last executing test programs: 15.743342887s ago: executing program 0 (id=166): close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000200), 0x101802, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r0) ioctl$auto_KVM_GET_MSRS(0xffffffffffffffff, 0x4068aea3, 0x0) 15.459945894s ago: executing program 0 (id=167): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0xa, 0x2, 0x88) setsockopt$auto(r0, 0x0, 0x6, 0xfffffffffffffffe, 0x0) fstat$auto(0xffffffffffffffff, &(0x7f0000000440)={0x3, 0x7, 0x41, 0x4, 0x0, 0x0, 0x0, 0x6512, 0x80000000, 0x800, 0x4, 0x6, 0x0, 0x1000073, 0x1, 0x4000001, 0x8}) close_range$auto(0x2, 0x8, 0x0) openat$auto_percpu_stats_fops_(0xffffffffffffff9c, &(0x7f0000000240), 0x303101, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000380)='/dev/snd/controlC2\x00', 0x400, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000000), 0xc0040, 0x0) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f00000000c0)={0x1, "e6c26c22ab89af11056b0001ac097e0a0728d9300000c500"}) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000080)={0x1, "36a2662b59209f6bd4aafa4ed15fdb9c791daf044ae6ff089930def80ce28999", @inferred=0xffffffffffffffff}) ppoll$auto(&(0x7f0000000140)={0xffffffffffffffff, 0x3ff, 0x4}, 0x7f, 0x0, 0x0, 0x8) read$auto_fops_u64_(0xffffffffffffffff, 0x0, 0x0) r3 = ioctl$auto_SW_SYNC_IOC_INC(r1, 0x40045701, &(0x7f0000000040)=0x8) socket(0x2, 0x80002, 0x73) openat$auto_kernel_debug_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f0000000640), 0x201, 0x0) sendmsg$auto_THERMAL_GENL_CMD_THRESHOLD_ADD(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)={0x14, 0x0, 0x400, 0x70bd28, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x4) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) writev$auto(r3, &(0x7f0000000100)={0x0, 0x100000001}, 0x1000) syz_genetlink_get_family_id$auto_vdpa(&(0x7f0000000180), r2) 15.049474855s ago: executing program 0 (id=168): r0 = openat$auto_dai_list_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) mmap$auto(0x7fffffffffffffd, 0x20009, 0xe, 0xeb1, r0, 0x100000008000) (async) madvise$auto(0x0, 0xffffffffffff0001, 0x15) (async) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async) mmap$auto(0x0, 0x2020009, 0x203, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) unshare$auto(0x40000080) inotify_init1$auto(0x3000000000000) 11.71827401s ago: executing program 0 (id=184): r0 = socket(0x29, 0x2, 0x0) socket(0x11, 0x3, 0x9) (async) mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) io_uring_setup$auto(0x6, 0x0) (async) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'syz_tun\x00'}) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) (async) fanotify_init$auto(0x5, 0x2000000000002) (async, rerun: 32) r2 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 32) socket(0x26, 0x1, 0x102) (async) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/asound/card1/pcm0c/sub3/info\x00', 0x100, 0x0) read$auto_proc_reg_file_ops_compat_inode(r3, &(0x7f0000000400)=""/89, 0x59) (async, rerun: 64) socket(0xa, 0x3, 0x6) (async, rerun: 64) clone$auto(0x21003b46, 0x2, 0x0, 0x0, 0x6) (async) bpf$auto(0xffffffff, &(0x7f0000000040)=@bpf_attr_0={0x4264, 0x7e, 0x9, 0x8, 0x38, 0xffffffffffffffff, 0xfffff733, "83fcd7568542a3737f4797ac4b31e287", 0x0, r1, 0x328580e0, 0x6d2, 0x2, 0x20, r2, r0}, 0x8a3) (async) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) (async) madvise$auto(0x0, 0xfffffffffffeffff, 0x15) (async) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x2020009, 0x203, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) r4 = open(&(0x7f0000000000)='./file0\x00', 0xc2ec0, 0x1d4) execveat$auto(r4, &(0x7f0000000200)='\x00', 0x0, 0x0, 0x11000) (async) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r4, 0xc0285700, &(0x7f0000000100)={0xffff0000, "309f6328cf8b176f5f662995078c0715c6b04c5600", @raw=0x10000}) (async, rerun: 64) unshare$auto(0x40000080) (async, rerun: 64) mmap$auto(0x0, 0x40040c, 0xdf, 0x9b72, 0x2, 0x8000) (async) bpf$auto(0x8000000000000020, 0xffffffffffffffff, 0x0) (async, rerun: 32) r5 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 32) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) (async) r6 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r6, 0xc004743e, 0x0) ioctl$auto_PPPIOCSPASS(r6, 0x40107447, &(0x7f0000000040)={0x6, 0x0}) 10.064611232s ago: executing program 1 (id=191): openat$auto_udmabuf_fops_udmabuf(0xffffffffffffff9c, &(0x7f0000000280), 0x412081, 0x0) ioctl$auto(0x3, 0x541b, 0x7f) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/page_reporting/parameters/page_reporting_order\x00', 0x2202, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) setresuid$auto(0x2, 0x7, 0x8080) bind$auto(r2, &(0x7f0000000040)=@nl=@kern={0x10, 0x0, 0x0, 0x2040003f}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000003b00), r3) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000240)='/proc/modules\x00', 0x8000, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000003b40)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_EXTERNAL_AUTH(r3, &(0x7f0000003c00)={0x0, 0x0, &(0x7f0000003bc0)={&(0x7f0000003b80)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="0100fdc3af1ccc001a8b0700001008000300", @ANYRES32=r5], 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x180c0) bpf$auto(0x0, &(0x7f0000000000)=@task_fd_query={0x0, 0xffffffffffffffff, 0xb0, 0x8bd, 0x8, 0x2, 0xffffffffffffffff, 0x6, 0x6}, 0xa3) bpf$auto(0x0, &(0x7f0000000000)=@link_update={0xa, @new_map_fd=0x2, 0x7, @old_map_fd=r1}, 0xa3) write$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000100)="35133cdbcb7335663e376ef6e93e1eda5e01c456c5b4b40160ff0f9ea2f5f6aacf57fe26da60ebbcb46f7b8067e9c947cb48529eafafc887b558cf86f3b7e8022a9099fd383e8893f653f6daecbda302d3594b6c6ed6b6242b2899e35f66248afd65906cfdffcf2cd866e11133bdd92ff11205f4f64e4164fa525028f3b89e28e57e2931cd931ab807fa163d8627356cd078f6927d71160c4db166e4f8aedcf489a2950951078c2d9b29f4cedd3cafcbccf099fd70cebd7679b9bfa4679bacf0d40a7b255f0188fa793158cdc272cfa5", 0xfffffffffffffee5) 9.829791889s ago: executing program 1 (id=194): socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x4000b, 0x7, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/ieee80211/phy1/force_tx_status\x00', 0x82, 0x0) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000001140)='/proc/sys/net/ipv6/conf/wg1/drop_unicast_in_l2_multicast\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x84) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0xffffffffffeffffd, 0xb, 0xa, 0x40007fff, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x7, 0x80000001, 0x7, 0x2, 0x93, 0x400000001, 0x5]}, 0x0) writev$auto(0x3, &(0x7f0000000080)={0x0, 0x1}, 0x3) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000040), 0x1e19c1, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) socket(0x15, 0x5, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x11, 0x2, 0x73) pipe2$auto(0x0, 0x0) openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0) io_uring_setup$auto(0x6, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sg0\x00', 0x941683, 0x0) ioctl$auto_SG_SET_DEBUG(r2, 0x227e, &(0x7f00000000c0)) close_range$auto(0x2, 0x8, 0x0) openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0), 0x80000, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0xea240, 0x0) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptyu3\x00', 0x62902, 0x0) read$auto(r1, &(0x7f0000000180)='\x01\x00\x8eOKd\x88~U\x9b\xd7N\xa0m\xe1\x8c\x11\x8d\xed\x85\xc4\xeb+\xf70~#\x15o?\x8a\xa5f\xf4\xa4Ya\xa0\x1a\x9c7\xbb\xe4e|C\xc7\xe9\xb2K\xa7\xc3\x95\xca\x83zb\x8c:\x11Q\xc7\a\xeaZ \xd3\xf0:\xbf\x01\xaf\x01l\x02(\v\xff\x0e0\x1b\xa4\x00\r\xd4\xbd@\xed\tM\xdf\xe8\x03\xdc\x10\xb3\x9ad\xce\xe0\x14\xcf\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x12\xd6\xb2\xa0\xa2\x1e`', 0x7ffffffffffffffc) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/pid_for_children\x00') ioctl$auto_TIOCSETD2(r3, 0x5423, 0x0) setpgid$auto(0x0, 0x0) 9.307976292s ago: executing program 1 (id=196): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x14fa02, 0x0) close_range$auto(0x0, 0xffffffffffffffff, 0x2) r0 = socket(0xa, 0x2, 0x0) cachestat$auto(r0, &(0x7f0000000000)={0x0, 0x7fc}, &(0x7f0000000040)={0x2, 0x0, 0xd6, 0x1, 0x3}, 0x0) (async) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) (async) r1 = socket(0xa, 0x3, 0x3a) io_uring_setup$auto(0x6, 0x0) (async) io_uring_register$auto(r1, 0x8, 0x0, 0x0) r2 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/035/001\x00', 0x240, 0x0) ioctl$auto_USBDEVFS_IOCTL(r2, 0xc0105512, &(0x7f00000001c0)={0x0, 0x5516, 0x0}) (async) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) r3 = open(0x0, 0x0, 0x408) socket(0x28, 0x1, 0x0) (async) mmap$auto(0x0, 0x61, 0x100001000000003, 0x9b72, 0x2, 0x8000) (async) r4 = getsockopt$auto(0x3, 0x200000000001, 0x45, 0x0, 0x0) (async) getdents$auto(r3, 0x0, 0x400018) mmap$auto(0x0, 0x4020009, 0xdf, 0x40000eb1, 0x401, 0x8000) (async) clone$auto(0x100000008, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x4000006) clone$auto(0x1, 0x1, 0x0, 0x0, 0x2) madvise$auto(0x0, 0x200007, 0x19) (async) mmap$auto(0x0, 0x5, 0xfff, 0x44eb2, 0x10006, 0x300000000000) (async) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) (async) preadv2$auto(r4, 0x0, 0x6, 0x4, 0x7, 0x5) (async) r5 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000000)='/dev/usbmon0\x00', 0x82640, 0x0) readv$auto(r5, &(0x7f0000000380)={0x0, 0x8}, 0x8) (async) openat$auto_proc_timers_operations_base(0xffffffffffffff9c, 0x0, 0xa0000, 0x0) prctl$auto_PR_SET_MM_START_CODE(0x6, 0x1, 0x0, 0x8, 0x3) (async) syz_clone(0x8000, 0x0, 0x0, 0x0, 0x0, 0x0) 8.027248889s ago: executing program 1 (id=197): r0 = socket(0x1e, 0x1, 0x0) bind$auto(r0, &(0x7f0000000040)=@tipc=@nameseq={0x1e, 0x1, 0x3, {0x40, 0x0, 0x2}}, 0x66) bind$auto(0x3, &(0x7f0000000040)=@tipc=@nameseq={0x1e, 0x1, 0x0, {0x43, 0x1, 0x3}}, 0x6a) close_range$auto(0x0, 0x5, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x11, 0x800, 0x800000d) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/admmidi2\x00', 0x450481, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_TCP_METRICS_CMD_GET(0xffffffffffffffff, 0x0, 0x5b020f7d7a84fe6e) unshare$auto(0x40000080) socket(0x2, 0x3, 0x100) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48}) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/net/wireless\x00', 0x80, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_smc_gen_netlink(0x0, r1) ioprio_set$auto(0x3, 0x0, 0x4b34) sendmsg$auto_NL80211_CMD_PROBE_CLIENT(r2, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="74bec700", @ANYRES16=0x0, @ANYBLOB="000429bd7000fedbdf2554000000050060000000000005001d00dd00000043032a00266588d8804fd89fe7ad92e487f3faa62c3b57331a027d1dfe7b53c02b0ccaeb2ebefde8b1cbc734e5ac5dd332a51da438234e7d570d2bd6ece31410a98c9515fa4ec838636e5f856bb42188e12283079c2799890c0492d7e95e19075904042cbb86ecf69e27efb03ee2e1310ced4e34f6803332bdef77c1c17ba4c5a62f116584ee2e2c1083bf380c23e592b553feee95e9b0e62bb86034b8bbda7662ffba2c30a8434235b37166c06725819d63578bfe042da2e673b32efae8f303f495986c17a9d195da728f784a54607b3bd483c2cee60c2f88238aa1bc3bd9a0db24f3ad1c4df92262b4832474466b401a98eeef3badb53a6f446eb48ce32afe1fe8f9579a37ed9403aa5f9e3e111fd342d23a12c1e0a97ed7c0cdbf7dd8fa8a66053202f3a9d75afbb8e9c6300aea72b209c0e6b13b3b5865f5299c65d060ea3f294f5b9d793f944d4842aa7ad4ac3802eba33f08ce17cd840991f76c2d4f94437245f967e137075649e9c14b17990601c29ac91218251b46cf88c1b4a6394bf31a323256ab9504240f4378682244ad977af34f21c833ae032684d4bc5d0e3f46803862e9daa9972e13db5f3ab727540d34a4791583f203b5c2393095cb01e03e78560cdc34d17aa13a122fb82cec8d033ac3966c17d43f84b4b586d3baa456f4c97e577da851537725de8b2d142d9dcd653fbc7fbfbb5bdd347e2ae5070069f7c49fff8905b36f36415e4eefb4fe5a3c7beea0df89d859088818d9012638d2e9cc6f45d594f9c62fc6c1e8cc48a08ba551772bf11a28c1254426ee77f96efa92d189e412419d2dd63b993dac239638f43dc41c04aa5ffaff1b56fc1a4f75dcafb3a7c9a490a7981d5da978a5ff12d6883e187234bf14510ad366e83d9fd8c413ccadc9881000d7e60e046e6e11796bf110be6a55a429ed124fe52f5c7c33ed3a2d8fed9eea00961c63abf089dde5ef61c987d48a8364b69cc1ebc5be53bf805811605fff027a912aa573781377fc0ecd8cad4c8c0f668e6a18fbd3ab5cf193bd14a047859a44e4c243edc1a9b94c59aaf2b813402e8f7c0cd7599646078a909c88927064c202f00f4f9b3f920b899ecc4f509e03b6a799e3ea6f5937e3b7f2efd4e8064ab11fb2cc9701632e61a274a76d8e3d2ce1c381e9ba677e24a5e87bb098fe0004000b000500c200d2000000"], 