last executing test programs: 12.383643678s ago: executing program 3 (id=45): socket(0xa, 0x1, 0x100) pread64$auto(0xffffffffffffffff, 0x0, 0x7ff, 0x400) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socketcall$auto_SYS_SOCKET(0x1, &(0x7f0000000280)=0xfffffffffffffffd) socket(0x2, 0x80002, 0x73) read$auto_proc_iter_file_ops_compat_inode(0xffffffffffffffff, &(0x7f0000000180)=""/248, 0xf8) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000001140)='/proc/self/oom_adj\x00', 0x8042, 0x0) openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xfffffff7, 0x0, 0x0, &(0x7f00000002c0)={[0x3fdafc8, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x64, 0x8000001f, 0x7, 0x46d3e, 0xc, 0x10000, 0x6]}, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) mmap$auto(0x0, 0x810004, 0xfff, 0x8000000008012, 0x3, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000001380)=""/134, 0x86) open_tree_attr$auto(r1, &(0x7f0000000040)='./file0\x00', 0x8c02, &(0x7f0000000080)={0x1, 0x3, 0x7, @raw=0x5}, 0xfffffffffffffc0f) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x403, 0x8000) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS0\x00', 0x1, 0x0) ioctl$auto(r2, 0x5459, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) read$auto_l2cap_debugfs_fops_(r1, &(0x7f0000000340)=""/104, 0x68) open(&(0x7f0000000100)='.\x00', 0x40000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8000, 0x0) 11.230306958s ago: executing program 3 (id=47): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) ioctl$auto_BLKRRPART(r0, 0x125f, 0xff1f000000000000) 10.814362886s ago: executing program 3 (id=48): connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) r0 = memfd_create$auto(0x0, 0x4) socket(0x2, 0x3, 0xa) setsockopt$auto(0x3, 0x0, 0x60, 0x0, 0x10001) keyctl$auto(0xe, 0x2, 0x76f, 0x9, 0xf13) read$auto_component_list_fops_(0xffffffffffffffff, 0x0, 0x0) socket(0x15, 0x5, 0x9) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC2\x00', 0x0, 0x0) sendmmsg$auto(r0, &(0x7f00000001c0)={{&(0x7f0000000000)="e58177b04e45273a1f9bc1b3fb914486547572a0523fb0e7c8f42f5b5acbdd6f22c8ec2450d5483dd3f26bb5626260af840b5903f0b52d46253d69d401054bde5a266728a4e70fc19c3db9da602f863858ecdb8e1fe0679b714d4ffc033791bc6ddb8bcebc8f6cefccb56e8aaa", 0xcd4e, &(0x7f0000000140)={&(0x7f0000000100)="ef5cd3fb49de4f6ce501933cd3", 0x8000}, 0xffff, &(0x7f00000002c0)="344a556200756e669914443c5983f58ef2cef3fb522be99c31c4b81b1378f54ddb1fc3e79cc9dcf9f4179e5799e7a8522261757a46a0b344a4f292abfa4ce0f6122addefbb443eba781102adfc3961adbdca503f3abe1b4dd161e4fbe775d54843bc9ac57d118e69b57c6b684a162ec99b77cdd2ba175cfc257bc8b05477b65d06954c31848a7b7a1cbe7e485b75e92d74868de48fb355369e617183f742830a23ffc3adad7de679ef5f60eb07cc10", 0x7, 0x8}, 0x1}, 0xf78d, 0x5) unshare$auto(0x40000080) socket(0x11, 0x2, 0x9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0x8010aebc, r1) close_range$auto(0x2, 0x8, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xfffffeff, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x2, 0x83, 0x101, 0x17f, 0x2}, {0xff, 0x1, 0x52, 0x5, 0x1, 0x40, 0x4, 0x8, 0x100000004}}) io_uring_setup$auto(0xd364, &(0x7f0000000240)={0x400, 0x10002, 0x7f, 0x7, 0x6, 0x5, r3, [], {0x2, 0x4, 0x6, 0x2, 0x400, 0x4, 0x7, 0x5, 0x80000000}, {0x5000007, 0xd, 0x6e68, 0x8, 0x6b, 0x9, 0x0, 0xfffffffa, 0xb1}}) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) connect$auto(0x3, 0x0, 0x55) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002f00), 0xffffffffffffffff) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/radio5\x00', 0xc0400, 0x0) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, 0x0, 0x684803, 0x0) 10.361646928s ago: executing program 1 (id=51): socket(0xa, 0x1, 0x100) pread64$auto(0xffffffffffffffff, 0x0, 0x7ff, 0x400) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socketcall$auto_SYS_SOCKET(0x1, &(0x7f0000000280)=0xfffffffffffffffd) socket(0x2, 0x80002, 0x73) read$auto_proc_iter_file_ops_compat_inode(0xffffffffffffffff, &(0x7f0000000180)=""/248, 0xf8) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000001140)='/proc/self/oom_adj\x00', 0x8042, 0x0) openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xfffffff7, 0x0, 0x0, &(0x7f00000002c0)={[0x3fdafc8, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x64, 0x8000001f, 0x7, 0x46d3e, 0xc, 0x10000, 0x6]}, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) mmap$auto(0x0, 0x810004, 0xfff, 0x8000000008012, 0x3, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000001380)=""/134, 0x86) open_tree_attr$auto(r1, &(0x7f0000000040)='./file0\x00', 0x8c02, &(0x7f0000000080)={0x1, 0x3, 0x7, @raw=0x5}, 0xfffffffffffffc0f) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x403, 0x8000) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS0\x00', 0x1, 0x0) ioctl$auto(r2, 0x5459, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) read$auto_l2cap_debugfs_fops_(r1, &(0x7f0000000340)=""/104, 0x68) open(&(0x7f0000000100)='.\x00', 0x40000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8000, 0x0) 9.926902133s ago: executing program 3 (id=53): r0 = openat$auto_proc_pid_smaps_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/smaps\x00', 0x0, 0x0) r1 = bpf$auto_BPF_OBJ_GET(0x7, &(0x7f0000000040)=@iter_create={r0, 0x4}, 0x4) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_split_huge_pages_fops_huge_memory(0xffffffffffffff9c, &(0x7f0000000040), 0x12a382, 0x0) write$auto_split_huge_pages_fops_huge_memory(r2, &(0x7f0000000100)='1', 0x1) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x100000a, 0x40010, r1, 0x0) r3 = ioctl$auto_TUNSETVNETLE2(0xffffffffffffffff, 0x400454dc, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_SESSION_CREATE(r4, 0x0, 0x40) sendmsg$auto_L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="02000000080019e30372affc70e25917da02c1ae64ffafe53e00000006001c000000000014001f00"], 0x38}, 0x1, 0x0, 0x0, 0x20004000}, 0x20000000) pread64$auto(0xffffffffffffffff, 0x0, 0x2, 0x100000005) ioctl$auto_SW_SYNC_GET_DEADLINE(0xffffffffffffffff, 0xc0105702, 0x0) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, 0x0, 0x121900, 0x0) r6 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) ioctl$auto(0xffffffffffffffff, 0x5410, 0xffffffffffffffff) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x10000, 0x7, 0xf, 0x40000000008fd6, 0x948b, 0x7, 0x15f4da0a, 0x3, 0x3, 0x62, 0x4, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r6, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) madvise$auto(0x0, 0x2000040080000004, 0xe) mmap$auto(0x0, 0x2, 0xffffffffffffffff, 0x40eb1, 0x602, 0x300000000000) move_pages$auto(0x0, 0x1002, 0x0, &(0x7f0000001140), 0x0, 0x2) 8.767410506s ago: executing program 1 (id=55): socket(0xa, 0x1, 0x100) pread64$auto(0xffffffffffffffff, 0x0, 0x7ff, 0x400) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socketcall$auto_SYS_SOCKET(0x1, &(0x7f0000000280)=0xfffffffffffffffd) socket(0x2, 0x80002, 0x73) read$auto_proc_iter_file_ops_compat_inode(0xffffffffffffffff, &(0x7f0000000180)=""/248, 0xf8) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000001140)='/proc/self/oom_adj\x00', 0x8042, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xfffffff7, 0x0, 0x0, &(0x7f00000002c0)={[0x3fdafc8, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x64, 0x8000001f, 0x7, 0x46d3e, 0xc, 0x10000, 0x6]}, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) mmap$auto(0x0, 0x810004, 0xfff, 0x8000000008012, 0x3, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) 7.486311836s ago: executing program 1 (id=58): connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) r0 = memfd_create$auto(0x0, 0x4) socket(0x2, 0x3, 0xa) setsockopt$auto(0x3, 0x0, 0x60, 0x0, 0x10001) keyctl$auto(0xe, 0x2, 0x76f, 0x9, 0xf13) read$auto_component_list_fops_(0xffffffffffffffff, 0x0, 0x0) socket(0x15, 0x5, 0x9) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC2\x00', 