last executing test programs: 3.623102644s ago: executing program 0 (id=485): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25030000000800030004020000060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a000100"], 0x68}, 0x1, 0x0, 0x0, 0x4044080}, 0x40090) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x7, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4008810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1d"], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x804) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x89}, 0x7}, 0x4, 0x0) r0 = socket(0x15, 0x5, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) connect$auto(0x3, 0x0, 0x54) getsockopt$auto(r0, 0x114, 0x2721, 0xfffffffffffffffc, 0x0) 3.471825822s ago: executing program 2 (id=487): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000900), r0) process_madvise$auto_PIDFD_SELF_THREAD(0xffffffffffffd8f0, &(0x7f0000000140)={&(0x7f0000000000), 0x55}, 0x3fb, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000980)={'virt_wifi0\x00', 0x0}) sendmsg$auto_MACSEC_CMD_UPD_OFFLOAD(r0, &(0x7f0000002200)={0x0, 0x0, &(0x7f00000021c0)={&(0x7f0000000a80)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010027bd7000fddbdf250a00000001000100", @ANYRES32=r2, @ANYBLOB="04000980"], 0x20}, 0x1, 0x0, 0x0, 0x20000001}, 0x40840) 3.122351337s ago: executing program 2 (id=488): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x105000, 0x0) r1 = openat$auto_proc_pid_set_timerslack_ns_operations_base(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) writev$auto(r1, &(0x7f0000000100)={0x0, 0x10}, 0x1) read$auto(r0, 0x0, 0x20) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000240)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) r3 = memfd_create$auto(0x0, 0xe) r4 = socket(0x2b, 0x1, 0x0) getsockopt$auto(r4, 0x0, 0x80, 0x0, 0x0) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r4, 0x0, 0x24084005) ioctl$auto(0x3, 0x5411, 0x38) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0) waitid$auto(0x4, r3, &(0x7f00000014c0)={@siginfo_0_0={0x5, 0x8, 0xe8e, @_timer={0xffffffffffffffff, 0x5, @sival_int=0x7ff, 0x2}}}, 0x7, &(0x7f0000001540)={{0x3, 0x9}, {0x7, 0x2}, 0x282d8000000000, 0x3, 0x3, 0x5, 0x5, 0x0, 0x9, 0x7, 0x4473, 0x5, 0x9, 0x5b, 0x10001, 0x2}) sendmsg$auto_NL80211_CMD_SET_BSS(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000180)={&(0x7f00000008c0)={0x2ec, 0x0, 0x800, 0x70bd2c, 0x25dfdbfb, {}, [@NL80211_ATTR_STA_FLAGS={0x18f, 0x11, 0x0, 0x1, [@nested={0x4, 0x2c}, @generic="0d3b78dc74f77974e30dc3c218179ac0ac449eb5f7efcdd3acd9a07d4b3fee9d58c9dcc9c93eefb0022f1b15d4ed63bd3d11408b4e3ec19d4aef", @typed={0x0, 0x47, 0x0, 0x0, @u64=0x200}, @generic="52cde041c3428560636f75137a184444b009bbe0edf18abd577c89f521f60a08b3e64c21ce4e89f676db928e4ed0b3eec98700f0a2031125d9674fa832a34ca7bb433d4266f9f38ac1cdd64d30e8370e5b102296223a0630c9f4395bff0ef26e22a733a5b8af6eb6e9f4235e48", @nested={0xba, 0x57, 0x0, 0x1, [@typed={0x8, 0xc3, 0x0, 0x0, @pid=r5}, @typed={0x2a, 0x138, 0x0, 0x0, @binary="34797ddc351ec207af8e92980de0ea4b4495407c59f8545e54cee241eabdd870dd03f3312e63"}, @typed={0x8, 0x2d, 0x0, 0x0, @ipv4=@loopback}, @generic="5ba6521ca95948a96f4f8d25b30475c1dcc2398314d4d3d5c518ec25402c6c865b30bf169a62fa09ba82cd60827056aa9cb322ba688ee40e6d5d39619d38c2a59f8f9c7549ed6e0f539476042879e93939a69d8dcbfd60e9f5a14828e9e8b463bd5789bb54235c6fddbef732c37356752db58ff8b4675059c5a8b7984d004554a5b446d336fb6c025c00ceac02e2ab0823f438931c0c883a3525376866755307d5f2be6caa094f3962ae4a58af28", @generic="c6248b832a9992a73844d571099cee2dd2e8", @typed={0x17, 0xf0, 0x0, 0x0, @ipv4=@private=0xa010100}]}]}, @NL80211_ATTR_SCAN_FLAGS={0x8, 0x9e, 0x8}, @NL80211_ATTR_COLOR_CHANGE_ELEMS={0x78, 0x131, 0x0, 0x1, [@NL80211_ATTR_TDLS_OPERATION={0x5}, @NL80211_ATTR_SUPPORTED_SELECTORS={0x3d, 0x14e, "86964abb4facb80e120a7ecbbeb200a53244399fc418411c45d4f8d80ff921d600d7e0c75f60c89fb84ffb09a9506249c176cd8a26ade18cf6"}, @NL80211_ATTR_STA_WME={0x2c, 0x81, 0x0, 0x1, [@NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0x6}, @NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0x7}, @NL80211_STA_WME_MAX_SP={0x0, 0x2, 0x8}, @NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0x2}, @NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0x64}]}]}, @NL80211_ATTR_BSS_BASIC_RATES={0x22, 0x24, "50c4a6fd8b80980d6ab94b2c8e24a0f1da36f515d254a14b96111872de28"}, @NL80211_ATTR_CNTDWN_OFFS_PRESP={0x0, 0xbb, "4dc8144d537c55d8d0eeb3eff613a370d5f56c2af72cf91309873b"}, @NL80211_ATTR_CONTROL_PORT={0x4}, @NL80211_ATTR_PBSS, @NL80211_ATTR_AUTH_DATA={0xfffffffffffffe49, 0x9c, "23aa36eefaaddf9dca198d99f3a4093872af087879d22e58fbef963ba5d1ba6febf942f8cd330aa536b55605e78b287b9dadcea03e13e054d126879014f9cbb511616ea3da6f6f344482cae525bf05f094db5b14b5622978552ccd969b70c76a7d74f09884a258366ed2a85b98132a382c4ebe0d53f0186fbe4da24b45b0f8616a84ddd81c4003488b"}]}, 0x2ec}, 0x1, 0x0, 0x0, 0x10008084}, 0x4) 3.061840957s ago: executing program 0 (id=489): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/pcmC1D1c\x00', 0x101102, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_START2(r1, 0x4142, 0x0) r2 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$auto_NL802154_CMD_GET_INTERFACE(r0, &(0x7f0000000300)={0x0, 0xa6, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r2, @ANYBLOB="05032cbd7000fbdbdf25050000003f381e42c2ccbc01d3db3b122e0d2003"], 0x14}, 0x1, 0x0, 0x0, 0x4004010}, 0x4040008) 2.664512322s ago: executing program 0 (id=490): socket(0x2, 0x1, 0x0) mknod$auto(&(0x7f0000000180)=':,\x00', 0xcb, 0xfffffffa) execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0) listen$auto(0x3, 0x81) (async) listen$auto(0x3, 0x81) listen$auto(0x3, 0x81) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/card1/pcm0c/sub1/info\x00', 0x7210c3, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.net/devices.deny\x00', 0x8ea182, 0x0) setresuid$auto(0x2, 0x0, 0x0) (async) setresuid$auto(0x2, 0x0, 0x0) setresuid$auto(0xee01, 0x8, 0x0) r2 = setfsuid$auto(0xee00) setreuid$auto(r2, 0x0) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/scsi/sg/def_reserved_size\x00', 0x402, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/fs/ext4/sda1/last_trim_minblks\x00', 0x2400, 0x0) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/fs/ext4/sda1/last_trim_minblks\x00', 0x2400, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/loop10\x00', 0x142, 0x0) epoll_create$auto(0x1053) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card0\x00', 0x129800, 0x0) (async) r4 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card0\x00', 0x129800, 0x0) ioctl$auto(r4, 0x92106405, r4) fcntl$auto_F_RDLCK(r4, 0x6, 0x0) write$auto(r3, 0x0, 0x7) socket(0x2, 0x2, 0x73) (async) socket(0x2, 0x2, 0x73) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @loopback}, 0x6a) (async) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @loopback}, 0x6a) socket(0x2, 0x80002, 0x73) (async) r5 = socket(0x2, 0x80002, 0x73) bind$auto(r5, &(0x7f0000000340)=@l2tp={0x2, 0x0, @empty, 0x1}, 0x6b) close_range$auto(0x2, 0x8, 0x0) r6 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sg1\x00', 0x44e580, 0x0) ioctl$auto_SCSI_IOCTL_SEND_COMMAND2(r6, 0x1, &(0x7f0000000140)="8cd1a11ef702b012f37dc1b422a96eb6e91f169b96fd22b550ed97e6408f56403f11bc5062c29c4ae8") getpid() write$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000000)='b', 0x1) (async) write$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000000)='b', 0x1) pread64$auto(r0, 0x0, 0x8, 0x8000) (async) pread64$auto(r0, 0x0, 0x8, 0x8000) 2.616450423s ago: executing program 2 (id=491): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0xfffffffffffffffe, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) ioctl$auto_FS_IOC_SETFLAGS2(r1, 0x40086602, &(0x7f0000000180)=0x9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) madvise$auto(0x0, 0x2003f2, 0x15) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000340), 0xffffffffffffffff) openat$auto_proc_uid_map_operations_base(0xffffffffffffff9c, 0x0, 0x8006, 0x0) rseq$auto(&(0x7f0000000140)={0xe, 0x5, 0x2c2, 0x23, 0x8007d, 0x80000000, "26c7"}, 0x8000, 0x7fff, 0x6) close_range$auto(0x2, 0x8, 0x80000002) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_ftrace_set_event_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000002640)='/sys/kernel/debug/tracing/set_event_pid\x00', 0x2002, 0x0) write$auto(0x3, 0x0, 0xfdef) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) openat$auto_tap_fops_tap(0xffffffffffffff9c, 0x0, 0x2, 0x0) io_uring_setup$auto(0x1400, 0x0) read$auto(0x3, 0x0, 0x80) openat$auto_loop_ctl_fops_loop(0xffffffffffffff9c, &(0x7f0000000000), 0x8200, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) 2.448902303s ago: executing program 3 (id=492): mmap$auto(0x4, 0x8004, 0x4000000000df, 0x100040eb5, 0x401, 0x300000000000) r0 = socket(0xa, 0x3, 0x3b) (async) mmap$auto(0x0, 0x200009, 0x2, 0x48eb1, 0xffffffffffffffff, 0x300000000000) (async, rerun: 64) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) (rerun: 64) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) (async) listen$auto(0x3, 0x81) (async) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0xb, 0x3, 0x0) (async, rerun: 64) madvise$auto(0x4000000000002, 0x4, 0x19) (async, rerun: 64) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x6, 0x3, 0x10, 0xfffffffffffffffa, 0x8000) mmap$auto(0x4, 0xa00006, 0x400002, 0x40ebe, 0xffffffffffffffff, 0x300000000000) (async) io_uring_setup$auto(0xfffffff1, 0x0) (async) mmap$auto(0x0, 0x3, 0x6, 0x40eb1, 0x401, 0xa) (async) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/scsi/sg/def_reserved_size\x00', 0xc8000, 0x0) (async, rerun: 64) close_range$auto(0x2, 0xa, 0x0) (rerun: 64) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x82202, 0x0) (async) io_uring_setup$auto(0x1, 0x0) (async) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) (async) mmap$auto(0x0, 0x61, 0x100001000000004, 0xfa31, 0x400, 0x8000) (async) sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x1400, 0x0, 0x80}, 0x20000084) (async) sendmsg$auto_NL80211_CMD_SET_MCAST_RATE(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000e00)=ANY=[@ANYBLOB="a0090000", @ANYRES16=0x0, @ANYBLOB="00022bbd7000ffdbdf255c000000b00780002f8ae786ef5249b7c468a1000000002451cb20bc3f8eececfa4f450447941b642eaa2543a21186471d77249fa5b4e4d2d0cebc20e09a581b748a8dae26752d3abfaf15fd78407763d2e29acd52d8fab8b169d61c6bdbeadaa4d3ee4e7eae295f598cc38140eccbc5953119212945a725bfe15296171a6b8f56c8c7eb4ffb7f04de9d2c779aaaa436166a022714ea5ce9423d3b9762f34be74f9a19dadca8862278c5f95f91278e45ddc0a73f11996bec6d8655e10d3b63dda198d61d8aaf14dece8c708f327b823caa5ff2f57296ef990b2af6e201bd5801834604585bd370b396b0082edf0564038520aaf6b1729ad38dcae37834353db0bc36088a18586f6298b2ab465dd9ff4d0b0a969b5c0d572cb888696e89895e9f70366042207ba2459117825b29487dfe1031d605477388fd808fd8ae506aa7803b8992ae095ad8b2a3be26a8020408433e35340e45641898fa3ac3ab762c97f59839c893a1647f1fcd19b7252cef37c567561cc38c117538599941d23d6883e11486562504e12b1127d006b087b9000e335e8ab98ab9611ac1b0e1fdddef7a17ab7e726218224ef26ce5488c9a48a161bec51405c7d57175bf32b249a7665ea6d0c04c0a0287dc50ba04c5af33ba81c0987a8aad122e75d8f8cfb749dca293644d70045d64cc44dd1586d421dc60ee549ebb7ae18e5e31466c35c492a6322d6ad86bfb73526ad6413e8d67404955820b6576bcc30db2a0fc40c1842c0a7dbccb832470fc2109a2600bb50333c6bb6f541b070044d386a5e64839e1e5612db78346669e47a3425f513b226d8deddbde9569ca0d9e6728da2edb83f848099144c6ee7cd9c521e18e4722e1c1b3fec0e35c5e390afedc6788d0eaeed5f6b318db3215ac5b6457a775a3e27fdde4e3c3b0a1593825fcdae9b4fbdfe4f0e74adfd57599c10cb12eb7f421cad7ae593e54534dfa464bc53a12da005c4302b46884224634ad1493b4f135cb0282b4f336732cf6d7eae2754faaac9c320c9bddca9f49d7886066daa891335476254651f481d8a9ce4f981947c1b5861b501e371528473aefb89657891580a90c669456ba35780b2b80ab0c0cbe5743c8946e747bac3323a43c93477322916f89b051b6a88dba662a7519e29211a3ae8b029805f11ebcf39a1f605b1844393b975068c1ebc5313ca3f05d50b93e16ec1b1e9aa2c22a8b9acc715425f7d68b72e086c9552108de4fd0841736d3780d46d08c504a3d5d5f5392be7b2b797fac1ae76c4aff3f3017ec64ebb1a2d7e0a5f633bb2d2d4f8a44eb2bece72f56b29b58ba068cf3eb532313aacdd05215464fee5c8d822486d54aeb86c3d9ed29b931a81913682ea3a04a8a9c5170a0a42a298e654454f15bb954407c2d10e6577bbbd46c39bd2297cbad7d35131af0940aacf404582323406f98842841b2b03b96b3226c64ddb87fb789060003be5e2dfb8b40dcbeaf3cbc18db48cc778aad94e90e11488e43a12efc6dcb9e2eeaa576e9fb8a3e40fa2d583bf107d72fd37eafd7eeb83560247465dc725baf1500efba4a8ba6715be30ef4183009a89e64afba907f5579825fe4f74536f111893462d798d2cc3465b2d4d2ddd462744180394075d919fcd4c01606acb17a5b92034fb11f65f453c952ab2df7b45d53023255e53631e119a0491a082d1fadb5388a4e5731e176dbb24e9684301911908493f134a48e72cf1d4081e46931a82491c1b654b2891b97ef0a1b467fd25f36f8b5c8481acd0c0d432937b50b5bae79a229ead00b779bb85d2007026c40473e42c448a8882b76ccb2b2617894bc92ca7406ecc3169710656f18453ca2fdbeb31597725062c78ec290b1e5b0e80fb233aeedda574185401ee36b0e417888f8516b11fba1cf3d71af8591efae31e5c05670481b3f655e0a095398399cad176114466d8a043bf3970c06b19d446c245b8a53ab706d12d348e9e7f6da912a69da2ea4d0a88469085b7d851b5a628d44fed88d24124ae424651c94d9b135c2a04c99bcee1c93eb5bfc45bc8b3d715e34574db052ec93fb234c00b3430b4594c8ec1e0a5d8225e3a4c2fda508709e6380ea96a7ba666a41eb5ffe20687ede44bdc4679fbd3b3501cc7188e1ef4a4c5d6c364ae89a8da8ee1100c73a7078c1f9f7869a60d1809c6c6431a145500c5b2680ea150f95da8ff87787044ed73837c37f4355a46130a6f4bfb124ce9dbce6862c9a0f24b53b9c79f12dd316820d9f04288ce0439544551315f279db0602d9eff60a0946f59c9de39e41cad3a9d25e47b60e02082184b1f387ca6ee60c18f026b31765d2a49b86907bd056bc436eb61fb5f0d214013f5a7c231bd62d8925d7fef60709184a46917ff3479b77b2749653941c2eab0cd4e9399d5ac640093e8ea81e4f629aaba8661f91cc5829cb7f56a268dcf6b1600d7c13519dce5f973a517b85d975536c351bf7afd827af7adb4e72c5f42c16e1fbdc435be733bf366e2a90be19576aef6e5b9bf5203bda8d1d4100bac0397c3e7fc4d9cf2aa1105579a6e1a7acbf25af29b17de23fe4f0dbd53c7437106fa800c97e1e6a47a545d0bca2696ba3d4175ab6e2301056a02eeae43cb9e66392c5ecfd566a85ff70fc4e3718fbb3a22f092d6550cdafce509ae3086e1936354ccd8f9d26c9596af47c3521661ad9818209f5e49a4803ed3a872c48baeee4672cfd44f4fe4e1e3d6108a2f356c6d1e89fbfef5981dfbd42ff423bcbcc2d6761a67c14ea8d76c64c6200bd007aa5eba50a3295d024afe35ab69ed20ac70feb7afdf230a222ce1f4f5b3a84c5392965ba56b47e45fcf09e23532c5e430adc6893719d8251292bdf01a9777c0c706b31cadd58d54587835ab6983bdcc617ff7b755808718b69d27be725cf000073003601cec6b61da7d40c563fdfe5ec607a38bc5fceb8290f6a0b697d69670dc3ae00602ed34391528fb7aea1993790793642a9f0304c2d5294ec676b4d3ae17410310f824d03018ac9d1b4fe5013a1a63e2eee044b44e1a71e959d515db9ccb56de4e55e2f25e4399bd959fa27bbd74312cf000800a0000c000000fb0017007f52b12b3504446d96d2361e054415ba95b5fd6801af49648e11bc7675ffc5a85d8a16f3aefa783fc012b28cb9766bcc9fbc70043a6baa405e2a0d5a15787e2ea16ad00731e27c4a436b32670eeb10275bc25fcdc88c8e70926aefa410b8a130fcb09f498e2513657c5b6fb7854bfe144f1a3ff280edeea2eb83f064a7456da1e4524fbad199e5e5cc84f32e761f6d17934943192352c3ccbc2e668f5fc7afedfeb18ce49925ecae6651b0289d7bed3ebf79853e3300ae2badcfdc73c5adba37fd6929ad8aad166dbb920c5d8f5a1bf2d8bc4172b22a3b47b4f4e241ef76e3b366ff73f444ab263c00e4f6a2898857d650893246809a1b00b2232b85d5f2e08f055c4acbb4eab83d78f061a516d42a37e8cbab240930dbaffe418dfe72d3532a5e9882b2d8558112e9a72ac9bafa417fa0ae79f89615c08a1e5abd08fb105fef11649722c459f59a16545c10e7e3880c76fdf99f1bedcf2547f09ebc80a7e8cbad500827fa3aafe1920a8096105abab848f7e1b15563bebfbf754511146029daddc0cb840ed6010184c5d5d03f80b0754bdd14c1a44ebfe36772a405c00d08bbfd28976b600f0ff87c52da6c88140677c176fac9f3361ddce664666b666aba419d9f6eeff9ebbf2a7a1e1afbf163021f69f270994410d0a8b7b45381a735718cda55e779498fd00f78a63fb5b9f63692910b15b70a732a9a5e440a357cc266876a3b7d74cfdabc0815e70374344cf2184268aabaaceaa968553e946e97b64c724bc71573b327fd5de663"], 0x9a0}, 0x1, 0x0, 0x0, 0x40840}, 0x20040018) (async) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) syz_genetlink_get_family_id$auto_ethtool(0x0, r0) (async) write$auto(0xffffffffffffffff, &(0x7f0000000080)='/dev/ttyS2\x00', 0xe) 1.988929546s ago: executing program 1 (id=494): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/pci0000:00/0000:00:01.0/remove\x00', 0xb01, 0x0) write$auto(r0, &(0x7f0000000100)='9\x00d1L\xff\x15\xba\xa17=w\xc1\xf8\xff\xff\v\xb5^\xa1/\xfb\xaf\xc8\xfc\\\xa9@\xc0\xee\xa2[', 0x1) sendmsg$auto_IPVS_CMD_SET_SERVICE(0xffffffffffffffff, 0x0, 0x4000000) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000a40), r1) mmap$auto(0x0, 0x74, 0x7, 0x9b72, 0xffffffffffffffff, 0x0) socket(0x11, 0x80003, 0x300) pwrite64$auto(0xc8, &(0x7f0000000080)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x06\x01e\x1cJ\x99\x00\x06\x11\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4*\xc0\xc1\xf2\x14N\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#\x1c\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xaf\n1\x80\x1a\xbc_\xef\x8b\t\xcc\xa6\xf2\xc1\"\xact\xee\xc9', 0xd4f, 0x3) sendmsg$auto_OVS_FLOW_CMD_GET(r1, &(0x7f0000000d00)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000a80)={0x18, r2, 0x740f16fcea7cbf75, 0x70bd2a, 0x25dfdbfb, {}, [@OVS_FLOW_ATTR_MASK={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x20008000}, 0x8810) write$auto(0x3, 0x0, 0xfffffdef) r3 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/ieee80211/phy14/power\x00', 0x40582, 0x0) syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000d00), r3) sendmsg$auto_SMC_PNETID_DEL(r3, 0x0, 0x20000000) getpid() openat$auto_generic(0xffffffffffffff9c, &(0x7f0000001500)='/proc/kpagecgroup\x00', 0x101000, 0x0) lseek$auto(0x3, 0x7fffffffffffffff, 0x1) 1.933709235s ago: executing program 0 (id=495): write$auto(0xffffffffffffffff, 0x0, 