last executing test programs: 13.920008111s ago: executing program 2 (id=406): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/platform/dummy_hcd.0/usb1/power/autosuspend_delay_ms\x00', 0x20461, 0x0) prctl$auto_PR_TIMER_CREATE_RESTORE_IDS_ON(0x1, 0x1, 0x0, 0x8, 0x3) write$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000540)='\x00\x00', 0x2) mmap$auto(0x0, 0x5, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x8) sysfs$auto(0x2, 0x100000000000027, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000200)='/dev/input/event0\x00', 0x68000, 0x0) mmap$auto(0x0, 0x2020007, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x7, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_GET_MSRS(r1, 0xc008ae88, &(0x7f0000000080)={0x2, 0x0, [{0x400000f2, 0x400, 0x9}]}) readv$auto(0x3, &(0x7f0000001100)={0x0, 0xffff}, 0x1) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0xa, 0x0) r3 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x8040) sendmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x8) fsopen$auto(0x0, 0x1) socket(0x10, 0x2, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/dev_snmp6/dummy0\x00', 0x109800, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x8, 0x1, 0x8, 0x11, 0x313c, 0x81, 0xe, 0x2000000000000002, 0x0, 0x9, 0x1, 0x2, 0x80000001, 0x8627, 0x9, 0x20000800001, 0x3, 0x6, 0x7, 0x6, 0x7, 0x0, 0xffffffee, 0x2a17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x18, 0xfffffffffffffffc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x100000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x27, 0x0, 0xfffffffffffffffd, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xe]}, 0x9, 0x81) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0xc090) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4044810}, 0x800) 12.86000897s ago: executing program 2 (id=411): write$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) (async, rerun: 32) close_range$auto(0x2, 0x8, 0x0) (rerun: 32) r0 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x141042, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) (async, rerun: 64) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0xe0180, 0x0) (async, rerun: 64) ioctl$auto(0x3, 0xae41, r0) (async, rerun: 64) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) (async, rerun: 64) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) (async) r1 = open(&(0x7f0000000100)='.\x00', 0x595002, 0x408) write$auto(r1, 0x0, 0xfffffdf1) (async, rerun: 32) linkat$auto(r1, 0x0, 0xffffffffffffff9c, &(0x7f0000000080)='&&\x00', 0x1000) (async, rerun: 32) mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)='nfsd\x00\xee\x1a\x8f\xa2~?\xe2\x82fg\xb3G\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xf6\x04W\xcc\xa3\xce\tI\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd_\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xed\x98\xe3T\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xfd\rw\xca1\x88|\xe5\x1e\x10\x89X\x01\xe9\x9bg\x95xx\xaf\xa9~m\x05\xe1\xa8\xda\x80\xc5\x8f\xb41\x81\xf0\xa3\xa2\xe4\x81\xb9\x92\xda\x13\xfe5\xfb\xc6\xd8>\x01\xd4\x14', 0x7, 0x0) (async) mount$auto(0x0, &(0x7f00000000c0)='.\x00', 0x0, 0x8, 0x0) (async) gettid() (async) timer_create$auto(0x3, 0x0, 0x0) (async) mprotect$auto(0x0, 0x8000000000000001, 0x8) (async) syz_genetlink_get_family_id$auto_ila(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$auto_ILA_CMD_GET(0xffffffffffffffff, 0x0, 0x4004000) 12.102324302s ago: executing program 2 (id=412): openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) unshare$auto(0x40000080) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) prctl$auto(0x1000000003b, 0x1, 0x0, 0x5, 0x5) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snd/controlC0\x00', 0x80, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/netdevsim0/del_port\x00', 0xa001, 0x0) write$auto(r0, &(0x7f0000000380)='0\x81=\"\xad/\x8d\b\x00\x18\xa4\xb0\xb4\xd9\x82=~\x17\xfb&L\xeb=j\a\xf1y\xb3\"\xeb\a\xdd\xf4\xf4Ry\xee\xd7\x1e\x1c\x86\x0f\xcf\x7f\xbf\xab\x12{\xc2\xc2*\xc1M+6/v8\xea\xe9\x85s4\xfe\xe5\t\x7fc\xfb7^\xb86J_\x1d1s!\x01\xff\xff\xff\xff\xff\xff\xff\x1dF\xe6\xf6\x17\x10+\xc0\xb0\xafc\x99\xd4\x150Y~\x1e\xe2\xd6x4fW\x13\xc4U`\x9e-X\xd7\xe2H^\fLS`\xfc\xbb\r\f\x00\xeaN\xa5\xd2\x82;\x7f\xa0.\x9a\xfb\x8d\xf3l\xf2\xd3\x95\xc1M5\xcb\xa6I\x067\xe36\xea\xe9\xe3\xf44oT_`8\xb3\xef\x04 \x05K\xf9\x87pl\xac\x86\nE\xc7e\xc5Q\x89\xcd@\x1c\x92\x00\x87\x976\x9f>\xa2\xcfm\xec\r\x11\x7f\x00\x00\x00\xb1\xde@\x02\xce\x03\xb7\xb1\xfb\x9fr\v\xb2\xe3\xc7\b\x85K /zm\x7f\x8fg,p\a\xc8\x7f\xa5\x87\x02\x87\xbbR=A\x00\x1f\x8a\xa7/Q\"J\xbb\xb0m\xf2SP\x84\x84S\xf0\xba\x9a\xf6\xb6`WI\xba\xba*8\x9f\xea\xe8K/\x98\xbc7~>\x12\x9buB\xcb\xe4\x8aKf\xba\x8c\x19m\xe6I\x02\xde\x80\x9d\x87}\xf4\xbd9\xaa\xd6\xdb1]\xde\xa0r\x14\xca56^\x94\xd2\xd8\xe6}9\x91\xb6\xf7\xa1=\x96\x11\xf1\\\xa91\x0e\xd1\xe4z\xc1;Pw!\x8b\xf5{\xc7Xd\xf1\xf2}\x96EVf\xc9\xa8\xcd\xe4\xc9\x8d\x1d7\xd5\x94\\\xb5\r\xd2\xaa\xe6H\xfe)\xb3a\x04\x1eRMl\xa3F\xa8W0\x90\xc9Ky#\x03\xf5~\xd2Z\xe9(\x99\b\x00M\xde\x01]\r\xd09k\xc2\x84\xc1\xabN\x96\x8a6\x98@\xd3\xab\xa8m\xdf\x8d\x1d\b\x82\xfcP\x87\x93\x80\x97Q\x86\x8a\x9c\xf8L\x0f\xa8@VE2\x9d\x1e`#\xd8\xd7M\xd4k1\xe6\x13Y\\\x83E\xd0e\x0eM\xa9Q\xac\x0e\x1d]\a\x19H\x81\xd2\xccF\xc6\xd4\xe2R$\xfa\xd6}\xbdsN\x18\xdf\xf5\xffP\xf5\f\xccL\xef\x83\xb3$\xd4\xf4\xb5\xe6\xd0 \xb9\xa7\x8e6\t\x83q\xef\b\xd2\xdb', 0x1) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev5\x00', 0x280, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x9) io_uring_setup$auto(0x2, &(0x7f0000000080)={0x80000003, 0x9, 0x9, 0x6, 0x4, 0x8, 0xffffffffffffffff, [], {0x9, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x101, 0x4000006, 0x2000}, {0x180, 0x1, 0x50, 0x5, 0x0, 0x4, 0x8, 0x8, 0x100000002}}) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, 0x0, 0x24048084) madvise$auto(0x0, 0x200007, 0x19) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0x5) mmap$auto(0x0, 0x400008, 0xdf, 0x4000000000009b72, 0x2, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/tty/ptytb/power/runtime_active_time\x00', 0x6102, 0x0) r2 = gettid() ppoll$auto(&(0x7f0000000040)={0xffffffffffffffff, 0xfd, 0x1}, 0x3, &(0x7f0000000080)={0x6, 0x6}, 0x0, 0x8) mmap$auto(0x200000000000, 0x2020009, 0x0, 0xeb1, 0xffffffffffffffff, 0x8000) tkill$auto(r2, 0x7) read$auto(r1, 0x0, 0x10001) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r3, &(0x7f0000000240)={0x0, 0x7}, 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) r4 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0) ioctl$auto(r4, 0x5522, 0xf15) 8.565365925s ago: executing program 2 (id=434): r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) fremovexattr$auto(r0, 0x0) (async) read$auto_tun_fops_tun(r0, &(0x7f0000000040)=""/178, 0xb2) (async) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000000000)) (async, rerun: 32) ioctl$auto_SNDCTL_DSP_SUBDIVIDE(r1, 0xc0045009, &(0x7f0000000040)="81eea551ac") (async, rerun: 32) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000280)='/proc/self/oom_adj\x00', 0x980, 0x0) read$auto(r2, 0x0, 0x4) (async) r3 = socket(0x2, 0x5, 0x0) setsockopt$auto(r3, 0x10000000084, 0x6e, 0x0, 0x0) socket(0x25, 0x80000, 0x84) (async) connect$auto(0x3, 0x0, 0x55) (async) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) (async, rerun: 64) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) (rerun: 64) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) (async) write$auto(0x3, 0x0, 0x81) (async) recvfrom$auto(0x4, 0x0, 0x20000000001, 0x3ffffd, 0x0, 0x0) (async, rerun: 32) close_range$auto(0x2, 0x8, 0x0) (async, rerun: 32) socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64) socket(0x2, 0x1, 0x106) (async, rerun: 64) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) listen$auto(0x3, 0x83) (async) execveat$auto(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) sendmsg$auto_NFC_CMD_START_POLL(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c0000", @ANYRES16, @ANYBLOB="01002bbd7000ffdb0700000000001e00000000000000"], 0x1c}, 0x1, 0x0, 0x0, 0x4044081}, 0x10) ioctl$auto_EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)={0x0, 0x4, 0x0, 0x7}) (async) r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r4, &(0x7f0000000200)={0x0, 0x5}, 0x3) (async) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x42a981, 0x0) 8.540304986s ago: executing program 1 (id=435): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) r0 = socket(0x10, 0x2, 0x0) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r1 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vbi4\x00', 0x80000, 0x0) (async) r2 = getpgid$auto(0x0) setpgid$auto(0x0, r2) (async) sendmsg$auto_NCSI_CMD_SET_INTERFACE(r1, &(0x7f0000002000)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x32042120}, 0xc, &(0x7f0000001fc0)={&(0x7f0000000a00)=ANY=[@ANYBLOB="40050000", @ANYRES16=0x0, @ANYBLOB="040029bd7000fedbdf2502000000040006000800080000000000fe0402801800338008002900", @ANYRES32=0xee01, @ANYBLOB='\b\x00\"\x00', @ANYRES32=0x0, @ANYBLOB="04000b8008002c00", @ANYRES32=0x0, @ANYBLOB="0900a30068737230000000004275275392aa06b1fe13bbbdb65822eeb03eef9bb8327762a59b2781fbdfc50d71114520e409053bddfdc495ab89b7aa36220b170bba7cb7554df5b9178b260f892a6a445ed60cc6b3891f2471beee94d9536d68d5c1a3975863c1176c07680af8f67a90938661b6e400525e829dea219ef880fb6be19e6ed24d49f568c90897b2b58171928bd20c1f38f6bb1819eb6023ecee112adf69e0e9c4a5b8ef199e83d59a9c491909d911724cd2f79eade8ff9640c140be0f924f64015980b2b725b676a9becc9345f46a8ebed9eae63ac8f8bb83968c3141b03ea1569d769d556d977ad60fcbdcb83eeca5a3285c59436c571ed39950c27aabff4eaee57b6df821c1bfe385fe84d430627c4ae145f88bd7d14b08c763720d80dfa6a4fbab55ef07bc6629031952df3c8ea4fec2afbdda3d307eedc1dbd8b9e3cbd2ab16613c971bfc5f9496c439416303da88fd8406990327d7caf1b5b3bcaab7040002802d000c00e767f7d421d75d7004fdb77ef36a4e02d1efd1aea433e98001f52d6dabc4845e3f3dca2523fbf819ed00000004007380b95d2d610e38b1248e6763d5dc241f22445fb9a4c514186c6548368341c5f01a4b5dc90575f6fc265c57181653fc5bbfbb6c62d03c0ab8dc932172180827153144bc4256b534b0ceace1c82f72519f688c43b1789f55fc7b1a5119c8fc546341573fdf49995a0f01cf35ebc8a4ce145563c9a0eee22a7544a820e158d2a47895ede53b2bfdfd31e90400c08040003d80c167adf7c17c093216f283d82b2d1aa78bb89716e295814ad8a16de9a68b0898e8199b8bbfaeff68474bbbfe7ce476bc2e2345f598b683e727af33d932011c800400b1800400738004006e800400dc8014004500000000000000000000000000000000000d0046002b5d322a3a2b2d2b000000000c004900ec55000000000000e20bf4c5a449ac1ec2cfee16dc9101be1086aa8d027f0e9839a2133cb48729ab2330c83eac129983e319ec8b5bd8806a95abc0188219ee72f056b9042804dbe26d9a988453d6f3dc7f515f37852a35e2296cdb467a8d07475400230c7212336389e21faaf9f3585881138ea2375d88efd501b4c3c7524883d95ffc3e9433976c53c3e25a925ca00b7a0585a16cb3a09a84a4b33a2284b5091459e1d57329f46e2dc81e37fd2072b3396ab67cb40d289b60a1cb9d9be3d7726c77e65b1b8a260bb0953f14a364bfc1c2d5c288a202e68888dcc969f9ab83261fa9d7d0d446bf98599f8c44e864d2155dfbc91ed5c8000030014e8008004d000a0101000400308008001d00", @ANYRES32=0x0, @ANYBLOB="91e287b6523a56b43aaeb528d52ee2110c3039428d8947f56b8dda7c9a6b7dc759d85d87ecb24d4f2b571ed6913e801e8445e4f8a2c60f1f5c1b9cb7cac3fb543da8a732030002cc98d0ed6ff9cacd345ab9d9dfb8f1f8fb55f898b52ba8d60a4913323ec6f6d3c3dba3bccc0f42de2d1a4e924620bc6c397639e23f86fc7dffe28b84105da082d5c1df9cdff5bf149c26c4272050cb05e22e9371e85c5c174aae6b01484bc2fbcb13f39b4ddf3891218a2aa72c3a14de9fbc027ef898f92b3f4cafed9ee7f9fbf0e64c7c733f20518191d16582105c97ef71f768615061c553d64fffe1af3987cee69dce662cd7359c0800dc00", @ANYRES32=r2, @ANYBLOB="044dfeebb57b2771d3b183f6000c80140005002001000000000000000093fa3f0e1b000000000001041fd48004002f805f894f172b05ec38ed36cad5076347939c58117299f45f964d40f5b1b642d092e27b2dc55abce02b463b489b272287e383a4", @ANYRES32, @ANYBLOB="00000800080008000000080007000300000008000700000000000800080004000000"], 0x540}, 0x1, 0x0, 0x0, 0x41}, 0x4000000) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="72010000", @ANYBLOB="120027", @ANYBLOB="5de1523353782950330a"], 0x1ac}}, 0x40000) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB='J'], 0x1ac}}, 0x40000) (async) mmap$auto(0x0, 0x400006, 0xdf, 0x9b72, 0x2, 0x8000) r3 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r3, 0xc004743e, 0x0) (async) ioctl$auto_PPPIOCGUNIT(r3, 0x80047456, 0x0) (async) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) recvmmsg$auto(r0, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={&(0x7f0000000040), 0xcb}, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x200, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async, rerun: 64) syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000040), 0xffffffffffffffff) (async, rerun: 64) fremovexattr$auto(r0, &(0x7f0000000000)='IOAM6\x00') (async) r4 = landlock_create_ruleset$auto(&(0x7f00000003c0)={0xffffffff, 0xff, 0x9ad}, 0x2, 0x5) sendmsg$auto_NL80211_CMD_GET_REG(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x800) (async) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/thread-self/net/rpc/nfs4.idtoname/channel\x00', 0x400, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) r5 = prctl$auto_SECCOMP_MODE_FILTER(0x400, 0x2, 0x0, 0x7, 0x1) (async) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'hsr0\x00', 0x0}) (async) r8 = syz_genetlink_get_family_id$auto_hsr(&(0x7f00000008c0), 0xffffffffffffffff) sendmsg$auto_HSR_C_GET_NODE_LIST(r6, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000900)={0x1c, r8, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@HSR_A_IFINDEX={0x8, 0x2, r7}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x40) sendmsg$auto_HSR_C_GET_NODE_STATUS(r5, &(0x7f0000000380)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)=ANY=[@ANYBLOB="01000080", @ANYRES16=r8, @ANYBLOB="00082abd7000ffdbdf25030000000a000500ffffffffffff00000a000500aaaaaaaaaa1e0000"], 0x2c}, 0x1, 0x0, 0x0, 0x80}, 0x20044014) (async, rerun: 32) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB='H'], 0x1ac}, 0x1, 0x0, 0x0, 0x44005}, 0x40000) (async, rerun: 32) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 7.333460862s ago: executing program 1 (id=438): r0 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x0, 0x0) ioctl$auto_MON_IOCX_MFETCH(r0, 0xc0109207, &(0x7f0000000100)={0x0, 0x2000004, 0x7}) pread64$auto(r0, 0x0, 0x7ff, 0xd) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) read$auto(r1, 0x0, 0x20) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_suspend_stats_fops_(0xffffffffffffff9c, 0x0, 0x101000, 0x0) mprotect$auto(0x200000000000, 0x806121, 0x8) futex$auto(0x0, 0x9, 0x7, &(0x7f0000000040)={0xb, 0x401}, 0x0, 0x4) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r3 = memfd_create$auto(&(0x7f0000000300)='/sys/kernel/debug/x86/boot_params/data\x00\"F\xb6\xcd\x06\xd6\x97\\L\xe1\xb2\xee\xb8\x8e\xd6O\xa1j\x90w\xc7\x94\xb7yi\x01&\x04b/\xaa\xfb#s\xc4\xa3\xa7\xacj\xc6\x8e\xf4L\x9a\xf8\xcc\xdcy\x9f\x93\xbc\xf6\xc8\xdb\x05w,|B\xfc\x04\x97\xd3\x0f\x8b\x81\xe8\xbc\x81\x0e\xd7o\xd2\xcd\x18z\xc2\xb7|\xe1\xa6\x9a~\x96\x10rnLnt\xdb\xdb-\x1b\x99\xd4\xed;\xf8\x13a\r\xf2\a\x85%\xef\xa7\x7f#\x96\xf2S\xb0\xf1Hq\x0f;\x83\xb7\x0fz\x9dN\xc9\x1e\x15r\x97|\xbfE\xce\"', 0x4) fallocate$auto(r3, 0x0, 0x10, 0xccbd5d) fallocate$auto(0x8000000000000003, 0x3, 0xf, 0x200000004) syz_clone3(&(0x7f0000001380)={0x0, 0x0, 0x0, 0x0, {0x18}, 0x0, 0x0, 0x0, 0x0}, 0x58) close_range$auto(0xffffffffffffffff, 0xa, 0x0) socket(0x28, 0x5, 0x0) r4 = socket(0x1e, 0x4, 0x0) r5 = socket(0x1e, 0x4, 0x0) openat$auto_tracing_mark_raw_fops_trace(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/tracing/trace_marker_raw\x00', 0x86400, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r5, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(r4, 0x10f, 0x87, 0x0, 0x14) timerfd_create$auto_CLOCK_BOOTTIME(0x7, 0x3) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0x20882, 0x0) 6.151760852s ago: executing program 1 (id=443): openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/tracing/events/vmalloc/filter\x00', 0x187142, 0x0) (async) socket(0x2, 0x3, 0xa) (async) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x9, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) r0 = prctl$auto(0x3b, 0x1, 0x0, 0x1, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x202821, 0x0) socket(0x2, 0x3, 0xa) (async) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x9, @multicast1}, 0x54) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) (async) r3 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/cec10\x00', 0x109901, 0x0) ioctl$auto_CEC_TRANSMIT(r3, 0xc0386105, &(0x7f0000000000)={0x4000000000002a, 0x8, 0x6, 0x22, 0x8081000, 0x0, "9b6600", 0x0, 0x5, 0xe, 0x5, 0x42, 0x84, 0xfe}) (async) r4 = socket$nl_generic(0x10, 0x3, 