last executing test programs: 9.064585839s ago: executing program 1 (id=543): socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec18\x00', 0x900, 0x0) openat$auto_o2hb_debug_fops_heartbeat(0xffffffffffffff9c, &(0x7f0000001d80)='/sys/kernel/debug/o2hb/failed_regions\x00', 0x200, 0x0) ioctl$auto_CEC_DQEVENT(r0, 0xc0506107, &(0x7f0000000280)={0x4, 0x3, 0xa, @state_change={0xc, 0x6, 0x8}}) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80502, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f00000000c0)) write$auto(0xffffffffffffffff, 0x0, 0x7) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC1\x00', 0x20400, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x4, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_tap_fops_tap(0xffffffffffffff9c, 0x0, 0x80000, 0x0) socketpair$auto(0x4, 0x2, 0x10, &(0x7f0000000040)=0x7) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x6, 0x1, 0x948b, 0x3, 0x1, 0x572f14dc, 0x80000000, 0x80000000, 0x0, 0x7, 0x6d3c, 0x7, 0x2, 0x1]}, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1fe, 0x3, 0xd, 0x1, 0x948b, 0x0, 0x15f4da0a, 0x41000000003, 0x9, 0x62, 0x8000001b, 0x7, 0x6d3e, 0x9, 0x2, 0x200]}, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) syz_genetlink_get_family_id$auto_mac80211_hwsim(0x0, r1) close_range$auto(0x2, 0x8, 0x0) 8.487351211s ago: executing program 3 (id=547): mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(0x3, 0x0, 0x7fffffff) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) connect$auto(0x4, 0x0, 0x10) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) read$auto(0x3, 0x0, 0x1f40) read$auto(0x4, 0x0, 0xfdef) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x5) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x2) madvise$auto(0x0, 0x200007, 0x8) madvise$auto(0x0, 0x2003f0, 0x15) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) munmap$auto(0x8000, 0xffffffff) syz_genetlink_get_family_id$auto_nfc(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$auto_NFC_CMD_STOP_POLL(0xffffffffffffffff, 0x0, 0x44084) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) mmap$auto(0x0, 0x2020009, 0x3, 0x400000eb1, 0xfffffffffffffffa, 0x8000) 7.657763377s ago: executing program 2 (id=549): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/loop14/queue/dma_alignment\x00', 0x80000, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty17\x00', 0x1, 0x0) write$auto_tty_fops_tty_io(r1, 0x0, 0x0) ioctl$auto_BLKSECDISCARD(0xffffffffffffffff, 0x127d, 0x0) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) shmctl$auto_SHM_UNLOCK(0x200, 0xc, &(0x7f0000001340)={{0x33c, 0xee00, 0x0, 0xffff129a, 0x6, 0x4, 0x101}, 0x3ff, 0x200, 0x1, 0x3, @inferred, @raw=0x1, 0xb0fc, 0x0, &(0x7f0000001140), &(0x7f0000001240)="b84715281ddec019e72aeaf72098c1e75dc7c1d6e353dff804f7f17598a5e3727bb531248c92fb8cf667076b3e2b25215de9b7bd27a303622c2d4c6cb8f7b3a5b6bcad6a5bf011c6afd8df9427bd8a0cd16a92c8e72b0d5b4e88f6e3923d34b937272c40fc3ae19a067a6b4144b8af52f218faf71590e7f419c446474d10b867ea631caa867d0789138c5185af52b1ff821ad46ebf43e410b8c499202b9efbe3ee07720c67378c95ae5f00d9159207dde5176393b738b1ee61937f71ae85973859600e766a175a54909b919ebb85595880631f2fd2ae00ce"}) sendmsg$auto_OVS_METER_CMD_SET(r3, &(0x7f0000001700)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000016c0)={&(0x7f00000013c0)={0x194, 0x0, 0x10, 0x70bd2a, 0x25dfdbff, {}, [@OVS_METER_ATTR_MAX_BANDS={0x8, 0x8, 0x401}, @OVS_METER_ATTR_ID={0x8, 0x1, 0x9}, @OVS_METER_ATTR_CLEAR={0x4}, @OVS_METER_ATTR_BANDS={0x162, 0x4, 0x0, 0x1, [@nested={0x4, 0x12}, @generic, @nested={0x4d, 0x133, 0x0, 0x1, [@nested={0x4, 