0x0, 0x0) sendmmsg$auto(r0, &(0x7f00000001c0)={{&(0x7f0000000000)="e58177b04e45273a1f9bc1b3fb914486547572a0523fb0e7c8f42f5b5acbdd6f22c8ec2450d5483dd3f26bb5626260af840b5903f0b52d46253d69d401054bde5a266728a4e70fc19c3db9da602f863858ecdb8e1fe0679b714d4ffc033791bc6ddb8bcebc8f6cefccb56e8aaa628903", 0xcd4e, 0x0, 0xffff, &(0x7f00000002c0)="344a556200756e669914443c5983f58ef2cef3fb522be99c31c4b81b1378f54ddb1fc3e79cc9dcf9f4179e5799e7a8522261757a46a0b344a4f292abfa4ce0f6122addefbb443eba781102adfc3961adbdca503f3abe1b4dd161e4fbe775d54843bc9ac57d118e69b57c6b684a162ec99b77cdd2ba175cfc257bc8b05477b65d06954c31848a7b7a1cbe7e485b75e92d74868de48fb355369e617183f742830a23ffc3adad7de679ef5f60eb07cc10", 0x7, 0x8}, 0x1}, 0xf78d, 0x5) unshare$auto(0x40000080) socket(0x11, 0x2, 0x9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0x8010aebc, r1) close_range$auto(0x2, 0x8, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xfffffeff, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x2, 0x83, 0x101, 0x17f, 0x2}, {0xff, 0x1, 0x52, 0x5, 0x1, 0x40, 0x4, 0x8, 0x100000004}}) io_uring_setup$auto(0xd364, &(0x7f0000000240)={0x400, 0x10002, 0x7f, 0x7, 0x6, 0x5, r3, [], {0x2, 0x4, 0x6, 0x2, 0x400, 0x4, 0x7, 0x5, 0x80000000}, {0x5000007, 0xd, 0x6e68, 0x8, 0x6b, 0x9, 0x0, 0xfffffffa, 0xb1}}) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) connect$auto(0x3, 0x0, 0x55) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002f00), 0xffffffffffffffff) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/radio5\x00', 0xc0400, 0x0) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, 0x0, 0x684803, 0x0) 7.395742092s ago: executing program 2 (id=59): openat$auto_tun_fops_tun(0xffffffffffffff9c, 0x0, 0x60201, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) r0 = socket(0x1d, 0x80000, 0x0) sendmmsg$auto(r0, 0x0, 0x7, 0x8) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x7, 0x0, 0x0, &(0x7f0000000380)={[0x9, 0x407, 0x9, 0xfffffffffffffffd, 0x948b, 0xfffffffffffffff8, 0x15f4da4a, 0x3, 0xffffffff80000001, 0x65, 0x2, 0x7, 0xfffffffffffffff9, 0x8000000009, 0x2, 0x40]}, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r3 = getpid() process_vm_readv$auto(r3, &(0x7f00000002c0)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={&(0x7f0000000140), 0x40000000001243}, 0xa, 0x0) ioctl$auto(0x3, 0x400454ca, 0x38) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000280), 0x400, 0x0) sysfs$auto(0x2, 0x2b, 0x0) r4 = fsopen$auto(0x0, 0x1) fsconfig$auto(r4, 0x8, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000340), r0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x1, 0x800, 0x3a) io_uring_setup$auto(0x6, 0x0) setsockopt$auto(0x400000000000003, 0x29, 0x24, 0x0, 0x40020000) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/018/001\x00', 0x802, 0x0) acct$auto(&(0x7f0000002a80)='/dev/binderfs/features/freeze_notification\x00') ioctl$auto_USBDEVFS_CONTROL(r2, 0xc0185500, &(0x7f0000000240)={0x23, 0x83, 0x14, 0x10, 0x8, 0x2, &(0x7f00000002c0)}) fsopen$auto(0x0, 0x1) capset$auto(&(0x7f0000000140)={0x8, r3}, &(0x7f0000000200)={0x100, 0x7, 0x2}) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x80502, 0x0) 7.309524781s ago: executing program 0 (id=60): openat$auto_tun_fops_tun(0xffffffffffffff9c, 0x0, 0x60201, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) r0 = socket(0x1d, 0x80000, 0x0) sendmmsg$auto(r0, 0x0, 0x7, 0x8) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x7, 0x0, 0x0, &(0x7f0000000380)={[0x9, 0x407, 0x9, 0xfffffffffffffffd, 0x948b, 0xfffffffffffffff8, 0x15f4da4a, 0x3, 0xffffffff80000001, 0x65, 0x2, 0x7, 0xfffffffffffffff9, 0x8000000009, 0x2, 0x40]}, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r3 = getpid() process_vm_readv$auto(r3, &(0x7f00000002c0)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={&(0x7f0000000140), 0x40000000001243}, 0xa, 0x0) ioctl$auto(0x3, 0x400454ca, 0x38) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000280), 0x400, 0x0) sysfs$auto(0x2, 0x2b, 0x0) r4 = fsopen$auto(0x0, 0x1) fsconfig$auto(r4, 0x8, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000340), r0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x1, 0x800, 0x3a) io_uring_setup$auto(0x6, 0x0) setsockopt$auto(0x400000000000003, 0x29, 0x24, 0x0, 0x40020000) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/018/001\x00', 0x802, 0x0) acct$auto(&(0x7f0000002a80)='/dev/binderfs/features/freeze_notification\x00') ioctl$auto_USBDEVFS_CONTROL(r2, 0xc0185500, &(0x7f0000000240)={0x23, 0x83, 0x14, 0x10, 0x8, 0x2, &(0x7f00000002c0)}) fsopen$auto(0x0, 0x1) capset$auto(&(0x7f0000000140)={0x8, r3}, &(0x7f0000000200)={0x100, 0x7, 0x2}) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x80502, 0x0) 6.206596994s ago: executing program 1 (id=61): mmap$auto(0x0, 0x400008, 0x3, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) read$auto_usbdev_file_operations_usb(0xffffffffffffffff, &(0x7f0000000040)=""/229, 0xe5) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/pcm0p/oss\x00', 0xaa102, 0x0) write$auto(r0, 0x0, 0x7ef) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x82040, 0x0) r1 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000280), 0x60100, 0x0) read$auto_uinput_fops_uinput(r1, &(0x7f00000002c0)=""/89, 0x59) ioperm$auto(0x7, 0x800, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) r2 = socket(0x1e, 0x1, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r4 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x7, 0x0, 0x0, 0x0, 0x0) write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0x8000, 0x0, 0x0, 0x0, 0x0) ioctl$auto(r2, 0x400454cb, 0x5) mmap$auto(0xc, 0x20009, 0x5, 0x14, 0xffffffffffffffff, 0x0) unshare$auto(0x40000080) madvise$auto(0x0, 0x200007, 0x19) r5 = socketcall$auto(0x1, &(0x7f0000000340)=0x7) read$auto_dfs_dom_ops_debugfs(r5, &(0x7f0000000440)=""/124, 0x7c) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x50b41, 0x0) msync$auto(0xe4, 0x180000000000000, 0x400000004) close_range$auto(0x0, 0xfffffffffffff000, 0x0) close_range$auto(r3, r4, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0xa, 0xb9, 0x10, 0x4, 0x4, 0xffffffffffffffff, 0xffff34e6, "2af051b26b658a20d8dc6b36c83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0x40000007, 0xffffffff, 0x6}, 0xf) bpf$auto(0x1a, &(0x7f0000000380)=@link_create={@map_fd, @target_ifindex=r6, 0x3, 0x81, @uprobe_multi={0x81, 0x1ff, 0x3d7e, 0x0, 0x1, 0x7}}, 0x92) 6.036244409s ago: executing program 0 (id=62): connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) r0 = memfd_create$auto(0x0, 0x4) socket(0x2, 0x3, 0xa) setsockopt$auto(0x3, 0x0, 0x60, 0x0, 0x10001) keyctl$auto(0xe, 0x2, 0x76f, 0x9, 0xf13) read$auto_component_list_fops_(0xffffffffffffffff, 0x0, 0x0) socket(0x15, 0x5, 0x9) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC2\x00', 0x0, 0x0) sendmmsg$auto(r0, &(0x7f00000001c0)={{&(0x7f0000000000)="e58177b04e45273a1f9bc1b3fb914486547572a0523fb0e7c8f42f5b5acbdd6f22c8ec2450d5483dd3f26bb5626260af840b5903f0b52d46253d69d401054bde5a266728a4e70fc19c3db9da602f863858ecdb8e1fe0679b714d4ffc033791bc6ddb8bcebc8f6cefccb56e8aaa628903", 0xcd4e, &(0x7f0000000140)={0x0, 0x8000}, 0xffff, &(0x7f00000002c0)="344a556200756e669914443c5983f58ef2cef3fb522be99c31c4b81b1378f54ddb1fc3e79cc9dcf9f4179e5799e7a8522261757a46a0b344a4f292abfa4ce0f6122addefbb443eba781102adfc3961adbdca503f3abe1b4dd161e4fbe775d54843bc9ac57d118e69b57c6b684a162ec99b77cdd2ba175cfc257bc8b05477b65d06954c31848a7b7a1cbe7e485b75e92d74868de48fb355369e617183f742830a23ffc3adad7de679ef5f60eb07cc10", 0x7, 0x8}, 0x1}, 0xf78d, 0x5) unshare$auto(0x40000080) socket(0x11, 0x2, 0x9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0x8010aebc, r1) close_range$auto(0x2, 0x8, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xfffffeff, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x2, 0x83, 0x101, 0x17f, 0x2}, {0xff, 0x1, 0x52, 0x5, 0x1, 