0x10) (async) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r5) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000001c0)={'wlan0\x00'}) (async) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000400)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="2f212cbd7000fbdbdf252100000008000300", @ANYRES8=r1, @ANYBLOB="080058652f48ff224f4f4572d65c6d282704b083d865c7cbbd6a020e0003000000637ca8e0b8022b6142d8b91c6c5a25c22586a925c9003170d2bb05cb886f3e15d99bd9d2b5281c2ad7267abc95e9621b930dd43549fd1adcba8b0c93926c04e9c705485130c6fafde312c5045c727c26ab6085baeaf7d2efcf78c8f5339a6f1b325527c8a9903ec5254c0d19e4897016e4226ee1f540944203687531e579afc3050eeb12351798c1d8a3a8d1f3186bf98aa32468a12f6ced67698263b3a1538b81795b2d8f897b1032f6b0c96371aa7049b092fa3956823d0b11b76bba737a1ac713be5dfeedbb88d8d322c4b179c8a3151851445f07d40cb6f495ccb1070bbd68428fa03161e6851603f478a5ccbbc9fa363f61488dceca36832fe9eed0131bd67665f0a26e19f49aa5aadd1b5eb972c71efed1944a27d9cf31485433d212984e3d4c5d689ef3a2347593c2c6e370b17bc48b5936ea618982097335a225643da60f601ae0d4e52e2bf27b"], 0x24}}, 0x4000000) (async) mmap$auto(0x0, 0xe981, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) (async) recvmmsg$auto(r0, 0x0, 0x5, 0xccbc, 0x0) (async) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) (async) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyxc\x00', 0x800, 0x0) (async) ioctl$auto_SNDRV_PCM_IOCTL_RESUME(r0, 0x4147, 0x0) (async) mknod$auto(&(0x7f0000000080)=':,\x00', 0xcb, 0xfffffffa) (async) execve$auto(&(0x7f0000000100)=':,\x00', 0x0, 0x0) (async) mknod$auto(&(0x7f0000000b00)='X))\x00', 0x8741, 0x5) mknod$auto(&(0x7f00000000c0)='./file0\x00', 0x67c1, 0x7fc) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snd/pcmC0D0c\x00', 0x80000, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), r7) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r2, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=r8, @ANYBLOB="05257efeba000000"], 0x14}, 0x1, 0x0, 0x0, 0x4004044}, 0x8000) (async) readv$auto(0x3, &(0x7f00000002c0)={0x0, 0x8}, 0x8) 5.288304006s ago: executing program 3 (id=446): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x0, 0x0) fstat$auto(r0, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/bus/usb/010/001\x00', 0x12b901, 0x0) mmap$auto(0x0, 0x400008, 0x5f, 0x9b72, 0x2, 0x8000) r1 = openat$auto_show_traces_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/tracing/available_tracers\x00', 0x80000, 0x0) r2 = socket(0x11, 0x80003, 0x300) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x4c894}, 0x20008800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYRES64=r2, @ANYRES64, @ANYRESHEX=0x0, @ANYRESHEX, @ANYRES64=r1], 0x38}}, 0x40008c0) close_range$auto(0x2, 0x8, 0x0) fanotify_init$auto(0x65, 0x2) socket(0x1d, 0x2, 0x2) connect$auto(0x3, 0x0, 0x53) socket(0x10, 0x3, 0x6) socketpair$auto(0x1e, 0xb, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0x38}, 0x6, 0x0, 0x4, 0x9}, 0x9}, 0x6, 0x1f00) getcwd$auto(0x0, 0xffffffffffffffff) r3 = socket(0xa, 0x5, 0x0) openat2$auto(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000300)={0x0, 0x2, 0x2}, 0x7ff) ioctl$auto(r3, 0x8941, 0x8) r4 = syz_genetlink_get_family_id$auto_ncsi(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_NCSI_CMD_PKG_INFO(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="020025bd7000fbdbdf2501000000080003000500000008000100", @ANYRES32=0x0, @ANYBLOB="b06ba7f4840319141c8425a81c01a48608a805000000793d95e9a82295cfa84fbc240a8fbce3dc740757fc45af0722b6e312cbab26e254ffaad1e1458f9457834274b922f93fb3388ac340fbd3c213746300af8970436fe669a8cad0749dbde450e2c56fced5a5a884ab27cb73c9c14075669de5cd18595a"], 0x24}}, 0x40840) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_ovs_meter(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$auto_OVS_METER_CMD_FEATURES(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x1c, r6, 0x1, 0x70bd27, 0x25dfdbff, {}, [@OVS_METER_ATTR_MAX_BANDS={0x8, 0x8, 0x7}]}, 0x1c}}, 0x0) r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/fs/orangefs/op_timeout_secs\x00', 0x40, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r7, &(0x7f0000000040)=""/6, 0x6) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000300)='/proc/fs/jfs/TxAnchor\x00', 0x68300, 0x0) r8 = ioctl$auto_TUNSETOFFLOAD2(0xffffffffffffffff, 0x400454d0, &(0x7f0000000080)=0x3) pread64$auto(r8, 0x0, 0x7fffffff, 0x7fff) 4.544660309s ago: executing program 3 (id=448): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) capset$auto(0x0, &(0x7f0000000000)={0x2, 0x1000, 0x6}) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, 0x0, 0x80) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x401bf, 0x7352, 0x34, 0x400000000065f, 0x1ffde, 0x40007, 0x40000000007f, 0x20000005, 0x9, 0x3, 0x6, 0x400000004, 0xb4, 0x4, 0x6, 0x2, 0x1, 0xfff, 0xfffffff7, 0x7, 0x1fff, 0x203, 0x838b, 0x84, 0x2, 0x0, 0x5, 0x0, 0x0, [0x0, 0x0, 0x0, 0x40000000000, 0x1, 0xffffffffffffffff, 0x0, 0x0, 0x400, 0x0, 0x0, 0x401, 0x0, 0x0, 0x7, 0x0, 0x81, 0x9e, 0x0, 0x0, 0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x251, 0x3, 0x0, 0x0, 0x8, 0x0, 0xfffffffffffff7cc, 0x0, 0x400000000000002, 0x0, 0x0, 0x0, 0x0, 0x9, 0x8, 0x2000]}, 0x1fe, 0x8) personality$auto(0xfffff032) ppoll$auto(&(0x7f0000000180)={0xffffffffffffffff, 0x9, 0x7}, 0x8, &(0x7f0000001b00)={0x4b8, 0x4}, 0x0, 0x8) r0 = openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x2401, 0x0) ioctl$auto_SNAPSHOT_PREF_IMAGE_SIZE(r0, 0x3312, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) 4.442394689s ago: executing program 2 (id=449): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) socket(0x10, 0x2, 0x14) socket(0x11, 0x80003, 0x300) socket(0x2, 0x3, 0x100) (async) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) (async) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async) r0 = pidfd_open$auto(0x1, 0x0) setns(r0, 0x60020000) (async) getcwd$auto(0x0, 0xffffffffffffffff) fspick$auto(r0, 0x0, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0xa, 0x3, 0x5) msgctl$auto_IPC_RMID(0x4, 0x0, &(0x7f00000000c0)={{0x20cf9, 0x0, 0xee01, 0x4, 0x3, 0x0, 0x8000}, &(0x7f00000001c0)=0x9, 0x0, 0x6, 0x6, 0x3, 0x1, 0x1, 0x5, 0x9, 0x6, @inferred, @raw=0x64}) (async) sendmmsg$auto(r1, &(0x7f0000000000)={{&(0x7f0000000040), 0xc88, 0x0, 0x0, &(0x7f00000000c0), 0x8, 0x200}, 0x5}, 0x3b8b, 0x800) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) socket(0x2a, 0x2, 0xb) (async) socket(0xa, 0x1, 0x0) (async) open(&(0x7f0000000080)='./file0\x00', 0x0, 0x101) (async) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sda\x00', 0x58003, 0x0) (async) socket(0x10, 0x2, 0x0) (async) socket(0xa, 0x2, 0x73) (async) socket(0x28, 0x4, 0xfffffffe) socket$nl_generic(0x10, 0x3, 0x10) (async) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card0\x00', 0x500, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x0) (async) r2 = socket(0x1e, 0x800, 0x10014) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r2, &(0x7f0000003000)={0x0, 0x0, &(0x7f0000002fc0)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000000a14af"], 0x14}, 0x1, 0x0, 0x0, 0x80c3}, 0x0) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="72010000", @ANYRES8=r2], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4c804}, 0x51) 4.00403087s ago: executing program 3 (id=450): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x56f300, 0x0) r0 = socket(0x18, 0x2, 0x106) bind$auto(r0, 0x0, 0x6a) connect$auto(0x3, 0x0, 0x54) pwrite64$auto(0xffffffffffffffff, &(0x7f0000000200)='/-\xc4-\'(])\x00', 0x8, 0x3) write$auto(0x3, 0x0, 0x1) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ram5\x00', 0x14fa02, 0x0) sendfile$auto(0x3, r1, 0x0, 0x400000000006) sysfs$auto(0x2, 0xd, 0x0) unshare$auto(0x40000080) r2 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) getpgid(r2) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) mmap$auto(0x0, 0x40006, 0xdf, 0x200009b72, 0x7, 0x28000) r3 = io_uring_setup$auto(0x6, 0x0) ustat$auto(0x801, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x2, 0x0) socket(0x2, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x26241, 0x20) socket(0x2, 0x1, 0x106) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) socket(0x2, 0x1, 0x106) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001d00), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_TIOCSTI2(r3, 0x5412, &(0x7f0000000000)="b68161a86e8da4110338a92ca863a91beaa8558206154cc5fbaf33") 3.885964751s ago: executing program 0 (id=451): brk$auto(0x7ffffffff001) r0 = ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000000)={0x9, "650c1f9e6ed7e70e8b74275ace47320331788bfa481298e332a35ec855694a7d", @raw=0x7}) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/cpu/cpu0/cache/index2/level\x00', 0x101600, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x161782, 0x0) getrlimit$auto(0x3, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="00010000", @ANYRES16=r3, @ANYBLOB="1b0026bd7000fddbdf25030000004c0103804801018041012d8008002800040000000800b500", @ANYRES32=0x0, @ANYBLOB="b04e844ea904ebea1961b006b1f4786414515be8eb668dae1537305b2b85146fa0a185fbc8dc178799ba2fa6240a8d748b1a446d7a475487d45d152708908224abe9008a807897c7ca660c5e22dfb544bb1e556e2c79d947066b0502973dec091fef0790b61f07b31c3dd2ee5f0529fc8077e62f87badfe0ab4b46e9623926cd375613c4bde5cdc817bcaad729bd4888bc4133073dc8e8e4805d30b44c3466894fd34be815563254488b27ebb9b6e710fddc7600f10067ab35ede9f24221fdc80dd31a37d3c1256b43654c3a3b85edbcac47d71a14432c0662ea40898e214313ed0218f47a1f36a442d15fb111fe40341b601829dc1642c2eb2a94efbed2538400819d9b1abc52df9fb7de60d64a2bc46918afa2fde42a5dbbca34c81f55e0b0dc3837c5acde968e00000000000000000400038004000280"], 0x168}, 0x1, 0x0, 0x0, 0x4004040}, 0x4000844) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snd/pcmC0D0p\x00', 0x80000, 0x0) mmap$auto(0x0, 0x6, 0x10000000000, 0x11, 0x3, 0x0) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) ioctl$auto_BLKZEROOUT(r4, 0x127f, 0x0) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x40000, 0x0) ioctl$auto_KVM_CHECK_EXTENSION(r5, 0xae03, 0x59) preadv2$auto(0x3, 0x0, 0x5, 0xffffffffffffffff, 0x7, 0x2e) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x800) close_range$auto(0x2, 0x8, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000200)=""/197, 0xc5) bind$auto(r0, &(0x7f0000000040)=@ax25={0x3, @bcast, 0x8}, 0x401) 3.446554625s ago: executing program 0 (id=452): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0xa0202, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x17) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x40004) socket(0x21, 0x2, 0xa) write$auto(0x3, 0x0, 0x100082) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x109141, 0x0) r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) write$auto(r0, 0x0, 0x2) io_uring_setup$auto(0x6ffb, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) syz_clone3(&(0x7f0000000140)={0x1045100, 0x0, 0x0, 0x0, {0x2d}, 0x0, 0x0, 0x0, 0x0}, 0x58) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000980)='/proc/self/pagemap\x00', 0x2, 0x0) mmap$auto(0x0, 0x8, 0x400, 0x15, 0x401, 0x7fff) r1 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/oom_adj\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x4) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x0, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x111442, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) close_range$auto(0x0, 0x5, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/sit0/statistics/tx_compressed\x00', 0x80000, 0x0) openat$auto_iommufd_fops_main(0xffffffffffffff9c, 0x0, 0x100, 0x0) openat$auto_nsim_dev_trap_fa_cookie_fops_dev(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/netdevsim/netdevsim3/trap_flow_action_cookie\x00', 0x12200, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x0, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x1cb842, 0x0) openat$auto_cgwb_debug_stats_fops_(0xffffffffffffff9c, 0x0, 0x2080, 0x0) 3.306424958s ago: executing program 3 (id=453): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/irq/11/smp_affinity\x00', 0xe0182, 0x0) (async) readv$auto(0x3, &(0x7f0000000000)={0x0, 0x10000ffff}, 0x1) (async) arch_prctl$auto_ARCH_REQ_XCOMP_PERM(0x1023, 0x7) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) lsm_get_self_attr$auto(0x68, 0x0, &(0x7f0000002440)=0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x201000, 0x2003f0, 0x17) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) io_uring_setup$auto(0x6, 0x0) (async) getrandom$auto(0x0, 0x6000000, 0x3) (async) listmount$auto(0xfffffffffffffffd, 0x0, 0x8, 0x0) (async) r1 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000280)='/proc/swaps\x00', 0x40000, 0x0) read$auto_proc_pid_maps_operations_internal(r1, &(0x7f00000010c0)=""/4082, 0xff2) (async) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) (async) mbind$auto(0x2, 0x2091d1, 0x4, 0x0, 0x6, 0x6) r2 = fanotify_init$auto(0x5, 0x2000000000002) fanotify_mark$auto(r2, 0x1, 0x803a, r2, 0x0) madvise$auto(0x110c230000, 0x1, 0x9) futex$auto(0x0, 0xc, 0xffffffff, 0x0, 0x0, 0x4) (async) read$auto_proc_iter_file_ops_compat_inode(0xffffffffffffffff, &(0x7f0000000180)=""/178, 0xb2) (async) io_pgetevents$auto(0x5, 0xe, 0x990, &(0x7f0000000080)={0x80000000, 0xfafecbd, 0x5, 0x8}, &(0x7f00000000c0)={0x818c, 0xb3}, &(0x7f0000000140)={&(0x7f0000000100)={0x2}}) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) epoll_ctl$auto(r0, 0x5, r0, &(0x7f0000000240)={0xfff, 0x21ad}) 3.054556496s ago: executing program 2 (id=454): r0 = bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0xe, 0x4, 0x4, 0x10001, 0x8, 0xc, 0xffffffffffffffff, 0x9, 0x7ff}, 0xee) openat$auto_generic(0xffffffffffffff9c, 0x0, 0x301483, 0x0) close_range$auto(r2, r0, 0x0) unshare$auto(0x40000080) sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="100025bd7000fbdbdf250200000008000100fb19a1450c000e"], 0x28}}, 0x4) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004c18}, 0x810) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)={0x14, 0x0, 0x1, 0x70bd2c, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x20008810) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' '], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x2b, 0x5, 0xfffffffd) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) fcntl$auto_F_NOTIFY(0xffffffffffffffff, 0x402, 0x9000) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x8f00, 0x0) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) mremap$auto(0xfffffffffffffe01, 0x40000000100005, 0x843, 0x3, 0x2) fsopen$auto(0x0, 0x1) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sg0\x00', 0x8001, 0x0) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, 0x0, 0x189002, 0x0) r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000280)='/proc/thread-self/fail-nth\x00', 0x2, 0x0) write$auto(r5, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) write$auto(0x3, 0x0, 0x100082) prctl$auto(0x38, 0x3, r1, 0x0, 0x3) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) madvise$auto(0x0, 0x2003f2, 0x15) 2.879081539s ago: executing program 1 (id=455): r0 = socket(0xa, 0x3, 0x3b) (async) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) (async) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) (async) sysfs$auto(0x2, 0x10000000000000b, 0x0) (async) r1 = socket(0x28, 0x1, 0x0) getsockopt$auto(r1, 0x28, 0x8, 0x0, 0x0) (async) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) (async) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) (async) pread64$auto(0xffffffffffffffff, 0x0, 0xd, 0x6e9) (async) close_range$auto(0x2, 0x8, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x1e, 0x805, 0x0) (async) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0) ioctl$auto(0x3, 0x80045530, 0x38) pwrite64$auto(r0, 0x0, 0x4e, 0x3) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) (async) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) (async) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000980)='/proc/self/pagemap\x00', 0x2, 0x0) mmap$auto(0xef, 0x400008, 0xffffffff80000001, 0xbd2, 0x2, 0xfffffffffffffffc) (async) mmap$auto(0x0, 0x9, 0x72, 0x8b72, 0x2, 0x8000) (async) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) (async) capset$auto(0x0, 0x0) getsockopt$auto(0x3, 0x200000000001, 0x1f, 0x0, 0x0) (async) socket(0x2, 0x2, 0x0) (async) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/ram2/partscan\x00', 0x80200, 0x0) (async) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) (async) openat$auto_bridges_fops_(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/dri/vkms/encoder-0/bridges\x00', 0x80000, 0x0) 2.247002721s ago: executing program 3 (id=456): r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/cec4\x00', 0x800, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x2a742, 0x0) mmap$auto(0x0, 0x10000, 0xde, 0x11, r1, 0x28000) madvise$auto(0x0, 0x2000040080000004, 0xe) syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000600), 0xffffffffffffffff) io_uring_register$auto_IORING_REGISTER_PBUF_STATUS(r1, 0x1a, &(0x7f0000000180)="2879ab41ed76c293fac352b208a7155c5a8df3a7ef1501c678d20a154eeaa95b4efde4fd4bdc1bc891790b714888056297551ff694e09f59185f2e19d91e7ad4e62d2ccf7ca961b307c87ceefd41b63c8721e7718a675767af4c788c59dced95e2b09603e7677dc977809a47239bf3ba6d163670961ee73daf804afadf194e0ae3f153dac3c98734f1c286c39bbe4c866eb26a6c6f515d0cd7a7512f8d1192370d4f786c00cb5241f6f88ff056bc5f05a49412cae709c8863379e5fc47f6cadef5cc7e9b51e26ec8ac263e269bab4b43d5d436c1ff093762c1b2dc9dd686bd54b4969b69e703166c795ba917d4275787", 0x7fff) sendmsg$auto_IOAM6_CMD_DEL_NAMESPACE(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x808) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) r3 = socket(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'bond0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r4, 0xffffffffffffffff, 0x4, 0xf, 0xffffffffffffffff, @relative_fd, 0xe600}, 0xf) bpf$auto(0x1, &(0x7f0000000000)=@batch={0xfffffffffffffffb, 0x44, 0x2, 0x9, 0x81, r2, 0x2, 0x8}, 0x100000cf) r5 = socket(0x29, 0x2, 0x0) r6 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200"], 0x1ac}}, 0x40000) recvmmsg$auto(r6, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0) ioctl$auto(r5, 0x89f0, 0x24) ioctl$auto(r2, 0x89f1, 0x24) getrlimit$auto(0x3, 0x0) r7 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) ioctl$auto_BLKZEROOUT(r7, 0x127f, 0x0) ioctl$auto_CEC_TRANSMIT(r0, 0xc0386105, &(0x7f00000000c0)={0x2, 0xc7, 0x9, 0x800, 0x7ff, 0xfffffffb, "9b0400ef4600000000060000040100", 0x6, 0x87, 0xc, 0x5, 0x2, 0xfd, 0xe}) 1.723519575s ago: executing program 0 (id=457): r0 = openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000140), 0x382, 0x0) write$auto_rfkill_fops_core(r0, 0x0, 0x0) (async) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vbi22\x00', 0x100, 0x0) r1 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) syz_genetlink_get_family_id$auto_nl802154(0x0, 0xffffffffffffffff) (async) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0) (async) mmap$auto(0x0, 0x10001, 0xdf, 0x9b71, 0xffffffffffffffff, 0x0) (async) socket(0xa, 0x1, 0x100) (async) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f0000000180)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8\xa6\xb6\xaa\x96/OX\xba\x02\xc5\xc6B\x1d}Y\xbc@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf\xd6f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8', 0x100000a3d6) (async) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x10000000000001fe, 0x9, 0xd3e, 0x780, 0x9687, 0x100000000000003, 0x1, 0x6, 0x3, 0x62, 0xfffffffffffffff5, 0x7, 0x6d3e, 0x6, 0xa, 0x100]}, 0x0) (async) r3 = open(&(0x7f0000000000)='./cgroup\x00', 0x0, 0x64) (async) r4 = setfsuid$auto(0x0) setresuid$auto(0x0, 0x0, r4) fchdir$auto(r3) (async) mkdir$auto(&(0x7f0000000040)='./cgroup\x00', 0x6) (async) rmdir$auto(&(0x7f0000000080)='./cgroup\x00') sendmsg$auto_NL80211_CMD_LEAVE_MESH(r1, &(0x7f0000000780)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000740)={0x0}, 0x1, 0x0, 0x0, 0x4048010}, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) (async) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x163a42, 0x0) (async) mount$auto(0x0, &(0x7f00000004c0)='./cgroup\x00', &(0x7f0000000100)='nfsd\x00\xee\x1a\x8f\xa2~?