last executing test programs: 8.013091259s ago: executing program 1 (id=50): mmap$auto(0x0, 0x20008, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x10, 0x2, 0x0) openat2$dir(0xffffffffffffff9c, 0x0, 0x0, 0xffffffeb) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x1c1080, 0x0) socket(0x10, 0x80002, 0x0) bind$auto(0x3, &(0x7f0000000000)=@generic={0x10, "a500acb75c9cedd1b5e9a0d76293"}, 0x68) statmount$auto(0x0, &(0x7f0000000180)={0xc, 0x7, 0xa, 0x3, 0x10, 0x5, 0x0, 0x3, 0x6, 0x10000000000002, 0x6c8, 0x5, 0x20000000003, 0x5, 0xb4, 0x7, 0x10000002, 0x3, 0x5, 0x7, 0x1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, [0xffffffffffffffff, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x8000, 0x5f23, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x1fe, 0x40081) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8802) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40080c1) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0xc20f0000, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x8) 7.673462218s ago: executing program 1 (id=51): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x100000000000001c, 0x7, 0x63, 0x0, 0x0, 0x0, 0x1002, 0x4, 0x80000008040000a, 0x40000402, 0x7, 0x8, 0xffffffff80000000, 0xffffffffffffffff, 0x6, 0x240000100103}) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001d80)='/sys/devices/virtual/sound/ctl-led/speaker/card0/attach\x00', 0x1, 0x0) mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000800)='/sys/devices/virtual/bdi/43:384/max_bytes\x00', 0x181482, 0x0) read$auto(r1, 0x0, 0x2) write$auto(0x3, 0x0, 0xfdef) close_range$auto(0x2, 0x8, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000200), 0x189400, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cgroup.threads\x00', 0x80302, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r3) ioctl$auto_KVM_CREATE_VM(r2, 0xae80, 0x0) ioctl$auto(0x3, 0xae41, r0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) r4 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000040)='/dev/usbmon20\x00', 0x60501, 0x0) ioctl$auto_MON_IOCG_STATS(r4, 0x80089203, 0x0) r5 = openat$auto_urandom_fops_random(0xffffffffffffff9c, &(0x7f0000000080), 0x20082, 0x0) writev$auto(r5, 0x0, 0x3) mknod$auto(&(0x7f0000000180)=':,\x00', 0xcb, 0xfffffffa) execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000300)='/proc/sys/net/ipv6/conf/default/stable_secret\x00', 0x40d02, 0x0) 7.320817686s ago: executing program 2 (id=52): mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0xffffffffffffffff, 0x8000) (async) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/devices/virtual/block/loop6/trace/pid\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) (async) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async) capget$auto(&(0x7f00000000c0)={0x6, 0x0}, &(0x7f0000000100)={0x5, 0x6, 0x7}) sendmsg$auto_NL80211_CMD_UNEXPECTED_FRAME(0xffffffffffffffff, &(0x7f0000001540)={&(0x7f0000000000), 0xc, &(0x7f0000001500)={&(0x7f0000000340)={0x11a0, r1, 0x4, 0x70bd25, 0x25dfdbff, {}, [@NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}, @NL80211_ATTR_KEY_DEFAULT={0x4}, @NL80211_ATTR_CQM={0x1170, 0x5e, 0x0, 0x1, [@nested={0x15b, 0xa1, 0x0, 0x1, [@typed={0x8, 0xaa, 0x0, 0x0, @pid=r2}, @nested={0x4, 0x10e}, @generic="2f0065dfb861eeb9d675652dd49505cdc8600c6df1c09105fc941f83a1a38ca723046948e79749", @typed={0x14, 0x13b, 0x0, 0x0, @ipv6=@local}, @typed={0x14, 0xeb, 0x0, 0x0, @ipv6=@dev={0xfe, 0x80, '\x00', 0x21}}, @nested={0x4}, @nested={0x4, 0x10e}, @generic="333f5b695fb74b9bc4022e817a9d70b3f220bf5a5ac5edae0b535e09a4d693ba148492ffb167e24f89e0bca598735170959cbfb6395e992b8bc7c2d604aaae0040e6be8ab0c59c56124b5fb216465981d5234412437fe1aa700867e0b5a1507ce7ad4799c5b1ada5b6fb107c18045d1e11612d93e6a68032ce02b5f76108460a72126cc78d737b67ceb3d493c8a0fe2f442efceb1d59ef6c12954debe81bf930a98483b8780aa3fa84959d9225328cad512a7a0fac3b8ecb68c0e22a88dd25b6e6c47b8b5648e5c0fceb176cc65f1ff2e13317810f0043a75f17050c8d7fe27233dcc98c227c320d18971c806dd34ada", @nested={0x4, 0x15b}]}, @nested={0x1008, 0xff, 0x0, 0x1, [@typed={0x1004, 0x1, 0x0, 0x0, @binary="a57405ac6d20f0dcf22a05f19f67b82d234433643b73f3a2b98b4144de7cb1945c4036c2e21c1f736d0d26342da868a5f13bb7eca112d9ab5da0461b1b67d1c79fc88a24a1e9c97534c6756b9e09b18a1f78df11074e8b60dd2cf01009866a6e1a2c9ee9e1c722c84ad35be45f2a25ebe5cb589ea688cf8f9e0bb808ef04bc636617130e0de0b5761bfa3513f5b1aa4f9efbe57060564fbf6abd4029340f452148c485f92fc07231f4331827bba628fa06c0b46bb89633ead3aeb1424917b61b11785283df869b3c401794c49406d08ac415cf4f4d1091976fa31a8e7d2b616d20b1868df0bb23e111c67a85d657e33977afead495684145f4df637d574739bc185466f34f7ead37fdc6b403208cb09c07421cc8feecd89757256f560ae6ab8e5ccf42de61049458d53225483a67a2ddf943b2229cb4879c87fa9f7b73697e829b7228082eb1c167554703268c2078c2fadf24f4845834643937f4f7e53c79657d3f37396bcd3c396c308bf9b5e01925829fbe9e9a48a971522b90017cd37b9580818b0fd80521fb1b66cd8e0c99b2bda44dd69ebed27c0c896659e8293c0b2b24c23ff7b3e038f92f722421dfd65fc208f60b1ebfe16d17e8ef43943fc003460b68ee48525e1665b9d663a9a4525ec18d23e41a105301020af4ec278d3405ffcff211bb6da6fffea904f0067798249217a5353f05fb5e1e66a7630caa08e3908aa12af980d0f70caeb4c18e06356df0a2dcd0f24998636d33e8dd20ca7faba27e3a599dd7fe2f80f66f2a7be489c81ec13898ce00dd37a1716c4ea5b60eb17d32c90a5103d53b7540744cea200fff3245021a83b1fc66a08310d2b57e30131e36008b91147535278f3f28935e9d6a9da9b1a472ad5e70f5c5ae75697667747666b961a0bbbabb167f785fbda9e5786cd1386e2d21b1b07f9c6182e9f6de6152852f7177878848b1d2fed1f8f1dbc72aa403d347463f4015261f832ea74a457aeea7dfede6e1a9b8eb43d3a3be64abe912640694d122eeb57071de52ad60b5c4d8a131f1fac6c91dfd4007e1d93883a4fab4627212bd6669bbea2e2515bcb96d569d9e65ff772d53517ece1fb2d302ea513f0de290b4bbcaba5ff60ba5bd507e69f55faf78e5d4a485c7ad71279a0a6fb74d8aa7ae68969f2311fda8a745f7e8d047c6898a24bf4867ebf124fc9a47292d1c9ea0b9451a3054a4f2a3325acc1786acf56a025e3363663713f2422ecc1b6052c8897eed0c8c4cfe963379092cc66cec8f057741b74528eaf7b0d019446eb918dcfe55435743101ef4d227276714dffa409ddee31906c69f880e0a6ea05c31a923f6cfbced82e9c6f5b7356b40446adb3d3f158278ad46b219390ec16fc819ad467a368f53fbe37b4450763afa2c6b9d73df99f21e0a1c3e00eaec601d5a11ae3ff0c477d253835628301de464a8673aac16524ab696dce00b0efb757fc26362bc5d466d8e154294120ee0b61a0e523f885f41a71974a11d089a5d047edea14e0f70037ae8df9871ef3ba62c9ad961c908f74dad6740a314177441ccd80f8d0587cc84e84225f0cbf79c2de02bd2ca58161e70b051c8e41632f9d8a04b6ef4579e3f0265cc664b4458de71edd04b55baf09f88ad6d03fb777a7abc4128edff04ba90e2afe329b17690aebe82977637c469e0d390b898b85d0914e22659ac16f97df19944839c169955063e1e8cd65cbc3b376c04e47cc1115954559f08eaf60f4eeb9e85783e5bbb1b90a08337d5817a4e0135f1a5d2744339ee35eea7cc65d9ca95914a72ba6c9e27f6c94eb3a3898325c6790d28a451554f1a0ce50f08ac3b82f255935fddb65f0fb35840ef6e69424fa23ff02679591538d1738b9f2c7359d45982305d8ae67f70b6fb13c8577fd3400936cc97e5209f52c8732ad1958ec43b1ab4b417232ad23a2c31fb392eac2c6a8644b23c93a4bfebaa702fca7d12d73ba6d32b7b0b28db21d8b6291eb46454061724d60a512df8b680787c5d8898e0619e081e4c9114f91f21c0b42af835c68e44b4a1f84a14a39a8d4806abc492d5642325eec00d3caa003b6eae3de0590b637f50cca8e9d42a8b97340b39ed282545b9257991317b5745d25e816675d68514c62d56cba029526ceba9e4f1f0ed5e78a3458c35b6f1681560159d0286c6a576a978aa50395af4ac326469abe44dad7af583668f116a470c84854c297ae4ea7a9875ce40a58fcf981e74c808081bafbd863192eb0af59e65ae0c6db80acae6386d4ca03b79c9e66a5d17186eda06bec40480081f1a3c48d070add8d238d03ada8e646b4af30336e135a2b0bd9d91688ab0f4d2c77e28b6cdcb608a3e1cbc9a377c4eec9f1c2931757fdc3507c00273c409910db6a2c21d335cad1355bf51a1d7af4c705ef0a62b6d61ed98c3b8fdbc92132df6c7e8160c40c76d73d9761da9f4d4d476b7a5246fa3d9dbb91c3237f74a65e51c33f32d2c08fd8505568ea719c5cd67927c8ca8f5d20214866e66799015f775107f7d17b9002a6e405a29b5573e4c34fe24ed13fa7df7876f4a1980449710eefb4667d2b0fbeb50f13f07a189e5e6f968e35123c39c61248e361f8932d5181eee0c9c61ab5f39a1ac9e8a836ab1f277d765604d2e8c9b9db33a1de4957cc9b8bf5ba718f1dc33abcabcf85d2c853d12a9ac71708b62dc55bde07f73522d3021c449005213e93a76911e27e0e10ac9a01b4c219360884056ffb6b17690f4b9adab77869c9ae87192a58d8694427dfbd628f3d64215e5a7877ea8e4838dbc8c63639389c3e0589f5c27c770e46743d6c5698a6ba701b6b0f737f0eb4e5850c8ff5082e08045475a03fa6e81863e0f6f3cef6e61ece4ad8179e28def6f08b8cdecb3239085c81792b63f7ea32c08d5ca996e5a9320b14649311a05edff197b633bf50b61981436eca5c550a324e3c4e8dc96e51b915e472ff689df682ce7430a5f8b995fa96896fae28a030ca59ef9026fe98e36efcd96091d939d8ce8fc0ef77ead8e56c9638fa238a03901c35a3ff47408f8b69cc423419c56ae0aa5d82109a4a1bb17b97c10e8297f38c569eeeba2fe6269d9d0eb315e027f9a3ad79d673c5b8c2542bff90f95ae0f0a8198aefe415ae825406c07f7ff89007f93455847fe03f6432f1e1286937f5ab7781f5e1b21f8ad5797c0a416fa4f19c458d86f1837a98de7b22275cc163a3654ad8685d59eb49f6dac11f6c524900abb70f44b48a07cf292317e20405a94cfa1df9047b8043e4ba4cabbf32a042a7af87c5fbf1b03c1605771a06179b4bd0a902296f4ed50daf29b2fd03cee12a6c2f7889b6f49a904108a13489a5ccd344d188681f2b4aa9cdc1742547b6aab8050f07d9dbb956f13ee66a6eff0f8054978bc52e4274843f5a39ba250465a161182b9b9455b6a2df0ba6fcb6697b07333dc5e50938abf1b7187f2dedb55de34765f9fc2f83e0709900bfeca843024d20ba1091da4898fdf13c0ed73704b95ac48e82dee161478b601b58f3d31493aa3ca46f9ddc0ca9659a8b068b3bb81efdc5160d92acb4c8e3ce541aeaaaaa9de8c8c6e41a43ae338b953f6ae7b13abb52316f1e8ca3e7b3f824a2c250a46fa6758c91d914fb372461fc86fc8d44664c8c7d83db4256d4cd31b68d1d467aa1492862bf1eadce4a296e06c4bccff72561171ebaef6de7ae6bceda15cd21b751896f10c14437dc6aade8699737177f7f51bd6afc23c878f39bfa15ec06c9d0a6c0d21ebfff41d8572852edd6e8287583639291f4f66bc6b5f8a8338000533b6873200db6226de9d094347c4d5d6012aaec6a6fc12448b37d6941fa60ae69b477150c1bf796b4560f14176f21f41ed981b394266a82df219b3800e8da117b6d6ffedcd4c82e9f1495509ecbff96b2c02548bd7fa79509eb5e1d33afb63c72130cb69185c89254219b6ee8d9f4e1b7e95db08e10b26a91841a120944578386d7522406332217280793dbd9a6b6f6c92113df9f15948b1d6a8fb7149150c9fe7e7cdf747228fb5d383896dccc9bf68940cc00fe2a0f04ac34cfcda406e54feef743e6d4ca8405b7c644f85708d0e08e4123a3c26fcc78538c80f4a5b782ca4ef97384fb0a651a2ccce473efeec028b28913570389be37b53dda075478f34df22e8d2ebf634b071fcb059b06476d330d56fa599d8c3d2eac14de7b348574fe91e9b867bfbf31599c67dec8131fbbe4c3b17b21dd111b0f60900f661546459c531dd902083ba22fb111962f675b1284367fd3116ff50063c2e4cb483faa72fc5d2c3b3c8beb458c9e32974fd45c2ee42a2770f00df78fb4b1d8120bf7e989d199faebaae148215444ea2d181335432eca9b90ace884b600f8995f2f3be50fbad9edb4ce1c437522571a13e5519fa7dbf5a68d7a949a8fbba811f11c6520d7769133eeb4d9b51e19484a784b52d361cd0119a2961843e900a9af8a4d2cf9db3184ede799306448d1738ab0e2e13cb4100eb545f0028ed5a761019a263a6cfc16a353c24bb9c2a86c060f67481e2935c335179fa43d7a42a8eece36c4751c148efa6ee0697a5ed0650b16b2b6d4dbbc9c6e013b75d2bbe309d29003d8ddff2675c57a724d308d006cd7b7b86253ec2e6e11d6817b940d220de6771a4e52e76b75cfaee3031f16176e4d9388ffc48d07d30ef808a59c5d1f8e400babe93a34fa8898914c7d0bf59e440ac0fc296b29eda8bb1bbe7fc14bdb0075e0122df0ed56be9c2a9a6d81b0b355159df9edeb3b8bc27b0f36624db3d88f0db537579507cc19ff025d2ef05d2ce3dd4370e9e65a129f5ffee47cc58c2fafad626c718fba66f8a4533db8d94a5b01084d7b53e3d3f0a452a8cd86bec4ef664bf341c58441f6a29e8b84ca722b8a32efa99876e2c66385577f64c065b8c744a0c5cd0b4ef37914ba890e746eb1700a7f33b68ddd460ca2c01e02b2d936d723f19c0b687e67960b95e196268037c61fc6b703e3b79e27d8fed8c185d6eeb4c59ab1cf1cdb473a109caef530eeef0431d8ec022095b02a68dcca08709f5c44b3731c1ecd85397b99bcc76fb854dda6bbf61ec3bef8f629ce4a03b3198e16f4fed41a27017fa0c630c6941db6bb737b8c120c0f797913719d3e6f3bfa5282147649e0d629886e27e8eea63bb25d834066c195050ba3b3ebe6417ff26b267011eecbff4f78d3702bbc8a4b99d5b4f6d07489ca7a7fb6d2e921943500264d9f4b53aa576ca748e38eca821766d9ca23e746706fd893553c1dfc491bf6295501d72244d0c5fda7ca3d04c946243e7583d21f9f19012feeb0c07a2e5d1f16b847c229aa0980e377a8779180b7b7331722184aaea28efca52287a4b0dbe198a565ef371160ed3e50b3a4db3cc1148b587f5abac501f9ed36010a7f382c4332bb2197f2f00fb0773caa4f24c7bd3372df6fb15fca35d2f39931d5e9aaf84d426447d7794bf9f791ae2f6bef48cc50e3a69e83dcb69c7c7afdae1ed817480fb1c3dd8161f33c4a6260e489313c21625b1079e06219c2e09aa6903126d0e74bd80f7d1180726d7e4f40ae4c84779decfe50b4b42cafb828aaa2b118e6d838bb6b118ff756549be86b5d0d91755c2e9281e6f0e460e1944557d2c4a5f9d9b889a49da2b2e50bb7b77d9b11461d0ea64af68681e5b475c5babc47ba599cf3adb2f9caa5238f71fb9a90ea55b964dd6c15f8611358ca67155d64b7684cda3a5e4e66080688643df068133eabd51630359663b42fa8ced0a9d7d004c4490c4a91818a342fc3fb80921d48e0bf25c4f836a0b1f42b3c1736b"}]}, @typed={0x8, 0xa3, 0x0, 0x0, @ipv4=@empty}]}, @NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM={0x6, 0xfb, 0xe840}, @NL80211_ATTR_ASSOC_MLD_EXT_CAPA_OPS={0x6, 0x151, 0x7}, @NL80211_ATTR_OFFCHANNEL_TX_OK={0x4}]}, 0x11a0}, 0x1, 0x0, 0x0, 0xc881}, 0x4000) (async) r3 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r3, 0x7a7, 0x0) (async) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, 0x6) ioctl$auto_IOCTL_VMCI_SET_NOTIFY(r3, 0x7cb, 0x0) 7.16127629s ago: executing program 1 (id=54): socket(0xa, 0x2, 0x0) pidfd_open$auto(0x1, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000) move_pages$auto(0x0, 0x4, 0x0, 0x0, 0x0, 0x400000) uname$auto(&(0x7f0000000180)={"ad84726f530323e52242c6a93688db926cbfc1df52329ce084257b9e88f3763fb54838f1f32351e3de4dd4d19cea9a1e55f92c76b8e5978d75f9c58a45d8c81aba", "04986eda295453432af666835d32fbc12209644003d240001d1b33e1b356e48cc9f32f6f6892796a7f54c8f602e987294f980934ebbb1d75bfd4978b3f61a500", "382bf3fe479186b41938be067ef57648446f01772f5396103529adfb49d37dd17d6d185aefe183b0c681f7c034ad1c4f6173d92f2dcb73c09afeb346dca00217dc", "c0d3b0a967eef631a8130db3027d9d90680cdaae7b014c340b219e3df22244da8c5970a188bbb4ba9d3eae86fd611f522462665398b71ca368a0d910e404cf64a7", "7eaaa11f4a5f991d3d554d459ab70f3fc9947e3348afcbe228be5279d2ac905668cb3cf3504c577c3e4bc62e06777689462f3ccd49455b84526f04d5ad5fa2667a", "0740565cd2129083d9584fa321770915e771bb111720f212c38bafbec6d9d6e89f0bdd0718eb627debedadebfb69443684364970e41228e894c17c7bcb955761ae"}) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) writev$auto(r1, &(0x7f0000000080)={0x0, 