0x374}, 0x1, 0x0, 0x0, 0x40001}, 0x4008040) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x40006, 0x1000000000000e2, 0x9372, 0xffffffffffffffff, 0x10000027ffc) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x1000, 0x2) mmap$auto(0x0, 0x400009, 0x200, 0x9b72, 0x2, 0x6) sendmsg$auto_SMC_NETLINK_GET_SYS_INFO(r4, 0x0, 0x18) pread64$auto(r3, 0x0, 0x201, 0xc000) r5 = openat$auto_nsim_nexthop_bucket_activity_fops_fib(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/netdevsim/netdevsim6/fib/nexthop_bucket_activity\x00', 0x90000, 0x0) mmap$auto(0x2e, 0x8c, 0x3, 0xfffffffffffffffd, r5, 0x8000) syz_clone3(&(0x7f0000000780)={0x300, &(0x7f0000000080), &(0x7f0000000240), &(0x7f0000000640), {0x2}, &(0x7f0000000680), 0x0, &(0x7f0000000280)=""/38, &(0x7f00000006c0)=[0x0], 0x1}, 0x58) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0x400053, 0x9) 6.347812032s ago: executing program 0 (id=203): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) mmap$auto(0x0, 0x200009, 0x2, 0x48eb1, 0xffffffffffffffff, 0x300000000000) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16, @ANYBLOB="1b0026bd7000fddbdf250300000004000800100003800c000b8008001c"], 0x4c}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1000"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) r0 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0xfffffffe, &(0x7f0000000100)={&(0x7f0000000080), 0xfbe}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) madvise$auto(0x0, 0x6, 0x66) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) lseek$auto(0x3, 0x7fffffffffffffff, 0x0) mmap$auto(0x0, 0xa00006, 0x400002, 0x40ebe, 0xffffffffffffffff, 0x300000000000) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0xa, 0x0) mmap$auto(0xe779, 0x400000000007, 0xdf, 0x13, 0xffffffffffffffff, 0x0) socket(0xa, 0x1, 0x84) socket(0x28, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) clock_nanosleep$auto(0x8, 0x0, 0x0, 0x0) io_uring_setup$auto(0x1, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) 6.202089569s ago: executing program 2 (id=204): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) listxattr$auto(&(0x7f0000000000)='./file0\x00', 0x0, 0xf) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/block/nbd15/queue/chunk_sectors\x00', 0x2, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/zl10353/parameters/debug\x00', 0x80000, 0x0) read$auto(r0, 0x0, 0x9) write$auto(0x3, 0x0, 0xfdef) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dmmidi2\x00', 0x101200, 0x0) 6.02052146s ago: executing program 1 (id=205): mmap$auto(0x5, 0x400008, 0x200400000000df, 0x400009b72, 0xffffffffffffffff, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) socket(0x2, 0x1, 0x0) r0 = socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) io_uring_setup$auto(0x4, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x81, 0x0, 0x8) getsockopt$auto(r0, 0x84, 0x16, 0x0, 0x0) accept$auto(0x3, 0xffffffffffffffff, 0xfffffffffffffffd) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0xa, 0x1, 0x84) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000abdb) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0x240007, 0x19) mmap$auto(0x0, 0x40, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r3 = socket(0x2, 0x801, 0x106) setsockopt$auto(r3, 0x6, 0x3, 0x0, 0xa1) madvise$auto(0x0, 0xffffffffffff0005, 0x19) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0x4001000000df, 0xeb1, r2, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x1, 0x8000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x80, 0x0) io_uring_setup$auto(0x59, 0x0) listmount$auto(0x0, 0x0, 0xf4240, 0x0) unshare$auto(0x40000080) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/tty/driver/usbserial\x00', 0x40000, 0x0) ioctl$auto(0xffffffffffffffff, 0x6f2d, 0xffffffffffffffff) openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/tracing/trace\x00', 0x1a6b75d638828712, 0x0) 5.894696767s ago: executing program 2 (id=206): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa}, 0x58) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/neigh/bridge_slave_0/app_solicit\x00', 0x402000, 0x0) r1 = socket(0x2, 0x802, 0x1) setsockopt$auto_SO_WIFI_STATUS(r1, 0x0, 0x29, 0x0, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) r2 = socket(0x35, 0x5, 0xffffffff) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'vcan0\x00', 0x0}) io_uring_setup$auto(0x1, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@can={0x1d, r3}, 0x18) write$auto(0x3, 0x0, 0x5c8) r4 = openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/meminfo\x00', 0x42080, 0x0) read$auto_proc_mountinfo_operations_mnt_namespace(r4, &(0x7f0000000040)=""/66, 0x42) getsockopt$auto_SO_MAX_PACING_RATE(r0, 0xd, 0x2f, &(0x7f0000000080)='\x00', &(0x7f00000000c0)=0xd) getsockopt$auto(r0, 0x0, 0xfc65, 0x0, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) (async) socket(0xa, 0x3, 0x3b) (async) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa}, 0x58) (async) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/neigh/bridge_slave_0/app_solicit\x00', 0x402000, 0x0) (async) socket(0x2, 0x802, 0x1) (async) setsockopt$auto_SO_WIFI_STATUS(r1, 0x0, 0x29, 0x0, 0x8000) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) (async) socket(0x35, 0x5, 0xffffffff) (async) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'vcan0\x00'}) (async) io_uring_setup$auto(0x1, 0x0) (async) connect$auto(0x3, &(0x7f00000018c0)=@can={0x1d, r3}, 0x18) (async) write$auto(0x3, 0x0, 0x5c8) (async) openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/meminfo\x00', 0x42080, 0x0) (async) read$auto_proc_mountinfo_operations_mnt_namespace(r4, &(0x7f0000000040)=""/66, 0x42) (async) getsockopt$auto_SO_MAX_PACING_RATE(r0, 0xd, 0x2f, &(0x7f0000000080)='\x00', &(0x7f00000000c0)=0xd) (async) getsockopt$auto(r0, 0x0, 0xfc65, 0x0, 0x0) (async) 5.024295934s ago: executing program 2 (id=208): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty1\x00', 0xa0000, 0x0) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x9, 0x2, 0x1d2c, 0x3, 0x4, 0x15f4da0e, 0x6, 0x9, 0x100000000000000c, 0x8, 0x4, 0xfca, 0x9, 0x2, 0x4000000000000d]}, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) get_mempolicy$auto(0x0, 0x0, 0x2, 0x86, 0x9) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dri/card2\x00', 0x688200, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r2 = socket(0xa, 0x801, 0x100) setsockopt$auto(r2, 0x6, 0x1, 0x0, 0xfb3) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS1\x00', 0x20000, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) mmap$auto(0x4, 0x6, 0xdb, 0xebb, 0x40000000000a5, 0x8000) close_range$auto(0x0, 0x5, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) fadvise64$auto_POSIX_FADV_DONTNEED(r1, 0x34, 0xffffffff, 0x4) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x89fc, &(0x7f0000000040)={'bond0\x00'}) socket$nl_generic(0x10, 0x3, 0x10) r4 = prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x2, 0x3, 0xffffffffffffffff, 0x53, 0x3) ioctl$auto_BTRFS_IOC_SEND_32(r0, 0x40449426, &(0x7f0000000180)={@inferred=r4, 0x3, 0x5, 0x6, 0x3, 0x5, "cf348c48fd3a46209cc674f498b409b79dac0d1ef26dda4dc644e54d"}) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) 4.260379766s ago: executing program 3 (id=209): openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x0, 0x0) connect$auto(0xffffffffffffffff, &(0x7f00000018c0)=@generic={0xa}, 0x55) syz_genetlink_get_family_id$auto_tcp_metrics(&(0x7f0000000ac0), 0xffffffffffffffff) socket(0x2b, 0x1, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x28341, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000fc0), r0) sendmsg$auto_OVS_CT_LIMIT_CMD_GET(r0, &(0x7f00000028c0)={0x0, 0x0, &(0x7f0000002880)={&(0x7f0000001100)={0x29c, r1, 0x41d, 0x70bd28, 0x25dfdbff, {}, [@OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0x28, 0x1, 0x0, 0x1, [@nested={0x18, 0x1a, 0x0, 0x1, [@generic, @typed={0xd, 0x2f, 0x0, 0x0, @binary="eeeabdac6767fd8292"}, @nested={0x4, 0x26}]}, @typed={0xc, 0x3e, 0x0, 0x0, @u64=0xab2}]}, @OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0x16d, 0x1, 0x0, 0x1, [@generic="5b819d2e3eff693a9678cb419da58f871687cc365554f44a8f55501516273e17b8117643195217d552d844af8e573b83a482f2c5f55d3413e0064c584df0da96a1c41a5590997f4d232226639b37f3129401a6a41feed7fd7529456dbe7e58026bfd22dc9a0d97179de85f9f21007d4153dd3b166113c8c966ab635755deefaa8d624eec6430596add4317c249b22afa592d647cb8b78027a46353871d4def902fabcd012146ebf0fc3beb7b061b5ebb0ade0afbc7e4409094c9d94c91e40c5a3ecd25484c", @typed={0x3d, 0x39, 0x0, 0x0, @binary="3e50e8f53746711c59a2de76aaca74159d80e0cad22953225490dd3d8bd9412356b66ca56fb046926f0aab27799275c6794490cc836b650638"}, @generic, @nested={0x4, 0x1c}, @generic="e3304c74c435f9f36c3d1617fed8b63d73835472591776d0d6d5b8b3dd0e2468ea6d75dcc7a7aadd32199eef6ee91668a4dc262815659c0308281772fe200747c973e38b223571845432dfe63b3cb4d0dad7e87efca3da87b80d9f99a9c15af2"]}, @OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0xef, 0x1, 0x0, 0x1, [@nested={0x4, 0x118}, @nested={0xb5, 0x14e, 0x0, 0x1, [@typed={0x8, 0x126, 0x0, 0x0, @uid=0xee01}, @typed={0x8, 0xa2, 0x0, 0x0, @fd=r0}, @typed={0x4, 0x136}, @typed={0x8, 0x9, 0x0, 0x0, @fd=r0}, @typed={0x4, 0xe8}, @generic="4486c4c5f894c2d7a45d4d9c2c71911b9d8deab694b890df0804291512cc3f49c484d0603f23303472aafff7abda06a3f06556117ea12ec5d67d1a2ee00d53574dfc1ceaaa9549b46bc502c63afff562788b3a0f6820", @generic="5b38e3f04f5a903e41e92af6e39638d6e7fb87380795ddf6fc5914ba22c8759717c4893e94b85f1f811e7d286d5a5a957c457ed0342ce04b58a206"]}, @typed={0x8, 0xbf, 0x0, 0x0, @pid}, @generic="bffb563d466f9a86698d52475aa00bb0208ad50b511861", @typed={0x8, 0xdc, 0x0, 0x0, @pid}, @typed={0x8, 0x132, 0x0, 0x0, @u32=0xff}]}]}, 0x29c}, 0x1, 0x0, 0x0, 0x40400c1}, 0x4014) 3.946579124s ago: executing program 0 (id=210): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) r1 = clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) unshare$auto(0x40000080) r2 = socket(0xa, 0x5, 0x0) mmap$auto(0x4, 0xa020009, 0x3, 0xeb1, r2, 0x7ffe) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/asound/card0/pcm0c/sub5/info\x00', 0x42642, 0x0) r4 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r3, &(0x7f0000000640)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\xff\x7f\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc:\xfa\x01\xd1\xa3\xb5\xc2B\xa5\xac:woR^a\xb9}\xe7\xbd\xe1\xf77.\xa3\xd8\xc2T\x95\x13\x91\xb6p\xf3\xb2w\xe6\xd7\x94DW\x97\x90a\xe6c\xfb\x88x\xd5L\xa9\xe4\x82\x04\xb1\x8b\r\xcaP\\\x1aVP\xc9\xa4`\xfd\v\x94\f\xc1\x0fQ\xc9\xdcL\x03\x9c\xbfk\xa6\xb1\xb0\xa1\xeeJ\xd8\xef\xc8t\x9d\x1e=J\x91W\xc6AuJ\xb9Q\xed\xd1\a\x05\x9d\x85\xb7b#r\xcd\xaf\xb7\x9f\xf7\xd2\xae\x0f\x98\xa9&\xb6~\xd4\xbd\xbbr\xb9\xc3\xacH!