\xe2\x82fg\xb3G\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xe4\xafW\xcc\xa3\xce\tI\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd_\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xd1\x98\xe3T\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xfd\rw\xca1\x88|\xe5\x1e\x10\x89X\x01\xe9\xf6g\x95xx\xaf\xa9~m\x05\xe1\xa8\xda\x80\xc5\x8f\xb41\x81\xf0\xa3\xa2\xe4\x81\xb9\x92\xda\x13\xfe5\xfb\xc6\xd8>\x01\xd4\x14', 0x7, 0x0) (async) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x800a, 0x1, 0x9, 0x3, 0x3d, 0x941, 0x41fedf, 0x3, 0x200003, 0xfffffffffffffffe, 0x1ff, 0xfffffffa, 0x8005, 0x7, 0xb0, 0x9, 0x5, 0x3, 0x20000000, 0x4, 0x4, 0xb64, 0x0, 0x0, 0x8000, 0x0, 0xa, 0xfffffffd, 0x9, 0xfffffffc, 0x3, [0x5, 0x0, 0x80000000, 0xffffff7ffffffffe, 0xfffffffffffffffc, 0x0, 0x9f49, 0x9, 0x0, 0x200000000000, 0xfff, 0xfff, 0x8f3, 0x0, 0x9, 0x0, 0x0, 0x200000000, 0x8000, 0x0, 0x5, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x7fffffffffff, 0x9, 0x0, 0x0, 0x10, 0x8aa5, 0x3, 0x8, 0x400, 0x0, 0x208, 0x0, 0xfffffffffffffffe, 0x2]}, 0x1fe, 0x80082) (async) sendmsg$auto_OVS_VPORT_CMD_DEL(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x4010) r5 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r5, &(0x7f0000000200)={{0x0, 0x2000000, &(0x7f0000000080)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff) 1.690407312s ago: executing program 3 (id=458): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/bus/usb/drivers/ums-jumpshot/uevent\x00', 0xc0002, 0x0) mmap$auto(0x1, 0x2020009, 0x5, 0x1000000eb3, 0xfffffffffffffffa, 0x6) mmap$auto(0x0, 0x5, 0xdf, 0x9b72, 0x7, 0x28000) (async) sysfs$auto(0x2, 0x400000000008, 0x0) fsopen$auto(0x0, 0x1) fsopen$auto(0x0, 0x1) (async) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC2\x00', 0x0, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000240)='/dev/snd/controlC2\x00', 0x8080, 0x0) (async) socket(0x11, 0x3, 0x9) (async) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_proc_pid_smaps_operations_internal(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/smaps\x00', 0xc2441, 0x0) (async) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x9, 0x0, 0x0, &(0x7f0000000100)={[0x1ff, 0x7, 0x8100000000, 0x1, 0x2, 0xe, 0x15f4da07, 0x6, 0x10, 0x2, 0x80000020, 0x1000, 0xb, 0x9, 0x2, 0xd8]}, 0x0) (async) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ram1\x00', 0x6281, 0x0) ioctl$auto_BLKZEROOUT(r2, 0x127f, 0x0) (async) inotify_init1$auto(0x3000000000000) r3 = gettid() read$auto(r2, 0x0, 0x2000000082) (async) rt_sigqueueinfo$auto(r3, 0xb, &(0x7f00000001c0)={@siginfo_0_0={0x3, 0x401, 0xfffffffb, @_timer={r3, 0xd, @sival_ptr=0x0, 0x62}}}) (async) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) (async) r4 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async) getresgid$auto(0x0, 0x0, 0x0) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x182b02, 0x0) (async) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'tunl0\x00'}) r5 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0xe6e43, 0x0) ioctl$auto_BLKFLSBUF(r5, 0x1261, 0x0) openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cec20\x00', 0x101000, 0x0) (async) ioctl$auto_BLKFLSBUF(r4, 0x1261, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x200001, 0x0) 1.302542034s ago: executing program 0 (id=459): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x8000000000000001, 0xffffffffffff0005, 0x19) mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x604200, 0x0) r0 = io_uring_setup$auto(0x2, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000140)='/dev/binderfs/binder1\x00', 0x0, 0x0) ioctl$auto_BINDER_SET_MAX_THREADS(r1, 0x40046205, 0x0) write$auto_sg_fops_sg(r0, &(0x7f0000000040)="6425e395d0f10955b264e0536ade863b6c4beeb0522c4d34c32d498fbe398d643b23b0a7d40f8d6024799cdf8e16d8a57c0ceda4f0f374520fc960938c0c6b82f05c674c805eb2373ff86ee167868e2c00ef5ccff7402ce54e975d83ad2c92641de90a4fb678010461b241cd81a2f107ca39a5c3442e1b19e493d0762194bcc550f4c5369635090ce36403ab025bf41720e6db5514ad676d9290f448314858a2f140ecc5ddfe02d8b42ca7dadb36fdbbf4e166de4dc0c7d14df56173b34d891e1c4258d2085764a4eacc55a1663b5b1632906521703a38447c7c9c1635f44d8f", 0xe0) ioctl$auto_BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000000)="fc06c1f730b9d2867a8ba29f242cf38f59f712fcd917fee796") syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000000180), r0) 1.042718618s ago: executing program 0 (id=460): r0 = io_uring_setup$auto(0x5a, 0x0) setreuid$auto(0x0, 0x20000000004) r1 = socket(0xa, 0x1, 0x84) openat$auto_proc_timens_offsets_operations_base(0xffffffffffffff9c, &(0x7f0000000040), 0x14000, 0x0) setsockopt$auto(r1, 0x0, 0x10000, 0x0, 0x4f) r2 = socket(0xa, 0x3, 0x6) r3 = getsockopt$auto(0x6, 0x29, 0x4e, 0x0, 0x0) mremap$auto(0x110c230000, 0x0, 0x2000101, 0x3, 0xf000) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(0x0, r4) r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r4) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)={0x20, r5, 0xd0d58b333228212f, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r6}, @NL80211_ATTR_SCAN_SSIDS={0x4}]}, 0x20}}, 0x4000000) r7 = semctl$auto(0x3, 0x5, 0x4, 0x6195) r8 = setfsuid$auto(0xee00) setreuid$auto(r8, 0x0) sendmsg$auto_NL80211_CMD_SET_WIPHY(r2, &(0x7f0000000740)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000700)={&(0x7f0000000440)={0x2c0, r5, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [@NL80211_ATTR_REKEY_DATA={0xc, 0x7a, 0x0, 0x1, [@typed={0x8, 0xe2, 0x0, 0x0, @uid=0xffffffffffffffff}]}, @NL80211_ATTR_OFFCHANNEL_TX_OK={0x4}, @NL80211_ATTR_CQM={0x29a, 0x5e, 0x0, 0x1, [@nested={0x191, 0xdc, 0x0, 0x1, [@typed={0x87, 0x27, 0x0, 0x0, @binary="768d694de15da84840a788e5991b4a720295e08c7f78cb652239e2883b259ff0e0a955980307a8c968b984fcba5f0deff5da1ebadf4fa3ff3493197e4ac05e039313bc65398376ce8a56965c146ee6ef630ad25248c5e94a14a831763a9683aa760dc5b8da576c70bdfb584e5528c1c5f898e25407e699da08e64cee575ca6176b2706"}, @typed={0x8, 0x113, 0x0, 0x0, @pid=r7}, @typed={0x8, 0xcc, 0x0, 0x0, @u32=0x9}, @nested={0x4, 0x2d}, @generic="18bccb297363fd7fe07a0eddfd759781c0b92b653f3aba75ba7f937a8e9ab709ac1b5512bf024de3925affb2a500ffc0929f386368bbc861aec050393defea71929af49b9e7f6107ca584bc544105e5fe76fe0117c1534e775cc6fcc26918df6b6b80f95c5010f2c02c887793df760bc9c7d243ec7d6800a76c187f247ac741a34b9dcfc6846ed40447d3b9eefd211d2e474a39c4607204052bdab4c8b8ab2b10d116120b67406eac750f107691e2c1a2067c84afd92032d5e7521ae7bef0178e879da94e82b77744fed8cd2797814dca570ab66ddd98abd0f0b907b208833c55599539f66b10c1b5b3c15d2f1179764d8"]}, @typed={0x8, 0xaa, 0x0, 0x0, @u32=0x9}, @nested={0x5d, 0x56, 0x0, 0x1, [@typed={0x8, 0x5c, 0x0, 0x0, @uid=r8}, @generic="df0bfadf60c7af7ca490b38d60f58388885d3e6ab87ddfaaf5d07acc546f8572be4494b8d7de79e6b2f78243d22f1407ce", @typed={0x8, 0x128, 0x0, 0x0, @u32=0xffffffff}, @typed={0x13, 0x96, 0x0, 0x0, @binary="1bb634665754790beabd453d99ebcd"}, @nested={0x4, 0x13e}]}, @generic="60738937ea982ec9ef8344c15daaeded3c6687265a2daec3ee97d9cb877af82ac7384053e6cf3e2b43e42ec884724fdfbb7f61", @generic="dbb22cf62dbc98d4916db3d9399452cd6a0b43b129e1f0cd064f8a2434002a4c808e8c72dc42cd6b99d126a8052fc0df6addc30796dd842bfbff63cdd7f55845552054f21be408c9b388cd1b1bf7e1ace0ab37fd65d0347f4faab17123165657d30952", @typed={0x4, 0x19}]}]}, 0x2c0}, 0x1, 0x0, 0x0, 0x40}, 0x20000800) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/amidi2\x00', 0x400401, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'lo\x00'}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth0_to_batadv\x00', 0x0}) bpf$auto(0x2, &(0x7f00000001c0)=@query={@target_ifindex=r9, 0xfffffffa, 0x5, 0x3, 0x0, @count=0x5, 0x0, 0x7, 0x53, 0xffffffff, 0x2}, 0xd) bpf$auto(0x1a, &(0x7f0000000380)=@link_create={@map_fd, @target_ifindex, 0x3, 0x81, @uprobe_multi={0x81, 0x1ff, 0x3d7e, 0x0, 0x1, 0x4}}, 0x92) mmap$auto(0x7fffffd7e000, 0x280009, 0xb, 0x8000000008011, 0xffffffffffffffff, 0x0) 1.008629718s ago: executing program 1 (id=461): mmap$auto(0x0, 0x2020009, 0x100003, 0x9000000eb1, 0xfffffffffffffffa, 0x0) mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b73, r0, 0x8000) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) rename$auto(0x0, 0x0) madvise$auto(0x0, 0x40, 0x13) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000740), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_FRAME(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000dc0)={&(0x7f0000000280)={0x4c, r2, 0x403, 0x70bd29, 0x25dbdbf9, {}, [@HWSIM_ATTR_FRAME={0x1c, 0x3, "afcc6f65fdd72aaaf6232ed2dd183765b06bef62cb03c346"}, @HWSIM_ATTR_ADDR_RECEIVER={0xa, 0x1, "196f88149b0c"}, @HWSIM_ATTR_RX_RATE={0x8, 0x5, 0x5}, @HWSIM_ATTR_SIGNAL={0x8, 0x6, 0x8}]}, 0x4c}, 0x1, 0x0, 0x0, 0x80}, 0x8000) r3 = syz_genetlink_get_family_id$auto_smc_gen_netlink(0x0, 0xffffffffffffffff) sendmsg$auto_SMC_NETLINK_ENABLE_SEID(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000001c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="301d6ce39497938be7fa7b550077d8f7b15a3aecfb91f37a4bf15352a12f83b68b2fca", @ANYRES32=r3, @ANYBLOB="000125bd7000fcdbdf250e0000002a15d1abbbf2dbb88edf09a0518d99e051c5bf20f3ae9e02f25b2f4d9da2c8ad84d35df37aa44d25a5fff11f6d3442c2d5c2205f03467d10934c632dbb769f89ad687f9265518819fa1f8251445f7c48eb1c93af2fda7656f96b602758c967764ab48a97fea6dcca66a03fe112b34d10acda80848b9bc90d76000000"], 0x90}, 0x1, 0x0, 0x0, 0x8040}, 0x4000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptya1\x00', 0x129081, 0x0) io_uring_setup$auto(0x1000, 0x0) ioctl$auto(0x3, 0x5420, 0x38) readv$auto(0x3, &(0x7f0000000040)={0x0, 0x36a}, 0x3) ioctl$auto_SNDCTL_TMR_CONTINUE(r4, 0x5407, 0x0) mmap$auto(0x3, 0x20009, 0x3, 0x10, r0, 0x7) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x163340, 0x16e) socket(0x2, 0x80802, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x420240, 0x0) ppoll$auto(0x0, 0x2, 0x0, 0x0, 0x8) ioctl$auto_MEMGETOOBSEL(0xffffffffffffffff, 0x80c84d0a, &(0x7f0000000140)={0x200, 0x6, [[0x8, 0x6], [0x89cf, 0x36], [0x64, 0xff], [0x2, 0x7fffffff], [0x6, 0x7], [0x7fffffff], [0x3, 0x200], [0xfffffffa, 0x918]], [0xc11, 0x8, 0x8, 0x2, 0x4, 0x1, 0x1, 0x0, 0x8, 0x400, 0x6, 0x10, 0x1, 0x8, 0x10001, 0x3, 0x9, 0x0, 0x6, 0x2, 0x5, 0x1, 0x8, 0x7, 0x8, 0x3, 0x6, 0x541a, 0x3, 0x6, 0x74e, 0x6]}) 181.260795ms ago: executing program 0 (id=462): mprotect$auto(0x110c238000, 0x1, 0x3) mmap$auto(0x0, 0x4020007, 0xdf, 0xebf, 0xffffffffffffffff, 0xa) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x20009, 0x7fffffff, 0xeb1, 0x401, 0x8000) prctl$auto_PR_SET_VMA(0x53564d41, 0x0, 0x9000, 0x8002, 0x2) r0 = open(&(0x7f0000000040)='./file0\x00', 0x149443, 0x0) mmap$auto(0x5, 0x1bbf, 0x1ff, 0x19, r0, 0x8020000007ffd) close_range$auto(0x2, r0, 0x0) socket(0x2b, 0x4, 0x10000033) socket(0xa, 0x1, 0x84) capset$auto(0x0, 0x0) unshare$auto(0x40000080) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0xa0681, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/fail-nth\x00', 0x1c9c82, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000040), 0x1bf8c0, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) writev$auto(r2, &(0x7f0000000100)={0x0, 0x9}, 0x2) mmap$auto(0x0, 0x400008, 0x8000000000000df, 0x9b72, r1, 0x6) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r3 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x40000, 0x0) ioctl$auto_SNDCTL_SYNTH_MEMAVL(r3, 0xc004510e, 0x0) connect$auto(0x3, 0x0, 0x55) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x88c2, 0x0) write$auto(r2, &(0x7f00000000c0)='7\x00\\\x1c\xe7k\x00\x00\x00\x00\x00\x00\x00\x00', 0x8083a) getrandom$auto(&(0x7f0000000200)='+\x00^rp\xcb\" \x81u5z\b\x06m7\x84\xc8\xd8\\\x12GM\x02G\xda(\x7f\xe0\x8b\n\n\a\x9f\xcd\xa9\x97i\xe2\xa0\xdd4/^\x13\xde5\x96j\xf4\xcc\xc6g8\xe5\xf6k\xe4\xa0\xc5XF\xd9R5\x81\xa8\xc5\x11\x1a\x8b\xb3Y\xa4\xa1d\xe0\xbe.&\x7f\xd9o*\"\x1c\xe3\xe9%y\xf7\x8ffm\f\xe5\xb0\x13\x16\xa0\x8b>\x7f\xcea\x9b\xe4\x8e\xd4\xf2\xeb\xa5\xb7\xf4\xef\x90\xea\xd4\xa5$\\\x03\a\xf76\xa6z~,7\xccH\xac,\xb4\x8b\xa5\x8b\xcc\xedRFp[h\x14\rn\x1c\x17\x03\x80:\xcaDS\x8b\x01ssn\xc3a\xa8\xfb\x97\xf4\xb0\f\x99\xe2\x16m\v\x9aa\xb8R', 0x6, 0x3c5f) 0s ago: executing program 1 (id=463): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), 0xffffffffffffffff) socket(0x2, 0x3, 0xa) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/001/001\x00', 0x29202, 0x0) semctl$auto(0x201, 0xfffffffffffffffa, 0x3, 0x0) r0 = getpid() process_vm_readv$auto(r0, 0x0, 0x1, &(0x7f0000000280)={0x0, 0xffffffff}, 0x6, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000040)='/dev/usbmon0\x00', 0x0, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup/io.pressure\x00', 0x80000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000240)=""/127, 0x7f) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000180)='/dev/bus/usb/018/001\x00', 0x16d080, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x9, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendto$auto(0xffffffffffffffff, 0x0, 0xfdef, 0xfe80, 0x0, 0x1c) r3 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001b80), r2) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/module/zswap/parameters/enabled\x00', 0x62, 0x0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r2, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000000380)=ANY=[@ANYBLOB="18000000", @ANYRES16=r3, @ANYBLOB="010027bd7000fbdbdf250400000004000e00178735c92dee5d6b7c0acd71bba6d3228dc1220889aedb2e01c70634658500d8b2d3473c19b145cf8c10a70d6c021e8b76b2b3f138fcb76c4dad8fa57468d11e9fd2bb19f06d81df1e86e5c3d5b4b78e360b5a6f3557e53b718e4e59fd5fa3e65770adacbccac551468aff65f4cd1b7d372e3f754628865bd8a88bbd8241e8b26ef6dc6c45ffd40ca5f0ca5aa3d3eb91fd67a0b431ecae3486cc4e821cb4f3a0eb11fc0bcd0f70b74ee240afdf6c6761bfb94d28983abfc8e4e454b00251b28fd892507d293e4d707a5f80dcc635acd60fe3b3803d74dcc4cba9947fd43269aefcaf02e667b80defbcbfc0bef8900e217c950822cf8dfd5f16140000cf3536c3ced8c4a436d065c413d807810091ea6381e0e983cdac73fda049a2a289af6483a50bfa8ce5d87e1389308b860de4f8efb97378b212c98d3361ed4fc5181d538dc63cc958f50c78e6b4a27d423599ed498de213471a9b450a40ce0e2f42"], 0x18}, 0x1, 0x0, 0x0, 0x220000c1}, 0xc0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) mmap$auto(0x0, 0x10000000400008, 0xdf, 0x9b72, 0x2, 0x40000008000) mmap$auto(0x0, 0x2020005, 0x203, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) r4 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/oom_adj\x00', 0x49402, 0x0) read$auto(r4, 0x0, 0x9a28) r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r5, &(0x7f0000000200)={0x0, 0x7}, 0x3) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.143' (ED25519) to the list of known hosts. [ 74.319115][ T5615] cgroup: Unknown subsys name 'net' [ 74.509033][ T5615] cgroup: Unknown subsys name 'cpuset' [ 74.517379][ T5615] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 76.003077][ T5615] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 77.977962][ T5640] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 77.987113][ T5640] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 77.994470][ T5643] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 77.996420][ T5640] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 78.002746][ T5643] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 78.011998][ T5640] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 78.018597][ T5643] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 78.024592][ T5640] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 78.030953][ T5643] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 78.038741][ T5640] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 78.052101][ T5640] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 78.053054][ T5644] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 78.066251][ T5640] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 78.067504][ T5640] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 78.082177][ T5644] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 78.082999][ T5640] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 78.090016][ T5644] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 78.118576][ T5644] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 78.124949][ T50] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 78.127936][ T5644] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 79.309784][ T5629] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.317530][ T5629] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.324672][ T5629] bridge_slave_0: entered allmulticast mode [ 79.334025][ T5629] bridge_slave_0: entered promiscuous mode [ 79.380865][ T5629] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.395759][ T5629] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.411700][ T5629] bridge_slave_1: entered allmulticast mode [ 79.420738][ T5629] bridge_slave_1: entered promiscuous mode [ 79.519691][ T5629] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.550426][ T5629] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.667010][ T5629] team0: Port device team_slave_0 added [ 79.672822][ T5627] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.681287][ T5627] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.688789][ T5627] bridge_slave_0: entered allmulticast mode [ 79.695864][ T5627] bridge_slave_0: entered promiscuous mode [ 79.717264][ T5629] team0: Port device team_slave_1 added [ 79.723246][ T5627] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.730495][ T5627] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.737678][ T5627] bridge_slave_1: entered allmulticast mode [ 79.744585][ T5627] bridge_slave_1: entered promiscuous mode [ 79.795478][ T5626] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.802785][ T5626] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.810140][ T5626] bridge_slave_0: entered allmulticast mode [ 79.817135][ T5626] bridge_slave_0: entered promiscuous mode [ 79.847527][ T5626] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.854664][ T5626] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.862042][ T5626] bridge_slave_1: entered allmulticast mode [ 79.869224][ T5626] bridge_slave_1: entered promiscuous mode [ 79.890332][ T5629] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.897409][ T5629] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.923470][ T5629] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.938006][ T5627] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.969065][ T5629] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.976147][ T5629] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 80.002391][ T5629] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 80.015730][ T5627] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.035292][ T5626] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.074569][ T5626] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.102808][ T5628] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.110041][ T5628] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.117998][ T5628] bridge_slave_0: entered allmulticast mode [ 80.125038][ T5628] bridge_slave_0: entered promiscuous mode [ 80.157480][ T5637] Bluetooth: hci1: command tx timeout [ 80.157594][ T4945] Bluetooth: hci0: command tx timeout [ 80.163438][ T5637] Bluetooth: hci3: command tx timeout [ 80.171360][ T5627] team0: Port device team_slave_0 added [ 80.175373][ T5644] Bluetooth: hci2: command tx timeout [ 80.183434][ T5627] team0: Port device team_slave_1 added [ 80.192222][ T5628] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.199502][ T5628] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.206849][ T5628] bridge_slave_1: entered allmulticast mode [ 80.213736][ T5628] bridge_slave_1: entered promiscuous mode [ 80.242902][ T5626] team0: Port device team_slave_0 added [ 80.264748][ T5629] hsr_slave_0: entered promiscuous mode [ 80.271045][ T5629] hsr_slave_1: entered promiscuous mode [ 80.289359][ T5626] team0: Port device team_slave_1 added [ 80.307321][ T5628] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.317154][ T5627] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 80.324128][ T5627] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 80.350294][ T5627] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 80.382848][ T5628] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.392754][ T5627] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 80.399886][ T5627] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 80.426132][ T5627] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 80.448015][ T5626] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 80.455042][ T5626] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 80.481177][ T5626] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 80.516242][ T5626] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 80.523279][ T5626] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 80.549275][ T5626] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 80.572365][ T5628] team0: Port device team_slave_0 added [ 80.598874][ T5628] team0: Port device team_slave_1 added [ 80.663168][ T5627] hsr_slave_0: entered promiscuous mode [ 80.669444][ T5627] hsr_slave_1: entered promiscuous mode [ 80.675428][ T5627] debugfs: 'hsr0' already exists in 'hsr' [ 80.681485][ T5627] Cannot create hsr debugfs directory [ 80.721799][ T5626] hsr_slave_0: entered promiscuous mode [ 80.728442][ T5626] hsr_slave_1: entered promiscuous mode [ 80.734666][ T5626] debugfs: 'hsr0' already exists in 'hsr' [ 80.740494][ T5626] Cannot create hsr debugfs directory [ 80.746934][ T5628] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 80.753943][ T5628] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 80.779958][ T5628] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 80.809206][ T5628] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 80.816244][ T5628] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 80.842372][ T5628] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.007573][ T5628] hsr_slave_0: entered promiscuous mode [ 81.014085][ T5628] hsr_slave_1: entered promiscuous mode [ 81.020360][ T5628] debugfs: 'hsr0' already exists in 'hsr' [ 81.026129][ T5628] Cannot create hsr debugfs directory [ 81.256784][ T5629] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 81.268760][ T5629] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 81.277150][ T5629] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 81.288498][ T5629] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 81.314907][ T5629] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 81.324276][ T5629] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 81.351797][ T5629] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 81.362127][ T5629] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 81.427606][ T5627] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 81.438355][ T5627] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 81.446552][ T5627] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 81.457107][ T5627] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 81.464879][ T5627] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 81.474360][ T5627] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 81.488187][ T5627] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 81.497783][ T5627] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 81.588084][ T5626] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 81.599940][ T5626] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 81.613424][ T5626] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 81.623198][ T5626] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 81.640355][ T5626] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 81.650684][ T5626] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 81.659161][ T5626] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 81.668642][ T5626] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 81.753286][ T5628] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 81.762944][ T5628] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 81.776886][ T5628] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 81.786979][ T5628] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 81.794883][ T5628] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 81.804128][ T5628] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 81.812996][ T5628] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 81.823310][ T5628] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 81.877085][ T5627] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.889047][ T5629] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.946604][ T5629] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.955452][ T5627] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.978232][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.985792][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.004402][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.011563][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.041466][ T3336] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.048631][ T3336] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.072301][ T3336] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.079402][ T3336] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.122392][ T5626] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.197309][ T5626] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.217793][ T5628] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.229600][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.236716][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.244963][ T5644] Bluetooth: hci2: command tx timeout [ 82.245236][ T5637] Bluetooth: hci3: command tx timeout [ 82.250773][ T50] Bluetooth: hci1: command tx timeout [ 82.261638][ T4945] Bluetooth: hci0: command tx timeout [ 82.271918][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.279042][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.318797][ T5628] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.349444][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.356661][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.390046][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.397244][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.259803][ T5629] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.303783][ T5627] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.392942][ T5629] veth0_vlan: entered promiscuous mode [ 83.433278][ T5629] veth1_vlan: entered promiscuous mode [ 83.469492][ T5627] veth0_vlan: entered promiscuous mode [ 83.485466][ T5626] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.531459][ T5627] veth1_vlan: entered promiscuous mode [ 83.564292][ T5628] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.599317][ T5629] veth0_macvtap: entered promiscuous mode [ 83.620022][ T5629] veth1_macvtap: entered promiscuous mode [ 83.658423][ T5626] veth0_vlan: entered promiscuous mode [ 83.674461][ T5627] veth0_macvtap: entered promiscuous mode [ 83.692468][ T5629] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.701426][ T5627] veth1_macvtap: entered promiscuous mode [ 83.729955][ T5629] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.738252][ T5626] veth1_vlan: entered promiscuous mode [ 83.791726][ T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.801883][ T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.820482][ T5628] veth0_vlan: entered promiscuous mode [ 83.826505][ T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.838569][ T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.856233][ T5627] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.892964][ T5627] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.918844][ T5628] veth1_vlan: entered promiscuous mode [ 83.946638][ T136] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.959526][ T136] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.971606][ T5626] veth0_macvtap: entered promiscuous mode [ 83.988141][ T136] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.013223][ T5626] veth1_macvtap: entered promiscuous mode [ 84.022744][ T136] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.047931][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.056857][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.122847][ T5628] veth0_macvtap: entered promiscuous mode [ 84.144558][ T5626] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.158660][ T34] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.161650][ T5628] veth1_macvtap: entered promiscuous mode [ 84.172337][ T34] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.197672][ T5626] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.253989][ T5629] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 84.256494][ T34] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.280266][ T34] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.300923][ T34] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.310628][ T34] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.320002][ T4945] Bluetooth: hci3: command tx timeout [ 84.326204][ T3336] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.326589][ T50] Bluetooth: hci0: command tx timeout [ 84.339694][ T5644] Bluetooth: hci1: command tx timeout [ 84.340495][ T5637] Bluetooth: hci2: command tx timeout [ 84.352762][ T5628] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.360166][ T3336] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.418106][ T5628] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.497205][ T34] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.512644][ T34] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.531607][ T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.539929][ T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.588920][ T34] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.599352][ T34] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.665509][ T136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.712189][ T136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.880153][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.905640][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.969948][ T136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.990529][ T136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.093281][ T136] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.119648][ T136] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.237612][ T5803] capability: warning: `syz.2.3' uses deprecated v2 capabilities in a way that may be insecure [ 86.395770][ T5637] Bluetooth: hci2: command tx timeout [ 86.396082][ T5644] Bluetooth: hci1: command tx timeout [ 86.401225][ T5637] Bluetooth: hci3: command tx timeout [ 86.413593][ T50] Bluetooth: hci0: command tx timeout [ 87.088740][ T9] cfg80211: failed to load regulatory.db [ 87.348397][ T5835] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 87.974743][ T5840] usb usb16: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 88.154044][ T5847] program syz.3.15 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 88.210720][ T5847] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 88.266984][ T5850] Zero length message leads to an empty skb [ 88.290464][ T5850] netlink: 338 bytes leftover after parsing attributes in process `syz.2.16'. [ 88.948163][ T5863] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(52.65574.7388454), cmd(3) [ 89.162087][ T5869] FAULT_INJECTION: forcing a failure. [ 89.162087][ T5869] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 89.190959][ T5869] CPU: 1 UID: 0 PID: 5869 Comm: syz.1.21 Not tainted syzkaller #0 PREEMPT(full) [ 89.190995][ T5869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 89.191016][ T5869] Call Trace: [ 89.191024][ T5869] [ 89.191034][ T5869] dump_stack_lvl+0x100/0x190 [ 89.191073][ T5869] should_fail_ex.cold+0x5/0xa [ 89.191104][ T5869] ? prepare_alloc_pages+0x16d/0x5f0 [ 89.191143][ T5869] should_fail_alloc_page+0xeb/0x140 [ 89.191179][ T5869] prepare_alloc_pages+0x1f0/0x5f0 [ 89.191221][ T5869] __alloc_frozen_pages_noprof+0x19a/0x2bc0 [ 89.191275][ T5869] ? rcu_is_watching+0x12/0xc0 [ 89.191309][ T5869] ? trace_mm_page_alloc+0x163/0x1d0 [ 89.191346][ T5869] ? __alloc_frozen_pages_noprof+0x2b1/0x2bc0 [ 89.191395][ T5869] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 89.191446][ T5869] ? __pfx_stack_trace_save+0x10/0x10 [ 89.191486][ T5869] ? stack_depot_save_flags+0x27/0x9d0 [ 89.191517][ T5869] ? is_bpf_text_address+0x8a/0x1a0 [ 89.191556][ T5869] ? is_bpf_text_address+0x8a/0x1a0 [ 89.191597][ T5869] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 89.191643][ T5869] ? kasan_save_stack+0x3f/0x50 [ 89.191668][ T5869] ? kasan_save_stack+0x30/0x50 [ 89.191693][ T5869] ? kasan_save_track+0x14/0x30 [ 89.191719][ T5869] ? kmem_cache_alloc_node_noprof+0x25a/0x6f0 [ 89.191766][ T5869] ? __get_vm_area_node+0x1ca/0x330 [ 89.191798][ T5869] ? __vmalloc_node_range_noprof+0x228/0x1630 [ 89.191845][ T5869] ? __vmalloc_node_noprof+0xad/0xf0 [ 89.191881][ T5869] ? copy_process+0x7fb/0x7e00 [ 89.191918][ T5869] ? kernel_clone+0x12e/0x9c0 [ 89.191954][ T5869] ? __do_sys_clone+0xd9/0x120 [ 89.191990][ T5869] ? do_syscall_64+0x10b/0xf80 [ 89.192029][ T5869] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.192067][ T5869] alloc_pages_bulk_noprof+0x657/0x1390 [ 89.192123][ T5869] ? policy_nodemask+0xed/0x4f0 [ 89.192158][ T5869] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 89.192224][ T5869] __kasan_populate_vmalloc+0xf0/0x210 [ 89.192277][ T5869] alloc_vmap_area+0x95d/0x2b70 [ 89.192323][ T5869] ? __pfx_alloc_vmap_area+0x10/0x10 [ 89.192361][ T5869] __get_vm_area_node+0x1ca/0x330 [ 89.192402][ T5869] __vmalloc_node_range_noprof+0x228/0x1630 [ 89.192441][ T5869] ? kernel_clone+0x12e/0x9c0 [ 89.192479][ T5869] ? lock_acquire+0x1b1/0x370 [ 89.192513][ T5869] ? kernel_clone+0x12e/0x9c0 [ 89.192562][ T5869] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 89.192609][ T5869] ? rcu_is_watching+0x12/0xc0 [ 89.192642][ T5869] ? trace_kmem_cache_alloc+0xd5/0x100 [ 89.192678][ T5869] ? kernel_clone+0x12e/0x9c0 [ 89.192716][ T5869] __vmalloc_node_noprof+0xad/0xf0 [ 89.192754][ T5869] ? kernel_clone+0x12e/0x9c0 [ 89.192796][ T5869] copy_process+0x7fb/0x7e00 [ 89.192842][ T5869] ? preempt_schedule_common+0x42/0xc0 [ 89.192879][ T5869] ? preempt_schedule_thunk+0x16/0x30 [ 89.192936][ T5869] ? __pfx_copy_process+0x10/0x10 [ 89.192976][ T5869] ? find_held_lock+0x2b/0x80 [ 89.193017][ T5869] ? futex_private_hash_put+0x107/0x1c0 [ 89.193052][ T5869] kernel_clone+0x12e/0x9c0 [ 89.193093][ T5869] ? __pfx_kernel_clone+0x10/0x10 [ 89.193153][ T5869] __do_sys_clone+0xd9/0x120 [ 89.193193][ T5869] ? __pfx___do_sys_clone+0x10/0x10 [ 89.193247][ T5869] ? ksys_write+0x1ac/0x250 [ 89.193284][ T5869] ? rcu_is_watching+0x12/0xc0 [ 89.193321][ T5869] do_syscall_64+0x10b/0xf80 [ 89.193355][ T5869] ? clear_bhb_loop+0x40/0x90 [ 89.193388][ T5869] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.193415][ T5869] RIP: 0033:0x7f421099cdd9 [ 89.193438][ T5869] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 89.193465][ T5869] RSP: 002b:00007f421177bfd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 89.193492][ T5869] RAX: ffffffffffffffda RBX: 00007f4210c15fa0 RCX: 00007f421099cdd9 [ 89.193511][ T5869] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000011 [ 89.193528][ T5869] RBP: 00007f4210a32d69 R08: 0000000000000000 R09: 0000000000000000 [ 89.193544][ T5869] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 89.193560][ T5869] R13: 00007f4210c16038 R14: 00007f4210c15fa0 R15: 00007fff4f2373c8 [ 89.193596][ T5869] [ 89.630753][ T5871] netlink: 8 bytes leftover after parsing attributes in process `syz.3.22'. [ 90.028833][ T5869] syz.1.21: vmalloc error: size 32768, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 90.055364][ T5869] CPU: 0 UID: 0 PID: 5869 Comm: syz.1.21 Not tainted syzkaller #0 PREEMPT(full) [ 90.055400][ T5869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 90.055415][ T5869] Call Trace: [ 90.055424][ T5869] [ 90.055435][ T5869] dump_stack_lvl+0x100/0x190 [ 90.055471][ T5869] warn_alloc.cold+0x95/0x1c1 [ 90.055498][ T5869] ? __pfx_warn_alloc+0x10/0x10 [ 90.055537][ T5869] ? lockdep_hardirqs_on+0x78/0x100 [ 90.055579][ T5869] ? __get_vm_area_node+0x2c5/0x330 [ 90.055619][ T5869] ? __get_vm_area_node+0x208/0x330 [ 90.055659][ T5869] __vmalloc_node_range_noprof+0xccd/0x1630 [ 90.055698][ T5869] ? lock_acquire+0x1b1/0x370 [ 90.055732][ T5869] ? kernel_clone+0x12e/0x9c0 [ 90.055782][ T5869] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 90.055829][ T5869] ? rcu_is_watching+0x12/0xc0 [ 90.055862][ T5869] ? trace_kmem_cache_alloc+0xd5/0x100 [ 90.055898][ T5869] ? kernel_clone+0x12e/0x9c0 [ 90.055934][ T5869] __vmalloc_node_noprof+0xad/0xf0 [ 90.055971][ T5869] ? kernel_clone+0x12e/0x9c0 [ 90.056013][ T5869] copy_process+0x7fb/0x7e00 [ 90.056059][ T5869] ? preempt_schedule_common+0x42/0xc0 [ 90.056095][ T5869] ? preempt_schedule_thunk+0x16/0x30 [ 90.056152][ T5869] ? __pfx_copy_process+0x10/0x10 [ 90.056191][ T5869] ? find_held_lock+0x2b/0x80 [ 90.056232][ T5869] ? futex_private_hash_put+0x107/0x1c0 [ 90.056267][ T5869] kernel_clone+0x12e/0x9c0 [ 90.056308][ T5869] ? __pfx_kernel_clone+0x10/0x10 [ 90.056366][ T5869] __do_sys_clone+0xd9/0x120 [ 90.056406][ T5869] ? __pfx___do_sys_clone+0x10/0x10 [ 90.056459][ T5869] ? ksys_write+0x1ac/0x250 [ 90.056496][ T5869] ? rcu_is_watching+0x12/0xc0 [ 90.056533][ T5869] do_syscall_64+0x10b/0xf80 [ 90.056568][ T5869] ? clear_bhb_loop+0x40/0x90 [ 90.056603][ T5869] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.056632][ T5869] RIP: 0033:0x7f421099cdd9 [ 90.056655][ T5869] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 90.056680][ T5869] RSP: 002b:00007f421177bfd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 90.056705][ T5869] RAX: ffffffffffffffda RBX: 00007f4210c15fa0 RCX: 00007f421099cdd9 [ 90.056725][ T5869] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000011 [ 90.056741][ T5869] RBP: 00007f4210a32d69 R08: 0000000000000000 R09: 0000000000000000 [ 90.056756][ T5869] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 90.056771][ T5869] R13: 00007f4210c16038 R14: 00007f4210c15fa0 R15: 00007fff4f2373c8 [ 90.056804][ T5869] [ 90.365690][ T5869] Mem-Info: [ 90.368893][ T5869] active_anon:12664 inactive_anon:0 isolated_anon:0 [ 90.368893][ T5869] active_file:3188 inactive_file:39943 isolated_file:0 [ 90.368893][ T5869] unevictable:768 dirty:1489 writeback:0 [ 90.368893][ T5869] slab_reclaimable:9868 slab_unreclaimable:88986 [ 90.368893][ T5869] mapped:32982 shmem:8424 pagetables:1080 [ 90.368893][ T5869] sec_pagetables:0 bounce:0 [ 90.368893][ T5869] kernel_misc_reclaimable:0 [ 90.368893][ T5869] free:1337351 free_pcp:15965 free_cma:0 [ 90.421818][ T5869] Node 0 active_anon:50656kB inactive_anon:0kB active_file:12852kB inactive_file:159568kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:134028kB dirty:5940kB writeback:0kB shmem:32160kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:11688kB pagetables:4168kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 90.457495][ T5869] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:16kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:64kB pagetables:152kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 90.492038][ T5869] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 90.604134][ T5869] lowmem_reserve[]: 0 2477 2479 2479 2479 [ 90.660546][ T5856] syz.2.17 (5856) used greatest stack depth: 17688 bytes left [ 90.699443][ T5869] Node 0 DMA32 free:1390344kB boost:0kB min:34056kB low:42568kB high:51080kB reserved_highatomic:0KB free_highatomic:0KB active_anon:52264kB inactive_anon:0kB active_file:12940kB inactive_file:159568kB unevictable:1536kB writepending:5988kB zspages:0kB present:3129332kB managed:2537396kB mlocked:0kB bounce:0kB free_pcp:63700kB local_pcp:27968kB free_cma:0kB [ 90.857659][ T5884] syz.2.24 uses obsolete (PF_INET,SOCK_PACKET) [ 90.867943][ T5869] lowmem_reserve[]: 0 0 1 1 1 [ 90.893960][ T5869] Node 0 Normal free:0kB boost:0kB min:12kB low:12kB high:12kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1100kB mlocked:0kB bounce:0kB free_pcp:4kB local_pcp:4kB free_cma:0kB [ 90.992207][ T5869] lowmem_reserve[]: 0 0 0 0 0 [ 91.022083][ T5869] Node 1 Normal free:3939892kB boost:0kB min:55828kB low:69784kB high:83740kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:16kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 91.125870][ T5869] lowmem_reserve[]: 0 0 0 0 0 [ 91.125928][ T5869] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 91.126122][ T5869] Node 0 DMA32: 829*4kB (U) 309*8kB (UE) 40*16kB (UE) 0*32kB 2*64kB (ME) 3*128kB (UME) 1*256kB (M) 3*512kB (UME) 2*1024kB (UM) 2*2048kB (UM) 334*4096kB (M) = 1382940kB [ 91.245687][ T5869] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 91.275691][ T5869] Node 1 Normal: 1*4kB (U) 1*8kB (M) 1*16kB (M) 1*32kB (M) 6*64kB (UM) 3*128kB (UM) 5*256kB (UM) 6*512kB (UM) 2*1024kB (UM) 0*2048kB 960*4096kB (M) = 3939388kB [ 91.335389][ T5869] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 91.376598][ T5869] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 91.435774][ T5886] netlink: 4 bytes leftover after parsing attributes in process `syz.3.25'. [ 91.465980][ T5869] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 91.494915][ T5869] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 91.527943][ T5869] 54717 total pagecache pages [ 91.546985][ T5869] 3 pages in swap cache [ 91.559060][ T5869] Free swap = 124044kB [ 91.590698][ T5869] Total swap = 124996kB [ 91.653692][ T5869] 2097051 pages RAM [ 91.679316][ T5869] 0 pages HighMem/MovableOnly [ 91.684063][ T5869] 430812 pages reserved [ 91.694279][ T5869] 0 pages cma reserved [ 92.731834][ T5880] binder: 5868:5880 ioctl 40086602 e20 returned -22 [ 93.227584][ T5912] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 93.426262][ T5916] process 'syz.3.31' launched '/dev/fd/3' with NULL argv: empty string added [ 94.406816][ T5930] FAULT_INJECTION: forcing a failure. [ 94.406816][ T5930] name fail_futex, interval 1, probability 0, space 0, times 1 [ 94.594067][ T5930] CPU: 0 UID: 0 PID: 5930 Comm: syz.0.33 Not tainted syzkaller #0 PREEMPT(full) [ 94.594105][ T5930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 94.594121][ T5930] Call Trace: [ 94.594130][ T5930] [ 94.594140][ T5930] dump_stack_lvl+0x100/0x190 [ 94.594177][ T5930] should_fail_ex.cold+0x5/0xa [ 94.594213][ T5930] get_futex_key+0x1d2/0x1510 [ 94.594247][ T5930] ? __pfx_get_futex_key+0x10/0x10 [ 94.594276][ T5930] ? __pick_eevdf+0x4a9/0x7d0 [ 94.594333][ T5930] futex_wait_setup+0x83/0x510 [ 94.594379][ T5930] __futex_wait+0x19f/0x300 [ 94.594417][ T5930] ? __pfx___futex_wait+0x10/0x10 [ 94.594452][ T5930] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 94.594492][ T5930] ? __pfx_futex_wake_mark+0x10/0x10 [ 94.594542][ T5930] ? find_held_lock+0x2b/0x80 [ 94.594579][ T5930] ? futex_wake+0x456/0x530 [ 94.594624][ T5930] futex_wait+0xe6/0x370 [ 94.594662][ T5930] ? __pfx_futex_wait+0x10/0x10 [ 94.594707][ T5930] ? putname+0xb1/0x110 [ 94.594742][ T5930] ? kmem_cache_free+0x127/0x6c0 [ 94.594792][ T5930] do_futex+0x1ef/0x350 [ 94.594823][ T5930] ? __pfx_do_futex+0x10/0x10 [ 94.594852][ T5930] ? __pfx_do_sys_openat2+0x10/0x10 [ 94.594898][ T5930] ? __x64_sys_close_range+0x3ce/0x5d0 [ 94.594940][ T5930] __x64_sys_futex+0x34f/0x4d0 [ 94.594971][ T5930] ? __x64_sys_openat+0x12d/0x210 [ 94.595011][ T5930] ? __pfx___x64_sys_futex+0x10/0x10 [ 94.595046][ T5930] ? rcu_is_watching+0x12/0xc0 [ 94.595080][ T5930] do_syscall_64+0x10b/0xf80 [ 94.595099][ T5930] ? clear_bhb_loop+0x40/0x90 [ 94.595118][ T5930] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.595133][ T5930] RIP: 0033:0x7fa9b0f9cdd9 [ 94.595146][ T5930] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 94.595160][ T5930] RSP: 002b:00007fa9b1de50e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 94.595175][ T5930] RAX: ffffffffffffffda RBX: 00007fa9b1215fa8 RCX: 00007fa9b0f9cdd9 [ 94.595185][ T5930] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fa9b1215fa8 [ 94.595194][ T5930] RBP: 00007fa9b1215fa0 R08: 0000000000000000 R09: 0000000000000000 [ 94.595203][ T5930] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 94.595211][ T5930] R13: 00007fa9b1216038 R14: 00007ffe650595b0 R15: 00007ffe65059698 [ 94.595231][ T5930] [ 95.235716][ T5930] FAULT_INJECTION: forcing a failure. [ 95.235716][ T5930] name failslab, interval 1, probability 0, space 0, times 1 [ 95.298599][ T5926] netlink: 28 bytes leftover after parsing attributes in process `syz.3.35'. [ 95.343492][ T5930] CPU: 0 UID: 0 PID: 5930 Comm: syz.0.33 Not tainted syzkaller #0 PREEMPT(full) [ 95.343528][ T5930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 95.343545][ T5930] Call Trace: [ 95.343554][ T5930] [ 95.343565][ T5930] dump_stack_lvl+0x100/0x190 [ 95.343603][ T5930] should_fail_ex.cold+0x5/0xa [ 95.343639][ T5930] should_failslab+0xc2/0x120 [ 95.343673][ T5930] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 95.343718][ T5930] ? do_timer_create+0x209/0x1480 [ 95.343758][ T5930] do_timer_create+0x209/0x1480 [ 95.343795][ T5930] ? __might_fault+0xc5/0x140 [ 95.343837][ T5930] ? __pfx_do_timer_create+0x10/0x10 [ 95.343883][ T5930] __x64_sys_timer_create+0x182/0x1d0 [ 95.343919][ T5930] ? __pfx___x64_sys_timer_create+0x10/0x10 [ 95.343963][ T5930] ? rcu_is_watching+0x12/0xc0 [ 95.344002][ T5930] do_syscall_64+0x10b/0xf80 [ 95.344039][ T5930] ? clear_bhb_loop+0x40/0x90 [ 95.344073][ T5930] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.344102][ T5930] RIP: 0033:0x7fa9b0f9cdd9 [ 95.344125][ T5930] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 95.344151][ T5930] RSP: 002b:00007fa9b1de5028 EFLAGS: 00000246 ORIG_RAX: 00000000000000de [ 95.344177][ T5930] RAX: ffffffffffffffda RBX: 00007fa9b1215fa0 RCX: 00007fa9b0f9cdd9 [ 95.344196][ T5930] RDX: 00002000000002c0 RSI: 0000200000000280 RDI: 0000000000000007 [ 95.344214][ T5930] RBP: 00007fa9b1032d69 R08: 0000000000000000 R09: 0000000000000000 [ 95.344231][ T5930] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 95.344247][ T5930] R13: 00007fa9b1216038 R14: 00007fa9b1215fa0 R15: 00007ffe65059698 [ 95.344293][ T5930] [ 95.991166][ T5943] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 96.771339][ T5952] netlink: 8 bytes leftover after parsing attributes in process `syz.0.38'. [ 96.792508][ T30] audit: type=1800 audit(1777817455.160:2): pid=5953 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.37" name="dbroot" dev="configfs" ino=9437 res=0 errno=0 [ 99.074664][ T5978] random: crng reseeded on system resumption [ 99.155881][ T5972] FAULT_INJECTION: forcing a failure. [ 99.155881][ T5972] name failslab, interval 1, probability 0, space 0, times 0 [ 99.281614][ T5972] CPU: 1 UID: 0 PID: 5972 Comm: syz.2.41 Not tainted syzkaller #0 PREEMPT(full) [ 99.281652][ T5972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 99.281668][ T5972] Call Trace: [ 99.281677][ T5972] [ 99.281688][ T5972] dump_stack_lvl+0x100/0x190 [ 99.281725][ T5972] should_fail_ex.cold+0x5/0xa [ 99.281764][ T5972] should_failslab+0xc2/0x120 [ 99.281798][ T5972] __kmalloc_cache_noprof+0x7a/0x6f0 [ 99.281844][ T5972] ? fuse_dev_alloc+0x48/0x2c0 [ 99.281882][ T5972] ? lockdep_init_map_type+0x5c/0x250 [ 99.281917][ T5972] fuse_dev_alloc+0x48/0x2c0 [ 99.281956][ T5972] fuse_dev_alloc_install+0x13/0x40 [ 99.281996][ T5972] cuse_channel_open+0x100/0x7f0 [ 99.282033][ T5972] ? __pfx_cuse_channel_open+0x10/0x10 [ 99.282070][ T5972] misc_open+0x26d/0x450 [ 99.282105][ T5972] ? __pfx_misc_open+0x10/0x10 [ 99.282138][ T5972] chrdev_open+0x234/0x6a0 [ 99.282176][ T5972] ? __pfx_chrdev_open+0x10/0x10 [ 99.282215][ T5972] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 99.282260][ T5972] do_dentry_open+0x6d8/0x1660 [ 99.282294][ T5972] ? __pfx_chrdev_open+0x10/0x10 [ 99.282340][ T5972] vfs_open+0x82/0x3f0 [ 99.282386][ T5972] path_openat+0x208c/0x31a0 [ 99.282434][ T5972] ? __pfx_path_openat+0x10/0x10 [ 99.282484][ T5972] do_file_open+0x20e/0x430 [ 99.282523][ T5972] ? __pfx_do_file_open+0x10/0x10 [ 99.282585][ T5972] ? alloc_fd+0x476/0x790 [ 99.282623][ T5972] ? do_getname+0x191/0x390 [ 99.282670][ T5972] do_sys_openat2+0x10d/0x1e0 [ 99.282714][ T5972] ? __pfx_do_sys_openat2+0x10/0x10 [ 99.282758][ T5972] ? __fget_files+0x21f/0x3d0 [ 99.282794][ T5972] __x64_sys_openat+0x12d/0x210 [ 99.282845][ T5972] ? __pfx___x64_sys_openat+0x10/0x10 [ 99.282897][ T5972] ? rcu_is_watching+0x12/0xc0 [ 99.282936][ T5972] do_syscall_64+0x10b/0xf80 [ 99.282972][ T5972] ? clear_bhb_loop+0x40/0x90 [ 99.283008][ T5972] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.283037][ T5972] RIP: 0033:0x7fde4859cdd9 [ 99.283060][ T5972] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 99.283088][ T5972] RSP: 