0x1000}, 0x3) select$auto(0x8, &(0x7f0000000340)={[0x0, 0x419, 0x48f, 0x498, 0x6, 0x6, 0x1, 0x7, 0x93ec, 0x5, 0x38, 0x0, 0x1, 0xfffffffffffffffa, 0x4, 0x80000001]}, &(0x7f00000003c0)={[0x46b4, 0x4, 0xffffffffffffff8e, 0x6c3d, 0x7, 0x7000000000000000, 0xfffffffffffffff7, 0xfffffffffffffffb, 0x6a7000, 0xfffffffffffffff7, 0xff, 0x80f, 0x6, 0x5, 0x4, 0xfffffffffffffff7]}, &(0x7f0000000440)={[0x6, 0xffffffffffffbec8, 0xb, 0x8, 0x90ac, 0x4, 0x7, 0x6, 0x6d, 0x7, 0x3, 0x6, 0xae5f, 0x8ba, 0xfffffffffffffff7, 0x401]}, &(0x7f00000004c0)={0x7fffffff, 0xfd}) close_range$auto(0xffffffffffffffff, 0x8, 0x2) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xa00) unshare$auto(0x40000080) write$auto(0xca, 0x0, 0x7f) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x101840, 0x0) r2 = socket(0x11, 0x3, 0x3a) ioctl$auto(r2, 0x8912, 0x1) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x800, 0x0) r3 = getsid$auto(0x0) prctl$auto(0x55f0, 0x6, r3, 0x7fffffffffffffff, 0x5) r4 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/audit\x00', 0x40802, 0x0) read$auto(r4, 0x0, 0xb4d3) 6.900609255s ago: executing program 2 (id=55): r0 = syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) r1 = open(&(0x7f0000000000)='./file0\x00', 0x80000, 0x80) sendmsg$auto_NL80211_CMD_NEW_STATION(r1, &(0x7f0000000480)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[@ANYBLOB="1c010000", @ANYRES16=r0, @ANYBLOB="000427bd7000ffdbdf25130000001e00940084c74ac26eeccfad91612a0a879f538943cae57bdf8bb9bc40fe0000ce00f300f6b1e2797e9840ac512478979144f4e0e8d8f367fe45d0cf68e2b3b074660c92fd03886be710765391b91b8322b224eb9e038abf9d38d3782b90d73adeaffc6fad452b3491403da949550e4d487f867cb81729e67efb982e1653f9bbba888dc82e01b1690a246d6a2d6a7d6bdb2f454a1c01d6ff5f3b2d8921b7cc66d8632ad79d1ab09edea762c4eb91a4a42c2303712ba4b1cc57ae4791b5b13a45114dc91b895d8a65c9c861168f36c346f60d3170d33bf0fa22b459c2d3a1c26d1b57ed175c42fc9829dbcc6750623ea3b84523eea228000005001301060000000600ed00258f00000600120108000000bf575b535f1985b5c7b79d23b4a47e0254ef56187554632f74d2f80eec071a92792c3a7c55162f0f24cc3fcee3bb1afd9167b0cf73eef5a7f697f8dcda0ca8537586fac3c72303aa69173710fc1654199badb0821c1bafa06d77002c631093556a8e7dabbd79005164356f948729fa679a738de1e7d339fc44e69339e5beca690c1a0df5d42fcc6ff0183cf2636880d4b8a6655142c538ace9ecf0640a5aff591f09684f046575e5ad37d725bb50c98c82f9981f010deef6d6435ebd538e37486060d49d31e79d65b1226056623e52aae7b62eea593502a116c0d1d636b59c2d5f5df2c9aef983358a75c64cdc"], 0x11c}}, 0x4000817) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) ioctl$auto_VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af83, &(0x7f0000000000)={0x6}) 6.732656312s ago: executing program 3 (id=57): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) (async) unshare$auto(0x40000080) mmap$auto(0x0, 0x20009, 0x4000000000db, 0x12, 0x400, 0x18002) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) (async) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) (async) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) (async) getpriority$auto_PRIO_USER(0x2, 0x0) (async) mmap$auto(0x0, 0x400, 0xdf, 0xeb1, 0x1272, 0x8000) (async) mbind$auto(0x1000, 0x4, 0x0, &(0x7f0000000140)=0xfff, 0x8, 0x1) (async) pipe2$auto(0x0, 0x80) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async) prctl$auto(0x3e, 0x4, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, 0x0, 0xfff) (async) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) (async) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB='&\x00', @ANYBLOB="5de1"], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40000) read$auto(r1, &(0x7f0000002300)='MAC802154_HWSIM\x00', 0xfdef) r2 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000100)='/dev/binderfs/binder1\x00', 0x0, 0x0) ioctl$auto_BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) (async) ftruncate$auto(r2, 0x1) (async) r3 = openat$auto_state_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x1e9482, 0x0) ioctl$auto_FS_IOC_SETFLAGS(r2, 0x40086602, 0xe20) (async) getcwd$auto(&(0x7f0000000080)='/sys/kernel/debug/binder/state\x00', 0x5) (async) read$auto_state_fops_(r3, &(0x7f0000000180)=""/61, 0xfffffeeb) 6.532516326s ago: executing program 2 (id=58): sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)=ANY=[@ANYBLOB="a8000000", @ANYRES16, @ANYBLOB="01002cbd7000fddbdf2502000000810004006e66736600d8efe42d132b72f30c54315aa74a5b8103cf2ddf901f8fc81365e252374483326ace7da356b7a16f5ce6"], 0xa8}}, 0x4000) r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/037/001\x00', 0x4a901, 0x0) ioctl$auto_USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000100)={0x2, 0x80, 0xffff, 0x5, &(0x7f0000000240), 0xc694, 0x3, 0x80005, @stream_id=0x7, 0x2004b, 0xc, 0x0}) close_range$auto(0x2, 0x8, 0x0) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000600)='/dev/snd/controlC1\x00', 0x82200, 0x0) (async) r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000600)='/dev/snd/controlC1\x00', 0x82200, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, &(0x7f00000006c0)={{@raw=0x9, 0x2, 0x2, 0x1, "162629e6b2259bee9878f8e7b039aa20b33e487d34917b4a9acce903cb72dd4cd8dde6d41c914d63af7a9de9"}, 0x0, @integer=@value=[0x400000000006, 0x12d800000000000, 0x179, 0xfffffffffffff8ad, 0x5, 0x7, 0x4, 0x8, 0x80000000004, 0x7, 0x15b61f2, 0x7, 0x100000001, 0x3, 0x9, 0x5, 0x7f, 0x9f, 0x8, 0x9, 0xb1, 0x0, 0x3, 0x8, 0xffffffff, 0x10001, 0x1, 0x80000000, 0x8000, 0x9, 0x0, 0x80000000, 0xf, 0xfffffffffffffffe, 0x4, 0x1, 0x3, 0x0, 0x800, 0x3638, 0x3, 0x4f3, 0xc, 0x4, 0x7, 0x0, 0xe4, 0x5, 0x6, 0x81, 0x401, 0x400000000084, 0xa, 0xfffffffbfffffffd, 0x6, 0x800, 0xfffffffffffffffd, 0x7, 0x101, 0x82, 0xc9d, 0x3fe, 0x9, 0x8, 0x640c, 0x3, 0x1000, 0x6, 0x201, 0x0, 0xec35, 0x9, 0x1fd, 0x0, 0x0, 0x4, 0xbd2a, 0x903, 0x80007, 0x7fffffffffffffff, 0x5, 0x1, 0xfffffffffffffffe, 0x0, 0x7eda8566, 0x800000007, 0x8000000000000001, 0x9, 0x401, 0xfffffffffffffff7, 0xa, 0x14000000000000, 0x6, 0xfffffffffffffffe, 0x0, 0x1, 0x8000000000000001, 0x5, 0x1ff, 0xf057, 0x40, 0x5, 0x7, 0x2, 0x8, 0x8, 0x1f, 0x8001, 0xc13, 0x6, 0xbf5, 0x2, 0xff, 0x7, 0xf, 0xe0, 0x3, 0x8, 0x3, 0x80000000, 0x6, 0x2, 0x1, 0xa, 0x5, 0x2, 0x100], "54a5f1d1dd2f17b169e8263c3a740d6611142f4b3c69d0f6e967c91125d235ac53e1b00d9fddc53d8f56969329274a57d5f4213fb46616a4faa700873d91426befc561500a5391d522c480bd37f8e7f0050cedfc627c6702978a8f018ad9a7b04711dc3a5c6a755e7a506645ea28e2baa4a6786ca43b3d5d976157eb07c3cdb8"}) unshare$auto(0x40000080) move_pages$auto(0x0, 0x80000001, &(0x7f0000000000)=&(0x7f0000000100)="f5d1768b1376656e3abbef49e044f99eec91324416ec88066e5494a2dea9bbd301244739e899b910e1dc86c7e0683b522c99098d35bb0b22f85c869d3ee54950c165002fe8e7ea02370b3626850bc95aae80000643d0880db9c6b57076e3283198f92965a31f27de60353a274ade92b4ed3a48fd03000000ebbbdcd88ea9dc0f6d32d2227a97d0f7b0fb0dfe9aa4da280ba3131ab55979e69a63747d07146994b9af0bda778e1dc6cffbad2c2434f23733edf95a0f6cc3ae2557afc052", &(0x7f0000000080)=0x6, &(0x7f0000000200)=0x4, 0xb) unshare$auto(0x3) r2 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x640, 0x0) r3 = setfsuid$auto(0xee01) getpriority$auto_PRIO_USER(0x2, r3) (async) getpriority$auto_PRIO_USER(0x2, r3) read$auto_mon_fops_binary_mon_bin(r2, 0x0, 0x0) mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) socket(0xa, 0x2, 0x88) (async) socket(0xa, 0x2, 0x88) sendmsg$auto_NL802154_CMD_SET_SEC_PARAMS(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000001900)=ANY=[@ANYBLOB="05000000", @ANYBLOB="039ee8a02832ad7f0d2169f18e8b18a2f14e790d1d4016fe17bc2465d8cf87f460eb6c8b70cbcae6d96c913d16e3ff1374063b16ef6ee905c0d5f704bb0be8ddd3f7986257969653572b8e27f4757abb368eee6b7e0f049d54db0d8ecbde7ca79a7d68499a394aa3f2aaa12c16b378e2ab3848df88bdb93d920f8e3f751232", @ANYBLOB="010025bd7000ffdbdf25150000000500120010000000080027000c000000380b2b80330b248004008080ba89ebda4be9067b59c90d50dab4ba175b1b13d15e19ee0f5bf6c6d2095efcc719c8e137b7ec6062c6c768e512acd0f1208ee2be2b891868abd1934bd95a54945e649a2afd1272f72e8fffb57e3ba1c8fb306ce2ba95180cf54dcca46ab950e626ff31022afd57f1306ee00962cb60c30a9946d642a00256ed0006ec8364307874f7c763c6e9af0222943721fb4fa5b1cecfe3a908b1fd515dad1e0ca0998fa55ca4bbf9412855250567f1b98186d8597ab6fb715cef224b510a7ccc4cae047b6d4ab94775e1158d87be4806455bbd76baaa3a656ed5f316b17a5a27a6ec9904006d80460a8e80b634a4b1ce57b5a586e945eb157cc566d02bed93630b901c93d3fde23606aa3e80e4d0644fef266741cf5f2879924594cd388ed548e2dea74f9d72af19edad4a810af64d79eaa131b2afaca3f428fd83499d9c7a99dfd9a24cbd9bf5b0f0446521fcf1f416f83791795dc86d63c7a05e38c547e208be35b17fb8aa1fa57ea4ac59aac09a5bfb9f08a6d02e58d5040324f4241a9eb63d5a1e48cff0ed3e97c4af9506ca950ce9d115d242277c614a27a77df014ced1df35f069b42113bc6bf5427f9c1ba6924ec8bafc11ba6d9303461e92e3c3e1b4d5b2954d259654ee2bab0385e3b106c4a93525200ce6e3f1e9f6d4b87b61583abced950ff97dade7ebde309c78d4f1ddbff5cb5c3fd141cbb4e56a97183f705019716cf6d6f300c9677b6f14b2b8d708b675b5c4f2357d9c22dd6bba1195ba295a5f713ac28f043cc671fc7b43fb9b40bf17766c79d698dd68d0e385e926971a18a3c3687c3c8202b806432be62b3030a2c9e31da55a6cd98165f7439f9a09508b8c4b9c5ea32aaf1f7c4246ea8700aaccaf476d9cd5e3b2340d17f13ba40c8fdaf4aa4c4b8763fd86d35bda9aab03e3a252d7e4aea01cdad1fad040b29a9e92ee1fd8c010c30b4cc69917cee531e42efa59c735fe8159a292f57fa7a4600e6833032846d87a515d9803770eb4db6712bce7b51fc2f0eff8a292023a8c7c1544c6e53012f9fe13aa8caf795caccfa4ff2321116a86938e2b782e7a57fe5cbff8df11b0bc86d691a7a8df0cc9486c4898e8bafd0b374798ecdba9af994890465f435d5e6408dd9ddd96df1673098864522e964b565d69882198a999ee41c980dafdf3538400c81ad57dc970a72b75d75850913452021a4dfe885342c4e5c33dbcd801b10866908de67b13c5dc4fb51dce74dae4c4c27413c00b50c8e18d1dcfe28974fee5df4cefd05f7e8e21e8881ef7300ca75af8ef7c8cfa0a1cf8771444e3bd449f957fa4500c1f371ccc31a7b196ca809935887d26d3ed24d2dc16c83aa263abd880df1d27d8463e4f29673fbb0a073caaf975314f5660bdf89c285291a46ddb2f8410b02e86bc522808052288fe16dbb7733976605ed2342c69717ba18334138bc68c994ffa20bbad1672a4ee0dc19a0ec177f36995edc671ef8d29211e4b7d0723a18c36c398df2e924a4f55ef95687e6a4aebcf86d36a9791d561c2203fc4a545d30a5173ffc84612c333a73fd0c84f92554294cfbbe86088e79bc6f1c9bc880b4502e4b47af767f47dbccbf4318ec6a33ee42cafc3e6ced6720adf772de614a754c7b0d93208cb0bdd285e8ff9ffe078bb782a57a14204784880a3379af47423967bf134933d350324a845e7aca06245efec7dd272177bbb663bf83c23161cf7d8b32d45502f6bbc6416720652aa197556c3cf5be55e2f8ace74ce95feb288f681d92ed529bb9892472c3633f744bfde252c8b00808d92daa2a3b4771eee9cc83745c326f8ea02119b55a99bddfc498948e53ce2efa0635276810d2211e9e0e63bc850029865d525cbf43cde05009dca149084d9569a1abb0e5f941bd5c67a77685e965b354dc744617960e642512f2cd86236c9a1938f4e799cc0e09beb23791f446e822b86518185d668e7e93daec7b1a9f53034aeabc7c7bf52deefbf5e2a90b085c41c0f528ff2cf81dbc1c28ed95ad75fd65c0e0d793d7111dce84883cbf60cd55e025b824d84e141d54da72111ea2fed1fd8f3c9cf47763ee47a7988d5021ac661641ee95ea9c9d57dd2f8e537f3cb71830a6c1608dadf6beb7339961811f8da34f8fb7b5190f9c146942fda73801812ed6bffa1a60c80e5fd6528e045b40fa78c10f37797d93f827539aa389d59c48254397ff7b72325465d18b04acac619d9d5f80d46b57d28a76fbe83203ecacb91328b145ebbe356178a1eb1c09101fe785c98aab93485ae7b4217412b7ea31fdd965eaaf78d3ab4eec8bc689062b738c002fd94f9cd18bbc5285c57854f9092e85d90ec205f43fcc9d27cd6041fb73ed3164e7f2cb3ea694b89a1879f8cbcdbffdab4b277d0fa3dba5061952d266b2f3821f79cd2b3bf107c6250e711c9ddba407c9ed323d2dfda23d5a4088f8199d1cbb311a1b051da8d792299f471f0ca7fd7925695acaf01e7ad022d96dfb30e66d551fb37522baf2ea71cc5a6416124ee2138c3f2fb5cca4b71eb9d3571deebc898b62406f416caa3fcd732f9661548d8b7ec74bc94d9dcc92b0048abc2b358c0007a905c9513affbd873a368e0b5872a2f4cdc4bb8602ad3ec77cba3e150c8993f5fc88ac7e6b2642f4660486d5823482aae8f90ee7913abdb064398cebe5946c2920d7d99935571f9b1eeb4529373538e699dda91425660a1010a4cf7e9a10713f57fa1d601467ec51ad5153bd94582320ff55380ca7efefacf62f822b948cb3b93f68978f248639c51ac97e3f56bcca9990839ee01df9773b22cf261310d4b3c6b03ef54a9a848c10d1252d0412a8f01ff61bd6978112d6b69e2f71e02a04f43f3a1a8259f7e83c26fc5bc703a8b6d3d325f08b08f9dc10b8f654871386ef94d2493463f7f3d0b20bf93be475b0ed9e870aaedd63b8d08877651bace68300e3a1b0a5d1a3da2b246fef82de3b57eca440ae7a7656ff31ae74cad3a80f1ae615f2747589d4859ec1981a6a5176168db86ab5f6930d4679762956e408d2268cad53aa10727c8b8952114b17c352782dc9afc120535bcb99bcf1161397f19ac4d288677e48f0e6bfdcf5f852a8bc1b432399f0ade5db9585e09e4cc96a63dd7bddecbbaae880678f94111108d76c5d825629a3eee16b2a6362c59ba3cf99a2e2bcfa62d010706bca5c0d009b141f1c3f6a9cc58234f97a5721a3ee31772877ffda5507f8e7053e15cb60df08184dbdd9f2af7a618781fdd39d32404f3e2dc6ac48f35ce31bc70a019235b7776114ef2ae75ebf7b7191e5a61e1c5c82340e12dd98cf9125a3fb1c8062a206ac2aa98e708a190b1b70d1c2450b47394d8e1f21c541b3f4139d2159e9a37acf2ee9ba5e0cf99221a43b46793cad7b7b71784032a0092abb25380fa77646f948ed456d6fa1fb749f736e10491e39569c073308ee782562a59a719e4b8910f737a41ee0644db9905d22f44bae257749b03667b535af492012ad1c50f1d88a46a2c3aeeca86026c6e5ca8289bb153ff85aade4bd00b9bb87017d7816c24a0e71b0d0dcf6dedbc956c81bf445d665da7cb1c009be2f8d7eb286e2e2595166b8df0541ff0b80ab20d9ba30058ef52dc2c1905133bcca7193320811e0bc083798b80bce7e84ea9135d976fbc339b0814cb4f4dd9a71f9a2f1a78da4c60c1671b6ef41798646a702fd9eeb67bd250df336f0c1889c54be82bfc4238d6568ca0e7bf7a3005126d605a867b47f2c96fd6a92a9cf463270a9e2df32c6959c2f272b48a6b76fe7393dc12713c99888e0d03ffdac04f5d3c87e5343bc1a6127484b6d7e18e97a329ae582b8c3dd1be170cff9fdebcadfb339c67a303e15d6f779da6fbd91b401ac8e32fe1a0f16b5aa52ca7801d12aaba5c57945b3d0e768370e031d268b101df06ceaca597ca754d933b08f3b248548d267cbb16430c5110cdaf5b36bc2cf6a7c24f143277f606cbe77ef320505986fa5dc876e87ec74a2c06d0e893ed3da67cd814f209b3720e98d1b2f6afd245bcb682167978b98b9976c2ef41"], 