last executing test programs: 9.135855397s ago: executing program 2 (id=288): mmap$auto(0x0, 0xe, 0xdf, 0xeb1, 0x401, 0x8000) read$auto(0xffffffffffffffff, 0x0, 0x4) openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000000), 0x40001, 0x0) poll$auto(&(0x7f0000000040)={0x3, 0x1, 0xa}, 0x5, 0x108) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0) unshare$auto(0x40000080) unshare$auto(0x40000080) r0 = openat$auto_proc_pid_attr_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/apparmor/exec\x00', 0x200, 0x0) read$auto_proc_pid_attr_operations_base(r0, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x62, 0x4000000000df, 0xeb1, 0x401, 0x8000) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) socket(0xa, 0x2, 0x3a) setsockopt$auto(r1, 0x29, 0x3f, 0x0, 0x110) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, 0x0, 0x42000, 0x0) r2 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/001/001\x00', 0x29202, 0x0) mmap$auto(0x2000, 0x80009, 0xb, 0x8000000008011, r2, 0x0) syz_clone(0x1000, 0x0, 0x0, &(0x7f0000000300), 0x0, 0x0) openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, 0x0, 0x109301, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r3, 0x0, 0x20) r4 = openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/netdevsim/netdevsim3/hwstats/l3/disable_ifindex\x00', 0x1242, 0x0) write$auto(r4, 0x0, 0x9) 8.977238999s ago: executing program 0 (id=290): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x182b02, 0x0) openat$auto_ftrace_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f00000008c0)='/sys/kernel/tracing/events/vmalloc/purge_vmap_area_lazy/enable\x00', 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) unshare$auto(0x40000080) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x43102, 0x0) sendmsg$auto_ETHTOOL_MSG_LINKINFO_SET(0xffffffffffffffff, 0x0, 0x2000c840) madvise$auto(0x110c230000, 0x1, 0x9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000000000008000) io_setup$auto(0x7ffe, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$auto_ipvs(0x0, 0xffffffffffffffff) unshare$auto(0x40000080) unshare$auto(0x9) writev$auto(0x3, 0x0, 0x8) mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) sendmsg$auto_NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x0) process_madvise$auto_PIDFD_SELF_THREAD(0xffffffffffffd8f0, &(0x7f0000000140)={&(0x7f0000000000), 0x55}, 0x6, 0x2, 0x0) unshare$auto(0x40000080) unshare$auto(0x40000080) mmap$auto(0x0, 0x3fffff, 0x7, 0x11, 0xdd, 0x0) 6.773522859s ago: executing program 2 (id=302): unshare$auto(0x40000080) r0 = socket(0x2, 0x5, 0x0) sendmmsg$auto(r0, &(0x7f00000001c0)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x10000}, 0x7, 0x0, 0x5, 0x9}, 0xf}, 0xd, 0xffffffff) connect$auto(0x3, 0x0, 0x6) setsockopt$auto(0x3, 0x10000000084, 0x1, 0x0, 0x8) mmap$auto(0x0, 0x202000b, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x23, 0x0) r1 = socket(0xa, 0x3, 0x6) getsockopt$auto(r1, 0x40000000029, 0x50, 0xfffffffffffffffe, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x0, 0x5, 0x5) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x0, 0x200007, 0x19) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) r2 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0xa200, 0x0) bpf$auto(0x1, &(0x7f0000000000)=@batch={0xfffffffffffffffb, 0x44, 0x2, 0x9, 0x81, 0xffffffffffffffff, 0x2, 0x8}, 0x100000cf) sendmmsg$auto(r2, 0x0, 0x4, 0x4008) r3 = socket(0x29, 0x2, 0x0) r4 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200"], 0x1ac}}, 0x40000) recvmmsg$auto(r4, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0) ioctl$auto(r3, 0x89f2, 0x24) 4.926584975s ago: executing program 2 (id=299): r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000240)='/dev/tty12\x00', 0x800, 0x0) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) chroot$auto(&(0x7f0000000080)='}[,&*}\x00') clone3$auto(&(0x7f0000000000)={0x9, 0xd3d, 0xf, 0x10200000, 0x3, 0x200, 0x4000000050, 0x5, 0x3, 0xb, 0xd}, 0x5) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_bm_entry_operations_binfmt_misc(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/fs/binfmt_misc/syz1\x00', 0x82000, 0x0) read$auto_bm_entry_operations_binfmt_misc(r3, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), r4) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)={0x24, r5, 0x805, 0x70bd2d, 0x25dfdbfb, {}, [@NL80211_ATTR_4ADDR={0x5, 0x53, 0x10}, @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x200005}]}, 0x24}, 0x1, 0x0, 0x0, 0x4004044}, 0x8000) r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000140), r2) sendmsg$auto_NL80211_CMD_UNEXPECTED_FRAME(r2, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r6, 0x100, 0x70bd26, 0x25dfdbfc, {}, [@NL80211_ATTR_PUNCT_BITMAP={0x8, 0x142, 0xb9}]}, 0x1c}, 0x1, 0x0, 0x0, 0x881}, 0x4000040) ioctl$auto(r1, 0x64c6, 0x1e2) mount$auto(0x0, &(0x7f0000000040)='}[,&*}\x00\x0e\x15F\xf7\x1a\xd1K+\xedy\xc6\x9bb\x94\xb4^\xc2\x83%\xfbw}\xfb_P\"\x19\xdfi\xe9hA|Q\x8a_F\x04:Q\x90\'\x06', &(0x7f0000000140)='nfsd\x00', 0x10000, 0x0) chdir$auto(&(0x7f00000001c0)='}[,&*}\x00') pivot_root$auto(&(0x7f0000000040)='..\x00', 0x0) clone3$auto(&(0x7f0000000180)={0x9, 0x80, 0x8, 0x2, 0x7, 0x4, 0xffffffffffffffff, 0xfffffffffffffff7, 0x9, 0xf, 0x1}, 0xde) setresuid$auto(0x2, 0x7, 0x0) setresuid$auto(0x0, 0x0, 0x0) ioctl$auto(r0, 0x4b65, 0x9) 4.765527251s ago: executing program 2 (id=300): mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xffffffffffffffff, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x7, 0x7) select$auto(0x8, 0x0, 0x0, 0x0, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x103400, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, 0x0, 0x0) io_setup$auto(0x7ffe, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) io_uring_setup$auto(0x6, 0x0) r1 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000100)='/dev/usbmon8\x00', 0x0, 0x0) read$auto_mon_fops_binary_mon_bin(r1, 0x0, 0x30) ioctl$auto_MON_IOCG_STATS(r1, 0x80089203, 0x0) ioctl$auto_MON_IOCG_STATS(r1, 0x80089203, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0x1, 0x1ff, 0x100, 0x83, 0x101, 0x6, 0x4}, {0x6, 0x1, 0x52, 0x5, 0x1, 0x40, 0x876c7, 0x8, 0x100000000}}) rt_sigtimedwait$auto(&(0x7f0000000100)={0xfffffffffffffbff}, 0x0, 0x0, 0x8) r2 = gettid() kexec_load$auto(0x5, 0x2, &(0x7f0000000040)={@buf=0x0, 0x8ab0, 0x6c0000c000, 0xc000}, 0x4) kill$auto(r2, 0x11) close_range$auto(0x2, 0x8, 0x0) r3 = socket(0x2, 0x1, 0x0) sendmmsg$auto(r3, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) sendto$auto(0x3, 0x0, 0xfffffffffffffdef, 0x101, 0x0, 0x1c) 4.382407963s ago: executing program 0 (id=301): socket(0x2, 0x1, 0x106) setfsuid$auto(0xee00) mmap$auto(0xfff, 0x5, 0xffffffffffffffc0, 0x100000000000017, 0x7, 0x28000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/bus/usb/drivers/usbip-host/rebind\x00', 0x121681, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000740), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000c80)={&(0x7f0000000200)={0x28, r2, 0x1, 0x74bd2e, 0x25dfdbfc, {}, [@ETHTOOL_A_COALESCE_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}, @ETHTOOL_A_COALESCE_TX_AGGR_MAX_BYTES={0x8, 0x1a, 0x3}]}, 0x28}, 0x1, 0x0, 0x0, 0x48c1}, 0x20000000) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000826bd7000fedbdf250300000008000400b70a0000060007000080000008000200", @ANYRES32=r4, @ANYBLOB="0a0005000180c200000e00000a0001000180c200000e00000a000100000000000000000008000200", @ANYRES32=r4, @ANYBLOB="060006ff05000000080003009b"], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) r5 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'netdevsim0\x00'}) write$auto_console_fops_tty_io(r5, &(0x7f0000000000)="c80d1b5d399b3b", 0xfdef) 4.081249626s ago: executing program 0 (id=304): socket(0xa, 0x1, 0x84) setsockopt$auto(0x3, 0x10000000084, 0x7d, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) pipe2$auto(0x0, 0x80) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) sendfile$auto(0x1, 0xffffffffffffffff, 0x0, 0x8fb5) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/tty45\x00', 0x201, 0x0) ioctl$auto_TIOCSTI2(r0, 0x5412, &(0x7f0000000840)="13") ioctl$auto_TIOCSTI2(r0, 0x5412, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) 3.390576975s ago: executing program 1 (id=306): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/system/memory/memory0/state\x00', 0x1e1842, 0x0) r1 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) mmap$auto(0x0, 0x2000d, 0x4000000000df, 0xeb1, 0x404, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) r2 = socket(0x2, 0x80802, 0x0) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0x80000, 0x1) socket(0xa, 0x2, 0x0) openat$auto_loop_ctl_fops_loop(0xffffffffffffff9c, 0x0, 0x20100, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) setsockopt$auto(r2, 0x11, 0x67, 0x0, 0x8) socket(0x10, 0x2, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) write$auto(0x3, 0x0, 0x81) read$auto(r1, 0x0, 0x3) sendfile$auto(r0, r0, 0x0, 0x6) unshare$auto(0x40000080) socket(0xa, 0x3, 0x3) mmap$auto(0x0, 0x3fffff, 0x7, 0x11, 0xdd, 0x0) 3.388942917s ago: executing program 2 (id=314): socket(0x2, 0x1, 0x106) socket(0x8, 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x401, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) pwritev$auto(r0, &(0x7f0000000140)={0x0, 0x400000000001}, 0x5, 0x5, 0xd3b8) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x80000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(0xffffffffffffffff, 0x5423, 0x0) ioctl$auto(0xffffffffffffffff, 0x89f0, 0xffffffffffffffff) ioctl$auto_SIOCGIFHWADDR2(0xffffffffffffffff, 0x8927, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r1 = prctl$auto(0xbb, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x3, 0x20009, 0x4000000000df, 0x14, r1, 0x8000) madvise$auto(0xfe7, 0x9, 0x3) r2 = open(0x0, 0x595002, 0x408) write$auto(r2, 0x0, 0xfffffdf1) pwrite64$auto(r2, 0x0, 0x32e, 