last executing test programs: 11.66473876s ago: executing program 1 (id=25): clone3$auto(0x0, 0xfffffffffffffffb) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x2, 0x801, 0x100) mmap$auto(0x0, 0xdb33, 0xe2, 0xeb1, 0x405, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x1ff, 0xdf, 0x200000810, 0xffffffffffffffff, 0x8000) madvise$auto(0x7, 0x200007, 0x6) madvise$auto(0x0, 0x2003f0, 0x15) write$auto(0x3, 0x0, 0x100082) io_uring_setup$auto(0x6, 0x0) madvise$auto(0x0, 0x200007, 0x19) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x29a02, 0x0) socket(0x23, 0x3, 0x3a) r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000001080)='/dev/v4l-touch5\x00', 0x2040, 0x0) read$auto_v4l2_fops_v4l2_dev(r0, &(0x7f00000010c0)=""/22, 0x16) r1 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, 0x0, 0x0, 0x0) read$auto_proc_single_file_operations_base(r1, 0x0, 0x0) sendmsg$auto_TIPC_NL_PUBL_GET(0xffffffffffffffff, 0x0, 0x40001) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r2 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r3 = mq_open$auto(&(0x7f0000000280)='\xdb\x007A\x00', 0x0, 0xf, 0x0) ppoll$auto(&(0x7f0000000000)={r3, 0x81, 0x9}, 0x9, &(0x7f0000000040)={0x1}, &(0x7f00000000c0), 0x8) mq_timedsend$auto(r3, 0x0, 0x2000, 0x2, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_GPARAMS(r3, 0x40485404, &(0x7f0000000100)={{0x5, 0xc, 0x7, 0x7, 0x6}, 0x6, 0x101, "c5a22f1570cdb0fe852d4cfaaf82a9c429d59c884998c526b0e78c6fd6e000"}) msync$auto(0x1ffff002, 0x180000000000000, 0x0) getsockopt$auto_SO_PASSCRED(r2, 0x40, 0x10, &(0x7f0000000000)='#!@\\$\x00', &(0x7f0000000040)=0x6) msgsnd$auto(0x0, &(0x7f0000000080)={0x1, 0x6}, 0x8, 0x7) mremap$auto(0x8000, 0x7, 0x1, 0x3, 0x20000000) 9.101002007s ago: executing program 1 (id=31): r0 = openat$auto_set_tracer_fops_trace(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/debug/tracing/current_tracer\x00', 0x1b43, 0x0) poll$auto(&(0x7f00000002c0)={r0, 0x8000, 0x3}, 0x4, 0xfff) r1 = openat$auto_generic(0xffffffffffffff9c, &(0x7f00000032c0)='/proc/kmsg\x00', 0x80002, 0x0) poll$auto(&(0x7f0000000040)={r1, 0x1000, 0x1c9}, 0x2, 0x7) unshare$auto(0x40000080) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) pread64$auto(r1, &(0x7f0000000040)='\x00\x00\x00\x88\xde\x90\a\'\x9bM\xa0\x848\xbbz(\xe9\x05<\x82\xfe\xe2\xf6 \x0f8\xfb\xa7\xb4\xa0\x9e\xcb\xec\x9e{W\xed>\xe7l\xcb\x90\\/\x84\x99!*\xe3\x99}x\xd4\xa5D\xfa\xe5\xf9od^\xa6', 0x7ff, 0x400) memfd_create$auto(&(0x7f0000000040)='A^^\x02\x00\xef\x97\x8aY\x00\x00\xd2\x8c\xb05\x03\\\xb2\xbf247{\xde\t8\f\x00\x00\v\x00\x82\xcc\"K\xe1IIT\x00'/54, 0x4) fallocate$auto(0x3, 0x8, 0x200000000000b, 0x9) r2 = open(&(0x7f0000000040)='./file0\x00', 0x4242, 0x40) flock$auto(r2, 0x2) flock$auto(r2, 0x2) sendmsg$auto_NL802154_CMD_DEL_SEC_DEV(r2, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00012bbd7000fddbdf251b00000005001200080000000500250009000000"], 0x24}, 0x1, 0x0, 0x0, 0x80}, 0xc011) sendmsg$auto_NLBL_CIPSOV4_C_LIST(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, 0x0, 0x100, 0x70bd28, 0x25dfdbfb, {}, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x3fc}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000810}, 0x24000000) r3 = openat$auto_evm_xattr_ops_evm_secfs(0xffffffffffffff9c, &(0x7f0000000180), 0x12b002, 0x0) write$auto(r3, 0x0, 0x1a) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r4 = socket(0x9, 0x5, 0x6) getsockopt$auto(r4, 0xff, 0xb, 0x0, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r5 = socket(0x29, 0x2, 0x0) setsockopt$auto(r5, 0x119, 0xfffffffe, 0x0, 0x8) close_range$auto(0x2, 0x8, 0x0) unshare$auto(0x40000080) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_EEE_GET(r6, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000300)=ANY=[@ANYBLOB="2c000000f34d98a32d58da4179a5df58e0382f6856c880da2de959f946dbfed28589d88ae133d90e48a33246c77158e9aa61b9fa775d7d6db910a32984ba6506272fcefd9028629182d363b7f4d781c850ab785bc871852ca8478570f4aa9846037ac7beffffc4f1b8662a62efead08b286c96817d01000000000000806f1d07724ea7d47669c70355044f29ee603e6af63c9a6918701f2bcf54e8c4d0608983022984177dcb", @ANYRES16=r7, @ANYBLOB="01002abd7000fddbdf25170000001800018014000200767863616e3100"/38], 0x2c}, 0x1, 0x0, 0x0, 0x804}, 0x400c850) open(0x0, 0x22240, 0x55) 7.894979441s ago: executing program 1 (id=34): r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC2\x00', 0x0, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x6) unshare$auto(0x40000080) ioctl$auto_USBDEVFS_IOCTL(0xffffffffffffffff, 0xc0105512, &(0x7f0000000240)={0x88, 0x9, 0x0}) unshare$auto(0x9) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) socket(0x29, 0x1, 0x2) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket(0x11, 0x3, 0x9) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x80102, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x5, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x8000000003, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0xfb, 0x2000c, 0x4000000000df, 0xeb1, r2, 0x8000) r3 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)) getdents$auto(r3, 0x0, 0xfff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/virtual/block/loop15/queue/discard_granularity\x00', 0x18380, 0x0) unshare$auto(0x40000080) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video17\x00', 0x80800, 0x0) select$auto(0x5, &(0x7f0000000080)={[0x400020000008, 0xfffffffffffffffc, 0xb, 0x6, 0x6c0, 0x3, 0x3, 0x1ffe000, 0x5, 0x2, 0x9, 0x4, 0xa657, 0x202, 0xd3, 0x1]}, 0x0, 0x0, 0x0) ioctl$auto_TCFLSH2(0xffffffffffffffff, 0x540b, &(0x7f0000000140)="181ecff6d65ff321d095a776216661fdba3cee5a776c2dfc4a45e730a9df0a45e9f3eae21340ffbd639751250ebb9c6b6c1ec022596c8542ba41316d9b143dea2cf13c3b3fcd2e2c947ad5394f56c581488fd092a87664f7842bcc00c51950b69ca2d9ead673cd822bc905e80ee4a85182ed8bc817a674bc4e44e9321c924b7a") close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x20009, 0xe326, 0x8000000000000eb1, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/debug/lru_gen\x00', 0x0, 0x0) 7.819595661s ago: executing program 3 (id=35): mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) io_uring_setup$auto(0x6, 0x0) r0 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) madvise$auto(0x0, 0x20499d, 0x9) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x15, 0x5, 0x0) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/psaux\x00', 0x2, 0x0) mmap$auto(0x0, 0x4020009, 0x7fffffff, 0xeb1, 0x401, 0x8000) write$auto(0x3, 0x0, 0xfdef) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) r1 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x23, 0x80805, 0x0) socket(0x1, 0x1, 0x1) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) getsockopt$auto(0x3, 0x200000000001, 0x1c, 0x0, 0x0) shmctl$auto_IPC_INFO(0x9, 0x3, &(0x7f0000000180)={{0x4, 0xee01, 0xffffffffffffffff, 0x1ff, 0x5, 0x7, 0xc72c}, 0x9, 0x8, 0xb551, 0xfb6, @inferred=0xffffffffffffffff, @inferred=0xffffffffffffffff, 0x800, 0x0, &(0x7f0000000000)="db590a08d67ededfd643b60072bf873532db6d5d5b499adbc4291ba6f793deca7b2380aa91e271817409bbc0c9f9bbf64f5412a0755854b9a3c74759ba10382a2dd51b4847c784366b0507a0940a9234f85c220c5a4efdd074d4da366853abffd89ed2c4acf71e25229bf30c019f0d7a1f6b2aab41586ce0785d1184d111ac12f3473aa94dc293f6fe65f6df51c1e257e800072f062e6cb06078b3ab2be11410bed0029f6e5b8586682bf988b375c60f4b6e5b0da492de5cb65870531fd2ff680f8ab3043b7a6eab5a2d16be7d3d8fcd2616053958a73ff2a27d", &(0x7f0000000100)="f871809acc0ff4ec73f8e204d8768770c1c7fed3e2d83922e37a448798eee55c53c6b08af48d80a84eabbd3ab1ae558ba6c14b0ca95ca058b83238a187e2d7a02e439353d798b7f8303754cdda531ec05cada9d145e284c4"}) ioctl$auto_BLKOPENZONE(r1, 0x40101286, &(0x7f0000000240)={0x7fffffff, 0x2b55}) quotactl_fd$auto(r1, 0x6, r2, &(0x7f0000000200)="2de5cab98ce7f4f6587725c1615afb0817d9ca62ae4270ddeb090ccdf6d60569e65ca6") epoll_pwait2$auto(r1, 0x0, 0x3, 0x0, 0x0, 0x8) iopl$auto(0x7ff) ioctl$auto_IOCTL_VMCI_VERSION2(r0, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, 0x6) 7.292054614s ago: executing program 0 (id=38): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/irq/2/wakeup\x00', 0x80000, 0x0) mmap$auto(0x0, 0x400005, 0xffffffffffeffffe, 0x10, 0xc76, 0x6) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000080), r0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000dc0)={&(0x7f0000002b40)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002abd7000fbdbdf250402000014001a80100004800c0001800500070004000000"], 0x28}, 0x1, 0x0, 0x0, 0x4008040}, 0x4000800) mmap$auto(0x0, 0x22009, 0x4000000000df, 0xeb1, 0x401, 0x1) socket(0xa, 0x3, 0x100) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_ct_limit(0x0, r2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0x200007, 0x19) r3 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/smaps_rollup\x00', 0x40000, 0x0) read$auto_proc_pid_maps_operations_internal(r3, &(0x7f00000010c0)=""/4082, 0xff2) ioperm$auto(0x7, 0x0, 0x200) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x103200, 0x0) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snd/midiC2D0\x00', 0x801, 0x0) r4 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r4, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/platform/vhci_hcd.13/usb35/35-0:1.0/usb35-port3/location\x00', 0x0, 0x0) read$auto(r5, &(0x7f0000000240)='/\x00', 0x100000001) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) write$auto(0x3, 0x0, 0xfffffffffffffff7) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x48b41, 0x0) openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) 