/0x450 [ 166.358634][ T6954] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 166.358660][ T6954] ? __x64_sys_futex+0x1e0/0x4c0 [ 166.358683][ T6954] ? __x64_sys_futex+0x1e9/0x4c0 [ 166.358710][ T6954] ksys_mmap_pgoff+0x7d/0x5c0 [ 166.358731][ T6954] ? xfd_validate_state+0x61/0x180 [ 166.358760][ T6954] __x64_sys_mmap+0x125/0x190 [ 166.358790][ T6954] do_syscall_64+0xcd/0x490 [ 166.358822][ T6954] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.358842][ T6954] RIP: 0033:0x7f61ec98e929 [ 166.358858][ T6954] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 166.358877][ T6954] RSP: 002b:00007f61ed835038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 166.358895][ T6954] RAX: ffffffffffffffda RBX: 00007f61ecbb6080 RCX: 00007f61ec98e929 [ 166.358908][ T6954] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 166.358920][ T6954] RBP: 00007f61eca10b39 R08: 0000000000000002 R09: 0000000000008000 [ 166.358932][ T6954] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 166.358943][ T6954] R13: 0000000000000000 R14: 00007f61ecbb6080 R15: 00007ffc5f0b19b8 [ 166.358968][ T6954] [ 167.736987][ T6963] Line length is too long: Should be less than 4094 [ 168.137892][ T6935] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 168.146101][ T6935] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 168.251908][ T6935] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 168.321455][ T6935] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 168.334825][ T6935] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 168.483150][ T6935] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 168.590796][ T6935] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 168.596848][ T6935] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 168.828177][ T6935] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 168.936692][ T6935] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 168.969612][ T6935] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 169.043377][ T6935] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 170.159246][ T5832] Bluetooth: hci0: command 0x0c1a tx timeout [ 170.397374][ T5832] Bluetooth: hci1: command 0x0c1a tx timeout [ 170.646341][ T5832] Bluetooth: hci2: command 0x0c1a tx timeout [ 170.911263][ T6987] kexec: Could not allocate control_code_buffer [ 170.957408][ T5832] Bluetooth: hci3: command 0x0c1a tx timeout [ 172.032338][ T7018] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 172.237329][ T5832] Bluetooth: hci0: command 0x0c1a tx timeout [ 172.411688][ T7014] could not allocate digest TFM handle  [ 172.448841][ T7013] ima: policy update failed [ 172.473932][ T30] audit: type=1802 audit(6045817405.096:5): pid=7013 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.231" res=0 errno=0 [ 172.493029][ T5832] Bluetooth: hci1: command 0x0c1a tx timeout [ 172.718665][ T5832] Bluetooth: hci2: command 0x0c1a tx timeout [ 172.917978][ T7027] ima: policy update failed [ 172.922632][ T30] audit: type=1802 audit(6045817405.556:6): pid=7027 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.233" res=0 errno=0 [ 173.042165][ T5832] Bluetooth: hci3: command 0x0c1a tx timeout [ 174.317351][ T5832] Bluetooth: hci0: command 0x0c1a tx timeout [ 174.559631][ T5832] Bluetooth: hci1: command 0x0c1a tx timeout [ 174.797470][ T5832] Bluetooth: hci2: command 0x0c1a tx timeout [ 175.117535][ T5832] Bluetooth: hci3: command 0x0c1a tx timeout [ 175.636285][ T7073] netlink: 'syz.2.243': attribute type 11 has an invalid length. [ 175.700261][ T7073] netlink: 'syz.2.243': attribute type 11 has an invalid length. [ 175.722443][ T7054] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 