0x7e}, @generic="cb3adaaa8050d02e59e3a35817b86abf6e50dad81d19cb89b8c88b9cf3dc65e894367f66f7116b4a88e117a7e64f704d60e4237d3e2172b92e159ee2c7f123212f7abaa695"]}, @generic, @generic="25d47284607b2c07199283cd19df57ba77024292c3743a0dcdc99ae0392e5cd13e870cb8967cd32f8b6a528c2e1a736cccc9b951e47f55ef9c969515e312799274b06bc2edc767391dcac5e0c0a504973add5e82e531274f1611b3b5d97d40016a3169403d2b3329dbb434127ecad9bb33fb9caee7a337916007e37e6de6b5e53b8fb770027eb844cde3c4e855aeb7fb5e607e4ef37f0444fcacd864d9ce58ef624129a9a8fbdc", @generic="d1b9fdf7cf5b3f8dd81fd56e0a0c025af9c620a2f9c608d6ebb07a600e13eb89987aae059f1ae4c0e16f2c078cec01ff5035efd6994c116587b6b1b5c3e32be98c790b2bf56efac707d3475e1503e637070d518b14e992385acb1d", @typed={0x8, 0x4b, 0x0, 0x0, @uid=r4}]}, @OVS_METER_ATTR_MAX_BANDS={0x8, 0x8, 0x9}]}, 0x194}, 0x1, 0x0, 0x0, 0x24000001}, 0x40) r5 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) execveat$auto(r5, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) rename$auto(&(0x7f0000000040)='./file0\x00', &(0x7f0000000340)='./file0\x00') rename$auto(&(0x7f0000000000)='./file0\x00', &(0x7f00000002c0)='./file1\x00') openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/fail-nth\x00', 0x202082, 0x0) openat$auto_btrfs_ctl_fops_super(0xffffffffffffff9c, &(0x7f0000000100), 0x28000, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) 6.575586162s ago: executing program 2 (id=551): socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x601, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r0, 0x0, 0x4000000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14f602, 0x0) write$auto(0x3, 0x0, 0x100082) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) msgctl$auto_IPC_RMID(0x7, 0x0, 0x0) socket(0xa, 0x4, 0x5) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r1 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0xffffffffffffffff, 0x20007, 0x80000000084000df, 0x10004000eb1, r1, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) getpriority$auto_PRIO_USER(0x2, 0x0) sendmmsg$auto(0x3, 0x0, 0x787b, 0x7000000) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) mincore$auto(0x1000, 0x4000000, 0x0) 6.101996397s ago: executing program 1 (id=553): statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x401bf, 0x7352, 0x31, 0x8000, 0x1ffde, 0x1, 0x2, 0x1, 0x9, 0x3, 0x5, 0x8, 0x3002, 0x9, 0xb, 0x80010002, 0x80, 0xd8f9, 0x0, 0x7, 0x2, 0x203, 0x400, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x1fe, 0xd) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x2, 0x80002, 0x73) socket(0xa, 0x5, 0x0) r1 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x0, 0x0) ioctl$auto(r1, 0x900064b4, 0x2000000000000c37) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) setsockopt$auto(0x3, 0x29, 0x43, 0x0, 0x9) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x24008000) mmap$auto(0x0, 0xfb1, 0xffffffff, 0x9b72, 0x2, 0x8000) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000140), r2) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r0, &(0x7f0000000400)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, r3, 0x400, 0x70bd2b, 0x25dfdbfd, {}, [@NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0xd1) r4 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000b80), r2) sendmsg$auto_IOAM6_CMD_DEL_SCHEMA(r2, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000bc0)={0x1c, r4, 0x1, 0x70bd29, 0x25dfdbfb, {}, [@IOAM6_ATTR_SC_ID={0x8, 0x4, 0x3}]}, 0x1c}}, 0x40040) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r5 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r5, &(0x7f0000000200)={{0x0, 0xfc, &(0x7f0000000100)={0x0, 0xfc6}, 0x2, 0x0, 0x7, 0x3}, 0x800}, 0x7, 0x4008) open(&(0x7f0000000040)='./file0\x00', 0x149443, 0x0) 5.025528409s ago: executing program 0 (id=554): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) write$auto(0xca, 0x0, 0x2d9) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socket(0x2c, 0x1, 0x3) socket$nl_generic(0x10, 0x3, 0x10) pwrite64$auto(0xffffffffffffffff, 0x0, 0x2, 0x3) mmap$auto(0x0, 0x40009, 0xdf, 