last executing test programs: 10.82977856s ago: executing program 2 (id=167): syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000d80), 0xffffffffffffffff) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x1eba02, 0x0) setresuid$auto(0x0, 0x0, 0x0) ioctl$auto_BLKALIGNOFF(r0, 0x127a, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x40000008000) sendmsg$auto_NL80211_CMD_GET_MPATH(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x41811}, 0x20000000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) kexec_load$auto(0x5, 0x2, &(0x7f0000000040)={@kbuf=0x0, 0x800c000, 0x4800c000, 0x800c000}, 0x4) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/bond0/bonding/fail_over_mac\x00', 0x103b02, 0x0) sendfile$auto(r3, r3, 0x0, 0x8080000001) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) mmap$auto(0x0, 0x1, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) 10.477855087s ago: executing program 0 (id=169): socket(0xa, 0x5, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop13\x00', 0x60742, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) timer_create$auto(0x0, 0x0, 0x0) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, 0x0, 0x0) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) io_uring_register$auto(0x2, 0x11, &(0x7f0000000180), 0x83) sendmsg$auto_NL80211_CMD_LEAVE_OCB(r1, 0x0, 0x40000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mmap$auto(0x0, 0x4, 0x4000000000e3, 0x40eb1, 0x401, 0x300000000000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/platform/vivid.0/video4linux/video42/power/control\x00', 0xc2902, 0x0) read$auto(r2, 0x0, 0x20) close_range$auto(0x2, 0xa, 0x0) socket(0x2, 0x1, 0x106) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/module/kvm/parameters/nx_huge_pages\x00', 0x80302, 0x0) write$auto(0x3, 0x0, 0xffd8) mbind$auto(0x8000, 0xfa9d, 0x2, &(0x7f0000000280)=0x20000000000000fb, 0x3, 0x1) set_mempolicy_home_node$auto(0x0, 0x2010001, 0x0, 0x0) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_DEL_RADIO(r3, &(0x7f0000001a00)={0x0, 0x0, &(0x7f00000019c0)={&(0x7f0000000080)={0x1c, r4, 0x1, 0x70bd2d, 0x25dfdbfd, {}, [@HWSIM_ATTR_RADIO_ID={0x8, 0xa, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000080}, 0x4000010) 8.355691027s ago: executing program 0 (id=176): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) bpf$auto_BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0)=@bpf_attr_3={0x2b, 0xffff, 0x6, 0x5, 0x9, 0x21, 0x4, 0x8, 0xd, "9cb752c613de1e128a360e822228879b", 0x0, 0xd0, 0xffffffffffffffff, 0x200, 0x0, 0x3, 0x8, 0x9, 0x6, 0x2, @attach_prog_fd=0xffffffffffffffff, 0x0, 0x3, 0x5b, 0x6, 0x6}, 0x40) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/adsp1\x00', 0x2042, 0x0) ioctl$auto_SNDCTL_DSP_SETDUPLEX(r3, 0x5016, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) r4 = open(0x0, 0x161342, 0x100) setdomainname$auto(0x0, 0x7) socket$nl_generic(0x10, 0x3, 0x10) write$auto(r4, &(0x7f0000000000)='\x91\x02', 0x5) unshare$auto(0x40000080) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mremap$auto(0x200000000000, 0x40000000004, 0x4, 0x3, 0x100000000) close_range$auto(0x2, 0x8, 0x0) r5 = memfd_create$auto(0x0, 0xe) r6 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r6, &(0x7f0000000180)='\x05\x00\x00\x00', 0x80000005) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000001c0), r5) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r1, &(0x7f00000005c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000500)={&(0x7f0000000440)={0x6c, r8, 0x2, 0x70bd27, 0x25dfdbfc, {}, [@ETHTOOL_A_CHANNELS_HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x800}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r0}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_batadv\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x67}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x6}]}, @ETHTOOL_A_CHANNELS_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_vlan\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r0}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x45}, 0x0) r9 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000007c0), 0xffffffffffffffff) ioctl$auto_XFS_IOC_PATH_TO_FSHANDLE(r5, 0xc0385868, &(0x7f0000000400)={r5, &(0x7f0000000240)="c099d4f256158c5b4b5d36e15687a9109c95538bdfd31f53bfc13156bb095ef179306bd35f514b7fd0e8f264772180a1003cb7c8ed16ebaa69dbcfe4e6e87f3252f3b3ba79354a5b2926f3cba5efb2f7b6fdba6a46ccf3ae4dd94e457105e25abcb3da080c37f4f68f5ff2e8f8759346d6c96cdd", 0x401, &(0x7f00000002c0)="1a8bceabafbb25d08f652c687c1f388ca9973a14723e848afc3fc44fd9cc23a4b89603b12d88063ffdd227ea32de58512be579d684d96b72a1580da5bf23aabbacbf103c2de01932583065382c323efc52d235b2d34869f90489fde45960c1c17a305669a2a0b6c1d3e82ecbe2789f", 0xffffffff, &(0x7f0000000380)="723ec7b05c47aef595a509fa998c191b8582c5c30bc45e3b0ac2ade296bc0d3e519f8f95dca1f5f03b92c9b8770b796f472642b4cfcb3d03e460c788a47c94e7", &(0x7f00000003c0)=0x9}) sendmsg$auto_ETHTOOL_MSG_TUNNEL_INFO_GET(r7, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)={&(0x7f0000000200)={0x14, r9, 0x705, 0x70bd25, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x880) r10 = syz_genetlink_get_family_id$auto_handshake(&(0x7f00000004c0), 0xffffffffffffffff) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) r11 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/jfs/loglevel\x00', 0x1a9701, 0x0) write$auto(r11, 0x0, 0x9) sendmsg$auto_HANDSHAKE_CMD_ACCEPT(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000000c0)={0x14, r10, 0x1, 0x70bd27, 0x25dfdc00}, 0x14}, 0x1, 0x0, 0x0, 0x4002040}, 0x2004881c) listen$auto(r2, 0x5) 7.501875809s ago: executing program 0 (id=179): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) bpf$auto_BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0)=@bpf_attr_3={0x2b, 0xffff, 0x6, 0x5, 0x9, 0x21, 0x4, 0x8, 0xd, "9cb752c613de1e128a360e822228879b", 0x0, 0xd0, 0xffffffffffffffff, 0x200, 0x0, 0x3, 0x8, 0x9, 0x6, 0x2, @attach_prog_fd=0xffffffffffffffff, 0x0, 0x3, 0x5b, 0x6, 0x6}, 0x40) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/adsp1\x00', 0x2042, 0x0) ioctl$auto_SNDCTL_DSP_SETDUPLEX(r3, 0x5016, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) r4 = open(0x0, 0x161342, 0x100) setdomainname$auto(0x0, 0x7) socket$nl_generic(0x10, 0x3, 0x10) write$auto(r4, &(0x7f0000000000)='\x91\x02', 0x5) unshare$auto(0x40000080) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mremap$auto(0x200000000000, 0x40000000004, 0x4, 0x3, 0x100000000) close_range$auto(0x2, 0x8, 0x0) r5 = memfd_create$auto(0x0, 0xe) r6 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r6, &(0x7f0000000180)='\x05\x00\x00\x00', 0x80000005) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000001c0), r5) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r1, &(0x7f00000005c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000500)={&(0x7f0000000440)={0x6c, r8, 0x2, 0x70bd27, 0x25dfdbfc, {}, [@ETHTOOL_A_CHANNELS_HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x800}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r0}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_batadv\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x67}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x6}]}, @ETHTOOL_A_CHANNELS_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_vlan\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r0}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x45}, 0x0) r9 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000007c0), 0xffffffffffffffff) ioctl$auto_XFS_IOC_PATH_TO_FSHANDLE(r5, 0xc0385868, &(0x7f0000000400)={r5, &(0x7f0000000240)="c099d4f256158c5b4b5d36e15687a9109c95538bdfd31f53bfc13156bb095ef179306bd35f514b7fd0e8f264772180a1003cb7c8ed16ebaa69dbcfe4e6e87f3252f3b3ba79354a5b2926f3cba5efb2f7b6fdba6a46ccf3ae4dd94e457105e25abcb3da080c37f4f68f5ff2e8f8759346d6c96cdd", 0x401, &(0x7f00000002c0)="1a8bceabafbb25d08f652c687c1f388ca9973a14723e848afc3fc44fd9cc23a4b89603b12d88063ffdd227ea32de58512be579d684d96b72a1580da5bf23aabbacbf103c2de01932583065382c323efc52d235b2d34869f90489fde45960c1c17a305669a2a0b6c1d3e82ecbe2789fae09ec6bc6c1ad40785e5a3328f48459ff3ef2b49519aa6bbff29d2abd049762df", 0xffffffff, &(0x7f0000000380)="723ec7b05c47aef595a509fa998c191b8582c5c30bc45e3b0ac2ade296bc0d3e519f8f95dca1f5f03b92c9b8770b796f472642b4cfcb3d03e460c788a47c94e7", &(0x7f00000003c0)=0x9}) sendmsg$auto_ETHTOOL_MSG_TUNNEL_INFO_GET(r7, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)={&(0x7f0000000200)={0x14, r9, 0x705, 0x70bd25, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x880) r10 = syz_genetlink_get_family_id$auto_handshake(&(0x7f00000004c0), 0xffffffffffffffff) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) r11 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/jfs/loglevel\x00', 0x1a9701, 0x0) write$auto(r11, 0x0, 0x9) sendmsg$auto_HANDSHAKE_CMD_ACCEPT(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000000c0)={0x14, r10, 0x1, 0x70bd27, 0x25dfdc00}, 0x14}, 0x1, 0x0, 0x0, 0x4002040}, 0x2004881c) listen$auto(r2, 0x5) 7.165958893s ago: executing program 2 (id=181): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) socket(0x1a, 0x1, 0xfffffffe) r1 = open(&(0x7f0000000100)='.\x00', 0x591002, 0x408) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_GET_MSRS(r1, 0x4008ae89, &(0x7f0000001380)={0x2, 0x0, [{0x1a0, 0x400, 0xffffffffffffffff}]}) write$auto(r0, &(0x7f0000000040)='//\xf2\x00', 0x80000000) write$auto(r0, 0x0, 0x2) getrlimit$auto(0x3, 0x0) fdatasync$auto(r0) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) ioctl$auto_BLKZEROOUT(r3, 0x127f, 0x0) r4 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000380)='/dev/snd/controlC2\x00', 0x400, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/035/001\x00', 0x1102, 0x0) write$auto(r4, &(0x7f0000000240)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xc8d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\xc6\x00\x89\te\x8d\a\xfb\\n\x89C:\x84D\x10u\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k\xf4YR\xe6\x02:\xa8\xec\x82\xf9\x8f@\xa2\xa3\xeb\x06\xe7\x8bu\xdc]k:\xd9O\xec\xde\xa3\x9a\xe4\x13\xcb\xe5X\x13\xf4I\xc7\x1f\x92\xbc\x94\xb3\xbf\xf7my*9\x8f\xc6\xbd\x93\x97\xc1Er\x8d\xc0\xc7e\t\xd7HA~\xd1\xc9\x99\xd2\x99\xdb\x98\x1f\xfb\v\x8b\xb3Q\x88\x9a\xeat\xb0x\\%x\xbeLwf@\xd2=K\xe5\xd1\xd8\xb5F}\xcd\x1c\xb0yE\x94\xc1', 0x100000a3d9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8ea182, 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, 0x0, 0x1000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) init_module$auto(0x0, 0xffff9, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/tty/ldiscs\x00', 0x2, 0x0) madvise$auto(0x0, 0x8000000000000000, 0x15) madvise$auto(0x0, 0x2000000080000001, 0x3) 6.420452991s ago: executing program 0 (id=186): mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) r0 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r0, 0x107, 0xf, 0x0, 