0x40, 0x4, 0x8, 0x100000004}}) io_uring_setup$auto(0xd364, &(0x7f0000000240)={0x400, 0x10002, 0x7f, 0x7, 0x6, 0x5, r3, [], {0x2, 0x4, 0x6, 0x2, 0x400, 0x4, 0x7, 0x5, 0x80000000}, {0x5000007, 0xd, 0x6e68, 0x8, 0x6b, 0x9, 0x0, 0xfffffffa, 0xb1}}) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) connect$auto(0x3, 0x0, 0x55) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002f00), 0xffffffffffffffff) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/radio5\x00', 0xc0400, 0x0) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, 0x0, 0x684803, 0x0) 5.930555485s ago: executing program 2 (id=63): socket(0xa, 0x1, 0x100) pread64$auto(0xffffffffffffffff, 0x0, 0x7ff, 0x400) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socketcall$auto_SYS_SOCKET(0x1, &(0x7f0000000280)=0xfffffffffffffffd) socket(0x2, 0x80002, 0x73) read$auto_proc_iter_file_ops_compat_inode(0xffffffffffffffff, &(0x7f0000000180)=""/248, 0xf8) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000001140)='/proc/self/oom_adj\x00', 0x8042, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xfffffff7, 0x0, 0x0, &(0x7f00000002c0)={[0x3fdafc8, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x64, 0x8000001f, 0x7, 0x46d3e, 0xc, 0x10000, 0x6]}, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) mmap$auto(0x0, 0x810004, 0xfff, 0x8000000008012, 0x3, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000001380)=""/134, 0x86) open_tree_attr$auto(r1, &(0x7f0000000040)='./file0\x00', 0x8c02, &(0x7f0000000080)={0x1, 0x3, 0x7, @raw=0x5}, 0xfffffffffffffc0f) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x403, 0x8000) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS0\x00', 0x1, 0x0) ioctl$auto(r2, 0x5459, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) read$auto_l2cap_debugfs_fops_(r1, &(0x7f0000000340)=""/104, 0x68) open(&(0x7f0000000100)='.\x00', 0x40000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8000, 0x0) 4.606080658s ago: executing program 0 (id=64): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x2, 0x3, 0x100) preadv2$auto(0x3, &(0x7f0000000100)={0x0, 0x51cf}, 0x5, 0xffffffffffffffff, 0x7, 0x2e) mmap$auto(0x0, 0x400008, 0xdf, 0x1ff, 0x2, 0x8000) r1 = socket(0x37, 0x4, 0xa) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) r3 = syz_open_procfs$namespace(0x0, 0x0) fstat$auto(r3, 0x0) r4 = syz_genetlink_get_family_id$auto_gtp(&(0x7f00000000c0), r1) sendmsg$auto_GTP_CMD_NEWPDP(r1, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYRESDEC=r4, @ANYRES8=r2, @ANYRES32=r3, @ANYRESDEC=r2], 0x64}, 0x1, 0x0, 0x0, 0x40}, 0x0) r5 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) read$auto_ftrace_enable_fops_trace_events(r5, &(0x7f0000000200)=""/34, 0x22) ioctl$auto(0x3, 0x40081271, 0x38) write$auto(0x3, 0x0, 0xfdef) mmap$auto(0x0, 0x580f, 0xffb, 0x8000000008011, 0x3, 0x0) madvise$auto(0x0, 0x2003f0, 0x15) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) madvise$auto(0x0, 0xfffffffffff70001, 0x1) r6 = getpid() shmctl$auto_SHM_UNLOCK(0x40a03811, 0xc, &(0x7f0000000640)={{0x200, 0x0, 0x0, 0x10001, 0x8, 0x0, 0x3}, 0x8, 0x3b04, 0xc, 0x81, @raw=0x10000, @inferred=r6, 0x7, 0x0, &(0x7f0000000480), &(0x7f0000000540)="42c046bad73f43735b12adc805ec3513adc0fb91aac68d384a6fb8e1e49dba14116cc287caa66a9ad0357a8fb7ac844153e9e261303bcc8d9f912fe2323d7a8036ea482339183d50d23b03748b4e3a2d4f6cef33f8e788e437aaa952a995c0723f417a1a7ba26f04da17703e9df5"}) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x3f, 0x5) mmap$auto(0x80000000, 0x2020005, 0x3, 0x800000000000eb1, r0, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) io_uring_setup$auto(0x6, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0005, 0x19) remap_file_pages$auto(0x10000000006a28, 0x1000, 0x1, 0x3, 0xfffffffffffffffc) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x5) 4.491237819s ago: executing program 2 (id=65): mmap$auto(0x0, 0x20009, 0xf356c74, 0x100000eb3, 0x40000000000a1, 0x8000) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x20800, 0x0) fcntl$auto(0x3, 0x4, 0xa553) r1 = openat$auto_tomoyo_self_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000040), 0x8402, 0x0) ioctl$auto_FS_IOC_GETFSSYSFSPATH(r1, 0x80811501, 0x1) ioctl$auto_TIOCSTI2(r0, 0x5412, &(0x7f0000000040)) r2 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) unshare$auto(0x40000080) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) close_range$auto(0x0, r1, 0x9) pread64$auto(0xffffffffffffffff, &(0x7f0000000200)='/proc/self/net/ip6_tables_targets\x00', 0x34b, 0x10000) mmap$auto(0x0, 0xa00006, 0x2, 0x40eb1, 0x602, 0x300000000000) mremap$auto(0x0, 0x1a, 0x2000000003fd7, 0xfffffffffffffffa, 0xfffffffffffffffd) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) r3 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) ioctl$auto(r3, 0x4b68, 0xffffffffffffffff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x801, 0x106) ioctl$auto_BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) ioctl$auto(0xffffffffffffffff, 0x540a, 0x0) mmap$auto(0x0, 0x7fff, 0x100df, 0x9b72, 0x2, 0x8000) process_madvise$auto_PIDFD_SELF_THREAD(0xffffffffffffd8f0, 0x0, 0x0, 0xdec, 0x0) ioctl$auto_TIOCSETD(r2, 0x5423, &(0x7f0000000080)) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/fs/ocfs2/cluster_stack\x00', 0x88282, 0x0) sendfile$auto(r4, r4, 0x0, 0x71) syz_clone(0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0) 2.994543789s ago: executing program 0 (id=66): socket(0xa, 0x1, 0x100) pread64$auto(0xffffffffffffffff, 0x0, 0x7ff, 0x400) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socketcall$auto_SYS_SOCKET(0x1, &(0x7f0000000280)=0xfffffffffffffffd) socket(0x2, 0x80002, 0x73) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000001140)='/proc/self/oom_adj\x00', 0x8042, 0x0) openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xfffffff7, 0x0, 0x0, &(0x7f00000002c0)={[0x3fdafc8, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x64, 0x8000001f, 0x7, 0x46d3e, 0xc, 0x10000, 0x6]}, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) mmap$auto(0x0, 0x810004, 0xfff, 0x8000000008012, 0x3, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000001380)=""/134, 0x86) open_tree_attr$auto(r1, &(0x7f0000000040)='./file0\x00', 0x8c02, &(0x7f0000000080)={0x1, 0x3, 0x7, @raw=0x5}, 0xfffffffffffffc0f) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x403, 0x8000) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS0\x00', 0x1, 0x0) ioctl$auto(r2, 0x5459, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) read$auto_l2cap_debugfs_fops_(r1, &(0x7f0000000340)=""/104, 0x68) open(&(0x7f0000000100)='.\x00', 0x40000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8000, 0x0) 2.962095162s ago: executing program 1 (id=67): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0xc, 0x9c0f, 0x44eb2, 0x10006, 0x300000000000) socket(0x2, 0x3, 0x6) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) openat$auto_cgwb_debug_stats_fops_(0xffffffffffffff9c, &(0x7f00000010c0)='/sys/kernel/debug/bdi/1:15/wb_stats\x00', 0x40, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000380)='/sys/bus/serio/drivers/pulse8-cec/bind_mode\x00', 0x1eb842, 0x0) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) socket(0x2, 0x1, 0x0) socketpair$auto(0x1e, 0x3, 0xfffffffe, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x240, 0x3}, 0x7}, 0x3, 0xcad7) 2.938737748s ago: executing program 2 (id=68): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) renameat2$auto(0xffffffffffffffff, 0x0, 0xffffffffffffff9c, 0x0, 0x7) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x5, 0x2) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/vhci_hcd.14/usb38/38-0:1.0/usb38-port8/location\x00', 0xc80, 0x0) mprotect$auto(0xc000, 0x8, 0x8) mprotect$auto(0xfffffffffffffff9, 0xfffffffffffffff8, 0x7) 2.500086988s ago: executing program 1 (id=69): r0 = openat$auto_proc_pid_smaps_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/smaps\x00', 0x0, 0x0) r1 = bpf$auto_BPF_OBJ_GET(0x7, &(0x7f0000000040)=@iter_create={r0, 0x4}, 0x4) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_split_huge_pages_fops_huge_memory(0xffffffffffffff9c, &(0x7f0000000040), 0x12a382, 0x0) write$auto_split_huge_pages_fops_huge_memory(r2, &(0x7f0000000100)='1', 0x1) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x100000a, 0x40010, r1, 0x0) r3 = ioctl$auto_TUNSETVNETLE2(0xffffffffffffffff, 0x400454dc, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16, @ANYBLOB="02000000080019e30372affc70e25917da02c1ae64ffafe53e00000006001c000000000014001f00"], 0x38}, 0x1, 0x0, 0x0, 0x20004000}, 0x20000000) pread64$auto(0xffffffffffffffff, 0x0, 0x2, 0x100000005) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, 0x0, 0x121900, 0x0) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) ioctl$auto(0xffffffffffffffff, 0x5410, 0xffffffffffffffff) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x10000, 0x7, 0xf, 0x40000000008fd6, 0x948b, 0x7, 0x15f4da0a, 0x3, 0x3, 0x62, 0x4, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/rose3/statistics/tx_packets\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r5, &(0x7f0000001100)=""/192, 0xc0) write$auto(r4, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) madvise$auto(0x0, 0x2000040080000004, 0xe) mmap$auto(0x0, 0x2, 0xffffffffffffffff, 0x40eb1, 0x602, 0x300000000000) move_pages$auto(0x0, 0x1002, 0x0, &(0x7f0000001140), 0x0, 0x2) 2.160358261s ago: executing program 3 (id=70): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_HAS_DEVICE_ATTR(r0, 0x4018aee3, &(0x7f0000000040)={0x3, 0x0, 0x5, 0x73f2}) mlock$auto(0x1000, 0x6) mlockall$auto(0x800000000000005) madvise$auto(0x0, 0x200007, 0x19) 1.453475941s ago: executing program 2 (id=71): r0 = openat$auto_proc_pid_smaps_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/smaps\x00', 0x0, 0x0) r1 = bpf$auto_BPF_OBJ_GET(0x7, &(0x7f0000000040)=@iter_create={r0, 0x4}, 0x4) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_split_huge_pages_fops_huge_memory(0xffffffffffffff9c, &(0x7f0000000040), 0x12a382, 0x0) write$auto_split_huge_pages_fops_huge_memory(r2, &(0x7f0000000100)='1', 0x1) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x100000a, 0x40010, r1, 0x0) r3 = ioctl$auto_TUNSETVNETLE2(0xffffffffffffffff, 0x400454dc, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_SESSION_CREATE(r4, 0x0, 0x40) sendmsg$auto_L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="02000000080019e30372affc70e25917da02c1ae64ffafe53e00000006001c000000000014001f00"], 0x38}, 0x1, 0x0, 0x0, 0x20004000}, 0x20000000) pread64$auto(0xffffffffffffffff, 0x0, 0x2, 0x100000005) ioctl$auto_SW_SYNC_GET_DEADLINE(0xffffffffffffffff, 0xc0105702, 0x0) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, 0x0, 0x121900, 0x0) r6 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) ioctl$auto(0xffffffffffffffff, 0x5410, 0xffffffffffffffff) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x10000, 0x7, 0xf, 0x40000000008fd6, 0x948b, 0x7, 0x15f4da0a, 0x3, 0x3, 0x62, 0x4, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000001100)=""/192, 0xc0) write$auto(r6, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) madvise$auto(0x0, 0x2000040080000004, 0xe) mmap$auto(0x0, 0x2, 0xffffffffffffffff, 0x40eb1, 0x602, 0x300000000000) 1.190129866s ago: executing program 0 (id=72): mmap$auto(0x0, 0x20007, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x80000000000000a, 0x2, 0x0) socket(0xa, 0x801, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x69) mmap$auto(0x0, 0x428, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xffffeffe, 0x2) io_uring_setup$auto(0x7, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x181902, 0x0) io_uring_setup$auto(0x6, 0x0) mbind$auto(0x5, 0x111f, 0x28, &(0x7f0000000180)=0x13fffffff, 0xfffffffffffffffc, 0x3f) io_uring_register$auto(0x2, 0x1e, &(0x7f0000000180), 0x1) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x11}}, 0x54) close_range$auto(0x2, 0x8000, 0x0) socket(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x301001, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x80, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r0) ioctl$auto_KVM_CREATE_VM(r1, 0x4138ae84, 0x0) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mremap$auto(0x0, 0xffffffffffffffff, 0x3fd6, 0x3, 0x7fffffffb000) clone$auto(0x8001, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x6) r3 = socket(0x10, 0x3, 0x9) write$auto(r3, 0x0, 0x5) 685.992394ms ago: executing program 0 (id=73): socket(0xa, 0x1, 0x100) pread64$auto(0xffffffffffffffff, 0x0, 0x7ff, 0x400) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socketcall$auto_SYS_SOCKET(0x1, &(0x7f0000000280)=0xfffffffffffffffd) socket(0x2, 0x80002, 0x73) read$auto_proc_iter_file_ops_compat_inode(0xffffffffffffffff, &(0x7f0000000180)=""/248, 0xf8) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000001140)='/proc/self/oom_adj\x00', 0x8042, 0x0) openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xfffffff7, 0x0, 0x0, &(0x7f00000002c0)={[0x3fdafc8, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x64, 0x8000001f, 0x7, 0x46d3e, 0xc, 0x10000, 0x6]}, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) mmap$auto(0x0, 0x810004, 0xfff, 0x8000000008012, 0x3, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000001380)=""/134, 0x86) open_tree_attr$auto(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x8c02, &(0x7f0000000080)={0x1, 0x3, 0x7, @raw=0x5}, 0xfffffffffffffc0f) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x403, 0x8000) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS0\x00', 0x1, 0x0) ioctl$auto(r1, 0x5459, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) read$auto_l2cap_debugfs_fops_(0xffffffffffffffff, &(0x7f0000000340)=""/104, 0x68) open(&(0x7f0000000100)='.\x00', 0x40000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8000, 0x0) 583.672003ms ago: executing program 3 (id=74): socket(0xa, 0x1, 0x100) pread64$auto(0xffffffffffffffff, 0x0, 0x7ff, 0x400) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socketcall$auto_SYS_SOCKET(0x1, &(0x7f0000000280)=0xfffffffffffffffd) socket(0x2, 0x80002, 0x73) read$auto_proc_iter_file_ops_compat_inode(0xffffffffffffffff, &(0x7f0000000180)=""/248, 0xf8) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000001140)='/proc/self/oom_adj\x00', 0x8042, 0x0) openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xfffffff7, 0x0, 0x0, &(0x7f00000002c0)={[0x3fdafc8, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x64, 0x8000001f, 0x7, 0x46d3e, 0xc, 0x10000, 0x6]}, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) mmap$auto(0x0, 0x810004, 0xfff, 0x8000000008012, 0x3, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000001380)=""/134, 0x86) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x403, 0x8000) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS0\x00', 0x1, 0x0) ioctl$auto(r2, 0x5459, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) read$auto_l2cap_debugfs_fops_(r1, &(0x7f0000000340)=""/104, 0x68) open(&(0x7f0000000100)='.