0x8) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) madvise$auto_MADV_GUARD_INSTALL(0x0, 0x2021000, 0x66) mprotect$auto(0x0, 0x8000000000000001, 0x8) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) 3.207169627s ago: executing program 0 (id=307): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/jbd2/sda1-8/info\x00', 0x2, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCVHANGUP2(r1, 0x5437, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) read$auto_sco_debugfs_fops_(r2, 0x0, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptyua\x00', 0x20804, 0x0) select$auto(0x8, 0x0, 0x0, &(0x7f0000000200)={[0x80000000008, 0xffffffffffffff4b, 0x100000001, 0x15, 0x8001, 0x1, 0x9, 0x5, 0x8, 0x40000000000000, 0x3, 0x8000000008, 0xfffffffffffffffa, 0xab, 0x2, 0x9]}, 0x0) close_range$auto(0x2, 0x8, 0x0) read$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f00000000c0)=""/10, 0xa) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x88000, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r3) ioctl$auto_KVM_GET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000100)={0x3, 0x0, [{0x122, 0x10, 0x1}]}) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=ANY=[@ANYBLOB="ec000000580e73ed934c5f0e35a1c5a1a86c03691e48cf261c4f7cdabd0bba17da1f752dfc120d4c1559fabd7209844e4e690f34f8d97b870050a1aac48d7c8db9f9c63c65b6871485c3e5d4d6f7d1e462f9e7511671c3afd12108e1227a1c35a5d50abbc03d82671c7e12bc69b60ca8218649d816f5b4ad5bf615f3c29404f1edadf7bb927f8dd19fdabf", @ANYRES16=0x0, @ANYBLOB="08002bbd7000fedbdf250a000000190002005e265e0020fc730500000000ff781632a835211aa20000000500020000000000060001009807000006000100040000000600010007000000060002000000000008000a0006000000720002002f7379732f6b65896e656c2f64656275062f74726163696e672f74726163655f6d61726b65725f72617700da029e9f19e03b109a1f0c29aa02715a596c306ae82ac3b83dbab4a1f9782e1001ebc3494a4bfdacba2f38a8b730b6cc42c17cfb76000000000000000000000000000000000d0002002f6465762f666230000000000600010002000000"], 0xec}, 0x1, 0x0, 0x0, 0x48085}, 0x20008080) r4 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, 0x0, 0x20401, 0x0) ioctl$auto_FBIOPUT_VSCREENINFO(r4, 0x4601, &(0x7f0000000080)) 2.893639642s ago: executing program 3 (id=309): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x106) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) 2.730245395s ago: executing program 1 (id=310): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x121342, 0x130) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x40000, 0x31) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) unlink$auto(&(0x7f0000000000)='./file0\x00') mmap$auto(0x0, 0x1, 0xfd5, 0x12, r1, 0x40000000) ptrace$auto(0x10, r0, 0x1, 0x7ff) mmap$auto(0x7, 0x5, 0x10000000000df, 0xeb2, r1, 0x8000) openat$auto_hwsim_fops_rx_rssi_(0xffffffffffffff9c, 0x0, 0x200, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) socket(0x22, 0x3, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket(0x2, 0x80002, 0x73) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(r2, r2, 0x7) socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x82401, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000100), 0x602000, 0x0) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) clone$auto(0x1, 0x0, 0x0, 0x0, 0x42) 2.589191491s ago: executing program 2 (id=311): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x182b02, 0x0) openat$auto_ftrace_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f00000008c0)='/sys/kernel/tracing/events/vmalloc/purge_vmap_area_lazy/enable\x00', 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) unshare$auto(0x40000080) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x43102, 0x0) sendmsg$auto_ETHTOOL_MSG_LINKINFO_SET(0xffffffffffffffff, 0x0, 0x2000c840) madvise$auto(0x110c230000, 0x1, 0x9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000000000008000) io_setup$auto(0x7ffe, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$auto_ipvs(0x0, 0xffffffffffffffff) unshare$auto(0x40000080) unshare$auto(0x9) writev$auto(0x3, 0x0, 0x8) mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) sendmsg$auto_NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x0) process_madvise$auto_PIDFD_SELF_THREAD(0xffffffffffffd8f0, &(0x7f0000000140)={&(0x7f0000000000), 0x55}, 0x6, 0x2, 0x0) unshare$auto(0x40000080) unshare$auto(0x40000080) mmap$auto(0x0, 0x3fffff, 0x7, 0x11, 0xdd, 0x0) 2.465123962s ago: executing program 3 (id=312): mmap$auto(0x0, 0x9d90, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vbi15\x00', 0x802, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/workqueue/cpumask_requested\x00', 0x0, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r0 = getpid() process_vm_readv$auto(r0, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) r1 = socket(0xa, 0x1, 0x84) setsockopt$auto(r1, 0x0, 0x40, 0x0, 0x6f7250c4) socket(0x10, 0x2, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptytc\x00', 0x128100, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r3) ioctl$auto_KVM_CREATE_VM(r2, 0xc048aeca, 0x0) 2.317344157s ago: executing program 0 (id=313): r0 = socket(0x21, 0x80000, 0x0) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) mmap$auto(0x0, 0x4020005, 0xdf, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) ioctl$auto(0xffffffffffffffff, 0x5646, 0xffffffffffffffff) read$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, &(0x7f0000000280)=""/40, 0x28) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0xffffffffffff0005, 0x19) r2 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/event2\x00', 0x40, 0x0) ioctl$auto_EVIOCSKEYCODE_V2(r2, 0x40284504, &(0x7f0000000040)={0x3, 0x7, 0x3, 0x0, "b3bd0158703f66ca16dbbcd4f408f376ed818ebaa0a3dd3019f645e7eee63412"}) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r3 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) statx$auto(r3, 0x0, 0x401006, 0x4015, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x14fa02, 0x0) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0005, 0x17) munlock$auto(0xf, 0x6) sendmsg$auto_ETHTOOL_MSG_WOL_SET(r0, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f0000000240)={0x30, r1, 0x1, 0x70bd27, 0x25dfdbfc, {}, [@ETHTOOL_A_WOL_HEADER={0x4}, @ETHTOOL_A_WOL_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_1\x00'}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x8894}, 0x40) 2.11958612s ago: executing program 3 (id=316): timer_settime$auto(0xffffffff, 0x9, &(0x7f0000000140)={{0x7, 0x4}, {0x10}}, 0x0) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zram0\x00', 0x6e642, 0x0) write$auto(r0, &(0x7f0000000400)='odev/audio1\x00', 0x100000a3d9) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/kernel/sched_rt_period_us\x00', 0x101202, 0x0) sendfile$auto(r1, r1, 0x0, 0x8) socket$nl_generic(0x10, 0x3, 0x10) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x0, 0x200007, 0x19) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x309801, 0x0) getpid() statmount$auto(0x0, 0x0, 0x6, 0x1000000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/virtual/net/rose12/operstate\x00', 0x80000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000002140)=""/64, 0x40) faccessat2$auto(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x2, 0x7ff) r3 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r4, &(0x7f0000004240)={0x0, 0xffffffffffffffe4, &(0x7f0000000080)={&(0x7f0000000180)={0x14, r3, 0x400, 0x70bd25, 0x25dfdbfc, {}, [@HWSIM_ATTR_SUPPORT_P2P_DEVICE, @HWSIM_ATTR_TX_INFO_FLAGS={0x0, 0x15, "91700a5e245d6fb8c03b1730e032c2e14b58be2f405a5f1251f17d1a70e2d868e68a37afab4d6747f730552a3689934b4214890f4a0470dc6471e5fb418ee2723f54434c06f488f565077f1c414e4716373a1095721083fffa1535c45a82cbd623a50891c9b9c58213acdb21ba7b3b269d758f7f35e05452ae3af03d0774dc32f741a714e5b15b8c4bd238e396e3781cc988e4664b"}, @HWSIM_ATTR_DESTROY_RADIO_ON_CLOSE, @HWSIM_ATTR_RX_RATE={0x0, 0x5, 0x4feecc6f}, @HWSIM_ATTR_NO_VIF, @HWSIM_ATTR_MLO_SUPPORT, @HWSIM_ATTR_RX_RATE={0x0, 0x5, 0x6}]}, 0x14}, 0x1, 0x0, 0x0, 0x2000c8c8}, 0x0) timer_gettime$auto(0x1, &(0x7f0000000000)={{0xfffffffffffeffff, 0xffff}, {0x4, 0x1}}) 1.907260091s ago: executing program 1 (id=317): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) socket(0x10, 0x2, 0x14) socket(0x11, 0x80003, 0x300) socket(0x1d, 0x2, 0x7) socket(0x2, 0x1, 0x0) socket(0x1d, 0x2, 0x7) socket(0xa, 0x2, 0x73) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x0) pidfd_open$auto(0x1, 0x0) socket(0x10, 0x2, 0x14) socket(0x11, 0x80003, 0x300) socket(0x1d, 0x2, 0x7) socket(0x2, 0x1, 0x0) socket(0x10, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x0) socket(0xa, 0x5, 0x0) r0 = socket(0x10, 0x2, 0x14) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r0, &(0x7f0000003000)={0x0, 0x0, &(0x7f0000002fc0)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000000a14af"], 0x14}, 0x1, 0x0, 0x0, 0x80c3}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYRES8=r0], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4c084}, 0x51) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x2}, 0x3, 0x0) 1.67666686s ago: executing program 1 (id=318): socket(0xa, 0x1, 0x84) setsockopt$auto(0x3, 0x10000000084, 0x7d, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) pipe2$auto(0x0, 0x80) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) sendfile$auto(0x1, 0xffffffffffffffff, 0x0, 0x8fb5) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/tty45\x00', 0x201, 0x0) ioctl$auto_TIOCSTI2(r0, 0x5412, &(0x7f0000000840)="13") ioctl$auto_TIOCSTI2(r0, 0x5412, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) 1.216959226s ago: executing program 3 (id=319): mmap$auto(0x0, 0x9d90, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vbi15\x00', 0x802, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r0 = getpid() process_vm_readv$auto(r0, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) r1 = socket(0xa, 0x1, 0x84) setsockopt$auto(r1, 0x0, 0x40, 0x0, 0x6f7250c4) 994.277565ms ago: executing