last executing test programs: 4.077022821s ago: executing program 2 (id=146): close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) mmap$auto(0x0, 0x9, 0x800000000df, 0x9b72, 0xea8a, 0x8000) timer_create$auto(0x1, &(0x7f0000000100)={@sival_ptr=0x0, @inferred=0xffffffffffffffff, 0x1, @_tid=0xffffffffffffffff}, 0x0) timer_gettime$auto(0x0, 0x0) io_uring_register$auto_IORING_UNREGISTER_IOWQ_AFF(r1, 0x12, 0x0, 0x8) openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/events/vmalloc/filter\x00', 0x1, 0x0) syz_genetlink_get_family_id$auto_batadv(0x0, r0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x4000000008000) r2 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) arch_prctl$auto(0x1021, 0x3) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x22a02, 0x0) write$auto(r3, &(0x7f0000000140)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7\xe6\x04\x8c\x83k', 0x1000000007e) setsockopt$auto_SO_ERROR(r3, 0x7ff, 0x4, 0x0, 0x7f) mremap$auto(0x200001000000, 0x4, 0x4, 0x3, 0x100000000) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffa, 0x8000000008011, r4, 0x8000) mremap$auto(0x7fffffffffffffff, 0xf, 0xffffffffffffffff, 0x3ff, 0x828f) madvise$auto(0x0, 0x400053, 0x9) madvise$auto(0x0, 0xfffeffffffff0001, 0x2) futex$auto(&(0x7f00000000c0)=0x1, 0x8c, 0x1, 0x0, 0x0, 0x1) ioctl$auto(0x3, 0xae41, 0xffffffffffffffff) mmap$auto(0x9, 0x2020009, 0x3, 0xf8, r2, 0x913) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x6) getcwd$auto(0x0, 0xffffffffffffffff) r5 = inotify_init1$auto(0x3000000000000) inotify_add_watch$auto(r5, 0x0, 0x20000e6e) 3.768544652s ago: executing program 1 (id=147): mmap$auto(0x0, 0x4020009, 0x2, 0xeb1, 0x401, 0x8000) r0 = openat$auto_ctl_device_fops_user(0xffffffffffffff9c, &(0x7f0000000100), 0x2081, 0x0) writev$auto(r0, &(0x7f0000000200)={0x0, 0x1}, 0x15a) r1 = memfd_create$auto(0x0, 0x4) statx$auto(r1, 0x0, 0x1000, 0xbdfc, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0x9, 0xb5, 0x2010, 0xb, 0x4, 0xffffffffffffffff, 0xa, "2af051b26b658a20d8dc6b36c83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0x1, 0x7, 0x6}, 0x10) bpf$auto(0x1a, &(0x7f0000000380)=@link_create={@prog_fd, @target_ifindex, 0x3, 0x40081, @uprobe_multi={0x81, 0x1ff, 0x8, 0x0, 0x1, 0x4}}, 0x81) open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) 3.490092143s ago: executing program 2 (id=149): unshare$auto(0x40000080) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/mtdblock0\x00', 0x14fe02, 0x0) getsockopt$auto_SO_BSDCOMPAT(r0, 0x3, 0xe, &(0x7f00000000c0)='*\\\x00', &(0x7f00000001c0)=0x40) preadv2$auto(r0, &(0x7f0000000040)={0x0, 0x68f}, 0x6, 0xffffffffffffffff, 0x8000000000000, 0x2f) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/platform/dummy_hcd.1/usb2/2-0:1.0/usb2-port1/disable\x00', 0x102, 0x0) sendfile$auto(r2, r2, 0x0, 0x7) listen$auto(r1, 0x0) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttynull\x00', 0x0, 0x0) setns(r1, 0x8000000) mmap$auto(0xffffffffffffffff, 0x4000000400008, 0xdf, 0x9b72, r3, 0x200000000003) madvise$auto(0x0, 0x3, 0x66) madvise$auto(0x0, 0x20000a, 0x8) mmap$auto(0x2, 0x6, 0x100000000002, 0x16, r2, 0x3) futex$auto(0x0, 0x85, 0x38, 0x0, 0x0, 0x80800005) r4 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x68082, 0x0) ioctl$auto_BLKPG2(r4, 0x1269, 0x0) ioctl$auto_MEMGETINFO(0xffffffffffffffff, 0x80204d01, 0x0) openat$auto_tracing_fops_trace(0xffffffffffffff9c, 0x0, 0x40200, 0x0) mmap$auto(0x0, 0x402000b, 0x4af, 0xeb1, 0x401, 0x8000) r5 = open(&(0x7f0000000000)='./file0\x00', 0x621c2, 0x84) read$auto(0x3, 0x0, 0xfffffdef) syz_genetlink_get_family_id$auto_seg6(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r6 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC2\x00', 0x88800, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_REMOVE(r6, 0xc0405519, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_EXT4_IOC_MOVE_EXT(r5, 0xc028660f, &(0x7f0000000100)={0xfffffeff, r7, 0x80000000, 0x2, 0x1}) connect$auto(r8, &(0x7f00000002c0)=@vsock={0x28, 0x0, 0x2711, @hyper}, 0x6) sendmsg$auto_NL80211_CMD_NEW_MPATH(r7, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00022dbd7000fddbdf251700000021004f00223e7574d967e679ff2843c8ec682f1eb8a8053338d119aa73710f1d25574714b97363ae8ae600000008006106c5f46a000400ff00"], 0x44}}, 0xc804) 3.457581083s ago: executing program 3 (id=150): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) pipe2$auto(0x0, 0x0) socket(0xa, 0x3, 0x3b) unshare$auto(0x40000080) getgroups$auto(0xe, &(0x7f0000000000)=0x4a) socket(0xa, 0x2, 0x0) socket(0x10, 0x2, 0x4) r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x9000, 0x0) r1 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) rename$auto(&(0x7f0000000180)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00', 0x0) sendmsg$auto_NFC_CMD_DEV_UP(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000200)=ANY=[@ANYRES16=0x0, @ANYBLOB="20062abd7000fddbdf250200"], 0x9c}, 0x1, 0x0, 0x0, 0x1}, 0x80) r2 = open(&(0x7f0000000100)='.\x00', 0x0, 0x110) getdents64$auto(r2, 0x0, 0x400) ioctl$auto_VHOST_SET_OWNER(r1, 0xaf01, 0x5) ioctl$auto(r1, 0x4028af11, r0) 3.28103071s ago: executing program 1 (id=151): mmap$auto(0x0, 0x7, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20342, 0x0) r1 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/oom_adj\x00', 0x0, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000001080)="7a47301037954c081c9a0bb04ef84993eab91abe1686f43e43d786e91365f04455bd620de9f3fb6d25e6c078c1a672c549dbc7876cb528ba081a81d884bfc00dd4eef57cedc0cc3756ff6a5b0aa8ba9511fe2b07c6e7f4732fe36ba259b12a0db9acf178c9182899f8360960a04ab85d23de405dad1c35058e30a98cc936ec82e442659cbfa3d11ff0a4e108dcfd7cec18e4f0c89ece6879") read$auto(r1, 0x0, 0x1f40) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r2, &(0x7f00000000c0)={0x0, 0xffffffff}, 0x5) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, 0x0, 0x88882, 0x0) 2.919195874s ago: executing program 1 (id=152): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) socket(0x2, 0x1, 0x0) (async) r0 = socket(0x2, 0x1, 0x0) getsockopt$auto(r0, 0x6, 0x9, 0x0, 0x0) mknod$auto(&(0x7f0000000000)='./file0\x00', 0x9, 0x0) 2.861996916s ago: executing program 0 (id=153): r0 = openat$auto_tk_debug_sleep_time_fops_(0xffffffffffffff9c, &(0x7f0000000500), 0x10a081, 0x0) writev$auto(r0, &(0x7f0000000a40)={0x0, 0x7}, 0x9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) prctl$auto(0x39, 0x4, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x2020009, 0x3, 0x17, 0xfffffffffffffffa, 0x8000) r1 = socket(0xa, 0x3, 0x6) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x12, 0xeb1, 0x401, 0x8000) socket(0x2, 0x1, 0x0) epoll_create$auto(0x4) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/platform/i8042/serio0/id/proto\x00', 0x0, 0x0) r2 = getpid() process_vm_readv$auto(r2, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) epoll_ctl$auto(0x5, 0x3, r3, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1002, &(0x7f00000002c0)={0x0, 0xc7}, 0x0, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x5) r4 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC1\x00', 0x40, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_INFO(r4, 0xc1105511, &(0x7f0000000440)={{@raw=0x5, 0x5, 0xf8, 0x5, "a401d243991a4de376cc2bd4dbe3e10d3cff152230323227f8d6c24be7ceeed84366bbadec1b7ea40209a468", @raw}, 0x1ea, 0x3, 0x1, @inferred=r2, @enumerated={0x383, 0x1, "9df82ad3f7e9030c2da31306b14b03ab904ec7ed05341fe427503811a54ec6e093a2d6b26bc285629b63088004840ad40213cdebeeb2076f31f78f35381eb3bb", 0x7, 0xf}, "2bb2d72b107f43a0d30100000000000000ae4a5be70b75810dfa4cc9182ed519d3613ea5b4243440fc9595b760cee784decb284ff015aa97d8f86dd61fd4f929"}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getcwd$auto(0x0, 0xffffffffffffffff) openat2$dir(0xffffffffffffff9c, 0x0, &(0x7f0000000240)={0x82000, 0x0, 0x1}, 0x18) ppoll$auto(&(0x7f0000000140)={0xffffffffffffffff, 0xfff8, 0x3}, 0xb3, &(0x7f0000000180)={0x5, 0x4}, 0x0, 0x8) getsockopt$auto(r1, 0x40000000029, 0x4c, 0xfffffffffffffffe, 0x0) io_uring_setup$auto(0x59, 0x0) rt_sigsuspend$auto(0x0, 0x8) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) socket(0x9, 0x9, 0x6) r5 = prctl$auto(0xffffff00, 0x0, 0x0, 0x0, 0x9) ioctl$auto(r5, 0x541b, 0xffffffffffffffff) ioctl$auto_BLKTRACESETUP32(r5, 0xc0401273, &(0x7f0000000140)={"ce0ba8e95139e253b3ada9826809639252df4e5e86a0716bd88dbf25e7d9499d", 0x2, 0x1b, 0x6de7, 0x8}) 2.550535796s ago: executing program 1 (id=154): io_uring_setup$auto(0x1, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101c40, 0x0) r1 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r0, 0x541c, r1) 2.520133333s ago: executing program 3 (id=155): madvise$auto(0x0, 0x7fffffffffffffff, 0xa) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/hugepages/hugepages-2048kB/nr_overcommit_hugepages\x00', 0x1c9282, 0x0) sendfile$auto(r0, r0, 0x0, 0xb) unshare$auto(0x40000080) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000200), 0x20200, 0x0) ioctl$auto_KVM_GET_MSR_FEATURE_INDEX_LIST(r1, 0xc004ae0a, &(0x7f00000003c0)={0x3f7ba2e5}) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x28, 0x1, 0x0) ioctl$auto(0x3, 0x800005411, 0x38) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r2, 0x0, 0x10001) writev$auto(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x7}, 0x2) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/class/zram-control/hot_add\x00', 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) r4 = socket(0x2, 0x80002, 0x73) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video55\x00', 0x0, 0x0) syz_genetlink_get_family_id$auto_nl802154(0x0, r4) sendmsg$auto_NL802154_CMD_SET_CHANNEL(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000540)={0x0, 0x24bc}, 0x1, 0x0, 0x0, 0x8000000}, 0x8084) sendmsg$auto_ETHTOOL_MSG_PHY_GET(0xffffffffffffffff, &(0x7f0000003200)={0x0, 0x0, &(0x7f00000031c0)={&(0x7f00000000c0)={0x14, 0x0, 0x301, 0x70bd26, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x2404c012}, 0x20000000) 2.263546708s ago: executing program 2 (id=156): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000dc0), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000cc0)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002abd7000fddbdf25040000000400120006000b00f9"], 0x20}, 0x1, 0x0, 0xff07, 0x4000084}, 0x10) 2.255487989s ago: executing program 1 (id=157): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) ioctl$auto(0x4000000000000c8, 0x800454cf, 0x3) r0 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r0, 0x107, 0x12, 