\xc1\x90K2\x05K@\xee\xac\xe8\xc7\t\xab\xbf\xa3\xedb\xd7\xb5\xd7\x83&\x95\xb2?\x0e\x85\xaaIGu\xd6$\xeb\xb6\xdd\a\x121\a\xac\x1bx#\x87\xa9\x10\x9b\xf8YD\x04ZL\xca\x99]\x8f[\x90[\xa8\xbf\x98\xa6\xe50(zC\xe84*w\x13\x96\xd5\xd0\x877\x12\xbc\xa1\xd0h@|\xf9\xfa\x9b\x17\x94\xb9\xe7\xf3\x15\x05\x91\xe8\x98p\x7f:\xd7s\xd9wo\x82\xda\xec\x91\xb7\xd9;H\x8a\b\x00\x00\x00\x00\x00\x00\x00\x8aZ\x94\x14$X7\xaeW6=^I\x9fQ\r5c\x81\xca]\x97m\x89o\x8f\xd8}P>I\xd0\xb3\x88C\xd7', 0x100000a3d9) close_range$auto(0x2, r4, 0x401) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x80000, 0x0) socket(0x2, 0x3, 0xa) openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x2000007, 0xd, 0x9, 0x948b, 0x3, 0x15f0da0a, 0x4, 0x494, 0x62, 0x80000002, 0x7, 0x1, 0x9, 0x3, 0xfffffffffefffffe]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x1000, 0x3, 0x95f4da0a, 0xffffffffffffffff, 0x3, 0x8062, 0x80000001, 0x800, 0x6d3f, 0x9, 0x8, 0xfffffffffffffffe]}, 0x0) r5 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f00000001c0), 0x640000, 0x0) ioctl$auto_TUNSETVNETHDRSZ(r5, 0x400454d8, &(0x7f0000000140)=0xbc) r6 = socket(0x10, 0x2, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_ETHTOOL_MSG_PLCA_GET_STATUS(r7, &(0x7f00000030c0)={0x0, 0x0, &(0x7f0000003080)={&(0x7f0000000280)=ANY=[@ANYBLOB="14000000", @ANYBLOB="0456ed", @ANYRES16=r1], 0x14}, 0x1, 0x0, 0x0, 0x4854}, 0x40) syz_genetlink_get_family_id$auto_netdev(&(0x7f0000003900), r7) r8 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), r7) sendmsg$auto_ETHTOOL_MSG_WOL_SET(r6, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f00000003c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010027bd7000fcdbdf250a9e00ff15000000140001"], 0x2c}, 0x1, 0x0, 0x0, 0x4801}, 0x0) select$auto(0xd, 0x0, 0x0, &(0x7f00000002c0)={[0x10000000001ff, 0x4, 0xd, 0x1, 0x3, 0x9, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000023, 0x7, 0x6d3e, 0xd, 0xd, 0x1]}, 0x0) 3.860167983s ago: executing program 1 (id=211): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) write$auto(r0, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) write$auto(r0, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=\xc9+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) unshare$auto(0x40000080) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x400000000001, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x2b, 0x1, 0x0) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) ioctl$auto_SW_SYNC_IOC_INC(r2, 0x40045701, &(0x7f0000000080)=0x77) prctl$auto(0x5, 0x80000000, 0x0, 0x78, 0x8) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000c00), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000000c0)={'batadv0\x00', 0x0}) sendmsg$auto_BATADV_CMD_GET_VLAN(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002abd7000fcdbdf25110000000800030073782bda789ab24be107d5f6c61412a3cc714e2409ff1969eec1c90ac1e400d0e5295809f4327480c6e671442e33850f04961573998e89bc097ecd7606d04b", @ANYRES32=r5, @ANYBLOB="06002800d5190000"], 0x24}, 0x1, 0x0, 0x0, 0x40801}, 0x4008090) mmap$auto(0x2, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) openat$auto_wakeup_sources_stats_fops_wakeup(0xffffffffffffff9c, 0x0, 0x40002, 0x0) r6 = socket(0xa, 0x2, 0x3a) bind$auto(r6, &(0x7f0000000040)=@phonet={0x23, 0x1, 0x9, 0x80}, 0x66) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mremap$auto(0x0, 0xffffffffffffffff, 0x3fd6, 0x3, 0x7fffffffb000) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x4000804) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x10, 0x9, 0x63, 0x0, 0x0, 0x0, 0x0, 0x40000000000f, 0x1000, 0xfffffffffffffffd, 0x7ffffffb, 0x9, 0xffffffff7ffffffc, 0x9, 0x7, 0x200000100103}) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r7, 0x89fc, &(0x7f0000000040)={'bridge0\x00'}) prctl$auto(0x23, 0x5, 0x7fffffffefff, 0x0, 0x0) openat$auto_proc_pid_cmdline_ops_base(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/cmdline\x00', 0x60502, 0x0) 3.500039681s ago: executing program 2 (id=212): r0 = socket(0x848000000015, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x3a) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) getsockopt$auto(0x6, 0x29, 0x7, 0xfffffffffffffffe, 0x0) syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000180), r0) socket(0x848000000015, 0x5, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) socket(0xa, 0x3, 0x3a) (async) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) (async) getsockopt$auto(0x6, 0x29, 0x7, 0xfffffffffffffffe, 0x0) (async) syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000180), r0) (async) 3.083052352s ago: executing program 3 (id=213): clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) 2.645810313s ago: executing program 3 (id=214): r0 = ioctl$auto_SIOCSIFHWADDR2(0xffffffffffffffff, 0x8924, &(0x7f0000000340)) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000003080)={0x0, 0x0, &(0x7f0000003040)={&(0x7f0000000000)={0x1c, 0x0, 0x5, 0x70bd2b, 0x25dfdbfd, {}, [@GTPA_MS_ADDRESS={0x8, 0x5, @local}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4c000}, 0x80) fsconfig$auto_JFFS2_COMPR_MODE_NONE(r0, 0xdcfcaf30, 0x0, &(0x7f0000000340)="f52a72af41c70058fd54bd9c526deb2a527d89f4264bd6dc17e31e96531376f4c9000dc0725ff11e6882b9acae5edddedeb61fa3f9c3e30f6a80b5cb5441f11db19c6f03b74ef9357026e72df4fd5ab07edd07dce73276e3d287dbdcaea5e530efa5df0b281acf8fa53c489594f11ac6a2a5382f12f7586ad80e6fb85167badbd46b4e1c2f1bede836233ab0465fc572ff612f635d9f88f22af5d643430cdcaccb12d0b4437f374fbc854838edd510402d63236567aa898612d2db8a64038cc34cd39a8108adf82503ca745c6a1a4164fc32764dbffff380c63ef6b7e01839d691038536b7542fdbe9670c60464130741fcf67ecaef7", 0x0) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x7d4, 0x1, 0x401c2, 0x2081, 0x3f, 0x4, 0x1ffde, 0x8001, 0x2, 0x4, 0x9, 0x3, 0x5, 0x8, 0x3004, 0x9, 0x6, 0x10002, 0x80, 0x400, 0xa9, 0x7, 0x1ffc, 0x8203, 0x400, 0x2, 0x1, 0x0, 0x40, 0x5, 0x2, [0x7249, 0xa9f, 0x0, 0x1000000000000000, 0x0, 0x180, 0x2, 0x0, 0x0, 0x200000000000000, 0xfc6a, 0x9, 0x10000, 0x40000000000, 0x0, 0x400000000000, 0x80000000000004, 0x0, 0xffffffffff7ffffc, 0x5, 0x0, 0x2, 0xfff, 0x0, 0xfffffffffffffffd, 0xffffffffffffffff, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000000, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x400000000000002, 0xfffffffffffffffc, 0x3, 0x1, 0x5, 0xfffffffffffffffc, 0x4]}, 0xd99, 0xd) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x24008000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x20048810}, 0x40000) r1 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0xfe, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 2.49985252s ago: executing program 2 (id=215): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4ea2, @remote}, 0x6a) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0x101}, 0x8}, 0x7, 0x20020000) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000ac0)='/proc/irq/default_smp_affinity\x00', 0x2, 0x0) r0 = open(&(0x7f0000000480)='./cgroup.cpu/cgroup.procs\x00', 0x42842, 0x95) read$auto(r0, 0x0, 0x1) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x5, 0x0) r1 = socket(0xa, 0x801, 0x84) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) r2 = socket(0xa, 0x5, 0x84) sendto$auto(r2, 0x0, 0x401, 0x7f, &(0x7f0000000000)=@generic={0xa, "e2e18340cba87e8000"}, 0x1c) futex$auto(&(0x7f0000000000)=0xf0fe, 0x5, 0x4, 0x0, &(0x7f0000000080)=0x9, 0x3000000) getsockopt$auto(r1, 0x84, 0x71, 0x0, &(0x7f0000000280)=0x22a) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd) close_range$auto(0x2, 0x8, 0x0) socket(0x26, 0x3, 0x2) r3 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000003c00), 0x1a9901, 0x0) write$auto(r3, &(0x7f0000004240)='\x01', 0x10000000004) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, 0x0) syz_genetlink_get_family_id$auto_ovs_packet(0x0, 0xffffffffffffffff) 1.657395243s ago: executing program 2 (id=216): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptya1\x00', 0x20080, 0x0) socket(0x2, 0x5, 0x0) io_uring_setup$auto(0x1000, 0x0) ioctl$auto(0x3, 0x5420, 0x38) socket(0x29, 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) select$auto(0x8, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x0, 0xd, 0x2, 0x948b, 0x3, 0x15f4da0a, 0x1, 0x3, 0x62, 0x80000001, 0x4, 0x6d3f, 0x6, 0x5, 0x5]}, 0x0) ioctl$auto_SNDCTL_TMR_CONTINUE(r0, 0x5404, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x10002020009, 0x3, 0x1000000010, r1, 0x8000) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) open(&(0x7f0000000100)='./file0\x00', 0x2040, 0x132) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x40000, 0x31) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) mmap$auto(0x9, 0x1ff, 0x4, 0x4000000000014, r2, 0xceb) socket(0xa, 0x3, 0x40000073) mmap$auto(0xfffffffffffffff9, 0x2000a, 0x100000000009f, 0xeb2, 0x401, 0x8000) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000180)='/dev/input/event0\x00', 0x668401, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dmmidi2\x00', 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000040)='7\x00\\\xa0\x01\x00\x01\x00\x00\x00\x00\x00\xc7k', 0x81) write$auto(r3, &(0x7f00000000c0)='/dev/audio1\x00', 0x100000a3d9) 1.626230386s ago: executing program 3 (id=217): close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0x4068aea3, 0x0) 338.427199ms ago: executing program 3 (id=218): timer_getoverrun$auto(0x400) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x40008000) close_range$auto(0x2, 0xa, 0x0) (async) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x3, 0x2) socketpair$auto(0x3, 0x5, 0x6, 0x0) setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) (async) setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) bind$auto(0x3, 0x0, 0x6b) 0s ago: executing program 3 (id=219): close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000200), 0x101802, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x59, 0x0) close_range$auto(0x0, 0x5, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/ram9/integrity/write_generate\x00', 0x50000, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000680)='/dev/v4l-subdev5\x00', 0x20281, 0x0) ioctl$auto(r2, 0xc038563c, r1) close_range$auto(0x2, 0x8, 0x0) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/kernel/threads-max\x00', 0x20202, 0x0) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/module/ueagle_atm/parameters/cmv_file\x00', 0x82942, 0x0) sendfile$auto(r4, r5, 0x0, 0x200) ptrace$auto(0x10, r3, 0x4, 0x7ff) ptrace$auto_PTRACE_GETREGS(0xc, r3, 0x80000000, 0x1) r6 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r6) ioctl$auto_KVM_GET_MSRS(r0, 0x4068aea3, &(0x7f0000000080)={0xa3}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.107' (ED25519) to the list of known hosts. [ 90.635521][ T5807] cgroup: Unknown subsys name 'net' [ 90.748577][ T5807] cgroup: Unknown subsys name 'cpuset' [ 90.758430][ T5807] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 92.540352][ T5807] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 94.541639][ T5829] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 94.550056][ T5830] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 94.550136][ T5829] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 94.565296][ T5830] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 94.567731][ T5829] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 94.580193][ T5830] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 94.586509][ T5829] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 94.595297][ T5829] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 