program 3 (id=320): mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ram7\x00', 0x42e0c0, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) sched_setscheduler$auto(0x0, 0x5, 0x0) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_OVS_FLOW_CMD_GET(0xffffffffffffffff, 0x0, 0x4) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/lapb5/mtu\x00', 0x2062, 0x0) mkdir$auto(&(0x7f0000000040)='./file0\x00', 0x2) mkdir$auto(&(0x7f00000000c0)='./file1\x00', 0x9) rename$auto(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)='./file0/file0\x00') openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x40, 0x100) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x8000, 0x70) renameat2$auto(r1, &(0x7f00000000c0)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x2) write$auto(r0, &(0x7f00000001c0)='0\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) openat$auto_uprobe_events_ops_trace_uprobe(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/uprobe_events\x00', 0x183182, 0x0) fanotify_init$auto(0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x202000a, 0xffffffff, 0xdc, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0x2003f2, 0x15) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) madvise$auto(0x0, 0x200007, 0x19) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x20001, 0x0) 658.049831ms ago: executing program 0 (id=321): openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snd/midiC2D0\x00', 0x80102, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) rt_sigprocmask$auto(0x0, &(0x7f0000000000)={0xfffffffffffffe01}, 0x0, 0x8) rt_sigtimedwait$auto(&(0x7f0000000040)={0xfffffffffffffbff}, 0x0, 0x0, 0x8) read$auto(0x3, 0x0, 0x80) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop2\x00', 0x101080, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, 0x0, 0x189002, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) set_mempolicy_home_node$auto(0x600000, 0xffffffffffffffff, 0x0, 0x0) mknod$auto(0x0, 0x20e9, 0x103) preadv2$auto(0x3, &(0x7f0000001000)={0x0, 0xfff5}, 0x5, 0xffffffffffffffff, 0x7, 0x2e) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) migrate_pages$auto(0x0, 0x8, 0x0, 0x0) mmap$auto(0x0, 0x3fffff, 0x7, 0x11, 0xdd, 0x0) ioctl$auto(0xffffffffffffffff, 0x8982, 0x1) close_range$auto(0x2, 0xa, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) acct$auto(0x0) getrandom$auto(0x0, 0x6000000, 0x3) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0x20000000000e31, 0x40000000000a5, 0x8000) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) 584.434825ms ago: executing program 1 (id=322): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x106) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) 98.074461ms ago: executing program 1 (id=323): mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x4, 0xc00000072, 0x8b72, 0x1000000002, 0x8000) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x7ffd) chdir$auto(&(0x7f0000000000)='}[,&*}\x00') open(&(0x7f0000000100)='.\x00', 0x0, 0x0) mremap$auto(0x5, 0x3, 0x3fda, 0x8, 0x7fffffffb000) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x28200, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f00000001c0)=""/234, 0xea) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000100)='ns/time\x00') socket(0x2, 0x3, 0xa) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x501, 0x0) openat$auto_uprobe_events_ops_trace_uprobe(0xffffffffffffff9c, &(0x7f0000000900)='/sys/kernel/debug/tracing/uprobe_events\x00', 0x1, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x40000, 0x0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x1c7602, 0x0) fadvise64$auto(r2, 0x8, 0x4000000003, 0x5) msgctl$auto_IPC_INFO(0x8, 0x3, 0x0) ioctl$auto(r1, 0x560a, r1) 0s ago: executing program 3 (id=324): socket(0x2, 0x1, 0x106) setfsuid$auto(0xee00) mmap$auto(0xfff, 0x5, 0xffffffffffffffc0, 0x100000000000017, 0x7, 0x28000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/bus/usb/drivers/usbip-host/rebind\x00', 0x121681, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000740), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000c80)={&(0x7f0000000200)={0x28, r2, 0x1, 0x74bd2e, 0x25dfdbfc, {}, [@ETHTOOL_A_COALESCE_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}, @ETHTOOL_A_COALESCE_TX_AGGR_MAX_BYTES={0x8, 0x1a, 0x3}]}, 0x28}, 0x1, 0x0, 0x0, 0x48c1}, 0x20000000) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000826bd7000fedbdf250300000008000400b70a0000060007000080000008000200", @ANYRES32=r4, @ANYBLOB="0a0005000180c200000e00000a0001000180c200000e00000a000100000000000000000008000200", @ANYRES32=r4, @ANYBLOB="060006ff05000000080003009b"], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) r5 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'netdevsim0\x00'}) write$auto_console_fops_tty_io(r5, &(0x7f0000000000)="c80d1b5d399b3b", 0xfdef) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.139' (ED25519) to the list of known hosts. [ 72.970478][ T5620] cgroup: Unknown subsys name 'net' [ 73.099619][ T5620] cgroup: Unknown subsys name 'cpuset' [ 73.108592][ T5620] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 74.522017][ T5620] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 76.548836][ T5644] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 76.557616][ T5644] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 76.564489][ T5646] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 76.565722][ T5644] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 76.575010][ T5646] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 76.581943][ T5644] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 76.594664][ T5644] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 76.602949][ T5649] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 76.612190][ T5644] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 76.613745][ T5646] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 76.620058][ T5644] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 76.627512][ T5646] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 76.635998][ T5644] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 76.640734][ T5649] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 76.657899][ T5646] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 76.664131][ T50] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 76.665225][ T5646] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 76.674411][ T50] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 76.682836][ T5646] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 76.693191][ T5650] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 78.147332][ T5633] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.154575][ T5633] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.162150][ T5633] bridge_slave_0: entered allmulticast mode [ 78.169282][ T5633] bridge_slave_0: entered promiscuous mode [ 78.209883][ T5633] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.217094][ T5633] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.224237][ T5633] bridge_slave_1: entered allmulticast mode [ 78.231421][ T5633] bridge_slave_1: entered promiscuous mode [ 78.280295][ T5632] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.287569][ T5632] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.294748][ T5632] bridge_slave_0: entered allmulticast mode [ 78.301910][ T5632] bridge_slave_0: entered promiscuous mode [ 78.330696][ T5632] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.337956][ T5632] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.345117][ T5632] bridge_slave_1: entered allmulticast mode [ 78.352455][ T5632] bridge_slave_1: entered promiscuous mode [ 78.363457][ T5633] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.404897][ T5633] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.452419][ T5634] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.459936][ T5634] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.467305][ T5634] bridge_slave_0: entered allmulticast mode [ 78.474355][ T5634] bridge_slave_0: entered promiscuous mode [ 78.481523][ T5631] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.488652][ T5631] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.496471][ T5631] bridge_slave_0: entered allmulticast mode [ 78.503435][ T5631] bridge_slave_0: entered promiscuous mode [ 78.513412][ T5632] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.534842][ T5633] team0: Port device team_slave_0 added [ 78.540648][ T5634] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.547924][ T5634] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.555089][ T5634] bridge_slave_1: entered allmulticast mode [ 78.562227][ T5634] bridge_slave_1: entered promiscuous mode [ 78.569349][ T5631] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.576563][ T5631] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.583701][ T5631] bridge_slave_1: entered allmulticast mode [ 78.591557][ T5631] bridge_slave_1: entered promiscuous mode [ 78.600308][ T5632] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.627626][ T5633] team0: Port device team_slave_1 added [ 78.653839][ T5632] team0: Port device team_slave_0 added [ 78.692720][ T5632] team0: Port device team_slave_1 added [ 78.724057][ T5634] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.736595][ T5631] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.747422][ T5646] Bluetooth: hci0: command tx timeout [ 78.747426][ T50] Bluetooth: hci1: command tx timeout [ 78.747901][ T5646] Bluetooth: hci3: command tx timeout [ 78.753446][ T5636] Bluetooth: hci2: command tx timeout [ 78.775002][ T5631] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.785492][ T5633] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.792554][ T5633] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.818573][ T5633] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.832721][ T5634] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.847293][ T5632] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.854257][ T5632] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.880321][ T5632] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.901522][ T5633] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.908654][ T5633] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.934658][ T5633] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.954730][ T5632] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.961806][ T5632] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.987768][ T5632] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.036522][ T5631] team0: Port device team_slave_0 added [ 79.044975][ T5631] team0: Port device team_slave_1 added [ 79.052393][ T5634] team0: Port device team_slave_0 added [ 79.077490][ T5634] team0: Port device team_slave_1 added [ 79.141812][ T5631] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.148898][ T5631] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.174924][ T5631] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.202628][ T5633] hsr_slave_0: entered promiscuous mode [ 79.208984][ T5633] hsr_slave_1: entered promiscuous mode [ 79.219895][ T5632] hsr_slave_0: entered promiscuous mode [ 79.226338][ T5632] hsr_slave_1: entered promiscuous mode [ 79.232859][ T5632] debugfs: 'hsr0' already exists in 'hsr' [ 79.238860][ T5632] Cannot create hsr debugfs directory [ 79.245087][ T5631] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.252104][ T5631] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.278028][ T5631] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.290111][ T5634] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.297352][ T5634] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.323493][ T5634] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.343747][ T5634] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.350757][ T5634] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.376783][ T5634] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.495650][ T5631] hsr_slave_0: entered promiscuous mode [ 79.502088][ T5631] hsr_slave_1: entered promiscuous mode [ 79.508331][ T5631] debugfs: 'hsr0' already exists in 'hsr' [ 79.514082][ T5631] Cannot create hsr debugfs directory [ 79.546981][ T5634] hsr_slave_0: entered promiscuous mode [ 79.553601][ T5634] hsr_slave_1: entered promiscuous mode [ 79.560294][ T5634] debugfs: 'hsr0' already exists in 'hsr' [ 79.566076][ T5634] Cannot create hsr debugfs directory [ 79.939696][ T5633] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 79.959460][ T5633] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 79.967833][ T5633] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 79.981033][ T5633] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 79.990347][ T5633] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 79.999736][ T5633] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 80.017437][ T5633] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 80.027535][ T5633] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 80.083738][ T5632] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 80.092837][ T5632] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 80.101254][ T5632] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 80.112745][ T5632] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 80.120910][ T5632] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 80.131292][ T5632] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 80.140210][ T5632] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 80.151045][ T5632] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 80.255218][ T5634] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 80.264515][ T5634] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 80.273409][ T5634] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 80.284779][ T5634] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 80.292856][ T5634] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 80.304030][ T5634] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 80.312299][ T5634] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 80.322149][ T5634] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 80.434872][ T5631] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 80.445285][ T5631] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 80.454311][ T5631] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 80.465010][ T5631] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 80.477035][ T5631] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 80.486589][ T5631] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 80.503413][ T5631] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 80.512720][ T5631] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 80.548233][ T5633] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.608218][ T5632] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.631504][ T5633] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.665557][ T5632] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.680777][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.688339][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.707190][ T5634] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.718943][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.726129][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.752980][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.760194][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.791085][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.798261][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.826599][ T50] Bluetooth: hci1: command tx timeout [ 80.832591][ T5636] Bluetooth: hci2: command tx timeout [ 80.839220][ T50] Bluetooth: hci3: command tx timeout [ 80.845040][ T5643] Bluetooth: hci0: command tx timeout [ 80.849601][ T5633] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 80.861073][ T5633] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 80.880417][ T5634] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.927338][ T134] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.934553][ T134] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.965149][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.972432][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.093467][ T5631] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.183276][ T5631] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.221612][ T134] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.228859][ T134] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.253244][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.260454][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.855436][ T5633] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.040969][ T5633] veth0_vlan: entered promiscuous mode [ 82.113348][ T5633] veth1_vlan: entered promiscuous mode [ 82.181185][ T5632] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.270855][ T5633] veth0_macvtap: entered promiscuous mode [ 82.315095][ T5633] veth1_macvtap: entered promiscuous mode [ 82.400844][ T5633] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 82.425341][ T5634] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.441948][ T5633] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 82.474865][ T5631] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.496597][ T3383] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.507479][ T3383] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.516964][ T5632] veth0_vlan: entered promiscuous mode [ 82.528868][ T3383] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.538129][ T3383] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.563945][ T5632] veth1_vlan: entered promiscuous mode [ 82.696775][ T3383] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.711407][ T3383] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.711751][ T5632] veth0_macvtap: entered promiscuous mode [ 82.742418][ T5634] veth0_vlan: entered promiscuous mode [ 82.778135][ T5632] veth1_macvtap: entered promiscuous mode [ 82.790025][ T5631] veth0_vlan: entered promiscuous mode [ 82.798774][ T3383] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.810939][ T5634] veth1_vlan: entered promiscuous mode [ 82.817048][ T3383] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.844262][ T5632] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 82.868619][ T5632] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 82.876974][ T5631] veth1_vlan: entered promiscuous mode [ 82.895381][ T5633] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 82.912181][ T5636] Bluetooth: hci2: command tx timeout [ 82.918413][ T5636] Bluetooth: hci3: command tx timeout [ 82.923833][ T5636] Bluetooth: hci0: command tx timeout [ 82.925225][ T50] Bluetooth: hci1: command tx timeout [ 82.940105][ T424] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.949042][ T424] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.957846][ T424] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.973812][ T424] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.093101][ T5631] veth0_macvtap: entered promiscuous mode [ 83.111342][ T5634] veth0_macvtap: entered promiscuous mode [ 83.114616][ T5789] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 83.147722][ T5631] veth1_macvtap: entered promiscuous mode [ 83.155392][ T5634] veth1_macvtap: entered promiscuous mode [ 83.174607][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.186422][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.268285][ T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.279185][ T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.281612][ T5631] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.314497][ T5631] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.335045][ T5634] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.378275][ T134] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.392496][ T5634] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.407332][ T36] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.454952][ T36] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.499615][ T36] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.533988][ T36] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.562306][ T36] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.571873][ T36] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.601485][ T36] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.766761][ T134] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.797725][ T134] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.838105][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.853657][ T5796] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 83.858434][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.911910][ T424] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.925332][ T424] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.989807][ T424] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.011010][ T424] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.987402][ T50] Bluetooth: hci0: command tx timeout [ 84.987466][ T5643] Bluetooth: hci3: command tx timeout [ 84.992856][ T50] Bluetooth: hci2: command tx timeout [ 84.998291][ T5636] Bluetooth: hci1: command tx timeout [ 86.113166][ T5856] Zero length message leads to an empty skb [ 86.770047][ T10] cfg80211: failed to load regulatory.db [ 89.503241][ T5917] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 90.931861][ T5945] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 90.941195][ T5945] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 90.959919][ T5945] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 90.981831][ T5945] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 90.999005][ T5945] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 91.021277][ T5945] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 91.069418][ T5945] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 91.077220][ T5945] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 91.097314][ T5945] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 91.114789][ T5945] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 91.123693][ T5945] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 91.139641][ T5945] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 92.746604][ T50] Bluetooth: hci0: command 0x0c1a tx timeout [ 92.985945][ T50] Bluetooth: hci3: command 0x0c1a tx timeout [ 93.147493][ T50] Bluetooth: hci2: command 0x0c1a tx timeout [ 93.147507][ T5646] Bluetooth: hci1: command 0x0c1a tx timeout [ 93.329190][ T5974] mmap: syz.0.35 (5974) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 94.277395][ T5988] FAULT_INJECTION: forcing a failure. [ 94.277395][ T5988] name fail_futex, interval 1, probability 0, space 0, times 1 [ 94.290495][ T5988] CPU: 0 UID: 0 PID: 5988 Comm: syz.0.38 Not tainted syzkaller #0 PREEMPT(full) [ 94.290517][ T5988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 94.290528][ T5988] Call Trace: [ 94.290533][ T5988] [ 94.290538][ T5988] dump_stack_lvl+0x100/0x190 [ 94.290568][ T5988] should_fail_ex.cold+0x5/0xa [ 94.290587][ T5988] should_fail_futex+0x4c/0x60 [ 94.290610][ T5988] futex_lock_pi_atomic+0xe7/0xaf0 [ 94.290627][ T5988] ? futex_hash+0x141/0x370 [ 94.290650][ T5988] futex_lock_pi+0x245/0x7a0 [ 94.290670][ T5988] ? __pfx_futex_lock_pi+0x10/0x10 [ 94.290688][ T5988] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 94.290723][ T5988] ? __pfx_futex_wake_mark+0x10/0x10 [ 94.290744][ T5988] ? ksys_write+0x190/0x250 [ 94.290761][ T5988] ? ksys_write+0x190/0x250 [ 94.290780][ T5988] do_futex+0x18a/0x350 [ 94.290796][ T5988] ? __pfx_do_futex+0x10/0x10 [ 94.290816][ T5988] __x64_sys_futex+0x34f/0x4d0 [ 94.290833][ T5988] ? __pfx___x64_sys_futex+0x10/0x10 [ 94.290847][ T5988] ? ksys_write+0x1ac/0x250 [ 94.290865][ T5988] ? rcu_is_watching+0x12/0xc0 [ 94.290883][ T5988] do_syscall_64+0x115/0x840 [ 94.290902][ T5988] ? clear_bhb_loop+0x40/0x90 [ 94.290919][ T5988] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.290933][ T5988] RIP: 0033:0x7fbce0f9ce59 [ 94.290946][ T5988] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 94.290959][ T5988] RSP: 002b:00007fbce1e65028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 94.290974][ T5988] RAX: ffffffffffffffda RBX: 00007fbce1215fa0 RCX: 00007fbce0f9ce59 [ 94.290983][ T5988] RDX: 0000000000000008 RSI: 0000000000000006 RDI: 0000000000000000 [ 94.290991][ T5988] RBP: 00007fbce1032d6f R08: 0000000000000000 R09: 000000008000fff5 [ 94.290999][ T5988] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 94.291007][ T5988] R13: 00007fbce1216038 R14: 00007fbce1215fa0 R15: 00007fff994c8e38 [ 94.291025][ T5988] [ 94.830516][ T50] Bluetooth: hci0: command 0x0c1a tx timeout [ 95.072780][ T50] Bluetooth: hci3: command 0x0c1a tx timeout [ 95.228191][ T50] Bluetooth: hci1: command 0x0c1a tx timeout [ 95.228209][ T5646] Bluetooth: hci2: command 0x0c1a tx timeout [ 95.713024][ T6014] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 95.722904][ T6014] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 95.732860][ T50] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 95.746006][ T6014] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 95.752929][ T6014] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 95.768498][ T6014] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 96.354866][ T6031] ubi0: attaching mtd0 [ 96.377907][ T6031] ubi0: scanning is finished [ 96.385674][ T6031] ubi0: empty MTD device detected [ 96.716401][ T6031] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 96.799461][ T6031] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 96.845921][ T6031] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 96.897472][ T6031] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 96.914195][ T6031] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 96.931787][ T6031] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 96.944992][ T6031] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 2277688466 [ 96.961399][ T6031] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 97.003480][ T6042] ubi0: background thread "ubi_bgt0d" started, PID 6042 [ 97.018883][ T6034] ubi0: detaching mtd0 [ 97.274546][ T6034] ubi0: mtd0 is detached [ 97.466248][ T50] Bluetooth: hci0: command 0x0c1a tx timeout [ 97.786172][ T50] Bluetooth: hci2: command 0x0c1a tx timeout [ 97.786398][ T5646] Bluetooth: hci1: command 0x0c1a tx timeout [ 97.792428][ T5643] Bluetooth: hci3: command 0x0c1a tx timeout [ 97.832796][ T6064] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 97.839999][ T6064] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 97.939206][ T6064] netlink: 20 bytes leftover after parsing attributes in process `syz.2.62'. [ 98.018403][ T6064] hsr_slave_0: left promiscuous mode [ 98.042346][ T6064] hsr_slave_1: left promiscuous mode [ 99.827702][ T6110] process 'syz.3.57' launched ':,' with NULL argv: empty string added [ 99.871426][ T5646] Bluetooth: hci1: command 0x0c1a tx timeout [ 100.309924][ T6115] netlink: 342 bytes leftover after parsing attributes in process `syz.2.61'. [ 100.720162][ T6127] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 100.726635][ T6127] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 100.834983][ T6129] netlink: 20 bytes leftover after parsing attributes in process `syz.0.64'. [ 100.896128][ T6129] hsr_slave_0: left promiscuous mode [ 100.965250][ T6129] hsr_slave_1: left promiscuous mode [ 102.868006][ T6149] FAULT_INJECTION: forcing a failure. [ 102.868006][ T6149] name fail_futex, interval 1, probability 0, space 0, times 0 [ 102.880907][ T6149] CPU: 1 UID: 0 PID: 6149 Comm: syz.1.69 Not tainted syzkaller #0 PREEMPT(full) [ 102.880929][ T6149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 102.880938][ T6149] Call Trace: [ 102.880945][ T6149] [ 102.880951][ T6149] dump_stack_lvl+0x100/0x190 [ 102.880981][ T6149] should_fail_ex.cold+0x5/0xa [ 102.881000][ T6149] should_fail_futex+0x4c/0x60 [ 102.881022][ T6149] futex_lock_pi_atomic+0xe7/0xaf0 [ 102.881040][ T6149] ? futex_hash+0x141/0x370 [ 102.881064][ T6149] futex_lock_pi+0x245/0x7a0 [ 102.881084][ T6149] ? __pfx_futex_lock_pi+0x10/0x10 [ 102.881119][ T6149] ? __pfx_futex_wake_mark+0x10/0x10 [ 102.881140][ T6149] ? ksys_write+0x190/0x250 [ 102.881156][ T6149] ? ksys_write+0x190/0x250 [ 102.881175][ T6149] do_futex+0x18a/0x350 [ 102.881190][ T6149] ? __pfx_do_futex+0x10/0x10 [ 102.881209][ T6149] __x64_sys_futex+0x34f/0x4d0 [ 102.881226][ T6149] ? __pfx___x64_sys_futex+0x10/0x10 [ 102.881240][ T6149] ? ksys_write+0x1ac/0x250 [ 102.881258][ T6149] ? rcu_is_watching+0x12/0xc0 [ 102.881277][ T6149] do_syscall_64+0x115/0x840 [ 102.881297][ T6149] ? clear_bhb_loop+0x40/0x90 [ 102.881314][ T6149] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 102.881329][ T6149] RIP: 0033:0x7f062139ce59 [ 102.881342][ T6149] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 102.881355][ T6149] RSP: 002b:00007f06221fb028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 102.881370][ T6149] RAX: ffffffffffffffda RBX: 00007f0621615fa0 RCX: 00007f062139ce59 [ 102.881379][ T6149] RDX: 0000000000000008 RSI: 0000000000000006 RDI: 0000000000000000 [ 102.881387][ T6149] RBP: 00007f0621432d6f R08: 0000000000000000 R09: 000000008000fff5 [ 102.881395][ T6149] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 102.881408][ T6149] R13: 00007f0621616038 R14: 00007f0621615fa0 R15: 00007ffc1bc40988 [ 102.881426][ T6149] [ 104.175530][ T6174] netlink: 342 bytes leftover after parsing attributes in