0x0, 0x4) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(r0, 0x1, 0x21, 0x0, 0x9) r1 = fsopen$auto(0x0, 0x0) fsconfig$auto(r1, 0x6, 0x0, 0x0, 0x0) ioctl$auto_TUNSETTXFILTER(r1, 0x400454d1, &(0x7f00000000c0)=0x8) ioctl$auto_UDMABUF_CREATE_LIST(0xffffffffffffffff, 0x40087543, &(0x7f0000000000)={0x9, 0x2, [{0xffffffffffffffff, 0x0, 0x0, 0x6}]}) r3 = socket(0xa, 0x2, 0x73) sendto$auto(r3, 0x0, 0x4, 0xfffffffe, &(0x7f0000000000)=@generic={0xa, "e208004002de00"}, 0x1c) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) pwrite64$auto(0xc8, 0x0, 0xfdef, 0x3) read$auto_stats_fops_2(r2, &(0x7f0000000040)=""/118, 0x76) pwrite64$auto(0xc8, 0x0, 0x4e, 0x3) 2.125732121s ago: executing program 2 (id=158): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/cpu/events/branch-instructions\x00', 0x22b42, 0x0) sendfile$auto(r0, r0, 0x0, 0x6) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f0000000000)={{0x0, 0x2, 0x4, 0x1, 0xfffffffb}, "0dd7fd004929347eeeccdf0732f77b1f6de0d6d51768a257a97ca5e9ca6310ea"}) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) waitid$auto_P_PID(0x1, 0x0, 0x0, 0x0, &(0x7f0000000240)={{0x2, 0x34}, {0x9c, 0x3}, 0x779c, 0x3ff, 0x2, 0x0, 0x8, 0x8a, 0x3, 0x1, 0x100, 0x6, 0x5, 0x47, 0x80000000, 0x40000}) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000040), 0x4402, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x800, 0x0) ioctl$auto(r2, 0x4b71, 0x1) sendmsg$auto_NL80211_CMD_ADD_TX_TS(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000540)={0x20, 0x0, 0x1, 0x70bd28, 0x25dfdbfb, {}, [@NL80211_ATTR_SUPPORTED_SELECTORS={0xa, 0x14e, "4039979607aa"}]}, 0x20}, 0x1, 0x0, 0x0, 0x40001}, 0x20040004) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x2000c000}, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) r3 = socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r3, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) recvmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0x2, &(0x7f0000000140)={0x0, 0x4da}, 0x6, 0x0, 0x8, 0x7ff}, 0x1000}, 0xffffffff, 0x4, 0x0) sendmmsg$auto(0x3, &(0x7f00000000c0)={{0x0, 0x3, &(0x7f00000002c0)={0x0, 0xc2}, 0x1, 0x0, 0x0, 0xe64b}, 0x7}, 0x3, 0x0) sendmmsg$auto(0x3, 0x0, 0x4, 0x7000003) sendmmsg$auto(0x4, 0x0, 0x0, 0xfffffff4) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2506, &(0x7f00000002c0)={0x0, 0xae}, 0x5, 0x0, 0x3, 0x3a32182}, 0x4}, 0x3, 0x9) recvmmsg$auto(0x4, 0x0, 0x7, 0xe, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x3) 1.917172275s ago: executing program 3 (id=159): r0 = openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/debug/netdevsim/netdevsim3/hwstats/l3/disable_ifindex\x00', 0x1242, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = socket(0x2, 0x1, 0x106) bind$auto(r1, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) write$auto(0x3, 0x0, 0xfffffdef) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) r2 = socket(0x10, 0x2, 0x4) bpf$auto(0x6, &(0x7f00000001c0)=@test={r2, 0x10004, 0x0, 0x3e, 0x106, 0x0, 0x0, 0xfff, 0x800, 0x9, 0x0, 0x4, 0x7, 0x2, 0xfffeffff}, 0x1) sendmsg$auto_ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="d4000000", @ANYRES16=0x0, @ANYBLOB="100027bd7000fbdbdf2518000000200001800247eea41fac000014000200766574683100000000000000000000000800070063fbffff0500060001000000840002803d00488013b37090badc49d6dc93876646d25a4d297d01cd3b7da38d12889cc50d505f353dc42d0a3c0a14c7b46428910708003600", @ANYRES32=0x0, @ANYBLOB="0400b3800000003d003b800400a4800c009a00008000000000000004008680c16ab1b1b39dcaa14b6af7dcc011b43cf706e562811c62b28a702b72e0a87126700294f2350000000c000180080003"], 0xd4}, 0x1, 0x0, 0x0, 0x20000010}, 0x20008000) socket(0xa, 0x3, 0x5) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ioctl$auto(0x3, 0x800005411, 0x38) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) mount$auto(0x0, &(0x7f00000001c0)='}[,&*}\x00', 0x0, 0x7fff, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc6}, 0x1, 0x0, 0x2, 0x9}, 0x7}, 0x3, 0xa6) write$auto(r0, 0x0, 0x9) 1.837951442s ago: executing program 0 (id=160): r0 = open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x130) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) r1 = fcntl$auto_F_GETOWN(0xffffffffffffffff, 0x9, 0x5) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/mem/full/uevent\x00', 0x40000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000080)=""/58, 0x3a) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socket(0x2, 0x3, 0x6) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x11, 0x80003, 0x304) socket(0x2, 0x5, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x76, 0x0, 0x8) msgrcv$auto(0xff, &(0x7f00000000c0)={0x6, 0xd}, 0x2400000000, 0x6, 0x6bc2cc7d) lseek$auto(0xffffffffffffffff, 0x0, 0x3) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB, @ANYBLOB, @ANYRES32=r4], 0x24}, 0x1, 0x0, 0x0, 0x5c5fd097d751f33e}, 0x20008000) close_range$auto(0x2, 0x8, 0x0) unshare$auto(0x40000080) mmap$auto(0x8000, 0x100000004, 0xcd, 0xfffffffffffffffa, 0x40000000000a5, 0x8000) r5 = open(&(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x80400, 0xb5d1af1605322ddc) r6 = open_by_handle_at$auto(r5, &(0x7f0000001280)={0x8, 0x2, "0200000000000000"}, 0x6) sendfile$auto(r6, r5, 0x0, 0x2) rt_tgsigqueueinfo$auto(r1, r1, 0x2, 0x0) r7 = socket(0x11, 0x3, 0x9) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48}) sendmmsg$auto(r7, &(0x7f0000000300)={{&(0x7f0000000000), 0x5ac, &(0x7f0000000340)={&(0x7f0000000200), 0x49}, 0x5, 0x0, 0x5, 0x1}, 0x5}, 0x1d50, 0xfc) read$auto_ep0_operations_inode(r0, &(0x7f0000000180)=""/100, 0x64) openat$auto_ep0_operations_inode(0xffffffffffffff9c, 0x0, 0x121001, 0x0) 1.38399467s ago: executing program 3 (id=161): mmap$auto(0x0, 0x7, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20342, 0x0) r1 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/oom_adj\x00', 0x0, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000001080)="7a47301037954c081c9a0bb04ef84993eab91abe1686f43e43d786e91365f04455bd620de9f3fb6d25e6c078c1a672c549dbc7876cb528ba081a81d884bfc00dd4eef57cedc0cc3756ff6a5b0aa8ba9511fe2b07c6e7f4732fe36ba259b12a0db9acf178c9182899f8360960a04ab85d23de405dad1c35058e30a98cc936ec82e442659cbfa3d11ff0a4e108dcfd7cec18e4f0c89ece6879") read$auto(r1, 0x0, 0x1f40) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r2, &(0x7f00000000c0)={0x0, 0xffffffff}, 0x5) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/sysvipc/sem\x00', 0x88882, 0x0) (fail_nth: 1) 1.202096761s ago: executing program 3 (id=162): mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) bpf$auto(0xff, 0x0, 0x4) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) socket(0x2, 0x1, 0x106) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) write$auto(r0, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) mmap$auto(0x9, 0x400408, 0xdf, 0x111, r0, 0x0) read$auto(0xffffffffffffffff, 0x0, 0x7) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x9}, 0x3) r2 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f00000009c0), 0x101800, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000a00)={{0x81, 0x5, 0x4, 0x3ff}, "da74a818e5d1cac08dcd09b8ca49f911a39a914b8683dbe63d23e328c79bd736"}) 1.141748101s ago: executing program 1 (id=163): mmap$auto(0x0, 0x4020007, 0xdf, 0xebf, 0xffffffffffffffff, 0xa) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x20009, 0x7fffffff, 0xeb1, 0x401, 0x8000) prctl$auto_PR_SET_VMA(0x53564d41, 0x0, 0x9000, 0x8002, 0x2) r0 = open(&(0x7f0000000040)='./file0\x00', 0x149443, 0x0) mmap$auto(0x5, 0x1bbf, 0x1ff, 0x19, r0, 0x8020000007ffd) close_range$auto(0x2, r0, 0x0) socket(0x2b, 0x4, 0x10000033) socket(0xa, 0x1, 0x84) capset$auto(0x0, 0x0) unshare$auto(0x40000080) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0xa0681, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/fail-nth\x00', 0x1c9c82, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000040), 0x1bf8c0, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) writev$auto(r2, &(0x7f0000000100)={0x0, 0x9}, 0x2) mmap$auto(0x0, 0x400008, 0x8000000000000df, 0x9b72, r1, 0x6) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) ioctl$auto_SNDCTL_SYNTH_MEMAVL(0xffffffffffffffff, 0xc004510e, 0x0) connect$auto(0x3, 0x0, 0x55) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x88c2, 0x0) write$auto(r2, &(0x7f00000000c0)='7\x00\\\x1c\xe7k\x00\x00\x00\x00\x00\x00\x00\x00', 0x8083a) getrandom$auto(&(0x7f0000000200)='+\x00^rp\xcb\" \x81u5z\b\x06m7\x84\xc8\xd8\\\x12GM\x02G\xda(\x7f\xe0\x8b\n\n\a\x9f\xcd\xa9\x97i\xe2\xa0\xdd4/^\x13\xde5\x96j\xf4\xcc\xc6g8\xe5\xf6k\xe4\xa0\xc5XF\xd9R5\x81\xa8\xc5\x11\x1a\x8b\xb3Y\xa4\xa1d\xe0\xbe.&\x7f\xd9o*\"\x1c\xe3\xe9%y\xf7\x8ffm\f\xe5\xb0\x13\x16\xa0\x8b>\x7f\xcea\x9b\xe4\x8e\xd4\xf2\xeb\xa5\xb7\xf4\xef\x90\xea\xd4\xa5$\\\x03\a\xf76\xa6z~,7\xccH\xac,\xb4\x8b\xa5\x8b\xcc\xedRFp[h\x14\rn\x1c\x17\x03\x80:\xcaDS\x8b\x01ssn\xc3a\xa8\xfb\x97\xf4\xb0\f\x99\xe2\x16m\v\x9aa\xb8R', 0x6, 0x3c5f) mmap$auto(0x9000, 0x3fffff, 0x7, 0x11, r1, 0x20000040) 1.122793818s ago: executing program 2 (id=164): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) pipe2$auto(0x0, 0x0) socket(0xa, 0x3, 0x3b) unshare$auto(0x40000080) getgroups$auto(0xe, &(0x7f0000000000)=0x4a) socket(0xa, 0x2, 0x0) socket(0x10, 0x2, 0x4) r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x9000, 0x0) r1 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) rename$auto(&(0x7f0000000180)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00', 0x0) sendmsg$auto_NFC_CMD_DEV_UP(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000200)=ANY=[@ANYRES16=0x0, @ANYBLOB="20062abd7000fddbdf250200"], 0x9c}, 0x1, 0x0, 0x0, 0x1}, 0x80) r2 = open(&(0x7f0000000100)='.