0xa) unshare$auto(0x40000080) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_NEW_STATION(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)={0x3c, r1, 0x1, 0x70bd29, 0x25dfdbfd, {}, [@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, "5256441b633b87bba3bd6e38e194879ade12e8512ef3ab6a65fae7f2ee80ef36de7ef6f3"}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4084}, 0x40004) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r2 = socket(0x2, 0x2, 0x0) getsockopt$auto(r2, 0x0, 0x17, 0xfffffffffffffffc, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000380), 0x900, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) r3 = socket(0x1e, 0x1, 0x1ff00) bind$auto(r3, &(0x7f0000000100)=@in={0x2, 0x3, @remote}, 0x69) socket(0x2, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x3d}}, 0x6a) pipe2$auto(0x0, 0x80) setsockopt$auto(0x3, 0x1, 0xf, 0x0, 0x8) listen$auto(0x3, 0x83) mmap$auto(0x0, 0xc, 0x4000010000df, 0x40000000000eb1, 0x401, 0x8000) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000040), 0x20904, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r4, 0x40345410, &(0x7f0000000000)={{0x3, 0x1002, 0xfffffffc, 0x5, 0x7}, "654c6dbc7a4d30983899a7e1325b6a29ba1e18441074052a3fa6c3ccf1bf00"}) pivot_root$auto(&(0x7f0000000080)='nl80211\x00', 0x0) r5 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000200), r2) sendmsg$auto_IPVS_CMD_NEW_DEST(r2, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x1c, r5, 0x20, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x3ff}]}, 0x1c}}, 0x40000d0) ioctl$auto_SNDRV_TIMER_IOCTL_NEXT_DEVICE(r4, 0xc0145401, 0x0) 1.764226954s ago: executing program 1 (id=496): socket(0x2, 0x3, 0x2) setsockopt$auto(0x3, 0x0, 0xc8, 0xfffffffffffffffc, 0x4) r0 = socket(0x2, 0x1, 0x106) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x2, 0x4, 0x8201, 0x2, 0x8, 0xc, 0xe3, 0x4000000002, 0x3}, 0x6f4) bpf$auto(0xf, 0xffffffffffffffff, 0x0) setsockopt$auto(r0, 0x6, 0x1e, 0x0, 0x7) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(0xffffffffffffffff, 0xc05c6104, &(0x7f00000000c0)={"58f99464", 0x8, 0x6, 0x1, 0x3, 0x5, "4bb69ec4b3f4c14539898e4c5682f5", "347f00", "a630df9d", "a0ed9959", ["cd9196b8fe1a8a7eb90401a9", "2f9c30017721de33c560b95a", "d3fe6c55a78d6932211c9b69", "ea334f1f1e5e27a1320d6edb"]}) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000048c0)='/dev/dsp1\x00', 0x20000, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) ioctl$auto_SNDCTL_DSP_SETFMT(r1, 0xc0045005, &(0x7f0000000180)) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4c894}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x8002, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x9}, 0x3, 0x0) select$auto(0x3, 0x0, &(0x7f0000000100)={[0x9, 0x7, 0xfffffffffffffff9, 0x9, 0x3, 0x3, 0x6, 0x2, 0x9, 0xffff, 0x202, 0xd, 0x3, 0x200000201, 0x7, 0x6]}, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$auto_SO_RESERVE_MEM(r2, 0x1, 0x49, &(0x7f0000000040)='ethtool\x00', 0x200062b) ioctl$auto_SIOCGIFHWADDR2(0xffffffffffffffff, 0x8927, &(0x7f0000000000)) ioctl$auto_TCSBRKP2(0xffffffffffffffff, 0x5425, &(0x7f0000000200)="2e17b53842d833ec8625139cdacdc16a686e2a5cb67a8f6ebca5a735919f781ab006fad47bed5a9152ba1c497731fbb7d979cb7943f0caf509b080b600b5ead7109796dc62070aeb2bf639a6a0d08601751bb31e9e06835b13303e4fe50990cdfe1a62d3f743d8504903ad673f64d04bec69cbdca6061ea33baae69dd2ef3cfddef45455cd8088ed1776cef4f7d7ac045ca890801718d978dff061720c40d489d1bc859424d9e74375b588f58b9390bf937c518494c7068df93ba8047ca3e16aa9fa50c380d2a5f6526b6523fe53de8d7f359d11ade8cfee8ba7ea34d5af4e72f2306893d71b1d51a6c8f0acec0366e174ad5e") sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) 1.553527043s ago: executing program 2 (id=497): r0 = memfd_create$auto(0x0, 0x4) fallocate$auto(r0, 0xffffffff, 0x9, 0x4cbd5d) write$auto(0xffffffffffffffff, &(0x7f0000000380)='0\x81=\"\xad/\x8d\b\x00\x18\xa4\xb0\xb4\xd9\x82=~\x17\xfb&L\xeb=j\a\xf1y\xb3\"\xeb\a\xdd\xf4\xf4Ry\xee\xd7\x1e\x1c\x86\x0f\xcf\x7f\xbf\xab\x12{\xc2\xc2*\xc1M+6/v8\xea\xe9\x85s4\xfe\xe5\t\x7fc\xfb7^\xb86J_\x1d1s!\x01\xff\xff\xff\xff\xff\xff\xff\x1dF\xe6\xf6\x17\x10+\xc0\xb0\xafc\x99\xd4\x150Y~\x1e\xe2\xd6x4fW\x13\xc4U`\x9e-X\xd7\xe2H^\fLS`\xfc\xbb\r\f\x00\xeaN\xa5\xd2\x82;\x7f\xa0.\x9a\xfb\x8d\xf3l\xf2\xd3\x95\xc1M5\xcb\xa6I\x067\xe36\xea\xe9\xe3\xf44oT_`8\xb3\xef\x04 \x05K\xf9\x87pl\xac\x86\nE\xc7e\xc5Q\x89\xcd@\x1c\x92\x00\x87\x976\x9f>\xa2\xcfm\xec\r\x11\x7f\x00\x00\x00\xb1\xde@\x02\xce\x03\xb7\xb1\xfb\x9fr\v\xb2\xe3\xc7\b\x85K /zm\x7f\x8fg,p\a\xc8\x7f\xa5\x87\x02\x87\xbbR=A\x00\x1f\x8a\xa7/Q\"J\xbb\xb0m\xf2SP\x84\x84S\xf0\xba\x9a\xf6\xb6`WI\xba\xba*8\x9f\xea\xe8K/\x98\xbc7~>\x12\x9buB\xcb\xe4\x8aKf\xba\x8c\x19m\xe6I\x02\xde\x80\x9d\x87}\xf4\xbd9\xaa\xd6\xdb1]\xde\xa0r\x14\xca56^\x94\xd2\xd8\xe6}9\x91\xb6\xf7\xa1=\x96\x11\xf1\\\xa91\x0e\xd1\xe4z\xc1;Pw!\x8b\xf5{\xc7Xd\xf1\xf2}\x96EVf\xc9\xa8\xcd\xe4\xc9\x8d\x1d7\xd5\x94\\\xb5\r\xd2\xaa\xe6H\xfe)\xb3a\x04\x1eRMl\xa3F\xa8W0\x90\xc9Ky#\x03\xf5~\xd2Z\xe9(\x99\b\x00M\xde\x01]\r\xd09k\xc2\x84\xc1\xabN\x96\x8a6\x98@\xd3\xab\xa8m\xdf\x8d\x1d\b\x82\xfcP\x87\x93\x80\x97Q\x86\x8a\x9c\xf8L\x0f\xa8@VE2\x9d\x1e`#\xd8\xd7M\xd4k1\xe6\x13Y\\\x83E\xd0e\x0eM\xa9Q\xac\x0e\x1d]\a\x19H\x81\xd2\xccF\xc6\xd4\xe2R$\xfa\xd6}\xbdsN\x18\xdf\xf5\xffP\xf5\f\xccL\xef\x83\xb3$\xd4\xf4\xb5\xe6\xd0 \xb9\xa7\x8e6\t\x83q\xef\b\xd2\xdb', 0x1) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000680)='/sys/devices/virtual/net/nr14/proto_down\x00', 0x82902, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x189401, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = socketcall$auto(0xa, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) sendmmsg$auto(0xffffffffffffffff, &(0x7f00000002c0)={{0x0, 0x9, &(0x7f0000000080)={&(0x7f0000000180)="cb7978ababe605edf078e6f2726ae03e663c080c0d6c169eec931ca2ea579299bf44495b1fe078f2e9c5", 0x1}, 0xfffffffffffffff7, 0x0, 0x5, 0x24b}, 0x800}, 0x8, 0xff) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_GET_MSRS(r1, 0x4400ae8f, &(0x7f00000000c0)={0xdd}) ioctl$auto_KVM_CREATE_VM(r1, 0xae80, 0x0) 1.387260428s ago: executing program 1 (id=498): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/pcmC1D1c\x00', 0x101102, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_START2(r1, 0x4142, 0x0) sendmsg$auto_NL802154_CMD_GET_INTERFACE(r0, &(0x7f0000000300)={0x0, 0xa6, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="05032cbd7000fbdbdf25050000003f381e42c2ccbc01d3db3b122e0d2003"], 0x14}, 0x1, 0x0, 0x0, 0x4004010}, 0x4040008) 1.233273989s ago: executing program 3 (id=499): r0 = socket(0x18, 0x800, 0x9) (async) mmap$auto(0x0, 0x20009, 0x7fffffff, 0xeb1, 0x401, 0x8000) (async) socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32) syz_genetlink_get_family_id$auto_tipcv2(0x0, 0xffffffffffffffff) (rerun: 32) close_range$auto(0x2, 0xa, 0x0) (async) setresgid$auto(0x81, 0x800000a0, 0x8) (async) socket(0x2, 0x2, 0x1) (async) r1 = socket(0x2, 0x1, 0x0) (async, rerun: 32) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) (async, rerun: 32) mmap$auto(0x0, 0x4020009, 0xdc, 0xeb1, 0x401, 0x7ffe) r2 = openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, 0x0, 0x8080, 0x0) read$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(r2, 0x0, 0x17) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card2\x00', 0x80802, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/system/memory/memory15/online\x00', 0xa001, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xb02, 0x0) (async) openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, 0x0, 0x1000000, 0x0) (async) mmap$auto(0xff, 0x862, 0xffffffff, 0x9b72, 0x2, 0x8000) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) futex_wait$auto(0x0, 0x0, 0x83, 0xa, 0x0, 0x1) (async) futex_wake$auto(0x0, 0x10000d00, 0x7, 0x40) r4 = socket(0x200000000000011, 0x2, 0x0) (async, rerun: 32) bind$auto(0x3, 0x0, 0x6a) (rerun: 32) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'geneve0\x00', 0x0}) bpf$auto_BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f00000003c0)=@bpf_attr_5={@target_ifindex=r5, r4, 0x4, 0x8, r1, @relative_fd=r1, 0x1ff}, 0x6) (async) syz_clone3(&(0x7f00000002c0)={0x400, 0x0, 0x0, &(0x7f0000000100), {0x3}, &(0x7f0000000140)=""/54, 0x36, &(0x7f0000000180)=""/86, &(0x7f0000000200)=[0x0], 0x1}, 0x58) (async, rerun: 64) r6 = getpid() (rerun: 64) process_vm_readv$auto(r6, &(0x7f0000000000)={0x0, 0xfff}, 0x800000001, &(0x7f0000000280)={&(0x7f0000000080), 0x1ffffffff}, 0x6, 0x0) (async) fallocate$auto(r3, 0x1, 0x1, 0x1) (async) ioctl$auto_BLKTRACESETUP2(0xffffffffffffffff, 0xc0481273, &(0x7f0000000340)={"c88e8e76992f088ae5aa6fa4e7be90d4bcd73b01f445abfbabed717cf0a38b0f", 0x1, 0x1ff, 0x7, 0xb626, 0x0, 0xffffffffffffffff}) 1.179433062s ago: executing program 1 (id=500): mmap$auto(0x3, 0xe983, 0xc2c6, 0xeb1, 0x401, 0x0) (async) r0 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) (async) r1 = openat$auto_cachefiles_daemon_fops_internal(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) write$auto_cachefiles_daemon_fops_internal(r1, 0x0, 0x0) (async) read$auto_ptdump_curknl_fops_(r0, &(0x7f00000000c0)=""/151, 0x97) (async, rerun: 64) r2 = ioctl$auto_NS_GET_NSTYPE(r0, 0xb703, 0x0) (rerun: 64) mmap$auto(0x0, 0x2, 0x5, 0x15, r2, 0x1) (async, rerun: 32) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) (rerun: 32) connect$auto(0x4, 0x0, 0x10) 1.067388435s ago: executing program 2 (id=501): r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/021/001\x00', 0x80802, 0x0) ioctl$auto_USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000240)={0x1, 0x3, 0x2f, 0x10, 0x8, 0x7fa, &(0x7f0000000040)="698be68fd8c5bd66810d97ea86df0fb9a0eb0877d1d49600d948c9d27e5469217f411c17277aa277ba56db5a083f6eaef6be757f9e6eec9e0bad92036f734676c599833710d5c9e9aa6a3108d7fef92769872e50a8b4334f643352376d9bf9b305c0094509dbdce4ccb5f3793bc6464429d911ebd65f8010fe234ee81d6b29bf59c2ccdcc5bd5812b30f904a84c17854f250797d1861d453fb53bebce22341907df8abb50729f4c8"}) 1.039829524s ago: executing program 0 (id=502): r0 = openat$auto_sc_seq_fops_netdebug(0xffffffffffffff9c, &(0x7f0000000000), 0xe0081, 0x0) sendmmsg$auto(r0, &(0x7f00000002c0)={{&(0x7f0000000040)="7e7390d812e1e318d098c6f2d95d71d7d662bd077c013f6eb3e0bde3f146bf85dc251e21065d6d55715531b089d59bf53ae52df5cbaa463ae9ed9ebc56d825efb8295d58cd8d4932863505e16022609d9f7bb1cc0cd32803e8762b72b1bda2bda8ad3c31738a061293ec01fc97264e0422f2ecb2885ea5e3ec0e5f33e220ba10a8a2e259a0db33782f0030e553aefe5659", 0x1a, &(0x7f0000000200)={&(0x7f0000000100)="ac1326481aace40974530732534d36d22670b10a9c526174498a39b2e1f6af6e0f25914e656615dccd28edce716e6792ed9f96a574419e9518924d0f88510c8f43f1e247b9393f5dd0951ddae1206935e1d7e9711645c3cf34b5fe89e2d30a2d9c1f1e73124aac00fb47ba88fa616c62bb8029b0ec38c228844215b1b33ac4e419b10be5cf9ef512d2764e4f12f4d66b5254e985dba1db7fe37b3fe28fb1d6c5b7bbda752f5078c461c7320d7eb6cc13720f4a64c8e37b8615ac90049e0fe54efd4a5eda1958f0a7c18a107afc4a703d191a756e8d8b9ecaf762084032244b0934b5f5f5262ed4", 0x8}, 0x5, &(0x7f0000000240)="4abc7e10170ac0a4faa4ee14ca3021a1fc171a2ffbb48c11daec1052379eca1dd6abb950a6e250ffe384a2cac6e6b35c84b5c1444c40bb7101966f68fa50a7fc4f59a068d4a948abb9e2eee2a502405f8e8a04d89e59ea1173c7096d44ec5c9b3377185a43669bf170935722204bfe7d74cd274ca233cafd731d", 0x3, 0x9}, 0x4}, 0x7, 0x0) write$auto_proc_loginuid_operations_base(0xffffffffffffffff, &(0x7f0000000300)="7afcfc8be3081d7aef20cbcdec8083154a46cf76c7b12f3e14f728b4fe246d456a3d73aa8a150e3a956b0cc2a8cc396f6d8a16d0dce33c735398f690a8d437d5d8285bbb35b17b15f724c2c97e2ddc07532f5fdafb4bb2a9bfd154cf5eb18756fc930a51eb300c5cca168a7f3e99c4ac59f8624b59327419d6dea453f32b30a9cf75ec90be4078c8e63ccedc8ff951188303f54188c584e8ebc431e86292d0869f62ed34b87e77a174ccabe59f5e0ff5a34a1b0ab8a4f13cf909afddc1dbba12d435540197b81ab69dbb0597d346e3afb5816b35764717808dad4b99ef3fa6657e92d2569ad0d64271d7dce5acf3228b0d51a52e2114f5671e", 0xf9) pidfd_send_signal$auto_PIDFD_SELF_THREAD(0xffffffffffffd8f0, 0x38, &(0x7f0000000400)={@_si_pad}, 0x3) r1 = openat$auto_l2cap_debugfs_fops_(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0) writev$auto(r1, &(0x7f0000000580)={&(0x7f00000004c0)="af0ce9b8f7212f418c0d75fe73caf5b197d22f9be2895ce6bdd5c20e35dc2594bd0a389b2bedb4c7bd14a565f896aea743e2991cef8934408bd4a68ee86d7312dc7304475aa819e4b59c26318c3b11375f10884d0eb86d7f813ca8d0bd914998fdf466d81e6843c7143cadfb2f836ea8f202117ea71ad3c7a917302089704d48d8d9698f319e7864ce14634fdf4ecd711a87ddd9ba5557e25be753c282add05bbbadfbb17f", 0x2}, 0x1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nfc(&(0x7f0000000600), 0xffffffffffffffff) sendmsg$auto_NFC_CMD_GET_TARGET(r2, &(0x7f0000000700)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000640)={0x64, r3, 0x200, 0x70bd26, 0x25dfdbfd, {}, [@NFC_ATTR_RF_MODE={0x5, 0xb, 0x2}, @NFC_ATTR_DEVICE_POWERED={0x5, 0xc, 0x91}, @NFC_ATTR_DEVICE_NAME={0x8, 0x2, '@@}^'}, @NFC_ATTR_SE_INDEX={0x8, 0x15, 0x3}, @NFC_ATTR_TM_PROTOCOLS={0x8, 0xe, 0x8000}, @NFC_ATTR_DEVICE_NAME={0x5, 0x2, '['}, @NFC_ATTR_VENDOR_ID={0x8, 0x1d, 0x9}, @NFC_ATTR_TARGET_INDEX={0x8, 0x4, 0xdb6d}, @NFC_ATTR_RF_MODE={0x5, 0xb, 0x2}, @NFC_ATTR_LLC_PARAM_RW={0x5, 0x10, 0xf}]}, 0x64}, 0x1, 0x0, 0x0, 0x4008800}, 0x40) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000840)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000800)={&(0x7f0000000780)={0x54, 0x0, 0x4, 0x70bd29, 0x25dfdbfc, {}, [@NL80211_ATTR_SAE_PWE={0x5, 0x12a, 0x68}, @NL80211_ATTR_BSS_BASIC_RATES={0x10, 0x24, "341e2c23a2deda6cc5a64213"}, @NL80211_ATTR_CRIT_PROT_ID={0x6, 0xb3, 0xc0c}, @NL80211_ATTR_COLOR_CHANGE_ELEMS={0x20, 0x131, 0x0, 0x1, [@NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}, @NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0x4}, @NL80211_ATTR_SCAN_FLAGS={0x8, 0x9e, 0xb0000}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x1}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x8840}, 0x884) getsockopt$auto_SO_RCVLOWAT(r0, 0x8, 0x12, &(0x7f0000000880)='\x00', &(0x7f00000008c0)=0x10000000) setsockopt$auto_SO_RCVBUFFORCE(r2, 0xff, 0x21, &(0x7f0000000900)='/sys/kernel/debug/o2net/sock_containers\x00', 0x8) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000980), r2) sendmsg$auto_NL80211_CMD_REMOVE_LINK(r2, &(0x7f0000000c40)={&(0x7f0000000940)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000c00)={&(0x7f00000009c0)={0x224, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [@NL80211_ATTR_MLO_RECONF_REM_LINKS={0x6, 0x14f, 0x7501}, @NL80211_ATTR_S1G_CAPABILITY={0x5d, 0x128, "ea6b7c188170be6cabee0be34e051f6786e28c67377de76820cd579dac19605e12fc9dd290c117fcf63350b6a89742cd56f91645c772db4361dc20b31596b75e163f7afc3b65d8752d0fd5b24b5f326c7d3cacefec93da4427"}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x3d}, @NL80211_ATTR_VLAN_ID={0x6, 0x11a, 0x51}, @NL80211_ATTR_MESH_PEER_AID={0x6, 0xed, 0xf}, @NL80211_ATTR_REG_INDOOR={0x4}, @NL80211_ATTR_SCAN_FREQ_KHZ={0x189, 0x124, 0x0, 0x1, [@typed={0x8, 0x89, 0x0, 0x0, @u32=0x6}, @typed={0x3b, 0x20, 0x0, 0x0, @binary="be2569710bb2303f7dc544f12e84390606142563b94a5c105a6eafac077de01e6b60c4f764344e53c783502dd346e6db750a10a72c572c"}, @typed={0xea, 0xae, 0x0, 0x0, @binary="a82e62d96d162a861862567984ca38cd2cbad2aaf7ac434773a6166c35e14c3c1c6f2dcf88f1c5906b220623cd84f49a128c3bb3e817fac4f12f69f347b2c2e0d354541cc6148501e0a6752653cfb04e0b0df1d5295eb387f38c0a2bb662c8d116f175c9c98a6584b90b11ea10dc004e41c84a929f7a6ef6d3dab6f5f873cb03140a61692fbaaef60c547bfa7759e390661d73987a2eb88a1f0a63598fdb4c64a03fbd9037139af024efe3a7d4001d5a28ee16c695937a7d6e0e5c291fee81e1c88cd23afc529ae7980087b36352020aeebf85d4dd35f8194e3c7c8bdfea397933211e4689e5"}, @nested={0xc, 0xbe, 0x0, 0x1, [@typed={0x6, 0x91, 0x0, 0x0, @str='@\x00'}]}, @generic="de9c8081d6b0472251b3584f2732ed6c7b5d7199c41f7b8430f3d48b42a2853635533185ea974c8b2cd5b2289e5f4aeaafa3c966027fdbf8d47b92956c", @typed={0x8, 0xc7, 0x0, 0x0, @u32=0x2c2}, @nested={0x4, 0xb0}]}]}, 0x224}, 0x1, 0x0, 0x0, 0x10}, 0x4010) setsockopt$auto(r2, 0x4, 0x1000, &(0x7f0000000c80)=',\\%\x00', 0x400) sendmsg$auto_NFC_CMD_ENABLE_SE(r2, &(0x7f0000000dc0)={&(0x7f0000000cc0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000d80)={&(0x7f0000000d00)={0x4c, r3, 0x1, 0x70bd27, 0x25dfdbfb, {}, [@NFC_ATTR_SE_APDU={0x2e, 0x19, "b3b93f4412e2764d71e0a1a254af510d8a914d89577ba2138b09be0281e39c7250029624749e1ddb53ee"}, @NFC_ATTR_VENDOR_ID={0x8, 0x1d, 0xfffff2ea}]}, 0x4c}}, 0x4080) mbind$auto(0x40, 0x8, 0xf02, &(0x7f0000000e00)=0x2ab, 0x8000000000000000, 0x7) r5 = ioctl$auto_TUNSETOWNER(0xffffffffffffffff, 0x400454cc, &(0x7f0000000e40)=0x2) r6 = syz_genetlink_get_family_id$auto_psample(&(0x7f0000000ec0), r2) sendmsg$auto_PSAMPLE_CMD_GET_GROUP(r5, &(0x7f0000000f80)={&(0x7f0000000e80)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000f40)={&(0x7f0000000f00)={0x14, r6, 0x400, 0x70bd27, 0x25dfdbfe, {}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0xcc040}, 0x20040001) sendmsg$auto_NFC_CMD_GET_DEVICE(r5, &(0x7f00000011c0)={&(0x7f0000000fc0), 0xc, &(0x7f0000001180)={&(0x7f0000001000)={0x16c, r3, 0x200, 0x70bd29, 0x25dfdbfd, {}, [@NFC_ATTR_LLC_PARAM_RW={0x5, 0x10, 0xfa}, @NFC_ATTR_VENDOR_DATA={0xe1, 0x1f, "eda6547107c0c848cc3b431b6d94bbd531eed86d5e423e74d385ebf3ba135845f1dc70494975175e7fceac269af730f4abcbf3ac0f89157a1b62100bcba0eb300aa2aa3da0d6b3e14479d9f5d769b48d71c8503529f6992fbec1df6420cc0950ad5375f3826e734cae5b96d8f3049d5211e53610f2455a1d9451aa7692a138ad6286dbf3bd86071933d2ec9cf116c7bae9efd8668e99c176be7461d67500bf4bc7d8f9aa5bf8bdbe041e1e6f139fa4d9944a7bac8b05ca8c6bd236af0e62f199cb08c3ecf7a9931a6eebda68f9b022ad753eea2a0de6b14c25066ef555"}, @NFC_ATTR_FIRMWARE_NAME={0x2c, 0x14, '/sys/kernel/debug/o2net/sock_containers\x00'}, @NFC_ATTR_FIRMWARE_NAME={0x26, 0x14, '/sys/kernel/debug/bluetooth/l2cap\x00'}, @NFC_ATTR_DEVICE_NAME={0x5, 