\x00', 0x40000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8000, 0x0) 0s ago: executing program 2 (id=75): openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000380)='/dev/snd/controlC2\x00', 0x400, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), r2) sendmsg$auto_NL80211_CMD_GET_WIPHY(r2, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000140)=ANY=[@ANYBLOB="18000000", @ANYRES16=r3, @ANYBLOB="810b25bd7080fbdbdf250100"], 0x18}, 0x1, 0x0, 0x0, 0x20000000}, 0xc004) recvmmsg$auto(r2, &(0x7f0000000180)={{0x0, 0x5, 0x0, 0x0, 0x0, 0x2, 0x6}, 0x803}, 0x10a, 0x6, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r4 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0) ioctl$auto_PAGEMAP_SCAN(r4, 0xc0606610, &(0x7f000000c380)={0x60, 0x0, 0x100000, 0x7fffffffefff, 0xfffffffffffffffe, 0x1, 0x8, 0xc00, 0x2c, 0x2c, 0x3, 0x2}) openat$auto_aoe_fops_aoechr(0xffffffffffffff9c, &(0x7f0000000040)='/dev/etherd/flush\x00', 0x1, 0x0) r5 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x101000, 0x0) listen$auto(r5, 0x5) recvmmsg$auto(r1, &(0x7f0000000500)={{0x0, 0x4, 0x0, 0x5, 0x0, 0x2, 0x8}, 0xd1}, 0x10a, 0x8, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/virtual/misc/userfaultfd/power/control\x00', 0x668000, 0x0) socket(0x2, 0x1, 0x106) socket(0x2, 0x1, 0x0) shutdown$auto(0xffffffffffffffff, 0x2) read$auto_rng_chrdev_ops_core(r1, 0x0, 0x0) mmap$auto(0xfffffffffffffffc, 0x8, 0x8, 0x7fffffffffffffff, 0xffffffffffffffff, 0xfffffffffffffffd) ioctl$auto_SOUND_MIXER_READ_DEVMASK2(0xffffffffffffffff, 0x80044dfe, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x3ff, 0x0) mmap$auto(0x0, 0x40009, 0xe1, 0x1de, 0x7, 0x27fff) setfsgid$auto(0xee00) listen$auto(0x3, 0x3) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.25' (ED25519) to the list of known hosts. [ 99.212053][ T5836] cgroup: Unknown subsys name 'net' [ 99.335047][ T5836] cgroup: Unknown subsys name 'cpuset' [ 99.344801][ T5836] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 101.314462][ T5836] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 102.461372][ T24] cfg80211: failed to load regulatory.db [ 103.700694][ T5854] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 103.710247][ T5854] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 103.718600][ T5854] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 103.722572][ T5852] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 103.728046][ T5854] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 103.742318][ T5854] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 103.775811][ T5854] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 103.784478][ T5854] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 103.794801][ T5854] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 103.797373][ T5859] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 103.803527][ T5854] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 103.819224][ T5860] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 103.828737][ T5860] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 103.836833][ T5860] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 103.851011][ T5860] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 103.860501][ T5859] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 103.880279][ T5860] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 103.888919][ T5859] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 103.897922][ T5859] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 103.913704][ T5858] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 104.335581][ T5846] chnl_net:caif_netlink_parms(): no params data found [ 104.590893][ T5848] chnl_net:caif_netlink_parms(): no params data found [ 104.669778][ T5847] chnl_net:caif_netlink_parms(): no params data found [ 104.694482][ T5846] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.703449][ T5846] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.711143][ T5846] bridge_slave_0: entered allmulticast mode [ 104.719834][ T5846] bridge_slave_0: entered promiscuous mode [ 104.730519][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.737784][ T5846] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.745187][ T5846] bridge_slave_1: entered allmulticast mode [ 104.752960][ T5846] bridge_slave_1: entered promiscuous mode [ 104.852745][ T5849] chnl_net:caif_netlink_parms(): no params data found [ 104.880817][ T5846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 104.895348][ T5846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 105.047506][ T5846] team0: Port device team_slave_0 added [ 105.058423][ T5846] team0: Port device team_slave_1 added [ 105.085146][ T5848] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.092719][ T5848] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.100472][ T5848] bridge_slave_0: entered allmulticast mode [ 105.108148][ T5848] bridge_slave_0: entered promiscuous mode [ 105.138301][ T5847] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.146281][ T5847] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.153722][ T5847] bridge_slave_0: entered allmulticast mode [ 105.161471][ T5847] bridge_slave_0: entered promiscuous mode [ 105.170732][ T5847] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.177976][ T5847] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.185495][ T5847] bridge_slave_1: entered allmulticast mode [ 105.193469][ T5847] bridge_slave_1: entered promiscuous mode [ 105.201048][ T5848] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.208350][ T5848] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.215971][ T5848] bridge_slave_1: entered allmulticast mode [ 105.223933][ T5848] bridge_slave_1: entered promiscuous mode [ 105.341168][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 105.349843][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.377193][ T5846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 105.392107][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 105.399208][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.426625][ T5846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 105.441637][ T5847] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 105.454555][ T5848] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 105.468972][ T5848] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 105.501917][ T5849] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.509304][ T5849] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.517717][ T5849] bridge_slave_0: entered allmulticast mode [ 105.526933][ T5849] bridge_slave_0: entered promiscuous mode [ 105.544698][ T5847] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 105.590858][ T5849] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.598125][ T5849] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.606044][ T5849] bridge_slave_1: entered allmulticast mode [ 105.613811][ T5849] bridge_slave_1: entered promiscuous mode [ 105.655311][ T5848] team0: Port device team_slave_0 added [ 105.665787][ T5848] team0: Port device team_slave_1 added [ 105.694659][ T5849] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 105.772086][ T5849] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 105.787113][ T5847] team0: Port device team_slave_0 added [ 105.814595][ T5846] hsr_slave_0: entered promiscuous mode [ 105.820925][ T5850] Bluetooth: hci0: command tx timeout [ 105.821940][ T5846] hsr_slave_1: entered promiscuous mode [ 105.837392][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 105.846334][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.873107][ T5848] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 105.899166][ T5850] Bluetooth: hci1: command tx timeout [ 105.908323][ T5847] team0: Port device team_slave_1 added [ 105.947070][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 105.954579][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.979446][ T5850] Bluetooth: hci2: command tx timeout [ 105.981071][ T5848] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 105.986482][ T5858] Bluetooth: hci3: command tx timeout [ 106.042302][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 106.049506][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 106.076562][ T5847] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 106.125390][ T5849] team0: Port device team_slave_0 added [ 106.136068][ T5849] team0: Port device team_slave_1 added [ 106.150392][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 106.157585][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 106.184342][ T5847] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 106.201369][ T5848] hsr_slave_0: entered promiscuous mode [ 106.208033][ T5848] hsr_slave_1: entered promiscuous mode [ 106.214673][ T5848] debugfs: 'hsr0' already exists in 'hsr' [ 106.220769][ T5848] Cannot create hsr debugfs directory [ 106.335656][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 106.343369][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 106.369850][ T5849] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 106.437363][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 106.445325][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 106.490245][ T5849] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 106.531047][ T5847] hsr_slave_0: entered promiscuous mode [ 106.537602][ T5847] hsr_slave_1: entered promiscuous mode [ 106.544761][ T5847] debugfs: 'hsr0' already exists in 'hsr' [ 106.551143][ T5847] Cannot create hsr debugfs directory [ 106.662059][ T5849] hsr_slave_0: entered promiscuous mode [ 106.669265][ T5849] hsr_slave_1: entered promiscuous mode [ 106.676057][ T5849] debugfs: 'hsr0' already exists in 'hsr' [ 106.682126][ T5849] Cannot create hsr debugfs directory [ 107.023540][ T5846] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 107.039283][ T5846] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 107.066401][ T5846] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 107.104801][ T5846] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 107.181918][ T5848] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 107.196248][ T5848] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 107.208077][ T5848] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 107.237253][ T5848] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 107.326115][ T5847] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 107.356219][ T5847] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 107.367570][ T5847] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 107.381119][ T5847] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 107.512371][ T5849] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 107.525420][ T5849] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 107.544995][ T5849] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 107.561399][ T5849] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 107.631593][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0 [ 107.696976][ T5848] 8021q: adding VLAN 0 to HW filter on device bond0 [ 107.716662][ T5846] 8021q: adding VLAN 0 to HW filter on device team0 [ 107.761038][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.768506][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 107.812688][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.819956][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 107.844680][ T5848] 8021q: adding VLAN 0 to HW filter on device team0 [ 107.873189][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.880702][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 107.899527][ T5858] Bluetooth: hci0: command tx timeout [ 107.920310][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.928149][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 107.980800][ T5858] Bluetooth: hci1: command tx timeout [ 107.997970][ T5847] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.060108][ T5850] Bluetooth: hci2: command tx timeout [ 108.065778][ T5858] Bluetooth: hci3: command tx timeout [ 108.076895][ T5847] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.100755][ T5849] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.117449][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.124791][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.177259][ T5849] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.191907][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.199271][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.214808][ T5848] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 108.264137][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.271548][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.335771][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.343857][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.772470][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 108.914967][ T5848] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 108.978186][ T5846] veth0_vlan: entered promiscuous mode [ 109.008143][ T5846] veth1_vlan: entered promiscuous mode [ 109.166806][ T5847] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 109.217170][ T5846] veth0_macvtap: entered promiscuous mode [ 109.226819][ T5848] veth0_vlan: entered promiscuous mode [ 109.236235][ T5849] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 109.267339][ T5846] veth1_macvtap: entered promiscuous mode [ 109.287150][ T5848] veth1_vlan: entered promiscuous mode [ 109.355749][ T5847] veth0_vlan: entered promiscuous mode [ 109.376778][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 109.406063][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 109.417681][ T5848] veth0_macvtap: entered promiscuous mode [ 109.429663][ T5846] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.438797][ T5846] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.451698][ T5846] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.461067][ T5846] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.475618][ T5847] veth1_vlan: entered promiscuous mode [ 109.512814][ T5848] veth1_macvtap: entered promiscuous mode [ 109.553042][ T5849] veth0_vlan: entered promiscuous mode [ 109.596514][ T5849] veth1_vlan: entered promiscuous mode [ 109.651109][ T5847] veth0_macvtap: entered promiscuous mode [ 109.688208][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 109.723275][ T5847] veth1_macvtap: entered promiscuous mode [ 109.734312][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 109.750129][ T2973] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.760511][ T2973] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.814259][ T5848] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.824992][ T5848] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.839108][ T5848] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.847907][ T5848] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.887976][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 109.912029][ T5849] veth0_macvtap: entered promiscuous mode [ 109.919370][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.932949][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.943202][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 109.974025][ T5847] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.984106][ T5858] Bluetooth: hci0: command tx timeout [ 109.996764][ T5847] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.006752][ T5847] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.015822][ T5847] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.031103][ T5849] veth1_macvtap: entered promiscuous mode [ 110.059481][ T5858] Bluetooth: hci1: command tx timeout [ 110.098822][ T5846] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 110.134170][ T2998] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.140154][ T5850] Bluetooth: hci2: command tx timeout [ 110.148324][ T5858] Bluetooth: hci3: command tx timeout [ 110.160882][ T2998] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.241244][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 110.325822][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.341139][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.343201][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 110.442243][ T5849] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.466726][ T5849] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.480246][ T5849] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.491882][ T5849] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.512697][ T2998] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.529219][ T2998] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.668220][ T3021] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.699911][ T3021] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.949224][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.987380][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.131710][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.200575][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.530000][ T5954] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 112.061549][ T5858] Bluetooth: hci0: command tx timeout [ 112.144149][ T5858] Bluetooth: hci1: command tx timeout [ 112.222177][ T5858] Bluetooth: hci3: command tx timeout [ 112.227870][ T5850] Bluetooth: hci2: command tx timeout [ 112.379880][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 112.388630][ T5956] Zero length message leads to an empty skb [ 112.469381][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 112.499638][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 113.274782][ T5980] mmap: syz.2.9 (5980) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 113.659442][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 113.669433][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 113.700413][ T5986] block2mtd: device name too long [ 113.940917][ T5988] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input5 [ 114.169555][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 114.210350][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 114.907819][ T5989] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input6 [ 115.144360][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 115.247703][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 115.257444][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 116.442180][ T6009] can: request_module (can-proto-0) failed. [ 116.705626][ T6017] netlink: 8 bytes leftover after parsing attributes in process `syz.1.17'. [ 119.699254][ T6038] can: request_module (can-proto-0) failed. [ 121.263169][ T6059] can: request_module (can-proto-0) failed. [ 123.825930][ T6090] capability: warning: `syz.2.28' uses 32-bit capabilities (legacy support in use) [ 124.168438][ T6090] HfR: entered promiscuous mode [ 124.355019][ T6092] openvswitch: HfR: Dropping previously announced user features syzkaller syzkaller login: [ 125.667696][ T6110] FAULT_INJECTION: forcing a failure. [ 125.667696][ T6110] name failslab, interval 1, probability 0, space 0, times 1 [ 125.731113][ T6110] CPU: 0 UID: 0 PID: 6110 Comm: syz.0.34 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 125.731180][ T6110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 125.731204][ T6110] Call Trace: [ 125.731214][ T6110] [ 125.731231][ T6110] dump_stack_lvl+0x16c/0x1f0 [ 125.731280][ T6110] should_fail_ex+0x512/0x640 [ 125.731325][ T6110] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 125.731368][ T6110] should_failslab+0xc2/0x120 [ 125.731411][ T6110] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 125.731451][ T6110] ? __d_alloc+0x32/0xae0 [ 125.731493][ T6110] __d_alloc+0x32/0xae0 [ 125.731534][ T6110] d_alloc_parallel+0x111/0x1480 [ 125.731588][ T6110] ? __lock_acquire+0xb8a/0x1c90 [ 125.731645][ T6110] ? look_up_lock_class+0x59/0x150 [ 125.731690][ T6110] ? register_lock_class+0x41/0x4c0 [ 125.731738][ T6110] ? proc_sys_lookup+0x2eb/0x400 [ 125.731781][ T6110] ? __pfx_d_alloc_parallel+0x10/0x10 [ 125.731835][ T6110] ? lockdep_init_map_type+0x5c/0x280 [ 125.731888][ T6110] ? lockdep_init_map_type+0x5c/0x280 [ 125.731946][ T6110] __lookup_slow+0x193/0x460 [ 125.731995][ T6110] ? __pfx___lookup_slow+0x10/0x10 [ 125.732069][ T6110] ? lookup_fast+0x156/0x610 [ 125.732126][ T6110] ? _raw_spin_unlock+0x28/0x50 [ 125.732167][ T6110] walk_component+0x353/0x5b0 [ 125.732201][ T6110] link_path_walk+0x627/0xe20 [ 125.732246][ T6110] path_openat+0x1b0/0x2cb0 [ 125.732277][ T6110] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 125.732324][ T6110] ? __pfx_path_openat+0x10/0x10 [ 125.732362][ T6110] ? __lock_acquire+0xb8a/0x1c90 [ 125.732414][ T6110] do_filp_open+0x20b/0x470 [ 125.732450][ T6110] ? __pfx_do_filp_open+0x10/0x10 [ 125.732517][ T6110] ? alloc_fd+0x471/0x7d0 [ 125.732561][ T6110] do_sys_openat2+0x11b/0x1d0 [ 125.732610][ T6110] ? __pfx_do_sys_openat2+0x10/0x10 [ 125.732668][ T6110] ? __sys_sendmsg+0x18c/0x220 [ 125.732727][ T6110] __x64_sys_openat+0x174/0x210 [ 125.732778][ T6110] ? __pfx___x64_sys_openat+0x10/0x10 [ 125.732845][ T6110] do_syscall_64+0xcd/0x490 [ 125.732895][ T6110] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 125.732927][ T6110] RIP: 0033:0x7fa10378e9a9 [ 125.732966][ T6110] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 125.733004][ T6110] RSP: 002b:00007fa104636038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 125.733037][ T6110] RAX: ffffffffffffffda RBX: 00007fa1039b5fa0 RCX: 00007fa10378e9a9 [ 125.733058][ T6110] RDX: 0000000000101202 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 125.733080][ T6110] RBP: 00007fa103810d69 R08: 0000000000000000 R09: 0000000000000000 [ 125.733099][ T6110] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 125.733119][ T6110] R13: 0000000000000000 R14: 00007fa1039b5fa0 R15: 00007fffd3ed0598 [ 125.733162][ T6110] [ 126.019066][ C0] vkms_vblank_simulate: vblank timer overrun [ 126.405169][ T6114] can: request_module (can-proto-0) failed. [ 127.906609][ T6131] can: request_module (can-proto-0) failed. [ 128.491425][ T6141] FAULT_INJECTION: forcing a failure. [ 128.491425][ T6141] name failslab, interval 1, probability 0, space 0, times 0 [ 128.574756][ T6141] CPU: 0 UID: 0 PID: 6141 Comm: syz.0.39 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 128.574802][ T6141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 128.574821][ T6141] Call Trace: [ 128.574832][ T6141] [ 128.574843][ T6141] dump_stack_lvl+0x16c/0x1f0 [ 128.574894][ T6141] should_fail_ex+0x512/0x640 [ 128.574936][ T6141] ? fs_reclaim_acquire+0xae/0x150 [ 128.574989][ T6141] ? tomoyo_encode2+0x100/0x3e0 [ 128.575021][ T6141] should_failslab+0xc2/0x120 [ 128.575063][ T6141] __kmalloc_noprof+0xd2/0x510 [ 128.575110][ T6141] tomoyo_encode2+0x100/0x3e0 [ 128.575148][ T6141] tomoyo_encode+0x29/0x50 [ 128.575180][ T6141] tomoyo_realpath_from_path+0x18f/0x6e0 [ 128.575219][ T6141] ? tomoyo_profile+0x47/0x60 [ 128.575270][ T6141] tomoyo_path_perm+0x274/0x460 [ 128.575316][ T6141] ? tomoyo_path_perm+0x260/0x460 [ 128.575369][ T6141] ? __pfx_tomoyo_path_perm+0x10/0x10 [ 128.575458][ T6141] ? __pfx_ima_file_check+0x10/0x10 [ 128.575491][ T6141] ? hook_file_truncate+0xc7/0x250 [ 128.575547][ T6141] security_file_truncate+0x84/0x1e0 [ 128.575582][ T6141] path_openat+0xc10/0x2cb0 [ 128.575630][ T6141] ? __pfx_path_openat+0x10/0x10 [ 128.575666][ T6141] ? __lock_acquire+0xb8a/0x1c90 [ 128.575718][ T6141] do_filp_open+0x20b/0x470 [ 128.575759][ T6141] ? __pfx_do_filp_open+0x10/0x10 [ 128.575827][ T6141] ? alloc_fd+0x471/0x7d0 [ 128.575867][ T6141] do_sys_openat2+0x11b/0x1d0 [ 128.575914][ T6141] ? __pfx_do_sys_openat2+0x10/0x10 [ 128.575962][ T6141] ? __sys_sendmsg+0x18c/0x220 [ 128.576017][ T6141] __x64_sys_openat+0x174/0x210 [ 128.576066][ T6141] ? __pfx___x64_sys_openat+0x10/0x10 [ 128.576130][ T6141] do_syscall_64+0xcd/0x490 [ 128.576179][ T6141] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.576212][ T6141] RIP: 0033:0x7fa10378e9a9 [ 128.576247][ T6141] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 128.576277][ T6141] RSP: 002b:00007fa104636038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 128.576306][ T6141] RAX: ffffffffffffffda RBX: 00007fa1039b5fa0 