6.56071908s ago: executing program 3 (id=40): socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) syz_genetlink_get_family_id$auto_net_shaper(0x0, 0xffffffffffffffff) sendmsg$auto_NET_SHAPER_CMD_GROUP(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2004c804}, 0x14) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) connect$auto(r0, &(0x7f0000000100)=@nl=@kern={0x10, 0x0, 0x0, 0x800000}, 0x8) recvfrom$auto(0x4, 0x0, 0x101d0, 0x3ffffd, 0x0, 0x0) adjtimex$auto(0x0) r1 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000000c0), r1) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f0, 0x15) madvise$auto(0x0, 0x200007, 0x19) timerfd_create$auto(0x9, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, 0x0, 0x0, 0x0) write$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_HW_PARAMS_OLD2(0xffffffffffffffff, 0xc1004111, &(0x7f0000000000)={0x7ff, [0x2, 0xffffffff, 0x80000000], [{0x80, 0x2, 0x1, 0x1, 0x1}, {0x8000, 0x0, 0x1, 0x0, 0x1, 0x1}, {0x5, 0x1, 0x0, 0x1, 0x1}, {0x95, 0x400, 0x1, 0x1, 0x1, 0x1}, {0x1, 0x0, 0x0, 0x0, 0x1}, {0x9, 0xfffffffe, 0x1, 0x1}, {0x1, 0xc1d, 0x1, 0x0, 0x1}, {0x2, 0xfe, 0x1, 0x0, 0x0, 0x1}, {0x3ff, 0x1, 0x0, 0x1, 0x1}, {0xc12, 0x5, 0x1, 0x0, 0x1}, {0x7ff, 0x4d3c, 0x0, 0x0, 0x1, 0x1}, {0x2, 0x9, 0x1, 0x1, 0x1}], 0x100, 0xfff, 0x3, 0x3, 0x6, 0x9, 0x80000000, "64b91cc75e50f9bfb73422d302bb9262ca4383f3137e87364ff62cfa69013312b39e05e3bb4c990e99e06e310552976c2f5b0732887c3a8873bae9024b524de3"}) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r3 = ioctl$auto_SIOCGIFHWADDR2(0xffffffffffffffff, 0x8927, 0x0) r4 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bus/usb/036/001\x00', 0x101600, 0x0) ioctl$auto_USBDEVFS_DISCONNECT_CLAIM(r4, 0x8108551b, &(0x7f0000000540)={0x0, 0x6, "7636151d9b02ba4db36efb8adaeb205490055c8160618a793bc0ef02be6b53ab874d163664e76626154e19585266b4280ac77b4953f03208c9d0d81de29f87c95b44caf734b5f2e59f69b0fe4a5494f48d5300607cd488d34e391975e1aa7743568be0d261cfaa4f9b6174c390954234be5d151787f0c9c66dc02b5a5a89a56682d58f67fb6efb456c4569af2df4c3e2fe0f9223c43727d728cc77183d2ceb9a4b6797048cd4d028ae420b7deabcd6b4a367d87ec44bbe2522223a45c3c8c504c1bae057da778451ca39ef604724c73e5f577cda46ab42dd3392401d1c9bf8ba15c8299371980687c12430b63a504592439e0580a6f2a60bed1efbb23b7596b3"}) ioctl$auto(r3, 0x9, r4) 6.027786217s ago: executing program 1 (id=41): prctl$auto_PR_SET_ENDIAN(0x14, 0x5ac, 0x0, 0x5, 0x6) mmap$auto(0x0, 0x2020006, 0x1000000000000007, 0xeb1, 0x0, 0x1008000) io_uring_setup$auto(0x6, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptyd3\x00', 0x40001, 0x0) write$auto(0x3, 0x0, 0xfdef) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x19, 0x7, 0x28000) write$auto(0x3, 0x0, 0x7fffffff) write$auto(0x1, 0x0, 0x80000000) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x5) r0 = socket(0x2b, 0x1, 0x1) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x2) sendmsg$auto_NFC_CMD_DEP_LINK_DOWN(r0, 0x0, 0x20000001) madvise$auto(0x0, 0xffffffffffff0004, 0x19) kill$auto(0x0, 0x21) ioctl$auto___SNDRV_PCM_IOCTL_SYNC_PTR32(0xffffffffffffffff, 0xc0844123, &(0x7f0000000180)={0xb9, @reserved="67c6554c4e069438cf407f9d0c97cdbac07f748b65e6c036b1800162e60ea5c4f6230a2f54ce5169cc18e34fa19b75f1b8afe86a918f7115ab3b65f644b151c4", @control={0x7, 0x7}}) madvise$auto(0x0, 0x200007, 0x8) madvise$auto(0x0, 0x2003f0, 0x15) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_MPP(r0, 0x0, 0x880) munmap$auto(0x8000, 0xffffffff) syz_genetlink_get_family_id$auto_nfc(&(0x7f00000000c0), r0) sendmsg$auto_NFC_CMD_STOP_POLL(r0, 0x0, 0x44084) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) mmap$auto(0x0, 0x2020009, 0x3, 0x400000eb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x40000c, 0xdf, 0x9b72, 0x2, 0x5) 6.026136743s ago: executing program 2 (id=42): syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000700), 0xffffffffffffffff) fchownat$auto(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r0 = openat$auto_tracing_total_entries_fops_trace(0xffffffffffffff9c, &(0x7f0000000380)='/sys/kernel/debug/tracing/buffer_total_size_kb\x00', 0x800, 0x0) read$auto(r0, 0x0, 0x0) openat$auto_snd_mixer_oss_f_ops_mixer_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer\x00', 0x902, 0x0) ioctl$auto(0x3, 0x80004508, 0x10000000000402) r1 = openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f00000006c0)='/sys/kernel/debug/tracing/events/vmalloc/filter\x00', 0x103041, 0x0) write$auto_ftrace_subsystem_filter_fops_trace_events(r1, 0x0, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x10b142, 0x0) write$auto(0x3, 0x0, 0x100082) socket(0x2, 0x1, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8ad00, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) write$auto(0x3, 0x0, 0xffd8) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x8101, 0x0, 0xd0, 0x5, 0x6, 0x0, 0x1, 0x3691, 0x0, {0x100000000, 0x10000}, 0x7ffffffffffffffc, 0x40000000000006, 0xfffffffffffffffd, 0x1008000, 0x0, 0x80000004, 0x4bbd, 0xffffffffffff628e, 0x800000a747, 0xdeae, 0x804}) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) setresuid$auto(0x8, 0x8, 0x0) setfsuid$auto(0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x840, 0x0) ioctl$auto(r2, 0x560a, 0x7) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmmsg$auto(r3, &(0x7f0000000180)={{&(0x7f0000000400)="0ec9d4e7208f644775ca42fb11463e6d1841716d4932c17de755db811a11caa01dc705f5ea917aedc78693b10c194d2b12a4598370f563f4a17322d9914c02732df580c4034afd705d4e404af008dfe10e878cc725a4788fab8b99cf58c13fbcae07e5981db28d1448a1d8a207d89d260945acdbe2077684cfd2568708f6c2f81843d74ce0e5268ec9e0e1ff599ad8178311ff3d4bb3c7f8cee3f5c3fd28c3832b523bfa9d78214bc04528cdda1c620a6fb28688e88a3e75f3ef374fdd03a1905c47d1cb", 0x6, &(0x7f00000005c0)={&(0x7f0000000500)="4ea64ce4ec58225d6217cb2e3cf1fade282b753a4e0fa6505993f5a521dfef39023a442e44dd2358b544b02504d842d2a8c6e9db3721e81d38bb55aa94707b7e4cde17f8314a9d95dcf05b2e4ce5e7d4c21079ca969db0700ce19643945918c941b2b47a15ebfbbae8df8e4cec18fe0c6fb5fdfdd3191d3e0afcc4a1b4b4d109e2aef7165c91c727e5a101b84cb85cb4468334acb3e1933b7ea18314d04a0ac85412d54fb1a2c79b", 0x6}, 0x8ad, &(0x7f0000000740)="a55ee52fe370e14ebaccbbb48250316f9c74405750946e4cf63a38b84364fac058304d8a3b1558e1e9eac5326c4c78fca03af6664f0ffa00a58d5e95d84ca3f49a5b983820422194a366d734340163ad65ce00fa779191ed186f079c10cedb746cdd8f499c566ba03e999094f38065bc72f17a4a1b3c34e455a4498fa8c5050b2d6b218c0f1415d883f556d9e4e33831ff23e7db79e1f762dd90b1216ffc040aed0718c20c607a5ecaba", 0x7, 0xc}, 0x841d}, 0x401, 0x5) openat$auto_fragmentation_threshold_ops_(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/ieee80211/phy10/fragmentation_threshold\x00', 0x111380, 0x0) 4.476524058s ago: executing program 0 (id=43): mmap$auto(0x0, 0x9, 0xdf, 0x1000000eb1, 0x401, 0x8000) select$auto(0x100, 0x0, &(0x7f0000000440)={[0x8, 0xb, 0xfffffffffffffffd, 0xd, 0x7, 0x401, 0x6, 0x2, 0x9, 0x8, 0xef, 0x400d, 0x3, 0x7, 0x80000000, 0x100000000a]}, 0x0, 0x0) syslog$auto(0x2, &(0x7f0000000000)='-#:\x00[\xda\xe2\xc3L\xd30{Q\xecvP\x93\x87\x1e\xdd\x95\x1b\x19qI\vv\xacO*X0V\x93\x85\xff\xb2\xdd\xd8\xd5Kh\xfa\xa3\xc7\x9b}\xec\x1e\xdc\x80\x1fR\xc30\x9a\xae\\\'\x14\x98\x98\xc3iDv\x97\xdfTMt\xe5?\xd0\xcc\xb8\xfa\a\x7f\x7f\x00\x00\x00\x00\x00\x00\x00n_\xb1\x1c\x7f\xb0y\xec\xe2\xcc\x1a/\xfa{d\xe4BN\x9c\xb9\x87.\xfe\xe7&1j\xe6]\xc3\x9anE6\x81\xe4\xec\xfa\xefE\xf7\x17h\xf4pumR\xd55Dd(\x0f(b\x1aD\xf4\x03\xc3\\\xdf\x8f\xa8\x82\xab\x102\xd1\xaf\xcaT\x86\x171\x11Q4\x94\x9d\xf5\x9c\xe3\xaa\xf3\xd26i\xf9\xb2\xd9T\xc9\xfd\xba\x91^\x19\x95\xde\xbc \xa8\x98\xc3\xed\xe9,{\xd4\xa1\xe4p\xcf\b\f\xb4\xbe_\xf2\xbe\xef\v\xf1d\xdd\x0e\xfc\xc3\xeaqt\x94\xe7\xce\xf1\xc5\x94~\xf6Cx\x0e\x98\xc7gE>*\x9c%\xa0\\\x14\t\tv.\x1c\x1a\xf1\xba\xc0>\xf4Hc\xc3\xfa\x033\x8f\xb9(\n/\xcdo\xc2', 0xcf) close_range$auto(0x2, 0x8, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0xfffffffffffffffc, 0xa44, 0x86a) madvise$auto(0x0, 0x2003f0, 0x15) madvise$auto(0x3, 0x9, 0x10000) r0 = socket(0x1d, 0x2, 0x7) getsockopt$auto(r0, 0x6b, 0xdc5a, 0xfffffffffffffffe, 0x0) r1 = socket(0x2, 0x80002, 0x73) getsockname$auto(r1, &(0x7f0000000000)=@isdn={0x22, 0x9, 0x0, 0x1, 0x10}, &(0x7f00000000c0)=0x5ecbce2b) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) madvise$auto(0xa, 0x0, 0xfffffff5) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000240), 0x40, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) madvise$auto(0xea87, 0x1, 0x19) mlock$auto(0x1000, 0x6) r3 = mq_open$auto(&(0x7f0000000340)='\x12\xe6D\b\x9e\x00\x80\x8d\f\xb9w-\xbd!\x9eb\x01\x04\x0f\xe5\x9dZ\xc2\xd1\x01wBV\x91\x8f_\xc0.\x84\xfe\x84\xd1se\x01\x06\x00\xb3\x13_Y&\xa9\x88\xe4\xa2\xb0V\x85\x92<\xb6\xdcT \\\xf2\v\xb1\xe2\xd8\xfa\xd8V\xe5\x00\xfa\xe9!\xc5<\xce\x18]\x8c=\x06\xdagq\xb5\r\t\xb2\xde\x99\xd50\xbb\x192\x1c4\x86\xc0\xc1-\xd5\x10\xc3\xfc*[8\x89h\xc5\xba\xff\xc8u50x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="0100cda4429629bd7100f9db5f250200000000", @ANYRES32], 0x24}, 0x1, 0x0, 0x0, 0x404c0c0}, 0x80) 4.200651307s ago: executing program 3 (id=45): syz_clone3(&(0x7f00000001c0)={0x2000000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58) mmap$auto(0x0, 0x400008, 0x200, 0x9b72, 0x2, 0x8000) ioperm$auto(0xa, 0x7, 0x2) mknod$auto(&(0x7f0000000080)='u[,&*}\x00\a\x00\x00\x00?\xa4\x1fN\xa1~5Z\xc7\r\f}M4\xa8m\xe6\x19[11\xab\xff-E\xac9(\xb4O\xa0t4h\x9f-gn\x1f\x01\x00\x00\x00\x00\x00\x00\x00\xaeR\x81\r_\x0e\x19\b\x85\bvv(e\xdax)\t\x15\xf6\xc8\xee\x04\x16\xc1\x9a!\x87I7\x8cD&zg\xb0a\xab|E\xde\x14\xee[\xc8\xc0\xa8Nh\x0f\xa3\xdbT\xb3\xb8\xd2F\xa0\xc4]\xaf\xc43&\xe4\x01\x05\xd2\x15\xf8\xf1!