0x6) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48}) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000000), 0x5a9, &(0x7f0000000100)={0x0, 0x200007}, 0x1, 0x0, 0x6, 0x1}, 0x5}, 0x2000004, 0x100) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'veth1_vlan\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_TSINFO_GET(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)={0x34, r2, 0x936355e497c8b7e5, 0x70bd24, 0x25dddbfc, {}, [@ETHTOOL_A_TSINFO_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvtap0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x4010}, 0x4048800) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000001180)='/dev/input/mice\x00', 0x1a1382, 0x0) ioctl$auto_XFS_IOC_COMMIT_RANGE(0xffffffffffffffff, 0x40585883, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x7, 0x68, 0x5, 0x7c002fa6, [0x2, 0x3, 0x7, 0x6, 0x5, 0x8]}) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r5, 0x0, 0xe8) r6 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000001240)='/proc/thread-self/fail-nth\x00', 0xa0302, 0x0) ioctl$auto_BLKBSZGET(r4, 0x80081270, &(0x7f00000000c0)=0x9) writev$auto(r6, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x5, 0x400008, 0xdf, 0x12, 0xffffffffffffffff, 0x8000) ioctl$auto_FS_IOC_UNRESVSP64(0xffffffffffffffff, 0x4030581e, 0xffffffffffff0001) r7 = socket(0xa, 0x801, 0x84) r8 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/virtual/net/eql/statistics/tx_carrier_errors\x00', 0x800, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r8, &(0x7f0000000000)=""/45, 0x2d) connect$auto(r7, 0x0, 0x54) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) 5.77659602s ago: executing program 2 (id=188): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) bpf$auto_BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0)=@bpf_attr_3={0x2b, 0xffff, 0x6, 0x5, 0x9, 0x21, 0x4, 0x8, 0xd, "9cb752c613de1e128a360e822228879b", 0x0, 0xd0, 0xffffffffffffffff, 0x200, 0x0, 0x3, 0x8, 0x9, 0x6, 0x2, @attach_prog_fd=0xffffffffffffffff, 0x0, 0x3, 0x5b, 0x6, 0x6}, 0x40) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/adsp1\x00', 0x2042, 0x0) ioctl$auto_SNDCTL_DSP_SETDUPLEX(r3, 0x5016, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) r4 = open(0x0, 0x161342, 0x100) setdomainname$auto(0x0, 0x7) socket$nl_generic(0x10, 0x3, 0x10) write$auto(r4, &(0x7f0000000000)='\x91\x02', 0x5) unshare$auto(0x40000080) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mremap$auto(0x200000000000, 0x40000000004, 0x4, 0x3, 0x100000000) close_range$auto(0x2, 0x8, 0x0) r5 = memfd_create$auto(0x0, 0xe) r6 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r6, &(0x7f0000000180)='\x05\x00\x00\x00', 0x80000005) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000001c0), r5) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r1, &(0x7f00000005c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000500)={&(0x7f0000000440)={0x6c, r8, 0x2, 0x70bd27, 0x25dfdbfc, {}, [@ETHTOOL_A_CHANNELS_HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x800}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r0}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_batadv\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x67}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x6}]}, @ETHTOOL_A_CHANNELS_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_vlan\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r0}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x45}, 0x0) r9 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000007c0), 0xffffffffffffffff) ioctl$auto_XFS_IOC_PATH_TO_FSHANDLE(r5, 0xc0385868, &(0x7f0000000400)={r5, &(0x7f0000000240)="c099d4f256158c5b4b5d36e15687a9109c95538bdfd31f53bfc13156bb095ef179306bd35f514b7fd0e8f264772180a1003cb7c8ed16ebaa69dbcfe4e6e87f3252f3b3ba79354a5b2926f3cba5efb2f7b6fdba6a46ccf3ae4dd94e457105e25abcb3da080c37f4f68f5ff2e8f8759346d6c96cdd", 0x401, &(0x7f00000002c0)="1a8bceabafbb25d08f652c687c1f388ca9973a14723e848afc3fc44fd9cc23a4b89603b12d88063ffdd227ea32de58512be579d684d96b72a1580da5bf23aabbacbf103c2de01932583065382c323efc52d235b2d34869f90489fde45960c1c17a305669a2a0b6c1d3e82ecbe2789f", 0xffffffff, &(0x7f0000000380)="723ec7b05c47aef595a509fa998c191b8582c5c30bc45e3b0ac2ade296bc0d3e519f8f95dca1f5f03b92c9b8770b796f472642b4cfcb3d03e460c788a47c94e7", &(0x7f00000003c0)=0x9}) sendmsg$auto_ETHTOOL_MSG_TUNNEL_INFO_GET(r7, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)={&(0x7f0000000200)={0x14, r9, 0x705, 0x70bd25, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x880) r10 = syz_genetlink_get_family_id$auto_handshake(&(0x7f00000004c0), 0xffffffffffffffff) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) r11 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/jfs/loglevel\x00', 0x1a9701, 0x0) write$auto(r11, 0x0, 0x9) sendmsg$auto_HANDSHAKE_CMD_ACCEPT(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000000c0)={0x14, r10, 0x1, 0x70bd27, 0x25dfdc00}, 0x14}, 0x1, 0x0, 0x0, 0x4002040}, 0x2004881c) listen$auto(r2, 0x5) 5.701788427s ago: executing program 0 (id=189): mmap$auto(0x100000000, 0x2000d, 0x1, 0xeb1, 0xffffffffffffffff, 0x100000000) sysfs$auto(0x2, 0x5, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty17\x00', 0x1, 0x0) semget$auto(0x0, 0x13c, 0x1ff) recvmmsg$auto(0xffffffffffffffff, &(0x7f00000001c0)={{0x0, 0x5, 0x0, 0x9, 0x0, 0x800000000005, 0x7ffffffd}, 0x8}, 0x3, 0x1, 0x0) semtimedop$auto(0x0, &(0x7f0000000140)={0x7, 0x81, 0x70}, 0x1f4, 0x0) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) ioctl$auto_SNDCTL_SEQ_GETINCOUNT(r1, 0x80045105, 0x0) socket(0x28, 0x801, 0x0) mmap$auto(0x0, 0x400408, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptye9\x00', 0x101e81, 0x0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x2c402, 0x0) r3 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000980)='/dev/ttye9\x00', 0x102, 0x0) rseq$auto(&(0x7f0000000300)={0xe, 0x401, 0x0, 0x6, 0xffffffff, 0x2}, 0x8000, 0x0, 0x6) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x16, 0x1, 0x6, 0xfffffffffffffffe, 0x4) sendfile$auto(r3, r2, 0x0, 0x10000) close_range$auto(0x2, 0x8, 0x0) semctl$auto_GETNCNT(0x0, 0x4, 0xe, 0x4) write$auto_tty_fops_tty_io(r0, 0x0, 0x0) io_uring_setup$auto(0x4bf15e08, 0x0) bpf$auto(0x12, &(0x7f0000000040)=@enable_stats={0x1}, 0x26) recvfrom$auto(0x4, 0x0, 0x101d0, 0x3ffffd, 0x0, 0x0) unshare$auto(0x40000080) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) 5.628785548s ago: executing program 1 (id=190): mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r0 = open(0x0, 0x595082, 0x0) write$auto(r0, 0x0, 0xfffffdf1) fcntl$auto_F_ADD_SEALS(r0, 0x409, 0x9) write$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0) r1 = openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, &(0x7f0000000600), 0x142, 0x0) writev$auto(r1, &(0x7f0000000c00)={0x0, 0x7}, 0x4) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) r2 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(0xffffffffffffffff, &(0x7f0000000000)=@can={0x1d, r3}, 0x67) connect$auto(0x3, &(0x7f00000018c0)=@can={0x1d, r4}, 0x18) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, 0x0, 0x4800) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x3f0000f5) 5.251103225s ago: executing program 1 (id=191): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000400), r0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000001540)='/dev/audio1\x00\xf3g+\xf9Xr^\xec]4--\xb7=\xd6\xdfH|\x15\xb5X\x86<\x86F:]\xa7\x82\xc5\x0e\x1aq\xdd\xedu\xa5\x9b\xbc\xa8\xaaGR\xa2\r\xbb\xca\xb7\xfa\x103\x84\n\xd2\xd0S\x1e\r\x00\x04u\xc0\x9c\xafZ\x97\t?\x99\x9c\xb5l\x99\xfb\xb7Yn\n\xe13jD\"\xf3N\x17\xbb\xfa\xeaZ,f\xded\xd0(d0\xe2FF\xa8&\xaf u\xbb\xf5\xa3\x06\xf8\x84P\xdb\xa4\xab\x1f\xf9\x04\rQ\x9a\xf0\xf4\xd4\xa4/\xf7\x9em\x87\xda\x82\xadNR\x8a\xc3n1\xff\x81=\x8c3\x03~\xfdf\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) read$auto_dfs_cpu_ops_debugfs(r5, &(0x7f0000000040)=""/29, 0x1d) writev$auto(r6, &(0x7f0000000080)={&(0x7f0000000040), 0x1000}, 0x3) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0xffffffffffff0005, 0x19) io_uring_setup$auto(0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001080)='/sys/module/i915/parameters/mitigations\x00', 0x88302, 0x0) sendfile$auto(r7, r7, 0x0, 0x7ffff000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/rpc/nfsd.fh/flush\x00', 0x440100, 0x0) 3.024954875s ago: executing program 1 (id=199): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) bpf$auto_BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0)=@bpf_attr_3={0x2b, 0xffff, 0x6, 0x5, 0x9, 0x21, 0x4, 0x8, 0xd, "9cb752c613de1e128a360e822228879b", 0x0, 0xd0, 0xffffffffffffffff, 0x200, 0x0, 0x3, 0x8, 0x9, 0x6, 0x2, @attach_prog_fd=0xffffffffffffffff, 0x0, 0x3, 0x5b, 0x6, 0x6}, 0x40) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/adsp1\x00', 0x2042, 0x0) ioctl$auto_SNDCTL_DSP_SETDUPLEX(r3, 0x5016, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) r4 = open(0x0, 0x161342, 0x100) setdomainname$auto(0x0, 0x7) socket$nl_generic(0x10, 0x3, 0x10) write$auto(r4, &(0x7f0000000000)='\x91\x02', 0x5) unshare$auto(0x40000080) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mremap$auto(0x200000000000, 0x40000000004, 0x4, 0x3, 0x100000000) close_range$auto(0x2, 0x8, 0x0) r5 = memfd_create$auto(0x0, 0xe) r6 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r6, &(0x7f0000000180)='\x05\x00\x00\x00', 0x80000005) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000001c0), r5) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r1, &(0x7f00000005c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000500)={&(0x7f0000000440)={0x4c, r8, 0x2, 0x70bd27, 0x25dfdbfc, {}, [@ETHTOOL_A_CHANNELS_HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x800}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r0}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_batadv\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x67}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x6}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x45}, 0x0) r9 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000007c0), 0xffffffffffffffff) ioctl$auto_XFS_IOC_PATH_TO_FSHANDLE(r5, 0xc0385868, &(0x7f0000000400)={r5, &(0x7f0000000240)="c099d4f256158c5b4b5d36e15687a9109c95538bdfd31f53bfc13156bb095ef179306bd35f514b7fd0e8f264772180a1003cb7c8ed16ebaa69dbcfe4e6e87f3252f3b3ba79354a5b2926f3cba5efb2f7b6fdba6a46ccf3ae4dd94e457105e25abcb3da080c37f4f68f5ff2e8f8759346d6c96cdd", 0x401, &(0x7f00000002c0)="1a8bceabafbb25d08f652c687c1f388ca9973a14723e848afc3fc44fd9cc23a4b89603b12d88063ffdd227ea32de58512be579d684d96b72a1580da5bf23aabbacbf103c2de01932583065382c323efc52d235b2d34869f90489fde45960c1c17a305669a2a0b6c1d3e82ecbe2789fae09ec6bc6c1ad40785e5a3328f48459ff3ef2b49519aa6bbff29d2abd049762df05cf8317", 