94.603008][ T5829] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 94.612021][ T5829] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 94.619789][ T5829] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 94.626907][ T5822] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 94.640983][ T5822] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 94.642832][ T5830] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 94.655402][ T5829] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 94.663241][ T5834] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 94.672696][ T5142] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 94.673505][ T5822] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 94.696172][ T5822] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 94.705176][ T5822] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 95.125349][ T5821] chnl_net:caif_netlink_parms(): no params data found [ 95.271722][ T5820] chnl_net:caif_netlink_parms(): no params data found [ 95.322954][ T5818] chnl_net:caif_netlink_parms(): no params data found [ 95.357352][ T5821] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.364665][ T5821] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.372073][ T5821] bridge_slave_0: entered allmulticast mode [ 95.379976][ T5821] bridge_slave_0: entered promiscuous mode [ 95.423421][ T5821] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.430647][ T5821] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.438114][ T5821] bridge_slave_1: entered allmulticast mode [ 95.445349][ T5821] bridge_slave_1: entered promiscuous mode [ 95.544131][ T5821] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.572080][ T5821] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.630355][ T5819] chnl_net:caif_netlink_parms(): no params data found [ 95.644600][ T5821] team0: Port device team_slave_0 added [ 95.650394][ T5820] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.657893][ T5820] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.665164][ T5820] bridge_slave_0: entered allmulticast mode [ 95.672340][ T5820] bridge_slave_0: entered promiscuous mode [ 95.698007][ T5821] team0: Port device team_slave_1 added [ 95.715615][ T5820] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.722792][ T5820] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.730057][ T5820] bridge_slave_1: entered allmulticast mode [ 95.737510][ T5820] bridge_slave_1: entered promiscuous mode [ 95.745151][ T5818] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.752301][ T5818] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.759846][ T5818] bridge_slave_0: entered allmulticast mode [ 95.767344][ T5818] bridge_slave_0: entered promiscuous mode [ 95.807759][ T5818] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.815642][ T5818] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.822802][ T5818] bridge_slave_1: entered allmulticast mode [ 95.830272][ T5818] bridge_slave_1: entered promiscuous mode [ 95.855155][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.862223][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 95.888765][ T5821] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.926318][ T5820] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.942689][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.949921][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 95.976273][ T5821] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 96.001259][ T5820] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.027240][ T5818] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.068961][ T5819] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.076358][ T5819] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.083628][ T5819] bridge_slave_0: entered allmulticast mode [ 96.091120][ T5819] bridge_slave_0: entered promiscuous mode [ 96.101252][ T5818] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.138175][ T5819] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.145780][ T5819] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.152963][ T5819] bridge_slave_1: entered allmulticast mode [ 96.160741][ T5819] bridge_slave_1: entered promiscuous mode [ 96.181504][ T5820] team0: Port device team_slave_0 added [ 96.221234][ T5820] team0: Port device team_slave_1 added [ 96.233067][ T5821] hsr_slave_0: entered promiscuous mode [ 96.239703][ T5821] hsr_slave_1: entered promiscuous mode [ 96.265442][ T5818] team0: Port device team_slave_0 added [ 96.294277][ T5819] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.305753][ T5818] team0: Port device team_slave_1 added [ 96.312514][ T5820] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 96.319773][ T5820] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 96.345730][ T5820] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 96.359532][ T5819] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.390830][ T5820] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 96.397860][ T5820] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 96.423909][ T5820] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 96.481609][ T5818] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 96.489080][ T5818] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 96.515548][ T5818] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 96.548707][ T5819] team0: Port device team_slave_0 added [ 96.560995][ T5818] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 96.568282][ T5818] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 96.594643][ T5818] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 96.608739][ T5819] team0: Port device team_slave_1 added [ 96.693771][ T5820] hsr_slave_0: entered promiscuous mode [ 96.700431][ T5820] hsr_slave_1: entered promiscuous mode [ 96.707595][ T5820] debugfs: 'hsr0' already exists in 'hsr' [ 96.713390][ T5820] Cannot create hsr debugfs directory [ 96.719733][ T5819] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 96.726844][ T5819] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 96.753456][ T5824] Bluetooth: hci1: command tx timeout [ 96.753459][ T5822] Bluetooth: hci3: command tx timeout [ 96.764841][ T51] Bluetooth: hci0: command tx timeout [ 96.770560][ T5819] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 96.815119][ T5824] Bluetooth: hci2: command tx timeout [ 96.823279][ T5818] hsr_slave_0: entered promiscuous mode [ 96.829807][ T5818] hsr_slave_1: entered promiscuous mode [ 96.835923][ T5818] debugfs: 'hsr0' already exists in 'hsr' [ 96.841665][ T5818] Cannot create hsr debugfs directory [ 96.848231][ T5819] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 96.855307][ T5819] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 96.881500][ T5819] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.037289][ T5819] hsr_slave_0: entered promiscuous mode [ 97.043815][ T5819] hsr_slave_1: entered promiscuous mode [ 97.050864][ T5819] debugfs: 'hsr0' already exists in 'hsr' [ 97.056746][ T5819] Cannot create hsr debugfs directory [ 97.072507][ T24] cfg80211: failed to load regulatory.db [ 97.297072][ T5821] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 97.324934][ T5821] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 97.358037][ T5821] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 97.378043][ T5821] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 97.466548][ T5820] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 97.489470][ T5820] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 97.512355][ T5820] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 97.525191][ T5820] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 97.596367][ T5818] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 97.619935][ T5818] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 97.631692][ T5818] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 97.642712][ T5818] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 97.731926][ T5819] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 97.746812][ T5819] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 97.767578][ T5819] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 97.778509][ T5819] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 97.810759][ T5821] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.872265][ T5820] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.887759][ T5821] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.911116][ T67] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.918378][ T67] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.948726][ T67] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.955909][ T67] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.983077][ T5820] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.009547][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.016676][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.062547][ T153] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.069681][ T153] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.108983][ T5818] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.143988][ T5818] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.196500][ T67] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.203606][ T67] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.235827][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.242966][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.267382][ T5819] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.347134][ T5819] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.391391][ T34] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.398600][ T34] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.414112][ T34] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.421315][ T34] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.533049][ T5819] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 98.696257][ T5821] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.815551][ T5824] Bluetooth: hci1: command tx timeout [ 98.821011][ T5824] Bluetooth: hci0: command tx timeout [ 98.828372][ T51] Bluetooth: hci3: command tx timeout [ 98.837214][ T5821] veth0_vlan: entered promiscuous mode [ 98.868238][ T5820] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.888203][ T5821] veth1_vlan: entered promiscuous mode [ 98.895955][ T5822] Bluetooth: hci2: command tx timeout [ 98.978940][ T5818] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 99.010956][ T5821] veth0_macvtap: entered promiscuous mode [ 99.034309][ T5821] veth1_macvtap: entered promiscuous mode [ 99.046939][ T5820] veth0_vlan: entered promiscuous mode [ 99.062728][ T5819] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 99.091171][ T5820] veth1_vlan: entered promiscuous mode [ 99.101138][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.128083][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.143803][ T67] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.156126][ T5818] veth0_vlan: entered promiscuous mode [ 99.170653][ T67] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.181233][ T67] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.207425][ T67] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.223608][ T5818] veth1_vlan: entered promiscuous mode [ 99.260440][ T5820] veth0_macvtap: entered promiscuous mode [ 99.272574][ T5820] veth1_macvtap: entered promiscuous mode [ 99.330542][ T5819] veth0_vlan: entered promiscuous mode [ 99.366886][ T5819] veth1_vlan: entered promiscuous mode [ 99.383702][ T5820] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.400463][ T5818] veth0_macvtap: entered promiscuous mode [ 99.418218][ T5818] veth1_macvtap: entered promiscuous mode [ 99.424273][ T34] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.432494][ T5820] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.460368][ T34] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.493453][ T49] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.503370][ T49] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.526070][ T34] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.535022][ T34] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.546880][ T5819] veth0_macvtap: entered promiscuous mode [ 99.568914][ T5819] veth1_macvtap: entered promiscuous mode [ 99.579374][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.590646][ T5818] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.598549][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.644038][ T5818] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.669300][ T5819] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.719811][ T5821] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 99.730517][ T5819] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.749916][ T34] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.776764][ T34] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.786436][ T34] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.801566][ T67] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.817462][ T34] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.826291][ T67] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.850822][ T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.895679][ T34] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.907416][ T34] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.929706][ T34] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.990331][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.009649][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.050157][ T5910] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 100.128490][ T153] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.154863][ T153] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.294330][ T153] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.335819][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 100.346684][ T153] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.392325][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.403431][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.523583][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.532207][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.593392][ T5916] FAULT_INJECTION: forcing a failure. [ 100.593392][ T5916] name failslab, interval 1, probability 0, space 0, times 1 [ 100.607613][ T5916] CPU: 1 UID: 0 PID: 5916 Comm: syz.3.4 Not tainted syzkaller #0 PREEMPT(full) [ 100.607651][ T5916] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 100.607676][ T5916] Call Trace: [ 100.607686][ T5916] [ 100.607696][ T5916] dump_stack_lvl+0x100/0x190 [ 100.607748][ T5916] should_fail_ex.cold+0x5/0xa [ 100.607781][ T5916] should_failslab+0xc2/0x120 [ 100.607816][ T5916] kmem_cache_alloc_noprof+0x83/0x780 [ 100.607848][ T5916] ? __proc_create+0xc2/0x8c0 [ 100.607889][ T5916] ? __proc_create+0x2cb/0x8c0 [ 100.607937][ T5916] ? __proc_create+0x2cb/0x8c0 [ 100.607977][ T5916] __proc_create+0x2cb/0x8c0 [ 100.608021][ T5916] ? __pfx___proc_create+0x10/0x10 [ 100.608069][ T5916] ? proc_create_reg+0xd7/0x170 [ 100.608117][ T5916] proc_mkdir+0x81/0x170 [ 100.608160][ T5916] ? __pfx_proc_mkdir+0x10/0x10 [ 100.608200][ T5916] ? __pfx_proc_create_net_data+0x10/0x10 [ 100.608251][ T5916] ? __pfx_ndisc_net_init+0x10/0x10 [ 100.608301][ T5916] ? __pfx_ipv6_proc_init_net+0x10/0x10 [ 100.608340][ T5916] ipv6_proc_init_net+0xe2/0x1f0 [ 100.608382][ T5916] ops_init+0x1e2/0x5f0 [ 100.608423][ T5916] setup_net+0x118/0x3a0 [ 100.608462][ T5916] ? __pfx_setup_net+0x10/0x10 [ 100.608497][ T5916] ? lockdep_init_map_type+0x5c/0x250 [ 100.608529][ T5916] ? mutex_init_lockep+0x110/0x150 [ 100.608565][ T5916] copy_net_ns+0x46f/0x7c0 [ 100.608609][ T5916] create_new_namespaces+0x3ea/0xac0 [ 100.608659][ T5916] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 100.608704][ T5916] ksys_unshare+0x455/0xab0 [ 100.608737][ T5916] ? __pfx_ksys_unshare+0x10/0x10 [ 100.608767][ T5916] ? xfd_validate_state+0x129/0x190 [ 100.608813][ T5916] __x64_sys_unshare+0x31/0x40 [ 100.608843][ T5916] do_syscall_64+0x106/0xf80 [ 100.608868][ T5916] ? clear_bhb_loop+0x40/0x90 [ 100.608903][ T5916] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.608932][ T5916] RIP: 0033:0x7f8ccf19bf79 [ 100.608955][ T5916] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 100.608982][ T5916] RSP: 002b:00007f8cd0059028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 100.609010][ T5916] RAX: ffffffffffffffda RBX: 00007f8ccf416090 RCX: 00007f8ccf19bf79 [ 100.609028][ T5916] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 100.609044][ T5916] RBP: 00007f8ccf2327e0 R08: 0000000000000000 R09: 0000000000000000 [ 100.609061][ T5916] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 100.609077][ T5916] R13: 00007f8ccf416128 R14: 00007f8ccf416090 R15: 00007ffd107609a8 [ 100.609114][ T5916] [ 101.003494][ T5822] Bluetooth: hci0: command tx timeout [ 101.009012][ T5822] Bluetooth: hci3: command tx timeout [ 101.035345][ T5822] Bluetooth: hci1: command tx timeout [ 101.040865][ T5822] Bluetooth: hci2: command tx timeout [ 101.157886][ T5921] device-mapper: ioctl: Invalid ioctl structure: uuid , name , dev 80000000000 [ 101.194610][ T5921] mmap: syz.0.1 (5921) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 101.445000][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 101.453704][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 101.495455][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 101.690280][ T5927] Zero length message leads to an empty skb [ 101.697463][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 102.668137][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 103.137997][ T51] Bluetooth: hci2: command tx timeout [ 103.143512][ T5822] Bluetooth: hci1: command tx timeout [ 103.150417][ T5824] Bluetooth: hci3: command tx timeout [ 103.150431][ T5142] Bluetooth: hci0: command tx timeout [ 103.312871][ T5944] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 103.484004][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 103.725505][ T5954] netlink: 28 bytes leftover after parsing attributes in process `syz.3.10'. [ 104.031217][ T5933] kexec: Could not allocate control_code_buffer [ 104.084843][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 104.637370][ T5961] futex_wake_op: syz.0.12 tries to shift op by -2048; fix this program [ 104.646814][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 104.656864][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 104.656891][ T0] NOHZ tick-stop error: local softirq work is pending, handler #208!!! [ 104.742830][ T5961] futex_wake_op: syz.0.12 tries to shift op by -2048; fix this program [ 105.763890][ T5142] block nbd0: Receive control failed (result -32) [ 105.782210][ T5983] FAULT_INJECTION: forcing a failure. [ 105.782210][ T5983] name fail_futex, interval 1, probability 0, space 0, times 1 [ 105.826643][ T5983] CPU: 0 UID: 0 PID: 5983 Comm: syz.1.19 Tainted: G L syzkaller #0 PREEMPT(full) [ 105.826695][ T5983] Tainted: [L]=SOFTLOCKUP [ 105.826703][ T5983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 105.826716][ T5983] Call Trace: [ 105.826723][ T5983] [ 105.826732][ T5983] dump_stack_lvl+0x100/0x190 [ 105.826768][ T5983] should_fail_ex.cold+0x5/0xa [ 105.826794][ T5983] get_futex_key+0x106f/0x1620 [ 105.826839][ T5983] ? __pfx_get_futex_key+0x10/0x10 [ 105.826872][ T5983] ? lock_acquire+0x17c/0x330 [ 105.826904][ T5983] futex_wake+0xea/0x530 [ 105.826935][ T5983] ? __pfx_futex_wake+0x10/0x10 [ 105.826962][ T5983] ? exit_mm_release+0x19/0x30 [ 105.826994][ T5983] do_futex+0x32b/0x350 [ 105.827018][ T5983] ? __pfx_do_futex+0x10/0x10 [ 105.827038][ T5983] ? __might_fault+0xc5/0x140 [ 105.827068][ T5983] mm_release+0x24a/0x2f0 [ 105.827103][ T5983] do_exit+0x675/0x2a30 [ 105.827132][ T5983] ? __pfx_do_exit+0x10/0x10 [ 105.827157][ T5983] ? do_raw_spin_lock+0x128/0x260 [ 105.827183][ T5983] ? find_held_lock+0x2b/0x80 [ 105.827213][ T5983] ? get_signal+0x7e0/0x21e0 [ 105.827250][ T5983] do_group_exit+0xd5/0x2a0 [ 105.827282][ T5983] get_signal+0x1ec7/0x21e0 [ 105.827324][ T5983] ? madvise_unlock+0xa9/0x220 [ 105.827355][ T5983] ? __pfx_get_signal+0x10/0x10 [ 105.827391][ T5983] ? do_futex+0x192/0x350 [ 105.827420][ T5983] arch_do_signal_or_restart+0x91/0x770 [ 105.827445][ T5983] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 105.827477][ T5983] ? __pfx___x64_sys_futex+0x10/0x10 [ 105.827498][ T5983] ? xfd_validate_state+0x129/0x190 [ 105.827532][ T5983] exit_to_user_mode_loop+0x86/0x4a0 [ 105.827554][ T5983] ? rcu_is_watching+0x12/0xc0 [ 105.827585][ T5983] do_syscall_64+0x668/0xf80 [ 105.827605][ T5983] ? clear_bhb_loop+0x40/0x90 [ 105.827632][ T5983] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.827679][ T5983] RIP: 0033:0x7f560319bf79 [ 105.827704][ T5983] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 105.827735][ T5983] RSP: 002b:00007f5603f970e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 105.827768][ T5983] RAX: fffffffffffffe00 RBX: 00007f5603415fa8 RCX: 00007f560319bf79 [ 105.827783][ T5983] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f5603415fa8 [ 105.827801][ T5983] RBP: 00007f5603415fa0 R08: 0000000000000000 R09: 0000000000000000 [ 105.827815][ T5983] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 105.827828][ T5983] R13: 00007f5603416038 R14: 00007ffd95a600e0 R15: 00007ffd95a601c8 [ 105.827857][ T5983] [ 106.438734][ T5986] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 106.576272][ T5998] netlink: 4 bytes leftover after parsing attributes in process `syz.2.23'. [ 106.978371][ T6005] binder: 6004:6005 ioctl c00c620f 2000000055c0 returned -22 [ 107.074063][ T6009] process 'syz.3.25' launched './file0' with NULL argv: empty string added [ 108.864591][ T6046] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 109.684785][ T6070] netlink: 28 bytes leftover after parsing attributes in process `syz.2.41'. [ 109.733572][ T6070] hsr_slave_0: left promiscuous mode [ 109.761935][ T6070] hsr_slave_1: left promiscuous mode [ 109.898619][ T6073] NFSD: Failed to start, no listeners configured. [ 110.611722][ T6096] netlink: 472 bytes leftover after parsing attributes in process `syz.2.48'. [ 110.760867][ T6099] FAULT_INJECTION: forcing a failure. [ 110.760867][ T6099] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 110.774289][ T6099] CPU: 1 UID: 0 PID: 6099 Comm: syz.1.49 Tainted: G L syzkaller #0 PREEMPT(full) [ 110.774332][ T6099] Tainted: [L]=SOFTLOCKUP [ 110.774341][ T6099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 110.774357][ T6099] Call Trace: [ 110.774366][ T6099] [ 110.774376][ T6099] dump_stack_lvl+0x100/0x190 [ 110.774431][ T6099] should_fail_ex.cold+0x5/0xa [ 110.774466][ T6099] strncpy_from_user+0x3b/0x2d0 [ 110.774500][ T6099] do_getname+0x78/0x390 [ 110.774544][ T6099] do_sys_openat2+0xc5/0x1e0 [ 110.774585][ T6099] ? __pfx_do_sys_openat2+0x10/0x10 [ 110.774629][ T6099] ? ksys_semctl.constprop.0+0x14e/0x2e0 [ 