last executing test programs: 1m12.953002678s ago: executing program 3 (id=334): ioctl$auto_dvb_demux_fops_dmxdev(0xffffffffffffffff, 0x400000000000, &(0x7f0000000400)) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x14, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) mmap$auto(0x1, 0x8, 0xdf, 0x7d, 0xffffffffffffffff, 0x3) sysfs$auto(0x2, 0x24, 0x0) openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x1, 0x2020009, 0x3, 0xebc, 0xfffffffffffffffa, 0x8000) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f000000a500), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_REQ_SET_REG(r1, &(0x7f000000a5c0)={0x0, 0x0, &(0x7f000000a580)={&(0x7f0000000080)={0x1c, r2, 0x1, 0x70bd0a, 0x25dfdbfd, {}, [@NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000040}, 0x24008080) r3 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000040)='/dev/binderfs/binder1\x00', 0x189160, 0x0) ioctl$auto_BINDER_ENABLE_ONEWAY_SPAM_DETECTION(r3, 0x40046210, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x129041, 0x0) r4 = epoll_create$auto(0x3e) select$auto(0xe, 0x0, 0x0, &(0x7f0000000140)={[0x2000000000001ff, 0xe, 0xd, 0x2007d48, 0x948b, 0x4, 0x0, 0xc, 0x3, 0x0, 0x80000001, 0x7, 0x4, 0x5, 0x2, 0x1]}, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x80102, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000003c0)='&\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) r5 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000200), r0) sendmsg$auto_NFSD_CMD_POOL_MODE_SET(r0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="00022bbd70070000000000000000090001002fdc415b000001000c0001002d55232a5b40290006000100270000000b0001006e6c6374726c0000"], 0x40}, 0x1, 0x0, 0x0, 0x20008800}, 0x44020) socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000001080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r6, @ANYBLOB="810b25bd7000ffdbdf251100000008000300", @ANYRES32=r7], 0x1c}, 0x1, 0x0, 0x0, 0x20000084}, 0x0) sendmsg$auto_NL80211_CMD_GET_COALESCE(r4, &(0x7f0000000b40)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000b00)={&(0x7f0000000400)={0x6c8, r6, 0xd8d7ae2303836716, 0x70bd2b, 0x25dfdbff, {}, [@NL80211_ATTR_SAE_PASSWORD={0x17, 0x115, "f835083fc78ba7674b1797570f8a2232fc5542"}, @NL80211_ATTR_SCAN_SUPP_RATES={0x20e, 0x7d, 0x0, 0x1, [@typed={0x14, 0x8, 0x0, 0x0, @ipv6=@loopback}, @generic="92dedab8b1736895af8a2ca3f850b2c5b7cb903f2225b5e826235d04454da5035919be5e5540516d1328ba71cde095a82d85fd052a00a6530fe18153e559cfbdc456ebc65b525f3239184600840ec0cfaeabb1f1fb12feb11eb35dff4d91004028fdb5e18b4253c2c9c3418786102925afd114a76e7f6d", @nested={0xba, 0x53, 0x0, 0x1, [@typed={0x1a, 0x13c, 0x0, 0x0, @str='/dev/binderfs/binder1\x00'}, @generic="e302a5ccb5021ba6b4f96545b3fcf1f5fcaa5538cc3a0e1292657168190695c6601162cbc77ea8d8eafc07b9e118c5427cb88b195b40cd19e3ab38a63b7006a42a", @generic="01c6045fec1d2f98277d4200eef6f38670d9ad1e9e21c9db585de7f235014733baa36bd432e214ed7b6c04f423473683ecfca6c32eb776ce407bbf9a54a1bb8bda01026930fcceb730d86640b1a5c5e9d502b393dfd89080c9"]}, @generic="e4e22e8562d85f35c21a3dfa544b4c1b4ebd952af1e3e7b9137f99fdc401e9edde0e1a02ad85e22c7f8068b9b222f5d86fdfaaaaafa4fce481554c5a866ac8bf0ad479d7c93a51bf041ea9894e0c4b1ee14c6c1489277763eb71929e30540f516a458b6b0314912628800bc57cf8faa0ea38eabe9bbc6e46a0537a0cfd395f166354746153ffc7226befe1b944bad440eed78ef55bf0c4f2c0350729c0c247feedc43eae68f7236826f2fd2ef9adff", @nested={0xc, 0xa2, 0x0, 0x1, [@typed={0x8, 0x9b, 0x0, 0x0, @ipv4=@remote}]}, @typed={0x8, 0x133, 0x0, 0x0, @u32=0x57}]}, @NL80211_ATTR_PROBE_RESP={0x48b, 0x91, "7cd4d8d3f4c79d5822c24dc0cd1875de0a5a19837aa1a8ba9e1900e95ebe151f36e6943c87d70e99c09083829df417463cf1b9a895d4b5774bcac8d5e6126e4f010738b4bc40c99ee6e44a7557e0c4a6908282975c0f0ed077d11a7f6aed861791046092d5c75ae8c6a3f25de084861d6015ca44dd620c30d2fe3f327c9248230b4d12679808f8b7d1ca615bf5abfb18c698eb9e3d2cd726ac8fcb942ba4ac92e54ae96fb970cc46eee47b4d253614f7ef97c8241cc308a9f1ff0bdff38ce8e85d57fbc28ba5109a5b2897c331f81c4769fccb49f647ecc795633e11fc53cba2616c1976b6f61d32f462cd6ffbe04bd801f26e5050ef556eea758b9573f9eea749bbab34f9ced2b72d89952f8a9517941349edbb7f2d6ed8c8296778b89e7277a50eba06a0aa3ad037e11aeedf514486f9e304335e51b366f7a883b884e427d2eaa8c6eb8baac231e44fbeec1c1d965b4ba8cb676b320f0a1aa57f9f17126b9ea893ebb2932bc63fa9de11cc242fd65c1a45983f6b664823e0a2d89b5d8f68684ce678a2a41224276ecd538a7f97e005b9353ff64f521c7851cf8f6345e38a0932c84570806aac588f6642ed8a03138b3c90f98e6c9df12193496ae515e441e970c6600276dbc827537b4d182a126d355471e02239ef90822df959ecd3836262d3d5ffe0da1c6f6cd25ae0370c9c3d038c2007d6e4fd9670ad006006ce11449f4d63456d17725a444fa3b94669b4e8c5353f169bf9eb8f08be574957768983dbd2c2b2e5dfe75461d5f7221578a5fec3ea67cc4ade1fa1aca8aa32a401eb1828e2b6ce8320b334932b2c0a1adb64b03aa534a58d0560bf86839721c8ea55f0122f237cc02e098a32cc68664cb78df176f9c21766543ce56558a9c76f8a3a4f0d42ae821f17790008b36325768f75d6a55a068e0d77598a6ff136a23a9dede6e20df1e9fb3718f1025d9c44e64309891b8cb460a2808f3a2429aae5acdb111aa5909c23cf55c686b7c485a74b699c02a2ff3b0a3e64820c9a2593aec9aa7235788367d9792b32a7624d8e544f98ce9b29fabe733c0db2421cfc9eef0bdcb82e234d7690c146b1448555284d863de309333616876231201c4c445b83add3529d461d3001a2400986ea31561b7b4f93d0edd79e0ba82ccbafe9c414091e6843475f3004dd8340fc51950e751a2e854cc41a1a50061f7276211e08b7c27d13c90cfaf650689e5cd718ed0f19c6ac5e01e9045c1ddffbed9de2535b34e11feb29059785b4c8b8108e0d1d467298a7c0cec048f147e1e070cae0f7b0361ca95bb648c14d21f119b8398b6ebfb022bf573349328bd859552d47220ba8dc3b5cf9afa831af7766f4cd47cee3023a760adcb16d34eb28dc8e369eea665a9d2004dbd2054e8878deaf5189a97a68781d2d618b78efadc25e28cb48aaf931dcf29a3222d8cdf2402ff4a6b90ad1823e8b790fef446bb34704fc5f37d2d7cec00e636a7ecd7af99718fe3df94770c89273adbf4088f1b7fe533b92d18cb3e48a43eeffb2f5a3c2d77ee5c49c388244a44c15bba647d47f38dac281d76cff966f7be83fc9ec127e5fbe1e91cdbb70c2c2fe2c32fc8f42390deb618aebe0d74559703d35e1dcbbc60e03bee342fe"}]}, 0x6c8}, 0x1, 0x0, 0x0, 0xc010}, 0x20040810) 1m10.957873384s ago: executing program 3 (id=339): r0 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000140), 0x20000, 0x0) mmap$auto(0x9, 0x4020007, 0x5, 0xeb1, r0, 0x8000) (async) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x10000, 0x0) read$auto(r1, 0x0, 0x20) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/fail-nth\x00', 0x0, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) (async, rerun: 32) r3 = socket(0x2a, 0x4, 0x41) (rerun: 32) mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) socketpair$auto(0x0, 0x401, 0x0, 0x0) (async) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x8001, 0x0) (async) r4 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0) fsetxattr$auto(r3, &(0x7f0000000040)='/dev/audio\x00', 0x0, 0x17, 0x1e8) mmap$auto(0xfffffffffffffffe, 0x20009, 0x4000001000df, 0xeb1, 0xffffffffffffffff, 0x8000) (async) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/ldiscs\x00', 0x2000, 0x0) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x2000000006, 0x2) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x3, 0x1, 0x948b, 0x9, 0x15f4da07, 0x6, 0x2, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0x2, 0xd8]}, 0x0) (async) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x8000000000001fc, 0x20000000007, 0x4, 0x1000000000000bc3, 0x800, 0x3, 0xff, 0x10001, 0x400000000006, 0x3, 0x0, 0xfffffffffffffffe, 0x80000000, 0x9, 0xffffdfffffffff81, 0x4]}, 0x0) (async, rerun: 32) ioctl$auto_SNDCTL_DSP_STEREO(r4, 0xc0045003, 0x0) (async, rerun: 32) madvise$auto(0x10, 0x7fffffffffffffff, 0xa) (async) r5 = gettid() rt_sigqueueinfo$auto(r5, 0x5, &(0x7f0000000000)={@_si_pad}) (async, rerun: 64) clone$auto(0x21, 0x12000000, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x759) (async, rerun: 64) sysfs$auto(0x2, 0x100000000000011, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x0) (async) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) (async) connect$auto(0x3, &(0x7f0000000080)=@ethernet={0x306}, 0x50) socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) (rerun: 64) 1m10.601386812s ago: executing program 3 (id=340): mmap$auto(0x0, 0x2020009, 0x3, 0x11, 0xffffffffffffffff, 0x7) set_mempolicy$auto(0x3, &(0x7f0000000000)=0x7, 0x9) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x20000000000000, 0x400008, 0xe9, 0x9b72, 0xffffffffffffffff, 0x57a) sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x2404c800) kexec_load$auto(0x5, 0x2, &(0x7f0000000040)={@kbuf=0x0, 0x800c000, 0x4800c000, 0x800c000}, 0x4) mmap$auto(0x4, 0x7, 0x3, 0x1d, 0xffffffffffffffff, 0x7) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000080), 0x48980, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x801, 0x0) sendmsg$auto_NL80211_CMD_JOIN_OCB(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x4044061) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) mmap$auto(0x37, 0xda93, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r0, 0xc0045002, 0x0) mmap$auto(0x2, 0x8, 0xdf, 0x9b72, 0xffffffffffffffff, 0x7) openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek$auto(0x3, 0x7fffffffffffffff, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) readv$auto(0x3, 0x0, 0x1) socket(0x10, 0x2, 0x0) setsockopt$auto(0xffffffffffffffff, 0x6, 0xc, 0x0, 0x4) write$auto(r0, &(0x7f0000000500)='odev/\xdf\x00\x00\x00\x00H\xde\xe1\xcf\x8ch:\x11\xeah\xf4\xcc\xc6\xa6\xd9\xc3Y\xcb\xf4v6u\\\xd7hD\xfcw\xdb\x05\x11\x96ZP\x81\x87d\xa1#98\xcc\x9d\xc8\x8d\xf6\xdd\x11v(\xb0>$\x96-\xdf\x85(\xa0cq\xc5q\xa4\xad\xae\r\xb5\x8d\x81\xc6?\xd4\x7f\xd3\x1a\xe9\':\xe4\xebd\x97\x8bW^r\xe0\xc8\x85\x03\x04L:\x06\xb6\xe5\x91M\x82\xfeKM\xe0y\xd0\xd5\xb2\xfa\x1do\xa4 \xf6\xdaB\xef\xa6\x1a\x9f\xb6\\\xeb\xa9\x7f\xb3*\xaa9I\x8c,\xefD\x90\x97L!A\xbe\xd13\xc99\x8fF\xc8t\x9c\x06\x90\xb8 \xdc\x9f\x9d\xcaqc4\x10\xc5\xdd\x8c\xe7f{\\D\x86\x10\xe3%n\xbci,:\x8a#', 0x80000000) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x147) 1m9.305799287s ago: executing program 3 (id=343): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/platform/mac802154_hwsim/ieee802154/phy0/index\x00', 0xaa340, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x600347, 0x0) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/asound/card0/pcm0c/sub7/sw_params\x00', 0x181800, 0x0) read$auto(r0, &(0x7f0000000000)='/proc/sc6\xe0\xf3\xb2\xf6\xe5F\x16&si/sg/devices\x00', 0x7) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000240), 0x2000, 0x0) openat$auto_sync_info_debugfs_fops_(0xffffffffffffff9c, 0x0, 0xc0042, 0x0) close_range$auto(0x2, 0xa, 0x0) r1 = socket(0xa, 0x3, 0x2) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x4880, 0x0) syz_genetlink_get_family_id$auto_cifs(&(0x7f0000000040), r2) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) r5 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$auto_SMC_NETLINK_DISABLE_SEID(r1, &(0x7f00000004c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000480)={&(0x7f00000003c0)={0x90, r5, 0x400, 0x70bd2b, 0x25dfdbfc, {}, "1ead596c0aa757cb532167db13fe36f59e21b6c2579133f068f408ca4ee8ad2c48de98951c19733a9287801a8bf5ff04632c90d9260d88e388b7b04a77896714bee0a844443ff9cdf683eaa10b8d431a483b214a1d5c0c656ead386801d7c5f0603cd96ff5b7bc86b3ae5c7784d0e734f5b892a5482f22502159b7"}, 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x10) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r4) ioctl$auto_KVM_GET_MSRS(r3, 0x4008ae89, &(0x7f00000000c0)={0xdd, 0x0, [{0x400000f2, 0x400, 0xfffffffffffffffc}]}) statmount$auto(0x0, &(0x7f0000000180)={0x3, 0x1, 0x9, 0x7352, 0x41, 0x65f, 0x1ffde, 0x7, 0x3, 0x2, 0xb, 0x3, 0x5, 0x101, 0xb4, 0x9, 0x6, 0x7ff, 0x84, 0x4, 0x0, 0x7, 0x2000, 0x203, 0x0, 0x1, 0x4, 0xfffffff8, 0x0, 0x0, 0xfffffff9, [0x7, 0x0, 0x68, 0x0, 0x100000000, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x2000000000, 0x0, 0x0, 0x0, 0x9d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x1000000000000, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, 0x0, 0x3, 0x800000000000000, 0x5]}, 0x1fe, 0xb) clock_gettime$auto(0x6bde, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) r6 = socket(0x10, 0x2, 0x0) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x24008004) sendmmsg$auto(r6, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xdc5e}, 0x800}, 0x7, 0x4008) 1m7.978636109s ago: executing program 3 (id=350): syz_clone3(&(0x7f0000000480)={0x8203100, 0x0, 0x0, 0x0, {0x1b}, 0x0, 0x0, 0x0, 0x0}, 0x58) clone$auto(0x5, 0x9, &(0x7f0000000000)=0x8ca8, &(0x7f0000000080)=0xfffff570, 0x2) r0 = gettid() madvise$auto(0x5, 0x7ff, 0x0) kexec_load$auto(0x5, 0x2, &(0x7f0000000040)={@buf=0x0, 0x8ab0, 0x6c0000c000, 0xc000}, 0x4) kill$auto(r0, 0x11) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) r1 = socket(0xa, 0x5, 0x84) r2 = getsockopt$auto(r1, 0x84, 0x14, 0x0, 0x0) r3 = syz_genetlink_get_family_id$auto_802_15_4_mac(&(0x7f0000000100), r2) sendmsg$auto_IEEE802154_DEL_IFACE(r1, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x4c, r3, 0x2, 0x70bd27, 0x25dfdbff, {}, [@IEEE802154_ATTR_PHY_NAME={0x8, 0x1f, '@#+}'}, @IEEE802154_ATTR_BCN_ORD={0x5, 0x17, 0x2}, @IEEE802154_ATTR_CHANNEL={0x5, 0x7, 0x9}, @IEEE802154_ATTR_LBT_ENABLED={0x5}, @IEEE802154_ATTR_PHY_NAME={0x5, 0x1f, '!'}, @IEEE802154_ATTR_CAPABILITY={0x5, 0x11, 0x10}, @IEEE802154_ATTR_LLSEC_DEV_KEY_MODE={0x5, 0x37, 0x80}]}, 0x4c}, 0x1, 0x0, 0x0, 0x10}, 0x80) clone$auto(0x0, 0x4, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x9) 1m5.687744389s ago: executing program 3 (id=357): socket(0xa, 0x1, 0x84) setsockopt$auto(0x3, 0x10000000084, 0x7d, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) pipe2$auto(0x0, 0x80) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x2, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0xa, 0x2, 0x0) setsockopt$auto(r0, 0x11, 0xa, 0x0, 0x8) mmap$auto(0x4, 0x4000a, 0x2000000000000e2, 0x19b72, 0x7, 0x200000028000) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_state_fops_(0xffffffffffffff9c, 0x0, 0x10000, 0x0) mmap$auto(0x1ffffffffffffff, 0xfb5, 0x400000000000f388, 0xe8bc, r1, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) r2 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) ioctl$auto(0x3, 0x400454ca, 0x38) read$auto(r2, 0x0, 0x1d) close_range$auto(0x2, 0xa, 0x0) bpf$auto(0x0, &(0x7f0000000280)=@link_update={0xa, @new_map_fd=0x2, 0x7, @old_prog_fd=0x13b}, 0xab) bpf$auto(0x1, 0x0, 0xc) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/tty45\x00', 0x201, 0x0) ioctl$auto_TIOCSTI2(r3, 0x5412, &(0x7f0000000840)="13") connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) 50.153691979s ago: executing program 32 (id=357): socket(0xa, 0x1, 0x84) setsockopt$auto(0x3, 0x10000000084, 0x7d, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) pipe2$auto(0x0, 0x80) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x2, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0xa, 0x2, 0x0) setsockopt$auto(r0, 0x11, 0xa, 0x0, 0x8) mmap$auto(0x4, 0x4000a, 0x2000000000000e2, 0x19b72, 0x7, 0x200000028000) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_state_fops_(0xffffffffffffff9c, 0x0, 0x10000, 0x0) mmap$auto(0x1ffffffffffffff, 0xfb5, 0x400000000000f388, 0xe8bc, r1, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) r2 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) ioctl$auto(0x3, 0x400454ca, 0x38) read$auto(r2, 0x0, 0x1d) close_range$auto(0x2, 0xa, 0x0) bpf$auto(0x0, &(0x7f0000000280)=@link_update={0xa, @new_map_fd=0x2, 0x7, @old_prog_fd=0x13b}, 0xab) bpf$auto(0x1, 0x0, 0xc) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/tty45\x00', 0x201, 0x0) ioctl$auto_TIOCSTI2(r3, 0x5412, &(0x7f0000000840)="13") connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) 11.325906709s ago: executing program 1 (id=529): madvise$auto(0x0, 0xffffffffffff0001, 0x15) r0 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000000), 0x123000, 0x0) ioctl$auto_USB_RAW_IOCTL_EVENT_FETCH(r0, 0x80085502, &(0x7f00000001c0)=ANY=[@ANYBLOB="100000a366622e7b"]) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0x2, 0x1, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002a40), r2) sendmsg$auto_NFSD_CMD_LISTENER_SET(r2, &(0x7f00000050c0)={0x0, 0x5c1e, &(0x7f0000005080)={&(0x7f0000002a80)={0x14, r3, 0x1, 0x70bd25, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x20008050) sendmsg$auto_NFSD_CMD_LISTENER_SET(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r3, @ANYBLOB="010027bd3000fbdbdf2506"], 0x14}, 0x1, 0x0, 0x0, 0xeda47ee5ad433e65}, 0x20000000) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) bind$auto(0xffffffffffffffff, &(0x7f0000000000)=@can, 0x6a) socket(0x2, 0x1, 0x106) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000001080)='/proc/sys/kernel/random/boot_id\x00', 0x0, 0x0) io_uring_setup$auto(0x6, 0x0) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r4, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_generic(0xffffffffffffff9c, &(0x7f00000032c0)='/proc/kmsg\x00', 0x80002, 0x0) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x3, 0x1, 0x9488, 0x9, 0x15f4da07, 0x6, 0x2, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0x2, 0xd8]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x8000000000001fd, 0x20000000007, 0x4, 0x1000000000000bc3, 0x7ff, 0x3, 0xff, 0x10001, 0x400000000003, 0x3, 0x8001, 0xfffffffffffffffe, 0x80000000, 0x335b0eef, 0xffffdfffffffff81, 0x4]}, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) pidfd_open$auto(0x1, 0x0) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/config/target/core/alua/lu_gps/default_lu_gp/lu_gp_id\x00', 0x389883, 0x0) lseek$auto(0x3, 0x2, 0x4) pwrite64$auto(0xc8, &(0x7f0000000540)='\vX5n\x91p\xe6\x1eRN8\x99C\x05\x06\x00J\x99\x00:\x00!