0xffffffff, &(0x7f0000000380)="723ec7b05c47aef595a509fa998c191b8582c5c30bc45e3b0ac2ade296bc0d3e519f8f95dca1f5f03b92c9b8770b796f472642b4cfcb3d03e460c788a47c94e7", &(0x7f00000003c0)=0x9}) sendmsg$auto_ETHTOOL_MSG_TUNNEL_INFO_GET(r7, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)={&(0x7f0000000200)={0x14, r9, 0x705, 0x70bd25, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x880) r10 = syz_genetlink_get_family_id$auto_handshake(&(0x7f00000004c0), 0xffffffffffffffff) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) r11 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/jfs/loglevel\x00', 0x1a9701, 0x0) write$auto(r11, 0x0, 0x9) sendmsg$auto_HANDSHAKE_CMD_ACCEPT(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000000c0)={0x14, r10, 0x1, 0x70bd27, 0x25dfdc00}, 0x14}, 0x1, 0x0, 0x0, 0x4002040}, 0x2004881c) listen$auto(r2, 0x5) 2.805578195s ago: executing program 3 (id=200): mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r0 = open(0x0, 0x595082, 0x0) write$auto(r0, 0x0, 0xfffffdf1) fcntl$auto_F_ADD_SEALS(r0, 0x409, 0x9) write$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0) r1 = openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, &(0x7f0000000600), 0x142, 0x0) writev$auto(r1, &(0x7f0000000c00)={0x0, 0x7}, 0x4) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) r2 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(0xffffffffffffffff, &(0x7f0000000000)=@can={0x1d, r3}, 0x67) connect$auto(0x3, &(0x7f00000018c0)=@can={0x1d, r4}, 0x18) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, 0x0, 0x4800) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x3f0000f5) 2.565383944s ago: executing program 3 (id=201): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nlctrl(0x0, 0xffffffffffffffff) sendmsg$auto_CTRL_CMD_GETPOLICY(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c00", @ANYBLOB="01032cb57000fbdbdf250a004b4900000600010017000000"], 0x1c}, 0x1, 0x0, 0x0, 0x400c01d}, 0x0) r1 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000080), r0) sendmsg$auto_MACSEC_CMD_ADD_RXSC(0xffffffffffffffff, &(0x7f0000004100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)={0x14, r1, 0x1, 0x70bd26, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x20040801}, 0x4000040) unshare$auto(0x40000080) socket(0xa, 0x5, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/fs/cifs/mount_params\x00', 0x802, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000640)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\xff\x7f\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc:\xfa\x01\xd1\xa3\xb5\xc2B\xa5\xac:woR^a\xb9}\xe7\xbd\xe1\xf77.\xa3\xd8\xc2T\x95\x13\x91\xb6p\xf3\xb2w\xe6\xd7\x94DW\x97\x90a\xe6c\xfb\x88x\xd5L\xa9\xe4\x82\x04\xb1\x8b\r\xcaP\\\x1aVP\xc9\xa4`\xfd\v\x94\f\xc1\x0fQ\xc9\xdcL\x03\x9c\xbfk\xa6\xb1\xb0\xa1\xeeJ\xd8\xef\xc8t\x9d\x1e=J\x91W\xc6AuJ\xb9Q\xed\xd1\a\x05\x9d\x85\xb7b#r\xcd\xaf\xb7\x9f\xf7\xd2\xae\x0f\x98\xa9&\xb6~\xd4\xbd\xbbr\xb9\xc3\xacH!\xc1\x90K2\x05K@\xee\xac\xe8\xc7\t\xab\xbf\xa3\xedb\xd7\xb5\xd7\x83&\x95\xb2?\x0e\x85\xaaIGu\xd6$\xeb\xb6\xdd\a\x121\a\xac\x1bx#\x87\xa9\x10\x9b\xf8YD\x04ZL\xca\x99]\x8f[\x90[\xa8\xbf\x98\xa6\xe50(zC\xe84*w\x13\x96\xd5\xd0\x877\x12\xbc\xa1\xd0h@|\xf9\xfa\x9b\x17\x94\xb9\xe7\xf3\x15\x05\x91\xe8\x98p\x7f:\xd7s\xd9wo\x82\xda\xec\x91\xb7\xd9;H\x8a\b\x00\x00\x00\x00\x00\x00\x00\x8aZ\x94\x14$X7\xaeW6=^I\x9fQ\r5c\x81\xca]\x97m\x89o\x8f\xd8}P>I\xd0\xb3\x88C\xd7', 0x100000a3d9) close_range$auto(0x2, r2, 0x4401) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x82000, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) ioctl$auto(0x3, 0xc0105303, 0x38) poll$auto(&(0x7f0000000180)={0xffffffffffffffff, 0xfff7, 0x9816}, 0x7f, 0x9) ioctl$auto_VHOST_SET_OWNER(r3, 0xaf01, 0x0) r4 = openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000000), 0x2400, 0x0) mmap$auto(0x0, 0xa00006, 0x2, 0x40eb1, 0x602, 0x300000000000) ioctl$auto_UBI_IOCDET(r4, 0x40046f41, 0x0) migrate_pages$auto(0x0, 0xa, &(0x7f00000000c0)=0x52a6, &(0x7f0000000140)=0x2) ioctl$auto_VHOST_SET_LOG_FD2(0xffffffffffffffff, 0x4004af07, &(0x7f00000003c0)) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) 1.630836118s ago: executing program 3 (id=202): openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000000)='/dev/usbmon33\x00', 0x121200, 0x0) mmap$auto(0x0, 0x4000002, 0xfffffffffffffe01, 0x8051, 0x3, 0x0) r0 = syz_clone(0x5004000, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, 0x0, 0x100000a3d9) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, 0x0, 0x503083, 0x0) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, 0x0, 0x40800) unshare$auto(0x40000080) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), r3) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r3, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000000c0)={&(0x7f0000001300)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="05082dbd7000fbdbdf257e0000000800db00ab29dc931f0e02b7745be74fb8e8255f614f85f94bc5ef8facda4b1cb3e135ef23203752a9a06f5adc02fe10fd6059eb5ec860fbb39453d7ba92bd5a73e0e45ce2d585cccf203901d41ed36536bffcadc5fa27dbe72d209b4c922ee03aba35fb65731b21d405c9def0a3765c9b0ff8fbbff63336633bec215ead541e5766cb7e6a546c58ddbc3cbd", @ANYRES32, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x4004044}, 0x8000) sendmsg$auto_NL80211_CMD_ADD_TX_TS(0xffffffffffffffff, &(0x7f00000012c0)={&(0x7f0000001100)={0x10, 0x0, 0x0, 0x4}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x91}, 0x10) ioctl$auto_MON_IOCX_MFETCH(r2, 0xc0109207, 0x0) ioctl$auto_MON_IOCX_MFETCH(r2, 0xc0109207, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snd/midiC2D0\x00', 0x80102, 0x0) readv$auto(0x3, &(0x7f0000000040)={0x0, 0x36a}, 0x6) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) readv$auto(0xffffffffffffffff, 0x0, 0x8) close_range$auto(0x2, 0x8, 0x0) mlockall$auto(0x7) mprotect$auto(0x0, 0x806121, 0x6) bpf$auto(0x5, &(0x7f0000000080)=@bpf_attr_7={@prog_id=0xc, 0x92f1, 0x4}, 0xa) ptrace$auto(0x10, r0, 0x2, 0x1007ff) 961.158701ms ago: executing program 1 (id=203): socket(0xb, 0x80000, 0x400003) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socket(0x2, 0x2, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xfffffffffffffffb) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x787b, 0x7000000) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/007/001\x00', 0xa901, 0x0) ioctl$auto_USBDEVFS_SUBMITURB32(r0, 0x802c550a, &(0x7f0000000300)=ANY=[@ANYBLOB="020000060000e6"]) ioctl$auto(r0, 0x4008550d, r0) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x60042, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x3) write$auto(0x3, 0x0, 0x100082) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x14fa02, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84L\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xff\a\x00\x00\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) 503.331103ms ago: executing program 2 (id=204): socket(0xa, 0x5, 0x0) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop13\x00', 0x60742, 0x0) write$auto(r0, &(0x7f0000000040)='//\xf2\x00', 0x80000000) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) timer_create$auto(0x0, 0x0, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, 0x0, 0x0) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) io_uring_register$auto(0x2, 0x11, &(0x7f0000000180), 0x83) sendmsg$auto_NL80211_CMD_LEAVE_OCB(r2, 0x0, 0x40000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mmap$auto(0x0, 0x4, 0x4000000000e3, 0x40eb1, 0x401, 0x300000000000) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/platform/vivid.0/video4linux/video42/power/control\x00', 0xc2902, 0x0) read$auto(r3, 0x0, 0x20) close_range$auto(0x2, 0xa, 0x0) socket(0x2, 0x1, 0x106) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/module/kvm/parameters/nx_huge_pages\x00', 0x80302, 0x0) write$auto(0x3, 0x0, 0xffd8) mbind$auto(0x8000, 0xfa9d, 0x2, &(0x7f0000000280)=0x20000000000000fb, 0x3, 0x1) set_mempolicy_home_node$auto(0x0, 0x2010001, 0x0, 0x0) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_DEL_RADIO(r4, &(0x7f0000001a00)={0x0, 0x0, &(0x7f00000019c0)={&(0x7f0000000080)={0x1c, r5, 0x1, 0x70bd2d, 0x25dfdbfd, {}, [@HWSIM_ATTR_RADIO_ID={0x8, 0xa, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000080}, 0x4000010) 480.176857ms ago: executing program 3 (id=205): select$auto(0x4, 0x0, 0x0, &(0x7f0000000100)={[0x1ff, 0x7, 0x2, 0x1, 0x948b, 0x1000000000000004, 0x15f4da0a, 0x39, 0x3, 0x2fffffffffffffe, 0x80000002, 0x7a142c64, 0x6d3c, 0x5, 0x80, 0xfb]}, 0x0) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/pcmC1D1p\x00', 0x2480, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/fs/ocfs2/loaded_cluster_plugins\x00', 0x800, 0x0) syz_clone(0x4000, &(0x7f00000002c0)="f03f0b0be4f2597d8b11ed14dfa636bad65cae9c0d21", 0x16, 0x0, 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/platform/i8042/serio1/rate\x00', 0x2, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/lapb5/broadcast\x00', 0x800, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000100)=""/16, 0x10) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cpu.max\x00', 0x2a02c0, 0x0) sendfile$auto(r1, r1, &(0x7f0000000000)=0x3, 0xad6) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0xe6e43, 0x0) ioctl$auto_BLKFLSBUF(r3, 0x1261, 0x0) ioctl$auto_BLKFLSBUF(r3, 0x1261, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x20800, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x9}, 0x8) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) r5 = landlock_create_ruleset$auto(&(0x7f0000000000)={0x6, 0x3, 0x3}, 0x18, 0x0) bpf$auto(0x0, &(0x7f00000003c0)=@task_fd_query={0x5, 0x21ea, 0x7ff, 0x3, 0x0, 0x80000001, r5}, 0x6f4) read$auto(r4, 0x0, 0x20) r6 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000200)='/proc/fs/cifs/LinuxExtensionsEnabled\x00', 0x48043, 0x0) write$auto(r6, 0x0, 0x6) unshare$auto(0x40000080) r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001180)='/sys/devices/virtual/block/zram0/compact\x00', 0x20001, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r7, &(0x7f0000000000)="b2", 0x1) r8 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/neigh/bond_slave_1/ucast_solicit\x00', 0x101202, 0x0) sendfile$auto(r2, r8, 0x0, 0x1) 0s ago: executing program 1 (id=206): mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) r0 = socket(0xa, 0x2, 0x3a) setsockopt$auto(r0, 0x29, 0x43, &(0x7f0000000040)='\xa1\x00', 0x4) openat$auto_sco_debugfs_fops_(0xffffffffffffff9c, 0x0, 0x242, 0x0) r1 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_TREAD64(r1, 0x400454a4, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/firmware/acpi/interrupts/ff_slp_btn\x00', 0x8522, 0x0) write$auto(r2, &(0x7f00000002c0)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\b};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xde\f/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7\x00\x85Z\x06?