last executing test programs: 16.123139805s ago: executing program 0 (id=32): socket(0x2, 0x1, 0x106) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000040), 0xffffffffffffffff) bind$auto(0x3, 0x0, 0x6c) r1 = io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x3, 0xdf, 0x9b72, 0x2, 0x8000) r2 = io_uring_setup$auto(0x1, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x4, 0x0) r3 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) write$auto(r3, 0x0, 0xe) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x801, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_GTP_CMD_NEWPDP(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x24, 0x0, 0x1, 0x70bd27, 0x25dfdbfe, {}, [@GTPA_LINK={0x8, 0x1, 0xffffffff}, @GTPA_VERSION={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x20040850}, 0x4048040) sendmsg$auto_GTP_CMD_NEWPDP(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, 0x0, 0x20, 0x70bd2d, 0x25dfdbfe, {}, [@GTPA_NET_NS_FD={0x8, 0x7, r2}, @GTPA_I_TEI={0x8, 0x8, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x4080) setsockopt$auto(0x3, 0x10000000084, 0x85, 0x0, 0x90) syz_genetlink_get_family_id$auto_nl80211(0x0, r1) 15.865302768s ago: executing program 0 (id=33): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) socket(0xa, 0x1, 0x100) ioperm$auto(0x7, 0x5ad2, 0x8) r0 = open(0x0, 0x29642, 0x2) modify_ldt$auto(0x1, 0x0, 0x10) socket(0x22, 0xa, 0x100) r1 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121902, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = socket(0x21, 0x800, 0x6) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0x101, 0x0, 0x0, &(0x7f00000002c0)={[0x2, 0xa, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x7, 0xffffffffffffffff, 0x62, 0x8000201f, 0x7, 0x6d3d, 0x9, 0x2, 0x8000006]}, 0x0) recvfrom$auto(r1, &(0x7f0000000180)="7c85620f4a263773c8393b9112e834be2372fe4a054f27a66f40f019f571de850e8fdeed6313e42b8b368bae70d418481bac6b420be85d13b6244295e474775d550f281e2febc4a9a6086a43af1bf2fc77c810526c10e9c6e8a6f89c46486ef24c6b9021de5c54", 0x3ff, 0x73, &(0x7f0000000200)=@l2tp={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x39}}, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x60800, 0x0) read$auto_vmwgfx_driver_fops_vmwgfx_drv(r0, &(0x7f0000000380)=""/65, 0x41) pread64$auto(r3, &(0x7f0000000240)='/dev/bus/usb/010/081\x00', 0x2, 0xfff) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x802, 0x1) socket(0x2a, 0x5, 0x0) socketpair$auto(0x1e, 0x1, 0x0, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/bus/usb/010/001\x00', 0x800, 0x0) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0xa200, 0x0) ioctl$auto_TIOCSETD2(r4, 0x5423, 0x0) ioctl$auto_TCFLSH2(r4, 0x8924, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x100000000000002, 0x35, 0x17, 0xffffffffffffffff, 0x6) 14.013792208s ago: executing program 0 (id=49): fcntl$auto(0xffffffffffffffff, 0x409, 0x40003f) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x47, 0x4a}) unshare$auto(0x40000080) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x7, 0x4008) close_range$auto(0x2, 0x8, 0x0) write$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000000)='-7', 0x3a) waitid$auto_P_PID(0x1, 0xffffffffffffffff, &(0x7f0000000240)={@_si_pad}, 0x80000001, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket(0x10, 0x2, 0x0) r0 = fanotify_init$auto(0xba, 0x0) fanotify_mark$auto(r0, 0x205, 0x100002, 0x4, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mremap$auto(0x0, 0xffffffffffffffff, 0x3fd6, 0x3, 0x7fffffffb000) io_uring_setup$auto(0x7, 0x0) prctl$auto(0x23, 0x200000000000009, 0x7fffffffefff, 0x0, 0x0) socket(0xa, 0x2, 0x3a) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80802, 0x0) r1 = socket(0x2b, 0x1, 0x0) bind$auto(0xffffffffffffffff, 0x0, 0x1) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @loopback}, 0x6a) writev$auto(0xffffffffffffffff, 0x0, 0x1) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x3, 0x20000000) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) 12.625814117s ago: executing program 0 (id=45): close_range$auto(0x2, 0x8, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cgroup.threads\x00', 0x80302, 0x0) preadv$auto(0x3, &(0x7f0000000040)={0x0, 0x5}, 0x3, 0xf8, 0x3ff) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) mkdir$auto(0x0, 0x353) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_CREATE_VM(r1, 0xae80, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto(0x3, 0xae41, r3) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) unshare$auto(0x40000080) mmap$auto(0xfffffffffffffffe, 0x580f, 0x4, 0x8000000008011, 0x3, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xe0002, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x2, 0x73) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20b42, 0x0) 11.595716747s ago: executing program 0 (id=56): socket(0x2, 0x1, 0x106) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000040), 0xffffffffffffffff) bind$auto(0x3, 0x0, 0x6c) r1 = io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x3, 0xdf, 0x9b72, 0x2, 0x8000) r2 = io_uring_setup$auto(0x1, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x4, 0x0) r3 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) write$auto(r3, 0x0, 0xe) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x801, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_GTP_CMD_NEWPDP(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x24, 0x0, 0x1, 0x70bd27, 0x25dfdbfe, {}, [@GTPA_LINK={0x8, 0x1, 0xffffffff}, @GTPA_VERSION={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x20040850}, 0x4048040) sendmsg$auto_GTP_CMD_NEWPDP(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, 0x0, 0x20, 0x70bd2d, 0x25dfdbfe, {}, [@GTPA_NET_NS_FD={0x8, 0x7, r2}, @GTPA_I_TEI={0x8, 0x8, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x4080) setsockopt$auto(0x3, 0x10000000084, 0x85, 0x0, 0x90) syz_genetlink_get_family_id$auto_nl80211(0x0, r1) 10.579490593s ago: executing program 0 (id=58): openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptye9\x00', 0x109000, 0x0) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f00000000c0), r0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0x8000, 0x0) read$auto_minstrel_ht_stat_fops_rc80211_minstrel_ht_debugfs(0xffffffffffffffff, 0x0, 0x0) r3 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000980)='/dev/ttye9\x00', 0x102, 0x0) timer_settime$auto(0x7, 0x0, &(0x7f0000000100)={{0xa77, 0xce}, {0x5, 0x32a7}}, &(0x7f00000001c0)={{0x5b57, 0x1}, {0x6, 0x6}}) sendfile$auto(r3, r2, 0x0, 0x10000) ioctl$auto(0xffffffffffffffff, 0x4, 0xffffffffffffffff) mmap$auto(0x8, 0x400000002020009, 0xfc, 0x18, r1, 0x10000000009) close_range$auto(0x2, 0x8, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, r0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x40009, 0x9, 0x9b72, 0x7, 0x28000) r4 = openat$auto_ftrace_avail_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/available_events\x00', 0x0, 0x0) preadv$auto(r4, &(0x7f0000000100)={&(0x7f0000000040), 0x82}, 0x8, 0xe637, 0x6) madvise$auto(0x0, 0x7ffffffffffffffc, 0xc) mremap$auto(0x4000, 0xfee0, 0x3fd6, 0x3, 0xfffff000) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2506, &(0x7f00000002c0)={0x0, 0xac}, 0x5, 0x0, 0x1, 0x3a32182}, 0xed7138b}, 0x2, 0x9) ppoll$auto(&(0x7f0000000040)={0xffffffffffffffff, 0x9, 0x5}, 0x9, 0x0, 0x0, 0x8) write$auto(r5, &(0x7f0000000200)='ns/net\x00\x8b\x97\x97\x02 \xe4\xa92\xf3N', 0xe61d) recvmmsg$auto(0x4, 