last executing test programs: 10.363785738s ago: executing program 0 (id=115): close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) (async) r0 = socket(0x18, 0x2, 0x0) mmap$auto(0x0, 0x8, 0x3, 0x9b72, 0x2, 0x8000) (async, rerun: 64) r1 = io_uring_setup$auto(0x7, 0x0) (async, rerun: 64) mmap$auto(0x800000000000000, 0xf, 0x80000000002, 0x11, r0, 0x8000) (async) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = openat$auto_udmabuf_fops_udmabuf(0xffffffffffffff9c, &(0x7f00000000c0), 0x8080, 0x0) ioctl$auto_UDMABUF_CREATE_LIST(r2, 0x40087543, 0x0) r3 = socket(0x2a, 0x2, 0x1) connect$auto(r3, &(0x7f00000000c0)=@qipcrtr={0x2a, 0x3, 0xfffffffe}, 0x52) (async, rerun: 32) openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) (rerun: 32) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0x10002}, 0x1) (async) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) close_range$auto(0x2, 0x8, 0x0) (async) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x0, 0x0) ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0) (async, rerun: 64) ioctl$auto(0x3, 0x4048aec9, r4) (rerun: 64) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) (async) io_uring_register$auto(r1, 0x1e, 0x0, 0x9) (async, rerun: 64) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/tty/ttywc/power/control\x00', 0x80, 0x0) (async, rerun: 64) r7 = socket(0xa, 0x802, 0x3a) fcntl$auto_F_DUPFD(r7, 0x0, r6) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000180), 0xffffffffffffffff) rename$auto(0x0, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x17) (async) madvise$auto(0x0, 0xffffffffffff0005, 0x19) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000040), 0x4100, 0x0) 6.472422094s ago: executing program 0 (id=122): memfd_secret$auto(0x0) mmap$auto(0x0, 0x1009, 0xffb, 0x8000000008011, 0x3, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd7/queue/max_discard_segments\x00', 0x80000, 0x0) read$auto(r0, 0x0, 0x9) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_GET_MSRS(r1, 0xc080aebe, &(0x7f00000000c0)={0x2}) openat$auto_trace_options_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/options/test_nop_refuse\x00', 0x5, 0x0) pwritev$auto(0x3, &(0x7f0000001000)={0x0, 0x8}, 0x5, 0x3, 0x9) mlockall$auto(0x800000000000005) 6.182578808s ago: executing program 2 (id=123): mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = memfd_create$auto(0x0, 0xe) r1 = socket(0x2, 0x1, 0x0) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4ea2, @remote}, 0x6a) r2 = openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/tracing/per_cpu/cpu1/trace_pipe\x00', 0x400, 0x0) read$auto_tracing_pipe_fops_trace(r2, 0x0, 0x0) sendmmsg$auto(r1, &(0x7f0000000000)={{&(0x7f0000000040), 0x19, 0x0, 0x9, 0x0, 0x1f, 0x3}, 0x4}, 0x7, 0x20020004) write$auto(0x3, 0x0, 0x7fffffff) r3 = io_uring_setup$auto(0x5, 0x0) sendfile$auto(0x1, r1, 0x0, 0x40000000c07) fcntl$auto_F_SETLKW(r0, 0x7, 0xffff) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x1, 0x84) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) msgctl$auto_IPC_INFO(0x3, 0x3, &(0x7f0000000300)={{0x2, 0xffffffffffffffff, 0xffffffffffffffff, 0x10001, 0xd, 0x200, 0x1}, &(0x7f0000000280)=0x6, &(0x7f00000002c0)=0x2, 0xfffffffffffffffc, 0x3, 0x7, 0xffffffffffff0001, 0x100000, 0xfc2d, 0x0, 0x1, @raw=0x9}) shmctl$auto(0x3ff, 0x7, &(0x7f0000000200)={{0x7fffffff, 0x0, r4, 0x1, 0x0, 0x10000009, 0x22}, 0x8001, 0x2, 0x3, 0x40, @inferred=0xffffffffffffffff, @raw=0x7, 0x6, 0x0, &(0x7f00000000c0)="ba800d55034f80cc8f38f5fcd0790026b5042f073b6621b5736d64af2728cfd313b024448e387e2ee5fe0f305e5ee6e337bb368cbc2e6a35c14ed07b1b7412553cc16ce9911f2785c5d4eec07cf72ea46cf7aa3671ee458c3a06000dfca8525e8123e67d3ef84b1e5475aea037bab474f8ac21ad3c64eba0ca7ed15de8658d31fd14163c3d897867614a2cdf228cfe9c865c360a96219b4a78f005721b84", &(0x7f0000000180)="2a0dc3551c440b496d81cb112a96e33c2b880580d9cf035b8d01d3a0d739755ed1ba7a09568f62633a40bf25bc1c76b872b1a8a6694bc957690a68394e772789189ea82a1e5c"}) setfsuid$auto(r5) r6 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto(0x10, r6, 0x4, 0x7ff) ptrace$auto(0xf, r6, 0x1, 0x4053) process_vm_readv$auto(0x0, 0x0, 0x1, 0x0, 0x6, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) syz_genetlink_get_family_id$auto_hsr(&(0x7f0000000080), r3) 5.882214969s ago: executing program 0 (id=124): pwrite64$auto(0xc8, &(0x7f0000000080)='\vX\xb5n\x91\vI\x1eRN8\x99\x88\xca\xd9\xec\x1epJ\"ds\x1cJr\xde:\x00!\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18\x89\v\xea\x1b\x95\xaf\xee\xe69\x8d(<\xc7+\x83\xfcQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd3\x81Y\xa3Fp\v\xdc\xe2\xc3\xc3\xdbS\xdc', 0xfdef, 0x0) (async) mmap$auto(0xffff, 0x400009, 0xdf, 0x9b32, 0x2, 0x8000) (async, rerun: 32) close_range$auto(0x2, 0x8, 0x0) (rerun: 32) r0 = openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000240), 0x840, 0x0) ioctl$auto_FIFREEZE(r0, 0xc0045878, 0x3ff) (async, rerun: 64) r1 = socket(0x2, 0x3, 0xa) (rerun: 64) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x9, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x62, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) (async) sendmmsg$auto(r1, 0x0, 0x9a6, 0x7000000) (async) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) (async) close_range$auto(0x2, 0x8, 0x0) openat$auto_tracing_saved_tgids_fops_trace(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/tracing/saved_tgids\x00', 0x10000, 0x0) (async) select$auto(0xd, &(0x7f00000000c0)={[0x5, 0x9, 0x3, 0x3, 0x2, 0xb8, 0x0, 0x9, 0x8000000000000001, 0xffffffffffffff73, 0x8001, 0x2, 0x4, 0x8, 0x3e7, 0x8]}, 0x0, 0x0, 0x0) (async) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) (async) close_range$auto(0x2, 0xa, 0xfffffffd) (async) socket(0x18, 0xa, 0x1) (async) socket(0xa, 0x2, 0x0) (async) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) (async) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_INFO(r2, 0xc1105511, &(0x7f0000000240)={{@raw=0x81, 0x6, 0x8001, 0x8, "b132ce14b9fa7a699c29a892e255dab2591457de9c4db5868db157e9cc1910aa07e336ede9b387eac3eae00a", @raw=0x8ef}, 0x2, 0x8, 0x1895, @raw=0x4, @integer={0x0, 0xf, 0x9}, "f82d0516c633863c5281ae962fd8c811792ad96298c95d5a9da1400adb4ee0bc170d51ef637d9927912407406936d9cbf46ddadb7820b40766245026a272cd3a"}) memfd_secret$auto(0x5) (async) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptyz7\x00', 0x40, 0x0) write$auto(0x3, 0x0, 0xfffffdef) close_range$auto(0x2, 0x8, 0x0) (async, rerun: 64) socket(0x2, 0x5, 0x0) (async, rerun: 64) io_uring_setup$auto(0x406, 0x0) 5.637635358s ago: executing program 1 (id=125): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r0 = getpid() mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) socket(0x11, 0x2, 0x2) openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/034/001\x00', 0x201, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) openat$auto_buffer_subbuf_size_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/buffer_subbuf_size_kb\x00', 0x2401, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x2, 0x73) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) socket(0xa, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f00000000c0), 0x161401, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/mm/transparent_hugepage/hugepages-64kB/stats/nr_anon\x00', 0x0, 0x0) socket(0x2b, 0x1, 0x0) openat$auto_lowpan_enable_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x30d540, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) socketpair$auto(0x4004, 0x8, 0x7, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r2, 0x5423, 0x0) ioctl$auto_TCFLSH2(r1, 0x804c4700, 0x0) sched_setaffinity$auto(r0, 0x5, &(0x7f0000000000)=0x7) syz_genetlink_get_family_id$auto_ipvs(0x0, 0xffffffffffffffff) clone$auto(0x400000000000021, 0xe, 0xfffffffffffffffe, 0xfffffffffffffffd, 0xd) 5.453925858s ago: executing program 0 (id=126): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000f40)={'batadv0\x00', 0x0}) syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000000), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_BATADV_CMD_SET_MESH(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000240)=ANY=[@ANYBLOB='4 \x00\x00', @ANYRESDEC=0x0, @ANYBLOB="01002cbd0f0000942e3cf3e5b38a96666b039785f352e11100000000000000", @ANYRES16=r3, @ANYRES64=r2], 0x34}, 0x1, 0x0, 0x0, 0x400c094}, 0x140000e4) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000300)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdb\x89T\x1d\xaf\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4\x15\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb_\xea\a\x00\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd3P\xe8\xcb?(k8\x83\xcf\xc5D\xcc\xe2\xdb0P!\xa7fs\xdfK\xd2\as\x8d\x8d1\x94\xe3\xadw\xb3\xaa\x174~/\xd1\xbf\xbeo\xafw\x89\bH\xf3\xf4J\x9b\xb5e\x1f\x03\x06\x85\xda\xd7\x16Fe9n\x1ebn\xb6\xf1\xf3w\x8cz\xc1M\xd6\xb3\v\xe3\f\xc5\x91\xcfm8X[\x7f\x7f\"\xe6&}\xd9q\x1dH\xcb\xb9\xa7\xc2\xf8\xc4\x98\x170L-J\xf8\xae\x1fXM\xb6\x11\xd0\xc2l\x8e\xbb\x8b\xb3\xc9\x1d!\xa5z\x8c{\x18d\x90%2\x06;\x7f\xafs\x8a\xab\b\xe6\xf6\x16\x8b\x93\x87\"\xde,e\x96\t\xb0bs\x9e\xc9\xac\x00\x00\x00\xaa\xb7{=gjn7\x02\xcf\xcc\x19C\x8d\xbb\xd3\xfc\xd1\xb5\xa7\xe1\x92\xb0\xfbQ`\f\xbb3o\x1a~\xf0\'@\xdet\xe7\x10\xfa\xd1\x84\x90>\xba\r\xb4\xb0w\x93\x0f$\x85a$\xfb\xf2x\xa2\xed8\xb4-I5{\xed\xf3[\xc7\xef\f\xc3\x82h\x8b\x96\x8d\xc8\x1a\x91|n\xa8\xa0\x04\xd3`R\xccM0\xb3%$\x1e{\x05$T\x17x}\xfd\xfd\xc9\xd5\xa1\x89;\x9f\tY&\x93e\x05f\xe3\xc0\xab\xe8\x9a\xeb$\xcc\xc7\x1dn\xf7\xbdk\xae\xf4', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x0, 0x200007, 0x19) pread64$auto(0xffffffffffffffff, 0x0, 0x100000002, 0x100000001) io_setup$auto(0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/platform/vidtv.0/i2c-0/delete_device\x00', 0x20681, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f00000000c0)='-7', 0x2) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xffffff0c, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x810}, 0x800) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) openat$auto_msr_fops_msr(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cpu/0/msr\x00', 0xf82, 0x0) pipe$auto(0x0) r5 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140)={0x200000, 0x2}, 0x18) removexattrat$auto(r5, &(0x7f0000000180)='./file0\x00', 0x4ab88193, &(0x7f0000000600)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdb\x89T\x1d\xaf\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4\x15\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb_\xea\a\x00\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd3P\xe8\xcb?(k8\x83\xcf\xc5D\xcc\xe2\xdb0P!\xa7fs\xdfK\xd2\as\x8d\x8d1\x94\xe3\xadw\xb3\xaa\x174~/\xd1\xbf\xbeo\xafw\x89\bH\xf3\xf4J\x9b\xb5e\x1f\x03\x06\x85\xda\xd7\x16Fe9n\x1ebn\xb6\xf1\xf3w\x8cz\xc1M\xd6\xb3\v\xe3\f\xc5\x91\xcfm8X[\x7f\x7f\"\xe6&}\xd9q\x1dH\xcb\xb9\xa7\xc2\xf8\xc4\x98\x170L-J\xf8\xae\x1fXM\xb6\x11\xd0\xc2l\x8e\xbb\x8b\xb3\xc9\x1d!\xa5z\x8c{\x18d\x90%2\x06;\x7f\xafs\x8a\xab\b\xe6\xf6\x16\x8b\x93\x87\"\xde,e\x96\t\xb0bs\x9e\xc9\xac\x00\x00\x00\xaa\xb7{=gjn7\x02\xcf\xcc\x19C\x8d\xbb\xd3\xfc\xd1\xb5\xa7\xe1\x92\xb0\xfbQ`\f\xbb3o\x1a~\xf0\'@\xdet\xe7\x10\xfa\xd1\x84\x90>\xba\r\xb4\xb0w\x93\x0f$\x85a$\xfb\xf2x\xa2\xed8\xb4-I5{\xed\xf3[\xc7\xef\f\xc3\x82h\x8b\x96\x8d\xc8\x1a\x91|n\xa8\xa0\x04\xd3`R\xccM0\xb3%$\x1e{\x05$T\x17x}\xfd\xfd\xc9\xd5\xa1\x89;\x9f\tY&\x93e\x05f\xe3\xc0\xab\xe8\x9a\xeb$\xcc\xc7\x1dn\xf7\xbdk\xae\xf4') unshare$auto(0x40000080) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x4, &(0x7f00000002c0)={0x0, 0x9}, 0x4, 0x0, 0x5, 0x7}, 0x8}, 0x4000000, 0x4b) 5.218638404s ago: executing program 1 (id=127): syz_clone(0x1002000, 0x0, 0x0, 0x0, 0x0, 0x0) getpriority$auto_PRIO_PGRP(0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x0, &(0x7f00000000c0)={0x0, 0x3}, 0x0, 0x0, 0x4000000000007, 0xa505}, 0x2}, 0x5, 0x8) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0xa, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/virtual/tty/ptyqe/power/control\x00', 0x2a0902, 0x0) r0 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/security/tomoyo/profile\x00', 0x48802, 0x0) read$auto(r0, 0x0, 0xb4d3) write$auto(0x3, 0x0, 0x70) write$auto(0x3, 0x0, 0x5c8) socket(0x29, 0x2, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) recvmmsg$auto(r1, &(0x7f0000000040)={{0x0, 0x805, 0x0, 0x5, 0x0, 0x5, 0x13}, 0x6}, 0x6, 0xfefffffc, 0x0) r2 = openat$auto_ipsec_dbg_fops_ipsec(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim1/ports/3/ipsec\x00', 0x100, 0x0) read$auto_ipsec_dbg_fops_ipsec(r2, 0x0, 0x0) r3 = epoll_create$auto(0x3e) r4 = bpf$auto(0x5, 0x0, 0x80) bpf$auto_BPF_MAP_UPDATE_ELEM(0x2, &(0x7f00000010c0)=@bpf_attr_4={0x0, r4, 0x6279, r3}, 0x0) r5 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x1ac}}, 0x40000) sendmmsg$auto(r5, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfbe}, 0x2, &(0x7f00000001c0), 0x1, 0xa505}, 0x800}, 0x7, 0x4008) r6 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x0, 0x0) io_uring_setup$auto(0x401, &(0x7f0000001280)={0x4, 0x487, 0x4, 0x80009, 0x5, 0x7, r3, [0xfffffffa, 0x1, 0x4], {0xf55, 0x18, 0x9, 0x1, 0x4, 0x101, 0x541b5439, 0xf1, 0x9}, {0x3, 0x3fffc000, 0x5, 0x7fffffff, 0x7, 0x2, 0x2, 0x2, 0x36e2}}) ioctl$auto_TCFLSH2(r6, 0x5453, 0x0) r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) write$auto(r7, 0x0, 0xa) mmap$auto(0x4, 0x6deb, 0x4000000000e2, 0x18, 0x401, 0x3bdd) io_uring_setup$auto(0x6, 0x0) 4.701481126s ago: executing program 2 (id=129): openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x0, 0x0) (async) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto(r0, 0x80045430, r0) (async) ioctl$auto(r0, 0x80045430, r0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x40000, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/netdevsim2/new_port\x00', 