0x9b76, 0x7, 0x28000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8ad00, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, 0x0, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) write$auto(0x3, 0x0, 0xffd8) socket(0x28, 0x1, 0x1) socket$nl_generic(0x10, 0x3, 0x10) 5.025399783s ago: executing program 1 (id=555): connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0xa}}, 0x54) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/ptp/ptp0/n_vclocks\x00', 0x8502, 0x0) symlink$auto(&(0x7f0000001500)='./file0/file0\x00', 0x0) io_uring_setup$auto(0x401, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x11, 0x3, 0x2) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/cifs/Stats\x00', 0x28102, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) listmount$auto(0xfffffffffffffffd, 0x0, 0x8, 0x0) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) madvise$auto(0x110c230000, 0x1, 0x9) socket(0xa, 0x2, 0x0) mmap$auto(0x0, 0x40009, 0x36, 0x9b72, 0x7, 0x28000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x2003f0, 0x18) openat$auto_tracing_err_log_fops_trace(0xffffffffffffff9c, 0x0, 0xb01, 0x0) write$auto(0x3, 0x0, 0x7fffffff) ioctl$sock_SIOCGIFINDEX(r0, 0x8954, 0x0) 5.024931952s ago: executing program 2 (id=556): mmap$auto(0x0, 0x4, 0xffffffffffffffff, 0x400eb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0xe, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) getcwd$auto(0x0, 0xfffffffffffdffff) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) writev$auto(0xffffffffffffffff, 0x0, 0x8) write$auto(r0, 0x0, 0x100000a3d9) mmap$auto(0x0, 0x400008, 0x0, 0x19, 0x2, 0x8000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'veth0\x00'}) close_range$auto(0x0, 0xffffffffffffffff, 0x2) socket(0xa, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) r2 = socket(0x18, 0x5, 0x1) connect$auto(r2, &(0x7f0000000000)=@in={0x2, 0x100}, 0x3a) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) 4.639222823s ago: executing program 3 (id=557): close_range$auto(0x0, 0x5, 0x0) fanotify_init$auto(0x5, 0x2000000000002) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0xa, 0x801, 0x84) socket(0x23, 0x5, 0x2) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event0\x00', 0x2000, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL802154_CMD_ASSOCIATE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x14, r2, 0xf8de1f2d89e6b801, 0x70bd28, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x40850}, 0x10884) sendmsg$auto_NL802154_CMD_NEW_SEC_DEVKEY(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000001c0)={0x14, r2, 0x4, 0x70bd2a, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x24000000}, 0x40000) sendmsg$auto_NL802154_CMD_STOP_BEACONS(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, r2, 0x45685a65958df7a7, 0x70bd25, 0x25dfdbfd, {}, [@NL802154_ATTR_MAX_ASSOCIATIONS={0x8, 0x27, 0x5}, @NL802154_ATTR_SCAN_CHANNELS={0x8, 0x21, 0x6}]}, 0x24}, 0x1, 0x0, 0x0, 0x40001}, 0x40) setsockopt$auto(0x1, 0x1, 0xa, &(0x7f0000000000)='\xe1', 0xbb) ioctl$auto(0x1, 0x541b, 0x8) inotify_init1$auto(0x3000000000000) socket(0x15, 0x5, 0x0) r3 = socket(0xa, 0x802, 0x3a) setsockopt$auto(r3, 0x29, 0x21, &(0x7f0000000880)='\x15!\xa8^J/\xddCx4!\x00\xd3\x8f\xff\x1b\x01\x1e\xe2\xa8\xd6\xd9\xc0\xa2\x0f\x88\xb1e\x8a\xd8?\xfe\xda\xc4\xef\xff(i\xc6@\xf2Vw\xbe\x1c$\xddm\x8a\x9d\x91_\vBj\x0eQ\xce\x16\'C\x8c\x01\x80\x92u\xd5\xb8\\\x82,\xe2=y\x9bR\xbcn\xa0c\x16~\x86\"t\x00\x00\x00\x00\xe4\xa5\xfe\xb5h\xae\xec%\xf9\x94>\xd6,\xf3\x98\'\xb0\t~~\xb4\x98\xbb3=A\x9c\x17\xaa\xce\fh-M\xdb-\x15VX\xfe\xca+\xb5\x95\xb3JL\x0fl\xe84\xbd\xa3nO\x9f\xfa\xb1\x06$\b$i3\x83\xd7\x06\xd6\x1e\xdbB\x9bb\x1cXC\x8c\x8b\xd9\xff\xf2Bf\x99!Z\x13\xff\xca\xf3e\x015\x9b\x86\xd6$\x1a\r3\x91\xb7\x942\xeb\xadVA\xfc\x1f\xbf1\xb7T\xc1\xbf\xc0\xc2\xfc\xe8w\xd33\xb2,\xb0\x9fA3\xc2\xa2\x1cM\x825\x94U\xbbNeb\xd2\xa9\x0f\xed\x8b\xea\xfa\x8a\x04.