0xb5c}, 0x1, 0x0, 0x0, 0x20000000}, 0x48880) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "abe6de3d6468fe8000"}, 0x55) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) write$auto(0x3, 0x0, 0x1) (async) write$auto(0x3, 0x0, 0x1) sendmsg$auto_NL80211_CMD_SET_COALESCE(0xffffffffffffffff, 0x0, 0x80) (async) sendmsg$auto_NL80211_CMD_SET_COALESCE(0xffffffffffffffff, 0x0, 0x80) socket(0x1a, 0x1, 0x0) (async) r4 = socket(0x1a, 0x1, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) (async) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0) (async) r6 = ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = syz_genetlink_get_family_id$auto_nfc(&(0x7f0000000300), r4) sendmsg$auto_NFC_CMD_SE_IO(r6, &(0x7f00000003c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000380)={&(0x7f00000004c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r7, @ANYBLOB="010028bd7000fddbdf251b00000005000a0003000000f30af7eba1a8075e6d210b291d735ba90a113c1f030272b2740ac84e407f70e5093b1be2615909503d8d4300000000"], 0x1c}, 0x1, 0x0, 0x0, 0x2408c000}, 0x24044045) sendmsg$auto_NFC_CMD_DEV_UP(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000300)={&(0x7f0000000bc0)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="00022bbd7000fbdbdf2502000000058010000100000005000c000000000008001e000800000006001100010000002b001f00605151f86b54fa113f962e8501ff4a39fd881c135cb5def1d715b8ff000000000000005b742e8772f970d06be74ef43a26767eec61bb5b85751d5185c45065f32eda20fb2d6cb6455bce4749e5ba77a7a8c2bf7c315000392fbd1f629aa8531092921437984b770d6ba133141c496b0d3562bb412d5d00009bb58d6c7ada0e9b7dde2eec8691d32f67569800217c130f0b31ee094c11189b86360ec4e84c855f6b6941bcb3138f0e91dacb540ceaecfdae6678e6e72cf316148fe902a573498cbda8f464ab0113bc989e00158e0f74b83a43"], 0x60}, 0x1, 0x0, 0x0, 0x14}, 0x4000000) ioctl$auto(r2, 0x4, r2) (async) ioctl$auto(r2, 0x4, r2) ioctl$auto_MON_IOCG_STATS(r2, 0x80089203, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x0, 0x0) 5.160283324s ago: executing program 1 (id=59): mmap$auto(0x0, 0x20009, 0xa, 0xeb1, 0x401, 0x8000) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000007c0)='/proc/sys/net/mptcp/blackhole_timeout\x00', 0x0, 0x0) read$auto_proc_sys_file_operations_proc_sysctl(r0, 0x0, 0x0) socket(0x22, 0x3, 0x0) ioctl$auto(0xffffffffffffffff, 0x40104d01, 0xffffffffffffffff) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x20) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x140082, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x2a01, 0x0) socket(0x1f, 0xa, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) 4.600768209s ago: executing program 2 (id=62): unshare$auto(0x40000080) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$auto_NS_GET_TGID_IN_PIDNS(0xffffffffffffffff, 0x8004b709, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x48140, 0x0) sched_setaffinity$auto(0x0, 0x9899, 0x0) clone$auto(0x20003b46, 0x80000001, 0x0, 0x0, 0x2) ioctl$auto_TIOCSWINSZ2(r1, 0x5414, 0x0) r2 = open_by_handle_at$auto(0xffffffffffffffff, 0x0, 0x3) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) socket(0xf, 0x3, 0x9) prctl$auto(0x3e, 0x1, r0, 0x1, 0x2) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r3, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) mmap$auto(0x0, 0xc7, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) memfd_create$auto(0x0, 0xe) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0xa0e42, 0x0) r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), r2) sendmsg$auto_NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="ec004003", @ANYRES16=r5, @ANYRES8=0x0], 0xec}, 0x1, 0x0, 0x0, 0x40850}, 0x4004081) write$auto(r4, &(0x7f00000000c0)='//\xf2\x00', 0xab3) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x2, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, 0x0, 0x101802, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x301040, 0x0) close_range$auto(0x2, 0x8, 0x1) r6 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x2000, 0x0) ioctl$auto_KVM_CREATE_VM(r6, 0xae01, 0x0) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x8000fff5) 4.548684104s ago: executing program 3 (id=63): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x100000000000001c, 0x7, 0x63, 0x0, 0x0, 0x0, 0x1002, 0x4, 0x80000008040000a, 0x40000402, 0x7, 0x8, 0xffffffff80000000, 0xffffffffffffffff, 0x6, 0x240000100103}) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001d80)='/sys/devices/virtual/sound/ctl-led/speaker/card0/attach\x00', 0x1, 0x0) mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000800)='/sys/devices/virtual/bdi/43:384/max_bytes\x00', 0x181482, 0x0) read$auto(r1, 0x0, 0x2) write$auto(0x3, 0x0, 0xfdef) close_range$auto(0x2, 0x8, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000200), 0x189400, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cgroup.threads\x00', 0x80302, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r3) ioctl$auto_KVM_CREATE_VM(r2, 0xae80, 0x0) ioctl$auto(0x3, 0xae41, r0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) r4 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000040)='/dev/usbmon20\x00', 0x60501, 0x0) ioctl$auto_MON_IOCG_STATS(r4, 0x80089203, 0x0) r5 = openat$auto_urandom_fops_random(0xffffffffffffff9c, &(0x7f0000000080), 0x20082, 0x0) writev$auto(r5, 0x0, 0x3) mknod$auto(&(0x7f0000000180)=':,\x00', 0xcb, 0xfffffffa) execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000300)='/proc/sys/net/ipv6/conf/default/stable_secret\x00', 0x40d02, 0x0) 4.501670742s ago: executing program 1 (id=64): socket(0xa, 0x3, 0x3b) r0 = socket(0x10, 0x2, 0x9) sendmsg$auto_NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYRES32=r0], 0x5f}, 0x1, 0x0, 0x0, 0x20004080}, 0x40) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x22, 0x3, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0xa, 0x1, 0xb267, 0x759, 0x5, 0x81, 0x1ffde, 0x7, 0xfffffffffffffffd, 0x8, 0x9, 0x80003, 0x4, 0x200000000005, 0x384, 0x9, 0xb14, 0x10006, 0x400007f, 0x7, 0x0, 0xe, 0x21ff9, 0x200, 0x0, 0x84, 0x0, 0x0, 0x3, 0x0, 0xac79, [0x0, 0x7, 0x0, 0x25c3, 0x0, 0x0, 0x2000000000, 0x0, 0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x0, 0x0, 0x80000000, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x40000000000004ac, 0x100000, 0x0, 0x0, 0x0, 0x5, 0x0, 0x196fc46e, 0x2, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x40000000000, 0x4, 0x0, 0x101, 0x0, 0x0, 0xffffffffffdffffd]}, 0x1fa, 0x11) r1 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000000), 0x28002, 0x0) r2 = openat$auto_ftrace_event_format_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000640)='/sys/kernel/tracing/events/vmalloc/alloc_vmap_area/format\x00', 0x40, 0x0) pread64$auto(r2, &(0x7f0000000300)='/sys/kernel/tracing/events/vmalloc/allop_area/format\x00\x00\x00\x00\x00\x00\x0f:\xe23j\xb2\x93\x99\r\x02\xd0f\x87Wz\x1b\xc7\x9f\x0f7\xe8\x94\xac(,\x03\x03\xff\xc4*o\xcbf\xe4\x8a\x10\xf3\x7fA\x02:Y\xcf\x1b\x8e\x91%\x00\xf9\xff6\xa6\\\x80\x0f\xfa\xd4\xec\xa6\x0e\x1c,\'\\Aq\xae\x8e\x9c_ \x0f\v\xd3\xcb\xe4\"\xf2\x95\x8e\xc0q\x03;\x16\x84apq\xb4\x88o\xe2\x8c\xb2\xbf\x18z\xee\x8f\x05\x84\xdb\xcbP\xfa\xcec\xa4\xec\xd3\xa9[\x91xV\xd5g\xdf)\xfbJ\xaeNI\x13o\xb8\x98\xc9\x06yP>N\xe7\xf4e\xc2\x97\x02_\xeaV\xc9Vk\xaff\v\xc7\x7f\xdc\xd4\xca\xcf\x94\xb6\x1dK\xc0\xdd\x83w\xe0\x8dx\f\x17>\xa1\riQ\xb7\x03=1\xb7\xed\x1e&t\xffHx>\xc9\xac\x17/\x16\x92y\x87\xc6\x90\x8c\xcb\x86H5\n\xa2\xe8\x03\x92\xc3\xa9\xfb\x9eh\xec\xa9\x8d\xb80\x86\xa6\xa5\xd4I\xfe\xc6]F\xbe\xa0\xda\xa2\x13\xc6\xfb\xe6\xee\xf4Z,\x10\x10C0\x8b\xfd\xfb\xee\x93\x125\xfe\xc4z\"\xc6=Z\xacM\x14\x8f?w\x88S;eNL\xcd.(\xccT\xfaI\a\x1c\xb5\x8d\xf8\xccd\x1f\x1b\xb48\xb1\xbc\xfb\x13f\xa5\xd2\xfb\x17\xff\xe8\xd9\b3\x95\xa7\x85\xb1\x98\xd0\xcf\xbf=\xf7\xd0q1\b\xd2|\xc1B\xcc#5', 0x100000001, 0x7) ioctl$auto__ctl_fops_dm_ioctl(r1, 0xfffffff7effffd05, &(0x7f00000001c0)) ioctl$auto(0xffffffffffffffff, 0x40104d01, 0xffffffffffffffff) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000001) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000002dc0)='/dev/adsp1\x00', 0x2401, 0x0) r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20342, 0x0) clone3$auto(0x0, 0x0) write$auto(r3, 0x0, 0x6051) readv$auto(0x3, 0x0, 0x1) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) mmap$auto(0x0, 0x810006, 0xffb, 0x8000000008011, 0x3, 0x0) msync$auto(0x0, 0xe0, 0x6) 3.274261152s ago: executing program 3 (id=65): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000280)='/proc/self/oom_adj\x00', 0x980, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000180), 0xc0000, 0x0) read$auto(r0, 0x0, 0x4) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x111442, 0x0) bpf$auto_BPF_LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000040)=@query={@target_fd=r0, 0xffff8000, 0xff3, 0x10, 0x6, @count=0xfffff2a9, 0x0, 0x7, 0x8, 0x8000000000000001, 0x6}, 0x7) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) 2.663890828s ago: executing program 0 (id=67): syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_LINKINFO_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000840}, 0x2000c840) (async) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) (async) futex_wake$auto(&(0x7f00000001c0), 0x5, 0x4, 0xa) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) close_range$auto(0x2, 0x8, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) shmget$auto(0x8, 0x10565, 0x7ff) (async) shmat$auto(0x0, &(0x7f0000000000)='(\x00', 0xfffffffb) shmctl$auto_IPC_RMID(0x0, 0x0, &(0x7f0000000340)={{0x0, 0xee00, 0xee00, 0x0, 0x8, 0x80000000, 0x80}, 0x7f, 0x1, 0x7, 0x3, @raw=0xc, @raw, 0x7, 0x0, 0x0, 0x0}) (async) lstat$auto(&(0x7f0000000040)='./file0\x00', 0x0) (async) mprotect$auto(0x200000000000, 0x5, 0x4) socket(0x2, 0x3, 0x2) clock_gettime$auto(0x1, 0x0) (async) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/processor/parameters/bm_check_disable\x00', 0x2502, 0x0) (async) r1 = openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/pcmC0D0p\x00', 0x400080, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_START(r1, 0x4142, 0x0) (async) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xa00) getcwd$auto(0x0, 0xffffffffffffffff) (async) r2 = inotify_init1$auto(0x3000000000000) inotify_add_watch$auto(r2, 0x0, 0x81000002) (async) r3 = open(0x0, 0x0, 0x0) (async) mmap$auto(0x0, 0x2020009, 0x10000078768535, 0xeb1, r0, 0x8000) r4 = openat$auto_trace_options_fops_trace(0xffffffffffffff9c, 0x0, 0x0, 0x0) connect$auto(r4, 0x0, 0x80e4) (async) accept$auto(0xffffffffffffffff, 0x0, 0x0) (async) getsockopt$auto(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) (async) syz_genetlink_get_family_id$auto_tipcv2(0x0, r3) ioctl$auto_FS_IOC_FSSETXATTR(r3, 0x401c5820, 0x9) (async) socket(0x6, 0x2, 0x3) 2.630617201s ago: executing program 3 (id=68): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2062, 0x0) ioctl$auto_NS_GET_TGID_IN_PIDNS(0xffffffffffffffff, 0x8004b709, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) sysfs$auto(0x2, 0x49, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) clock_adjtime$auto(0x0, &(0x7f0000000040)={0xfbb, 0x0, 0x7f, 0xfffffffff7fffffe, 0x602, 0x8, 0x7, 0x0, 0x7, 0xb, 0x1, {0x3ff, 0x7}, 0xfffffffffffffffa, 0x200000a5, 0xa, 0x13c, 0x0, 0xc3, 0x7, 0xd, 0x2, 0x90, 0xfffffff5}) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="566b3dd008e4edd9650200000000004d7c289b482e57f701"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0x200000c4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="720100", @ANYBLOB="18b4e131a489c816712b63233d899c9bca6b87bff02e01bd506fc4e46becc4e34ede24c8d3d17d204a2e02e90cff7c25035facaabc2517f90ba9bab7d499f135adc5c65f0c0c9c0454e9ab2c571a799b6278a926f2c763cc0f"], 0x1ac}, 0x1, 0x0, 0x0, 0x10}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x800) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000180)='/dev/admmidi2\x00', 0x4340, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) r0 = fsopen$auto(0x0, 0x1) fsconfig$auto(r0, 0x3, &(0x7f0000000000)='Q**\x00', &(0x7f0000000040), 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, r1, 0x8000) r2 = open(&(0x7f0000000000)='./file0\x00', 0x1eb343, 0x100) copy_file_range$auto(r2, 0x0, r2, 0x0, 0x21c1, 0x0) madvise$auto(0x0, 0xfffffffffffefffd, 0x17) madvise$auto(0x0, 0x20499d, 0x9) openat$auto_lockdown_ops_lockdown(0xffffffffffffff9c, 0x0, 0x230c41, 0x0) r3 = openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f00000002c0), 0x422802, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/platform/dummy_hcd.0/usb1/bConfigurationValue\x00', 0x63102, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) timerfd_create$auto(0x8001, 0x1000) openat$auto_hsr_node_table_fops_(0xffffffffffffff9c, 0x0, 0x100, 0x0) preadv$auto(r1, &(0x7f00000001c0)={0x0, 0xfffffffd}, 0x5, 0xc, 0x1) sendfile$auto(r0, r4, 0x0, 0x2) ioctl$auto_SNAPSHOT_FREE(r3, 0x3314, 0x0) 2.401505918s ago: executing program 0 (id=69): mmap$auto(0x0, 0x20008, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x10, 0x2, 0x0) openat2$dir(0xffffffffffffff9c, 0x0, 0x0, 0xffffffeb) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x1c1080, 0x0) socket(0x10, 0x80002, 0x0) bind$auto(0x3, &(0x7f0000000000)=@generic={0x10, "a500acb75c9cedd1b5e9a0d76293"}, 0x68) statmount$auto(0x0, &(0x7f0000000180)={0xc, 0x7, 0xa, 0x3, 0x10, 0x5, 0x0, 0x3, 0x6, 0x10000000000002, 0x6c8, 0x5, 0x20000000003, 0x5, 0xb4, 0x7, 0x10000002, 0x3, 0x5, 