0x2, '['}, @NFC_ATTR_LLC_PARAM_RW={0x5, 0x10, 0x62}, @NFC_ATTR_TM_PROTOCOLS={0x8, 0xe, 0x3}]}, 0x16c}, 0x1, 0x0, 0x0, 0x20000800}, 0x41) r7 = openat$auto_ftrace_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f0000001200)='/sys/kernel/tracing/events/vmalloc/alloc_vmap_area/enable\x00', 0x16001, 0x0) sendfile$auto(0xffffffffffffffff, r7, &(0x7f0000001240)=0x1, 0x8) connect$auto(r5, &(0x7f0000001280)=@tipc=@id={0x1e, 0x3, 0x3, {0x4e21, 0x3}}, 0x3) sendmmsg$auto(r2, &(0x7f00000014c0)={{&(0x7f00000012c0)="be907ac4dc2c345332646a93b88449da0f4889549539f120caee4bfb105a1ad5f3a8a5d1a5e5ade077ce9e7210e0c2e45bfbed042dac37092bd51767fd2c98446999fba9b5dd499eeb4872ce3b0e9a091f43f79d0e7e27a25d8416dfd9ef85b5562878c1bc51ffbb8fd09b6c58f6387f4dbefa3301c436eb9b7e01fd038542f98817169e849a7b516972e49f853836fdb67644b8e9c8839d546447ecaefa695dfef334c1d359e9c5319c5098", 0x2, &(0x7f0000001400)={&(0x7f0000001380)="7c4d2a20d7e87f3d72931616410dae622ba8844c44a54a9d32c77d05286a85cd154c024b261288258f83eeedab8b04dff65c4b0d5a98f3fbb0f233f709293eb6f1e7e594f68166926bb3121831", 0x4}, 0xffff, &(0x7f0000001440)="2376ddb23b46b7883cbe68ad80cca4c350eac63f532cfed3d9c8d4ab32c4d50532848a80196e21db0fa47aa78c605174018eeeaba84079202ea67d778373fdd51f9ce2bbabe1e0c6d08ef909ddc378b1a13c42cca57e79013badaa77b7e8cc76e19b7c1111689a22e0997d068f10ce2f6b383e9886d32cac1f2fa95982201c", 0x0, 0x6}}, 0x5, 0x5) renameat$auto(r5, &(0x7f0000001500)='./file0\x00', r5, &(0x7f0000001540)='./file0\x00') openat2$dir(0xffffffffffffff9c, &(0x7f0000001580)='./file0\x00', &(0x7f00000015c0)={0xe940, 0x91}, 0x18) mbind$auto(0x6, 0x9, 0x8a2f, &(0x7f0000001600)=0x8dbd, 0x7, 0x7) rseq$auto(&(0x7f0000001640)={0xff000000, 0xd898, 0x6, 0xfffffffa, 0xfffffffb, 0x8, "38538690529993f474931c3786284cb8564dc077d34f44b5771449fe2bf7dcfc7c82de2c5d7f880e141903f3639d9647c28cb084cb213bb76a22059bf672c743e74bd44322e2b74e480357671c789ff09013c7342b9cb37f64b54b04c0c17f4cb4b8017b990b613f63d012ca8dc418c5703e66dce7ed4fcba2771db1474eac234ccc4a42f96d25c4acb8f6"}, 0x4, 0x9d90000, 0x1) getsockopt$auto_SO_TIMESTAMPNS_NEW(r1, 0xfff, 0x40, &(0x7f0000001700)='\x00', &(0x7f0000001740)=0x100) 973.12159ms ago: executing program 1 (id=503): mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x41, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth0\x00'}) close_range$auto(0x0, 0xffffffffffffffff, 0x2) socket(0xa, 0x2, 0x0) r1 = socket(0x18, 0x5, 0x1) connect$auto(r1, &(0x7f0000000000)=@in={0x2, 0x100}, 0x3a) connect$auto(r1, &(0x7f0000000000)=@in={0x2, 0x100}, 0x3a) r2 = fsopen$auto(0x0, 0x1) close_range$auto(0x2, 0x8, 0x0) syz_clone3(&(0x7f0000000380)={0x100800000, 0x0, 0x0, 0x0, {0xb}, 0x0, 0x0, 0x0, &(0x7f0000000340)}, 0x58) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r3 = openat$auto_fops_u16_(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/psample/out_tc\x00', 0x82042, 0x0) write$auto(r3, 0x0, 0x4) mmap$auto(0x8, 0x4020008, 0x9, 0x40000eb0, 0x401, 0x10000000008000) close_range$auto(0x2, 0x8, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x8, 0x1ff, 0x5, 0x21, 0x4909b6f5, 0x401, 0x7, 0x3, 0x9, 0x6, 0x3, 0x4, 0x2, 0xb4, 0x9, 0x208, 0x10003, 0x80, 0x80000000003, 0x80, 0xa, 0x22000, 0x204, 0x7, 0x84, 0x0, 0x9, 0xfffbffff, 0x0, 0x0, [0x17f2, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1e4, 0x1f, 0x0, 0x2, 0x100000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x2, 0x0, 0x0, 0x200000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000]}, 0x3, 0xd) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYBLOB='^\x00\''], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000140), r2) getsockopt$auto_SO_SNDTIMEO_NEW(r4, 0x1, 0x43, &(0x7f0000000000)='\x00', &(0x7f0000000040)=0x8) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 753.851982ms ago: executing program 2 (id=504): mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x1, 0x0) socket(0xa, 0x5, 0x0) io_uring_setup$auto(0x6, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f00000018c0)=@in={0x2, 0x300, @loopback}, 0x55) mincore$auto(0x0, 0x1, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) r0 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000000), 0xc0040, 0x0) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000080)={0x1, "36a2662b59209f6bd4aafa4ed15fdb9c791daf044ae6ff089930def80ce28999"}) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/video57\x00', 0x129900, 0x0) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000040)='/dev/binderfs/binder1\x00', 0x189160, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_random_fops_random(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/mm/hugepages/hugepages-2048kB/resv_hugepages\x00', 0x204600, 0x0) openat$auto_ep0_operations_inode(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/irq/3/effective_affinity\x00', 0x189c02, 0x0) select$auto(0xa, 0x0, 0x0, &(0x7f0000000140)={[0x1ff, 0x8, 0xd, 0x7d48, 0x948b, 0x4, 0x15f4da0f, 0x0, 0x1, 0x0, 0x80000005, 0x7, 0x4, 0x5, 0x2, 0x1]}, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x19, 0x0, 0x8) ioctl$auto_IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) capset$auto(&(0x7f0000000180)={0x19980330}, 0x0) madvise$auto_MADV_NORMAL(0x9304, 0x7ff, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0x8, 0x8000) eventfd$auto(0x7) statmount$auto(0x0, 0x0, 0x1fe, 0x1) mmap$auto(0x0, 0x2020049, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) 750.554282ms ago: executing program 0 (id=505): mmap$auto(0x0, 0x1ff, 0x7, 0xeb1, 0x401, 0x40000008000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) r0 = socketpair$auto(0x9, 0x3, 0xfffffffa, &(0x7f0000000200)=0x1) socket(0x2, 0x1, 0x0) r1 = socket(0xa, 0x3, 0x3a) r2 = epoll_create$auto(0x2) epoll_pwait2$auto(r2, 0x0, 0x9, 0x0, 0x0, 0x8) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv6/conf/bond_slave_1/disable_policy\x00', 0x202, 0x0) sendfile$auto(r4, r4, 0x0, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/cgroup/delegate\x00', 0x80, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000240)=""/12, 0xc) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_net_dm(&(0x7f0000000080), r1) sendmsg$auto_NET_DM_CMD_STOP(r5, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0x94, r6, 0x100, 0x70bd2d, 0x25dfdbfe, {}, [@NET_DM_ATTR_ALERT_MODE={0x5, 0x1, 0x9}, @NET_DM_ATTR_UNSPEC={0x6b, 0x0, "b680db0ebf3a15cbcbf0daf76462ac9c87a93dabd2b44fec2feac745184b51a86422455c4a004386aa0050759aa5f9c46bd446ca5d6dcef01aa0a0688739a0e6ca656e326ddc92d4311d1ae7b4d5ca53cd283f9193036e7ed090937e27a6cdd270100772133cd5"}, @NET_DM_ATTR_QUEUE_LEN={0x8, 0xb, 0xb1}, @NET_DM_ATTR_SW_DROPS={0x4}]}, 0x94}, 0x1, 0x0, 0x0, 0x1}, 0x20040001) mmap$auto(0x0, 0x8, 0x1000000004, 0x9b72, 0x2, 0x8000) epoll_ctl$auto(0x5, 0x1, r3, 0x0) epoll_ctl$auto_EPOLL_CTL_MOD(r1, 0x3, r2, &(0x7f0000000000)={0x7cc1, 0x7f}) 629.039573ms ago: executing program 1 (id=506): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = socket(0xa, 0x3, 0x3b) mmap$auto(0x0, 0x202000b, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x2c, 0x0) r1 = fsopen$auto(0x0, 0x1) fsconfig$auto(r1, 0x8, 0x0, 0x0, 0x0) connect$auto(0xffffffffffffffff, &(0x7f0000000000)=@phonet={0x23, 0x0, 0x3, 0x2}, 0x58) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) ioctl$auto_BTRFS_IOC_SCRUB_PROGRESS(r2, 0xc400941d, &(0x7f0000000500)={0x40a, 0x3, 0x3ac, 0xff, {0x5, 0x4, 0xb, 0x3, 0x9, 0x4, 0x9, 0x2, 0xe, 0xa5, 0x1, 0x4, 0x0, 0x100000f, 0xff}}) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) r3 = socket(0x18, 0x80000, 0x0) connect$auto(r3, &(0x7f0000000180)=@in={0x2, 0x0, @rand_addr=0x800}, 0x1e) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r4 = socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0xa00006, 0x400002, 0x40ebe, 0xffffffffffffffff, 0x300000000000) io_uring_setup$auto(0x6, 0x0) openat$auto_snapshot_fops_user(0xffffffffffffff9c, 0x0, 0x400, 0x3f) sendmsg$auto_ETHTOOL_MSG_PSE_SET(0xffffffffffffffff, 0x0, 0x0) r5 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/netdevsim/netdevsim7/health/break_health\x00', 0x2400, 0x0) write$auto(r5, 0x0, 0xffffffffffff7fff) r6 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0) write$auto(r6, 0x0, 0xa3d9) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004040}, 0x4800) mmap$auto(0x0, 0x30009, 0x4000000000df, 0x4000eb1, r4, 0x8000) sendmsg$auto_NL802154_CMD_DEL_SEC_LEVEL(r0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x4) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0xa40, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000080), r2) 185.311991ms ago: executing program 3 (id=507): r0 = socket(0x25, 0x1, 0x0) setsockopt$auto_SO_PRIORITY(r0, 0x1, 0xc, &(0x7f00000000c0)='///\x00', 0x4) connect$auto(r0, &(0x7f0000000040)=@generic={0x25, "835aabaf5dc454e38226799f73aa"}, 0x18) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/bond0/bonding/lp_interval\x00', 0x1e2142, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) syz_clone3(0x0, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0) read$auto(r2, 0x0, 0x20) futex_requeue$auto(0x0, 0x0, 0xfffffffe, 0x0) write$auto(r1, 0x0, 0xfdec) 147.308343ms ago: executing program 3 (id=508): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/pci0000:00/0000:00:01.0/remove\x00', 0xb01, 0x0) write$auto(r0, &(0x7f0000000100)='9\x00d1L\xff\x15\xba\xa17=w\xc1\xf8\xff\xff\v\xb5^\xa1/\xfb\xaf\xc8\xfc\\\xa9@\xc0\xee\xa2[', 0x1) sendmsg$auto_IPVS_CMD_SET_SERVICE(0xffffffffffffffff, 0x0, 0x4000000) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000a40), r1) mmap$auto(0x0, 0x74, 0x7, 0x9b72, 0xffffffffffffffff, 0x0) setsockopt$auto(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x4) pwrite64$auto(0xc8, &(0x7f0000000080)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x06\x01e\x1cJ\x99\x00\x06\x11\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4*\xc0\xc1\xf2\x14N\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#\x1c\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xaf\n1\x80\x1a\xbc_\xef\x8b\t\xcc\xa6\xf2\xc1\"\xact\xee\xc9', 0xd4f, 0x3) sendmsg$auto_OVS_FLOW_CMD_GET(r1, &(0x7f0000000d00)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000a80)={0x18, r2, 0x740f16fcea7cbf75, 0x70bd2a, 0x25dfdbfb, {}, [@OVS_FLOW_ATTR_MASK={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x20008000}, 0x8810) write$auto(0x3, 0x0, 0xfffffdef) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/ieee80211/phy14/power\x00', 0x40582, 0x0) read$auto_debugfs_full_proxy_file_operations_internal(r4, 0x0, 0x0) syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000d00), r3) sendmsg$auto_SMC_PNETID_DEL(r3, 0x0, 0x20000000) getpid() openat$auto_generic(0xffffffffffffff9c, &(0x7f0000001500)='/proc/kpagecgroup\x00', 0x101000, 0x0) lseek$auto(0x3, 0x7fffffffffffffff, 0x1) 71.230894ms ago: executing program 3 (id=509): r0 = openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/trace_options\x00', 0x511002, 0x0) fcntl$auto_F_SETSIG(r0, 0xa, 0x2) ioctl$auto_VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x4008af20, &(0x7f0000000040)={0xffffffff, r0}) r2 = pipe$auto(&(0x7f0000000080)=r0) ioctl$auto_VHOST_SET_OWNER(r3, 0xaf01, 0x0) mount$auto(&(0x7f00000000c0)='geneve0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='\x00', 0x7ff, &(0x7f0000000180)="d2b1c35e296054dbca78337e39726ac249cce2bc43613006e455a5ed64ec1c5d357a87e2ff5cac707d9a289f24de311564d4517486a8a4c362db29a0493fc12e01bbbe4d5b9483bd016d7b70ad2919e0f1670f6b8c7d62e097d6240ec393c39dfdd82bc81bd63cc21427a0afad3f37818a8dddea67398f1209f43e80c87a899a") r4 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) getsockopt$auto_SO_PEERNAME(r4, 0x178b, 0x1c, &(0x7f0000000240)='\x00', &(0x7f0000000280)=0x10) r5 = socketcall$auto_SYS_SOCKETPAIR(0x8, &(0x7f00000002c0)=0x1ab3) ioctl$auto_BLKTRACESETUP2(r1, 0xc0481273, &(0x7f0000000340)={"0c7e9b1da3c27647a6c858d9f7bcdba1c078b3a93af50187da9f5208c2a8e547", 0x3a01, 0x100, 0xc8, 0x8, 0x1, 0xffffffffffffffff}) ioctl$auto_XFS_IOC_SWAPEXT(r2, 0xc0c0586d, &(0x7f00000003c0)={0x8, @raw=0x957, @raw=0x401, 0x2, 0x4, '\x00', {0x43560dae, 0xfff8, 0xe39b, 0xee00, 0x0, 0x9, 0x4000000, 0x6, {0x400, 0x6}, {0x5, 0x39}, {0x0, 0x8000}, 0x9, 0x4, 0xcf, 0x6, 0x5, 0x0, 0x9, 0x6, 0x100, 0xe0, '\x00', 0x0, 0x6, 0x0, 0x80}}) sendmsg$auto_OVS_FLOW_CMD_NEW(r5, &(0x7f00000007c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000780)={&(0x7f0000000480)={0x2ec, 0x0, 0x1, 0x70bd2d, 0x25dfdbff, {}, [@OVS_FLOW_ATTR_CLEAR={0x4}, @OVS_FLOW_ATTR_ACTIONS={0x2d4, 0x2, 0x0, 0x1, [@nested={0xc, 0xfa, 0x0, 0x1, [@typed={0x8, 0x27, 0x0, 0x0, @ipv4=@rand_addr=0x64010102}]}, @typed={0x8, 0x14d, 0x0, 0x0, @ipv4=@empty}, @nested={0xb7, 0xce, 0x0, 0x1, [@typed={0x8, 0x82, 0x0, 0x0, @pid=r6}, @generic="2bf786cbeaad372d552137c624c95214dcba8df759a3a23252a79be1a2d473ab286968", @nested={0x4, 0xdc}, @generic="e02f8649eafce2fd8f07c11af1a5a0efbfff4fdd553e2287cf9e75cac7f44b51a586e691dd902df1daa6084f7cf0a73cceb4343dda179578eb14ed126f2c2edd53de27486924a32b75a755c6b0fd157bfbaf8f709fd7719282fa8e0a8d819b1219f1538d058dc6f63efe36f76e75860ae4b63e51d3762cc38946d889a71607fc", @nested={0x4, 0xa3}]}, @typed={0x5, 0x139, 0x0, 0x0, @str='\x00'}, @typed={0x8, 0xed, 0x0, 0x0, @fd=r1}, @typed={0xc, 0x14, 0x0, 0x0, @u64=0xfffffffffffffff9}, @typed={0x8, 0xf7, 0x0, 0x0, @uid=r7}, @typed={0xc, 0x25, 0x0, 0x0, @u64=0xca3}, @nested={0x1d4, 0x46, 0x0, 0x1, [@nested={0x4, 0x91}, @generic="8d15878aafe2ada7787db821f56790028a538dc81a169b098c6cc2664618c6f264dda26ddf4a7500e0dd651e923792e1bfd5f56db85b3857eee180d25afea5618d2f381935be1ead937b537914789fb1e4decc642efef72cc7744a1ee485d17ed793a204876273e0b7bc0f4970b00bcd4e05", @typed={0x8, 0x78, 0x0, 0x0, @fd=r4}, @generic="0c738af26dfb7d4ea9cc325a5c997f683709a2aa31b0e51ea390503b9bedef792c3f96756383a0c2eb90db8b9bb80ebb0a28b0e782390bd89f75588c3aa5aca020072a9677e51478052c06c4d6205a650bdd6368fbef93e2a88eb447f6f9c1951e6a249963894f4ce6311dd42e1d4c55f1821ab08c797943717ad18275481c20cde8863a91488bd748ad778f891163e0a38d1775d9eba6af7426977c7174b9c8a4613f47da254f64f6697c4d14", @typed={0x4, 0x54}, @typed={0xc, 0xa3, 0x0, 0x0, @str='geneve0\x00'}, @nested={0x4, 0xd7}, @generic="6c0d151f4dd10998536c3da69c3523aab813fa20f93e5c2d1d6a83baf4df55144886a7fa4aaa7340e8a211bf8f605c689879f5471abf340729d2bfd23f130161999145ec31a33bb0eeb1a0e1e7c08d2700a3d2d860f64a4998617e731d0099603f7928eadf363c1a7fdbc8a0bd8c28c15a16ab6c61e6357ddb47d1f28ec8bce20e74c389b2600a6413ddc1a67db0815f70"]}]}]}, 0x2ec}}, 0xc800) r8 = syz_genetlink_get_family_id$auto_ovs_meter(&(0x7f0000000840), r1) sendmsg$auto_OVS_METER_CMD_SET(r1, &(0x7f0000000900)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x30, r8, 0x100, 0x70bd27, 0x25dfdbfd, {}, [@OVS_METER_ATTR_USED={0xc, 0x5, 0x4}, @OVS_METER_ATTR_MAX_METERS={0x8, 0x7, 0x9}, @OVS_METER_ATTR_CLEAR={0x4}, @OVS_METER_ATTR_CLEAR={0x4}]}, 0x30}}, 0x24000004) ioctl$auto_FIOQSIZE(r0, 0x5460, 0xc) write$auto(r1, &(0x7f0000000940)='\x00', 0x100) getsockopt$auto_SO_BSDCOMPAT(r2, 0x2, 0xe, &(0x7f0000000980)='geneve0\x00', &(0x7f00000009c0)=0x8) io_uring_register$auto_IORING_UNREGISTER_NAPI(r5, 0x1c, &(0x7f0000000a00)="4fd1fad45e2bd910e2d0ef85f638e526b353eba64dec416ca31e6cdb29440ef2a908ceb5cc70dd71881569d05c091a981407be0e728b9b5411afab1966bb80f5896888d98f792030957931e8aec21de9b1b9de8afec17c9f734fe9ff5bdb66abd636d85082c50d881cef860912be6e97411647921cf695ec46285bd7bc4a6773b2f842b067d185e0427472e96407971c45fc9963a8b81f32", 0x9) read$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(r2, &(0x7f0000000ac0)=""/191, 0xbf) r9 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000b80), 0x10000, 0x0) ioctl$auto_TUNSETDEBUG(r9, 0x400454c9, &(0x7f0000000bc0)=0x51) bpf$auto_BPF_PROG_TEST_RUN(0xa, &(0x7f0000000c00)=@bpf_attr_11={0x401, 0x1, 0x2425, 0x3, 0x0, 0xf, 0x4, r4}, 0x0) write$auto(r0, &(0x7f0000000cc0)='\xcd$.