0x0, 0x7, 0xe, 0x0) recvfrom$auto(0x4, 0x0, 0x101d0, 0x3ffffd, 0x0, 0x0) 10.121574052s ago: executing program 32 (id=58): openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptye9\x00', 0x109000, 0x0) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f00000000c0), r0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0x8000, 0x0) read$auto_minstrel_ht_stat_fops_rc80211_minstrel_ht_debugfs(0xffffffffffffffff, 0x0, 0x0) r3 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000980)='/dev/ttye9\x00', 0x102, 0x0) timer_settime$auto(0x7, 0x0, &(0x7f0000000100)={{0xa77, 0xce}, {0x5, 0x32a7}}, &(0x7f00000001c0)={{0x5b57, 0x1}, {0x6, 0x6}}) sendfile$auto(r3, r2, 0x0, 0x10000) ioctl$auto(0xffffffffffffffff, 0x4, 0xffffffffffffffff) mmap$auto(0x8, 0x400000002020009, 0xfc, 0x18, r1, 0x10000000009) close_range$auto(0x2, 0x8, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, r0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x40009, 0x9, 0x9b72, 0x7, 0x28000) r4 = openat$auto_ftrace_avail_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/available_events\x00', 0x0, 0x0) preadv$auto(r4, &(0x7f0000000100)={&(0x7f0000000040), 0x82}, 0x8, 0xe637, 0x6) madvise$auto(0x0, 0x7ffffffffffffffc, 0xc) mremap$auto(0x4000, 0xfee0, 0x3fd6, 0x3, 0xfffff000) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2506, &(0x7f00000002c0)={0x0, 0xac}, 0x5, 0x0, 0x1, 0x3a32182}, 0xed7138b}, 0x2, 0x9) ppoll$auto(&(0x7f0000000040)={0xffffffffffffffff, 0x9, 0x5}, 0x9, 0x0, 0x0, 0x8) write$auto(r5, &(0x7f0000000200)='ns/net\x00\x8b\x97\x97\x02 \xe4\xa92\xf3N', 0xe61d) recvmmsg$auto(0x4, 0x0, 0x7, 0xe, 0x0) recvfrom$auto(0x4, 0x0, 0x101d0, 0x3ffffd, 0x0, 0x0) 7.88771395s ago: executing program 1 (id=68): fcntl$auto(0xffffffffffffffff, 0x409, 0x40003f) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x47, 0x4a}) unshare$auto(0x40000080) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x7, 0x4008) close_range$auto(0x2, 0x8, 0x0) write$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000000)='-7', 0x3a) waitid$auto_P_PID(0x1, 0xffffffffffffffff, &(0x7f0000000240)={@_si_pad}, 0x80000001, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket(0x10, 0x2, 0x0) r0 = fanotify_init$auto(0xba, 0x0) fanotify_mark$auto(r0, 0x205, 0x100002, 0x4, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mremap$auto(0x0, 0xffffffffffffffff, 0x3fd6, 0x3, 0x7fffffffb000) io_uring_setup$auto(0x7, 0x0) prctl$auto(0x23, 0x200000000000009, 0x7fffffffefff, 0x0, 0x0) socket(0xa, 0x2, 0x3a) openat$auto_proc_pid_cmdline_ops_base(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/cmdline\x00', 0x60502, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80802, 0x0) r1 = socket(0x2b, 0x1, 0x0) bind$auto(0xffffffffffffffff, 0x0, 0x1) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @loopback}, 0x6a) writev$auto(0xffffffffffffffff, 0x0, 0x1) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x3, 0x20000000) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) 4.337726357s ago: executing program 3 (id=74): socket(0x1e, 0x4, 0x0) rseq$auto(&(0x7f0000000300)={0xe, 0x401, 0x0, 0x6, 0xffffffff, 0x2}, 0x8000, 0x0, 0x6) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000000), r0) mmap$auto(0x0, 0x2000d, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, r0, 0x0) socket(0x80000000000000a, 0x2, 0x0) r1 = socket(0xa, 0x801, 0x84) close_range$auto(0x2, 0x8, 0x0) r2 = io_uring_setup$auto(0x6, 0x0) r3 = socket(0x2, 0x5, 0x0) openat$auto_bridges_fops_(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/dri/0000:00:02.0/encoder-0/bridges\x00', 0x84941, 0x0) close_range$auto(r2, r3, 0x0) socket(0x2, 0x80002, 0x73) socket(0x2, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(r3, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1a000}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) getsockopt$auto(r1, 0x84, 0x71, 0x0, 0x0) clone3$auto(0x0, 0x7) kill$auto_SIGCONT(0xffffffffffffffff, 0x12) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x4000000000eb1, 0x6, 0x8000) setrlimit$auto(0xb, 0x0) timer_create$auto(0x0, 0x0, 0x0) 3.959020803s ago: executing program 3 (id=76): madvise$auto(0x0, 0x7fffffffffffffff, 0xa) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/bus/spi/drivers_autoprobe\x00', 0xca481, 0x0) write$auto(r0, &(0x7f00000000c0)='\x14\xf4\xb6\xc6\x97\xdb\x18B\f\xef\x1dQZ\xa66\xe7\x06\\\xe0)+\x86\xa7\x9bv\xe1\x18\xf5\x83\b\x11\x19\xdd\x1c', 0x8) setsockopt$auto(0x3, 0x81, 0x1, 0x0, 0x83) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x8, 0x1ff, 0x7c9, 0x25, 0x4909b6f5, 0x1ffde, 0x7, 0x3, 0x20000009, 0x9, 0x3, 0x4, 0x1, 0xb4, 0x9, 0x8, 0x10003, 0x80, 0x3, 0x0, 0xa, 0x22000, 0x200, 0xffffff28, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffd, 0x0, 0xffff, 0x10, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x100006, 0x0, 0x0, 0xfffffffffffffffe]}, 0x1fe, 0x9) r1 = open(&(0x7f0000000140)='./file0\x00', 0x220c0, 0x4) ioctl$auto_SNAPSHOT_ALLOC_SWAP_PAGE(r1, 0x80083314, &(0x7f0000000040)=0xce) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000480)=ANY=[@ANYBLOB="02b30b52314a0b2f3acd76de10d4a97cc9a97fbdf9941e6a05aec8f4b85944b057f4fee366eb3ab66823740fa1950e067cb80c4232a18c7c2619ec45006fc8e04686fc7bb0f5310b36daad5c62a5899d75230894705501de205b35eabc85806ac0f1e16d6dd5733458f6447e9a0323587d9e3031cf6f487551c5c81a804dba149a01f83028cf6dc65b4ea9bc376f30dbb91894799085f4"], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x20040001) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) socket(0x10, 0x2, 0x0) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x1892, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f0000000140), 0xb, 0xa505}, 0x800}, 0x7, 0x4008) close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/netfilter/nfnetlink_queue\x00', 0x101000, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/block/nbd6/queue/iosched/writes_starved\x00', 0xa001, 0x0) write$auto(r2, &(0x7f0000000100)='%\x00', 0x38f) socket(0x10, 0x2, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x12d280, 0x0) r3 = clone$auto(0x7fff, 0x200, 0x0, 0x0, 0xf) close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) prctl$auto_PR_TIMER_CREATE_RESTORE_IDS_GET(0x9, 0x2, r3, 0x9, 0x10001) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x14f602, 0x0) r4 = socket(0xa, 0x3, 0x3a) getsockopt$auto(r4, 0x29, 0xd1, 0x0, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) madvise$auto(0x0, 0x4000000454, 0x80) syz_clone3(&(0x7f0000000300)={0x12a004080, 0x0, 0x0, 0x0, {0x3b}, 0x0, 0x0, 0x0, &(0x7f00000002c0)=[0x0], 0x1}, 0x58) read$auto_hsr_node_table_fops_(r1, &(0x7f0000000380)=""/222, 0xde) 3.908873455s ago: executing program 1 (id=77): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000228bd7000fcdbdf25030000000600070001800000060006000100000008000300000400000a000500aaaaaaaaaaaa00000a000500aaaaaaaaaabb00000a000500000000000000000008000200", @ANYRES32=0x0, @ANYBLOB="08000200462eb4e5846bcc145e85e322db6928468f48920f5e61b5923e3fd19e315eb106103533b7166bdc64f1d593267d514399cee6dca0d7861ba675011f07967fe0f12b802977244e6bf518309221b601f3b8916da6ac5da2c27cec80702ffdb0acdb1dde7b6f159c55bab362b25b1a37604112c929d3f3", @ANYRES32=0x0, @ANYBLOB], 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x40080) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4004c18}, 0x8894) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x40000}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB='h'], 0x1ac}, 