\x9d\x92\xbbH\xd3^aD\x87\xd8\xe7\xd2\xf3[r\xc5S&}D[\x97\xf1\xd9\xf8Y\x1c\x03\x84\xb4\xd7\x16\x19\xe5\x17\x10\xd8fcG:\xfbY8\x17w\x98?\x03@\xe5\x02\x05\x93h\xb9\xf7\xef\x84\x8aGlN\a\x1e\x00\x00\x00\x00\x00\x00\x00\xf1p\xeb\xe9(%\x89\xef\x85\xdfr\xce\x00\x00\x00\x00\xff\x00\xa2M\'d\x12\x1c\x12\xca\xa5_\x8d\xdf\xc5\x8d\x19?\xfc~\xb3X\x14\xa7\xa9M\x87\xfcTW\x1bR\xbci\x8d\x8aNEO\xb3~~\xa8\xa6\x894\x80;s\xb7\xa3V\x1b\x14|\x9e\xd4\x05\x85\x0f!\xab-E\'\x97Y\xb7\xe8fMv_\xf8\xa0S\xef\xb7\b\xe7!T.g\x92\x87\t$\x06\xa4\xfb\x83\x8c\x17^\x82\xe7\xd3\xf6q\x1a\xa0\xf82[W\x90\xdd\xe3\xde\xa9\xde\x94`-\x9a\x1e}\xebO*\xb85,v.\xfc5\xba?vlt\xda%\x06a\x15I\x1f\xe3\x05+\x810T2\xf9\x9b\xc7\xd1\t\x03\xf2\x8d\x8a\x90\xb54\bH<9\xf1\x91 D\x85g,\xaa\xca\xcd\xd5\xcb\x9a\xb1j\xf2F\xce\x14\x92\xf9\xd7\xec\xc5\x1e\x8aq2\xce\x881f\xd7\xd4\x9e\xf6\xb6P\x01\xe8T\xb5X\xb9d-I\xd6\x91\xc3\xe2\x88S\x82l=\x02t$p\t\x8cY\x06\r\x83\xb0\x86\xc6\x84\x1c\xce\xb6\xf0\xdfC\x9fj<\xfe\xa4\x1f\x82L\xe4\x13+H\x00\x00\x00\x00\x00\x00\x00\x01M\x16\xa0\xbeB6\xfb\xa2-\x17\x93Q\x9fKusl5\xa2$M\xb4\x18\x1db\xf3\xce\x8c\xe5Rna\xd5\xbbQ\xc7\xa7+\vH\xc1l\x1bIv\xe8_\x00', 0x1081, 0x8) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f00000001c0), 0x80100, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, 0x38) r2 = ioctl$auto_KVM_CREATE_VM(r0, 0x4138ae84, 0x0) close_range$auto(0x2, 0x8, 0x0) read$auto_tomoyo_operations_securityfs_if(r2, &(0x7f0000000040)=""/245, 0xf5) acct$auto(&(0x7f0000000480)='u[,&*}\x00\a\x00\x00\x00?\xa4\x1fN\xa1~5Z\xc7\r\f}M4\xa8m\xe6\x19[11\xab\xff-E\xac9(\xb4O\xa0t4h\x9f-gn\x1f\x0f\x18\xc5\x82-s\x83\xe6\xaeR\x81\r_\x0e\x19\x12\x85\bvf(e\xday)\t\x15\xf6\xc8\xee\x04\x16\xc1\x9a!\x87I7\x8cD&zg\xb0a\xab|E\xde\x14\xee[\xc8\xc0\xa8Nh\x0f\xa3\xdbT\xb3\xb8\xd2F\xa0\xc4]\xaf\xc43&\xe4\x01\x05\xd2\x15\xf8\xf1!\x9d\x92\xbbHL9aD\xb4\x80\xed\xba>\"\xb6\x7f\xa3f\x1d\a\xa1\x87\x84uA\xd8\xe7\xd2\xf3[r\xc5S&}D[\x97\xf1\xd9\xf8Y\x03\x84\xb4\xd7\x16\x19\xe5\x17\x10\xd8fcG:\xfbY8\x17w\x98?\x03@\xe5\x02\x05\x93h\xb9\xf7\xef\x84\x8aGlN\a\x1e') 3.365580152s ago: executing program 0 (id=46): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000080), 0x2000, 0x0) setresgid$auto(0x9, 0xffffffffffffffff, 0xffffffffffffffff) get_robust_list$auto(0x1, 0x0, 0x0) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80802, 0x0) r1 = socket(0x2b, 0x1, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @loopback}, 0x6a) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x5, 0x0, 0x1f, 0x9}, 0x800009}, 0x3, 0x20000000) io_uring_setup$auto(0x6, 0x0) setsockopt$auto(0x3, 0x1, 0x2f, 0x0, 0x9) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, 0x0, 0xc0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x800) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) mbind$auto(0x2000, 0x100000004, 0x5, 0x0, 0xffffffffffffff39, 0xffffffff) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) write$auto(0x3, 0x0, 0xfffffdef) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) mmap$auto(0x0, 0x7, 0x4000000000df, 0xeb1, 0x400, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0x11, 0x80003, 0x300) socket$nl_generic(0x10, 0x3, 0x10) madvise$auto(0x0, 0xffffffffffff0001, 0x15) arch_prctl$auto_ARCH_MAP_VDSO_32(0x2002, 0x3) 3.1380053s ago: executing program 3 (id=47): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) ioctl$auto_UBI_IOCDET(0xffffffffffffffff, 0x40046f41, 0x0) unshare$auto(0x40000080) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_UPDATE_OWE_INFO(r0, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000002c0)={&(0x7f00000006c0)=ANY=[@ANYBLOB="54400000042482e8549eac527f4fa982276f84b233393c029bd59ac89df864bbb53cb1e7365a3ffe1dcbbed6803d0f3932e24c82c32a53ce0f5aeffcad74409febd1349eee77243dc6cbfb890e786e353e3f51f0dacbfc6515dd58a47a2876940518ef36b09454aa8e709274a8da319bb86eee9adbf93581115e38287b201fd95d44f94c162be0bbb3d27b245a19bd95e1fce23bd20253c533286545f2b38114e6af33fdc55203", @ANYRES16=r1, @ANYBLOB="2000ff7f0000fbdbdf2587000000050008000d0000000e0034009961cf2b7f5e97cf3b14000006009500c70d00000600b5008000000008383d52249ceaa9e45e17fdc600830b00000500e4000300000005001d0002000000e6566e1842a35cc68bf7d5ba593601723439edf0f051e4e2e054cfd9945f8f3c1bfb0842fa17d2318129ddc901a7ddfc016e236c67cfe23910ced5fa4a0b7cf39167d430296efb42b8f046e3af627599e88098bd3c629e2ae1118df79478bdfd8dda1f695feabf8e740e3b62284d74cf526ece590b1c0781c2cfdca76a50524d8fde7cbb9f3256f9cd345106f911252ed29a172ec9083738f4c32866ccb9cfd748bfd81994a06f62f7a55cf8255e62342e1c"], 0x54}, 0x1, 0x0, 0x0, 0x41}, 0x24000000) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000240), r2) sendmsg$auto_NL80211_CMD_STOP_SCHED_SCAN(r3, &(0x7f0000000380)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)=ANY=[@ANYBLOB="18000000", @ANYRES16=r4, @ANYBLOB="04002abd7000fcdbdf254600000004008e00"], 0x18}, 0x1, 0x0, 0x0, 0x810}, 0x4004000) r5 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0x80000, 0x0) write$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffffff, 0x0, 0x0) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/pcmC1D0p\x00', 0x4000, 0x0) r6 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x640, 0x0) read$auto_mon_fops_binary_mon_bin(r6, 0x0, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0xa901, 0x0) readv$auto(r5, &(0x7f0000000680)={0x0, 0x40200}, 0x3) ioctl$auto_SNDCTL_DSP_SPEED(r2, 0xc0045002, 0x0) r7 = openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/block/nbd5/sched/owned_by_driver\x00', 0x2000, 0x0) read$auto_blk_mq_debugfs_fops_blk_mq_debugfs(r7, &(0x7f0000000040)=""/163, 0xa3) r8 = mq_open$auto(&(0x7f0000000080)='/dev/kvm\x00', 0xa9d3, 0x1, &(0x7f00000000c0)={0x2, 0x3, 0x8, 0x3}) close_range$auto(r8, r8, 0x4) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r9 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r9) socket$nl_generic(0x10, 0x3, 0x10) 2.786256306s ago: executing program 2 (id=48): socket$nl_generic(0x10, 0x3, 0x10) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\x00\x80\x00\x00\x00\x00\x00\x00j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0x5) r0 = set_tid_address$auto(0x0) r1 = syz_open_procfs$namespace(r0, &(0x7f0000000080)) getdents$auto(r1, 0x0, 0x3f1) getdents$auto(r1, 0x0, 0xa2b0) r2 = clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) tkill$auto(r2, 0x9) sched_rr_get_interval$auto(r0, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x282) socket(0xa, 0x3, 0x3a) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80502, 0x0) ioperm$auto(0x7, 0x6, 0x80) getegid() prctl$auto_PR_GET_SPECULATION_CTRL(0x34, 0x10, 0xffffffffffffffff, 0x8000, 0x8acb) write$auto(0xffffffffffffffff, 0x0, 0x7) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x80102, 0x0) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=ANY=[@ANYRES16=0x0, @ANYBLOB="2f212abd7800fddb"], 0x14}}, 0x4000000) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, 0x0, 0xa2741, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x11, 0xa, 0x300) r3 = socket(0x2, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) mmap$auto(0x0, 0x128009, 0xdf, 0xeb1, 0x401, 0x8000) sendmmsg$auto(r3, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0xa0fc}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x401, 0x0) 2.699433635s ago: executing program 1 (id=49): mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0xdd, 0x8000) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/veth1_to_batadv/router_probe_interval\x00', 0x101000, 0x0) read$auto(r0, 0x0, 0x8) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r1, 0x4b68, 0xffffffffffffffff) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/nbd6\x00', 0x1ed242, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) r2 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0) ioctl$auto(r2, 0x41045508, r2) r3 = socket(0xa, 0x1, 0x84) getsockopt$auto(r3, 0x84, 0x1f, 0x0, &(0x7f0000000080)=0x49b) openat$auto_l2cap_debugfs_fops_(0xffffffffffffff9c, &(0x7f0000000200), 0x40000, 0x0) mmap$auto(0x0, 0x2020005, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4000894}, 0x800) bpf$auto(0x0, &(0x7f00000001c0)=@test={0xffffffffffffffff, 0xffff, 0xfffff0b6, 0xffff, 0x84, 0xac1, 0x2, 0x36242398, 0xfffff5b2, 0x3bb, 0x8000007, 0xffff, 0x6, 0x81, 0x68198}, 0x6f3) rt_tgsigqueueinfo$auto(0x3, 0x96, 0x3, &(0x7f0000000180)={@siginfo_0_0={0x80000000, 0x7, 0x8000, @_kill={0xffffffffffffffff}}}) sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYBLOB="010027bd"], 0x2c}, 0x1, 0x0, 0x0, 0x4801}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="12"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) socket(0xa, 0x3, 0x3a) setsockopt$auto(0x400000000000003, 0x29, 0xd2, 0x0, 0x567) write$auto(0x1, 0x0, 0x80000000) prctl$auto(0x1000000003b, 0x1, 0x0, 0x3, 0x7) 2.275255736s ago: executing program 0 (id=50): mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0xdd, 0x8000) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/veth1_to_batadv/router_probe_interval\x00', 0x101000, 0x0) read$auto(r0, 0x0, 0x8) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r1, 0x4b68, 0xffffffffffffffff) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/nbd6\x00', 0x1ed242, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) r2 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0) ioctl$auto(r2, 0x41045508, r2) r3 = socket(0xa, 0x1, 0x84) getsockopt$auto(r3, 0x84, 0x1f, 0x0, &(0x7f0000000080)=0x49b) openat$auto_l2cap_debugfs_fops_(0xffffffffffffff9c, &(0x7f0000000200), 