0x7, 0x1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, [0xffffffffffffffff, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x8000, 0x5f23, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x1fe, 0x40081) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8802) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x40080c1) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0xc20f0000, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x8) 1.204995494s ago: executing program 1 (id=70): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x106) r1 = socket(0x2, 0x2, 0x0) bind$auto(0x3, 0x0, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) pwrite64$auto(0xc8, &(0x7f0000000140)='\vX\xb5n\x91p\xe6\x1eRNM\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00,\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbe\x01\x00\x00\x00\'\x03\x00\x00\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^B\xb8\xe4j\t,\xe4\x90\xcc\x9d\xc5\x0fo\x84\xf4\x89\v\xea\x1b\x95\xafQ;CL\"\x01@\x00\x00\x00\x00\f\x00\xc0\x13\xc8\xe2\xae\xf5\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8d\x81\x81O*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,8\x93\xba\x88\x93\x9d\xb6\x1a\x7f\xc0%\xb0\x83ROJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd6eWj\xdc\xac\x88\xf0\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00\x00\xff\xff\x00'/242, 0xfdf0, 0x39) recvmmsg$auto(r0, 0x0, 0xfffc, 0x4, 0x0) shutdown$auto(0x200000003, 0x400002) madvise$auto(0x0, 0xfffffffffffeffff, 0x15) bind$auto(r1, &(0x7f0000000000)=@generic={0x2b, "8e5e266bf7466ee12f4635d13e85"}, 0x9) mlockall$auto(0x7) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1e, 0x5, 0xfffffffe, 0x0) madvise$auto(0x3, 0xffffffffffff0005, 0x19) mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000) io_uring_setup$auto(0x2, &(0x7f0000000080)={0x80000003, 0x9, 0x4002, 0x6, 0x4, 0x8, 0xffffffffffffffff, [], {0x9, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x101, 0x4000006, 0x2000}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x104, 0x8, 0x100000000}}) madvise$auto(0x0, 0x2003f0, 0x15) r3 = prctl$auto(0x43, 0xe, 0x0, 0x0, 0x0) mlockall$auto(0x7) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x13}}, 0x54) prctl$auto(0x23, 0x2, 0x7fffffffefff, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x5, 0xeb1, r2, 0x8000) r4 = socket(0x3, 0xa, 0x3) sendmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0xfc2, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x89e}, 0x7, 0x4008) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYRESHEX=r3], 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x400c004) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000300)='/dev/sg1\x00', 0x8c001, 0x0) 1.204758441s ago: executing program 2 (id=71): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x10, 0x2, 0x14) socket(0x11, 0x80003, 0x300) socket(0x2, 0x3, 0x100) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2a, 0x2, 0x0) open(&(0x7f0000000100)='.\x00', 0x0, 0x408) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sda\x00', 0xce140, 0x0) socket(0x10, 0x2, 0x0) socket(0xa, 0x2, 0x73) io_uring_setup$auto(0xa, 0x0) pipe$auto(0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card0\x00', 0x500, 0x0) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x0) openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, 0x0, 0x10bb41, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x82000, 0x0) mmap$auto(0x0, 0x40009, 0x1ff, 0x9b72, 0x7, 0x28000) r0 = socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1, 0x2, 0xfffffff7, 0x0) open(0x0, 0x464481, 0x155) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0xc0400, 0x0) ioctl$auto(0x3, 0x40045613, r0) openat$auto_tracing_saved_cmdlines_fops_trace(0xffffffffffffff9c, 0x0, 0x40000, 0x0) socket(0xa, 0x5, 0x0) openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, 0x0, 0x900, 0x0) 1.204430446s ago: executing program 3 (id=72): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) mremap$auto(0x4000, 0xfee0, 0x3fd6, 0x3, 0xfffff000) close_range$auto(0x2, 0x8, 0x0) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) r0 = socket(0x2a, 0x2, 0x8000) connect$auto(r0, &(0x7f00000000c0)=@qipcrtr={0x2a, 0x1, 0xfffffffe}, 0x55) (async) openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) (async) unshare$auto(0x40000080) (async) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) (async) socket(0xb, 0x4, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) (async) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async) madvise$auto(0x0, 0xffffffffffff0005, 0x19) (async) madvise$auto(0x0, 0x2003f2, 0x15) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000040)=ANY=[], 0x14}}, 0x24048004) (async) madvise$auto(0x0, 0x200007, 0x19) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/pagemap\x00', 0x0, 0x0) (async) r3 = getpid() (async) io_getevents$auto(0x24, 0xffffffff, 0x4, 0x0, 0xfffffffffffffffd) (async) r4 = socket$nl_generic(0x10, 0x3, 0x10) (async) mmap$auto(0x0, 0x4, 0x5, 0xebe, 0xfffffffffffffffa, 0x8000) (async) mbind$auto(0x0, 0x4, 0x2, &(0x7f0000000500)=0x3, 0xa, 0x1) futex_wake$auto(0x0, 0x9, 0xffffffff, 0xa) r5 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_LINKINFO_GET(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="fbfffff8ffffffffad000000", @ANYRES16=r5, @ANYBLOB="200826bd7000fcdbdf2502000000"], 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x4044054) (async) waitid$auto_P_PID(0x1, r3, 0x0, 0x1, &(0x7f0000000340)={{0x1, 0x8}, {0x8000000, 0x9}, 0x8, 0x2, 0xc, 0x1, 0x409, 0x6, 0x69, 0x3, 0x6, 0x0, 0x2, 0x37, 0x4, 0x6}) 1.203230734s ago: executing program 0 (id=78): mmap$auto(0x0, 0x20008, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x10, 0x2, 0x0) openat2$dir(0xffffffffffffff9c, 0x0, 0x0, 0xffffffeb) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x1c1080, 0x0) socket(0x10, 0x80002, 0x0) bind$auto(0x3, &(0x7f0000000000)=@generic={0x10, "a500acb75c9cedd1b5e9a0d76293"}, 0x68) statmount$auto(0x0, &(0x7f0000000180)={0xc, 0x7, 0xa, 0x3, 0x10, 0x5, 0x0, 0x3, 0x6, 0x10000000000002, 0x6c8, 0x5, 0x20000000003, 0x5, 0xb4, 0x7, 0x10000002, 0x3, 0x5, 0x7, 0x1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, [0xffffffffffffffff, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x8000, 0x5f23, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x1fe, 0x40081) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8802) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x40080c1) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0xc20f0000, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x8) 979.677326ms ago: executing program 0 (id=73): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x100000000000001c, 0x7, 0x63, 0x0, 0x0, 0x0, 0x1002, 0x4, 0x80000008040000a, 0x40000402, 0x7, 0x8, 0xffffffff80000000, 0xffffffffffffffff, 0x6, 0x240000100103}) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001d80)='/sys/devices/virtual/sound/ctl-led/speaker/card0/attach\x00', 0x1, 0x0) mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000800)='/sys/devices/virtual/bdi/43:384/max_bytes\x00', 0x181482, 0x0) read$auto(r1, 0x0, 0x2) write$auto(0x3, 0x0, 0xfdef) close_range$auto(0x2, 0x8, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000200), 0x189400, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cgroup.threads\x00', 0x80302, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r3) ioctl$auto_KVM_CREATE_VM(r2, 0xae80, 0x0) ioctl$auto(0x3, 0xae41, r0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) r4 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000040)='/dev/usbmon20\x00', 0x60501, 0x0) ioctl$auto_MON_IOCG_STATS(r4, 0x80089203, 0x0) r5 = openat$auto_urandom_fops_random(0xffffffffffffff9c, &(0x7f0000000080), 0x20082, 0x0) writev$auto(r5, 0x0, 0x3) mknod$auto(&(0x7f0000000180)=':,\x00', 0xcb, 0xfffffffa) execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000300)='/proc/sys/net/ipv6/conf/default/stable_secret\x00', 0x40d02, 0x0) 964.885908ms ago: executing program 2 (id=74): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x140082, 0x0) clock_settime$auto(0x0, 0x0) r2 = openat$auto_ftrace_event_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/tracing/events/vmalloc/free_vmap_area_noflush/filter\x00', 0x2, 0x0) write$auto_ftrace_event_filter_fops_trace_events(r2, &(0x7f0000000300)="2baf82c1a5bc872318c266c40109c6b2b8e16198d96732ec3515702f77291f", 0x1f) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x6) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_CTRL_CMD_GETPOLICY(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000580)=ANY=[@ANYBLOB="00010000", @ANYRES16=r6, @ANYBLOB="01032cb57000fbdbdf250a0000000600010017000000"], 0x1c}, 0x1, 0x0, 0x0, 0x400c01d}, 0x0) bind$auto(0xffffffffffffffff, &(0x7f0000000140)=@phonet={0x23, 0x6, 0x3, 0xa3}, 0x80) r7 = socket(0x23, 0x5, 0x0) bind$auto(r7, &(0x7f0000000140)=@phonet={0x23, 0x6, 0x0, 0xa3}, 0x80) r8 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000080), r5) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'macvtap0\x00', 0x0}) sendmsg$auto_MACSEC_CMD_ADD_RXSC(r4, &(0x7f0000004100)={0x0, 0x300, &(0x7f0000000200)={&(0x7f00000000c0)={0x1c, r8, 0x1, 0x70bd26, 0x65dfdbfc, {}, [@MACSEC_ATTR_IFINDEX={0x8, 0x1, r9}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20040801}, 0x4000000) r10 = socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x0, &(0x7f0000000040)=@bpf_attr_5={@target_ifindex, r10, 0x99, 0x8, 0x1, @relative_id=0x8, 0x5}, 0x92) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'ip6tnl0\x00'}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'pimreg\x00'}) capget$auto(&(0x7f0000000180)={0x9, 0xffffffffffffffff}, &(0x7f00000001c0)={0x6, 0xb, 0xffffffff}) r11 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r11, @ANYBLOB="01002abd7000fbdbdf25040000002d0011002f50136a450cf972f5a3d28479f92a9b221ca46c2d19fda4f47902c296fa844c12cd83f712d3c41e5d000000"], 0x44}, 0x1, 0x0, 0x0, 0x4008040}, 0x40800) syz_genetlink_get_family_id$auto_nbd(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) 312.635382ms ago: executing program 0 (id=75): r0 = syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) r1 = open(&(0x7f0000000000)='./file0\x00', 0x80000, 0x80) sendmsg$auto_NL80211_CMD_NEW_STATION(r1, &(0x7f0000000480)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[@ANYBLOB="1c010000", @ANYRES16=r0, @ANYBLOB="000427bd7000ffdbdf25130000001e00940084c74ac26eeccfad91612a0a879f538943cae57bdf8bb9bc40fe0000ce00f300f6b1e2797e9840ac512478979144f4e0e8d8f367fe45d0cf68e2b3b074660c92fd03886be710765391b91b8322b224eb9e038abf9d38d3782b90d73adeaffc6fad452b3491403da949550e4d487f867cb81729e67efb982e1653f9bbba888dc82e01b1690a246d6a2d6a7d6bdb2f454a1c01d6ff5f3b2d8921b7cc66d8632ad79d1ab09edea762c4eb91a4a42c2303712ba4b1cc57ae4791b5b13a45114dc91b895d8a65c9c861168f36c346f60d3170d33bf0fa22b459c2d3a1c26d1b57ed175c42fc9829dbcc6750623ea3b84523eea228000005001301060000000600ed00258f00000600120108000000bf575b535f1985b5c7b79d23b4a47e0254ef56187554632f74d2f80eec071a92792c3a7c55162f0f24cc3fcee3bb1afd9167b0cf73eef5a7f697f8dcda0ca8537586fac3c72303aa69173710fc1654199badb0821c1bafa06d77002c631093556a8e7dabbd79005164356f948729fa679a738de1e7d339fc44e69339e5beca690c1a0df5d42fcc6ff0183cf2636880d4b8a6655142c538ace9ecf0640a5aff591f09684f046575e5ad37d725bb50c98c82f9981f010deef6d6435ebd538e37486060d49d31e79d65b1226056623e52aae7b62eea593502a116c0d1d636b59c2d5f5df2c9aef983358a75c64cdc"], 0x11c}}, 0x4000817) r2 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_MEM_TABLE(r2, 0x4008af83, &(0x7f0000000000)={0x6}) 143.286805ms ago: executing program 0 (id=76): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) (async) r0 = socket(0x2b, 0x1, 0x1) (async) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/net/bond0/bonding/peer_notif_delay\x00', 0x80, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f00000000c0)=""/17, 0x11) (async) pidfd_send_signal$auto_PIDFD_SELF_THREAD(0xffffffffffffd8f0, 0x0, &(0x7f0000000100)={@_si_pad}, 0x4) (async) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/gro_flush_timeout\x00', 0x88a82, 0x0) sendfile$auto(r2, r2, 0x0, 0x1) setsockopt$auto(r0, 0x7, 0x7fffffff, 0x0, 0xc) (async) setsockopt$auto(r2, 0xfffffffd, 0x11, 0x0, 0x20) (async) mmap$auto(0xffffffff, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) (async) sysfs$auto(0x2, 0x10000000000002d, 0x0) (async) r3 = fsopen$auto(0x0, 0x1) fsconfig$auto(r3, 0x8, 0x0, 0x0, 0x0) (async) socket(0x15, 0x5, 0x3) (async) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) r4 = pidfd_open$auto(0x1, 0x0) setns(r4, 0x60020000) (async) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) (async) madvise$auto(0x7fc, 0x4, 0x4) (async) syz_clone3(&(0x7f0000000300)={0x153326100, 0x0, 0x0, 0x0, {0x23}, 0x0, 0x0, 0x0, 0x0, 0x0, {r4}}, 0xa7) (async) clone$auto(0x9001, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x5) (async) r5 = socket(0xa, 0x5, 0x0) getsockopt$auto(r5, 0x84, 0x24, 0x0, 0x0) syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000100), r4) (async) ioctl$auto_CDROMEJECT(r3, 