0x1, 0x0, 0x0, 0x40814}, 0x2004c0c4) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) socket(0x2, 0xa, 0x7) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000040), 0xffffffffffffffff) bind$auto(0x3, 0x0, 0x6c) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x3, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004040}, 0xc008) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x129800, 0x0) r0 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000002340)='/dev/binderfs/binder0\x00', 0x0, 0x0) ioctl$auto_BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)="849570f0426b0aeb651152da87057c7dbb4b75b3a7ea231e4f0073ffddb3c56131dc618a05d940b3ca59239f846830") sendmsg$auto_IOAM6_CMD_ADD_NAMESPACE(0xffffffffffffffff, &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc4}, 0x24004054) socketpair$auto(0x0, 0x200, 0xc7, &(0x7f00000000c0)=0xff) mmap$auto(0x0, 0xb991, 0x5, 0x19, 0xffffffffffffffff, 0x2) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000200), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_HWSIM_CMD_DEL_RADIO(r1, &(0x7f0000003bc0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB="06000000b796ef01058694ab7925cbbbd6830d458b5b8c05e405d303210e5bfb0b2e8ac8eac646650ddec638c01692431c58a41c53742a2156d11506a849b2b01cff81e9f11d0661c6806dd996c4d3fa8a35ed36c0e05fee182966d383586f2f7641", @ANYRES64=r1, @ANYBLOB="3033df9571cfbe133266990acc4e4cb725e23f9c585ed20c9c3c179f1c765738b0c29152889b3ad0006ada6cff0feedecbec32ba208fe9130c7772ae0d0aa0e0c7fab3a5daf0ceaf6304776c423066c0c20558d8d2ac0763e5d4fad3151d802fdf120c7c119ded2c0a9d8d2c5f65156418eb613fb18f7738b7ffe595a009760e7cef2e74833c7f4cfeaaf15d763d512916725a904da251af05ee49dbc519c1b1a3a68fe243c5a6755099b33e5ac14816297aa1f72b34b5db9da0"], 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4048004) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/jfs/loglevel\x00', 0x1a9701, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x60042, 0x0) ioctl$auto_SG_SET_RESERVED_SIZE2(r2, 0x2275, &(0x7f0000000040)="d93ca7") 3.559704289s ago: executing program 3 (id=79): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xd4, 0x8000) r0 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) select$auto(0xffffffff, 0x0, &(0x7f0000000100)={[0x9, 0x200, 0x0, 0x9, 0x9, 0x3, 0x4, 0x2, 0xf472, 0xe0b, 0x37, 0x0, 0x101, 0x200, 0xc6, 0x6]}, 0x0, 0x0) sendmmsg$auto(0x3, &(0x7f0000000040)={{0x0, 0x2, 0x0, 0x10a, 0x0, 0x0, 0x3ff}, 0xed7138c}, 0x200, 0x0) mmap$auto(0x9, 0xf, 0x10010040cc29, 0x10, 0xffffffffffffffff, 0x7fb8) close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dri/card1\x00', 0x100, 0x0) epoll_create$auto(0x8) r1 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8040, 0x0) epoll_ctl$auto(r1, 0x4001, 0xffffffffffffffff, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x20282, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x200009, 0x2, 0x48eb1, 0xffffffffffffffff, 0x300000000000) madvise$auto(0x200000, 0x20499d, 0x9) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyc2\x00', 0x800, 0x0) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) epoll_create$auto(0x4) statmount$auto(0x0, &(0x7f0000000180)={0x9, 0xfffffffe, 0x44f, 0xa, 0x10, 0x1007181, 0xc, 0x7, 0x7, 0x800, 0x0, 0x26, 0x4, 0x200004000001, 0xfffffffffffffff5, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x862, 0xf, 0x22002, 0x200, 0x0, 0x84, 0x0, 0x4, 0x0, 0x0, 0xb626, [0xfffffffffffffffe, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9e, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffffe, 0x40, 0x2, 0x8a0, 0xb, 0x81, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x6, 0x0, 0x0, 0x8]}, 0xb, 0xbc) r3 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) ioctl$auto__ctl_fops_dm_ioctl(r3, 0x3, &(0x7f00000003c0)="79824301ac7e7fd6") mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptyu7\x00', 0x0, 0x0) futimesat$auto(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000380)={0x3, 0x1}) write$auto(0x3, 0x0, 0xfdef) write$auto(0x3, 0x0, 0xfdef) 3.559112437s ago: executing program 1 (id=80): mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mlockall$auto(0x7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) unshare$auto(0x40000080) 2.440014022s ago: executing program 2 (id=82): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/usbip-vudc.0/usbip_sockfd\x00', 0x103841, 0x0) r1 = socket(0xa, 0x1, 0x84) mmap$auto(0xfffffffffffffffe, 0x2020009, 0x7, 0x15, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/pci/00/01.3\x00', 0x100, 0x0) pread64$auto(r2, 0x0, 0x3, 0x5) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) setsockopt$auto(0x3, 0x1, 0x5, 0x0, 0x9) setns$auto(r0, 0x7ff) r3 = socket(0x21, 0x2, 0x2) setsockopt$auto(r3, 0x1000000110, 0x0, 0xffffffffffffffff, 0x3) write$auto(r0, &(0x7f0000000080)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94&\x81\xe2\x13\x8f\xea#\xf8F\xbbOO]e[\xabxo\xd9\x90\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\b\xc1\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xa5\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5Y\a\xc1\xe9(\x85R\x96\xe4\x86\\\x13\xa9\x1a&\x19\x8a9\x82\xf0\x83\f\xf7\xeb\x00\x00\x00\x00\x00\x00\x00\x00v\x92r5, 0x9, 0x5}, 0x9, 0x0, 0x0, 0x8) write$auto(r6, &(0x7f0000000200)='ns/net\x00\x8b\x97\x97\x02 \xe4\xa92\xf3N', 0xe61d) recvmmsg$auto(0x4, 0x0, 0x7, 0xe, 0x0) recvfrom$auto(0x4, 0x0, 0x101d0, 0x3ffffd, 0x0, 0x0) 940.628754ms ago: executing program 3 (id=90): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ila(&(0x7f0000000080), r0) sendmsg$auto_ILA_CMD_GET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r1, 0x9, 0x70bd2d, 0x25dfdbfb, {}, [@ILA_ATTR_IDENT_TYPE={0x5, 0x8, 0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x11}, 0x20048840) (async) sendmsg$auto_ILA_CMD_GET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r1, 0x9, 0x70bd2d, 0x25dfdbfb, {}, [@ILA_ATTR_IDENT_TYPE={0x5, 0x8, 0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x11}, 0x20048840) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) ioctl$auto(r2, 0x401870cb, r2) openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000340), 0x8200, 0x0) (async) openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000340), 0x8200, 0x0) r3 = openat$auto_generic(0xffffffffffffff9c, &(0x7f00000032c0)='/proc/kmsg\x00', 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) open(&(0x7f0000000240)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x138) (async) r4 = open(&(0x7f0000000240)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x138) open_by_handle_at$auto(r4, &(0x7f0000000040)={0x8, 0x2, '\a\x00\x00\x00\x00\x00\x00\x00'}, 0x2) (async) open_by_handle_at$auto(r4, &(0x7f0000000040)={0x8, 0x2, '\a\x00\x00\x00\x00\x00\x00\x00'}, 0x2) read$auto_bm_entry_operations_binfmt_misc(r3, &(0x7f0000000180)=""/190, 0xbe) 731.756952ms ago: executing program 3 (id=91): madvise$auto(0x0, 0x7fffffffffffffff, 0xa) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/bus/spi/drivers_autoprobe\x00', 0xca481, 0x0) write$auto(r0, &(0x7f00000000c0)='\x14\xf4\xb6\xc6\x97\xdb\x18B\f\xef\x1dQZ\xa66\xe7\x06\\\xe0)+\x86\xa7\x9bv\xe1\x18\xf5\x83\b\x11\x19\xdd\x1c', 0x8) setsockopt$auto(0x3, 0x81, 0x1, 0x0, 0x83) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x8, 0x1ff, 0x7c9, 0x25, 0x4909b6f5, 0x1ffde, 0x7, 0x3, 0x20000009, 0x9, 0x3, 0x4, 0x1, 0xb4, 0x9, 0x8, 0x10003, 0x80, 0x3, 0x0, 0xa, 0x22000, 0x200, 0xffffff28, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffd, 