last executing test programs: 8.881139741s ago: executing program 0 (id=546): r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r0, 0xc004743e, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) set_mempolicy_home_node$auto(0x600000, 0xffffffffffffffff, 0x0, 0x0) r1 = getsockopt$auto(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f0000000100)=0x200039) mknod$auto(&(0x7f00000003c0)=':,\x00\xbd\x80\xd6\x002\xb37\xff\x1a\x9e99\xda\xd1v\'\xc6\xd2Fw;\x00v\xdce\xad\xf4\xdb\xc7\x946\xe4\f\x9el]L+\x06\x130V\x1b,d\x8f\xa0\xabDUdk\xac\x82\\tyQ\xd8j\a\x1a[\xdb\x96\x1f{2\x04\xc5Y\xc1@\x0e\xeeWZ\x94N\xd4\xc8q=\x9b\xd1\x7fR3\xb6`\x00\xb3\xe5|1\xba\r\x85\x89\xfe\xed\xe1\xad`\x92\xc7\x9c\xd7\xd8\x15\t&\xb7\xfc\x82\xc4\xd3J\xae\x810\x19\x14\t\xc2\xa5V\xaa\x8d\x04\xf5\xf3\xd6\xd1\xe9k\xaf\x1a\xc6u\x96\xf7\xaa\x84\x92\x995m\xf9O\xc0\x1e\xa05\xdb\xa5\xae\r\x06\xe6\xc3\xd0\xf8:\xf7\xc5u\x91\xf8\x91\xee\xd8y\xb8\xc1)\xad\x05\xeb\xe9\xab\r\x9a@\aa(\x1a\xa4\xc1\xcf\\\xf0\xc3~\xbbd\x94\x9c\x02\xd4\xfc\xd2`\xd9\x83{-\x81zY\\\xac!#\xea\xba\x86)\xe9\xbc\x82\xf6\xd2\x7f\xdb\xa1\xd5\x89|\xa0O\xfcqZ\x85@A\x90\"\x11L\xdd\xa5\x9f\xf5', 0x20e9, 0x103) open(&(0x7f0000000280)=':,\x00\xbd\x80\xd6\x002\xb37\xff\x1a\x9e99\xda\xd1v\'\xc6\xd2Fw;\x00v\xdce\xad\xf4\xdb\xc7\x946\xe4\f\x9el]L+\x06\x130V\x1b,d\x8f\xa0\xabDUdk\xac\x82\\tyQ\xd8j\a\x1a[\xdb\x96\x1f{2\x04\xc5Y\xc1@\x0e\xeeWZ\x94N\xd4\xc8q=\x9b\xd1\x7fR3\xb6`\x00\xb3\xe5|1\xba\r\x85\x89\xfe\xed\xe1\xad`\x92\xc7\x9c\xd7\xd8\x15\t&\xb7\xfc\x82\xc4\xd3J\xae\x810\x19\x14\t\xc2\xa5V\xaa\x8d\x04\xf5\xf3\xd6\xd1\xe9k\xaf\x1a\xc6u\x96\xf7\xaa\x84\x92\x995m\xf9O\xc0\x1e\xa05\xdb\xa5\xae\r\x06\xe6\xc3\xd0\xf8:\xf7\xc5u\x91\xf8\x91\xee\xd8y\xb8\xc1)\xad\x05\xeb\xe9\xab\r\x9a@\aa(\x1a\xa4\xc1\xcf\\\xf0\xc3~\xbbd\x94\x9c\x02\xd4\xfc\xd2`\xd9\x83{-\x81zY\\\xac!#\xea\xba\x86)\xe9\xbc\x82\xf6\xd2\x7f\xdb\xa1\xd5\x89|\xa0O\xfcqZ\x85@A\x90\"\x11L\xdd\xa5\x9f\xf5\x00', 0x20102, 0x100) preadv2$auto(0x3, &(0x7f0000001000)={0x0, 0xfff5}, 0x5, 0xffffffffffffffff, 0x7, 0x2e) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) migrate_pages$auto(0x0, 0x8, 0x0, &(0x7f00000001c0)=0x7b) mmap$auto(0x0, 0x10005, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) r2 = socket(0x1d, 0x3, 0x1) r3 = socket(0x15, 0x5, 0x0) getdents$auto(r1, &(0x7f0000000000)={0x2, 0x7, 0xfffa, "7704f2ea6fa016174f40c4b33943b670d078c462edb08cb977f7c639d9afb8055885eec59b8f651eeb4251501b11f9ea77e801bbe209404ac65772c88140292ce13fe6"}, 0x8) getsockopt$auto(r3, 0x114, 0x2710, 0xfffffffffffffffc, 0x0) getsockopt$auto(r2, 0x65, 0x7, 0x0, 0x0) mmap$auto(0x0, 0x3fffff, 0x7, 0x11, 0xdd, 0x0) close_range$auto(0x2, 0xa, 0x0) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB="0f0026bd7000fcdbdf9907"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df45"], 0x1ac}}, 0x0) r4 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0xfffffffc, &(0x7f0000000100)={0x0, 0xfbe}, 0x8, 0x0, 0x8, 0x1}, 0x3}, 0xc, 0x4008) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) ioctl$auto(0xffffffffffffffff, 0x8982, 0x1) 8.40020168s ago: executing program 0 (id=547): r0 = pidfd_getfd$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap$auto(0x0, 0x101, 0x4000000000df, 0xeb1, r0, 0x5) write$auto_ocfs2_control_fops_stack_user(0xffffffffffffffff, &(0x7f0000000040)="9bbf5fa9", 0x4) r1 = socket(0x10, 0x2, 0xf) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$auto_NETDEV_CMD_NAPI_GET(r1, 0x0, 0x4000090) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/system/cpu/cpu1/hotplug/target\x00', 0x2, 0x0) pidfd_send_signal$auto_PIDFD_SIGNAL_PROCESS_GROUP(r1, 0x9, &(0x7f0000000080)={@_si_pad}, 0x4) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd7/queue/max_discard_segments\x00', 0x80000, 0x0) read$auto(r4, 0x0, 0x9) write$auto(0x3, 0x0, 0xfdef) write$auto(r3, 0x0, 0xb) write$auto(r2, &(0x7f0000000380)='0\x81=\"\xad/\x8d\b\xf5\x18\xa4\xb0\xb4\xd9\x82=~\x17\xfb&L\xeb=j\a\xf1y\xb3\"\xeb\a\xdd\xf4\xf4Ry\xee\xd7\x1e\x1c\x86\x0f\xcf\x7f\xbf\xab\x12{\xc2\xc2*\xc1M+6/v8\xea\xe9\x85s4\xfe\xe5\t\x7fc\xfb7^\xb86J_\x1d1s!\x01\xff\xff\xff\xff\xff\xff\xff\x1dF\xe6\xf6\x17\x10+\xc0\xb0\xafc\x99\xd4\x150Y~\x1e\xe2\xd6x4fW\x13\xc4U`\x9e-X\xd7\xe2H^\fLS`\xfc\xbb\r\f\x00\xeaN\t\x00\x82;\x7f\xa0.\x9a\xfb\x8d\xf3l\xf2\xd3\x95\xc1M5\xcb\xa6I\x067\xe36\xea\xe9\xe3\xf44oT_`8\xb3\xef\x04 \x05K\xf9\x87pl\xac\x86\nE\xc7e\xc5Q\x89\xcd@\x1c\x92\x00\x87\x976\x9f>\xa2\xcfm\xec\r\x11\x7f\x00\x00\x00\xb1\xde@\x02\xce\x03\xb7\xb1\xfb\x9fr\v\xb2\xe3\xc7\b\x85\x00 /zm\x7f\x8fg,p\a\xc8\x7f\xa5\x87\x02\x87\xbbR=A\x00\x1f\x8a\xa7/Q\"J\xbb\xb0m\xf2SP\x84\x84S\xf0\xba\x9a\xf6\xb6`WI\xba\xba*8\x9f\xea\xe8K/\x98\xbc7~>\x12\x9buB\xcb\xe4\x8aKf\xba\x8c\x19m\xe6I\x02\xde\x80\x9d\x87}\xf4\xbd9\xaa\xd6\xdb1]\xde\xa0r\x14\xca56^\x94\xd2\xd8\xe6}9\x91\xb6\xf7\xa1=\x96\x11\xf1\\\xa91\x0e\xd1\xe4z\xc1;Pw!\x8b\xf5{\xc7Xd\xf1\xf2}\x96EVf\xc9\xa8\xcd\xe4\xc9\x8d\x1d7\xd5\x94\\\xb5\r\xd2\xaa\xe6H\xfe)\xb3a\x04\x1eRMl\xa3F\xa8W0\x90\xc9Ky#\x03\xf5~\xd2Z\xe9(\x99\b\x00\r\xde\x01]\r\xd09k\xc2\x84\xc1\xabN\x96\x8a6\x98@\xd3\xab\xa8m\xdf\x8d\x1d\b\x82\xfcP\x87\x93\x80\x97Q\x86\x8a\x9c\xf8L\x0f\xa8@VE2\x9d\x1e`#\xd8\xd7M\xd4k1\xe6\x13Y\\\x83E\xd0e\x0eM\xa9Q\xac\x0e\x1d]\a\x19H\x81\xd2\xccF\xc6\xd4\xe2R$\xfa\xd6}\xbdsN\x18\xdf\xf5\xffP\xf5\f\xccL\xef\x83\xb3$\xd4\xf4\xb5\xe6\xd0 \xb9\xa7\x8e6\t\x83q\xef\b\xd2\xdb', 0x1) r5 = socket(0x1d, 0x2, 0x7) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, 0x0) bind$auto(0x3, 0x0, 0x6a) sendto$auto(r5, 0x0, 0xc, 0xfffffff8, &(0x7f0000000440)=@tipc=@nameseq={0x1d, 0x1, 0x2, {0x2, 0x0, 0x4}}, 0x36) write$auto(0x3, 0x0, 0xffd8) 7.70802228s ago: executing program 0 (id=550): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) setsockopt$auto(0x3, 0x10000000084, 0x78, 0x0, 0x4) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x323340, 0x0) mmap$auto(0x0, 0x3, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) pidfd_open$auto(0x1, 0x0) r0 = socket(0x2, 0x1, 0x0) setsockopt$auto(r0, 0x6, 0x1f, 0x0, 0x3d) setsockopt$auto(0x4, 0x0, 0x484, 0xfffffffffffffffe, 0x20) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) timer_create$auto(0x9, 0x0, 0x0) read$auto(0x3, 0x0, 0x8080) write$auto(0x3, 0x0, 0xffd8) unshare$auto(0x40000080) process_mrelease$auto(0xffffffffffffffff, 0xa) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) connect$auto(0xffffffffffffffff, 0x0, 0x54) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000180)='/dev/input/event0\x00', 0x40000, 0x0) r2 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, 0x0, 0x2000, 0x0) ioctl$auto_EVIOCGRAB(r1, 0x40044590, &(0x7f0000000000)=0x5) ioctl$auto_EVIOCGMASK(r2, 0x80104592, &(0x7f0000000140)={0x4, 0x800005, 0x400007}) 6.063783871s ago: executing program 2 (id=559): r0 = pidfd_getfd$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap$auto(0x0, 0x101, 0x4000000000df, 0xeb1, r0, 0x5) write$auto_ocfs2_control_fops_stack_user(0xffffffffffffffff, &(0x7f0000000040)="9bbf5fa9", 0x4) r1 = socket(0x10, 0x2, 0xf) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$auto_NETDEV_CMD_NAPI_GET(r1, 0x0, 0x4000090) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/system/cpu/cpu1/hotplug/target\x00', 0x2, 0x0) pidfd_send_signal$auto_PIDFD_SIGNAL_PROCESS_GROUP(r1, 0x9, &(0x7f0000000080)={@_si_pad}, 0x4) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd7/queue/max_discard_segments\x00', 0x80000, 0x0) read$auto(r4, 0x0, 0x9) write$auto(0x3, 0x0, 0xfdef) write$auto(r3, 0x0, 0xb) write$auto(r2, &(0x7f0000000380)='0\x81=\"\xad/\x8d\b\xf5\x18\xa4\xb0\xb4\xd9\x82=~\x17\xfb&L\xeb=j\a\xf1y\xb3\"\xeb\a\xdd\xf4\xf4Ry\xee\xd7\x1e\x1c\x86\x0f\xcf\x7f\xbf\xab\x12{\xc2\xc2*\xc1M+6/v8\xea\xe9\x85s4\xfe\xe5\t\x7fc\xfb7^\xb86J_\x1d1s!\x01\xff\xff\xff\xff\xff\xff\xff\x1dF\xe6\xf6\x17\x10+\xc0\xb0\xafc\x99\xd4\x150Y~\x1e\xe2\xd6x4fW\x13\xc4U`\x9e-X\xd7\xe2H^\fLS`\xfc\xbb\r\f\x00\xeaN\t\x00\x82;\x7f\xa0.\x9a\xfb\x8d\xf3l\xf2\xd3\x95\xc1M5\xcb\xa6I\x067\xe36\xea\xe9\xe3\xf44oT_`8\xb3\xef\x04 \x05K\xf9\x87pl\xac\x86\nE\xc7e\xc5Q\x89\xcd@\x1c\x92\x00\x87\x976\x9f>\xa2\xcfm\xec\r\x11\x7f\x00\x00\x00\xb1\xde@\x02\xce\x03\xb7\xb1\xfb\x9fr\v\xb2\xe3\xc7\b\x85\x00 /zm\x7f\x8fg,p\a\xc8\x7f\xa5\x87\x02\x87\xbbR=A\x00\x1f\x8a\xa7/Q\"J\xbb\xb0m\xf2SP\x84\x84S\xf0\xba\x9a\xf6\xb6`WI\xba\xba*8\x9f\xea\xe8K/\x98\xbc7~>\x12\x9buB\xcb\xe4\x8aKf\xba\x8c\x19m\xe6I\x02\xde\x80\x9d\x87}\xf4\xbd9\xaa\xd6\xdb1]\xde\xa0r\x14\xca56^\x94\xd2\xd8\xe6}9\x91\xb6\xf7\xa1=\x96\x11\xf1\\\xa91\x0e\xd1\xe4z\xc1;Pw!\x8b\xf5{\xc7Xd\xf1\xf2}\x96EVf\xc9\xa8\xcd\xe4\xc9\x8d\x1d7\xd5\x94\\\xb5\r\xd2\xaa\xe6H\xfe)\xb3a\x04\x1eRMl\xa3F\xa8W0\x90\xc9Ky#\x03\xf5~\xd2Z\xe9(\x99\b\x00\r\xde\x01]\r\xd09k\xc2\x84\xc1\xabN\x96\x8a6\x98@\xd3\xab\xa8m\xdf\x8d\x1d\b\x82\xfcP\x87\x93\x80\x97Q\x86\x8a\x9c\xf8L\x0f\xa8@VE2\x9d\x1e`#\xd8\xd7M\xd4k1\xe6\x13Y\\\x83E\xd0e\x0eM\xa9Q\xac\x0e\x1d]\a\x19H\x81\xd2\xccF\xc6\xd4\xe2R$\xfa\xd6}\xbdsN\x18\xdf\xf5\xffP\xf5\f\xccL\xef\x83\xb3$\xd4\xf4\xb5\xe6\xd0 \xb9\xa7\x8e6\t\x83q\xef\b\xd2\xdb', 0x1) r5 = socket(0x1d, 0x2, 0x7) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, 0x0) bind$auto(0x3, &(0x7f0000000040)=@can, 0x6a) sendto$auto(r5, 0x0, 0xc, 0xfffffff8, 0x0, 0x36) write$auto(0x3, 0x0, 0xffd8) 5.651340225s ago: executing program 2 (id=561): r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r0, 0xc004743e, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) set_mempolicy_home_node$auto(0x600000, 0xffffffffffffffff, 0x0, 0x0) r1 = getsockopt$auto(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f0000000100)=0x200039) mknod$auto(&(0x7f00000003c0)=':,\x00\xbd\x80\xd6\x002\xb37\xff\x1a\x9e99\xda\xd1v\'\xc6\xd2Fw;\x00v\xdce\xad\xf4\xdb\xc7\x946\xe4\f\x9el]L+\x06\x130V\x1b,d\x8f\xa0\xabDUdk\xac\x82\\tyQ\xd8j\a\x1a[\xdb\x96\x1f{2\x04\xc5Y\xc1@\x0e\xeeWZ\x94N\xd4\xc8q=\x9b\xd1\x7fR3\xb6`\x00\xb3\xe5|1\xba\r\x85\x89\xfe\xed\xe1\xad`\x92\xc7\x9c\xd7\xd8\x15\t&\xb7\xfc\x82\xc4\xd3J\xae\x810\x19\x14\t\xc2\xa5V\xaa\x8d\x04\xf5\xf3\xd6\xd1\xe9k\xaf\x1a\xc6u\x96\xf7\xaa\x84\x92\x995m\xf9O\xc0\x1e\xa05\xdb\xa5\xae\r\x06\xe6\xc3\xd0\xf8:\xf7\xc5u\x91\xf8\x91\xee\xd8y\xb8\xc1)\xad\x05\xeb\xe9\xab\r\x9a@\aa(\x1a\xa4\xc1\xcf\\\xf0\xc3~\xbbd\x94\x9c\x02\xd4\xfc\xd2`\xd9\x83{-\x81zY\\\xac!#\xea\xba\x86)\xe9\xbc\x82\xf6\xd2\x7f\xdb\xa1\xd5\x89|\xa0O\xfcqZ\x85@A\x90\"\x11L\xdd\xa5\x9f\xf5', 0x20e9, 0x103) open(&(0x7f0000000280)=':,\x00\xbd\x80\xd6\x002\xb37\xff\x1a\x9e99\xda\xd1v\'\xc6\xd2Fw;\x00v\xdce\xad\xf4\xdb\xc7\x946\xe4\f\x9el]L+\x06\x130V\x1b,d\x8f\xa0\xabDUdk\xac\x82\\tyQ\xd8j\a\x1a[\xdb\x96\x1f{2\x04\xc5Y\xc1@\x0e\xeeWZ\x94N\xd4\xc8q=\x9b\xd1\x7fR3\xb6`\x00\xb3\xe5|1\xba\r\x85\x89\xfe\xed\xe1\xad`\x92\xc7\x9c\xd7\xd8\x15\t&\xb7\xfc\x82\xc4\xd3J\xae\x810\x19\x14\t\xc2\xa5V\xaa\x8d\x04\xf5\xf3\xd6\xd1\xe9k\xaf\x1a\xc6u\x96\xf7\xaa\x84\x92\x995m\xf9O\xc0\x1e\xa05\xdb\xa5\xae\r\x06\xe6\xc3\xd0\xf8:\xf7\xc5u\x91\xf8\x91\xee\xd8y\xb8\xc1)\xad\x05\xeb\xe9\xab\r\x9a@\aa(\x1a\xa4\xc1\xcf\\\xf0\xc3~\xbbd\x94\x9c\x02\xd4\xfc\xd2`\xd9\x83{-\x81zY\\\xac!#\xea\xba\x86)\xe9\xbc\x82\xf6\xd2\x7f\xdb\xa1\xd5\x89|\xa0O\xfcqZ\x85@A\x90\"\x11L\xdd\xa5\x9f\xf5\x00', 0x20102, 0x100) preadv2$auto(0x3, &(0x7f0000001000)={0x0, 0xfff5}, 0x5, 0xffffffffffffffff, 0x7, 0x2e) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) migrate_pages$auto(0x0, 0x8, 0x0, &(0x7f00000001c0)=0x7b) mmap$auto(0x0, 0x10005, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) r2 = socket(0x1d, 0x3, 0x1) r3 = socket(0x15, 0x5, 0x0) getdents$auto(r1, &(0x7f0000000000)={0x2, 0x7, 0xfffa, "7704f2ea6fa016174f40c4b33943b670d078c462edb08cb977f7c639d9afb8055885eec59b8f651eeb4251501b11f9ea77e801bbe209404ac65772c88140292ce13fe6"}, 0x8) getsockopt$auto(r3, 0x114, 0x2710, 0xfffffffffffffffc, 0x0) getsockopt$auto(r2, 0x65, 0x7, 0x0, 0x0) mmap$auto(0x0, 0x3fffff, 0x7, 0x11, 0xdd, 0x0) close_range$auto(0x2, 0xa, 0x0) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB="0f0026bd7000fcdbdf9907"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df45"], 0x1ac}}, 0x0) r4 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0xfffffffc, &(0x7f0000000100)={0x0, 0xfbe}, 0x8, 0x0, 0x8, 0x1}, 0x3}, 0xc, 0x4008) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) ioctl$auto(0xffffffffffffffff, 0x8982, 0x1) 5.331809937s ago: executing program 2 (id=563): openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x8001, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) syz_genetlink_get_family_id$auto_ovs_packet(0x0, 0xffffffffffffffff) mmap$auto(0x2000, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) ioctl$auto_PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, &(0x7f000000c380)={0x60, 0x0, 0x100000, 0x7fffffffefff, 0xfffffffffffffffe, 0x1, 0x8, 0xbff, 0x2c, 0x2c, 0x3, 0x2}) syz_genetlink_get_family_id$auto_ovs_packet(0x0, 0xffffffffffffffff) ioctl$auto_SNDCTL_DSP_SETTRIGGER(0xffffffffffffffff, 0x40045010, &(0x7f0000000080)) mlockall$auto(0x800000000000005) futex$auto(0x0, 0x8, 0x3d, 0x0, 0x0, 0x0) mmap$auto(0x0, 0xd, 0x4000000000df, 0xeb1, 0x401, 0x4000000000008000) io_uring_setup$auto(0x1, 0x0) futex$auto(&(0x7f0000000080)=0x1, 0xb, 0x1, 0x0, 0x0, 0xfffffffa) futex$auto(&(0x7f0000000080)=0xfffffffa, 0xc, 0x1, 0x0, 0x0, 0xfffffffa) close_range$auto(0x2, 0x8, 0x0) msync$auto(0x1ffff000, 0x1800000ff000000, 0x400000004) r1 = openat$auto_proc_pid_smaps_operations_internal(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/smaps\x00', 0x42000, 0x0) read$auto_proc_pid_smaps_operations_internal(r1, &(0x7f00000002c0)=""/190, 0xfffffe39) 4.611985231s ago: executing program 0 (id=566): r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x22a01, 0x0) io_uring_setup$auto(0x403, 0x0) getpid() unshare$auto(0x40000080) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) prctl$auto(0x1000000003b, 0x80, 0x4, 0x5, 0x4) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) madvise$auto(0x0, 0x200007, 0x19) getcpu$auto(0xfffffffffffffffc, 0xffffffffffffffff, 0xfffffffffffffffd) fanotify_init$auto(0x65, 0x2) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) unshare$auto(0x20000080) syz_clone3(&(0x7f0000000380)={0x2c022000, 0x0, 0x0, 0x0, {0x1f}, 0x0, 0x0, 0x0, 0x0}, 0x58) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x101001, 