\x00', 0xe) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000d00), r2) r10 = getsid$auto(r6) move_pages$auto(r10, 0xffffffffffffffff, &(0x7f0000000dc0)=&(0x7f0000000d40)="cb87c6a7a0f53319c254b481847a5c06c98deae6fcf69013806f0ea21bc8e4fe38698c827e478ae93ef989fa55614211e4861e08cbdf4b81f09791b310bb73c9d2ab1fd7", &(0x7f0000000e00)=0xfffffff8, &(0x7f0000000e40)=0x1, 0x8) r11 = openat$auto_aoe_fops_aoechr(0xffffffffffffff9c, &(0x7f0000000e80)='/dev/etherd/discover\x00', 0x240, 0x0) fcntl$auto_F_DUPFD(r11, 0x0, r0) openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000ec0), 0x1, 0x0) syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000f00), r5) 0s ago: executing program 3 (id=510): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xfffffffffffffffe, 0x8000) r0 = socket(0x6, 0x3, 0x37) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x4) r1 = socket(0x26, 0x5, 0x8c68) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x101e41, 0x0) ioperm$auto(0xfffffffffffffff7, 0x5, 0x4000005) futex_waitv$auto(0x0, 0x7ff, 0x8, &(0x7f00000000c0)={0x1000000004, 0x10}, 0x4) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x2000, 0x0) openat$auto_uinput_fops_uinput(0xffffffffffffff9c, 0x0, 0x48040, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r3, 0x0, 0x20) r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x140082, 0x0) r5 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dmmidi2\x00', 0x8e100, 0x0) read$auto_snd_rawmidi_f_ops_rawmidi(r5, &(0x7f00000002c0)=""/157, 0x9d) writev$auto(r4, &(0x7f0000000200)={0x0, 0x7}, 0x3) close_range$auto(0x2, 0x8, 0x0) close_range$auto(r3, r0, 0xc) sysfs$auto(0x2, 0x7, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) r6 = ioctl$auto_TUNATTACHFILTER(r1, 0x401054d5, 0x0) ioctl$auto_virtual_ncidev_fops_virtual_ncidev(0xffffffffffffffff, 0x400000046, 0x0) futex_wake$auto(&(0x7f0000000140)="adf3e16812f6e5", 0x8, 0x6, 0x6) ioctl$auto_BLKRRPART(r6, 0x125f, 0x0) r7 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000280), 0x141182, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r7, 0x40146f2c, 0x0) unshare$auto(0x40000080) openat$auto_bm_register_operations_binfmt_misc(0xffffffffffffff9c, &(0x7f0000000040), 0x20580, 0x0) mmap$auto(0x5, 0x80000000005, 0x810, 0xfffffffffffffe10, r2, 0x7fff) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0x101}, 0x8}, 0x7, 0x20020000) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.140' (ED25519) to the list of known hosts. [ 82.414901][ T5813] cgroup: Unknown subsys name 'net' [ 82.525005][ T5813] cgroup: Unknown subsys name 'cpuset' [ 82.534651][ T5813] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 84.313879][ T5813] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 86.279723][ T5837] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 86.288637][ T5837] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 86.297229][ T5837] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 86.302118][ T5840] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 86.305983][ T5837] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 86.320797][ T5837] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 86.323075][ T5838] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 86.328512][ T5837] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 86.336676][ T5838] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 86.344801][ T5837] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 86.351292][ T5838] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 86.357784][ T5837] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 86.364434][ T5838] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 86.373258][ T5837] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 86.385448][ T5836] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 86.386196][ T5837] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 86.403626][ T5837] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 86.416152][ T5146] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 86.425246][ T5146] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 86.436175][ T5146] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 87.010420][ T5826] chnl_net:caif_netlink_parms(): no params data found [ 87.047361][ T5825] chnl_net:caif_netlink_parms(): no params data found [ 87.167515][ T5827] chnl_net:caif_netlink_parms(): no params data found [ 87.185891][ T5824] chnl_net:caif_netlink_parms(): no params data found [ 87.283028][ T5826] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.291274][ T5826] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.298712][ T5826] bridge_slave_0: entered allmulticast mode [ 87.307798][ T5826] bridge_slave_0: entered promiscuous mode [ 87.319213][ T5826] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.327021][ T5826] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.335141][ T5826] bridge_slave_1: entered allmulticast mode [ 87.344541][ T5826] bridge_slave_1: entered promiscuous mode [ 87.452367][ T5825] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.459631][ T5825] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.466973][ T5825] bridge_slave_0: entered allmulticast mode [ 87.475755][ T5825] bridge_slave_0: entered promiscuous mode [ 87.533491][ T5825] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.541821][ T5825] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.549148][ T5825] bridge_slave_1: entered allmulticast mode [ 87.557506][ T5825] bridge_slave_1: entered promiscuous mode [ 87.591724][ T5826] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.632763][ T5826] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.687695][ T5825] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.697819][ T5827] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.705505][ T5827] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.712954][ T5827] bridge_slave_0: entered allmulticast mode [ 87.720403][ T5827] bridge_slave_0: entered promiscuous mode [ 87.752090][ T5825] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.762053][ T5827] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.769329][ T5827] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.776857][ T5827] bridge_slave_1: entered allmulticast mode [ 87.784430][ T5827] bridge_slave_1: entered promiscuous mode [ 87.792036][ T5824] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.799235][ T5824] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.806875][ T5824] bridge_slave_0: entered allmulticast mode [ 87.814535][ T5824] bridge_slave_0: entered promiscuous mode [ 87.825101][ T5826] team0: Port device team_slave_0 added [ 87.854226][ T5824] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.861628][ T5824] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.868775][ T5824] bridge_slave_1: entered allmulticast mode [ 87.876631][ T5824] bridge_slave_1: entered promiscuous mode [ 87.885882][ T5826] team0: Port device team_slave_1 added [ 87.917270][ T5827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.950009][ T5825] team0: Port device team_slave_0 added [ 87.958484][ T5827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.000480][ T5825] team0: Port device team_slave_1 added [ 88.023088][ T5824] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.033955][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.041237][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 88.067449][ T5826] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.091611][ T5827] team0: Port device team_slave_0 added [ 88.100621][ T5824] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.111010][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.118076][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 88.144525][ T5826] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.168734][ T5827] team0: Port device team_slave_1 added [ 88.194555][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.202227][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 88.228521][ T5825] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.262211][ T5824] team0: Port device team_slave_0 added [ 88.268774][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.276117][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 88.302822][ T5825] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.327102][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.335404][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 88.362046][ T5827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.375867][ T5824] team0: Port device team_slave_1 added [ 88.400413][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.407678][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 88.434102][ T5827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.445174][ T5146] Bluetooth: hci3: command tx timeout [ 88.479657][ T5826] hsr_slave_0: entered promiscuous mode [ 88.486464][ T5826] hsr_slave_1: entered promiscuous mode [ 88.521336][ T5831] Bluetooth: hci0: command tx timeout [ 88.527134][ T5831] Bluetooth: hci1: command tx timeout [ 88.533353][ T5146] Bluetooth: hci2: command tx timeout [ 88.534241][ T5824] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.546808][ T5824] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 88.573763][ T5824] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.619039][ T5824] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.626240][ T5824] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 88.652560][ T5824] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.688910][ T5825] hsr_slave_0: entered promiscuous mode [ 88.695328][ T5825] hsr_slave_1: entered promiscuous mode [ 88.701986][ T5825] debugfs: 'hsr0' already exists in 'hsr' [ 88.707829][ T5825] Cannot create hsr debugfs directory [ 88.747634][ T5827] hsr_slave_0: entered promiscuous mode [ 88.754885][ T5827] hsr_slave_1: entered promiscuous mode [ 88.762061][ T5827] debugfs: 'hsr0' already exists in 'hsr' [ 88.767835][ T5827] Cannot create hsr debugfs directory [ 88.856257][ T5824] hsr_slave_0: entered promiscuous mode [ 88.862891][ T5824] hsr_slave_1: entered promiscuous mode [ 88.869142][ T5824] debugfs: 'hsr0' already exists in 'hsr' [ 88.875255][ T5824] Cannot create hsr debugfs directory [ 89.297423][ T5826] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 89.311193][ T5826] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 89.323836][ T5826] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 89.343733][ T5826] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 89.421265][ T5825] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 89.436618][ T5825] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 89.450333][ T5825] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 89.471960][ T5825] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 89.566021][ T5827] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 89.577099][ T5827] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 89.590570][ T5827] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 89.602814][ T5827] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 89.684947][ T5826] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.727639][ T5824] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 89.752377][ T5824] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 89.763987][ T5824] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 89.777037][ T5826] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.792064][ T5824] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 89.818682][ T3511] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.826072][ T3511] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.858540][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.866435][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.998876][ T5825] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.034253][ T5827] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.056550][ T5825] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.094654][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.102245][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.126516][ T58] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.133795][ T58] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.154887][ T5827] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.184033][ T58] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.191271][ T58] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.225381][ T58] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.232768][ T58] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.307725][ T5824] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.393217][ T5824] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.424955][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.432461][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.462393][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.469709][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.522170][ T5831] Bluetooth: hci3: command tx timeout [ 90.587911][ T5826] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.601067][ T5831] Bluetooth: hci1: command tx timeout [ 90.606631][ T5831] Bluetooth: hci2: command tx timeout [ 90.612943][ T5146] Bluetooth: hci0: command tx timeout [ 90.788004][ T5825] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.816745][ T5826] veth0_vlan: entered promiscuous mode [ 90.876119][ T5826] veth1_vlan: entered promiscuous mode [ 91.014656][ T5825] veth0_vlan: entered promiscuous mode [ 91.030144][ T5827] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.054358][ T5826] veth0_macvtap: entered promiscuous mode [ 91.067446][ T5825] veth1_vlan: entered promiscuous mode [ 91.089143][ T5826] veth1_macvtap: entered promiscuous mode [ 91.166326][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.178896][ T5825] veth0_macvtap: entered promiscuous mode [ 91.195079][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.206370][ T5824] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.220446][ T5825] veth1_macvtap: entered promiscuous mode [ 91.248381][ T3511] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.259440][ T3511] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.283289][ T3511] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.292456][ T3511] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.334846][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.353317][ T5827] veth0_vlan: entered promiscuous mode [ 91.378886][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.432810][ T3511] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.443917][ T5827] veth1_vlan: entered promiscuous mode [ 91.457119][ T5824] veth0_vlan: entered promiscuous mode [ 91.466004][ T3511] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.479610][ T3511] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.506768][ T3511] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.542365][ T5824] veth1_vlan: entered promiscuous mode [ 91.554603][ T3511] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.566159][ T3511] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.630540][ T5827] veth0_macvtap: entered promiscuous mode [ 91.680298][ T5827] veth1_macvtap: entered promiscuous mode [ 91.716240][ T58] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.729306][ T3511] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.738529][ T3511] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.745929][ T58] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.795090][ T5824] veth0_macvtap: entered promiscuous mode [ 91.808678][ T3511] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.824593][ T3511] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.837412][ T5824] veth1_macvtap: entered promiscuous mode [ 91.850209][ T5826] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 91.872667][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.912477][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.949945][ T1317] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.973672][ T1317] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.983611][ T1317] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.012980][ T5824] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.025366][ T1317] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.140589][ T5824] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.226284][ T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.245543][ T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.321329][ T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.368790][ T9] cfg80211: failed to load regulatory.db [ 92.430056][ T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.517277][ T5930] netlink: 'syz.1.2': attribute type 4 has an invalid length. [ 92.527838][ T5931] netlink: 'syz.1.2': attribute type 4 has an invalid length. [ 92.603325][ T5837] Bluetooth: hci3: command tx timeout [ 92.682668][ T5837] Bluetooth: hci0: command tx timeout [ 92.688340][ T5837] Bluetooth: hci2: command tx timeout [ 92.694010][ T5837] Bluetooth: hci1: command tx timeout [ 92.755161][ T1317] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.780727][ T1317] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.803439][ T5930] netlink: 314 bytes leftover after parsing attributes in process `syz.1.2'. [ 92.847946][ T5931] netlink: 314 bytes leftover after parsing attributes in process `syz.1.2'. [ 92.991414][ T5931] Zero length message leads to an empty skb [ 92.991414][ T5930] Zero length message leads to an empty skb [ 93.008049][ T109] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.031313][ T109] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.055317][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.095335][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.188615][ T109] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.197394][ T109] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.857574][ T5947] ecryptfs_miscdev_write: Acceptable packet size range is [6-531], but amount of data written is [1052805]. [ 93.977100][ T5938] Invalid ELF header magic: != ELF [ 94.271475][ T5957] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 94.625782][ T5967] netlink: 12 bytes leftover after parsing attributes in process `syz.3.11'. [ 94.670251][ T5967] HfR: entered promiscuous mode [ 94.682498][ T5831] Bluetooth: hci3: command tx timeout [ 94.761347][ T5831] Bluetooth: hci1: command tx timeout [ 94.767017][ T5831] Bluetooth: hci2: command tx timeout [ 94.772739][ T5831] Bluetooth: hci0: command tx timeout [ 95.984312][ T5985] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 96.380628][ T6002] netlink: 326 bytes leftover after parsing attributes in process `syz.0.19'. [ 98.234613][ T6020] zswap: compressor not available [ 98.774216][ T6036] bridge0: port 3(batadv0) entered blocking state [ 98.807607][ T6036] bridge0: port 3(batadv0) entered disabled state [ 98.827157][ T6036] batadv0: entered allmulticast mode [ 98.854843][ T6036] batadv0: entered promiscuous mode [ 98.891168][ T6036] bridge0: port 3(batadv0) entered blocking state [ 98.898202][ T6036] bridge0: port 3(batadv0) entered forwarding state [ 99.024416][ T109] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 99.035575][ T109] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 99.691730][ T6043] FAULT_INJECTION: forcing a failure. [ 99.691730][ T6043] name