0x0, 0xffff, 0x10, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0xfffffffffffffffe]}, 0x1fe, 0x9) r1 = open(&(0x7f0000000140)='./file0\x00', 0x220c0, 0x4) ioctl$auto_SNAPSHOT_ALLOC_SWAP_PAGE(r1, 0x80083314, &(0x7f0000000040)=0xce) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x20040001) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r2 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x1892, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f0000000140), 0xb, 0xa505}, 0x800}, 0x7, 0x4008) close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/netfilter/nfnetlink_queue\x00', 0x101000, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/block/nbd6/queue/iosched/writes_starved\x00', 0xa001, 0x0) write$auto(r3, &(0x7f0000000100)='%\x00', 0x38f) socket(0x10, 0x2, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x12d280, 0x0) r4 = clone$auto(0x7fff, 0x200, 0x0, 0x0, 0xf) close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) prctl$auto_PR_TIMER_CREATE_RESTORE_IDS_GET(0x9, 0x2, r4, 0x9, 0x10001) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x14f602, 0x0) r5 = socket(0xa, 0x3, 0x3a) getsockopt$auto(r5, 0x29, 0xd1, 0x0, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) madvise$auto(0x700000000000000, 0x454, 0x9) syz_clone3(&(0x7f0000000300)={0x12a004080, 0x0, 0x0, 0x0, {0x3b}, 0x0, 0x0, 0x0, &(0x7f00000002c0)=[0x0], 0x1}, 0x58) read$auto_hsr_node_table_fops_(r1, &(0x7f0000000380)=""/222, 0xde) 155.775364ms ago: executing program 2 (id=92): r0 = fcntl$auto(0xffffffffffffffff, 0x409, 0x40003f) mmap$auto(0x6, 0x20009, 0x219, 0xeb2, r0, 0x29) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_TIPC_NL_BEARER_DISABLE(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYRES16=r1, @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b80040043"], 0x40}, 0x1, 0x0, 0x0, 0x20004040}, 0x44) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NFSD_CMD_THREADS_SET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="02002cbd7000fedbdf2502000000080003008000400008001d"], 0x24}, 0x1, 0x0, 0x0, 0x20008010}, 0x841) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x47, 0x4a}) unshare$auto(0x40000080) sendmmsg$auto(r1, 0x0, 0x28000, 0x7) close_range$auto(0x2, 0x8, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000004c0), r2) sendmsg$auto_ETHTOOL_MSG_PAUSE_GET(r2, &(0x7f0000001a00)={0x0, 0x0, &(0x7f00000019c0)={&(0x7f0000000040)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="012515000000180001801400020076657468305f746f5f7465616d00"/38], 0x2c}, 0x1, 0x0, 0x0, 0x40080}, 0x0) socket(0x1d, 0x6, 0xa4b) recvfrom$auto(0x3, 0x0, 0x800000000e, 0xfd, 0x0, 0xfffffffffffffffd) waitid$auto_P_PID(0x1, 0xffffffffffffffff, 0x0, 0x80000001, &(0x7f00000002c0)={{0x7fff, 0x7}, {0x100000000, 0xffffffff00000004}, 0x6, 0xa9f, 0x6, 0x2, 0x10000, 0xb18, 0xb, 0x9, 0x1, 0x7f, 0x4, 0xf9f6, 0xdc73, 0x6}) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) r4 = open(&(0x7f0000000100)='.\x00', 0x0, 0x408) lseek$auto(r4, 0x0, 0x1) mremap$auto(0x0, 0xffffffffffffffff, 0x3fd6, 0x3, 0x7fffffffb000) io_uring_setup$auto(0x7, 0x0) prctl$auto(0x23, 0x200000000000009, 0x7fffffffefff, 0x0, 0x0) socket(0xa, 0x2, 0x3a) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_pid_cmdline_ops_base(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/cmdline\x00', 0x60502, 0x0) 0s ago: executing program 1 (id=93): socket(0x2, 0x1, 0x106) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000040), 0xffffffffffffffff) bind$auto(0x3, 0x0, 0x6c) r1 = io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x3, 0xdf, 0x9b72, 0x2, 0x8000) r2 = io_uring_setup$auto(0x1, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x4, 0x0) write$auto(0xffffffffffffffff, 0x0, 0xe) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) close_range$auto(0x2, 0x8, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x801, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_GTP_CMD_NEWPDP(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x24, 0x0, 0x1, 0x70bd27, 0x25dfdbfe, {}, [@GTPA_LINK={0x8, 0x1, 0xffffffff}, @GTPA_VERSION={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x20040850}, 0x4048040) sendmsg$auto_GTP_CMD_NEWPDP(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, 0x0, 0x20, 0x70bd2d, 0x25dfdbfe, {}, [@GTPA_NET_NS_FD={0x8, 0x7, r2}, @GTPA_I_TEI={0x8, 0x8, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x4080) setsockopt$auto(0x3, 0x10000000084, 0x85, 0x0, 0x90) syz_genetlink_get_family_id$auto_nl80211(0x0, r1) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.167' (ED25519) to the list of known hosts. [ 184.132081][ T5859] cgroup: Unknown subsys name 'net' [ 184.239653][ T5859] cgroup: Unknown subsys name 'cpuset' [ 184.248741][ T5859] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 185.760107][ T5859] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 187.904132][ T5874] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 187.940198][ T5886] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 187.948656][ T5878] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 187.956476][ T5886] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 187.965159][ T5878] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 187.972558][ T5887] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 187.980582][ T5887] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 187.984117][ T5882] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 187.988268][ T5878] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 187.996008][ T5882] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 188.003392][ T5878] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 188.009899][ T5882] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 188.016688][ T5878] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 188.023361][ T5882] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 188.045706][ T5874] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 188.053076][ T5878] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 188.060941][ T5878] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 188.068921][ T5874] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 188.076344][ T5878] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 188.097216][ T5878] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 188.503372][ T5873] chnl_net:caif_netlink_parms(): no params data found [ 188.597648][ T5881] chnl_net:caif_netlink_parms(): no params data found [ 188.744815][ T5873] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.752182][ T5873] bridge0: port 1(bridge_slave_0) entered disabled state [ 188.760832][ T5873] bridge_slave_0: entered allmulticast mode [ 188.768581][ T5873] bridge_slave_0: entered promiscuous mode [ 188.785949][ T5872] chnl_net:caif_netlink_parms(): no params data found [ 188.802803][ T5873] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.810198][ T5873] bridge0: port 2(bridge_slave_1) entered disabled state [ 188.817550][ T5873] bridge_slave_1: entered allmulticast mode [ 188.825113][ T5873] bridge_slave_1: entered promiscuous mode [ 188.964551][ T5873] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 188.980045][ T5873] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 188.990181][ T5881] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.997503][ T5881] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.004702][ T5881] bridge_slave_0: entered allmulticast mode [ 189.012098][ T5881] bridge_slave_0: entered promiscuous mode [ 189.024389][ T5881] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.031916][ T5881] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.039142][ T5881] bridge_slave_1: entered allmulticast mode [ 189.046696][ T5881] bridge_slave_1: entered promiscuous mode [ 189.082623][ T5877] chnl_net:caif_netlink_parms(): no params data found [ 189.118452][ T5873] team0: Port device team_slave_0 added [ 189.134908][ T5873] team0: Port device team_slave_1 added [ 189.191141][ T5881] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 189.232979][ T5881] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 189.242708][ T5872] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.250053][ T5872] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.257875][ T5872] bridge_slave_0: entered allmulticast mode [ 189.264853][ T5872] bridge_slave_0: entered promiscuous mode [ 189.278637][ T5873] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 189.285778][ T5873] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 189.311864][ T5873] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 189.347184][ T5872] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.354453][ T5872] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.361891][ T5872] bridge_slave_1: entered allmulticast mode [ 189.369020][ T5872] bridge_slave_1: entered promiscuous mode [ 189.382986][ T5873] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 189.390057][ T5873] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 189.416229][ T5873] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 189.437874][ T5881] team0: Port device team_slave_0 added [ 189.474489][ T5881] team0: Port device team_slave_1 added [ 189.532515][ T5872] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 189.545987][ T5872] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 189.555801][ T5877] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.562904][ T5877] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.570705][ T5877] bridge_slave_0: entered allmulticast mode [ 189.578421][ T5877] bridge_slave_0: entered promiscuous mode [ 189.620286][ T5877] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.627918][ T5877] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.635079][ T5877] bridge_slave_1: entered allmulticast mode [ 189.642383][ T5877] bridge_slave_1: entered promiscuous mode [ 189.659404][ T5873] hsr_slave_0: entered promiscuous mode [ 189.666998][ T5873] hsr_slave_1: entered promiscuous mode [ 189.674248][ T5881] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 189.681404][ T5881] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 189.707500][ T5881] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 189.758380][ T5881] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 189.765368][ T5881] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 189.791788][ T5881] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 189.806925][ T5872] team0: Port device team_slave_0 added [ 189.816840][ T5877] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 189.829381][ T5877] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 189.847358][ T5872] team0: Port device team_slave_1 added [ 189.926351][ T5877] team0: Port device team_slave_0 added [ 189.944696][ T5872] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 189.951781][ T5872] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 189.978235][ T5872] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 190.009126][ T5877] team0: Port device team_slave_1 added [ 190.020232][ T5872] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 190.027572][ T5872] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 190.047011][ T5878] Bluetooth: hci3: command tx timeout [ 190.053686][ T5872] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 190.125672][ T5878] Bluetooth: hci2: command tx timeout [ 190.130618][ T5881] hsr_slave_0: entered promiscuous mode [ 190.131411][ T5878] Bluetooth: hci0: command tx timeout [ 190.142267][ T51] Bluetooth: hci1: command tx timeout [ 190.148095][ T5881] hsr_slave_1: entered promiscuous mode [ 190.154155][ T5881] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 190.162461][ T5881] Cannot create hsr debugfs directory [ 190.168882][ T5877] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 190.178093][ T5877] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 190.204194][ T5877] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 190.235794][ T5877] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 190.242858][ T5877] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 190.268853][ T5877] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 190.392821][ T5872] hsr_slave_0: entered promiscuous mode [ 190.405141][ T5872] hsr_slave_1: entered promiscuous mode [ 190.412333][ T5872] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 190.420328][ T5872] Cannot create hsr debugfs directory [ 190.448768][ T5877] hsr_slave_0: entered promiscuous mode [ 190.455017][ T5877] hsr_slave_1: entered promiscuous mode [ 190.461283][ T5877] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 190.468980][ T5877] Cannot create hsr debugfs directory [ 190.674871][ T5873] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 190.715430][ T5873] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 190.750504][ T5873] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 190.782728][ T5873] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 190.921945][ T5881] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 190.931854][ T5881] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 190.949989][ T5881] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 190.962148][ T5881] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 191.034781][ T5872] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 191.050887][ T5872] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 191.076132][ T5872] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 191.092086][ T5872] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 191.169689][ T5877] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 191.180051][ T5877] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 191.194044][ T5877] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 191.218135][ T5877] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 191.288734][ T5873] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.370299][ T5873] 8021q: adding VLAN 0 to HW filter on device team0 [ 191.383689][ T5881] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.414503][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.421981][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 191.446275][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.453454][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 191.503298][ T5881] 8021q: adding VLAN 0 to HW filter on device team0 [ 191.528695][ T5872] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.561159][ T1037] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.568541][ T1037] bridge0: port 1(bridge_slave_0) entered forwarding state [ 191.598260][ T5872] 8021q: adding VLAN 0 to HW filter on device team0 [ 191.609106][ T1037] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.616307][ T1037] bridge0: port 2(bridge_slave_1) entered forwarding