0x183a41, 0x0) writev$auto(r1, &(0x7f00000002c0)={&(0x7f0000000480)='4r', 0x5}, 0x1) mmap$auto(0x175, 0x4, 0x4000000000df, 0x60eb1, 0x401, 0xa0) socket(0xa, 0x3, 0x3b) (async) r2 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) pipe$auto(&(0x7f0000000040)=r2) mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) (async) mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) mmap$auto(0x0, 0x2000009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0) (async) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) unshare$auto(0x40000080) futex$auto(0x0, 0x9, 0x3e, 0x0, 0x0, 0x0) openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x101001, 0x0) (async) r3 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x101001, 0x0) ioctl$auto_UI_DEV_SETUP(r3, 0x405c5503, &(0x7f00000001c0)={{0x9, 0xf2cf, 0x8, 0x80}, "6a034a07c7b82d90b69a39e32576f893fb4a3836d61c9100fefbbabea6ef9368c7996e841f3f1561d4992f726b0a6c36b0b2fd1678e816201cf562367fe6596824588a2e3d84ba165f00", 0xa}) (async) ioctl$auto_UI_DEV_SETUP(r3, 0x405c5503, &(0x7f00000001c0)={{0x9, 0xf2cf, 0x8, 0x80}, "6a034a07c7b82d90b69a39e32576f893fb4a3836d61c9100fefbbabea6ef9368c7996e841f3f1561d4992f726b0a6c36b0b2fd1678e816201cf562367fe6596824588a2e3d84ba165f00", 0xa}) ioctl$auto_UI_DEV_CREATE(r3, 0x5501, 0x0) writev$auto(r3, &(0x7f0000000340)={0x0, 0x500000}, 0x9) 4.380213533s ago: executing program 1 (id=130): mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="0700000000000000df250a"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a00"], 0x1ac}}, 0x40000) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nfc(&(0x7f0000000040), r1) sendmsg$auto_NFC_CMD_GET_SE(r0, &(0x7f0000000480)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[@ANYBLOB="38010000", @ANYRES16=r2, @ANYBLOB="000126bd7000fbdbdf251a00000008000e000002000008001e000300000008001d00ff070000130014004d414338303231315f485753494d0000e8001f00420ec2326c67df585cce1320049ac0019c70c8ec5dacf959332e1a2665c7091d119bc3a5edbde9f987e9e87e64235a37c80ef954ca5cf8fa766480ddc70fc10b6c6c1240556f6a6158bf0d701759f30029a7778641612eaf4d952eba8d99f8b77d1e6c9e9db4790b7e3113fe0f68b522af29b534057ddb4a643e590a44bf47b7cde1a1da688533890b4247c6e4259a02253f6b559ce8cba0b6f5d8c76bfc9bd31ce2be295cd8dfd672dda6735bfbcd996d492ce87e534c3536949c7ce5f6ba9fcb24546b61361ee179e00200000000000000b7af60a386484eb06d2e7c5b148ccf43f1e8ac6aa5529ee6c6cb3908001e0009b0358cc5a15b61a7f8e2c38e319543ca850d4cf8129204e2c5b5cca56b704ea663b36ea53bfb3ba6ac003d1a0ab8cf54e43f201cead4b10f43ce960b722c33f00ec7ba82c949cf780984db3009ed4a1755ae5b28f0478e078ef8aaf09d163ffc22b1cde53909a5b245d92dccee77d93f0c0398bd9e4542568f3880fd192b32c3a43dfb102c1498e489011c9bb52728e98004aa52f9aefc0a30122c39d8884e54d4190ddd2375cff7fa4840f25c8023e44ce764e1f82adc95bf2c5bc30bc8b546"], 0x138}, 0x1, 0x0, 0x0, 0x80}, 0x100) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x80102, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) bpf$auto(0xd, &(0x7f0000000000)=@test={r3, 0x71c, 0xfaab, 0x468, 0x2, 0x8000000000000001, 0x80, 0x7, 0x2, 0x1fc, 0xfd, 0xb5, 0x4, 0x40004, 0xd96e}, 0xe3) writev$auto(0xca, &(0x7f0000000080)={&(0x7f0000000040), 0x1}, 0x200) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x20000800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) recvmmsg$auto(r0, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={&(0x7f0000000040), 0xcb}, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' \x00\''], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="19"], 0x1ac}, 0x1, 0x0, 0x0, 0xa00}, 0x40000) 4.091014519s ago: executing program 1 (id=131): mmap$auto(0x0, 0x20008, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000300), r0) sendmsg$auto_SMC_PNETID_FLUSH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000000)={0x14, r1, 0x4ebf37b1785661fb, 0x70bd27, 0x25dfdc00}, 0x14}}, 0x20) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4004810}, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffb, 0x8000) unshare$auto(0x40000080) socket(0x2, 0x5, 0x0) sendmmsg$auto(r0, &(0x7f00000001c0)={{&(0x7f0000000340)="d87f421115b18236f0a9b98226f349d6737d4c26d059a1ffc62e8c5286170d33224aa4a52f75f4a57da2c8d6ec3e166b2e9a2c70286dc2bf", 0x10, &(0x7f00000003c0)={0x0, 0x10000}, 0x7, 0x0, 0x205, 0x9}, 0x4000f}, 0x0, 0xffffffff) connect$auto(0x3, 0x0, 0x6) setsockopt$auto(0x3, 0x10000000084, 0x1, 0x0, 0x8) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x0, 0x5, 0x5) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x0, 0x200007, 0x19) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) r2 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0xa200, 0x0) bpf$auto(0x1, &(0x7f0000000000)=@batch={0xfffffffffffffffb, 0x44, 0x2, 0x9, 0x81, 0xffffffffffffffff, 0x2, 0x8}, 0x100000cf) sendmmsg$auto(r2, 0x0, 0x4, 0x4008) r3 = socket(0x29, 0x2, 0x0) r4 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYRES32=0x0, @ANYRES32=r3], 0x1ac}, 0x1, 0x0, 0x0, 0x4}, 0x40000) recvmmsg$auto(r4, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0) ioctl$auto(r3, 0x89f2, 0x24) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000080)={{0x0, 0x3000000, 0x0, 0x1, 0x0, 0x10000000000000, 0x2}, 0x895}, 0x3, 0x0) r5 = getpid() sendmsg$auto_NL80211_CMD_SET_HW_TIMESTAMP(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x14, 0x0, 0x1, 0x70bd27, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x804}, 0x4080) process_vm_readv$auto(r5, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) 3.605503305s ago: executing program 3 (id=133): close_range$auto(0x2, 0xa, 0x0) socket(0x1e, 0x3, 0x2) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) r2 = ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) getsockopt$auto(r2, 0x866, 0x9, &(0x7f0000000180)=':$*%/---[\x00', &(0x7f00000001c0)=0x7) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0x4008ae89, &(0x7f00000000c0)={0xdd, 0x0, [{0x40000001, 0x400, 0xfffffffffffffffc}]}) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x3, 0xeb1, 0x401, 0x8000) setitimer$auto(0x2, &(0x7f00000002c0)={{0x82, 0x401}, {0x2, 0x8}}, 0x0) setrlimit$auto(0x0, &(0x7f0000000040)={0x3346, 0xffffffffffffffff}) timer_create$auto(0x3, 0x0, 0x0) timer_settime$auto(0x0, 0x8, &(0x7f00000000c0)={{0x8}, {0x0, 0x87}}, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x4, 0x300000000000) openat$auto_trace_fops_debugfs(0xffffffffffffff9c, &(0x7f0000000080), 0x185000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/irq/default_smp_affinity\x00', 0x48041, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0xa, 0xfffffff8) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D1\x00', 0x20c002, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x109401, 0x0) 3.084366492s ago: executing program 3 (id=134): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x0) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) r0 = io_uring_setup$auto(0x5b, &(0x7f0000000080)={0x7fffffff, 0xe, 0x2, 0x6, 0x5, 0x8, 0xffffffffffffffff, [], {0xd74c, 0x10010, 0x1, 0x29f, 0x100, 0xfff, 0x101, 0x6, 0x2}, {0xfb, 0x1001, 0x6, 0x7, 0x1, 0x40, 0x176c5, 0x400005, 0x10000000a}}) r1 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000240)='/dev/binderfs/binder0\x00', 0x80000, 0x0) r2 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/pcmC1D0c\x00', 0x0, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_STATUS642(r2, 0x80984120, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, 0x0, 0x40000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) r3 = prctl$auto(0x3e, 0x20000000001, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0xe8, 0x9, 0xffffffffffffffff, 0x1, 0x5, 0x4, 0x15f4da0e, 0xffffffff, 0x9, 0x100000000000000c, 0x8, 0xfffffffffffffffe, 0xfca, 0x9, 0x2, 0x4000000000000d]}, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, r1, 0x8000) setns(r0, 0x0) close_range$auto(0x2, 0x8000, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000340), r3) sendmsg$auto_NL80211_CMD_GET_WOWLAN(r3, 0x0, 0x40001) io_uring_setup$auto(0x6, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x106) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4ea2, @remote}, 0x6a) writev$auto(0x8000, &(0x7f0000000040)={0x0, 0x1000000000004}, 0x2bc) io_uring_register$auto(0x2, 0x16, &(0x7f0000000040), 0x1) 2.112835s ago: executing program 3 (id=135): socket(0x2, 0x3, 0x2) setsockopt$auto(0x3, 0x0, 0xce, 0xfffffffffffffffc, 0x3) close_range$auto(0x2, 0x8, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000040), 0xa2741, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) socket(0x11, 0x3, 0x2) openat$auto_fops_blob_file(0xffffffffffffff9c, &(0x7f0000000040), 0x101400, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x23, 0x2, 0x0) socket(0xa, 0x1, 0x84) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2c, 0x3, 0x0) socket(0x11, 0x2, 0x73) openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f000000fc00), 0x3, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/vm/mmap_min_addr\x00', 0x101302, 0x0) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x40401, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) ioctl$auto_TCFLSH2(r0, 0x540b, 0x0) 1.993249537s ago: executing program 0 (id=136): r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cec2\x00', 0x101000, 0x0) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000340), r1) sendmsg$auto_TIPC_NL_NET_SET(r1, &(0x7f00000079c0)={0x0, 0x0, &(0x7f0000007980)={&(0x7f0000000240)=ANY=[@ANYBLOB="000000000000000a007dc1e084135ba5e2e20a0000000000000070ec97878b7e4c611ed0a9a7a9f20f6f1b15fb60e42ca4719d52f9af42cde79e19d81c47f09a96edf11c4c526d", @ANYRES16=r2, @ANYBLOB="01002cbd7000ffd3df250f000000"], 0x14}, 0x1, 0x0, 0x0, 0x40010}, 0x2) (async) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x1eba02, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) socket(0x2, 0x3, 0xa) (async) connect$auto(r0, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc, 0x400000}, 0x52) write$auto(0x3, 0x0, 0xfdf3) msgctl$auto_MSG_STAT(0x2, 0xb, 0x0) ioctl$auto_BLKALIGNOFF(r3, 0x127a, 0x0) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/mtd/mtd0/bitflip_threshold\x00', 0x2062, 0x0) getpgid$auto(0x0) msync$auto(0x1ffff000, 0x3ff, 0x1) write$auto_tomoyo_operations_securityfs_if(0xffffffffffffffff, &(0x7f0000000180)="ee45b44b2c05b0c3db302a924ca8ac4257237189ef9ab23b2d2582247de251f9fe88f61da46b57fdc98aab0e901d8a8a7f46d31e22e8691ca5df09a60757004c4dbfb9b5da164a84e2e014ab0d0940db150cf604e5a4e7a88b5ca4fe9afee5eb54fc788477ee7d3b6ff532cabcad23ec1704981175c90f3f101f1bea58fd4d0c951a93c4896b45d78390a4e98d08659c72", 0x91) (async) r5 = openat$auto_proc_oom_score_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/oom_score_adj\x00', 0x200000, 0x0) dup3$auto(r5, r4, 0x8) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) (async) r6 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r6, &(0x7f0000000080)='7\x00\\\xcb\x12\xfa\f\x1c\xc7k', 0x40) (async) modify_ldt$auto(0x1, &(0x7f0000000140), 0x10) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) (async) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x2000, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) (async) r7 = socket(0x11, 0x3, 0x9) sendmsg$auto_NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(r7, &(0x7f0000000ac0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000a80)={&(0x7f00000007c0)={0x28c, 0x0, 0x1, 0x70bd28, 0x25dfdbfb, {}, [@NL80211_ATTR_REKEY_DATA={0x277, 0x7a, 0x0, 0x1, [@typed={0x8, 0x36, 0x0, 0x0, @uid}, @nested={0x10, 0x33, 0x0, 0x1, [@typed={0x8, 0x7a, 0x0, 0x0, @ipv4=@dev={0xac, 0x14, 0x14, 0x3a}}, @nested={0x4, 0xcb}]}, @typed={0x8, 0x2f, 0x0, 0x0, @uid}, @nested={0xea, 0x5e, 0x0, 0x1, [@generic, @generic="a3e675a5ef39e172045f90543697280073b020c183c1f133ee38b35b86cd6cbccf2f8def3e98ebad0b37b1b9c34f4c287d2c566c360d6fe101b2", @typed={0x8, 0x123, 0x0, 0x0, @ipv4=@loopback}, @generic="6d8f5b81e48dafb11fea6057e8a44e0e859903093e6c44a630d29345620047f2153235f32b35d916b7dffdc039377d50fff9b1d7e008ea2dddf46f4969004b71783e860cb434202c39a4d3ae3e940b85fd83684ea37cb0bb3ce156a01ff1eaba5cbb3079b7105a4e1393c3a9935ce43b96265cb9ea6c06717a6cf9003a", @generic="063be0a4c28e7532a450a751862bf1f3e965726d622ae4e905feb6", @nested={0x4, 0x128}, @typed={0x8, 0x8a, 0x0, 0x0, @u32=0x6}]}, @nested={0x91, 0x89, 0x0, 0x1, [@nested={0x4, 0x63}, @typed={0x8, 0xf3, 0x0, 0x0, @uid}, @generic="45fcdc63d4554b9c2b5c5d4d6cdeabf63ee465405e1c7580c6bb1e2c90f8974869bb8f81d774c53a10b9ad6a22602c774e0dfe25dff608535d2dbd0b96b7092243f60d512aef32cf5d67dff7f183f9678525be070373fd76f00a0d33f69d09ed3db6e27f75e7f229051dfaea7ccaedae3d29a08ced017f5960f5ff36a2465398cf"]}, @nested={0x53, 0x158, 0x0, 0x1, [@typed={0x4, 0xd0}, @generic="7a1cea8e242c4e809905a75f23fa64d0325a58ca5c6d3a", @typed={0x4, 0x91}, @typed={0x30, 0xf8, 0x0, 0x0, @binary="2ad4de095a7158a12c8e429149490aa2208c4babe63b8c06c34786076ddd980502d2bdecd61d890e8f0cae3b"}]}, @generic="47ef313fb6d9911567d0a219e4185b4d31c00bdf8bb3f28f531ea99bd41a8c03983922356707e4fd7e9f189835f37963d2c68a92813d67cc040dabb554b0bcbc750c32783cf27ecc9e3a8d3dd52022748a64beef4f1fdbae6c86730f9981e80324a441300eba60770526ac1d47a6a1ae93a7025d57c4463e7cca71c88305c0"]}]}, 0x28c}, 0x1, 0x0, 0x0, 0x4000000}, 0x42801) (async) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48}) (async) sendmmsg$auto(r7, &(0x7f0000000640)={{&(0x7f0000000000), 0x5ae, &(0x7f0000000100)={&(0x7f0000000780)="4c030000000000002106000000000000005f6bba441810", 0x49}, 0x5, 0x0, 0x5, 0x1}, 0x1}, 0x2, 0x100) 1.91792959s ago: executing program 2 (id=137): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x1eba02, 0x0) ioctl$auto_BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000380)={"847ac0aa4a639052f74cd1694cce27b591e68fc2693de786326bbe97f02cb17e", 0x845, 0x48, 0x8000, 0x42, 0x7fff, 0xffffffffffffffff}) (async) msgctl$auto_MSG_STAT(0x2, 