\x12\x98\x0f)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1;\xe4pd$\xd7\x1b\v\x82\r\f\xd0Hq\xd9\r\x88#\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8HR+\a\xb7R\t\n+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb\xc8^\xa4\xe2\x05\x91|\x123\xc3:\xfd\xee\x04a\xc8\x12\xce\xa2\x12\xcb\x8c\x87f\xebGQ\xe9\x96\xd5E\x13a\xb7\x057<&\xe0\x94\xa7\xfb\x9d;\xfa\xb1\x1b4a,\'\xb2Ym\xe1:\xbf\x8cs\x06\xa3u\x8d!\n\x80-\x9a\xbb;\xf4\xf3\xe1\x97\xfc8\xff\xa7\\\x8b\xf9\x95\x10$\xef\x1a #b\xfb\xfe\xe9\x06fK0\xdd\x84T,\xfa\xb5\x00\x83d\xbba\xd7\n\x92\x90|l\xdfAN\x9d\xcb\x96\xc7\xe8\xe6\x8bC\xeb\xc7EZ\xc8\x1a\x81nf\tZ-sZ\x13n\xec\xa9\xbf\xd0$\xb9\xd8\x00'/507, 0x1098c7) mmap$auto(0x0, 0x9f, 0x6, 0xf8, 0xfffffffffffffffa, 0x8000) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ram0\x00', 0x67f00, 0x0) preadv2$auto(r3, &(0x7f0000000080)={0x0, 0x80000003}, 0x6, 0xffffffffffffffff, 0x400, 0x2f) mmap$auto(0x0, 0x4120008, 0x46, 0xeb1, 0x401, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0xa40, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) getsockopt$auto(0x3, 0x200000000001, 0x1c, 0x0, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) shutdown$auto(0x200000003, 0x2) recvmmsg$auto(0x3, &(0x7f0000000100)={{0x0, 0x9, 0x0, 0x7, 0x0, 0x1, 0x4}, 0x4}, 0x10000, 0x300, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.124' (ED25519) to the list of known hosts. [ 80.150088][ T5813] cgroup: Unknown subsys name 'net' [ 80.259785][ T5813] cgroup: Unknown subsys name 'cpuset' [ 80.269846][ T5813] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 81.767579][ T5813] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 83.534131][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 83.546079][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 83.556022][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 83.564189][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 83.572039][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 83.587926][ T5830] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 83.598430][ T5830] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 83.621412][ T5826] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 83.630260][ T5826] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 83.638904][ T5826] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 83.724261][ T5826] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 83.732750][ T5826] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 83.741832][ T5838] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 83.750776][ T5838] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 83.751665][ T5826] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 83.758568][ T5838] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 83.766421][ T5826] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 83.779851][ T5826] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 83.787323][ T5826] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 83.797336][ T5838] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 84.219778][ T5827] chnl_net:caif_netlink_parms(): no params data found [ 84.284252][ T5824] chnl_net:caif_netlink_parms(): no params data found [ 84.407334][ T5832] chnl_net:caif_netlink_parms(): no params data found [ 84.493317][ T5827] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.501088][ T5827] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.508523][ T5827] bridge_slave_0: entered allmulticast mode [ 84.515707][ T5827] bridge_slave_0: entered promiscuous mode [ 84.530588][ T5834] chnl_net:caif_netlink_parms(): no params data found [ 84.547267][ T5827] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.554457][ T5827] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.561895][ T5827] bridge_slave_1: entered allmulticast mode [ 84.569618][ T5827] bridge_slave_1: entered promiscuous mode [ 84.685614][ T5827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 84.697374][ T5824] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.706605][ T5824] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.714544][ T5824] bridge_slave_0: entered allmulticast mode [ 84.722891][ T5824] bridge_slave_0: entered promiscuous mode [ 84.736606][ T5832] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.743791][ T5832] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.755478][ T5832] bridge_slave_0: entered allmulticast mode [ 84.762755][ T5832] bridge_slave_0: entered promiscuous mode [ 84.773265][ T5827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.783055][ T5824] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.790326][ T5824] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.797782][ T5824] bridge_slave_1: entered allmulticast mode [ 84.804890][ T5824] bridge_slave_1: entered promiscuous mode [ 84.818001][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.825169][ T5832] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.832793][ T5832] bridge_slave_1: entered allmulticast mode [ 84.840402][ T5832] bridge_slave_1: entered promiscuous mode [ 84.909762][ T5824] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 84.922541][ T5824] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.955328][ T5827] team0: Port device team_slave_0 added [ 84.984990][ T5832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 84.997082][ T5827] team0: Port device team_slave_1 added [ 85.012627][ T5834] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.020171][ T5834] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.027472][ T5834] bridge_slave_0: entered allmulticast mode [ 85.034536][ T5834] bridge_slave_0: entered promiscuous mode [ 85.044446][ T5832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 85.075140][ T5824] team0: Port device team_slave_0 added [ 85.081264][ T5834] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.088562][ T5834] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.095703][ T5834] bridge_slave_1: entered allmulticast mode [ 85.103339][ T5834] bridge_slave_1: entered promiscuous mode [ 85.132395][ T5824] team0: Port device team_slave_1 added [ 85.152040][ T5832] team0: Port device team_slave_0 added [ 85.159869][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 85.167229][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 85.194295][ T5827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 85.233828][ T5832] team0: Port device team_slave_1 added [ 85.240513][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 85.247728][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 85.273991][ T5827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.304447][ T5834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 85.318652][ T5834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 85.359769][ T5824] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 85.368514][ T5824] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 85.403208][ T5824] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 85.443909][ T5824] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 85.451199][ T5824] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 85.477752][ T5824] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.499545][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 85.506609][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 85.534977][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 85.553929][ T5827] hsr_slave_0: entered promiscuous mode [ 85.560448][ T5827] hsr_slave_1: entered promiscuous mode [ 85.577305][ T5834] team0: Port device team_slave_0 added [ 85.583707][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 85.591371][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 85.619485][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.632373][ T5830] Bluetooth: hci0: command tx timeout [ 85.646941][ T5834] team0: Port device team_slave_1 added [ 85.706581][ T5830] Bluetooth: hci1: command tx timeout [ 85.725193][ T5832] hsr_slave_0: entered promiscuous mode [ 85.731946][ T5832] hsr_slave_1: entered promiscuous mode [ 85.738280][ T5832] debugfs: 'hsr0' already exists in 'hsr' [ 85.744112][ T5832] Cannot create hsr debugfs directory [ 85.758610][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 85.765591][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 85.792753][ T5834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 85.824991][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 85.832581][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 85.859735][ T5834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.876379][ T5830] Bluetooth: hci3: command tx timeout [ 85.876418][ T51] Bluetooth: hci2: command tx timeout [ 85.884194][ T5824] hsr_slave_0: entered promiscuous mode [ 85.898711][ T5824] hsr_slave_1: entered promiscuous mode [ 85.906773][ T5824] debugfs: 'hsr0' already exists in 'hsr' [ 85.912723][ T5824] Cannot create hsr debugfs directory [ 86.065312][ T5834] hsr_slave_0: entered promiscuous mode [ 86.071944][ T5834] hsr_slave_1: entered promiscuous mode [ 86.078334][ T5834] debugfs: 'hsr0' already exists in 'hsr' [ 86.084225][ T5834] Cannot create hsr debugfs directory [ 86.455343][ T5827] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 86.468347][ T5827] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 86.479490][ T5827] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 86.501089][ T5827] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 86.555216][ T5832] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 86.568537][ T5832] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 86.584371][ T5832] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 86.611755][ T5832] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 86.707352][ T5824] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 86.722140][ T5824] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 86.749446][ T5824] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 86.763109][ T5824] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 86.932153][ T5834] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 86.955800][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.964028][ T5834] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 86.978026][ T5834] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 87.004648][ T5834] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 87.075339][ T5827] 8021q: adding VLAN 0 to HW filter on device bond0 [ 87.138454][ T5832] 8021q: adding VLAN 0 to HW filter on device team0 [ 87.158942][ T1139] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.166280][ T1139] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.198938][ T5827] 8021q: adding VLAN 0 to HW filter on device team0 [ 87.239155][ T513] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.246352][ T513] bridge0: port 2(bridge_slave_1) entered forwarding state [ 87.263726][ T513] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.270879][ T513] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.287457][ T140] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.294607][ T140] bridge0: port 2(bridge_slave_1) entered forwarding state [ 87.327624][ T5824] 8021q: adding VLAN 0 to HW filter on device bond0 [ 87.400993][ T5824] 8021q: adding VLAN 0 to HW filter on device team0 [ 87.420805][ T1139] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.429631][ T1139] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.454884][ T5834] 8021q: adding VLAN 0 to HW filter on device bond0 [ 87.469107][ T140] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.476521][ T140] bridge0: port 2(bridge_slave_1) entered forwarding state [ 87.550564][ T5834] 8021q: adding VLAN 0 to HW filter on device team0 [ 87.579628][ T1121] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.586901][ T1121] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.630104][ T1139] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.637327][ T1139] bridge0: port 2(bridge_slave_1) entered forwarding state [ 87.707109][ T51] Bluetooth: hci0: command tx timeout [ 87.796022][ T51] Bluetooth: hci1: command tx timeout [ 87.945798][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 87.951714][ T51] Bluetooth: hci3: command tx timeout [ 87.951730][ T5830] Bluetooth: hci2: command tx timeout [ 88.113782][ T5832] veth0_vlan: entered promiscuous mode [ 88.139181][ T5827] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 88.155782][ T5832] veth1_vlan: entered promiscuous mode [ 88.172488][ T5824] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 88.240582][ T5832] veth0_macvtap: entered promiscuous mode [ 88.263041][ T5832] veth1_macvtap: entered promiscuous mode [ 88.281720][ T5834] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 88.317800][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 88.349673][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.358985][ T5824] veth0_vlan: entered promiscuous mode [ 88.378686][ T5827] veth0_vlan: entered promiscuous mode [ 88.384676][ T1006] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.394315][ T1006] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.416458][ T1006] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.428134][ T5824] veth1_vlan: entered promiscuous mode [ 88.447365][ T1006] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.459891][ T5827] veth1_vlan: entered promiscuous mode [ 88.529183][ T5834] veth0_vlan: entered promiscuous mode [ 88.578270][ T5834] veth1_vlan: entered promiscuous mode [ 88.589280][ T5827] veth0_macvtap: entered promiscuous mode [ 88.607650][ T5824] veth0_macvtap: entered promiscuous mode [ 88.634123][ T5827] veth1_macvtap: entered promiscuous mode [ 88.645663][ T5824] veth1_macvtap: entered promiscuous mode [ 88.657921][ T1121] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.673514][ T1121] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.710575][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 88.744761][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.755120][ T1121] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.763043][ T140] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.763659][ T140] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.783908][ T1121] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.788651][ T140] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.804952][ T5824] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 88.821259][ T513] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.850561][ T5824] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.878352][ T5834] veth0_macvtap: entered promiscuous mode [ 88.921489][ T5832] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 88.923719][ T5834] veth1_macvtap: entered promiscuous mode [ 88.947790][ T1139] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.958415][ T1139] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.977558][ T1139] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.986744][ T1139] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.065368][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 89.143748][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 89.155658][ T1006] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.172505][ T1006] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.219973][ T1006] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.231746][ T1006] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.258200][ T1006] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.268341][ T1006] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.293209][ T1139] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.301938][ T1139] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.375609][ T513] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.396616][ T513] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.474033][ T140] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.500009][ T140] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.563445][ T1139] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.574741][ T1139] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.669700][ T513] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.694160][ T5922] FAULT_INJECTION: forcing a failure. [ 89.694160][ T5922] name failslab, interval 1, probability 0, space 0, times 1 [ 89.710814][ T513] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.789977][ T51] Bluetooth: hci0: command tx timeout [ 89.796048][ T5922] CPU: 0 UID: 0 PID: 5922 Comm: syz.2.3 Not tainted syzkaller #0 PREEMPT(full) [ 89.796087][ T5922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 89.796110][ T5922] Call Trace: [ 89.796120][ T5922] [ 89.796134][ T5922] dump_stack_lvl+0x100/0x190 [ 89.796263][ T5922] should_fail_ex.cold+0x5/0xa [ 89.796297][ T5922] ? lsm_blob_alloc+0x68/0x90 [ 89.796323][ T5922] should_failslab+0xc2/0x120 [ 89.796344][ T5922] __kmalloc_noprof+0xe0/0x850 [ 89.796401][ T5922] ? trace_kmem_cache_alloc+0xf3/0x120 [ 89.796431][ T5922] lsm_blob_alloc+0x68/0x90 [ 89.796469][ T5922] security_sk_alloc+0x2d/0x290 [ 89.796502][ T5922] sk_prot_alloc+0x1d1/0x2a0 [ 89.796550][ T5922] sk_alloc+0x36/0xe80 [ 89.796582][ T5922] unix_create1+0xa6/0x700 [ 89.796620][ T5922] unix_create+0x145/0x270 [ 89.796653][ T5922] __sock_create+0x339/0x860 [ 89.796693][ T5922] __sys_socketpair+0x261/0x5b0 [ 89.796733][ T5922] ? __pfx___sys_socketpair+0x10/0x10 [ 89.796777][ T5922] ? xfd_validate_state+0x129/0x190 [ 89.796824][ T5922] __x64_sys_socketpair+0x96/0x100 [ 89.796863][ T5922] ? lockdep_hardirqs_on+0x78/0x100 [ 89.796896][ T5922] do_syscall_64+0x106/0xf80 [ 89.796923][ T5922] ? clear_bhb_loop+0x40/0x90 [ 89.796956][ T5922] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.796984][ T5922] RIP: 0033:0x7f96ab19c799 [ 89.797020][ T5922] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 89.797124][ T5922] RSP: 002b:00007f96ac02d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 89.797156][ T5922] RAX: ffffffffffffffda RBX: 00007f96ab416090 RCX: 00007f96ab19c799 [ 89.797175][ T5922] RDX: 8000000000000000 RSI: 0000000000000002 RDI: 0000000000000001 [ 89.797190][ T5922] RBP: 00007f96ab232bd9 R08: 0000000000000000 R09: 0000000000000000 [ 89.797207][ T5922] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 89.797222][ T5922] R13: 00007f96ab416128 R14: 00007f96ab416090 R15: 00007ffe5f404d18 [ 89.797256][ T5922] [ 89.866326][ T51] Bluetooth: hci1: command tx timeout [ 90.025895][ T51] Bluetooth: hci3: command tx timeout [ 90.031375][ T51] Bluetooth: hci2: command tx timeout [ 90.216081][ T5922] process 'syz.2.3' launched './file0' with NULL argv: empty string added [ 90.279083][ T5932] __vm_enough_memory: pid: 5932, comm: syz.3.5, bytes: 4398046511104 not enough memory for the allocation [ 91.256565][ T5940] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 91.354120][ T5941] Zero length message leads to an empty skb [ 91.866255][ T5830] Bluetooth: hci0: command tx timeout [ 91.955246][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 91.987528][ T50] cfg80211: failed to load regulatory.db [ 92.026043][ T5830] Bluetooth: hci1: command tx timeout [ 92.106105][ T5830] Bluetooth: hci2: command tx timeout [ 92.110021][ T51] Bluetooth: hci3: command tx timeout [ 92.310052][ T5959] Invalid ELF header magic: != ELF [ 92.623471][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 92.864590][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 92.914738][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 93.205563][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 93.464775][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 94.158641][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 94.245195][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 94.394873][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 94.434448][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 95.224764][ T51] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 96.754653][ T6005] FAULT_INJECTION: forcing a failure. [ 96.754653][ T6005] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 96.768706][ T6005] CPU: 1 UID: 0 PID: 6005 Comm: syz.0.17 Tainted: G L syzkaller #0 PREEMPT(full) [ 96.768747][ T6005] Tainted: [L]=SOFTLOCKUP [ 96.768756][ T6005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 96.768770][ T6005] Call Trace: [ 96.768779][ T6005] [ 96.768788][ T6005] dump_stack_lvl+0x100/0x190 [ 96.768835][ T6005] should_fail_ex.cold+0x5/0xa [ 96.768862][ T6005] ? prepare_alloc_pages+0x16d/0x5f0 [ 96.768894][ T6005] should_fail_alloc_page+0xeb/0x140 [ 96.768924][ T6005] prepare_alloc_pages+0x1f0/0x5f0 [ 96.768949][ T6005] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 96.768977][ T6005] ? find_held_lock+0x2b/0x80 [ 96.768991][ T6005] ? is_bpf_text_address+0x8a/0x1a0 [ 96.769012][ T6005] ? is_bpf_text_address+0x8a/0x1a0 [ 96.769034][ T6005] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 96.769058][ T6005] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 96.769078][ T6005] ? kernel_text_address+0x8d/0x100 [ 96.769099][ T6005] ? __kernel_text_address+0xd/0x30 [ 96.769119][ T6005] ? unwind_get_return_address+0x59/0xa0 [ 96.769142][ T6005] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 96.769166][ T6005] ? policy_nodemask+0xed/0x4f0 [ 96.769182][ T6005] alloc_pages_mpol+0x1fb/0x550 [ 96.769197][ T6005] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 96.769216][ T6005] alloc_pages_noprof+0x131/0x390 [ 96.769231][ T6005] __pud_alloc+0x3b/0x760 [ 96.769248][ T6005] __handle_mm_fault+0x134c/0x2b60 [ 96.769269][ T6005] ? mt_find+0x45e/0x8e0 [ 96.769288][ T6005] ? __pfx___handle_mm_fault+0x10/0x10 [ 96.769305][ T6005] ? __pfx_mt_find+0x10/0x10 [ 96.769338][ T6005] handle_mm_fault+0x36d/0xa20 [ 96.769360][ T6005] __get_user_pages+0xf9c/0x34d0 [ 96.769385][ T6005] ? __pfx___get_user_pages+0x10/0x10 [ 96.769406][ T6005] get_user_pages_remote+0x3d2/0xb10 [ 96.769425][ T6005] ? __pfx_get_user_pages_remote+0x10/0x10 [ 96.769448][ T6005] get_arg_page+0xf4/0x310 [ 96.769467][ T6005] ? __pfx_get_arg_page+0x10/0x10 [ 96.769491][ T6005] copy_string_kernel+0x17d/0x500 [ 96.769512][ T6005] ? alloc_bprm+0x420/0x710 [ 96.769532][ T6005] do_execveat_common.isra.0+0x2e6/0x580 [ 96.769557][ T6005] __x64_sys_execve+0x93/0xd0 [ 96.769588][ T6005] do_syscall_64+0x106/0xf80 [ 96.769605][ T6005] ? clear_bhb_loop+0x40/0x90 [ 96.769623][ T6005] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 96.769638][ T6005] RIP: 0033:0x7fcb04b9c799 [ 96.769653][ T6005] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 96.769667][ T6005] RSP: 002b:00007fcb05ab8028 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 96.769682][ T6005] RAX: ffffffffffffffda RBX: 00007fcb04e16090 RCX: 00007fcb04b9c799 [ 96.769692][ T6005] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000080 [ 96.769702][ T6005] RBP: 00007fcb04c32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 96.769713][ T6005] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 96.769721][ T6005] R13: 00007fcb04e16128 R14: 00007fcb04e16090 R15: 00007ffce273aaf8 [ 96.769741][ T6005] [ 97.886956][ T6015] FAULT_INJECTION: forcing a failure. [ 97.886956][ T6015] name failslab, interval 1, probability 0, space 0, times 0 [ 97.962177][ T6015] CPU: 0 UID: 0 PID: 6015 Comm: syz.1.20 Tainted: G L syzkaller #0 PREEMPT(full) [ 97.962210][ T6015] Tainted: [L]=SOFTLOCKUP [ 97.962216][ T6015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 97.962228][ T6015] Call Trace: [ 97.962239][ T6015] [ 97.962250][ T6015] dump_stack_lvl+0x100/0x190 [ 97.962299][ T6015] should_fail_ex.cold+0x5/0xa [ 97.962331][ T6015] should_failslab+0xc2/0x120 [ 97.962356][ T6015] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 97.962400][ T6015] ? alloc_inode+0x183/0x250 [ 97.962441][ T6015] ? stashed_dentry_get+0x10a/0x2c0 [ 97.962469][ T6015] ? stashed_dentry_get+0x10a/0x2c0 [ 97.962502][ T6015] alloc_inode+0x183/0x250 [ 97.962535][ T6015] path_from_stashed+0x25b/0x750 [ 97.962562][ T6015] ? do_raw_spin_unlock+0x145/0x1e0 [ 97.962609][ T6015] ns_get_path+0x60/0x80 [ 97.962635][ T6015] proc_ns_get_link+0x121/0x230 [ 97.962669][ T6015] ? __pfx_proc_ns_get_link+0x10/0x10 [ 97.962709][ T6015] ? atime_needs_update+0x8b/0x6b0 [ 97.962746][ T6015] pick_link+0xd17/0x13c0 [ 97.962781][ T6015] ? __pfx_proc_ns_get_link+0x10/0x10 [ 97.962820][ T6015] step_into_slowpath+0x9ba/0xf90 [ 97.962866][ T6015] ? __pfx_step_into_slowpath+0x10/0x10 [ 97.962904][ T6015] ? find_held_lock+0x2b/0x80 [ 97.962939][ T6015] path_openat+0xf95/0x31a0 [ 97.962977][ T6015] ? __pfx_path_openat+0x10/0x10 [ 97.963018][ T6015] do_file_open+0x20e/0x430 [ 97.963048][ T6015] ? __pfx_do_file_open+0x10/0x10 [ 97.963101][ T6015] ? alloc_fd+0x476/0x790 [ 97.963141][ T6015] ? do_getname+0x191/0x390 [ 97.963171][ T6015] do_sys_openat2+0x10d/0x1e0 [ 97.963204][ T6015] ? __pfx_do_sys_openat2+0x10/0x10 [ 97.963238][ T6015] ? __fget_files+0x21f/0x3d0 [ 97.963286][ T6015] __x64_sys_openat+0x12d/0x210 [ 97.963315][ T6015] ? __pfx___x64_sys_openat+0x10/0x10 [ 97.963362][ T6015] do_syscall_64+0x106/0xf80 [ 97.963393][ T6015] ? clear_bhb_loop+0x40/0x90 [ 97.963437][ T6015] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 97.963463][ T6015] RIP: 0033:0x7f8a7235cfce [ 97.963485][ T6015] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 97.963510][ T6015] RSP: 002b:00007f8a73194ec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 97.963536][ T6015] RAX: ffffffffffffffda RBX: 00007f8a731956c0 RCX: 00007f8a7235cfce [ 97.963552][ T6015] RDX: 0000000000000002 RSI: 00007f8a73194f90 RDI: ffffffffffffff9c [ 97.963568][ T6015] RBP: 00007f8a72432bd9 R08: 0000000000000000 R09: 0000000000000000 [ 97.963585][ T6015] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 97.963598][ T6015] R13: 00007f8a72616038 R14: 00007f8a72615fa0 R15: 00007fff48589cb8 [ 97.963632][ T6015] [ 98.474947][ T6024] __vm_enough_memory: pid: 6024, comm: syz.0.21, bytes: 4398046511104 not enough memory for the allocation [ 98.537419][ T6026] __vm_enough_memory: pid: 6026, comm: syz.3.22, bytes: 4398046511104 not enough memory for the allocation [ 99.827177][ T51] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 100.089660][ T6039] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 101.095779][ T6058] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 101.399353][ T6067] __vm_enough_memory: pid: 6067, comm: syz.1.30, bytes: 4398046511104 not enough memory for the allocation [ 101.705063][ T6038] kexec: Could not allocate control_code_buffer [ 102.095010][ T6080] __vm_enough_memory: pid: 6080, comm: syz.1.32, bytes: 4398046511104 not enough memory for the allocation [ 103.150307][ T51] Bluetooth: hci0: ACL packet for unknown connection handle 0 [ 105.604149][ T6095] kexec: Could not allocate control_code_buffer [ 105.990626][ T6132] __vm_enough_memory: pid: 6132, comm: syz.3.40, bytes: 4398046511104 not enough memory for the allocation [ 107.042747][ T29] audit: type=1800 audit(4294967297.390:2): pid=6154 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.46" name="dbroot" dev="configfs" ino=9356 res=0 errno=0 [ 107.070055][ T6154] netlink: 12 bytes leftover after parsing attributes in process `syz.3.46'. [ 107.134155][ T6157] netlink: 8 bytes leftover after parsing attributes in process `syz.3.46'. [ 109.136302][ T51] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 109.600229][ T6194] __vm_enough_memory: pid: 6194, comm: syz.0.54, bytes: 4398046511104 not enough memory for the allocation [ 110.151041][ T6206] __vm_enough_memory: pid: 6206, comm: syz.1.55, bytes: 4398046511104 not enough memory for the allocation [ 111.486843][ T6232] netlink: 4 bytes leftover after parsing attributes in process `syz.2.59'. [ 111.511643][ T6232] netlink: 'syz.2.59': attribute type 1 has an invalid length. [ 111.545126][ T6232] netlink: 5 bytes leftover after parsing attributes in process `syz.2.59'. [ 112.165200][ T6249] __vm_enough_memory: pid: 6249, comm: syz.3.64, bytes: 4398046511104 not enough memory for the allocation [ 113.203899][ T6259] Invalid ELF header magic: != ELF [ 113.839731][ T51] Bluetooth: hci1: ACL packet for unknown connection handle 0 [ 114.294127][ T6278] __vm_enough_memory: pid: 6278, comm: syz.0.68, bytes: 4398046511104 not enough memory for the allocation [ 114.806967][ T6288] __vm_enough_memory: pid: 6288, comm: syz.3.70, bytes: 4398046511104 not enough memory for the allocation [ 117.102917][ T6271] kexec: Could not allocate control_code_buffer [ 117.658600][ T6331] __vm_enough_memory: pid: 6331, comm: syz.1.77, bytes: 4398046511104 not enough memory for the allocation [ 118.122724][ T6330] usb usb24: usbfs: process 6330 (syz.2.78) did not claim interface 0 before use [ 118.363885][ T6343] __vm_enough_memory: pid: 6343, comm: syz.3.79, bytes: 4398046511104 not enough memory for the allocation [ 118.627156][ T6349] __vm_enough_memory: pid: 6349, comm: syz.0.81, bytes: 4398046511104 not enough memory for the allocation [ 121.517746][ T6375] kexec: Could not allocate control_code_buffer [ 121.558244][ T6396] __vm_enough_memory: pid: 6396, comm: syz.3.89, bytes: 4398046511104 not enough memory for the allocation [ 122.420504][ T6404] FAULT_INJECTION: forcing a failure. [ 122.420504][ T6404] name failslab, interval 1, probability 0, space 0, times 0 [ 122.597844][ T6404] CPU: 0 UID: 0 PID: 6404 Comm: syz.0.91 Tainted: G L syzkaller #0 PREEMPT(full) [ 122.597892][ T6404] Tainted: [L]=SOFTLOCKUP [ 122.597900][ T6404] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 122.597916][ T6404] Call Trace: [ 122.597925][ T6404] [ 122.597937][ T6404] dump_stack_lvl+0x100/0x190 [ 122.598014][ T6404] should_fail_ex.cold+0x5/0xa [ 122.598049][ T6404] should_failslab+0xc2/0x120 [ 122.598076][ T6404] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 122.598115][ T6404] ? sk_prot_alloc+0x60/0x2a0 [ 122.598158][ T6404] sk_prot_alloc+0x60/0x2a0 [ 122.598197][ T6404] sk_alloc+0x36/0xe80 [ 122.598226][ T6404] tipc_sk_create+0xf9/0x2420 [ 122.598277][ T6404] ? find_held_lock+0x2b/0x80 [ 122.598302][ T6404] ? __sock_create+0x2f3/0x860 [ 122.598340][ T6404] ? __sock_create+0x2f3/0x860 [ 122.598383][ T6404] __sock_create+0x339/0x860 [ 122.598428][ T6404] __sys_socket+0x14d/0x260 [ 122.598469][ T6404] ? __pfx___sys_socket+0x10/0x10 [ 122.598519][ T6404] __x64_sys_socket+0x72/0xb0 [ 122.598558][ T6404] ? lockdep_hardirqs_on+0x78/0x100 [ 122.598622][ T6404] do_syscall_64+0x106/0xf80 [ 122.598661][ T6404] ? clear_bhb_loop+0x40/0x90 [ 122.598696][ T6404] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.598725][ T6404] RIP: 0033:0x7fcb04b9c799 [ 122.598756][ T6404] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 122.598783][ T6404] RSP: 002b:00007fcb05ad9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 122.598815][ T6404] RAX: ffffffffffffffda RBX: 00007fcb04e15fa0 RCX: 00007fcb04b9c799 [ 122.598833][ T6404] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 000000000000001e [ 122.598850][ T6404] RBP: 00007fcb04c32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 122.598867][ T6404] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 122.598884][ T6404] R13: 00007fcb04e16038 R14: 00007fcb04e15fa0 R15: 00007ffce273aaf8 [ 122.598921][ T6404] [ 126.007423][ T6469] Invalid ELF header magic: != ELF [ 127.348567][ C1] vcan0: j1939_tp_rxtimer: 0xffff88807ad79c00: rx timeout, send abort [ 127.358550][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88807ad79c00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 127.935122][ T6482] __vm_enough_memory: pid: 6482, comm: syz.3.104, bytes: 4398046511104 not enough memory for the allocation [ 128.750250][ T6454] kexec: Could not allocate control_code_buffer [ 128.788844][ T6496] __vm_enough_memory: pid: 6496, comm: syz.1.107, bytes: 4398046511104 not enough memory for the allocation [ 131.611967][ T6539] Invalid ELF header magic: != ELF [ 131.685322][ T51] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 131.974317][ T6543] __vm_enough_memory: pid: 6543, comm: syz.1.118, bytes: 4398046511104 not enough memory for the allocation [ 132.899760][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.909383][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.217093][ T6549] kexec: Could not allocate control_code_buffer [ 134.388488][ T6574] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 134.839926][ T6581] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 134.888412][ T6580] FAULT_INJECTION: forcing a failure. [ 134.888412][ T6580] name failslab, interval 1, probability 0, space 0, times 0 [ 134.908282][ T6581] ecryptfs_miscdev_write: Acceptable packet size range is [6-531], but amount of data written is [1]. [ 134.930199][ T6580] CPU: 1 UID: 