state [ 191.634239][ T5877] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.648377][ T1037] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.655628][ T1037] bridge0: port 1(bridge_slave_0) entered forwarding state [ 191.690534][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.697738][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 191.723812][ T5877] 8021q: adding VLAN 0 to HW filter on device team0 [ 191.774575][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.781792][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 191.823082][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.830319][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.140205][ T5878] Bluetooth: hci3: command tx timeout [ 192.205827][ T5878] Bluetooth: hci0: command tx timeout [ 192.211305][ T5878] Bluetooth: hci1: command tx timeout [ 192.219816][ T51] Bluetooth: hci2: command tx timeout [ 192.404798][ T5873] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 192.423838][ T5881] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 192.447699][ T5872] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 192.511383][ T5877] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 192.537793][ T5881] veth0_vlan: entered promiscuous mode [ 192.580799][ T5881] veth1_vlan: entered promiscuous mode [ 192.595359][ T5873] veth0_vlan: entered promiscuous mode [ 192.634574][ T5877] veth0_vlan: entered promiscuous mode [ 192.643123][ T5873] veth1_vlan: entered promiscuous mode [ 192.677065][ T5877] veth1_vlan: entered promiscuous mode [ 192.692237][ T5872] veth0_vlan: entered promiscuous mode [ 192.726444][ T5877] veth0_macvtap: entered promiscuous mode [ 192.749631][ T5877] veth1_macvtap: entered promiscuous mode [ 192.760375][ T5872] veth1_vlan: entered promiscuous mode [ 192.783162][ T5881] veth0_macvtap: entered promiscuous mode [ 192.797868][ T5873] veth0_macvtap: entered promiscuous mode [ 192.815463][ T5877] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 192.833442][ T5881] veth1_macvtap: entered promiscuous mode [ 192.845299][ T5877] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 192.855388][ T5873] veth1_macvtap: entered promiscuous mode [ 192.884386][ T5881] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 192.900808][ T5877] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 192.910100][ T5877] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 192.919690][ T5877] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 192.928990][ T5877] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 192.949388][ T5872] veth0_macvtap: entered promiscuous mode [ 192.958765][ T5881] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 192.975309][ T5872] veth1_macvtap: entered promiscuous mode [ 192.986167][ T5881] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 192.994868][ T5881] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 193.007553][ T5881] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 193.016319][ T5881] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 193.046368][ T5873] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 193.072768][ T5872] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 193.094685][ T5873] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 193.110607][ T5872] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 193.137161][ T5873] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 193.146665][ T5873] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 193.155842][ T5873] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 193.164738][ T5873] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 193.202146][ T5872] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 193.214301][ T5872] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 193.224023][ T5872] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 193.232778][ T5872] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 193.289901][ T1037] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 193.299598][ T1037] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 193.325180][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 193.334437][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 193.424635][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 193.435936][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 193.439359][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 193.452967][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 193.555294][ T5877] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 193.581588][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 193.590178][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 193.674738][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 193.710573][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 193.804695][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 193.830349][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 193.843967][ T5963] Zero length message leads to an empty skb [ 193.854021][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 193.862891][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 193.871844][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 193.880477][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 193.927285][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 193.980321][ T5964] process 'syz.2.3' launched './file0' with NULL argv: empty string added [ 194.026152][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 194.034583][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 194.205977][ T5878] Bluetooth: hci3: command tx timeout [ 194.290381][ T5878] Bluetooth: hci1: command tx timeout [ 194.291554][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.295935][ T5878] Bluetooth: hci2: command tx timeout [ 194.308192][ T5166] Bluetooth: hci0: command tx timeout [ 194.326392][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.516136][ T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!! [ 194.550014][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 194.676014][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 194.716013][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 194.823103][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 195.863758][ T30] audit: type=1804 audit(1751618937.042:2): pid=5992 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.9" name="/newroot/sys/kernel/debug/tracing/available_events" dev="tracefs" ino=1061 res=1 errno=0 [ 196.199757][ T5999] netlink: 4 bytes leftover after parsing attributes in process `syz.1.10'. [ 196.286216][ T5878] Bluetooth: hci3: command tx timeout [ 196.366566][ T5878] Bluetooth: hci2: command tx timeout [ 196.372001][ T51] Bluetooth: hci0: command tx timeout [ 196.378080][ T5166] Bluetooth: hci1: command tx timeout [ 197.122239][ T6004] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 197.139123][ C1] vkms_vblank_simulate: vblank timer overrun [ 197.613100][ T6024] netlink: 4 bytes leftover after parsing attributes in process `syz.2.16'. [ 198.436082][ T6034] mkiss: ax0: crc mode is auto. [ 200.973938][ T6065] netlink: 4 bytes leftover after parsing attributes in process `syz.0.26'. [ 201.085993][ T6064] FAULT_INJECTION: forcing a failure. [ 201.085993][ T6064] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 201.114699][ T6064] CPU: 0 UID: 0 PID: 6064 Comm: syz.2.27 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) [ 