175.762274][ T7073] netlink: 4 bytes leftover after parsing attributes in process `syz.2.243'. [ 175.775841][ T7054] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 175.821537][ T7054] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 175.845940][ T7073] netlink: 'syz.2.243': attribute type 11 has an invalid length. [ 175.873620][ T7054] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 175.906404][ T7073] netlink: 20 bytes leftover after parsing attributes in process `syz.2.243'. [ 175.991234][ T7073] netlink: 200 bytes leftover after parsing attributes in process `syz.2.243'. [ 176.453699][ T7081] capability: warning: `syz.1.246' uses 32-bit capabilities (legacy support in use) [ 176.594841][ T7077] FAULT_INJECTION: forcing a failure. [ 176.594841][ T7077] name failslab, interval 1, probability 0, space 0, times 0 [ 176.691411][ T7077] CPU: 0 UID: 0 PID: 7077 Comm: syz.3.244 Tainted: G U 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 176.691449][ T7077] Tainted: [U]=USER [ 176.691456][ T7077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 176.691469][ T7077] Call Trace: [ 176.691476][ T7077] [ 176.691485][ T7077] dump_stack_lvl+0x16c/0x1f0 [ 176.691537][ T7077] should_fail_ex+0x512/0x640 [ 176.691593][ T7077] should_failslab+0xc2/0x120 [ 176.691616][ T7077] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 176.691658][ T7077] ? __alloc_skb+0x2b2/0x380 [ 176.691697][ T7077] __alloc_skb+0x2b2/0x380 [ 176.691730][ T7077] ? __pfx___alloc_skb+0x10/0x10 [ 176.691762][ T7077] ? find_held_lock+0x2b/0x80 [ 176.691789][ T7077] ? __lock_acquire+0x622/0x1c90 [ 176.691823][ T7077] sctp_packet_transmit+0x1ca/0x3040 [ 176.691865][ T7077] ? find_held_lock+0x2b/0x80 [ 176.691888][ T7077] ? sctp_outq_flush+0xb4e/0x3350 [ 176.691933][ T7077] sctp_outq_flush+0xb68/0x3350 [ 176.691969][ T7077] ? __pfx_sctp_outq_flush+0x10/0x10 [ 176.691995][ T7077] ? sctp_make_sack+0x377/0x520 [ 176.692042][ T7077] sctp_outq_tail+0x840/0xa30 [ 176.692074][ T7077] sctp_assoc_rwnd_increase+0x467/0x6a0 [ 176.692105][ T7077] sctp_ulpevent_free+0x217/0x4d0 [ 176.692132][ T7077] sctp_queue_purge_ulpevents+0xb8/0x100 [ 176.692162][ T7077] sctp_close+0x13b/0x940 [ 176.692189][ T7077] ? __pfx_sctp_close+0x10/0x10 [ 176.692210][ T7077] ? __pfx___might_resched+0x10/0x10 [ 176.692239][ T7077] ? down_write+0x14d/0x200 [ 176.692259][ T7077] ? ip_mc_drop_socket+0x1f/0x280 [ 176.692283][ T7077] ? __pfx_down_write+0x10/0x10 [ 176.692307][ T7077] inet_release+0x13f/0x280 [ 176.692338][ T7077] __sock_release+0xb0/0x270 [ 176.692375][ T7077] ? __pfx_sock_close+0x10/0x10 [ 176.692393][ T7077] sock_close+0x1c/0x30 [ 176.692411][ T7077] __fput+0x402/0xb70 [ 176.692434][ T7077] ? _raw_spin_unlock_irq+0x23/0x50 [ 176.692472][ T7077] task_work_run+0x14d/0x240 [ 176.692506][ T7077] ? __pfx_task_work_run+0x10/0x10 [ 176.692541][ T7077] ? __pfx___do_sys_close_range+0x10/0x10 [ 176.692580][ T7077] exit_to_user_mode_loop+0xeb/0x110 [ 176.692617][ T7077] do_syscall_64+0x3f6/0x490 [ 176.692659][ T7077] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 176.692682][ T7077] RIP: 0033:0x7fd990d8e929 [ 176.692700][ T7077] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 176.692724][ T7077] RSP: 002b:00007fd991bc0038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 176.692745][ T7077] RAX: 0000000000000000 RBX: 00007fd990fb5fa0 RCX: 00007fd990d8e929 [ 176.692778][ T7077] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 176.692791][ T7077] RBP: 00007fd990e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 176.692806][ T7077] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 176.692820][ T7077] R13: 