\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\x01\x0e\xa4\xdf\xdav\x1cC\x8a\v\x00\x00\x00\x00\x00\x00\x00X\xb9_\xdd*\xd1\x14^\xbe\xa2\x00'/97, 0xd12, 0x4000005) mmap$auto(0x0, 0x2, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) 9.676641355s ago: executing program 1 (id=535): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x80000, 0x0) read$auto(r0, 0x0, 0x20) mmap$auto(0x2, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x4008000) r1 = bpf$auto(0x0, &(0x7f0000000040)=@bpf_attr_0={0x800009, 0xb5, 0x4, 0x48d0, 0xcc, 0xffffffffffffffff, 0x74b, "2af051a940806ec05be276cfc83ce63f", 0x0, r0, 0x5, 0x4, 0xe5, 0x3, r0}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x14fa02, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x0) madvise$auto(0x200000000000000, 0xffffffffffff0001, 0x15) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r4 = open(&(0x7f0000000800)='./file0\x00', 0x6041, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r5 = bpf$auto(0x0, &(0x7f00000001c0)=@test={0xffffffffffffffff, 0xfffe, 0xf7fff0b6, 0xffff, 0x84, 0xac1, 0x2, 0x36242398, 0xfffff5b2, 0x3bb, 0x7, 0xffff, 0x6, 0x81, 0x68194}, 0x6f3) sendmsg$auto_ETHTOOL_MSG_EEE_SET(r1, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="d4000000", @ANYRES16=0x0, @ANYBLOB="100027bd7000fbdbdf2518000000200001800247eea41fac000014000200766574683100000000000000000000000800070063fbffff0500060001000000840002803d00488013b37090badc49d6dc93876646d25a4d297d01cd3b7da38d12889cc50d505f353dc42d0a3c0a14c7b46428910708003600", @ANYRES8=r2, @ANYBLOB="0400b3800000003d003b800400a4800c009a00008000000000000004008680c16ab1b1b39dcaa14b6af7dcc011b43cf706e562811c62b28a702b72e0a87126700201000000000000000180080003"], 0xd4}, 0x1, 0x0, 0x0, 0x20000010}, 0x20008000) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) open(0x0, 0x22040, 0x75) r6 = socket(0x10, 0x2, 0x4) sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f0000000380)=ANY=[@ANYRES64=r4, @ANYBLOB="010027bd5c9f088c184c0d9f42d16c9c638148e53b7bdab3ca5e17f0f76b9f3ea7dba358b3325bedecd0695f77b486ff845eb4b796fbf252c667075f91c416dc6d8f5f1a02590edc72de7d98854e884d"], 0x2c}, 0x1, 0x0, 0x0, 0x4801}, 0x4000000) sendmsg$auto_NL80211_CMD_GET_REG(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYRES64=r0, @ANYBLOB="12"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000400)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x83, 0x0) madvise$auto(0x0, 0x2000040080000004, 0xe) r7 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cec8\x00', 0x0, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000140), r3) sendmsg$auto_NL80211_CMD_NEW_KEY(r2, &(0x7f0000000300)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="14000000", @ANYBLOB="0908121d5ec4276647333d3a8f7cd04af3aae211de1dc32f2cbe6206ce9c69175d", @ANYRESHEX=r5, @ANYRES64=r2], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x4000) ioctl$auto_CEC_DQEVENT(r7, 0xc0506107, 0x0) ioctl$auto_CEC_DQEVENT(r7, 0xc0506107, 0x0) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_mac80211_hwsim(0x0, 0xffffffffffffffff) 8.459568206s ago: executing program 2 (id=538): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) (async, rerun: 64) mmap$auto(0x0, 0x128009, 0xdf, 0xeb1, 0x401, 0x8000) (async, rerun: 64) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="13fd2bbd14c7323c91bb3844000008000300", @ANYRES32=r3], 0x24}, 0x1, 0x0, 0x0, 0x24004080}, 0x20040894) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x82, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x6, 0x0) (async) socket(0x9, 0x1, 0xf) socket(0xa, 0x5, 0x84) (async) mmap$auto(0x0, 0x202000a, 0xffffffff, 0xdc, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x0, 0x7) madvise$auto(0x6, 0xffffffffffff0008, 0x19) madvise$auto(0x0, 0x2003f2, 0x816) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nfc(0x0, 0xffffffffffffffff) (async) mmap$auto(0x6, 0x3, 0x40000000000002, 0x9b72, 0xffffffffffffffff, 0x480) (async) madvise$auto(0x0, 0xffffff7fffff0005, 0x8) (async, rerun: 64) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) (async, rerun: 64) madvise$auto(0x0, 0xffffffffffff0001, 0x15) (async, rerun: 64) madvise$auto(0x0, 0x200007, 0x8) (async, rerun: 64) mmap$auto(0x0, 0x200009, 0x2, 0x48eb1, 0xffffffffffffffff, 0x300000000000) (async) connect$auto(0x3, 0x0, 0x58) capset$auto(&(0x7f0000000040)={0x5, 0xffffffffffffffff}, &(0x7f0000000080)={0x1, 0x4, 0xe}) prctl$auto(0x3e, 0x1, r4, 0x8, 0x0) (async) pipe$auto(&(0x7f0000000080)) flock$auto(r2, 0x2) 7.777856931s ago: executing program 1 (id=541): socket(0x10, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0xf, 0x9, 0x2000, 0x0) (async) r0 = socketpair$auto(0xf, 0x9, 0x2000, 0x0) mmap$auto(0xffffffffffffffff, 0x400004, 0x4, 0x9a72, 0xffffffffffffffff, 0x8000) (async) mmap$auto(0xffffffffffffffff, 0x400004, 0x4, 0x9a72, 0xffffffffffffffff, 0x8000) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0xe7a, 0x34d, 0x10, 0xfffffffffffffffa, 0x1) close_range$auto(0x2, 0x8, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'vcan0\x00'}) (async) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'vcan0\x00'}) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x0, 0x0) ioctl$auto_TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, &(0x7f0000000080)=0x6a) mmap$auto(0x0, 0x20006, 0xdf, 0xeb1, 0x401, 0x8000) (async) mmap$auto(0x0, 0x20006, 0xdf, 0xeb1, 0x401, 0x8000) r1 = socket(0x2, 0x1, 0x106) sendmsg$auto_IEEE802154_LIST_IFACE(r0, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="f4000000", @ANYRES16=0x0, @ANYBLOB="00032bbd7000fbdbdf251f00000084001e0054e0a573fcc9dceaf2545c936b41ff853212fe9d41de842722df659795f393cd5b44324ccc359b44952dfd8bd52688f8d0251cfa10fba89498725b0c3a9e5c309c4c34ddb0921e38a69586d6adb19c2bd88b1549a92388917a9f34ba58804118ef0d840f60331b647b73664c01032f34affe77a3004ff9bdd60dbfe338f84dce05001d00030000002400322fea117836e99ed00c2652da51854b5dd6b1c76cbf4c0e4a6dbb977994c97eea0b08002f00000000000500200006000000050003000500000005002b000500000005002a000700000008002f0005000000"], 0xf4}, 0x1, 0x0, 0x0, 0x40}, 0x4000000) bind$auto(r1, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) (async) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) write$auto(0x3, 0x0, 0xfffffdef) (async) write$auto(0x3, 0x0, 0xfffffdef) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/mac80211_hwsim/hwsim0/ieee80211/phy0/rfkill2/state\x00', 0x181c01, 0x0) (async) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/mac80211_hwsim/hwsim0/ieee80211/phy0/rfkill2/state\x00', 0x181c01, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) io_uring_register$auto(0x2, 0x11, &(0x7f00000002c0), 0x2) (async) io_uring_register$auto(0x2, 0x11, &(0x7f00000002c0), 0x2) write$auto(r2, &(0x7f0000000040), 0x9) timerfd_gettime$auto(r2, &(0x7f0000000000)={{0xe1, 0x413}, {0xffffffffffffffff, 0x6}}) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) 7.091011628s ago: executing program 0 (id=542): r0 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/pcmC0D0c\x00', 0x2800, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_WRITEN_FRAMES2(r0, 0x40184152, 0x0) r1 = open_by_handle_at$auto(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x7}, 0x3) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/fs/cifs/smbd_max_send_size\x00', 0x48041, 0x0) write$auto(r2, 0x0, 0x7) r3 = socket(0x11, 0x3, 0x9) sendmmsg$auto(r3, &(0x7f0000000400)={{&(0x7f0000000000), 0x5a7, &(0x7f0000000180)={&(0x7f0000000300)="661b0cbd4aeb2ca2185e69f26b1b8baf269c6dfcbaed10e8e6", 0x41d33d09}, 0x1, &(0x7f0000000740), 0x5, 0x3}, 0x5}, 0x2, 0x8) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/vhci_hcd.0/detach\x00', 0x101001, 0x0) write$auto(r4, &(0x7f0000000000)='0\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) r5 = openat$auto_ftrace_set_event_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000002640)='/sys/kernel/debug/tracing/set_event_pid\x00', 0x0, 0x0) r6 = openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/tracing/trace_options\x00', 0x0, 0x0) r7 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000280)='/proc/thread-self/fail-nth\x00', 0x2, 0x0) write$auto(r7, &(0x7f0000000100)='7\x00\\\xa0\xe1J\x04|\x03\x7f\x81\xe4\x05\x1c\xc7k', 0x1) openat$auto_xfs_dir_file_operations_xfs_file(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/virtual/bluetooth/hci1/rfkill6\x00', 0x501ae0, 0x0) mount$auto(&(0x7f0000000000)='nicvf0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000240)='\x00', 0x9, 0x0) semctl$auto_SEM_INFO(0xfffffffd, 0x0, 0x13, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x1, 0x2, 0x14) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r3, 0x0, 0x40894) socketpair$auto(0x5, 0x8, 0x1, 0x0) socket(0x10, 0x2, 0xc) ioctl$auto_TUNSETVNETLE2(r1, 0x400454dc, &(0x7f0000000240)=0xff) write$auto(r6, 0x0, 0x6) ioctl$auto_XFS_IOC_PATH_TO_HANDLE(r5, 0xc0385869, &(0x7f0000000200)={r6, &(0x7f0000000080)="bbd68a27c3887bc11520755c9136a886a0cedd432eb8579391f3d736c789c6bc", 0x3, &(0x7f00000000c0)="36123219a9a0f975ec350f7a533e864f0b9a48b6578b8ebbc09443cf4bdf866869439b030fb0e1eb7d7d83904fe6feb9104e85829b769ef8e7f7030dfecbdb46beab3bf81a50e082a8f31095f64bf98d3304a4e5b63d47a98af18cfbffe68dcef9c9947f04dc3c504db310ef4a4ecf635f9cee", 0x4, &(0x7f0000000140)="42cc50bbbfeab1296a7888534abbdc9384051c8fd0a818", &(0x7f00000001c0)=0x8}) read$auto(r5, 0x0, 0x1f42) openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x101001, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) getpeername$auto(r8, 0x0, &(0x7f0000001180)=0x95) bpf$auto(0x0, &(0x7f0000000340)=@bpf_attr_5={@target_ifindex, r5, 0x7, 0x2, r4, @relative_id=0xfff}, 0xe) 6.877802275s ago: executing program 2 (id=543): mmap$auto(0x0, 0x20006, 0xe1, 0x15, 0xffffffffffffffff, 0x7ffe) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'syz_tun\x00'}) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x5, 0x2000000000002) socket$nl_generic(0x10, 0x3, 0x10) write$auto(0xffffffffffffffff, &(0x7f0000000080)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94&\x81\xe2\x13\x8f\xea#\xf8F\xbbOO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\b\xc1\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(', 0xa) unshare$auto(0x40000080) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_proc_page_owner_threshold_(0xffffffffffffff9c, &(0x7f0000000000), 0x109280, 0x0) read$auto(r2, &(0x7f0000000100)='\xcb%)\x00', 0x7) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) r3 = socket(0xa, 0x4, 0x9000300) sendfile$auto(0x1, r3, 0x0, 0x8fb5) fanotify_init$auto(0x1, 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r3, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) socket(0x29, 0xa, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x5) close_range$auto(0x2, 0x8, 0x0) getsockopt$auto_SO_TYPE(0xffffffffffffffff, 0xf, 0x3, &(0x7f0000000140)='$\x00', 0x0) getsockopt$auto(0xffffffffffffffff, 0x0, 0x80, 0x0, 0x0) madvise$auto(0x0, 0x2003f2, 0x15) msgsnd$auto(0x0, &(0x7f0000000080)={0x6, 0x2}, 0xf, 0xc45) 5.573011263s ago: executing program 0 (id=544): r0 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) poll$auto(&(0x7f0000000000)={r0, 0xe7f1, 0x1723}, 0x8, 0x2) r1 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/lru_gen\x00', 0x882, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/crc_t10dif/uevent\x00', 0x282, 0x0) r3 = fcntl$getown(r1, 0x9) prctl$auto(0x8, 0x8, r3, 0x4, 0x3) openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/ieee80211/phy14/statistics/dot11RTSSuccessCount\x00', 0x28000, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_DELETE(r4, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000680)={0x1c, r5, 0x1, 0x70bd27, 0x25dfdbfc, {}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x9}]}, 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x4000040) write$auto(r2, &(0x7f0000000200)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8\xe4\x145\x90e\xd3\xe0);\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3C\x1e\xe1\xdb\x03\x19\xba\xda\x19\xbbW\xc6\x8c\xd54\x0eJ\xcdpq\xedv\x93\x89\r\xb5\xe06:\x85\xc0\x982]dy0x0}) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)={0x20, r4, 0x1, 0x70bd2c, 0x25dfdbfb, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r5}, @NL80211_ATTR_SCAN_SSIDS={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x488c5}, 0x4000000) keyctl$auto(0x5, 0xffffeffffffffffe, 0x107, 0x803, 0x800000000000c) 4.597890419s ago: executing program 1 (id=547): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = socket(0x22, 0x2, 0x0) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000000), r0) mmap$auto(0x0, 0x6, 0x10000000000df, 0xeb2, 0x401, 0x8000) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) pipe2$auto(0x0, 0x80) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) close_range$auto(0x2, 0xffffffffffffffff, 0x2) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x80040, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/overlay/parameters/check_copy_up\x00', 0x129882, 0x0) sendfile$auto(r2, r2, 0x0, 0x8) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(0xffffffffffffffff, 0xc05c6104, 0x0) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x4, 0x300000000000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x201, 0x0) clone$auto(0x2, 0x8000007fd7, 0x0, 0x0, 0x2) mbind$auto(0xf000, 0x8000000000000002, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0x5, 0x7fffffffffffffff, 0x6) keyctl$auto_KEY_SPEC_THREAD_KEYRING(0x3, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff) openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/set_event\x00', 0x400, 0x0) setsockopt$auto_SO_PEEK_OFF(r0, 0x0, 0x2a, 0x0, 0x6) r3 = socket(0x11, 0x71129cbbfe4eb576, 0x2) getsockopt$auto(r3, 0x107, 0xe, 0x0, 0x0) 3.788359362s ago: executing program 4 (id=548): epoll_ctl$auto(0xffffffffffffffff, 0x1, 0x8000000000000000, 0x0) read$auto(0xffffffffffffffff, 0x0, 0x9) listmount$auto(0x0, &(0x7f0000000180)=0xfff, 0x24000000000000, 0xffffffff) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x800, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000004440), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'ip6gre0\x00', 0x0}) sendmsg$auto_OVS_DP_CMD_NEW(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYRES64=r0, @ANYRES16=r2, @ANYRES16=r1, @ANYRES32=r3, @ANYRESOCT=r3, @ANYRES32=0x0, @ANYBLOB="0e5bae561af3cfda85e7b416151ff1d8a66883f371bd11132f9ad35a381121375dd32f87b9ec1a76fee8fcfa6a1cc80e9984d877450cb4be6632b6623b26793abbc40482991f347fe6a9f0cc10988c026e3200ef591410789be48c0bee87218f5b1d3400"/114], 0x40}, 0x1, 0x0, 0x0, 0x10}, 0x2000000) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ram13\x00', 0x1e3a02, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x10, 0x2, 0x0) prctl$auto(0x1000000001c, 0x5, 0x100000000, 0x400000000009, 0x3fffffffff) openat$auto_tracing_saved_tgids_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/saved_tgids\x00', 0x0, 0x0) close_range$auto(0x0, 0x5, 0x0) inotify_init1$auto(0x3000000000000) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x2c, 0x940, 0x7ff, 0x3, 0x6, 0x2, 0x9, 0x5, 0x2, 0x4, 0xb0, 0x7, 0x2, 0x3, 0x5, 0x7, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400]}, 0x1fe, 0x7) socket(0x2c, 0x3, 0x0) socket(0x2c, 0x3, 0x0) socket(0x10, 0x2, 0x4) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) r4 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) r5 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r5, &(0x7f0000000000)="c80d1b5d399b44", 0xfdef) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/timers\x00', 0xc0000, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000180)='/dev/bus/usb/036/001\x00', 0xa901, 0x0) 3.112819087s ago: executing program 4 (id=549): openat$auto_nsim_psample_enable_fops_psample(0xffffffffffffff9c, 0x0, 0x169a02, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/block/ram6/queue/max_hw_sectors_kb\x00', 0x80000, 0x0) read$auto(r0, 0x0, 0x20) (async) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) (async) r1 = fanotify_init$auto(0x3, 0x40000007) (async, rerun: 64) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000140), 0xffffffffffffffff) (rerun: 64) sendmsg$auto_NL80211_CMD_SET_MULTICAST_TO_UNICAST(r1, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="1e000000", @ANYRES16=r2, @ANYBLOB="000427bd7000fcdbdf257900000008000a0180f95866"], 0x1c}, 0x1, 0x0, 0x0, 0x20000880}, 0x0) inotify_init1$auto(0x3000000000000) (async) exit$auto(0x2) (async) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_taskstats(&(0x7f0000000140), r3) (async) r5 = getpgrp(0x0) (async) symlink$auto(&(0x7f0000000000)='.\x00', &(0x7f0000000040)='./file0\x00') (async) openat2$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000100)={0x40001, 0x0, 0x8}, 0x18) sendmsg$auto_TASKSTATS_CMD_GET(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="010a2bbd6400fbcdcaef665ffd955032f776", @ANYRES32=r5, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x4001}, 0x20000000) (async) r6 = gettid() rt_sigqueueinfo$auto(r6, 0xb, &(0x7f00000001c0)={@siginfo_0_0={0x3, 0x401, 0xfffffffb, @_timer={r6, 0xd, @sival_ptr=0x0, 0x62}}}) (async, rerun: 32) openat$auto_usbfs_devices_fops_usb(0xffffffffffffff9c, 0x0, 0x28400, 0x0) (rerun: 32) r7 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_ETHTOOL_MSG_TSINFO_GET(r8, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f00000000c0)={0x30, r7, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@ETHTOOL_A_TSINFO_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_vlan\x00'}]}, @ETHTOOL_A_TSINFO_HWTSTAMP_PROVIDER={0x4}]}, 0x30}, 0x1, 0x0, 0x0, 0x802}, 0x4000000) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), r9) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r10, 0x805, 0x70bd2d, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4004044}, 0x8000) (async) unshare$auto(0x20000) (async) setns(0xffffffffffffffff, 0x20000) (async, rerun: 64) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) (async, rerun: 64) close_range$auto(0x2, 0x8, 0x0) (async) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000300)='/dev/snd/controlC2\x00', 0x8100, 0x0) 2.930056178s ago: executing program 2 (id=550): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x9, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_snd_mixer_oss_f_ops_mixer_oss(0xffffffffffffff9c, &(0x7f0000000200)='/dev/mixer1\x00', 0xc0800, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x115503, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) r1 = socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) r2 = socket(0x10, 0x2, 0xc) sendmsg$auto_TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000003780)={0x0, 0x0, &(0x7f0000003740)={&(0x7f0000000000)=ANY=[@ANYBLOB="b1000000", @ANYRES16, @ANYBLOB="01002dbd7000fddbdf25030000000c0001"], 0x20}, 0x1, 0x0, 0x0, 0x41}, 0x40080) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r2, @ANYRES8=r0], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x4000050) write$auto(r1, &(0x7f0000000000)='-\x00', 0xfdef) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x100340, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x1a9701, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000080), 0x2000, 0x0) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r4, 0xc0285700, 0x0) ioctl$auto_BLKTRACESETUP2(0xffffffffffffffff, 0xc0481273, &(0x7f0000000140)={"57f475c61457e99f769f5235b668e09caf9941b9b26b2fb80cf70643d6ff9594", 0x3ff, 0x23, 0xc130, 0xd5e9, 0x401}) r5 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000140), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000f40)={'batadv0\x00', 0x0}) sendmsg$auto_BATADV_CMD_SET_MESH(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010028bd7000fbdbdf250f00000005002e004000000008000300", @ANYRES32=r7, @ANYBLOB="f6f38bd904bf899b0500330009000000140007006e65747063693000000000000000000005002f0000000000"], 0x50}, 0x1, 0x0, 0x0, 0x4000}, 0x140080e4) r8 = getpid() process_vm_readv$auto(r8, &(0x7f0000000080)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={&(0x7f0000000140), 0x9e}, 0xa, 0x0) ioctl$auto(0x3, 0xc0383e04, r3) r9 = socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) statx$auto(r9, 0x0, 0x1003, 0xf, 0x0) 2.710520328s ago: executing program 2 (id=551): openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000400)='/dev/cuse\x00', 0x1c1041, 0x0) (async) socket(0x2, 0x6, 0x3ff) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) close_range$auto(0x0, 0x5, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/sit0/statistics/tx_compressed\x00', 0x80000, 0x0) (async) openat$auto_iommufd_fops_main(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) r1 = socket(0x2c, 0x2, 0x9) bind$auto(r1, &(0x7f0000000000)=@in={0x2, 0x1, @dev={0xac, 0x14, 0x14, 0x22}}, 0x62) (async) openat$auto_nsim_dev_trap_fa_cookie_fops_dev(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/netdevsim/netdevsim3/trap_flow_action_cookie\x00', 0x2202, 0x0) r2 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dri/card1\x00', 0x0, 0x0) (async) setfsuid$auto(0xee00) (async) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x1cb842, 0x0) (async) r3 = getpid() acct$auto(&(0x7f0000000000)='/dev/dsp\x00') (async) process_vm_readv$auto(r3, &(0x7f0000000000)={0x0, 0x20000001005}, 0x1, &(0x7f0000000040)={&(0x7f0000000080), 0xffffffff}, 0x4, 0x0) process_vm_readv$auto(r3, 0x0, 0x2, 0x0, 0x7ff, 0x9) (async) r4 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) (async) r6 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL802154_CMD_GET_WPAN_PHY(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c0000004d4c503033f579b9282c92d635e537059779780ff6", @ANYRES16=r6, @ANYBLOB="251729bd7000fcdbc725010000000800010009000000"], 0x1c}, 0x1, 0x0, 0x0, 0x1000}, 0x64810) (async) sendmsg$auto_NL802154_CMD_SET_BACKOFF_EXPONENT(r4, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="0870696d370010000000000000000000000000000000000000000000ce5fa890a972a1b14c32490dbf260dc93d2fe5613be9b156b16d0c9bf7b15d657f8210af72a5cb0f90b94fa1c1abd61d0bc82b"], 0x28}}, 0x20000010) close_range$auto(0x2, 0x8, 0x0) setitimer$auto(0x0, &(0x7f0000001a00)={{0x80, 0x9}, {0x6, 0x100}}, 0x0) (async) setitimer$auto_ITIMER_VIRTUAL(0x1, &(0x7f00000000c0)={{0x7ffffffffffff7ff, 0x9234}, {0x4, 0x2c}}, &(0x7f0000000380)={{0x6}, {0x9e9, 0x80}}) (async) r7 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r7, 0xae01, 0x0) (async) sigaltstack$auto(&(0x7f00000000c0)={0x0, 0x0, 0x7fffffff}, 0x0) (async) sigaltstack$auto(0x0, &(0x7f0000000240)={0x0, 0x1, 0x1}) (async) ioctl$auto(0x3, 0xc048aec8, r0) (async) setsockopt$auto(r2, 0x107, 0x9, 0x0, 0x0) 2.44500424s