\x00', 0x0, 0x110) getdents64$auto(r2, 0x0, 0x400) ioctl$auto_VHOST_SET_OWNER(r1, 0xaf01, 0x5) ioctl$auto(r1, 0x4028af11, r0) 997.79654ms ago: executing program 0 (id=165): mmap$auto(0x0, 0x7, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20342, 0x0) r1 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/oom_adj\x00', 0x0, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000001080)="7a47301037954c081c9a0bb04ef84993eab91abe1686f43e43d786e91365f04455bd620de9f3fb6d25e6c078c1a672c549dbc7876cb528ba081a81d884bfc00dd4eef57cedc0cc3756ff6a5b0aa8ba9511fe2b07c6e7f4732fe36ba259b12a0db9acf178c9182899f8360960a04ab85d23de405dad1c35058e30a98cc936ec82e442659cbfa3d11ff0a4e108dcfd7cec18e4f0c89ece6879") read$auto(r1, 0x0, 0x1f40) read$auto(r0, &(0x7f0000000080)='/proc/thread-self/fail-nth\x00', 0x1) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket(0x11, 0x80003, 0x300) io_uring_setup$auto(0x6, 0x0) setsockopt$auto(r3, 0x107, 0x14, 0x0, 0x4) sendto$auto(0x3, 0x0, 0x13, 0xfffffff8, &(0x7f0000000440)=@tipc=@name={0x1e, 0x2, 0x0, {{0x2, 0x2}, 0x3}}, 0x22) writev$auto(r2, &(0x7f00000000c0)={0x0, 0xffffffff}, 0x5) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/sysvipc/sem\x00', 0x88882, 0x0) io_uring_setup$auto(0x6, &(0x7f0000000100)={0x4, 0x2, 0xa1c, 0x4, 0x7f, 0xe7b, r1, [0x48, 0x76, 0xfffffffb], {0xfffffff9, 0x9, 0x1, 0xcd, 0x2, 0x6, 0x56c4, 0x4, 0x8}, {0xb5, 0x82, 0x401, 0x8, 0x0, 0x0, 0x1, 0x89a, 0x4}}) getsockopt$auto_SO_INCOMING_CPU(r4, 0x1, 0x31, &(0x7f0000000180)='/proc/sysvipc/sem\x00', &(0x7f00000001c0)=0xa2d4) r5 = socket(0x29, 0x5, 0x0) r6 = prctl$auto_PR_SET_MM_START_BRK(0x1, 0x6, 0xffffffffffffffff, 0x4, 0x7fffffffffffffff) fcntl$auto_F_DUPFD_CLOEXEC(r6, 0x406, r5) ioctl$auto_BTRFS_IOC_SCAN_DEV(r6, 0x50009404, &(0x7f0000001140)={@inferred=r1, "476b1da21bc7de87b955205502c3d765c530a62a5add3c92cee37eebed419b985a98e797d9c77c0bbd75b1eb424864c1be56273cc932b446e0cc12d428177f0a895ee0ae07684b06369e74ab0f2af61cbdd701af90fb0c826d67fd2fc32c2d239116469f0b3bc8fcd3ab0dba6e75a1a0a62c4996db04ec17c98b17d87927e1400baa2cc2385fdbcab0a31234ce4f6ed2fe22aba5c20211f01988fae819b7acb0903829024763558c79dfe7b507685a0e0bf0ab53f91ae56cde913c429abdd964745bcbeb1ce2ddf70b8af6a4b6af30882f264185cbc9170f5a2eb6f23ab4c26f0291e9e9564e377d7d9e2103cc7eee7627b9004b1cfa2c1586839e593fb0cb610522d1a9516f7dba5c9ebf2def6c1b9528c986495a3340d7f916fdfc91b2e3335ad75f2f8c820f8fd8a925fd5931f3c35b21e3a84bdfd435f0932782ccf4ee0e9f404d95cb1155e0f133b68d37d2289583140ae52b784a9203e102d8aba2352c72864665e581158b6b8f873c639c6b95bec8637fce65d1949ea91e9e7497e4fa75916aeb4d95d5c0a40e9250a4ae7d9d251ec5114ae989d0a41e21727e0f46d2bc634f3329ffd2a2283461f8c8572c01c901a4b9e6302f53070876d014f4453069b8d7a4918872faa757135c2e4df358eaf17b0cfc11b39fc5fae7e1b5cfa3f171602823828d7b29ec61bbb1029ad3a01c962283def8229c30ce788bb37cec3e0da27ecb7ed754057c3c85510cc8eba25649a24378711f8af27cb7fdfafe1d84abbc91fdcfb6a9aabfb9ca1d63431948d78e46122d68ff47dd02983a086a8535db6c5db8c1302ab4b5ff9209c69490c6736f80df1dad05fb62a0ad50501cd67001a0b725ad09ff03e72337049b8207fb5d19b0a0432114e46eea7b757dfe35c62da5603d474a708e094f9460e7d858a2509dcd331e01dbb68db7e3bb6824b906fc06cdcd7a96f0c06f19ca309d742c03a9be13e02f35823f0a26632524f67abe170fa1b0f5af2c03ff14c3e545b595eb5cb24fb2a97da03b85bf2f8d84108eff0317b4b46cd7dc6342d82fb53023a2a1141d06ea25947d95b1e64ad568af4a64d8459869e734849b7b17837ff40e8bf82fb8f578e563443297b97e1f0ee62c5ffe2235be2556682b14e8206dac2a864caaec415cc6e7c603d975ac05d125b31bd9c0779c6165e57de6fe0565b8f6e1adeedcb87ab3ee46b1385359d2ba92f596e84419d24e9a67629922cd9cbc6bb2ff3a88ea1259ede0f81ae520c8b77fb662d3bc493d2352b1ec8e94e8d5a670c190e8114eab1c1c80602230d26155d5e7f8e29e32984473e2cdea43451b8e91b93c1b06ebf845c528f3a171f175d2d2a19f89ef23f86244c1eecf9262c6c1908b39877b8f6f15c743cbac1db3387c29af0b7dc79e9d477e3e444a180fd43c01aeb41dc929ff9df5a88182634aadc577f55f0563502fe9f736a5c913de132c95b014657dff7f9916878ca4f2e797743a3ff4b1065d8601585deb8aaa15ad6d023e1751792e31d0d9f62d25fbc9d53d4f1cf8acd210c4e94210b2659427ae9fa5c5cfb2fb4455958301164b5e8ab9e2a534ee4f6ca7365107f3c2eebda5659aa6354ce08b8792436e2559df511fc89bd9f05ebbcb85bac903989fb2e402840cd0c78df019cf77a5229a8fef26cff03f2ca69dfd45c910dc47d03560b43a99f5e59c5b67637e4f454a6e456d979395376401bbddd32b980145c91017d8768df8daceffb83a90661a762930d84b07dfc5f756b9dfe7b8d6ba85554c1b417e9a10d4cc00a84afabc9f2334cbfc2dd378f8f508aabaeb96a3958db6189a4d94e722f17a9f1d184480656b3741cb2c380209a754c823072df42ec61a87a067d82d4c0a269ba700b90604a193e3aaba389abdfc01412e052d9b09ad3c390655b1faf9dff13115b3bc365867d7c298af6a8f5dea099e144b652b89191f7d2ecfde7ec86d9d63a744e58d9a96398b7c6cddb34bc705336e154aade8ab993942ffbeccf321259a4afd274ca18f0671155eead4a9bfeca14d68b631dc8ba0808df58c87e721d99479b5c07cfe22f90989b986f42beb7b859f8036cdeaacad08673b345001e9633b43c8e58486e23ee3f538a12d0cae3da1bb0278b3b9cc63b7c5c020ae5087883eca2d92d5f23ae5787ceda2d36ff8cdae9edbe33f2f81f11f0f41486209b23223b0a5e3dc69be81578a8bc267bac491048f4111a6c4265907d32df3fa9295e1db43b37642bb7191c6a4539f5456fc16a362459e018542e6ddfbba8e749c6bb01f0b5705cb91b22ebf9d50037672ee3ef69566e3a62e8f0ca1d576c396250eff6f1b13cafe4211a5c370156653b807624e6a04cae6e5f882c436911a4ab68ade57ac9d471a86dfd9bf350cd5fc1c1019d26d5bc1118fb2416c063c0d8a796f8f9e9d92be4bb5dea2ebde17af6e2c1b10280121ec1184f2e5e7c62e1f219a60375b102712793c0f068c598704cf29f1471f06c982ae871f82f0c8f7bcadfed33b2ebb8b791ed6535b53de94b160daf6258584943e6e1dc36f452cb78698b80c5334121d2a298a9ec65eb6a3d680c60a6e0ff6db3ee52232cf982f0018ba4288c3493f1fa72b1cee573252db0db9f1e94ec0c2fc8930c811bead0822eeb02922fcbeee5d023d25ba0de20bcf32876aa4156a0aa2fa9a5947cac80c31382567ed8e5c0fd9e6481266d0d8ce0e79cc3e79d623764908f9c45c98462b4843b35edfa30a4f240bcf8778db2d7e6e2cd747b8cc0c5dda3850c8c318df15e607cedb0d412f862a921a786775d91c70cc6b75820da3e902bd4765d45cd0babd9678dcc97fb76ce6af86a8be7d6154a3e26be8a093a5715ad4fb25d549498c1854f7f14f8c921d2e15233d8e90984fb2cb656dea75899671bd56aa76d3e9496a1b9881b48b9f3a44113c9116ccf8ffb3abb2833491f3b548eb15d537a62e9aebf3d86a2a45b2d8dc60c5c86015c4d1d02e24697f2a7f4bb8d261f880a51cf372895e407a2719ee55d27c6aad893b9aaaf55ea9f6d19b99d19d31be16d91c2353313c3a9cc8c610ee7e6359da9e5454ce99f3e9f9f21d9d207fab6f6c6da406c1080b621f541ad6ec8bc46b56233d9acb9d99af7482064fed2690116d56d7e80de3c843f7d7d76362a6c903f682b530185c79bd1a04d69569d0c0a985084a50df07f17974f129b7b40000590b98cce621104e7f3f18eabc37cd947e2b82b4f36eee98f5c7f74042b8755bdaff957e55621470070b21f9eede3fa4d67efb97d45d3c45d5fd89121c54bd72344c62b200f8d948b491dc8dc02656952e76fd92271ed54612ba90a11ac8c22725dcc400b59ebb1cc9b24a4c7b5a8ae8e44a51ddbc8d7e2cf8a5ade50bc5d6a9b453d383b0a4d2645566ffacad2cc3ef3fdaf3b6f22143ae6afd2be3b8c4fa27d0847590bffad4f846a8acbfa24fd4a1962873ce556d89db7bad42313c454b9c99c69ebf80137afaf5b1df1717601d53d629032b5f887cc6bbac327064522a4c4a1f4f61a61b944d6c5962e2795efdff10cdbf8ee6683dc4664b7713af7bb1e327795dd659c9ac456b50976772c0adc55df252c31529d46f2e2349670fc706540d5a5801221f463550c1d3551b7b093d1ef3deab645d31f07d483aa72480f8b80b4b581807a1c8b1c7e3a07314d99c2346901c1c709671b512344949746fadff53acd852350989bde7a66001fcefc4e8fd6e2551190a95ad6b5545677a907dc87775e3a19088f3ec176d2e4356c81b801f883c1ceecc3c5418e0053af1be6855050cd3f3699ed4c6e3fbf0e02ca3d9d05f77b30f7cb3d23e238c5a849b02159c01aced449f8392f25ba62c8ee90fa6431c3ee391320a72bb741dcacd6ce9dc87015f649ed655e625bc8c47cc420184e862243c73b5d857cee9341f73d1f8c256daaf22145d805b27bd586915342f26214f941e639861d50e64c06a6e54fe84181b802fec8fb2c284e3b0299954365718c16331400e06e7892c289937b7c1450c34a0a80ec3c0d6ef0b821fd010f541a23d1495a8f70f934226b90c582714daf62ede5d023e81e5f1f42a1e058141042b2ad660cbc024a17f85dfe6a3b9714a9fe792ec7bb32e7a9db88d4f3346ba345446730cb8fecccdc8e9a07f4a98143a4fcc813b3d15c815f1e6f56ec660475497cb039ffa123fe5e681739c0aa9eecbfead247868ae37cf9cf06ed8d5de26ebf9e75389a9d21eaf8a98088b3754c0b85b97efc29436056ec72274c978fa30d81c62f51657c019045022e87000913c28546dd8b4fc6d89d19e7696f4c1c3a599587e4d7d7781e65bd7d4008aa65a7fccc0e8ed549e77135ccabf44d781ce71525a421fac8f750b797e3116218deb7f82a23711c5d75ca25354e28f0a1395b4c156daf42f8f7701843d3a8296cf4bc2d8681b9aeaef72a354fe92bd217f18d5da37e881a2732b13f013143e922ecc8896118582d783eb0759f2415834021ec2af6992c63e51d8e51ef8e6f33574b43e72409f9f8b1459c77e95ab8a139424343781e0e89eabd3867d27252f3ee2360e46a844a456d4039cfccd8de17498fa6dd7c86dd275917243e43bf235d553665cee636fcaf41a32c50ac6f8c74ce2006f40d8e4d40cb160735a87a827aeba376285de2936e880f694dfe74b13c89ca46b0d88cc20e830af3fc7f52bd11a8fc4d8429b046c921dfa13d9b67d018e74b501c3e8fecb7f87a9e9cfd0e78a12436babf953baa7bd82e45b31360b78e2638e6f68e5c674847ab0b3713d890102db0b580b9b05fc088c0fd3284296a497caff72e427fd3afe825047b2b9befd2b767d9dedf5b8176e3225ee97d3c43dd7e76424a05775b7c3e589d390851ada90ecc364cee3093ad50112afd42a7a05c34669f6e0af5435478224ec09a44fb8e33aa9ff2a66603eebdc2db97772524435c0243a3a717ea46f17f8a51b82ac73842e0a440cbe5b5a4e29bfede19dc841691b0d9bb035d67c83f3e7008ef4677811e5f73abf0d591f1121797664407d17ed0f028bfa51e2c830fabfdb7b605ae81e728b6f6abaac448996677edcb76304a6f9b6afd22aef8e16643baa9e72bf0939e3356e5d5bd8c15fb58c17b1f144b1020c7343c85b49d0fe7e9ce9ac531e7b7974a0b7c3d5bd7a70f2038252e8d37dc3c581a5b08ae9837489736babfd42204af24acb32cc1551d97696ad1272fe957ffae7cff82f1464a7e33d9f6cc8eae5cbc266e6c6d8693a8f2088dc27721525ed25a084baa8d739c94c0297ed0fac11d40f09415ffc4a3f24b92678eb9c627037fb0f833613e703b117f01dcd8bb0e5720248ba4cc0f455285b1e52975cdae175a3f0b9ad9f8499ab270edde5c791feb51d5a80db50d46191dcbb65953a7e7a0d36192ebc9ff6f8cbe4a7f79d8970bcf9231d49333ef5389d3497bca80842cf8118df6238d78d21d5fcda4cbaceed38570c56a41341f5e4a94829457197390cec39527546412fe473c029e79f5a18f36b3a6ff922f1913250f4127cd0f867e7181ddfad3f8ff6a5aa1f32cb777db9ee0d879dc340b5f67ba16f9d4d2229fed19500f40eb3319795d98260657df9fc10d9eaa5e023b3d6d2e78c3f6fd57741cd495a31cecb8c4ceeb53fd3f919b1741701f97dac20c0a5dfc6d9202bd983b344dbd482ed695c3749c27501d832a9998ee6b599fd78ef2b5635d60587f191c987ccd626e812c177b73bb12eaed8b2376bcd3907bf9db7da5a9abdd7e20860cc55441f143b2f30851ce3b5c8c40ae5f261b5b63644951cdde1d5f8"}) 768.850505ms ago: executing program 0 (id=166): io_uring_setup$auto(0x1, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101c40, 0x0) r1 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r0, 0x541c, r1) 658.138388ms ago: executing program 0 (id=167): madvise$auto(0x0, 0x7fffffffffffffff, 0xa) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/hugepages/hugepages-2048kB/nr_overcommit_hugepages\x00', 0x1c9282, 0x0) sendfile$auto(r0, r0, 0x0, 0xb) unshare$auto(0x40000080) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000200), 0x20200, 0x0) ioctl$auto_KVM_GET_MSR_FEATURE_INDEX_LIST(r1, 0xc004ae0a, &(0x7f00000003c0)={0x3f7ba2e5}) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x28, 0x1, 0x0) ioctl$auto(0x3, 0x800005411, 0x38) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r2, 0x0, 0x10001) writev$auto(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x7}, 0x2) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/class/zram-control/hot_add\x00', 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) r4 = socket(0x2, 0x80002, 0x73) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video55\x00', 0x0, 0x0) syz_genetlink_get_family_id$auto_nl802154(0x0, r4) sendmsg$auto_NL802154_CMD_SET_CHANNEL(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000540)={0x0, 0x24bc}, 0x1, 0x0, 0x0, 0x8000000}, 