failslab, interval 1, probability 0, space 0, times 1 [ 99.705002][ T6043] CPU: 0 UID: 0 PID: 6043 Comm: syz.1.26 Not tainted syzkaller #0 PREEMPT(full) [ 99.705040][ T6043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 99.705057][ T6043] Call Trace: [ 99.705066][ T6043] [ 99.705077][ T6043] dump_stack_lvl+0x100/0x190 [ 99.705128][ T6043] should_fail_ex.cold+0x5/0xa [ 99.705166][ T6043] should_failslab+0xc2/0x120 [ 99.705199][ T6043] __kmalloc_cache_node_noprof+0x7d/0x770 [ 99.705229][ T6043] ? blkg_alloc+0xbd/0xae0 [ 99.705267][ T6043] ? __xa_insert+0x20b/0x320 [ 99.705305][ T6043] blkg_alloc+0xbd/0xae0 [ 99.705348][ T6043] ? __alloc_disk_node+0x2d4/0x6b0 [ 99.705385][ T6043] blkcg_init_disk+0x51/0x580 [ 99.705431][ T6043] __alloc_disk_node+0x2f6/0x6b0 [ 99.705470][ T6043] __blk_mq_alloc_disk+0x89/0x120 [ 99.705503][ T6043] loop_add+0x498/0xb60 [ 99.705547][ T6043] ? __pfx_loop_add+0x10/0x10 [ 99.705615][ T6043] ? find_held_lock+0x2b/0x80 [ 99.705644][ T6043] ? __fget_files+0x215/0x3d0 [ 99.705678][ T6043] loop_control_ioctl+0xae/0x620 [ 99.705725][ T6043] ? __pfx_loop_control_ioctl+0x10/0x10 [ 99.705776][ T6043] ? __pfx_loop_control_ioctl+0x10/0x10 [ 99.705823][ T6043] __x64_sys_ioctl+0x18e/0x210 [ 99.705878][ T6043] do_syscall_64+0x106/0xf80 [ 99.705906][ T6043] ? clear_bhb_loop+0x40/0x90 [ 99.705948][ T6043] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.705979][ T6043] RIP: 0033:0x7f46c559c799 [ 99.706010][ T6043] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 99.706037][ T6043] RSP: 002b:00007f46c6480028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 99.706064][ T6043] RAX: ffffffffffffffda RBX: 00007f46c5815fa0 RCX: 00007f46c559c799 [ 99.706083][ T6043] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 000000000000000a [ 99.706101][ T6043] RBP: 00007f46c5632c99 R08: 0000000000000000 R09: 0000000000000000 [ 99.706117][ T6043] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 99.706132][ T6043] R13: 00007f46c5816038 R14: 00007f46c5815fa0 R15: 00007ffc6fdf1578 [ 99.706171][ T6043] [ 100.752851][ T6056] netlink: 36 bytes leftover after parsing attributes in process `syz.2.27'. [ 100.848145][ T6056] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !PjE r҄y*"l-y– [ 101.111185][ T6067] random: crng reseeded on system resumption [ 101.227719][ T6052] hub 1-0:1.0: USB hub found [ 101.242069][ T6052] hub 1-0:1.0: 1 port detected [ 101.566622][ T6049] netlink: 28 bytes leftover after parsing attributes in process `syz.2.27'. [ 101.587198][ T6049] ipvlan1: entered promiscuous mode [ 101.629543][ T6049] ipvlan1: entered allmulticast mode [ 101.645328][ T6049] veth0_vlan: entered allmulticast mode [ 102.068228][ T6082] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 103.331495][ T6106] netlink: 326 bytes leftover after parsing attributes in process `syz.2.38'. [ 103.535541][ T6102] kexec: Could not allocate control_code_buffer [ 103.543820][ T6106] Zero length message leads to an empty skb [ 103.713181][ T5831] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 103.725137][ T5831] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 103.733285][ T5831] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:0' [ 103.743782][ T5831] CPU: 0 UID: 0 PID: 5831 Comm: kworker/u9:2 Not tainted syzkaller #0 PREEMPT(full) [ 103.743825][ T5831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 103.743844][ T5831] Workqueue: hci1 hci_rx_work [ 103.743890][ T5831] Call Trace: [ 103.743900][ T5831] [ 103.743912][ T5831] dump_stack_lvl+0x100/0x190 [ 103.743962][ T5831] sysfs_warn_dup.cold+0x1c/0x28 [ 103.744006][ T5831] sysfs_create_dir_ns+0x24b/0x2b0 [ 103.744051][ T5831] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 103.744092][ T5831] ? find_held_lock+0x2b/0x80 [ 103.744121][ T5831] ? kobject_add_internal+0x25f/0x930 [ 103.744157][ T5831] ? kobject_add_internal+0x25f/0x930 [ 103.744197][ T5831] ? do_raw_spin_unlock+0x145/0x1e0 [ 103.744247][ T5831] kobject_add_internal+0x2c8/0x930 [ 103.744291][ T5831] kobject_add+0x16a/0x1e0 [ 103.744327][ T5831] ? __pfx_kobject_add+0x10/0x10 [ 103.744360][ T5831] ? class_to_subsys+0x10f/0x150 [ 103.744410][ T5831] ? kobject_put+0xb9/0x640 [ 103.744442][ T5831] ? _raw_spin_unlock+0x28/0x50 [ 103.744499][ T5831] device_add+0x294/0x1950 [ 103.744540][ T5831] ? __pfx_dev_set_name+0x10/0x10 [ 103.744595][ T5831] ? __pfx_device_add+0x10/0x10 [ 103.744636][ T5831] ? mgmt_send_event_skb+0x2fb/0x460 [ 103.744692][ T5831] hci_conn_add_sysfs+0x1a3/0x260 [ 103.744745][ T5831] le_conn_complete_evt+0x11cb/0x1f40 [ 103.744801][ T5831] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 103.744840][ T5831] ? __pfx_bt_warn+0x10/0x10 [ 103.744887][ T5831] hci_le_conn_complete_evt+0x23c/0x3a0 [ 103.744933][ T5831] ? skb_pull_data+0x15f/0x1e0 [ 103.744978][ T5831] hci_le_meta_evt+0x34a/0x5f0 [ 103.745026][ T5831] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 103.745077][ T5831] hci_event_packet+0x682/0x11c0 [ 103.745121][ T5831] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 103.745170][ T5831] ? __pfx_hci_event_packet+0x10/0x10 [ 103.745218][ T5831] ? kcov_remote_start+0x374/0x660 [ 103.745250][ T5831] ? lockdep_hardirqs_on+0x78/0x100 [ 103.745290][ T5831] hci_rx_work+0x451/0xfc0 [ 103.745342][ T5831] process_one_work+0xa23/0x19a0 [ 103.745406][ T5831] ? __pfx_process_one_work+0x10/0x10 [ 103.745465][ T5831] ? __pfx_hci_rx_work+0x10/0x10 [ 103.745514][ T5831] worker_thread+0x5ef/0xe50 [ 103.745575][ T5831] ? kthread+0x13a/0x450 [ 103.745618][ T5831] ? __pfx_worker_thread+0x10/0x10 [ 103.745656][ T5831] kthread+0x370/0x450 [ 103.745694][ T5831] ? __pfx_kthread+0x10/0x10 [ 103.745737][ T5831] ret_from_fork+0x754/0xd80 [ 103.745784][ T5831] ? __pfx_ret_from_fork+0x10/0x10 [ 103.745828][ T5831] ? rcu_is_watching+0x12/0xc0 [ 103.745874][ T5831] ? __switch_to+0x7b4/0x1120 [ 103.745909][ T5831] ? __pfx_kthread+0x10/0x10 [ 103.745953][ T5831] ret_from_fork_asm+0x1a/0x30 [ 103.746008][ T5831] [ 104.037353][ T5831] kobject: kobject_add_internal failed for hci1:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 104.061019][ T5831] Bluetooth: hci1: failed to register connection device [ 104.202446][ T6115] FAULT_INJECTION: forcing a failure. [ 104.202446][ T6115] name failslab, interval 1, probability 0, space 0, times 0 [ 104.215361][ T6115] CPU: 0 UID: 0 PID: 6115 Comm: syz.3.43 Not tainted syzkaller #0 PREEMPT(full) [ 104.215403][ T6115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 104.215421][ T6115] Call Trace: [ 104.215431][ T6115] [ 104.215443][ T6115] dump_stack_lvl+0x100/0x190 [ 104.215497][ T6115] should_fail_ex.cold+0x5/0xa [ 104.215535][ T6115] should_failslab+0xc2/0x120 [ 104.215571][ T6115] __kmalloc_cache_noprof+0x7a/0x6f0 [ 104.215623][ T6115] ? init_srcu_struct_fields+0xa69/0xfa0 [ 104.215675][ T6115] init_srcu_struct_fields+0xa69/0xfa0 [ 104.215726][ T6115] blk_mq_alloc_tag_set+0x3cc/0x1330 [ 104.215758][ T6115] ? idr_alloc+0xdd/0x130 [ 104.215787][ T6115] ? __pfx_idr_alloc+0x10/0x10 [ 104.215828][ T6115] loop_add+0x3b7/0xb60 [ 104.215873][ T6115] ? __pfx_loop_add+0x10/0x10 [ 104.215940][ T6115] ? rcu_is_watching+0x12/0xc0 [ 104.215989][ T6115] ? do_sock_setsockopt+0x101/0x1d0 [ 104.216021][ T6115] ? kfree+0x2ec/0x6b0 [ 104.216060][ T6115] ? ipv6_setsockopt+0xcb/0x170 [ 104.216101][ T6115] loop_control_ioctl+0xae/0x620 [ 104.216150][ T6115] ? __pfx_loop_control_ioctl+0x10/0x10 [ 104.216198][ T6115] ? xfd_validate_state+0x129/0x190 [ 104.216246][ T6115] ? __pfx_loop_control_ioctl+0x10/0x10 [ 104.216297][ T6115] __x64_sys_ioctl+0x18e/0x210 [ 104.216346][ T6115] do_syscall_64+0x106/0xf80 [ 104.216376][ T6115] ? clear_bhb_loop+0x40/0x90 [ 104.216414][ T6115] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.216446][ T6115] RIP: 0033:0x7fd72f99c799 [ 104.216472][ T6115] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 104.216501][ T6115] RSP: 002b:00007fd730873028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 104.216532][ T6115] RAX: ffffffffffffffda RBX: 00007fd72fc15fa0 RCX: 00007fd72f99c799 [ 104.216553][ T6115] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000002 [ 104.216573][ T6115] RBP: 00007fd72fa32c99 R08: 0000000000000000 R09: 0000000000000000 [ 104.216639][ T6115] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 104.216657][ T6115] R13: 00007fd72fc16038 R14: 00007fd72fc15fa0 R15: 00007ffe49c502c8 [ 104.216697][ T6115] [ 105.486367][ T6139] FAULT_INJECTION: forcing a failure. [ 105.486367][ T6139] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 105.775871][ T5831] Bluetooth: hci1: unexpected event 0x3e length: 358 > 260 [ 105.775913][ T5831] Bluetooth: hci1: unexpected subevent 0x1b length: 357 > 260 [ 105.809229][ T5831] Bluetooth: hci1: command 0x2016 tx timeout [ 105.898442][ T6139] CPU: 1 UID: 0 PID: 6139 Comm: syz.1.44 Not tainted syzkaller #0 PREEMPT(full) [ 105.898470][ T6139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 105.898480][ T6139] Call Trace: [ 105.898487][ T6139] [ 105.898494][ T6139] dump_stack_lvl+0x100/0x190 [ 105.898528][ T6139] should_fail_ex.cold+0x5/0xa [ 105.898570][ T6139] ? prepare_alloc_pages+0x16d/0x5f0 [ 105.898596][ T6139] should_fail_alloc_page+0xeb/0x140 [ 105.898619][ T6139] prepare_alloc_pages+0x1f0/0x5f0 [ 105.898645][ T6139] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 105.898678][ T6139] ? rcu_is_watching+0x12/0xc0 [ 105.898707][ T6139] ? trace_mm_page_alloc+0x17a/0x1d0 [ 105.898729][ T6139] ? __alloc_frozen_pages_noprof+0x2b1/0x2ba0 [ 105.898761][ T6139] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 105.898797][ T6139] ? find_held_lock+0x2b/0x80 [ 105.898814][ T6139] ? is_bpf_text_address+0x8a/0x1a0 [ 105.898843][ T6139] ? is_bpf_text_address+0x8a/0x1a0 [ 105.898874][ T6139] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 105.898894][ T6139] ? is_bpf_text_address+0x94/0x1a0 [ 105.898923][ T6139] ? kernel_text_address+0x8d/0x100 [ 105.898951][ T6139] ? __kernel_text_address+0xd/0x30 [ 105.898978][ T6139] ? unwind_get_return_address+0x59/0xa0 [ 105.899004][ T6139] alloc_pages_bulk_noprof+0x782/0x1490 [ 105.899041][ T6139] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 105.899142][ T6139] ? kasan_save_stack+0x30/0x50 [ 105.899177][ T6139] ? alloc_pages_noprof+0x238/0x390 [ 105.899209][ T6139] __kasan_populate_vmalloc+0xf0/0x210 [ 105.899244][ T6139] alloc_vmap_area+0x95d/0x2bd0 [ 105.899273][ T6139] ? __pfx_alloc_vmap_area+0x10/0x10 [ 105.899301][ T6139] __get_vm_area_node+0x1ca/0x330 [ 105.899328][ T6139] __vmalloc_node_range_noprof+0x213/0x1530 [ 105.899353][ T6139] ? kernel_clone+0xfc/0x9a0 [ 105.899375][ T6139] ? find_held_lock+0x2b/0x80 [ 105.899392][ T6139] ? local_lock_release+0x99/0x130 [ 105.899414][ T6139] ? local_lock_release+0x99/0x130 [ 105.899439][ T6139] ? kernel_clone+0xfc/0x9a0 [ 105.899461][ T6139] ? find_held_lock+0x2b/0x80 [ 105.899478][ T6139] ? rcu_read_unlock+0x17/0x60 [ 105.899498][ T6139] ? rcu_read_unlock+0x17/0x60 [ 105.899519][ T6139] ? obj_cgroup_charge_account+0x46d/0x640 [ 105.899541][ T6139] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 105.899575][ T6139] ? __memcg_slab_post_alloc_hook+0x51b/0x990 [ 105.899600][ T6139] ? rcu_is_watching+0x12/0xc0 [ 105.899630][ T6139] ? trace_kmem_cache_alloc+0xf3/0x120 [ 105.899652][ T6139] ? kernel_clone+0xfc/0x9a0 [ 105.899672][ T6139] __vmalloc_node_noprof+0xad/0xf0 [ 105.899696][ T6139] ? kernel_clone+0xfc/0x9a0 [ 105.899720][ T6139] copy_process+0x5ec/0x7a40 [ 105.899744][ T6139] ? __pfx___futex_wait+0x10/0x10 [ 105.899772][ T6139] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 105.899801][ T6139] ? lockdep_hardirqs_on+0x78/0x100 [ 105.899824][ T6139] ? __pfx_copy_process+0x10/0x10 [ 105.899846][ T6139] ? find_held_lock+0x2b/0x80 [ 105.899872][ T6139] kernel_clone+0xfc/0x9a0 [ 105.899892][ T6139] ? __pfx_futex_wait+0x10/0x10 [ 105.899922][ T6139] ? __pfx_kernel_clone+0x10/0x10 [ 105.899955][ T6139] __do_sys_clone+0xd9/0x120 [ 105.899978][ T6139] ? __pfx___do_sys_clone+0x10/0x10 [ 105.900020][ T6139] do_syscall_64+0x106/0xf80 [ 105.900038][ T6139] ? clear_bhb_loop+0x40/0x90 [ 105.900060][ T6139] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.900079][ T6139] RIP: 0033:0x7f46c559c799 [ 105.900097][ T6139] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 105.900114][ T6139] RSP: 002b:00007f46c643e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 105.900133][ T6139] RAX: ffffffffffffffda RBX: 00007f46c5816180 RCX: 00007f46c559c799 [ 105.900144][ T6139] RDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000000000008 [ 105.900155][ T6139] RBP: 00007f46c5632c99 R08: 0000000000000002 R09: 0000000000000000 [ 105.900166][ T6139] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 105.900177][ T6139] R13: 00007f46c5816218 R14: 00007f46c5816180 R15: 00007ffc6fdf1578 [ 105.900199][ T6139] [ 105.900379][ T6139] syz.1.44: vmalloc error: size 32768, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 106.382712][ T6139] CPU: 1 UID: 0 PID: 6139 Comm: syz.1.44 Not tainted syzkaller #0 PREEMPT(full) [ 106.382753][ T6139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 106.382768][ T6139] Call Trace: [ 106.382777][ T6139] [ 106.382788][ T6139] dump_stack_lvl+0x100/0x190 [ 106.382848][ T6139] warn_alloc.cold+0x95/0x1c1 [ 106.382898][ T6139] ? __pfx_warn_alloc+0x10/0x10 [ 106.382938][ T6139] ? lockdep_hardirqs_on+0x78/0x100 [ 106.382972][ T6139] ? __get_vm_area_node+0x2c5/0x330 [ 106.383015][ T6139] ? __get_vm_area_node+0x208/0x330 [ 106.383059][ T6139] __vmalloc_node_range_noprof+0xbf4/0x1530 [ 106.383094][ T6139] ? find_held_lock+0x2b/0x80 [ 106.383123][ T6139] ? local_lock_release+0x99/0x130 [ 106.383158][ T6139] ? local_lock_release+0x99/0x130 [ 106.383199][ T6139] ? kernel_clone+0xfc/0x9a0 [ 106.383235][ T6139] ? find_held_lock+0x2b/0x80 [ 106.383263][ T6139] ? rcu_read_unlock+0x17/0x60 [ 106.383294][ T6139] ? rcu_read_unlock+0x17/0x60 [ 106.383325][ T6139] ? obj_cgroup_charge_account+0x46d/0x640 [ 106.383363][ T6139] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 106.383407][ T6139] ? __memcg_slab_post_alloc_hook+0x51b/0x990 [ 106.383449][ T6139] ? rcu_is_watching+0x12/0xc0 [ 106.383496][ T6139] ? trace_kmem_cache_alloc+0xf3/0x120 [ 106.383533][ T6139] ? kernel_clone+0xfc/0x9a0 [ 106.383564][ T6139] __vmalloc_node_noprof+0xad/0xf0 [ 106.383603][ T6139] ? kernel_clone+0xfc/0x9a0 [ 106.383641][ T6139] copy_process+0x5ec/0x7a40 [ 106.383681][ T6139] ? __pfx___futex_wait+0x10/0x10 [ 106.383726][ T6139] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 106.383773][ T6139] ? lockdep_hardirqs_on+0x78/0x100 [ 106.383822][ T6139] ? __pfx_copy_process+0x10/0x10 [ 106.383859][ T6139] ? find_held_lock+0x2b/0x80 [ 106.383906][ T6139] kernel_clone+0xfc/0x9a0 [ 106.383939][ T6139] ? __pfx_futex_wait+0x10/0x10 [ 106.383988][ T6139] ? __pfx_kernel_clone+0x10/0x10 [ 106.384048][ T6139] __do_sys_clone+0xd9/0x120 [ 106.384085][ T6139] ? __pfx___do_sys_clone+0x10/0x10 [ 106.384157][ T6139] do_syscall_64+0x106/0xf80 [ 106.384185][ T6139] ? clear_bhb_loop+0x40/0x90 [ 106.384222][ T6139] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.384253][ T6139] RIP: 0033:0x7f46c559c799 [ 106.384279][ T6139] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 106.384306][ T6139] RSP: 002b:00007f46c643e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 106.384336][ T6139] RAX: ffffffffffffffda RBX: 00007f46c5816180 RCX: 00007f46c559c799 [ 106.384355][ T6139] RDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000000000008 [ 106.384372][ T6139] RBP: 00007f46c5632c99 R08: 0000000000000002 R09: 0000000000000000 [ 106.384390][ T6139] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 106.384407][ T6139] R13: 00007f46c5816218 R14: 00007f46c5816180 R15: 00007ffc6fdf1578 [ 106.384447][ T6139] [ 106.690749][ T6139] Mem-Info: [ 106.693943][ T6139] active_anon:58654 inactive_anon:0 isolated_anon:0 [ 106.693943][ T6139] active_file:15022 inactive_file:40326 isolated_file:0 [ 106.693943][ T6139] unevictable:768 dirty:2390 writeback:0 [ 106.693943][ T6139] slab_reclaimable:11068 slab_unreclaimable:91554 [ 106.693943][ T6139] mapped:42381 shmem:53214 pagetables:1319 [ 106.693943][ T6139] sec_pagetables:0 bounce:0 [ 106.693943][ T6139] kernel_misc_reclaimable:0 [ 106.693943][ T6139] free:1264434 free_pcp:23456 free_cma:0 [ 106.743497][ T6139] Node 0 active_anon:234716kB inactive_anon:0kB active_file:60088kB inactive_file:161104kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:170824kB dirty:9548kB writeback:0kB shmem:211220kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:11800kB pagetables:5168kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 106.828946][ T6139] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:12kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:64kB pagetables:108kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 107.010792][ T6139] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 107.041811][ T6139] lowmem_reserve[]: 0 2477 2478 2478 2478 [ 107.048260][ T6139] Node 0 DMA32 free:1114740kB boost:0kB min:34056kB low:42568kB high:51080kB reserved_highatomic:0KB free_highatomic:0KB active_anon:230216kB inactive_anon:0kB active_file:60088kB inactive_file:161104kB unevictable:1536kB writepending:5636kB zspages:0kB present:3129332kB managed:2537292kB mlocked:0kB bounce:0kB free_pcp:92740kB local_pcp:39624kB free_cma:0kB [ 107.150248][ T6139] lowmem_reserve[]: 0 0 1 1 1 [ 107.157129][ T6163] netlink: 326 bytes leftover after parsing attributes in process `syz.0.49'. [ 107.171435][ T6139] Node 0 Normal free:0kB boost:0kB