ago: executing program 1 (id=552): mmap$auto(0x0, 0x20009, 0x4, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x2800, 0x0) socket(0x2, 0x5, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000005c0)='/sys/devices/virtual/mac80211_hwsim/hwsim1/ieee80211/phy1/rfkill3/state\x00', 0x102, 0x0) write$auto(r0, &(0x7f0000000040)='0\x00\\9(\xba\xea\x99\xfc|U\x1c\xc7k', 0x81) (async) write$auto(r0, &(0x7f0000000040)='0\x00\\9(\xba\xea\x99\xfc|U\x1c\xc7k', 0x81) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), 0xffffffffffffffff) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) (async) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r2, &(0x7f0000004240)={0x0, 0x0, &(0x7f0000004200)={&(0x7f0000000640)=ANY=[@ANYBLOB="14100000", @ANYRES16=r1, @ANYBLOB="010025bd7000fedbdf2504000000510002009d8d41d34b3b3ec4c1bac793f6b4282ec5e0c37b8394668b85a5ced0516a5011f6e422d251d95a5bfc86a3473d68b51d60888e510ae0e7cc8a838052d43e881842d86445e9ffc8e0911c0cd21c0000000201020002e0a4f049269eec44242ce8950267df3b813f8db9f829b306462cf52c15960c8c52afc0f8192f7d050820f4e11232734973c4e793c4de4217771c844f8a1bd896847b7cf9120633f2cdf5f47beb68745a4146e872a31d50e7ca912613da8570b1b5068b9ed7eb2083d7c79ffb279d720359dbc11c377aae2a35b5207cae2f28c7832e2d85765469de65e187d4998a9692b161b106de174335d9db674ca95e4930a9d095542431881713c17851c30876288d6dc5a05483bab5076fa73e4e548b5f92a9d12742c17c6749f0a8445e409a1f53af8b0b4ee7638eb3915eaa87ea8d2050fea04de8e6aac33509ae94790b9d6992cd219e87e9b7c27f0f53473f0000080017000900000004000e00040010000c000800050000000000000045020300d27207a6cea258fe0b366c0114c0c53df2dd8b3c2b1a12f9ad0543e029b20bb323de4257d7cb9387dd61e7bfef0ead6927acf62181594cba0c415a174376cb4038354f8e6a4d06f5d4058d8117209383a2027e4c9d9b2c9ebd732686b0b719f48b177f8116d1f72746ef6ef99aed20250cae90b370f708c186b314094095cdc0c13c06fed4cc2fc34aa53b2cfacfa51a0f172dba7263cc419719d8648a6ec3dcf2270af09122abce43bc558f7b3c4bdf87f14aebc59e6b8ba8fd798a9c217cd6fade516e5cc73cb3c0d4bd8272861cc748eb9d0b914b8dc349067210c953795df1d581deadadab4304d3de5a0962f3a147ebcb570993ba04e9f4267460bebbc99cb75c3a2d9047487fe3219709d512d90c5b0159b1af8924888eb7bed65249dd7fca41d0262be2f28aca1116fd31aed7baabdc45387cbcdcae7b4e2be31bf7436b8f8b32a3c0e706b335f4615d6f6bf755ce41dce0190dfe0f0483938a37147595d476c8c06183bf639bb53dfdcd3b687ea6ef1506924ef13a4d2361c68fe19b107523ebf5b6df7b64a404fcd3d1bce19a47adb7b3db58cd9b35c6be03c26fa042ad8931144e25e87912c803993f8f408a2250d274bf4f3144972633f55dc320781187dc9c264f716ac040af637789c97f582881172c5c90d7f15dd49533ff6e8a5161c698ff112e18cdc1281838fab8ac4660e070577fd286c64f45a4fa0a37ff8885eaaab81ec652d058b428f11d665087457d8b2b309530668ee5cd1284a75218f86aec7fd028ac7246793ee6a6911c8a2cb43da46efb0852ddbfe170b3b9de000000"], 0x3d0}, 0x1, 0x0, 0x0, 0x40c8}, 0x4048000) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sysfs$auto(0x2, 0xd, 0x0) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r3 = pidfd_open$auto(0x0, 0x0) mmap$auto(0x0, 0x2020008, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x5, 0x0) (async) sysfs$auto(0x2, 0x5, 0x0) r4 = fsopen$auto(0x0, 0x1) fsconfig$auto(r4, 0x8, 0x0, 0x0, 0x0) (async) fsconfig$auto(r4, 0x8, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80802, 0x0) (async) socket(0x2, 0x80802, 0x0) bind$auto(r3, &(0x7f0000000040)=@ax25={0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x9}, 0x68) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x3, 0x20000000) (async) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x3, 0x20000000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) 2.2011325s ago: executing program 0 (id=553): mmap$auto(0x0, 0x3fffff, 0x7, 0x11, 0xdd, 0x0) (async) r0 = open(0x0, 0x22240, 0x154) bpf$auto(0x5, &(0x7f0000000100)=@iter_create={r0, 0x5d62}, 0x103) madvise$auto_MADV_GUARD_INSTALL(0x0, 0x2021000, 0x66) rseq$auto(0x0, 0x8000, 0x0, 0x6) (async) clock_gettime$auto(0x8, 0x0) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) r1 = socket(0x2, 0x1, 0x106) bind$auto(r1, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) (async) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) (async) write$auto(0x3, 0x0, 0x1) (async) write$auto(0x3, 0x0, 0xfffffdef) (async) write$auto(0x1, 0x0, 0x80000000) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) ioctl$auto_TUNGETVNETBE2(r0, 0x800454df, 0x0) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffff7, 0x8000) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) madvise$auto(0x0, 0xffffffffffff0005, 0x17) (async) madvise$auto(0x0, 0xffffffffffff0001, 0x15) (async) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x48140, 0x0) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="240008cd7d90634c10dfecba82695a8316680003b640948e00c85c329ef3ad2b3cb52a0111a651bded5a5a381e3024448a8eeac56a1e7c8feb2b3198d779fcf97c948fdea22491fffdb8453a104bb2cbe715a4ef909b5c5e0dee4e22388e987b610ab02d6f030408efbf0cbec6d34b93fb3faf905df71501e1e2d365f8aa4411269cf9641acb53c08ad056d1b4ca0340af6b4cc1", @ANYRES16=0x0, @ANYBLOB="0f0026bd7000fcdbdf9907"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df45"], 0x1ac}}, 0x0) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB='V'], 0x1ac}}, 0x40000) r2 = socket(0x10, 0x800, 0x0) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0xfffffffc, &(0x7f0000000100)={0x0, 0xfbe}, 0x8, 0x0, 0x8, 0x1}, 0x3}, 0xc, 0x4008) (async) mmap$auto(0x0, 0x28009, 0x4000000000df, 0xeb2, 0x401, 0x8000) (async) sendfile$auto(0x1, 0x3, 0x0, 0xa) (async) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) (async) close_range$auto(0x2, 0x8, 0x0) 2.057771559s ago: executing program 4 (id=554): syz_genetlink_get_family_id$auto_netdev(&(0x7f0000001700), 0xffffffffffffffff) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x5, 0x2, 0x4, 0xa197, 0xffffffffffffffff, 0x7ffc) futex$auto(&(0x7f0000000080)=0x1, 0xb, 0x1, 0x0, 0x0, 0xfffffffa) mmap$auto(0xfffffffffffffff9, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x2) landlock_create_ruleset$auto(&(0x7f0000000000)={0x30, 0x8000000000001, 0x2}, 0xb, 0x0) mmap$auto(0x1, 0x8008020009, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x68b82, 0x0) ioctl$auto_KVM_GET_MSR_FEATURE_INDEX_LIST(r0, 0xc004ae0a, &(0x7f0000001480)={0x3, [0x5c20f0b6, 0x5, 0x1, 0x6, 0x69f7]}) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'ip6gre0\x00'}) mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x2, 0x8000) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x8f00, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) mmap$auto(0x0, 0x400008, 0x5f, 0x9b74, 0x2, 0x8000) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x300c00, 0x0) mlock$auto(0xfffffffffffffffd, 0x500) ioctl$auto_TIOCGDEV2(r3, 0x80045432, 0x0) mmap$auto(0x200000, 0x40000a, 0xdb, 0x9b72, r2, 0x8000) r4 = socket(0xa, 0x3, 0x3b) connect$auto(r4, &(0x7f00000000c0)=@tipc=@nameseq={0x1e, 0x1, 0x3, {0x43, 0x3, 0x1}}, 0x54) r5 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(r5, 0x0, 0x780f, 0x7000000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) migrate_pages$auto(0x0, 0x8, &(0x7f0000000100)=0x5, &(0x7f0000000140)=0x2) 1.665229977s ago: executing program 1 (id=555): prctl$auto(0x0, 0x1, 0x0, 0x8001, 0x6) close_range$auto(0x2, 0xa, 0x0) r0 = socket(0x2, 0x1, 0x106) setsockopt$auto(r0, 0x6, 0xd, 0x0, 0x4) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/sequencer2\x00', 0x8000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/platform/vhci_hcd.0/usbip_debug\x00', 0x24c002, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram7\x00', 0x1411c3, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/hugetlb.1GB.max_usage_in_bytes\x00', 0x82002, 0x0) write$auto_ocfs2_control_fops_stack_user(r2, &(0x7f0000003900)="fb", 0x1) socket(0xa, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nbd5\x00', 0x26000, 0x0) wait4$auto(0xffffffffffffffff, &(0x7f00000001c0)=0x2, 0x0, &(0x7f0000000280)={{0xffffffffffffffff, 0xfff}, {0x5, 0x2}, 0x1, 0x6, 0x80000000, 0x100000000, 0x1, 0x3, 0x9c, 0x7, 0x2, 0x1, 0x10000, 0x5, 0x8, 0x1f0}) ioctl$auto_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000340)={"ef01ce1100cf81ffffff118800ec00090002000000000000000000000300", 0xffff, 0x400, 0xfff, 0x40000000400004, 0x10000002}) ioctl$auto_BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = openat$auto_transaction_log_fops_(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transaction_log\x00', 0x121002, 0x0) read$auto_transaction_log_fops_(r4, &(0x7f0000000100)=""/3, 0x3) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) mmap$auto(0x0, 0x5, 0x3, 0x19, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x23, 0x0) r5 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r5, 0x0, 0x4) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008012, r1, 0x8000) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) sendmsg$auto_NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x0) unshare$auto(0x40000080) unshare$auto(0x40000080) close_range$auto(0x2, 0xa, 0x0) getcwd$auto(&(0x7f0000000080)='}F/]%)*@\x00', 0xff) 1.240839884s ago: executing program 2 (id=556): r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = openat$auto_ftrace_set_event_notrace_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/set_event_notrace_pid\x00', 0x582, 0x0) write$auto_console_fops_tty_io(r1, &(0x7f0000001240)='4', 0x1) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x989, 0x7000000) close_range$auto(0x2, 0x8, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) pwrite64$auto(r0, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88\xa8s\x1c\b\x06\x8a>)\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000003c0)='/sys/bus/usb/drivers/usbtest/remove_id\x00', 0x181102, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) r4 = ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r3) r5 = ioctl$auto_KVM_CREATE_VM(r2, 0xae80, 0x0) r6 = wait4$auto(0xffffffffffffffff, &(0x7f0000000080), 0xf9, &(0x7f0000000180)={{0xd59, 0x296c53fa}, {0x9, 0x7fffffffffffffff}, 0x6, 0x3, 0x6, 0xe5d, 0x4, 0x6, 0x86, 0x6, 0x1000000000004, 0x4a97a314, 0x7, 0x3, 0x400000000ffff, 0xe}) process_vm_writev$auto(r6, &(0x7f0000000100)={&(0x7f0000000240)="b17d1f0bb19f84ad5c1dc19d1e16122d88eae8b2f908a86dc57961b4554fd1ab1d7e1eb7b993b60ae26bda4db3df2cf58673f56e9667ccbb40f58fa43533eb2590040c01c9362be4b522dccf1973bbf968e0fc8534dccc429a4491267f40a20d3f359024e533f48e144471214e415f3d0022432448a8b5c21305d555cacbd9b0f1cc12a161551c1df84480634fcb1984800ee4a6bbdb01ac898701cc5830dca8693a90da3697b2afd02cdbb45691bd34ca24977e29f409d698a29d93108096062f851daf20cd59d5f8087bd879eaa131759dc00d68f081a8c0dd1e002d1ad7ef834d1f4fdf570ad4a84ca6f79894e1", 0x5}, 0x9, &(0x7f00000006c0)={&(0x7f0000000400)="fbcf08000000cdffb736da70acf87e02020972b801afe309c7eabe7ff1aeb40109ee30b7c470b2b00a934ea7ad6b523d3d625ed9c79c25da32c4f33ec3e40c2c0123c7b7517add7c6995a509f455c13b7dada0a7194c52ca8cf7db8b34659bf25c981b655a6030adc9462b0200000023e2c0c7cf3f67", 0x3e5d}, 0x20000000000, 0x8) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000140), r4) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) clock_nanosleep$auto(0x8, 0x0, &(0x7f00000000c0)={0x3, 0x2}, 0x0) adjtimex$auto(&(0x7f0000000480)={0x101, 0x0, 0x1, 0xe02b, 0x7, 0x7f, 0x860, 0x0, 0x4, 0x45079941, 0x8, {0x47a8, 0x8}, 0x4, 0x3, 0x9, 0x9000000, 0x0, 0x8, 0x46fa, 0xffffffffffffffff, 0xb4, 0x800, 0xf9}) sendmmsg$auto(r5, 0x0, 0x5, 0x6d8cc1ce) 984.818287ms ago: executing program 4 (id=557): close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/input/event1\x00', 0x8200, 0x0) socket(0x10, 0x2, 0x4) mmap$auto(0x0, 0x2000d, 0x4000000200df, 0xeb1, 0x404, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="01eb"], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) bpf$auto(0x8, &(0x7f00000001c0)=@bpf_attr_1={r1, 0x2, @value=0x3, 0x1f}, 0x6f0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000180), 0x109802, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) r5 = ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$auto_KVM_GET_MSRS(r5, 0x4068aea3, &(0x7f0000000040)={0x80}) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000280)='/proc/thread-self/net/pppoe\x00', 0x4000, 0x0) close_range$auto(r0, r5, 0x0) r6 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r3) ioctl$auto_KVM_GET_MSRS(r2, 0xc008ae88, &(0x7f0000000040)={0x5, 0x0, [{0x40000080, 0x7, 0x1000}]}) 897.935519ms ago: executing program 0 (id=558): mmap$auto(0x27e, 0x4020007, 0xdb, 0xeb1, 0x401, 0x8002) r0 = socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x262300, 0x0) r2 = ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xc040aed4, r1) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) mmap$auto(0xfffffffffffffffc, 0x7ff, 0x20000000fb, 0xeb0, r0, 0x8000) io_uring_setup$auto(0x7, 0x0) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) preadv$auto(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040), 0x82}, 0x8, 0xe637, 0x6) ioctl$auto_TIOCSETD2(r3, 0x5423, 0x0) r4 = io_uring_setup$auto(0x1, 0x0) r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyS2\x00', 0x101f81, 0x0) ioctl$auto_TIOCSETD2(r5, 0x5423, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x28e283, 0x0) socket(0x23, 0x5, 0x0) mmap$auto(0xfffffffffffffffc, 0x202000b, 0x6, 0xeb1, r0, 0x8) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x480501, 0x0) read$auto(r2, 0x0, 0x200000000008007) r6 = socket(0x2, 0x3, 0x100) writev$auto(r4, &(0x7f0000000200)={0x0, 0x5}, 0x3) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x50da40, 0x0) syz_open_procfs$namespace(0x0, 0x0) syz_genetlink_get_family_id$auto_thermal(&(0x7f0000000100), r6) sendmsg$auto_THERMAL_GENL_CMD_THRESHOLD_FLUSH(r6, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x8005) openat$auto_loop_ctl_fops_loop(0xffffffffffffff9c, &(0x7f0000000040), 0x440, 0x0) lseek$auto(r1, 0xfffffffffffffffe, 0x200) ioctl$auto_LOOP_CTL_ADD(r0, 0x4c80, 0x0) openat$auto_ptdump_fops_(0xffffffffffffff9c, &(0x7f0000000140), 0x100, 0x0) openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f00000004c0), 0x2202, 0x0) 631.009644ms ago: executing program 4 (id=559): getsockopt$auto_SO_PROTOCOL(0xffffffffffffffff, 0xb29, 0x26, &(0x7f0000000100)='[(][+/:$!.\x00', 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/sctp/udp_port\x00', 0x2902, 0x0) sendfile$auto(r0, r0, 0x0, 0x7fffe000) writev$auto(0x8000, &(0x7f0000000040)={0x0, 0x1000000000004}, 0x2bc) r1 = io_uring_setup$auto(0x6, 0x0) poll$auto(&(0x7f0000000040)={0x3, 0x1, 0xa}, 0x5, 0x108) mmap$auto(0x0, 0x400008, 0xe2, 0x9b72, 0xffffffffffffffff, 0x8000) r2 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000002c0), r1) sendmsg$auto_NL802154_CMD_GET_SEC_KEY(r1, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@NL802154_ATTR_CHANNEL={0x5, 0x8, 0xc1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0011) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) kexec_load$auto(0x100000000000000, 0x0, 0x0, 0xffffffff) close_range$auto(0x2, r1, 0x0) r3 = open(&(0x7f0000000100)='.\x00', 0x0, 0x408) getdents$auto(r3, 0x0, 0x5f) r4 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000140), r3) sendmsg$auto_NL802154_CMD_NEW_SEC_DEVKEY(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x2c, r4, 0x20, 0x70bd27, 0x25dfdbfb, {}, [@NL802154_ATTR_SCAN_DURATION={0x5, 0x24, 0x6}, @NL802154_ATTR_SCAN_DURATION={0x5, 0x24, 0x9f}, @NL802154_ATTR_SEC_FRAME_COUNTER={0x8, 0x2c, 0xed24}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x1) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000e40)='/sys/devices/pci0000:00/0000:00:01.3/config\x00', 0x2, 0x0) mknod$auto(&(0x7f0000000100)='./file0\x00', 0x1001, 0x4) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0xa3) open$dir(&(0x7f00000001c0)='./file0\x00', 0x40a01, 0x14) read$auto_kernfs_file_fops_kernfs_internal(r5, &(0x7f00000003c0)=""/231, 0xe7) sendfile$auto(r5, r5, &(0x7f00000000c0)=0x1, 0xc9) fcntl$auto(0x8000000000000001, 0x25, 0x8) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x14f602, 0x0) r6 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/input/event1\x00', 0x2080, 0x0) ioctl$auto_EVIOCSCLOCKID(r6, 0x400445a0, &(0x7f0000000000)=0x1) mmap$auto(0x7, 0x3, 0x5, 0x2ff, r1, 0x8000) madvise$auto(0x0, 0x400053, 0x9) 464.016694ms ago: executing program 0 (id=560): openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000100), 0x101000, 0x0) (async) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000100), 0x101000, 0x0) ioctl$auto_KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f00000005c0)={0x2, 0x0, [{0x490, 0x400, 0x9}]}) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) (async) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SETTRIGGER(r1, 0x40045010, &(0x7f0000000080)) fcntl$auto_F_DUPFD_QUERY(r0, 0x403, r1) mmap$auto(0x0, 0x128009, 0xdf, 0xeb1, 0x401, 0x8000) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) (async) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) (async) r7 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) (async) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r7, &(0x7f0000000280)={0x0, 0x80000000}, 0x6, 0x3, 0x4, 0x2e) write$auto(0xca, 0x0, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x40008000) r8 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r8, 0x107, 0x12, 0x0, 0x4) sendmsg$auto_OVS_FLOW_CMD_GET(0xffffffffffffffff, 0x0, 0x800) (async) sendmsg$auto_OVS_FLOW_CMD_GET(0xffffffffffffffff, 0x0, 0x800) getdents$auto(0xffffffffffffffff, 0x0, 0x400018) (async) getdents$auto(0xffffffffffffffff, 0x0, 0x400018) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) (async) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) r9 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r9) ioctl$auto_KVM_GET_DEVICE_ATTR(r0, 0x4018aee2, &(0x7f0000001680)={0x401, 0x0, 0x100000001, 0x7}) (async) ioctl$auto_KVM_GET_DEVICE_ATTR(r0, 0x4018aee2, &(0x7f0000001680)={0x401, 0x0, 0x100000001, 0x7}) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r9, 0x0, 0x4000000) sendmsg$auto_NL80211_CMD_SET_WIPHY(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002dbd7000fddbdf250800030008000300", @ANYRES32=r6], 0x24}, 0x1, 0x0, 0x0, 0x5c5fd097d751f33e}, 0x80) (async) sendmsg$auto_NL80211_CMD_SET_WIPHY(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002dbd7000fddbdf250800030008000300", @ANYRES32=r6], 0x24}, 0x1, 0x0, 0x0, 0x5c5fd097d751f33e}, 0x80) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="13fd2bbd14c7323c91bb1844000008000300", @ANYRES32=r10], 0x24}, 0x1, 0x0, 0x0, 0x24004080}, 0x20040894) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x82, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x6, 0x0) read$auto(0x3, 0x0, 0x80) 273.766793ms ago: executing program 2 (id=561): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x13, 0x3, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0x1, 0x2) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) r0 = socket(0x23, 0x80805, 0x0) getsockopt$auto(r0, 0x40000000113, 0x1, 0xfffffffffffffffc, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) (async) mmap$auto(0x0, 0x810004, 0xffb, 0x13, 0x3, 0x0) (async) madvise$auto(0x0, 0xffffffffffff0001, 0x15) (async) madvise$auto(0x0, 0x1, 0x2) (async) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) (async) socket(0x23, 0x80805, 0x0) (async) getsockopt$auto(r0, 0x40000000113, 0x1, 0xfffffffffffffffc, 0x0) (async) 0s ago: executing program 4 (id=562): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) (async) r0 = io_uring_setup$auto(0x5, 0x0) close_range$auto(0x2, r0, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2b, 0x1, 0x0) (async) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) (async) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x69) (async) listen$auto(0x3, 0x81) r1 = socket(0x2, 0x1, 0x0) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x6, 0x0, 0x7, 0x1}, 0x3}, 0x4, 0x20000000) shmctl$auto_SHM_STAT_ANY(0xc054, 0xf, &(0x7f0000000280)={{0xbc, 0xffffffffffffffff, 0xee01, 0xc, 0x5, 0x100, 0x101}, 0xd082, 0xdbd, 0x9, 0xf000000000000000, @raw=0x4, @inferred=0xffffffffffffffff, 0x8001, 