0x8084) sendmsg$auto_ETHTOOL_MSG_PHY_GET(0xffffffffffffffff, &(0x7f0000003200)={0x0, 0x0, &(0x7f00000031c0)={&(0x7f00000000c0)={0x14, 0x0, 0x301, 0x70bd26, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x2404c012}, 0x20000000) 644.909507ms ago: executing program 2 (id=168): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = getpid() process_vm_readv$auto(r0, 0x0, 0x800000005, 0x0, 0x2, 0x0) mmap$auto(0x0, 0x9, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x80002, 0x73) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/sit0/accept_dad\x00', 0x2, 0x0) sendfile$auto(r2, r3, 0x0, 0x1) setresuid$auto(0x2, 0xffffffffffffffff, 0x200) syz_genetlink_get_family_id$auto_ipvs(0x0, 0xffffffffffffffff) mmap$auto(0x9, 0x1ff, 0x4, 0x14, 0x3, 0x0) syz_genetlink_get_family_id$auto_thermal(0x0, 0xffffffffffffffff) syz_clone3(0x0, 0x0) process_madvise$auto_MADV_WIPEONFORK(0xffffffffffffffff, 0x0, 0x3, 0x12, 0x2000001) fcntl$getown(0xffffffffffffffff, 0x9) lstat$auto(0x0, 0x0) preadv$auto(r2, &(0x7f0000000200)={&(0x7f0000000140)="40a0a1b8736e03bc159b631d8dfd9491b18109c38f744f99e1c4eda88d3a3d8ce1f4c555cde089b8f98d75c4e120408be089f4e8d966de26db6cf0320d25d5f55f7ea063192da4f62e52c4c88795a66ae680408cfa38aa0b833d9e7e88be9a0e6849ceff4fd7d2b333459db66f15044bd337c1d9ef65eecb1e688fe768e5b1e8765fc460fd39773878513c9223c8b1008979901106a1cfad9d78bdbb48a7bb0fe80239a8dc643d2bc8e93f91", 0x51b}, 0x8, 0x1, 0x1000) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r4, 0x89fc, 0x0) read$auto_proc_timens_offsets_operations_base(0xffffffffffffffff, &(0x7f0000000300)=""/189, 0xbd) ioctl$auto_BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) clone$auto(0x20003b46, 0x7, 0x0, 0x0, 0x2) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x0, @rand_addr=0xfffffffe}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) select$auto(0x4, &(0x7f00000000c0)={[0x5, 0x1080000007, 0x100000001, 0x1, 0x6, 0x1ff, 0x206, 0x0, 0x4, 0x4618ecd2, 0x0, 0x3, 0xbb37, 0x9a8c, 0x9, 0x10001]}, 0x0, 0x0, 0x0) mmap$auto(0x4, 0x3680, 0x7, 0x8000000000000010, r1, 0x2) 271.646987ms ago: executing program 3 (id=169): mmap$auto(0x5c, 0x2000d, 0x4000000000df, 0xeb0, 0x401, 0x8000) io_uring_setup$auto(0xa, 0x0) mmap$auto(0x0, 0x400008, 0x6, 0xf610, 0x2, 0x8003) unshare$auto(0x40000080) bpf$auto(0x5, &(0x7f0000001180)=@link_update={0xffffffffffffffff, @new_prog_fd=0xffffffffffffffff, 0xf, @old_map_fd}, 0x80000007) mmap$auto(0x0, 0x2020009, 0x6, 0xeb1, r0, 0x8000) r1 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x20881, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x401bf, 0x7352, 0x10003c, 0x1, 0x1ffde, 0x7, 0x3, 0x200, 0x9, 0x3, 0x6, 0x4, 0x7, 0x9, 0x8000009, 0x10005, 0x80, 0x4, 0xffefffff, 0x7, 0x2080, 0x203, 0x0, 0x20e9d181, 0x400300000000000, 0xdb, 0x3, 0x6, 0xf04, [0xfffffffffffffffe, 0x4, 0x2, 0xfffffffffffffffd, 0x2, 0xfffffffffffffffe, 0x2, 0x6, 0x66, 0x0, 0x0, 0x0, 0x6, 0x1000000, 0x0, 0x8f, 0x10000, 0x8000000, 0x7, 0x0, 0x1, 0xfffffffefffffffd, 0x5, 0xff5b, 0xc72, 0x0, 0x9, 0x0, 0x66, 0x1, 0x100000001, 0x0, 0x0, 0xfffffffffffffffb, 0x10, 0x0, 0x0, 0x20000, 0x0, 0x1, 0xff, 0x80, 0x8c]}, 0x2, 0x800000d) write$auto(r1, &(0x7f0000000040)='/dev/input/event1\x00', 0x10001) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x147) readv$auto(0x3, 0x0, 0x1) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/platform/i8042/serio0/id/proto\x00', 0x0, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x281, 0x0) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x0, 0x1, 0x2, 0x9, 0x15f4da07, 0x6, 0x10001, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0x2, 0xd8]}, 0x0) rseq$auto(0x0, 0x8000, 0x0, 0x6) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2048000}, 0x40000) kexec_load$auto(0x70, 0x2, &(0x7f0000000080)={@kbuf=&(0x7f0000000180)="709bc6c9e3065f04b9f1373c3ffc3684426368a039f3aa960ab8176bf0542ba2368fcc0de90ea2d923fa424a9c5a32666043048c5591dee593e4d0f4e7303491eb4c8c0c70d5d17fef73ac", 0x0, 0x8000, 0x403000}, 0x4) syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000000), 0xffffffffffffffff) fsconfig$auto_FSCONFIG_SET_PATH(0xffffffffffffffff, 0x3, &(0x7f0000000100)='\x00', &(0x7f00000001c0)="3b4ec31ec0f99f7204157cf35a18ec5deee46d8199213352d586fa8f5221aba1444d24903f49bc1dae1d817f5dcd6aa4ecd33b62cc5abe6ef526851713c0cffa477ac0f9c3a30e7adf8bcbbfb8c0b164dfc1c5c35a14dce07e769daa726b15cbfbefc1c4a262de7b4141b435c73f4b47ede2e0369ce0edab9f7d3b2e1c35b8f3eff4e58144bdfb99e2956f8b262b81bce85d444857ba046847ea751e661795273ce6e1d428f028647118e3f94cdc3c3e8cc3db83a9362f6551e64476b7ae65cc1aab7b59e5206a", 0x0) r2 = semctl$auto_GETPID(0x5, 0x80000001, 0xb, 0x5) msgctl$auto_IPC_STAT(0x6, 0x2, &(0x7f00000013c0)={{0x1ff, 0x0, 0x0, 0x6, 0x9, 0x1, 0x7}, &(0x7f0000001340)=0x9, &(0x7f0000001380)=0x40, 0x8, 0x1, 0x5, 0x7, 0xb, 0x101, 0x7ff, 0x2, @raw=0x5, @inferred=r2}) close_range$auto(0x2, 0xa, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) syz_genetlink_get_family_id$auto_netdev(&(0x7f0000001700), 0xffffffffffffffff) getsockopt$auto_SO_RXQ_OVFL(0xffffffffffffffff, 0x1, 0x28, &(0x7f0000000500)=',{\x00', 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) write$auto_seq_oss_f_ops_seq_oss(0xffffffffffffffff, &(0x7f0000000040)="5f74ab2fc43781e047140a5cbc3ac5229b90633d9cddda9efb1f2c3d5d1e63f3fb5acf079b9336319d009cb514679a42eaca52b81c166d19625d173c26ece6542f2fb29712f4fb9072fc432b4cf3e6f5a7f3c9f91ee88ba5fa11d48fd3658e8f44f8423b4cd02bbec912ed34f9f4b19b03d4c62b24ede44c0c76c34edf7bde061903c2ee4c64110ac668239fa53ba42933ae74c3d173663248ff0945dd2e405e0d378b5a8e4643a7bc3b35a7248431450ca8901467ea6dc5d86de1e90f869f6a04ac10043676f3b2c7f1339b2d7468133fb8447d17846b6b78079ecc31d7d0f74caa4a3db1ac4d312bfdb34bd331f1f771a2396108561a52153d63a7b2a3a077a7e4c1a22bcb23e1f3e511fee310baa67904d2aad4d6671e8b77c7720e37e84e0efecb60a35f188cbe8b8b2fb3967b78aa482aabb103f23083baa9b2ae653731d5993db4054233dea4af25795e12eb4d6b046bdeea6adce8626e0def15dd32b0ec16a85d93e1dea980794033f4b46973062c64c0209f9d3efc6ea7704c8e8dfea8cdfbe2cb1e367bf634a1952190e0660994f79f0c622d47ee8f93ce1c2852db907ae68a29bcc960b26e0e634173287fd012c4bb3063c41d35c92e896b44080bc5a98e90907cd1d01cc0708019cc1c93c71f29bfe841c873ad2aa0565dfaeb86c8b8e58ea2075de2a562ba1b5dc4ca452df21f25453b7c7f9a3e31547f4e803cefbac3b94715f2ab1f9fc66570244472f2f29deb9bdf6dc5b18d54e3c2264f9598f2ea749d170a66d351acf003c3f37fe74a09a8a964ce2818e4b4efd1eb0e3bca5dfd2a053eeb5735b96d282d2e03866bd6581b5e5e541c74f0b92b932b234ac117342f156b4b23fc6dcbc92ada00ce404f54443b6e7fdac9acb79e5258a865ced633ff5356d13a3e9923bcd8e6d177c9fb8618f9393798d90d70c78207e40f95bb2b0a9308f29f4331bbdfc1021dface5a740473b462c47286fee1c9d0036c78134e108b5b218d3022fd277e1cdf0cdf8cd4b37d74c8dd47e00e50fcf8d336978a0e7624f94b8fdcd1c9459201231f343c7cb602083aa5e1aea8974a9e22d77cb94cae6c89e239bacfe656d9b0948de480ce2ba3b4dbcb180089d5eb0f8f481e02f7d4628e9134b6e52881572a398e4edd6f01f90983826d721dddc7d4ba3f293288ba54f696fa25cc2f8721c3e380dd04bf05801f90019498601fcbcea6aa6a2d7983e6823f480185ef9c3b4ed19c4f94c108067c89d69bc4e0da0112280ecd0caff8a454fb3e6655dc6a35cdd053aef882e403458754f5e84bd2210f18a61106af8c5a2c18dc48ff87cfda6d545014009a167570f0550e5121d0bdf4b20a1177b708e5515ee33db3baf29633440999ddd36eb0299a1efcd8934ab60c1a88d9db6fa0d2b3f0bf12e87630e0dc5eddca8f291ad85141391e6f9fe56ee4ddb39a1ac7a573cb69ec14f012ea0b721df3ea40747d1130a61802e859519ae1bc5a3673105fa87485f88b8981a3a208a3576848c2df152a023f5e573c867b43b10247336b110956eb28e5288d7aa19219e8324857cdf6d17530385720afd5a1ffd23aa1bd061b73caafa05afdd1441040989d081814635347f1d55669b1c38be4698e3a085e2010e35d2747b4e39ef4920f58d6b4585d737c13221a44ad5543099bb0ab228722ef9cbc", 0x4a8) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) 0s ago: executing program 0 (id=170): r0 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/mtd0\x00', 0x0, 0x0) ioctl$auto_MEMERASE64(r0, 0x40104d14, &(0x7f0000001cc0)={0x81, 0x8005}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.163' (ED25519) to the list of known hosts. syzkaller login: [ 75.494992][ T5615] cgroup: Unknown subsys name 'net' [ 75.627674][ T5615] cgroup: Unknown subsys name 'cpuset' [ 75.636698][ T5615] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 77.057003][ T5615] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 78.835763][ T5627] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 78.845716][ T5627] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 78.853554][ T5627] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 78.863612][ T5627] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 78.871347][ T5627] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 78.930044][ T50] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 78.939190][ T50] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 78.950032][ T5638] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 78.968067][ T5636] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 78.976699][ T5638] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 78.988279][ T5636] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 78.991051][ T5639] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 78.997021][ T5636] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 79.011369][ T5639] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 79.015204][ T5636] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 79.028032][ T5636] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 79.036262][ T50] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 79.044943][ T5636] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 79.046038][ T50] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 79.062129][ T5627] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 80.489688][ T5629] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.496949][ T5629] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.504369][ T5629] bridge_slave_0: entered allmulticast mode [ 80.511483][ T5629] bridge_slave_0: entered promiscuous mode [ 80.543275][ T5632] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.550610][ T5632] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.557818][ T5632] bridge_slave_0: entered allmulticast mode [ 80.564827][ T5632] bridge_slave_0: entered promiscuous mode [ 80.572887][ T5629] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.580174][ T5629] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.587389][ T5629] bridge_slave_1: entered allmulticast mode [ 80.594647][ T5629] bridge_slave_1: entered promiscuous mode [ 80.628030][ T5632] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.635246][ T5632] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.642384][ T5632] bridge_slave_1: entered allmulticast mode [ 80.649572][ T5632] bridge_slave_1: entered promiscuous mode [ 80.674374][ T5626] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.681557][ T5626] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.689078][ T5626] bridge_slave_0: entered allmulticast mode [ 80.696329][ T5626] bridge_slave_0: entered promiscuous mode [ 80.727844][ T5626] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.735032][ T5626] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.742142][ T5626] bridge_slave_1: entered allmulticast mode [ 80.749266][ T5626] bridge_slave_1: entered promiscuous mode [ 80.767741][ T5629] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.800023][ T5632] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.811963][ T5629] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.851123][ T5632] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.881610][ T5626] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.902088][ T5629] team0: Port device team_slave_0 added [ 80.907927][ T5630] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.915628][ T5630] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.922846][ T5630] bridge_slave_0: entered allmulticast mode [ 80.930147][ T5630] bridge_slave_0: entered promiscuous mode [ 80.939348][ T5626] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.949106][ T5639] Bluetooth: hci0: command tx timeout [ 80.966344][ T5629] team0: Port device team_slave_1 added [ 80.972241][ T5630] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.979705][ T5630] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.986895][ T5630] bridge_slave_1: entered allmulticast mode [ 80.993792][ T5630] bridge_slave_1: entered promiscuous mode [ 81.011614][ T5632] team0: Port device team_slave_0 added [ 81.048485][ T5632] team0: Port device team_slave_1 added [ 81.073302][ T5626] team0: Port device team_slave_0 added [ 81.089913][ T5629] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.097021][ T5629] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 81.123741][ T5639] Bluetooth: hci1: command tx timeout [ 81.123897][ T50] Bluetooth: hci3: command tx timeout [ 81.129783][ T4947] Bluetooth: hci2: command tx timeout [ 81.135411][ T5629] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.156216][ T5630] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.167311][ T5626] team0: Port device team_slave_1 added [ 81.188472][ T5629] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.195655][ T5629] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 81.222029][ T5629] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.235214][ T5630] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.254939][ T5632] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.262100][ T5632] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 81.288545][ T5632] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.301000][ T5632] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.308035][ T5632] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 81.334190][ T5632] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.394553][ T5626] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.401624][ T5626] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 81.427669][ T5626] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.460583][ T5630] team0: Port device team_slave_0 added [ 81.466885][ T5626] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.473915][ T5626] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 81.500104][ T5626] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.527356][ T5629] hsr_slave_0: entered promiscuous mode [ 81.533931][ T5629] hsr_slave_1: entered promiscuous mode [ 81.542441][ T5630] team0: Port device team_slave_1 added [ 81.590301][ T5630] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.597445][ T5630] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 81.623441][ T5630] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.655073][ T5632] hsr_slave_0: entered promiscuous mode [ 81.661299][ T5632] hsr_slave_1: entered promiscuous mode [ 81.667581][ T5632] debugfs: 'hsr0' already exists in 'hsr' [ 81.673363][ T5632] Cannot create hsr debugfs directory [ 81.689637][ T5630] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.696845][ T5630] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 81.723122][ T5630] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.790884][ T5626] hsr_slave_0: entered promiscuous mode [ 81.797348][ T5626] hsr_slave_1: entered promiscuous mode [ 81.803354][ T5626] debugfs: 'hsr0' already exists in 'hsr' [ 81.809294][ T5626] Cannot create hsr debugfs directory [ 81.904983][ T5630] hsr_slave_0: entered promiscuous mode [ 81.911603][ T5630] hsr_slave_1: entered promiscuous mode [ 81.918198][ T5630] debugfs: 'hsr0' already exists in 'hsr' [ 81.923935][ T5630] Cannot create hsr debugfs directory [ 82.277804][ T5629] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 82.291441][ T5629] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 82.299532][ T5629] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 82.312631][ T5629] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 82.321454][ T5629] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 82.332208][ T5629] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 82.352171][ T5629] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 82.362021][ T5629] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 82.423843][ T5632] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 82.436854][ T5632] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 82.445096][ T5632] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 82.455520][ T5632] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 82.470398][ T5632] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 82.480328][ T5632] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 82.502584][ T5632] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 82.513602][ T5632] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 82.589181][ T5626] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 82.600066][ T5626] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 82.608920][ T5626] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 82.619842][ T5626] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 82.629768][ T5626] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 82.640304][ T5626] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 82.673727][ T5626] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 82.685867][ T5626] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 82.764818][ T5630] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 82.776333][ T5630] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 82.785439][ T5630] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 82.795506][ T5630] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 82.803370][ T5630] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 82.813933][ T5630] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 82.830142][ T5630] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 82.839356][ T5630] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 82.898104][ T5629] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.956007][ T5629] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.994438][ T510] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.002132][ T510] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.024189][ T5639] Bluetooth: hci0: command tx timeout [ 83.026925][ T510] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.036850][ T510] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.071566][ T5626] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.111764][ T5632] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.125852][ T5626] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.168071][ T1030] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.175210][ T1030] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.186737][ T5639] Bluetooth: hci1: command tx timeout [ 83.186764][ T4947] Bluetooth: hci2: command tx timeout [ 83.192662][ T50] Bluetooth: hci3: command tx timeout [ 83.221044][ T5632] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.240377][ T510] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.247500][ T510] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.260617][ T5630] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.289434][ T1030] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.296645][ T1030] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.328928][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.336140][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.383075][ T5630] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.431140][ T510] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.438366][ T510] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.491323][ T1030] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.498515][ T1030] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.096141][ T5629] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.241362][ T5629] veth0_vlan: entered promiscuous mode [ 84.286142][ T5629] veth1_vlan: entered promiscuous mode [ 84.398345][ T5629] veth0_macvtap: entered promiscuous mode [ 84.430191][ T5629] veth1_macvtap: entered promiscuous mode [ 84.492152][ T5629] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.540196][ T5629] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.553239][ T5626] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.601774][ T111] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.621975][ T111] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.631938][ T111] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.644680][ T5632] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.658343][ T111] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.691060][ T5630] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.785227][ T5626] veth0_vlan: entered promiscuous mode [ 84.834004][ T1168] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.846223][ T1168] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.852901][ T5626] veth1_vlan: entered promiscuous mode [ 84.918124][ T1168] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.920722][ T5632] veth0_vlan: entered promiscuous mode [ 84.926407][ T1168] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.950258][ T5630] veth0_vlan: entered promiscuous mode [ 84.985350][ T5630] veth1_vlan: entered promiscuous mode [ 84.998903][ T5632] veth1_vlan: entered promiscuous mode [ 85.026233][ T5629] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 85.052196][ T5626] veth0_macvtap: entered promiscuous mode [ 85.067249][ T5626] veth1_macvtap: entered promiscuous mode [ 85.105139][ T50] Bluetooth: hci0: command tx timeout [ 85.161395][ T5630] veth0_macvtap: entered promiscuous mode [ 85.177030][ T5632] veth0_macvtap: entered promiscuous mode [ 85.190815][ T5626] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.203155][ T5630] veth1_macvtap: entered promiscuous mode [ 85.224760][ T5626] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.233049][ T5632] veth1_macvtap: entered promiscuous mode [ 85.266457][ T50] Bluetooth: hci3: command tx timeout [ 85.269055][ T5639] Bluetooth: hci1: command tx timeout [ 85.272072][ T50] Bluetooth: hci2: command tx timeout [ 85.316082][ T1168] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.330646][ T1168] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.353616][ T1168] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.363683][ T1168] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.382776][ T5630] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.401356][ T5630] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.448893][ T5632] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.483548][ T510] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.518365][ T510] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.534005][ T510] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.545595][ T5632] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.559241][ T510] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.575840][ T5782] random: crng reseeded on system resumption [ 85.608112][ T111] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.618045][ T111] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.640898][ T111] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.649889][ T111] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.666672][ T111] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.676263][ T111] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.765916][ T111] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.773794][ T111] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.839001][ T510] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.851549][ T510] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.920466][ T1168] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.945149][ T1168] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.956465][ T5789] FAULT_INJECTION: forcing a failure. [ 85.956465][ T5789] name failslab, interval 1, probability 0, space 0, times 1 [ 85.970492][ T5789] CPU: 0 UID: 0 PID: 5789 Comm: syz.0.1 Not tainted syzkaller #0 PREEMPT(full) [ 85.970528][ T5789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 85.970551][ T5789] Call Trace: [ 85.970561][ T5789] [ 85.970573][ T5789] dump_stack_lvl+0x100/0x190 [ 85.970613][ T5789] should_fail_ex.cold+0x5/0xa [ 85.970653][ T5789] ? __seq_open_private+0x22/0xd0 [ 85.970680][ T5789] should_failslab+0xc2/0x120 [ 85.970713][ T5789] __kmalloc_noprof+0xe0/0x850 [ 85.970753][ T5789] ? apparmor_file_open+0x1a6/0xb70 [ 85.970801][ T5789] __seq_open_private+0x22/0xd0 [ 85.970831][ T5789] sysvipc_proc_open+0x2b/0x5b0 [ 85.970868][ T5789] ? __pfx_sysvipc_proc_open+0x10/0x10 [ 85.970899][ T5789] proc_reg_open+0x137/0x5f0 [ 85.970933][ T5789] do_dentry_open+0x6d8/0x1660 [ 85.970966][ T5789] ? __pfx_proc_reg_open+0x10/0x10 [ 85.971006][ T5789] vfs_open+0x82/0x3f0 [ 85.971050][ T5789] path_openat+0x208c/0x31a0 [ 85.971094][ T5789] ? __pfx_path_openat+0x10/0x10 [ 85.971138][ T5789] do_file_open+0x20e/0x430 [ 85.971174][ T5789] ? __pfx_do_file_open+0x10/0x10 [ 85.971234][ T5789] ? alloc_fd+0x476/0x790 [ 85.971268][ T5789] ? do_getname+0x191/0x390 [ 85.971308][ T5789] do_sys_openat2+0x10d/0x1e0 [ 85.971350][ T5789] ? __pfx_do_sys_openat2+0x10/0x10 [ 85.971394][ T5789] ? __fget_files+0x21f/0x3d0 [ 85.971433][ T5789] __x64_sys_openat+0x12d/0x210 [ 85.971476][ T5789] ? __pfx___x64_sys_openat+0x10/0x10 [ 85.971526][ T5789] ? rcu_is_watching+0x12/0xc0 [ 85.971565][ T5789] do_syscall_64+0x10b/0xf80 [ 85.971600][ T5789] ? clear_bhb_loop+0x40/0x90 [ 85.971637][ T5789] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.971666][ T5789] RIP: 0033:0x7f025319cdd9 [ 85.971688][ T5789] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 85.971715][ T5789] RSP: 002b:00007f0254113028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 85.971749][ T5789] RAX: ffffffffffffffda RBX: 00007f0253415fa0 RCX: 00007f025319cdd9 [ 85.971768][ T5789] RDX: 0000000000088882 RSI: 0000200000000300 RDI: ffffffffffffff9c [ 85.971786][ T5789] RBP: 00007f0253232d69 R08: 0000000000000000 R09: 0000000000000000 [ 85.971803][ T5789] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.971820][ T5789] R13: 00007f0253416038 R14: 00007f0253415fa0 R15: 00007ffd6447fbd8 [ 85.971862][ T5789] [ 86.071096][ T510] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.219740][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.226191][ T510] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.246278][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.283751][ T875] cfg80211: failed to load regulatory.db [ 86.328523][ T5792] Zero length message leads to an empty skb [ 86.669262][ T5814] mmap: syz.3.4 (5814) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 87.184247][ T50] Bluetooth: hci0: command tx timeout [ 87.345174][ T50] Bluetooth: hci1: command tx timeout [ 87.345204][ T4947] Bluetooth: hci2: command tx timeout [ 87.357499][ T5639] Bluetooth: hci3: command tx timeout [ 87.980107][ T5844] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 88.048170][ T5836] futex_wake_op: syz.2.10 tries to shift op by -2048; fix this program [ 88.080656][ T5836] 0x000000000001-0x000000020000 : "" [ 88.128711][ T5836] ftl_cs: FTL header corrupt! [ 89.388079][ T5866] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 90.463370][ T5876] kvm: kvm [5875]: vcpu2, guest rIP: 0xfff0 Unhandled RDMSR(0x40000025) [ 93.163288][ T5922] smpboot: CPU 1 is now offline [ 93.619783][ T5910] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 94.511632][ T5943] netlink: 8 bytes leftover after parsing attributes in process `syz.2.29'. [ 94.816609][ T5948] netlink: 146 bytes leftover after parsing attributes in process `syz.0.30'. [ 97.738452][ T5985] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input5 [ 97.813918][ T5984] netlink: 334 bytes leftover after parsing attributes in process `syz.0.35'. [ 98.756909][ T6010] Format for adding new device is "id port_count num_queues" (uint uint uint). [ 99.060883][ T6029] vivid-007: ================= START STATUS ================= [ 99.161477][ T6029] vivid-007: Generate PTS: true [ 99.190177][ T6029] vivid-007: Generate SCR: true [ 99.221246][ T6029] tpg source WxH: 320x240 (Y'CbCr) [ 99.243243][ T6029] tpg field: 1 [ 99.258149][ T6029] tpg crop: (0,0)/320x240 [ 99.292070][ T6029] tpg compose: (0,0)/320x240 [ 99.322610][ T6029] tpg colorspace: 8 [ 99.335306][ T6029] tpg transfer function: 0/0 [ 99.352570][ T6029] tpg Y'CbCr encoding: 0/0 [ 99.366711][ T6029] tpg quantization: 0/0 [ 99.379985][ T6029] tpg RGB range: 0/2 [ 99.401039][ T6029] vivid-007: ================== END STATUS ================== [ 101.341243][ T6072] FAULT_INJECTION: forcing a failure. [ 101.341243][ T6072] name fail_futex, interval 1, probability 0, space 0, times 1 [ 101.489212][ T6072] CPU: 0 UID: 0 PID: 6072 Comm: syz.3.52 Not tainted syzkaller #0 PREEMPT(full) [ 101.489234][ T6072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 101.489244][ T6072] Call Trace: [ 101.489249][ T6072] [ 101.489255][ T6072] dump_stack_lvl+0x100/0x190 [ 101.489277][ T6072] should_fail_ex.cold+0x5/0xa [ 101.489297][ T6072] get_futex_key+0x1d2/0x1510 [ 101.489315][ T6072] ? __pfx_get_futex_key+0x10/0x10 [ 101.489331][ T6072] ? _raw_write_unlock+0x28/0x50 [ 101.489348][ T6072] ? keyring_instantiate+0x101/0x300 [ 101.489370][ T6072] futex_wake+0xea/0x530 [ 101.489392][ T6072] ? __pfx_futex_wake+0x10/0x10 [ 101.489415][ T6072] ? keyring_free_preparse+0x9/0x10 [ 101.489431][ T6072] ? key_instantiate_and_link+0x39d/0x4b0 [ 101.489448][ T6072] ? key_alloc+0xbb4/0x1310 [ 101.489466][ T6072] do_futex+0x32b/0x350 [ 101.489482][ T6072] ? __pfx_do_futex+0x10/0x10 [ 101.489502][ T6072] __x64_sys_futex+0x34f/0x4d0 [ 101.489520][ T6072] ? __pfx___x64_sys_futex+0x10/0x10 [ 101.489539][ T6072] ? rcu_is_watching+0x12/0xc0 [ 101.489560][ T6072] do_syscall_64+0x10b/0xf80 [ 101.489578][ T6072] ? clear_bhb_loop+0x40/0x90 [ 101.489596][ T6072] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 101.489611][ T6072] RIP: 0033:0x7f8907f9cdd9 [ 101.489624][ T6072] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 101.489637][ T6072] RSP: 002b:00007f8908da50e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 101.489652][ T6072] RAX: ffffffffffffffda RBX: 00007f8908216098 RCX: 00007f8907f9cdd9 [ 101.489662][ T6072] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f890821609c [ 101.489671][ T6072] RBP: 00007f8908216090 R08: 0000000000000001 R09: 0000000000000000 [ 101.489679][ T6072] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 101.489688][ T6072] R13: 00007f8908216128 R14: 00007ffc0850fa10 R15: 00007ffc0850faf8 [ 101.489706][ T6072] [ 101.698444][ T6065] syz.1.50 (6065) used greatest stack depth: 19720 bytes left [ 102.578488][ T6094] i2c i2c-0: delete_device: Can't find device in list [ 103.241854][ T6117] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 103.261331][ T6119] FAULT_INJECTION: forcing a failure. [ 103.261331][ T6119] name failslab, interval 1, probability 0, space 0, times 0 [ 103.301474][ T6119] CPU: 0 UID: 0 PID: 6119 Comm: Not tainted syzkaller #0 PREEMPT(full) [ 103.301497][ T6119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 103.301506][ T6119] Call Trace: [ 103.301511][ T6119] [ 103.301518][ T6119] dump_stack_lvl+0x100/0x190 [ 103.301540][ T6119] should_fail_ex.cold+0x5/0xa [ 103.301559][ T6119] should_failslab+0xc2/0x120 [ 103.301577][ T6119] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 103.301600][ T6119] ? proc_alloc_inode+0x25/0x200 [ 103.301616][ T6119] ? d_alloc_parallel+0x864/0x14e0 [ 103.301632][ T6119] ? __pfx_proc_alloc_inode+0x10/0x10 [ 103.301649][ T6119] proc_alloc_inode+0x25/0x200 [ 103.301665][ T6119] alloc_inode+0x68/0x250 [ 103.301687][ T6119] new_inode+0x22/0x1c0 [ 103.301710][ T6119] proc_get_inode+0x1d/0x780 [ 103.301728][ T6119] proc_lookup_de+0x236/0x360 [ 103.301749][ T6119] proc_tgid_net_lookup+0x61/0x90 [ 103.301770][ T6119] lookup_open.isra.0+0x631/0x11b0 [ 103.301790][ T6119] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 103.301819][ T6119] ? lookup_fast+0x2da/0x600 [ 103.301836][ T6119] path_openat+0xa98/0x31a0 [ 103.301861][ T6119] ? __pfx_path_openat+0x10/0x10 [ 103.301885][ T6119] do_file_open+0x20e/0x430 [ 103.301905][ T6119] ? __pfx_do_file_open+0x10/0x10 [ 103.301929][ T6119] ? __pfx_kfree_link+0x10/0x10 [ 103.301949][ T6119] ? alloc_fd+0x476/0x790 [ 103.301968][ T6119] ? do_getname+0x191/0x390 [ 103.301991][ T6119] do_sys_openat2+0x10d/0x1e0 [ 103.302013][ T6119] ? __pfx_do_sys_openat2+0x10/0x10 [ 103.302041][ T6119] __x64_sys_openat+0x12d/0x210 [ 103.302064][ T6119] ? __pfx___x64_sys_openat+0x10/0x10 [ 103.302089][ T6119] ? rcu_is_watching+0x12/0xc0 [ 103.302109][ T6119] do_syscall_64+0x10b/0xf80 [ 103.302143][ T6119] ? clear_bhb_loop+0x40/0x90 [ 103.302162][ T6119] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.302177][ T6119] RIP: 0033:0x7f6cbb79cdd9 [ 103.302191][ T6119] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 103.302205][ T6119] RSP: 002b:00007f6cbc716028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 103.302220][ T6119] RAX: ffffffffffffffda RBX: 00007f6cbba15fa0 RCX: 00007f6cbb79cdd9 [ 103.302231][ T6119] RDX: 0000000000000000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 103.302240][ T6119] RBP: 00007f6cbb832d69 R08: 0000000000000000 R09: 0000000000000000 [ 103.302249][ T6119] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 103.302258][ T6119] R13: 00007f6cbba16038 R14: 00007f6cbba15fa0 R15: 00007ffdc0e57018 [ 103.302284][ T6119] [ 105.021630][ T6149] random: crng reseeded on system resumption [ 105.502129][ T6162] FAULT_INJECTION: forcing a failure. [ 105.502129][ T6162] name failslab, interval 1, probability 0, space 0, times 0 [ 105.582384][ T6162] CPU: 0 UID: 0 PID: 6162 Comm: syz.2.73 Not tainted syzkaller #0 PREEMPT(full) [ 105.582407][ T6162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 105.582416][ T6162] Call Trace: [ 105.582422][ T6162] [ 105.582429][ T6162] dump_stack_lvl+0x100/0x190 [ 105.582453][ T6162] should_fail_ex.cold+0x5/0xa [ 105.582474][ T6162] should_failslab+0xc2/0x120 [ 105.582492][ T6162] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 105.582516][ T6162] ? __d_alloc+0x34/0xa40 [ 105.582539][ T6162] __d_alloc+0x34/0xa40 [ 105.582560][ T6162] d_alloc+0x4a/0x1e0 [ 105.582580][ T6162] lookup_one_qstr_excl+0x171/0x250 [ 105.582604][ T6162] start_dirop+0x59/0xb0 [ 105.582621][ T6162] simple_start_creating+0xf9/0x110 [ 105.582639][ T6162] ? __pfx_simple_start_creating+0x10/0x10 [ 105.582656][ T6162] ? mntput+0x70/0xa0 [ 105.582671][ T6162] ? simple_pin_fs+0xa3/0x190 [ 105.582687][ T6162] debugfs_start_creating.part.0+0x82/0x170 [ 105.582710][ T6162] __debugfs_create_file+0xb3/0x4f0 [ 105.582734][ T6162] debugfs_create_file_full+0x41/0x60 [ 105.582764][ T6162] kvm_dev_ioctl+0x16c8/0x1a50 [ 105.582793][ T6162] ? __pfx_kvm_dev_ioctl+0x10/0x10 [ 105.582820][ T6162] ? __pfx_kvm_dev_ioctl+0x10/0x10 [ 105.582842][ T6162] __x64_sys_ioctl+0x18e/0x210 [ 105.582859][ T6162] do_syscall_64+0x10b/0xf80 [ 105.582877][ T6162] ? clear_bhb_loop+0x40/0x90 [ 105.582896][ T6162] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.582911][ T6162] RIP: 0033:0x7f50aed9cdd9 [ 105.582924][ T6162] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 105.582938][ T6162] RSP: 002b:00007f50afbb5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 105.582952][ T6162] RAX: ffffffffffffffda RBX: 00007f50af016090 RCX: 00007f50aed9cdd9 [ 105.582962][ T6162] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000002 [ 105.582971][ T6162] RBP: 00007f50aee32d69 R08: 0000000000000000 R09: 0000000000000000 [ 105.582979][ T6162] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 105.582987][ T6162] R13: 00007f50af016128 R14: 00007f50af016090 R15: 00007fff1358da88 [ 105.583007][ T6162] [ 106.417202][ T6171] netlink: 'syz.3.75': attribute type 2 has an invalid length. syzkaller syzkaller login: [ 106.815716][ T6176] netlink: 334 bytes leftover after parsing attributes in process `syz.3.76'. [ 110.528214][ T6239] program syz.1.89 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 110.899640][ T6250] smc: net device dummy0 applied user defined pnetid DUMMY0 [ 111.011114][ T5639] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 111.117423][ T6250] futex_wake_op: syz.0.92 tries to shift op by -2048; fix this program [ 111.292846][ T6250] futex_wake_op: syz.0.92 tries to shift op by -2048; fix this program [ 111.877591][ T6266] netlink: 12 bytes leftover after parsing attributes in process `syz.1.93'. [ 113.013810][ T6278] netlink: 334 bytes leftover after parsing attributes in process `syz.3.97'. [ 114.211495][ T6300] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1667198830 (53350362560 ns) > initial count (17247241216 ns). Using initial count to start timer. [ 114.331840][ T6304] FAULT_INJECTION: forcing a failure. [ 114.331840][ T6304] name failslab, interval 1, probability 0, space 0, times 0 [ 114.417733][ T6304] CPU: 0 UID: 0 PID: 6304 Comm: syz.2.104 Not tainted syzkaller #0 PREEMPT(full) [ 114.417755][ T6304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 114.417764][ T6304] Call Trace: [ 114.417770][ T6304] [ 114.417776][ T6304] dump_stack_lvl+0x100/0x190 [ 114.417818][ T6304] should_fail_ex.cold+0x5/0xa [ 114.417839][ T6304] should_failslab+0xc2/0x120 [ 114.417856][ T6304] __kmalloc_cache_noprof+0x7a/0x6f0 [ 114.417878][ T6304] ? trace_pid_list_alloc+0x2fe/0x480 [ 114.417902][ T6304] trace_pid_list_alloc+0x2fe/0x480 [ 114.417924][ T6304] trace_pid_write+0x110/0x460 [ 114.417945][ T6304] ? __pfx_trace_pid_write+0x10/0x10 [ 114.417977][ T6304] event_pid_write.isra.0+0x1e4/0x7d0 [ 114.418001][ T6304] ? __pfx_event_pid_write.isra.0+0x10/0x10 [ 114.418028][ T6304] vfs_write+0x2aa/0x1070 [ 114.418046][ T6304] ? __pfx_ftrace_event_npid_write+0x10/0x10 [ 114.418069][ T6304] ? __pfx_vfs_write+0x10/0x10 [ 114.418085][ T6304] ? __fget_files+0x215/0x3d0 [ 114.418106][ T6304] ? __fget_files+0x21f/0x3d0 [ 114.418128][ T6304] ksys_write+0x12a/0x250 [ 114.418144][ T6304] ? __pfx_ksys_write+0x10/0x10 [ 114.418163][ T6304] ? rcu_is_watching+0x12/0xc0 [ 114.418186][ T6304] do_syscall_64+0x10b/0xf80 [ 114.418205][ T6304] ? clear_bhb_loop+0x40/0x90 [ 114.418222][ T6304] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.418238][ T6304] RIP: 0033:0x7f50aed9cdd9 [ 114.418254][ T6304] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 114.418272][ T6304] RSP: 002b:00007f50afbd6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 114.418287][ T6304] RAX: ffffffffffffffda RBX: 00007f50af015fa0 RCX: 00007f50aed9cdd9 [ 114.418297][ T6304] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003 [ 114.418305][ T6304] RBP: 00007f50aee32d69 R08: 0000000000000000 R09: 0000000000000000 [ 114.418315][ T6304] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 114.418323][ T6304] R13: 00007f50af016038 R14: 00007f50af015fa0 R15: 00007fff1358da88 [ 114.418344][ T6304] [ 115.880706][ T6338] random: crng reseeded on system resumption [ 116.352225][ T6351] netlink: 334 bytes leftover after parsing attributes in process `syz.0.114'. [ 116.664183][ T29] audit: type=1804 audit(2147483668.740:2): pid=6358 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.116" name="/newroot/26/file0" dev="tmpfs" ino=154 res=1 errno=0 [ 117.124865][ T6364] netlink: 334 bytes leftover after parsing attributes in process `syz.0.117'. [ 117.252542][ T6375] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 117.587065][ T6384] zram0: detected capacity change from 0 to 16 [ 117.675193][ T6386] FAULT_INJECTION: forcing a failure. [ 117.675193][ T6386] name failslab, interval 1, probability 0, space 0, times 0 [ 117.752715][ T6386] CPU: 0 UID: 0 PID: 6386 Comm: syz.3.121 Not tainted syzkaller #0 PREEMPT(full) [ 117.752738][ T6386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 117.752747][ T6386] Call Trace: [ 117.752753][ T6386] [ 117.752759][ T6386] dump_stack_lvl+0x100/0x190 [ 117.752780][ T6386] should_fail_ex.cold+0x5/0xa [ 117.752801][ T6386] should_failslab+0xc2/0x120 [ 117.752818][ T6386] __kmalloc_cache_noprof+0x7a/0x6f0 [ 117.752840][ T6386] ? trace_pid_list_alloc+0x2fe/0x480 [ 117.752864][ T6386] trace_pid_list_alloc+0x2fe/0x480 [ 117.752886][ T6386] trace_pid_write+0x110/0x460 [ 117.752907][ T6386] ? __pfx_trace_pid_write+0x10/0x10 [ 117.752939][ T6386] event_pid_write.isra.0+0x1e4/0x7d0 [ 117.752963][ T6386] ? __pfx_event_pid_write.isra.0+0x10/0x10 [ 117.752990][ T6386] vfs_write+0x2aa/0x1070 [ 117.753008][ T6386] ? __pfx_ftrace_event_npid_write+0x10/0x10 [ 117.753031][ T6386] ? __pfx_vfs_write+0x10/0x10 [ 117.753047][ T6386] ? __fget_files+0x215/0x3d0 [ 117.753068][ T6386] ? __fget_files+0x21f/0x3d0 [ 117.753090][ T6386] ksys_write+0x12a/0x250 [ 117.753106][ T6386] ? __pfx_ksys_write+0x10/0x10 [ 117.753124][ T6386] ? rcu_is_watching+0x12/0xc0 [ 117.753144][ T6386] do_syscall_64+0x10b/0xf80 [ 117.753162][ T6386] ? clear_bhb_loop+0x40/0x90 [ 117.753181][ T6386] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.753196][ T6386] RIP: 0033:0x7f8907f9cdd9 [ 117.753210][ T6386] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 117.753224][ T6386] RSP: 002b:00007f8908dc6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 117.753243][ T6386] RAX: ffffffffffffffda RBX: 00007f8908215fa0 RCX: 00007f8907f9cdd9 [ 117.753252][ T6386] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003 [ 117.753261][ T6386] RBP: 00007f8908032d69 R08: 0000000000000000 R09: 0000000000000000 [ 117.753270][ T6386] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 117.753279][ T6386] R13: 00007f8908216038 R14: 00007f8908215fa0 R15: 00007ffc0850faf8 [ 117.753299][ T6386] [ 119.227933][ T6403] netlink: 'syz.0.125': attribute type 4 has an invalid length. [ 119.244848][ T6405] program syz.3.124 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 119.264210][ T6403] netlink: 314 bytes leftover after parsing attributes in process `syz.0.125'. [ 