min:12kB low:12kB high:12kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1056kB mlocked:0kB bounce:0kB free_pcp:4kB local_pcp:4kB free_cma:0kB [ 107.240947][ T6139] lowmem_reserve[]: 0 0 0 0 0 [ 107.245776][ T6139] Node 1 Normal free:3925352kB boost:0kB min:55832kB low:69788kB high:83744kB reserved_highatomic:0KB free_highatomic:0KB active_anon:600kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:12kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:1376kB local_pcp:248kB free_cma:0kB [ 107.370306][ T6163] Zero length message leads to an empty skb [ 107.377042][ T6139] lowmem_reserve[]: 0 0 0 0 0 [ 107.440753][ T6139] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 107.663062][ T6139] Node 0 DMA32: 6076*4kB (UME) 490*8kB (UME) 113*16kB (UME) 30*32kB (UM) 19*64kB (UME) 15*128kB (UME) 24*256kB (UME) 10*512kB (UME) 9*1024kB (U) 10*2048kB (UME) 257*4096kB (UM) = 1127760kB [ 107.795009][ T6169] syz.0.51 uses obsolete (PF_INET,SOCK_PACKET) [ 107.881768][ T5831] Bluetooth: hci1: command 0x2016 tx timeout [ 107.969094][ T6139] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 108.100792][ T6139] Node 1 Normal: 0*4kB 0*8kB 2*16kB (UM) 3*32kB (UM) 7*64kB (UM) 6*128kB (U) 0*256kB 1*512kB (U) 2*1024kB (UM) 2*2048kB (UM) 956*4096kB (M) = 3923776kB [ 108.134170][ T6139] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 108.265341][ T6139] Node 0 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 108.284247][ T6139] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 108.306072][ T6182] kafs: addr_prefs: Invalid Command [ 108.537401][ T6139] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 108.574916][ T6139] 99956 total pagecache pages [ 108.625170][ T6139] 0 pages in swap cache [ 108.675877][ T6139] Free swap = 124996kB [ 108.705971][ T6189] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 108.735413][ T6139] Total swap = 124996kB [ 108.787584][ T6139] 2097051 pages RAM [ 108.825812][ T6139] 0 pages HighMem/MovableOnly [ 108.934410][ T6139] 430849 pages reserved [ 108.938631][ T6139] 0 pages cma reserved [ 109.967246][ T5831] Bluetooth: hci1: command 0x2016 tx timeout [ 110.193198][ T6223] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 110.845275][ T6247] FAULT_INJECTION: forcing a failure. [ 110.845275][ T6247] name failslab, interval 1, probability 0, space 0, times 0 [ 110.876028][ T6247] CPU: 1 UID: 0 PID: 6247 Comm: syz.0.68 Not tainted syzkaller #0 PREEMPT(full) [ 110.876056][ T6247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 110.876066][ T6247] Call Trace: [ 110.876074][ T6247] [ 110.876082][ T6247] dump_stack_lvl+0x100/0x190 [ 110.876114][ T6247] should_fail_ex.cold+0x5/0xa [ 110.876136][ T6247] should_failslab+0xc2/0x120 [ 110.876157][ T6247] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 110.876196][ T6247] ? dup_fd+0x4d/0xd10 [ 110.876225][ T6247] ? trace_kmalloc+0x101/0x130 [ 110.876262][ T6247] dup_fd+0x4d/0xd10 [ 110.876288][ T6247] ? apparmor_task_alloc+0x2c1/0x3b0 [ 110.876309][ T6247] copy_process+0x268f/0x7a40 [ 110.876341][ T6247] ? __pfx_copy_process+0x10/0x10 [ 110.876363][ T6247] ? find_held_lock+0x2b/0x80 [ 110.876389][ T6247] kernel_clone+0xfc/0x9a0 [ 110.876409][ T6247] ? __pfx_futex_wait+0x10/0x10 [ 110.876439][ T6247] ? __pfx_kernel_clone+0x10/0x10 [ 110.876473][ T6247] __do_sys_clone+0xd9/0x120 [ 110.876505][ T6247] ? __pfx___do_sys_clone+0x10/0x10 [ 110.876543][ T6247] do_syscall_64+0x106/0xf80 [ 110.876561][ T6247] ? clear_bhb_loop+0x40/0x90 [ 110.876584][ T6247] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.876603][ T6247] RIP: 0033:0x7fc7d3d9c799 [ 110.876619][ T6247] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 110.876636][ T6247] RSP: 002b:00007fc7d4bb3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 110.876654][ T6247] RAX: ffffffffffffffda RBX: 00007fc7d4016090 RCX: 00007fc7d3d9c799 [ 110.876666][ T6247] RDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000000000008 [ 110.876676][ T6247] RBP: 00007fc7d3e32c99 R08: 0000000000000002 R09: 0000000000000000 [ 110.876686][ T6247] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 110.876696][ T6247] R13: 00007fc7d4016128 R14: 00007fc7d4016090 R15: 00007fffa497b4a8 [ 110.876718][ T6247] [ 111.134348][ T6249] QAT: Stopping all acceleration devices. [ 111.656261][ T6257] QAT: Invalid ioctl 35077 [ 112.040841][ T5837] Bluetooth: hci1: command 0x2016 tx timeout [ 112.072410][ T6275] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 112.578038][ T6278] netlink: 342 bytes leftover after parsing attributes in process `syz.2.75'. [ 114.440854][ T5837] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 115.408614][ T6319] FAULT_INJECTION: forcing a failure. [ 115.408614][ T6319] name fail_futex, interval 1, probability 0, space 0, times 1 [ 115.408655][ T6319] CPU: 0 UID: 0 PID: 6319 Comm: syz.2.83 Not tainted syzkaller #0 PREEMPT(full) [ 115.408686][ T6319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 115.408701][ T6319] Call Trace: [ 115.408710][ T6319] [ 115.408720][ T6319] dump_stack_lvl+0x100/0x190 [ 115.408777][ T6319] should_fail_ex.cold+0x5/0xa [ 115.408812][ T6319] get_futex_key+0x1d2/0x1620 [ 115.408852][ T6319] ? __pfx_get_futex_key+0x10/0x10 [ 115.408885][ T6319] ? __x64_sys_syslog+0x74/0xb0 [ 115.408927][ T6319] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.408971][ T6319] futex_wait_setup+0x83/0x510 [ 115.409025][ T6319] __futex_wait+0x19f/0x300 [ 115.409071][ T6319] ? __pfx___futex_wait+0x10/0x10 [ 115.409119][ T6319] ? __pfx_futex_wake_mark+0x10/0x10 [ 115.409168][ T6319] ? futex_hash+0x2c5/0x380 [ 115.409211][ T6319] futex_wait+0xed/0x380 [ 115.409256][ T6319] ? __pfx_futex_wait+0x10/0x10 [ 115.409318][ T6319] do_futex+0x1ef/0x350 [ 115.409358][ T6319] ? __pfx_do_futex+0x10/0x10 [ 115.409396][ T6319] ? do_syslog+0x18c/0x6d0 [ 115.409441][ T6319] __x64_sys_futex+0x34f/0x4d0 [ 115.409484][ T6319] ? __pfx___x64_sys_futex+0x10/0x10 [ 115.409533][ T6319] do_syscall_64+0x106/0xf80 [ 115.409560][ T6319] ? clear_bhb_loop+0x40/0x90 [ 115.409596][ T6319] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.409625][ T6319] RIP: 0033:0x7fe25ed9c799 [ 115.409649][ T6319] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 115.409675][ T6319] RSP: 002b:00007fe25fcdb0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 115.409701][ T6319] RAX: ffffffffffffffda RBX: 00007fe25f015fa8 RCX: 00007fe25ed9c799 [ 115.409720][ T6319] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fe25f015fa8 [ 115.409745][ T6319] RBP: 00007fe25f015fa0 R08: 0000000000000000 R09: 0000000000000000 [ 115.409762][ T6319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 115.409779][ T6319] R13: 00007fe25f016038 R14: 00007ffea51feb50 R15: 00007ffea51fec38 [ 115.409818][ T6319] [ 115.999687][ T6343] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3456254174 (3456254174 ns) > initial count (2671155079 ns). Using initial count to start timer. [ 116.746784][ T6352] ALUA LU Group already has a valid ID, ignoring request [ 116.756644][ T30] audit: type=1800 audit(1775011729.468:2): pid=6352 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.89" name="lu_gp_id" dev="configfs" ino=9914 res=0 errno=0 [ 117.838609][ T6369] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3456254174 (3456254174 ns) > initial count (2671155079 ns). Using initial count to start timer. [ 118.752215][ T6399] FAULT_INJECTION: forcing a failure. [ 118.752215][ T6399] name failslab, interval 1, probability 0, space 0, times 0 [ 118.784705][ T6399] CPU: 0 UID: 0 PID: 6399 Comm: syz.0.104 Not tainted syzkaller #0 PREEMPT(full) [ 118.784745][ T6399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 118.784760][ T6399] Call Trace: [ 118.784770][ T6399] [ 118.784782][ T6399] dump_stack_lvl+0x100/0x190 [ 118.784832][ T6399] should_fail_ex.cold+0x5/0xa [ 118.784869][ T6399] should_failslab+0xc2/0x120 [ 118.784903][ T6399] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 118.784950][ T6399] ? sk_prot_alloc+0x60/0x2a0 [ 118.784992][ T6399] sk_prot_alloc+0x60/0x2a0 [ 118.785028][ T6399] sk_alloc+0x36/0xe80 [ 118.785074][ T6399] kcm_create+0xfc/0x6a0 [ 118.785122][ T6399] __sock_create+0x339/0x860 [ 118.785167][ T6399] __sys_socket+0x14d/0x260 [ 118.785208][ T6399] ? __pfx___sys_socket+0x10/0x10 [ 118.785258][ T6399] __x64_sys_socket+0x72/0xb0 [ 118.785296][ T6399] ? lockdep_hardirqs_on+0x78/0x100 [ 118.785326][ T6399] do_syscall_64+0x106/0xf80 [ 118.785354][ T6399] ? clear_bhb_loop+0x40/0x90 [ 118.785389][ T6399] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.785419][ T6399] RIP: 0033:0x7fc7d3d9c799 [ 118.785444][ T6399] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 118.785482][ T6399] RSP: 002b:00007fc7d4bd4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 118.785513][ T6399] RAX: ffffffffffffffda RBX: 00007fc7d4015fa0 RCX: 00007fc7d3d9c799 [ 118.785533][ T6399] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000029 [ 118.785549][ T6399] RBP: 00007fc7d3e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 118.785567][ T6399] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 118.785584][ T6399] R13: 00007fc7d4016038 R14: 00007fc7d4015fa0 R15: 00007fffa497b4a8 [ 118.785622][ T6399] [ 119.189517][ T6407] process 'syz.1.106' launched './file0' with NULL argv: empty string added [ 119.403535][ T5837] Bluetooth: hci0: unexpected event 0x3e length: 358 > 260 [ 119.403580][ T5837] Bluetooth: hci0: unexpected subevent 0x1b length: 357 > 260 [ 119.636001][ T6419] nbd: socks must be embedded in a SOCK_ITEM attr [ 119.658945][ T6419] block nbd0: shutting down sockets [ 120.757512][ T6452] netlink: 597 bytes leftover after parsing attributes in process `syz.0.119'. [ 120.928049][ T6454] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3456254174 (3456254174 ns) > initial count (2671155079 ns). Using initial count to start timer. [ 122.275114][ T5837] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 122.289355][ T5837] Bluetooth: hci0: Invalid handle: 0x3a4a > 0x0eff [ 123.039048][ T6504] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3456254174 (3456254174 ns) > initial count (2671155079 ns). Using initial count to start timer. [ 124.529104][ T6548] netlink: 8 bytes leftover after parsing attributes in process `syz.2.142'. [ 124.780948][ T6549] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 124.867602][ T6549] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 124.920068][ T6549] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 124.948769][ T6549] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 125.070810][ T6549] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 125.086260][ T6549] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 125.104494][ T6549] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 125.112684][ T6549] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 125.121970][ T6549] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 125.134614][ T6549] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 125.143214][ T6549] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 125.152992][ T6549] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 125.755226][ T6575] sd 0:0:1:0: PR command failed: 1026 [ 125.761441][ T6575] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 125.768371][ T6575] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 126.000528][ T5831] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 126.008222][ T5831] Bluetooth: hci1: Invalid handle: 0x3a4a > 0x0eff [ 126.225783][ T6584] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !PjE r҄y*"l-y– [ 126.274646][ T6584] sysfs: cannot create duplicate filename '/class/ieee80211/!PjE r҄y*"l-y–L̓]' [ 126.333266][ T6584] CPU: 1 UID: 0 PID: 6584 Comm: syz.2.150 Not tainted syzkaller #0 PREEMPT(full) [ 126.333305][ T6584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 126.333320][ T6584] Call Trace: [ 126.333330][ T6584] [ 126.333340][ T6584] dump_stack_lvl+0x100/0x190 [ 126.333389][ T6584] sysfs_warn_dup.cold+0x1c/0x28 [ 126.333427][ T6584] sysfs_do_create_link_sd+0x113/0x140 [ 126.333472][ T6584] sysfs_create_link+0x61/0xc0 [ 126.333512][ T6584] device_add+0x675/0x1950 [ 126.333553][ T6584] ? __pfx_device_add+0x10/0x10 [ 126.333587][ T6584] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 126.333618][ T6584] ? ieee80211_set_bitrate_flags+0x41b/0x6b0 [ 126.333699][ T6584] wiphy_register+0x1e5b/0x2d30 [ 126.333729][ T6584] ? __rtnl_unlock+0xb9/0xf0 [ 126.333758][ T6584] ? netdev_run_todo+0x750/0x12c0 [ 126.333794][ T6584] ? __pfx_wiphy_register+0x10/0x10 [ 126.333827][ T6584] ? __asan_memset+0x23/0x50 [ 126.333865][ T6584] ? minstrel_ht_alloc+0x5e6/0x7f0 [ 126.333911][ T6584] ieee80211_register_hw+0x2cfd/0x4140 [ 126.333966][ T6584] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 126.333996][ T6584] ? __pfx___debug_object_init+0x10/0x10 [ 126.334035][ T6584] ? find_held_lock+0x2b/0x80 [ 126.334065][ T6584] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 126.334097][ T6584] ? __hrtimer_setup+0x178/0x280 [ 126.334139][ T6584] mac80211_hwsim_new_radio+0x2847/0x57d0 [ 126.334198][ T6584] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 126.334246][ T6584] hwsim_new_radio_nl+0xc1f/0x1340 [ 126.334283][ T6584] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 126.334347][ T6584] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1a0/0x280 [ 126.334381][ T6584] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x280 [ 126.334421][ T6584] genl_family_rcv_msg_doit+0x214/0x300 [ 126.334457][ T6584] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 126.334490][ T6584] ? genl_get_cmd+0x3ef/0x720 [ 126.334530][ T6584] ? bpf_lsm_capable+0x9/0x10 [ 126.334560][ T6584] ? security_capable+0x80/0x260 [ 126.334590][ T6584] ? ns_capable+0xd2/0xf0 [ 126.334624][ T6584] genl_rcv_msg+0x560/0x800 [ 126.334672][ T6584] ? __pfx_genl_rcv_msg+0x10/0x10 [ 126.334706][ T6584] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 126.334752][ T6584] netlink_rcv_skb+0x159/0x420 [ 126.334783][ T6584] ? __pfx_genl_rcv_msg+0x10/0x10 [ 126.334818][ T6584] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 126.334867][ T6584] ? netlink_deliver_tap+0x1ae/0xcc0 [ 126.334920][ T6584] genl_rcv+0x28/0x40 [ 126.334950][ T6584] netlink_unicast+0x5aa/0x870 [ 126.334986][ T6584] ? __pfx_netlink_unicast+0x10/0x10 [ 126.335015][ T6584] ? __pfx___might_resched+0x10/0x10 [ 126.335055][ T6584] ? __lock_acquire+0x4a5/0x2630 [ 126.335106][ T6584] netlink_sendmsg+0x8b0/0xda0 [ 126.335145][ T6584] ? __pfx_netlink_sendmsg+0x10/0x10 [ 126.335172][ T6584] ? __import_iovec+0x1d2/0x640 [ 126.335212][ T6584] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 126.335249][ T6584] ____sys_sendmsg+0x9e1/0xb70 [ 126.335281][ T6584] ? __pfx_netlink_sendmsg+0x10/0x10 [ 126.335315][ T6584] ? __pfx_____sys_sendmsg+0x10/0x10 [ 126.335357][ T6584] ? __pfx_futex_wake_mark+0x10/0x10 [ 126.335410][ T6584] ___sys_sendmsg+0x190/0x1e0 [ 126.335449][ T6584] ? __pfx____sys_sendmsg+0x10/0x10 [ 126.335539][ T6584] __sys_sendmsg+0x170/0x220 [ 126.335587][ T6584] ? __pfx___sys_sendmsg+0x10/0x10 [ 126.335641][ T6584] ? __x64_sys_futex+0x34f/0x4d0 [ 126.335704][ T6584] do_syscall_64+0x106/0xf80 [ 126.335732][ T6584] ? clear_bhb_loop+0x40/0x90 [ 126.335769][ T6584] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 126.335799][ T6584] RIP: 0033:0x7fe25ed9c799 [ 126.335826][ T6584] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 126.335851][ T6584] RSP: 002b:00007fe25fc78028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 126.335879][ T6584] RAX: ffffffffffffffda RBX: 00007fe25f016270 RCX: 00007fe25ed9c799 [ 126.335897][ T6584] RDX: 0000000000040800 RSI: 00002000000000c0 RDI: 0000000000000003 [ 126.335913][ T6584] RBP: 00007fe25ee32c99 R08: 0000000000000000 R09: 0000000000000000 [ 126.335929][ T6584] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 126.335952][ T6584] R13: 00007fe25f016308 R14: 00007fe25f016270 R15: 00007ffea51fec38 [ 126.335993][ T6584] [ 126.896995][ T5837] Bluetooth: hci1: command 0x2016 tx timeout [ 127.020819][ T5837] Bluetooth: hci0: command 0x0c1a tx timeout [ 127.170904][ T5837] Bluetooth: hci3: command 0x0c1a tx timeout [ 127.171122][ T5831] Bluetooth: hci2: command 0x0c1a tx timeout [ 127.656891][ T6602] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3456254174 (3456254174 ns) > initial count (2671155079 ns). Using initial count to start timer. [ 127.902961][ T151] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.012019][ T6607] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 129.000940][ T5831] Bluetooth: hci1: command 0x2016 tx timeout [ 129.082326][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout [ 129.241291][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout [ 129.247442][ T5831] Bluetooth: hci2: command 0x0c1a tx timeout [ 129.331879][ T6649] netlink: 28 bytes leftover after parsing attributes in process `syz.0.167'. [ 129.451813][ T6645] FAULT_INJECTION: forcing a failure. [ 129.451813][ T6645] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 129.482445][ T6645] CPU: 1 UID: 0 PID: 6645 Comm: syz.3.165 Not tainted syzkaller #0 PREEMPT(full) [ 129.482473][ T6645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 129.482483][ T6645] Call Trace: [ 129.482490][ T6645] [ 129.482496][ T6645] dump_stack_lvl+0x100/0x190 [ 129.482530][ T6645] should_fail_ex.cold+0x5/0xa [ 129.482549][ T6645] ? prepare_alloc_pages+0x16d/0x5f0 [ 129.482574][ T6645] should_fail_alloc_page+0xeb/0x140 [ 129.482596][ T6645] prepare_alloc_pages+0x1f0/0x5f0 [ 129.482622][ T6645] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 129.482655][ T6645] ? __pfx_css_rstat_updated+0x10/0x10 [ 129.482684][ T6645] ? rcu_is_watching+0x12/0xc0 [ 129.482714][ T6645] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 129.482749][ T6645] ? lru_gen_add_folio+0x20f/0x13e0 [ 129.482771][ T6645] ? lock_acquire+0x1cf/0x380 [ 129.482796][ T6645] ? find_held_lock+0x2b/0x80 [ 129.482813][ T6645] ? page_table_check_set+0x49a/0xa10 [ 129.482832][ T6645] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 129.482852][ T6645] ? policy_nodemask+0xed/0x4f0 [ 129.482874][ T6645] alloc_pages_mpol+0x1fb/0x550 [ 129.482896][ T6645] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 129.482922][ T6645] folio_alloc_mpol_noprof+0x36/0x340 [ 129.482948][ T6645] vma_alloc_folio_noprof+0xed/0x1d0 [ 129.482972][ T6645] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 129.483003][ T6645] do_anonymous_page+0xb3a/0x1fb0 [ 129.483037][ T6645] __handle_mm_fault+0x1d48/0x2b60 [ 129.483070][ T6645] ? __pfx___handle_mm_fault+0x10/0x10 [ 129.483098][ T6645] ? pte_offset_map_lock+0x174/0x320 [ 129.483118][ T6645] ? find_held_lock+0x2b/0x80 [ 129.483143][ T6645] ? follow_page_pte+0x5b3/0x1400 [ 129.483168][ T6645] handle_mm_fault+0x36d/0xa20 [ 129.483199][ T6645] __get_user_pages+0xf9c/0x34d0 [ 129.483229][ T6645] ? __pfx___get_user_pages+0x10/0x10 [ 129.483257][ T6645] populate_vma_page_range+0x267/0x3f0 [ 129.483283][ T6645] ? __pfx_populate_vma_page_range+0x10/0x10 [ 129.483306][ T6645] ? __pfx_find_vma_intersection+0x10/0x10 [ 129.483333][ T6645] __mm_populate+0x107/0x3a0 [ 129.483363][ T6645] ? __pfx___mm_populate+0x10/0x10 [ 129.483388][ T6645] ? up_write+0x406/0x4f0 [ 129.483417][ T6645] vm_mmap_pgoff+0x37f/0x470 [ 129.483442][ T6645] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 129.483473][ T6645] ? find_held_lock+0x2b/0x80 [ 129.483490][ T6645] ? count_memcg_events_mm.constprop.0+0xfa/0x2a0 [ 129.483513][ T6645] ksys_mmap_pgoff+0xe1/0x650 [ 129.483534][ T6645] ? count_memcg_events_mm.constprop.0+0x109/0x2a0 [ 129.483554][ T6645] ? find_held_lock+0x2b/0x80 [ 129.483572][ T6645] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 129.483591][ T6645] ? exc_page_fault+0x6f/0xd0 [ 129.483627][ T6645] __x64_sys_mmap+0x125/0x190 [ 129.483658][ T6645] do_syscall_64+0x106/0xf80 [ 129.483676][ T6645] ? clear_bhb_loop+0x40/0x90 [ 129.483699][ T6645] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.483718][ T6645] RIP: 0033:0x7fd72f99c799 [ 129.483733][ T6645] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 129.483750][ T6645] RSP: 002b:00007fd730852028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 129.483768][ T6645] RAX: ffffffffffffffda RBX: 00007fd72fc16090 RCX: 00007fd72f99c799 [ 129.483779][ T6645] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 129.483789][ T6645] RBP: 00007fd72fa32c99 R08: 0000000000000002 R09: 0000000000008000 [ 129.483800][ T6645] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 129.483810][ T6645] R13: 00007fd72fc16128 R14: 00007fd72fc16090 R15: 00007ffe49c502c8 [ 129.483833][ T6645] [ 130.240332][ T6649] veth1_macvtap: left promiscuous mode [ 131.091309][ T5831] Bluetooth: hci1: command 0x2016 tx timeout [ 131.160778][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout [ 131.331467][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout [ 131.331480][ T5837] Bluetooth: hci2: command 0x0c1a tx timeout [ 132.023605][ T6704] netlink: 326 bytes leftover after parsing attributes in process `syz.2.180'. [ 133.326637][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.333833][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.459110][ T5831] Bluetooth: hci2: unexpected event 0x3e length: 358 > 260 [ 133.459152][ T5831] Bluetooth: hci2: unexpected subevent 0x1b length: 357 > 260 [ 134.722473][ T6757] netlink: 326 bytes leftover after parsing attributes in process `syz.3.189'. [ 136.095082][ T6790] FAULT_INJECTION: forcing a failure. [ 136.095082][ T6790] name failslab, interval 1, probability 0, space 0, times 0 [ 136.112210][ T6790] CPU: 1 UID: 0 PID: 6790 Comm: syz.2.194 Not tainted syzkaller #0 PREEMPT(full) [ 136.112250][ T6790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 136.112267][ T6790] Call Trace: [ 136.112277][ T6790] [ 136.112288][ T6790] dump_stack_lvl+0x100/0x190 [ 136.112338][ T6790] should_fail_ex.cold+0x5/0xa [ 136.112372][ T6790] ? evm_read_xattrs+0x175/0x3f0 [ 136.112405][ T6790] should_failslab+0xc2/0x120 [ 136.112438][ T6790] __kmalloc_noprof+0xe0/0x850 [ 136.112492][ T6790] evm_read_xattrs+0x175/0x3f0 [ 136.112532][ T6790] ? __pfx_evm_read_xattrs+0x10/0x10 [ 136.112574][ T6790] vfs_readv+0x5d8/0x8d0 [ 136.112616][ T6790] ? rcu_is_watching+0x12/0xc0 [ 136.112672][ T6790] ? __pfx_vfs_readv+0x10/0x10 [ 136.112713][ T6790] ? fdget_pos+0x2aa/0x380 [ 136.112747][ T6790] ? find_held_lock+0x2b/0x80 [ 136.112802][ T6790] ? __fget_files+0x21f/0x3d0 [ 136.112842][ T6790] ? do_readv+0x13e/0x340 [ 136.112883][ T6790] do_readv+0x13e/0x340 [ 136.112927][ T6790] ? __pfx_do_readv+0x10/0x10 [ 136.112984][ T6790] do_syscall_64+0x106/0xf80 [ 136.113012][ T6790] ? clear_bhb_loop+0x40/0x90 [ 136.113049][ T6790] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.113079][ T6790] RIP: 0033:0x7fe25ed9c799 [ 136.113104][ T6790] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 136.113130][ T6790] RSP: 002b:00007fe25fcdb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 136.113164][ T6790] RAX: ffffffffffffffda RBX: 00007fe25f015fa0 RCX: 00007fe25ed9c799 [ 136.113183][ T6790] RDX: 0000000000000009 RSI: 00002000000018c0 RDI: 0000000000000003 [ 136.113199][ T6790] RBP: 00007fe25fcdb090 R08: 0000000000000000 R09: 0000000000000000 [ 136.113215][ T6790] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 136.113231][ T6790] R13: 00007fe25f016038 R14: 00007fe25f015fa0 R15: 00007ffea51fec38 [ 136.113271][ T6790] [ 136.385894][ T5831] Bluetooth: hci0: unexpected event 0x3e length: 358 > 260 [ 136.385940][ T5831] Bluetooth: hci0: unexpected subevent 0x1b length: 357 > 260 [ 136.711964][ T6800] netlink: 326 bytes leftover after parsing attributes in process `syz.0.199'. [ 137.596961][ T6818] NFSD: Failed to start, no listeners configured. [ 137.775241][ T5831] Bluetooth: hci2: unexpected event 0x3e length: 358 > 260 [ 137.775282][ T5831] Bluetooth: hci2: unexpected subevent 0x1b length: 357 > 260 [ 139.508061][ T5831] Bluetooth: hci3: unexpected event 0x3e length: 358 > 260 [ 139.508106][ T5831] Bluetooth: hci3: unexpected subevent 0x1b length: 357 > 260 [ 140.033216][ T6878] FAULT_INJECTION: forcing a failure. [ 140.033216][ T6878] name failslab, interval 1, probability 0, space 0, times 0 [ 140.078248][ T6878] CPU: 1 UID: 0 PID: 6878 Comm: syz.3.217 Not tainted syzkaller #0 PREEMPT(full) [ 140.078275][ T6878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 140.078286][ T6878] Call Trace: [ 140.078292][ T6878] [ 140.078299][ T6878] dump_stack_lvl+0x100/0x190 [ 140.078332][ T6878] should_fail_ex.cold+0x5/0xa [ 140.078354][ T6878] ? tomoyo_encode2+0xfb/0x3c0 [ 140.078380][ T6878] should_failslab+0xc2/0x120 [ 140.078401][ T6878] __kmalloc_noprof+0xe0/0x850 [ 140.078435][ T6878] ? d_absolute_path+0x136/0x1b0 [ 140.078473][ T6878] tomoyo_encode2+0xfb/0x3c0 [ 140.078503][ T6878] tomoyo_encode+0x29/0x50 [ 140.078529][ T6878] tomoyo_realpath_from_path+0x18c/0x690 [ 140.078561][ T6878] tomoyo_check_open_permission+0x2af/0x3c0 [ 140.078586][ T6878] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 140.078609][ T6878] ? acct_on+0x189/0x9e0 [ 140.078636][ T6878] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 140.078675][ T6878] ? do_raw_spin_lock+0x128/0x260 [ 140.078705][ T6878] ? path_get+0x61/0x80 [ 140.078730][ T6878] tomoyo_file_open+0x6b/0x90 [ 140.078748][ T6878] security_file_open+0xb5/0x1e0 [ 140.078774][ T6878] do_dentry_open+0x5aa/0x1660 [ 140.078795][ T6878] ? lockdep_init_map_type+0x5c/0x250 [ 140.078824][ T6878] vfs_open+0x82/0x3f0 [ 140.078851][ T6878] dentry_open+0x71/0xd0 [ 140.078876][ T6878] acct_on+0x189/0x9e0 [ 140.078905][ T6878] ? __pfx_acct_on+0x10/0x10 [ 140.078933][ T6878] ? bpf_lsm_capable+0x9/0x10 [ 140.078954][ T6878] ? security_capable+0x80/0x260 [ 140.078974][ T6878] __x64_sys_acct+0x81/0x1e0 [ 140.079002][ T6878] ? lockdep_hardirqs_on+0x78/0x100 [ 140.079021][ T6878] do_syscall_64+0x106/0xf80 [ 140.079038][ T6878] ? clear_bhb_loop+0x40/0x90 [ 140.079060][ T6878] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 140.079079][ T6878] RIP: 0033:0x7fd72f99c799 [ 140.079095][ T6878] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 140.079112][ T6878] RSP: 002b:00007fd730852028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a3 [ 140.079130][ T6878] RAX: ffffffffffffffda RBX: 00007fd72fc16090 RCX: 00007fd72f99c799 [ 140.079141][ T6878] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000100 [ 140.079151][ T6878] RBP: 00007fd72fa32c99 R08: 0000000000000000 R09: 0000000000000000 [ 140.079162][ T6878] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 140.079172][ T6878] R13: 00007fd72fc16128 R14: 00007fd72fc16090 R15: 00007ffe49c502c8 [ 140.079195][ T6878] [ 140.079241][ T6878] ERROR: Out of memory at tomoyo_realpath_from_path. [ 140.394745][ T6878] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 140.394745][ T6876] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 141.398943][ T6907] usb usb3: usbfs: process 6907 (syz.2.224) did not claim interface 0 before use [ 141.531158][ T6905] netlink: 28 bytes leftover after parsing attributes in process `syz.3.223'. [ 141.736031][ T6905] ipvlan0: entered promiscuous mode [ 141.744489][ T6905] ipvlan0: entered allmulticast mode [ 141.750201][ T6905] veth0_vlan: entered allmulticast mode [ 141.968647][ T6917] netlink: 36 bytes leftover after parsing attributes in process `syz.3.227'. [ 141.977945][ T6918] netlink: 36 bytes leftover after parsing attributes in process `syz.3.227'. [ 142.268236][ T6922] netlink: 326 bytes leftover after parsing attributes in process `syz.3.228'. [ 142.435977][ T6926] netlink: 16 bytes leftover after parsing attributes in process `syz.2.230'. [ 142.562609][ T6926] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 142.571717][ T6926] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 142.578014][ T6926] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 142.594776][ T6926] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 143.099291][ T6933] netlink: 12 bytes leftover after parsing attributes in process `syz.0.232'. [ 143.776969][ T6960] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 143.901884][ T6958] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 143.925347][ T6958] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 143.951800][ T6958] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 143.980376][ T6958] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 144.557195][ T6980] netlink: 326 bytes leftover after parsing attributes in process `syz.3.240'. [ 145.942019][ T7004] binder: 7003:7004 ioctl c018620c 0 returned -14 [ 145.960898][ T5831] Bluetooth: hci2: command 0x0c1a tx timeout [ 145.967088][ T5837] Bluetooth: hci0: command 0x0c1a tx timeout [ 145.973486][ T5146] Bluetooth: hci1: command 0x2016 tx timeout [ 146.040897][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout [ 148.498927][ T7030] vhci_hcd vhci_hcd.0: default hub control req: 0000 v0000 i0000 l0 [ 149.001591][ T7028] mmap: syz.1.250 (7028) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 149.002767][ T7024] NFSD: Failed to start, no listeners configured. [ 150.406135][ T7056] FAULT_INJECTION: forcing a failure. [ 150.406135][ T7056] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 150.475202][ T7056] CPU: 1 UID: 0 PID: 7056 Comm: syz.2.255 Not tainted syzkaller #0 PREEMPT(full) [ 150.475228][ T7056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 150.475239][ T7056] Call Trace: [ 150.475245][ T7056] [ 150.475252][ T7056] dump_stack_lvl+0x100/0x190 [ 150.475285][ T7056] should_fail_ex.cold+0x5/0xa [ 150.475307][ T7056] strncpy_from_user+0x3b/0x2d0 [ 150.475332][ T7056] do_getname+0x78/0x390 [ 150.475358][ T7056] do_sys_openat2+0xc5/0x1e0 [ 150.475384][ T7056] ? __pfx_do_sys_openat2+0x10/0x10 [ 150.475410][ T7056] ? find_held_lock+0x2b/0x80 [ 150.475443][ T7056] __x64_sys_openat+0x12d/0x210 [ 150.475469][ T7056] ? __pfx___x64_sys_openat+0x10/0x10 [ 150.475502][ T7056] do_syscall_64+0x106/0xf80 [ 150.475520][ T7056] ? clear_bhb_loop+0x40/0x90 [ 150.475542][ T7056] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 150.475561][ T7056] RIP: 0033:0x7fe25ed9c799 [ 150.475577][ T7056] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 150.475593][ T7056] RSP: 002b:00007fe25fcba028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 150.475611][ T7056] RAX: ffffffffffffffda RBX: 00007fe25f016090 RCX: 00007fe25ed9c799 [ 150.475622][ T7056] RDX: 0000000000000281 RSI: 0000000000000000 RDI: ffffffffffffff9c [ 150.475632][ T7056] RBP: 00007fe25ee32c99 R08: 0000000000000000 R09: 0000000000000000 [ 150.475642][ T7056] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 150.475652][ T7056] R13: 00007fe25f016128 R14: 00007fe25f016090 R15: 00007ffea51fec38 [ 150.475674][ T7056] [ 150.918427][ T5831] Bluetooth: hci1: unexpected event 0x3e length: 358 > 260 [ 150.918471][ T5831] Bluetooth: hci1: unexpected subevent 0x1b length: 357 > 260 [ 151.785745][ T7071] netlink: 326 bytes leftover after parsing attributes in process `syz.3.259'. [ 152.681871][ T7092] netlink: 342 bytes leftover after parsing attributes in process `syz.3.262'. [ 153.192930][ T7096] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input7 [ 154.371307][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 154.493023][ T5831] Bluetooth: hci3: unexpected event 0x3e length: 358 > 260 [ 154.493053][ T5831] Bluetooth: hci3: unexpected subevent 0x1b length: 357 > 260 [ 157.553366][ T7216] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 157.645475][ T7221] FAULT_INJECTION: forcing a failure. [ 157.645475][ T7221] name failslab, interval 1, probability 0, space 0, times 0 [ 157.705517][ T7221] CPU: 1 UID: 0 PID: 7221 Comm: syz.0.288 Not tainted syzkaller #0 PREEMPT(full) [ 157.705559][ T7221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 157.705575][ T7221] Call Trace: [ 157.705585][ T7221] [ 157.705596][ T7221] dump_stack_lvl+0x100/0x190 [ 157.705644][ T7221] should_fail_ex.cold+0x5/0xa [ 157.705678][ T7221] ? tomoyo_supervisor+0x65d/0x1340 [ 157.705720][ T7221] should_failslab+0xc2/0x120 [ 157.705752][ T7221] __kmalloc_noprof+0xe0/0x850 [ 157.705801][ T7221] tomoyo_supervisor+0x65d/0x1340 [ 157.705851][ T7221] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 157.705920][ T7221] ? tomoyo_check_path_acl+0x141/0x210 [ 157.705959][ T7221] ? tomoyo_check_acl+0x1f7/0x410 [ 157.705996][ T7221] tomoyo_path_permission+0x270/0x3b0 [ 157.706034][ T7221] tomoyo_check_open_permission+0x37f/0x3c0 [ 157.706068][ T7221] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 157.706137][ T7221] ? lock_acquire+0x1cf/0x380 [ 157.706172][ T7221] ? find_held_lock+0x2b/0x80 [ 157.706211][ T7221] tomoyo_file_open+0x6b/0x90 [ 157.706240][ T7221] security_file_open+0xb5/0x1e0 [ 157.706277][ T7221] do_dentry_open+0x5aa/0x1660 [ 157.706318][ T7221] vfs_open+0x82/0x3f0 [ 157.706365][ T7221] path_openat+0x208c/0x31a0 [ 157.706409][ T7221] ? __pfx_path_openat+0x10/0x10 [ 157.706456][ T7221] do_file_open+0x20e/0x430 [ 157.706490][ T7221] ? __pfx_do_file_open+0x10/0x10 [ 157.706557][ T7221] ? alloc_fd+0x476/0x790 [ 157.706590][ T7221] ? do_getname+0x191/0x390 [ 157.706630][ T7221] do_sys_openat2+0x10d/0x1e0 [ 157.706667][ T7221] ? __pfx_do_sys_openat2+0x10/0x10 [ 157.706707][ T7221] ? __fget_files+0x21f/0x3d0 [ 157.706745][ T7221] __x64_sys_openat+0x12d/0x210 [ 157.706783][ T7221] ? __pfx___x64_sys_openat+0x10/0x10 [ 157.706837][ T7221] do_syscall_64+0x106/0xf80 [ 157.706865][ T7221] ? clear_bhb_loop+0x40/0x90 [ 157.706899][ T7221] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.706927][ T7221] RIP: 0033:0x7fc7d3d9c799 [ 157.706951][ T7221] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 157.706976][ T7221] RSP: 002b:00007fc7d4bd4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 157.707003][ T7221] RAX: ffffffffffffffda RBX: 00007fc7d4015fa0 RCX: 00007fc7d3d9c799 [ 157.707022][ T7221] RDX: 0000000000008382 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 157.707040][ T7221] RBP: 00007fc7d3e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 157.707057][ T7221] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 157.707074][ T7221] R13: 00007fc7d4016038 R14: 00007fc7d4015fa0 R15: 00007fffa497b4a8 [ 157.707112][ T7221] [ 158.186983][ T5831] Bluetooth: hci0: unexpected event 0x3e length: 358 > 260 [ 158.187010][ T5831] Bluetooth: hci0: unexpected subevent 0x1b length: 357 > 260 [ 159.623487][ T7227] netlink: 28 bytes leftover after parsing attributes in process `syz.3.290'. [ 159.650346][ T7227] ipvlan1: entered promiscuous mode [ 159.741375][ T7227] ipvlan1: entered allmulticast mode [ 160.691743][ T5831] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 163.192474][ T5831] Bluetooth: hci0: unexpected event 0x3e length: 358 > 260 [ 163.192517][ T5831] Bluetooth: hci0: unexpected subevent 0x1b length: 357 > 260 [ 163.217786][ T30] audit: type=1400 audit(1775011775.928:3): apparmor="DENIED" operation="setprocattr" info="current" error=-22 profile="unconfined" pid=7324 comm="syz.0.313" [ 164.667484][ T7345] netlink: 338 bytes leftover after parsing attributes in process `syz.2.318'. [ 164.676935][ T7345] bond_slave_0: entered allmulticast mode [ 164.922442][ T7350] vhci_hcd vhci_hcd.2: invalid port number 0 [ 165.250773][ T5831] Bluetooth: hci2: unexpected event 0x3e length: 358 > 260 [ 165.250802][ T5831] Bluetooth: hci2: unexpected subevent 0x1b length: 357 > 260 [ 165.573112][ T7373] nvme_fcloop: unknown parameter or missing value '7' [ 165.924875][ T7363] NFSD: Failed to start, no listeners configured. [ 166.099514][ T7366] Invalid ELF header magic: != ELF [ 167.803136][ T5831] Bluetooth: hci3: unexpected event 0x3e length: 358 > 260 [ 167.803180][ T5831] Bluetooth: hci3: unexpected subevent 0x1b length: 357 > 260 [ 169.651836][ T7493] futex_wake_op: syz.1.339 tries to shift op by -2048; fix this program [ 170.487631][ T7523] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 170.523861][ T30] audit: type=1804 audit(1775011783.248:4): pid=7523 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.347" name="/newroot/sys/kernel/debug/tracing/free_buffer" dev="tracefs" ino=3136 res=1 errno=0 [ 171.483526][ T7544] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3456254174 (3456254174 ns) > initial count (2671155079 ns). Using initial count to start timer. [ 171.858120][ T7554] ubi31: attaching mtd0 [ 171.883262][ T7554] ubi31: scanning is finished [ 171.888310][ T7554] ubi31 error: ubi_read_volume_table: the layout volume was not found [ 172.276913][ T7561] netlink: 28 bytes leftover after parsing attributes in process `syz.1.358'. [ 172.315699][ T7554] ubi31 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 173.034905][ T7567] netlink: 330 bytes leftover after parsing attributes in process `syz.1.358'. [ 174.252666][ T7595] ecryptfs_miscdev_write: Minimum acceptable packet size is [14], but amount of data written is only [5]. Discarding response packet. [ 174.267271][ T7598] .