0 PID: 6580 Comm: syz.2.125 Tainted: G L syzkaller #0 PREEMPT(full) [ 134.930243][ T6580] Tainted: [L]=SOFTLOCKUP [ 134.930253][ T6580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 134.930268][ T6580] Call Trace: [ 134.930278][ T6580] [ 134.930289][ T6580] dump_stack_lvl+0x100/0x190 [ 134.930334][ T6580] should_fail_ex.cold+0x5/0xa [ 134.930364][ T6580] should_failslab+0xc2/0x120 [ 134.930391][ T6580] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 134.930427][ T6580] ? __proc_create+0x2cb/0x8c0 [ 134.930470][ T6580] __proc_create+0x2cb/0x8c0 [ 134.930508][ T6580] ? __pfx___proc_create+0x10/0x10 [ 134.930555][ T6580] ? _raw_write_unlock+0x28/0x50 [ 134.930586][ T6580] ? proc_register+0x559/0x8a0 [ 134.930641][ T6580] proc_create_reg+0x75/0x170 [ 134.930686][ T6580] proc_create_net_data+0x8e/0x1c0 [ 134.930722][ T6580] ? __pfx_proc_create_net_data+0x10/0x10 [ 134.930766][ T6580] ? __pfx_kcm_proc_init_net+0x10/0x10 [ 134.930796][ T6580] kcm_proc_init_net+0xa3/0x120 [ 134.930824][ T6580] ops_init+0x1e2/0x5f0 [ 134.930863][ T6580] setup_net+0x118/0x3a0 [ 134.930896][ T6580] ? __pfx_setup_net+0x10/0x10 [ 134.930927][ T6580] ? lockdep_init_map_type+0x5c/0x250 [ 134.930965][ T6580] ? mutex_init_lockep+0x110/0x150 [ 134.931007][ T6580] copy_net_ns+0x46f/0x7c0 [ 134.931046][ T6580] create_new_namespaces+0x3ea/0xac0 [ 134.931083][ T6580] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 134.931120][ T6580] ksys_unshare+0x473/0xad0 [ 134.931157][ T6580] ? __pfx_ksys_unshare+0x10/0x10 [ 134.931204][ T6580] __x64_sys_unshare+0x31/0x40 [ 134.931234][ T6580] do_syscall_64+0x106/0xf80 [ 134.931262][ T6580] ? clear_bhb_loop+0x40/0x90 [ 134.931293][ T6580] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 134.931327][ T6580] RIP: 0033:0x7f96ab19c799 [ 134.931351][ T6580] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 134.931378][ T6580] RSP: 002b:00007f96ac02d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 134.931404][ T6580] RAX: ffffffffffffffda RBX: 00007f96ab416090 RCX: 00007f96ab19c799 [ 134.931423][ T6580] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 134.931439][ T6580] RBP: 00007f96ab232bd9 R08: 0000000000000000 R09: 0000000000000000 [ 134.931456][ T6580] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 134.931472][ T6580] R13: 00007f96ab416128 R14: 00007f96ab416090 R15: 00007ffe5f404d18 [ 134.931511][ T6580] [ 136.214483][ T6600] netlink: 186 bytes leftover after parsing attributes in process `syz.3.129'. [ 137.202998][ T6615] netlink: 326 bytes leftover after parsing attributes in process `syz.0.132'. [ 137.227009][ T6617] mmap: syz.3.133 (6617) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 137.540779][ T6609] Invalid ELF header magic: != ELF [ 138.981058][ T6642] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 139.908655][ T6650] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 140.342788][ T6631] kexec: Could not allocate control_code_buffer [ 140.376661][ T6649] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 140.395214][ T6649] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 140.449351][ T6649] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 140.486614][ T6649] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 140.501034][ T6649] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 140.545869][ T6649] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 140.626882][ T6649] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 140.654304][ T6649] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 140.740928][ T6649] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 140.748578][ T6649] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 140.757373][ T6649] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 140.776274][ T6669] __vm_enough_memory: pid: 6669, comm: syz.1.142, bytes: 4398046511104 not enough memory for the allocation [ 140.789632][ T6668] __vm_enough_memory: pid: 6668, comm: syz.2.141, bytes: 4398046511104 not enough memory for the allocation [ 140.817433][ T6649] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 141.739329][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 142.559501][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 142.640013][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 142.810367][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 143.401445][ T6721] __vm_enough_memory: pid: 6721, comm: syz.2.153, bytes: 4398046511104 not enough memory for the allocation [ 143.596835][ T6713] netlink: NAT attribute has 1 unknown bytes [ 143.783822][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 144.026855][ T6727] bond0: invalid ARP target specified [ 144.037425][ T6728] __vm_enough_memory: pid: 6728, comm: syz.0.154, bytes: 4398046511104 not enough memory for the allocation [ 144.050477][ T6727] bond0: invalid ARP target specified [ 144.638519][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 144.719743][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 144.878428][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 145.850470][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 146.547125][ T6771] __vm_enough_memory: pid: 6771, comm: syz.1.166, bytes: 4398046511104 not enough memory for the allocation [ 146.717465][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 146.774801][ T6777] Console: switching to colour VGA+ 80x25 [ 146.798937][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 146.958393][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 148.025593][ T6801] FAULT_INJECTION: forcing a failure. [ 148.025593][ T6801] name failslab, interval 1, probability 0, space 0, times 0 [ 148.074066][ T6801] CPU: 0 UID: 0 PID: 6801 Comm: syz.3.173 Tainted: G L syzkaller #0 PREEMPT(full) [ 148.074093][ T6801] Tainted: [L]=SOFTLOCKUP [ 148.074098][ T6801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 148.074107][ T6801] Call Trace: [ 148.074112][ T6801] [ 148.074119][ T6801] dump_stack_lvl+0x100/0x190 [ 148.074145][ T6801] should_fail_ex.cold+0x5/0xa [ 148.074164][ T6801] should_failslab+0xc2/0x120 [ 148.074179][ T6801] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 148.074199][ T6801] ? shmem_alloc_inode+0x25/0x50 [ 148.074215][ T6801] ? __lock_acquire+0x4a5/0x2630 [ 148.074233][ T6801] ? __pfx_shmem_alloc_inode+0x10/0x10 [ 148.074249][ T6801] shmem_alloc_inode+0x25/0x50 [ 148.074263][ T6801] alloc_inode+0x68/0x250 [ 148.074281][ T6801] new_inode+0x22/0x1c0 [ 148.074300][ T6801] shmem_get_inode+0x212/0x1040 [ 148.074320][ T6801] ? __pfx_shmem_get_inode+0x10/0x10 [ 148.074336][ T6801] ? rcu_is_watching+0x12/0xc0 [ 148.074356][ T6801] ? percpu_counter_add_batch+0xb9/0x230 [ 148.074385][ T6801] __shmem_file_setup+0x3ac/0x490 [ 148.074404][ T6801] ? __pfx___shmem_file_setup+0x10/0x10 [ 148.074425][ T6801] ? vm_area_alloc+0x1f/0x160 [ 148.074445][ T6801] shmem_zero_setup+0x96/0x1b0 [ 148.074466][ T6801] __mmap_region+0x2198/0x29e0 [ 148.074489][ T6801] ? __pfx___mmap_region+0x10/0x10 [ 148.074507][ T6801] ? process_measurement+0x1f4/0x2350 [ 148.074558][ T6801] ? lockdep_hardirqs_on+0x78/0x100 [ 148.074575][ T6801] ? finish_task_switch.isra.0+0x205/0xb80 [ 148.074600][ T6801] ? rcu_is_watching+0x12/0xc0 [ 148.074647][ T6801] ? rcu_is_watching+0x12/0xc0 [ 148.074668][ T6801] ? cap_capable+0x107/0x460 [ 148.074691][ T6801] mmap_region+0x180/0x3e0 [ 148.074715][ T6801] do_mmap+0xc63/0x12f0 [ 148.074733][ T6801] ? __pfx_do_mmap+0x10/0x10 [ 148.074748][ T6801] ? __pfx_down_write_killable+0x10/0x10 [ 148.074770][ T6801] vm_mmap_pgoff+0x29e/0x470 [ 148.074789][ T6801] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 148.074805][ T6801] ? do_futex+0x192/0x350 [ 148.074823][ T6801] ? __pfx_do_futex+0x10/0x10 [ 148.074844][ T6801] ksys_mmap_pgoff+0xe1/0x650 [ 148.074858][ T6801] ? __x64_sys_futex+0x34f/0x4d0 [ 148.074875][ T6801] ? __x64_sys_futex+0x358/0x4d0 [ 148.074893][ T6801] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 148.074907][ T6801] ? xfd_validate_state+0x129/0x190 [ 148.074931][ T6801] __x64_sys_mmap+0x125/0x190 [ 148.074954][ T6801] do_syscall_64+0x106/0xf80 [ 148.074974][ T6801] ? clear_bhb_loop+0x40/0x90 [ 148.074993][ T6801] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 148.075008][ T6801] RIP: 0033:0x7f6efa99c799 [ 148.075022][ T6801] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 148.075036][ T6801] RSP: 002b:00007f6efb84f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 148.075050][ T6801] RAX: ffffffffffffffda RBX: 00007f6efac15fa0 RCX: 00007f6efa99c799 [ 148.075060][ T6801] RDX: 00000000000000df RSI: 000000000000e983 RDI: 0000000000000000 [ 148.075069][ T6801] RBP: 00007f6efaa32bd9 R08: 0000000000000401 R09: 0000000000008000 [ 148.075078][ T6801] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 148.075086][ T6801] R13: 00007f6efac16038 R14: 00007f6efac15fa0 R15: 00007ffecbc47b78 [ 148.075106][ T6801] [ 149.175961][ T6813] block nbd8: shutting down sockets [ 149.444752][ T6819] __vm_enough_memory: pid: 6819, comm: syz.0.176, bytes: 4398046511104 not enough memory for the allocation [ 150.130354][ T6779] kexec: Could not allocate control_code_buffer [ 150.392720][ T6833] __vm_enough_memory: pid: 6833, comm: syz.0.179, bytes: 4398046511104 not enough memory for the allocation [ 150.491792][ T29] audit: type=1400 audit(4294968363.873:3): apparmor="DENIED" operation="setprocattr" info="invalid" error=-22 profile="unconfined" pid=6835 comm="syz.3.182" [ 150.681893][ T6837] Invalid ELF header magic: != ELF [ 150.715373][ T29] audit: type=1800 audit(4294968364.093:4): pid=6840 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.183" name="dbroot" dev="configfs" ino=13660 res=0 errno=0 [ 151.912378][ T6872] __vm_enough_memory: pid: 6872, comm: syz.2.188, bytes: 4398046511104 not enough memory for the allocation [ 152.394053][ T29] audit: type=1326 audit(4294968365.692:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6867 comm="syz.0.189" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fcb04b9c799 code=0x0 [ 152.942106][ T6891] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 152.942106][ T6891] The task syz.0.189 (6891) triggered the difference, watch for misbehavior. [ 153.203532][ T6887] syz.1.191 (6887) used greatest stack depth: 19672 bytes left [ 153.443284][ T6899] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 153.449404][ T6899] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 153.479977][ T6899] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 153.519922][ T6902] netlink: 4 bytes leftover after parsing attributes in process `syz.3.194'. [ 153.537286][ T6899] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 153.558815][ T6902] netlink: 354 bytes leftover after parsing attributes in process `syz.3.194'. [ 154.573646][ T6923] __vm_enough_memory: pid: 6923, comm: syz.1.199, bytes: 4398046511104 not enough memory