110.774666][ T6099] __x64_sys_openat+0x12d/0x210 [ 110.774707][ T6099] ? __pfx___x64_sys_openat+0x10/0x10 [ 110.774746][ T6099] ? xfd_validate_state+0x129/0x190 [ 110.774794][ T6099] do_syscall_64+0x106/0xf80 [ 110.774820][ T6099] ? clear_bhb_loop+0x40/0x90 [ 110.774855][ T6099] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.774882][ T6099] RIP: 0033:0x7f560319bf79 [ 110.774904][ T6099] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 110.774931][ T6099] RSP: 002b:00007f5603f97028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 110.774958][ T6099] RAX: ffffffffffffffda RBX: 00007f5603415fa0 RCX: 00007f560319bf79 [ 110.774975][ T6099] RDX: 0000000000000202 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 110.774992][ T6099] RBP: 00007f56032327e0 R08: 0000000000000000 R09: 0000000000000000 [ 110.775009][ T6099] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 110.775025][ T6099] R13: 00007f5603416038 R14: 00007f5603415fa0 R15: 00007ffd95a601c8 [ 110.775062][ T6099] [ 111.715318][ T6111] FAULT_INJECTION: forcing a failure. [ 111.715318][ T6111] name fail_futex, interval 1, probability 0, space 0, times 0 [ 111.755710][ T6111] CPU: 0 UID: 0 PID: 6111 Comm: syz.0.54 Tainted: G L syzkaller #0 PREEMPT(full) [ 111.755750][ T6111] Tainted: [L]=SOFTLOCKUP [ 111.755758][ T6111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 111.755770][ T6111] Call Trace: [ 111.755777][ T6111] [ 111.755785][ T6111] dump_stack_lvl+0x100/0x190 [ 111.755818][ T6111] should_fail_ex.cold+0x5/0xa [ 111.755842][ T6111] get_futex_key+0x295/0x1620 [ 111.755878][ T6111] ? __pfx_get_futex_key+0x10/0x10 [ 111.755909][ T6111] ? lock_acquire+0x17c/0x330 [ 111.755940][ T6111] futex_wake+0xea/0x530 [ 111.755967][ T6111] ? __pfx_futex_wake+0x10/0x10 [ 111.755991][ T6111] ? exit_mm_release+0x19/0x30 [ 111.756019][ T6111] do_futex+0x32b/0x350 [ 111.756039][ T6111] ? __pfx_do_futex+0x10/0x10 [ 111.756056][ T6111] ? __might_fault+0xc5/0x140 [ 111.756082][ T6111] mm_release+0x24a/0x2f0 [ 111.756113][ T6111] do_exit+0x675/0x2a30 [ 111.756140][ T6111] ? __pfx_do_exit+0x10/0x10 [ 111.756163][ T6111] ? do_raw_spin_lock+0x128/0x260 [ 111.756187][ T6111] ? find_held_lock+0x2b/0x80 [ 111.756215][ T6111] ? get_signal+0x7e0/0x21e0 [ 111.756249][ T6111] do_group_exit+0xd5/0x2a0 [ 111.756275][ T6111] get_signal+0x1ec7/0x21e0 [ 111.756318][ T6111] ? __pfx_get_signal+0x10/0x10 [ 111.756351][ T6111] ? do_futex+0x192/0x350 [ 111.756373][ T6111] arch_do_signal_or_restart+0x91/0x770 [ 111.756397][ T6111] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 111.756426][ T6111] ? __pfx___x64_sys_futex+0x10/0x10 [ 111.756445][ T6111] ? xfd_validate_state+0x129/0x190 [ 111.756476][ T6111] exit_to_user_mode_loop+0x86/0x4a0 [ 111.756497][ T6111] ? rcu_is_watching+0x12/0xc0 [ 111.756525][ T6111] do_syscall_64+0x668/0xf80 [ 111.756549][ T6111] ? clear_bhb_loop+0x40/0x90 [ 111.756573][ T6111] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.756594][ T6111] RIP: 0033:0x7feee059bf79 [ 111.756610][ T6111] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 111.756629][ T6111] RSP: 002b:00007feee13a20e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 111.756649][ T6111] RAX: fffffffffffffe00 RBX: 00007feee0815fa8 RCX: 00007feee059bf79 [ 111.756662][ T6111] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007feee0815fa8 [ 111.756674][ T6111] RBP: 00007feee0815fa0 R08: 0000000000000000 R09: 0000000000000000 [ 111.756686][ T6111] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 111.756698][ T6111] R13: 00007feee0816038 R14: 00007fff8d195800 R15: 00007fff8d1958e8 [ 111.756725][ T6111] [ 114.199420][ T6149] FAULT_INJECTION: forcing a failure. [ 114.199420][ T6149] name fail_futex, interval 1, probability 0, space 0, times 0 [ 114.212545][ T6149] CPU: 1 UID: 0 PID: 6149 Comm: syz.0.66 Tainted: G L syzkaller #0 PREEMPT(full) [ 114.212586][ T6149] Tainted: [L]=SOFTLOCKUP [ 114.212595][ T6149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 114.212610][ T6149] Call Trace: [ 114.212619][ T6149] [ 114.212629][ T6149] dump_stack_lvl+0x100/0x190 [ 114.212673][ T6149] should_fail_ex.cold+0x5/0xa [ 114.212702][ T6149] get_futex_key+0x106f/0x1620 [ 114.212750][ T6149] ? __pfx_get_futex_key+0x10/0x10 [ 114.212790][ T6149] ? lock_acquire+0x17c/0x330 [ 114.212841][ T6149] futex_wake+0xea/0x530 [ 114.212875][ T6149] ? __pfx_futex_wake+0x10/0x10 [ 114.212907][ T6149] ? exit_mm_release+0x19/0x30 [ 114.212945][ T6149] do_futex+0x32b/0x350 [ 114.212972][ T6149] ? __pfx_do_futex+0x10/0x10 [ 114.212996][ T6149] ? __might_fault+0xc5/0x140 [ 114.213029][ T6149] mm_release+0x24a/0x2f0 [ 114.213078][ T6149] do_exit+0x675/0x2a30 [ 114.213115][ T6149] ? __pfx_do_exit+0x10/0x10 [ 114.213143][ T6149] ? do_raw_spin_lock+0x128/0x260 [ 114.213174][ T6149] ? find_held_lock+0x2b/0x80 [ 114.213210][ T6149] ? get_signal+0x7e0/0x21e0 [ 114.213254][ T6149] do_group_exit+0xd5/0x2a0 [ 114.213287][ T6149] get_signal+0x1ec7/0x21e0 [ 114.213359][ T6149] ? __pfx_get_signal+0x10/0x10 [ 114.213406][ T6149] ? do_futex+0x192/0x350 [ 114.213429][ T6149] arch_do_signal_or_restart+0x91/0x770 [ 114.213452][ T6149] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 114.213481][ T6149] ? __pfx___x64_sys_futex+0x10/0x10 [ 114.213500][ T6149] ? xfd_validate_state+0x129/0x190 [ 114.213530][ T6149] exit_to_user_mode_loop+0x86/0x4a0 [ 114.213551][ T6149] ? rcu_is_watching+0x12/0xc0 [ 114.213579][ T6149] do_syscall_64+0x668/0xf80 [ 114.213598][ T6149] ? clear_bhb_loop+0x40/0x90 [ 114.213624][ T6149] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.213645][ T6149] RIP: 0033:0x7feee059bf79 [ 114.213661][ T6149] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 114.213680][ T6149] RSP: 002b:00007feee13810e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 114.213700][ T6149] RAX: fffffffffffffe00 RBX: 00007feee0816098 RCX: 00007feee059bf79 [ 114.213714][ T6149] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007feee0816098 [ 114.213726][ T6149] RBP: 00007feee0816090 R08: 0000000000000000 R09: 0000000000000000 [ 114.213738][ T6149] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 114.213750][ T6149] R13: 00007feee0816128 R14: 00007fff8d195800 R15: 00007fff8d1958e8 [ 114.213776][ T6149] [ 114.953787][ T6159] FAULT_INJECTION: forcing a failure. [ 114.953787][ T6159] name failslab, interval 1, probability 0, space 0, times 0 [ 114.972053][ T6159] CPU: 0 UID: 0 PID: 6159 Comm: syz.3.71 Tainted: G L syzkaller #0 PREEMPT(full) [ 114.972098][ T6159] Tainted: [L]=SOFTLOCKUP [ 114.972109][ T6159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 114.972128][ T6159] Call Trace: [ 114.972138][ T6159] [ 114.972149][ T6159] dump_stack_lvl+0x100/0x190 [ 114.972200][ T6159] should_fail_ex.cold+0x5/0xa [ 114.972235][ T6159] should_failslab+0xc2/0x120 [ 114.972277][ T6159] ? ima_alloc_init_template+0x19d/0x6d0 [ 114.972326][ T6159] __kmalloc_noprof+0xf6/0x9c0 [ 114.972384][ T6159] ? ima_alloc_init_template+0x19d/0x6d0 [ 114.972434][ T6159] ima_alloc_init_template+0x19d/0x6d0 [ 114.972486][ T6159] ? take_dentry_name_snapshot+0x310/0x7c0 [ 114.972535][ T6159] ima_store_measurement+0x1e3/0x5b0 [ 114.972567][ T6159] ? __pfx_ima_store_measurement+0x10/0x10 [ 114.972595][ T6159] ? release_dentry_name_snapshot+0x3d/0xa0 [ 114.972633][ T6159] ? ima_d_path+0x137/0x260 [ 114.972670][ T6159] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 114.972719][ T6159] process_measurement+0x19db/0x2360 [ 114.972778][ T6159] ? __pfx_process_measurement+0x10/0x10 [ 114.972822][ T6159] ? kasan_save_stack+0x30/0x50 [ 114.972853][ T6159] ? __kasan_slab_alloc+0x89/0x90 [ 114.972896][ T6159] ? find_held_lock+0x2b/0x80 [ 114.972936][ T6159] ? aa_file_perm+0x268/0x1530 [ 114.972974][ T6159] ? aa_file_perm+0x268/0x1530 [ 114.973056][ T6159] ima_file_mmap+0x1be/0x1e0 [ 114.973102][ T6159] ? __pfx_ima_file_mmap+0x10/0x10 [ 114.973158][ T6159] security_mmap_file+0x278/0x9b0 [ 114.973194][ T6159] vm_mmap_pgoff+0xec/0x470 [ 114.973239][ T6159] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 114.973281][ T6159] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 114.973326][ T6159] ? hugetlbfs_get_inode+0x36e/0x6f0 [ 114.973388][ T6159] ksys_mmap_pgoff+0x1c4/0x5b0 [ 114.973434][ T6159] __x64_sys_mmap+0x125/0x190 [ 114.973478][ T6159] do_syscall_64+0x106/0xf80 [ 114.973506][ T6159] ? clear_bhb_loop+0x40/0x90 [ 114.973543][ T6159] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.973573][ T6159] RIP: 0033:0x7f8ccf19bf79 [ 114.973597][ T6159] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 114.973627][ T6159] RSP: 002b:00007f8cd007a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 114.973656][ T6159] RAX: ffffffffffffffda RBX: 00007f8ccf415fa0 RCX: 00007f8ccf19bf79 [ 114.973677][ T6159] RDX: 00004000000000df RSI: 0000000000000004 RDI: 0000000000000000 [ 114.973695][ T6159] RBP: 00007f8ccf2327e0 R08: 0000000000000401 R09: 0000300000000000 [ 114.973715][ T6159] R10: 0000000000040eb1 R11: 0000000000000246 R12: 0000000000000000 [ 114.973734][ T6159] R13: 00007f8ccf416038 R14: 00007f8ccf415fa0 R15: 00007ffd107609a8 [ 114.973775][ T6159] [ 114.974837][ T30] audit: type=1804 audit(1770831107.084:2): pid=6159 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=add_template_measure cause=ENOMEM comm="syz.3.71" name="anon_hugepage" dev="hugetlbfs" ino=10067 res=0 errno=0 [ 115.087901][ T6160] FAULT_INJECTION: forcing a failure. [ 115.087901][ T6160] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 115.359144][ T6160] CPU: 0 UID: 0 PID: 6160 Comm: syz.2.70 Tainted: G L syzkaller #0 PREEMPT(full) [ 115.359199][ T6160] Tainted: [L]=SOFTLOCKUP [ 115.359208][ T6160] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 115.359232][ T6160] Call Trace: [ 115.359241][ T6160] [ 115.359251][ T6160] dump_stack_lvl+0x100/0x190 [ 115.359297][ T6160] should_fail_ex.cold+0x5/0xa [ 115.359321][ T6160] ? prepare_alloc_pages+0x16d/0x5f0 [ 115.359364][ T6160] should_fail_alloc_page+0xeb/0x140 [ 115.359401][ T6160] prepare_alloc_pages+0x1f0/0x5f0 [ 115.359439][ T6160] ? rcu_is_watching+0x12/0xc0 [ 115.359479][ T6160] __alloc_frozen_pages_noprof+0x193/0x2410 [ 115.359515][ T6160] ? __lock_acquire+0x4a5/0x2630 [ 115.359543][ T6160] ? css_rstat_updated+0x1ce/0x5a0 [ 115.359587][ T6160] ? __pfx_css_rstat_updated+0x10/0x10 [ 115.359628][ T6160] ? xas_create+0x1f4/0x14e0 [ 115.359658][ T6160] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 115.359694][ T6160] ? rcu_is_watching+0x12/0xc0 [ 115.359736][ T6160] ? __lock_acquire+0x4a5/0x2630 [ 115.359768][ T6160] ? __lock_acquire+0x4a5/0x2630 [ 115.359795][ T6160] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 115.359837][ T6160] ? policy_nodemask+0xed/0x4f0 [ 115.359874][ T6160] alloc_pages_mpol+0x1fb/0x550 [ 115.359912][ T6160] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 115.359947][ T6160] ? find_held_lock+0x2b/0x80 [ 115.359984][ T6160] ? filemap_get_entry+0x1a7/0x3b0 [ 115.360018][ T6160] ? filemap_get_entry+0x1a7/0x3b0 [ 115.360054][ T6160] folio_alloc_noprof+0x22/0x330 [ 115.360096][ T6160] filemap_alloc_folio_noprof.part.0+0x377/0x450 [ 115.360139][ T6160] ? __pfx_filemap_get_entry+0x10/0x10 [ 115.360169][ T6160] ? filemap_add_folio+0x114/0x690 [ 115.360202][ T6160] ? __pfx_filemap_alloc_folio_noprof.part.0+0x10/0x10 [ 115.360261][ T6160] ? rcu_is_watching+0x12/0xc0 [ 115.360297][ T6160] ? ioctx_alloc+0x1717/0x21e0 [ 115.360334][ T6160] __filemap_get_folio_mpol+0x6a4/0xe70 [ 115.360376][ T6160] ioctx_alloc+0x7a0/0x21e0 [ 115.360425][ T6160] ? __pfx_ioctx_alloc+0x10/0x10 [ 115.360487][ T6160] __x64_sys_io_setup+0xc9/0x220 [ 115.360525][ T6160] do_syscall_64+0x106/0xf80 [ 115.360552][ T6160] ? clear_bhb_loop+0x40/0x90 [ 115.360589][ T6160] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.360620][ T6160] RIP: 0033:0x7f228219bf79 [ 115.360643][ T6160] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 115.360673][ T6160] RSP: 002b:00007f2282fe2028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ce [ 115.360704][ T6160] RAX: ffffffffffffffda RBX: 00007f2282415fa0 RCX: 00007f228219bf79 [ 115.360723][ T6160] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000ffff [ 115.360740][ T6160] RBP: 00007f22822327e0 R08: 0000000000000000 R09: 0000000000000000 [ 115.360758][ T6160] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 115.360775][ T6160] R13: 00007f2282416038 R14: 00007f2282415fa0 R15: 00007ffc9c1d2718 [ 115.360814][ T6160] [ 115.963068][ T6172] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 116.628876][ T6180] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 117.458251][ T6202] FAULT_INJECTION: forcing a failure. [ 117.458251][ T6202] name fail_futex, interval 1, probability 0, space 0, times 0 [ 117.478227][ T6202] CPU: 0 UID: 0 PID: 6202 Comm: syz.2.76 Tainted: G L syzkaller #0 PREEMPT(full) [ 117.478270][ T6202] Tainted: [L]=SOFTLOCKUP [ 117.478280][ T6202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 117.478297][ T6202] Call Trace: [ 117.478306][ T6202] [ 117.478316][ T6202] dump_stack_lvl+0x100/0x190 [ 117.478377][ T6202] should_fail_ex.cold+0x5/0xa [ 117.478408][ T6202] get_futex_key+0x106f/0x1620 [ 117.478458][ T6202] ? __pfx_get_futex_key+0x10/0x10 [ 117.478501][ T6202] ? lock_acquire+0x17c/0x330 [ 117.478542][ T6202] futex_wake+0xea/0x530 [ 117.478580][ T6202] ? __pfx_futex_wake+0x10/0x10 [ 117.478614][ T6202] ? exit_mm_release+0x19/0x30 [ 117.478654][ T6202] do_futex+0x32b/0x350 [ 117.478683][ T6202] ? __pfx_do_futex+0x10/0x10 [ 117.478708][ T6202] ? __might_fault+0xc5/0x140 [ 117.478745][ T6202] mm_release+0x24a/0x2f0 [ 117.478789][ T6202] do_exit+0x675/0x2a30 [ 117.478827][ T6202] ? __pfx_do_exit+0x10/0x10 [ 117.478858][ T6202] ? do_raw_spin_lock+0x128/0x260 [ 117.478892][ T6202] ? find_held_lock+0x2b/0x80 [ 117.478930][ T6202] ? get_signal+0x7e0/0x21e0 [ 117.478978][ T6202] do_group_exit+0xd5/0x2a0 [ 117.479019][ T6202] get_signal+0x1ec7/0x21e0 [ 117.479086][ T6202] ? __pfx_get_signal+0x10/0x10 [ 117.479128][ T6202] ? do_futex+0x192/0x350 [ 117.479157][ T6202] arch_do_signal_or_restart+0x91/0x770 [ 117.479187][ T6202] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 117.479224][ T6202] ? __pfx___x64_sys_futex+0x10/0x10 [ 117.479250][ T6202] ? xfd_validate_state+0x129/0x190 [ 117.479289][ T6202] exit_to_user_mode_loop+0x86/0x4a0 [ 117.479317][ T6202] ? rcu_is_watching+0x12/0xc0 [ 117.479354][ T6202] do_syscall_64+0x668/0xf80 [ 117.479378][ T6202] ? clear_bhb_loop+0x40/0x90 [ 117.479411][ T6202] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.479439][ T6202] RIP: 0033:0x7f228219bf79 [ 117.479466][ T6202] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 117.479492][ T6202] RSP: 002b:00007f2282fc10e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 117.479521][ T6202] RAX: fffffffffffffe00 RBX: 00007f2282416098 RCX: 00007f228219bf79 [ 117.479539][ T6202] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f2282416098 [ 117.479556][ T6202] RBP: 00007f2282416090 R08: 0000000000000000 R09: 0000000000000000 [ 117.479572][ T6202] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 117.479606][ T6202] R13: 00007f2282416128 R14: 00007ffc9c1d2630 R15: 00007ffc9c1d2718 [ 117.479644][ T6202] [ 118.716471][ T6234] : Can't lookup blockdev [ 119.017273][ T6245] random: crng reseeded on system resumption [ 119.100323][ T6253] ptp ptp0: only physical clock in use now [ 122.924805][ T6318] FAULT_INJECTION: forcing a failure. [ 122.924805][ T6318] name failslab, interval 1, probability 0, space 0, times 0 [ 122.941746][ T6318] CPU: 1 UID: 0 PID: 6318 Comm: syz.2.98 Tainted: G L syzkaller #0 PREEMPT(full) [ 122.941791][ T6318] Tainted: [L]=SOFTLOCKUP [ 122.941802][ T6318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 122.941819][ T6318] Call Trace: [ 122.941828][ T6318] [ 122.941839][ T6318] dump_stack_lvl+0x100/0x190 [ 122.941887][ T6318] should_fail_ex.cold+0x5/0xa [ 122.941921][ T6318] should_failslab+0xc2/0x120 [ 122.941960][ T6318] kmem_cache_alloc_noprof+0x83/0x780 [ 122.941994][ T6318] ? d_instantiate+0x90/0xb0 [ 122.942030][ T6318] ? alloc_empty_file+0x55/0x1c0 [ 122.942092][ T6318] ? alloc_empty_file+0x55/0x1c0 [ 122.942131][ T6318] alloc_empty_file+0x55/0x1c0 [ 122.942173][ T6318] alloc_file_pseudo+0x13a/0x230 [ 122.942217][ T6318] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 122.942262][ T6318] ? _raw_spin_unlock+0x28/0x50 [ 122.942308][ T6318] ? alloc_fd+0x476/0x790 [ 122.942344][ T6318] __anon_inode_getfile+0xe8/0x280 [ 122.942407][ T6318] __anon_inode_getfd+0x5c/0xe0 [ 122.942452][ T6318] do_inotify_init+0x483/0x5e0 [ 122.942501][ T6318] __x64_sys_inotify_init1+0x30/0x40 [ 122.942555][ T6318] do_syscall_64+0x106/0xf80 [ 122.942584][ T6318] ? clear_bhb_loop+0x40/0x90 [ 122.942624][ T6318] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.942656][ T6318] RIP: 0033:0x7f228219bf79 [ 122.942681][ T6318] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 122.942711][ T6318] RSP: 002b:00007f2282fc1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000126 [ 122.942741][ T6318] RAX: ffffffffffffffda RBX: 00007f2282416090 RCX: 00007f228219bf79 [ 122.942762][ T6318] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 122.942793][ T6318] RBP: 00007f22822327e0 R08: 0000000000000000 R09: 0000000000000000 [ 122.942811][ T6318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 122.942829][ T6318] R13: 00007f2282416128 R14: 00007f2282416090 R15: 00007ffc9c1d2718 [ 122.942868][ T6318] [ 123.514239][ T6335] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input5 [ 124.099843][ T6336] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input6 [ 124.531768][ T6345] syz.3.104 uses obsolete (PF_INET,SOCK_PACKET) [ 124.741512][ T5142] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 126.399116][ T6382] netlink: 334 bytes leftover after parsing attributes in process `syz.1.113'. [ 130.556947][ T6465] netlink: 16 bytes leftover after parsing attributes in process `syz.0.125'. [ 130.921433][ T6472] syz.1.128(6472): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 131.711986][ T6470] ima: policy update failed [ 131.732714][ T30] audit: type=1802 audit(1770831123.844:3): pid=6470 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.128" res=0 errno=0 [ 133.371596][ T6524] misc userio: Invalid payload size [ 133.479374][ T6529] FAULT_INJECTION: forcing a failure. [ 133.479374][ T6529] name fail_futex, interval 1, probability 0, space 0, times 0 [ 133.540897][ T6529] CPU: 1 UID: 0 PID: 6529 Comm: syz.0.141 Tainted: G L syzkaller #0 PREEMPT(full) [ 133.540938][ T6529] Tainted: [L]=SOFTLOCKUP [ 133.540947][ T6529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 133.540963][ T6529] Call Trace: [ 133.540972][ T6529] [ 133.540982][ T6529] dump_stack_lvl+0x100/0x190 [ 133.541024][ T6529] should_fail_ex.cold+0x5/0xa [ 133.541055][ T6529] get_futex_key+0x1d2/0x1620 [ 133.541102][ T6529] ? __pfx_get_futex_key+0x10/0x10 [ 133.541160][ T6529] futex_wait_setup+0x81/0x500 [ 133.541203][ T6529] __futex_wait+0x19f/0x300 [ 133.541238][ T6529] ? __pfx___futex_wait+0x10/0x10 [ 133.541269][ T6529] ? get_pid_task+0xfc/0x250 [ 133.541301][ T6529] ? __pfx_futex_wake_mark+0x10/0x10 [ 133.541338][ T6529] ? futex_hash+0x2c5/0x380 [ 133.541417][ T6529] futex_wait+0xed/0x380 [ 133.541455][ T6529] ? __pfx_futex_wait+0x10/0x10 [ 133.541514][ T6529] do_futex+0x1ef/0x350 [ 133.541546][ T6529] ? __pfx_do_futex+0x10/0x10 [ 133.541581][ T6529] ? __sys_recvmsg+0x18c/0x220 [ 133.541626][ T6529] __x64_sys_futex+0x34f/0x4d0 [ 133.541664][ T6529] ? __pfx___x64_sys_futex+0x10/0x10 [ 133.541712][ T6529] do_syscall_64+0x106/0xf80 [ 133.541741][ T6529] ? clear_bhb_loop+0x40/0x90 [ 133.541780][ T6529] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.541812][ T6529] RIP: 0033:0x7feee059bf79 [ 133.541837][ T6529] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 133.541867][ T6529] RSP: 002b:00007feee13a20e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 133.541898][ T6529] RAX: ffffffffffffffda RBX: 00007feee0815fa8 RCX: 00007feee059bf79 [ 133.541919][ T6529] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007feee0815fa8 [ 133.541938][ T6529] RBP: 00007feee0815fa0 R08: 0000000000000000 R09: 0000000000000000 [ 133.541958][ T6529] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 133.541976][ T6529] R13: 00007feee0816038 R14: 00007fff8d195800 R15: 00007fff8d1958e8 [ 133.542019][ T6529] [ 134.475534][ T5142] Bluetooth: hci2: unexpected event 0x3e length: 720 > 260 [ 134.511827][ T6548] FAULT_INJECTION: forcing a failure. [ 134.511827][ T6548] name failslab, interval 1, probability 0, space 0, times 0 [ 134.533349][ T6548] CPU: 0 UID: 0 PID: 6548 Comm: syz.1.147 Tainted: G L syzkaller #0 PREEMPT(full) [ 134.533390][ T6548] Tainted: [L]=SOFTLOCKUP [ 134.533400][ T6548] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 134.533416][ T6548] Call Trace: [ 134.533425][ T6548] [ 134.533435][ T6548] dump_stack_lvl+0x100/0x190 [ 134.533481][ T6548] should_fail_ex.cold+0x5/0xa [ 134.533514][ T6548] should_failslab+0xc2/0x120 [ 134.533550][ T6548] kmem_cache_alloc_noprof+0x83/0x780 [ 134.533584][ T6548] ? vm_area_alloc+0x1f/0x160 [ 134.533635][ T6548] ? vm_area_alloc+0x1f/0x160 [ 134.533698][ T6548] vm_area_alloc+0x1f/0x160 [ 134.533757][ T6548] __mmap_region+0x101e/0x2820 [ 134.533808][ T6548] ? __pfx___mmap_region+0x10/0x10 [ 134.533868][ T6548] ? finish_task_switch.isra.0+0x205/0xb80 [ 134.533914][ T6548] ? lockdep_hardirqs_on+0x78/0x100 [ 134.533965][ T6548] ? finish_task_switch.isra.0+0x205/0xb80 [ 134.534092][ T6548] ? mm_get_unmapped_area_vmflags+0xd7/0x130 [ 134.534133][ T6548] ? rcu_is_watching+0x12/0xc0 [ 134.534199][ T6548] mmap_region+0x180/0x3e0 [ 134.534239][ T6548] do_mmap+0xc63/0x12f0 [ 134.534287][ T6548] ? __pfx_do_mmap+0x10/0x10 [ 134.534334][ T6548] ? __pfx_down_write_killable+0x10/0x10 [ 134.534378][ T6548] vm_mmap_pgoff+0x29e/0x470 [ 134.534428][ T6548] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 134.534473][ T6548] ? cap_task_prctl+0x104/0xa50 [ 134.534527][ T6548] ? __x64_sys_futex+0x34f/0x4d0 [ 134.534556][ T6548] ? __x64_sys_futex+0x358/0x4d0 [ 134.534593][ T6548] ksys_mmap_pgoff+0x7d/0x5b0 [ 134.534638][ T6548] __x64_sys_mmap+0x125/0x190 [ 134.534682][ T6548] do_syscall_64+0x106/0xf80 [ 134.534709][ T6548] ? clear_bhb_loop+0x40/0x90 [ 134.534747][ T6548] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 134.534779][ T6548] RIP: 0033:0x7f560319bf79 [ 134.534814][ T6548] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 134.534841][ T6548] RSP: 002b:00007f5603f97028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 134.534868][ T6548] RAX: ffffffffffffffda RBX: 00007f5603415fa0 RCX: 00007f560319bf79 [ 134.534887][ T6548] RDX: 00000000000000df RSI: 0000000000020009 RDI: 0000000000000000 [ 134.534904][ T6548] RBP: 00007f56032327e0 R08: 00040000000000a5 R09: 0000000000008000 [ 134.534923][ T6548] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 134.534940][ T6548] R13: 00007f5603416038 R14: 00007f5603415fa0 R15: 00007ffd95a601c8 [ 134.534979][ T6548] [ 135.047214][ T6556] random: crng reseeded on system resumption [ 135.094960][ T6556] hub 1-0:1.0: USB hub found [ 135.115281][ T6556] hub 1-0:1.0: 1 port detected [ 136.728126][ T6610] netlink: 12 bytes leftover after parsing attributes in process `syz.2.163'. [ 137.015363][ T6611] block nbd8: shutting down sockets [ 138.945846][ T6647] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 139.215479][ T6652] netlink: 4 bytes leftover after parsing attributes in process `syz.3.171'. [ 139.256204][ T6652] netlink: 25 bytes leftover after parsing attributes in process `syz.3.171'. [ 139.301023][ T6652] batman_adv: Routing algorithm '' is not supported [ 140.961049][ T6708] sctp: [Deprecated]: syz.2.180 (pid 6708) Use of struct sctp_assoc_value in delayed_ack socket option. [ 140.961049][ T6708] Use struct sctp_sack_info instead [ 141.620064][ T6721] loop6: detected capacity change from 0 to 4194304 [ 141.913025][ T6725] Invalid ELF header magic: != ELF [ 142.739071][ T6755] netlink: 28 bytes leftover after parsing attributes in process `syz.3.187'. [ 143.139612][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 143.139712][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 143.320913][ T6760] .