\xffMIw\x0f\xd6\xae^\xd2\xf1j\xcb\r\xa4\x1d0d\xca\x81\x9c\x80GL\x0e\xe6\x19\x8au\x1a7\xc5|\xf6\x1e\xe00\xc6\"\x83\x1c\xa2\x9e\a\x1c\xea\xa3\x9c\xe1BF\x05b\xf6\xdcf\x04\xd9B\xb9\x98\x9cq\xbd\xfb\xb5~\xf2\x8d\x9f`\xec\xd0\xafY\xcf\x84', 0x18000113) 4.115558619s ago: executing program 3 (id=558): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) writev$auto(0x3, 0x0, 0x8009) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$auto_OVS_FLOW_CMD_DEL(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x18, r1, 0x1, 0x70bd2d, 0x25dfdbfd, {}, [@OVS_FLOW_ATTR_KEY={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x40}, 0x800) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x4, 0x300000000000) mmap$auto(0x3, 0x402000b, 0x2000006, 0xeb1, 0x401, 0xfff) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) r2 = io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) unshare$auto(0x40000080) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/bonding/all_slaves_active\x00', 0xb02, 0x0) pwritev$auto(0x3, &(0x7f0000001000)={0x0, 0x8}, 0x5, 0x3, 0x9) read$auto(0x3, 0x0, 0xf34) read$auto(r2, &(0x7f00000000c0)='/sys/devices/virtual/net/bond0/bonding/all_slaves_active\x00', 0x5) write$auto(0x3, 0x0, 0xffd8) 4.114679693s ago: executing program 2 (id=559): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000080)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x4, 0x2e) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) setsockopt$auto(0xffffffffffffffff, 0x9, 0x69ce, &(0x7f0000000040)='(%}[\x00', 0x3) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x800, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xa0b02, 0x0) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/security/tomoyo/profile\x00', 0x48802, 0x0) write$auto(0x3, 0x0, 0x70) write$auto(0x3, 0x0, 0xfdef) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0x2, 0x8000) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) mremap$auto(0x4000, 0xb8, 0x13fd4, 0x3, 0xfffff000) 3.99603231s ago: executing program 0 (id=560): socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x54) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) setresuid$auto(0x0, 0x8, 0x0) setfsuid$auto(0x0) r0 = socket(0x11, 0x3, 0x2) getsockopt$auto(r0, 0x107, 0x1, 0x0, 0x0) madvise$auto(0x0, 0x240007, 0x19) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r1 = socket(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmmsg$auto(r1, 0x0, 0x5, 0x7) sendto$auto(r1, 0x0, 0xfffffffffffffdef, 0x8, 0x0, 0x20) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x101000, 0x0) r2 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/interrupts\x00', 0x18b202, 0x0) pread64$auto(r2, 0x0, 0x100000001, 0x100) 3.473564322s ago: executing program 1 (id=561): mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/config/target/core/alua/lu_gps/default_lu_gp/members\x00', 0x0, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x8000, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2c, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x5, 0x2000000000002) socket$nl_generic(0x10, 0x3, 0x10) socket(0x26, 0x80805, 0x0) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) pidfd_getfd$auto(0x3, 0x1, 0x100000000) bpf$auto(0x0, &(0x7f0000000040)=@bpf_attr_5={@target_ifindex=r2, r1, 0x99, 0x8, 0x1, @relative_id=0x8, 0x5}, 0x92) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x3}, 0xc) bpf$auto(0x1, &(0x7f00000001c0)=@raw_tracepoint={0x5, r0, 0x0, 0x6}, 0xc) 2.796076782s ago: executing program 1 (id=562): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000) socket(0x11, 0x80003, 0x300) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xc2481, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) epoll_create$auto(0x4) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) bpf$auto(0x0, 