0000000000000000 R14: 00007fd990fb5fa0 R15: 00007ffcb585aef8 [ 176.692849][ T7077] [ 176.987018][ C0] vkms_vblank_simulate: vblank timer overrun [ 177.387450][ T5832] Bluetooth: hci0: command 0x0c1a tx timeout [ 177.917410][ T5830] Bluetooth: hci2: command 0x0c1a tx timeout [ 177.934368][ T5830] Bluetooth: hci1: command 0x0c1a tx timeout [ 177.944458][ T5830] Bluetooth: hci3: command 0x0c1a tx timeout [ 178.614828][ T7106] netlink: 'syz.2.253': attribute type 1 has an invalid length. [ 178.820835][ T7112] mmap: syz.1.254 (7112) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 182.376914][ T7189] could not allocate digest TFM handle [ 182.700732][ T7189] could not allocate digest TFM handle [ 185.290257][ T7289] binder: 7270:7289 ioctl c018620c 0 returned -1 [ 186.781417][ T7317] netlink: 'syz.3.286': attribute type 27 has an invalid length. [ 186.892283][ T7317] netlink: 334 bytes leftover after parsing attributes in process `syz.3.286'. [ 187.130857][ T7327] netlink: 28 bytes leftover after parsing attributes in process `syz.2.289'. [ 187.355629][ T7336] netlink: 28 bytes leftover after parsing attributes in process `syz.2.289'. [ 188.053896][ T7345] netlink: 28 bytes leftover after parsing attributes in process `syz.2.291'. [ 188.745979][ T30] audit: type=1806 audit(6045817421.376:7): xattr="0x00060000" res=-22 [ 188.946760][ T30] audit: type=1806 audit(6045817421.496:8): xattr="0x00060000" res=-22 [ 189.178822][ T30] audit: type=1806 audit(6045817421.496:9): xattr="0x00060000" res=-22 [ 189.240040][ T30] audit: type=1806 audit(6045817421.496:10): xattr="0x00060000" res=-22 [ 189.302268][ T30] audit: type=1806 audit(6045817421.496:11): xattr="0x00060000" res=-22 [ 189.371558][ T30] audit: type=1806 audit(6045817421.496:12): xattr="0x00060000" res=-22 [ 189.457575][ T30] audit: type=1806 audit(6045817421.496:13): xattr="0x00060000" res=-22 [ 189.524208][ T30] audit: type=1806 audit(6045817421.496:14): xattr="0x00060000" res=-22 [ 189.581987][ T30] audit: type=1806 audit(6045817421.496:15): xattr="0x00060000" res=-22 [ 189.641668][ T30] audit: type=1806 audit(6045817421.496:16): xattr="0x00060000" res=-22 [ 189.805035][ T7386] netlink: 28 bytes leftover after parsing attributes in process `syz.1.297'. [ 189.903524][ T7386] ipvlan1: entered promiscuous mode [ 189.909432][ T7386] ipvlan1: entered allmulticast mode [ 189.938133][ T7386] veth0_vlan: entered allmulticast mode [ 191.253477][ T7425] netlink: 342 bytes leftover after parsing attributes in process `syz.1.306'. [ 192.349024][ T7442] ubi0: attaching mtd0 [ 192.365305][ T7442] ubi0: scanning is finished [ 192.410014][ T7442] ubi0: empty MTD device detected [ 192.636490][ T7442] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 192.674735][ T7442] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 192.711983][ T7458] FAULT_INJECTION: forcing a failure. [ 192.711983][ T7458] name failslab, interval 1, probability 0, space 0, times 0 [ 192.727687][ T7442] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 192.765416][ T7442] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 192.793612][ T7458] CPU: 0 UID: 0 PID: 7458 Comm: syz.1.311 Tainted: G U 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 192.793649][ T7458] Tainted: [U]=USER [ 192.793656][ T7458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 192.793670][ T7458] Call Trace: [ 192.793677][ T7458] [ 192.793686][ T7458] dump_stack_lvl+0x16c/0x1f0 [ 192.793727][ T7458] should_fail_ex+0x512/0x640 [ 192.793766][ T7458] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 192.793805][ T7458] should_failslab+0xc2/0x120 [ 192.793827][ T7458] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 