process `syz.0.72'. [ 104.899048][ T5646] Bluetooth: hci1: unexpected event for opcode 0x7c89 [ 109.779872][ T6231] random: crng reseeded on system resumption [ 110.183709][ T6236] netlink: 342 bytes leftover after parsing attributes in process `syz.3.84'. [ 112.111068][ T6267] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 112.111302][ T6267] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 112.111467][ T6267] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 112.129882][ T6267] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 112.625137][ T6280] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 113.346092][ T6297] random: crng reseeded on system resumption [ 113.558490][ T6303] netlink: 334 bytes leftover after parsing attributes in process `syz.2.95'. [ 113.723882][ T6297] hub 1-0:1.0: USB hub found [ 113.752818][ T6297] hub 1-0:1.0: 1 port detected [ 113.945900][ T5646] Bluetooth: hci0: command 0x0c1a tx timeout [ 114.185978][ T50] Bluetooth: hci3: command 0x0c1a tx timeout [ 114.192509][ T5643] Bluetooth: hci1: command 0x0c1a tx timeout [ 114.199644][ T5646] Bluetooth: hci2: command 0x0c1a tx timeout [ 114.623784][ T6319] netlink: 28 bytes leftover after parsing attributes in process `syz.1.98'. [ 114.783143][ T6319] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 114.796002][ T6319] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 114.828513][ T6319] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 114.846092][ T6319] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 115.532330][ T6335] nbd: socks must be embedded in a SOCK_ITEM attr [ 115.600518][ T6336] netlink: 28 bytes leftover after parsing attributes in process `syz.0.101'. [ 115.781290][ T6335] block nbd0: shutting down sockets [ 115.879381][ T6336] team0 (unregistering): Port device team_slave_0 removed [ 115.901481][ T6336] team0 (unregistering): Port device team_slave_1 removed [ 115.928311][ T6332] bond0: invalid ARP target specified [ 116.942871][ T6357] netlink: 4 bytes leftover after parsing attributes in process `syz.2.106'. [ 116.983106][ T6357] netlink: 25 bytes leftover after parsing attributes in process `syz.2.106'. [ 119.003377][ T6380] netlink: 342 bytes leftover after parsing attributes in process `syz.1.111'. [ 120.710551][ T6423] netlink: 28 bytes leftover after parsing attributes in process `syz.3.120'. [ 120.817965][ T6423] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 120.845046][ T6423] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 120.898907][ T6423] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 120.921394][ T6423] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 121.904075][ T6427] sg_write: data in/out 262108/45 bytes for SCSI command 0x61-- guessing data in; [ 121.904075][ T6427] program syz.1.119 not setting count and/or reply_len properly [ 122.873181][ T6454] hub 1-0:1.0: USB hub found [ 122.890224][ T6454] hub 1-0:1.0: 1 port detected [ 124.245072][ T6466] FAULT_INJECTION: forcing a failure. [ 124.245072][ T6466] name failslab, interval 1, probability 0, space 0, times 1 [ 124.277359][ T6466] CPU: 1 UID: 0 PID: 6466 Comm: syz.3.128 Not tainted syzkaller #0 PREEMPT(full) [ 124.277400][ T6466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 124.277417][ T6466] Call Trace: [ 124.277426][ T6466] [ 124.277437][ T6466] dump_stack_lvl+0x100/0x190 [ 124.277509][ T6466] should_fail_ex.cold+0x5/0xa [ 124.277547][ T6466] should_failslab+0xc2/0x120 [ 124.277587][ T6466] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 124.277627][ T6466] ? sk_prot_alloc+0x60/0x2a0 [ 124.277664][ T6466] sk_prot_alloc+0x60/0x2a0 [ 124.277705][ T6466] sk_alloc+0x36/0xe80 [ 124.277732][ T6466] pn_socket_create+0x22d/0x560 [ 124.277774][ T6466] __sock_create+0x339/0x860 [ 124.277814][ T6466] __sys_socket+0x14d/0x260 [ 124.277848][ T6466] ? __pfx___sys_socket+0x10/0x10 [ 124.277890][ T6466] __x64_sys_socket+0x72/0xb0 [ 124.277926][ T6466] ? lockdep_hardirqs_on+0x78/0x100 [ 124.277966][ T6466] do_syscall_64+0x115/0x840 [ 124.278005][ T6466] ? clear_bhb_loop+0x40/0x90 [ 124.278039][ T6466] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.278068][ T6466] RIP: 0033:0x7f3aaab9ce59 [ 124.278100][ T6466] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 124.278132][ T6466] RSP: 002b:00007f3aab9d1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 124.278163][ T6466] RAX: ffffffffffffffda RBX: 00007f3aaae15fa0 RCX: 00007f3aaab9ce59 [ 124.278190][ T6466] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000023 [ 124.278207][ T6466] RBP: 00007f3aaac32d6f R08: 0000000000000000 R09: 0000000000000000 [ 124.278224][ T6466] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 124.278240][ T6466] R13: 00007f3aaae16038 R14: 00007f3aaae15fa0 R15: 00007ffc6c630fe8 [ 124.278277][ T6466] [ 124.479599][ T6466] sd 0:0:1:0: PR command failed: 1026 [ 124.485099][ T6466] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 124.491994][ T6466] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 124.504405][ T6466] syz.3.128 uses obsolete (PF_INET,SOCK_PACKET) [ 126.206788][ T6494] nbd: socks must be embedded in a SOCK_ITEM attr [ 126.277445][ T6496] netlink: 28 bytes leftover after parsing attributes in process `syz.2.135'. [ 126.376971][ T6494] block nbd0: shutting down sockets [ 126.533513][ T6496] team0 (unregistering): Port device team_slave_0 removed [ 126.621225][ T6496] team0 (unregistering): Port device team_slave_1 removed [ 129.442171][ T6524] random: crng reseeded on system resumption [ 129.661172][ T6524] hub 1-0:1.0: USB hub found [ 129.705408][ T6524] hub 1-0:1.0: 1 port detected [ 132.113885][ T6554] netlink: 334 bytes leftover after parsing attributes in process `syz.0.144'. [ 132.828863][ T1317] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.837603][ T1317] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.632825][ T6570] FAULT_INJECTION: forcing a failure. [ 133.632825][ T6570] name failslab, interval 1, probability 0, space 0, times 0 [ 133.697635][ T6570] CPU: 1 UID: 0 PID: 6570 Comm: syz.3.149 Not tainted syzkaller #0 PREEMPT(full) [ 133.697658][ T6570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 133.697666][ T6570] Call Trace: [ 133.697671][ T6570] [ 133.697677][ T6570] dump_stack_lvl+0x100/0x190 [ 133.697706][ T6570] should_fail_ex.cold+0x5/0xa [ 133.697727][ T6570] should_failslab+0xc2/0x120 [ 133.697744][ T6570] __kmalloc_cache_noprof+0x7a/0x6f0 [ 133.697764][ T6570] ? pedit_init_net+0x135/0x500 [ 133.697781][ T6570] ? pedit_init_net+0xf6/0x500 [ 133.697801][ T6570] pedit_init_net+0x135/0x500 [ 133.697820][ T6570] ? __pfx_pedit_init_net+0x10/0x10 [ 133.697837][ T6570] ops_init+0x1e2/0x5f0 [ 133.697856][ T6570] setup_net+0x118/0x3a0 [ 133.697872][ T6570] ? __pfx_setup_net+0x10/0x10 [ 133.697887][ T6570] ? mutex_init_lockdep+0xf1/0x120 [ 133.697905][ T6570] copy_net_ns+0x46f/0x7c0 [ 133.697924][ T6570] create_new_namespaces+0x3ea/0xac0 [ 133.697949][ T6570] unshare_nsproxy_namespaces+0xf2/0x220 [ 133.697969][ T6570] ksys_unshare+0x438/0xab0 [ 133.697991][ T6570] ? __pfx_ksys_unshare+0x10/0x10 [ 133.698011][ T6570] ? xfd_validate_state+0x129/0x190 [ 133.698025][ T6570] ? exit_to_user_mode_loop+0xf3/0x670 [ 133.698053][ T6570] __x64_sys_unshare+0x31/0x40 [ 133.698073][ T6570] do_syscall_64+0x115/0x840 [ 133.698092][ T6570] ? clear_bhb_loop+0x40/0x90 [ 133.698121][ T6570] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.698137][ T6570] RIP: 0033:0x7f3aaab9ce59 [ 133.698150][ T6570] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 133.698164][ T6570] RSP: 002b:00007f3aab9d1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 133.698179][ T6570] RAX: ffffffffffffffda RBX: 00007f3aaae15fa0 RCX: 00007f3aaab9ce59 [ 133.698188][ T6570] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 133.698197][ T6570] RBP: 00007f3aaac32d6f R08: 0000000000000000 R09: 0000000000000000 [ 133.698205][ T6570] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 133.698213][ T6570] R13: 00007f3aaae16038 R14: 00007f3aaae15fa0 R15: 00007ffc6c630fe8 [ 133.698231][ T6570] [ 134.427021][ T6576] netlink: 4 bytes leftover after parsing attributes in process `syz.2.150'. [ 134.590558][ T6581] netlink: 354 bytes leftover after parsing attributes in process `syz.2.150'. [ 134.893292][ T6589] FAULT_INJECTION: forcing a failure. [ 134.893292][ T6589] name failslab, interval 1, probability 0, space 0, times 0 [ 134.930529][ T6589] CPU: 0 UID: 0 PID: 6589 Comm: syz.0.153 Not tainted syzkaller #0 PREEMPT(full) [ 134.930565][ T6589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 134.930580][ T6589] Call Trace: [ 134.930589][ T6589] [ 134.930599][ T6589] dump_stack_lvl+0x100/0x190 [ 134.930651][ T6589] should_fail_ex.cold+0x5/0xa [ 134.930684][ T6589] should_failslab+0xc2/0x120 [ 134.930716][ T6589] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 134.930756][ T6589] ? mas_preallocate+0x1105/0x14a0 [ 134.930789][ T6589] mas_preallocate+0x1105/0x14a0 [ 134.930820][ T6589] ? __pfx_mas_preallocate+0x10/0x10 [ 134.930855][ T6589] ? mt_find+0x45e/0x8e0 [ 134.930896][ T6589] vma_link+0x14a/0x8d0 [ 134.930921][ T6589] ? __pfx_vma_link+0x10/0x10 [ 134.930948][ T6589] ? rcu_is_watching+0x12/0xc0 [ 134.930963][ T6589] ? percpu_counter_add_batch+0xb9/0x230 [ 134.930990][ T6589] insert_vm_struct+0x100/0x2e0 [ 134.931006][ T6589] create_init_stack_vma+0x782/0xc10 [ 134.931025][ T6589] ? __pfx_create_init_stack_vma+0x10/0x10 [ 134.931039][ T6589] ? __percpu_counter_init_many+0x2bc/0x3b0 [ 134.931061][ T6589] ? rcu_is_watching+0x12/0xc0 [ 134.931077][ T6589] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 134.931109][ T6589] ? do_raw_spin_lock+0x128/0x260 [ 134.931125][ T6589] ? alloc_bprm+0x3da/0x710 [ 134.931140][ T6589] ? alloc_bprm+0x3da/0x710 [ 134.931159][ T6589] alloc_bprm+0x405/0x710 [ 134.931175][ T6589] do_execveat_common.isra.0+0x19c/0x580 [ 134.931192][ T6589] ? do_getname+0x191/0x390 [ 134.931214][ T6589] __x64_sys_execve+0x93/0xd0 [ 134.931230][ T6589] do_syscall_64+0x115/0x840 [ 134.931250][ T6589] ? clear_bhb_loop+0x40/0x90 [ 134.931267][ T6589] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 134.931282][ T6589] RIP: 0033:0x7fbce0f9ce59 [ 134.931295][ T6589] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 134.931308][ T6589] RSP: 002b:00007fbce1e44028 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 134.931323][ T6589] RAX: ffffffffffffffda RBX: 00007fbce1216090 RCX: 00007fbce0f9ce59 [ 134.931333][ T6589] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000080 [ 134.931342][ T6589] RBP: 00007fbce1032d6f R08: 0000000000000000 R09: 0000000000000000 [ 134.931352][ T6589] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 134.931360][ T6589] R13: 00007fbce1216128 R14: 00007fbce1216090 R15: 00007fff994c8e38 [ 134.931380][ T6589] [ 137.504280][ T6615] random: crng reseeded on system resumption [ 139.133347][ T6639] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.938989][ T6722] netlink: zone id is out of range [ 144.951496][ T6722] netlink: zone id is out of range [ 144.974686][ T6722] netlink: zone id is out of range [ 145.001645][ T6722] netlink: zone id is out of range [ 145.008080][ T6722] netlink: zone id is out of range [ 145.037352][ T6722] netlink: zone id is out of range [ 145.057057][ T6722] netlink: zone id is out of range [ 145.067042][ T6722] netlink: zone id is out of range [ 145.074010][ T6722] netlink: zone id is out of range [ 145.084496][ T6722] netlink: zone id is out of range [ 146.283334][ T6738] ovs_: entered promiscuous mode [ 146.830335][ T30] audit: type=1326 audit(1843104528.850:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6757 comm="syz.1.190" exe="/root/ci-qemu-gce-upstream-auto/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f062139ce59 code=0x0 [ 147.771347][ T6776] ubi0: attaching mtd0 [ 147.805516][ T6776] ubi0: scanning is finished [ 147.847314][ T6779] bond0: invalid ARP target specified [ 147.917214][ T6779] nbd: socks must be embedded in a SOCK_ITEM attr [ 147.933607][ T6779] block nbd0: shutting down sockets [ 147.953680][ T6785] FAULT_INJECTION: forcing a failure. [ 147.953680][ T6785] name failslab, interval 1, probability 0, space 0, times 0 [ 147.989517][ T6785] CPU: 0 UID: 0 PID: 6785 Comm: syz.0.197 Not tainted syzkaller #0 PREEMPT(full) [ 147.989555][ T6785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 147.989571][ T6785] Call Trace: [ 147.989579][ T6785] [ 147.989588][ T6785] dump_stack_lvl+0x100/0x190 [ 147.989640][ T6785] should_fail_ex.cold+0x5/0xa [ 147.989672][ T6785] should_failslab+0xc2/0x120 [ 147.989704][ T6785] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 147.989748][ T6785] ? sk_prot_alloc+0x60/0x2a0 [ 147.989784][ T6785] sk_prot_alloc+0x60/0x2a0 [ 147.989818][ T6785] sk_alloc+0x36/0xe80 [ 147.989841][ T6785] pn_socket_create+0x22d/0x560 [ 147.989884][ T6785] __sock_create+0x339/0x860 [ 147.989925][ T6785] __sys_socket+0x14d/0x260 [ 147.989968][ T6785] ? __pfx___sys_socket+0x10/0x10 [ 147.990012][ T6785] __x64_sys_socket+0x72/0xb0 [ 147.990046][ T6785] ? lockdep_hardirqs_on+0x78/0x100 [ 147.990083][ T6785] do_syscall_64+0x115/0x840 [ 147.990118][ T6785] ? clear_bhb_loop+0x40/0x90 [ 147.990150][ T6785] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 147.990177][ T6785] RIP: 0033:0x7fbce0f9ce59 [ 147.990199][ T6785] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 147.990224][ T6785] RSP: 002b:00007fbce1e65028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 147.990249][ T6785] RAX: ffffffffffffffda RBX: 00007fbce1215fa0 RCX: 00007fbce0f9ce59 [ 147.990267][ T6785] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000023 [ 147.990283][ T6785] RBP: 00007fbce1032d6f R08: 0000000000000000 R09: 0000000000000000 [ 147.990299][ T6785] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 147.990314][ T6785] R13: 00007fbce1216038 R14: 00007fbce1215fa0 R15: 00007fff994c8e38 [ 147.990350][ T6785] [ 147.996549][ T6779] netlink: 28 bytes leftover after parsing attributes in process `syz.3.195'. [ 148.035955][ T6785] sd 0:0:1:0: PR command failed: 1026 [ 148.245471][ T6779] team0 (unregistering): Port device team_slave_0 removed [ 148.249842][ T6785] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 148.260579][ T6785] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 148.273365][ T6779] team0 (unregistering): Port device team_slave_1 removed [ 148.335411][ T6776] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 148.420333][ T6776] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 148.559524][ T6776] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 148.598781][ T6776] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 148.666580][ T6776] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 148.717692][ T6776] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 148.717737][ T6776] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2277688466 [ 148.717764][ T6776] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 148.717837][ T6780] ubi0: detaching mtd0 [ 148.773434][ T6780] ubi0: mtd0 is detached [ 149.157003][ T6804] ovs_: entered promiscuous mode [ 151.647936][ T6839] FAULT_INJECTION: forcing a failure. [ 151.647936][ T6839] name failslab, interval 1, probability 0, space 0, times 0 [ 151.684790][ T6839] CPU: 1 UID: 0 PID: 6839 Comm: syz.1.208 Not tainted syzkaller #0 PREEMPT(full) [ 151.684826][ T6839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 151.684841][ T6839] Call Trace: [ 151.684850][ T6839] [ 151.684860][ T6839] dump_stack_lvl+0x100/0x190 [ 151.684912][ T6839] should_fail_ex.cold+0x5/0xa [ 151.684946][ T6839] should_failslab+0xc2/0x120 [ 151.684979][ T6839] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 151.685020][ T6839] ? sk_prot_alloc+0x60/0x2a0 [ 151.685062][ T6839] sk_prot_alloc+0x60/0x2a0 [ 151.685098][ T6839] sk_alloc+0x36/0xe80 [ 151.685123][ T6839] pn_socket_create+0x22d/0x560 [ 151.685167][ T6839] __sock_create+0x339/0x860 [ 151.685210][ T6839] __sys_socket+0x14d/0x260 [ 151.685251][ T6839] ? __pfx___sys_socket+0x10/0x10 [ 151.685300][ T6839] __x64_sys_socket+0x72/0xb0 [ 151.685348][ T6839] ? lockdep_hardirqs_on+0x78/0x100 [ 151.685390][ T6839] do_syscall_64+0x115/0x840 [ 151.685428][ T6839] ? clear_bhb_loop+0x40/0x90 [ 151.685461][ T6839] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.685490][ T6839] RIP: 0033:0x7f062139ce59 [ 151.685513][ T6839] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 151.685539][ T6839] RSP: 002b:00007f06221fb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 151.685566][ T6839] RAX: ffffffffffffffda RBX: 00007f0621615fa0 RCX: 00007f062139ce59 [ 151.685585][ T6839] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000023 [ 151.685601][ T6839] RBP: 00007f0621432d6f R08: 0000000000000000 R09: 0000000000000000 [ 151.685618][ T6839] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 151.685635][ T6839] R13: 00007f0621616038 R14: 00007f0621615fa0 R15: 00007ffc1bc40988 [ 151.685672][ T6839] [ 151.962098][ T6839] sd 0:0:1:0: PR command failed: 1026 [ 151.969995][ T6839] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 151.980531][ T6839] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 152.250282][ T6827] Process accounting resumed [ 152.521677][ T5646] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 152.533256][ T6850] vivid-008: ================= START STATUS ================= [ 152.640094][ T6850] vivid-008: ================== END STATUS ================== [ 153.695286][ T6848] random: crng reseeded on system resumption [ 153.707004][ T6871] hub 1-0:1.0: USB hub found [ 153.754403][ T6871] hub 1-0:1.0: 1 port detected [ 154.588327][ T5646] Bluetooth: hci3: command 0x0c1a tx timeout [ 156.088188][ T6919] random: crng reseeded on system resumption [ 156.666034][ T50] Bluetooth: hci3: command 0x0c1a tx timeout [ 158.090931][ T30] audit: type=1326 audit(1843104540.120:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6930 comm="syz.2.227" exe="/root/ci-qemu-gce-upstream-auto/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f72f219ce59 code=0x0 [ 158.333322][ T6938] netlink: 330 bytes leftover after parsing attributes in process `syz.3.228'. [ 158.410716][ T6938] mac80211_hwsim hwsim6 ›: renamed from wlan0 (while UP) [ 159.016801][ T6936] syz.1.236 (6936) used greatest stack depth: 19248 bytes left [ 159.888783][ T30] audit: type=1804 audit(1843104541.920:4): pid=6978 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.237" name="/newroot/57/file0" dev="tmpfs" ino=312 res=1 errno=0 [ 159.965921][ T30] audit: type=1804 audit(1843104541.970:5): pid=6964 uid=2 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.237" name="/newroot/57/file0" dev="tmpfs" ino=312 res=1 errno=0 [ 160.563413][ T6984] random: crng reseeded on system resumption [ 161.119463][ T6996] netlink: 330 bytes leftover after parsing attributes in process `syz.2.241'. [ 161.920479][ T6996] mac80211_hwsim hwsim4 ›: renamed from wlan0 (while UP) [ 163.802689][ T7012] kexec: Could not allocate control_code_buffer [ 165.753894][ T7069] random: crng reseeded on system resumption [ 169.354000][ T7130] netlink: 25 bytes leftover after parsing attributes in process `syz.1.271'. [ 171.400473][ T7178] FAULT_INJECTION: forcing a failure. [ 171.400473][ T7178] name fail_futex, interval 1, probability 0, space 0, times 0 [ 171.503798][ T7178] CPU: 0 UID: 0 PID: 7178 Comm: syz.3.282 Not tainted syzkaller #0 PREEMPT(full) [ 171.503821][ T7178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 171.503830][ T7178] Call Trace: [ 171.503835][ T7178] [ 171.503842][ T7178] dump_stack_lvl+0x100/0x190 [ 171.503871][ T7178] should_fail_ex.cold+0x5/0xa [ 171.503898][ T7178] get_futex_key+0x1d2/0x1510 [ 171.503925][ T7178] ? __pfx_get_futex_key+0x10/0x10 [ 