201.114725][ T6064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 201.114736][ T6064] Call Trace: [ 201.114742][ T6064] [ 201.114749][ T6064] dump_stack_lvl+0x16c/0x1f0 [ 201.114777][ T6064] should_fail_ex+0x512/0x640 [ 201.114801][ T6064] _copy_from_user+0x2e/0xd0 [ 201.114815][ T6064] copy_msghdr_from_user+0x98/0x160 [ 201.114837][ T6064] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 201.114860][ T6064] ? kfree+0x24f/0x4d0 [ 201.114878][ T6064] ? __lock_acquire+0x622/0x1c90 [ 201.114900][ T6064] ___sys_recvmsg+0xdb/0x1a0 [ 201.114920][ T6064] ? __pfx____sys_recvmsg+0x10/0x10 [ 201.114950][ T6064] ? __pfx___might_resched+0x10/0x10 [ 201.114969][ T6064] do_recvmmsg+0x2fe/0x750 [ 201.114991][ T6064] ? __pfx_do_recvmmsg+0x10/0x10 [ 201.115015][ T6064] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 201.115041][ T6064] ? __fget_files+0x20e/0x3c0 [ 201.115067][ T6064] __x64_sys_recvmmsg+0x22a/0x280 [ 201.115089][ T6064] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 201.115115][ T6064] do_syscall_64+0xcd/0x490 [ 201.115137][ T6064] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 201.115151][ T6064] RIP: 0033:0x7fba0158e929 [ 201.115166][ T6064] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 201.115181][ T6064] RSP: 002b:00007fba024af038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 201.115197][ T6064] RAX: ffffffffffffffda RBX: 00007fba017b6080 RCX: 00007fba0158e929 [ 201.115206][ T6064] RDX: 0000000000010000 RSI: 0000000000000000 RDI: 0000000000000003 [ 201.115214][ T6064] RBP: 00007fba024af090 R08: 0000000000000000 R09: 0000000000000000 [ 201.115221][ T6064] R10: 0000000000000700 R11: 0000000000000246 R12: 0000000000000002 [ 201.115229][ T6064] R13: 0000000000000000 R14: 00007fba017b6080 R15: 00007ffe27c28cc8 [ 201.115247][ T6064] [ 203.599163][ T6096] mkiss: ax0: crc mode is auto. [ 205.079039][ T6119] capability: warning: `syz.1.38' uses 32-bit capabilities (legacy support in use) [ 205.604236][ T6128] netlink: 4 bytes leftover after parsing attributes in process `syz.3.40'. [ 206.755143][ T6152] netlink: 'syz.1.47': attribute type 2 has an invalid length. [ 207.671622][ T6169] ubi0: attaching mtd0 [ 207.677674][ T6169] ubi0: scanning is finished [ 207.685624][ T6169] ubi0: empty MTD device detected [ 207.956148][ T6169] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 208.082098][ T6169] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 208.093892][ T6169] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 208.112780][ T6169] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 208.122851][ T6169] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 208.141834][ T6169] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 208.152028][ T6169] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 3510331295 [ 208.163607][ T6169] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 208.174895][ T6180] ubi0: background thread "ubi_bgt0d" started, PID 6180 [ 208.198700][ T6178] ubi0: detaching mtd0 [ 208.290976][ T6178] ubi0: mtd0 is detached [ 209.165975][ T6190] FAULT_INJECTION: forcing a failure. [ 209.165975][ T6190] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 209.235201][ T6190] CPU: 0 UID: 0 PID: 6190 Comm: syz.3.61 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) [ 209.235240][ T6190] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 209.235255][ T6190] Call Trace: [ 209.235265][ T6190] [ 209.235275][ T6190] dump_stack_lvl+0x16c/0x1f0 [ 209.235320][ T6190] should_fail_ex+0x512/0x640 [ 209.235362][ T6190] strncpy_from_user+0x3b/0x2e0 [ 209.235403][ T6190] getname_flags.part.0+0x8f/0x550 [ 209.235438][ T6190] getname_flags+0x93/0xf0 [ 209.235472][ T6190] do_sys_openat2+0xb8/0x1d0 [ 209.235503][ T6190] ? __pfx_do_sys_openat2+0x10/0x10 [ 209.235527][ T6190] ? _copy_to_user+0x48/0xd0 [ 209.235568][ T6190] __x64_sys_openat+0x174/0x210 [ 209.235598][ T6190] ? __pfx___x64_sys_openat+0x10/0x10 [ 209.235639][ T6190] do_syscall_64+0xcd/0x490 [ 209.235680][ T6190] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 209.235706][ T6190] RIP: 0033:0x7f2e9eb8e929 [ 209.235728][ T6190] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 209.235751][ T6190] RSP: 002b:00007f2e9fad9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 209.235775][ T6190] RAX: ffffffffffffffda RBX: 00007f2e9edb5fa0 RCX: 00007f2e9eb8e929 [ 209.235792][ T6190] RDX: 00000000000426a2 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 209.235808][ T6190] RBP: 00007f2e9ec10b39 R08: 0000000000000000 R09: 0000000000000000 [ 209.235824][ T6190] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 209.235838][ T6190] R13: 0000000000000000 R14: 00007f2e9edb5fa0 R15: 00007ffd8e4b6ad8 [ 209.235872][ T6190] [ 209.639532][ T5166] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 209.653917][ T5166] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 209.662244][ T5166] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 209.672956][ T5166] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 209.685791][ T5166] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 209.715286][ T201] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 210.054000][ T201] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 210.437429][ T201] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 210.633810][ T201] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 210.657670][ T6208] netlink: 28 bytes leftover after parsing attributes in process `syz.1.71'. [ 210.734250][ T6208] bridge0: port 2(bridge_slave_1) entered disabled state [ 210.761356][ T6208] bridge_slave_1 (unregistering): left allmulticast mode [ 210.769122][ T6208] bridge_slave_1 (unregistering): left promiscuous mode [ 210.777075][ T6208] bridge0: port 2(bridge_slave_1) entered disabled state [ 211.105373][ T6197] chnl_net:caif_netlink_parms(): no params data found [ 211.639501][ T201] bridge_slave_1: left allmulticast mode [ 211.646603][ T201] bridge_slave_1: left promiscuous mode [ 211.662241][ T201] bridge0: port 2(bridge_slave_1) entered disabled state [ 211.684214][ T201] bridge_slave_0: left allmulticast mode [ 211.690950][ T201] bridge_slave_0: left promiscuous mode [ 211.700188][ T201] bridge0: port 1(bridge_slave_0) entered disabled state [ 211.816023][ T5878] Bluetooth: hci3: command tx timeout [ 212.553178][ T201] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 212.582980][ T201] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 212.593594][ T201] bond0 (unregistering): Released all slaves [ 212.826027][ T6197] bridge0: port 1(bridge_slave_0) entered blocking state [ 212.833420][ T6197] bridge0: port 1(bridge_slave_0) entered disabled state [ 212.843009][ T6197] bridge_slave_0: entered allmulticast mode [ 212.851488][ T6197] bridge_slave_0: entered promiscuous mode [ 212.879295][ T6197] bridge0: port 2(bridge_slave_1) entered blocking state [ 212.891247][ T6197] bridge0: port 2(bridge_slave_1) entered disabled state [ 212.899302][ T6197] bridge_slave_1: entered allmulticast mode [ 212.906908][ T6197] bridge_slave_1: entered promiscuous mode [ 213.003337][ T6197] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 213.018960][ T6197] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 213.125587][ T201] hsr_slave_0: left promiscuous mode [ 213.141206][ T201] hsr_slave_1: left promiscuous mode [ 213.152652][ T201] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 