0x0, &(0x7f0000000000)="cfecd2796e0f840e410a51b7ddb27adb485273c5ef164dbb5d8e1e4104f782fdd24a9846547e35b6540fda", &(0x7f0000000180)="a7b8bd501e3717ed442db36f9478575e097463b13513b2f75a3625b33cd868c15837167dfe46cfac935a0c6d0162b36b05b41e13365f6444516b05196c9592f10f2ef122d5d1030ef6f0a7af93008adb4b5d1ccca1d14f31716519657b6f445c77efdfde1f01b4830495b569a378dfa075b08d214dcd96cebf61ce6d8006a7cdc6a1105167c3f2626fcf6e1f51f8453c5f762eae377e9c16fbdfc969bf373e80b1c7b9e67481856fc4926d4686d8cf4847ac92f611ad7bbe11400418d2d513a2ecdadc495e35c553d916f7157627ed1c54574fa11a199bd20874ed29caee36323bbb7a393cf6a9d8291cfa917f2f01316430363e0942"}) r2 = setfsuid$auto(0xee00) (async) r3 = setfsuid$auto(0xee01) setresuid$auto(r2, r3, r3) (async) r4 = setfsuid$auto(r3) shmctl$auto_IPC_RMID(0x0, 0x0, &(0x7f0000002900)={{0x3, r4, 0xee00, 0x9, 0x17, 0x6, 0x1}, 0x6, 0x6, 0x7, 0x2, @raw=0xfffffff8, @raw=0x5, 0x80, 0x0, 0x0, &(0x7f0000001300)="98184e760a0f452eb11ea06b99ff21207e3b8c3b220008000000265728b83289334ad0fe741aa5ca55a08562caac2a4250362d60e4fa7c638f6df5ce567f74be13b83c270559872a67c6a2b22bf7734c63c04d9ee81bc615e00b15ccc53a5b6ed9157d272249f257871870a4dd4b9b2c4f3cd50dc4213674015e96a424cd97bb46607a111c53e42e0b11a63d21ed05b26a0c19389a37520abe6b3ea601753db3866ffa329e14793aeb877cee6c02bf202c8b3ae953ade534583c3a8766489b1088b78c7275f016e2893b9872f9838ee0b85800c987876a1cb931ca45ee63f378368534d2c6e3883bdbfff6cba018b5bafe2640c29ce38d47ef38de0aab4ca7e024bc3e080bcfe372dc5f8c271a74140ab51245cc9e47dc"}) ioprio_set$auto(0x0, r4, 0x1) (async) poll$auto(&(0x7f0000000d40)={0x3, 0x1, 0xa}, 0x5, 0x400) (async) close_range$auto(0x2, 0x8, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.169' (ED25519) to the list of known hosts. [ 77.947921][ T5615] cgroup: Unknown subsys name 'net' [ 78.068717][ T5615] cgroup: Unknown subsys name 'cpuset' [ 78.077383][ T5615] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 79.582589][ T5615] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 81.520066][ T5645] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 81.529987][ T5645] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 81.547509][ T5647] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 81.556406][ T5644] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 81.561841][ T5649] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 81.564377][ T5644] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 81.581488][ T5644] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 81.582522][ T5647] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 81.588668][ T5644] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 81.597519][ T5647] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 81.602914][ T5651] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 81.611590][ T5647] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 81.619295][ T5651] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 81.625109][ T5644] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 81.640743][ T5651] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 81.641061][ T5644] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 81.657524][ T5647] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 81.658136][ T5651] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 81.666564][ T5644] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 81.680530][ T5644] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 83.366106][ T5633] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.373780][ T5633] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.381366][ T5633] bridge_slave_0: entered allmulticast mode [ 83.388512][ T5633] bridge_slave_0: entered promiscuous mode [ 83.423326][ T5633] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.430554][ T5633] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.437965][ T5633] bridge_slave_1: entered allmulticast mode [ 83.445270][ T5633] bridge_slave_1: entered promiscuous mode [ 83.463351][ T5632] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.470539][ T5632] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.477756][ T5632] bridge_slave_0: entered allmulticast mode [ 83.484823][ T5632] bridge_slave_0: entered promiscuous mode [ 83.516273][ T5632] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.523475][ T5632] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.531069][ T5632] bridge_slave_1: entered allmulticast mode [ 83.538866][ T5632] bridge_slave_1: entered promiscuous mode [ 83.570298][ T5634] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.577555][ T5634] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.584839][ T5634] bridge_slave_0: entered allmulticast mode [ 83.591839][ T5634] bridge_slave_0: entered promiscuous mode [ 83.611539][ T5633] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.624395][ T5633] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.643777][ T5634] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.651033][ T5634] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.658767][ T5634] bridge_slave_1: entered allmulticast mode [ 83.666236][ T5634] bridge_slave_1: entered promiscuous mode [ 83.713841][ T5632] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.725567][ T5651] Bluetooth: hci2: command tx timeout [ 83.725567][ T5635] Bluetooth: hci0: command tx timeout [ 83.725823][ T5635] Bluetooth: hci3: command tx timeout [ 83.731721][ T5644] Bluetooth: hci1: command tx timeout [ 83.752452][ T5633] team0: Port device team_slave_0 added [ 83.758263][ T5631] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.765551][ T5631] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.772686][ T5631] bridge_slave_0: entered allmulticast mode [ 83.780046][ T5631] bridge_slave_0: entered promiscuous mode [ 83.799375][ T5632] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.810216][ T5633] team0: Port device team_slave_1 added [ 83.816673][ T5631] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.823921][ T5631] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.831411][ T5631] bridge_slave_1: entered allmulticast mode [ 83.838496][ T5631] bridge_slave_1: entered promiscuous mode [ 83.847799][ T5634] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.886574][ T5634] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.947782][ T5632] team0: Port device team_slave_0 added [ 83.954406][ T5633] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.961535][ T5633] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 83.987985][ T5633] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.002258][ T5631] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 84.013906][ T5634] team0: Port device team_slave_0 added [ 84.021966][ T5632] team0: Port device team_slave_1 added [ 84.033214][ T5633] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.040287][ T5633] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.066547][ T5633] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 84.079499][ T5631] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.090464][ T5634] team0: Port device team_slave_1 added [ 84.142061][ T5632] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.149327][ T5632] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.175346][ T5632] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.220831][ T5632] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.227912][ T5632] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.253934][ T5632] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 84.275966][ T5631] team0: Port device team_slave_0 added [ 84.282337][ T5634] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.290360][ T5634] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.316318][ T5634] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.343986][ T5633] hsr_slave_0: entered promiscuous mode [ 84.350557][ T5633] hsr_slave_1: entered promiscuous mode [ 84.358980][ T5631] team0: Port device team_slave_1 added [ 84.365337][ T5634] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.372304][ T5634] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.398253][ T5634] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 84.483305][ T5632] hsr_slave_0: entered promiscuous mode [ 84.489557][ T5632] hsr_slave_1: entered promiscuous mode [ 84.496011][ T5632] debugfs: 'hsr0' already exists in 'hsr' [ 84.501890][ T5632] Cannot create hsr debugfs directory [ 84.519205][ T5631] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.526248][ T5631] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.552211][ T5631] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.585539][ T5634] hsr_slave_0: entered promiscuous mode [ 84.591735][ T5634] hsr_slave_1: entered promiscuous mode [ 84.597917][ T5634] debugfs: 'hsr0' already exists in 'hsr' [ 84.603646][ T5634] Cannot create hsr debugfs directory [ 84.610018][ T5631] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.617210][ T5631] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.643382][ T5631] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 84.774970][ T5631] hsr_slave_0: entered promiscuous mode [ 84.781203][ T5631] hsr_slave_1: entered promiscuous mode [ 84.787447][ T5631] debugfs: 'hsr0' already exists in 'hsr' [ 84.793175][ T5631] Cannot create hsr debugfs directory [ 85.154563][ T5633] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 85.168615][ T5633] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 85.177185][ T5633] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 85.189047][ T5633] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 85.197163][ T5633] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 85.208483][ T5633] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 85.223821][ T5633] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 85.234093][ T5633] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 85.291733][ T5632] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 85.301836][ T5632] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 85.313321][ T5632] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 85.322687][ T5632] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 85.336274][ T5632] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 85.346321][ T5632] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 85.354501][ T5632] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 85.365513][ T5632] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 85.436166][ T5634] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 85.451642][ T5634] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 85.466276][ T5634] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 85.478083][ T5634] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 85.508343][ T5634] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 85.517937][ T5634] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 85.527071][ T5634] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 85.537472][ T5634] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 85.630276][ T5631] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 85.640555][ T5631] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 85.654008][ T5631] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 85.663913][ T5631] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 85.673147][ T5631] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 85.683018][ T5631] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 85.698339][ T5631] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 85.707745][ T5631] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 85.770809][ T5633] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.802683][ T5632] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.804799][ T5651] Bluetooth: hci2: command tx timeout [ 85.810962][ T5635] Bluetooth: hci3: command tx timeout [ 85.815239][ T5651] Bluetooth: hci0: command tx timeout [ 85.827480][ T5644] Bluetooth: hci1: command tx timeout [ 85.832260][ T5633] 8021q: adding VLAN 0 to HW filter on device team0 [ 85.874449][ T56] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.881886][ T56] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.914090][ T1125] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.921232][ T1125] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.933299][ T5632] 8021q: adding VLAN 0 to HW filter on device team0 [ 85.968676][ T56] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.975809][ T56] bridge0: port 1(bridge_slave_0) entered forwarding state [ 86.002683][ T56] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.009882][ T56] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.023687][ T5634] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.072210][ T5634] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.111260][ T56] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.118460][ T56] bridge0: port 1(bridge_slave_0) entered forwarding state [ 86.149060][ T56] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.156267][ T56] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.217420][ T5631] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.336924][ T5631] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.377989][ T1103] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.385211][ T1103] bridge0: port 1(bridge_slave_0) entered forwarding state [ 86.439432][ T56] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.446640][ T56] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.781669][ T9] cfg80211: failed to load regulatory.db [ 86.994422][ T5633] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 87.143283][ T5633] veth0_vlan: entered promiscuous mode [ 87.202423][ T5633] veth1_vlan: entered promiscuous mode [ 87.279805][ T5633] veth0_macvtap: entered promiscuous mode [ 87.316003][ T5633] veth1_macvtap: entered promiscuous mode [ 87.386959][ T5632] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 87.414258][ T5633] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 87.446917][ T5634] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 87.457946][ T5633] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 87.502938][ T1162] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.513188][ T1162] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.538728][ T1162] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.548136][ T1162] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.572981][ T5631] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 87.702247][ T1131] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.708237][ T5632] veth0_vlan: entered promiscuous mode [ 87.713054][ T1131] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.769993][ T5631] veth0_vlan: entered promiscuous mode [ 87.786988][ T5632] veth1_vlan: entered promiscuous mode [ 87.793653][ T5634] veth0_vlan: entered promiscuous mode [ 87.810324][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.821483][ T5631] veth1_vlan: entered promiscuous mode [ 87.828058][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.838905][ T5634] veth1_vlan: entered promiscuous mode [ 87.867329][ T5632] veth0_macvtap: entered promiscuous mode [ 87.886467][ T5651] Bluetooth: hci3: command tx timeout [ 87.886527][ T5644] Bluetooth: hci2: command tx timeout [ 87.892004][ T5635] Bluetooth: hci0: command tx timeout [ 87.897523][ T5647] Bluetooth: hci1: command tx timeout [ 87.928691][ T5632] veth1_macvtap: entered promiscuous mode [ 87.971465][ T5633] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 88.001238][ T5632] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 88.022891][ T5631] veth0_macvtap: entered promiscuous mode [ 88.035914][ T5634] veth0_macvtap: entered promiscuous mode [ 88.050536][ T5632] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.081345][ T5634] veth1_macvtap: entered promiscuous mode [ 88.102735][ T5631] veth1_macvtap: entered promiscuous mode [ 88.140906][ T1103] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.163538][ T1103] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.173629][ T1103] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.201807][ T1103] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.229236][ T5634] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 88.238551][ T5631] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 88.283567][ T5634] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.319943][ T5631] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.379765][ T47] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.401608][ T47] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.412564][ T47] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.445465][ T47] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.475993][ T47] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.497545][ T47] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.520687][ T47] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.522012][ T1131] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.535661][ T47] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.565084][ T1131] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.729496][ T1131] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.749166][ T1131] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.818319][ T1131] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.837310][ T1131] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.854291][ T1103] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.872782][ T1103] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.078816][ T1103] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.098408][ T1103] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.146546][ T47] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.161579][ T47] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.343447][ T5798] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1'. [ 89.352935][ T5798] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 89.392904][ T5798] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 89.668592][ T5644] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 89.951164][ T5817] i2c i2c-0: new_device: Invalid device name [ 89.964864][ T5647] Bluetooth: hci3: command tx timeout [ 89.970773][ T5647] Bluetooth: hci0: command tx timeout [ 89.975899][ T5651] Bluetooth: hci2: command tx timeout [ 89.976284][ T5647] Bluetooth: hci1: command tx timeout [ 89.983597][ T29] audit: type=1800 audit(1779729422.994:2): pid=5815 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.7" name="file0" dev="tmpfs" ino=28 res=0 errno=0 [ 90.094194][ T5820] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3'. [ 90.106598][ T5820] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 90.236137][ T5817] netlink: 338 bytes leftover after parsing attributes in process `syz.1.8'. [ 90.348807][ T5815] FAULT_INJECTION: forcing a failure. [ 90.348807][ T5815] name failslab, interval 1, probability 0, space 0, times 1 [ 90.380263][ T5815] CPU: 0 UID: 0 PID: 5815 Comm: syz.3.7 Not tainted syzkaller #0 PREEMPT(full) [ 90.380306][ T5815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 90.380325][ T5815] Call Trace: [ 90.380334][ T5815] [ 90.380345][ T5815] dump_stack_lvl+0x100/0x190 [ 90.380389][ T5815] should_fail_ex.cold+0x5/0xa [ 90.380426][ T5815] ? asymmetric_key_hex_to_key_id+0x88/0x120 [ 90.380456][ T5815] should_failslab+0xc2/0x120 [ 90.380491][ T5815] __kmalloc_noprof+0xe0/0x850 [ 90.380528][ T5815] asymmetric_key_hex_to_key_id+0x88/0x120 [ 90.380559][ T5815] ? __pfx_asymmetric_key_cmp+0x10/0x10 [ 90.380593][ T5815] asymmetric_key_match_preparse+0x22d/0x400 [ 90.380624][ T5815] ? __pfx_asymmetric_key_match_preparse+0x10/0x10 [ 90.380656][ T5815] keyring_search+0x15b/0x3d0 [ 90.380702][ T5815] ? __pfx_keyring_search+0x10/0x10 [ 90.380748][ T5815] ? __pfx_key_default_cmp+0x10/0x10 [ 90.380795][ T5815] ? __kmalloc_noprof+0x320/0x850 [ 90.380823][ T5815] ? bin2hex+0x14a/0x1b0 [ 90.380862][ T5815] find_asymmetric_key+0x198/0x610 [ 90.380909][ T5815] pkcs7_validate_trust+0x1f0/0x7f0 [ 90.380954][ T5815] verify_pkcs7_message_sig+0x12c/0x230 [ 