0x40000, 0x0) mmap$auto(0x0, 0x2020005, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4000894}, 0x800) bpf$auto(0x0, &(0x7f00000001c0)=@test={0xffffffffffffffff, 0xffff, 0xfffff0b6, 0xffff, 0x84, 0xac1, 0x2, 0x36242398, 0xfffff5b2, 0x3bb, 0x8000007, 0xffff, 0x6, 0x81, 0x68198}, 0x6f3) rt_tgsigqueueinfo$auto(0x3, 0x96, 0x3, &(0x7f0000000180)={@siginfo_0_0={0x80000000, 0x7, 0x8000, @_kill={0xffffffffffffffff}}}) sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYBLOB="010027bd"], 0x2c}, 0x1, 0x0, 0x0, 0x4801}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="12"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) socket(0xa, 0x3, 0x3a) setsockopt$auto(0x400000000000003, 0x29, 0xd2, 0x0, 0x567) write$auto(0x1, 0x0, 0x80000000) prctl$auto(0x1000000003b, 0x1, 0x0, 0x3, 0x7) 2.177281253s ago: executing program 3 (id=51): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) r0 = socket(0x2, 0x5, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000440)='/proc/uptime\x00', 0x800, 0x0) read$auto_proc_mountinfo_operations_mnt_namespace(r1, &(0x7f0000001100)=""/4096, 0x1000) socket(0x2, 0x80002, 0x73) socket(0x2, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x13, &(0x7f00000000c0)={0x0, 0x1a000}, 0x7, 0x0, 0x2, 0x2}, 0x1002}, 0x739618ce, 0x311) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f0000000000)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x1}, 0x2, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f0000000000)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x1}, 0x2, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x2, 0x1, 0x0) socketpair$auto(0xfffffffd, 0x5, 0xffffffff, 0x0) unshare$auto(0x40000080) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd) close_range$auto(0x2, 0x8, 0x0) 2.021947022s ago: executing program 2 (id=52): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) ioperm$auto(0x7, 0x5ad2, 0x8) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/virtual/block/loop4/size\x00', 0x80, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f00000000c0)=""/17, 0x11) close_range$auto(0x2, 0x8, 0x0) socket(0x15, 0x5, 0x0) socket(0x2, 0x1, 0x106) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) getsockopt$auto(0x3, 0x200000000001, 0x1c, 0x0, 0x0) mmap$auto(0x0, 0x9, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0xc0502, 0x0) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0) read$auto(r3, 0x0, 0x20) timer_create$auto(0x3, &(0x7f00000001c0)={@sival_ptr=&(0x7f00000000c0)="019a6f930eeb0ea970789516bfb843e65bf8b91af67719a059eec4bc6bca28ffdffe845ce83618272161ad982134115545f190fcb1c930dc77d7f02f06a3c13456ea09c687127097839d13a6a45bf16d64735d5de5132b86e6753e14d15b142529cce3a4670db4b88ba1e3cd0568f5411f82ecdd478a5a85604221758c96db2e931f4626f77bfafe9996de4bb2d3f7a8368c2da86cfa02c3fb3464f8535d2e8cb7889f4d889d84cb544905cc3f1d4093ea6cd2fccbb028a1638387495fa768e96e3dce072cfb22ae26fe1498e8113a4d110abd00b2f19ad6962b0392be0ff1f472a213f5075b9757299cb0760bdf3d490b12", @inferred=r0, 0x9}, &(0x7f0000000240)=0x3c) writev$auto(r2, &(0x7f0000000200)={0x0, 0x10}, 0x3) socket$nl_generic(0x10, 0x3, 0x10) bind$auto(0x3, &(0x7f0000000000)=@generic={0x10, "a500acb75c9cedd1b5e9a0d76293"}, 0x68) close_range$auto(0x2, 0x8, 0x0) close_range$auto(0x2, 0x8, 0x0) preadv2$auto(r0, &(0x7f0000000040)={&(0x7f0000000380), 0x6}, 0x2, 0x1000, 0x3, 0x8) bpf$auto(0x4, &(0x7f0000000300)=@batch={0x8, 0xc, 0xd56, 0xffff, 0x8, r1, 0x9, 0x7fff}, 0x2) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCVHANGUP2(r4, 0x5437, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) r5 = socket(0x25, 0x2, 0x1) connect$auto(r5, &(0x7f0000000080)=@qipcrtr={0x2a, 0xffffffff, 0x8000}, 0x2) close_range$auto(0x2, 0xffffffffffffffff, 0x8) 1.675268105s ago: executing program 3 (id=53): mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) r0 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) unshare$auto(0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000340), r1) sendmsg$auto_TIPC_NL_NET_SET(r1, &(0x7f00000079c0)={0x0, 0x0, &(0x7f0000007980)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002cbd7000ffdbdf250f0000000c00078008000200", @ANYRES32=0xee00, @ANYBLOB="d56e417a"], 0x20}, 0x1, 0x0, 0x0, 0x40010}, 0x2) pwrite64$auto(0xc8, &(0x7f0000000000)='\vX\xb5o\x91p\xe6\x1eRN8\x99\x00\b\xaa\x1c\x00\x00\x00\x00c\x14\xaf\r\x94\x1a\xd3\xd3\x1d\xf8\xbebR\xddL\'\x03\xf1`\x9f5\xf9\xa4\xf8\x15\xdd\xac\x00\x00\x00\x00\x00\x00\"\x01\x0e\xa4\xdf\xdav\x1cC\xff\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\x9d*\xd1\x14^\xbe\xa2\x00\x00\x00\x01\x00\x00\x00\x00\x00\xe8\xff\x00\x00\x00\x00\x00', 0xfdef, 0x500000000000) socket(0x2, 0x801, 0x100) connect$auto(0x3, &(0x7f00000018c0)=@in={0x2, 0x300, @loopback=0xac14140a}, 0x55) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) r3 = setfsuid$auto(0xee01) keyctl$auto(0x1d, 0xffffffffffffffff, r3, 0x0, 0x6) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/softrepeat\x00', 0xc2481, 0x0) write$auto(r4, 0x0, 0x81) msgctl$auto_IPC_RMID(0xdda7, 0x0, 0x0) sendmsg$auto_TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, 0x0, 0x10) r5 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$auto(r5, 0x4004556e, 0x1f) unshare$auto(0x40000080) fremovexattr$auto(r1, &(0x7f0000000080)='TIPCv2\x00') mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x4c, 0x0, 0x9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), r0) sendmsg$auto_NL80211_CMD_AUTHENTICATE(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r6, 0x0, 0x70bd28, 0x25dfdbfd, {}, [@NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x4010) 1.39589406s ago: executing program 2 (id=54): r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x8e051, r0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) init_module$auto(0x0, 0xffff9, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x8000000000000000, 0x15) madvise$auto(0x0, 0x2000000080000001, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) close_range$auto(r0, r0, 0xf) move_mount$auto(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x91e4) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) msgctl$auto_IPC_RMID(0x37, 0x0, &(0x7f0000000100)={{0x2, 0x0, 0x0, 0x100, 0x5, 0x8, 0xffff}, &(0x7f0000000000)=0x1, &(0x7f0000000040)=0x1, 0x7, 0x6, 0x2, 0xdff, 0x15f, 0x6, 0xd, 0x7, @raw=0x1, @inferred=0xffffffffffffffff}) r3 = getuid() newfstatat$auto(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000280)={0x4795, 0x40, 0x54dd, 0x2, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xfffffffffffffff9, 0x5, 0xffffffffffffff2d, 0x5, 0xe8, 0x54e, 0x5, 0x1, 0x2000c, 0x1}, 0x8) keyctl$auto(0x8, r2, r3, r4, 0x2) statmount$auto(0x0, 0x0, 0x1fe, 0xd) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000600), r5) read$auto_proc_pid_maps_operations_internal(r1, &(0x7f0000000ac0)=""/4096, 0x1000) sendmsg$auto_IOAM6_CMD_NS_SET_SCHEMA(r5, 0x0, 0x80) statmount$auto(0x0, &(0x7f0000000380)={0xa, 0x1, 0x13ff800000, 0x6, 0x5, 0x1007184, 0x20008a0d, 0x3, 0x5, 0x6, 0x89, 0x8026, 0x4, 0x200200000000001, 0x384, 0x0, 0x8, 0x0, 0x30, 0x0, 0x3, 0x8, 0x8000, 0x1, 0x0, 0x84, 0x0, 0xfffffffd, 0x4, 0x0, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4eb5, 0x0, 0x0, 0x0, 0x0, 0xc780, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe235, 0x0, 0x0, 0x0, 0x8000000000000000, 0x0, 0x7, 0x4], "624b269de58a17cedf"}, 0x9, 0xd) r6 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) fcntl$getown(r6, 0x9) ioctl$auto__ctl_fops_dm_ioctl(r6, 0xfffffff7effffd05, &(0x7f00000001c0)) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x7, 0x4008) open$dir(&(0x7f00000000c0)='./file0\x00', 0x40001, 0x0) move_mount$auto(r1, 0x0, r1, 0x0, 0x4) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) 1.09967319s ago: executing program 1 (id=55): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(0x3, 0x0, 0x7fffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = socket(0x2, 0x1, 0x106) bind$auto(r1, &(0x7f0000000000)=@in={0x2, 0x3, @multicast1}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) syz_genetlink_get_family_id$auto_ovs_vport(0x0, r1) write$auto(0x3, 0x0, 0xfffffdf2) connect$auto(0x3, 0x0, 0x55) r2 = openat$auto_tun_fops_tun(0xffffffffffffff9c, 0x0, 0x2002, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) close_range$auto(0x2, 0xa, 0x0) socket(0xa, 0x2, 0x0) r4 = socket(0xa, 0x3, 0xff) connect$auto(r4, &(0x7f00000018c0)=@generic={0xa}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x20000000000006, 0x2) madvise$auto(0x0, 0xffffffffffff0004, 0x19) r5 = getpgid$auto(0x0) shmctl$auto(0x0, 0x0, 0xfffffffffffffffd) sendmsg$auto_NL80211_CMD_SET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000100)={&(0x7f0000000480)=ANY=[@ANYBLOB="50020000", @ANYRES16=0x0, @ANYBLOB="02002dbdf000fedbdf251d00000038025f801002878008006f00", @ANYRES32=r3, @ANYBLOB="0400978004003a0004005a800800f300000200000400de8045df3a1300c8401947d0503363724b3d215afe21a8ef5c4ac8fbf9e6d2c4d934e1c77ad90ee483a1621914a8a50159929758d4274203ba0c16787702cc79b8c6725d6bb69ba3a5912b2f0929c4f07ca31c32faa9dcf6b98a26307c0bc73b269fe9ea084bb1a6c0aac2ecf34ad823dd81c9852712db214b0716777304f75a5cf16ede1ff75941acecbc5ca8e5e562f67b4ad1fcbd4a52f04ffa66fcc91d04e9f09b33ff50b8bea0d360b3ba139a0dfb3efe2f7a074b92907a533ca6a63adcbe379de8ffadb4d512ef0a24dc84aa6e31bb11de522accd231b4661ec6e645ffd3e835f4f598453344d8bce660e698855f30b92ef57adbf5f706cf8f0800db00", @ANYRES32=r5, @ANYBLOB="a275c8e0e06cd6e8d0e48cea512727d44fc525562c24fe824dbc62093b6484db6a80ee0929762801f768b470a30673e0711212816b2d8892679742923f7145f8bec38313aa3822e2ef1c3c7c62cf39624d629e3328ff0eaf02cb37265f73912a6c8abd75dd5439f84df3098d77d5c55f11af49789c34287df19971623e6c9d53dfa77315c43a2523c970774882d7f374d1f468a9eaf076c0d14fb24e3d7e95d8caa55b7fd4ff20cac393730ff79d6c6be891ec45b90dd9b707081f7ab92ca2c0d27012108f5343085fb3bebb09088c570aad060352dceea563c5cedb1ccfd29beeb826e27741040089802400da801e00be00de561c8ea563e666263d830ed162b80906226b0c181f64099c48000004004601"], 