0xb, &(0x7f00000002c0)={{0x80, 0x0, 0x0, 0x9, 0x5, 0xffffff68, 0x4}, &(0x7f00000001c0)=0x9, &(0x7f0000000200)=0x8, 0x10, 0x7, 0x3, 0x1, 0x7, 0x6, 0x9f5, 0x22f3, @raw=0x1800000}) setresuid$auto(0x0, 0x0, r1) (async) ioctl$auto_BLKALIGNOFF(r0, 0x127a, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async, rerun: 64) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) (async, rerun: 64) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000002680), 0xffffffffffffffff) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/block2mtd/parameters/block2mtd\x00', 0x601, 0x0) write$auto(r5, &(0x7f0000000240)=',-\t', 0x2000008008) sendmsg$auto_IPVS_CMD_DEL_DAEMON(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYRESHEX=r4, @ANYRES64=r1, @ANYBLOB="d7adab96f8c5b75465456bff331a3ac962201ff3d3b99b5dcebdd327f39f7333488fd6aefce24ff7c549b4541b3eb8f250f7843495602ae443ee1a2eaea66a0e895db3d57c77", @ANYRES64=r1], 0x18}, 0x1, 0x0, 0x0, 0x4c014}, 0x800) (async) getpgid$auto(0x0) (async) socket(0x2, 0x801, 0x106) (async) sendmsg$auto_IPVS_CMD_SET_SERVICE(r2, &(0x7f0000000ac0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x28014044}, 0x0) (async, rerun: 32) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, 0x0, 0x8203, 0x0) (async, rerun: 32) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) mmap$auto(0x0, 0x7f, 0xdf, 0x9b72, 0x2, 0x8000) write$auto_tomoyo_operations_securityfs_if(0xffffffffffffffff, &(0x7f0000000100), 0x0) (async) epoll_create$auto(0x3e) socket(0x2, 0x2, 0x0) socket(0x11, 0xa, 0x2) (async, rerun: 32) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x82, 0x0) (async, rerun: 32) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2440, 0x0) (async, rerun: 32) r6 = socket(0x10, 0x2, 0x7) (rerun: 32) r7 = open(&(0x7f0000000000)='./cgroup\x00', 0x400, 0x64) fchdir$auto(r7) (async) syz_genetlink_get_family_id$auto_l2tp(0x0, r6) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffb, 0x8000) (async, rerun: 64) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) (rerun: 64) 1.787565939s ago: executing program 1 (id=138): mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_TDR_ACT(0xffffffffffffffff, 0x0, 0x800) read$auto(0x3, 0x0, 0x8080) mmap$auto(0x0, 0xfb1, 0xffffffff, 0x9b72, 0x2, 0x8000) r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r0, 0xc004743e, 0x0) ioctl$auto_PPPIOCATTACH(r0, 0x4004743d, 0x0) socket(0xa, 0x1, 0x100) unshare$auto(0x40000080) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x20000, 0x0) ioctl$auto_TIOCGDEV2(r1, 0x5429, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mprotect$auto(0x200000000000, 0x806121, 0x8) landlock_create_ruleset$auto(&(0x7f0000000140)={0xdaa0, 0x1, 0x9}, 0x9, 0x0) openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f00000003c0), 0x1541, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x8f3b7a51b80ebd01, 0x0) r3 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/bus/usb/021/001\x00', 0xa901, 0x0) ioctl$auto_USBDEVFS_SUBMITURB(r3, 0x8038550a, &(0x7f0000000100)={0x2, 0x80, 0x8ffff, 0x5, &(0x7f0000000040)="5a47c610e193ca96", 0xc694, 0x3, 0x80005, @stream_id=0x2, 0x20047, 0xc, 0x0}) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000100)={0x38, r5, 0x1, 0x70bd31, 0x25dfdbfd, {}, [@ETHTOOL_A_FEATURES_WANTED={0xc, 0x3, 0x0, 0x1, [@nested={0x8, 0x3, 0x0, 0x1, [@nested={0x4, 0xb0}]}]}, @ETHTOOL_A_FEATURES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan0\x00'}]}]}, 0x38}}, 0x24048084) ioctl$auto_USBDEVFS_REAPURB32(r3, 0x4004550c, 0x0) r6 = socket(0x1d, 0x2, 0x6) close_range$auto(0x2, 0xa, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000080), r2) ioctl$auto_BLKTRACESETUP2(r2, 0xc0481273, &(0x7f0000000140)={"14e1001f84f2940129a9f0b5e488f3856a0c2ac2afdd02f57d0687a61ec8b67e", 0x3, 0x1, 0x80000001, 0xffff, 0x2, 0xffffffffffffffff}) sendmsg$auto_TIPC_NL_NET_SET(r7, &(0x7f0000002200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000021c0)={&(0x7f0000000440)={0x1d64, r8, 0x826, 0x70bd2d, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0xc, 0x1, 0x0, 0x1, [@nested={0x8, 0x91, 0x0, 0x1, [@nested={0x4, 0x7}]}]}, @TIPC_NLA_BEARER={0xc, 0x1, 0x0, 0x1, [@typed={0x8, 0x3e, 0x0, 0x0, @fd=r7}]}, @TIPC_NLA_UNSPEC={0xc6, 0x0, "e403a486f3f298eba5da9097d14fb68202c0d80260cdc63957c5d1f23f073cf001fe0e5f26716da58d39445188ddb1ca5c83a6c6b3e26a86b34fe6d8d33a4db1668289130b26a56f44d61da8b8d1b64e731fdcc976122ef30e9a66106266ca479d3b9f75073a9010a260254a35b145f6a98bad22f74f136891863b0c53761310358bfdf9b790d4d1238941db60cd5590ab435570d8970b26b074964bbe9181b7fc94ad1f53d2950be39274587cbdc2c074fffcf36551f5862a5998b824cd59f174db"}, @TIPC_NLA_UNSPEC={0x1004, 0x0, "c4ddbadc7668d4ec2f11957b8ba131358ae2341dc10e5a9cef4e106126c5ac0def3e15d78d48cf7e2d338661c73debc2276740cb2b3e997b00289085acba82718184ff97838a0becec8743ff498b4680bab0b3e8675295fd28792a83488a7485af751d82b7930a92a3e32725badac5c1c181f61301a0875a28a357e93b33ca38606767c8ee376d5a12360664e9bf122e3f8ebd6a5c83c6fcd01f259a3786be49cd1de4f6cddb7fd3b715efc61e87b6624a148f1fbd7f539f9079b3106953e24dbd99c41880cc39823ffcd82bd5cce5ffb824cae9c28577be8fa2143c1d5ca2cf04e892508c56245e29b59cb3837f342c263f9962b9fe34372411b0de58d09c30d4ace0fcde90e5103ac0cb4c488f669081a214f65599b7a78e399a6e5e432494c53c87305abfd7290b567ce17a198e588063dfd4feebcd9a6598feb75287b741f3dc33c6eb06598160700b57bec159fd6b23cf5412b5786feb11d7183605c242c049ff4b1ad6bb99b5cb296c7614df30585d666ebdc567ca2ff7f10029b8eff3e961acddf6d469f1da7a0144edf4aab59d4462396977f9525db6bcf95782aab708cf268eba1305c8bca9218568fdc0150e9e0f23fd0acb81d1c67416388c2c439c8f6517fc6f4aaf23364067f3d3d9959da3729852cd7ea004c910e4527b3b29d5d6cc82ba79d4eadd6b6b8a4f4b50b16a6bf8f5b7569dc29ac92ba3ee1390d68d4b8acf13fff4dec2d133a82d6b392eb70fb83473f2a11a9b38b982dc1d608a1ac37d74c3aa2a63ebe4aa72056a69d4095c8846c2db76d3beb976d0b30f2571ebf4bb5c91c1ac4199628b6309480ee19a8c94589345f8ce5c0ec839d7d82a1dda25ff45bde7a2a781808c62b9683a4c24f566c05a7473abe8c52c4f312321ce6f6e34f3b78c4395fdb659b83e157b165b2a2cd81b8f4f6a196bffadfe70652c399cdce6c47564e5daa1b506859e026567bbb88de050102d42e72c6a10dc836f8b2b20c7b7089d6f65f9eb2ff0fe4deec593a367b884ca72537a207c9bbd0c39fc046c61cfc02890d60a2df9a364aa7ab8924129068176a40a0206a3110e951dce4f61c6d0362a55d7898f4a2aa476dbeb1c6a474e679e845875e29dfb0fb9f6c87c283801ad74e01774638f4ec21c19aee4ac40fa3a68b905ff21c8cfa8396ebd9cac159ce739a0895a6df950e83b4bb18456755ac6f8d1534a40e334a578e28e7b8973e87955328e275b11c93e69acbfef1b54df758e31e01cefeba5defd0089ab26c080319e7f0164a7a669c07ba1314e4232df8526a92efc6eab40f5566ef28ef018df7511b0da25c2bd6f576dd04f08f1ef9c3ce44ff7b1b9ec0b47e0c3ae6707d2649ce9c5f96b54a37eef0cdbccf19add8d1fd2cd6756fa15e8dff236507270993b2176a5ec54be0e704572aa7e5f3ed6d8c81285479304857c4e1bb24adf21fb3d0b4a334d2b886ea0d124a3bbde725fd09cb8fc1b4c9fc8d657e8136b513467b79817c2bb98ddd571d4a5569a3a147a067f4d78aa2759b50b8aecf1f07b6767bacf254625718a70142059a3d9b692636b39a9d36ab5fe5b0ce0bfc8963b536a744ea5baa286f26e4f6dd430f247affc658a93f16a48aa372e2ac8836f3d64dfff0ad879158b8ff4550fb3065c12f2e99cf7045c3978355bb68e326696edaad4f38bc6c00bb96077f44fd7f0fb87e6845dd7436dbfa35f9a96997548f54f4eaed63ee366d084137354469405b815286246d847d18b26bb85c6a0be7c4901e5526ad1b4d083c00f382a63f64d607d4a8c298b8c8f10ec01bd7ed672ac475a45024b3caeec27fc9989237eb4836e026c014c4d398c1a7a96994a2341afcfdca62a686d0c1ef5067b90c62446ada60eb8eceb810b6a3cdb1578937d0ea15b079ce33b2f102483d821fc19b504a48431a56de830732f492c149c7ea93e28f23b7c639a968e805df9ff290083bbaae50183a2d213d3fd308524ed7e09649dac1a80b0a9da6aaa65cdd7f9fa4a4476671b7d5f1a68c4dd7936535f9c8f7d70a309278ed0d5988db7a6718543f1d9e3ebed63059bec5c190a4c9d941d6d31656c84facffdb309d2951ab428d8ff46353711a32e23656fc482bf6fb95251461eb0dfd6a993e457493632cd24464241f0cb8c33c4d7907be2cdf16c4f2d81d1e9dc519529013a3c66b4d2a97115eca6c2b4384ae23f308ca59de1e9a5d1044163ea76d4d19e361332f86e1d158857fe0ea16ab934493b3a7375ef1c6370b95a961f17a7f40e6226f8befae986be05288c0199de74ab4db558b7875d9d4b35674e83a52ce2783363c15bd29ab56ea24cfa06659b4cff5392aacdfdc2d681e89626fb19683b3ae9d58f960d5a95c2235fffd8c0958730f75315d1be83e283e63b34f1cf83382e3faeea4e03a6677ff6335726356c93c779a90243b6027e6502ba701f3e57d85440a7ffa0fcbbed02f19d24ac1b805f5991a4741a4052e253a082b5729cf0a338fbdf845011b4c5c90558a230a3c872a0984191c16b8e83b278a9d7dd766027509e51879c2d68609e0471cd70c3d5f20045a8fc0a136c3f0b8a349c1102e7202023965d2ab1543deb6509fa7813d81ba9e6079e59b3f4e4b547d3480f87bd2305fe0bbd33842747c66606bb136aa3d1809af137e4c0b8685c30b16fe7479b2ab15a3adc545110811bffb8d651f0a7782fb2bf7e3bf26be4d8af521cd6ad9003ba0b7287b1488d89fac7963c35b40554bc4653126bac86ed13d0c5ba0774a3d0b6411cd6edf3bb9c97888bc065963c6b68a26ff71663a02510bd1e2593a398072956fa06fc42e0020121ad9f72a3e02aec273ed784c4ea39f7678e493e2ccc2a39c43b0a42f23a4d2c9716ead0f0fb0a0cfcd958bba37051544676fcab583199483926f93733f0d1748c5c95c5417bfb14acb75bd33ac286ced06add516a92d3a60a173e17be3c443e51bf6caeb5310b8690e7191d9a6ba78f3284bada4ebc6c00012f3ed126d83a27f6379ed4434b94b480e1d9afa0d355c89850e30da993a50bbc01a6098e31cd5403f266a83129db5a3e00d8bd3ef6e1855d63a34d26c245af43e5b8ec5807f43cd7bef4868fe1d93ff47fe777cdacfd42555eb553dca813b7e33f120c553244f33b5dc654e6e94f1e6b99d45d4a9007d1ffd70f659279b59ecc63cbc9b1180ec85db8258b2eef985bbb01c703be1961eb9748a9b9dbde1b13c2b6d5e5df59ac5c5767670ad4b3fd228cd90dc8c5d5be3368cc08b95328294abae7285c620af048879e9d3218ecf912f13b69af3ab156d42ffd7cd31d1acf3cbbac57588e28c4776bf416f9d2caec644a7e317e69a190e5c10631089f5869066515372bd15f34ace8d5b55da2c15d054192f1aa5fa98bb3d0ce1514356b9b3205077e061700725a3a65c0a6e39c94eab3b90bba76cd3c5788a004698f524afef19b2a8a127be2478f57dbb625426c2bb6e23e6be13dbc3b0f20ce7b43b3e6d84bb2b36b9e14736449117220f7ad29aea81a24d2c5bd8e75a5aa450ef0109baa5947ee256dccab078ad628ff0c0ba9685e4a9fbd3595f1be1b7a8ed21b32a9a4cd43b2109147142981d47d5dbf309b6267d421816bcd6c7d21116edbaea5693f3f63c60084626d46be28329ff6bf90cbbab2fd8bfc871bae67ad3140ca2016500df838ac8f3cb27882ce6f1fb44706f77a93301b43c8202b06b53343c6fd04b0a054c124b8b6cd28fbabd72204aa6466e0bed0db9c23b47b22e4810e8e3c09972b3bca249b311e171065935690308048ea61dbb9c89dcf42c418b72b39b6429e01f1d0caf7bb0c8d17f54eb99a9ad8dbe60bb8c4f6b90b15cc49322a7391426d5bf5b364441b64b372aef412c7d86867b92461533ff4dc0bb42c1f1bb39cb9e6af4f24b204921191680b537738cb6bd9aa31052c1c4f52096a2d234fc251baec4d1637f7c429d2c87c0f001eb4f5719e23b4ba80bc8f896a8837285a06d3e77ea179e176b3b0c0a8dae86655c4fdc3d5d913c011918b346c1dcd8ec418ac5e5c2f867caea30a5079668c39602f637bd251d4fcf7c6f0284ac12b884afecf5ac9ad4f791075f02477936dc007f7c320908aae1d87f976ea36f404652a4a2ef41f4d081b32e68d6b3c1ac01699fa884ffbd395ea04d5f1064d148c39b0715f6d3bf541ba6ae28d153b37db1189f5251b8c1d33703a6b87a0cd9349fded1104a13ef01d368a242b66f4ea81a7d4ecd19784004c9f130ecfcf348287c3297e630b6d6e382a7954b14e167175d302b848866c9fbb0a9b8040ea9a316c75e2c982c95d75d4bb17a8ff97e16146e449912e7d71ce8b8218348164e1e84a8b44d19acebd50d720599430f4d37cfa571f082f819099c64ca6344125665220f656655fa71c1cc7392edd3c92be4346cd9ad0c114bda7ce43b14495c86bf3f45f5593d908491503e58d3eda1aa91e3f88477a9a32c19dcfd0e5dde26d468901496eac60025ff451aea1e966bda85f26a35ceadaf9afd14b9317ba023bd2ea4b00e1ba10d85cf30b427a41886a881c84acedf87856e7cf265dfd3202b91cf16a1ed786f9d6bbe1de5728f039af9c796a6b0297766a81fcc1f9d3aed8a689d96b8f3611f668c2bfca713a452ce7df9a15de535afeacf6cf4af1f31723f3132f29a00cb9fae7885e6f8502568cce019080250f7ca25eaf682e99b2d1b415632b937057dbd49bd86681f0c6349934d790dd5d521d3a0188e1b22a5f4d713ca8ff9b160bbcc11531dfbd78503946d38d72a5972f21d039524e22f4567e2f46fdec67968fec8aae61d3dec608db165d457bf413134b05772cfed083a11dc845a2e047998e1a6119d43b7f4684959e8a482eef570d6c7036dc73b462402d1ed3db76edebbc08493729354ef937220b7ba25f24ac304535e22931ef02086a69d22bb3a4ceabbd524104374836d3ee57794c8ab172159ba78a6069fe66509fdb70a4a0df95b5308c96b88917f4df601a15c149f00589be60f13b58aacf462c4b7afc6bd4c64fb2c739a13789b5d3802d5e2bee40b29532d58604bbceaaf189f75a624a8e6e37131ee04ecd9fb8bddd38a900e4d2685c2972589c250595ff9604cdb65e5307dbb629a770c00b2b7e109c88ad1dd29dce53422eb5ecea58f89123e105f9e78861b1ea2eae270a3a9d561511a743d0b027be69fc7ced56f7fb8a3ff846900739e5ae19c2c8031e2918d2119bc19d3767a2be9bf1b29a87267bc5ba04dd682545bc6d148d52a3ace3407cc0dd16214487bb7e1c06dff779ff3ecceb776e97bf793f094d7ff82c167d41e38513f16a3beb4945f014dfd4082d14b55b9d024ed31f1f769e067eb118a04fb65c84cfcb443b80902a3b67031d2fafe19cedff0d49d2bf9a96bce5479a2410cf96d4968018c1bec809af09c79587e7d5394a4f950d18398f089068e312f79a2a3994d3cdb59006ad7e9fdc10c672679683c1826c74097952913518669640da2b7ee368cc3da761d9621f77bbb1ff43a104afb7d7bedf57c93aca8c2571ecaf845f2571851ef605030f9a96dcc0bc0b526c793c3ab3278bfc594262fede1d2b94be178924ed5a561fb0a1a37a2d7d778a0eb99b5cb4432364d3ccd17012d85fc198487683ff54668da666db7598036170c3bdc97eb8d474462c7ed9bdbe81da552a31f363aad3c44581797dc8b0b89a0a2828f33804ca06aa5ec4505e1b8cc2b340a3ccf1a5e18b8fac7a79331458cd6e8937fabcb60043c9c85371b6fd5452ba5d3e4d23b97917f57cc0eed44aa28f7aa2c2873b4fc3"}, @TIPC_NLA_MEDIA={0x6c1, 0x5, 0x0, 0x1, [@nested={0x155, 0x14e, 0x0, 0x1, [@generic="b4e01969fa66496396769add35b3626bc092443629f404a6d381ab450a7271fec7d944", @generic="35dd6c26a57a4f3c938d59291303570170857f70ff2f9ef88953112c4f3f865bcf6376a7dfc270fff3550a23e35e6735957d9944fb6c5d0fa21050fe54f5676893ddb32f627576dd2bc81080c72162afa6ab8d1412bbd76dfa8396659388b9bcc80b6982a39e425e0b610651bb548de5af365a77816a00992ee092de42a86b30b5b90b1a4e71c1fa9c8f82de074a7d9bf2c88aaba5e9c52b9fa788a19c115ed78496527db81d0cf237614fa01cff1e261654d58e4ba0593e44727e60cfa74beab53c", @typed={0x69, 0x143, 0x0, 