213.160598][ T201] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 213.177035][ T201] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 213.184611][ T201] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 213.219558][ T201] veth1_macvtap: left promiscuous mode [ 213.225370][ T201] veth0_macvtap: left promiscuous mode [ 213.246151][ T201] veth1_vlan: left promiscuous mode [ 213.252693][ T201] veth0_vlan: left promiscuous mode [ 213.813046][ T201] team0 (unregistering): Port device team_slave_1 removed [ 213.873167][ T201] team0 (unregistering): Port device team_slave_0 removed [ 213.887081][ T5878] Bluetooth: hci3: command tx timeout [ 214.441389][ T6197] team0: Port device team_slave_0 added [ 214.516567][ T6197] team0: Port device team_slave_1 added [ 214.609066][ T6262] netlink: 4 bytes leftover after parsing attributes in process `syz.3.73'. [ 214.662616][ T6197] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 214.700598][ T6197] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 214.756104][ T6197] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 214.808139][ T6197] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 214.860722][ T6197] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 214.945647][ T6197] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 215.269329][ T6197] hsr_slave_0: entered promiscuous mode [ 215.301681][ T6197] hsr_slave_1: entered promiscuous mode [ 215.328208][ T6197] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 215.393624][ T6197] Cannot create hsr debugfs directory [ 215.397724][ T6279] syz.1.77 uses obsolete (PF_INET,SOCK_PACKET) [ 215.965645][ T5878] Bluetooth: hci3: command tx timeout [ 216.809616][ T6307] usbip-vudc usbip-vudc.0: gadget not bound [ 216.834063][ T6197] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 216.863402][ T6197] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 216.909413][ T6197] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 216.963003][ T6197] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 217.591922][ T6197] 8021q: adding VLAN 0 to HW filter on device bond0 [ 217.667848][ T6197] 8021q: adding VLAN 0 to HW filter on device team0 [ 217.686814][ T6225] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.694061][ T6225] bridge0: port 1(bridge_slave_0) entered forwarding state [ 217.804423][ T201] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.811674][ T201] bridge0: port 2(bridge_slave_1) entered forwarding state [ 218.049156][ T5878] Bluetooth: hci3: command tx timeout [ 218.600304][ T6360] netlink: 28 bytes leftover after parsing attributes in process `syz.3.91'. [ 218.812058][ T6360] team0: Port device team_slave_0 removed [ 219.101284][ T6197] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 219.198105][ T6369] netlink: 24 bytes leftover after parsing attributes in process `syz.2.92'. [ 219.247289][ T5878] ================================================================== [ 219.255402][ T5878] BUG: KASAN: vmalloc-out-of-bounds in hci_devcd_dump+0x142/0x240 [ 219.263251][ T5878] Read of size 140 at addr ffffc900053ed000 by task kworker/u9:3/5878 [ 219.271424][ T5878] [ 219.273765][ T5878] CPU: 0 UID: 0 PID: 5878 Comm: kworker/u9:3 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) [ 219.273797][ T5878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 219.273812][ T5878] Workqueue: hci0 hci_devcd_timeout [ 219.273845][ T5878] Call Trace: [ 219.273853][ T5878] [ 219.273862][ T5878] dump_stack_lvl+0x116/0x1f0 [ 219.273896][ T5878] print_report+0xcd/0x680 [ 219.273919][ T5878] ? __virt_addr_valid+0x81/0x610 [ 219.273947][ T5878] ? hci_devcd_dump+0x142/0x240 [ 219.273975][ T5878] kasan_report+0xe0/0x110 [ 219.273997][ T5878] ? hci_devcd_dump+0x142/0x240 [ 219.274029][ T5878] kasan_check_range+0x100/0x1b0 [ 219.274054][ T5878] __asan_memcpy+0x23/0x60 [ 219.274082][ T5878] hci_devcd_dump+0x142/0x240 [ 219.274112][ T5878] hci_devcd_timeout+0xb5/0x2e0 [ 219.274137][ T5878] ? rcu_is_watching+0x12/0xc0 [ 219.274164][ T5878] process_one_work+0x9cf/0x1b70 [ 219.274204][ T5878] ? __pfx_process_one_work+0x10/0x10 [ 219.274242][ T5878] ? assign_work+0x1a0/0x250 [ 219.274274][ T5878] worker_thread+0x6c8/0xf10 [ 219.274315][ T5878] ? __pfx_worker_thread+0x10/0x10 [ 219.274348][ T5878] kthread+0x3c5/0x780 [ 219.274379][ T5878] ? __pfx_kthread+0x10/0x10 [ 219.274410][ T5878] ? rcu_is_watching+0x12/0xc0 [ 219.274431][ T5878] ? __pfx_kthread+0x10/0x10 [ 219.274461][ T5878] ret_from_fork+0x5d4/0x6f0 [ 219.274491][ T5878] ? __pfx_kthread+0x10/0x10 [ 219.274529][ T5878] ret_from_fork_asm+0x1a/0x30 [ 219.274563][ T5878] [ 219.274572][ T5878] [ 219.421817][ T5878] The buggy address ffffc900053ed000 belongs to a vmalloc virtual mapping [ 219.430308][ T5878] Memory state around the buggy address: [ 219.435928][ T5878] ffffc900053ecf00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 219.443979][ T5878] ffffc900053ecf80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 219.452030][ T5878] >ffffc900053ed000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 219.460079][ T5878] ^ [ 219.464133][ T5878] ffffc900053ed080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 219.472186][ T5878] ffffc900053ed100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 219.480244][ T5878] ================================================================== [ 219.488366][ C0] vkms_vblank_simulate: vblank timer overrun [ 219.505578][ T5878] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 219.512820][ T5878] CPU: 0 UID: 0 PID: 5878 Comm: kworker/u9:3 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) [ 219.524993][ T5878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 219.535163][ T5878] Workqueue: hci0 hci_devcd_timeout [ 219.540394][ T5878] Call Trace: [ 219.543683][ T5878] [ 219.546613][ T5878] dump_stack_lvl+0x3d/0x1f0 [ 219.551305][ T5878] panic+0x71c/0x800 [ 219.555210][ T5878] ? __pfx_panic+0x10/0x10 [ 219.559631][ T5878] ? mark_held_locks+0x49/0x80 [ 219.564408][ T5878] ? preempt_schedule_thunk+0x16/0x30 [ 219.569785][ T5878] ? hci_devcd_dump+0x142/0x240 [ 219.574639][ T5878] ? preempt_schedule_common+0x44/0xc0 [ 219.580106][ T5878] ? check_panic_on_warn+0x1f/0xb0 [ 219.585230][ T5878] ? hci_devcd_dump+0x142/0x240 [ 219.590109][ T5878] check_panic_on_warn+0xab/0xb0 [ 219.595061][ T5878] end_report+0x107/0x170 [ 219.599397][ T5878] kasan_report+0xee/0x110 [ 219.603816][ T5878] ? hci_devcd_dump+0x142/0x240 [ 219.608678][ T5878] kasan_check_range+0x100/0x1b0 [ 219.613620][ T5878] __asan_memcpy+0x23/0x60 [ 219.618045][ T5878] hci_devcd_dump+0x142/0x240 [ 219.622727][ T5878] hci_devcd_timeout+0xb5/0x2e0 [ 219.627582][ T5878] ? rcu_is_watching+0x12/0xc0 [ 219.632348][ T5878] process_one_work+0x9cf/0x1b70 [ 219.637305][ T5878] ? __pfx_process_one_work+0x10/0x10 [ 219.642688][ T5878] ? assign_work+0x1a0/0x250 [ 219.647303][ T5878] worker_thread+0x6c8/0xf10 [ 219.651911][ T5878] ? __pfx_worker_thread+0x10/0x10 [ 219.657029][ T5878] kthread+0x3c5/0x780 [ 219.661190][ T5878] ? __pfx_kthread+0x10/0x10 [ 219.665787][ T5878] ? rcu_is_watching+0x12/0xc0 [ 219.670560][ T5878] ? __pfx_kthread+0x10/0x10 [ 219.675157][ T5878] ret_from_fork+0x5d4/0x6f0 [ 219.679753][ T5878] ? __pfx_kthread+0x10/0x10 [ 219.684349][ T5878] ret_from_fork_asm+0x1a/0x30 [ 219.689125][ T5878] [ 219.692423][ T5878] Kernel Offset: disabled [ 219.696743][ T5878] Rebooting in 86400 seconds..