0x250}, 0x1, 0x0, 0x0, 0x40010}, 0x20) write$auto(0x1, 0x0, 0x80000000) bpf$auto(0x0, &(0x7f00000003c0)=@bpf_attr_5={@target_fd=r1, r2, 0x3631, 0x4, r2, @relative_fd=r0, 0x6}, 0x6e5) read$auto(0x3, 0x0, 0x80) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) ioctl$auto_SNDCTL_DSP_GETOSPACE(0xffffffffffffffff, 0x8010500c, &(0x7f0000004040)) mbind$auto(0x0, 0x2091d2, 0x0, 0x0, 0x9, 0x2) 521.129329ms ago: executing program 0 (id=56): openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x48000, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000500), r0) r2 = socket$nl_generic(0x10, 0x3, 0x10) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000040)=""/247, 0xf7) r3 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_NEW(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x2c, r3, 0x1, 0x2070bd26, 0x25dfdbfe, {}, [@OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x4}, @OVS_DP_ATTR_NAME={0x8, 0x1, 'HfR\x00'}, @OVS_DP_ATTR_MASKS_CACHE_SIZE={0x8, 0x7, 0x10}]}, 0x2c}, 0x1, 0x0, 0x0, 0x801}, 0x80) syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000080), 0xffffffffffffffff) semctl$auto_IPC_INFO(0x576d, 0x3, 0x3, 0xfffffffffffffffe) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/mm/transparent_hugepage/hugepages-64kB/stats/nr_anon\x00', 0x0, 0x0) sendmsg$auto_OVS_DP_CMD_SET(r2, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0x30, r1, 0x300, 0x70bd2b, 0x25dfdbfb, {}, [@OVS_DP_ATTR_NAME={0xa, 0x1, ',\xb0-^}\x00'}, @OVS_DP_ATTR_MASKS_CACHE_SIZE={0x8}, @OVS_DP_ATTR_UPCALL_PID={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x800}, 0x24000895) r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000380)='/dev/ptyp5\x00', 0x800, 0x0) ioctl$auto(r5, 0x5607, 0x7) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_DP_CMD_DEL(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000580)=ANY=[@ANYRES8=r4, @ANYBLOB="bd9f80f7b6924f5c3b1f7cb82b733fd067ead547d9e8c69c9793959ae48c57fb2027470fd97cc90b3f9eaef5e51dd5e1558b782f54269e09aeb119afafd5790054172121e09a8eb8a0fd8db42fbd5e946f426c8614fe333a72ea021bc774ac2c0f5b6aaa4af998bd4e0b1583353a9def53079fb93ecd427915d4eab926d18ca6d129079ded62c6", @ANYBLOB="01002abd7000fedbdf2502", @ANYRES8=r2, @ANYRESHEX=r3], 0x38}, 0x1, 0x0, 0x0, 0x20040011}, 0x20000000) socket$nl_generic(0x10, 0x3, 0x10) r7 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000240)='/dev/nbd15\x00', 0x0, 0x0) write$auto_def_blk_fops_fs(r7, &(0x7f0000000280)="5f5fe2d3870e78bd70e58c57c3205928c4736617cac8c5675f23c5dfa275688957fcbec00159ab0d4baa4d8255621d01fd95b30f6aa5fc512624058555a5674f7c77b51c16cc7142083ad263e4bf6724d502a9beb0e37bcae083b2d09e25842019b6876bcbdea1c7907654f883e34d4c196f190512628ff6b75fbc5b87996c69f6e5ed97082ad38388bddc54023dad903bfde984ff298d2ff321bae11b06bf5b37f6b5bbcc4cb2b4f6b01804fc8501994582f5c1e7a7db76f91360abbe566c243f198fdc8b903ea51f4573faadcf30d0ede67545df0040c3836b79ec71ebd67b68", 0xe1) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff) process_madvise$auto_MADV_WIPEONFORK(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000440)="feee547da44cd41214cd1d5008ac701b4a4aad89f53035c494e1dd9d16c6a3d7d2ec97db836e390472339fc51cfa6bef13d2a9aee2a86e43b431cfbafa83332aedbc439a7cbed440bb0f3b036a056db78fc2221a127fed37932433af18c2e7e9d4855d56"}, 0x86, 0x12, 0x3) sendmsg$auto_OVS_DP_CMD_NEW(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x2c, r9, 0x1, 0x2070bd26, 0x25dfdbf8, {}, [@OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x4}, @OVS_DP_ATTR_NAME={0x8, 0x1, 'HfR\x00'}, @OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x801}, 0x0) r10 = openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000540), 0x290201, 0x0) ioctl$auto_UBI_IOCATT(r10, 0x40186f40, &(0x7f0000000080)={0xffffffff, 0x0, 0xf7d, 0x4, 0x1}) r11 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_NEW(r11, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[], 0x34}, 0x1, 0x0, 0x0, 0x20000800}, 0x80) bpf$auto(0xd, 0x0, 0x6f5) r12 = syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_OVS_VPORT_CMD_NEW(0xffffffffffffffff, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000001180)={&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00', @ANYRES16=r12, @ANYBLOB="01002cbd7000ffdbdf25"], 0x2c}, 0x1, 0x0, 0x0, 0x4040010}, 0x800) 155.386183ms ago: executing program 0 (id=57): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd6/queue/scheduler\x00', 0x189002, 0x0) sendfile$auto(r0, r0, 0x0, 0x3) r1 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x101000, 0x0) ioctl$auto_IOCTL_VMCI_QUEUEPAIR_SETPAGEFILE(r1, 0x7a9, 0x0) 0s ago: executing program 2 (id=58): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/pcrypt/pencrypt/parallel_cpumask\x00', 0x80302, 0x0) r1 = socket(0x23, 0x80805, 0x0) ioctl$auto(r1, 0x89ef, 0xffffffffffffffff) r2 = signalfd4$auto(r0, &(0x7f0000000000)={0x4}, 0x3, 0x10) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x400009, 0xfffffffffffffffa, 0x9b72, 0xffffffffffffffff, 0x0) r4 = signalfd4$auto(0xffffffff, 0x0, 0x8, 0x0) read$auto(r4, 0x0, 0x80000000006) signalfd$auto(r4, 0x0, 0x8) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_GTP_CMD_NEWPDP(r5, &(0x7f0000003080)={0x0, 0x0, &(0x7f0000003040)={&(0x7f0000000100)=ANY=[@ANYBLOB="9d1fda6ecc00b041beba49e822227c40", @ANYRES16=0x0, @ANYBLOB="05002bbd7000fddbdf25000000000800020001000000"], 0x1c}, 0x1, 0x0, 0x0, 0x4c000}, 0x80) sendmsg$auto_NL80211_CMD_SET_INTERFACE(r3, 0x0, 0x4000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000840)='/proc/sys/vm/dirty_background_ratio\x00', 0x80000, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) socket(0x2, 0xa, 0x0) unshare$auto(0x40000080) write$auto(0xca, &(0x7f0000000000)='\x04>\x01\x01\x00\x00\x00\x01\x00\xb6', 0x7f) read$auto_debugfs_full_proxy_file_operations_internal(r2, &(0x7f0000000040)=""/48, 0x30) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x787b, 0x7000000) socket(0x10, 0x2, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/net/udp\x00', 0x240, 0x0) pread64$auto(r1, 0x0, 0x1, 0x8) r6 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000200)='/proc/sys/net/ipv6/conf/bond0/ignore_routes_with_linkdown\x00', 0x40001, 0x0) write$auto_proc_sys_file_operations_proc_sysctl(r6, 0x0, 0x0) madvise$auto(0x0, 0x2000040080000004, 0xe) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.123' (ED25519) to the list of known hosts. syzkaller login: [ 101.414331][ T5821] cgroup: Unknown subsys name 'net' [ 101.572067][ T5821] cgroup: Unknown subsys name 'cpuset' [ 101.581535][ T5821] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 102.149111][ T3389] cfg80211: failed to load regulatory.db [ 103.522420][ T5821] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 105.814929][ T55] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 105.829805][ T55] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 105.837840][ T55] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 105.859547][ T5839] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 105.878140][ T5841] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 105.896086][ T5845] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 105.904008][ T5845] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 105.912684][ T5845] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 105.920794][ T5845] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 105.938583][ T5845] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 105.958061][ T5845] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 105.962651][ T5849] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 105.973121][ T5849] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 105.982523][ T5849] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 105.990844][ T5849] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 106.028178][ T5851] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 106.028425][ T5849] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 106.043491][ T5849] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 106.047402][ T5851] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 106.067962][ T5845] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 106.667462][ T5846] chnl_net:caif_netlink_parms(): no params data found [ 106.766444][ T5840] chnl_net:caif_netlink_parms(): no params data found [ 106.817046][ T5843] chnl_net:caif_netlink_parms(): no params data found [ 106.936272][ T5837] chnl_net:caif_netlink_parms(): no params data found [ 107.088765][ T5846] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.096716][ T5846] bridge0: port 1(bridge_slave_0) entered disabled state [ 107.105708][ T5846] bridge_slave_0: entered allmulticast mode [ 107.113464][ T5846] bridge_slave_0: entered promiscuous mode [ 107.123066][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.130430][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state [ 107.137707][ T5840] bridge_slave_0: entered allmulticast mode [ 107.145110][ T5840] bridge_slave_0: entered promiscuous mode [ 