171.503945][ T7178] ? futex_hash+0x2ad/0x370 [ 171.503995][ T7178] futex_wake+0xea/0x530 [ 171.504023][ T7178] ? __might_fault+0xc5/0x140 [ 171.504046][ T7178] ? __pfx_futex_wake+0x10/0x10 [ 171.504065][ T7178] ? _copy_from_user+0x59/0xd0 [ 171.504085][ T7178] ? post_copy_siginfo_from_user.isra.0+0x227/0x300 [ 171.504110][ T7178] do_futex+0x32b/0x350 [ 171.504125][ T7178] ? __pfx_do_futex+0x10/0x10 [ 171.504144][ T7178] __x64_sys_futex+0x34f/0x4d0 [ 171.504160][ T7178] ? __pfx___x64_sys_rt_tgsigqueueinfo+0x10/0x10 [ 171.504182][ T7178] ? __pfx___x64_sys_futex+0x10/0x10 [ 171.504200][ T7178] ? rcu_is_watching+0x12/0xc0 [ 171.504218][ T7178] do_syscall_64+0x115/0x840 [ 171.504238][ T7178] ? clear_bhb_loop+0x40/0x90 [ 171.504255][ T7178] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 171.504269][ T7178] RIP: 0033:0x7f3aaab9ce59 [ 171.504283][ T7178] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 171.504296][ T7178] RSP: 002b:00007f3aab9d10e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 171.504311][ T7178] RAX: ffffffffffffffda RBX: 00007f3aaae15fa8 RCX: 00007f3aaab9ce59 [ 171.504321][ T7178] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f3aaae15fac [ 171.504330][ T7178] RBP: 00007f3aaae15fa0 R08: 0000000000000001 R09: 0000000000000000 [ 171.504338][ T7178] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 171.504347][ T7178] R13: 00007f3aaae16038 R14: 00007ffc6c630f00 R15: 00007ffc6c630fe8 [ 171.504365][ T7178] [ 173.723031][ T7219] netlink: 28 bytes leftover after parsing attributes in process `syz.1.293'. [ 177.579390][ T7268] kexec: Could not allocate control_code_buffer [ 179.369834][ T30] audit: type=1804 audit(1843104561.400:6): pid=7320 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.310" name="/newroot/70/file0" dev="tmpfs" ino=386 res=1 errno=0 [ 179.938971][ T7339] netlink: 4 bytes leftover after parsing attributes in process `syz.1.317'. [ 179.988912][ T7339] netlink: 354 bytes leftover after parsing attributes in process `syz.1.317'. [ 182.000992][ T7378] ================================================================== [ 182.001009][ T7378] BUG: KASAN: vmalloc-out-of-bounds in sys_imageblit+0x19fb/0x1d60 [ 182.001050][ T7378] Write of size 8 at addr ffffc90004b19000 by task syz.3.324/7378 [ 182.001071][ T7378] [ 182.001097][ T7378] CPU: 0 UID: 0 PID: 7378 Comm: syz.3.324 Not tainted syzkaller #0 PREEMPT(full) [ 182.001126][ T7378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 182.001153][ T7378] Call Trace: [ 182.001161][ T7378] [ 182.001170][ T7378] dump_stack_lvl+0x100/0x190 [ 182.001212][ T7378] print_report+0x13d/0x4b0 [ 182.001248][ T7378] ? _raw_spin_lock_irqsave+0x52/0x60 [ 182.001290][ T7378] ? sys_imageblit+0x19fb/0x1d60 [ 182.001325][ T7378] kasan_report+0xdf/0x1d0 [ 182.001361][ T7378] ? sys_imageblit+0x19fb/0x1d60 [ 182.001398][ T7378] sys_imageblit+0x19fb/0x1d60 [ 182.001435][ T7378] ? __pfx_sys_imageblit+0x10/0x10 [ 182.001469][ T7378] ? prb_read_valid+0x78/0xa0 [ 182.001498][ T7378] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 182.001542][ T7378] soft_cursor+0x524/0xa10 [ 182.001572][ T7378] ? atomic_notifier_call_chain+0x50/0x1c0 [ 182.001614][ T7378] ? fb_get_color_depth+0x120/0x250 [ 182.001657][ T7378] bit_cursor+0xca1/0x1490 [ 182.001689][ T7378] ? __pfx_bit_cursor+0x10/0x10 [ 182.001717][ T7378] ? __lock_acquire+0x4a5/0x2630 [ 182.001761][ T7378] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 182.001800][ T7378] ? get_color+0x1da/0x450 [ 182.001840][ T7378] ? __pfx_bit_cursor+0x10/0x10 [ 182.001865][ T7378] fbcon_cursor+0x43c/0x5e0 [ 182.001904][ T7378] ? add_softcursor+0x190/0x290 [ 182.001936][ T7378] set_cursor+0x1db/0x250 [ 182.001966][ T7378] con_write+0x89/0xb0 [ 182.002001][ T7378] do_output_char+0x63b/0x850 [ 182.002042][ T7378] n_tty_write+0x4e8/0x11c0 [ 182.002088][ T7378] ? __pfx_n_tty_write+0x10/0x10 [ 182.002124][ T7378] ? trace_kmalloc+0xe3/0x110 [ 182.002165][ T7378] ? __pfx_woken_wake_function+0x10/0x10 [ 182.002197][ T7378] ? rcu_is_watching+0x12/0xc0 [ 182.002227][ T7378] ? file_tty_write.isra.0+0x694/0x890 [ 182.002257][ T7378] ? kfree+0x1dd/0x6c0 [ 182.002292][ T7378] ? __pfx_n_tty_write+0x10/0x10 [ 182.002330][ T7378] file_tty_write.isra.0+0x4d2/0x890 [ 182.002367][ T7378] redirected_tty_write+0xd4/0x120 [ 182.002399][ T7378] vfs_write+0x6ac/0x1070 [ 182.002428][ T7378] ? __pfx_redirected_tty_write+0x10/0x10 [ 182.002464][ T7378] ? __pfx_vfs_write+0x10/0x10 [ 182.002492][ T7378] ? find_held_lock+0x2b/0x80 [ 182.002529][ T7378] ksys_write+0x12a/0x250 [ 182.002559][ T7378] ? __pfx_ksys_write+0x10/0x10 [ 182.002591][ T7378] ? rcu_is_watching+0x12/0xc0 [ 182.002623][ T7378] do_syscall_64+0x115/0x840 [ 182.002660][ T7378] ? clear_bhb_loop+0x40/0x90 [ 182.002691][ T7378] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 182.002719][ T7378] RIP: 0033:0x7f3aaab9ce59 [ 182.002741][ T7378] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 182.002768][ T7378] RSP: 002b:00007f3aab98f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 182.002796][ T7378] RAX: ffffffffffffffda RBX: 00007f3aaae16180 RCX: 00007f3aaab9ce59 [ 182.002816][ T7378] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 0000000000000003 [ 182.002833][ T7378] RBP: 00007f3aaac32d6f R08: 0000000000000000 R09: 0000000000000000 [ 182.002850][ T7378] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 182.002866][ T7378] R13: 00007f3aaae16218 R14: 00007f3aaae16180 R15: 00007ffc6c630fe8 [ 182.002893][ T7378] [ 182.002902][ T7378] [ 182.002909][ T7378] The buggy address belongs to a 0-page vmalloc region starting at 0xffffc90004819000 allocated at drm_gem_shmem_vmap_locked+0x553/0x860 [ 182.002973][ T7378] Memory state around the buggy address: [ 182.002987][ T7378] ffffc90004b18f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 182.003018][ T7378] ffffc90004b18f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 182.003037][ T7378] >ffffc90004b19000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 182.003051][ T7378] ^ [ 182.003065][ T7378] ffffc90004b19080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 182.003085][ T7378] ffffc90004b19100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 182.003104][ T7378] ================================================================== [ 182.014462][ T7378] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 182.014486][ T7378] CPU: 0 UID: 0 PID: 7378 Comm: syz.3.324 Not tainted syzkaller #0 PREEMPT(full) [ 182.014520][ T7378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 182.014538][ T7378] Call Trace: [ 182.014546][ T7378] [ 182.014557][ T7378] dump_stack_lvl+0x100/0x190 [ 182.014610][ T7378] vpanic+0x552/0x970 [ 182.014636][ T7378] ? __pfx_vpanic+0x10/0x10 [ 182.014667][ T7378] ? sys_imageblit+0x19fb/0x1d60 [ 182.014703][ T7378] panic+0xd1/0xe0 [ 182.014727][ T7378] ? __pfx_panic+0x10/0x10 [ 182.014752][ T7378] ? sys_imageblit+0x19fb/0x1d60 [ 182.014783][ T7378] ? preempt_schedule_common+0x42/0xc0 [ 182.014823][ T7378] check_panic_on_warn.cold+0x19/0x34 [ 182.014850][ T7378] end_report.part.0+0x3a/0x90 [ 182.014885][ T7378] kasan_report.cold+0xe/0x18 [ 182.014921][ T7378] ? sys_imageblit+0x19fb/0x1d60 [ 182.014958][ T7378] sys_imageblit+0x19fb/0x1d60 [ 182.014993][ T7378] ? __pfx_sys_imageblit+0x10/0x10 [ 182.015029][ T7378] ? prb_read_valid+0x78/0xa0 [ 182.015054][ T7378] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 182.015104][ T7378] soft_cursor+0x524/0xa10 [ 182.015144][ T7378] ? atomic_notifier_call_chain+0x50/0x1c0 [ 182.015185][ T7378] ? fb_get_color_depth+0x120/0x250 [ 182.015222][ T7378] bit_cursor+0xca1/0x1490 [ 182.015252][ T7378] ? __pfx_bit_cursor+0x10/0x10 [ 182.015277][ T7378] ? __lock_acquire+0x4a5/0x2630 [ 182.015321][ T7378] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 182.015359][ T7378] ? get_color+0x1da/0x450 [ 182.015394][ T7378] ? __pfx_bit_cursor+0x10/0x10 [ 182.015420][ T7378] fbcon_cursor+0x43c/0x5e0 [ 182.015459][ T7378] ? add_softcursor+0x190/0x290 [ 182.015491][ T7378] set_cursor+0x1db/0x250 [ 182.015521][ T7378] con_write+0x89/0xb0 [ 182.015555][ T7378] do_output_char+0x63b/0x850 [ 182.015592][ T7378] n_tty_write+0x4e8/0x11c0 [ 182.015638][ T7378] ? __pfx_n_tty_write+0x10/0x10 [ 182.015678][ T7378] ? trace_kmalloc+0xe3/0x110 [ 182.015709][ T7378] ? __pfx_woken_wake_function+0x10/0x10 [ 182.015739][ T7378] ? rcu_is_watching+0x12/0xc0 [ 182.015766][ T7378] ? file_tty_write.isra.0+0x694/0x890 [ 182.015797][ T7378] ? kfree+0x1dd/0x6c0 [ 182.015834][ T7378] ? __pfx_n_tty_write+0x10/0x10 [ 182.015876][ T7378] file_tty_write.isra.0+0x4d2/0x890 [ 182.015916][ T7378] redirected_tty_write+0xd4/0x120 [ 182.015951][ T7378] vfs_write+0x6ac/0x1070 [ 182.015983][ T7378] ? __pfx_redirected_tty_write+0x10/0x10 [ 182.016020][ T7378] ? __pfx_vfs_write+0x10/0x10 [ 182.016050][ T7378] ? find_held_lock+0x2b/0x80 [ 182.016091][ T7378] ksys_write+0x12a/0x250 [ 182.016121][ T7378] ? __pfx_ksys_write+0x10/0x10 [ 182.016163][ T7378] ? rcu_is_watching+0x12/0xc0 [ 182.016197][ T7378] do_syscall_64+0x115/0x840 [ 182.016235][ T7378] ? clear_bhb_loop+0x40/0x90 [ 182.016267][ T7378] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 182.016295][ T7378] RIP: 0033:0x7f3aaab9ce59 [ 182.016317][ T7378] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 182.016343][ T7378] RSP: 002b:00007f3aab98f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 182.016370][ T7378] RAX: ffffffffffffffda RBX: 00007f3aaae16180 RCX: 00007f3aaab9ce59 [ 182.016389][ T7378] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 0000000000000003 [ 182.016407][ T7378] RBP: 00007f3aaac32d6f R08: 0000000000000000 R09: 0000000000000000 [ 182.016424][ T7378] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 182.016441][ T7378] R13: 00007f3aaae16218 R14: 00007f3aaae16180 R15: 00007ffc6c630fe8 [ 182.016468][ T7378] [ 182.016737][ T7378] Kernel Offset: disabled