192.793863][ T7458] ? proc_net_ns_init+0x42/0x410 [ 192.793886][ T7458] ? __pfx_proc_net_ns_init+0x10/0x10 [ 192.793920][ T7458] proc_net_ns_init+0x42/0x410 [ 192.793941][ T7458] ? __pfx_proc_net_ns_init+0x10/0x10 [ 192.793961][ T7458] ops_init+0x1df/0x5f0 [ 192.794007][ T7458] setup_net+0x1ff/0x510 [ 192.794024][ T7458] ? lockdep_init_map_type+0x5c/0x280 [ 192.794052][ T7458] ? __pfx_setup_net+0x10/0x10 [ 192.794072][ T7458] ? debug_mutex_init+0x37/0x70 [ 192.794093][ T7458] copy_net_ns+0x2a6/0x5f0 [ 192.794116][ T7458] create_new_namespaces+0x3ea/0xa90 [ 192.794144][ T7458] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 192.794173][ T7458] ksys_unshare+0x45b/0xa40 [ 192.794199][ T7458] ? __pfx_ksys_unshare+0x10/0x10 [ 192.794227][ T7458] ? xfd_validate_state+0x61/0x180 [ 192.794261][ T7458] __x64_sys_unshare+0x31/0x40 [ 192.794287][ T7458] do_syscall_64+0xcd/0x490 [ 192.794319][ T7458] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 192.794339][ T7458] RIP: 0033:0x7f61ec98e929 [ 192.794354][ T7458] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 192.794372][ T7458] RSP: 002b:00007f61ed835038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 192.794390][ T7458] RAX: ffffffffffffffda RBX: 00007f61ecbb6080 RCX: 00007f61ec98e929 [ 192.794402][ T7458] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 192.794414][ T7458] RBP: 00007f61eca10b39 R08: 0000000000000000 R09: 0000000000000000 [ 192.794425][ T7458] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 192.794437][ T7458] R13: 0000000000000000 R14: 00007f61ecbb6080 R15: 00007ffc5f0b19b8 [ 192.794461][ T7458] [ 193.019489][ C0] vkms_vblank_simulate: vblank timer overrun [ 193.053873][ T7446] FAULT_INJECTION: forcing a failure. [ 193.053873][ T7446] name failslab, interval 1, probability 0, space 0, times 0 [ 193.066833][ T7446] CPU: 0 UID: 0 PID: 7446 Comm: syz.0.310 Tainted: G U 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 193.066886][ T7446] Tainted: [U]=USER [ 193.066894][ T7446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 193.066907][ T7446] Call Trace: [ 193.066915][ T7446] [ 193.066923][ T7446] dump_stack_lvl+0x16c/0x1f0 [ 193.066963][ T7446] should_fail_ex+0x512/0x640 [ 193.066998][ T7446] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 193.067035][ T7446] should_failslab+0xc2/0x120 [ 193.067058][ T7446] __kmalloc_cache_noprof+0x6a/0x3e0 [ 193.067090][ T7446] ? device_add+0xccc/0x1a70 [ 193.067118][ T7446] device_add+0xccc/0x1a70 [ 193.067147][ T7446] ? dev_set_name+0xc7/0x100 [ 193.067174][ T7446] ? __pfx_dev_set_name+0x10/0x10 [ 193.067200][ T7446] ? __pfx_device_add+0x10/0x10 [ 193.067227][ T7446] ? lockdep_init_map_type+0x5c/0x280 [ 193.067260][ T7446] ? __init_waitqueue_head+0xca/0x150 [ 193.067310][ T7446] netdev_register_kobject+0x182/0x3a0 [ 193.067341][ T7446] register_netdevice+0x13dc/0x2270 [ 193.067370][ T7446] ? __pfx_register_netdevice+0x10/0x10 [ 193.067402][ T7446] slip_open+0xb86/0x1150 [ 193.067436][ T7446] ? __pfx_slip_open+0x10/0x10 [ 193.067463][ T7446] ? down_write+0x14d/0x200 [ 193.067487][ T7446] ? __pfx_slip_open+0x10/0x10 [ 193.067515][ T7446] tty_ldisc_open+0x9f/0x120 [ 193.067548][ T7446] tty_set_ldisc+0x32b/0x780 [ 193.067585][ T7446] tty_ioctl+0xc2e/0x1640 [ 193.067621][ T7446] ? __pfx_tty_ioctl+0x10/0x10 [ 193.067666][ T7446] ? find_held_lock+0x2b/0x80 [ 193.067687][ T7446] ? hook_file_ioctl_common+0x145/0x410 [ 193.067732][ T7446] ? __fget_files+0x20e/0x3c0 [ 193.067767][ T7446] ? __pfx_tty_ioctl+0x10/0x10 [ 193.067803][ T7446] __x64_sys_ioctl+0x18b/0x210 [ 193.067831][ T7446] do_syscall_64+0xcd/0x490 [ 193.067868][ T7446] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.067891][ T7446] RIP: 0033:0x7fd43518e929 [ 193.067908][ T7446] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 193.067930][ T7446] RSP: 002b:00007fd435f41038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 193.067950][ T7446] RAX: ffffffffffffffda RBX: 00007fd4353b5fa0 RCX: 00007fd43518e929 [ 193.067965][ T7446] RDX: 0000000000000000 RSI: 0000000000005423 RDI: 000000000000000d [ 193.067978][ T7446] RBP: 00007fd435210b39 R08: 0000000000000000 R09: 0000000000000000 [ 193.067992][ T7446] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 193.068005][ T7446] R13: 0000000000000000 R14: 00007fd4353b5fa0 R15: 00007fff92eb3198 [ 193.068033][ T7446] [ 193.322842][ C0] vkms_vblank_simulate: vblank timer overrun [ 193.330970][ T7442] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 193.337788][ T7442] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 193.345814][ T7442] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 2188457785 [ 193.355845][ T7442] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 193.367166][ T7449] ubi0: detaching mtd0 [ 193.435181][ T7449] ubi0: mtd0 is detached [ 193.790679][ T7464] HfR: entered promiscuous mode [ 193.852629][ T7464] netlink: 12 bytes leftover after parsing attributes in process `syz.1.313'. [ 193.892661][ T7464] HfR: left promiscuous mode [ 194.532319][ T7488] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input7 [ 194.950443][ T7494] syz.3.320 (7494): attempted to duplicate a private mapping with mremap. This is not supported. [ 195.428906][ T7502] ================================================================== [ 195.437006][ T7502] BUG: KASAN: slab-out-of-bounds in afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 195.445700][ T7502] Read of size 1 at addr ffff888029c91007 by task syz.3.320/7502 [ 195.453418][ T7502] [ 195.455750][ T7502] CPU: 0 UID: 0 PID: 7502 Comm: syz.3.320 Tainted: G U 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 195.455780][ T7502] Tainted: [U]=USER [ 195.455786][ T7502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 195.455798][ T7502] Call Trace: [ 195.455806][ T7502] [ 195.455813][ T7502] dump_stack_lvl+0x116/0x1f0 [ 195.455848][ T7502] print_report+0xcd/0x680 [ 195.455866][ T7502] ? __virt_addr_valid+0x81/0x610 [ 195.455887][ T7502] ? __phys_addr+0xe8/0x180 [ 195.455907][ T7502] ? afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 195.455930][ T7502] kasan_report+0xe0/0x110 [ 195.455951][ T7502] ? afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 195.455976][ T7502] afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 195.455997][ T7502] ? __lock_acquire+0xb8a/0x1c90 [ 195.456027][ T7502] ? __pfx_afs_proc_addr_prefs_write+0x10/0x10 [ 195.456050][ T7502] ? find_held_lock+0x2b/0x80 [ 195.456068][ T7502] ? __might_fault+0xe3/0x190 [ 195.456095][ T7502] ? __might_fault+0xe3/0x190 [ 195.456131][ T7502] ? __might_fault+0x13b/0x190 [ 195.456165][ T7502] ? proc_simple_write+0x114/0x1b0 [ 195.456184][ T7502] proc_simple_write+0x114/0x1b0 [ 195.456204][ T7502] ? __pfx_proc_simple_write+0x10/0x10 [ 195.456224][ T7502] proc_reg_write+0x23d/0x330 [ 195.456255][ T7502] ? __pfx_proc_reg_write+0x10/0x10 [ 195.456283][ T7502] vfs_writev+0x5dc/0xde0 [ 195.456308][ T7502] ? __pfx___mutex_trylock_common+0x10/0x10 [ 195.456339][ T7502] ? __pfx_vfs_writev+0x10/0x10 [ 195.456365][ T7502] ? __mutex_lock+0x1ca/0xb90 [ 195.456394][ T7502] ? kmem_cache_free+0x2d1/0x4d0 [ 195.456424][ T7502] ? __pfx___mutex_lock+0x10/0x10 [ 195.456458][ T7502] ? __fget_files+0x20e/0x3c0 [ 195.456488][ T7502] ? do_writev+0x132/0x340 [ 195.456512][ T7502] do_writev+0x132/0x340 [ 195.456537][ T7502] ? __pfx_do_writev+0x10/0x10 [ 195.456566][ T7502] do_syscall_64+0xcd/0x490 [ 195.456597][ T7502] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 195.456618][ T7502] RIP: 0033:0x7fd990d8e929 [ 195.456634][ T7502] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 195.456653][ T7502] RSP: 002b:00007fd991b7e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 195.456671][ T7502] RAX: ffffffffffffffda RBX: 00007fd990fb6160 RCX: 00007fd990d8e929 [ 195.456685][ T7502] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 000000000000000b [ 195.456697][ T7502] RBP: 00007fd990e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 195.456709][ T7502] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 195.456721][ T7502] R13: 0000000000000000 R14: 00007fd990fb6160 R15: 00007ffcb585aef8 [ 195.456740][ T7502] [ 195.456747][ T7502] [ 195.721631][ T7502] Allocated by task 7502: [ 195.725954][ T7502] kasan_save_stack+0x33/0x60 [ 195.730649][ T7502] kasan_save_track+0x14/0x30 [ 195.735343][ T7502] __kasan_kmalloc+0xaa/0xb0 [ 195.739941][ T7502] __kmalloc_node_track_caller_noprof+0x221/0x510 [ 195.746365][ T7502] memdup_user_nul+0x2b/0x120 [ 195.751052][ T7502] proc_simple_write+0xc7/0x1b0 [ 195.755910][ T7502] proc_reg_write+0x23d/0x330 [ 195.760614][ T7502] vfs_writev+0x5dc/0xde0 [ 195.764961][ T7502] do_writev+0x132/0x340 [ 195.769216][ T7502] do_syscall_64+0xcd/0x490 [ 195.773745][ T7502] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 195.779654][ T7502] [ 195.781976][ T7502] The buggy address belongs to the object at ffff888029c91000 [ 195.781976][ T7502] which belongs to the cache kmalloc-8 of size 8 [ 195.795694][ T7502] The buggy address is located 0 bytes to the right of [ 195.795694][ T7502] allocated 7-byte region [ffff888029c91000, ffff888029c91007) [ 195.810025][ T7502] [ 195.812356][ T7502] The buggy address belongs to the physical page: [ 195.818773][ T7502] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x29c91 [ 195.827538][ T7502] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 195.834652][ T7502] page_type: f5(slab) [ 195.838643][ T7502] raw: 00fff00000000000 ffff88801b841500 dead000000000100 dead000000000122 [ 195.847227][ T7502] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 195.855805][ T7502] page dumped because: kasan: bad access detected [ 195.862222][ T7502] page_owner tracks the page as allocated [ 195.867936][ T7502] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52c00(GFP_NOIO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid 1 (swapper/0), ts 18936312687, free_ts 0 [ 195.885404][ T7502] post_alloc_hook+0x1c0/0x230 [ 195.890190][ T7502] get_page_from_freelist+0x1321/0x3890 [ 195.895768][ T7502] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 195.901669][ T7502] alloc_pages_mpol+0x1fb/0x550 [ 195.906518][ T7502] new_slab+0x23b/0x330 [ 195.910685][ T7502] ___slab_alloc+0xd9c/0x1940 [ 195.915374][ T7502] __slab_alloc.constprop.0+0x56/0xb0 [ 195.920751][ T7502] __kmalloc_cache_noprof+0xfb/0x3e0 [ 195.926042][ T7502] usb_control_msg+0xbc/0x4a0 [ 195.930723][ T7502] hub_probe+0xe93/0x3340 [ 195.935064][ T7502] usb_probe_interface+0x300/0x9c0 [ 195.940203][ T7502] really_probe+0x23e/0xa90 [ 195.944716][ T7502] __driver_probe_device+0x1de/0x440 [ 195.950100][ T7502] driver_probe_device+0x4c/0x1b0 [ 195.955157][ T7502] __device_attach_driver+0x1df/0x310 [ 195.960536][ T7502] bus_for_each_drv+0x156/0x1e0 [ 195.965386][ T7502] page_owner free stack trace missing [ 195.970747][ T7502] [ 195.973069][ T7502] Memory state around the buggy address: [ 195.978699][ T7502] ffff888029c90f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 