107.180869][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.188179][ T5846] bridge0: port 2(bridge_slave_1) entered disabled state [ 107.195364][ T5846] bridge_slave_1: entered allmulticast mode [ 107.203917][ T5846] bridge_slave_1: entered promiscuous mode [ 107.211463][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.218812][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state [ 107.226020][ T5840] bridge_slave_1: entered allmulticast mode [ 107.234025][ T5840] bridge_slave_1: entered promiscuous mode [ 107.300766][ T5843] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.308212][ T5843] bridge0: port 1(bridge_slave_0) entered disabled state [ 107.315546][ T5843] bridge_slave_0: entered allmulticast mode [ 107.323835][ T5843] bridge_slave_0: entered promiscuous mode [ 107.366405][ T5846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 107.395870][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 107.406241][ T5843] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.413562][ T5843] bridge0: port 2(bridge_slave_1) entered disabled state [ 107.421412][ T5843] bridge_slave_1: entered allmulticast mode [ 107.429395][ T5843] bridge_slave_1: entered promiscuous mode [ 107.436141][ T5837] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.443421][ T5837] bridge0: port 1(bridge_slave_0) entered disabled state [ 107.450888][ T5837] bridge_slave_0: entered allmulticast mode [ 107.459497][ T5837] bridge_slave_0: entered promiscuous mode [ 107.470004][ T5846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 107.495387][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 107.519673][ T5837] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.526888][ T5837] bridge0: port 2(bridge_slave_1) entered disabled state [ 107.535066][ T5837] bridge_slave_1: entered allmulticast mode [ 107.543361][ T5837] bridge_slave_1: entered promiscuous mode [ 107.613647][ T5846] team0: Port device team_slave_0 added [ 107.639363][ T5843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 107.665867][ T5846] team0: Port device team_slave_1 added [ 107.674924][ T5840] team0: Port device team_slave_0 added [ 107.683758][ T5843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 107.713028][ T5837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 107.738849][ T5840] team0: Port device team_slave_1 added [ 107.776893][ T5837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 107.802853][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 107.810559][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 107.837033][ T5846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 107.853311][ T5843] team0: Port device team_slave_0 added [ 107.887944][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 107.894937][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 107.923546][ T5846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 107.936884][ T5843] team0: Port device team_slave_1 added [ 107.974488][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 107.981723][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 108.009456][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 108.050031][ T5837] team0: Port device team_slave_0 added [ 108.056988][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 108.064445][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 108.090720][ T5843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 108.101832][ T5845] Bluetooth: hci1: command tx timeout [ 108.105086][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 108.107686][ T5142] Bluetooth: hci3: command tx timeout [ 108.120395][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 108.146426][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 108.160727][ T5845] Bluetooth: hci0: command tx timeout [ 108.166880][ T5142] Bluetooth: hci2: command tx timeout [ 108.186998][ T5837] team0: Port device team_slave_1 added [ 108.193981][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 108.202147][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 108.228649][ T5843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 108.297119][ T5846] hsr_slave_0: entered promiscuous mode [ 108.303787][ T5846] hsr_slave_1: entered promiscuous mode [ 108.328542][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 108.335538][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 108.361564][ T5837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 108.396037][ T5840] hsr_slave_0: entered promiscuous mode [ 108.403209][ T5840] hsr_slave_1: entered promiscuous mode [ 108.409655][ T5840] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 108.418068][ T5840] Cannot create hsr debugfs directory [ 108.425806][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 108.432856][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 108.458849][ T5837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 108.552524][ T5843] hsr_slave_0: entered promiscuous mode [ 108.559935][ T5843] hsr_slave_1: entered promiscuous mode [ 108.566157][ T5843] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 108.574348][ T5843] Cannot create hsr debugfs directory [ 108.736592][ T5837] hsr_slave_0: entered promiscuous mode [ 108.743130][ T5837] hsr_slave_1: entered promiscuous mode [ 108.750373][ T5837] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 108.758023][ T5837] Cannot create hsr debugfs directory [ 109.165561][ T5846] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 109.179157][ T5846] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 109.191361][ T5846] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 109.226694][ T5846] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 109.289455][ T5840] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 109.311153][ T5840] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 109.324967][ T5840] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 109.351936][ T5840] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 109.435477][ T5843] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 109.451993][ T5843] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 109.466098][ T5843] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 109.484776][ T5843] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 109.615049][ T5837] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 109.626541][ T5837] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 109.649142][ T5837] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 109.661073][ T5837] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 109.711370][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0 [ 109.769797][ T5846] 8021q: adding VLAN 0 to HW filter on device team0 [ 109.802378][ T2988] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.809733][ T2988] bridge0: port 1(bridge_slave_0) entered forwarding state [ 109.834872][ T2988] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.842082][ T2988] bridge0: port 2(bridge_slave_1) entered forwarding state [ 109.862883][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 109.916117][ T5843] 8021q: adding VLAN 0 to HW filter on device bond0 [ 109.999897][ T5840] 8021q: adding VLAN 0 to HW filter on device team0 [ 110.014214][ T5843] 8021q: adding VLAN 0 to HW filter on device team0 [ 110.052502][ T2988] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.059705][ T2988] bridge0: port 1(bridge_slave_0) entered forwarding state [ 110.070513][ T2988] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.077752][ T2988] bridge0: port 1(bridge_slave_0) entered forwarding state [ 110.112884][ T1088] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.120134][ T1088] bridge0: port 2(bridge_slave_1) entered forwarding state [ 110.148033][ T5142] Bluetooth: hci1: command tx timeout [ 110.153496][ T5142] Bluetooth: hci3: command tx timeout [ 110.165589][ T1088] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.172828][ T1088] bridge0: port 2(bridge_slave_1) entered forwarding state [ 110.231786][ T5845] Bluetooth: hci0: command tx timeout [ 110.240929][ T5142] Bluetooth: hci2: command tx timeout [ 110.306100][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0 [ 110.352648][ T5843] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 110.455559][ T5837] 8021q: adding VLAN 0 to HW filter on device team0 [ 110.495131][ T1104] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.502396][ T1104] bridge0: port 1(bridge_slave_0) entered forwarding state [ 110.526846][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 110.560478][ T1104] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.567906][ T1104] bridge0: port 2(bridge_slave_1) entered forwarding state [ 110.786787][ T5846] veth0_vlan: entered promiscuous mode [ 110.834182][ T5846] veth1_vlan: entered promiscuous mode [ 110.944547][ T5846] veth0_macvtap: entered promiscuous mode [ 110.970653][ T5846] veth1_macvtap: entered promiscuous mode [ 111.010521][ T5843] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 111.054747][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 111.083764][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 111.152485][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 111.190031][ T5846] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.202407][ T5846] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.211952][ T5846] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.221165][ T5846] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.233860][ T5843] veth0_vlan: entered promiscuous mode [ 111.252143][ T5843] veth1_vlan: entered promiscuous mode [ 111.355594][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 111.373143][ T5840] veth0_vlan: entered promiscuous mode [ 111.413884][ T5840] veth1_vlan: entered promiscuous mode [ 111.473247][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.490534][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.499535][ T5843] veth0_macvtap: entered promiscuous mode [ 111.552526][ T5843] veth1_macvtap: entered promiscuous mode [ 111.594946][ T5840] veth0_macvtap: entered promiscuous mode [ 111.613994][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 111.626327][ T1153] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.634933][ T1153] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.642886][ T5840] veth1_macvtap: entered promiscuous mode [ 111.690483][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 111.698171][ T5837] veth0_vlan: entered promiscuous mode [ 111.726768][ T5843] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.736899][ T5843] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.754315][ T5843] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.755617][ T5846] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 111.766483][ T5843] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.858287][ T5837] veth1_vlan: entered promiscuous mode [ 111.885279][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 111.933018][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 111.979802][ T5840] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.992238][ T5840] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.001944][ T5840] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.013455][ T5840] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.092956][ T1104] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.106827][ T1104] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.165490][ T5837] veth0_macvtap: entered promiscuous mode [ 112.217012][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.228492][ T5142] Bluetooth: hci3: command tx timeout [ 112.233968][ T5142] Bluetooth: hci1: command tx timeout [ 112.234586][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.253577][ T5837] veth1_macvtap: entered promiscuous mode [ 112.307663][ T5845] Bluetooth: hci0: command tx timeout [ 112.313420][ T5142] Bluetooth: hci2: command tx timeout [ 112.382150][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 112.403535][ T82] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.422814][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 112.432600][ T82] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.480757][ T5837] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.517271][ T5837] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.543261][ T5837] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.556175][ T5837] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.630323][ T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.650465][ T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.138103][ T82] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.145956][ T82] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.321812][ T1088] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.364349][ T1088] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.871360][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 114.080951][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 114.098034][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 114.108067][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 114.229466][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 114.293096][ T5923] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 114.308766][ T5142] Bluetooth: hci1: command tx timeout [ 114.314213][ T5142] Bluetooth: hci3: command tx timeout [ 114.389896][ T5142] Bluetooth: hci2: command tx timeout [ 114.395862][ T5845] Bluetooth: hci0: command tx timeout [ 114.708049][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 115.589645][ T5927] Zero length message leads to an empty skb [ 115.867252][ T5912] mmap: syz.1.5 (5912) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 116.530895][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 116.788199][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 117.499701][ T5964] netlink: 28 bytes leftover after parsing attributes in process `syz.2.13'. [ 117.676185][ T5967] Console: switching to colour VGA+ 80x25 [ 117.815649][ T5966] FAULT_INJECTION: forcing a failure. [ 117.815649][ T5966] name failslab, interval 1, probability 0, space 0, times 1 [ 117.815721][ T5966] CPU: 1 UID: 0 PID: 5966 Comm: syz.0.14 Not tainted 6.15.0-rc7-syzkaller-00142-g4856ebd99715 #0 PREEMPT(full) [ 117.815761][ T5966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 117.815783][ T5966] Call Trace: [ 117.815795][ T5966] [ 117.815810][ T5966] dump_stack_lvl+0x16c/0x1f0 [ 117.815867][ T5966] should_fail_ex+0x512/0x640 [ 117.815915][ T5966] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 117.815953][ T5966] should_failslab+0xc2/0x120 [ 117.815995][ T5966] __kmalloc_cache_noprof+0x6a/0x3e0 [ 117.816029][ T5966] ? con_insert_unipair+0x1c0/0x270 [ 117.816082][ T5966] con_insert_unipair+0x1c0/0x270 [ 117.816133][ T5966] con_set_default_unimap+0x36f/0x6d0 [ 117.816199][ T5966] fbcon_init+0x1160/0x1900 [ 117.816257][ T5966] visual_init+0x31d/0x620 [ 117.816296][ T5966] do_bind_con_driver.isra.0+0x57a/0xbf0 [ 117.816343][ T5966] store_bind+0x61d/0x760 [ 117.816387][ T5966] ? sysfs_file_kobj+0xe4/0x290 [ 117.816436][ T5966] ? __pfx_store_bind+0x10/0x10 [ 117.816472][ T5966] dev_attr_store+0x55/0x80 [ 117.816525][ T5966] ? __pfx_dev_attr_store+0x10/0x10 [ 117.816572][ T5966] sysfs_kf_write+0xef/0x150 [ 117.816625][ T5966] kernfs_fop_write_iter+0x351/0x510 [ 117.816669][ T5966] ? __pfx_sysfs_kf_write+0x10/0x10 [ 117.816723][ T5966] vfs_write+0x5bd/0x1180 [ 117.816758][ T5966] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 117.816805][ T5966] ? __pfx___mutex_lock+0x10/0x10 [ 117.816859][ T5966] ? __pfx_vfs_write+0x10/0x10 [ 117.816925][ T5966] ksys_write+0x12a/0x240 [ 117.816959][ T5966] ? __pfx_ksys_write+0x10/0x10 [ 117.816990][ T5966] ? rcu_is_watching+0x12/0xc0 [ 117.817036][ T5966] do_syscall_64+0xcd/0x230 [ 117.817090][ T5966] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.817124][ T5966] RIP: 0033:0x7fb66ab8e969 [ 117.817150][ T5966] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 117.817189][ T5966] RSP: 002b:00007fb66ba91038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 117.817219][ T5966] RAX: ffffffffffffffda RBX: 00007fb66adb5fa0 RCX: 00007fb66ab8e969 [ 117.817241][ T5966] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003 [ 117.817260][ T5966] RBP: 00007fb66ac10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 117.817276][ T5966] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 117.817294][ T5966] R13: 0000000000000000 R14: 00007fb66adb5fa0 R15: 00007fff4b3acdc8 [ 117.817340][ T5966] [ 117.901406][ T5966] Console: switching to colour frame buffer device 128x48 [ 119.152444][ T5989] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 121.377685][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 124.827783][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 125.021702][ T6038] can: request_module (can-proto-0) failed. [ 125.185709][ T6047] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input5 [ 126.953890][ T30] audit: type=1806 audit(1748099458.570:2): res=-14 [ 128.336886][ T30] audit: type=1800 audit(1748099459.960:3): pid=6096 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.37" name="dbroot" dev="configfs" ino=7647 res=0 errno=0 [ 129.062514][ T6111] zswap: compressor not available [ 132.632864][ T6137] netlink: 4 bytes leftover after parsing attributes in process `syz.2.44'. [ 132.684549][ T6137] netlink: 32 bytes leftover after parsing attributes in process `syz.2.44'. [ 133.855226][ T6174] FAULT_INJECTION: forcing a failure. [ 133.855226][ T6174] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 133.999916][ T6174] CPU: 1 UID: 0 PID: 6174 Comm: syz.2.52 Not tainted 6.15.0-rc7-syzkaller-00142-g4856ebd99715 #0 PREEMPT(full) [ 133.999961][ T6174] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 133.999979][ T6174] Call Trace: [ 133.999990][ T6174] [ 134.000002][ T6174] dump_stack_lvl+0x16c/0x1f0 [ 134.000059][ T6174] should_fail_ex+0x512/0x640 [ 134.000114][ T6174] _copy_from_user+0x2e/0xd0 [ 134.000147][ T6174] move_addr_to_kernel+0x65/0x170 [ 134.000204][ T6174] __sys_bind+0x11b/0x260 [ 134.000238][ T6174] ? __pfx___sys_bind+0x10/0x10 [ 134.000288][ T6174] ? rcu_is_watching+0x12/0xc0 [ 134.000328][ T6174] __x64_sys_bind+0x72/0xb0 [ 134.000358][ T6174] ? lockdep_hardirqs_on+0x7c/0x110 [ 134.000407][ T6174] do_syscall_64+0xcd/0x230 [ 134.000460][ T6174] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 134.000493][ T6174] RIP: 0033:0x7f24ad98e969 [ 134.000519][ T6174] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 134.000550][ T6174] RSP: 002b:00007f24ae796038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 134.000581][ T6174] RAX: ffffffffffffffda RBX: 00007f24adbb5fa0 RCX: 00007f24ad98e969 [ 134.000602][ T6174] RDX: 0000000000000068 RSI: 0000200000000000 RDI: 0000000000000003 [ 134.000622][ T6174] RBP: 00007f24ada10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 134.000641][ T6174] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 134.000661][ T6174] R13: 0000000000000000 R14: 00007f24adbb5fa0 R15: 00007ffc6ebe2668 [ 134.000703][ T6174] [ 134.164290][ C1] vkms_vblank_simulate: vblank timer overrun [ 134.472156][ T6183] Invalid ELF header magic: != ELF [ 134.525124][ T6181] tipc: Started in network mode [ 134.551410][ T6181] tipc: Node identity ee00, cluster identity 4711 [ 134.581848][ T6181] tipc: Node number set to 60928 [ 135.381738][ T6194] HfR: entered promiscuous mode [ 135.441389][ T6183] device-mapper: ioctl: ioctl interface mismatch: kernel(4.49.0), user(0.0.0), cmd(5) [ 135.759565][ T6199] [ 135.761958][ T6199] ====================================================== [ 135.769100][ T6199] WARNING: possible circular locking dependency detected [ 135.776227][ T6199] 6.15.0-rc7-syzkaller-00142-g4856ebd99715 #0 Not tainted [ 135.783350][ T6199] ------------------------------------------------------ [ 135.790377][ T6199] syz.0.57/6199 is trying to acquire lock: [ 135.796195][ T6199] ffff888144314058 (&q->elevator_lock){+.