0x0) sendmsg$auto_NL80211_CMD_DEL_TX_TS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000200)={&(0x7f0000000700)=ANY=[@ANYBLOB="be5fa68d07f48a2ac184277b44020000", @ANYRES16=0x0, @ANYBLOB="00012cbd7000ffdbdf256a000000220018003eed9b1465d94ee937d70efbcdd93f95cb35b0d61936ae811703d63b6d710000f8012c801c0102800c00008008000100000000000c000080080001000a0000002400008008000200020000000800010001000000080001004800000008000200090000002c000080080002000700000008000200000000000800020006000000080002000d00000008000200040000003c00008008000100010400000800020000020000080001000700000008000200001000000800010008000000080001000700000008000100080000001c000080080001000600000008000100fdffffff080001006d1effff0c000080080002005204000024000080080001000400000008000200070000000800020004000000080002000200000004000080240000800800010002bb0000080002000900000008000200190b00000800020020000000d80002803400008008000200ce1978490800020009000000080001000001000008000200000000000800020000000000080001009bc50000340000800800010018000000080001000400000008000200ff070000080002000700000008"], 0x244}, 0x1, 0x0, 0x0, 0x24040081}, 0x40094) sendmsg$auto_NL802154_CMD_NEW_SEC_DEVKEY(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x34, 0x0, 0x20, 0x70bd2d, 0x25dfdbff, {}, [@NL802154_ATTR_CCA_OPT={0x8, 0xd, 0x3}, @NL802154_ATTR_ACKREQ_DEFAULT={0x5, 0x1a, 0x1}, @NL802154_ATTR_MAX_ASSOCIATIONS={0x8, 0x27, 0x7f}, @NL802154_ATTR_SEC_FRAME_COUNTER={0x8, 0x2c, 0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x4}, 0x8000) pread64$auto(0xffffffffffffffff, &(0x7f0000000240)='\x03W\x96l\x15\x00\x00\x00\x00\xf4\x00'/21, 0x100000002, 0x100000001) 3.811667292s ago: executing program 1 (id=569): r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r0, 0xc004743e, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) set_mempolicy_home_node$auto(0x600000, 0xffffffffffffffff, 0x0, 0x0) r1 = getsockopt$auto(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f0000000100)=0x200039) mknod$auto(&(0x7f00000003c0)=':,\x00\xbd\x80\xd6\x002\xb37\xff\x1a\x9e99\xda\xd1v\'\xc6\xd2Fw;\x00v\xdce\xad\xf4\xdb\xc7\x946\xe4\f\x9el]L+\x06\x130V\x1b,d\x8f\xa0\xabDUdk\xac\x82\\tyQ\xd8j\a\x1a[\xdb\x96\x1f{2\x04\xc5Y\xc1@\x0e\xeeWZ\x94N\xd4\xc8q=\x9b\xd1\x7fR3\xb6`\x00\xb3\xe5|1\xba\r\x85\x89\xfe\xed\xe1\xad`\x92\xc7\x9c\xd7\xd8\x15\t&\xb7\xfc\x82\xc4\xd3J\xae\x810\x19\x14\t\xc2\xa5V\xaa\x8d\x04\xf5\xf3\xd6\xd1\xe9k\xaf\x1a\xc6u\x96\xf7\xaa\x84\x92\x995m\xf9O\xc0\x1e\xa05\xdb\xa5\xae\r\x06\xe6\xc3\xd0\xf8:\xf7\xc5u\x91\xf8\x91\xee\xd8y\xb8\xc1)\xad\x05\xeb\xe9\xab\r\x9a@\aa(\x1a\xa4\xc1\xcf\\\xf0\xc3~\xbbd\x94\x9c\x02\xd4\xfc\xd2`\xd9\x83{-\x81zY\\\xac!#\xea\xba\x86)\xe9\xbc\x82\xf6\xd2\x7f\xdb\xa1\xd5\x89|\xa0O\xfcqZ\x85@A\x90\"\x11L\xdd\xa5\x9f\xf5', 0x20e9, 0x103) open(&(0x7f0000000280)=':,\x00\xbd\x80\xd6\x002\xb37\xff\x1a\x9e99\xda\xd1v\'\xc6\xd2Fw;\x00v\xdce\xad\xf4\xdb\xc7\x946\xe4\f\x9el]L+\x06\x130V\x1b,d\x8f\xa0\xabDUdk\xac\x82\\tyQ\xd8j\a\x1a[\xdb\x96\x1f{2\x04\xc5Y\xc1@\x0e\xeeWZ\x94N\xd4\xc8q=\x9b\xd1\x7fR3\xb6`\x00\xb3\xe5|1\xba\r\x85\x89\xfe\xed\xe1\xad`\x92\xc7\x9c\xd7\xd8\x15\t&\xb7\xfc\x82\xc4\xd3J\xae\x810\x19\x14\t\xc2\xa5V\xaa\x8d\x04\xf5\xf3\xd6\xd1\xe9k\xaf\x1a\xc6u\x96\xf7\xaa\x84\x92\x995m\xf9O\xc0\x1e\xa05\xdb\xa5\xae\r\x06\xe6\xc3\xd0\xf8:\xf7\xc5u\x91\xf8\x91\xee\xd8y\xb8\xc1)\xad\x05\xeb\xe9\xab\r\x9a@\aa(\x1a\xa4\xc1\xcf\\\xf0\xc3~\xbbd\x94\x9c\x02\xd4\xfc\xd2`\xd9\x83{-\x81zY\\\xac!#\xea\xba\x86)\xe9\xbc\x82\xf6\xd2\x7f\xdb\xa1\xd5\x89|\xa0O\xfcqZ\x85@A\x90\"\x11L\xdd\xa5\x9f\xf5\x00', 0x20102, 0x100) preadv2$auto(0x3, &(0x7f0000001000)={0x0, 0xfff5}, 0x5, 0xffffffffffffffff, 0x7, 0x2e) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) migrate_pages$auto(0x0, 0x8, 0x0, &(0x7f00000001c0)=0x7b) mmap$auto(0x0, 0x10005, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) r2 = socket(0x1d, 0x3, 0x1) r3 = socket(0x15, 0x5, 0x0) getdents$auto(r1, &(0x7f0000000000)={0x2, 0x7, 0xfffa, "7704f2ea6fa016174f40c4b33943b670d078c462edb08cb977f7c639d9afb8055885eec59b8f651eeb4251501b11f9ea77e801bbe209404ac65772c88140292ce13fe6"}, 0x8) getsockopt$auto(r3, 0x114, 0x2710, 0xfffffffffffffffc, 0x0) getsockopt$auto(r2, 0x65, 0x7, 0x0, 0x0) mmap$auto(0x0, 0x3fffff, 0x7, 0x11, 0xdd, 0x0) close_range$auto(0x2, 0xa, 0x0) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB="0f0026bd7000fcdbdf9907"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df45"], 0x1ac}}, 0x0) r4 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0xfffffffc, &(0x7f0000000100)={0x0, 0xfbe}, 0x8, 0x0, 0x8, 0x1}, 0x3}, 0xc, 0x4008) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) ioctl$auto(0xffffffffffffffff, 0x8982, 0x1) 3.743079163s ago: executing program 3 (id=570): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) socket(0x10, 0x2, 0x14) socket(0x11, 0x80003, 0x300) socket(0x1d, 0x2, 0x7) socket(0x2, 0x1, 0x0) socket(0x1d, 0x2, 0x7) socket(0xa, 0x2, 0x73) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x0) pidfd_open$auto(0x1, 0x0) socket(0x10, 0x2, 0x14) socket(0x11, 0x80003, 0x300) socket(0x1d, 0x2, 0x7) socket(0x2, 0x1, 0x0) socket(0x10, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x0) socket(0xa, 0x5, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/bus/usb/drivers/usbip-host/match_busid\x00', 0x28b42, 0x0) r0 = socket(0x10, 0x2, 0x14) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r0, &(0x7f0000003000)={0x0, 0x0, &(0x7f0000002fc0)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000000a14"], 0x14}, 0x1, 0x0, 0x0, 0x80c3}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="7201", @ANYRES8=r0], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4c084}, 0x51) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x2}, 0x3, 0x0) 3.605607901s ago: executing program 2 (id=571): mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) close_range$auto(0x2, 0x8, 0x0) open$dir(&(0x7f0000000000)='./file0\x00', 0x8000, 0x88) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000002080)='/dev/ptyd8\x00', 0x480, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/cifs/smbd_send_credit_target\x00', 0x28102, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x800) mmap$auto(0xffffffffffffffff, 0x3, 0xa, 0xeb3, 0x401, 0x19) madvise$auto(0xf5, 0xffffffffffff0001, 0x15) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/dummy_hcd.7/usb8/power/wakeup_total_time_ms\x00', 0x0, 0x0) socket(0x11, 0x1, 0x7) openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/006/001\x00', 0x0, 0x0) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f00000000c0), 0x222680, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_LIST(0xffffffffffffffff, 0xc0505510, &(0x7f0000000300)={0xe93, 0x0, 0x7e, @inferred, 0x0, "5b00dc7f39ab3a9ebe9a1c90ffd3ef164a91f61cd775725e3b755117d9f43f0e1acefdffea4279989432d92356e73deb93f1"}) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/bus/usb/002/001\x00', 0x400000, 0x0) listmount$auto(&(0x7f00000001c0)={0x0, @inferred=r0, 0x4, 0xc, 0x9}, &(0x7f0000000280)=0x9e9, 0x8000, 0x9) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) socketpair$auto(0x8001, 0x8, 0x8000, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) ioctl$auto_TIOCSTI2(r1, 0x5412, 0x0) 3.478949467s ago: executing program 1 (id=572): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x2, 0x0) r0 = socket(0xa, 0x801, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x11}}, 0x54) getsockopt$auto(r0, 0x84, 0x1, 0x0, &(0x7f0000000280)=0x1000c0) mmap$auto(0x4, 0xa, 0x4000000000df, 0x10000000eb1, r0, 0x8000) socket(0xa, 0x2, 0x73) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x201, 0x0) write$auto_seq_oss_f_ops_seq_oss(r1, &(0x7f0000000740)="9729facfa507ec17e671250eb63e3b4643a15185858e1926aa9714b851b846a2d1da2df5da43982b9c23e01b488f3d0386c1568864c51e67d549333f7ded20c817a63fa0b76c502e681f3f188908bb69fd2c6abc82dab8d5178580fe430e8d4dcf164474f52dbaad3cb0e4fab7251eb597f32712537ebd3600958999b1c9be17381a7fc6eeb7d5779292b8e45150cd8b018fab763375f09bd15d7bf98c412c69aca4d718757df266a686e4f8a8cf507f21f3e04c1148782a81d6359d68bc3150edc538a69a39e4c1c845830fbc403ffe8c0de34c1421714031b288b89b957b6de556d901223a12f387ad34342a1f95d7684987834076c5e0454adab11d515d8908c593dcb1e6e3417d7e3fb7ed3276507c475a60572ea0d7bb1bb5b2681eca89e2616a601d3b784a845c1fdb366625fd76e2c9262fe5043e0005dda4e22a9892c006b336567a2205b843a2ce65ff64536d1a3fc808308214db380bd615fd1da1e10a35bf410c1bcb7ee2dd94a512240a60b3da7cc5d35504c5bf8dcb2470818607e8bcee7c35c78635a6353227dd64d5fae70e4561c6cb165737b8975c5d59f31676b1bebf68f60faee32521e6edd97b508619b35980744e60f0060171a260604207bb8c22509fdd296fe87f13cbc4f0d52e425b0e9bd9beac5d4bc50445d0ed450f328988e43a2c6fd1c9788209bd55b96b636c53a5552fcf15d9357a57b844781af7fb0c67e4074746bb95bf051899c18d38538d937c23d1c519e0da3e8f3947702ca81ac3b69767b53915e0683bf181ad3edf72be1689bd675659c7c8f1a9c9d5b61642d71d2387e25e358fa65250f60a6789c50275b4c93b50a86123e0fb7d67e9e4d0f44869860046c21551436142338fba4d5a32c663939a2f4decb5f6e58da8b5bf5efef228a6dbd55a627307485d7020b49b9c9cd069e5b22048a57c7c3987c6b2b1f53435974f41a018c7561f80333499783d0e952ee1682f733aa89195fb0fe1132eb00645ebbd279058f853691a0f0ae0869f72b3099949d2e3fc0b54f43112e3136b5164429d16d2d0d27df08565ff797f0b8aeacb56b9af00f865b9e7726afa9084d8e9460cfbb6b30d8104cad7da375867", 0x318) socket(0x2, 0x80002, 0x73) socketpair$auto(0x10800, 0x4, 0xfffffffd, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r2 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio23\x00', 0x5e7782, 0x0) ioctl$auto(r2, 0xc0285629, r2) ptrace$auto(0x10, 0x0, 0x4, 0x7ff) ptrace$auto_PTRACE_GETEVENTMSG(0x4201, 0x0, 0x8, 0x68f8000000000002) mmap$auto(0x0, 0x8, 0x1000000004, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) r3 = socket(0x11, 0x3, 0x2) sendmmsg$auto(r3, &(0x7f00000001c0)={{&(0x7f0000000000), 0x5aa, &(0x7f0000000100)={&(0x7f0000000040), 0x10}, 0x2, &(0x7f0000000140), 0x8, 0x1}, 0x5}, 0x2, 0x101) 3.455516751s ago: executing program 3 (id=573): openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x8001, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) syz_genetlink_get_family_id$auto_ovs_packet(0x0, 0xffffffffffffffff) mmap$auto(0x2000, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) ioctl$auto_PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, &(0x7f000000c380)={0x60, 0x0, 0x100000, 0x7fffffffefff, 0xfffffffffffffffe, 0x1, 0x8, 0xbff, 0x2c, 0x2c, 0x3, 0x2}) ioctl$auto_SNDCTL_DSP_SETTRIGGER(0xffffffffffffffff, 0x40045010, &(0x7f0000000080)) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) mlockall$auto(0x800000000000005) futex$auto(0x0, 0x8, 0x3d, 0x0, 0x0, 0x0) mmap$auto(0x0, 0xd, 0x4000000000df, 0xeb1, 0x401, 0x4000000000008000) io_uring_setup$auto(0x1, 0x0) futex$auto(&(0x7f0000000080)=0x1, 0xb, 0x1, 0x0, 0x0, 0xfffffffa) futex$auto(&(0x7f0000000080)=0xfffffffa, 0xc, 0x1, 0x0, 0x0, 0xfffffffa) close_range$auto(0x2, 0x8, 0x0) msync$auto(0x1ffff000, 0x1800000ff000000, 0x400000004) r1 = openat$auto_proc_pid_smaps_operations_internal(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/smaps\x00', 0x42000, 0x0) read$auto_proc_pid_smaps_operations_internal(r1, &(0x7f00000002c0)=""/190, 0xfffffe39) 3.334563787s ago: executing program 2 (id=574): openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) rseq$auto(0x0, 0x8002, 0x0, 0x6) rseq$auto(&(0x7f0000000300)={0x9, 0x401, 0x0, 0x20000006, 0x200}, 0x8002, 0x0, 0xb) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sysfs$auto(0x2, 0x42, 0x0) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001d00), 0xffffffffffffffff) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x2401, 0x0) clock_adjtime$auto(0x0, &(0x7f0000000040)={0xfbb, 0x0, 0x7f, 0xfffffffff7fffffe, 0x602, 0x8, 0xb, 0x0, 0x7, 0xb, 0x1, {0x3ff, 0x7}, 0xfffffffffffffffa, 0x200000a5, 0xa, 0x0, 0x0, 0xc3, 0x7, 0x40, 0x5, 0x90, 0xfffffff8}) close_range$auto(0x2, 0x8, 0x0) r0 = memfd_create$auto(0x0, 0xe) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r1, &(0x7f0000000000)='//\xf2\x00', 0x80000000) mmap$auto(0x0, 0x810006, 0xffb, 0x8000000008011, 0x3, 0x0) shmctl$auto_SHM_INFO(0x6, 0xe, 0x0) read$auto_proc_pid_attr_operations_base(r0, &(0x7f0000000180)=""/196, 0xc4) msync$auto(0x0, 0xe0, 0x6) r2 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000040), 0x8006, 0x0) timer_create$auto(0x3, 0x0, 0x0) exit$auto(0x6) timer_delete$auto(0x0) ioctl$auto_PPPIOCSMRU(r2, 0xc004743e, 0x0) ioctl$auto_PPPIOCSFLAGS(r2, 0x40047459, 0x0) 3.295633755s ago: executing program 1 (id=575): openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x8001, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) syz_genetlink_get_family_id$auto_ovs_packet(0x0, 0xffffffffffffffff) mmap$auto(0x2000, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) ioctl$auto_PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, &(0x7f000000c380)={0x60, 0x0, 0x100000, 0x7fffffffefff, 0xfffffffffffffffe, 0x1, 0x8, 0xbff, 0x2c, 0x2c, 0x3, 0x2}) syz_genetlink_get_family_id$auto_ovs_packet(0x0, 0xffffffffffffffff) ioctl$auto_SNDCTL_DSP_SETTRIGGER(0xffffffffffffffff, 0x40045010, &(0x7f0000000080)) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) futex$auto(0x0, 0x8, 0x3d, 0x0, 0x0, 0x0) mmap$auto(0x0, 0xd, 0x4000000000df, 0xeb1, 0x401, 0x4000000000008000) io_uring_setup$auto(0x1, 0x0) futex$auto(&(0x7f0000000080)=0x1, 0xb, 0x1, 0x0, 0x0, 0xfffffffa) futex$auto(&(0x7f0000000080)=0xfffffffa, 0xc, 0x1, 0x0, 0x0, 0xfffffffa) close_range$auto(0x2, 0x8, 0x0) msync$auto(0x1ffff000, 0x1800000ff000000, 0x400000004) r1 = openat$auto_proc_pid_smaps_operations_internal(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/smaps\x00', 0x42000, 0x0) read$auto_proc_pid_smaps_operations_internal(r1, &(0x7f00000002c0)=""/190, 0xfffffe39) 2.04891998s ago: executing program 3 (id=576): r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r0, 0xc004743e, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) set_mempolicy_home_node$auto(0x600000, 0xffffffffffffffff, 0x0, 0x0) r1 = getsockopt$auto(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f0000000100)=0x200039) mknod$auto(&(0x7f00000003c0)=':,\x00\xbd\x80\xd6\x002\xb37\xff\x1a\x9e99\xda\xd1v\'\xc6\xd2Fw;\x00v\xdce\xad\xf4\xdb\xc7\x946\xe4\f\x9el]L+\x06\x130V\x1b,d\x8f\xa0\xabDUdk\xac\x82\\tyQ\xd8j\a\x1a[\xdb\x96\x1f{2\x04\xc5Y\xc1@\x0e\xeeWZ\x94N\xd4\xc8q=\x9b\xd1\x7fR3\xb6`\x00\xb3\xe5|1\xba\r\x85\x89\xfe\xed\xe1\xad`\x92\xc7\x9c\xd7\xd8\x15\t&\xb7\xfc\x82\xc4\xd3J\xae\x810\x19\x14\t\xc2\xa5V\xaa\x8d\x04\xf5\xf3\xd6\xd1\xe9k\xaf\x1a\xc6u\x96\xf7\xaa\x84\x92\x995m\xf9O\xc0\x1e\xa05\xdb\xa5\xae\r\x06\xe6\xc3\xd0\xf8:\xf7\xc5u\x91\xf8\x91\xee\xd8y\xb8\xc1)\xad\x05\xeb\xe9\xab\r\x9a@\aa(\x1a\xa4\xc1\xcf\\\xf0\xc3~\xbbd\x94\x9c\x02\xd4\xfc\xd2`\xd9\x83{-\x81zY\\\xac!