for the allocation [ 155.540898][ T5830] Bluetooth: hci1: command 0x0c1a tx timeout [ 155.546979][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 155.553605][ T5830] Bluetooth: hci0: command 0x0c1a tx timeout [ 155.602143][ T5838] Bluetooth: hci3: command 0x0c1a tx timeout [ 156.182057][ T6929] Setting dangerous option i915.mitigations - tainting kernel [ 157.926628][ T6962] ================================================================== [ 157.926646][ T6962] BUG: KASAN: slab-out-of-bounds in fbcon_prepare_logo+0x94e/0xc60 [ 157.926674][ T6962] Read of size 256 at addr ffff888032da7f60 by task syz.3.205/6962 [ 157.926688][ T6962] [ 157.926698][ T6962] CPU: 0 UID: 0 PID: 6962 Comm: syz.3.205 Tainted: G U L syzkaller #0 PREEMPT(full) [ 157.926719][ T6962] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 157.926726][ T6962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 157.926735][ T6962] Call Trace: [ 157.926739][ T6962] [ 157.926745][ T6962] dump_stack_lvl+0x100/0x190 [ 157.926767][ T6962] print_report+0x156/0x4c9 [ 157.926788][ T6962] ? __virt_addr_valid+0x81/0x620 [ 157.926806][ T6962] ? __phys_addr+0xe8/0x180 [ 157.926823][ T6962] ? fbcon_prepare_logo+0x94e/0xc60 [ 157.926842][ T6962] kasan_report+0xdf/0x1e0 [ 157.926856][ T6962] ? fbcon_prepare_logo+0x94e/0xc60 [ 157.926882][ T6962] kasan_check_range+0x10f/0x1e0 [ 157.926898][ T6962] __asan_memcpy+0x23/0x60 [ 157.926915][ T6962] fbcon_prepare_logo+0x94e/0xc60 [ 157.926939][ T6962] fbcon_init+0x10a0/0x1820 [ 157.926961][ T6962] visual_init+0x320/0x620 [ 157.926982][ T6962] do_bind_con_driver.isra.0+0x636/0x9c0 [ 157.926999][ T6962] store_bind+0x609/0x730 [ 157.927015][ T6962] ? __pfx_store_bind+0x10/0x10 [ 157.927029][ T6962] dev_attr_store+0x58/0x80 [ 157.927049][ T6962] ? __pfx_dev_attr_store+0x10/0x10 [ 157.927069][ T6962] sysfs_kf_write+0xf2/0x150 [ 157.927089][ T6962] kernfs_fop_write_iter+0x3e0/0x5f0 [ 157.927102][ T6962] ? __pfx_sysfs_kf_write+0x10/0x10 [ 157.927118][ T6962] iter_file_splice_write+0x830/0x10a0 [ 157.927144][ T6962] ? __pfx_iter_file_splice_write+0x10/0x10 [ 157.927168][ T6962] ? __pfx_copy_splice_read+0x10/0x10 [ 157.927194][ T6962] ? __pfx_iter_file_splice_write+0x10/0x10 [ 157.927218][ T6962] direct_splice_actor+0x192/0x6c0 [ 157.927241][ T6962] splice_direct_to_actor+0x345/0xa30 [ 157.927263][ T6962] ? __pfx_direct_splice_actor+0x10/0x10 [ 157.927286][ T6962] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 157.927310][ T6962] do_splice_direct+0x174/0x240 [ 157.927331][ T6962] ? __pfx_do_splice_direct+0x10/0x10 [ 157.927353][ T6962] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 157.927381][ T6962] ? rw_verify_area+0xce/0x6d0 [ 157.927401][ T6962] do_sendfile+0xadc/0xe20 [ 157.927423][ T6962] ? __pfx_do_sendfile+0x10/0x10 [ 157.927445][ T6962] ? __x64_sys_futex+0x34f/0x4d0 [ 157.927463][ T6962] ? __x64_sys_futex+0x358/0x4d0 [ 157.927481][ T6962] __x64_sys_sendfile64+0x1d8/0x220 [ 157.927496][ T6962] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 157.927514][ T6962] do_syscall_64+0x106/0xf80 [ 157.927530][ T6962] ? clear_bhb_loop+0x40/0x90 [ 157.927546][ T6962] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.927560][ T6962] RIP: 0033:0x7f6efa99c799 [ 157.927573][ T6962] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 157.927587][ T6962] RSP: 002b:00007f6efb80d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 157.927601][ T6962] RAX: ffffffffffffffda RBX: 00007f6efac16180 RCX: 00007f6efa99c799 [ 157.927612][ T6962] RDX: 0000000000000000 RSI: 000000000000000d RDI: 0000000000000007 [ 157.927621][ T6962] RBP: 00007f6efaa32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 157.927630][ T6962] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 157.927639][ T6962] R13: 00007f6efac16218 R14: 00007f6efac16180 R15: 00007ffecbc47b78 [ 157.927653][ T6962] [ 157.927659][ T6962] [ 157.927663][ T6962] The buggy address belongs to the physical page: [ 157.927670][ T6962] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888032da7000 pfn:0x32da4 [ 157.927688][ T6962] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 157.927700][ T6962] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 157.927720][ T6962] page_type: f8(unknown) [ 157.927733][ T6962] raw: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 157.927748][ T6962] raw: ffff888032da7000 0000000000000000 00000000f8000000 0000000000000000 [ 157.927762][ T6962] head: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 157.927775][ T6962] head: ffff888032da7000 0000000000000000 00000000f8000000 0000000000000000 [ 157.927789][ T6962] head: 00fff00000000002 ffffea0000cb6901 00000000ffffffff 00000000ffffffff [ 157.927802][ T6962] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 157.927810][ T6962] page dumped because: kasan: bad access detected [ 157.927824][ T6962] page_owner tracks the page as allocated [ 157.927829][ T6962] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x140dc0(GFP_USER|__GFP_ZERO|__GFP_COMP), pid 6962, tgid 6956 (syz.3.205), ts 157847011761, free_ts 149299181141 [ 157.927855][ T6962] post_alloc_hook+0x153/0x170 [ 157.927878][ T6962] get_page_from_freelist+0x111d/0x3140 [ 157.927897][ T6962] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 157.927916][ T6962] alloc_pages_mpol+0x1fb/0x550 [ 157.927929][ T6962] ___kmalloc_large_node+0x104/0x150 [ 157.927943][ T6962] __kmalloc_large_node_noprof+0x1c/0x70 [ 157.927958][ T6962] __kmalloc_noprof+0x5be/0x850 [ 157.927976][ T6962] vc_do_resize+0x1da/0x10f0 [ 157.927989][ T6962] fbcon_init+0x10ba/0x1820 [ 157.928008][ T6962] visual_init+0x320/0x620 [ 157.928028][ T6962] do_bind_con_driver.isra.0+0x636/0x9c0 [ 157.928042][ T6962] store_bind+0x609/0x730 [ 157.928055][ T6962] dev_attr_store+0x58/0x80 [ 157.928074][ T6962] sysfs_kf_write+0xf2/0x150 [ 157.928088][ T6962] kernfs_fop_write_iter+0x3e0/0x5f0 [ 157.928100][ T6962] iter_file_splice_write+0x830/0x10a0 [ 157.928121][ T6962] page last free pid 5196 tgid 5196 stack trace: [ 157.928129][ T6962] __free_frozen_pages+0x7e1/0x10d0 [ 157.928143][ T6962] qlist_free_all+0x47/0xe0 [ 157.928160][ T6962] kasan_quarantine_reduce+0x1a0/0x1f0 [ 157.928179][ T6962] __kasan_slab_alloc+0x69/0x90 [ 157.928198][ T6962] __kmalloc_noprof+0x2b9/0x850 [ 157.928216][ T6962] tomoyo_realpath_from_path+0xb6/0x690 [ 157.928230][ T6962] tomoyo_path_perm+0x276/0x460 [ 157.928249][ T6962] security_inode_getattr+0x116/0x280 [ 157.928268][ T6962] vfs_fstat+0x4b/0xe0 [ 157.928281][ T6962] __do_sys_newfstat+0x8b/0x110 [ 157.928295][ T6962] do_syscall_64+0x106/0xf80 [ 157.928309][ T6962] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.928323][ T6962] [ 157.928326][ T6962] Memory state around the buggy address: [ 157.928333][ T6962] ffff888032da7e00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 157.928343][ T6962] ffff888032da7e80: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 157.928353][ T6962] >ffff888032da7f00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 157.928361][ T6962] ^ [ 157.928376][ T6962] ffff888032da7f80: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 157.928386][ T6962] ffff888032da8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 157.928394][ T6962] ================================================================== [ 157.942079][ T6962] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 157.942110][ T6962] CPU: 0 UID: 0 PID: 6962 Comm: syz.3.205 Tainted: G U L syzkaller #0 PREEMPT(full) [ 157.942155][ T6962] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 157.942166][ T6962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 157.942182][ T6962] Call Trace: [ 157.942190][ T6962] [ 157.942201][ T6962] dump_stack_lvl+0x100/0x190 [ 157.942242][ T6962] vpanic+0x552/0x970 [ 157.942265][ T6962] ? __pfx_vpanic+0x10/0x10 [ 157.942295][ T6962] ? fbcon_prepare_logo+0x94e/0xc60 [ 157.942333][ T6962] panic+0xd1/0xe0 [ 157.942395][ T6962] ? __pfx_panic+0x10/0x10 [ 157.942422][ T6962] ? fbcon_prepare_logo+0x94e/0xc60 [ 157.942461][ T6962] ? preempt_schedule_common+0x42/0xc0 [ 157.942495][ T6962] check_panic_on_warn.cold+0x19/0x34 [ 157.942524][ T6962] end_report.part.0+0x3a/0x90 [ 157.942561][ T6962] kasan_report.cold+0xe/0x18 [ 157.942604][ T6962] ? fbcon_prepare_logo+0x94e/0xc60 [ 157.942648][ T6962] kasan_check_range+0x10f/0x1e0 [ 157.942681][ T6962] __asan_memcpy+0x23/0x60 [ 157.942715][ T6962] fbcon_prepare_logo+0x94e/0xc60 [ 157.942761][ T6962] fbcon_init+0x10a0/0x1820 [ 157.942803][ T6962] visual_init+0x320/0x620 [ 157.942844][ T6962] do_bind_con_driver.isra.0+0x636/0x9c0 [ 157.942875][ T6962] store_bind+0x609/0x730 [ 157.942908][ T6962] ? __pfx_store_bind+0x10/0x10 [ 157.942938][ T6962] dev_attr_store+0x58/0x80 [ 157.942979][ T6962] ? __pfx_dev_attr_store+0x10/0x10 [ 157.943018][ T6962] sysfs_kf_write+0xf2/0x150 [ 157.943050][ T6962] kernfs_fop_write_iter+0x3e0/0x5f0 [ 157.943077][ T6962] ? __pfx_sysfs_kf_write+0x10/0x10 [ 157.943112][ T6962] iter_file_splice_write+0x830/0x10a0 [ 157.943163][ T6962] ? __pfx_iter_file_splice_write+0x10/0x10 [ 157.943209][ T6962] ? __pfx_copy_splice_read+0x10/0x10 [ 157.943259][ T6962] ? __pfx_iter_file_splice_write+0x10/0x10 [ 157.943301][ T6962] direct_splice_actor+0x192/0x6c0 [ 157.943353][ T6962] splice_direct_to_actor+0x345/0xa30 [ 157.943393][ T6962] ? __pfx_direct_splice_actor+0x10/0x10 [ 157.943435][ T6962] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 157.943478][ T6962] do_splice_direct+0x174/0x240 [ 157.943519][ T6962] ? __pfx_do_splice_direct+0x10/0x10 [ 157.943559][ T6962] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 157.943601][ T6962] ? rw_verify_area+0xce/0x6d0 [ 157.943640][ T6962] do_sendfile+0xadc/0xe20 [ 157.943682][ T6962] ? __pfx_do_sendfile+0x10/0x10 [ 157.943723][ T6962] ? __x64_sys_futex+0x34f/0x4d0 [ 157.943758][ T6962] ? __x64_sys_futex+0x358/0x4d0 [ 157.943794][ T6962] __x64_sys_sendfile64+0x1d8/0x220 [ 157.943823][ T6962] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 157.943858][ T6962] do_syscall_64+0x106/0xf80 [ 157.943888][ T6962] ? clear_bhb_loop+0x40/0x90 [ 157.943920][ T6962] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.943949][ T6962] RIP: 0033:0x7f6efa99c799 [ 157.943973][ T6962] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 157.944000][ T6962] RSP: 002b:00007f6efb80d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 157.944029][ T6962] RAX: ffffffffffffffda RBX: 00007f6efac16180 RCX: 00007f6efa99c799 [ 157.944046][ T6962] RDX: 0000000000000000 RSI: 000000000000000d RDI: 0000000000000007 [ 157.944062][ T6962] RBP: 00007f6efaa32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 157.944077][ T6962] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 157.944094][ T6962] R13: 00007f6efac16218 R14: 00007f6efac16180 R15: 00007ffecbc47b78 [ 157.944122][ T6962] [ 157.944385][ T6962] Kernel Offset: disabled