RCX: 00007fa10378e9a9 [ 128.576326][ T6141] RDX: 0000000000101202 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 128.576344][ T6141] RBP: 00007fa103810d69 R08: 0000000000000000 R09: 0000000000000000 [ 128.576362][ T6141] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 128.576379][ T6141] R13: 0000000000000000 R14: 00007fa1039b5fa0 R15: 00007fffd3ed0598 [ 128.576419][ T6141] [ 128.576978][ T6141] ERROR: Out of memory at tomoyo_realpath_from_path. [ 129.051836][ T6149] usb usb34: usbfs: process 6149 (syz.3.40) did not claim interface 0 before use [ 129.287080][ T6149] syz.3.40 (6149) used greatest stack depth: 19784 bytes left [ 130.751900][ T6167] can: request_module (can-proto-0) failed. syzkaller syzkaller login: syzkaller syzkaller login: [ 134.866142][ T6219] FAULT_INJECTION: forcing a failure. [ 134.866142][ T6219] name fail_futex, interval 1, probability 0, space 0, times 1 [ 134.903379][ T6219] CPU: 0 UID: 0 PID: 6219 Comm: syz.2.56 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 134.903424][ T6219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 134.903438][ T6219] Call Trace: [ 134.903446][ T6219] [ 134.903455][ T6219] dump_stack_lvl+0x16c/0x1f0 [ 134.903491][ T6219] should_fail_ex+0x512/0x640 [ 134.903527][ T6219] get_futex_key+0x1d0/0x1540 [ 134.903561][ T6219] ? __pfx_get_futex_key+0x10/0x10 [ 134.903598][ T6219] ? pick_eevdf+0x3be/0x5b0 [ 134.903628][ T6219] ? update_curr_se+0x8b/0x270 [ 134.903661][ T6219] ? update_curr+0x74/0x800 [ 134.903685][ T6219] futex_wait_setup+0x84/0x510 [ 134.903729][ T6219] __futex_wait+0x194/0x2f0 [ 134.903766][ T6219] ? __pfx___futex_wait+0x10/0x10 [ 134.903801][ T6219] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 134.903834][ T6219] ? __pfx_futex_wake_mark+0x10/0x10 [ 134.903874][ T6219] ? plist_check_head+0xa3/0x150 [ 134.903896][ T6219] ? find_held_lock+0x2b/0x80 [ 134.903930][ T6219] futex_wait+0xe8/0x380 [ 134.903966][ T6219] ? __pfx_futex_wait+0x10/0x10 [ 134.904018][ T6219] do_futex+0x229/0x350 [ 134.904048][ T6219] ? __pfx_do_futex+0x10/0x10 [ 134.904079][ T6219] ? fput+0x70/0xf0 [ 134.904111][ T6219] ? __sys_sendmsg+0x18c/0x220 [ 134.904148][ T6219] __x64_sys_futex+0x1e0/0x4c0 [ 134.904182][ T6219] ? __pfx___x64_sys_futex+0x10/0x10 [ 134.904214][ T6219] ? xfd_validate_state+0x61/0x180 [ 134.904262][ T6219] do_syscall_64+0xcd/0x490 [ 134.904296][ T6219] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 134.904319][ T6219] RIP: 0033:0x7f7c6078e9a9 [ 134.904337][ T6219] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 134.904360][ T6219] RSP: 002b:00007f7c6150f0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 134.904381][ T6219] RAX: ffffffffffffffda RBX: 00007f7c609b5fa8 RCX: 00007f7c6078e9a9 [ 134.904396][ T6219] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f7c609b5fa8 [ 134.904409][ T6219] RBP: 00007f7c609b5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 134.904423][ T6219] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7c609b5fac [ 134.904437][ T6219] R13: 0000000000000000 R14: 00007ffec28bd480 R15: 00007ffec28bd568 [ 134.904465][ T6219] [ 135.845880][ T6228] can: request_module (can-proto-0) failed. [ 135.987664][ T6233] can: request_module (can-proto-0) failed. syzkaller syzkaller login: [ 143.271362][ T6314] netlink: 4 bytes leftover after parsing attributes in process `syz.2.75'. [ 143.448121][ T5850] ================================================================== [ 143.456614][ T5850] BUG: KASAN: vmalloc-out-of-bounds in hci_devcd_dump+0x142/0x240 [ 143.464735][ T5850] Read of size 140 at addr ffffc9000535b000 by task kworker/u9:2/5850 [ 143.473033][ T5850] [ 143.475463][ T5850] CPU: 1 UID: 0 PID: 5850 Comm: kworker/u9:2 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 143.475505][ T5850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 143.475527][ T5850] Workqueue: hci0 hci_devcd_timeout [ 143.475568][ T5850] Call Trace: [ 143.475579][ T5850] [ 143.475590][ T5850] dump_stack_lvl+0x116/0x1f0 [ 143.475635][ T5850] print_report+0xcd/0x630 [ 143.475676][ T5850] ? __virt_addr_valid+0x81/0x610 [ 143.475717][ T5850] ? hci_devcd_dump+0x142/0x240 [ 143.475752][ T5850] kasan_report+0xe0/0x110 [ 143.475793][ T5850] ? hci_devcd_dump+0x142/0x240 [ 143.475834][ T5850] kasan_check_range+0x100/0x1b0 [ 143.475883][ T5850] __asan_memcpy+0x23/0x60 [ 143.475914][ T5850] hci_devcd_dump+0x142/0x240 [ 143.475951][ T5850] hci_devcd_timeout+0xb5/0x2e0 [ 143.475987][ T5850] ? rcu_is_watching+0x12/0xc0 [ 143.476028][ T5850] process_one_work+0x9cf/0x1b70 [ 143.476073][ T5850] ? __pfx_process_one_work+0x10/0x10 [ 143.476111][ T5850] ? assign_work+0x1a0/0x250 [ 143.476164][ T5850] worker_thread+0x6c8/0xf10 [ 143.476204][ T5850] ? __pfx_worker_thread+0x10/0x10 [ 143.476236][ T5850] kthread+0x3c2/0x780 [ 143.476286][ T5850] ? __pfx_kthread+0x10/0x10 [ 143.476338][ T5850] ? rcu_is_watching+0x12/0xc0 [ 143.476375][ T5850] ? __pfx_kthread+0x10/0x10 [ 143.476426][ T5850] ret_from_fork+0x5d7/0x6f0 [ 143.476483][ T5850] ? __pfx_kthread+0x10/0x10 [ 143.476533][ T5850] ret_from_fork_asm+0x1a/0x30 [ 143.476582][ T5850] [ 143.476593][ T5850] [ 143.627605][ T5850] The buggy address belongs to a vmalloc virtual mapping [ 143.634799][ T5850] Memory state around the buggy address: [ 143.640472][ T5850] ffffc9000535af00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 143.648572][ T5850] ffffc9000535af80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 143.657000][ T5850] >ffffc9000535b000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 143.665188][ T5850] ^ [ 143.669297][ T5850] ffffc9000535b080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 143.677412][ T5850] ffffc9000535b100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 143.685504][ T5850] ================================================================== [ 143.699243][ T5850] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 143.707016][ T5850] CPU: 1 UID: 0 PID: 5850 Comm: kworker/u9:2 Not tainted 6.16.0-syzkaller-00857-gced1b9e0392d #0 PREEMPT(full) [ 143.719212][ T5850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 143.729455][ T5850] Workqueue: hci0 hci_devcd_timeout [ 143.734715][ T5850] Call Trace: [ 143.738019][ T5850] [ 143.741066][ T5850] dump_stack_lvl+0x3d/0x1f0 [ 143.745690][ T5850] panic+0x71c/0x800 [ 143.749618][ T5850] ? __pfx_panic+0x10/0x10 [ 143.754351][ T5850] ? mark_held_locks+0x49/0x80 [ 143.759233][ T5850] ? preempt_schedule_thunk+0x16/0x30 [ 143.764643][ T5850] ? hci_devcd_dump+0x142/0x240 [ 143.769529][ T5850] ? preempt_schedule_common+0x44/0xc0 [ 143.775128][ T5850] ? check_panic_on_warn+0x1f/0xb0 [ 143.780497][ T5850] ? hci_devcd_dump+0x142/0x240 [ 143.785608][ T5850] check_panic_on_warn+0xab/0xb0 [ 143.790588][ T5850] end_report+0x107/0x170 [ 143.794948][ T5850] kasan_report+0xee/0x110 [ 143.799431][ T5850] ? hci_devcd_dump+0x142/0x240 [ 143.804344][ T5850] kasan_check_range+0x100/0x1b0 [ 143.809394][ T5850] __asan_memcpy+0x23/0x60 [ 143.813838][ T5850] hci_devcd_dump+0x142/0x240 [ 143.818553][ T5850] hci_devcd_timeout+0xb5/0x2e0 [ 143.823448][ T5850] ? rcu_is_watching+0x12/0xc0 [ 143.828244][ T5850] process_one_work+0x9cf/0x1b70 [ 143.833335][ T5850] ? __pfx_process_one_work+0x10/0x10 [ 143.838859][ T5850] ? assign_work+0x1a0/0x250 [ 143.843506][ T5850] worker_thread+0x6c8/0xf10 [ 143.848129][ T5850] ? __pfx_worker_thread+0x10/0x10 [ 143.853261][ T5850] kthread+0x3c2/0x780 [ 143.857371][ T5850] ? __pfx_kthread+0x10/0x10 [ 143.862093][ T5850] ? rcu_is_watching+0x12/0xc0 [ 143.867082][ T5850] ? __pfx_kthread+0x10/0x10 [ 143.871888][ T5850] ret_from_fork+0x5d7/0x6f0 [ 143.876514][ T5850] ? __pfx_kthread+0x10/0x10 [ 143.881146][ T5850] ret_from_fork_asm+0x1a/0x30 [ 143.886009][ T5850] [ 143.889495][ T5850] Kernel Offset: disabled [ 143.893855][ T5850] Rebooting in 86400 seconds..