195.986760][ T7502] ffff888029c90f80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 195.994827][ T7502] >ffff888029c91000: 07 fc fc fc 00 fc fc fc fa fc fc fc fa fc fc fc [ 196.002890][ T7502] ^ [ 196.006954][ T7502] ffff888029c91080: fa fc fc fc 06 fc fc fc 06 fc fc fc 06 fc fc fc [ 196.015012][ T7502] ffff888029c91100: 06 fc fc fc 06 fc fc fc 00 fc fc fc 00 fc fc fc [ 196.023073][ T7502] ================================================================== [ 196.031152][ C0] vkms_vblank_simulate: vblank timer overrun [ 196.709847][ T7502] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 196.717083][ T7502] CPU: 0 UID: 0 PID: 7502 Comm: syz.3.320 Tainted: G U 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) [ 196.730571][ T7502] Tainted: [U]=USER [ 196.734377][ T7502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 196.744440][ T7502] Call Trace: [ 196.747723][ T7502] [ 196.750656][ T7502] dump_stack_lvl+0x3d/0x1f0 [ 196.755269][ T7502] panic+0x71c/0x800 [ 196.759172][ T7502] ? __pfx_panic+0x10/0x10 [ 196.763599][ T7502] ? mark_held_locks+0x49/0x80 [ 196.768381][ T7502] ? preempt_schedule_thunk+0x16/0x30 [ 196.773764][ T7502] ? afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 196.779759][ T7502] ? preempt_schedule_common+0x44/0xc0 [ 196.785249][ T7502] ? afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 196.791250][ T7502] check_panic_on_warn+0xab/0xb0 [ 196.796214][ T7502] end_report+0x107/0x170 [ 196.800567][ T7502] kasan_report+0xee/0x110 [ 196.804987][ T7502] ? afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 196.810995][ T7502] afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 196.816821][ T7502] ? __lock_acquire+0xb8a/0x1c90 [ 196.821772][ T7502] ? __pfx_afs_proc_addr_prefs_write+0x10/0x10 [ 196.827943][ T7502] ? find_held_lock+0x2b/0x80 [ 196.832628][ T7502] ? __might_fault+0xe3/0x190 [ 196.837329][ T7502] ? __might_fault+0xe3/0x190 [ 196.842028][ T7502] ? __might_fault+0x13b/0x190 [ 196.846822][ T7502] ? proc_simple_write+0x114/0x1b0 [ 196.851981][ T7502] proc_simple_write+0x114/0x1b0 [ 196.856957][ T7502] ? __pfx_proc_simple_write+0x10/0x10 [ 196.862442][ T7502] proc_reg_write+0x23d/0x330 [ 196.867143][ T7502] ? __pfx_proc_reg_write+0x10/0x10 [ 196.872353][ T7502] vfs_writev+0x5dc/0xde0 [ 196.876692][ T7502] ? __pfx___mutex_trylock_common+0x10/0x10 [ 196.882616][ T7502] ? __pfx_vfs_writev+0x10/0x10 [ 196.887480][ T7502] ? __mutex_lock+0x1ca/0xb90 [ 196.892178][ T7502] ? kmem_cache_free+0x2d1/0x4d0 [ 196.897131][ T7502] ? __pfx___mutex_lock+0x10/0x10 [ 196.902186][ T7502] ? __fget_files+0x20e/0x3c0 [ 196.906884][ T7502] ? do_writev+0x132/0x340 [ 196.911309][ T7502] do_writev+0x132/0x340 [ 196.915568][ T7502] ? __pfx_do_writev+0x10/0x10 [ 196.920355][ T7502] do_syscall_64+0xcd/0x490 [ 196.924877][ T7502] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 196.930782][ T7502] RIP: 0033:0x7fd990d8e929 [ 196.935215][ T7502] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 196.954832][ T7502] RSP: 002b:00007fd991b7e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 196.963253][ T7502] RAX: ffffffffffffffda RBX: 00007fd990fb6160 RCX: 00007fd990d8e929 [ 196.971230][ T7502] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 000000000000000b [ 196.979220][ T7502] RBP: 00007fd990e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 196.987194][ T7502] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 196.995162][ T7502] R13: 0000000000000000 R14: 00007fd990fb6160 R15: 00007ffcb585aef8 [ 197.003143][ T7502] [ 197.006210][ T7502] Kernel Offset: disabled [ 197.010548][ T7502] Rebooting in 86400 seconds..