0x0, @binary="7474ec04528b85148d932dc32698096f26e9e1ef7e121fd1dd51d3a820289952e7971b1307991af3fa69a879efe3fbebceac3a4623b4886f6eab52544431985e96291527e646ac03fa3cfb67fe515563d91ccbed89585bb8ba4fc5ab10c3e21abdb8239852"}]}, @generic="0388c3c06f2ea8fc141d057dd8d2181b63e2336d5cfda96e093113ca41b3848da1729f3edc14aeea4d91c3ca92954d524cd1301fad2ba97890c9a814236154116416eb52304da1ba89c6f0bea4b4c1badcec20a4a64a4de04eca31d795ae54f2af3280aac5aa19695398654146796ec20b5c6e6e8171b0e458ebc62fa10c469deff606f874b72a78c4984c141e1113b9b8aadea9650a6c90914c6f252f80e0623e05dff23d9dbded95ae3c81cc328e2d4268347648fc7c41c55f75a942788aacb846cd61cb2f6cd408a32bf4265f7a32acc33e4062389b756ee5adbbcf0bce5c26151e84fe5fca75c14ec582774a2b7e635f70c06dc956fe97", @nested={0x2ba, 0x34, 0x0, 0x1, [@nested={0x4, 0x84}, @generic="47bfecb473d57b7ec06210f04ad1e0f5a7b0c03092da1594afac6207d441deb7b576f73f4d992e5a4dc162c31ce95e7e9c11b67b7d8e1f1f6f8b181417b75f3548755388c6cb3aff85324ecd47c512b931e1870d3a270110b03fa7b4c17765737654e25a6c56a67d66543daf41fd05289ee5272a4a7c1967fb89088dad6d4defab4a93dd23ee84ef46034dae", @nested={0x4, 0x148}, @generic="bd3020cb106240464f5c8e2f6647993b9802ad6cd917cedf79924ecc93cebf7d7d819b79dada4cd546eb88e2844263534485336bd1f9937b6b8a2a1774bdb3a1b183c86c0551c19b8a0b8951ea4f8a4fe2f3469ee234ee894852b0ecdc75d074fb113870f668178c949fcc250616dcda9135ea55d58c3c5bf3fa33d8275debec6bb464347b693f8bd1c5e816d987188feba7ca0626964191d142e5c9a5f5e6159c860dd4e0cc793c54344fcde71bce5b221a3ea510bae7f809e48231c2e05704030b20e66329f4ec9e3e85b6a83033247b815b394f19d813b430f60956a338", @generic="d3fc9349d759be9252d3c20de20f0fac69e1bed263dbfd7be17ede774adf04a7016f07ce91b79ff99426fb1242dcb753df75bebf95c1f11507a798b9e0ff7cdf7b1c2fe5733d4efb03feb1ebb985ac1e8ee217c9d052cdbaa3b25a49dbaf686297462489a47124d09497a7060922c6e104a9cf4457a18ec7a9463e7ffec6d1ae25d5cb259c22ff904f2c2ea2d5451e3e89c21daeaee5ed5fcf38fa0fba08cfb894648881507b9c5532cf4e964298a83bc03391a27f5d10d024b28c9bd6de1262f1f58489f6b2513f0c3bc83d9f24a4ec54dc9985c8fdf472a14bb6c7435bcc890ccff69d02a7e5", @nested={0x4, 0x77}, @generic="d1a4adced160cc3ce0df8683569c1706ce4f0af47e9037b0f0faa3f404bd5b12e5e80f3a0fe0f3e27c6d2724c32040f31ad92e8541adb9ddfc7d2dd1efc781c0ff733fad34bb270cc282846c1556da3135e9a34b815d4e16"]}, @generic="22578358647845801718e6438d39cbfb2f07741be6aade9137498fdefc17af89ecbb84f7bbfeea580f52e5c653e6ac140c108aa7fd1cf60f8ed7bb96c87e1afeec9a0415b44d5de2fbed2052c7bab8649c6983f5d17641537b5e63fe8d0323655d1bfdbb06c66da78c0237f41c71a8c585523d09699a210e", @nested={0x138, 0x3d, 0x0, 0x1, [@typed={0x14, 0x7, 0x0, 0x0, @ipv6=@private0}, @nested={0x4, 0xb}, @typed={0x14, 0x56, 0x0, 0x0, @ipv6=@private1}, @typed={0x8, 0x92, 0x0, 0x0, @ipv4=@broadcast}, @typed={0x8, 0x13a, 0x0, 0x0, @u32=0x6}, @nested={0x4, 0x7}, @nested={0x4, 0x9e}, @generic="76ad9db1c564dcec5a303e04dfa5646fb344ea1a9a54d7018758501c1028b3c2f9b042ebb74c088dfa27f6eff71b8acd93e27297c829bd0982299486fe86b7577d7324f14f24e56a522f9d1a325b6bd3a2d17bbc05c38fc86fd63875449a49e35fd75211b84c0ecdb572cd71559cd02d6dbc50b074289b9d560dcb60254a48ef018d228c9a5e15ad9525fed5201a7709dcf3cbd112e05f8e00ddbb67f72eccf9c69412cf542f5a8b86ded1d9c09f7af9f39600bc6cf993b71c9b718d261a6763acae954cd5e7e416f730d5472eadb972da63f5728e477146bdc3de2e79470d06290be9df9d2b856124426a7ad58e616b"]}]}, @TIPC_NLA_PUBL={0x356, 0x3, 0x0, 0x1, [@generic="289435bf72ded0d1e215", @nested={0x10a, 0xdd, 0x0, 0x1, [@typed={0x14, 0x150, 0x0, 0x0, @ipv6=@private1}, @generic="81fc4421cd83c6a7e2c07cfb983feb0a684f1bb3175c7ee86c11f8d875e39b06ff576675c6077856f0b3d2250a4cf22dd5b3092f89369c098b75c73e6312a6e7a4136396bdbca167b83ccb56396426b4f800073d50ccd7a288a3fb8e065fe52d350ae310ae360474f8482076f36d68935c78e4823527889483f1e8c7226f364a97a63a81f51a66fedc49602c372a47abd9a58b92243be37ce96776fec075f11a1a2974b18c78836168b45cba7c73e74eec4d47eff4320cb0e4cd8f939d4988307695372f4d717f196810ec0b86dd1e14bf7947d720d3127daf6f0445670c506015afc0077691f26bd472e97895bcfb72393a"]}, @nested={0x234, 0x131, 0x0, 0x1, [@typed={0x8, 0x1b, 0x0, 0x0, @pid=r9}, @generic="f722c71e60b9151f6b254c10e10fc1bb0869c706b37799ea97455c5ebf973076ab40ed09c9590f40f6ac57eade0d820cebd5cbd97a3d51ed02ac3b05e0b9784afa286252a9a0cd99dc9e9a5ecbfee67b4ebef97b791083f44ebacf2a090c4dc26e6167fe0e007cb5df70f32c4966ecdd8c65fb4738142c37651b651263fce59939e65119c7a97d6bdcfed81e29ecd2a2d5db6fda3da0012148d15dacb42c4880691ed42076e785d61436c374cbd9c3c63a5058dfd921edbd326a231ed4edb9fad73c6d71a92a588ebfca42b1d41f33d185eaa4fad1553bee3fca13222fc074fa65e69c7377997f61", @typed={0x8, 0x14f, 0x0, 0x0, @ipv4=@remote}, @generic="d43f3aa89f571bfa7be1f00f10279913279f8c584ad1c79ec59c0f7f4507cccb0df8e008e716e1672831ce71405ca42b", @generic="924e8c954b3aa535778a1255cfd67e5abefdd28320e6a3a8926d4033791d443b1062b9d8ba7f874bf43af53143c927e2fe7f8b0009c98bfcf5fdf07259a46b422738bd65843145a388ef9292f1647d01df2a76e00c275f827f6146155d8c639c46adbd3da1702b5d223496b010f36a9d73c939431546536153f33ba6555ddbc44544fba07a8f705d50e1d15bb4146ab2804ca4416ffaf588c1d7f94131d9c9b94741", @generic="00d1f81080ee599a5dd326d79312e9cef3d9fc7b9766a6c82567d5870f9469fbe61513822003db1e6fb353ab7cff5ca3e2780ebf820215806f71fbea53eed71da887e8486724089933ab91215a737ab753aa240204b013f68dbcd5e3fd641d680d46fa85ef65"]}, @nested={0x8, 0x155, 0x0, 0x1, [@nested={0x4, 0x100}]}]}, @TIPC_NLA_BEARER={0x108, 0x1, 0x0, 0x1, [@typed={0x4, 0x19}, @nested={0xf7, 0xa2, 0x0, 0x1, [@typed={0x8, 0xc7, 0x0, 0x0, @ipv4=@empty}, @generic="307232ac5249a2d2e811d4ecbe37f9edf8fc2a5bfa9f97035f399fa1266636879c998eb0cbd56449ed9204fb3fc81fbe63054cddcd04bf9aa318abee4e504863e8f0d85b5fe14e1094855ddec9b3911efb5ff0d0faec257896f52fcbab3d172d9fe72212d7296bc4775bab45007fe48ca3cf48d6b93867c711f6c5823b3cdce96404ea34f90889b232a677c77755c323dd32d0ee98a3efd3b2da9419be40a7d1f5e5f559f1917d9759fded43f579a64c3d3e4e1fd45aeb023658d0f712bed917cdf4e36dfd88e5b36c42072b5e1b4a26a5ee5537664c9cdb3a199b", @nested={0x4, 0x6d}, @typed={0x8, 0x30, 0x0, 0x0, @fd=r7}, @nested={0x4, 0x142}]}, @typed={0x8, 0x81, 0x0, 0x0, @ipv4=@multicast2}]}, @TIPC_NLA_BEARER={0x145, 0x1, 0x0, 0x1, [@generic="19795142d0d1be4158df90a08e989c2d18b5479b4a015aff21b60fe78dc8a5fc182d71d090848740d1e94960fa49cd405d6305e63fe4acb3d57aa88c79c7eef1d2b38e96658755aabfb87d7ddf52160f4ab2dc333bdc88e8df8859fd0957a8883a5f2e14cf757e44942bdf05223c125f8dc5a3d63b097ddcb66b5ac155cb0554bc9e1ce426c36cb8c4be1866f4a8e7d9d5c99d6b22d64c52a6a8a2edf576484a2cda6a7fd58055", @generic="2539b9e6857a2310690bdfdf8c7bb9bf2de0770471d9a75566c0ee842bbbbe2d9fb3add73a7ccd0c4d3604ee22ed919e0d0d7de821597c06be081ae9604eeea2d382c4264585184dd41e72f5c0272a04bce86694f9b19343957d2db68725ecf912b9944a28c6a3f86ce50128cdc8859d517dc9d758870486ebea9dbab2bec1d3585e52e2bcaf4dc71ce5c37113d5fce31c9d63a3be569d4e4ecd"]}]}, 0x1d64}}, 0x10) socket(0x1e, 0x4, 0x0) getsockopt$auto_SO_BINDTOIFINDEX(r6, 0x6, 0x3e, 0x0, 0x0) 1.691616865s ago: executing program 2 (id=139): r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/ttyS2\x00', 0x201, 0x0) clock_nanosleep$auto(0x400000, 0x1, 0x0, &(0x7f0000000040)={0x7fff, 0x2}) openat$auto_transactions_fops_(0xffffffffffffff9c, &(0x7f0000001100), 0x40, 0x0) lseek$auto(0x3, 0x20000, 0x1) mmap$auto(0x0, 0x2000c, 0x4000000000df, 0xeb1, 0x401, 0x8000) r1 = io_uring_setup$auto(0x2204, 0x0) pipe$auto(0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) ioctl$auto(r1, 0x4008ae6a, r1) ioctl$auto_TIOCSTI2(r0, 0x5412, &(0x7f0000000040)) 1.321802969s ago: executing program 3 (id=140): sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x4c894}, 0x20008800) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)={0x3c, 0x0, 0x8, 0x70bd2b, 0x25dfdbfd, {}, [@NL80211_ATTR_EPCS={0x4}, @NL80211_ATTR_SCAN_FLAGS={0x8, 0x9e, 0x7f}, @NL80211_ATTR_STA_SUPPORTED_RATES={0x19, 0x13, "12dac3a31fb8066b35cfa2493ddd0cf6bd6a11904f"}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040}, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = fanotify_init$auto(0x65, 0x2) r1 = socket(0x1d, 0x2, 0x2) bpf$auto_BPF_PROG_LOAD(0x5, &(0x7f0000000200)=@bpf_attr_0={0x8000, 0x7, 0x83, 0x6, 0x100, r1, 0x1, "11e1ee51fc5feec1f387069dc15a07da", 0x0, r0, 0x3ff, 0x0, 0x4, 0x101, r0, r1}, 0x5) r3 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000000340), r0) sendmsg$auto_CTRL_CMD_GETPOLICY(r2, &(0x7f0000000440)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x44, r3, 0x0, 0x70bd2a, 0x25dfdbfe, {}, [@CTRL_ATTR_FAMILY_ID={0x6, 0x1, 0x2}, @CTRL_ATTR_OP={0x8, 0xa, 0x8000}, @CTRL_ATTR_FAMILY_ID={0x6, 0x1, 0x4}, @CTRL_ATTR_OP={0x8, 0xa, 0x6}, @CTRL_ATTR_FAMILY_NAME={0xf, 0x2, '}{-.^.},:,\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x20004080}, 0x850) connect$auto(0x3, 0x0, 0x55) socket(0x10, 0x3, 0x6) socketpair$auto(0x1e, 0xb, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0x38}, 0x6, 0x0, 0x4, 0x9}, 0x9}, 0x6, 0x1f00) 1.065404221s ago: executing program 3 (id=141): unshare$auto(0x8000000) semget$auto(0x0, 0x2e4a, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @local}, 0x6a) semtimedop$auto(0x0, &(0x7f0000000000)={0x7, 0x9, 0x36ec}, 0x1f4, 0x0) r0 = socket(0x2b, 0x1, 0x0) ioctl$auto(0x3, 0x80045439, 0xffffffffffffffff) sendmmsg$auto(r0, &(0x7f0000000000)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x5, 0x7}, 0xa}, 0x5, 0x20000000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r1 = io_uring_setup$auto(0x8, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x1a1842, 0x0) socket(0x2, 0x3, 0x100) fstat$auto(0x2, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x20a40, 0x0) mmap$auto(0x0, 0x4020008, 0x2, 0xef1, r1, 0x7fff) r2 = openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000180), 0x40900, 0x0) ioctl$auto_UBI_IOCATT(r2, 0x40186f40, 0x0) r3 = openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/kvm/max_mmu_rmap_size\x00', 0xa2500, 0x0) read$auto_stat_fops_per_vm_kvm_main(r3, 0x0, 0x0) ioctl$auto_UBI_IOCDET(r2, 0x40046f41, 0x0) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nbd8\x00', 0x0, 0x0) ioctl$auto(r4, 0xab0a, 0xffffffffffffffff) ioctl$auto_UBI_IOCDET(r2, 0x40046f41, 0x0) syz_genetlink_get_family_id$auto_tipcv2(0x0, 0xffffffffffffffff) 956.050625ms ago: executing program 0 (id=142): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0xb, 0xfffffdffdfff0005, 0x19) personality$auto(0xc) seccomp$auto(0x3, 0x2, 0x0) 954.045478ms ago: executing program 2 (id=143): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000540), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_GET_RADIO(r0, &(0x7f0000001900)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f0000000280)={0x14, r1, 0xf3e97f51700e57cf, 0x70bd28, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x884}, 0x8020) r2 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r2, 0x107, 0x12, 0x0, 0x4) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), r0) sendmsg$auto_NL80211_CMD_SET_PMK(r2, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0x18, r3, 0x8, 0x70bd2b, 0x25dfdbfd, {}, [@NL80211_ATTR_FILS_CACHE_ID={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x40040}, 0x4800) read$auto(0xffffffffffffffff, 0x0, 0x7f) mmap$auto(0x3, 0x400008, 0xdf, 0x10009b72, 0xffffffffffffffff, 0x0) r4 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, 0x0, 0x40, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001340), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r5, &(0x7f0000001400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r6, @ANYBLOB="01002bbd7000fcdbdf2504"], 0x20}, 0x1, 0x0, 0x0, 0x24040000}, 0x18800) fadvise64$auto_POSIX_FADV_NORMAL(r4, 0x9, 0x769, 0x0) r7 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000340), 0xffffffffffffffff) semctl$auto_SETVAL(0x7fffffff, 0x3, 0x10, 0x8) sendmsg$auto_NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000540)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="01002dbd6feffbdbdf25010000000800010021100000040007800c0002000100000000000000"], 0x2c}, 0x1, 0x0, 0x0, 0x40080}, 0x20040000) read$auto(r0, 0x0, 0x3) 809.671556ms ago: executing program 3 (id=144): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x0) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) r0 = io_uring_setup$auto(0x5b, &(0x7f0000000080)={0x7fffffff, 0xe, 0x2, 0x6, 0x5, 0x8, 0xffffffffffffffff, [], {0xd74c, 0x10010, 0x1, 0x29f, 0x100, 0xfff, 0x101, 0x6, 0x2}, {0xfb, 0x1001, 0x6, 0x7, 0x1, 0x40, 0x176c5, 0x400005, 0x10000000a}}) r1 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000240)='/dev/binderfs/binder0\x00', 0x80000, 0x0) r2 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/pcmC1D0c\x00', 0x0, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_STATUS642(r2, 0x80984120, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, 0x0, 0x40000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) r3 = prctl$auto(0x3e, 0x20000000001, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0xe8, 0x9, 0xffffffffffffffff, 0x1, 0x5, 0x4, 0x15f4da0e, 0xffffffff, 0x9, 0x100000000000000c, 0x8, 0xfffffffffffffffe, 0xfca, 0x9, 0x2, 0x4000000000000d]}, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, r1, 0x8000) setns(r0, 0x0) close_range$auto(0x2, 0x8000, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000340), r3) sendmsg$auto_NL80211_CMD_GET_WOWLAN(r3, 0x0, 0x40001) io_uring_setup$auto(0x6, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x106) writev$auto(0x8000, &(0x7f0000000040)={0x0, 0x1000000000004}, 0x2bc) io_uring_register$auto(0x2, 0x16, &(0x7f0000000040), 0x1) 481.39586ms ago: executing program 2 (id=145): socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) setsockopt$auto(0x3, 0x10000000084, 0x10, 0x0, 0x8) r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) (async) recvfrom$auto(0x3, 0x0, 0x800000000e, 0xa00, 0x0, 0xfffffffffffffffd) r1 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x24, r1, 0x374fe8f90a251713, 0x70bd29, 0x25dfdbfe, {0x3, 0x0, 0xf000}, [@OVS_DP_ATTR_NAME={0xe, 0x1, '/dev/cec4\x00'}]}, 0x24}, 0x1, 0x0, 0x0, 0x20044011}, 0x20000008) (async, rerun: 64) socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000240)='/dev/fb0\x00', 0x2a082, 0x0) (async) mmap$auto(0x0, 0x20009, 0x4000000001df, 0xeb1, 0x401, 0x8000) (async, rerun: 64) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/acpi/wakeup\x00', 0x101200, 0x0) (rerun: 64) ioctl$auto_XFS_IOC_COMMIT_RANGE(r2, 0x40585883, &(0x7f0000000140)={0xffffffffffffffff, 0x0, 0xc3, 0x5, 0x3, 0x8, [0x2, 0x9, 0xf, 0x1, 0x200, 0x96]}) (async) open(&(0x7f0000000100)='./file0\x00', 0x161342, 0x13f) (async, rerun: 64) lsetxattr$auto(&(0x7f0000000d40)='./file0\x00', &(0x7f0000000280)='security.caility\xf6\x06\xa1\xcd\xd3<\x81\a(\xa2f*\xaf\xc8\x02\xe9\x14\x8fE2k\x19{\xd4\xf2\xdf\x80\x9c\x87\x86\xde20\x8e\x1cN\xd40\xd3Z\xf3K\x98vW\x7f\x94Z\x0e>\x85S&\xe5\x96\xce\xf15\xb3v\xa8R\x05\x94\x8c\x1df\x11\xbd\xd0\x7fu\xc7{\xe1\xff\xff\xc4\xbb\x17\xd5\xee\xd8\x143\xed\xc4|\xd3\f\x05\f\x95\xce\xbf9\xc8\xf1m\x96\xa3\xc0\xf29\x8b\x02\x89\xed`\xb4\xcb\xb3O\x97X\xe3\xd0j\xa5\xd0\x9e*\xf9|\xd9\xc2\xf4X\xc9[\xfa\xcf\xa3\xeb\x05EOgaA\xb1@f\x93F0\x8cR\xc5\xb6\x16\xfa\xe7\x13\x00\x02\xf4\x80\xe3\xd2\xf4MP\x87vB\xefJ\xeb\xb3\\\x88\x18` \xca\x8faI\x89\xb6\x91\x1ae\xd2\xad\xbe\xb3\xe6\bX]\xd7\x81.