002b:00007fde4938c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 99.283115][ T5972] RAX: ffffffffffffffda RBX: 00007fde48816270 RCX: 00007fde4859cdd9 [ 99.283134][ T5972] RDX: 0000000000000e40 RSI: 0000200000001b40 RDI: ffffffffffffff9c [ 99.283153][ T5972] RBP: 00007fde48632d69 R08: 0000000000000000 R09: 0000000000000000 [ 99.283170][ T5972] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 99.283187][ T5972] R13: 00007fde48816308 R14: 00007fde48816270 R15: 00007fff5985e1f8 [ 99.283225][ T5972] [ 99.951682][ T30] audit: type=1804 audit(1777817458.318:3): pid=5985 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.43" name="/newroot/sys/kernel/tracing/set_event" dev="tracefs" ino=1071 res=1 errno=0 [ 99.956248][ T5985] netlink: 8 bytes leftover after parsing attributes in process `syz.3.43'. [ 101.400990][ T6011] netlink: 12 bytes leftover after parsing attributes in process `syz.2.48'. [ 101.896371][ T6022] ptrace attach of "ci-qemu-gce-upstream-auto/syz-executor exec"[5627] was attempted by "ci-qemu-gce-upstream-auto/syz-executor exec"[6022] [ 102.232088][ T6029] netlink: 8 bytes leftover after parsing attributes in process `syz.3.52'. [ 102.621713][ T6040] mmap: syz.2.54 (6040) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 103.364705][ T30] audit: type=1800 audit(1777817461.726:4): pid=6049 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.55" name="features" dev="configfs" ino=8710 res=0 errno=0 [ 104.831775][ T6075] netlink: 12 bytes leftover after parsing attributes in process `syz.3.60'. [ 104.836323][ T6073] FAULT_INJECTION: forcing a failure. [ 104.836323][ T6073] name failslab, interval 1, probability 0, space 0, times 0 [ 104.983701][ T6073] CPU: 0 UID: 0 PID: 6073 Comm: syz.1.59 Not tainted syzkaller #0 PREEMPT(full) [ 104.983739][ T6073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 104.983755][ T6073] Call Trace: [ 104.983765][ T6073] [ 104.983775][ T6073] dump_stack_lvl+0x100/0x190 [ 104.983812][ T6073] should_fail_ex.cold+0x5/0xa [ 104.983850][ T6073] should_failslab+0xc2/0x120 [ 104.983883][ T6073] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 104.983924][ T6073] ? security_file_alloc+0x34/0x2c0 [ 104.983950][ T6073] ? trace_kmem_cache_alloc+0xd5/0x100 [ 104.983982][ T6073] security_file_alloc+0x34/0x2c0 [ 104.984008][ T6073] init_file+0x95/0x480 [ 104.984041][ T6073] alloc_empty_file+0x79/0x1c0 [ 104.984076][ T6073] path_openat+0xe8/0x31a0 [ 104.984103][ T6073] ? kasan_save_stack+0x3f/0x50 [ 104.984124][ T6073] ? kasan_save_stack+0x30/0x50 [ 104.984144][ T6073] ? kasan_save_track+0x14/0x30 [ 104.984169][ T6073] ? __kasan_slab_alloc+0x89/0x90 [ 104.984191][ T6073] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 104.984226][ T6073] ? do_getname+0x35/0x390 [ 104.984257][ T6073] ? do_sys_openat2+0xc5/0x1e0 [ 104.984292][ T6073] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.984320][ T6073] ? __pfx_path_openat+0x10/0x10 [ 104.984359][ T6073] do_file_open+0x20e/0x430 [ 104.984390][ T6073] ? __pfx_do_file_open+0x10/0x10 [ 104.984440][ T6073] ? alloc_fd+0x476/0x790 [ 104.984471][ T6073] ? do_getname+0x191/0x390 [ 104.984513][ T6073] do_sys_openat2+0x10d/0x1e0 [ 104.984550][ T6073] ? __pfx_do_sys_openat2+0x10/0x10 [ 104.984597][ T6073] __x64_sys_openat+0x12d/0x210 [ 104.984633][ T6073] ? __pfx___x64_sys_openat+0x10/0x10 [ 104.984669][ T6073] ? ksys_write+0x1ac/0x250 [ 104.984699][ T6073] ? rcu_is_watching+0x12/0xc0 [ 104.984734][ T6073] do_syscall_64+0x10b/0xf80 [ 104.984763][ T6073] ? clear_bhb_loop+0x40/0x90 [ 104.984791][ T6073] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.984815][ T6073] RIP: 0033:0x7f421099cdd9 [ 104.984833][ T6073] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 104.984855][ T6073] RSP: 002b:00007f421177c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 104.984877][ T6073] RAX: ffffffffffffffda RBX: 00007f4210c15fa0 RCX: 00007f421099cdd9 [ 104.984893][ T6073] RDX: 0000000000000000 RSI: 0000200000000200 RDI: ffffffffffffff9c [ 104.984908][ T6073] RBP: 00007f4210a32d69 R08: 0000000000000000 R09: 0000000000000000 [ 104.984922][ T6073] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 104.984936][ T6073] R13: 00007f4210c16038 R14: 00007f4210c15fa0 R15: 00007fff4f2373c8 [ 104.984967][ T6073] [ 105.327075][ T6079] random: crng reseeded on system resumption [ 105.498878][ T6079] hub 1-0:1.0: USB hub found [ 105.562755][ T6079] hub 1-0:1.0: 1 port detected [ 108.068808][ T6130] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 109.580028][ T6150] can0: slcan on ttyS1. [ 109.786906][ T6150] can0 (unregistered): slcan off ttyS1. [ 109.983440][ T6177] netlink: 8 bytes leftover after parsing attributes in process `syz.2.75'. [ 110.617045][ T6195] vivid-008: ================= START STATUS ================= [ 110.635400][ T6195] vivid-008: ================== END STATUS ================== [ 111.139185][ T6202] netlink: 8 bytes leftover after parsing attributes in process `syz.3.78'. [ 111.800822][ T5644] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 113.258037][ T6228] block2mtd: error: cannot open device /sys/module/block2mtd/parameters/block2mtd [ 113.418512][ T6238] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 114.821322][ T6255] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 115.046609][ T6252] FAULT_INJECTION: forcing a failure. [ 115.046609][ T6252] name failslab, interval 1, probability 0, space 0, times 0 [ 115.073655][ T6252] CPU: 0 UID: 0 PID: 6252 Comm: syz.2.91 Not tainted syzkaller #0 PREEMPT(full) [ 115.073698][ T6252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 115.073718][ T6252] Call Trace: [ 115.073726][ T6252] [ 115.073737][ T6252] dump_stack_lvl+0x100/0x190 [ 115.073793][ T6252] should_fail_ex.cold+0x5/0xa [ 115.073831][ T6252] should_failslab+0xc2/0x120 [ 115.073864][ T6252] __kmalloc_node_noprof+0xe6/0x850 [ 115.073910][ T6252] ? alloc_slab_obj_exts+0xae/0x270 [ 115.073958][ T6252] alloc_slab_obj_exts+0xae/0x270 [ 115.074003][ T6252] __memcg_slab_post_alloc_hook+0x3c2/0xff0 [ 115.074052][ T6252] ? kasan_save_track+0x14/0x30 [ 115.074083][ T6252] kmem_cache_alloc_noprof+0x58a/0x6e0 [ 115.074126][ T6252] ? do_epoll_ctl+0xc6c/0x36a0 [ 115.074173][ T6252] do_epoll_ctl+0xc6c/0x36a0 [ 115.074208][ T6252] ? __lock_acquire+0x4a5/0x2630 [ 115.074250][ T6252] ? __pfx_do_epoll_ctl+0x10/0x10 [ 115.074294][ T6252] ? find_held_lock+0x2b/0x80 [ 115.074333][ T6252] ? __might_fault+0xc5/0x140 [ 115.074376][ T6252] ? __might_fault+0xc5/0x140 [ 115.074432][ T6252] ? __x64_sys_epoll_ctl+0x15c/0x1e0 [ 115.074469][ T6252] __x64_sys_epoll_ctl+0x15c/0x1e0 [ 115.074510][ T6252] ? __pfx___x64_sys_epoll_ctl+0x10/0x10 [ 115.074547][ T6252] ? arch_syscall_is_vdso_sigreturn+0xb6/0x200 [ 115.074591][ T6252] ? syscall_user_dispatch+0x76/0x130 [ 115.074628][ T6252] do_syscall_64+0x10b/0xf80 [ 115.074664][ T6252] ? clear_bhb_loop+0x40/0x90 [ 115.074699][ T6252] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.074728][ T6252] RIP: 0033:0x7fde4859cdd9 [ 115.074757][ T6252] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 115.074788][ T6252] RSP: 002b:00007fde493ef028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 115.074815][ T6252] RAX: ffffffffffffffda RBX: 00007fde48815fa0 RCX: 00007fde4859cdd9 [ 115.074835][ T6252] RDX: 0000000000000003 RSI: 0000000000000001 RDI: 0000000000000004 [ 115.074852][ T6252] RBP: 00007fde48632d69 R08: 0000000000000000 R09: 0000000000000000 [ 115.074868][ T6252] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 115.074884][ T6252] R13: 00007fde48816038 R14: 00007fde48815fa0 R15: 00007fff5985e1f8 [ 115.074922][ T6252] [ 116.356468][ T6280] netlink: Failed to add  helper -22 [ 117.350097][ T6287] netlink: 334 bytes leftover after parsing attributes in process `syz.0.97'. [ 117.555010][ T6313] usb usb15: usbfs: interface 0 claimed by hub while 'syz.2.101' sets config #0 [ 119.367431][ T6356] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !PjE ùrõ£Ò„yù*›"¤l-ý¤ôy–ú„ [ 119.749790][ T6362] openvswitch: netlink: IPv4 tunnel dst address is zero [ 120.242991][ T6370] block2mtd: illegal erase size [ 121.272481][ T6384] NFSD: Failed to start, no listeners configured. [ 124.066662][ T6461] usb usb3: usbfs: process 6461 (syz.2.123) did not claim interface 0 before use [ 125.837563][ T30] audit: type=1800 audit(1843104519.649:5): pid=6492 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.126" name="lu_gp_id" dev="configfs" ino=10954 res=0 errno=0 [ 125.845398][ T6492] kstrtoul() returned -22 for lu_gp_id [ 127.079037][ T6534] netlink: 28 bytes leftover after parsing attributes in process `syz.2.133'. [ 127.095824][ T6534] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 127.144922][ T6534] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 127.208859][ T6534] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 127.243694][ T6534] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 130.142695][ T6601] can: request_module (can-proto-4) failed. [ 132.819943][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.827140][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.386740][ T6700] netlink: 338 bytes leftover after parsing attributes in process `syz.1.159'. [ 135.070217][ T6718] can: request_module (can-proto-0) failed. [ 135.975992][ T6738] netlink: 342 bytes leftover after parsing attributes in process `syz.0.168'. [ 136.908237][ T6756] netlink: 4 bytes leftover after parsing attributes in process `syz.2.174'. [ 137.119382][ T6759] block2mtd: illegal erase size [ 138.244966][ T6773] FAULT_INJECTION: forcing a failure. [ 138.244966][ T6773] name failslab, interval 1, probability 0, space 0, times 0 [ 138.275078][ T6773] CPU: 1 UID: 0 PID: 6773 Comm: syz.2.178 Tainted: G L syzkaller #0 PREEMPT(full) [ 138.275117][ T6773] Tainted: [L]=SOFTLOCKUP [ 138.275127][ T6773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 138.275142][ T6773] Call Trace: [ 138.275151][ T6773] [ 138.275160][ T6773] dump_stack_lvl+0x100/0x190 [ 138.275196][ T6773] should_fail_ex.cold+0x5/0xa [ 138.275230][ T6773] should_failslab+0xc2/0x120 [ 138.275271][ T6773] __kmalloc_cache_noprof+0x7a/0x6f0 [ 138.275313][ T6773] ? landlock_merge_ruleset+0x118/0x830 [ 138.275358][ T6773] ? mutex_init_lockdep+0xf1/0x120 [ 138.275392][ T6773] landlock_merge_ruleset+0x118/0x830 [ 138.275440][ T6773] ? prepare_creds+0x5ee/0x950 [ 138.275474][ T6773] __do_sys_landlock_restrict_self+0x2af/0x9e0 [ 138.275517][ T6773] ? rcu_is_watching+0x12/0xc0 [ 138.275556][ T6773] do_syscall_64+0x10b/0xf80 [ 138.275591][ T6773] ? clear_bhb_loop+0x40/0x90 [ 138.275629][ T6773] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 138.275658][ T6773] RIP: 0033:0x7fde4859cdd9 [ 138.275681][ T6773] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 138.275707][ T6773] RSP: 002b:00007fde493ef028 EFLAGS: 00000246 ORIG_RAX: 00000000000001be [ 138.275734][ T6773] RAX: ffffffffffffffda RBX: 00007fde48815fa0 RCX: 00007fde4859cdd9 [ 138.275751][ T6773] RDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000000000005 [ 138.275767][ T6773] RBP: 00007fde48632d69 R08: 0000000000000000 R09: 0000000000000000 [ 138.275783][ T6773] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 138.275799][ T6773] R13: 00007fde48816038 R14: 00007fde48815fa0 R15: 00007fff5985e1f8 [ 138.275835][ T6773] [ 138.960216][ T50] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 139.897123][ T6796] binder: 6782:6796 ioctl c00c620f 200000000080 returned -22 [ 139.915795][ T6791] binder: 6782:6791 ioctl c00c620f 200000000080 returned -22 [ 140.206027][ T6804] futex_wake_op: syz.1.183 tries to shift op by -2048; fix this program [ 140.260800][ T6804] futex_wake_op: syz.1.183 tries to shift op by -2048; fix this program [ 140.322155][ T6804] futex_wake_op: syz.1.183 tries to shift op by -2048; fix this program [ 140.987148][ T50] Bluetooth: hci3: command 0x2016 tx timeout [ 143.062619][ T5644] Bluetooth: hci3: command 0x2016 tx timeout [ 146.308851][ T6947] FAULT_INJECTION: forcing a failure. [ 146.308851][ T6947] name failslab, interval 1, probability 0, space 0, times 0 [ 146.308919][ T6947] CPU: 0 UID: 0 PID: 6947 Comm: syz.1.210 Tainted: G L syzkaller #0 PREEMPT(full) [ 146.308940][ T6947] Tainted: [L]=SOFTLOCKUP [ 146.308945][ T6947] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 146.308954][ T6947] Call Trace: [ 146.308959][ T6947] [ 146.308965][ T6947] dump_stack_lvl+0x100/0x190 [ 146.308985][ T6947] should_fail_ex.cold+0x5/0xa [ 146.309005][ T6947] should_failslab+0xc2/0x120 [ 146.309022][ T6947] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 146.309044][ T6947] ? mas_preallocate+0x1105/0x14a0 [ 146.309070][ T6947] mas_preallocate+0x1105/0x14a0 [ 146.309094][ T6947] ? __pfx_mas_preallocate+0x10/0x10 [ 146.309126][ T6947] vma_link+0x14a/0x8d0 [ 146.309147][ T6947] ? find_held_lock+0x2b/0x80 [ 146.309165][ T6947] ? anon_vma_clone+0x66e/0xcd0 [ 146.309194][ T6947] ? __pfx_vma_link+0x10/0x10 [ 146.309252][ T6947] ? anon_vma_clone+0x675/0xcd0 [ 146.309288][ T6947] copy_vma+0x7e6/0xac0 [ 146.309313][ T6947] ? __pfx_copy_vma+0x10/0x10 [ 146.309334][ T6947] ? __hrtimer_rearm_deferred+0x24d/0x740 [ 146.309353][ T6947] ? __hrtimer_rearm_deferred+0x24d/0x740 [ 146.309377][ T6947] ? __lock_acquire+0x4a5/0x2630 [ 146.309405][ T6947] copy_vma_and_data+0x1cf/0x7c0 [ 146.309429][ T6947] ? __pfx_copy_vma_and_data+0x10/0x10 [ 146.309459][ T6947] ? __vma_start_write+0x17f/0x280 [ 146.309479][ T6947] ? __pfx___vma_start_write+0x10/0x10 [ 146.309504][ T6947] move_vma+0x574/0x1920 [ 146.309529][ T6947] ? __pfx_move_vma+0x10/0x10 [ 146.309553][ T6947] ? mm_get_unmapped_area_vmflags+0xd7/0x130 [ 146.309571][ T6947] ? cap_mmap_addr+0x4b/0x120 [ 146.309592][ T6947] ? bpf_lsm_mmap_addr+0x9/0x30 [ 146.309606][ T6947] ? security_mmap_addr+0x71/0x1e0 [ 146.309622][ T6947] ? __get_unmapped_area+0x255/0x3e0 [ 146.309641][ T6947] ? vrm_set_new_addr+0x204/0x290 [ 146.309665][ T6947] mremap_to+0x234/0x4c0 [ 146.309685][ T6947] ? mas_walk+0x6ef/0x9b0 [ 146.309702][ T6947] ? __pfx_mremap_to+0x10/0x10 [ 146.309723][ T6947] ? check_prep_vma+0x878/0xdf0 [ 146.309748][ T6947] __do_sys_mremap+0xa7a/0x1850 [ 146.309777][ T6947] ? __pfx___do_sys_mremap+0x10/0x10 [ 146.309802][ T6947] ? do_futex+0x192/0x350 [ 146.309818][ T6947] ? __pfx_do_futex+0x10/0x10 [ 146.309839][ T6947] ? __x64_sys_futex+0x34f/0x4d0 [ 146.309862][ T6947] ? rcu_is_watching+0x12/0xc0 [ 146.309882][ T6947] do_syscall_64+0x10b/0xf80 [ 146.309900][ T6947] ? clear_bhb_loop+0x40/0x90 [ 146.309918][ T6947] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 146.309933][ T6947] RIP: 0033:0x7f421099cdd9 [ 146.309946][ T6947] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 146.309960][ T6947] RSP: 002b:00007f421177c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 146.309974][ T6947] RAX: ffffffffffffffda RBX: 00007f4210c15fa0 RCX: 00007f421099cdd9 [ 146.309984][ T6947] RDX: 0000000000000004 RSI: 0000000000000004 RDI: 0000200000000000 [ 146.309993][ T6947] RBP: 00007f4210a32d69 R08: 0000000100000000 R09: 0000000000000000 [ 146.310002][ T6947] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 146.310011][ T6947] R13: 00007f4210c16038 R14: 00007f4210c15fa0 R15: 00007fff4f2373c8 [ 146.310030][ T6947] [ 146.384389][ T6931] netlink: 12 bytes leftover after parsing attributes in process `syz.2.207'. [ 146.384603][ T6931] unsupported nlmsg_type 40 [ 146.384893][ T6931] netlink: 12 bytes leftover after parsing attributes in process `syz.2.207'. [ 146.497461][ T6931] netlink: 12 bytes leftover after parsing attributes in process `syz.2.207'. [ 146.497978][ T6931] netlink: 12 bytes leftover after parsing attributes in process `syz.2.207'. [ 146.498264][ T6931] netlink: 12 bytes leftover after parsing attributes in process `syz.2.207'. [ 146.841620][ T6948] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.354375][ T6959] FAULT_INJECTION: forcing a failure. [ 147.354375][ T6959] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 147.387019][ T6959] CPU: 1 UID: 0 PID: 6959 Comm: syz.3.214 Tainted: G L syzkaller #0 PREEMPT(full) [ 147.387060][ T6959] Tainted: [L]=SOFTLOCKUP [ 147.387071][ T6959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 147.387088][ T6959] Call Trace: [ 147.387098][ T6959] [ 147.387108][ T6959] dump_stack_lvl+0x100/0x190 [ 147.387146][ T6959] should_fail_ex.cold+0x5/0xa [ 147.387178][ T6959] ? prepare_alloc_pages+0x16d/0x5f0 [ 147.387218][ T6959] should_fail_alloc_page+0xeb/0x140 [ 147.387255][ T6959] prepare_alloc_pages+0x1f0/0x5f0 [ 147.387298][ T6959] __alloc_frozen_pages_noprof+0x19a/0x2bc0 [ 147.387353][ T6959] ? __lock_acquire+0x4a5/0x2630 [ 147.387393][ T6959] ? __lock_acquire+0x4a5/0x2630 [ 147.387419][ T6959] ? css_rstat_updated+0x1ce/0x5a0 [ 147.387466][ T6959] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 147.387517][ T6959] ? do_raw_spin_lock+0x128/0x260 [ 147.387551][ T6959] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 147.387588][ T6959] ? find_held_lock+0x2b/0x80 [ 147.387636][ T6959] ? __lock_acquire+0x4a5/0x2630 [ 147.387662][ T6959] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 147.387707][ T6959] ? policy_nodemask+0xed/0x4f0 [ 147.387743][ T6959] alloc_pages_mpol+0x1fb/0x540 [ 147.387778][ T6959] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 147.387812][ T6959] ? __folio_batch_add_and_move+0x5e5/0xc60 [ 147.387840][ T6959] ? __folio_batch_add_and_move+0x5e5/0xc60 [ 147.387875][ T6959] folio_alloc_mpol_noprof+0x36/0x260 [ 147.387916][ T6959] shmem_alloc_folio+0x135/0x160 [ 147.387959][ T6959] shmem_alloc_and_add_folio+0x371/0xd40 [ 147.388014][ T6959] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 147.388064][ T6959] ? shmem_allowable_huge_orders+0x2bd/0x400 [ 147.388119][ T6959] shmem_get_folio_gfp+0x6ab/0x1900 [ 147.388155][ T6959] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 147.388184][ T6959] ? ktime_get_coarse_real_ts64_mg+0x235/0x300 [ 147.388215][ T6959] ? lockdep_hardirqs_on+0x78/0x100 [ 147.388259][ T6959] shmem_fault+0x1f9/0xa20 [ 147.388285][ T6959] ? __lock_acquire+0x4a5/0x2630 [ 147.388313][ T6959] ? __pfx_shmem_fault+0x10/0x10 [ 147.388341][ T6959] ? __up_read+0x2c1/0x6e0 [ 147.388393][ T6959] ? __pfx_filemap_map_pages+0x10/0x10 [ 147.388437][ T6959] __do_fault+0x10b/0x440 [ 147.388465][ T6959] ? find_held_lock+0x2b/0x80 [ 147.388503][ T6959] do_fault+0x2db/0x1750 [ 147.388540][ T6959] __handle_mm_fault+0x187d/0x2a00 [ 147.388584][ T6959] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 147.388622][ T6959] ? __pfx___handle_mm_fault+0x10/0x10 [ 147.388667][ T6959] ? pte_offset_map_lock+0x174/0x320 [ 147.388701][ T6959] ? find_held_lock+0x2b/0x80 [ 147.388749][ T6959] ? follow_page_pte+0x4d0/0x13f0 [ 147.388792][ T6959] handle_mm_fault+0x36d/0xa20 [ 147.388841][ T6959] __get_user_pages+0x1178/0x32a0 [ 147.388886][ T6959] ? down_read_killable+0x307/0x4b0 [ 147.388930][ T6959] ? __pfx___get_user_pages+0x10/0x10 [ 147.388976][ T6959] faultin_page_range+0x1f1/0x9e0 [ 147.389021][ T6959] madvise_do_behavior+0x354/0x510 [ 147.389062][ T6959] ? __pfx_madvise_do_behavior+0x10/0x10 [ 147.389110][ T6959] ? __call_rcu_common.constprop.0+0x3f0/0x9b0 [ 147.389149][ T6959] do_madvise+0x195/0x240 [ 147.389185][ T6959] ? __pfx_do_madvise+0x10/0x10 [ 147.389222][ T6959] ? do_futex+0x192/0x350 [ 147.389259][ T6959] ? blkcg_maybe_throttle_current+0x5e7/0xeb0 [ 147.389318][ T6959] __x64_sys_madvise+0xa9/0x110 [ 147.389362][ T6959] ? lockdep_hardirqs_on+0x78/0x100 [ 147.389399][ T6959] do_syscall_64+0x10b/0xf80 [ 147.389435][ T6959] ? clear_bhb_loop+0x40/0x90 [ 147.389471][ T6959] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 147.389501][ T6959] RIP: 0033:0x7f412719cdd9 [ 147.389524][ T6959] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 147.389550][ T6959] RSP: 002b:00007f4127fab028 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 147.389577][ T6959] RAX: ffffffffffffffda RBX: 00007f4127415fa0 RCX: 00007f412719cdd9 [ 147.389597][ T6959] RDX: 0000000000000017 RSI: ffffffffffff0005 RDI: 0000000000000000 [ 147.389614][ T6959] RBP: 00007f4127232d69 R08: 0000000000000000 R09: 0000000000000000 [ 147.389632][ T6959] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 147.389648][ T6959] R13: 00007f4127416038 R14: 00007f4127415fa0 R15: 00007ffd2a57d4b8 [ 147.389686][ T6959] [ 151.123930][ T6994] bond0: Unable to set down delay as MII monitoring is disabled [ 151.316751][ T7016] random: crng reseeded on system resumption [ 151.862823][ T6997] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 153.560094][ T7082] .^: entered promiscuous mode [ 154.761786][ T7117] __vm_enough_memory: pid: 7117, comm: syz.3.244, bytes: 4398046457856 not enough memory for the allocation [ 154.837353][ T7117] __vm_enough_memory: pid: 7117, comm: syz.3.244, bytes: 4398046457856 not enough memory for the allocation [ 154.936490][ T7117] __vm_enough_memory: pid: 7117, comm: syz.3.244, bytes: 4398046457856 not enough memory for the allocation [ 155.043419][ T7117] __vm_enough_memory: pid: 7117, comm: syz.3.244, bytes: 4398046457856 not enough memory for the allocation [ 155.131346][ T7117] __vm_enough_memory: pid: 7117, comm: syz.3.244, bytes: 4398046457856 not enough memory for the allocation [ 155.165048][ T7117] __vm_enough_memory: pid: 7117, comm: syz.3.244, bytes: 4398046457856 not enough memory for the allocation [ 155.187563][ T7117] __vm_enough_memory: pid: 7117, comm: syz.3.244, bytes: 4398046457856 not enough memory for the allocation [ 155.201132][ T7117] __vm_enough_memory: pid: 7117, comm: syz.3.244, bytes: 4398046457856 not enough memory for the allocation [ 155.273855][ T7117] __vm_enough_memory: pid: 7117, comm: syz.3.244, bytes: 4398046457856 not enough memory for the allocation [ 155.369288][ T7117] __vm_enough_memory: pid: 7117, comm: syz.3.244, bytes: 4398046457856 not enough memory for the allocation [ 155.891808][ T7146] blktrace: Concurrent blktraces are not allowed on nullb0 [ 159.001834][ T7233] ubi31: attaching mtd0 [ 159.090585][ T7233] ubi31: scanning is finished [ 159.098512][ T7233] ubi31 error: ubi_read_volume_table: the layout volume was not found [ 159.535253][ T7233] ubi31 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 162.551554][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 164.847994][ T7342] FAULT_INJECTION: forcing a failure. [ 164.847994][ T7342] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 164.915641][ T7342] CPU: 1 UID: 0 PID: 7342 Comm: syz.1.285 Tainted: G L syzkaller #0 PREEMPT(full) [ 164.915685][ T7342] Tainted: [L]=SOFTLOCKUP [ 164.915695][ T7342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 164.915711][ T7342] Call Trace: [ 164.915719][ T7342] [ 164.915730][ T7342] dump_stack_lvl+0x100/0x190 [ 164.915767][ T7342] should_fail_ex.cold+0x5/0xa [ 164.915798][ T7342] ? prepare_alloc_pages+0x16d/0x5f0 [ 164.915838][ T7342] should_fail_alloc_page+0xeb/0x140 [ 164.915874][ T7342] prepare_alloc_pages+0x1f0/0x5f0 [ 164.915916][ T7342] __alloc_frozen_pages_noprof+0x19a/0x2bc0 [ 164.915973][ T7342] ? __lock_acquire+0x4a5/0x2630 [ 164.916000][ T7342] ? trace_mm_page_alloc+0x163/0x1d0 [ 164.916040][ T7342] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 164.916089][ T7342] ? lock_acquire+0x1b1/0x370 [ 164.916128][ T7342] ? page_table_check_set+0x486/0x920 [ 164.916160][ T7342] ? __tipc_sendmsg+0x3b8/0x1ad0 [ 164.916189][ T7342] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 164.916231][ T7342] ? policy_nodemask+0xed/0x4f0 [ 164.916263][ T7342] alloc_pages_mpol+0x1fb/0x540 [ 164.916296][ T7342] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 164.916326][ T7342] ? filemap_map_pages+0x950/0x2140 [ 164.916373][ T7342] folio_alloc_mpol_noprof+0x36/0x260 [ 164.916422][ T7342] vma_alloc_folio_noprof+0xed/0x1d0 [ 164.916463][ T7342] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 164.916498][ T7342] ? rcu_read_unlock+0x2d/0xb0 [ 164.916539][ T7342] ? rcu_read_unlock+0x2d/0xb0 [ 164.916587][ T7342] do_wp_page+0x1ee1/0x4350 [ 164.916633][ T7342] ? __pfx_do_wp_page+0x10/0x10 [ 164.916670][ T7342] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 164.916711][ T7342] __handle_mm_fault+0x1ab6/0x2a00 [ 164.916759][ T7342] ? reacquire_held_locks+0xce/0x1e0 [ 164.916787][ T7342] ? __pfx___handle_mm_fault+0x10/0x10 [ 164.916833][ T7342] ? lock_vma_under_rcu+0x17c/0x590 [ 164.916894][ T7342] handle_mm_fault+0x36d/0xa20 [ 164.916942][ T7342] do_user_addr_fault+0x5a3/0x12f0 [ 164.916987][ T7342] exc_page_fault+0x6f/0xd0 [ 164.917023][ T7342] asm_exc_page_fault+0x26/0x30 [ 164.917051][ T7342] RIP: 0033:0x7f421095cbc5 [ 164.917075][ T7342] Code: 00 00 00 66 90 8b 57 18 64 8b 04 25 d0 02 00 00 39 c2 0f 84 1d 01 00 00 41 54 55 53 83 7f 30 02 48 89 fb 74 28 b8 08 00 00 00 0f c1 03 83 c0 08 85 c0 0f 88 0c 01 00 00 a8 01 0f 85 84 00 00 [ 164.917100][ T7342] RSP: 002b:00007f420ebd3de0 EFLAGS: 00010293 [ 164.917122][ T7342] RAX: 0000000000000008 RBX: 00007f4211747e20 RCX: 0000000000000000 [ 164.917140][ T7342] RDX: 0000000000000000 RSI: 00007f4210a5002f RDI: 00007f4211747e20 [ 164.917157][ T7342] RBP: ffffffffffffffff R08: 0000000000000000 R09: 0000000000000005 [ 164.917175][ T7342] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4210a4fd47 [ 164.917191][ T7342] R13: ffffffffffffffe8 R14: 0000000000000016 R15: 00007f4210a5002f [ 164.917227][ T7342] [ 165.203942][ T7342] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 165.229270][ T7346] openvswitch: netlink: Message has 4 unknown bytes. [ 165.236401][ T7349] openvswitch: netlink: Message has 4 unknown bytes. [ 166.014533][ T7368] FAULT_INJECTION: forcing a failure. [ 166.014533][ T7368] name failslab, interval 1, probability 0, space 0, times 0 [ 166.015910][ T7368] CPU: 1 UID: 0 PID: 7368 Comm: syz.2.289 Tainted: G L syzkaller #0 PREEMPT(full) [ 166.015948][ T7368] Tainted: [L]=SOFTLOCKUP [ 166.015958][ T7368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 166.015972][ T7368] Call Trace: [ 166.015981][ T7368] [ 166.015992][ T7368] dump_stack_lvl+0x100/0x190 [ 166.016030][ T7368] should_fail_ex.cold+0x5/0xa [ 166.016066][ T7368] ? memcg_list_lru_alloc+0x4ec/0x740 [ 166.016094][ T7368] should_failslab+0xc2/0x120 [ 166.016126][ T7368] __kmalloc_noprof+0xe0/0x850 [ 166.016170][ T7368] ? __lock_acquire+0x4a5/0x2630 [ 166.016203][ T7368] memcg_list_lru_alloc+0x4ec/0x740 [ 166.016241][ T7368] ? __pfx_memcg_list_lru_alloc+0x10/0x10 [ 166.016288][ T7368] __memcg_slab_post_alloc_hook+0x27e/0xff0 [ 166.016337][ T7368] ? kasan_save_track+0x14/0x30 [ 166.016378][ T7368] kmem_cache_alloc_lru_noprof+0x592/0x6e0 [ 166.016423][ T7368] ? hugetlbfs_alloc_inode+0x8c/0x1d0 [ 166.016470][ T7368] hugetlbfs_alloc_inode+0x8c/0x1d0 [ 166.016508][ T7368] ? __pfx_hugetlbfs_alloc_inode+0x10/0x10 [ 166.016548][ T7368] alloc_inode+0x68/0x250 [ 166.016591][ T7368] new_inode+0x22/0x1c0 [ 166.016636][ T7368] hugetlbfs_get_inode+0x39a/0x700 [ 166.016677][ T7368] ? security_capable+0x80/0x260 [ 166.016723][ T7368] hugetlb_file_setup+0x3cc/0x5b0 [ 166.016766][ T7368] newseg+0xaf0/0xed0 [ 166.016804][ T7368] ? __pfx_newseg+0x10/0x10 [ 166.016835][ T7368] ? down_write+0x146/0x1f0 [ 166.016886][ T7368] ipcget+0xee/0xf50 [ 166.016917][ T7368] ? do_futex+0x192/0x350 [ 166.016949][ T7368] ? __pfx_do_futex+0x10/0x10 [ 166.016985][ T7368] ? __pfx_ipcget+0x10/0x10 [ 166.017019][ T7368] ? __x64_sys_futex+0x34f/0x4d0 [ 166.017048][ T7368] ? __x64_sys_futex+0x358/0x4d0 [ 166.017084][ T7368] __x64_sys_shmget+0x13b/0x1b0 [ 166.017118][ T7368] ? __pfx___x64_sys_shmget+0x10/0x10 [ 166.017155][ T7368] ? rcu_is_watching+0x12/0xc0 [ 166.017193][ T7368] do_syscall_64+0x10b/0xf80 [ 166.017227][ T7368] ? clear_bhb_loop+0x40/0x90 [ 166.017262][ T7368] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.017291][ T7368] RIP: 0033:0x7fde4859cdd9 [ 166.017313][ T7368] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 166.017339][ T7368] RSP: 002b:00007fde493ef028 EFLAGS: 00000246 ORIG_RAX: 000000000000001d [ 166.017373][ T7368] RAX: ffffffffffffffda RBX: 00007fde48815fa0 RCX: 00007fde4859cdd9 [ 166.017392][ T7368] RDX: 0000000079e56dc9 RSI: 0000000000000003 RDI: 0000000100000000 [ 166.017410][ T7368] RBP: 00007fde48632d69 R08: 0000000000000000 R09: 0000000000000000 [ 166.017427][ T7368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 166.017443][ T7368] R13: 00007fde48816038 R14: 00007fde48815fa0 R15: 00007fff5985e1f8 [ 166.017482][ T7368] [ 167.103307][ T7382] usb usb37: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 167.142811][ T7382] vhci_hcd vhci_hcd.2: invalid port number 111 [ 167.159368][ T7382] vhci_hcd vhci_hcd.2: invalid port number 111 [ 167.247795][ T7385] NFSD: Failed to start, no listeners configured. [ 169.129566][ T7428] bond0: Unable to set down delay as MII monitoring is disabled [ 169.988492][ T7418] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 171.262915][ T7467] netlink: 12 bytes leftover after parsing attributes in process `syz.3.311'. [ 171.325322][ T7466] HfR: entered promiscuous mode [ 171.402078][ T7467] HfR: left promiscuous mode [ 172.509847][ T7500] futex_wake_op: syz.0.318 tries to shift op by -2048; fix this program [ 175.480646][ T7583] netlink: 'syz.1.332': attribute type 11 has an invalid length. [ 178.151943][ T7644] netlink: 'syz.0.346': attribute type 4 has an invalid length. [ 178.177922][ T7644] netlink: 'syz.0.346': attribute type 1 has an invalid length. [ 178.379631][ T7646] netlink: 'syz.3.347': attribute type 30 has an invalid length. [ 178.718843][ T7650] netlink: 8 bytes leftover after parsing attributes in process `syz.3.348'. [ 182.332208][ T7681] kexec: Could not allocate control_code_buffer [ 182.594055][ T7712] batadv_slave_1: entered promiscuous mode [ 183.000628][ T7712] batadv_slave_1: left promiscuous mode [ 184.283849][ T7744] ptrace attach of "ci-qemu-gce-upstream-auto/syz-executor exec"[5628] was attempted by "ci-qemu-gce-upstream-auto/syz-executor exec"[7744] [ 185.639643][ T7770] FAULT_INJECTION: forcing a failure. [ 185.639643][ T7770] name failslab, interval 1, probability 0, space 0, times 0 [ 185.668088][ T7770] CPU: 1 UID: 0 PID: 7770 Comm: syz.3.371 Tainted: G L syzkaller #0 PREEMPT(full) [ 185.668133][ T7770] Tainted: [L]=SOFTLOCKUP [ 185.668144][ T7770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 185.668169][ T7770] Call Trace: [ 185.668179][ T7770] [ 185.668190][ T7770] dump_stack_lvl+0x100/0x190 [ 185.668226][ T7770] should_fail_ex.cold+0x5/0xa [ 185.668264][ T7770] should_failslab+0xc2/0x120 [ 185.668299][ T7770] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 185.668343][ T7770] ? alloc_inode+0x183/0x250 [ 185.668383][ T7770] ? do_futex+0x192/0x350 [ 185.668429][ T7770] alloc_inode+0x183/0x250 [ 185.668474][ T7770] create_pipe_files+0x4c/0x970 [ 185.668515][ T7770] do_pipe2+0xbd/0x1e0 [ 185.668549][ T7770] ? __pfx_do_pipe2+0x10/0x10 [ 185.668582][ T7770] ? xfd_validate_state+0x129/0x190 [ 185.668622][ T7770] __x64_sys_pipe+0x33/0x50 [ 185.668658][ T7770] do_syscall_64+0x10b/0xf80 [ 185.668697][ T7770] ? clear_bhb_loop+0x40/0x90 [ 185.668731][ T7770] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.668760][ T7770] RIP: 0033:0x7f412719cdd9 [ 185.668784][ T7770] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 185.668810][ T7770] RSP: 002b:00007f4127fab028 EFLAGS: 00000246 ORIG_RAX: 0000000000000016 [ 185.668837][ T7770] RAX: ffffffffffffffda RBX: 00007f4127415fa0 RCX: 00007f412719cdd9 [ 185.668855][ T7770] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 185.668872][ T7770] RBP: 00007f4127232d69 R08: 0000000000000000 R09: 0000000000000000 [ 185.668889][ T7770] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 185.668905][ T7770] R13: 00007f4127416038 R14: 00007f4127415fa0 R15: 00007ffd2a57d4b8 [ 185.668942][ T7770] [ 188.444123][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 189.353520][ T7818] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 189.416520][ T7818] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 189.460309][ T7818] memcg:ffff888029d25301 [ 189.484507][ T7818] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 189.528349][ T7818] page_type: f5(slab) [ 189.545288][ T7818] raw: 00fff00000000040 ffff88801ce93780 dead000000000100 dead000000000122 [ 189.585665][ T7818] raw: 0000000000000000 0000000800150015 00000000f5000000 ffff888029d25301 [ 189.613404][ T7818] head: 00fff00000000040 ffff88801ce93780 dead000000000100 dead000000000122 [ 189.654099][ T7818] head: 0000000000000000 0000000800150015 00000000f5000000 ffff888029d25301 [ 189.738710][ T7816] netlink: 28 bytes leftover after parsing attributes in process `syz.2.380'. [ 189.748039][ T7818] head: 00fff00000000001 ffffffffffffff81 00000000ffffffff 00000000ffffffff [ 189.793525][ T7818] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 189.847658][ T7818] page dumped because: unmovable page [ 189.881704][ T7818] page_owner tracks the page as allocated [ 189.889945][ T7849] netlink: 28 bytes leftover after parsing attributes in process `syz.3.387'. [ 189.908192][ T7849] nbd: must specify at least one socket [ 189.925715][ T7818] page last allocated via order 1, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5006, tgid 5006 (udevadm), ts 32837233091, free_ts 26529372472 [ 190.034929][ T7818] post_alloc_hook+0x153/0x170 [ 190.061543][ T7818] get_page_from_freelist+0x11a6/0x33b0 [ 190.086153][ T7818] __alloc_frozen_pages_noprof+0x27c/0x2bc0 [ 190.116514][ T7818] new_slab+0xa6/0x6c0 [ 190.134133][ T7818] refill_objects+0x277/0x420 [ 190.153571][ T7818] __pcs_replace_empty_main+0x375/0x650 [ 190.177516][ T7818] kmem_cache_alloc_lru_noprof+0x485/0x6e0 [ 190.204389][ T7818] __d_alloc+0x34/0xa40 [ 190.222755][ T7818] d_alloc_parallel+0x111/0x14e0 [ 190.235081][ T7818] __lookup_slow+0x193/0x460 [ 190.263428][ T7818] lookup_slow+0x50/0x70 [ 190.283842][ T7818] path_lookupat+0x5e8/0xc40 [ 190.290607][ T7818] filename_lookup+0x202/0x590 [ 190.295953][ T7818] vfs_statx+0xff/0x3f0 [ 190.300246][ T7818] vfs_fstatat+0x77/0xe0 [ 190.304614][ T7818] __do_sys_newfstatat+0x9d/0x120 [ 190.310527][ T7818] page last free pid 1 tgid 1 stack trace: [ 190.317581][ T7818] __free_frozen_pages+0x747/0x1040 [ 190.323056][ T7818] free_contig_range+0xda/0x140 [ 190.334433][ T7818] destroy_args+0xa8/0x7a0 [ 190.348252][ T7818] debug_vm_pgtable+0x1d69/0x3490 [ 190.371220][ T7818] do_one_initcall+0x121/0x750 [ 190.387535][ T7818] kernel_init_freeable+0x6ea/0x7b0 [ 190.403369][ T7818] kernel_init+0x1f/0x1e0 [ 190.420308][ T7818] ret_from_fork+0x72b/0xd50 [ 190.434591][ T7818] ret_from_fork_asm+0x1a/0x30 [ 190.470131][ T7816] bond0: entered promiscuous mode [ 190.550648][ T7816] bond_slave_0: entered promiscuous mode [ 190.645449][ T7816] bond_slave_1: entered promiscuous mode [ 190.988618][ T7862] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(28.251723806.7388460), cmd(12) [ 192.270234][ T7888] Invalid ELF header magic: != ELF [ 194.301177][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.314166][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.705786][ T50] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 194.713389][ T50] Bluetooth: hci2: Invalid handle: 0x3a4a > 0x0eff [ 194.943374][ T7955] random: crng reseeded on system resumption [ 195.082881][ T7957] [U] cover enable write trace failed, mode=0 (errno 9) [ 197.059250][ T5778] Process accounting resumed [ 197.234347][ T7727] Process accounting resumed [ 198.011894][ T8014] netlink: 'syz.3.422': attribute type 1 has an invalid length. [ 198.032451][ T8013] netlink: 4 bytes leftover after parsing attributes in process `syz.3.422'. [ 198.062990][ T8014] netlink: 'syz.3.422': attribute type 6 has an invalid length. [ 198.976825][ T8038] input input5: cannot allocate more than FF_MAX_EFFECTS effects [ 201.253725][ T8102] FAULT_INJECTION: forcing a failure. [ 201.253725][ T8102] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 201.367342][ T8102] CPU: 0 UID: 0 PID: 8102 Comm: syz.1.438 Tainted: G L syzkaller #0 PREEMPT(full) [ 201.367389][ T8102] Tainted: [L]=SOFTLOCKUP [ 201.367399][ T8102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 201.367415][ T8102] Call Trace: [ 201.367425][ T8102] [ 201.367436][ T8102] dump_stack_lvl+0x100/0x190 [ 201.367475][ T8102] should_fail_ex.cold+0x5/0xa [ 201.367513][ T8102] _copy_from_user+0x2e/0xd0 [ 201.367561][ T8102] tipc_setsockopt+0x8ee/0xe30 [ 201.367610][ T8102] ? __pfx_tipc_setsockopt+0x10/0x10 [ 201.367664][ T8102] ? aa_sock_opt_perm+0xfe/0x1b0 [ 201.367709][ T8102] ? __pfx_tipc_setsockopt+0x10/0x10 [ 201.367756][ T8102] do_sock_setsockopt+0xf3/0x1d0 [ 201.367798][ T8102] __sys_setsockopt+0x119/0x190 [ 201.367833][ T8102] __x64_sys_setsockopt+0xbd/0x160 [ 201.367860][ T8102] ? do_syscall_64+0x90/0xf80 [ 201.367896][ T8102] ? lockdep_hardirqs_on+0x78/0x100 [ 201.367932][ T8102] do_syscall_64+0x10b/0xf80 [ 201.367967][ T8102] ? clear_bhb_loop+0x40/0x90 [ 201.368001][ T8102] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 201.368030][ T8102] RIP: 0033:0x7f421099cdd9 [ 201.368053][ T8102] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 201.368087][ T8102] RSP: 002b:00007f420ebd5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 201.368115][ T8102] RAX: ffffffffffffffda RBX: 00007f4210c16180 RCX: 00007f421099cdd9 [ 201.368134][ T8102] RDX: 0000000000000087 RSI: 000000000000010f RDI: 0000000000000007 [ 201.368151][ T8102] RBP: 00007f4210a32d69 R08: 0000000000000014 R09: 0000000000000000 [ 201.368168][ T8102] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 201.368185][ T8102] R13: 00007f4210c16218 R14: 00007f4210c16180 R15: 00007fff4f2373c8 [ 201.368222][ T8102] [ 201.782408][ T50] Bluetooth: hci1: command 0x0406 tx timeout [ 201.789128][ T50] Bluetooth: hci3: command 0x2016 tx timeout [ 201.795172][ T50] Bluetooth: hci2: command 0x0406 tx timeout [ 201.800823][ T5645] Bluetooth: hci0: command 0x0406 tx timeout [ 203.495017][ T8124] netlink: 4 bytes leftover after parsing attributes in process `syz.3.446'. [ 203.535058][ T8128] smpboot: CPU 1 is now offline [ 203.766637][ T8133] random: crng reseeded on system resumption [ 204.540097][ T8145] netlink: 232 bytes leftover after parsing attributes in process `syz.0.451'. [ 205.597886][ T8169] netlink: 'syz.2.454': attribute type 14 has an invalid length. [ 205.760392][ T8169] netlink: 330 bytes leftover after parsing attributes in process `syz.2.454'. [ 207.130909][ T8167] FAULT_INJECTION: forcing a failure. [ 207.130909][ T8167] name failslab, interval 1, probability 0, space 0, times 0 [ 207.365042][ T8167] CPU: 0 UID: 0 PID: 8167 Comm: syz.2.454 Tainted: G L syzkaller #0 PREEMPT(full) [ 207.365068][ T8167] Tainted: [L]=SOFTLOCKUP [ 207.365073][ T8167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 207.365083][ T8167] Call Trace: [ 207.365088][ T8167] [ 207.365094][ T8167] dump_stack_lvl+0x100/0x190 [ 207.365116][ T8167] should_fail_ex.cold+0x5/0xa [ 207.365136][ T8167] should_failslab+0xc2/0x120 [ 207.365153][ T8167] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 207.365176][ T8167] ? vm_area_dup+0x27/0x8e0 [ 207.365201][ T8167] vm_area_dup+0x27/0x8e0 [ 207.365223][ T8167] __split_vma+0x18c/0xd90 [ 207.365247][ T8167] ? __pfx___split_vma+0x10/0x10 [ 207.365279][ T8167] ? __pfx_mas_prev+0x10/0x10 [ 207.365300][ T8167] ? kernel_text_address+0x8d/0x100 [ 207.365320][ T8167] vms_gather_munmap_vmas+0x3a5/0x1720 [ 207.365346][ T8167] ? __pfx_vms_gather_munmap_vmas+0x10/0x10 [ 207.365375][ T8167] ? mas_walk+0x6ef/0x9b0 [ 207.365398][ T8167] __mmap_region+0x4aa/0x2da0 [ 207.365423][ T8167] ? __pfx___mmap_region+0x10/0x10 [ 207.365447][ T8167] ? __lock_acquire+0x4a5/0x2630 [ 207.365461][ T8167] ? find_held_lock+0x2b/0x80 [ 207.365479][ T8167] ? process_measurement+0x4c8/0x2350 [ 207.365500][ T8167] ? process_measurement+0x4c8/0x2350 [ 207.365524][ T8167] ? do_raw_spin_lock+0x128/0x260 [ 207.365544][ T8167] ? __lock_acquire+0x4a5/0x2630 [ 207.365558][ T8167] ? do_raw_spin_unlock+0x145/0x1e0 [ 207.365585][ T8167] ? find_held_lock+0x2b/0x80 [ 207.365604][ T8167] ? rcu_is_watching+0x12/0xc0 [ 207.365621][ T8167] ? trace_hrtimer_start+0x79/0x230 [ 207.365639][ T8167] ? hrtimer_start_range_ns+0x860/0x1a50 [ 207.365657][ T8167] ? find_held_lock+0x2b/0x80 [ 207.365675][ T8167] ? finish_task_switch.isra.0+0x2c6/0x1010 [ 207.365696][ T8167] ? mark_held_locks+0x40/0x70 [ 207.365709][ T8167] ? finish_task_switch.isra.0+0x2cb/0x1010 [ 207.365752][ T8167] ? rcu_is_watching+0x12/0xc0 [ 207.365773][ T8167] mmap_region+0x35d/0x620 [ 207.365787][ T8167] ? rcu_is_watching+0x12/0xc0 [ 207.365804][ T8167] ? __pfx_mmap_region+0x10/0x10 [ 207.365819][ T8167] ? cap_mmap_addr+0x4b/0x120 [ 207.365839][ T8167] ? bpf_lsm_mmap_addr+0x9/0x30 [ 207.365853][ T8167] ? security_mmap_addr+0x71/0x1e0 [ 207.365869][ T8167] ? __get_unmapped_area+0x255/0x3e0 [ 207.365889][ T8167] do_mmap+0xc63/0x12f0 [ 207.365910][ T8167] ? __pfx_do_mmap+0x10/0x10 [ 207.365927][ T8167] ? __pfx_down_write_killable+0x10/0x10 [ 207.365952][ T8167] vm_mmap_pgoff+0x29e/0x470 [ 207.365974][ T8167] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 207.365996][ T8167] ? do_futex+0x192/0x350 [ 207.366012][ T8167] ? __pfx_do_futex+0x10/0x10 [ 207.366031][ T8167] ksys_mmap_pgoff+0xe4/0x610 [ 207.366049][ T8167] ? __x64_sys_futex+0x358/0x4d0 [ 207.366066][ T8167] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 207.366083][ T8167] ? xfd_validate_state+0x129/0x190 [ 207.366102][ T8167] __x64_sys_mmap+0x125/0x190 [ 207.366121][ T8167] do_syscall_64+0x10b/0xf80 [ 207.366138][ T8167] ? clear_bhb_loop+0x40/0x90 [ 207.366156][ T8167] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 207.366171][ T8167] RIP: 0033:0x7fde4859cdd9 [ 207.366185][ T8167] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 207.366198][ T8167] RSP: 002b:00007fde493ef028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 207.366213][ T8167] RAX: ffffffffffffffda RBX: 00007fde48815fa0 RCX: 00007fde4859cdd9 [ 207.366223][ T8167] RDX: 00000000000000df RSI: 0000000000020009 RDI: 0000000000000000 [ 207.366232][ T8167] RBP: 00007fde48632d69 R08: 00040000000000a5 R09: 0000000000008000 [ 207.366242][ T8167] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 207.366250][ T8167] R13: 00007fde48816038 R14: 00007fde48815fa0 R15: 00007fff5985e1f8 [ 207.366276][ T8167] [ 208.180311][ T8216] Console: switching to colour VGA+ 80x25 [ 208.263731][ T8216] ================================================================== [ 208.263743][ T8216] BUG: KASAN: slab-out-of-bounds in fbcon_prepare_logo+0x94e/0xc60 [ 208.263766][ T8216] Read of size 26 at addr ffff8880203bdfaa by task syz.0.462/8216 [ 208.263778][ T8216] [ 208.263788][ T8216] CPU: 0 UID: 0 PID: 8216 Comm: syz.0.462 Tainted: G L syzkaller #0 PREEMPT(full) [ 208.263809][ T8216] Tainted: [L]=SOFTLOCKUP [ 208.263815][ T8216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 208.263823][ T8216] Call Trace: [ 208.263828][ T8216] [ 208.263834][ T8216] dump_stack_lvl+0x100/0x190 [ 208.263850][ T8216] print_report+0x13d/0x4b0 [ 208.263871][ T8216] ? __virt_addr_valid+0x239/0x430 [ 208.263895][ T8216] ? fbcon_prepare_logo+0x94e/0xc60 [ 208.263911][ T8216] kasan_report+0xdf/0x1d0 [ 208.263931][ T8216] ? fbcon_prepare_logo+0x94e/0xc60 [ 208.263948][ T8216] kasan_check_range+0x10f/0x1e0 [ 208.263967][ T8216] __asan_memcpy+0x23/0x60 [ 208.263987][ T8216] fbcon_prepare_logo+0x94e/0xc60 [ 208.264006][ T8216] fbcon_init+0x1065/0x1830 [ 208.264024][ T8216] visual_init+0x320/0x620 [ 208.264041][ T8216] do_bind_con_driver.isra.0+0x636/0x9c0 [ 208.264063][ T8216] store_bind+0x609/0x730 [ 208.264084][ T8216] ? __pfx_store_bind+0x10/0x10 [ 208.264102][ T8216] dev_attr_store+0x58/0x80 [ 208.264119][ T8216] ? __pfx_dev_attr_store+0x10/0x10 [ 208.264136][ T8216] sysfs_kf_write+0xf2/0x150 [ 208.264159][ T8216] kernfs_fop_write_iter+0x3e0/0x5f0 [ 208.264188][ T8216] ? __pfx_sysfs_kf_write+0x10/0x10 [ 208.264211][ T8216] vfs_write+0x6ac/0x1070 [ 208.264228][ T8216] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 208.264249][ T8216] ? __pfx_vfs_write+0x10/0x10 [ 208.264270][ T8216] ksys_write+0x12a/0x250 [ 208.264286][ T8216] ? __pfx_ksys_write+0x10/0x10 [ 208.264302][ T8216] ? rcu_is_watching+0x12/0xc0 [ 208.264320][ T8216] do_syscall_64+0x10b/0xf80 [ 208.264338][ T8216] ? clear_bhb_loop+0x40/0x90 [ 208.264355][ T8216] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 208.264370][ T8216] RIP: 0033:0x7fa9b0f9cdd9 [ 208.264382][ T8216] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 208.264396][ T8216] RSP: 002b:00007fa9b1dc4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 208.264411][ T8216] RAX: ffffffffffffffda RBX: 00007fa9b1216090 RCX: 00007fa9b0f9cdd9 [ 208.264421][ T8216] RDX: 000000000008083a RSI: 00002000000000c0 RDI: 0000000000000002 [ 208.264430][ T8216] RBP: 00007fa9b1032d69 R08: 0000000000000000 R09: 0000000000000000 [ 208.264439][ T8216] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 208.264447][ T8216] R13: 00007fa9b1216128 R14: 00007fa9b1216090 R15: 00007ffe65059698 [ 208.264461][ T8216] [ 208.264467][ T8216] [ 208.264470][ T8216] Allocated by task 8216: [ 208.264478][ T8216] kasan_save_stack+0x30/0x50 [ 208.264492][ T8216] kasan_save_track+0x14/0x30 [ 208.264504][ T8216] __kasan_kmalloc+0xaa/0xb0 [ 208.264516][ T8216] __kmalloc_noprof+0x301/0x850 [ 208.264537][ T8216] vc_do_resize+0x1dd/0xeb0 [ 208.264553][ T8216] fbcon_init+0x1041/0x1830 [ 208.264567][ T8216] visual_init+0x320/0x620 [ 208.264582][ T8216] do_bind_con_driver.isra.0+0x636/0x9c0 [ 208.264600][ T8216] store_bind+0x609/0x730 [ 208.264617][ T8216] dev_attr_store+0x58/0x80 [ 208.264632][ T8216] sysfs_kf_write+0xf2/0x150 [ 208.264652][ T8216] kernfs_fop_write_iter+0x3e0/0x5f0 [ 208.264671][ T8216] vfs_write+0x6ac/0x1070 [ 208.264685][ T8216] ksys_write+0x12a/0x250 [ 208.264699][ T8216] do_syscall_64+0x10b/0xf80 [ 208.264715][ T8216] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 208.264729][ T8216] [ 208.264732][ T8216] The buggy address belongs to the object at ffff8880203bdf00 [ 208.264732][ T8216] which belongs to the cache kmalloc-192 of size 192 [ 208.264744][ T8216] The buggy address is located 14 bytes to the right of [ 208.264744][ T8216] allocated 156-byte region [ffff8880203bdf00, ffff8880203bdf9c) [ 208.264758][ T8216] [ 208.264767][ T8216] The buggy address belongs to the physical page: [ 208.264773][ T8216] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x203bd [ 208.264788][ T8216] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 208.264800][ T8216] page_type: f5(slab) [ 208.264813][ T8216] raw: 00fff00000000000 ffff88813fe2e3c0 dead000000000100 dead000000000122 [ 208.264826][ T8216] raw: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000 [ 208.264835][ T8216] page dumped because: kasan: bad access detected [ 208.264842][ T8216] page_owner tracks the page as allocated [ 208.264847][ T8216] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd2cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 22109632885, free_ts 0 [ 208.264871][ T8216] post_alloc_hook+0x153/0x170 [ 208.264890][ T8216] get_page_from_freelist+0x11a6/0x33b0 [ 208.264911][ T8216] __alloc_frozen_pages_noprof+0x27c/0x2bc0 [ 208.264933][ T8216] new_slab+0xa6/0x6c0 [ 208.264951][ T8216] refill_objects+0x277/0x420 [ 208.264970][ T8216] __pcs_replace_empty_main+0x375/0x650 [ 208.264991][ T8216] __kmalloc_cache_noprof+0x493/0x6f0 [ 208.265010][ T8216] call_usermodehelper_setup+0xaf/0x360 [ 208.265025][ T8216] kobject_uevent_env+0x17c1/0x18b0 [ 208.265038][ T8216] workqueue_sysfs_register+0x295/0x390 [ 208.265056][ T8216] __alloc_workqueue+0xd04/0x19f0 [ 208.265075][ T8216] alloc_workqueue_noprof+0xd2/0x200 [ 208.265093][ T8216] nf_flow_table_offload_init+0x41/0xb0 [ 208.265110][ T8216] nf_flow_table_module_init+0x86/0xe0 [ 208.265127][ T8216] do_one_initcall+0x121/0x750 [ 208.265144][ T8216] kernel_init_freeable+0x6ea/0x7b0 [ 208.265159][ T8216] page_owner free stack trace missing [ 208.265164][ T8216] [ 208.265167][ T8216] Memory state around the buggy address: [ 208.265181][ T8216] ffff8880203bde80: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc [ 208.265192][ T8216] ffff8880203bdf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 208.265202][ T8216] >ffff8880203bdf80: 00 00 00 04 fc fc fc fc fc fc fc fc fc fc fc fc [ 208.265210][ T8216] ^ [ 208.265218][ T8216] ffff8880203be000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 208.265228][ T8216] ffff8880203be080: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 208.265236][ T8216] ================================================================== [ 208.265434][ T8216] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 208.265447][ T8216] CPU: 0 UID: 0 PID: 8216 Comm: syz.0.462 Tainted: G L syzkaller #0 PREEMPT(full) [ 208.265469][ T8216] Tainted: [L]=SOFTLOCKUP [ 208.265475][ T8216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 208.265483][ T8216] Call Trace: [ 208.265489][ T8216] [ 208.265495][ T8216] dump_stack_lvl+0x100/0x190 [ 208.265511][ T8216] vpanic+0x552/0x970 [ 208.265525][ T8216] ? __pfx_vpanic+0x10/0x10 [ 208.265542][ T8216] ? fbcon_prepare_logo+0x94e/0xc60 [ 208.265557][ T8216] panic+0xd1/0xe0 [ 208.265570][ T8216] ? __pfx_panic+0x10/0x10 [ 208.265584][ T8216] ? fbcon_prepare_logo+0x94e/0xc60 [ 208.265599][ T8216] ? preempt_schedule_common+0x42/0xc0 [ 208.265620][ T8216] check_panic_on_warn.cold+0x19/0x34 [ 208.265635][ T8216] end_report.part.0+0x3a/0x90 [ 208.265656][ T8216] kasan_report.cold+0xe/0x18 [ 208.265676][ T8216] ? fbcon_prepare_logo+0x94e/0xc60 [ 208.265694][ T8216] kasan_check_range+0x10f/0x1e0 [ 208.265713][ T8216] __asan_memcpy+0x23/0x60 [ 208.265733][ T8216] fbcon_prepare_logo+0x94e/0xc60 [ 208.265752][ T8216] fbcon_init+0x1065/0x1830 [ 208.265769][ T8216] visual_init+0x320/0x620 [ 208.265787][ T8216] do_bind_con_driver.isra.0+0x636/0x9c0 [ 208.265809][ T8216] store_bind+0x609/0x730 [ 208.265829][ T8216] ? __pfx_store_bind+0x10/0x10 [ 208.265848][ T8216] dev_attr_store+0x58/0x80 [ 208.265865][ T8216] ? __pfx_dev_attr_store+0x10/0x10 [ 208.265881][ T8216] sysfs_kf_write+0xf2/0x150 [ 208.265904][ T8216] kernfs_fop_write_iter+0x3e0/0x5f0 [ 208.265923][ T8216] ? __pfx_sysfs_kf_write+0x10/0x10 [ 208.265946][ T8216] vfs_write+0x6ac/0x1070 [ 208.265962][ T8216] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 208.265983][ T8216] ? __pfx_vfs_write+0x10/0x10 [ 208.266004][ T8216] ksys_write+0x12a/0x250 [ 208.266019][ T8216] ? __pfx_ksys_write+0x10/0x10 [ 208.266036][ T8216] ? rcu_is_watching+0x12/0xc0 [ 208.266054][ T8216] do_syscall_64+0x10b/0xf80 [ 208.266072][ T8216] ? clear_bhb_loop+0x40/0x90 [ 208.266088][ T8216] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 208.266103][ T8216] RIP: 0033:0x7fa9b0f9cdd9 [ 208.266114][ T8216] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 208.266128][ T8216] RSP: 002b:00007fa9b1dc4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 208.266143][ T8216] RAX: ffffffffffffffda RBX: 00007fa9b1216090 RCX: 00007fa9b0f9cdd9 [ 208.266153][ T8216] RDX: 000000000008083a RSI: 00002000000000c0 RDI: 0000000000000002 [ 208.266162][ T8216] RBP: 00007fa9b1032d69 R08: 0000000000000000 R09: 0000000000000000 [ 208.266177][ T8216] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 208.266187][ T8216] R13: 00007fa9b1216128 R14: 00007fa9b1216090 R15: 00007ffe65059698 [ 208.266201][ T8216] [ 208.266260][ T8216] Kernel Offset: disabled