119.738568][ T6414] ======================================================= [ 119.738568][ T6414] WARNING: The mand mount option has been deprecated and [ 119.738568][ T6414] and is ignored by this kernel. Remove the mand [ 119.738568][ T6414] option from the mount to silence this warning. [ 119.738568][ T6414] ======================================================= [ 120.146284][ T6420] netlink: 334 bytes leftover after parsing attributes in process `syz.0.129'. [ 120.530176][ T6433] netlink: 4 bytes leftover after parsing attributes in process `syz.3.131'. [ 121.348479][ C0] sd 0:0:1:0: [sda] tag#3628 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 121.358986][ C0] sd 0:0:1:0: [sda] tag#3628 CDB: Write(6) 0a 00 00 00 0b 00 00 00 f2 ff ff ff [ 121.386986][ T6448] netlink: 4 bytes leftover after parsing attributes in process `syz.2.133'. [ 124.871677][ T6542] futex_wake_op: syz.2.149 tries to shift op by -2048; fix this program [ 127.713646][ T6597] Console: switching to colour VGA+ 80x25 [ 128.031789][ T6609] ================================================================== [ 128.031803][ T6609] BUG: KASAN: slab-out-of-bounds in fbcon_prepare_logo+0x94e/0xc60 [ 128.031828][ T6609] Read of size 26 at addr ffff88805f65edea by task syz.1.163/6609 [ 128.031842][ T6609] [ 128.031852][ T6609] CPU: 0 UID: 0 PID: 6609 Comm: syz.1.163 Tainted: G L syzkaller #0 PREEMPT(full) [ 128.031873][ T6609] Tainted: [L]=SOFTLOCKUP [ 128.031878][ T6609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 128.031888][ T6609] Call Trace: [ 128.031893][ T6609] [ 128.031899][ T6609] dump_stack_lvl+0x100/0x190 [ 128.031918][ T6609] print_report+0x13d/0x4b0 [ 128.031940][ T6609] ? __virt_addr_valid+0x239/0x430 [ 128.031964][ T6609] ? fbcon_prepare_logo+0x94e/0xc60 [ 128.031979][ T6609] kasan_report+0xdf/0x1d0 [ 128.031995][ T6609] ? fbcon_prepare_logo+0x94e/0xc60 [ 128.032012][ T6609] kasan_check_range+0x10f/0x1e0 [ 128.032031][ T6609] __asan_memcpy+0x23/0x60 [ 128.032052][ T6609] fbcon_prepare_logo+0x94e/0xc60 [ 128.032070][ T6609] fbcon_init+0x1065/0x1830 [ 128.032087][ T6609] visual_init+0x320/0x620 [ 128.032104][ T6609] do_bind_con_driver.isra.0+0x636/0x9c0 [ 128.032126][ T6609] store_bind+0x609/0x730 [ 128.032146][ T6609] ? __pfx_store_bind+0x10/0x10 [ 128.032165][ T6609] dev_attr_store+0x58/0x80 [ 128.032183][ T6609] ? __pfx_dev_attr_store+0x10/0x10 [ 128.032200][ T6609] sysfs_kf_write+0xf2/0x150 [ 128.032224][ T6609] kernfs_fop_write_iter+0x3e0/0x5f0 [ 128.032243][ T6609] ? __pfx_sysfs_kf_write+0x10/0x10 [ 128.032266][ T6609] vfs_write+0x6ac/0x1070 [ 128.032282][ T6609] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 128.032303][ T6609] ? __pfx_vfs_write+0x10/0x10 [ 128.032323][ T6609] ksys_write+0x12a/0x250 [ 128.032339][ T6609] ? __pfx_ksys_write+0x10/0x10 [ 128.032363][ T6609] ? rcu_is_watching+0x12/0xc0 [ 128.032383][ T6609] do_syscall_64+0x10b/0xf80 [ 128.032402][ T6609] ? clear_bhb_loop+0x40/0x90 [ 128.032419][ T6609] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.032435][ T6609] RIP: 0033:0x7f6cbb79cdd9 [ 128.032447][ T6609] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 128.032462][ T6609] RSP: 002b:00007f6cbc6d4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 128.032477][ T6609] RAX: ffffffffffffffda RBX: 00007f6cbba16180 RCX: 00007f6cbb79cdd9 [ 128.032487][ T6609] RDX: 000000000008083a RSI: 00002000000000c0 RDI: 0000000000000002 [ 128.032497][ T6609] RBP: 00007f6cbb832d69 R08: 0000000000000000 R09: 0000000000000000 [ 128.032505][ T6609] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 128.032514][ T6609] R13: 00007f6cbba16218 R14: 00007f6cbba16180 R15: 00007ffdc0e57018 [ 128.032528][ T6609] [ 128.032533][ T6609] [ 128.032538][ T6609] Allocated by task 6603: [ 128.032550][ T6609] kasan_save_stack+0x30/0x50 [ 128.032565][ T6609] kasan_save_track+0x14/0x30 [ 128.032578][ T6609] __kasan_kmalloc+0xaa/0xb0 [ 128.032591][ T6609] __kmalloc_noprof+0x301/0x850 [ 128.032613][ T6609] __register_sysctl_table+0xbe4/0x1650 [ 128.032632][ T6609] rds_tcp_init_net+0x129/0x310 [ 128.032651][ T6609] ops_init+0x1e2/0x5f0 [ 128.032665][ T6609] setup_net+0x118/0x3a0 [ 128.032678][ T6609] copy_net_ns+0x46f/0x7c0 [ 128.032693][ T6609] create_new_namespaces+0x3ea/0xac0 [ 128.032710][ T6609] unshare_nsproxy_namespaces+0xf2/0x220 [ 128.032728][ T6609] ksys_unshare+0x438/0xab0 [ 128.032747][ T6609] __x64_sys_unshare+0x31/0x40 [ 128.032766][ T6609] do_syscall_64+0x10b/0xf80 [ 128.032783][ T6609] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.032796][ T6609] [ 128.032800][ T6609] The buggy address belongs to the object at ffff88805f65ed00 [ 128.032800][ T6609] which belongs to the cache kmalloc-192 of size 192 [ 128.032811][ T6609] The buggy address is located 46 bytes to the right of [ 128.032811][ T6609] allocated 188-byte region [ffff88805f65ed00, ffff88805f65edbc) [ 128.032826][ T6609] [ 128.032832][ T6609] The buggy address belongs to the physical page: [ 128.032839][ T6609] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5f65e [ 128.032856][ T6609] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 128.032873][ T6609] page_type: f5(slab) [ 128.032886][ T6609] raw: 00fff00000000000 ffff88813fe2e3c0 dead000000000100 dead000000000122 [ 128.032902][ T6609] raw: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000 [ 128.032911][ T6609] page dumped because: kasan: bad access detected [ 128.032921][ T6609] page_owner tracks the page as allocated [ 128.032926][ T6609] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd2cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 6275, tgid 6274 (syz.2.96), ts 113100981657, free_ts 113095866910 [ 128.032951][ T6609] post_alloc_hook+0x153/0x170 [ 128.032971][ T6609] get_page_from_freelist+0x11a6/0x33b0 [ 128.032993][ T6609] __alloc_frozen_pages_noprof+0x27c/0x2bc0 [ 128.033015][ T6609] new_slab+0xa6/0x6c0 [ 128.033032][ T6609] refill_objects+0x277/0x420 [ 128.033052][ T6609] __pcs_replace_empty_main+0x375/0x650 [ 128.033073][ T6609] __kmalloc_noprof+0x688/0x850 [ 128.033093][ T6609] __register_sysctl_table+0xbe4/0x1650 [ 128.033110][ T6609] mpls_dev_sysctl_register+0x185/0x2a0 [ 128.033128][ T6609] mpls_dev_notify+0x365/0x920 [ 128.033144][ T6609] notifier_call_chain+0x99/0x400 [ 128.033164][ T6609] call_netdevice_notifiers_info+0xbe/0x110 [ 128.033181][ T6609] register_netdevice+0x18fe/0x24b0 [ 128.033196][ T6609] __ip_tunnel_create+0x52b/0x670 [ 128.033213][ T6609] ip_tunnel_init_net+0x230/0x780 [ 128.033230][ T6609] ops_init+0x1e2/0x5f0 [ 128.033243][ T6609] page last free pid 12 tgid 12 stack trace: [ 128.033250][ T6609] __free_frozen_pages+0x747/0x1040 [ 128.033268][ T6609] vfree+0x15f/0x8d0 [ 128.033283][ T6609] htab_map_free+0x2ca/0xa80 [ 128.033301][ T6609] bpf_map_free_deferred+0x23e/0x810 [ 128.033322][ T6609] process_one_work+0xa0e/0x1980 [ 128.033335][ T6609] worker_thread+0x5ef/0xe50 [ 128.033347][ T6609] kthread+0x370/0x450 [ 128.033366][ T6609] ret_from_fork+0x72b/0xd50 [ 128.033380][ T6609] ret_from_fork_asm+0x1a/0x30 [ 128.033399][ T6609] [ 128.033403][ T6609] Memory state around the buggy address: [ 128.033410][ T6609] ffff88805f65ec80: 00 00 00 04 fc fc fc fc fc fc fc fc fc fc fc fc [ 128.033421][ T6609] ffff88805f65ed00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 128.033431][ T6609] >ffff88805f65ed80: 00 00 00 00 00 00 00 04 fc fc fc fc fc fc fc fc [ 128.033439][ T6609] ^ [ 128.033447][ T6609] ffff88805f65ee00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 128.033456][ T6609] ffff88805f65ee80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 128.033464][ T6609] ================================================================== [ 128.058014][ T6609] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 128.058033][ T6609] CPU: 0 UID: 0 PID: 6609 Comm: syz.1.163 Tainted: G L syzkaller #0 PREEMPT(full) [ 128.058055][ T6609] Tainted: [L]=SOFTLOCKUP [ 128.058061][ T6609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 128.058071][ T6609] Call Trace: [ 128.058076][ T6609] [ 128.058081][ T6609] dump_stack_lvl+0x100/0x190 [ 128.058102][ T6609] vpanic+0x552/0x970 [ 128.058116][ T6609] ? __pfx_vpanic+0x10/0x10 [ 128.058132][ T6609] ? fbcon_prepare_logo+0x94e/0xc60 [ 128.058148][ T6609] panic+0xd1/0xe0 [ 128.058162][ T6609] ? __pfx_panic+0x10/0x10 [ 128.058177][ T6609] ? fbcon_prepare_logo+0x94e/0xc60 [ 128.058192][ T6609] ? preempt_schedule_common+0x42/0xc0 [ 128.058211][ T6609] check_panic_on_warn.cold+0x19/0x34 [ 128.058230][ T6609] end_report.part.0+0x3a/0x90 [ 128.058251][ T6609] kasan_report.cold+0xe/0x18 [ 128.058272][ T6609] ? fbcon_prepare_logo+0x94e/0xc60 [ 128.058289][ T6609] kasan_check_range+0x10f/0x1e0 [ 128.058309][ T6609] __asan_memcpy+0x23/0x60 [ 128.058330][ T6609] fbcon_prepare_logo+0x94e/0xc60 [ 128.058356][ T6609] fbcon_init+0x1065/0x1830 [ 128.058374][ T6609] visual_init+0x320/0x620 [ 128.058393][ T6609] do_bind_con_driver.isra.0+0x636/0x9c0 [ 128.058416][ T6609] store_bind+0x609/0x730 [ 128.058436][ T6609] ? __pfx_store_bind+0x10/0x10 [ 128.058455][ T6609] dev_attr_store+0x58/0x80 [ 128.058472][ T6609] ? __pfx_dev_attr_store+0x10/0x10 [ 128.058489][ T6609] sysfs_kf_write+0xf2/0x150 [ 128.058512][ T6609] kernfs_fop_write_iter+0x3e0/0x5f0 [ 128.058532][ T6609] ? __pfx_sysfs_kf_write+0x10/0x10 [ 128.058555][ T6609] vfs_write+0x6ac/0x1070 [ 128.058571][ T6609] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 128.058592][ T6609] ? __pfx_vfs_write+0x10/0x10 [ 128.058612][ T6609] ksys_write+0x12a/0x250 [ 128.058628][ T6609] ? __pfx_ksys_write+0x10/0x10 [ 128.058645][ T6609] ? rcu_is_watching+0x12/0xc0 [ 128.058663][ T6609] do_syscall_64+0x10b/0xf80 [ 128.058681][ T6609] ? clear_bhb_loop+0x40/0x90 [ 128.058698][ T6609] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.058713][ T6609] RIP: 0033:0x7f6cbb79cdd9 [ 128.058726][ T6609] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 128.058740][ T6609] RSP: 002b:00007f6cbc6d4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 128.058755][ T6609] RAX: ffffffffffffffda RBX: 00007f6cbba16180 RCX: 00007f6cbb79cdd9 [ 128.058766][ T6609] RDX: 000000000008083a RSI: 00002000000000c0 RDI: 0000000000000002 [ 128.058776][ T6609] RBP: 00007f6cbb832d69 R08: 0000000000000000 R09: 0000000000000000 [ 128.058785][ T6609] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 128.058794][ T6609] R13: 00007f6cbba16218 R14: 00007f6cbba16180 R15: 00007ffdc0e57018 [ 128.058809][ T6609] [ 128.058874][ T6609] Kernel Offset: disabled