#\xea\xba\x86)\xe9\xbc\x82\xf6\xd2\x7f\xdb\xa1\xd5\x89|\xa0O\xfcqZ\x85@A\x90\"\x11L\xdd\xa5\x9f\xf5', 0x20e9, 0x103) open(&(0x7f0000000280)=':,\x00\xbd\x80\xd6\x002\xb37\xff\x1a\x9e99\xda\xd1v\'\xc6\xd2Fw;\x00v\xdce\xad\xf4\xdb\xc7\x946\xe4\f\x9el]L+\x06\x130V\x1b,d\x8f\xa0\xabDUdk\xac\x82\\tyQ\xd8j\a\x1a[\xdb\x96\x1f{2\x04\xc5Y\xc1@\x0e\xeeWZ\x94N\xd4\xc8q=\x9b\xd1\x7fR3\xb6`\x00\xb3\xe5|1\xba\r\x85\x89\xfe\xed\xe1\xad`\x92\xc7\x9c\xd7\xd8\x15\t&\xb7\xfc\x82\xc4\xd3J\xae\x810\x19\x14\t\xc2\xa5V\xaa\x8d\x04\xf5\xf3\xd6\xd1\xe9k\xaf\x1a\xc6u\x96\xf7\xaa\x84\x92\x995m\xf9O\xc0\x1e\xa05\xdb\xa5\xae\r\x06\xe6\xc3\xd0\xf8:\xf7\xc5u\x91\xf8\x91\xee\xd8y\xb8\xc1)\xad\x05\xeb\xe9\xab\r\x9a@\aa(\x1a\xa4\xc1\xcf\\\xf0\xc3~\xbbd\x94\x9c\x02\xd4\xfc\xd2`\xd9\x83{-\x81zY\\\xac!#\xea\xba\x86)\xe9\xbc\x82\xf6\xd2\x7f\xdb\xa1\xd5\x89|\xa0O\xfcqZ\x85@A\x90\"\x11L\xdd\xa5\x9f\xf5\x00', 0x20102, 0x100) preadv2$auto(0x3, &(0x7f0000001000)={0x0, 0xfff5}, 0x5, 0xffffffffffffffff, 0x7, 0x2e) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) migrate_pages$auto(0x0, 0x8, 0x0, &(0x7f00000001c0)=0x7b) mmap$auto(0x0, 0x10005, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) r2 = socket(0x1d, 0x3, 0x1) r3 = socket(0x15, 0x5, 0x0) getdents$auto(r1, &(0x7f0000000000)={0x2, 0x7, 0xfffa, "7704f2ea6fa016174f40c4b33943b670d078c462edb08cb977f7c639d9afb8055885eec59b8f651eeb4251501b11f9ea77e801bbe209404ac65772c88140292ce13fe6"}, 0x8) getsockopt$auto(r3, 0x114, 0x2710, 0xfffffffffffffffc, 0x0) getsockopt$auto(r2, 0x65, 0x7, 0x0, 0x0) mmap$auto(0x0, 0x3fffff, 0x7, 0x11, 0xdd, 0x0) close_range$auto(0x2, 0xa, 0x0) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB="0f0026bd7000fcdbdf9907"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df45"], 0x1ac}}, 0x0) r4 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0xfffffffc, &(0x7f0000000100)={0x0, 0xfbe}, 0x8, 0x0, 0x8, 0x1}, 0x3}, 0xc, 0x4008) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) ioctl$auto(0xffffffffffffffff, 0x8982, 0x1) 1.818735208s ago: executing program 1 (id=577): r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r0, 0xc004743e, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) set_mempolicy_home_node$auto(0x600000, 0xffffffffffffffff, 0x0, 0x0) r1 = getsockopt$auto(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f0000000100)=0x200039) mknod$auto(&(0x7f00000003c0)=':,\x00\xbd\x80\xd6\x002\xb37\xff\x1a\x9e99\xda\xd1v\'\xc6\xd2Fw;\x00v\xdce\xad\xf4\xdb\xc7\x946\xe4\f\x9el]L+\x06\x130V\x1b,d\x8f\xa0\xabDUdk\xac\x82\\tyQ\xd8j\a\x1a[\xdb\x96\x1f{2\x04\xc5Y\xc1@\x0e\xeeWZ\x94N\xd4\xc8q=\x9b\xd1\x7fR3\xb6`\x00\xb3\xe5|1\xba\r\x85\x89\xfe\xed\xe1\xad`\x92\xc7\x9c\xd7\xd8\x15\t&\xb7\xfc\x82\xc4\xd3J\xae\x810\x19\x14\t\xc2\xa5V\xaa\x8d\x04\xf5\xf3\xd6\xd1\xe9k\xaf\x1a\xc6u\x96\xf7\xaa\x84\x92\x995m\xf9O\xc0\x1e\xa05\xdb\xa5\xae\r\x06\xe6\xc3\xd0\xf8:\xf7\xc5u\x91\xf8\x91\xee\xd8y\xb8\xc1)\xad\x05\xeb\xe9\xab\r\x9a@\aa(\x1a\xa4\xc1\xcf\\\xf0\xc3~\xbbd\x94\x9c\x02\xd4\xfc\xd2`\xd9\x83{-\x81zY\\\xac!#\xea\xba\x86)\xe9\xbc\x82\xf6\xd2\x7f\xdb\xa1\xd5\x89|\xa0O\xfcqZ\x85@A\x90\"\x11L\xdd\xa5\x9f\xf5', 0x20e9, 0x103) open(&(0x7f0000000280)=':,\x00\xbd\x80\xd6\x002\xb37\xff\x1a\x9e99\xda\xd1v\'\xc6\xd2Fw;\x00v\xdce\xad\xf4\xdb\xc7\x946\xe4\f\x9el]L+\x06\x130V\x1b,d\x8f\xa0\xabDUdk\xac\x82\\tyQ\xd8j\a\x1a[\xdb\x96\x1f{2\x04\xc5Y\xc1@\x0e\xeeWZ\x94N\xd4\xc8q=\x9b\xd1\x7fR3\xb6`\x00\xb3\xe5|1\xba\r\x85\x89\xfe\xed\xe1\xad`\x92\xc7\x9c\xd7\xd8\x15\t&\xb7\xfc\x82\xc4\xd3J\xae\x810\x19\x14\t\xc2\xa5V\xaa\x8d\x04\xf5\xf3\xd6\xd1\xe9k\xaf\x1a\xc6u\x96\xf7\xaa\x84\x92\x995m\xf9O\xc0\x1e\xa05\xdb\xa5\xae\r\x06\xe6\xc3\xd0\xf8:\xf7\xc5u\x91\xf8\x91\xee\xd8y\xb8\xc1)\xad\x05\xeb\xe9\xab\r\x9a@\aa(\x1a\xa4\xc1\xcf\\\xf0\xc3~\xbbd\x94\x9c\x02\xd4\xfc\xd2`\xd9\x83{-\x81zY\\\xac!#\xea\xba\x86)\xe9\xbc\x82\xf6\xd2\x7f\xdb\xa1\xd5\x89|\xa0O\xfcqZ\x85@A\x90\"\x11L\xdd\xa5\x9f\xf5\x00', 0x20102, 0x100) preadv2$auto(0x3, &(0x7f0000001000)={0x0, 0xfff5}, 0x5, 0xffffffffffffffff, 0x7, 0x2e) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) migrate_pages$auto(0x0, 0x8, 0x0, &(0x7f00000001c0)=0x7b) mmap$auto(0x0, 0x10005, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) r2 = socket(0x1d, 0x3, 0x1) r3 = socket(0x15, 0x5, 0x0) getdents$auto(r1, &(0x7f0000000000)={0x2, 0x7, 0xfffa, "7704f2ea6fa016174f40c4b33943b670d078c462edb08cb977f7c639d9afb8055885eec59b8f651eeb4251501b11f9ea77e801bbe209404ac65772c88140292ce13fe6"}, 0x8) getsockopt$auto(r3, 0x114, 0x2710, 0xfffffffffffffffc, 0x0) getsockopt$auto(r2, 0x65, 0x7, 0x0, 0x0) mmap$auto(0x0, 0x3fffff, 0x7, 0x11, 0xdd, 0x0) close_range$auto(0x2, 0xa, 0x0) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB="0f0026bd7000fcdbdf9907"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df45"], 0x1ac}}, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0xfffffffc, &(0x7f0000000100)={0x0, 0xfbe}, 0x8, 0x0, 0x8, 0x1}, 0x3}, 0xc, 0x4008) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) ioctl$auto(0xffffffffffffffff, 0x8982, 0x1) 1.765580479s ago: executing program 3 (id=578): r0 = epoll_create1$auto(0x9) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/system/node/node0/hugepages/hugepages-1048576kB/demote\x00', 0x1, 0x0) write$auto(r1, &(0x7f0000000000)='9\x00d1L\xff\x15\xba\xa17=(\xc1\xf8\xff\xff\v\xb5^\xa1/[', 0x8) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x14) r2 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000200), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = getpid() sendmsg$auto_OVS_FLOW_CMD_GET(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000015c0)={0x30, r2, 0x1, 0x70bd2c, 0x25dfdbfb, {}, [@OVS_FLOW_ATTR_PROBE={0x4}, @OVS_FLOW_ATTR_KEY={0x14, 0x1, 0x0, 0x1, [@nested={0x10, 0x1d, 0x0, 0x1, [@nested={0xc, 0x8, 0x0, 0x1, [@typed={0x8, 0x9b, 0x0, 0x0, @pid=r4}]}]}]}, @OVS_FLOW_ATTR_PROBE={0x4}]}, 0x30}, 0x1, 0x0, 0x0, 0x24040070}, 0x800) migrate_pages$auto(r4, 0xff, &(0x7f0000000280)=0x4, &(0x7f00000002c0)=0x12) setsockopt$auto(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) close_range$auto(0x2, 0x8, 0x0) close_range$auto(r0, 0x8, 0xffffffbf) r5 = ioctl$auto_NS_GET_TGID_IN_PIDNS(r0, 0x8004b709, &(0x7f0000000000)=0x10000) fstat$auto(r0, &(0x7f0000000040)={0x3, 0x400000, 0x0, 0x8, 0xee00, 0xee01, 0x0, 0x5, 0x3, 0x3, 0x7, 0x3, 0x3, 0x1ff, 0x4, 0x8, 0x51b}) r7 = socket(0x10, 0x3, 0x6) r8 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001200)={0x114, r8, 0x1, 0x70bd2d, 0x25dfdbfe, {}, [@ETHTOOL_A_LINKMODES_OURS={0x100, 0x3, 0x0, 0x1, [@typed={0x8, 0xc2, 0x0, 0x0, @ipv4=@multicast2}, @typed={0x4, 0x2a}, @typed={0x4, 0x11}, @typed={0x8, 0x2e, 0x0, 0x0, @fd=r7}, @generic="d152e64e22695352dd73864415aa8a78c65e6ab752fb4d469a47a092ae7d5061cdd9690cac4138553ecfbb1b32dd7c33b14cc842bc1e2a5da4203e64ceaa9db5223aa655b6313c011b3e73a75f1aa1f7b2ea43344b15bd494886e355cf6d92c8fe670a42bc677830013e9c4aa4fa30c3e6630bf0ed13206d5a18f6813c6fb03466112aedf5d67bb5b99fe96a6dcd279916b0bce029925b63c48d41ca8a76e46c", @nested={0x44, 0x5, 0x0, 0x1, [@nested={0x40, 0x63, 0x0, 0x1, [@nested={0x3c, 0x9e, 0x0, 0x1, [@typed={0x8, 0x5a, 0x0, 0x0, @str='/}!\x18'}, @nested={0x30, 0x86, 0x0, 0x1, [@nested={0x2c, 0x15b, 0x0, 0x1, [@nested={0x28, 0x75, 0x0, 0x1, [@typed={0x1e, 0x10b, 0x0, 0x0, @str='/proc/thread-self/pagemap\x00'}, @nested={0x4, 0x85}]}]}]}]}]}]}]}]}, 0x114}, 0x1, 0x0, 0x0, 0x4810}, 0x2404c810) pidfd_send_signal$auto_PIDFD_SIGNAL_PROCESS_GROUP(r0, 0x5b, &(0x7f0000000180)={@siginfo_0_0={0x7ff, 0x6, 0xfff, @_sigchld={r5, r6, 0x6, 0x8000, 0x401}}}, 0x4) close_range$auto(r0, r0, 0xd3) openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/tracing/per_cpu/cpu0/trace\x00', 0x1a6b75d638828712, 0x0) 1.601542359s ago: executing program 1 (id=579): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x2, 0x0) r0 = socket(0xa, 0x801, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x11}}, 0x54) getsockopt$auto(r0, 0x84, 0x1, 0x0, &(0x7f0000000280)=0x1000c0) mmap$auto(0x4, 0xa, 0x4000000000df, 0x10000000eb1, r0, 0x8000) socket(0xa, 0x2, 0x73) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x201, 0x0) write$auto_seq_oss_f_ops_seq_oss(r1, 0x0, 0x0) socket(0x2, 0x80002, 0x73) socketpair$auto(0x10800, 0x4, 0xfffffffd, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r2 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio23\x00', 0x5e7782, 0x0) ioctl$auto(r2, 0xc0285629, r2) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto(0x10, r3, 0x4, 0x7ff) ptrace$auto_PTRACE_GETEVENTMSG(0x4201, r3, 0x8, 0x68f8000000000002) mmap$auto(0x0, 0x8, 0x1000000004, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) r4 = socket(0x11, 0x3, 0x2) sendmmsg$auto(r4, &(0x7f00000001c0)={{&(0x7f0000000000), 0x5aa, &(0x7f0000000100)={&(0x7f0000000040), 0x10}, 0x2, &(0x7f0000000140), 0x8, 0x1}, 0x5}, 0x2, 0x101) 1.553415314s ago: executing program 3 (id=580): openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x8001, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) syz_genetlink_get_family_id$auto_ovs_packet(0x0, 0xffffffffffffffff) mmap$auto(0x2000, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) ioctl$auto_PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, &(0x7f000000c380)={0x60, 0x0, 0x100000, 0x7fffffffefff, 0xfffffffffffffffe, 0x1, 0x8, 0xbff, 0x2c, 0x2c, 0x3, 0x2}) syz_genetlink_get_family_id$auto_ovs_packet(0x0, 0xffffffffffffffff) ioctl$auto_SNDCTL_DSP_SETTRIGGER(0xffffffffffffffff, 0x40045010, &(0x7f0000000080)) mlockall$auto(0x800000000000005) futex$auto(0x0, 0x8, 0x3d, 0x0, 0x0, 0x0) mmap$auto(0x0, 0xd, 0x4000000000df, 0xeb1, 0x401, 0x4000000000008000) io_uring_setup$auto(0x1, 0x0) futex$auto(&(0x7f0000000080)=0x1, 0xb, 0x1, 0x0, 0x0, 0xfffffffa) futex$auto(&(0x7f0000000080)=0xfffffffa, 0xc, 0x1, 0x0, 0x0, 0xfffffffa) close_range$auto(0x2, 0x8, 0x0) msync$auto(0x1ffff000, 0x1800000ff000000, 0x400000004) r1 = openat$auto_proc_pid_smaps_operations_internal(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/smaps\x00', 0x42000, 0x0) read$auto_proc_pid_smaps_operations_internal(r1, &(0x7f00000002c0)=""/190, 0xfffffe39) 1.200827721s ago: executing program 1 (id=581): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NFC_CMD_GET_SE(0xffffffffffffffff, 0x0, 0x44004) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x40004) socket(0x2, 0xa, 0x1) socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/tracing/trace\x00', 0x1a6b75d638828712, 0x0) openat$auto_tracing_free_buffer_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/tracing/free_buffer\x00', 0x109100, 0xebff) close_range$auto(0x2, 0x8, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0x2003f2, 0x15) unshare$auto(0x20000) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x400006, 0xdf, 0x9b72, 0x2, 0x8000) unshare$auto(0x40000080) socketpair$auto(0xffffffff, 0x1, 0x80000000, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x10, 0x2, 0xf) bpf$auto(0x2, 0x0, 0x5) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14be02, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xb02, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) 377.193823ms ago: executing program 3 (id=582): setrlimit$auto(0x0, &(0x7f0000000000)={0x1, 0xfb3}) clone$auto(0x2, 0x5feb, 0x0, 0x0, 0x2000000000003) ioperm$auto(0x7, 0x6, 0x80) wait4$auto(0x0, 0xfffffffffffffffc, 0x60000003, 0x0) r0 = mq_open$auto(&(0x7f00000000c0)='-\x00', 0x8, 0x5, &(0x7f0000000200)={0xc, 0x5, 0x7f, 0x1}) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r0) r2 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ram10\x00', 0x60742, 0x0) write$auto(r3, &(0x7f0000000000)='//\xf2\x00', 0x80000000) mmap$auto(0x0, 0x810006, 0xffb, 0x8000000008011, 0x3, 0x0) madvise$auto(0x0, 0x2003f2, 0x15) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @remote}, 0x6a) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) connect$auto(0x3, 0x0, 0x55) sendmsg$auto_NL80211_CMD_SET_WIPHY(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="c0090000", @ANYRES16=r1, @ANYBLOB="131f2cbd700023723ab36bf877ac080003", @ANYRES32], 0x9c0}, 0x1, 0x0, 0x0, 0x2400c884}, 0x20040894) mprotect$auto(0x200000000000, 0x806121, 0x4) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_DP_CMD_NEW(r4, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x2000000) 351.42364ms ago: executing program 0 (id=583): r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r0, 0xc004743e, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) set_mempolicy_home_node$auto(0x600000, 0xffffffffffffffff, 0x0, 0x0) r1 = getsockopt$auto(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f0000000100)=0x200039) mknod$auto(&(0x7f00000003c0)=':,\x00\xbd\x80\xd6\x002\xb37\xff\x1a\x9e99\xda\xd1v\'\xc6\xd2Fw;\x00v\xdce\xad\xf4\xdb\xc7\x946\xe4\f\x9el]L+\x06\x130V\x1b,d\x8f\xa0\xabDUdk\xac\x82\\tyQ\xd8j\a\x1a[\xdb\x96\x1f{2\x04\xc5Y\xc1@\x0e\xeeWZ\x94N\xd4\xc8q=\x9b\xd1\x7fR3\xb6`\x00\xb3\xe5|1\xba\r\x85\x89\xfe\xed\xe1\xad`\x92\xc7\x9c\xd7\xd8\x15\t&\xb7\xfc\x82\xc4\xd3J\xae\x810\x19\x14\t\xc2\xa5V\xaa\x8d\x04\xf5\xf3\xd6\xd1\xe9k\xaf\x1a\xc6u\x96\xf7\xaa\x84\x92\x995m\xf9O\xc0\x1e\xa05\xdb\xa5\xae\r\x06\xe6\xc3\xd0\xf8:\xf7\xc5u\x91\xf8\x91\xee\xd8y\xb8\xc1)\xad\x05\xeb\xe9\xab\r\x9a@\aa(\x1a\xa4\xc1\xcf\\\xf0\xc3~\xbbd\x94\x9c\x02\xd4\xfc\xd2`\xd9\x83{-\x81zY\\\xac!#\xea\xba\x86)\xe9\xbc\x82\xf6\xd2\x7f\xdb\xa1\xd5\x89|\xa0O\xfcqZ\x85@A\x90\"\x11L\xdd\xa5\x9f\xf5', 0x20e9, 0x103) open(&(0x7f0000000280)=':,\x00\xbd\x80\xd6\x002\xb37\xff\x1a\x9e99\xda\xd1v\'\xc6\xd2Fw;\x00v\xdce\xad\xf4\xdb\xc7\x946\xe4\f\x9el]L+\x06\x130V\x1b,d\x8f\xa0\xabDUdk\xac\x82\\tyQ\xd8j\a\x1a[\xdb\x96\x1f{2\x04\xc5Y\xc1@\x0e\xeeWZ\x94N\xd4\xc8q=\x9b\xd1\x7fR3\xb6`\x00\xb3\xe5|1\xba\r\x85\x89\xfe\xed\xe1\xad`\x92\xc7\x9c\xd7\xd8\x15\t&\xb7\xfc\x82\xc4\xd3J\xae\x810\x19\x14\t\xc2\xa5V\xaa\x8d\x04\xf5\xf3\xd6\xd1\xe9k\xaf\x1a\xc6u\x96\xf7\xaa\x84\x92\x995m\xf9O\xc0\x1e\xa05\xdb\xa5\xae\r\x06\xe6\xc3\xd0\xf8:\xf7\xc5u\x91\xf8\x91\xee\xd8y\xb8\xc1)\xad\x05\xeb\xe9\xab\r\x9a@\aa(\x1a\xa4\xc1\xcf\\\xf0\xc3~\xbbd\x94\x9c\x02\xd4\xfc\xd2`\xd9\x83{-\x81zY\\\xac!