^: entered promiscuous mode [ 145.001969][ T6812] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input7 [ 146.763748][ T6840] smpboot: CPU 1 is now offline [ 146.824995][ T6828] warning: `syz.1.197' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 148.320410][ T6869] netlink: 330 bytes leftover after parsing attributes in process `syz.0.203'. [ 149.404820][ T6882] netlink: zone id is out of range [ 149.464719][ T6882] netlink: zone id is out of range [ 149.527595][ T6882] netlink: zone id is out of range [ 149.594548][ T6882] netlink: zone id is out of range [ 149.662225][ T6882] netlink: zone id is out of range [ 149.710789][ T6882] netlink: zone id is out of range [ 149.773468][ T6882] netlink: zone id is out of range [ 149.850207][ T6882] netlink: zone id is out of range [ 149.938514][ T6882] netlink: zone id is out of range [ 150.028396][ T6882] netlink: zone id is out of range [ 150.100656][ T6895] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input8 [ 150.965003][ T6913] netlink: 8 bytes leftover after parsing attributes in process `syz.1.211'. [ 151.093438][ T6922] netlink: 28 bytes leftover after parsing attributes in process `syz.3.214'. [ 151.458521][ T6922] veth0_macvtap: left promiscuous mode [ 151.582226][ T6901] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input9 [ 152.222547][ T6917] bridge0: port 3(team0) entered blocking state [ 152.439571][ T6917] bridge0: port 3(team0) entered disabled state [ 152.660600][ T6917] team0: entered allmulticast mode [ 152.904599][ T6917] team_slave_0: entered allmulticast mode [ 153.030497][ T6917] team_slave_1: entered allmulticast mode [ 153.195013][ T6917] team0: entered promiscuous mode [ 153.342735][ T6917] team_slave_0: entered promiscuous mode [ 153.494762][ T6917] team_slave_1: entered promiscuous mode [ 153.501055][ T6917] bridge0: port 3(team0) entered blocking state [ 153.507510][ T6917] bridge0: port 3(team0) entered forwarding state [ 153.886916][ T9] ================================================================== [ 153.895006][ T9] BUG: KASAN: slab-use-after-free in __schedule+0xc8d/0x6000 [ 153.902385][ T9] Read of size 4 at addr ffff8880342680c0 by task kworker/0:0/9 [ 153.910017][ T9] [ 153.912342][ T9] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Tainted: G L syzkaller #0 PREEMPT(full) [ 153.912370][ T9] Tainted: [L]=SOFTLOCKUP [ 153.912377][ T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 153.912393][ T9] Workqueue: 0x0 (events) [ 153.912414][ T9] Call Trace: [ 153.912420][ T9] [ 153.912427][ T9] dump_stack_lvl+0x100/0x190 [ 153.912455][ T9] print_report+0x156/0x4c9 [ 153.912482][ T9] ? __virt_addr_valid+0x81/0x620 [ 153.912504][ T9] ? __phys_addr+0xe8/0x180 [ 153.912525][ T9] ? __schedule+0xc8d/0x6000 [ 153.912553][ T9] kasan_report+0xdf/0x1a0 [ 153.912580][ T9] ? __schedule+0xc8d/0x6000 [ 153.912611][ T9] kasan_check_range+0x10f/0x1e0 [ 153.912638][ T9] __schedule+0xc8d/0x6000 [ 153.912666][ T9] ? __lock_acquire+0x4a5/0x2630 [ 153.912691][ T9] ? __pfx___schedule+0x10/0x10 [ 153.912718][ T9] ? find_held_lock+0x2b/0x80 [ 153.912744][ T9] ? schedule+0x2bf/0x390 [ 153.912774][ T9] schedule+0xdd/0x390 [ 153.912800][ T9] ? worker_thread+0x4ab/0xe40 [ 153.912822][ T9] worker_thread+0x526/0xe40 [ 153.912848][ T9] ? kthread+0x13a/0x450 [ 153.912867][ T9] ? __pfx_worker_thread+0x10/0x10 [ 153.912888][ T9] kthread+0x370/0x450 [ 153.912907][ T9] ? __pfx_kthread+0x10/0x10 [ 153.912928][ T9] ret_from_fork+0x754/0xd80 [ 153.912953][ T9] ? __pfx_ret_from_fork+0x10/0x10 [ 153.912979][ T9] ? __switch_to+0x7b4/0x10c0 [ 153.912996][ T9] ? __pfx_kthread+0x10/0x10 [ 153.913016][ T9] ret_from_fork_asm+0x1a/0x30 [ 153.913041][ T9] [ 153.913048][ T9] [ 154.068965][ T9] Allocated by task 5818: [ 154.073286][ T9] kasan_save_stack+0x30/0x50 [ 154.077961][ T9] kasan_save_track+0x14/0x30 [ 154.082637][ T9] __kasan_slab_alloc+0x89/0x90 [ 154.087484][ T9] kmem_cache_alloc_noprof+0x2ad/0x780 [ 154.092940][ T9] copy_process+0x72ff/0x79b0 [ 154.097614][ T9] kernel_clone+0xfc/0x930 [ 154.102029][ T9] __do_sys_clone+0xd9/0x120 [ 154.106618][ T9] do_syscall_64+0x106/0xf80 [ 154.111213][ T9] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.117104][ T9] [ 154.119417][ T9] Freed by task 6891: [ 154.123392][ T9] kasan_save_stack+0x30/0x50 [ 154.128086][ T9] kasan_save_track+0x14/0x30 [ 154.132760][ T9] kasan_save_free_info+0x3b/0x70 [ 154.137785][ T9] __kasan_slab_free+0x5f/0x80 [ 154.142542][ T9] kmem_cache_free+0x143/0x720 [ 154.147314][ T9] proc_map_release+0xd1/0xf0 [ 154.152013][ T9] __fput+0x3ff/0xb40 [ 154.155997][ T9] task_work_run+0x150/0x240 [ 154.160608][ T9] do_exit+0x829/0x2a30 [ 154.164769][ T9] do_group_exit+0xd5/0x2a0 [ 154.169272][ T9] get_signal+0x1ec7/0x21e0 [ 154.173777][ T9] arch_do_signal_or_restart+0x91/0x770 [ 154.179315][ T9] irqentry_exit+0x1f8/0x670 [ 154.183895][ T9] asm_exc_page_fault+0x26/0x30 [ 154.188744][ T9] [ 154.191062][ T9] The buggy address belongs to the object at ffff888034268000 [ 154.191062][ T9] which belongs to the cache mm_struct of size 2968 [ 154.205108][ T9] The buggy address is located 192 bytes inside of [ 154.205108][ T9] freed 2968-byte region [ffff888034268000, ffff888034268b98) [ 154.219004][ T9] [ 154.221326][ T9] The buggy address belongs to the physical page: [ 154.227733][ T9] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x34268 [ 154.236488][ T9] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 154.244980][ T9] memcg:ffff888076950401 [ 154.249212][ T9] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 154.256755][ T9] page_type: f5(slab) [ 154.260733][ T9] raw: 00fff00000000040 ffff88813ff34b40 ffffea0000c33c00 dead000000000002 [ 154.269316][ T9] raw: 0000000000000000 00000000000a000a 00000000f5000000 ffff888076950401 [ 154.277902][ T9] head: 00fff00000000040 ffff88813ff34b40 ffffea0000c33c00 dead000000000002 [ 154.286573][ T9] head: 0000000000000000 00000000000a000a 00000000f5000000 ffff888076950401 [ 154.295260][ T9] head: 00fff00000000003 ffffea0000d09a01 00000000ffffffff 00000000ffffffff [ 154.303932][ T9] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 154.312612][ T9] page dumped because: kasan: bad access detected [ 154.319014][ T9] page_owner tracks the page as allocated [ 154.324723][ T9] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5195, tgid 5195 (udevd), ts 48527437651, free_ts 48317327375 [ 154.345479][ T9] post_alloc_hook+0x1e1/0x250 [ 154.350263][ T9] get_page_from_freelist+0x111d/0x3140 [ 154.355830][ T9] __alloc_frozen_pages_noprof+0x26c/0x2410 [ 154.361720][ T9] alloc_pages_mpol+0x1fb/0x550 [ 154.366571][ T9] new_slab+0x2c4/0x440 [ 154.370738][ T9] ___slab_alloc+0xdb3/0x1cb0 [ 154.375420][ T9] __slab_alloc.isra.0+0x63/0x110 [ 154.380450][ T9] kmem_cache_alloc_noprof+0x4ec/0x780 [ 154.385910][ T9] copy_process+0x72ff/0x79b0 [ 154.390586][ T9] kernel_clone+0xfc/0x930 [ 154.395005][ T9] __do_sys_clone+0xd9/0x120 [ 154.399598][ T9] do_syscall_64+0x106/0xf80 [ 154.404198][ T9] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.410115][ T9] page last free pid 5265 tgid 5265 stack trace: [ 154.416433][ T9] __free_frozen_pages+0x822/0x1130 [ 154.421638][ T9] __put_partials+0x127/0x160 [ 154.426323][ T9] qlist_free_all+0x47/0xe0 [ 154.430827][ T9] kasan_quarantine_reduce+0x1a0/0x1f0 [ 154.436283][ T9] __kasan_slab_alloc+0x69/0x90 [ 154.441145][ T9] kmem_cache_alloc_noprof+0x2ad/0x780 [ 154.446605][ T9] do_getname_kernel+0x5d/0x250 [ 154.451460][ T9] open_exec+0x16/0x40 [ 154.455543][ T9] load_elf_binary+0x534/0x5110 [ 154.460403][ T9] bprm_execve+0x8fb/0x1620 [ 154.464920][ T9] do_execveat_common.isra.0+0x4a5/0x580 [ 154.470565][ T9] __x64_sys_execve+0x93/0xd0 [ 154.475238][ T9] do_syscall_64+0x106/0xf80 [ 154.479822][ T9] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.485709][ T9] [ 154.488033][ T9] Memory state around the buggy address: [ 154.493648][ T9] ffff888034267f80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 154.501701][ T9] ffff888034268000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 154.509756][ T9] >ffff888034268080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 154.517806][ T9] ^ [ 154.523949][ T9] ffff888034268100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 154.532001][ T9] ffff888034268180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 154.540050][ T9] ================================================================== [ 154.548119][ T9] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 154.555306][ T9] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Tainted: G L syzkaller #0 PREEMPT(full) [ 154.565978][ T9] Tainted: [L]=SOFTLOCKUP [ 154.570290][ T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 154.580353][ T9] Workqueue: 0x0 (events) [ 154.584773][ T9] Call Trace: [ 154.588042][ T9] [ 154.590974][ T9] dump_stack_lvl+0x100/0x190 [ 154.595656][ T9] vpanic+0x20d/0x630 [ 154.599653][ T9] panic+0xd1/0xd1 [ 154.603370][ T9] ? __pfx_panic+0x10/0x10 [ 154.607786][ T9] ? end_report.part.0+0x23/0x90 [ 154.612733][ T9] ? rcu_is_watching+0x12/0xc0 [ 154.617503][ T9] ? end_report.part.0+0x23/0x90 [ 154.622446][ T9] ? check_panic_on_warn+0x1f/0x90 [ 154.627566][ T9] check_panic_on_warn.cold+0x19/0x34 [ 154.632952][ T9] end_report.part.0+0x3a/0x90 [ 154.637725][ T9] kasan_report.cold+0xe/0x18 [ 154.642408][ T9] ? __schedule+0xc8d/0x6000 [ 154.647009][ T9] kasan_check_range+0x10f/0x1e0 [ 154.651953][ T9] __schedule+0xc8d/0x6000 [ 154.656382][ T9] ? __lock_acquire+0x4a5/0x2630 [ 154.661323][ T9] ? __pfx___schedule+0x10/0x10 [ 154.666175][ T9] ? find_held_lock+0x2b/0x80 [ 154.670861][ T9] ? schedule+0x2bf/0x390 [ 154.675202][ T9] schedule+0xdd/0x390 [ 154.679274][ T9] ? worker_thread+0x4ab/0xe40 [ 154.684035][ T9] worker_thread+0x526/0xe40 [ 154.688638][ T9] ? kthread+0x13a/0x450 [ 154.692882][ T9] ? __pfx_worker_thread+0x10/0x10 [ 154.697999][ T9] kthread+0x370/0x450 [ 154.702079][ T9] ? __pfx_kthread+0x10/0x10 [ 154.706669][ T9] ret_from_fork+0x754/0xd80 [ 154.711266][ T9] ? __pfx_ret_from_fork+0x10/0x10 [ 154.716403][ T9] ? __switch_to+0x7b4/0x10c0 [ 154.721087][ T9] ? __pfx_kthread+0x10/0x10 [ 154.725680][ T9] ret_from_fork_asm+0x1a/0x30 [ 154.730457][ T9] [ 154.733530][ T9] Kernel Offset: disabled [ 154.737874][ T9] Rebooting in 86400 seconds..