90.380989][ T5815] ? __pfx_verify_pkcs7_message_sig+0x10/0x10 [ 90.381022][ T5815] ? pkcs7_parse_message+0x5b1/0x870 [ 90.381057][ T5815] ? kfree+0x223/0x6c0 [ 90.381103][ T5815] ? pkcs7_parse_message+0x5b6/0x870 [ 90.381144][ T5815] verify_pkcs7_signature+0x6d/0xa0 [ 90.381181][ T5815] valid_regdb+0x211/0x590 [ 90.381223][ T5815] ? __pfx_valid_regdb+0x10/0x10 [ 90.381270][ T5815] reg_reload_regdb+0x11a/0x460 [ 90.381312][ T5815] ? __pfx_reg_reload_regdb+0x10/0x10 [ 90.381354][ T5815] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 90.381385][ T5815] ? nl80211_pre_doit+0x19a/0xae0 [ 90.381421][ T5815] genl_family_rcv_msg_doit+0x214/0x300 [ 90.381457][ T5815] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 90.381488][ T5815] ? genl_get_cmd+0x3e7/0x760 [ 90.381526][ T5815] ? bpf_lsm_capable+0x9/0x10 [ 90.381558][ T5815] ? security_capable+0x80/0x260 [ 90.381618][ T5815] genl_rcv_msg+0x560/0x800 [ 90.381654][ T5815] ? __pfx_genl_rcv_msg+0x10/0x10 [ 90.381689][ T5815] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 90.381719][ T5815] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 90.381758][ T5815] ? __pfx_nl80211_post_doit+0x10/0x10 [ 90.381804][ T5815] netlink_rcv_skb+0x159/0x420 [ 90.381849][ T5815] ? __pfx_genl_rcv_msg+0x10/0x10 [ 90.381882][ T5815] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 90.381941][ T5815] ? netlink_deliver_tap+0x1ae/0xcc0 [ 90.381989][ T5815] genl_rcv+0x28/0x40 [ 90.382015][ T5815] netlink_unicast+0x585/0x850 [ 90.382065][ T5815] ? __pfx_netlink_unicast+0x10/0x10 [ 90.382121][ T5815] netlink_sendmsg+0x8b0/0xda0 [ 90.382172][ T5815] ? __pfx_netlink_sendmsg+0x10/0x10 [ 90.382214][ T5815] ? __import_iovec+0x1d2/0x640 [ 90.382250][ T5815] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 90.382303][ T5815] ____sys_sendmsg+0x9e1/0xb70 [ 90.382344][ T5815] ? __pfx_netlink_sendmsg+0x10/0x10 [ 90.382392][ T5815] ? __pfx_____sys_sendmsg+0x10/0x10 [ 90.382442][ T5815] ? __pfx_futex_wake_mark+0x10/0x10 [ 90.382481][ T5815] ___sys_sendmsg+0x190/0x1e0 [ 90.382506][ T5815] ? __pfx____sys_sendmsg+0x10/0x10 [ 90.382580][ T5815] __sys_sendmsg+0x170/0x220 [ 90.382617][ T5815] ? __pfx___sys_sendmsg+0x10/0x10 [ 90.382652][ T5815] ? __x64_sys_futex+0x34f/0x4d0 [ 90.382698][ T5815] ? rcu_is_watching+0x12/0xc0 [ 90.382738][ T5815] do_syscall_64+0x10b/0x830 [ 90.382764][ T5815] ? clear_bhb_loop+0x40/0x90 [ 90.382801][ T5815] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.382830][ T5815] RIP: 0033:0x7f2e75f9ce59 [ 90.382854][ T5815] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 90.382880][ T5815] RSP: 002b:00007f2e76dc4028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 90.382914][ T5815] RAX: ffffffffffffffda RBX: 00007f2e76215fa0 RCX: 00007f2e75f9ce59 [ 90.382934][ T5815] RDX: 0000000000008000 RSI: 0000200000000200 RDI: 0000000000000008 [ 90.382951][ T5815] RBP: 00007f2e76032d6f R08: 0000000000000000 R09: 0000000000000000 [ 90.382968][ T5815] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 90.382985][ T5815] R13: 00007f2e76216038 R14: 00007f2e76215fa0 R15: 00007ffd5ddeee78 [ 90.383023][ T5815] [ 90.461926][ T5822] syz.1.8 (5822) used greatest stack depth: 19720 bytes left [ 90.905723][ T5830] process 'syz.2.10' launched './file0' with NULL argv: empty string added [ 91.239453][ T5833] block2mtd: Using custom MTD label '' for dev [ 91.262230][ T5833] block2mtd: error: cannot open device [ 92.037016][ T5858] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 92.055022][ T5651] Bluetooth: hci3: command 0x2016 tx timeout [ 92.505215][ T5865] Zero length message leads to an empty skb [ 92.719835][ T5869] mmap: syz.1.14 (5869) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 94.125122][ T5644] Bluetooth: hci3: command 0x2016 tx timeout [ 94.716729][ T5882] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 94.777307][ T5880] Process accounting resumed [ 95.000371][ T5887] FAULT_INJECTION: forcing a failure. [ 95.000371][ T5887] name fail_futex, interval 1, probability 0, space 0, times 1 [ 95.013641][ T5887] CPU: 1 UID: 0 PID: 5887 Comm: syz.2.20 Not tainted syzkaller #0 PREEMPT(full) [ 95.013662][ T5887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 95.013671][ T5887] Call Trace: [ 95.013677][ T5887] [ 95.013683][ T5887] dump_stack_lvl+0x100/0x190 [ 95.013705][ T5887] should_fail_ex.cold+0x5/0xa [ 95.013724][ T5887] should_fail_futex+0x4c/0x60 [ 95.013740][ T5887] futex_lock_pi_atomic+0xe7/0xaf0 [ 95.013759][ T5887] ? futex_hash+0x141/0x370 [ 95.013776][ T5887] futex_lock_pi+0x245/0x7a0 [ 95.013798][ T5887] ? __pfx_futex_lock_pi+0x10/0x10 [ 95.013831][ T5887] ? rcu_is_watching+0x12/0xc0 [ 95.013851][ T5887] ? __pfx_futex_wake_mark+0x10/0x10 [ 95.013880][ T5887] do_futex+0x18a/0x350 [ 95.013896][ T5887] ? __pfx_do_futex+0x10/0x10 [ 95.013917][ T5887] __x64_sys_futex+0x34f/0x4d0 [ 95.013935][ T5887] ? fput+0x79/0x100 [ 95.013971][ T5887] ? __pfx___x64_sys_futex+0x10/0x10 [ 95.014000][ T5887] ? ksys_write+0x1ac/0x250 [ 95.014018][ T5887] ? __pfx_ksys_write+0x10/0x10 [ 95.014037][ T5887] ? rcu_is_watching+0x12/0xc0 [ 95.014057][ T5887] do_syscall_64+0x10b/0x830 [ 95.014071][ T5887] ? clear_bhb_loop+0x40/0x90 [ 95.014088][ T5887] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.014103][ T5887] RIP: 0033:0x7f7e1af9ce59 [ 95.014117][ T5887] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 95.014131][ T5887] RSP: 002b:00007f7e1bf1e028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 95.014145][ T5887] RAX: ffffffffffffffda RBX: 00007f7e1b215fa0 RCX: 00007f7e1af9ce59 [ 95.014154][ T5887] RDX: 0000000000000008 RSI: 0000000000000006 RDI: 0000000000000000 [ 95.014163][ T5887] RBP: 00007f7e1b032d6f R08: 0000000000000000 R09: 000000008000fff5 [ 95.014171][ T5887] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 95.014180][ T5887] R13: 00007f7e1b216038 R14: 00007f7e1b215fa0 R15: 00007ffcd5338d68 [ 95.014199][ T5887] [ 95.842520][ T5884] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 95.979781][ T5906] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 96.917478][ T5914] FAULT_INJECTION: forcing a failure. [ 96.917478][ T5914] name failslab, interval 1, probability 0, space 0, times 0 [ 96.933982][ T5914] CPU: 1 UID: 0 PID: 5914 Comm: syz.1.26 Not tainted syzkaller #0 PREEMPT(full) [ 96.934022][ T5914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 96.934039][ T5914] Call Trace: [ 96.934047][ T5914] [ 96.934065][ T5914] dump_stack_lvl+0x100/0x190 [ 96.934103][ T5914] should_fail_ex.cold+0x5/0xa [ 96.934141][ T5914] should_failslab+0xc2/0x120 [ 96.934175][ T5914] __kvmalloc_node_noprof+0xfa/0xa00 [ 96.934203][ T5914] ? open_substream+0x311/0x9b0 [ 96.934232][ T5914] ? lockdep_init_map_type+0x5c/0x250 [ 96.934270][ T5914] open_substream+0x311/0x9b0 [ 96.934304][ T5914] rawmidi_open_priv+0x595/0x6f0 [ 96.934344][ T5914] snd_rawmidi_open+0x4c9/0xba0 [ 96.934384][ T5914] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 96.934420][ T5914] ? __pfx_default_wake_function+0x10/0x10 [ 96.934462][ T5914] ? do_raw_spin_lock+0x128/0x260 [ 96.934499][ T5914] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 96.934533][ T5914] snd_open+0x201/0x450 [ 96.934581][ T5914] ? __pfx_snd_open+0x10/0x10 [ 96.934630][ T5914] chrdev_open+0x234/0x6a0 [ 96.934665][ T5914] ? __pfx_chrdev_open+0x10/0x10 [ 96.934701][ T5914] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 96.934744][ T5914] do_dentry_open+0x6d8/0x1660 [ 96.934775][ T5914] ? __pfx_chrdev_open+0x10/0x10 [ 96.934818][ T5914] vfs_open+0x82/0x3f0 [ 96.934876][ T5914] path_openat+0x208c/0x31a0 [ 96.934922][ T5914] ? __pfx_path_openat+0x10/0x10 [ 96.934971][ T5914] do_file_open+0x20e/0x430 [ 96.935009][ T5914] ? __pfx_do_file_open+0x10/0x10 [ 96.935077][ T5914] ? alloc_fd+0x476/0x790 [ 96.935118][ T5914] ? do_getname+0x191/0x390 [ 96.935166][ T5914] do_sys_openat2+0x10d/0x1e0 [ 96.935211][ T5914] ? __pfx_do_sys_openat2+0x10/0x10 [ 96.935259][ T5914] ? __fget_files+0x21f/0x3d0 [ 96.935302][ T5914] __x64_sys_openat+0x12d/0x210 [ 96.935330][ T5914] ? __pfx___x64_sys_openat+0x10/0x10 [ 96.935383][ T5914] ? rcu_is_watching+0x12/0xc0 [ 96.935423][ T5914] do_syscall_64+0x10b/0x830 [ 96.935450][ T5914] ? clear_bhb_loop+0x40/0x90 [ 96.935486][ T5914] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 96.935516][ T5914] RIP: 0033:0x7fa41239ce59 [ 96.935541][ T5914] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 96.935568][ T5914] RSP: 002b:00007fa413263028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 96.935595][ T5914] RAX: ffffffffffffffda RBX: 00007fa412615fa0 RCX: 00007fa41239ce59 [ 96.935614][ T5914] RDX: 000000000000a003 RSI: 0000200000000340 RDI: ffffffffffffff9c [ 96.935633][ T5914] RBP: 00007fa412432d6f R08: 0000000000000000 R09: 0000000000000000 [ 96.935662][ T5914] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 96.935679][ T5914] R13: 00007fa412616038 R14: 00007fa412615fa0 R15: 00007ffe6b923478 [ 96.935719][ T5914] [ 97.679676][ T5927] FAULT_INJECTION: forcing a failure. [ 97.679676][ T5927] name failslab, interval 1, probability 0, space 0, times 0 [ 97.746329][ T5927] CPU: 1 UID: 0 PID: 5927 Comm: syz.0.30 Not tainted syzkaller #0 PREEMPT(full) [ 97.746351][ T5927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 97.746361][ T5927] Call Trace: [ 97.746366][ T5927] [ 97.746373][ T5927] dump_stack_lvl+0x100/0x190 [ 97.746395][ T5927] should_fail_ex.cold+0x5/0xa [ 97.746415][ T5927] should_failslab+0xc2/0x120 [ 97.746434][ T5927] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 97.746449][ T5927] ? mem_cgroup_css_alloc+0xac7/0x1e00 [ 97.746470][ T5927] ? lru_gen_init_lruvec+0x2da/0x3d0 [ 97.746488][ T5927] mem_cgroup_css_alloc+0xac7/0x1e00 [ 97.746513][ T5927] cgroup_apply_control_enable+0x602/0xdd0 [ 97.746541][ T5927] cgroup_mkdir+0x59c/0x1310 [ 97.746565][ T5927] ? __pfx_cgroup_mkdir+0x10/0x10 [ 97.746587][ T5927] kernfs_iop_mkdir+0x111/0x190 [ 97.746605][ T5927] ? bpf_lsm_inode_mkdir+0x9/0x10 [ 97.746635][ T5927] vfs_mkdir+0x361/0x850 [ 97.746666][ T5927] filename_mkdirat+0x48b/0x5e0 [ 97.746701][ T5927] ? __pfx_filename_mkdirat+0x10/0x10 [ 97.746723][ T5927] ? strncpy_from_user+0x19d/0x2d0 [ 97.746743][ T5927] ? do_getname+0x191/0x390 [ 97.746766][ T5927] __x64_sys_mkdir+0x6b/0x90 [ 97.746786][ T5927] do_syscall_64+0x10b/0x830 [ 97.746800][ T5927] ? clear_bhb_loop+0x40/0x90 [ 97.746819][ T5927] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 97.746834][ T5927] RIP: 0033:0x7f240c79ce59 [ 97.746847][ T5927] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 97.746862][ T5927] RSP: 002b:00007f240d694028 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 97.746877][ T5927] RAX: ffffffffffffffda RBX: 00007f240ca15fa0 RCX: 00007f240c79ce59 [ 97.746886][ T5927] RDX: 0000000000000000 RSI: 00000000000008cd RDI: 0000200000000000 [ 97.746895][ T5927] RBP: 00007f240c832d6f R08: 0000000000000000 R09: 0000000000000000 [ 97.746904][ T5927] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 97.746913][ T5927] R13: 00007f240ca16038 R14: 00007f240ca15fa0 R15: 00007fffda37bfa8 [ 97.746933][ T5927] [ 98.194175][ T5644] Bluetooth: hci1: unexpected event 0x1c length: 725 > 5 [ 101.666053][ T6004] hub 1-0:1.0: USB hub found [ 101.719941][ T6004] hub 1-0:1.0: 1 port detected [ 102.686597][ T6021] ubi0: attaching mtd0 [ 102.973858][ T6021] ubi0: scanning is finished [ 102.996265][ T6021] ubi0: empty MTD device detected [ 103.513545][ T6021] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 103.522242][ T6021] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 103.531937][ T6021] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 103.547839][ T6021] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 103.580307][ T6021] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 103.593695][ T6021] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 103.613976][ T6021] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 342328784 [ 103.640660][ T6021] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 103.669457][ T6036] ubi0: background thread "ubi_bgt0d" started, PID 6036 [ 103.703180][ T6041] netlink: del zone limit has 4 unknown bytes [ 103.723534][ T6023] ubi0: detaching mtd0 [ 103.941060][ T6023] ubi0: mtd0 is detached [ 104.424344][ T6043] nbd: must specify a size in bytes for the device [ 107.157452][ T29] audit: type=1804 audit(2147538689.756:3): pid=6080 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.58" name="/newroot/13/file0" dev="tmpfs" ino=85 res=1 errno=0 [ 109.763073][ T6137] overlayfs: "check_copy_up" module option is obsolete [ 110.203083][ T6134] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 110.941148][ T6167] netlink: 172 bytes leftover after parsing attributes in process `syz.3.74'. [ 111.006997][ T6154] CIFS: VFS: UNC: path must begin with // or \\ [ 111.073649][ T6154] Malformed UNC in devname [ 111.073649][ T6154] [ 111.136419][ T6166] hub 1-0:1.0: USB hub found [ 111.161918][ T6166] hub 1-0:1.0: 1 port detected [ 111.172524][ T6154] CIFS: VFS: Malformed UNC in devname [ 117.478605][ T6275] netlink: 28 bytes leftover after parsing attributes in process `syz.2.91'. [ 117.903501][ T6275] hsr_slave_0 (unregistering): left promiscuous mode [ 118.145606][ T6300] binder: 6293:6300 ioctl 5403 3 returned -22 [ 119.544972][ T29] audit: type=1800 audit(2147593734.151:4): pid=6314 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.96" name="lu_gp_id" dev="configfs" ino=10101 res=0 errno=0 [ 123.803329][ T6435] FAULT_INJECTION: forcing a failure. [ 123.803329][ T6435] name failslab, interval 1, probability 0, space 0, times 0 [ 123.835569][ T6435] CPU: 0 UID: 0 PID: 6435 Comm: syz.2.116 Tainted: G L syzkaller #0 PREEMPT(full) [ 123.835614][ T6435] Tainted: [L]=SOFTLOCKUP [ 123.835623][ T6435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 123.835640][ T6435] Call Trace: [ 123.835649][ T6435] [ 123.835658][ T6435] dump_stack_lvl+0x100/0x190 [ 123.835693][ T6435] should_fail_ex.cold+0x5/0xa [ 123.835730][ T6435] should_failslab+0xc2/0x120 [ 123.835765][ T6435] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 123.835794][ T6435] ? __kernfs_new_node+0xd2/0x9f0 [ 123.835834][ T6435] __kernfs_new_node+0xd2/0x9f0 [ 123.835871][ T6435] ? __pfx___kernfs_new_node+0x10/0x10 [ 123.835912][ T6435] ? find_held_lock+0x2b/0x80 [ 123.835948][ T6435] ? kernfs_root+0xee/0x2a0 [ 123.835978][ T6435] ? kernfs_root+0xee/0x2a0 [ 123.836026][ T6435] kernfs_new_node+0x11b/0x1a0 [ 123.836069][ T6435] __kernfs_create_file+0x53/0x350 [ 123.836119][ T6435] sysfs_add_file_mode_ns+0x207/0x3c0 [ 123.836156][ T6435] internal_create_group+0x593/0xfb0 [ 123.836199][ T6435] ? __pfx_internal_create_group+0x10/0x10 [ 123.836239][ T6435] ? kernfs_create_link+0x1bd/0x240 [ 123.836287][ T6435] internal_create_groups+0x9d/0x150 [ 123.836325][ T6435] device_add+0x77a/0x1950 [ 123.836369][ T6435] ? __pfx_device_add+0x10/0x10 [ 123.836406][ T6435] ? __pfx___might_resched+0x10/0x10 [ 123.836436][ T6435] ? lockdep_hardirqs_on+0x78/0x100 [ 123.836478][ T6435] __add_disk+0x518/0xe40 [ 123.836527][ T6435] add_disk_fwnode+0x118/0x5c0 [ 123.836575][ T6435] loop_add+0x90b/0xb60 [ 123.836604][ T6435] ? __pfx_loop_add+0x10/0x10 [ 123.836664][ T6435] loop_control_ioctl+0xae/0x620 [ 123.836694][ T6435] ? __pfx_loop_control_ioctl+0x10/0x10 [ 123.836723][ T6435] ? xfd_validate_state+0x129/0x190 [ 123.836756][ T6435] ? __pfx_loop_control_ioctl+0x10/0x10 [ 123.836788][ T6435] __x64_sys_ioctl+0x18e/0x210 [ 123.836820][ T6435] do_syscall_64+0x10b/0x830 [ 123.836845][ T6435] ? clear_bhb_loop+0x40/0x90 [ 123.836880][ T6435] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.836908][ T6435] RIP: 0033:0x7f7e1af9ce59 [ 123.836941][ T6435] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 123.836969][ T6435] RSP: 002b:00007f7e1bf1e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 123.837002][ T6435] RAX: ffffffffffffffda RBX: 00007f7e1b215fa0 RCX: 00007f7e1af9ce59 [ 123.837022][ T6435] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000003 [ 123.837039][ T6435] RBP: 00007f7e1b032d6f R08: 0000000000000000 R09: 0000000000000000 [ 123.837056][ T6435] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 123.837072][ T6435] R13: 00007f7e1b216038 R14: 00007f7e1b215fa0 R15: 00007ffcd5338d68 [ 123.837111][ T6435] [ 124.501645][ T6442] netlink: 146 bytes leftover after parsing attributes in process `syz.0.117'. [ 125.188025][ T6436] Process accounting paused [ 126.051100][ T6475] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 126.438135][ T6498] netlink: 8 bytes leftover after parsing attributes in process `syz.1.127'. [ 126.848479][ T6506] netlink: 342 bytes leftover after parsing attributes in process `syz.3.130'. [ 126.884932][ T6505] netlink: 342 bytes leftover after parsing attributes in process `syz.3.130'. [ 126.984964][ T6508] netlink: 16 bytes leftover after parsing attributes in process `syz.1.129'. [ 130.638912][ T6581] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 130.746040][ T6586] ubi0: attaching mtd0 [ 130.789669][ T6586] ubi0: scanning is finished [ 130.837354][ T6586] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 131.407971][ T6586] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 131.992089][ T6103] Bluetooth: hci0: SCO packet for unknown connection handle 0 [ 133.701964][ T6638] netlink: 28 bytes leftover after parsing attributes in process `syz.2.149'. [ 134.045402][ T6648] netlink: 'syz.3.151': attribute type 33 has an invalid length. [ 135.043742][ T6683] ovs_: entered promiscuous mode [ 135.309073][ T6689] netlink: 8 bytes leftover after parsing attributes in process `syz.0.158'. [ 135.912407][ T6709] snd_virmidi snd_virmidi.0: control 61678:131081:3:yª:3 is already present [ 135.921826][ T6709] snd_virmidi snd_virmidi.0: control 61678:131081:3:yª:3 is already present [ 135.931367][ T6709] snd_virmidi snd_virmidi.0: control 61678:131081:3:yª:3 is already present [ 135.940730][ T6709] snd_virmidi snd_virmidi.0: control 61678:131081:3:yª:3 is already present [ 135.990207][ T6709] snd_virmidi snd_virmidi.0: control 61678:131081:3:yª:3 is already present [ 136.000492][ T6709] snd_virmidi snd_virmidi.0: control 61678:131081:3:yª:3 is already present [ 136.009910][ T6709] snd_virmidi snd_virmidi.0: control 61678:131081:3:yª:3 is already present [ 136.023970][ T6709] snd_virmidi snd_virmidi.0: control 61678:131081:3:yª:3 is already present [ 136.033445][ T6709] snd_virmidi snd_virmidi.0: control 61678:131081:3:yª:3 is already present [ 136.044033][ T6709] snd_virmidi snd_virmidi.0: control 61678:131081:3:yª:3 is already present [ 136.075452][ T6709] snd_virmidi snd_virmidi.0: control 61678:131081:3:yª:3 is already present [ 136.102031][ T6709] snd_virmidi snd_virmidi.0: control 61678:131081:3:yª:3 is already present [ 136.117991][ T6709] snd_virmidi snd_virmidi.0: control 61678:131081:3:yª:3 is already present [ 136.168865][ T6709] snd_virmidi snd_virmidi.0: control 61678:131081:3:yª:3 is already present [ 136.249076][ T6709] snd_virmidi snd_virmidi.0: control 61678:131081:3:yª:3 is already present [ 136.295440][ T6709] snd_virmidi snd_virmidi.0: control 61678:131081:3:yª:3 is already present [ 136.304704][ T6709] snd_virmidi snd_virmidi.0: control 61678:131081:3:yª:3 is already present [ 136.314297][ T6709] snd_virmidi snd_virmidi.0: control 61678:131081:3:yª:3 is already present [ 136.324797][ T6709] snd_virmidi snd_virmidi.0: control 61678:131081:3:yª:3 is already present [ 136.331813][ T6677] syz.2.156 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 136.333899][ T6709] snd_virmidi snd_virmidi.0: control 61678:131081:3:yª:3 is already present [ 136.355070][ T6709] snd_virmidi snd_virmidi.0: control 61678:131081:3:yª:3 is already present [ 136.385302][ T6709] snd_virmidi snd_virmidi.0: control 61678:131081:3:yª:3 is already present [ 136.396852][ T6709] snd_virmidi snd_virmidi.0: control 61678:131081:3:yª:3 is already present [ 136.407681][ T6709] snd_virmidi snd_virmidi.0: control 61678:131081:3:yª:3 is already present [ 136.416786][ T6709] snd_virmidi