#\xea\xba\x86)\xe9\xbc\x82\xf6\xd2\x7f\xdb\xa1\xd5\x89|\xa0O\xfcqZ\x85@A\x90\"\x11L\xdd\xa5\x9f\xf5\x00', 0x20102, 0x100) preadv2$auto(0x3, &(0x7f0000001000)={0x0, 0xfff5}, 0x5, 0xffffffffffffffff, 0x7, 0x2e) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) migrate_pages$auto(0x0, 0x8, 0x0, &(0x7f00000001c0)=0x7b) mmap$auto(0x0, 0x10005, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) r2 = socket(0x1d, 0x3, 0x1) r3 = socket(0x15, 0x5, 0x0) getdents$auto(r1, &(0x7f0000000000)={0x2, 0x7, 0xfffa, "7704f2ea6fa016174f40c4b33943b670d078c462edb08cb977f7c639d9afb8055885eec59b8f651eeb4251501b11f9ea77e801bbe209404ac65772c88140292ce13fe6"}, 0x8) getsockopt$auto(r3, 0x114, 0x2710, 0xfffffffffffffffc, 0x0) getsockopt$auto(r2, 0x65, 0x7, 0x0, 0x0) mmap$auto(0x0, 0x3fffff, 0x7, 0x11, 0xdd, 0x0) close_range$auto(0x2, 0xa, 0x0) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB="0f0026bd7000fcdbdf9907"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df45"], 0x1ac}}, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) r4 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0xfffffffc, &(0x7f0000000100)={0x0, 0xfbe}, 0x8, 0x0, 0x8, 0x1}, 0x3}, 0xc, 0x4008) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) ioctl$auto(0xffffffffffffffff, 0x8982, 0x1) 272.405169ms ago: executing program 2 (id=584): mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) r0 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) fcntl$auto(0x3, 0x4, 0xa553) swapon$auto(0x0, 0x4) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) adjtimex$auto(&(0x7f0000000000)={0xffff92b5, 0x0, 0x9, 0x3, 0x0, 0x80000000000000, 0x80000000, 0x0, 0x4513, 0x9, 0xffffffffffffffff, {0x7, 0x6}, 0xfffffffc, 0xbfa, 0x9, 0x10, 0x0, 0x2, 0x8, 0xff, 0x10000, 0x100000001, 0x4}) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x24) timer_create$auto(0x0, 0x0, &(0x7f0000000280)=0x10001) timer_settime$auto(0x0, 0x9, &(0x7f0000000080)={{0x7, 0x1}, {0xb}}, 0x0) close_range$auto(0x2, 0x8, 0x0) close_range$auto(r0, 0x8, 0xfffffe02) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x20002, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r1, 0xc0045002, 0x0) ioctl$auto_SNDCTL_DSP_SETFMT(r1, 0xc0045005, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x60980, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) r3 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/pagemap\x00', 0x80800, 0x0) read$auto(r3, 0x0, 0x39b8) 0s ago: executing program 0 (id=585): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000140), r0) sendmsg$auto_OVS_FLOW_CMD_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[], 0x28}}, 0x810) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000180), r0) clone3$auto(&(0x7f00000001c0)={0x5, 0x7, 0x2, 0x100000f2, 0x5, 0xff, 0x3fd, 0x5, 0x4, 0xffffffffffffffff, 0x1}, 0x1f) sendmsg$auto_NL802154_CMD_DEL_SEC_DEVKEY(r0, &(0x7f0000001bc0)={0x0, 0x0, &(0x7f0000001b80)={&(0x7f0000000840)=ANY=[], 0x108c}, 0x1, 0x0, 0x0, 0x800}, 0x800) io_uring_setup$auto(0x30eb, &(0x7f0000000640)={0x0, 0x1d, 0x3800, 0x2, 0x7, 0x4006, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c48, 0x6, 0x5, 0x79, 0xfffffffc, 0x5, 0xfffffffffffffffd}, {0x100, 0x20001, 0x52, 0x85, 0x2, 0x400, 0x2072c2, 0xc, 0x100000000}}) mmap$auto(0x0, 0x9, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) io_uring_setup$auto(0x386, &(0x7f0000000000)={0x5, 0x1, 0x4c, 0x0, 0x1, 0x8, 0xffffffffffffffff, [0xfffffffa, 0x8, 0xa], {0x8, 0x8, 0x3fc000, 0x4, 0x751, 0x3, 0x3b, 0xec5, 0xffff}, {0xd5, 0x80000000, 0x1bee, 0x5d, 0x400, 0x9, 0x7, 0x8000, 0x7f}}) r1 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sysfs$auto(0x2, 0x0, 0x0) fsopen$auto(0x0, 0x1) fsopen$auto(0x0, 0x1) fsconfig$auto(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write$auto_console_fops_tty_io(r1, &(0x7f0000000000)="c80d1b5d399b39", 0xfdef) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1f, 0x5, 0x3) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) socket(0x11, 0xa, 0x402fd) sendmmsg$auto(0x4, 0x0, 0x9a6, 0xa) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.158' (ED25519) to the list of known hosts. [ 78.317609][ T5613] cgroup: Unknown subsys name 'net' [ 78.428415][ T5613] cgroup: Unknown subsys name 'cpuset' [ 78.437472][ T5613] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 79.971429][ T5613] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 81.739616][ T5628] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 81.749775][ T5628] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 81.758793][ T5628] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 81.768641][ T5628] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 81.777630][ T5628] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 81.801070][ T5639] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 81.810820][ T5639] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 81.830650][ T5640] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 81.833389][ T4942] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 81.839051][ T5640] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 81.847453][ T5639] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 81.857103][ T5640] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 81.863302][ T4942] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 81.870794][ T5640] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 81.874541][ T5639] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 81.883179][ T5640] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 81.890955][ T5639] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 81.904502][ T4942] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 81.915763][ T4942] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 81.926836][ T4942] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 83.477152][ T5636] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.484904][ T5636] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.492097][ T5636] bridge_slave_0: entered allmulticast mode [ 83.499423][ T5636] bridge_slave_0: entered promiscuous mode [ 83.518980][ T5636] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.526363][ T5636] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.533815][ T5636] bridge_slave_1: entered allmulticast mode [ 83.541072][ T5636] bridge_slave_1: entered promiscuous mode [ 83.652180][ T5636] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.686847][ T5636] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.713198][ T5632] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.720449][ T5632] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.728263][ T5632] bridge_slave_0: entered allmulticast mode [ 83.735473][ T5632] bridge_slave_0: entered promiscuous mode [ 83.767009][ T5632] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.774397][ T5632] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.781828][ T5632] bridge_slave_1: entered allmulticast mode [ 83.788893][ T5632] bridge_slave_1: entered promiscuous mode [ 83.811481][ T5631] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.818809][ T5631] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.826040][ T5631] bridge_slave_0: entered allmulticast mode [ 83.833116][ T5631] bridge_slave_0: entered promiscuous mode [ 83.851657][ T5636] team0: Port device team_slave_0 added [ 83.860095][ T5636] team0: Port device team_slave_1 added [ 83.870993][ T5631] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.879541][ T4942] Bluetooth: hci0: command tx timeout [ 83.885621][ T5631] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.892805][ T5631] bridge_slave_1: entered allmulticast mode [ 83.900211][ T5631] bridge_slave_1: entered promiscuous mode [ 83.946648][ T5632] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.954987][ T4942] Bluetooth: hci3: command tx timeout [ 83.959653][ T5632] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.961930][ T5634] Bluetooth: hci2: command tx timeout [ 83.976560][ T5639] Bluetooth: hci1: command tx timeout [ 84.012242][ T5636] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.019468][ T5636] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.045896][ T5636] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.058074][ T5627] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.065390][ T5627] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.072646][ T5627] bridge_slave_0: entered allmulticast mode [ 84.080057][ T5627] bridge_slave_0: entered promiscuous mode [ 84.089982][ T5631] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 84.108834][ T5636] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.115843][ T5636] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.142091][ T5636] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 84.153485][ T5627] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.160750][ T5627] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.168024][ T5627] bridge_slave_1: entered allmulticast mode [ 84.175273][ T5627] bridge_slave_1: entered promiscuous mode [ 84.184135][ T5631] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.196120][ T5632] team0: Port device team_slave_0 added [ 84.233050][ T5632] team0: Port device team_slave_1 added [ 84.294374][ T5627] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 84.305677][ T5631] team0: Port device team_slave_0 added [ 84.321628][ T5632] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.328694][ T5632] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.354939][ T5632] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.369483][ T5627] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.380668][ T5631] team0: Port device team_slave_1 added [ 84.390938][ T5636] hsr_slave_0: entered promiscuous mode [ 84.398519][ T5636] hsr_slave_1: entered promiscuous mode [ 84.406835][ T5632] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.413798][ T5632] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.440468][ T5632] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 84.498382][ T5631] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.505559][ T5631] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.531661][ T5631] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.545690][ T5631] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.552657][ T5631] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.578650][ T5631] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 84.599773][ T5627] team0: Port device team_slave_0 added [ 84.608953][ T5627] team0: Port device team_slave_1 added [ 84.696054][ T5627] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.703017][ T5627] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.728982][ T5627] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.753135][ T5632] hsr_slave_0: entered promiscuous mode [ 84.759818][ T5632] hsr_slave_1: entered promiscuous mode [ 84.766067][ T5632] debugfs: 'hsr0' already exists in 'hsr' [ 84.771997][ T5632] Cannot create hsr debugfs directory [ 84.787420][ T5627] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.794498][ T5627] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.820664][ T5627] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 84.852817][ T5631] hsr_slave_0: entered promiscuous mode [ 84.859358][ T5631] hsr_slave_1: entered promiscuous mode [ 84.865876][ T5631] debugfs: 'hsr0' already exists in 'hsr' [ 84.871651][ T5631] Cannot create hsr debugfs directory [ 84.971502][ T5627] hsr_slave_0: entered promiscuous mode [ 84.978781][ T5627] hsr_slave_1: entered promiscuous mode [ 84.984980][ T5627] debugfs: 'hsr0' already exists in 'hsr' [ 84.990749][ T5627] Cannot create hsr debugfs directory [ 85.351349][ T5636] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 85.363996][ T5636] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 85.372944][ T5636] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 85.383083][ T5636] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 85.400748][ T5636] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 85.410675][ T5636] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 85.419612][ T5636] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 85.429985][ T5636] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 85.488422][ T5632] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 85.501310][ T5632] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 85.510020][ T5632] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 85.520630][ T5632] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 85.533580][ T5632] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 85.543290][ T5632] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 85.551825][ T5632] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 85.562540][ T5632] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 85.656319][ T5631] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 85.669341][ T5631] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 85.684009][ T5631] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 85.694363][ T5631] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 85.704510][ T5631] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 85.714574][ T5631] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 85.722626][ T5631] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 85.733087][ T5631] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 85.839050][ T5627] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 85.849139][ T5627] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 85.862190][ T5627] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 85.872816][ T5627] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 85.888843][ T5627] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 85.898476][ T5627] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 85.906988][ T5627] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 85.917771][ T5627] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 85.956359][ T5634] Bluetooth: hci0: command tx timeout [ 85.973298][ T5636] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.024140][ T5636] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.035469][ T5639] Bluetooth: hci1: command tx timeout [ 86.040994][ T4942] Bluetooth: hci3: command tx timeout [ 86.046510][ T5634] Bluetooth: hci2: command tx timeout [ 86.049235][ T5632] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.080036][ T137] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.087640][ T137] bridge0: port 1(bridge_slave_0) entered forwarding state [ 86.118003][ T137] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.125266][ T137] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.137561][ T5632] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.162203][ T3369] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.169347][ T3369] bridge0: port 1(bridge_slave_0) entered forwarding state [ 86.200789][ T137] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.207991][ T137] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.228389][ T5631] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.314325][ T5631] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.333546][ T5627] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.367177][ T57] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.374470][ T57] bridge0: port 1(bridge_slave_0) entered forwarding state [ 86.397119][ T57] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.404580][ T57] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.444329][ T5627] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.489559][ T57] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.496789][ T57] bridge0: port 1(bridge_slave_0) entered forwarding state [ 86.559960][ T1111] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.567272][ T1111] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.923930][ T808] cfg80211: failed to load regulatory.db [ 87.362363][ T5636] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 87.429991][ T5632] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 87.569345][ T5636] veth0_vlan: entered promiscuous mode [ 87.619483][ T5632] veth0_vlan: entered promiscuous mode [ 87.633732][ T5627] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 87.652236][ T5636] veth1_vlan: entered promiscuous mode [ 87.680672][ T5632] veth1_vlan: entered promiscuous mode [ 87.693179][ T5631] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 87.772179][ T5636] veth0_macvtap: entered promiscuous mode [ 87.790049][ T5632] veth0_macvtap: entered promiscuous mode [ 87.810531][ T5636] veth1_macvtap: entered promiscuous mode [ 87.820777][ T5627] veth0_vlan: entered promiscuous mode [ 87.828046][ T5632] veth1_macvtap: entered promiscuous mode [ 87.862919][ T5627] veth1_vlan: entered promiscuous mode [ 87.877921][ T5631] veth0_vlan: entered promiscuous mode [ 87.890149][ T5632] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 87.909989][ T5636] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 87.922592][ T5636] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 87.937391][ T5631] veth1_vlan: entered promiscuous mode [ 87.948483][ T5632] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 87.975914][ T57] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.986858][ T57] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.009368][ T57] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.019073][ T57] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.036388][ T5634] Bluetooth: hci0: command tx timeout [ 88.050346][ T57] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.059868][ T57] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.076206][ T57] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.085150][ T57] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.115569][ T5639] Bluetooth: hci1: command tx timeout [ 88.121230][ T4942] Bluetooth: hci3: command tx timeout [ 88.126779][ T5634] Bluetooth: hci2: command tx timeout [ 88.150111][ T5627] veth0_macvtap: entered promiscuous mode [ 88.180364][ T5627] veth1_macvtap: entered promiscuous mode [ 88.238826][ T5631] veth0_macvtap: entered promiscuous mode [ 88.255403][ T134] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.263057][ T5627] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 88.270764][ T134] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.290272][ T5631] veth1_macvtap: entered promiscuous mode [ 88.312465][ T5627] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.347897][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.357005][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.369679][ T134] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.378603][ T134] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.402927][ T134] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.411829][ T134] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.438407][ T137] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.449505][ T137] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.473726][ T5631] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 88.507829][ T137] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.517804][ T137] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.557627][ T5631] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.580707][ T5632] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 88.596053][ T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.627413][ T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.649387][ T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.659402][ T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.693946][ T134] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.718930][ T134] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.834179][ T5782] Zero length message leads to an empty skb [ 88.857321][ T57] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.877756][ T57] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.907590][ T5786] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4'. [ 88.976948][ T134] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.001203][ T134] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.121574][ T3320] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.167156][ T3320] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.357316][ T5797] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 89.545951][ T5802] process 'syz.1.2' launched './file0' with NULL argv: empty string added [ 90.116447][ T5634] Bluetooth: hci0: command tx timeout [ 90.180083][ T5809] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6'. [ 90.195107][ T5634] Bluetooth: hci2: command tx timeout [ 90.199925][ T4942] Bluetooth: hci3: command tx timeout [ 90.201644][ T5634] Bluetooth: hci1: command tx timeout [ 90.222385][ T5809] netlink: 354 bytes leftover after parsing attributes in process `syz.1.6'. [ 90.569280][ T5813] FAULT_INJECTION: forcing a failure. [ 90.569280][ T5813] name failslab, interval 1, probability 0, space 0, times 1 [ 90.614409][ T5813] CPU: 0 UID: 0 PID: 5813 Comm: syz.2.8 Not tainted syzkaller #0 PREEMPT(full) [ 90.614447][ T5813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 90.614470][ T5813] Call Trace: [ 90.614480][ T5813] [ 90.614507][ T5813] dump_stack_lvl+0x100/0x190 [ 90.614548][ T5813] should_fail_ex.cold+0x5/0xa [ 90.614584][ T5813] ? ima_alloc_init_template+0x19d/0x6d0 [ 90.614629][ T5813] should_failslab+0xc2/0x120 [ 90.614660][ T5813] __kmalloc_noprof+0xe0/0x850 [ 90.614716][ T5813] ima_alloc_init_template+0x19d/0x6d0 [ 90.614764][ T5813] ima_store_measurement+0x1e3/0x5b0 [ 90.614809][ T5813] ? __pfx_ima_store_measurement+0x10/0x10 [ 90.614863][ T5813] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 90.614904][ T5813] process_measurement+0x19cc/0x2350 [ 90.614956][ T5813] ? __pfx_process_measurement+0x10/0x10 [ 90.615001][ T5813] ? rcu_is_watching+0x12/0xc0 [ 90.615039][ T5813] ? __mutex_lock+0x26d/0x1b10 [ 90.615078][ T5813] ? tracing_buffers_open+0x2aa/0x3d0 [ 90.615154][ T5813] ? inode_to_bdi+0x9e/0x160 [ 90.615189][ T5813] ima_file_check+0xcc/0x120 [ 90.615231][ T5813] ? __pfx_ima_file_check+0x10/0x10 [ 90.615282][ T5813] security_file_post_open+0xc4/0x210 [ 90.615312][ T5813] path_openat+0x1418/0x31a0 [ 90.615357][ T5813] ? __pfx_path_openat+0x10/0x10 [ 90.615400][ T5813] do_file_open+0x20e/0x430 [ 90.615438][ T5813] ? __pfx_do_file_open+0x10/0x10 [ 90.615498][ T5813] ? alloc_fd+0x476/0x790 [ 90.615534][ T5813] ? do_getname+0x191/0x390 [ 90.615577][ T5813] do_sys_openat2+0x10d/0x1e0 [ 90.615619][ T5813] ? __pfx_do_sys_openat2+0x10/0x10 [ 90.615676][ T5813] __x64_sys_openat+0x12d/0x210 [ 90.615725][ T5813] ? __pfx___x64_sys_openat+0x10/0x10 [ 90.615776][ T5813] ? rcu_is_watching+0x12/0xc0 [ 90.615814][ T5813] do_syscall_64+0x10b/0xf80 [ 90.615848][ T5813] ? clear_bhb_loop+0x40/0x90 [ 90.615883][ T5813] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.615912][ T5813] RIP: 0033:0x7f63a319cdd9 [ 90.615935][ T5813] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 90.615961][ T5813] RSP: 002b:00007f63a403e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 90.615987][ T5813] RAX: ffffffffffffffda RBX: 00007f63a3415fa0 RCX: 00007f63a319cdd9 [ 90.616006][ T5813] RDX: 0000000000001000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 90.616024][ T5813] RBP: 00007f63a3232d69 R08: 0000000000000000 R09: 0000000000000000 [ 90.616041][ T5813] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 90.616057][ T5813] R13: 00007f63a3416038 R14: 00007f63a3415fa0 R15: 00007fff7eeaf2c8 [ 90.616092][ T5813] [ 90.928687][ T29] audit: type=1804 audit(1777975411.503:2): pid=5813 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=add_template_measure cause=ENOMEM comm="syz.2.8" name="/newroot/sys/kernel/tracing/per_cpu/cpu1/trace_pipe_raw" dev="tracefs" ino=3734 res=0 errno=0 [ 91.038333][ T5826] FAULT_INJECTION: forcing a failure. [ 91.038333][ T5826] name fail_futex, interval 1, probability 0, space 0, times 1 [ 91.163841][ T5826] CPU: 1 UID: 0 PID: 5826 Comm: syz.2.11 Not tainted syzkaller #0 PREEMPT(full) [ 91.163878][ T5826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 91.163894][ T5826] Call Trace: [ 91.163903][ T5826] [ 91.163913][ T5826] dump_stack_lvl+0x100/0x190 [ 91.163950][ T5826] should_fail_ex.cold+0x5/0xa [ 91.163987][ T5826] get_futex_key+0x1d2/0x1510 [ 91.164019][ T5826] ? __pfx_get_futex_key+0x10/0x10 [ 91.164056][ T5826] futex_wake+0xea/0x530 [ 91.164090][ T5826] ? __pfx_futex_wake+0x10/0x10 [ 91.164124][ T5826] ? __sys_sendmmsg+0x367/0x430 [ 91.164158][ T5826] ? __pfx___sys_sendmmsg+0x10/0x10 [ 91.164183][ T5826] ? __inet_bind+0x953/0xc60 [ 91.164221][ T5826] do_futex+0x32b/0x350 [ 91.164250][ T5826] ? __pfx_do_futex+0x10/0x10 [ 91.164288][ T5826] __x64_sys_futex+0x34f/0x4d0 [ 91.164321][ T5826] ? __pfx___x64_sys_futex+0x10/0x10 [ 91.164356][ T5826] ? rcu_is_watching+0x12/0xc0 [ 91.164399][ T5826] do_syscall_64+0x10b/0xf80 [ 91.164435][ T5826] ? clear_bhb_loop+0x40/0x90 [ 91.164467][ T5826] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.164492][ T5826] RIP: 0033:0x7f63a319cdd9 [ 91.164511][ T5826] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 91.164535][ T5826] RSP: 002b:00007f63a403e0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 91.164560][ T5826] RAX: ffffffffffffffda RBX: 00007f63a3415fa8 RCX: 00007f63a319cdd9 [ 91.164577][ T5826] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f63a3415fac [ 91.164594][ T5826] RBP: 00007f63a3415fa0 R08: 0000000000000001 R09: 0000000000000000 [ 91.164609][ T5826] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 91.164625][ T5826] R13: 00007f63a3416038 R14: 00007fff7eeaf1e0 R15: 00007fff7eeaf2c8 [ 91.164657][ T5826] [ 91.705491][ T5820] NFSD: Failed to start, no listeners configured. [ 91.742156][ T5830] mmap: syz.1.9 (5830) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 92.953332][ T5849] smpboot: CPU 1 is now offline [ 95.197415][ T5885] zram0: detected capacity change from 0 to 16 [ 99.313406][ T5944] random: crng reseeded on system resumption [ 99.648493][ T5956] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 99.893993][ T5944] syz.0.33 (5944) used greatest stack depth: 19720 bytes left [ 101.358931][ T5975] zram: Cannot change disksize for initialized device [ 102.964390][ T6002] netlink: 2468 bytes leftover after parsing attributes in process `syz.0.45'. [ 103.917968][ T6015] netlink: 2468 bytes leftover after parsing attributes in process `syz.3.48'. [ 104.257492][ T6026] netlink: 28 bytes leftover after parsing attributes in process `syz.1.51'. [ 104.397966][ T6026] veth1_macvtap: left promiscuous mode [ 104.413405][ T6026] macsec0: entered promiscuous mode [ 104.457757][ T6026] macsec0: entered allmulticast mode [ 105.294225][ T6035] ubi9: attaching mtd0 [ 105.421719][ T6035] ubi9 error: ubi_attach_mtd_dev: bad VID header (32768) or data offsets (32832) [ 106.183851][ T6044] FAULT_INJECTION: forcing a failure. [ 106.183851][ T6044] name failslab, interval 1, probability 0, space 0, times 0 [ 106.234034][ T6044] CPU: 0 UID: 0 PID: 6044 Comm: syz.1.54 Tainted: G L syzkaller #0 PREEMPT(full) [ 106.234061][ T6044] Tainted: [L]=SOFTLOCKUP [ 106.234066][ T6044] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 106.234075][ T6044] Call Trace: [ 106.234081][ T6044] [ 106.234157][ T6044] dump_stack_lvl+0x100/0x190 [ 106.234180][ T6044] should_fail_ex.cold+0x5/0xa [ 106.234200][ T6044] should_failslab+0xc2/0x120 [ 106.234218][ T6044] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 106.234242][ T6044] ? __alloc_skb+0x140/0x710 [ 106.234255][ T6044] ? _copy_from_iter+0x270/0x1690 [ 106.234272][ T6044] __alloc_skb+0x140/0x710 [ 106.234286][ T6044] ? __pfx___alloc_skb+0x10/0x10 [ 106.234302][ T6044] ? skb_page_frag_refill+0x309/0x4b0 [ 106.234327][ T6044] tcp_stream_alloc_skb+0x34/0x660 [ 106.234360][ T6044] tcp_sendmsg_locked+0x13cd/0x4500 [ 106.234395][ T6044] ? __pfx_tcp_sendmsg_locked+0x10/0x10 [ 106.234419][ T6044] ? do_raw_spin_lock+0x128/0x260 [ 106.234438][ T6044] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 106.234458][ T6044] ? __local_bh_enable_ip+0x9e/0x120 [ 106.234480][ T6044] tcp_sendmsg+0x2e/0x50 [ 106.234500][ T6044] ? __pfx_tcp_sendmsg+0x10/0x10 [ 106.234521][ T6044] inet_sendmsg+0xb9/0x140 [ 106.234544][ T6044] sock_write_iter+0x4ea/0x5a0 [ 106.234563][ T6044] ? __pfx_inet_sendmsg+0x10/0x10 [ 106.234583][ T6044] ? __pfx_sock_write_iter+0x10/0x10 [ 106.234601][ T6044] ? futex_hash+0x141/0x370 [ 106.234621][ T6044] ? bpf_lsm_file_permission+0x9/0x10 [ 106.234636][ T6044] ? security_file_permission+0x76/0x210 [ 106.234653][ T6044] ? rw_verify_area+0xce/0x6d0 [ 106.234669][ T6044] vfs_write+0x6ac/0x1070 [ 106.234686][ T6044] ? __pfx_sock_write_iter+0x10/0x10 [ 106.234708][ T6044] ? __pfx_vfs_write+0x10/0x10 [ 106.234724][ T6044] ? find_held_lock+0x2b/0x80 [ 106.234754][ T6044] ksys_write+0x1f8/0x250 [ 106.234770][ T6044] ? __pfx_ksys_write+0x10/0x10 [ 106.234788][ T6044] ? rcu_is_watching+0x12/0xc0 [ 106.234808][ T6044] do_syscall_64+0x10b/0xf80 [ 106.234826][ T6044] ? clear_bhb_loop+0x40/0x90 [ 106.234844][ T6044] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.234859][ T6044] RIP: 0033:0x7f512d19cdd9 [ 106.234872][ T6044] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 106.234885][ T6044] RSP: 002b:00007f512e078028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 106.234900][ T6044] RAX: ffffffffffffffda RBX: 00007f512d415fa0 RCX: 00007f512d19cdd9 [ 106.234910][ T6044] RDX: 000000007fffffff RSI: 0000000000000000 RDI: 0000000000000003 [ 106.234919][ T6044] RBP: 00007f512d232d69 R08: 0000000000000000 R09: 0000000000000000 [ 106.234928][ T6044] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 106.234936][ T6044] R13: 00007f512d416038 R14: 00007f512d415fa0 R15: 00007ffd86ec2ab8 [ 106.234956][ T6044] [ 107.304923][ T6050] zram: Cannot change disksize for initialized device [ 107.828898][ T6059] netlink: 2468 bytes leftover after parsing attributes in process `syz.1.57'. [ 109.115162][ T6074] netlink: 2468 bytes leftover after parsing attributes in process `syz.1.60'. [ 109.376852][ T6082] netlink: 4 bytes leftover after parsing attributes in process `syz.0.62'. [ 109.427168][ T6082] netlink: 354 bytes leftover after parsing attributes in process `syz.0.62'. [ 109.792096][ T6090] Format for adding new device is "id port_count num_queues" (uint uint uint). [ 113.317555][ T6140] zram: Cannot change disksize for initialized device [ 113.789818][ T6146] netlink: 2468 bytes leftover after parsing attributes in process `syz.1.72'. [ 114.943643][ T6166] zram: Cannot change disksize for initialized device [ 115.431972][ T6172] zram: Cannot change disksize for initialized device [ 117.625010][ T6207] bridge0: port 3(gretap0) entered blocking state [ 117.707700][ T6207] bridge0: port 3(gretap0) entered disabled state [ 117.756137][ T6207] gretap0: entered allmulticast mode [ 117.788490][ T6207] FAULT_INJECTION: forcing a failure. [ 117.788490][ T6207] name failslab, interval 1, probability 0, space 0, times 0 [ 117.818122][ T6207] CPU: 0 UID: 0 PID: 6207 Comm: syz.3.86 Tainted: G L syzkaller #0 PREEMPT(full) [ 117.818151][ T6207] Tainted: [L]=SOFTLOCKUP [ 117.818157][ T6207] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 117.818167][ T6207] Call Trace: [ 117.818173][ T6207] [ 117.818179][ T6207] dump_stack_lvl+0x100/0x190 [ 117.818213][ T6207] should_fail_ex.cold+0x5/0xa [ 117.818237][ T6207] should_failslab+0xc2/0x120 [ 117.818258][ T6207] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 117.818283][ T6207] ? __alloc_skb+0x140/0x710 [ 117.818301][ T6207] __alloc_skb+0x140/0x710 [ 117.818314][ T6207] ? __alloc_skb+0x5b7/0x710 [ 117.818327][ T6207] ? __pfx___alloc_skb+0x10/0x10 [ 117.818342][ T6207] ? if_nlmsg_size+0x5f6/0xd20 [ 117.818362][ T6207] rtmsg_ifinfo_build_skb+0x81/0x260 [ 117.818387][ T6207] rtnetlink_event+0x137/0x1f0 [ 117.818407][ T6207] notifier_call_chain+0x99/0x400 [ 117.818434][ T6207] call_netdevice_notifiers_info+0xbe/0x110 [ 117.818454][ T6207] __netdev_upper_dev_link+0x43c/0x7e0 [ 117.818477][ T6207] ? __pfx___netdev_upper_dev_link+0x10/0x10 [ 117.818495][ T6207] ? kernfs_root+0xf8/0x2a0 [ 117.818514][ T6207] ? kernfs_add_one+0x214/0x850 [ 117.818537][ T6207] netdev_master_upper_dev_link+0x9f/0xd0 [ 117.818557][ T6207] ? __pfx_netdev_master_upper_dev_link+0x10/0x10 [ 117.818578][ T6207] ? lockdep_rtnl_is_held+0x26/0x40 [ 117.818599][ T6207] ? netdev_is_rx_handler_busy+0x83/0x140 [ 117.818618][ T6207] br_add_if+0x9fd/0x1b40 [ 117.818643][ T6207] ? security_capable+0x80/0x260 [ 117.818668][ T6207] add_del_if+0x114/0x160 [ 117.818682][ T6207] br_dev_siocdevprivate+0x8ac/0x1650 [ 117.818699][ T6207] ? __pfx_br_dev_siocdevprivate+0x10/0x10 [ 117.818718][ T6207] ? do_raw_spin_lock+0x128/0x260 [ 117.818738][ T6207] ? find_held_lock+0x2b/0x80 [ 117.818758][ T6207] ? debug_mutex_remove_waiter+0xa8/0x320 [ 117.818777][ T6207] ? debug_mutex_remove_waiter+0xa8/0x320 [ 117.818802][ T6207] ? netdev_name_node_lookup+0x107/0x150 [ 117.818823][ T6207] ? __mutex_lock+0x838/0x1b10 [ 117.818846][ T6207] dev_ifsioc+0xc2f/0x1f10 [ 117.818863][ T6207] ? __pfx_dev_ifsioc+0x10/0x10 [ 117.818875][ T6207] ? __pfx___mutex_lock+0x10/0x10 [ 117.818903][ T6207] ? dev_load+0x8e/0x240 [ 117.818935][ T6207] ? dev_load+0x8e/0x240 [ 117.818965][ T6207] dev_ioctl+0x70e/0x1070 [ 117.818982][ T6207] sock_ioctl+0x494/0x6b0 [ 117.819007][ T6207] ? __pfx_sock_ioctl+0x10/0x10 [ 117.819029][ T6207] ? hook_file_ioctl_common+0x149/0x410 [ 117.819049][ T6207] ? __fget_files+0x21f/0x3d0 [ 117.819069][ T6207] ? __pfx_sock_ioctl+0x10/0x10 [ 117.819090][ T6207] __x64_sys_ioctl+0x18e/0x210 [ 117.819107][ T6207] do_syscall_64+0x10b/0xf80 [ 117.819125][ T6207] ? clear_bhb_loop+0x40/0x90 [ 117.819144][ T6207] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.819166][ T6207] RIP: 0033:0x7fe4d2d9cdd9 [ 117.819185][ T6207] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 117.819205][ T6207] RSP: 002b:00007fe4d3bf8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 117.819223][ T6207] RAX: ffffffffffffffda RBX: 00007fe4d3016090 RCX: 00007fe4d2d9cdd9 [ 117.819234][ T6207] RDX: 0000200000000040 RSI: 00000000000089fc RDI: 000000000000000a [ 117.819244][ T6207] RBP: 00007fe4d2e32d69 R08: 0000000000000000 R09: 0000000000000000 [ 117.819253][ T6207] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 117.819263][ T6207] R13: 00007fe4d3016128 R14: 00007fe4d3016090 R15: 00007fff78fa57e8 [ 117.819284][ T6207] [ 118.542182][ T6207] gretap0: entered promiscuous mode [ 118.553965][ T6207] bridge0: port 3(gretap0) entered blocking state [ 118.561845][ T6207] bridge0: port 3(gretap0) entered forwarding state [ 119.891767][ T6228] zram: Cannot change disksize for initialized device [ 120.023175][ T6238] zram: Cannot change disksize for initialized device [ 122.259041][ T6277] netlink: 28 bytes leftover after parsing attributes in process `syz.0.99'. [ 122.305335][ T6277] veth1_macvtap: left promiscuous mode [ 122.331818][ T6277] macsec0: entered promiscuous mode [ 122.361827][ T6277] macsec0: entered allmulticast mode [ 123.257934][ T6298] zram: Cannot change disksize for initialized device [ 124.886136][ T6322] netlink: 28 bytes leftover after parsing attributes in process `syz.2.107'. [ 124.943791][ T6303] netlink: 2468 bytes leftover after parsing attributes in process `syz.1.104'. [ 128.701998][ T6353] netlink: 2468 bytes leftover after parsing attributes in process `syz.1.114'. [ 129.263393][ C0] vcan0: j1939_tp_rxtimer: 0xffff88801e763800: rx timeout, send abort [ 129.275223][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88801e763800: 0x40000: (3) A timeout occurred and this is the connection abort to close the session. [ 133.011985][ T1313] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.026292][ T1313] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.002894][ T6469] zram: Cannot change disksize for initialized device [ 134.654139][ T6457] netlink: 2468 bytes leftover after parsing attributes in process `syz.3.136'. [ 135.441187][ T6492] netlink: 28 bytes leftover after parsing attributes in process `syz.1.142'. [ 135.517831][ T6492] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 135.567602][ T6495] netlink: 334 bytes leftover after parsing attributes in process `syz.1.142'. [ 135.741958][ T6492] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 137.056472][ T6521] netlink: 25 bytes leftover after parsing attributes in process `syz.1.149'. [ 139.550459][ T6540] netlink: 2468 bytes leftover after parsing attributes in process `syz.1.152'. [ 139.571697][ T6549] ovs_: entered promiscuous mode [ 140.794063][ T6578] zram: Cannot change disksize for initialized device [ 142.308603][ T6596] workqueue: name exceeds WQ_NAME_LEN. Truncating to: 11!phy1!netdev:wlan1!rc_rateid [ 142.597723][ T6598] sysfs: cannot create duplicate filename '/class/ieee80211/11!phy1!netdev:wlan1!rc_rateidx_mcs_mask' [ 142.756795][ T6598] CPU: 0 UID: 0 PID: 6598 Comm: syz.2.163 Tainted: G L syzkaller #0 PREEMPT(full) [ 142.756822][ T6598] Tainted: [L]=SOFTLOCKUP [ 142.756828][ T6598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 142.756837][ T6598] Call Trace: [ 142.756843][ T6598] [ 142.756849][ T6598] dump_stack_lvl+0x100/0x190 [ 142.756874][ T6598] sysfs_warn_dup.cold+0x1c/0x28 [ 142.756906][ T6598] sysfs_do_create_link_sd+0x113/0x140 [ 142.756927][ T6598] sysfs_create_link+0x61/0xc0 [ 142.756943][ T6598] device_add+0x675/0x1950 [ 142.756965][ T6598] ? __pfx_device_add+0x10/0x10 [ 142.756982][ T6598] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 142.757005][ T6598] ? ieee80211_set_bitrate_flags+0x41b/0x6b0 [ 142.757033][ T6598] wiphy_register+0x1edd/0x2d90 [ 142.757049][ T6598] ? __rtnl_unlock+0xb9/0xf0 [ 142.757074][ T6598] ? __pfx_wiphy_register+0x10/0x10 [ 142.757091][ T6598] ? __asan_memset+0x23/0x50 [ 142.757113][ T6598] ? minstrel_ht_alloc+0x5e6/0x7f0 [ 142.757142][ T6598] ieee80211_register_hw+0x3055/0x4570 [ 142.757173][ T6598] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 142.757194][ T6598] ? __pfx___debug_object_init+0x10/0x10 [ 142.757220][ T6598] ? find_held_lock+0x2b/0x80 [ 142.757241][ T6598] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 142.757263][ T6598] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 142.757282][ T6598] ? __hrtimer_setup+0x208/0x330 [ 142.757301][ T6598] mac80211_hwsim_new_radio+0x2a01/0x5aa0 [ 142.757329][ T6598] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 142.757346][ T6598] ? __asan_memcpy+0x3c/0x60 [ 142.757369][ T6598] hwsim_new_radio_nl+0xc5f/0x1370 [ 142.757384][ T6598] ? rcu_is_watching+0x12/0xc0 [ 142.757403][ T6598] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 142.757423][ T6598] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1e5/0x2f0 [ 142.757446][ T6598] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1ef/0x2f0 [ 142.757472][ T6598] genl_family_rcv_msg_doit+0x214/0x300 [ 142.757497][ T6598] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 142.757518][ T6598] ? genl_get_cmd+0x3e7/0x760 [ 142.757543][ T6598] ? bpf_lsm_capable+0x9/0x10 [ 142.757559][ T6598] ? security_capable+0x80/0x260 [ 142.757581][ T6598] ? ns_capable+0xd2/0xf0 [ 142.757600][ T6598] genl_rcv_msg+0x560/0x800 [ 142.757623][ T6598] ? __pfx_genl_rcv_msg+0x10/0x10 [ 142.757646][ T6598] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 142.757667][ T6598] netlink_rcv_skb+0x159/0x420 [ 142.757687][ T6598] ? __pfx_genl_rcv_msg+0x10/0x10 [ 142.757709][ T6598] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 142.757736][ T6598] ? netlink_deliver_tap+0x1ae/0xcc0 [ 142.757757][ T6598] genl_rcv+0x28/0x40 [ 142.757776][ T6598] netlink_unicast+0x585/0x850 [ 142.757798][ T6598] ? __pfx_netlink_unicast+0x10/0x10 [ 142.757827][ T6598] netlink_sendmsg+0x8b0/0xda0 [ 142.757849][ T6598] ? __pfx_netlink_sendmsg+0x10/0x10 [ 142.757867][ T6598] ? __import_iovec+0x1d2/0x640 [ 142.757884][ T6598] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 142.757917][ T6598] ____sys_sendmsg+0x9e1/0xb70 [ 142.757937][ T6598] ? __pfx_netlink_sendmsg+0x10/0x10 [ 142.757959][ T6598] ? __pfx_____sys_sendmsg+0x10/0x10 [ 142.757982][ T6598] ? rcu_is_watching+0x12/0xc0 [ 142.757999][ T6598] ? ___sys_sendmsg+0x19d/0x1e0 [ 142.758017][ T6598] ? kfree+0x1dd/0x6c0 [ 142.758041][ T6598] ___sys_sendmsg+0x190/0x1e0 [ 142.758062][ T6598] ? __pfx____sys_sendmsg+0x10/0x10 [ 142.758100][ T6598] ? __pfx___might_resched+0x10/0x10 [ 142.758121][ T6598] __sys_sendmmsg+0x205/0x430 [ 142.758139][ T6598] ? __pfx___sys_sendmmsg+0x10/0x10 [ 142.758170][ T6598] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 142.758191][ T6598] ? kcov_ioctl+0x16a/0x720 [ 142.758214][ T6598] __x64_sys_sendmmsg+0x9c/0x100 [ 142.758229][ T6598] ? lockdep_hardirqs_on+0x78/0x100 [ 142.758251][ T6598] do_syscall_64+0x10b/0xf80 [ 142.758271][ T6598] ? clear_bhb_loop+0x40/0x90 [ 142.758291][ T6598] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 142.758306][ T6598] RIP: 0033:0x7f63a319cdd9 [ 142.758321][ T6598] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 142.758335][ T6598] RSP: 002b:00007f63a401d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 142.758350][ T6598] RAX: ffffffffffffffda RBX: 00007f63a3416090 RCX: 00007f63a319cdd9 [ 142.758360][ T6598] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 142.758369][ T6598] RBP: 00007f63a3232d69 R08: 0000000000000000 R09: 0000000000000000 [ 142.758379][ T6598] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 142.758388][ T6598] R13: 00007f63a3416128 R14: 00007f63a3416090 R15: 00007fff7eeaf2c8 [ 142.758409][ T6598] [ 144.007130][ T6611] zram: Cannot change disksize for initialized device syzkaller syzkaller login: [ 145.624562][ T6631] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 147.814353][ T5634] Bluetooth: hci0: unexpected subevent 0x01 length: 3 < 18 [ 149.867291][ T6711] lo: entered allmulticast mode [ 150.121739][ T6717] lo: left allmulticast mode [ 152.853394][ T6773] syz.0.194 uses obsolete (PF_INET,SOCK_PACKET) [ 154.732959][ T6807] zram: Cannot change disksize for initialized device [ 155.267683][ T6819] input: jJǸ-9%vJ86 as /devices/virtual/input/input5 [ 155.321533][ T134] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.359337][ T6875] zram: Cannot change disksize for initialized device [ 165.329952][ T6968] FAULT_INJECTION: forcing a failure. [ 165.329952][ T6968] name failslab, interval 1, probability 0, space 0, times 0 [ 165.522555][ T6968] CPU: 0 UID: 0 PID: 6968 Comm: syz.3.227 Tainted: G L syzkaller #0 PREEMPT(full) [ 165.522582][ T6968] Tainted: [L]=SOFTLOCKUP [ 165.522592][ T6968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 165.522602][ T6968] Call Trace: [ 165.522607][ T6968] [ 165.522614][ T6968] dump_stack_lvl+0x100/0x190 [ 165.522640][ T6968] should_fail_ex.cold+0x5/0xa [ 165.522664][ T6968] ? tomoyo_supervisor+0x65d/0x1340 [ 165.522686][ T6968] should_failslab+0xc2/0x120 [ 165.522705][ T6968] __kmalloc_noprof+0xe0/0x850 [ 165.522734][ T6968] tomoyo_supervisor+0x65d/0x1340 [ 165.522758][ T6968] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 165.522791][ T6968] ? tomoyo_check_path_acl+0x141/0x210 [ 165.522815][ T6968] ? tomoyo_check_acl+0x1f7/0x410 [ 165.522840][ T6968] tomoyo_path_permission+0x270/0x3b0 [ 165.522866][ T6968] tomoyo_check_open_permission+0x34d/0x3c0 [ 165.522883][ T6968] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 165.522905][ T6968] ? hook_file_open+0x24e/0x7a0 [ 