0x5309, &(0x7f0000000400)="cc3f0fa0d2bbc1dfd7f2425e902c8d000b0628dfc3737ebc2a8ca6fd7ec557797b2b47cb6632757d557efeea15890ac8fcfa9c3e5d23583ef436cdc2286ac022cfaf9cce22d34627802ffb3a28278e645ebd626e0b09150116685e238b08e71482de394a092af18adb9e270133c6a9baf2742e82db7434ac5dd6553a9f0308b09118466f03b638df8693fcfafaaf7b638ed40fe1c9d24493c09a6777046e0cf1c8fe470af45b22f274ba11ae166aace8dcb022f55bada920ba595c43fa18989ac4ee819a91fb33a74b65faf4c8049f763d1a5b61ca041e0314ab501ebf33294589ac0384c4ba02fbea45b2d09067f42fa1464d8fc5a44da5ab58f3d4dac15ca4b83e2a7406000000ce79a8337523e6010000000000000000a5d66655e309935cf9f8acd4d6b4d096c79361314c16e04119ecc52c121ebeff83ec92cc3368e52a7cb39e1e851b067bf66390aa4686c66c1e383bc66ec749a17a17456415c0ebeaad90822e0dec5bd92642f8f20beb005f36885690bb98170649ebd4ec5087967ab0a1cce961da1a9eeab8cb6482a909daf4bdc7c1b759b9d34bddc63b7553428f20df21be64bddb7983d5fd61c82f9bc75e807b89e6a257") openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$auto_USB_RAW_IOCTL_RUN(0xffffffffffffffff, 0x5501, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x14, 0x0, 0x8) (async) mmap$auto(0x0, 0x400, 0xdf, 0xeb1, 0x1272, 0x8000) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'vcan0\x00'}) 0s ago: executing program 3 (id=77): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000280)='/proc/self/oom_adj\x00', 0x980, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) read$auto(r0, 0x0, 0x4) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x111442, 0x0) bpf$auto_BPF_LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000040)=@query={@target_fd=r0, 0xffff8000, 0xff3, 0x10, 0x6, @count=0xfffff2a9, 0x0, 0x7, 0x8, 0x8000000000000001, 0x6}, 0x7) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.245' (ED25519) to the list of known hosts. [ 84.879782][ T5810] cgroup: Unknown subsys name 'net' [ 85.011331][ T5810] cgroup: Unknown subsys name 'cpuset' [ 85.020249][ T5810] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 86.761279][ T5810] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 88.809660][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 88.818346][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 88.826300][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 88.836784][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 88.844814][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 88.861586][ T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 88.870749][ T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 88.879382][ T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 88.897141][ T5828] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 88.906534][ T5828] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 89.056024][ T5823] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 89.063737][ T5823] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 89.073463][ T5823] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 89.082702][ T5823] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 89.083191][ T5837] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 89.091128][ T5823] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 89.105467][ T5823] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 89.138746][ T5828] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 89.150592][ T5828] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 89.160266][ T5828] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 89.437428][ T5822] chnl_net:caif_netlink_parms(): no params data found [ 89.503360][ T5826] chnl_net:caif_netlink_parms(): no params data found [ 89.639716][ T5822] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.647587][ T5822] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.654826][ T5822] bridge_slave_0: entered allmulticast mode [ 89.662347][ T5822] bridge_slave_0: entered promiscuous mode [ 89.683918][ T5822] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.691188][ T5822] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.698451][ T5822] bridge_slave_1: entered allmulticast mode [ 89.705790][ T5822] bridge_slave_1: entered promiscuous mode [ 89.775502][ T5822] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.790189][ T5822] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.835161][ T5826] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.842599][ T5826] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.849965][ T5826] bridge_slave_0: entered allmulticast mode [ 89.857274][ T5826] bridge_slave_0: entered promiscuous mode [ 89.881310][ T5833] chnl_net:caif_netlink_parms(): no params data found [ 89.903278][ T5826] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.910664][ T5826] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.918123][ T5826] bridge_slave_1: entered allmulticast mode [ 89.925318][ T5826] bridge_slave_1: entered promiscuous mode [ 89.946829][ T5822] team0: Port device team_slave_0 added [ 89.984510][ T5822] team0: Port device team_slave_1 added [ 90.023094][ T5826] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.060892][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.068183][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.094982][ T5822] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.110816][ T5826] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.132113][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.139155][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.165797][ T5822] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.218220][ T5832] chnl_net:caif_netlink_parms(): no params data found [ 90.232649][ T5826] team0: Port device team_slave_0 added [ 90.271888][ T5826] team0: Port device team_slave_1 added [ 90.278587][ T5833] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.286707][ T5833] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.294028][ T5833] bridge_slave_0: entered allmulticast mode [ 90.301693][ T5833] bridge_slave_0: entered promiscuous mode [ 90.346688][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.353867][ T5833] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.361360][ T5833] bridge_slave_1: entered allmulticast mode [ 90.368628][ T5833] bridge_slave_1: entered promiscuous mode [ 90.409177][ T5822] hsr_slave_0: entered promiscuous mode [ 90.415691][ T5822] hsr_slave_1: entered promiscuous mode [ 90.439057][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.446553][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.472852][ T5826] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.486049][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.493109][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.519352][ T5826] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.569668][ T5833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.582599][ T5833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.658829][ T5832] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.666127][ T5832] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.673366][ T5832] bridge_slave_0: entered allmulticast mode [ 90.680932][ T5832] bridge_slave_0: entered promiscuous mode [ 90.717991][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.725244][ T5832] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.733729][ T5832] bridge_slave_1: entered allmulticast mode [ 90.741001][ T5832] bridge_slave_1: entered promiscuous mode [ 90.750771][ T5833] team0: Port device team_slave_0 added [ 90.784555][ T5833] team0: Port device team_slave_1 added [ 90.804804][ T5826] hsr_slave_0: entered promiscuous mode [ 90.811458][ T5826] hsr_slave_1: entered promiscuous mode [ 90.818073][ T5826] debugfs: 'hsr0' already exists in 'hsr' [ 90.823868][ T5826] Cannot create hsr debugfs directory [ 90.866604][ T5144] Bluetooth: hci0: command tx timeout [ 90.876299][ T5832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.916250][ T5832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.936146][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.943216][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.969812][ T5833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.010433][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.017697][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.044719][ T5833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.045888][ T5144] Bluetooth: hci1: command tx timeout [ 91.088738][ T5832] team0: Port device team_slave_0 added [ 91.097394][ T5832] team0: Port device team_slave_1 added [ 91.186577][ T5144] Bluetooth: hci3: command tx timeout [ 91.205173][ T5833] hsr_slave_0: entered promiscuous mode [ 91.211596][ T5833] hsr_slave_1: entered promiscuous mode [ 91.218019][ T5833] debugfs: 'hsr0' already exists in 'hsr' [ 91.223766][ T5833] Cannot create hsr debugfs directory [ 91.231963][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.239139][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.265641][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.286628][ T5144] Bluetooth: hci2: command tx timeout [ 91.301810][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.310809][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.337078][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.514702][ T5832] hsr_slave_0: entered promiscuous mode [ 91.521255][ T5832] hsr_slave_1: entered promiscuous mode [ 91.527636][ T5832] debugfs: 'hsr0' already exists in 'hsr' [ 91.533377][ T5832] Cannot create hsr debugfs directory [ 91.599308][ T5822] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 91.628052][ T5822] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 91.667230][ T5822] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 91.684311][ T5822] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 91.782156][ T5826] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 91.793720][ T5826] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 91.836831][ T5826] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 91.847344][ T5826] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 91.977466][ T5833] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 92.010003][ T5833] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 92.022779][ T5833] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 92.063288][ T5833] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 92.162567][ T5832] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 92.175614][ T5832] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 92.199588][ T5832] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 92.210543][ T5832] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 92.229264][ T9] cfg80211: failed to load regulatory.db [ 92.274223][ T5826] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.287331][ T5822] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.346142][ T5822] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.369365][ T5826] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.382070][ T77] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.389666][ T77] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.399560][ T77] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.406789][ T77] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.439673][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.446927][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.498132][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.505345][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.562835][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.671439][ T5833] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.695623][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.728787][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.736022][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.795048][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.802323][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.838900][ T5832] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.899794][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.906987][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.946715][ T5144] Bluetooth: hci0: command tx timeout [ 92.973162][ T2929] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.980346][ T2929] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.039680][ T5833] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 93.083970][ T5822] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.106866][ T5144] Bluetooth: hci1: command tx timeout [ 93.274336][ T5144] Bluetooth: hci3: command tx timeout [ 93.302091][ T5826] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.346300][ T5144] Bluetooth: hci2: command tx timeout [ 93.371167][ T5822] veth0_vlan: entered promiscuous mode [ 93.444552][ T5822] veth1_vlan: entered promiscuous mode [ 93.485351][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.510802][ T5826] veth0_vlan: entered promiscuous mode [ 93.539958][ T5826] veth1_vlan: entered promiscuous mode [ 93.647393][ T5822] veth0_macvtap: entered promiscuous mode [ 93.680827][ T5822] veth1_macvtap: entered promiscuous mode [ 93.717514][ T5826] veth0_macvtap: entered promiscuous mode [ 93.738247][ T5833] veth0_vlan: entered promiscuous mode [ 93.746569][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.755494][ T5826] veth1_macvtap: entered promiscuous mode [ 93.778137][ T5833] veth1_vlan: entered promiscuous mode [ 93.786980][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.800036][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.839318][ T127] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.849433][ T127] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.866880][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.879117][ T127] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.888486][ T127] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.913377][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.960144][ T36] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.970509][ T36] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.000325][ T5833] veth0_macvtap: entered promiscuous