\xd2\xed\xc4\x9f\xb5~\xb4\xc6^\x97\xc3\xa2\x16\x99\xfc\x00_\xe6\xb0G\xe9`\xb4+2\x93\n9 EU\x1e\xb4\xbeVt\x89\xf9\xc7\xe1`4O\x00\x00\x00\x00\xa5\xe0\xf5\xb2\x00\x00t\x10\"\x15\xbc\xdb\x92\xff\xa7\xe1Vv\xe5*\xc5\xe1r\xf5\xa4Cw\x1c/?\xbcn\xe3\x8aX\xfc\xe9,\xca,9\xda\xad\x87\xb1\xb2\xff#\xa1Yi\xd3\x17l6\xa0\xd8\x1b\xad8\a\xfc%\xa6(\xcb\x97(\x16\x81\xbf\xc6\xdbw\x13!\xc9\xc6\xc3\xfbc\xfe\x83\xcd\x16 e\xcd\x91y@\xe2\xd8{\xec\xbb\xbb\x1d5\t\xed>\xa9&\xce\xfc\xab[\xae\xa1\x94\b\xcc/-\x12\x8d\x84K\xf0\xd0\x0f\x13)\x17CI\xb7\xf35\xfc\xe8(\xfa\t2\xafQ8}\xd8\xbb\xe4nlR\xf8\xc9\xf2\xa3\xe5\x83\r\t\xb96d\xd6\x1e\xbd*\xa4\xc9\xcbE2\xe9\x81\xc3\xc3\x8a\x15\xcb\xf2\x03\x00\x00\x00\x00\x00\x00\x00!dJ+\xd2\x01#v\xd8BgB`\x8alP\r\x04\xce\x04$\xaag\xb6\xdb6-0>\xb3u\xd4\xdb\xd8~\xb0\f\xd0\xa9\x9e\xa0\xc7\xf7\'\x8d\xab\xae\x035\xa8f\xe5\xfe\xfc\xc0\xb1rR\xae54\x13\x1c8=\x92\xc3=w\x89\xbb\xfb)\x94p\xc18`G', &(0x7f0000001340), 0x2, 0x0) (rerun: 64) mmap$auto(0x0, 0x4, 0xdf, 0x9b72, 0xffffffffffffffff, 0x28000) r4 = socket(0xa, 0x1, 0x84) write$auto_fops_u32_ro_(r3, &(0x7f00000004c0)="205ffeac3c9210534c6598e220fb53aaaca4536fc1472cf041163b3d1959f8c1ba73a1828f2006b811a2e6ff7f2adda0450ff27c48efcbef86d803bea91b9aa5ec275675ee05e3da64e3a6b929117fb6489165eb14021fc9d9f4096b3cf01ef04981", 0x62) (async) statmount$auto(0x0, &(0x7f0000000180)={0x49, 0x4000001, 0x6, 0x1, 0x89, 0x7181, 0x3ffde, 0xbb41, 0x10, 0x9, 0x80006, 0x80803, 0x4, 0x11ffffffffff9, 0x85, 0xfffffffffffffffe, 0x9, 0x50007, 0x2, 0xd, 0x0, 0x80000001, 0x10000, 0x202, 0x9, 0x8000, 0x0, 0x0, 0x7fffffff, 0x3, 0xfffffffc, [0x1, 0x0, 0x0, 0x0, 0xd, 0xfff, 0x3, 0x2, 0x7, 0x6, 0x2, 0x0, 0x0, 0x400000004, 0x3, 0x2000000800000000, 0x3, 0x0, 0x0, 0xfffffffffffffffe, 0x6, 0xfffffffffffffffe, 0x3, 0x4, 0x6, 0x0, 0x0, 0x20000000, 0x2, 0x0, 0x0, 0x0, 0x800000009, 0x0, 0x4, 0xffffffffffffffff, 0x6, 0x0, 0x1000000000000001, 0x7ff, 0xbffffffffffffffd, 0xfffffffffffffffc, 0x6]}, 0x1fe, 0xd) r5 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) ioctl$auto__ctl_fops_dm_ioctl(r5, 0xfffffffffffffd02, &(0x7f00000001c0)) (async) getsockopt$auto(r4, 0x84, 0x1b, 0x0, 0x0) ioctl$auto_TUNSETCARRIER(r3, 0x400454e2, &(0x7f00000001c0)=0x6) mmap$auto(0x6, 0xc, 0xc6ff, 0x13, 0xffffffffffffffff, 0x7b) (async) openat$auto_proc_pid_numa_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/numa_maps\x00', 0x480400, 0x0) (async) select$auto(0x1000000d, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x7, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x2, 0x62, 0x80000000, 0x0, 0x5, 0x78, 0xa, 0xfffffffffffffffe]}, 0x0) (async, rerun: 32) r6 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/nfs/exports\x00', 0x400, 0x0) (rerun: 32) pread64$auto(r6, 0x0, 0x1ff, 0x8800000000) (async, rerun: 32) readv$auto(0x3, &(0x7f00000002c0)={0x0, 0x1}, 0x7) (rerun: 32) openat2$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0/file0\x00', &(0x7f00000000c0)={0x614c00, 0x139, 0x11}, 0x18) 0s ago: executing program 1 (id=146): unshare$auto(0x40000080) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/mtdblock0\x00', 0x14fe02, 0x0) getsockopt$auto_SO_BSDCOMPAT(r0, 0x3, 0xe, &(0x7f00000000c0)='*\\\x00', &(0x7f0000000180)=0x40) preadv2$auto(r0, &(0x7f0000000040)={0x0, 0x68f}, 0x6, 0xffffffffffffffff, 0x8000000000000, 0x2f) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) listen$auto(r0, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttynull\x00', 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x3, 0x66) madvise$auto(0x0, 0x20000a, 0x8) mmap$auto(0x0, 0x6, 0x3, 0xeb1, 0x7, 0x8000) futex$auto(0x0, 0x85, 0x38, 0x0, 0x0, 0x80800005) r1 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x68082, 0x0) ioctl$auto_BLKPG2(r1, 0x1269, 0x0) ioctl$auto_MEMGETINFO(r1, 0x80204d01, 0x0) openat$auto_tracing_fops_trace(0xffffffffffffff9c, 0x0, 0x40200, 0x0) socket(0x22, 0x3, 0x0) ioctl$auto(0xffffffffffffffff, 0x40104d01, 0xffffffffffffffff) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000002dc0)='/dev/adsp1\x00', 0x2401, 0x0) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20342, 0x0) write$auto(r2, &(0x7f0000000100)='/dev/audio1\x00\xf6\x89\t\xb6t\xae\x12Q\x15E O\xd8\x8d/\xd9\x13\v_\xbcTd\xe0DS\xef?f\xf1ou\xa4W&^\x80\xb2}\x96K\x16*\xa0\x10[8\xa3\x86\x9a3\xc1\xf7\x89x; 4\x8d,U\xa2\xd8\xd5\xfd\xf8\xd8\xb0\xe0W\xad\xe7\x05l*\xc5Z\x8d\xc88}n\x81\tK\x00\x12\xae\xff\xe5\xf1\xb5w\x81$\xd4\xca\xbe&\x195\xc1\xda>\x8c\x89P\xa1\xdb\xb4g9E\xc8\x92\xf6m\x1c\x9b\xebAzeI\xcb\x16f\xc0@\x978x\xbe\x15\'\xc6d}\xc2\xd3\x9f\xc5F8\x15f\x90\xa2\x84', 0x6051) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0xb58, 0x402000f, 0x4af, 0xf2, 0x401, 0x8000) r3 = open(&(0x7f0000000000)='./file0\x00', 0x621c2, 0x84) read$auto(0x3, 0x0, 0xfffffdef) syz_genetlink_get_family_id$auto_seg6(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_EXT4_IOC_MOVE_EXT(r3, 0xc028660f, &(0x7f0000000100)={0xfffffeff, r4, 0x80000000, 0x2, 0x1}) connect$auto(r5, &(0x7f00000002c0)=@vsock={0x28, 0x0, 0x2711, @hyper}, 0x6) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.82' (ED25519) to the list of known hosts. syzkaller login: [ 73.531276][ T5612] cgroup: Unknown subsys name 'net' [ 73.651889][ T5612] cgroup: Unknown subsys name 'cpuset' [ 73.660237][ T5612] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 75.129619][ T5612] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 76.846195][ T5635] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 76.855040][ T5635] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 76.864738][ T5635] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 76.867204][ T5637] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 76.872773][ T5635] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 76.887263][ T5636] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 76.888587][ T5635] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 76.897147][ T5636] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 76.903313][ T5635] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 76.910088][ T5636] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 76.916510][ T5635] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 76.924162][ T5636] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 76.937842][ T5635] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 76.938320][ T5636] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 76.949465][ T5631] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 76.953602][ T5636] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 76.959421][ T5631] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 76.973873][ T5636] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 76.976283][ T5631] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 76.988259][ T50] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 78.385280][ T5624] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.393451][ T5624] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.401322][ T5624] bridge_slave_0: entered allmulticast mode [ 78.409590][ T5624] bridge_slave_0: entered promiscuous mode [ 78.419479][ T5624] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.426609][ T5624] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.434249][ T5624] bridge_slave_1: entered allmulticast mode [ 78.445107][ T5624] bridge_slave_1: entered promiscuous mode [ 78.495001][ T5625] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.502247][ T5625] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.509428][ T5625] bridge_slave_0: entered allmulticast mode [ 78.516314][ T5625] bridge_slave_0: entered promiscuous mode [ 78.552297][ T5625] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.559671][ T5625] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.566776][ T5625] bridge_slave_1: entered allmulticast mode [ 78.573954][ T5625] bridge_slave_1: entered promiscuous mode [ 78.592256][ T5624] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.627989][ T5624] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.674310][ T5625] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.705630][ T5625] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.726280][ T5624] team0: Port device team_slave_0 added [ 78.763506][ T5624] team0: Port device team_slave_1 added [ 78.787490][ T5623] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.794775][ T5623] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.802233][ T5623] bridge_slave_0: entered allmulticast mode [ 78.809464][ T5623] bridge_slave_0: entered promiscuous mode [ 78.824776][ T5626] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.832076][ T5626] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.839584][ T5626] bridge_slave_0: entered allmulticast mode [ 78.846507][ T5626] bridge_slave_0: entered promiscuous mode [ 78.856515][ T5625] team0: Port device team_slave_0 added [ 78.862927][ T5623] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.870248][ T5623] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.877701][ T5623] bridge_slave_1: entered allmulticast mode [ 78.884723][ T5623] bridge_slave_1: entered promiscuous mode [ 78.900630][ T5626] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.907757][ T5626] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.916108][ T5626] bridge_slave_1: entered allmulticast mode [ 78.923371][ T5626] bridge_slave_1: entered promiscuous mode [ 78.932229][ T5625] team0: Port device team_slave_1 added [ 78.946843][ T5624] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.953894][ T5624] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.980511][ T5624] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.998990][ T5628] Bluetooth: hci3: command tx timeout [ 79.005146][ T4941] Bluetooth: hci0: command tx timeout [ 79.025292][ T5624] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.032407][ T5624] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.058353][ T5624] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.078896][ T4941] Bluetooth: hci1: command tx timeout [ 79.085175][ T5628] Bluetooth: hci2: command tx timeout [ 79.093996][ T5623] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.113157][ T5626] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.126390][ T5625] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.133457][ T5625] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.159794][ T5625] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.173028][ T5623] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.194916][ T5626] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.204596][ T5625] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.211845][ T5625] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.237848][ T5625] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.305533][ T5624] hsr_slave_0: entered promiscuous mode [ 79.312351][ T5624] hsr_slave_1: entered promiscuous mode [ 79.321368][ T5623] team0: Port device team_slave_0 added [ 79.337905][ T5626] team0: Port device team_slave_0 added [ 79.346286][ T5626] team0: Port device team_slave_1 added [ 79.353817][ T5623] team0: Port device team_slave_1 added [ 79.430073][ T5625] hsr_slave_0: entered promiscuous mode [ 79.436517][ T5625] hsr_slave_1: entered promiscuous mode [ 79.442760][ T5625] debugfs: 'hsr0' already exists in 'hsr' [ 79.448716][ T5625] Cannot create hsr debugfs directory [ 79.461900][ T5626] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.469143][ T5626] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.495497][ T5626] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.508140][ T5623] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.515093][ T5623] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.541521][ T5623] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.553850][ T5623] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.561086][ T5623] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.587154][ T5623] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.606856][ T5626] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.614198][ T5626] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.640301][ T5626] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.791446][ T5626] hsr_slave_0: entered promiscuous mode [ 79.797761][ T5626] hsr_slave_1: entered promiscuous mode [ 79.804125][ T5626] debugfs: 'hsr0' already exists in 'hsr' [ 79.810141][ T5626] Cannot create hsr debugfs directory [ 79.820805][ T5623] hsr_slave_0: entered promiscuous mode [ 79.826966][ T5623] hsr_slave_1: entered promiscuous mode [ 79.833144][ T5623] debugfs: 'hsr0' already exists in 'hsr' [ 79.839332][ T5623] Cannot create hsr debugfs