165.522933][ T6968] ? path_get+0x61/0x80 [ 165.522955][ T6968] tomoyo_file_open+0x6b/0x90 [ 165.522976][ T6968] security_file_open+0xb5/0x1e0 [ 165.523069][ T6968] do_dentry_open+0x5aa/0x1660 [ 165.523091][ T6968] ? security_inode_permission+0xbf/0x250 [ 165.523110][ T6968] vfs_open+0x82/0x3f0 [ 165.523138][ T6968] path_openat+0x208c/0x31a0 [ 165.523167][ T6968] ? __pfx_path_openat+0x10/0x10 [ 165.523193][ T6968] do_file_open+0x20e/0x430 [ 165.523212][ T6968] ? __pfx_do_file_open+0x10/0x10 [ 165.523247][ T6968] ? alloc_fd+0x476/0x790 [ 165.523269][ T6968] ? do_getname+0x191/0x390 [ 165.523292][ T6968] do_sys_openat2+0x10d/0x1e0 [ 165.523314][ T6968] ? __pfx_do_sys_openat2+0x10/0x10 [ 165.523342][ T6968] __x64_sys_openat+0x12d/0x210 [ 165.523364][ T6968] ? __pfx___x64_sys_openat+0x10/0x10 [ 165.523390][ T6968] ? rcu_is_watching+0x12/0xc0 [ 165.523410][ T6968] do_syscall_64+0x10b/0xf80 [ 165.523429][ T6968] ? clear_bhb_loop+0x40/0x90 [ 165.523451][ T6968] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 165.523468][ T6968] RIP: 0033:0x7fe4d2d9cdd9 [ 165.523481][ T6968] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 165.523496][ T6968] RSP: 002b:00007fe4d3c19028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 165.523511][ T6968] RAX: ffffffffffffffda RBX: 00007fe4d3015fa0 RCX: 00007fe4d2d9cdd9 [ 165.523521][ T6968] RDX: 0000000000000001 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 165.523530][ T6968] RBP: 00007fe4d2e32d69 R08: 0000000000000000 R09: 0000000000000000 [ 165.523540][ T6968] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 165.523550][ T6968] R13: 00007fe4d3016038 R14: 00007fe4d3015fa0 R15: 00007fff78fa57e8 [ 165.523570][ T6968] [ 169.801182][ T7043] zram: Cannot change disksize for initialized device [ 170.463711][ T7053] netlink: 'syz.3.246': attribute type 11 has an invalid length. [ 170.553096][ T7053] netlink: 'syz.3.246': attribute type 11 has an invalid length. [ 170.635304][ T7053] netlink: 'syz.3.246': attribute type 11 has an invalid length. [ 171.444402][ T7053] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 171.626080][ T7053] netlink: 504 bytes leftover after parsing attributes in process `syz.3.246'. [ 171.690016][ T7053] netlink: 350 bytes leftover after parsing attributes in process `syz.3.246'. [ 177.189927][ T7190] misc userio: Invalid payload size [ 177.681904][ T7197] sysfs_service_op_store: Client not running :-5: [ 178.068806][ T7199] netlink: 2468 bytes leftover after parsing attributes in process `syz.0.270'. [ 179.367421][ T7224] netlink: 'syz.2.274': attribute type 11 has an invalid length. [ 179.443457][ T7224] netlink: 'syz.2.274': attribute type 11 has an invalid length. [ 179.585786][ T7224] netlink: 'syz.2.274': attribute type 11 has an invalid length. [ 179.643857][ T7222] input: jJǸ-9%vJ86 as /devices/virtual/input/input6 [ 181.059625][ T7227] netlink: 504 bytes leftover after parsing attributes in process `syz.2.274'. [ 181.198786][ T7224] netlink: 350 bytes leftover after parsing attributes in process `syz.2.274'. [ 184.252660][ T7306] sysfs_service_op_store: Client not running :-5: [ 184.772400][ T7315] HfR: entered promiscuous mode [ 187.973970][ T7360] netlink: 4 bytes leftover after parsing attributes in process `syz.1.298'. [ 192.177372][ T7426] FAULT_INJECTION: forcing a failure. [ 192.177372][ T7426] name failslab, interval 1, probability 0, space 0, times 0 [ 192.235858][ T7426] CPU: 0 UID: 0 PID: 7426 Comm: syz.2.313 Tainted: G L syzkaller #0 PREEMPT(full) [ 192.235889][ T7426] Tainted: [L]=SOFTLOCKUP [ 192.235894][ T7426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 192.235904][ T7426] Call Trace: [ 192.235911][ T7426] [ 192.235917][ T7426] dump_stack_lvl+0x100/0x190 [ 192.235944][ T7426] should_fail_ex.cold+0x5/0xa [ 192.235966][ T7426] should_failslab+0xc2/0x120 [ 192.235986][ T7426] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 192.236009][ T7426] ? security_inode_alloc+0x3b/0x2c0 [ 192.236034][ T7426] ? lockdep_init_map_type+0x5c/0x250 [ 192.236052][ T7426] security_inode_alloc+0x3b/0x2c0 [ 192.236076][ T7426] inode_init_always_gfp+0xcc0/0x1000 [ 192.236099][ T7426] alloc_inode+0x8e/0x250 [ 192.236122][ T7426] new_inode+0x22/0x1c0 [ 192.236145][ T7426] rpc_new_dir+0x96/0x420 [ 192.236165][ T7426] rpc_populate.constprop.0+0x125/0x1c0 [ 192.236184][ T7426] ? d_instantiate+0x8f/0xb0 [ 192.236206][ T7426] ? __pfx_rpc_fill_super+0x10/0x10 [ 192.236225][ T7426] rpc_fill_super+0x2b9/0x4f0 [ 192.236246][ T7426] ? __pfx_rpc_fill_super+0x10/0x10 [ 192.236262][ T7426] get_tree_keyed+0x10e/0x1d0 [ 192.236280][ T7426] vfs_get_tree+0x92/0x320 [ 192.236304][ T7426] vfs_cmd_create+0xd7/0x2a0 [ 192.236327][ T7426] __do_sys_fsconfig+0x55a/0xcb0 [ 192.236351][ T7426] ? __pfx___do_sys_fsconfig+0x10/0x10 [ 192.236374][ T7426] ? xfd_validate_state+0x129/0x190 [ 192.236394][ T7426] ? rcu_is_watching+0x12/0xc0 [ 192.236415][ T7426] do_syscall_64+0x10b/0xf80 [ 192.236433][ T7426] ? clear_bhb_loop+0x40/0x90 [ 192.236452][ T7426] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 192.236483][ T7426] RIP: 0033:0x7f63a319cdd9 [ 192.236498][ T7426] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 192.236514][ T7426] RSP: 002b:00007f63a403e028 EFLAGS: 00000246 ORIG_RAX: 00000000000001af [ 192.236531][ T7426] RAX: ffffffffffffffda RBX: 00007f63a3415fa0 RCX: 00007f63a319cdd9 [ 192.236541][ T7426] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000003 [ 192.236551][ T7426] RBP: 00007f63a3232d69 R08: 0000000000000000 R09: 0000000000000000 [ 192.236567][ T7426] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 192.236577][ T7426] R13: 00007f63a3416038 R14: 00007f63a3415fa0 R15: 00007fff7eeaf2c8 [ 192.236599][ T7426] [ 192.236967][ T7426] net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory / [ 194.483067][ T1313] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.489607][ T1313] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.759096][ T7482] zram: Cannot change disksize for initialized device [ 197.761827][ T7518] sysfs_service_op_store: Client not running :-5: [ 201.871164][ T7595] netlink: 342 bytes leftover after parsing attributes in process `syz.1.338'. [ 205.237088][ T7649] netlink: 342 bytes leftover after parsing attributes in process `syz.2.349'. [ 206.064796][ T7656] ACPI: \_SB_.LNKS: No IRQ available. Try pci=noacpi or acpi=off [ 206.163092][ T7656] pci 0000:00:01.3: PCI INT A: no GSI [ 206.812679][ T50] Bluetooth: hci2: command 0x0406 tx timeout [ 206.818839][ T5643] Bluetooth: hci3: command 0x0406 tx timeout [ 206.825943][ T50] Bluetooth: hci1: command 0x0406 tx timeout [ 206.832522][ T5640] Bluetooth: hci0: command 0x0406 tx timeout [ 207.375098][ T7683] zram: Cannot change disksize for initialized device [ 208.154035][ T7688] program syz.3.358 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 208.254532][ T29] audit: type=1807 audit(1843111711.113:3): UNKNOWN=0"]$|1j0B|dӉO+/xWӦ^gq%ḦrO res=0 [ 208.345235][ T29] audit: type=1802 audit(1843111711.113:4): pid=7691 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=update_policy cause=invalid-policy comm="syz.3.358" res=0 errno=0 [ 208.378500][ T7687] ima: policy update failed [ 208.460173][ T29] audit: type=1802 audit(1843111711.273:5): pid=7687 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.358" res=0 errno=0 [ 210.001110][ T7725] tc_dump_action: action bad kind [ 211.064133][ T7742] netlink: 'syz.2.373': attribute type 11 has an invalid length. [ 211.108238][ T7742] netlink: 'syz.2.373': attribute type 1 has an invalid length. [ 211.150219][ T7742] netlink: 9 bytes leftover after parsing attributes in process `syz.2.373'. [ 212.681067][ T7758] netlink: 4 bytes leftover after parsing attributes in process `syz.0.371'. [ 217.653364][ T7846] netlink: 342 bytes leftover after parsing attributes in process `syz.1.394'. [ 218.941063][ T29] audit: type=1800 audit(1843112744.791:6): pid=7856 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.397" name="file0" dev="tmpfs" ino=545 res=0 errno=0 [ 219.787720][ T7875] zram: Cannot change disksize for initialized device [ 222.147730][ T7905] netlink: 4 bytes leftover after parsing attributes in process `syz.2.406'. [ 228.058615][ T8006] netlink: 4 bytes leftover after parsing attributes in process `syz.0.427'. [ 228.124955][ T8006] netlink: 4 bytes leftover after parsing attributes in process `syz.0.427'. [ 228.778952][ T8017] netlink: 342 bytes leftover after parsing attributes in process `syz.0.429'. [ 228.831389][ T8017] netlink: 342 bytes leftover after parsing attributes in process `syz.0.429'. [ 229.279645][ T8031] blktrace: Concurrent blktraces are not allowed on sda1 [ 230.179867][ T8047] loop6: detected capacity change from 0 to 8 [ 230.221527][ T8044] netlink: 2476 bytes leftover after parsing attributes in process `syz.0.435'. [ 230.234830][ T8049] WARNING! power/level is deprecated; use power/control instead [ 231.036705][ T8056] netlink: 342 bytes leftover after parsing attributes in process `syz.1.438'. [ 231.239772][ T8058] netlink: 342 bytes leftover after parsing attributes in process `syz.1.438'. [ 231.428178][ T8061] netlink: 342 bytes leftover after parsing attributes in process `syz.0.439'. [ 231.533273][ T8067] netlink: 342 bytes leftover after parsing attributes in process `syz.0.439'. [ 231.662375][ T8066] netlink: 342 bytes leftover after parsing attributes in process `syz.2.440'. [ 232.674840][ T8091] zram: Cannot change disksize for initialized device [ 234.254968][ T8099] FAULT_INJECTION: forcing a failure. [ 234.254968][ T8099] name fail_futex, interval 1, probability 0, space 0, times 0 [ 234.372648][ T8099] CPU: 0 UID: 0 PID: 8099 Comm: syz.3.449 Tainted: G L syzkaller #0 PREEMPT(full) [ 234.372675][ T8099] Tainted: [L]=SOFTLOCKUP [ 234.372681][ T8099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 234.372690][ T8099] Call Trace: [ 234.372695][ T8099] [ 234.372701][ T8099] dump_stack_lvl+0x100/0x190 [ 234.372724][ T8099] should_fail_ex.cold+0x5/0xa [ 234.372746][ T8099] get_futex_key+0x1d2/0x1510 [ 234.372764][ T8099] ? __pfx_get_futex_key+0x10/0x10 [ 234.372785][ T8099] futex_wake+0xea/0x530 [ 234.372805][ T8099] ? __pfx_futex_wake+0x10/0x10 [ 234.372837][ T8099] ? rcu_is_watching+0x12/0xc0 [ 234.372855][ T8099] ? __call_rcu_common.constprop.0+0x3f0/0x9b0 [ 234.372877][ T8099] do_futex+0x32b/0x350 [ 234.372894][ T8099] ? __pfx_do_futex+0x10/0x10 [ 234.372910][ T8099] ? __pfx___might_resched+0x10/0x10 [ 234.372926][ T8099] ? blkcg_maybe_throttle_current+0x5e7/0xeb0 [ 234.372946][ T8099] __x64_sys_futex+0x34f/0x4d0 [ 234.372964][ T8099] ? __pfx___x64_sys_futex+0x10/0x10 [ 234.372990][ T8099] ? rcu_is_watching+0x12/0xc0 [ 234.373012][ T8099] do_syscall_64+0x10b/0xf80 [ 234.373031][ T8099] ? clear_bhb_loop+0x40/0x90 [ 234.373050][ T8099] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 234.373065][ T8099] RIP: 0033:0x7fe4d2d9cdd9 [ 234.373078][ T8099] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 234.373092][ T8099] RSP: 002b:00007fe4d3c190e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 234.373107][ T8099] RAX: ffffffffffffffda RBX: 00007fe4d3015fa8 RCX: 00007fe4d2d9cdd9 [ 234.373116][ T8099] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fe4d3015fac [ 234.373125][ T8099] RBP: 00007fe4d3015fa0 R08: 0000000000000001 R09: 0000000000000000 [ 234.373134][ T8099] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 234.373142][ T8099] R13: 00007fe4d3016038 R14: 00007fff78fa5700 R15: 00007fff78fa57e8 [ 234.373161][ T8099] [ 235.376748][ T8106] __nla_validate_parse: 3 callbacks suppressed [ 235.376762][ T8106] netlink: 342 bytes leftover after parsing attributes in process `syz.1.451'. [ 235.713951][ T8110] netlink: 342 bytes leftover after parsing attributes in process `syz.1.451'. [ 236.511226][ T8118] netlink: 342 bytes leftover after parsing attributes in process `syz.1.453'. [ 236.526751][ T8122] netlink: 342 bytes leftover after parsing attributes in process `syz.0.455'. [ 236.557988][ T8122] netlink: 342 bytes leftover after parsing attributes in process `syz.0.455'. [ 236.610772][ T8123] netlink: 342 bytes leftover after parsing attributes in process `syz.1.453'. [ 237.252357][ T8138] netlink: 342 bytes leftover after parsing attributes in process `syz.0.460'. [ 237.303524][ T8138] netlink: 342 bytes leftover after parsing attributes in process `syz.0.460'. [ 238.380627][ T8161] netlink: 342 bytes leftover after parsing attributes in process `syz.2.465'. [ 238.442060][ T8153] netlink: 2476 bytes leftover after parsing attributes in process `syz.3.463'. [ 239.204691][ T29] audit: type=1800 audit(1843114811.047:7): pid=8173 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.469" name="file0" dev="tmpfs" ino=645 res=0 errno=0 [ 241.187149][ T8208] zram: Cannot change disksize for initialized device [ 242.519824][ T8228] __nla_validate_parse: 2 callbacks suppressed [ 242.519839][ T8228] netlink: 342 bytes leftover after parsing attributes in process `syz.1.478'. [ 243.798600][ T8262] netlink: 4 bytes leftover after parsing attributes in process `syz.2.484'. [ 243.878875][ T8262] netlink: 354 bytes leftover after parsing attributes in process `syz.2.484'. [ 243.991999][ T8259] usb usb37: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 244.146502][ T8259] vhci_hcd vhci_hcd.2: invalid port number 111 [ 244.280161][ T8259] vhci_hcd vhci_hcd.2: invalid port number 111 [ 244.335622][ T8263] NFSD: Failed to start, no listeners configured. [ 246.002805][ T8304] netlink: 4 bytes leftover after parsing attributes in process `syz.2.494'. [ 246.049401][ T8304] netlink: 5 bytes leftover after parsing attributes in process `syz.2.494'. [ 248.400963][ T8349] netlink: 4 bytes leftover after parsing attributes in process `syz.2.504'. [ 248.429954][ T8349] netlink: 5 bytes leftover after parsing attributes in process `syz.2.504'. [ 248.814799][ T8340] netlink: 2476 bytes leftover after parsing attributes in process `syz.0.510'. [ 249.134392][ T8359] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 249.134392][ T8359] The task syz.1.507 (8359) triggered the difference, watch for misbehavior. [ 250.530317][ T8389] netlink: 4 bytes leftover after parsing attributes in process `syz.3.514'. [ 250.573956][ T8389] netlink: 4 bytes leftover after parsing attributes in process `syz.3.514'. [ 251.829357][ T8384] netlink: 2468 bytes