mode [ 94.011522][ T36] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.023285][ T36] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.052230][ T5832] veth0_vlan: entered promiscuous mode [ 94.065156][ T5833] veth1_macvtap: entered promiscuous mode [ 94.109176][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.121531][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.158816][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.167143][ T5832] veth1_vlan: entered promiscuous mode [ 94.214142][ T127] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.222470][ T127] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.240327][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.298239][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.314805][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.323023][ T85] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.347768][ T85] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.359500][ T5822] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 94.383417][ T85] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.396661][ T85] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.493740][ T5832] veth0_macvtap: entered promiscuous mode [ 94.514936][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.530149][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.556967][ T5832] veth1_macvtap: entered promiscuous mode [ 94.674000][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.691676][ T5916] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5'. [ 94.714766][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.727274][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.800308][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.871380][ T85] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.880977][ T85] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.896933][ T5916] Zero length message leads to an empty skb [ 94.904314][ T5920] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 94.905999][ T85] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.943306][ T85] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.972690][ T85] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.007518][ T85] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.027346][ T5144] Bluetooth: hci0: command tx timeout [ 95.186986][ T5144] Bluetooth: hci1: command tx timeout [ 95.204786][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.240917][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.322515][ T5928] netlink: 342 bytes leftover after parsing attributes in process `syz.0.6'. [ 95.346180][ T5144] Bluetooth: hci3: command tx timeout [ 95.378297][ T85] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.405452][ T85] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.426351][ T5144] Bluetooth: hci2: command tx timeout [ 95.451045][ T5930] NFSD: Failed to start, no listeners configured. [ 96.537359][ T5956] usb usb3: usbfs: process 5956 (syz.0.13) did not claim interface 0 before use [ 97.106402][ T5144] Bluetooth: hci0: command tx timeout [ 97.182808][ T5981] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 97.266371][ T5144] Bluetooth: hci1: command tx timeout [ 97.303091][ T5983] delete_channel: no stack [ 97.427085][ T5144] Bluetooth: hci3: command tx timeout [ 97.507125][ T5144] Bluetooth: hci2: command tx timeout [ 97.737565][ T5959] syz.3.12 (5959) used greatest stack depth: 16792 bytes left [ 97.753880][ T6004] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 98.140350][ T6012] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 98.387811][ T6017] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 98.557268][ T6020] FAULT_INJECTION: forcing a failure. [ 98.557268][ T6020] name failslab, interval 1, probability 0, space 0, times 0 [ 98.674740][ T6020] CPU: 1 UID: 0 PID: 6020 Comm: syz.2.26 Tainted: G L syzkaller #0 PREEMPT(full) [ 98.674792][ T6020] Tainted: [L]=SOFTLOCKUP [ 98.674803][ T6020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 98.674821][ T6020] Call Trace: [ 98.674832][ T6020] [ 98.674843][ T6020] dump_stack_lvl+0x100/0x190 [ 98.674898][ T6020] should_fail_ex.cold+0x5/0xa [ 98.674937][ T6020] should_failslab+0xc2/0x120 [ 98.675070][ T6020] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 98.675119][ T6020] ? __alloc_skb+0x140/0x710 [ 98.675174][ T6020] __alloc_skb+0x140/0x710 [ 98.675215][ T6020] ? __alloc_skb+0x5b7/0x710 [ 98.675260][ T6020] ? __pfx___alloc_skb+0x10/0x10 [ 98.675304][ T6020] ? genl_rcv_msg+0x4be/0x800 [ 98.675352][ T6020] netlink_ack+0x117/0xb80 [ 98.675395][ T6020] netlink_rcv_skb+0x333/0x420 [ 98.675429][ T6020] ? __pfx_genl_rcv_msg+0x10/0x10 [ 98.675468][ T6020] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 98.675518][ T6020] ? netlink_deliver_tap+0x1ae/0xcc0 [ 98.675576][ T6020] genl_rcv+0x28/0x40 [ 98.675610][ T6020] netlink_unicast+0x5aa/0x870 [ 98.675649][ T6020] ? __pfx_netlink_unicast+0x10/0x10 [ 98.675687][ T6020] ? __pfx___might_resched+0x10/0x10 [ 98.675728][ T6020] ? __pfx_futex_wake_mark+0x10/0x10 [ 98.675784][ T6020] netlink_sendmsg+0x8b0/0xda0 [ 98.675821][ T6020] ? __pfx_netlink_sendmsg+0x10/0x10 [ 98.675855][ T6020] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 98.675894][ T6020] __sys_sendto+0x468/0x4b0 [ 98.675934][ T6020] ? __pfx_netlink_sendmsg+0x10/0x10 [ 98.675981][ T6020] ? __pfx___sys_sendto+0x10/0x10 [ 98.676040][ T6020] ? __sys_bind+0x1c7/0x260 [ 98.676099][ T6020] ? xfd_validate_state+0x129/0x190 [ 98.676156][ T6020] __x64_sys_sendto+0xe0/0x1c0 [ 98.676200][ T6020] ? do_syscall_64+0x95/0xf80 [ 98.676229][ T6020] ? lockdep_hardirqs_on+0x78/0x100 [ 98.676260][ T6020] do_syscall_64+0x106/0xf80 [ 98.676289][ T6020] ? clear_bhb_loop+0x40/0x90 [ 98.676328][ T6020] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 98.676360][ T6020] RIP: 0033:0x7ff3d115d04e [ 98.676387][ T6020] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 98.676412][ T6020] RSP: 002b:00007ff3d1f93e88 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 98.676439][ T6020] RAX: ffffffffffffffda RBX: 00007ff3d1f956c0 RCX: 00007ff3d115d04e [ 98.676458][ T6020] RDX: 0000000000000020 RSI: 00007ff3d1f94000 RDI: 0000000000000008 [ 98.676475][ T6020] RBP: 0000000000000000 R08: 00007ff3d1f93f04 R09: 000000000000000c [ 98.676491][ T6020] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 98.676508][ T6020] R13: 00007ff3d1f93f58 R14: 00007ff3d1f94000 R15: 0000000000000000 [ 98.676547][ T6020] [ 99.670531][ T6039] process 'syz.1.28' launched ':,' with NULL argv: empty string added [ 100.001109][ T5144] Bluetooth: hci3: unexpected event 0x3e length: 508 > 260 [ 100.001153][ T5144] Bluetooth: hci3: unexpected subevent 0x02 length: 507 > 260 [ 100.025975][ T5144] Bluetooth: hci3: Dropping invalid advertising data [ 100.033707][ T5144] Bluetooth: hci3: unknown advertising packet type: 0xe9 [ 100.033752][ T5144] Bluetooth: hci3: Dropping invalid advertising data [ 100.048121][ T5144] Bluetooth: hci3: Malformed LE Event: 0x02 [ 102.330542][ T6062] netlink: 334 bytes leftover after parsing attributes in process `syz.0.34'. [ 102.579550][ T6084] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 102.622545][ T6084] FAULT_INJECTION: forcing a failure. [ 102.622545][ T6084] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 102.656194][ T6084] CPU: 0 UID: 0 PID: 6084 Comm: syz.0.38 Tainted: G L syzkaller #0 PREEMPT(full) [ 102.656243][ T6084] Tainted: [L]=SOFTLOCKUP [ 102.656253][ T6084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 102.656269][ T6084] Call Trace: [ 102.656279][ T6084] [ 102.656290][ T6084] dump_stack_lvl+0x100/0x190 [ 102.656340][ T6084] should_fail_ex.cold+0x5/0xa [ 102.656374][ T6084] _copy_to_user+0x32/0xd0 [ 102.656414][ T6084] put_user_ifreq+0x72/0xc0 [ 102.656449][ T6084] sock_do_ioctl+0x233/0x280 [ 102.656484][ T6084] ? __pfx_sock_do_ioctl+0x10/0x10 [ 102.656525][ T6084] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 102.656579][ T6084] sock_ioctl+0x599/0x6b0 [ 102.656619][ T6084] ? __pfx_sock_ioctl+0x10/0x10 [ 102.656656][ T6084] ? hook_file_ioctl_common+0x146/0x410 [ 102.656704][ T6084] ? __fget_files+0x21f/0x3d0 [ 102.656742][ T6084] ? __pfx_sock_ioctl+0x10/0x10 [ 102.656784][ T6084] __x64_sys_ioctl+0x18e/0x210 [ 102.656833][ T6084] do_syscall_64+0x106/0xf80 [ 102.656864][ T6084] ? clear_bhb_loop+0x40/0x90 [ 102.656902][ T6084] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 102.656932][ T6084] RIP: 0033:0x7f440879c819 [ 102.656959][ T6084] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 102.656986][ T6084] RSP: 002b:00007f440972f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 102.657015][ T6084] RAX: ffffffffffffffda RBX: 00007f4408a15fa0 RCX: 00007f440879c819 [ 102.657034][ T6084] RDX: 0000200000000000 RSI: 0000000000008933 RDI: 0000000000000007 [ 102.657052][ T6084] RBP: 00007f4408832c91 R08: 0000000000000000 R09: 0000000000000000 [ 102.657070][ T6084] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 102.657087][ T6084] R13: 00007f4408a16038 R14: 00007f4408a15fa0 R15: 00007ffd0c5b7b18 [ 102.657127][ T6084] [ 103.063641][ T6088] FAULT_INJECTION: forcing a failure. [ 103.063641][ T6088] name failslab, interval 1, probability 0, space 0, times 0 [ 103.118424][ T6088] CPU: 0 UID: 0 PID: 6088 Comm: syz.3.40 Tainted: G L syzkaller #0 PREEMPT(full) [ 103.118470][ T6088] Tainted: [L]=SOFTLOCKUP [ 103.118480][ T6088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 103.118497][ T6088] Call Trace: [ 103.118506][ T6088] [ 103.118518][ T6088] dump_stack_lvl+0x100/0x190 [ 103.118569][ T6088] should_fail_ex.cold+0x5/0xa [ 103.118606][ T6088] should_failslab+0xc2/0x120 [ 103.118641][ T6088] __kmalloc_cache_noprof+0x7a/0x6f0 [ 103.118682][ T6088] ? __kthread_create_on_node+0xce/0x3f0 [ 103.118718][ T6088] ? lockdep_init_map_type+0x5c/0x250 [ 103.118767][ T6088] ? __pfx_dvb_frontend_thread+0x10/0x10 [ 103.118799][ T6088] __kthread_create_on_node+0xce/0x3f0 [ 103.118838][ T6088] ? __pfx___kthread_create_on_node+0x10/0x10 [ 103.118875][ T6088] ? trace_contention_end+0x140/0x180 [ 103.118927][ T6088] ? dvb_frontend_open+0x5b8/0x16d0 [ 103.118957][ T6088] ? __lock_acquire+0x4a5/0x2630 [ 103.118998][ T6088] ? __pfx_dvb_frontend_thread+0x10/0x10 [ 103.119033][ T6088] kthread_create_on_node+0xc7/0x100 [ 103.119070][ T6088] ? __pfx_kthread_create_on_node+0x10/0x10 [ 103.119115][ T6088] ? mark_held_locks+0x40/0x70 [ 103.119152][ T6088] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 103.119196][ T6088] ? lockdep_hardirqs_on+0x78/0x100 [ 103.119242][ T6088] dvb_frontend_open+0x10a4/0x16d0 [ 103.119279][ T6088] ? kobject_get_unless_zero+0x156/0x200 [ 103.119318][ T6088] ? __pfx_dvb_frontend_open+0x10/0x10 [ 103.119353][ T6088] dvb_device_open+0x270/0x3b0 [ 103.119387][ T6088] ? __pfx_dvb_device_open+0x10/0x10 [ 103.119419][ T6088] chrdev_open+0x234/0x6a0 [ 103.119452][ T6088] ? __pfx_apparmor_file_open+0x10/0x10 [ 103.119487][ T6088] ? __pfx_chrdev_open+0x10/0x10 [ 103.119521][ T6088] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 103.119564][ T6088] do_dentry_open+0x6d8/0x1660 [ 103.119595][ T6088] ? __pfx_chrdev_open+0x10/0x10 [ 103.119637][ T6088] vfs_open+0x82/0x3f0 [ 103.119677][ T6088] path_openat+0x208c/0x31a0 [ 103.119725][ T6088] ? __pfx_path_openat+0x10/0x10 [ 103.119769][ T6088] do_file_open+0x20e/0x430 [ 103.119809][ T6088] ? __pfx_do_file_open+0x10/0x10 [ 103.119868][ T6088] ? alloc_fd+0x476/0x790 [ 103.119902][ T6088] ? do_getname+0x191/0x390 [ 103.119943][ T6088] do_sys_openat2+0x10d/0x1e0 [ 103.119980][ T6088] ? __pfx_do_sys_openat2+0x10/0x10 [ 103.120034][ T6088] __x64_sys_openat+0x12d/0x210 [ 103.120076][ T6088] ? __pfx___x64_sys_openat+0x10/0x10 [ 103.120133][ T6088] do_syscall_64+0x106/0xf80 [ 103.120162][ T6088] ? clear_bhb_loop+0x40/0x90 [ 103.120198][ T6088] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.120237][ T6088] RIP: 0033:0x7fa8e8d9c819 [ 103.120264][ T6088] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 103.120293][ T6088] RSP: 002b:00007fa8e9c20028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 103.120322][ T6088] RAX: ffffffffffffffda RBX: 00007fa8e9015fa0 RCX: 00007fa8e8d9c819 [ 103.120339][ T6088] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 103.120355][ T6088] RBP: 00007fa8e8e32c91 R08: 0000000000000000 R09: 0000000000000000 [ 103.120372][ T6088] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 103.120387][ T6088] R13: 00007fa8e9016038 R14: 00007fa8e9015fa0 R15: 00007fff61680e78 [ 103.120425][ T6088] [ 103.120444][ T6088] i2c i2c-0: dvb_frontend_start: failed to start kthread (-12) [ 103.907825][ T6110] FAULT_INJECTION: forcing a failure. [ 103.907825][ T6110] name failslab, interval 1, probability 0, space 0, times 0 [ 103.957581][ T6110] CPU: 1 UID: 0 PID: 6110 Comm: syz.2.46 Tainted: G L syzkaller #0 PREEMPT(full) [ 103.957631][ T6110] Tainted: [L]=SOFTLOCKUP [ 103.957642][ T6110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 103.957659][ T6110] Call Trace: [ 103.957669][ T6110] [ 103.957680][ T6110] dump_stack_lvl+0x100/0x190 [ 103.957731][ T6110] should_fail_ex.cold+0x5/0xa [ 103.957769][ T6110] ? tomoyo_realpath_from_path+0xb6/0x690 [ 103.957814][ T6110] should_failslab+0xc2/0x120 [ 103.957855][ T6110] __kmalloc_noprof+0xe0/0x850 [ 103.957912][ T6110] tomoyo_realpath_from_path+0xb6/0x690 [ 103.957964][ T6110] tomoyo_path_number_perm+0x23c/0x580 [ 103.958001][ T6110] ? tomoyo_path_number_perm+0x22e/0x580 [ 103.958042][ T6110] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 103.958079][ T6110] ? futex_wake+0x1ad/0x530 [ 103.958166][ T6110] ? find_held_lock+0x2b/0x80 [ 103.958204][ T6110] ? __fget_files+0x215/0x3d0 [ 103.958233][ T6110] ? hook_file_ioctl_common+0x146/0x410 [ 103.958282][ T6110] ? __fget_files+0x21f/0x3d0 [ 103.958321][ T6110] security_file_ioctl+0xd3/0x230 [ 103.958363][ T6110] __x64_sys_ioctl+0xb7/0x210 [ 103.958413][ T6110] do_syscall_64+0x106/0xf80 [ 103.958444][ T6110] ? clear_bhb_loop+0x40/0x90 [ 103.958482][ T6110] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.958514][ T6110] RIP: 0033:0x7ff3d119c819 [ 103.958540][ T6110] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 103.958568][ T6110] RSP: 002b:00007ff3d1f95028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 103.958598][ T6110] RAX: ffffffffffffffda RBX: 00007ff3d1415fa0 RCX: 00007ff3d119c819 [ 103.958617][ T6110] RDX: 0000200000000000 RSI: 0000000000008933 RDI: 0000000000000007 [ 103.958635][ T6110] RBP: 00007ff3d1232c91 R08: 0000000000000000 R09: 0000000000000000 [ 103.958653][ T6110] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 103.958670][ T6110] R13: 00007ff3d1416038 R14: 00007ff3d1415fa0 R15: 00007ffcb08ca518 [ 103.958711][ T6110] [ 103.961325][ T6110] ERROR: Out of memory at tomoyo_realpath_from_path. [ 104.465864][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 105.976676][ T6166] vhci_hcd vhci_hcd.2: invalid port number 111 [ 105.983083][ T6166] vhci_hcd vhci_hcd.2: default hub control req: a356 va1b7 i006f l230 [ 106.681065][ T6176] binder: 6160:6176 ioctl 40086602 e20 returned -22 [ 107.348147][ T6180] FAULT_INJECTION: forcing a failure. [ 107.348147][ T6180] name failslab, interval 1, probability 0, space 0, times 0 [ 107.379338][ T6180] CPU: 1 UID: 0 PID: 6180 Comm: syz.1.59 Tainted: G L syzkaller #0 PREEMPT(full) [ 107.379386][ T6180] Tainted: [L]=SOFTLOCKUP [ 107.379397][ T6180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 107.379415][ T6180] Call Trace: [ 107.379425][ T6180] [ 107.379437][ T6180] dump_stack_lvl+0x100/0x190 [ 107.379490][ T6180] should_fail_ex.cold+0x5/0xa [ 107.379529][ T6180] should_failslab+0xc2/0x120 [ 107.379566][ T6180] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 107.379613][ T6180] ? __kernfs_new_node+0xd2/0x960 [ 107.379668][ T6180] __kernfs_new_node+0xd2/0x960 [ 107.379716][ T6180] ? kernfs_add_one+0x214/0x850 [ 107.379746][ T6180] ? __pfx___kernfs_new_node+0x10/0x10 [ 107.379803][ T6180] ? find_held_lock+0x2b/0x80 [ 107.379835][ T6180] ? kernfs_root+0xee/0x2a0 [ 107.379879][ T6180] ? kernfs_root+0xee/0x2a0 [ 107.379934][ T6180] kernfs_new_node+0x11b/0x1a0 [ 107.379982][ T6180] kernfs_create_link+0xcc/0x240 [ 107.380024][ T6180] sysfs_do_create_link_sd+0x90/0x140 [ 107.380073][ T6180] sysfs_create_link+0x61/0xc0 [ 107.380118][ T6180] device_add+0x553/0x1950 [ 107.380165][ T6180] ? __pfx_device_add+0x10/0x10 [ 107.380204][ T6180] ? lockdep_init_map_type+0x5c/0x250 [ 107.380247][ T6180] ? __init_waitqueue_head+0xca/0x150 [ 107.380306][ T6180] rfkill_register+0x1ad/0xb30 [ 107.380354][ T6180] nfc_register_device+0x11f/0x3e0 [ 107.380409][ T6180] nci_register_device+0x7f1/0xb80 [ 107.380454][ T6180] ? __pfx_nci_register_device+0x10/0x10 [ 107.380503][ T6180] ? lockdep_init_map_type+0x5c/0x250 [ 107.380554][ T6180] virtual_ncidev_open+0x141/0x220 [ 107.380603][ T6180] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 107.380649][ T6180] misc_open+0x26d/0x450 [ 107.380690][ T6180] ? __pfx_misc_open+0x10/0x10 [ 107.380729][ T6180] chrdev_open+0x234/0x6a0 [ 107.380763][ T6180] ? __pfx_apparmor_file_open+0x10/0x10 [ 107.380796][ T6180] ? __pfx_chrdev_open+0x10/0x10 [ 107.380834][ T6180] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 107.380879][ T6180] do_dentry_open+0x6d8/0x1660 [ 107.380912][ T6180] ? __pfx_chrdev_open+0x10/0x10 [ 107.380965][ T6180] vfs_open+0x82/0x3f0 [ 107.381013][ T6180] path_openat+0x208c/0x31a0 [ 107.381064][ T6180] ? __pfx_path_openat+0x10/0x10 [ 107.381117][ T6180] do_file_open+0x20e/0x430 [ 107.381157][ T6180] ? __pfx_do_file_open+0x10/0x10 [ 107.381222][ T6180] ? alloc_fd+0x476/0x790 [ 107.381260][ T6180] ? do_getname+0x191/0x390 [ 107.381305][ T6180] do_sys_openat2+0x10d/0x1e0 [ 107.381349][ T6180] ? __pfx_do_sys_openat2+0x10/0x10 [ 107.381408][ T6180] __x64_sys_openat+0x12d/0x210 [ 107.381453][ T6180] ? __pfx___x64_sys_openat+0x10/0x10 [ 107.381510][ T6180] do_syscall_64+0x106/0xf80 [ 107.381537][ T6180] ? clear_bhb_loop+0x40/0x90 [ 107.381571][ T6180] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.381599][ T6180] RIP: 0033:0x7f9c2a59c819 [ 107.381626][ T6180] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 107.381652][ T6180] RSP: 002b:00007f9c2b407028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 107.381683][ T6180] RAX: ffffffffffffffda RBX: 00007f9c2a815fa0 RCX: 00007f9c2a59c819 [ 107.381703][ T6180] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 107.381723][ T6180] RBP: 00007f9c2a632c91 R08: 0000000000000000 R09: 0000000000000000 [ 107.381741][ T6180] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 107.381758][ T6180] R13: 00007f9c2a816038 R14: 00007f9c2a815fa0 R15: 00007ffc9a252058 [ 107.381801][ T6180] [ 107.976891][ T6192] FAULT_INJECTION: forcing a failure. [ 107.976891][ T6192] name failslab, interval 1, probability 0, space 0, times 0 [ 108.040031][ T6192] CPU: 0 UID: 0 PID: 6192 Comm: syz.0.61 Tainted: G L syzkaller #0 PREEMPT(full) [ 108.040062][ T6192] Tainted: [L]=SOFTLOCKUP [ 108.040069][ T6192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 108.040079][ T6192] Call Trace: [ 108.040085][ T6192] [ 108.040092][ T6192] dump_stack_lvl+0x100/0x190 [ 108.040124][ T6192] should_fail_ex.cold+0x5/0xa [ 108.040147][ T6192] should_failslab+0xc2/0x120 [ 108.040168][ T6192] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 108.040200][ T6192] ? security_inode_alloc+0x3b/0x2c0 [ 108.040222][ T6192] ? lockdep_init_map_type+0x5c/0x250 [ 108.040249][ T6192] security_inode_alloc+0x3b/0x2c0 [ 108.040270][ T6192] inode_init_always_gfp+0xced/0x1040 [ 108.040293][ T6192] alloc_inode+0x8e/0x250 [ 108.040318][ T6192] sock_alloc+0x44/0x280 [ 108.040335][ T6192] ? security_socket_create+0x7f/0x250 [ 108.040355][ T6192] __sock_create+0xc2/0x860 [ 108.040382][ T6192] __sys_socket+0x14d/0x260 [ 108.040405][ T6192] ? __pfx___sys_socket+0x10/0x10 [ 108.040435][ T6192] __x64_sys_socket+0x72/0xb0 [ 108.040456][ T6192] ? lockdep_hardirqs_on+0x78/0x100 [ 108.040475][ T6192] do_syscall_64+0x106/0xf80 [ 108.040492][ T6192] ? clear_bhb_loop+0x40/0x90 [ 108.040515][ T6192] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.040533][ T6192] RIP: 0033:0x7f440879c819 [ 108.040548][ T6192] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 108.040565][ T6192] RSP: 002b:00007f440972f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 108.040583][ T6192] RAX: ffffffffffffffda RBX: 00007f4408a15fa0 RCX: 00007f440879c819 [ 108.040594][ T6192] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 108.040604][ T6192] RBP: 00007f4408832c91 R08: 0000000000000000 R09: 0000000000000000 [ 108.040614][ T6192] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 108.040623][ T6192] R13: 00007f4408a16038 R14: 00007f4408a15fa0 R15: 00007ffd0c5b7b18 [ 108.040645][ T6192] [ 108.040766][ T6192] socket: no more sockets [ 108.167665][ T6199] FAULT_INJECTION: forcing a failure. [ 108.167665][ T6199] name failslab, interval 1, probability 0, space 0, times 0 [ 108.281552][ T6195] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 108.365910][ T6199] CPU: 0 UID: 0 PID: 6199 Comm: syz.2.62 Tainted: G L syzkaller #0 PREEMPT(full) [ 108.365958][ T6199] Tainted: [L]=SOFTLOCKUP [ 108.365968][ T6199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 108.365983][ T6199] Call Trace: [ 108.365992][ T6199] [ 108.366003][ T6199] dump_stack_lvl+0x100/0x190 [ 108.366055][ T6199] should_fail_ex.cold+0x5/0xa [ 108.366090][ T6199] should_failslab+0xc2/0x120 [ 108.366130][ T6199] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 108.366179][ T6199] ? alloc_empty_file+0x55/0x1c0 [ 108.366238][ T6199] alloc_empty_file+0x55/0x1c0 [ 108.366280][ T6199] alloc_file_pseudo+0x13a/0x230 [ 108.366323][ T6199] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 108.366376][ T6199] __shmem_file_setup+0x221/0x490 [ 108.366420][ T6199] ? __pfx___shmem_file_setup+0x10/0x10 [ 108.366463][ T6199] ? vm_area_alloc+0x1f/0x160 [ 108.366505][ T6199] shmem_zero_setup+0x96/0x1b0 [ 108.366536][ T6199] __mmap_region+0x2198/0x29e0 [ 108.366588][ T6199] ? __pfx___mmap_region+0x10/0x10 [ 108.366629][ T6199] ? process_measurement+0x1f4/0x2350 [ 108.366667][ T6199] ? tomoyo_check_open_permission+0x1db/0x3c0 [ 108.366706][ T6199] ? tomoyo_check_open_permission+0x1db/0x3c0 [ 108.366779][ T6199] ? sched_clock+0x38/0x60 [ 108.366843][ T6199] ? lockdep_hardirqs_on+0x78/0x100 [ 108.366875][ T6199] ? finish_task_switch.isra.0+0x205/0xb80 [ 108.366912][ T6199] ? rcu_is_watching+0x12/0xc0 [ 108.367013][ T6199] ? rcu_is_watching+0x12/0xc0 [ 108.367062][ T6199] ? cap_capable+0x107/0x460 [ 108.367101][ T6199] mmap_region+0x180/0x3e0 [ 108.367185][ T6199] do_mmap+0xc63/0x12f0 [ 108.367246][ T6199] ? __pfx_do_mmap+0x10/0x10 [ 108.367284][ T6199] ? __pfx_down_write_killable+0x10/0x10 [ 108.367330][ T6199] vm_mmap_pgoff+0x29e/0x470 [ 108.367376][ T6199] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 108.367417][ T6199] ? do_futex+0x192/0x350 [ 108.367461][ T6199] ? __pfx_do_futex+0x10/0x10 [ 108.367511][ T6199] ksys_mmap_pgoff+0xe1/0x650 [ 108.367547][ T6199] ? __x64_sys_futex+0x34f/0x4d0 [ 108.367586][ T6199] ? __x64_sys_futex+0x358/0x4d0 [ 108.367629][ T6199] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 108.367664][ T6199] ? xfd_validate_state+0x129/0x190 [ 108.367717][ T6199] __x64_sys_mmap+0x125/0x190 [ 108.367769][ T6199] do_syscall_64+0x106/0xf80 [ 108.367799][ T6199] ? clear_bhb_loop+0x40/0x90 [ 108.367837][ T6199] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.367869][ T6199] RIP: 0033:0x7ff3d119c819 [ 108.367895][ T6199] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 108.367924][ T6199] RSP: 002b:00007ff3cf3f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 108.367953][ T6199] RAX: ffffffffffffffda RBX: 00007ff3d1416180 RCX: 00007ff3d119c819 [ 108.367973][ T6199] RDX: 00000000000000df RSI: 00000000000000c7 RDI: 0000000000000000 [ 108.367991][ T6199] RBP: 00007ff3d1232c91 R08: 0000000000000401 R09: 0000000000008000 [ 108.368009][ T6199] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 108.368026][ T6199] R13: 00007ff3d1416218 R14: 00007ff3d1416180 R15: 00007ffcb08ca518 [ 108.368068][ T6199] [ 109.272180][ T6209] FAULT_INJECTION: forcing a failure. [ 109.272180][ T6209] name failslab, interval 1, probability 0, space 0, times 0 [ 109.286478][ T6209] CPU: 1 UID: 0 PID: 6209 Comm: syz.3.65 Tainted: G L syzkaller #0 PREEMPT(full) [ 109.286510][ T6209] Tainted: [L]=SOFTLOCKUP [ 109.286516][ T6209] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 109.286526][ T6209] Call Trace: [ 109.286533][ T6209] [ 109.286540][ T6209] dump_stack_lvl+0x100/0x190 [ 109.286573][ T6209] should_fail_ex.cold+0x5/0xa [ 109.286597][ T6209] should_failslab+0xc2/0x120 [ 109.286619][ T6209] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 109.286637][ T6209] ? __kthread_create_on_node+0x186/0x3f0 [ 109.286665][ T6209] kvasprintf+0xbc/0x150 [ 109.286689][ T6209] ? __pfx_kvasprintf+0x10/0x10 [ 109.286721][ T6209] ? __pfx_dvb_frontend_thread+0x10/0x10 [ 109.286740][ T6209] __kthread_create_on_node+0x186/0x3f0 [ 109.286764][ T6209] ? __pfx___kthread_create_on_node+0x10/0x10 [ 109.286785][ T6209] ? trace_contention_end+0x140/0x180 [ 109.286816][ T6209] ? dvb_frontend_open+0x5b8/0x16d0 [ 109.286834][ T6209] ? __lock_acquire+0x4a5/0x2630 [ 109.286859][ T6209] ? __pfx_dvb_frontend_thread+0x10/0x10 [ 109.286879][ T6209] kthread_create_on_node+0xc7/0x100 [ 109.286901][ T6209] ? __pfx_kthread_create_on_node+0x10/0x10 [ 109.286928][ T6209] ? mark_held_locks+0x40/0x70 [ 109.286951][ T6209] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 109.286980][ T6209] ? lockdep_hardirqs_on+0x78/0x100 [ 109.287002][ T6209] dvb_frontend_open+0x10a4/0x16d0 [ 109.287024][ T6209] ? kobject_get_unless_zero+0x156/0x200 [ 109.287047][ T6209] ? __pfx_dvb_frontend_open+0x10/0x10 [ 109.287066][ T6209] dvb_device_open+0x270/0x3b0 [ 109.287086][ T6209] ? __pfx_dvb_device_open+0x10/0x10 [ 109.287105][ T6209] chrdev_open+0x234/0x6a0 [ 109.287134][ T6209] ? __pfx_apparmor_file_open+0x10/0x10 [ 109.287155][ T6209] ? __pfx_chrdev_open+0x10/0x10 [ 109.287184][ T6209] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 109.287210][ T6209] do_dentry_open+0x6d8/0x1660 [ 109.287229][ T6209] ? __pfx_chrdev_open+0x10/0x10 [ 109.287254][ T6209] vfs_open+0x82/0x3f0 [ 109.287281][ T6209] path_openat+0x208c/0x31a0 [ 109.287308][ T6209] ? __pfx_path_openat+0x10/0x10 [ 109.287338][ T6209] do_file_open+0x20e/0x430 [ 109.287360][ T6209] ? __pfx_do_file_open+0x10/0x10 [ 109.287396][ T6209] ? alloc_fd+0x476/0x790 [ 109.287417][ T6209] ? do_getname+0x191/0x390 [ 109.287443][ T6209] do_sys_openat2+0x10d/0x1e0 [ 109.287467][ T6209] ? __pfx_do_sys_openat2+0x10/0x10 [ 109.287500][ T6209] __x64_sys_openat+0x12d/0x210 [ 109.287526][ T6209] ? __pfx___x64_sys_openat+0x10/0x10 [ 109.287559][ T6209] do_syscall_64+0x106/0xf80 [ 109.287576][ T6209] ? clear_bhb_loop+0x40/0x90 [ 109.287599][ T6209] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.287618][ T6209] RIP: 0033:0x7fa8e8d9c819 [ 109.287634][ T6209] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 109.287650][ T6209] RSP: 