+.}-{4:4}, at: elv_iosched_store+0x201/0x5f0 [ 135.805822][ T6199] [ 135.805822][ T6199] but task is already holding lock: [ 135.813200][ T6199] ffff888144313b28 (&q->q_usage_counter(io)#55){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 135.824494][ T6199] [ 135.824494][ T6199] which lock already depends on the new lock. [ 135.824494][ T6199] [ 135.834917][ T6199] [ 135.834917][ T6199] the existing dependency chain (in reverse order) is: [ 135.843945][ T6199] [ 135.843945][ T6199] -> #2 (&q->q_usage_counter(io)#55){++++}-{0:0}: [ 135.852602][ T6199] blk_alloc_queue+0x619/0x760 [ 135.857924][ T6199] blk_mq_alloc_queue+0x179/0x290 [ 135.863519][ T6199] __blk_mq_alloc_disk+0x29/0x120 [ 135.869104][ T6199] nbd_dev_add+0x49d/0xbb0 [ 135.874066][ T6199] nbd_init+0x181/0x320 [ 135.878783][ T6199] do_one_initcall+0x120/0x6e0 [ 135.884099][ T6199] kernel_init_freeable+0x5c2/0x900 [ 135.889852][ T6199] kernel_init+0x1c/0x2b0 [ 135.894735][ T6199] ret_from_fork+0x48/0x80 [ 135.899690][ T6199] ret_from_fork_asm+0x1a/0x30 [ 135.905009][ T6199] [ 135.905009][ T6199] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 135.912254][ T6199] fs_reclaim_acquire+0x102/0x150 [ 135.917842][ T6199] kmem_cache_alloc_noprof+0x53/0x3b0 [ 135.923759][ T6199] __kernfs_new_node+0xd2/0x8a0 [ 135.929150][ T6199] kernfs_new_node+0x13c/0x1e0 [ 135.934455][ T6199] kernfs_create_dir_ns+0x4c/0x1a0 [ 135.940115][ T6199] sysfs_create_dir_ns+0x13a/0x2b0 [ 135.945794][ T6199] kobject_add_internal+0x2c4/0x9b0 [ 135.951534][ T6199] kobject_add+0x16e/0x240 [ 135.956493][ T6199] elv_register_queue+0xd3/0x2a0 [ 135.961984][ T6199] blk_register_queue+0x3c4/0x560 [ 135.967549][ T6199] add_disk_fwnode+0x911/0x13a0 [ 135.972961][ T6199] nbd_dev_add+0x78e/0xbb0 [ 135.977923][ T6199] nbd_init+0x181/0x320 [ 135.982645][ T6199] do_one_initcall+0x120/0x6e0 [ 135.987977][ T6199] kernel_init_freeable+0x5c2/0x900 [ 135.993824][ T6199] kernel_init+0x1c/0x2b0 [ 135.998721][ T6199] ret_from_fork+0x48/0x80 [ 136.003686][ T6199] ret_from_fork_asm+0x1a/0x30 [ 136.009010][ T6199] [ 136.009010][ T6199] -> #0 (&q->elevator_lock){+.+.}-{4:4}: [ 136.016868][ T6199] __lock_acquire+0x1173/0x1ba0 [ 136.022273][ T6199] lock_acquire+0x179/0x350 [ 136.027447][ T6199] __mutex_lock+0x199/0xb90 [ 136.032511][ T6199] elv_iosched_store+0x201/0x5f0 [ 136.038005][ T6199] queue_attr_store+0x273/0x310 [ 136.043398][ T6199] sysfs_kf_write+0xef/0x150 [ 136.048544][ T6199] kernfs_fop_write_iter+0x351/0x510 [ 136.054383][ T6199] iter_file_splice_write+0x91f/0x1150 [ 136.060406][ T6199] direct_splice_actor+0x18f/0x6c0 [ 136.066165][ T6199] splice_direct_to_actor+0x342/0xa30 [ 136.072096][ T6199] do_splice_direct+0x174/0x240 [ 136.077507][ T6199] do_sendfile+0xafd/0xe50 [ 136.082467][ T6199] __x64_sys_sendfile64+0x1d8/0x220 [ 136.088297][ T6199] do_syscall_64+0xcd/0x230 [ 136.093359][ T6199] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.099882][ T6199] [ 136.099882][ T6199] other info that might help us debug this: [ 136.099882][ T6199] [ 136.110210][ T6199] Chain exists of: [ 136.110210][ T6199] &q->elevator_lock --> fs_reclaim --> &q->q_usage_counter(io)#55 [ 136.110210][ T6199] [ 136.123993][ T6199] Possible unsafe locking scenario: [ 136.123993][ T6199] [ 136.131456][ T6199] CPU0 CPU1 [ 136.136908][ T6199] ---- ---- [ 136.142293][ T6199] lock(&q->q_usage_counter(io)#55); [ 136.147710][ T6199] lock(fs_reclaim); [ 136.154245][ T6199] lock(&q->q_usage_counter(io)#55); [ 136.162170][ T6199] lock(&q->elevator_lock); [ 136.166783][ T6199] [ 136.166783][ T6199] *** DEADLOCK *** [ 136.166783][ T6199] [ 136.175111][ T6199] 5 locks held by syz.0.57/6199: [ 136.180059][ T6199] #0: ffff88803117e420 (sb_writers#7){.+.+}-{0:0}, at: splice_direct_to_actor+0x342/0xa30 [ 136.190141][ T6199] #1: ffff888029ac7088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 [ 136.200034][ T6199] #2: ffff888020329968 (kn->active#75){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 [ 136.210108][ T6199] #3: ffff888144313b28 (&q->q_usage_counter(io)#55){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 136.221833][ T6199] #4: ffff888144313b60 (&q->q_usage_counter(queue)#7){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 136.233760][ T6199] [ 136.233760][ T6199] stack backtrace: [ 136.239665][ T6199] CPU: 1 UID: 0 PID: 6199 Comm: syz.0.57 Not tainted 6.15.0-rc7-syzkaller-00142-g4856ebd99715 #0 PREEMPT(full) [ 136.239698][ T6199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 136.239715][ T6199] Call Trace: [ 136.239723][ T6199] [ 136.239732][ T6199] dump_stack_lvl+0x116/0x1f0 [ 136.239782][ T6199] print_circular_bug+0x275/0x350 [ 136.239819][ T6199] check_noncircular+0x14c/0x170 [ 136.239857][ T6199] __lock_acquire+0x1173/0x1ba0 [ 136.239899][ T6199] lock_acquire+0x179/0x350 [ 136.239933][ T6199] ? elv_iosched_store+0x201/0x5f0 [ 136.239971][ T6199] ? __pfx___might_resched+0x10/0x10 [ 136.240002][ T6199] ? do_raw_spin_lock+0x12c/0x2b0 [ 136.240046][ T6199] __mutex_lock+0x199/0xb90 [ 136.240086][ T6199] ? elv_iosched_store+0x201/0x5f0 [ 136.240122][ T6199] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 136.240159][ T6199] ? elv_iosched_store+0x201/0x5f0 [ 136.240194][ T6199] ? lockdep_hardirqs_on+0x7c/0x110 [ 136.240233][ T6199] ? __pfx___mutex_lock+0x10/0x10 [ 136.240279][ T6199] ? __pfx_autoremove_wake_function+0x10/0x10 [ 136.240316][ T6199] ? elv_iosched_store+0x201/0x5f0 [ 136.240350][ T6199] elv_iosched_store+0x201/0x5f0 [ 136.240385][ T6199] ? __x64_sys_sendfile64+0x1d8/0x220 [ 136.240419][ T6199] ? __pfx_elv_iosched_store+0x10/0x10 [ 136.240457][ T6199] ? __mutex_trylock_common+0xe9/0x250 [ 136.240495][ T6199] ? __pfx_elv_iosched_store+0x10/0x10 [ 136.240531][ T6199] queue_attr_store+0x273/0x310 [ 136.240556][ T6199] ? __pfx_queue_attr_store+0x10/0x10 [ 136.240590][ T6199] ? find_held_lock+0x2b/0x80 [ 136.240615][ T6199] ? sysfs_file_kobj+0xe4/0x290 [ 136.240656][ T6199] ? __pfx_queue_attr_store+0x10/0x10 [ 136.240680][ T6199] sysfs_kf_write+0xef/0x150 [ 136.240720][ T6199] kernfs_fop_write_iter+0x351/0x510 [ 136.240761][ T6199] ? __pfx_sysfs_kf_write+0x10/0x10 [ 136.240802][ T6199] iter_file_splice_write+0x91f/0x1150 [ 136.240856][ T6199] ? __pfx_iter_file_splice_write+0x10/0x10 [ 136.240901][ T6199] ? __pfx_copy_splice_read+0x10/0x10 [ 136.240950][ T6199] ? __pfx_iter_file_splice_write+0x10/0x10 [ 136.240994][ T6199] direct_splice_actor+0x18f/0x6c0 [ 136.241040][ T6199] splice_direct_to_actor+0x342/0xa30 [ 136.241081][ T6199] ? __pfx_direct_splice_actor+0x10/0x10 [ 136.241126][ T6199] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 136.241173][ T6199] do_splice_direct+0x174/0x240 [ 136.241214][ T6199] ? __pfx_do_splice_direct+0x10/0x10 [ 136.241254][ T6199] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 136.241297][ T6199] ? rw_verify_area+0xcf/0x680 [ 136.241339][ T6199] do_sendfile+0xafd/0xe50 [ 136.241366][ T6199] ? __pfx_do_sendfile+0x10/0x10 [ 136.241392][ T6199] ? __x64_sys_futex+0x1e0/0x4c0 [ 136.241421][ T6199] ? __x64_sys_futex+0x1e9/0x4c0 [ 136.241452][ T6199] __x64_sys_sendfile64+0x1d8/0x220 [ 136.241484][ T6199] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 136.241520][ T6199] ? rcu_is_watching+0x12/0xc0 [ 136.241549][ T6199] do_syscall_64+0xcd/0x230 [ 136.241591][ T6199] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.241618][ T6199] RIP: 0033:0x7fb66ab8e969 [ 136.241639][ T6199] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 136.241665][ T6199] RSP: 002b:00007fb66ba91038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 136.241689][ T6199] RAX: ffffffffffffffda RBX: 00007fb66adb5fa0 RCX: 00007fb66ab8e969 [ 136.241706][ T6199] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 136.241722][ T6199] RBP: 00007fb66ac10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 136.241739][ T6199] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 136.241762][ T6199] R13: 0000000000000000 R14: 00007fb66adb5fa0 R15: 00007fff4b3acdc8 [ 136.241789][ T6199] [ 136.604421][ C1] vkms_vblank_simulate: vblank timer overrun [ 137.012972][ T6205] syz.2.58 uses obsolete (PF_INET,SOCK_PACKET) [ 137.082226][ T5142] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 137.989926][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 137.996311][ T1299] ieee802154 phy1 wpan1: encryption failed: -22