leftover after parsing attributes in process `syz.0.513'. [ 251.958085][ T8412] netlink: 2468 bytes leftover after parsing attributes in process `syz.3.518'. [ 254.037251][ T8445] sysfs: cannot create duplicate filename '/class/ieee80211/211!phy1!netdev:wlan1!rc_rateidx_mcs_mask' [ 254.267287][ T8445] CPU: 0 UID: 0 PID: 8445 Comm: syz.0.525 Tainted: G L syzkaller #0 PREEMPT(full) [ 254.267314][ T8445] Tainted: [L]=SOFTLOCKUP [ 254.267320][ T8445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 254.267329][ T8445] Call Trace: [ 254.267334][ T8445] [ 254.267340][ T8445] dump_stack_lvl+0x100/0x190 [ 254.267364][ T8445] sysfs_warn_dup.cold+0x1c/0x28 [ 254.267387][ T8445] sysfs_do_create_link_sd+0x113/0x140 [ 254.267406][ T8445] sysfs_create_link+0x61/0xc0 [ 254.267421][ T8445] device_add+0x675/0x1950 [ 254.267443][ T8445] ? __pfx_device_add+0x10/0x10 [ 254.267460][ T8445] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 254.267483][ T8445] ? ieee80211_set_bitrate_flags+0x41b/0x6b0 [ 254.267510][ T8445] wiphy_register+0x1edd/0x2d90 [ 254.267527][ T8445] ? __rtnl_unlock+0xb9/0xf0 [ 254.267551][ T8445] ? __pfx_wiphy_register+0x10/0x10 [ 254.267567][ T8445] ? __asan_memset+0x23/0x50 [ 254.267591][ T8445] ? minstrel_ht_alloc+0x5e6/0x7f0 [ 254.267621][ T8445] ieee80211_register_hw+0x3055/0x4570 [ 254.267652][ T8445] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 254.267672][ T8445] ? __pfx___debug_object_init+0x10/0x10 [ 254.267698][ T8445] ? find_held_lock+0x2b/0x80 [ 254.267719][ T8445] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 254.267740][ T8445] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 254.267759][ T8445] ? __hrtimer_setup+0x208/0x330 [ 254.267777][ T8445] mac80211_hwsim_new_radio+0x2a01/0x5aa0 [ 254.267805][ T8445] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 254.267823][ T8445] ? __asan_memcpy+0x3c/0x60 [ 254.267846][ T8445] hwsim_new_radio_nl+0xc5f/0x1370 [ 254.267861][ T8445] ? rcu_is_watching+0x12/0xc0 [ 254.267879][ T8445] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 254.267899][ T8445] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1e5/0x2f0 [ 254.267922][ T8445] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1ef/0x2f0 [ 254.267949][ T8445] genl_family_rcv_msg_doit+0x214/0x300 [ 254.267973][ T8445] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 254.267994][ T8445] ? genl_get_cmd+0x3e7/0x760 [ 254.268019][ T8445] ? bpf_lsm_capable+0x9/0x10 [ 254.268035][ T8445] ? security_capable+0x80/0x260 [ 254.268056][ T8445] ? ns_capable+0xd2/0xf0 [ 254.268076][ T8445] genl_rcv_msg+0x560/0x800 [ 254.268099][ T8445] ? __pfx_genl_rcv_msg+0x10/0x10 [ 254.268121][ T8445] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 254.268143][ T8445] netlink_rcv_skb+0x159/0x420 [ 254.268162][ T8445] ? __pfx_genl_rcv_msg+0x10/0x10 [ 254.268184][ T8445] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 254.268211][ T8445] ? netlink_deliver_tap+0x1ae/0xcc0 [ 254.268232][ T8445] genl_rcv+0x28/0x40 [ 254.268258][ T8445] netlink_unicast+0x585/0x850 [ 254.268281][ T8445] ? __pfx_netlink_unicast+0x10/0x10 [ 254.268310][ T8445] netlink_sendmsg+0x8b0/0xda0 [ 254.268334][ T8445] ? __pfx_netlink_sendmsg+0x10/0x10 [ 254.268353][ T8445] ? __import_iovec+0x1d2/0x640 [ 254.268371][ T8445] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 254.268398][ T8445] ____sys_sendmsg+0x9e1/0xb70 [ 254.268417][ T8445] ? __pfx_netlink_sendmsg+0x10/0x10 [ 254.268438][ T8445] ? __pfx_____sys_sendmsg+0x10/0x10 [ 254.268459][ T8445] ? rcu_is_watching+0x12/0xc0 [ 254.268476][ T8445] ? ___sys_sendmsg+0x19d/0x1e0 [ 254.268494][ T8445] ? kfree+0x1dd/0x6c0 [ 254.268518][ T8445] ___sys_sendmsg+0x190/0x1e0 [ 254.268539][ T8445] ? __pfx____sys_sendmsg+0x10/0x10 [ 254.268578][ T8445] ? __pfx___might_resched+0x10/0x10 [ 254.268598][ T8445] __sys_sendmmsg+0x205/0x430 [ 254.268616][ T8445] ? __pfx___sys_sendmmsg+0x10/0x10 [ 254.268647][ T8445] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 254.268668][ T8445] ? kcov_ioctl+0x16a/0x720 [ 254.268691][ T8445] __x64_sys_sendmmsg+0x9c/0x100 [ 254.268706][ T8445] ? lockdep_hardirqs_on+0x78/0x100 [ 254.268725][ T8445] do_syscall_64+0x10b/0xf80 [ 254.268743][ T8445] ? clear_bhb_loop+0x40/0x90 [ 254.268761][ T8445] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 254.268776][ T8445] RIP: 0033:0x7ff12659cdd9 [ 254.268791][ T8445] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 254.268805][ T8445] RSP: 002b:00007ff127393028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 254.268819][ T8445] RAX: ffffffffffffffda RBX: 00007ff126816090 RCX: 00007ff12659cdd9 [ 254.268829][ T8445] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 254.268838][ T8445] RBP: 00007ff126632d69 R08: 0000000000000000 R09: 0000000000000000 [ 254.268847][ T8445] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 254.268856][ T8445] R13: 00007ff126816128 R14: 00007ff126816090 R15: 00007ffc9c0241a8 [ 254.268876][ T8445] [ 255.517864][ T8452] netlink: 342 bytes leftover after parsing attributes in process `syz.2.527'. [ 256.028844][ T1313] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.038681][ T1313] ieee802154 phy1 wpan1: encryption failed: -22 [ 257.103582][ T8477] Setting dangerous option i915.mitigations - tainting kernel [ 257.822869][ T8491] netlink: 342 bytes leftover after parsing attributes in process `syz.1.539'. [ 258.516187][ T8500] input: jJǸ-9%vJ86 as /devices/virtual/input/input7 [ 258.797177][ T8508] netlink: 4 bytes leftover after parsing attributes in process `syz.2.542'. [ 258.845870][ T8508] netlink: 5 bytes leftover after parsing attributes in process `syz.2.542'. [ 260.520452][ T8525] netlink: 342 bytes leftover after parsing attributes in process `syz.0.546'. [ 263.628056][ T8592] netlink: 342 bytes leftover after parsing attributes in process `syz.2.561'. [ 264.496982][ T8605] netlink: 342 bytes leftover after parsing attributes in process `syz.3.565'. [ 265.484371][ T8619] netlink: 342 bytes leftover after parsing attributes in process `syz.1.569'. [ 265.498573][ T8621] netlink: 4 bytes leftover after parsing attributes in process `syz.3.570'. [ 267.190633][ T8655] netlink: 342 bytes leftover after parsing attributes in process `syz.3.576'. [ 267.411253][ T8659] netlink: 28 bytes leftover after parsing attributes in process `syz.3.578'. [ 268.907474][ T8682] netlink: 342 bytes leftover after parsing attributes in process `syz.0.583'. [ 268.963014][ T8687] netlink: 342 bytes leftover after parsing attributes in process `syz.0.583'. [ 269.229721][ T8692] ================================================================== [ 269.229735][ T8692] BUG: KASAN: vmalloc-out-of-bounds in sys_fillrect+0x174a/0x1910 [ 269.229763][ T8692] Write of size 8 at addr ffffc90004929000 by task syz.0.585/8692 [ 269.229777][ T8692] [ 269.229803][ T8692] CPU: 0 UID: 0 PID: 8692 Comm: syz.0.585 Tainted: G U L syzkaller #0 PREEMPT(full) [ 269.229826][ T8692] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 269.229832][ T8692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 269.229842][ T8692] Call Trace: [ 269.229847][ T8692] [ 269.229853][ T8692] dump_stack_lvl+0x100/0x190 [ 269.229870][ T8692] print_report+0x13d/0x4b0 [ 269.229896][ T8692] ? _raw_spin_lock_irqsave+0x52/0x60 [ 269.229915][ T8692] ? sys_fillrect+0x174a/0x1910 [ 269.229934][ T8692] kasan_report+0xdf/0x1d0 [ 269.229959][ T8692] ? sys_fillrect+0x174a/0x1910 [ 269.229982][ T8692] sys_fillrect+0x174a/0x1910 [ 269.230007][ T8692] drm_fbdev_shmem_defio_fillrect+0x22/0x140 [ 269.230024][ T8692] bit_clear+0x17d/0x220 [ 269.230041][ T8692] ? __pfx_bit_clear+0x10/0x10 [ 269.230058][ T8692] ? fb_get_color_depth+0x120/0x250 [ 269.230074][ T8692] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 269.230100][ T8692] __fbcon_clear+0x633/0x760 [ 269.230115][ T8692] ? __pfx_bit_clear+0x10/0x10 [ 269.230132][ T8692] fbcon_scroll+0x314/0x650 [ 269.230148][ T8692] con_scroll+0x464/0x690 [ 269.230168][ T8692] csi_ECMA.constprop.0+0xc57/0x3b60 [ 269.230190][ T8692] ? find_held_lock+0x2b/0x80 [ 269.230208][ T8692] ? __pfx_csi_ECMA.constprop.0+0x10/0x10 [ 269.230231][ T8692] do_con_write+0x3946/0x4a10 [ 269.230251][ T8692] ? trace_contention_end+0x122/0x170 [ 269.230271][ T8692] ? __pfx_do_con_write+0x10/0x10 [ 269.230295][ T8692] con_write+0x23/0xb0 [ 269.230315][ T8692] n_tty_write+0x431/0x11c0 [ 269.230333][ T8692] ? __pfx_n_tty_write+0x10/0x10 [ 269.230347][ T8692] ? trace_kmalloc+0xe3/0x110 [ 269.230363][ T8692] ? __pfx_woken_wake_function+0x10/0x10 [ 269.230380][ T8692] ? rcu_is_watching+0x12/0xc0 [ 269.230397][ T8692] ? file_tty_write.isra.0+0x694/0x890 [ 269.230416][ T8692] ? kfree+0x1dd/0x6c0 [ 269.230435][ T8692] ? __pfx_n_tty_write+0x10/0x10 [ 269.230450][ T8692] file_tty_write.isra.0+0x4d2/0x890 [ 269.230472][ T8692] redirected_tty_write+0xd4/0x120 [ 269.230493][ T8692] vfs_write+0x6ac/0x1070 [ 269.230509][ T8692] ? __pfx_redirected_tty_write+0x10/0x10 [ 269.230531][ T8692] ? __pfx_vfs_write+0x10/0x10 [ 269.230545][ T8692] ? find_held_lock+0x2b/0x80 [ 269.230568][ T8692] ksys_write+0x12a/0x250 [ 269.230583][ T8692] ? __pfx_ksys_write+0x10/0x10 [ 269.230599][ T8692] ? rcu_is_watching+0x12/0xc0 [ 269.230617][ T8692] do_syscall_64+0x10b/0xf80 [ 269.230634][ T8692] ? clear_bhb_loop+0x40/0x90 [ 269.230651][ T8692] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 269.230666][ T8692] RIP: 0033:0x7ff12659cdd9 [ 269.230680][ T8692] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 269.230694][ T8692] RSP: 002b:00007ff1273b4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 269.230712][ T8692] RAX: ffffffffffffffda RBX: 00007ff126815fa0 RCX: 00007ff12659cdd9 [ 269.230722][ T8692] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 0000000000000005 [ 269.230732][ T8692] RBP: 00007ff126632d69 R08: 0000000000000000 R09: 0000000000000000 [ 269.230741][ T8692] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 269.230750][ T8692] R13: 00007ff126816038 R14: 00007ff126815fa0 R15: 00007ffc9c0241a8 [ 269.230765][ T8692] [ 269.230771][ T8692] [ 269.230781][ T8692] The buggy address belongs to a 0-page vmalloc region starting at 0xffffc90004629000 allocated at drm_gem_shmem_vmap_locked+0x553/0x860 [ 269.230809][ T8692] Memory state around the buggy address: [ 269.230817][ T8692] ffffc90004928f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 269.230830][ T8692] ffffc90004928f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 269.230846][ T8692] >ffffc90004929000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 269.230855][ T8692] ^ [ 269.230862][ T8692] ffffc90004929080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 269.230872][ T8692] ffffc90004929100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 269.230881][ T8692] ================================================================== [ 269.230900][ T8692] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 269.230916][ T8692] CPU: 0 UID: 0 PID: 8692 Comm: syz.0.585 Tainted: G U L syzkaller #0 PREEMPT(full) [ 269.230953][ T8692] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 269.230959][ T8692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 269.230967][ T8692] Call Trace: [ 269.230973][ T8692] [ 269.230979][ T8692] dump_stack_lvl+0x100/0x190 [ 269.230995][ T8692] vpanic+0x552/0x970 [ 269.231010][ T8692] ? __pfx_vpanic+0x10/0x10 [ 269.231028][ T8692] ? mark_held_locks+0x40/0x70 [ 269.231042][ T8692] ? sys_fillrect+0x174a/0x1910 [ 269.231063][ T8692] panic+0xd1/0xe0 [ 269.231075][ T8692] ? __pfx_panic+0x10/0x10 [ 269.231092][ T8692] check_panic_on_warn.cold+0x19/0x34 [ 269.231107][ T8692] end_report.part.0+0x3a/0x90 [ 269.231127][ T8692] kasan_report.cold+0xe/0x18 [ 269.231147][ T8692] ? sys_fillrect+0x174a/0x1910 [ 269.231169][ T8692] sys_fillrect+0x174a/0x1910 [ 269.231192][ T8692] drm_fbdev_shmem_defio_fillrect+0x22/0x140 [ 269.231209][ T8692] bit_clear+0x17d/0x220 [ 269.231225][ T8692] ? __pfx_bit_clear+0x10/0x10 [ 269.231242][ T8692] ? fb_get_color_depth+0x120/0x250 [ 269.231256][ T8692] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 269.231279][ T8692] __fbcon_clear+0x633/0x760 [ 269.231294][ T8692] ? __pfx_bit_clear+0x10/0x10 [ 269.231312][ T8692] fbcon_scroll+0x314/0x650 [ 269.231327][ T8692] con_scroll+0x464/0x690 [ 269.231347][ T8692] csi_ECMA.constprop.0+0xc57/0x3b60 [ 269.231369][ T8692] ? find_held_lock+0x2b/0x80 [ 269.231389][ T8692] ? __pfx_csi_ECMA.constprop.0+0x10/0x10 [ 269.231413][ T8692] do_con_write+0x3946/0x4a10 [ 269.231439][ T8692] ? trace_contention_end+0x122/0x170 [ 269.231458][ T8692] ? __pfx_do_con_write+0x10/0x10 [ 269.231488][ T8692] con_write+0x23/0xb0 [ 269.231510][ T8692] n_tty_write+0x431/0x11c0 [ 269.231529][ T8692] ? __pfx_n_tty_write+0x10/0x10 [ 269.231546][ T8692] ? trace_kmalloc+0xe3/0x110 [ 269.231565][ T8692] ? __pfx_woken_wake_function+0x10/0x10 [ 269.231584][ T8692] ? rcu_is_watching+0x12/0xc0 [ 269.231602][ T8692] ? file_tty_write.isra.0+0x694/0x890 [ 269.231625][ T8692] ? kfree+0x1dd/0x6c0 [ 269.231647][ T8692] ? __pfx_n_tty_write+0x10/0x10 [ 269.231662][ T8692] file_tty_write.isra.0+0x4d2/0x890 [ 269.231684][ T8692] redirected_tty_write+0xd4/0x120 [ 269.231704][ T8692] vfs_write+0x6ac/0x1070 [ 269.231720][ T8692] ? __pfx_redirected_tty_write+0x10/0x10 [ 269.231742][ T8692] ? __pfx_vfs_write+0x10/0x10 [ 269.231757][ T8692] ? find_held_lock+0x2b/0x80 [ 269.231780][ T8692] ksys_write+0x12a/0x250 [ 269.231795][ T8692] ? __pfx_ksys_write+0x10/0x10 [ 269.231811][ T8692] ? rcu_is_watching+0x12/0xc0 [ 269.231829][ T8692] do_syscall_64+0x10b/0xf80 [ 269.231847][ T8692] ? clear_bhb_loop+0x40/0x90 [ 269.231863][ T8692] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 269.231878][ T8692] RIP: 0033:0x7ff12659cdd9 [ 269.231890][ T8692] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 269.231904][ T8692] RSP: 002b:00007ff1273b4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 269.231918][ T8692] RAX: ffffffffffffffda RBX: 00007ff126815fa0 RCX: 00007ff12659cdd9 [ 269.231928][ T8692] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 0000000000000005 [ 269.231938][ T8692] RBP: 00007ff126632d69 R08: 0000000000000000 R09: 0000000000000000 [ 269.231954][ T8692] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 269.231963][ T8692] R13: 00007ff126816038 R14: 00007ff126815fa0 R15: 00007ffc9c0241a8 [ 269.231978][ T8692] [ 269.232046][ T8692] Kernel Offset: disabled