002b:00007fa8e9c20028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 109.287668][ T6209] RAX: ffffffffffffffda RBX: 00007fa8e9015fa0 RCX: 00007fa8e8d9c819 [ 109.287680][ T6209] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 109.287690][ T6209] RBP: 00007fa8e8e32c91 R08: 0000000000000000 R09: 0000000000000000 [ 109.287700][ T6209] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 109.287710][ T6209] R13: 00007fa8e9016038 R14: 00007fa8e9015fa0 R15: 00007fff61680e78 [ 109.287732][ T6209] [ 109.287759][ T6209] i2c i2c-0: dvb_frontend_start: failed to start kthread (-12) [ 109.785835][ T30] audit: type=1800 audit(1775255845.353:2): pid=6214 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.67" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 109.851985][ T6214] raw_sendmsg: syz.0.67 forgot to set AF_INET. Fix it! [ 111.533366][ T6240] FAULT_INJECTION: forcing a failure. [ 111.533366][ T6240] name failslab, interval 1, probability 0, space 0, times 0 [ 111.574947][ T6240] CPU: 1 UID: 0 PID: 6240 Comm: syz.2.74 Tainted: G L syzkaller #0 PREEMPT(full) [ 111.574998][ T6240] Tainted: [L]=SOFTLOCKUP [ 111.575007][ T6240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 111.575024][ T6240] Call Trace: [ 111.575034][ T6240] [ 111.575054][ T6240] dump_stack_lvl+0x100/0x190 [ 111.575108][ T6240] should_fail_ex.cold+0x5/0xa [ 111.575145][ T6240] ? tomoyo_realpath_from_path+0xb6/0x690 [ 111.575188][ T6240] should_failslab+0xc2/0x120 [ 111.575223][ T6240] __kmalloc_noprof+0xe0/0x850 [ 111.575308][ T6240] tomoyo_realpath_from_path+0xb6/0x690 [ 111.575365][ T6240] tomoyo_path_number_perm+0x23c/0x580 [ 111.575404][ T6240] ? tomoyo_path_number_perm+0x22e/0x580 [ 111.575443][ T6240] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 111.575478][ T6240] ? futex_wait+0x125/0x380 [ 111.575565][ T6240] ? find_held_lock+0x2b/0x80 [ 111.575595][ T6240] ? __fget_files+0x215/0x3d0 [ 111.575623][ T6240] ? hook_file_ioctl_common+0x146/0x410 [ 111.575671][ T6240] ? __fget_files+0x21f/0x3d0 [ 111.575709][ T6240] security_file_ioctl+0xd3/0x230 [ 111.575756][ T6240] __x64_sys_ioctl+0xb7/0x210 [ 111.575806][ T6240] do_syscall_64+0x106/0xf80 [ 111.575838][ T6240] ? clear_bhb_loop+0x40/0x90 [ 111.575877][ T6240] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.575909][ T6240] RIP: 0033:0x7ff3d119c819 [ 111.575935][ T6240] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 111.575963][ T6240] RSP: 002b:00007ff3d1f95028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 111.575991][ T6240] RAX: ffffffffffffffda RBX: 00007ff3d1415fa0 RCX: 00007ff3d119c819 [ 111.576009][ T6240] RDX: 0000200000000000 RSI: 0000000000008933 RDI: 0000000000000007 [ 111.576028][ T6240] RBP: 00007ff3d1232c91 R08: 0000000000000000 R09: 0000000000000000 [ 111.576045][ T6240] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 111.576061][ T6240] R13: 00007ff3d1416038 R14: 00007ff3d1415fa0 R15: 00007ffcb08ca518 [ 111.576102][ T6240] [ 111.576115][ T6240] ERROR: Out of memory at tomoyo_realpath_from_path. [ 112.511532][ T6266] ================================================================== [ 112.519770][ T6266] BUG: KASAN: slab-use-after-free in dvb_device_open+0x33f/0x3b0 [ 112.527543][ T6266] Read of size 8 at addr ffff88802c4c3418 by task syz.3.77/6266 [ 112.535334][ T6266] [ 112.537759][ T6266] CPU: 1 UID: 0 PID: 6266 Comm: syz.3.77 Tainted: G L syzkaller #0 PREEMPT(full) [ 112.537807][ T6266] Tainted: [L]=SOFTLOCKUP [ 112.537819][ T6266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 112.537838][ T6266] Call Trace: [ 112.537848][ T6266] [ 112.537860][ T6266] dump_stack_lvl+0x100/0x190 [ 112.537911][ T6266] print_report+0x156/0x4c9 [ 112.537962][ T6266] ? __virt_addr_valid+0x81/0x620 [ 112.538001][ T6266] ? __phys_addr+0xe8/0x180 [ 112.538041][ T6266] ? dvb_device_open+0x33f/0x3b0 [ 112.538073][ T6266] kasan_report+0xdf/0x1e0 [ 112.538108][ T6266] ? dvb_device_open+0x33f/0x3b0 [ 112.538143][ T6266] ? __pfx_dvb_device_open+0x10/0x10 [ 112.538175][ T6266] dvb_device_open+0x33f/0x3b0 [ 112.538206][ T6266] ? __pfx_dvb_device_open+0x10/0x10 [ 112.538239][ T6266] chrdev_open+0x234/0x6a0 [ 112.538271][ T6266] ? __pfx_apparmor_file_open+0x10/0x10 [ 112.538305][ T6266] ? __pfx_chrdev_open+0x10/0x10 [ 112.538339][ T6266] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 112.538378][ T6266] do_dentry_open+0x6d8/0x1660 [ 112.538409][ T6266] ? __pfx_chrdev_open+0x10/0x10 [ 112.538446][ T6266] vfs_open+0x82/0x3f0 [ 112.538486][ T6266] path_openat+0x208c/0x31a0 [ 112.538524][ T6266] ? __pfx_path_openat+0x10/0x10 [ 112.538562][ T6266] do_file_open+0x20e/0x430 [ 112.538596][ T6266] ? __pfx_do_file_open+0x10/0x10 [ 112.538641][ T6266] ? alloc_fd+0x476/0x790 [ 112.538674][ T6266] ? do_getname+0x191/0x390 [ 112.538714][ T6266] do_sys_openat2+0x10d/0x1e0 [ 112.538755][ T6266] ? __pfx_do_sys_openat2+0x10/0x10 [ 112.538804][ T6266] __x64_sys_openat+0x12d/0x210 [ 112.538846][ T6266] ? __pfx___x64_sys_openat+0x10/0x10 [ 112.538895][ T6266] do_syscall_64+0x106/0xf80 [ 112.538925][ T6266] ? clear_bhb_loop+0x40/0x90 [ 112.538969][ T6266] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.539000][ T6266] RIP: 0033:0x7fa8e8d9c819 [ 112.539025][ T6266] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 112.539056][ T6266] RSP: 002b:00007fa8e9c20028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 112.539086][ T6266] RAX: ffffffffffffffda RBX: 00007fa8e9015fa0 RCX: 00007fa8e8d9c819 [ 112.539106][ T6266] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 112.539125][ T6266] RBP: 00007fa8e8e32c91 R08: 0000000000000000 R09: 0000000000000000 [ 112.539144][ T6266] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 112.539163][ T6266] R13: 00007fa8e9016038 R14: 00007fa8e9015fa0 R15: 00007fff61680e78 [ 112.539190][ T6266] [ 112.539200][ T6266] [ 112.797946][ T6266] Allocated by task 1: [ 112.802056][ T6266] kasan_save_stack+0x30/0x50 [ 112.806795][ T6266] kasan_save_track+0x14/0x30 [ 112.811685][ T6266] __kasan_kmalloc+0xaa/0xb0 [ 112.816316][ T6266] dvb_register_device+0x1d6/0x1e20 [ 112.821557][ T6266] dvb_register_frontend+0x5a8/0x8a0 [ 112.826882][ T6266] vidtv_bridge_probe+0x44b/0xa30 [ 112.831957][ T6266] platform_probe+0x106/0x1d0 [ 112.836687][ T6266] really_probe+0x241/0xa60 [ 112.841227][ T6266] __driver_probe_device+0x1de/0x400 [ 112.846545][ T6266] driver_probe_device+0x4c/0x1b0 [ 112.851612][ T6266] __driver_attach+0x21f/0x5d0 [ 112.856428][ T6266] bus_for_each_dev+0x13e/0x1d0 [ 112.861347][ T6266] bus_add_driver+0x305/0x5b0 [ 112.866071][ T6266] driver_register+0x1e2/0x360 [ 112.870903][ T6266] vidtv_bridge_init+0x38/0x70 [ 112.875716][ T6266] do_one_initcall+0x11d/0x760 [ 112.880528][ T6266] kernel_init_freeable+0x6e5/0x7a0 [ 112.885786][ T6266] kernel_init+0x1f/0x1e0 [ 112.890170][ T6266] ret_from_fork+0x754/0xd80 [ 112.894813][ T6266] ret_from_fork_asm+0x1a/0x30 [ 112.899612][ T6266] [ 112.901969][ T6266] Freed by task 6209: [ 112.905995][ T6266] kasan_save_stack+0x30/0x50 [ 112.910719][ T6266] kasan_save_track+0x14/0x30 [ 112.915452][ T6266] kasan_save_free_info+0x3b/0x70 [ 112.920540][ T6266] __kasan_slab_free+0x5f/0x80 [ 112.925350][ T6266] kfree+0x1f6/0x6b0 [ 112.929347][ T6266] dvb_device_put.part.0+0x57/0x90 [ 112.934493][ T6266] dvb_device_open+0x2ba/0x3b0 [ 112.939289][ T6266] chrdev_open+0x234/0x6a0 [ 112.943740][ T6266] do_dentry_open+0x6d8/0x1660 [ 112.948542][ T6266] vfs_open+0x82/0x3f0 [ 112.952657][ T6266] path_openat+0x208c/0x31a0 [ 112.957286][ T6266] do_file_open+0x20e/0x430 [ 112.961893][ T6266] do_sys_openat2+0x10d/0x1e0 [ 112.966606][ T6266] __x64_sys_openat+0x12d/0x210 [ 112.971948][ T6266] do_syscall_64+0x106/0xf80 [ 112.976586][ T6266] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.982521][ T6266] [ 112.984874][ T6266] The buggy address belongs to the object at ffff88802c4c3400 [ 112.984874][ T6266] which belongs to the cache kmalloc-256 of size 256 [ 112.999049][ T6266] The buggy address is located 24 bytes inside of [ 112.999049][ T6266] freed 256-byte region [ffff88802c4c3400, ffff88802c4c3500) [ 113.012900][ T6266] [ 113.015260][ T6266] The buggy address belongs to the physical page: [ 113.021787][ T6266] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2c4c2 [ 113.030622][ T6266] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 113.039161][ T6266] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 113.046746][ T6266] page_type: f5(slab) [ 113.051206][ T6266] raw: 00fff00000000040 ffff88813fe3ab40 dead000000000122 0000000000000000 [ 113.059915][ T6266] raw: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000 [ 113.068536][ T6266] head: 00fff00000000040 ffff88813fe3ab40 dead000000000122 0000000000000000 [ 113.077258][ T6266] head: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000 [ 113.085963][ T6266] head: 00fff00000000001 ffffea0000b13081 00000000ffffffff 00000000ffffffff [ 113.094641][ T6266] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 113.103309][ T6266] page dumped because: kasan: bad access detected [ 113.109739][ T6266] page_owner tracks the page as allocated [ 113.115489][ T6266] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 19815896523, free_ts 0 [ 113.135305][ T6266] post_alloc_hook+0x153/0x170 [ 113.140100][ T6266] get_page_from_freelist+0x111d/0x3140 [ 113.145677][ T6266] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 113.151671][ T6266] new_slab+0xa6/0x6b0 [ 113.155865][ T6266] refill_objects+0x26b/0x400 [ 113.160623][ T6266] __pcs_replace_empty_main+0x1ab/0x660 [ 113.166186][ T6266] __kmalloc_cache_noprof+0x493/0x6f0 [ 113.171750][ T6266] bus_add_driver+0x92/0x5b0 [ 113.176532][ T6266] driver_register+0x1e2/0x360 [ 113.181311][ T6266] usb_register_driver+0x21c/0x3e0 [ 113.186455][ T6266] do_one_initcall+0x11d/0x760 [ 113.191247][ T6266] kernel_init_freeable+0x6e5/0x7a0 [ 113.196463][ T6266] kernel_init+0x1f/0x1e0 [ 113.200819][ T6266] ret_from_fork+0x754/0xd80 [ 113.205463][ T6266] ret_from_fork_asm+0x1a/0x30 [ 113.210240][ T6266] page_owner free stack trace missing [ 113.215617][ T6266] [ 113.217969][ T6266] Memory state around the buggy address: [ 113.223609][ T6266] ffff88802c4c3300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 113.231674][ T6266] ffff88802c4c3380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 113.240014][ T6266] >ffff88802c4c3400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 113.248072][ T6266] ^ [ 113.252967][ T6266] ffff88802c4c3480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 113.261044][ T6266] ffff88802c4c3500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 113.269210][ T6266] ================================================================== [ 113.280347][ T6266] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 113.287605][ T6266] CPU: 1 UID: 0 PID: 6266 Comm: syz.3.77 Tainted: G L syzkaller #0 PREEMPT(full) [ 113.298309][ T6266] Tainted: [L]=SOFTLOCKUP [ 113.302640][ T6266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 113.312716][ T6266] Call Trace: [ 113.316013][ T6266] [ 113.318962][ T6266] dump_stack_lvl+0x100/0x190 [ 113.323773][ T6266] vpanic+0x552/0x970 [ 113.327791][ T6266] ? __pfx_vpanic+0x10/0x10 [ 113.332321][ T6266] ? dvb_device_open+0x33f/0x3b0 [ 113.337282][ T6266] panic+0xd1/0xe0 [ 113.341025][ T6266] ? __pfx_panic+0x10/0x10 [ 113.345542][ T6266] ? dvb_device_open+0x33f/0x3b0 [ 113.350535][ T6266] ? preempt_schedule_common+0x42/0xc0 [ 113.356120][ T6266] check_panic_on_warn.cold+0x19/0x34 [ 113.361521][ T6266] end_report.part.0+0x3a/0x90 [ 113.366404][ T6266] kasan_report.cold+0xe/0x18 [ 113.371540][ T6266] ? dvb_device_open+0x33f/0x3b0 [ 113.376515][ T6266] ? __pfx_dvb_device_open+0x10/0x10 [ 113.381923][ T6266] dvb_device_open+0x33f/0x3b0 [ 113.386739][ T6266] ? __pfx_dvb_device_open+0x10/0x10 [ 113.392050][ T6266] chrdev_open+0x234/0x6a0 [ 113.396588][ T6266] ? __pfx_apparmor_file_open+0x10/0x10 [ 113.402169][ T6266] ? __pfx_chrdev_open+0x10/0x10 [ 113.407120][ T6266] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 113.413486][ T6266] do_dentry_open+0x6d8/0x1660 [ 113.418288][ T6266] ? __pfx_chrdev_open+0x10/0x10 [ 113.423286][ T6266] vfs_open+0x82/0x3f0 [ 113.427492][ T6266] path_openat+0x208c/0x31a0 [ 113.432124][ T6266] ? __pfx_path_openat+0x10/0x10 [ 113.437111][ T6266] do_file_open+0x20e/0x430 [ 113.441667][ T6266] ? __pfx_do_file_open+0x10/0x10 [ 113.446741][ T6266] ? alloc_fd+0x476/0x790 [ 113.451211][ T6266] ? do_getname+0x191/0x390 [ 113.455766][ T6266] do_sys_openat2+0x10d/0x1e0 [ 113.460667][ T6266] ? __pfx_do_sys_openat2+0x10/0x10 [ 113.465923][ T6266] __x64_sys_openat+0x12d/0x210 [ 113.470928][ T6266] ? __pfx___x64_sys_openat+0x10/0x10 [ 113.476489][ T6266] do_syscall_64+0x106/0xf80 [ 113.481283][ T6266] ? clear_bhb_loop+0x40/0x90 [ 113.486168][ T6266] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.492085][ T6266] RIP: 0033:0x7fa8e8d9c819 [ 113.496514][ T6266] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 113.516438][ T6266] RSP: 002b:00007fa8e9c20028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 113.524935][ T6266] RAX: ffffffffffffffda RBX: 00007fa8e9015fa0 RCX: 00007fa8e8d9c819 [ 113.532922][ T6266] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 113.540996][ T6266] RBP: 00007fa8e8e32c91 R08: 0000000000000000 R09: 0000000000000000 [ 113.548989][ T6266] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 113.556977][ T6266] R13: 00007fa8e9016038 R14: 00007fa8e9015fa0 R15: 00007fff61680e78 [ 113.565166][ T6266] [ 113.568373][ T6266] Kernel Offset: disabled [ 113.572702][ T6266] Rebooting in 86400 seconds..