snd_virmidi.0: control 61678:131081:3:yª:3 is already present [ 136.427272][ T6709] snd_virmidi snd_virmidi.0: control 61678:131081:3:yª:3 is already present [ 136.436386][ T6709] snd_virmidi snd_virmidi.0: control 61678:131081:3:yª:3 is already present [ 136.445713][ T6709] snd_virmidi snd_virmidi.0: control 61678:131081:3:yª:3 is already present [ 136.455684][ T6709] snd_virmidi snd_virmidi.0: control 61678:131081:3:yª:3 is already present [ 136.467003][ T6709] snd_virmidi snd_virmidi.0: control 61678:131081:3:yª:3 is already present [ 136.476108][ T6709] snd_virmidi snd_virmidi.0: control 61678:131081:3:yª:3 is already present [ 136.485803][ T6709] snd_virmidi snd_virmidi.0: control 61678:131081:3:yª:3 is already present [ 138.518192][ T6777] random: crng reseeded on system resumption [ 140.902416][ T6824] size and base must be multiples of 4 kiB [ 140.931148][ T6827] device-mapper: ioctl: Unable to rename non-existent device, to „ [ 140.946049][ T6824] CPU: 0 UID: 0 PID: 6824 Comm: syz.3.186 Tainted: G L syzkaller #0 PREEMPT(full) [ 140.946085][ T6824] Tainted: [L]=SOFTLOCKUP [ 140.946091][ T6824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 140.946100][ T6824] Call Trace: [ 140.946106][ T6824] [ 140.946112][ T6824] dump_stack_lvl+0x100/0x190 [ 140.946134][ T6824] mtrr_del.cold+0x72/0x85 [ 140.946152][ T6824] mtrr_ioctl+0xbc8/0xcf0 [ 140.946167][ T6824] ? __pfx_mtrr_ioctl+0x10/0x10 [ 140.946191][ T6824] ? __x64_sys_openat+0x12d/0x210 [ 140.946207][ T6824] ? __pfx_mtrr_ioctl+0x10/0x10 [ 140.946221][ T6824] proc_reg_unlocked_ioctl+0x229/0x320 [ 140.946239][ T6824] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 140.946262][ T6824] __x64_sys_ioctl+0x18e/0x210 [ 140.946279][ T6824] do_syscall_64+0x10b/0x830 [ 140.946293][ T6824] ? clear_bhb_loop+0x40/0x90 [ 140.946310][ T6824] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 140.946331][ T6824] RIP: 0033:0x7f2e75f9ce59 [ 140.946351][ T6824] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 140.946375][ T6824] RSP: 002b:00007f2e76dc4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 140.946391][ T6824] RAX: ffffffffffffffda RBX: 00007f2e76215fa0 RCX: 00007f2e75f9ce59 [ 140.946401][ T6824] RDX: 0000000000000000 RSI: 00000000400c4d04 RDI: 0000000000000000 [ 140.946410][ T6824] RBP: 00007f2e76032d6f R08: 0000000000000000 R09: 0000000000000000 [ 140.946420][ T6824] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 140.946428][ T6824] R13: 00007f2e76216038 R14: 00007f2e76215fa0 R15: 00007ffd5ddeee78 [ 140.946448][ T6824] [ 141.296683][ T6827] device-mapper: ioctl: Unable to rename non-existent device, to „ [ 141.313889][ T6824] syz.3.186 uses obsolete (PF_INET,SOCK_PACKET) [ 141.361223][ T6824] usb usb13: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 141.395433][ T6827] device-mapper: ioctl: Unable to rename non-existent device, to „ [ 141.436531][ T6827] device-mapper: ioctl: Unable to rename non-existent device, to „ [ 141.508269][ T6827] device-mapper: ioctl: Unable to rename non-existent device, to „ [ 141.551918][ T6827] device-mapper: ioctl: Unable to rename non-existent device, to „ [ 141.616353][ T6827] device-mapper: ioctl: Unable to rename non-existent device, to „ [ 141.664166][ T6827] device-mapper: ioctl: Unable to rename non-existent device, to „ [ 141.706043][ T6827] device-mapper: ioctl: Unable to rename non-existent device, to „ [ 141.774869][ T6827] device-mapper: ioctl: Unable to rename non-existent device, to „ [ 141.848302][ T6827] device-mapper: ioctl: Unable to rename non-existent device, to „ [ 141.920638][ T6827] device-mapper: ioctl: Unable to rename non-existent device, to „ [ 142.008733][ T6827] device-mapper: ioctl: Unable to rename non-existent device, to „ [ 142.109521][ T6822] Process accounting resumed [ 142.114022][ T6844] nvme_fabrics: missing parameter 'transport=%s' [ 142.146516][ T6844] nvme_fabrics: missing parameter 'nqn=%s' [ 142.369443][ T6853] input: f¬ as /devices/virtual/input/input5 [ 145.120334][ T6893] netlink: 28 bytes leftover after parsing attributes in process `syz.1.199'. [ 145.654153][ T6901] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 145.661468][ T6901] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 145.727254][ T6901] netlink: 20 bytes leftover after parsing attributes in process `syz.1.201'. [ 145.743357][ T6899] random: crng reseeded on system resumption [ 145.755668][ T6901] hsr_slave_0: left promiscuous mode [ 145.773179][ T6901] hsr_slave_1: left promiscuous mode [ 145.971758][ T6103] Bluetooth: hci1: unexpected subevent 0x18 length: 123 > 19 [ 145.980263][ T6103] Bluetooth: hci1: Unable to find connection for dst f9:56:cc:cc:70:a9 sid 0x00 [ 146.556560][ T6920] netlink: 28 bytes leftover after parsing attributes in process `syz.1.205'. [ 146.806242][ T6931] netlink: 16 bytes leftover after parsing attributes in process `syz.3.206'. [ 146.830872][ T6921] dyndbg: expected <4096 bytes into control [ 147.208562][ T6937] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.693013][ T6937] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.954048][ T6961] netlink: 8 bytes leftover after parsing attributes in process `syz.3.213'. [ 148.112119][ T6937] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 148.397765][ T6937] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 149.563316][ T6103] Bluetooth: hci2: unexpected subevent 0x01 length: 3 < 18 [ 151.498476][ T7027] zswap: compressor not available [ 151.602539][ T7035] futex_wake_op: syz.3.227 tries to shift op by -2048; fix this program [ 154.822903][ T7081] openvswitch: netlink: Port -2134900732 exceeds max allowable 65535 [ 155.615817][ T7061] Process accounting resumed [ 155.827296][ T7102] random: crng reseeded on system resumption [ 157.153694][ T7132] workqueue: name exceeds WQ_NAME_LEN. Truncating to: 211!phy1!netdev:wlan1!rc_rateid [ 157.382805][ T7133] sysfs: cannot create duplicate filename '/class/ieee80211/211!phy1!netdev:wlan1!rc_rateidx_mcs_mask' [ 157.435017][ T7133] CPU: 0 UID: 0 PID: 7133 Comm: syz.3.246 Tainted: G L syzkaller #0 PREEMPT(full) [ 157.435062][ T7133] Tainted: [L]=SOFTLOCKUP [ 157.435072][ T7133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 157.435089][ T7133] Call Trace: [ 157.435097][ T7133] [ 157.435108][ T7133] dump_stack_lvl+0x100/0x190 [ 157.435145][ T7133] sysfs_warn_dup.cold+0x1c/0x28 [ 157.435186][ T7133] sysfs_do_create_link_sd+0x113/0x140 [ 157.435231][ T7133] sysfs_create_link+0x61/0xc0 [ 157.435263][ T7133] device_add+0x675/0x1950 [ 157.435308][ T7133] ? __pfx_device_add+0x10/0x10 [ 157.435349][ T7133] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 157.435393][ T7133] ? ieee80211_set_bitrate_flags+0x41b/0x6b0 [ 157.435434][ T7133] wiphy_register+0x1edd/0x2d90 [ 157.435474][ T7133] ? __rtnl_unlock+0xb9/0xf0 [ 157.435524][ T7133] ? __pfx_wiphy_register+0x10/0x10 [ 157.435567][ T7133] ? __asan_memset+0x23/0x50 [ 157.435610][ T7133] ? minstrel_ht_alloc+0x5e6/0x7f0 [ 157.435657][ T7133] ieee80211_register_hw+0x3055/0x4570 [ 157.435704][ T7133] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 157.435733][ T7133] ? __pfx___debug_object_init+0x10/0x10 [ 157.435768][ T7133] ? find_held_lock+0x2b/0x80 [ 157.435806][ T7133] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 157.435847][ T7133] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 157.435890][ T7133] ? __hrtimer_setup+0x208/0x330 [ 157.435927][ T7133] mac80211_hwsim_new_radio+0x2a01/0x5aa0 [ 157.435988][ T7133] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 157.436027][ T7133] ? __asan_memcpy+0x3c/0x60 [ 157.436073][ T7133] hwsim_new_radio_nl+0xc5f/0x1370 [ 157.436106][ T7133] ? rcu_is_watching+0x12/0xc0 [ 157.436142][ T7133] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 157.436197][ T7133] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1e5/0x2f0 [ 157.436232][ T7133] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1ef/0x2f0 [ 157.436273][ T7133] genl_family_rcv_msg_doit+0x214/0x300 [ 157.436309][ T7133] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 157.436340][ T7133] ? genl_get_cmd+0x3e7/0x760 [ 157.436380][ T7133] ? bpf_lsm_capable+0x9/0x10 [ 157.436412][ T7133] ? security_capable+0x80/0x260 [ 157.436456][ T7133] ? ns_capable+0xd2/0xf0 [ 157.436494][ T7133] genl_rcv_msg+0x560/0x800 [ 157.436526][ T7133] ? __pfx_genl_rcv_msg+0x10/0x10 [ 157.436555][ T7133] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 157.436595][ T7133] netlink_rcv_skb+0x159/0x420 [ 157.436633][ T7133] ? __pfx_genl_rcv_msg+0x10/0x10 [ 157.436661][ T7133] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 157.436713][ T7133] ? netlink_deliver_tap+0x1ae/0xcc0 [ 157.436757][ T7133] genl_rcv+0x28/0x40 [ 157.436782][ T7133] netlink_unicast+0x585/0x850 [ 157.436828][ T7133] ? __pfx_netlink_unicast+0x10/0x10 [ 157.436878][ T7133] netlink_sendmsg+0x8b0/0xda0 [ 157.436925][ T7133] ? __pfx_netlink_sendmsg+0x10/0x10 [ 157.436965][ T7133] ? __import_iovec+0x1d2/0x640 [ 157.437001][ T7133] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 157.437054][ T7133] ____sys_sendmsg+0x9e1/0xb70 [ 157.437095][ T7133] ? __pfx_netlink_sendmsg+0x10/0x10 [ 157.437142][ T7133] ? __pfx_____sys_sendmsg+0x10/0x10 [ 157.437198][ T7133] ? rcu_is_watching+0x12/0xc0 [ 157.437232][ T7133] ? ___sys_sendmsg+0x19d/0x1e0 [ 157.437256][ T7133] ? kfree+0x1dd/0x6c0 [ 157.437301][ T7133] ___sys_sendmsg+0x190/0x1e0 [ 157.437331][ T7133] ? __pfx____sys_sendmsg+0x10/0x10 [ 157.437394][ T7133] ? __pfx___might_resched+0x10/0x10 [ 157.437435][ T7133] __sys_sendmmsg+0x205/0x430 [ 157.437476][ T7133] ? __pfx___sys_sendmmsg+0x10/0x10 [ 157.437544][ T7133] ? xfd_validate_state+0x129/0x190 [ 157.437586][ T7133] __x64_sys_sendmmsg+0x9c/0x100 [ 157.437622][ T7133] ? lockdep_hardirqs_on+0x78/0x100 [ 157.437650][ T7133] do_syscall_64+0x10b/0x830 [ 157.437676][ T7133] ? clear_bhb_loop+0x40/0x90 [ 157.437712][ T7133] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.437741][ T7133] RIP: 0033:0x7f2e75f9ce59 [ 157.437764][ T7133] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 157.437789][ T7133] RSP: 002b:00007f2e76da3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 157.437816][ T7133] RAX: ffffffffffffffda RBX: 00007f2e76216090 RCX: 00007f2e75f9ce59 [ 157.437834][ T7133] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 157.437850][ T7133] RBP: 00007f2e76032d6f R08: 0000000000000000 R09: 0000000000000000 [ 157.437866][ T7133] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 157.437882][ T7133] R13: 00007f2e76216128 R14: 00007f2e76216090 R15: 00007ffd5ddeee78 [ 157.437922][ T7133] [ 158.461209][ T7144] ubi0: attaching mtd0 [ 158.483802][ T7144] ubi0: scanning is finished [ 158.499802][ T7144] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 158.741498][ T7144] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 159.707626][ T7163] tipc: Started in network mode [ 159.718891][ T7163] tipc: Node identity ee00, cluster identity 4711 [ 159.736799][ T7163] tipc: Node number set to 60928 [ 160.533987][ T7177] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 160.540480][ T7177] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 163.708810][ T7211] netlink: 12 bytes leftover after parsing attributes in process `syz.0.263'. [ 165.353938][ T6103] Bluetooth: hci1: unexpected event 0x06 length: 6 > 3 [ 165.357305][ T7260] netlink: 178 bytes leftover after parsing attributes in process `syz.1.271'. [ 165.409326][ T7260] netlink: 178 bytes leftover after parsing attributes in process `syz.1.271'. [ 165.510853][ T7264] vivid-007: ================= START STATUS ================= [ 165.566517][ T7264] vivid-007: Enable Output Cropping: true grabbed [ 165.610156][ T7264] vivid-007: Enable Output Composing: true grabbed [ 165.664993][ T7264] vivid-007: Enable Output Scaler: true grabbed [ 165.692274][ T7264] vivid-007: Tx RGB Quantization Range: Automatic grabbed [ 165.727307][ T7264] vivid-007: Transmit Mode: HDMI grabbed [ 165.776813][ T7264] vivid-007: Hotplug Present: 0x00000000 [ 165.806134][ T7264] vivid-007: RxSense Present: 0x00000000 [ 165.813281][ T7264] vivid-007: EDID Present: 0x00000000 [ 165.823708][ T7264] vivid-007: ================== END STATUS ================== [ 166.180312][ T7285] netlink: 8 bytes leftover after parsing attributes in process `syz.3.274'. [ 168.189981][ T7307] futex_wake_op: syz.0.278 tries to shift op by -1; fix this program [ 168.905109][ T7319] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 170.525275][ T7349] smpboot: CPU 1 is now offline [ 170.670609][ T7350] netlink: 12 bytes leftover after parsing attributes in process `syz.1.286'. [ 171.828677][ T7355] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 171.859897][ T7355] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 171.932521][ T7355] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 172.007109][ T7355] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 172.031667][ T7355] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 172.072313][ T7355] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 172.134435][ T7355] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 172.161185][ T7355] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 172.197920][ T7355] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 172.230951][ T7355] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 172.265823][ T7355] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 172.312347][ T7355] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 172.848035][ T7385] page: refcount:5 mapcount:4 mapping:0000000000000000 index:0x7fa473844 pfn:0x78000 [ 172.959967][ T7375] Process accounting paused [ 172.993342][ T7385] flags: 0xfff18000000214(referenced|dirty|workingset|node=0|zone=1|lastcpupid=0x7ff) [ 173.076318][ T7385] raw: 00fff18000000214 0000000000000000 dead000000000122 0000000000000000 [ 173.141187][ T7391] FAULT_INJECTION: forcing a failure. [ 173.141187][ T7391] name failslab, interval 1, probability 0, space 0, times 0 [ 173.154396][ T7385] raw: 00000007fa473844 0000000000000000 0000000500000003 0000000000000000 [ 173.220520][ T7391] CPU: 0 UID: 0 PID: 7391 Comm: syz.0.294 Tainted: G L syzkaller #0 PREEMPT(full) [ 173.220545][ T7391] Tainted: [L]=SOFTLOCKUP [ 173.220551][ T7391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 173.220560][ T7391] Call Trace: [ 173.220565][ T7391] [ 173.220572][ T7391] dump_stack_lvl+0x100/0x190 [ 173.220594][ T7391] should_fail_ex.cold+0x5/0xa [ 173.220614][ T7391] should_failslab+0xc2/0x120 [ 173.220632][ T7391] __kmalloc_cache_noprof+0x7a/0x6f0 [ 173.220653][ T7391] ? ima_calc_file_hash_tfm+0x236/0x350 [ 173.220670][ T7391] ? sha256_init+0xd/0xc0 [ 173.220688][ T7391] ima_calc_file_hash_tfm+0x236/0x350 [ 173.220704][ T7391] ? __pfx_ima_calc_file_hash_tfm+0x10/0x10 [ 173.220741][ T7391] ? look_up_lock_class+0x55/0x120 [ 173.220758][ T7391] ? ima_alloc_tfm+0x21a/0x2e0 [ 173.220775][ T7391] ima_calc_file_hash+0x1e3/0x380 [ 173.220791][ T7391] ima_collect_measurement+0x94f/0xb30 [ 173.220811][ T7391] ? __pfx_ima_collect_measurement+0x10/0x10 [ 173.220841][ T7391] ? process_measurement+0x5ab/0x2350 [ 173.220865][ T7391] ? is_bad_inode+0xd/0x40 [ 173.220880][ T7391] ? xattr_resolve_name+0x27d/0x3f0 [ 173.220901][ T7391] ? vfs_getxattr_alloc+0xec/0x350 [ 173.220923][ T7391] ? ima_get_hash_algo+0x22d/0x400 [ 173.220944][ T7391] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 173.220969][ T7391] ? process_measurement+0xdfe/0x2350 [ 173.220991][ T7391] process_measurement+0xdfe/0x2350 [ 173.221025][ T7391] ? stack_trace_save+0x8e/0xc0 [ 173.221046][ T7391] ? __pfx_process_measurement+0x10/0x10 [ 173.221071][ T7391] ? __lock_acquire+0x4a5/0x2630 [ 173.221085][ T7391] ? __kasan_slab_alloc+0x89/0x90 [ 173.221100][ T7391] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 173.221115][ T7391] ? init_file+0x95/0x480 [ 173.221133][ T7391] ? alloc_empty_file+0x79/0x1c0 [ 173.221153][ T7391] ? alloc_file_pseudo+0x13a/0x230 [ 173.221173][ T7391] ? ksys_mmap_pgoff+0x242/0x610 [ 173.221190][ T7391] ? __x64_sys_mmap+0x125/0x190 [ 173.221205][ T7391] ? do_syscall_64+0x10b/0x830 [ 173.221235][ T7391] ? __pfx_aa_file_perm+0x10/0x10 [ 173.221261][ T7391] ima_file_mmap+0x1c4/0x1f0 [ 173.221284][ T7391] ? __pfx_ima_file_mmap+0x10/0x10 [ 173.221312][ T7391] security_mmap_file+0x278/0x9b0 [ 173.221331][ T7391] vm_mmap_pgoff+0xec/0x470 [ 173.221351][ T7391] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 173.221368][ T7391] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 173.221390][ T7391] ? hugetlbfs_get_inode+0x3f5/0x700 [ 173.221418][ T7391] ksys_mmap_pgoff+0x285/0x610 [ 173.221438][ T7391] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 173.221455][ T7391] ? xfd_validate_state+0x129/0x190 [ 173.221474][ T7391] __x64_sys_mmap+0x125/0x190 [ 173.221492][ T7391] do_syscall_64+0x10b/0x830 [ 173.221505][ T7391] ? clear_bhb_loop+0x40/0x90 [ 173.221523][ T7391] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 173.221538][ T7391] RIP: 0033:0x7f240c79ce59 [ 173.221551][ T7391] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 173.221565][ T7391] RSP: 002b:00007f240d694028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 173.221580][ T7391] RAX: ffffffffffffffda RBX: 00007f240ca15fa0 RCX: 00007f240c79ce59 [ 173.221590][ T7391] RDX: 00004000000000df RSI: 0000000000000004 RDI: 0000000000000000 [ 173.221599][ T7391] RBP: 00007f240c832d6f R08: 0000000000000004 R09: 0000300000000000 [ 173.221608][ T7391] R10: 0000000000040eb1 R11: 0000000000000246 R12: 0000000000000000 [ 173.221617][ T7391] R13: 00007f240ca16038 R14: 00007f240ca15fa0 R15: 00007fffda37bfa8 [ 173.221637][ T7391] [ 173.897713][ T6103] Bluetooth: hci0: command 0x0c1a tx timeout [ 173.958379][ T29] audit: type=1800 audit(2147740540.259:5): pid=7391 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.294" name="anon_hugepage" dev="hugetlbfs" ino=17170 res=0 errno=0 [ 174.116290][ T6108] Bluetooth: hci1: command 0x0c1a tx timeout [ 174.293664][ T6108] Bluetooth: hci2: command 0x0c1a tx timeout [ 174.300522][ T6108] Bluetooth: hci3: command 0x2016 tx timeout [ 174.335324][ T7411] random: crng reseeded on system resumption [ 174.395918][ T7411] hub 1-0:1.0: USB hub found [ 174.402882][ T7411] hub 1-0:1.0: 1 port detected [ 174.815609][ T7385] page dumped because: unmovable page [ 174.843186][ T7385] page_owner tracks the page as allocated [ 174.877261][ T7385] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x29c2(GFP_NOWAIT|__GFP_HIGHMEM|__GFP_IO|__GFP_FS|__GFP_ZERO), pid 5628, tgid 5628 (syz-executor), ts 81250357001, free_ts 81029201917 [ 174.953181][ T7385] post_alloc_hook+0xfd/0x120 [ 174.971020][ T7385] get_page_from_freelist+0x11a6/0x33b0 [ 174.988669][ T7385] __alloc_frozen_pages_noprof+0x27c/0x2bc0 [ 175.011676][ T7385] alloc_pages_mpol+0x1fb/0x540 [ 175.029085][ T7385] alloc_pages_noprof+0x1a/0x160 [ 175.044528][ T7385] __vmalloc_node_range_noprof+0xf9a/0x1630 [ 175.063089][ T7385] vmalloc_user_noprof+0x9e/0xe0 [ 175.081006][ T7385] kcov_ioctl+0x4c/0x720 [ 175.098128][ T7385] __x64_sys_ioctl+0x18e/0x210 [ 175.109889][ T7385] do_syscall_64+0x10b/0x830 [ 175.129216][ T7385] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 175.146785][ T7385] page last free pid 5615 tgid 5615 stack trace: [ 175.194487][ T7385] free_unref_folios+0xa0d/0x16f0 [ 175.210420][ T7385] folios_put_refs+0x571/0xa90 [ 175.226521][ T7385] free_pages_and_swap_cache+0x22d/0x3b0 [ 175.245802][ T7385] __tlb_batch_free_encoded_pages+0xe9/0x280 [ 175.266092][ T7385] tlb_finish_mmu+0x1b0/0x810 [ 175.280579][ T7385] unmap_region+0x2d9/0x3b0 [ 175.294329][ T7385] vms_complete_munmap_vmas+0xa4b/0xdd0 [ 175.314637][ T7385] do_vmi_align_munmap+0x44f/0x5f0 [ 175.334560][ T7385] do_vmi_munmap+0x1f8/0x3e0 [ 175.343152][ T7385] __vm_munmap+0x196/0x390 [ 175.352562][ T7385] __x64_sys_munmap+0x59/0x80 [ 175.362655][ T7385] do_syscall_64+0x10b/0x830 [ 175.372248][ T7385] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 175.391435][ T6103] Bluetooth: hci1: unexpected subevent 0x03 length: 253 > 9 [ 175.966484][ T6103] Bluetooth: hci0: command 0x0c1a tx timeout [ 176.124916][ T6103] Bluetooth: hci1: command 0x0c1a tx timeout [ 176.366457][ T6103] Bluetooth: hci3: command 0x2016 tx timeout [ 176.372499][ T6103] Bluetooth: hci2: command 0x0c1a tx timeout [ 177.923543][ T7482] netlink: 8 bytes leftover after parsing attributes in process `syz.2.312'. [ 178.047643][ T7451] Bluetooth: hci0: command 0x0c1a tx timeout [ 178.205621][ T7451] Bluetooth: hci1: command 0x0c1a tx timeout [ 178.445945][ T7451] Bluetooth: hci2: command 0x0c1a tx timeout [ 178.452225][ T6108] Bluetooth: hci3: command 0x2016 tx timeout [ 179.716712][ T29] audit: type=1800 audit(2147777234.331:6): pid=7537 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.321" name="lu_gp_id" dev="configfs" ino=19117 res=0 errno=0 [ 181.466016][ T7573] netlink: 28 bytes leftover after parsing attributes in process `syz.0.328'. [ 182.103690][ T7585] netlink: 98 bytes leftover after parsing attributes in process `syz.1.331'. [ 182.190578][ T7581] netlink: 50 bytes leftover after parsing attributes in process `syz.1.331'. [ 183.311898][ T7582] kexec: Could not allocate control_code_buffer [ 183.800214][ T7603] batman_adv: Routing algorithm '' is not supported [ 184.047853][ T7603] netlink: 28 bytes leftover after parsing attributes in process `syz.1.335'. [ 184.081450][ T7608] FAULT_INJECTION: forcing a failure. [ 184.081450][ T7608] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 184.348787][ T7608] CPU: 0 UID: 0 PID: 7608 Comm: syz.0.336 Tainted: G L syzkaller #0 PREEMPT(full) [ 184.348814][ T7608] Tainted: [L]=SOFTLOCKUP [ 184.348820][ T7608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 184.348830][ T7608] Call Trace: [ 184.348835][ T7608] [ 184.348841][ T7608] dump_stack_lvl+0x100/0x190 [ 184.348863][ T7608] should_fail_ex.cold+0x5/0xa [ 184.348883][ T7608] _copy_from_user+0x2e/0xd0 [ 184.348900][ T7608] copy_msghdr_from_user+0x9f/0x4f0 [ 184.348916][ T7608] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 184.348943][ T7608] ? __pfx_futex_wake_mark+0x10/0x10 [ 184.348967][ T7608] ___sys_sendmsg+0x106/0x1e0 [ 184.348983][ T7608] ? __pfx____sys_sendmsg+0x10/0x10 [ 184.349039][ T7608] __sys_sendmsg+0x170/0x220 [ 184.349060][ T7608] ? __pfx___sys_sendmsg+0x10/0x10 [ 184.349081][ T7608] ? __x64_sys_futex+0x34f/0x4d0 [ 184.349105][ T7608] ? rcu_is_watching+0x12/0xc0 [ 184.349127][ T7608] do_syscall_64+0x10b/0x830 [ 184.349147][ T7608] ? clear_bhb_loop+0x40/0x90 [ 184.349165][ T7608] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 184.349181][ T7608] RIP: 0033:0x7f240c79ce59 [ 184.349195][ T7608] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 184.349208][ T7608] RSP: 002b:00007f240d673028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 184.349223][ T7608] RAX: ffffffffffffffda RBX: 00007f240ca16090 RCX: 00007f240c79ce59 [ 184.349232][ T7608] RDX: 0000000000044014 RSI: 00002000000001c0 RDI: 0000000000000007 [ 184.349242][ T7608] RBP: 00007f240c832d6f R08: 0000000000000000 R09: 0000000000000000 [ 184.349250][ T7608] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 184.349259][ T7608] R13: 00007f240ca16128 R14: 00007f240ca16090 R15: 00007fffda37bfa8 [ 184.349279][ T7608] [ 186.393365][ T7623] Process accounting paused [ 186.942457][ T7655] i2c i2c-0: new_device: Invalid device name [ 187.013590][ T7652] netlink: 28 bytes leftover after parsing attributes in process `syz.3.343'. [ 187.079416][ T29] audit: type=1804 audit(2147777241.681:7): pid=7653 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.342" name="/newroot/sys/kernel/tracing/set_event_notrace_pid" dev="tracefs" ino=1043 res=1 errno=0 [ 187.529302][ T7673] netlink: 8 bytes leftover after parsing attributes in process `syz.2.347'. [ 187.746126][ T7674] netlink: 8 bytes leftover after parsing attributes in process `syz.2.347'. [ 187.974851][ T7682] random: crng reseeded on system resumption [ 188.223919][ T29] audit: type=1806 audit(2147777242.831:8): xattr="" res=-22 [ 189.737254][ T7688] kexec: Could not allocate control_code_buffer [ 189.813656][ T7719] random: crng reseeded on system resumption [ 190.677954][ T7733] netlink: 4 bytes leftover after parsing attributes in process `syz.2.359'. [ 193.462164][ T7790] Line length is too long: Should be less than 4094 [ 194.346795][ T7790] netlink: 12 bytes leftover after parsing attributes in process `syz.0.371'. [ 195.076046][ T7805] netlink: 318 bytes leftover after parsing attributes in process `syz.2.373'. [ 196.815073][ T7824] netlink: 326 bytes leftover after parsing attributes in process `syz.2.377'. [ 196.877773][ T7825] netlink: 326 bytes leftover after parsing attributes in process `syz.2.377'. [ 196.920197][ T7825] netlink: 326 bytes leftover after parsing attributes in process `syz.2.377'. [ 196.996006][ T7825] netlink: 326 bytes leftover after parsing attributes in process `syz.2.377'. [ 197.262574][ T7827] zswap: compressor not available [ 197.526691][ T7836] zswap: compressor /Eev/audio1 not available [ 198.982783][ T7865] aoe: can't write to that file. [ 199.346852][ T7866] Process accounting resumed [ 201.969446][ T7921] sd 0:0:1:0: device reset [ 203.897059][ T7971] ubi0: attaching mtd0 [ 203.997205][ T7971] ubi0: scanning is finished [ 204.092522][ T7971] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 204.141872][ T7970] block2mtd: Using custom MTD label '' for dev [ 204.188399][ T7970] block2mtd: error: cannot open device [ 204.612857][ T7971] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 204.800448][ T7984] FAULT_INJECTION: forcing a failure. [ 204.800448][ T7984] name failslab, interval 1, probability 0, space 0, times 0 [ 204.847341][ T7984] CPU: 0 UID: 0 PID: 7984 Comm: syz.2.408 Tainted: G L syzkaller #0 PREEMPT(full) [ 204.847367][ T7984] Tainted: [L]=SOFTLOCKUP [ 204.847372][ T7984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 204.847382][ T7984] Call Trace: [ 204.847387][ T7984] [ 204.847394][ T7984] dump_stack_lvl+0x100/0x190 [ 204.847414][ T7984] should_fail_ex.cold+0x5/0xa [ 204.847435][ T7984] should_failslab+0xc2/0x120 [ 204.847453][ T7984] __kmalloc_cache_noprof+0x7a/0x6f0 [ 204.847492][ T7984] ? open_substream+0xec/0x9b0 [ 204.847508][ T7984] ? mark_held_locks+0x40/0x70 [ 204.847525][ T7984] open_substream+0xec/0x9b0 [ 204.847543][ T7984] rawmidi_open_priv+0x595/0x6f0 [ 204.847563][ T7984] snd_rawmidi_open+0x4c9/0xba0 [ 204.847584][ T7984] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 204.847602][ T7984] ? __pfx_default_wake_function+0x10/0x10 [ 204.847624][ T7984] ? kobject_get_unless_zero+0x156/0x200 [ 204.847651][ T7984] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 204.847671][ T7984] snd_open+0x201/0x450 [ 204.847695][ T7984] ? __pfx_snd_open+0x10/0x10 [ 204.847716][ T7984] chrdev_open+0x234/0x6a0 [ 204.847735][ T7984] ? __pfx_apparmor_file_open+0x10/0x10 [ 204.847750][ T7984] ? __pfx_chrdev_open+0x10/0x10 [ 204.847774][ T7984] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 204.847798][ T7984] do_dentry_open+0x6d8/0x1660 [ 204.847816][ T7984] ? __pfx_chrdev_open+0x10/0x10 [ 204.847840][ T7984] vfs_open+0x82/0x3f0 [ 204.847863][ T7984] path_openat+0x208c/0x31a0 [ 204.847888][ T7984] ? __pfx_path_openat+0x10/0x10 [ 204.847913][ T7984] do_file_open+0x20e/0x430 [ 204.847933][ T7984] ? __pfx_do_file_open+0x10/0x10 [ 204.847965][ T7984] ? alloc_fd+0x476/0x790 [ 204.847985][ T7984] ? do_getname+0x191/0x390 [ 204.848008][ T7984] do_sys_openat2+0x10d/0x1e0 [ 204.848030][ T7984] ? __pfx_do_sys_openat2+0x10/0x10 [ 204.848059][ T7984] __x64_sys_openat+0x12d/0x210 [ 204.848073][ T7984] ? __pfx___x64_sys_openat+0x10/0x10 [ 204.848094][ T7984] ? ksys_write+0x1ac/0x250 [ 204.848113][ T7984] ? rcu_is_watching+0x12/0xc0 [ 204.848134][ T7984] do_syscall_64+0x10b/0x830 [ 204.848147][ T7984] ? clear_bhb_loop+0x40/0x90 [ 204.848165][ T7984] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 204.848179][ T7984] RIP: 0033:0x7f7e1af9ce59 [ 204.848193][ T7984] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 204.848206][ T7984] RSP: 002b:00007f7e1bf1e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 204.848221][ T7984] RAX: ffffffffffffffda RBX: 00007f7e1b215fa0 RCX: 00007f7e1af9ce59 [ 204.848231][ T7984] RDX: 0000000000080102 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 204.848240][ T7984] RBP: 00007f7e1b032d6f R08: 0000000000000000 R09: 0000000000000000 [ 204.848250][ T7984] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 204.848258][ T7984] R13: 00007f7e1b216038 R14: 00007f7e1b215fa0 R15: 00007ffcd5338d68 [ 204.848278][ T7984] [ 206.285759][ T7451] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 206.299839][ T7451] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 206.309879][ T7451] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 206.318499][ T7451] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 206.327903][ T7451] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 208.034435][ T8052] ACPI: \_SB_.LNKS: No IRQ available. Try pci=noacpi or acpi=off [ 208.114875][ T8052] pci 0000:00:01.3: PCI INT A: no GSI [ 208.365602][ T7451] Bluetooth: hci4: command tx timeout [ 208.437125][ T8062] FAULT_INJECTION: forcing a failure. [ 208.437125][ T8062] name failslab, interval 1, probability 0, space 0, times 0 [ 208.535469][ T8062] CPU: 0 UID: 0 PID: 8062 Comm: syz.2.423 Tainted: G L syzkaller #0 PREEMPT(full) [ 208.535495][ T8062] Tainted: [L]=SOFTLOCKUP [ 208.535500][ T8062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 208.535510][ T8062] Call Trace: [ 208.535515][ T8062] [ 208.535521][ T8062] dump_stack_lvl+0x100/0x190 [ 208.535543][ T8062] should_fail_ex.cold+0x5/0xa [ 208.535563][ T8062] should_failslab+0xc2/0x120 [ 208.535582][ T8062] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 208.535597][ T8062] ? __d_alloc+0x34/0xa40 [ 208.535622][ T8062] __d_alloc+0x34/0xa40 [ 208.535644][ T8062] d_alloc+0x4a/0x1e0 [ 208.535664][ T8062] lookup_one_qstr_excl+0x171/0x250 [ 208.535688][ T8062] start_dirop+0x59/0xb0 [ 208.535706][ T8062] simple_start_creating+0xf9/0x110 [ 208.535724][ T8062] ? __pfx_simple_start_creating+0x10/0x10 [ 208.535742][ T8062] ? mntput+0x70/0xa0 [ 208.535758][ T8062] ? simple_pin_fs+0xa3/0x190 [ 208.535774][ T8062] debugfs_start_creating.part.0+0x82/0x170 [ 208.535802][ T8062] __debugfs_create_file+0xb3/0x4f0 [ 208.535828][ T8062] debugfs_create_file_full+0x41/0x60 [ 208.535853][ T8062] ref_tracker_dir_debugfs+0x19e/0x2e0 [ 208.535874][ T8062] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 208.535893][ T8062] ? ida_alloc_range+0x70d/0x830 [ 208.535925][ T8062] ? lockdep_init_map_type+0x5c/0x250 [ 208.535944][ T8062] preinit_net.part.0+0x252/0x920 [ 208.535965][ T8062] copy_net_ns+0x339/0x7c0 [ 208.535987][ T8062] create_new_namespaces+0x3ea/0xac0 [ 208.536012][ T8062] unshare_nsproxy_namespaces+0xf2/0x220 [ 208.536033][ T8062] ksys_unshare+0x438/0xab0 [ 208.536056][ T8062] ? __pfx_ksys_unshare+0x10/0x10 [ 208.536075][ T8062] ? xfd_validate_state+0x129/0x190 [ 208.536090][ T8062] ? ksys_write+0x1ac/0x250 [ 208.536112][ T8062] __x64_sys_unshare+0x31/0x40 [ 208.536133][ T8062] do_syscall_64+0x10b/0x830 [ 208.536146][ T8062] ? clear_bhb_loop+0x40/0x90 [ 208.536164][ T8062] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 208.536179][ T8062] RIP: 0033:0x7f7e1af9ce59 [ 208.536192][ T8062] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 208.536206][ T8062] RSP: 002b:00007f7e1bf1e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 208.536221][ T8062] RAX: ffffffffffffffda RBX: 00007f7e1b215fa0 RCX: 00007f7e1af9ce59 [ 208.536231][ T8062] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 208.536240][ T8062] RBP: 00007f7e1b032d6f R08: 0000000000000000 R09: 0000000000000000 [ 208.536249][ T8062] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 208.536258][ T8062] R13: 00007f7e1b216038 R14: 00007f7e1b215fa0 R15: 00007ffcd5338d68 [ 208.536278][ T8062] [ 210.003940][ T8050] Process accounting resumed [ 210.202395][ T8010] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.242159][ T8010] bridge0: port 1(bridge_slave_0) entered disabled state [ 210.308193][ T8010] bridge_slave_0: entered allmulticast mode [ 210.337467][ T8010] bridge_slave_0: entered promiscuous mode [ 210.444747][ T7451] Bluetooth: hci4: command tx timeout [ 210.541560][ T8010] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.582456][ T8099] QAT: failed to copy from user. [ 210.599887][ T8010] bridge0: port 2(bridge_slave_1) entered disabled state [ 210.638271][ T8010] bridge_slave_1: entered allmulticast mode [ 210.668314][ T8010] bridge_slave_1: entered promiscuous mode [ 210.883119][ T8010] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 210.940294][ T8010] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 210.998897][ T8101] syz.0.428(8101): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 211.058042][ T8102] sg_write: data in/out 1172242482/28904 bytes for SCSI command 0x0-- guessing data in; [ 211.058042][ T8102] program syz.0.428 not setting count and/or reply_len properly [ 211.191224][ T8010] team0: Port device team_slave_0 added [ 211.225772][ T8010] team0: Port device team_slave_1 added [ 211.375305][ T8010] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 211.418262][ T8010] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 211.602441][ T8010] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 211.679538][ T8010] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 211.729941][ T8010] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 211.875227][ T8010] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 212.211543][ T8010] hsr_slave_0: entered promiscuous mode [ 212.245514][ T8010] hsr_slave_1: entered promiscuous mode [ 212.277337][ T8010] debugfs: 'hsr0' already exists in 'hsr' [ 212.309019][ T8010] Cannot create hsr debugfs directory [ 212.524656][ T7451] Bluetooth: hci4: command tx timeout [ 213.110654][ T29] audit: type=1800 audit(2147850643.723:9): pid=8144 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.436" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 213.371769][ T8142] tipc: Started in network mode [ 213.438107][ T8142] tipc: Node identity ee00, cluster identity 4711 [ 213.532435][ T8142] tipc: Node number set to 60928 [ 214.431687][ T8010] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 214.540254][ T8010] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 214.589470][ T8010] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 214.605168][ T7451] Bluetooth: hci4: command tx timeout [ 214.674267][ T8010] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 214.736282][ T8010] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 214.819829][ T8010] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 214.865442][ T8010] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 214.922440][ T8167] FAULT_INJECTION: forcing a failure. [ 214.922440][ T8167] name fail_futex, interval 1, probability 0, space 0, times 0 [ 214.935603][ T8167] CPU: 0 UID: 0 PID: 8167 Comm: syz.0.439 Tainted: G L syzkaller #0 PREEMPT(full) [ 214.935628][ T8167] Tainted: [L]=SOFTLOCKUP [ 214.935634][ T8167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 214.935643][ T8167] Call Trace: [ 214.935648][ T8167] [ 214.935653][ T8167] dump_stack_lvl+0x100/0x190 [ 214.935675][ T8167] should_fail_ex.cold+0x5/0xa [ 214.935695][ T8167] should_fail_futex+0x4c/0x60 [ 214.935710][ T8167] futex_lock_pi_atomic+0xe7/0xaf0 [ 214.935730][ T8167] ? futex_hash+0x141/0x370 [ 214.935746][ T8167] futex_lock_pi+0x245/0x7a0 [ 214.935767][ T8167] ? __pfx_futex_lock_pi+0x10/0x10 [ 214.935788][ T8167] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 214.935826][ T8167] ? __pfx_futex_wake_mark+0x10/0x10 [ 214.935849][ T8167] ? ksys_write+0x190/0x250 [ 214.935866][ T8167] ? ksys_write+0x190/0x250 [ 214.935886][ T8167] do_futex+0x18a/0x350 [ 214.935902][ T8167] ? __pfx_do_futex+0x10/0x10 [ 214.935931][ T8167] __x64_sys_futex+0x34f/0x4d0 [ 214.935950][ T8167] ? __pfx___x64_sys_futex+0x10/0x10 [ 214.935966][ T8167] ? ksys_write+0x1ac/0x250 [ 214.935987][ T8167] ? rcu_is_watching+0x12/0xc0 [ 214.936008][ T8167] do_syscall_64+0x10b/0x830 [ 214.936021][ T8167] ? clear_bhb_loop+0x40/0x90 [ 214.936038][ T8167] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 214.936053][ T8167] RIP: 0033:0x7f240c79ce59 [ 214.936067][ T8167] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 214.936080][ T8167] RSP: 002b:00007f240d652028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 214.936094][ T8167] RAX: ffffffffffffffda RBX: 00007f240ca16180 RCX: 00007f240c79ce59 [ 214.936104][ T8167] RDX: 0000000000000008 RSI: 0000000000000006 RDI: 0000000000000000 [ 214.936112][ T8167] RBP: 00007f240c832d6f R08: 0000000000000000 R09: 000000008000fff5 [ 214.936121][ T8167] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 214.936129][ T8167] R13: 00007f240ca16218 R14: 00007f240ca16180 R15: 00007fffda37bfa8 [ 214.936148][ T8167] [ 214.938577][ T8010] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 215.781267][ T8179] cgroup: fork rejected by pids controller in /syz1 [ 215.810246][ T8175] netlink: 28 bytes leftover after parsing attributes in process `syz.1.441'. [ 216.158298][ T8175] batadv0: entered promiscuous mode [ 216.188135][ T8175] netlink: 28 bytes leftover after parsing attributes in process `syz.1.441'. [ 216.738601][ T8010] 8021q: adding VLAN 0 to HW filter on device bond0 [ 216.849902][ T8010] 8021q: adding VLAN 0 to HW filter on device team0 [ 216.905155][ T8330] bridge0: port 1(bridge_slave_0) entered blocking state [ 216.912513][ T8330] bridge0: port 1(bridge_slave_0) entered forwarding state [ 217.032373][ T8330] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.039580][ T8330] bridge0: port 2(bridge_slave_1) entered forwarding state [ 217.201900][ T8353] netlink: 8 bytes leftover after parsing attributes in process `syz.0.446'. [ 218.021809][ T8367] FAULT_INJECTION: forcing a failure. [ 218.021809][ T8367] name failslab, interval 1, probability 0, space 0, times 0 [ 218.109442][ T8367] CPU: 0 UID: 0 PID: 8367 Comm: syz.0.448 Tainted: G L syzkaller #0 PREEMPT(full) [ 218.109468][ T8367] Tainted: [L]=SOFTLOCKUP [ 218.109474][ T8367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 218.109483][ T8367] Call Trace: [ 218.109488][ T8367] [ 218.109494][ T8367] dump_stack_lvl+0x100/0x190 [ 218.109516][ T8367] should_fail_ex.cold+0x5/0xa [ 218.109537][ T8367] should_failslab+0xc2/0x120 [ 218.109556][ T8367] __kmalloc_cache_noprof+0x7a/0x6f0 [ 218.109577][ T8367] ? open_substream+0xec/0x9b0 [ 218.109591][ T8367] ? mark_held_locks+0x40/0x70 [ 218.109615][ T8367] open_substream+0xec/0x9b0 [ 218.109633][ T8367] rawmidi_open_priv+0x595/0x6f0 [ 218.109653][ T8367] snd_rawmidi_open+0x4c9/0xba0 [ 218.109674][ T8367] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 218.109693][ T8367] ? __pfx_default_wake_function+0x10/0x10 [ 218.109716][ T8367] ? kobject_get_unless_zero+0x156/0x200 [ 218.109736][ T8367] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 218.109753][ T8367] snd_open+0x201/0x450 [ 218.109778][ T8367] ? __pfx_snd_open+0x10/0x10 [ 218.109800][ T8367] chrdev_open+0x234/0x6a0 [ 218.109819][ T8367] ? __pfx_apparmor_file_open+0x10/0x10 [ 218.109834][ T8367] ? __pfx_chrdev_open+0x10/0x10 [ 218.109854][ T8367] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 218.109878][ T8367] do_dentry_open+0x6d8/0x1660 [ 218.109896][ T8367] ? __pfx_chrdev_open+0x10/0x10 [ 218.109919][ T8367] vfs_open+0x82/0x3f0 [ 218.109943][ T8367] path_openat+0x208c/0x31a0 [ 218.109969][ T8367] ? __pfx_path_openat+0x10/0x10 [ 218.109994][ T8367] do_file_open+0x20e/0x430 [ 218.110014][ T8367] ? __pfx_do_file_open+0x10/0x10 [ 218.110046][ T8367] ? alloc_fd+0x476/0x790 [ 218.110065][ T8367] ? do_getname+0x191/0x390 [ 218.110089][ T8367] do_sys_openat2+0x10d/0x1e0 [ 218.110111][ T8367] ? __pfx_do_sys_openat2+0x10/0x10 [ 218.110134][ T8367] ? __fget_files+0x21f/0x3d0 [ 218.110155][ T8367] __x64_sys_openat+0x12d/0x210 [ 218.110170][ T8367] ? __pfx___x64_sys_openat+0x10/0x10 [ 218.110196][ T8367] ? rcu_is_watching+0x12/0xc0 [ 218.110216][ T8367] do_syscall_64+0x10b/0x830 [ 218.110229][ T8367] ? clear_bhb_loop+0x40/0x90 [ 218.110247][ T8367] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 218.110262][ T8367] RIP: 0033:0x7f240c79ce59 [ 218.110276][ T8367] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 218.110290][ T8367] RSP: 002b:00007f240d694028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 218.110305][ T8367] RAX: ffffffffffffffda RBX: 00007f240ca15fa0 RCX: 00007f240c79ce59 [ 218.110315][ T8367] RDX: 000000000000a003 RSI: 0000200000000340 RDI: ffffffffffffff9c [ 218.110324][ T8367] RBP: 00007f240c832d6f R08: 0000000000000000 R09: 0000000000000000 [ 218.110333][ T8367] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 218.110341][ T8367] R13: 00007f240ca16038 R14: 00007f240ca15fa0 R15: 00007fffda37bfa8 [ 218.110362][ T8367] [ 219.759819][ T8010] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 220.044193][ T8398] FAULT_INJECTION: forcing a failure. [ 220.044193][ T8398] name failslab, interval 1, probability 0, space 0, times 0 [ 220.115986][ T8398] CPU: 0 UID: 0 PID: 8398 Comm: syz.1.452 Tainted: G L syzkaller #0 PREEMPT(full) [ 220.116012][ T8398] Tainted: [L]=SOFTLOCKUP [ 220.116018][ T8398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 220.116027][ T8398] Call Trace: [ 220.116032][ T8398] [ 220.116038][ T8398] dump_stack_lvl+0x100/0x190 [ 220.116060][ T8398] should_fail_ex.cold+0x5/0xa [ 220.116079][ T8398] should_failslab+0xc2/0x120 [ 220.116097][ T8398] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 220.116111][ T8398] ? __proc_create+0x2cb/0x8c0 [ 220.116135][ T8398] __proc_create+0x2cb/0x8c0 [ 220.116155][ T8398] ? __pfx___proc_create+0x10/0x10 [ 220.116173][ T8398] ? do_syscall_64+0x10b/0x830 [ 220.116194][ T8398] proc_create_reg+0x75/0x170 [ 220.116215][ T8398] proc_create_net_data+0x8e/0x1c0 [ 220.116235][ T8398] ? __pfx_proc_create_net_data+0x10/0x10 [ 220.116261][ T8398] xt_proto_init+0x24e/0xb80 [ 220.116279][ T8398] ? __pfx_xt_proto_init+0x10/0x10 [ 220.116296][ T8398] ? net_generic+0xf4/0x2a0 [ 220.116314][ T8398] ? __pfx_ip6_tables_net_init+0x10/0x10 [ 220.116343][ T8398] ops_init+0x1e2/0x5f0 [ 220.116366][ T8398] setup_net+0x118/0x3a0 [ 220.116385][ T8398] ? __pfx_setup_net+0x10/0x10 [ 220.116405][ T8398] ? mutex_init_lockdep+0xf1/0x120 [ 220.116425][ T8398] copy_net_ns+0x46f/0x7c0 [ 220.116458][ T8398] create_new_namespaces+0x3ea/0xac0 [ 220.116484][ T8398] unshare_nsproxy_namespaces+0xf2/0x220 [ 220.116506][ T8398] ksys_unshare+0x438/0xab0 [ 220.116529][ T8398] ? __pfx_ksys_unshare+0x10/0x10 [ 220.116549][ T8398] ? xfd_validate_state+0x129/0x190 [ 220.116571][ T8398] __x64_sys_unshare+0x31/0x40 [ 220.116592][ T8398] do_syscall_64+0x10b/0x830 [ 220.116605][ T8398] ? clear_bhb_loop+0x40/0x90 [ 220.116623][ T8398] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 220.116638][ T8398] RIP: 0033:0x7fa41239ce59 [ 220.116651][ T8398] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 220.116665][ T8398] RSP: 002b:00007fa413263028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 220.116680][ T8398] RAX: ffffffffffffffda RBX: 00007fa412615fa0 RCX: 00007fa41239ce59 [ 220.116690][ T8398] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 220.116698][ T8398] RBP: 00007fa412432d6f R08: 0000000000000000 R09: 0000000000000000 [ 220.116707][ T8398] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 220.116715][ T8398] R13: 00007fa412616038 R14: 00007fa412615fa0 R15: 00007ffe6b923478 [ 220.116735][ T8398] [ 221.299887][ T8010] veth0_vlan: entered promiscuous mode [ 221.343741][ T8010] veth1_vlan: entered promiscuous mode [ 221.422038][ T8010] veth0_macvtap: entered promiscuous mode [ 221.490136][ T8010] veth1_macvtap: entered promiscuous mode [ 221.583694][ T8010] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 221.697000][ T8010] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 221.786816][ T6113] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.903693][ T6113] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.980575][ T6113] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.066249][ T6113] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.462666][ T6301] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 222.513504][ T6301] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 222.642939][ T8433] netlink: 28 bytes leftover after parsing attributes in process `syz.1.457'. [ 222.688814][ T6301] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 222.725031][ T6301] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 222.753272][ T8433] bond0: entered promiscuous mode [ 222.821653][ T8433] bond_slave_0: entered promiscuous mode [ 222.889483][ T8433] bond_slave_1: entered promiscuous mode [ 223.119098][ T8440] netlink: 28 bytes leftover after parsing attributes in process `syz.1.457'. [ 223.494210][ T8467] netlink: 20 bytes leftover after parsing attributes in process `syz.4.411'. [ 224.731840][ T8496] ubi0: attaching mtd0 [ 224.799564][ T8496] ubi0: scanning is finished [ 224.887805][ T8496] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 225.475279][ T8500] ACPI: EC: Assuming SCI_EVT clearing on QR_EC writes [ 225.586465][ T8496] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 226.390555][ T8545] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 227.407947][ T8568] netlink: 130 bytes leftover after parsing attributes in process `syz.4.475'. [ 227.508488][ T8573] netlink: 130 bytes leftover after parsing attributes in process `syz.4.475'. [ 228.819214][ T8599] netlink: 186 bytes leftover after parsing attributes in process `syz.0.479'. [ 232.069576][ T8679] i2c i2c-0: new_device: Invalid device name [ 233.937161][ T8699] Process accounting resumed [ 234.164881][ T8725] FAULT_INJECTION: forcing a failure. [ 234.164881][ T8725] name fail_futex, interval 1, probability 0, space 0, times 0 [ 234.251911][ T8725] CPU: 0 UID: 0 PID: 8725 Comm: syz.2.494 Tainted: G L syzkaller #0 PREEMPT(full) [ 234.251935][ T8725] Tainted: [L]=SOFTLOCKUP [ 234.251940][ T8725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 234.251949][ T8725] Call Trace: [ 234.251954][ T8725] [ 234.251959][ T8725] dump_stack_lvl+0x100/0x190 [ 234.251981][ T8725] should_fail_ex.cold+0x5/0xa [ 234.251997][ T8725] ? putname+0xb1/0x110 [ 234.252018][ T8725] get_futex_key+0x1d2/0x1510 [ 234.252036][ T8725] ? __pfx_get_futex_key+0x10/0x10 [ 234.252057][ T8725] futex_wake+0xea/0x530 [ 234.252077][ T8725] ? __pfx_futex_wake+0x10/0x10 [ 234.252101][ T8725] ? putname+0xb1/0x110 [ 234.252121][ T8725] do_futex+0x32b/0x350 [ 234.252138][ T8725] ? __pfx_do_futex+0x10/0x10 [ 234.252155][ T8725] ? __mutex_unlock_slowpath+0x15d/0x8a0 [ 234.252173][ T8725] __x64_sys_futex+0x34f/0x4d0 [ 234.252192][ T8725] ? __pfx___x64_sys_futex+0x10/0x10 [ 234.252212][ T8725] ? rcu_is_watching+0x12/0xc0 [ 234.252232][ T8725] do_syscall_64+0x10b/0x830 [ 234.252245][ T8725] ? clear_bhb_loop+0x40/0x90 [ 234.252263][ T8725] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 234.252278][ T8725] RIP: 0033:0x7f7e1af9ce59 [ 234.252290][ T8725] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 234.252303][ T8725] RSP: 002b:00007f7e1bedc0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 234.252318][ T8725] RAX: ffffffffffffffda RBX: 00007f7e1b216188 RCX: 00007f7e1af9ce59 [ 234.252327][ T8725] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f7e1b21618c [ 234.252336][ T8725] RBP: 00007f7e1b216180 R08: 0000000000000001 R09: 0000000000000000 [ 234.252345][ T8725] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 234.252353][ T8725] R13: 00007f7e1b216218 R14: 00007ffcd5338c80 R15: 00007ffcd5338d68 [ 234.252372][ T8725] [ 235.017269][ T8729] netlink: 342 bytes leftover after parsing attributes in process `syz.0.496'. [ 235.040823][ T8732] random: crng reseeded on system resumption [ 235.131932][ T8732] hub 1-0:1.0: USB hub found [ 235.161103][ T8732] hub 1-0:1.0: 1 port detected [ 235.987431][ T7731] Process accounting resumed [ 237.232998][ T8774] netlink: 4 bytes leftover after parsing attributes in process `syz.1.507'. [ 237.297908][ T8774] netlink: 354 bytes leftover after parsing attributes in process `syz.1.507'. [ 237.372678][ T8779] netlink: 354 bytes leftover after parsing attributes in process `syz.1.507'. [ 237.461858][ T6102] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 237.987141][ T6102] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 238.344093][ T6102] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 238.639184][ T6102] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 239.272343][ T6102] bridge_slave_1: left allmulticast mode [ 239.306363][ T6102] bridge_slave_1: left promiscuous mode [ 239.340868][ T6102] bridge0: port 2(bridge_slave_1) entered disabled state [ 239.424519][ T6102] bridge_slave_0: left allmulticast mode [ 239.461979][ T6102] bridge_slave_0: left promiscuous mode [ 239.493584][ T6102] bridge0: port 1(bridge_slave_0) entered disabled state [ 240.325099][ T7451] Bluetooth: hci0: unexpected event 0x1d length: 6 > 5 [ 240.325213][ T7451] Bluetooth: hci0: unexpected event 0x1d length: 6 > 5 [ 240.333331][ T7451] Bluetooth: hci0: unexpected event 0x1d length: 6 > 5 [ 240.340889][ T7451] Bluetooth: hci0: unexpected event 0x1d length: 6 > 5 [ 240.348972][ T7451] Bluetooth: hci0: unexpected event 0x1d length: 6 > 5 [ 240.357567][ T7451] Bluetooth: hci0: unexpected event 0x1d length: 6 > 5 [ 240.364560][ T7451] Bluetooth: hci0: unexpected event 0x1d length: 6 > 5 [ 240.373306][ T7451] Bluetooth: hci0: unexpected event 0x1d length: 6 > 5 [ 240.380339][ T7451] Bluetooth: hci0: unexpected event 0x1d length: 6 > 5 [ 240.394717][ T7451] Bluetooth: hci0: unexpected event 0x1d length: 6 > 5 [ 240.931993][ T6102] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 241.152283][ T6102] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 241.229583][ T6102] bond0 (unregistering): Released all slaves [ 241.472916][ T5289] 8021q: adding VLAN 0 to HW filter on device eth1 [ 241.524747][ T6102] ovs_: left promiscuous mode [ 241.896323][ T6102] tipc: Left network mode [ 242.777037][ T6102] hsr_slave_0: left promiscuous mode [ 242.802927][ T6102] hsr_slave_1: left promiscuous mode [ 242.827706][ T6102] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 242.863547][ T6102] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 242.921182][ T6102] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 242.956662][ T6102] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 243.083904][ T6102] veth1_macvtap: left promiscuous mode [ 243.124007][ T6102] veth0_macvtap: left promiscuous mode [ 243.166958][ T6102] veth1_vlan: left promiscuous mode [ 243.213802][ T6102] veth0_vlan: left promiscuous mode [ 244.023734][ T8907] netlink: 28 bytes leftover after parsing attributes in process `syz.0.527'. [ 244.141634][ T6102] team0 (unregistering): Port device team_slave_1 removed [ 244.161370][ T6102] team0 (unregistering): Port device team_slave_0 removed [ 244.500575][ T5289] 8021q: adding VLAN 0 to HW filter on device eth2 [ 246.429006][ T8954] sg_write: data in/out 262108/45 bytes for SCSI command 0x61-- guessing data in; [ 246.429006][ T8954] program syz.0.532 not setting count and/or reply_len properly [ 246.686894][ T5289] 8021q: adding VLAN 0 to HW filter on device eth3 [ 248.579889][ T5289] 8021q: adding VLAN 0 to HW filter on device eth4 [ 248.972388][ T9031] vhci_hcd: not connected 4 [ 249.041420][ T9031] FAULT_INJECTION: forcing a failure. [ 249.041420][ T9031] name failslab, interval 1, probability 0, space 0, times 0 [ 249.187890][ T9031] CPU: 0 UID: 0 PID: 9031 Comm: syz.0.542 Tainted: G L syzkaller #0 PREEMPT(full) [ 249.187916][ T9031] Tainted: [L]=SOFTLOCKUP [ 249.187921][ T9031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 249.187933][ T9031] Call Trace: [ 249.187939][ T9031] [ 249.187945][ T9031] dump_stack_lvl+0x100/0x190 [ 249.187966][ T9031] should_fail_ex.cold+0x5/0xa [ 249.187987][ T9031] should_failslab+0xc2/0x120 [ 249.188005][ T9031] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 249.188020][ T9031] ? do_getname+0x35/0x390 [ 249.188046][ T9031] do_getname+0x35/0x390 [ 249.188069][ T9031] user_path_at+0x26/0x60 [ 249.188087][ T9031] __x64_sys_mount+0x1fb/0x310 [ 249.188108][ T9031] ? __pfx___x64_sys_mount+0x10/0x10 [ 249.188130][ T9031] ? rcu_is_watching+0x12/0xc0 [ 249.188151][ T9031] do_syscall_64+0x10b/0x830 [ 249.188165][ T9031] ? clear_bhb_loop+0x40/0x90 [ 249.188182][ T9031] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 249.188197][ T9031] RIP: 0033:0x7f240c79ce59 [ 249.188211][ T9031] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 249.188225][ T9031] RSP: 002b:00007f240d694028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 249.188242][ T9031] RAX: ffffffffffffffda RBX: 00007f240ca15fa0 RCX: 00007f240c79ce59 [ 249.188283][ T9031] RDX: 0000200000000240 RSI: 0000200000000040 RDI: 0000200000000000 [ 249.188293][ T9031] RBP: 00007f240c832d6f R08: 0000000000000000 R09: 0000000000000000 [ 249.188302][ T9031] R10: 0000000000000009 R11: 0000000000000246 R12: 0000000000000000 [ 249.188311][ T9031] R13: 00007f240ca16038 R14: 00007f240ca15fa0 R15: 00007fffda37bfa8 [ 249.188330][ T9031] [ 251.490944][ T9060] overlayfs: "check_copy_up" module option is obsolete [ 252.152619][ T9068] netlink: 28 bytes leftover after parsing attributes in process `syz.4.548'. [ 252.290740][ T9068] hsr_slave_0 (unregistering): left promiscuous mode [ 252.984319][ T9082] netlink: 44 bytes leftover after parsing attributes in process `syz.2.550'. [ 255.603893][ T9134] netlink: 8 bytes leftover after parsing attributes in process `syz.0.560'. [ 255.641724][ T9130] netlink: 8 bytes leftover after parsing attributes in process `syz.0.560'. [ 255.740555][ T9129] netlink: 8 bytes leftover after parsing attributes in process `syz.0.560'. [ 255.984184][ T9146] [ 255.986532][ T9146] ====================================================== [ 255.993527][ T9146] WARNING: possible circular locking dependency detected [ 256.000533][ T9146] syzkaller #0 Tainted: G L [ 256.006490][ T9146] ------------------------------------------------------ [ 256.013482][ T9146] syz.4.562/9146 is trying to acquire lock: [ 256.019348][ T9146] ffff88805fa0a368 ((work_completion)(&new_smc->smc_listen_work)){+.+.}-{0:0}, at: __flush_work+0x4ca/0xcb0 [ 256.030808][ T9146] [ 256.030808][ T9146] but task is already holding lock: [ 256.038154][ T9146] ffff88805fa0a7e0 (sk_lock-AF_SMC/1){+.+.}-{0:0}, at: smc_release+0x3a5/0x620 [ 256.047113][ T9146] [ 256.047113][ T9146] which lock already depends on the new lock. [ 256.047113][ T9146] [ 256.057506][ T9146] [ 256.057506][ T9146] the existing dependency chain (in reverse order) is: [ 256.066504][ T9146] [ 256.066504][ T9146] -> #1 (sk_lock-AF_SMC/1){+.+.}-{0:0}: [ 256.074238][ T9146] lock_sock_nested+0x41/0xf0 [ 256.079428][ T9146] smc_listen_out+0x1f5/0x4b0 [ 256.084619][ T9146] smc_listen_work+0x4c2/0x50e0 [ 256.089983][ T9146] process_one_work+0xa0e/0x1980 [ 256.095423][ T9146] worker_thread+0x5ef/0xe50 [ 256.100516][ T9146] kthread+0x370/0x450 [ 256.105084][ T9146] ret_from_fork+0x72b/0xd50 [ 256.110185][ T9146] ret_from_fork_asm+0x1a/0x30 [ 256.115471][ T9146] [ 256.115471][ T9146] -> #0 ((work_completion)(&new_smc->smc_listen_work)){+.+.}-{0:0}: [ 256.125627][ T9146] __lock_acquire+0x14b8/0x2630 [ 256.130993][ T9146] lock_acquire+0x1b1/0x370 [ 256.136008][ T9146] __flush_work+0x4de/0xcb0 [ 256.141016][ T9146] cancel_work_sync+0xd1/0xf0 [ 256.146201][ T9146] smc_clcsock_release+0x5f/0xe0 [ 256.151653][ T9146] __smc_release+0x5c2/0x880 [ 256.156751][ T9146] smc_close_non_accepted+0xda/0x200 [ 256.162541][ T9146] smc_close_active+0x4ff/0x1070 [ 256.167992][ T9146] __smc_release+0x634/0x880 [ 256.173174][ T9146] smc_release+0x1fc/0x620 [ 256.178095][ T9146] __sock_release+0xb3/0x260 [ 256.183192][ T9146] sock_close+0x1c/0x30 [ 256.187851][ T9146] __fput+0x3ff/0xb50 [ 256.192338][ T9146] task_work_run+0x150/0x240 [ 256.197428][ T9146] exit_to_user_mode_loop+0x107/0x4f0 [ 256.203298][ T9146] do_syscall_64+0x6f2/0x830 [ 256.208384][ T9146] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 256.214775][ T9146] [ 256.214775][ T9146] other info that might help us debug this: [ 256.214775][ T9146] [ 256.224977][ T9146] Possible unsafe locking scenario: [ 256.224977][ T9146] [ 256.232400][ T9146] CPU0 CPU1 [ 256.237743][ T9146] ---- ---- [ 256.243083][ T9146] lock(sk_lock-AF_SMC/1); [ 256.247570][ T9146] lock((work_completion)(&new_smc->smc_listen_work)); [ 256.256998][ T9146] lock(sk_lock-AF_SMC/1); [ 256.264003][ T9146] lock((work_completion)(&new_smc->smc_listen_work)); [ 256.270914][ T9146] [ 256.270914][ T9146] *** DEADLOCK *** [ 256.270914][ T9146] [ 256.279050][ T9146] 3 locks held by syz.4.562/9146: [ 256.284048][ T9146] #0: ffff8880515a2c40 (&sb->s_type->i_mutex_key#13){+.+.}-{4:4}, at: __sock_release+0x86/0x260 [ 256.294564][ T9146] #1: ffff88805fa0a7e0 (sk_lock-AF_SMC/1){+.+.}-{0:0}, at: smc_release+0x3a5/0x620 [ 256.303949][ T9146] #2: ffffffff8e7e5420 (rcu_read_lock){....}-{1:3}, at: __flush_work+0xfd/0xcb0 [ 256.313078][ T9146] [ 256.313078][ T9146] stack backtrace: [ 256.318947][ T9146] CPU: 0 UID: 0 PID: 9146 Comm: syz.4.562 Tainted: G L syzkaller #0 PREEMPT(full) [ 256.318968][ T9146] Tainted: [L]=SOFTLOCKUP [ 256.318972][ T9146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 256.318981][ T9146] Call Trace: [ 256.318988][ T9146] [ 256.318995][ T9146] dump_stack_lvl+0x100/0x190 [ 256.319011][ T9146] print_circular_bug.cold+0x178/0x1c7 [ 256.319035][ T9146] check_noncircular+0x146/0x160 [ 256.319060][ T9146] __lock_acquire+0x14b8/0x2630 [ 256.319076][ T9146] lock_acquire+0x1b1/0x370 [ 256.319089][ T9146] ? __flush_work+0x4ca/0xcb0 [ 256.319104][ T9146] ? mark_held_locks+0x40/0x70 [ 256.319117][ T9146] ? __flush_work+0x4ca/0xcb0 [ 256.319131][ T9146] __flush_work+0x4de/0xcb0 [ 256.319144][ T9146] ? __flush_work+0x4ca/0xcb0 [ 256.319160][ T9146] ? __pfx___flush_work+0x10/0x10 [ 256.319175][ T9146] ? __pfx_wq_barrier_func+0x10/0x10 [ 256.319197][ T9146] ? __pfx___might_resched+0x10/0x10 [ 256.319214][ T9146] cancel_work_sync+0xd1/0xf0 [ 256.319231][ T9146] smc_clcsock_release+0x5f/0xe0 [ 256.319253][ T9146] __smc_release+0x5c2/0x880 [ 256.319272][ T9146] ? __pfx_sock_def_readable+0x10/0x10 [ 256.319289][ T9146] smc_close_non_accepted+0xda/0x200 [ 256.319310][ T9146] smc_close_active+0x4ff/0x1070 [ 256.319332][ T9146] __smc_release+0x634/0x880 [ 256.319351][ T9146] smc_release+0x1fc/0x620 [ 256.319370][ T9146] __sock_release+0xb3/0x260 [ 256.319388][ T9146] ? __pfx_sock_close+0x10/0x10 [ 256.319405][ T9146] sock_close+0x1c/0x30 [ 256.319422][ T9146] __fput+0x3ff/0xb50 [ 256.319442][ T9146] ? _raw_spin_unlock_irq+0x23/0x50 [ 256.319463][ T9146] task_work_run+0x150/0x240 [ 256.319477][ T9146] ? __pfx_task_work_run+0x10/0x10 [ 256.319492][ T9146] ? rcu_is_watching+0x12/0xc0 [ 256.319510][ T9146] exit_to_user_mode_loop+0x107/0x4f0 [ 256.319524][ T9146] ? rcu_is_watching+0x12/0xc0 [ 256.319541][ T9146] do_syscall_64+0x6f2/0x830 [ 256.319554][ T9146] ? clear_bhb_loop+0x40/0x90 [ 256.319570][ T9146] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 256.319585][ T9146] RIP: 0033:0x7fbc2d59ce59 [ 256.319598][ T9146] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 256.319611][ T9146] RSP: 002b:00007fbc2e3e4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000007 [ 256.319625][ T9146] RAX: 0000000000000001 RBX: 00007fbc2d815fa0 RCX: 00007fbc2d59ce59 [ 256.319634][ T9146] RDX: 0000000000000400 RSI: 0000000000000005 RDI: 0000200000000d40 [ 256.319642][ T9146] RBP: 00007fbc2d632d6f R08: 0000000000000000 R09: 0000000000000000 [ 256.319651][ T9146] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 256.319659][ T9146] R13: 00007fbc2d816038 R14: 00007fbc2d815fa0 R15: 00007ffd62b676b8 [ 256.319672][ T9146]