^: entered promiscuous mode [ 177.355854][ T7623] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 177.371196][ T7623] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 177.377290][ T7623] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 177.385853][ T7623] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 177.882475][ T5837] Bluetooth: hci1: command 0x2016 tx timeout [ 178.928336][ T7714] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3456254174 (3456254174 ns) > initial count (2671155079 ns). Using initial count to start timer. [ 179.240314][ T7722] netlink: 342 bytes leftover after parsing attributes in process `syz.2.391'. [ 179.401438][ T5837] Bluetooth: hci2: command 0x0c1a tx timeout [ 179.407573][ T5837] Bluetooth: hci3: command 0x0c1a tx timeout [ 179.414466][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout [ 179.885411][ T7746] QAT: Stopping all acceleration devices. [ 180.192015][ T7758] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3456254174 (3456254174 ns) > initial count (2671155079 ns). Using initial count to start timer. [ 180.350031][ T7785] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3456254174 (3456254174 ns) > initial count (2671155079 ns). Using initial count to start timer. [ 181.819059][ T7888] zram0: detected capacity change from 0 to 16 [ 181.852749][ T7898] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3456254174 (3456254174 ns) > initial count (2671155079 ns). Using initial count to start timer. [ 182.623433][ T7931] netlink: 4684 bytes leftover after parsing attributes in process `syz.3.414'. [ 184.206063][ T8044] FAULT_INJECTION: forcing a failure. [ 184.206063][ T8044] name failslab, interval 1, probability 0, space 0, times 0 [ 184.244285][ T8044] CPU: 1 UID: 0 PID: 8044 Comm: syz.0.423 Not tainted syzkaller #0 PREEMPT(full) [ 184.244329][ T8044] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 184.244348][ T8044] Call Trace: [ 184.244359][ T8044] [ 184.244371][ T8044] dump_stack_lvl+0x100/0x190 [ 184.244426][ T8044] should_fail_ex.cold+0x5/0xa [ 184.244464][ T8044] should_failslab+0xc2/0x120 [ 184.244499][ T8044] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 184.244546][ T8044] ? __pmd_alloc+0xbf/0x950 [ 184.244593][ T8044] __pmd_alloc+0xbf/0x950 [ 184.244636][ T8044] __handle_mm_fault+0xa9e/0x2b60 [ 184.244687][ T8044] ? mt_find+0x45e/0x8e0 [ 184.244723][ T8044] ? __pfx___handle_mm_fault+0x10/0x10 [ 184.244764][ T8044] ? __pfx_mt_find+0x10/0x10 [ 184.244831][ T8044] handle_mm_fault+0x36d/0xa20 [ 184.244893][ T8044] __get_user_pages+0xf9c/0x34d0 [ 184.244948][ T8044] ? __pfx___get_user_pages+0x10/0x10 [ 184.244999][ T8044] populate_vma_page_range+0x267/0x3f0 [ 184.245042][ T8044] ? __pfx_populate_vma_page_range+0x10/0x10 [ 184.245080][ T8044] ? __pfx_find_vma_intersection+0x10/0x10 [ 184.245117][ T8044] ? do_mmap+0x93f/0x12f0 [ 184.245158][ T8044] __mm_populate+0x107/0x3a0 [ 184.245200][ T8044] ? __pfx___mm_populate+0x10/0x10 [ 184.245241][ T8044] ? up_write+0x290/0x4f0 [ 184.245297][ T8044] vm_mmap_pgoff+0x37f/0x470 [ 184.245340][ T8044] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 184.245381][ T8044] ? do_futex+0x192/0x350 [ 184.245423][ T8044] ? __pfx_do_futex+0x10/0x10 [ 184.245471][ T8044] ksys_mmap_pgoff+0xe1/0x650 [ 184.245507][ T8044] ? __x64_sys_futex+0x34f/0x4d0 [ 184.245546][ T8044] ? __x64_sys_futex+0x358/0x4d0 [ 184.245589][ T8044] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 184.245624][ T8044] ? xfd_validate_state+0x129/0x190 [ 184.245679][ T8044] __x64_sys_mmap+0x125/0x190 [ 184.245731][ T8044] do_syscall_64+0x106/0xf80 [ 184.245761][ T8044] ? clear_bhb_loop+0x40/0x90 [ 184.245799][ T8044] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 184.245831][ T8044] RIP: 0033:0x7fc7d3d9c799 [ 184.245858][ T8044] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 184.245893][ T8044] RSP: 002b:00007fc7d4bd4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 184.245924][ T8044] RAX: ffffffffffffffda RBX: 00007fc7d4015fa0 RCX: 00007fc7d3d9c799 [ 184.245944][ T8044] RDX: 00000800000000df RSI: 0000000000000009 RDI: 0000000000000000 [ 184.245962][ T8044] RBP: 00007fc7d3e32c99 R08: 000000000000ea8a R09: 0000000000008000 [ 184.245979][ T8044] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 184.245996][ T8044] R13: 00007fc7d4016038 R14: 00007fc7d4015fa0 R15: 00007fffa497b4a8 [ 184.246038][ T8044] [ 186.072821][ T8095] program syz.2.428 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 186.091770][ T8092] ima: policy update failed [ 186.097579][ T30] audit: type=1802 audit(1775011798.818:5): pid=8092 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.428" res=0 errno=0 [ 189.171884][ T0] NOHZ tick-stop error: local softirq work is pending, handler #242!!! [ 190.419817][ T8339] program syz.3.439 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 193.159478][ T8472] zswap: compressor not available [ 193.942874][ T8508] mkiss: ax0: crc mode is auto. [ 194.767670][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.779511][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 197.080415][ T8668] smpboot: CPU 1 is now offline [ 198.343877][ T8766] FAULT_INJECTION: forcing a failure. [ 198.343877][ T8766] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 198.457424][ T8766] CPU: 0 UID: 0 PID: 8766 Comm: syz.1.477 Not tainted syzkaller #0 PREEMPT(full) [ 198.457452][ T8766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 198.457464][ T8766] Call Trace: [ 198.457470][ T8766] [ 198.457477][ T8766] dump_stack_lvl+0x100/0x190 [ 198.457510][ T8766] should_fail_ex.cold+0x5/0xa [ 198.457532][ T8766] _copy_from_user+0x2e/0xd0 [ 198.457558][ T8766] proc_setgroups_write+0x12d/0x4b0 [ 198.457580][ T8766] ? __pfx_proc_setgroups_write+0x10/0x10 [ 198.457607][ T8766] ? __pfx_proc_setgroups_write+0x10/0x10 [ 198.457627][ T8766] vfs_writev+0x5ea/0xe10 [ 198.457654][ T8766] ? rcu_is_watching+0x12/0xc0 [ 198.457688][ T8766] ? __pfx_vfs_writev+0x10/0x10 [ 198.457715][ T8766] ? fdget_pos+0x2aa/0x380 [ 198.457751][ T8766] ? __fget_files+0x21f/0x3d0 [ 198.457774][ T8766] ? do_writev+0x13e/0x340 [ 198.457801][ T8766] do_writev+0x13e/0x340 [ 198.457830][ T8766] ? __pfx_do_writev+0x10/0x10 [ 198.457864][ T8766] do_syscall_64+0x106/0xf80 [ 198.457882][ T8766] ? clear_bhb_loop+0x40/0x90 [ 198.457905][ T8766] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 198.457923][ T8766] RIP: 0033:0x7f46c559c799 [ 198.457939][ T8766] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 198.457955][ T8766] RSP: 002b:00007f46c645f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 198.457973][ T8766] RAX: ffffffffffffffda RBX: 00007f46c5816090 RCX: 00007f46c559c799 [ 198.457984][ T8766] RDX: 0000000000000008 RSI: 0000200000003600 RDI: 0000000000000007 [ 198.457994][ T8766] RBP: 00007f46c5632c99 R08: 0000000000000000 R09: 0000000000000000 [ 198.458004][ T8766] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 198.458015][ T8766] R13: 00007f46c5816128 R14: 00007f46c5816090 R15: 00007ffc6fdf1578 [ 198.458045][ T8766] [ 199.113153][ T8793] futex_wake_op: syz.0.479 tries to shift op by -2048; fix this program [ 199.133906][ T8793] futex_wake_op: syz.0.479 tries to shift op by -2048; fix this program [ 199.143807][ T8793] 0x000000000001-0x000000020000 : "" [ 199.174293][ T8793] ftl_cs: FTL header corrupt! [ 199.188241][ T8826] syz.2.481 (8826): /proc/8826/oom_adj is deprecated, please use /proc/8826/oom_score_adj instead. [ 199.349028][ T8831] can0: slcan on ttyS2. [ 199.714060][ T8824] can0 (unregistered): slcan off ttyS2. [ 199.875392][ T8855] netlink: 12 bytes leftover after parsing attributes in process `syz.2.487'. [ 199.888272][ T30] audit: type=1806 audit(1775011812.618:6): res=-14 [ 200.999144][ T8905] netlink: 338 bytes leftover after parsing attributes in process `syz.1.493'. [ 201.081335][ T8905] bond_slave_0: entered allmulticast mode [ 201.831367][ T8941] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3456254174 (3456254174 ns) > initial count (2671155079 ns). Using initial count to start timer. [ 202.233019][ T8972] usb usb21: usbfs: process 8972 (syz.2.501) did not claim interface 16 before use [ 202.373101][ T8979] netlink: 338 bytes leftover after parsing attributes in process `syz.1.503'. [ 202.671712][ T8990] capability: warning: `syz.2.504' uses 32-bit capabilities (legacy support in use) [ 203.264765][ T9006] FAULT_INJECTION: forcing a failure. [ 203.264765][ T9006] name failslab, interval 1, probability 0, space 0, times 0 [ 203.278668][ T9006] CPU: 0 UID: 0 PID: 9006 Comm: syz.3.510 Tainted: G L syzkaller #0 PREEMPT(full) [ 203.278705][ T9006] Tainted: [L]=SOFTLOCKUP [ 203.278712][ T9006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 203.278722][ T9006] Call Trace: [ 203.278728][ T9006] [ 203.278735][ T9006] dump_stack_lvl+0x100/0x190 [ 203.278768][ T9006] should_fail_ex.cold+0x5/0xa [ 203.278790][ T9006] should_failslab+0xc2/0x120 [ 203.278811][ T9006] __kmalloc_cache_noprof+0x7a/0x6f0 [ 203.278837][ T9006] ? vidtv_psi_pmt_stream_init+0x4e/0x3e0 [ 203.278864][ T9006] ? vidtv_psi_pmt_table_init+0x363/0x430 [ 203.278895][ T9006] vidtv_psi_pmt_stream_init+0x4e/0x3e0 [ 203.278923][ T9006] vidtv_channel_si_init+0x1289/0x18d0 [ 203.278961][ T9006] vidtv_mux_init+0x526/0xbf0 [ 203.278981][ T9006] vidtv_start_feed+0x33e/0x4c0 [ 203.279009][ T9006] ? __pfx_vidtv_start_feed+0x10/0x10 [ 203.279034][ T9006] ? __pfx_vidtv_bridge_on_new_pkts_avail+0x10/0x10 [ 203.279063][ T9006] ? mark_held_locks+0x40/0x70 [ 203.279091][ T9006] ? __pfx_vidtv_start_feed+0x10/0x10 [ 203.279114][ T9006] dmx_ts_feed_start_filtering+0xf6/0x220 [ 203.279143][ T9006] dvb_dmxdev_start_feed+0x273/0x3f0 [ 203.279167][ T9006] dvb_dmxdev_filter_start+0x1b6/0xdd0 [ 203.279192][ T9006] ? dvb_dmxdev_add_pid+0x2a1/0x380 [ 203.279216][ T9006] dvb_demux_do_ioctl+0xe64/0x1200 [ 203.279246][ T9006] dvb_usercopy+0x167/0x340 [ 203.279265][ T9006] ? __pfx_dvb_demux_do_ioctl+0x10/0x10 [ 203.279289][ T9006] ? __pfx_dvb_usercopy+0x10/0x10 [ 203.279317][ T9006] ? __fget_files+0x21f/0x3d0 [ 203.279341][ T9006] dvb_demux_ioctl+0x29/0x40 [ 203.279360][ T9006] ? __pfx_dvb_demux_ioctl+0x10/0x10 [ 203.279380][ T9006] __x64_sys_ioctl+0x18e/0x210 [ 203.279410][ T9006] do_syscall_64+0x106/0xf80 [ 203.279427][ T9006] ? clear_bhb_loop+0x40/0x90 [ 203.279450][ T9006] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 203.279469][ T9006] RIP: 0033:0x7fd72f99c799 [ 203.279485][ T9006] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 203.279501][ T9006] RSP: 002b:00007fd730873028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 203.279518][ T9006] RAX: ffffffffffffffda RBX: 00007fd72fc15fa0 RCX: 00007fd72f99c799 [ 203.279529][ T9006] RDX: 0000000000000000 RSI: 0000000040146f2c RDI: 0000000000000002 [ 203.279540][ T9006] RBP: 00007fd72fa32c99 R08: 0000000000000000 R09: 0000000000000000 [ 203.279550][ T9006] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 203.279560][ T9006] R13: 00007fd72fc16038 R14: 00007fd72fc15fa0 R15: 00007ffe49c502c8 [ 203.279583][ T9006] [ 203.279757][ T9006] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI [ 203.548548][ T9006] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 203.557051][ T9006] CPU: 0 UID: 0 PID: 9006 Comm: syz.3.510 Tainted: G L syzkaller #0 PREEMPT(full) [ 203.568002][ T9006] Tainted: [L]=SOFTLOCKUP [ 203.572334][ T9006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 203.582422][ T9006] RIP: 0010:vidtv_psi_desc_assign+0x24/0x90 [ 203.588357][ T9006] Code: 90 90 90 90 90 90 0f 1f 40 d6 41 54 55 48 89 f5 53 48 89 fb e8 5d 33 db f9 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 75 4c 4c 8b 23 49 39 ec 74 36 e8 39 33 db f9 4d 85 e4 [ 203.608068][ T9006] RSP: 0018:ffffc9000544fa10 EFLAGS: 00010247 [ 203.614151][ T9006] RAX: dffffc0000000000 RBX: 0000000000000005 RCX: ffffc9000d541000 [ 203.622220][ T9006] RDX: 0000000000000000 RSI: ffffffff882d1063 RDI: 0000000000000005 [ 203.630406][ T9006] RBP: ffff88802a313560 R08: 0000000000000000 R09: 4453534204050000 [ 203.638395][ T9006] R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000000 [ 203.646465][ T9006] R13: ffff88801c3eb680 R14: ffff88807e2fe600 R15: ffff88801c3ebd00 [ 203.654470][ T9006] FS: 00007fd7308736c0(0000) GS:ffff888124343000(0000) knlGS:0000000000000000 [ 203.663857][ T9006] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 203.670470][ T9006] CR2: 0000001b30f13ff8 CR3: 000000005e728000 CR4: 00000000003526f0 [ 203.678552][ T9006] Call Trace: [ 203.681839][ T9006] [ 203.684796][ T9006] vidtv_channel_si_init+0x12fc/0x18d0 [ 203.690380][ T9006] vidtv_mux_init+0x526/0xbf0 [ 203.695059][ T9006] vidtv_start_feed+0x33e/0x4c0 [ 203.699928][ T9006] ? __pfx_vidtv_start_feed+0x10/0x10 [ 203.705490][ T9006] ? __pfx_vidtv_bridge_on_new_pkts_avail+0x10/0x10 [ 203.712105][ T9006] ? mark_held_locks+0x40/0x70 [ 203.716970][ T9006] ? __pfx_vidtv_start_feed+0x10/0x10 [ 203.722350][ T9006] dmx_ts_feed_start_filtering+0xf6/0x220 [ 203.728150][ T9006] dvb_dmxdev_start_feed+0x273/0x3f0 [ 203.733443][ T9006] dvb_dmxdev_filter_start+0x1b6/0xdd0 [ 203.738906][ T9006] ? dvb_dmxdev_add_pid+0x2a1/0x380 [ 203.744136][ T9006] dvb_demux_do_ioctl+0xe64/0x1200 [ 203.749375][ T9006] dvb_usercopy+0x167/0x340 [ 203.753881][ T9006] ? __pfx_dvb_demux_do_ioctl+0x10/0x10 [ 203.759521][ T9006] ? __pfx_dvb_usercopy+0x10/0x10 [ 203.764550][ T9006] ? __fget_files+0x21f/0x3d0 [ 203.769242][ T9006] dvb_demux_ioctl+0x29/0x40 [ 203.773957][ T9006] ? __pfx_dvb_demux_ioctl+0x10/0x10 [ 203.779283][ T9006] __x64_sys_ioctl+0x18e/0x210 [ 203.784154][ T9006] do_syscall_64+0x106/0xf80 [ 203.788863][ T9006] ? clear_bhb_loop+0x40/0x90 [ 203.793547][ T9006] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 203.799443][ T9006] RIP: 0033:0x7fd72f99c799 [ 203.803945][ T9006] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 203.823737][ T9006] RSP: 002b:00007fd730873028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 203.832167][ T9006] RAX: ffffffffffffffda RBX: 00007fd72fc15fa0 RCX: 00007fd72f99c799 [ 203.840283][ T9006] RDX: 0000000000000000 RSI: 0000000040146f2c RDI: 0000000000000002 [ 203.848251][ T9006] RBP: 00007fd72fa32c99 R08: 0000000000000000 R09: 0000000000000000 [ 203.856224][ T9006] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 203.864215][ T9006] R13: 00007fd72fc16038 R14: 00007fd72fc15fa0 R15: 00007ffe49c502c8 [ 203.872229][ T9006] [ 203.875341][ T9006] Modules linked in: [ 203.882526][ T9006] ---[ end trace 0000000000000000 ]--- [ 203.959916][ T9006] RIP: 0010:vidtv_psi_desc_assign+0x24/0x90 [ 203.984427][ T9006] Code: 90 90 90 90 90 90 0f 1f 40 d6 41 54 55 48 89 f5 53 48 89 fb e8 5d 33 db f9 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 75 4c 4c 8b 23 49 39 ec 74 36 e8 39 33 db f9 4d 85 e4 [ 204.047602][ T9006] RSP: 0018:ffffc9000544fa10 EFLAGS: 00010247 [ 204.056704][ T9006] RAX: dffffc0000000000 RBX: 0000000000000005 RCX: ffffc9000d541000 [ 204.065127][ T9006] RDX: 0000000000000000 RSI: ffffffff882d1063 RDI: 0000000000000005 [ 204.073299][ T9006] RBP: ffff88802a313560 R08: 0000000000000000 R09: 4453534204050000 [ 204.081506][ T9006] R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000000 [ 204.089627][ T9006] R13: ffff88801c3eb680 R14: ffff88807e2fe600 R15: ffff88801c3ebd00 [ 204.097867][ T9006] FS: 00007fd7308736c0(0000) GS:ffff888124343000(0000) knlGS:0000000000000000 [ 204.107078][ T9006] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 204.114484][ T9006] CR2: 00007fd72f9e9e80 CR3: 000000005e728000 CR4: 00000000003526f0 [ 204.125445][ T9006] Kernel panic - not syncing: Fatal exception [ 204.131597][ T9006] Kernel Offset: disabled [ 204.135931][ T9006] Rebooting in 86400 seconds..