directory [ 80.170095][ T5624] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 80.181779][ T5624] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 80.189899][ T5624] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 80.199997][ T5624] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 80.225417][ T5624] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 80.235464][ T5624] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 80.243314][ T5624] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 80.253891][ T5624] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 80.320043][ T5625] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 80.332321][ T5625] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 80.341454][ T5625] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 80.350384][ T5625] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 80.372692][ T5625] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 80.382674][ T5625] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 80.390976][ T5625] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 80.402390][ T5625] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 80.472876][ T5626] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 80.482651][ T5626] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 80.492794][ T5626] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 80.502469][ T5626] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 80.518610][ T5626] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 80.528635][ T5626] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 80.536785][ T5626] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 80.546290][ T5626] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 80.622886][ T5623] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 80.632784][ T5623] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 80.647248][ T5623] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 80.657249][ T5623] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 80.665239][ T5623] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 80.674601][ T5623] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 80.683811][ T5623] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 80.693324][ T5623] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 80.761367][ T5624] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.812774][ T5624] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.840431][ T115] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.847844][ T115] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.877094][ T57] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.884212][ T57] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.917864][ T5625] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.956828][ T5625] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.991229][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.998441][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.022152][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.029287][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.046044][ T5626] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.083232][ T5623] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.090964][ T5628] Bluetooth: hci0: command tx timeout [ 81.096388][ T4941] Bluetooth: hci3: command tx timeout [ 81.125649][ T5626] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.155617][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.162818][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.171586][ T4941] Bluetooth: hci2: command tx timeout [ 81.171604][ T5628] Bluetooth: hci1: command tx timeout [ 81.214009][ T115] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.221215][ T115] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.233637][ T5623] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.297950][ T57] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.305080][ T57] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.347462][ T57] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.354606][ T57] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.036244][ T5624] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.190716][ T5624] veth0_vlan: entered promiscuous mode [ 82.231940][ T5625] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.254350][ T5624] veth1_vlan: entered promiscuous mode [ 82.351073][ T5624] veth0_macvtap: entered promiscuous mode [ 82.380668][ T5625] veth0_vlan: entered promiscuous mode [ 82.399179][ T5624] veth1_macvtap: entered promiscuous mode [ 82.444893][ T5625] veth1_vlan: entered promiscuous mode [ 82.470290][ T5626] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.497131][ T5624] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 82.517519][ T5623] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.533426][ T5624] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 82.556741][ T182] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.566315][ T182] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.584590][ T182] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.593731][ T182] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.676696][ T5625] veth0_macvtap: entered promiscuous mode [ 82.711068][ T5626] veth0_vlan: entered promiscuous mode [ 82.723059][ T5625] veth1_macvtap: entered promiscuous mode [ 82.762895][ T5623] veth0_vlan: entered promiscuous mode [ 82.776911][ T115] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.785061][ T115] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.795969][ T5626] veth1_vlan: entered promiscuous mode [ 82.815458][ T5625] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 82.850287][ T5625] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 82.860354][ T5623] veth1_vlan: entered promiscuous mode [ 82.876400][ T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.884591][ T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.902742][ T115] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.913663][ T115] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.924898][ T115] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.953068][ T115] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.967536][ T5624] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 83.031398][ T5626] veth0_macvtap: entered promiscuous mode [ 83.069033][ T5626] veth1_macvtap: entered promiscuous mode [ 83.124184][ T5623] veth0_macvtap: entered promiscuous mode [ 83.154663][ T5623] veth1_macvtap: entered promiscuous mode [ 83.162108][ T5628] Bluetooth: hci0: command tx timeout [ 83.168803][ T5628] Bluetooth: hci3: command tx timeout [ 83.196573][ T182] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.217455][ T182] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.239004][ T5628] Bluetooth: hci1: command tx timeout [ 83.248899][ T5628] Bluetooth: hci2: command tx timeout [ 83.255176][ T5626] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.307608][ T5626] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.317947][ T5623] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.331028][ T115] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.348903][ T115] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.373697][ T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.395861][ T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.411829][ T5623] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.443347][ T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.466796][ T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.513663][ T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.523562][ T13] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.598844][ T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.655707][ T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.596475][ T5775] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 84.614270][ T5775] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 84.631813][ T5775] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 84.642186][ T5775] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 84.652997][ T5775] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 84.665733][ T5775] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 84.692135][ T5775] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 84.698906][ T5775] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 84.711458][ T5775] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 84.725541][ T5775] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 84.733020][ T5775] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 84.741758][ T5775] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 84.862185][ T115] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.890251][ T115] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.945800][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.959597][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.013494][ T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.039819][ T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.152428][ T182] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.174906][ T182] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.798768][ T5628] Bluetooth: hci2: command 0x0c1a tx timeout [ 86.297261][ T5814] netlink: 24 bytes leftover after parsing attributes in process `syz.2.10'. [ 86.389763][ T5811] mmap: syz.0.9 (5811) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 86.431714][ T5811] process 'syz.0.9' launched './file0' with NULL argv: empty string added [ 86.679465][ T5628] Bluetooth: hci0: command 0x0c1a tx timeout [ 86.759804][ T5628] Bluetooth: hci1: command 0x0c1a tx timeout [ 86.759865][ T4941] Bluetooth: hci3: command 0x0c1a tx timeout [ 86.782037][ T5826] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(9.0.12), cmd(7) [ 87.003536][ T5827] program syz.2.13 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 87.370583][ T5839] FAULT_INJECTION: forcing a failure. [ 87.370583][ T5839] name failslab, interval 1, probability 0, space 0, times 1 [ 87.487662][ T5839] CPU: 0 UID: 0 PID: 5839 Comm: syz.0.15 Not tainted syzkaller #0 PREEMPT(full) [ 87.487701][ T5839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 87.487732][ T5839] Call Trace: [ 87.487742][ T5839] [ 87.487753][ T5839] dump_stack_lvl+0x100/0x190 [ 87.487792][ T5839] should_fail_ex.cold+0x5/0xa [ 87.487829][ T5839] should_failslab+0xc2/0x120 [ 87.487863][ T5839] __kmalloc_node_noprof+0xe6/0x850 [ 87.487908][ T5839] ? alloc_slab_obj_exts+0xae/0x270 [ 87.487956][ T5839] alloc_slab_obj_exts+0xae/0x270 [ 87.488003][ T5839] __memcg_slab_post_alloc_hook+0x3c2/0xff0 [ 87.488047][ T5839] ? kasan_save_track+0x14/0x30 [ 87.488076][ T5839] kmem_cache_alloc_noprof+0x58a/0x6e0 [ 87.488117][ T5839] ? copy_net_ns+0xe8/0x7c0 [ 87.488159][ T5839] copy_net_ns+0xe8/0x7c0 [ 87.488190][ T5839] ? copy_cgroup_ns+0x71/0x970 [ 87.488221][ T5839] create_new_namespaces+0x3ea/0xac0 [ 87.488269][ T5839] unshare_nsproxy_namespaces+0xf2/0x220 [ 87.488311][ T5839] ksys_unshare+0x438/0xab0 [ 87.488355][ T5839] ? __pfx_ksys_unshare+0x10/0x10 [ 87.488396][ T5839] ? xfd_validate_state+0x129/0x190 [ 87.488438][ T5839] __x64_sys_unshare+0x31/0x40 [ 87.488479][ T5839] do_syscall_64+0x10b/0xf80 [ 87.488515][ T5839] ? clear_bhb_loop+0x40/0x90 [ 87.488550][ T5839] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.488579][ T5839] RIP: 0033:0x7fbb9499cdd9 [ 87.488602][ T5839] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 87.488635][ T5839] RSP: 002b:00007fbb957cf028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 87.488666][ T5839] RAX: ffffffffffffffda RBX: 00007fbb94c16180 RCX: 00007fbb9499cdd9 [ 87.488686][ T5839] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 87.488704][ T5839] RBP: 00007fbb94a32d69 R08: 0000000000000000 R09: 0000000000000000 [ 87.488727][ T5839] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 87.488745][ T5839] R13: 00007fbb94c16218 R14: 00007fbb94c16180 R15: 00007ffd7a2a0418 [ 87.488783][ T5839] [ 87.879770][ T4941] Bluetooth: hci2: command 0x0c1a tx timeout [ 87.895921][ T5847] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 88.769678][ T4941] Bluetooth: hci0: command 0x0c1a tx timeout [ 88.838666][ T4941] Bluetooth: hci1: command 0x0c1a tx timeout [ 88.846567][ T4941] Bluetooth: hci3: command 0x0c1a tx timeout [ 89.959172][ T4941] Bluetooth: hci2: command 0x0c1a tx timeout [ 90.564860][ T5874] netlink: 'syz.3.23': attribute type 11 has an invalid length. [ 90.587114][ T5874] netlink: 'syz.3.23': attribute type 11 has an invalid length. [ 90.603676][ T5874] netlink: 'syz.3.23': attribute type 11 has an invalid length. [ 90.838181][ T4941] Bluetooth: hci0: command 0x0c1a tx timeout [ 90.931390][ T4941] Bluetooth: hci3: command 0x0c1a tx timeout [ 90.931435][ T4941] Bluetooth: hci1: command 0x0c1a tx timeout [ 91.429453][ T5874] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 91.915204][ T10] cfg80211: failed to load regulatory.db [ 92.066660][ T5904] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 92.333974][ T5628] Bluetooth: hci0: unexpected subevent 0x01 length: 120 > 18 [ 92.334399][ T5910] vivid-008: ================= START STATUS ================= [ 92.388195][ T5910] vivid-008: ================== END STATUS ================== [ 92.644255][ T5911] random: crng reseeded on system resumption [ 94.359166][ T4941] Bluetooth: hci0: command 0x0c1a tx timeout [ 95.181476][ T5628] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 95.197261][ T5940] futex_wake_op: syz.1.34 tries to shift op by -2048; fix this program [ 95.263289][ T5942] random: crng reseeded on system resumption [ 95.288510][ T5940] futex_wake_op: syz.1.34 tries to shift op by -2048; fix this program [ 95.653578][ T5948] sg_write: data in/out 262108/45 bytes for SCSI command 0x61-- guessing data in; [ 95.653578][ T5948] program syz.0.36 not setting count and/or reply_len properly [ 96.438844][ T5628] Bluetooth: hci0: command 0x0c1a tx timeout [ 98.351148][ T29] audit: type=1804 audit(1777826151.715:2): pid=5996 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.44" name="/newroot/10/file0" dev="tmpfs" ino=70 res=1 errno=0 [ 98.375162][ T5994] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 98.504575][ T5994] netlink: 504 bytes leftover after parsing attributes in process `syz.2.42'. [ 98.825635][ T5998] netlink: 504 bytes leftover after parsing attributes in process `syz.2.42'. [ 103.811510][ T6088] FAULT_INJECTION: forcing a failure. [ 103.811510][ T6088] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 103.834573][ T6088] CPU: 1 UID: 0 PID: 6088 Comm: syz.0.58 Not tainted syzkaller #0 PREEMPT(full) [ 103.834610][ T6088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 103.834636][ T6088] Call Trace: [ 103.834645][ T6088] [ 103.834655][ T6088] dump_stack_lvl+0x100/0x190 [ 103.834690][ T6088] should_fail_ex.cold+0x5/0xa [ 103.834726][ T6088] _copy_from_user+0x2e/0xd0 [ 103.834771][ T6088] memdup_user+0x6b/0xe0 [ 103.834802][ T6088] strndup_user+0x78/0xe0 [ 103.834834][ T6088] __x64_sys_mount+0x17f/0x310 [ 103.834874][ T6088] ? __pfx___x64_sys_mount+0x10/0x10 [ 103.834915][ T6088] ? rcu_is_watching+0x12/0xc0 [ 103.834950][ T6088] do_syscall_64+0x10b/0xf80 [ 103.834984][ T6088] ? clear_bhb_loop+0x40/0x90 [ 103.835015][ T6088] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.835042][ T6088] RIP: 0033:0x7fbb9499cdd9 [ 103.835073][ T6088] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 103.835099][ T6088] RSP: 002b:00007fbb95811028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 103.835124][ T6088] RAX: ffffffffffffffda RBX: 00007fbb94c15fa0 RCX: 00007fbb9499cdd9 [ 103.835143][ T6088] RDX: 0000200000000140 RSI: 0000000000000000 RDI: 0000200000000080 [ 103.835159][ T6088] RBP: 00007fbb94a32d69 R08: 0000200000000180 R09: 0000000000000000 [ 103.835175][ T6088] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 103.835190][ T6088] R13: 00007fbb94c16038 R14: 00007fbb94c15fa0 R15: 00007ffd7a2a0418 [ 103.835224][ T6088] [ 105.303479][ T6111] Zero length message leads to an empty skb [ 106.019771][ T6121] netlink: 'syz.1.65': attribute type 10 has an invalid length. [ 106.028170][ T6121] netlink: 330 bytes leftover after parsing attributes in process `syz.1.65'. [ 106.099683][ T6123] FAULT_INJECTION: forcing a failure. [ 106.099683][ T6123] name fail_futex, interval 1, probability 0, space 0, times 1 [ 106.112832][ T6123] CPU: 0 UID: 0 PID: 6123 Comm: syz.0.66 Not tainted syzkaller #0 PREEMPT(full) [ 106.112881][ T6123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 106.112899][ T6123] Call Trace: [ 106.112909][ T6123] [ 106.112919][ T6123] dump_stack_lvl+0x100/0x190 [ 106.112958][ T6123] should_fail_ex.cold+0x5/0xa [ 106.112995][ T6123] get_futex_key+0x1d2/0x1510 [ 106.113029][ T6123] ? __pfx_get_futex_key+0x10/0x10 [ 106.113059][ T6123] ? blk_finish_plug+0x83/0xa0 [ 106.113091][ T6123] ? madvise_do_behavior+0x1fc/0x510 [ 106.113131][ T6123] futex_wake+0xea/0x530 [ 106.113167][ T6123] ? __pfx___up_read+0x10/0x10 [ 106.113198][ T6123] ? madvise_unlock+0x172/0x220 [ 106.113233][ T6123] ? __pfx_futex_wake+0x10/0x10 [ 106.113275][ T6123] ? madvise_unlock+0xa9/0x220 [ 106.113316][ T6123] do_futex+0x32b/0x350 [ 106.113347][ T6123] ? __pfx_do_futex+0x10/0x10 [ 106.113382][ T6123] ? __pfx_do_set_mempolicy+0x10/0x10 [ 106.113418][ T6123] __x64_sys_futex+0x34f/0x4d0 [ 106.113454][ T6123] ? __pfx___x64_sys_futex+0x10/0x10 [ 106.113492][ T6123] ? rcu_is_watching+0x12/0xc0 [ 106.113530][ T6123] do_syscall_64+0x10b/0xf80 [ 106.113567][ T6123] ? clear_bhb_loop+0x40/0x90 [ 106.113602][ T6123] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.113631][ T6123] RIP: 0033:0x7fbb9499cdd9 [ 106.113655][ T6123] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 106.113681][ T6123] RSP: 002b:00007fbb958110e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 106.113708][ T6123] RAX: ffffffffffffffda RBX: 00007fbb94c15fa8 RCX: 00007fbb9499cdd9 [ 106.113727][ T6123] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fbb94c15fac [ 106.113744][ T6123] RBP: 00007fbb94c15fa0 R08: 0000000000000001 R09: 0000000000000000 [ 106.113762][ T6123] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 106.113778][ T6123] R13: 00007fbb94c16038 R14: 00007ffd7a2a0330 R15: 00007ffd7a2a0418 [ 106.113814][ T6123] [ 106.413237][ T6112] kexec: Could not allocate control_code_buffer [ 106.750031][ T6129] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 108.557942][ T29] audit: type=1800 audit(1777826161.925:3): pid=6151 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.71" name="features" dev="configfs" ino=10251 res=0 errno=0 [ 109.318293][ T57] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.657949][ T6188] random: crng reseeded on system resumption [ 109.960665][ T6188] hub 1-0:1.0: USB hub found [ 109.973951][ T6188] hub 1-0:1.0: 1 port detected [ 110.369570][ T6179] kexec: Could not allocate control_code_buffer [ 110.657335][ T6209] netlink: 8 bytes leftover after parsing attributes in process `syz.3.78'. [ 112.660415][ T6238] netlink: 2468 bytes leftover after parsing attributes in process `syz.3.84'. [ 112.704082][ T6232] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 112.741240][ T6243] netlink: 2468 bytes leftover after parsing attributes in process `syz.3.84'. [ 112.765099][ T6232] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 112.810194][ T6232] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 112.844897][ T6232] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 112.907286][ T6232] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 113.938348][ T6276] FAULT_INJECTION: forcing a failure. [ 113.938348][ T6276] name failslab, interval 1, probability 0, space 0, times 0 [ 113.972618][ T6276] CPU: 0 UID: 0 PID: 6276 Comm: syz.0.91 Not tainted syzkaller #0 PREEMPT(full) [ 113.972658][ T6276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 113.972675][ T6276] Call Trace: [ 113.972684][ T6276] [ 113.972694][ T6276] dump_stack_lvl+0x100/0x190 [ 113.972747][ T6276] should_fail_ex.cold+0x5/0xa [ 113.972783][ T6276] should_failslab+0xc2/0x120 [ 113.972815][ T6276] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 113.972857][ T6276] ? skb_clone+0x190/0x400 [ 113.972892][ T6276] skb_clone+0x190/0x400 [ 113.972922][ T6276] netlink_deliver_tap+0xaed/0xcc0 [ 113.972973][ T6276] netlink_unicast+0x62b/0x850 [ 113.973014][ T6276] ? __pfx_netlink_unicast+0x10/0x10 [ 113.973057][ T6276] netlink_sendmsg+0x8b0/0xda0 [ 113.973097][ T6276] ? __pfx_netlink_sendmsg+0x10/0x10 [ 113.973135][ T6276] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 113.973178][ T6276] __sys_sendto+0x468/0x4b0 [ 113.973203][ T6276] ? __pfx_netlink_sendmsg+0x10/0x10 [ 113.973237][ T6276] ? __pfx___sys_sendto+0x10/0x10 [ 113.973282][ T6276] ? xfd_validate_state+0x129/0x190 [ 113.973305][ T6276] ? ksys_write+0x1ac/0x250 [ 113.973337][ T6276] __x64_sys_sendto+0xe0/0x1c0 [ 113.973358][ T6276] ? do_syscall_64+0x90/0xf80 [ 113.973387][ T6276] ? lockdep_hardirqs_on+0x78/0x100 [ 113.973415][ T6276] do_syscall_64+0x10b/0xf80 [ 113.973443][ T6276] ? clear_bhb_loop+0x40/0x90 [ 113.973474][ T6276] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.973498][ T6276] RIP: 0033:0x7fbb9495d60e [ 113.973524][ T6276] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 113.973548][ T6276] RSP: 002b:00007fbb9580fe88 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 113.973572][ T6276] RAX: ffffffffffffffda RBX: 00007fbb958116c0 RCX: 00007fbb9495d60e [ 113.973588][ T6276] RDX: 0000000000000020 RSI: 00007fbb95810000 RDI: 0000000000000005 [ 113.973603][ T6276] RBP: 0000000000000000 R08: 00007fbb9580ff04 R09: 000000000000000c [ 113.973617][ T6276] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 113.973631][ T6276] R13: 00007fbb9580ff58 R14: 00007fbb95810000 R15: 0000000000000000 [ 113.973662][ T6276] [ 114.368168][ T4941] Bluetooth: hci2: command 0x0c1a tx timeout [ 114.838150][ T4941] Bluetooth: hci3: command 0x0c1a tx timeout [ 114.844284][ T5628] Bluetooth: hci0: command 0x0c1a tx timeout [ 114.922158][ T4941] Bluetooth: hci1: command 0x0c1a tx timeout [ 116.027891][ T29] audit: type=1800 audit(1777826169.395:4): pid=6300 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.93" name="file0" dev="tmpfs" ino=150 res=0 errno=0 [ 116.918288][ T4941] Bluetooth: hci3: command 0x0c1a tx timeout [ 118.000120][ T6329] FAULT_INJECTION: forcing a failure. [ 118.000120][ T6329] name failslab, interval 1, probability 0, space 0, times 0 [ 118.071239][ T6329] CPU: 0 UID: 0 PID: 6329 Comm: syz.1.100 Not tainted syzkaller #0 PREEMPT(full) [ 118.071271][ T6329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 118.071280][ T6329] Call Trace: [ 118.071285][ T6329] [ 118.071290][ T6329] dump_stack_lvl+0x100/0x190 [ 118.071311][ T6329] should_fail_ex.cold+0x5/0xa [ 118.071331][ T6329] should_failslab+0xc2/0x120 [ 118.071348][ T6329] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 118.071371][ T6329] ? create_new_namespaces+0x30/0xac0 [ 118.071391][ T6329] ? rcu_is_watching+0x12/0xc0 [ 118.071411][ T6329] create_new_namespaces+0x30/0xac0 [ 118.071430][ T6329] ? bpf_lsm_capable+0x9/0x10 [ 118.071446][ T6329] ? security_capable+0x80/0x260 [ 118.071469][ T6329] unshare_nsproxy_namespaces+0xf2/0x220 [ 118.071490][ T6329] ksys_unshare+0x438/0xab0 [ 118.071513][ T6329] ? __pfx_ksys_unshare+0x10/0x10 [ 118.071533][ T6329] ? xfd_validate_state+0x129/0x190 [ 118.071548][ T6329] ? ksys_write+0x1ac/0x250 [ 118.071577][ T6329] __x64_sys_unshare+0x31/0x40 [ 118.071599][ T6329] do_syscall_64+0x10b/0xf80 [ 118.071617][ T6329] ? clear_bhb_loop+0x40/0x90 [ 118.071635][ T6329] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.071650][ T6329] RIP: 0033:0x7f66f259cdd9 [ 118.071663][ T6329] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 118.071677][ T6329] RSP: 002b:00007f66f34c9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 118.071691][ T6329] RAX: ffffffffffffffda RBX: 00007f66f2816090 RCX: 00007f66f259cdd9 [ 118.071701][ T6329] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 118.071709][ T6329] RBP: 00007f66f2632d69 R08: 0000000000000000 R09: 0000000000000000 [ 118.071718][ T6329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 118.071726][ T6329] R13: 00007f66f2816128 R14: 00007f66f2816090 R15: 00007ffc39b20e18 [ 118.071744][ T6329] [ 118.980423][ T6344] netlink: 28 bytes leftover after parsing attributes in process `syz.0.101'. [ 120.372062][ T29] audit: type=1800 audit(1777826173.745:5): pid=6374 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.110" name="file0" dev="tmpfs" ino=189 res=0 errno=0 [ 122.581272][ T6418] FAULT_INJECTION: forcing a failure. [ 122.581272][ T6418] name failslab, interval 1, probability 0, space 0, times 0 [ 122.679628][ T6418] CPU: 1 UID: 0 PID: 6418 Comm: syz.2.117 Not tainted syzkaller #0 PREEMPT(full) [ 122.679665][ T6418] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 122.679680][ T6418] Call Trace: [ 122.679689][ T6418] [ 122.679699][ T6418] dump_stack_lvl+0x100/0x190 [ 122.679736][ T6418] should_fail_ex.cold+0x5/0xa [ 122.679772][ T6418] should_failslab+0xc2/0x120 [ 122.679805][ T6418] __kmalloc_cache_noprof+0x7a/0x6f0 [ 122.679846][ T6418] ? snd_pcm_oss_change_params_locked+0x247/0x39f0 [ 122.679898][ T6418] snd_pcm_oss_change_params_locked+0x247/0x39f0 [ 122.679948][ T6418] ? trace_contention_end+0x122/0x170 [ 122.679984][ T6418] ? snd_pcm_oss_sync+0x243/0x840 [ 122.680025][ T6418] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 122.680073][ T6418] ? __pfx___mutex_lock+0x10/0x10 [ 122.680153][ T6418] ? __fsnotify_parent+0x2b4/0xca0 [ 122.680205][ T6418] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 122.680252][ T6418] snd_pcm_oss_sync+0x265/0x840 [ 122.680300][ T6418] snd_pcm_oss_release+0x238/0x300 [ 122.680342][ T6418] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 122.680384][ T6418] __fput+0x3ff/0xb50 [ 122.680432][ T6418] task_work_run+0x150/0x240 [ 122.680462][ T6418] ? __pfx_task_work_run+0x10/0x10 [ 122.680494][ T6418] ? rcu_is_watching+0x12/0xc0 [ 122.680532][ T6418] exit_to_user_mode_loop+0x100/0x4a0 [ 122.680560][ T6418] ? do_syscall_64+0x519/0xf80 [ 122.680598][ T6418] do_syscall_64+0x6f2/0xf80 [ 122.680633][ T6418] ? clear_bhb_loop+0x40/0x90 [ 122.680665][ T6418] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.680692][ T6418] RIP: 0033:0x7fb20f39cdd9 [ 122.680713][ T6418] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 122.680738][ T6418] RSP: 002b:00007fb210255028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 122.680763][ T6418] RAX: 0000000000000000 RBX: 00007fb20f615fa0 RCX: 00007fb20f39cdd9 [ 122.680780][ T6418] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 122.680795][ T6418] RBP: 00007fb20f432d69 R08: 0000000000000000 R09: 0000000000000000 [ 122.680810][ T6418] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 122.680826][ T6418] R13: 00007fb20f616038 R14: 00007fb20f615fa0 R15: 00007ffebe3de238 [ 122.680864][ T6418] [ 123.182132][ T6409] KVM: debugfs: duplicate directory 6409-3 [ 124.260697][ T6421] netlink: 206 bytes leftover after parsing attributes in process `syz.2.118'. [ 127.599724][ T6466] i2c i2c-0: delete_device: Can't find device in list [ 127.792511][ T6481] input: jJǸ-9%vJ86 as /devices/virtual/input/input5 [ 130.290900][ T6520] block2mtd: illegal erase size [ 130.315037][ T6515] FAULT_INJECTION: forcing a failure. [ 130.315037][ T6515] name failslab, interval 1, probability 0, space 0, times 0 [ 130.386846][ T6515] CPU: 0 UID: 0 PID: 6515 Comm: syz.0.136 Not tainted syzkaller #0 PREEMPT(full) [ 130.386883][ T6515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 130.386899][ T6515] Call Trace: [ 130.386907][ T6515] [ 130.386917][ T6515] dump_stack_lvl+0x100/0x190 [ 130.386950][ T6515] should_fail_ex.cold+0x5/0xa [ 130.386984][ T6515] should_failslab+0xc2/0x120 [ 130.387016][ T6515] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 130.387058][ T6515] ? alloc_empty_file+0x5b/0x1c0 [ 130.387100][ T6515] alloc_empty_file+0x5b/0x1c0 [ 130.387138][ T6515] alloc_file_pseudo+0x13a/0x230 [ 130.387180][ T6515] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 130.387227][ T6515] __shmem_file_setup+0x205/0x460 [ 130.387264][ T6515] ? __pfx___shmem_file_setup+0x10/0x10 [ 130.387298][ T6515] ? vm_area_alloc+0x1f/0x160 [ 130.387337][ T6515] shmem_zero_setup+0x96/0x1b0 [ 130.387365][ T6515] __mmap_region+0x24e9/0x2da0 [ 130.387409][ T6515] ? __pfx___mmap_region+0x10/0x10 [ 130.387459][ T6515] ? find_held_lock+0x2b/0x80 [ 130.387511][ T6515] ? __lock_acquire+0x4a5/0x2630 [ 130.387538][ T6515] ? do_raw_spin_unlock+0x145/0x1e0 [ 130.387578][ T6515] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 130.387633][ T6515] ? trace_pelt_se_tp+0x13b/0x190 [ 130.387661][ T6515] ? rcu_is_watching+0x12/0xc0 [ 130.387707][ T6515] ? rcu_is_watching+0x12/0xc0 [ 130.387741][ T6515] ? finish_task_switch.isra.0+0x2cb/0x1010 [ 130.387781][ T6515] ? lockdep_hardirqs_on+0x78/0x100 [ 130.387871][ T6515] mmap_region+0x35d/0x620 [ 130.387897][ T6515] ? rcu_is_watching+0x12/0xc0 [ 130.387928][ T6515] ? __pfx_mmap_region+0x10/0x10 [ 130.387958][ T6515] ? cap_mmap_addr+0x4b/0x120 [ 130.387994][ T6515] ? bpf_lsm_mmap_addr+0x9/0x30 [ 130.388017][ T6515] ? security_mmap_addr+0x71/0x1e0 [ 130.388048][ T6515] ? __get_unmapped_area+0x255/0x3e0 [ 130.388083][ T6515] do_mmap+0xc63/0x12f0 [ 130.388121][ T6515] ? __pfx_do_mmap+0x10/0x10 [ 130.388153][ T6515] ? __pfx_down_write_killable+0x10/0x10 [ 130.388201][ T6515] vm_mmap_pgoff+0x29e/0x470 [ 130.388238][ T6515] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 130.388272][ T6515] ? do_futex+0x192/0x350 [ 130.388302][ T6515] ? __pfx_do_futex+0x10/0x10 [ 130.388334][ T6515] ksys_mmap_pgoff+0xe4/0x610 [ 130.388367][ T6515] ? __x64_sys_futex+0x358/0x4d0 [ 130.388397][ T6515] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 130.388427][ T6515] ? xfd_validate_state+0x129/0x190 [ 130.388455][ T6515] ? ksys_write+0x1ac/0x250 [ 130.388492][ T6515] __x64_sys_mmap+0x125/0x190 [ 130.388527][ T6515] do_syscall_64+0x10b/0xf80 [ 130.388565][ T6515] ? clear_bhb_loop+0x40/0x90 [ 130.388597][ T6515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 130.388623][ T6515] RIP: 0033:0x7fbb9499cdd9 [ 130.388646][ T6515] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 130.388671][ T6515] RSP: 002b:00007fbb95811028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 130.388696][ T6515] RAX: ffffffffffffffda RBX: 00007fbb94c15fa0 RCX: 00007fbb9499cdd9 [ 130.388714][ T6515] RDX: 00000000000000df RSI: 0000000000020009 RDI: 0000000000000000 [ 130.388729][ T6515] RBP: 00007fbb94a32d69 R08: 00040000000000a5 R09: 0000000000008000 [ 130.388746][ T6515] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 130.388761][ T6515] R13: 00007fbb94c16038 R14: 00007fbb94c15fa0 R15: 00007ffd7a2a0418 [ 130.388793][ T6515] [ 131.368970][ T6537] netlink: 12 bytes leftover after parsing attributes in process `syz.2.143'. [ 131.735540][ T6549] sctp: [Deprecated]: syz.2.145 (pid 6549) Use of struct sctp_assoc_value in delayed_ack socket option. [ 131.735540][ T6549] Use struct sctp_sack_info instead [ 132.221093][ T6549] ================================================================== [ 132.229203][ T6549] BUG: KASAN: slab-out-of-bounds in cache_seq_start_rcu+0x3fe/0x420 [ 132.237186][ T6549] Read of size 8 at addr ffff888033735800 by task syz.2.145/6549 [ 132.244986][ T6549] [ 132.247315][ T6549] CPU: 0 UID: 0 PID: 6549 Comm: syz.2.145 Not tainted syzkaller #0 PREEMPT(full) [ 132.247334][ T6549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 132.247343][ T6549] Call Trace: [ 132.247348][ T6549] [ 132.247354][ T6549] dump_stack_lvl+0x100/0x190 [ 132.247373][ T6549] print_report+0x13d/0x4b0 [ 132.247400][ T6549] ? __virt_addr_valid+0x239/0x430 [ 132.247423][ T6549] ? cache_seq_start_rcu+0x3fe/0x420 [ 132.247444][ T6549] kasan_report+0xdf/0x1d0 [ 132.247461][ T6549] ? cache_seq_start_rcu+0x3fe/0x420 [ 132.247483][ T6549] cache_seq_start_rcu+0x3fe/0x420 [ 132.247505][ T6549] seq_read_iter+0x2c1/0x1270 [ 132.247524][ T6549] seq_read+0x33b/0x4c0 [ 132.247539][ T6549] ? __pfx_seq_read+0x10/0x10 [ 132.247558][ T6549] ? __pfx_seq_read+0x10/0x10 [ 132.247573][ T6549] proc_reg_read+0x240/0x330 [ 132.247590][ T6549] ? __pfx_proc_reg_read+0x10/0x10 [ 132.247606][ T6549] vfs_read+0x1e4/0xb30 [ 132.247623][ T6549] ? __pfx_vfs_read+0x10/0x10 [ 132.247638][ T6549] ? find_held_lock+0x2b/0x80 [ 132.247657][ T6549] ? __fget_files+0x215/0x3d0 [ 132.247672][ T6549] ? __fget_files+0x215/0x3d0 [ 132.247689][ T6549] ? __fget_files+0x21f/0x3d0 [ 132.247707][ T6549] __x64_sys_pread64+0x1eb/0x250 [ 132.247724][ T6549] ? __pfx___x64_sys_pread64+0x10/0x10 [ 132.247742][ T6549] ? rcu_is_watching+0x12/0xc0 [ 132.247760][ T6549] do_syscall_64+0x10b/0xf80 [ 132.247779][ T6549] ? clear_bhb_loop+0x40/0x90 [ 132.247795][ T6549] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.247810][ T6549] RIP: 0033:0x7fb20f39cdd9 [ 132.247823][ T6549] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 132.247836][ T6549] RSP: 002b:00007fb210255028 EFLAGS: 00000246 ORIG_RAX: 0000000000000011 [ 132.247851][ T6549] RAX: ffffffffffffffda RBX: 00007fb20f615fa0 RCX: 00007fb20f39cdd9 [ 132.247861][ T6549] RDX: 00000000000001ff RSI: 0000000000000000 RDI: 00000000000000a7 [ 132.247870][ T6549] RBP: 00007fb20f432d69 R08: 0000000000000000 R09: 0000000000000000 [ 132.247879][ T6549] R10: 0000008800000000 R11: 0000000000000246 R12: 0000000000000000 [ 132.247888][ T6549] R13: 00007fb20f616038 R14: 00007fb20f615fa0 R15: 00007ffebe3de238 [ 132.247901][ T6549] [ 132.247906][ T6549] [ 132.470430][ T6549] Allocated by task 5623: [ 132.474759][ T6549] kasan_save_stack+0x30/0x50 [ 132.479442][ T6549] kasan_save_track+0x14/0x30 [ 132.484119][ T6549] __kasan_kmalloc+0xaa/0xb0 [ 132.488704][ T6549] __kmalloc_noprof+0x301/0x850 [ 132.493563][ T6549] cache_create_net+0xa2/0x1f0 [ 132.498331][ T6549] nfsd_export_init+0x62/0x250 [ 132.503108][ T6549] nfsd_net_init+0x69/0x3e0 [ 132.507713][ T6549] ops_init+0x1e2/0x5f0 [ 132.511865][ T6549] setup_net+0x118/0x3a0 [ 132.516106][ T6549] copy_net_ns+0x46f/0x7c0 [ 132.520524][ T6549] create_new_namespaces+0x3ea/0xac0 [ 132.525812][ T6549] unshare_nsproxy_namespaces+0xf2/0x220 [ 132.531450][ T6549] ksys_unshare+0x438/0xab0 [ 132.535963][ T6549] __x64_sys_unshare+0x31/0x40 [ 132.540819][ T6549] do_syscall_64+0x10b/0xf80 [ 132.545410][ T6549] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.551302][ T6549] [ 132.553651][ T6549] The buggy address belongs to the object at ffff888033735000 [ 132.553651][ T6549] which belongs to the cache kmalloc-2k of size 2048 [ 132.567700][ T6549] The buggy address is located 0 bytes to the right of [ 132.567700][ T6549] allocated 2048-byte region [ffff888033735000, ffff888033735800) [ 132.582275][ T6549] [ 132.584602][ T6549] The buggy address belongs to the physical page: [ 132.591000][ T6549] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x33730 [ 132.599757][ T6549] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 132.608259][ T6549] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 132.615811][ T6549] page_type: f5(slab) [ 132.619789][ T6549] raw: 00fff00000000040 ffff88813fe2f000 dead000000000100 dead000000000122 [ 132.628377][ T6549] raw: 0000000000000000 0000000800080008 00000000f5000000 0000000000000000 [ 132.636954][ T6549] head: 00fff00000000040 ffff88813fe2f000 dead000000000100 dead000000000122 [ 132.645617][ T6549] head: 0000000000000000 0000000800080008 00000000f5000000 0000000000000000 [ 132.654289][ T6549] head: 00fff00000000003 fffffffffffffe01 00000000ffffffff 00000000ffffffff [ 132.662961][ T6549] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 132.671621][ T6549] page dumped because: kasan: bad access detected [ 132.678033][ T6549] page_owner tracks the page as allocated [ 132.683735][ T6549] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5623, tgid 5623 (syz-executor), ts 77734699579, free_ts 77693777388 [ 132.705207][ T6549] post_alloc_hook+0x153/0x170 [ 132.709984][ T6549] get_page_from_freelist+0x11a6/0x33b0 [ 132.715541][ T6549] __alloc_frozen_pages_noprof+0x27c/0x2bc0 [ 132.721442][ T6549] new_slab+0xa6/0x6c0 [ 132.725518][ T6549] refill_objects+0x277/0x420 [ 132.730220][ T6549] __pcs_replace_empty_main+0x375/0x650 [ 132.735800][ T6549] __kmalloc_cache_noprof+0x493/0x6f0 [ 132.741200][ T6549] devinet_init_net+0x4f/0x8d0 [ 132.745975][ T6549] ops_init+0x1e2/0x5f0 [ 132.750134][ T6549] setup_net+0x118/0x3a0 [ 132.754376][ T6549] copy_net_ns+0x46f/0x7c0 [ 132.758798][ T6549] create_new_namespaces+0x3ea/0xac0 [ 132.764095][ T6549] unshare_nsproxy_namespaces+0xf2/0x220 [ 132.769733][ T6549] ksys_unshare+0x438/0xab0 [ 132.774286][ T6549] __x64_sys_unshare+0x31/0x40 [ 132.779065][ T6549] do_syscall_64+0x10b/0xf80 [ 132.783660][ T6549] page last free pid 5671 tgid 5671 stack trace: [ 132.789977][ T6549] __free_frozen_pages+0x747/0x1040 [ 132.795187][ T6549] qlist_free_all+0x47/0xf0 [ 132.799700][ T6549] kasan_quarantine_reduce+0x1a0/0x1f0 [ 132.805191][ T6549] __kasan_slab_alloc+0x69/0x90 [ 132.810041][ T6549] kmem_cache_alloc_noprof+0x241/0x6e0 [ 132.815522][ T6549] mas_preallocate+0x1105/0x14a0 [ 132.820470][ T6549] commit_merge+0x3e3/0xbd0 [ 132.824989][ T6549] vma_expand+0xac5/0xea0 [ 132.829330][ T6549] vma_merge_new_range+0x516/0xc00 [ 132.834451][ T6549] __mmap_region+0xa89/0x2da0 [ 132.839137][ T6549] mmap_region+0x35d/0x620 [ 132.843549][ T6549] do_mmap+0xc63/0x12f0 [ 132.847708][ T6549] vm_mmap_pgoff+0x29e/0x470 [ 132.852304][ T6549] ksys_mmap_pgoff+0x3cb/0x610 [ 132.857072][ T6549] __x64_sys_mmap+0x125/0x190 [ 132.861755][ T6549] do_syscall_64+0x10b/0xf80 [ 132.866352][ T6549] [ 132.868685][ T6549] Memory state around the buggy address: [ 132.874318][ T6549] ffff888033735700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 132.882383][ T6549] ffff888033735780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 132.890460][ T6549] >ffff888033735800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 132.898514][ T6549] ^ [ 132.902571][ T6549] ffff888033735880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 132.910625][ T6549] ffff888033735900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 132.918685][ T6549] ================================================================== [ 132.978380][ T6549] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 132.985647][ T6549] CPU: 1 UID: 0 PID: 6549 Comm: syz.2.145 Not tainted syzkaller #0 PREEMPT(full) [ 132.994929][ T6549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 133.004990][ T6549] Call Trace: [ 133.008261][ T6549] [ 133.011266][ T6549] dump_stack_lvl+0x100/0x190 [ 133.015935][ T6549] vpanic+0x552/0x970 [ 133.019908][ T6549] ? __pfx_vpanic+0x10/0x10 [ 133.024406][ T6549] ? cache_seq_start_rcu+0x3fe/0x420 [ 133.029686][ T6549] panic+0xd1/0xe0 [ 133.033399][ T6549] ? __pfx_panic+0x10/0x10 [ 133.037801][ T6549] ? cache_seq_start_rcu+0x3fe/0x420 [ 133.043085][ T6549] ? preempt_schedule_common+0x42/0xc0 [ 133.048533][ T6549] ? check_panic_on_warn+0x1f/0x90 [ 133.053629][ T6549] check_panic_on_warn.cold+0x19/0x34 [ 133.058984][ T6549] end_report.part.0+0x3a/0x90 [ 133.063745][ T6549] kasan_report.cold+0xe/0x18 [ 133.068446][ T6549] ? cache_seq_start_rcu+0x3fe/0x420 [ 133.073815][ T6549] cache_seq_start_rcu+0x3fe/0x420 [ 133.078922][ T6549] seq_read_iter+0x2c1/0x1270 [ 133.083587][ T6549] seq_read+0x33b/0x4c0 [ 133.087725][ T6549] ? __pfx_seq_read+0x10/0x10 [ 133.092395][ T6549] ? __pfx_seq_read+0x10/0x10 [ 133.097056][ T6549] proc_reg_read+0x240/0x330 [ 133.101634][ T6549] ? __pfx_proc_reg_read+0x10/0x10 [ 133.106729][ T6549] vfs_read+0x1e4/0xb30 [ 133.110872][ T6549] ? __pfx_vfs_read+0x10/0x10 [ 133.115530][ T6549] ? find_held_lock+0x2b/0x80 [ 133.120195][ T6549] ? __fget_files+0x215/0x3d0 [ 133.124855][ T6549] ? __fget_files+0x215/0x3d0 [ 133.129517][ T6549] ? __fget_files+0x21f/0x3d0 [ 133.134183][ T6549] __x64_sys_pread64+0x1eb/0x250 [ 133.139107][ T6549] ? __pfx___x64_sys_pread64+0x10/0x10 [ 133.144553][ T6549] ? rcu_is_watching+0x12/0xc0 [ 133.149311][ T6549] do_syscall_64+0x10b/0xf80 [ 133.153891][ T6549] ? clear_bhb_loop+0x40/0x90 [ 133.158552][ T6549] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.164444][ T6549] RIP: 0033:0x7fb20f39cdd9 [ 133.168847][ T6549] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 133.188442][ T6549] RSP: 002b:00007fb210255028 EFLAGS: 00000246 ORIG_RAX: 0000000000000011 [ 133.196840][ T6549] RAX: ffffffffffffffda RBX: 00007fb20f615fa0 RCX: 00007fb20f39cdd9 [ 133.204793][ T6549] RDX: 00000000000001ff RSI: 0000000000000000 RDI: 00000000000000a7 [ 133.212745][ T6549] RBP: 00007fb20f432d69 R08: 0000000000000000 R09: 0000000000000000 [ 133.220699][ T6549] R10: 0000008800000000 R11: 0000000000000246 R12: 0000000000000000 [ 133.228651][ T6549] R13: 00007fb20f616038 R14: 00007fb20f615fa0 R15: 00007ffebe3de238 [ 133.236609][ T6549] [ 133.239859][ T6549] Kernel Offset: disabled [ 133.244178][ T6549] Rebooting in 86400 seconds..