0x0, 0x6f3) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x88542, 0x0) 2.62835049s ago: executing program 0 (id=563): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = set_tid_address$auto(0x0) r1 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000240)='/dev/video37\x00', 0x8a240, 0x0) ioctl$auto(r1, 0x5646, r1) read$auto_v4l2_fops_v4l2_dev(r1, 0x0, 0x0) read$auto(r1, 0x0, 0xffffffff) syz_open_procfs$namespace(r0, &(0x7f0000000080)) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) socket(0x2, 0x1, 0x106) getsockopt$auto(0xffffffffffffffff, 0x110, 0x9, 0xffffffffffffffff, 0x0) openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000040), 0x80040, 0x0) unshare$auto(0x40000080) r2 = socket(0x2, 0x3, 0xa) getsockopt$auto(r2, 0x0, 0x29, 0x0, &(0x7f0000000040)=0xdbb) close_range$auto(0x2, 0x8, 0x0) r3 = socket(0x1e, 0x805, 0x0) sysfs$auto(0x2, 0x1a, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) fsopen$auto(0x0, 0x1) fsconfig$auto(r3, 0x3, &(0x7f0000000000)='4\x93f\x06\x04\x00\x00', &(0x7f0000000040), 0x7f) 1.858110685s ago: executing program 3 (id=564): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) socket(0x1, 0x1, 0x0) socket(0x10, 0x2, 0x4) socket(0x10, 0x2, 0x14) socket(0x11, 0x80003, 0x300) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer2\x00', 0x201, 0x0) open(&(0x7f0000000480)='./cgroup.cpu/cgroup.procs\x00', 0x2000, 0x20) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x86) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x3a) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000200), 0xc02, 0x0) write$auto(r0, 0x0, 0xc3) 1.626402011s ago: executing program 0 (id=565): futex_waitv$auto(&(0x7f0000000000)={0xf, 0x5d94, 0x4, 0x4}, 0x77, 0x0, 0x0, 0x62bd) open(&(0x7f0000000000)='./file0\x00', 0xa240, 0x15e) r0 = socket(0xa, 0x3, 0x3a) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffff7, 0x8000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x6) socket(0xa, 0x801, 0x106) socket$nl_generic(0x10, 0x3, 0x10) eventfd$auto(0x3) eventfd$auto(0x0) socket(0x2, 0x3, 0x1) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0xa, 0x2, 0x88) bpf$auto(0x0, &(0x7f0000000000)=@link_update={r1, @new_prog_fd=0x4, 0x4, @old_map_fd=r0}, 0xa3) 1.263130388s ago: executing program 0 (id=566): r0 = socket(0x2, 0x5, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000380)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/wakeup/wakeup7/event_count\x00', 0x1c2580, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000080)=""/86, 0x56) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) getcwd$auto(0x0, 0xffffffffffffffff) setsockopt$auto(0x3, 0x10000000084, 0x2, 0x0, 0x8) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x2, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000005c0)='/sys/devices/virtual/nfc/nfc1/rfkill1/soft\x00', 0xa3182, 0x0) sendfile$auto(r2, r2, 0x0, 0xffffffff) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_packet(0x0, 0xffffffffffffffff) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1fff8}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) ioperm$auto(0x6, 0x18001, 0x80001) mbind$auto(0x7, 0x2091d2, 0x4, 0x0, 0x6, 0x2) ioprio_set$auto(0x7, 0x0, 0xfff) unshare$auto(0x40000080) recvmmsg$auto(0x3, 0x0, 0x687bcbd, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x20540, 0x0) io_uring_setup$auto(0x6, 0x0) 1.197206565s ago: executing program 3 (id=567): setsockopt$auto(0xffffffffffffffff, 0x9, 0x69ce, 0x0, 0x3) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xa0b02, 0x0) r0 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/pagemap\x00', 0x102, 0x0) ioctl$auto_PAGEMAP_SCAN(r0, 0xc0606610, 0x0) read$auto(0xffffffffffffffff, 0x0, 0xb4d3) write$auto(0x3, 0x0, 0x70) write$auto(0x3, 0x0, 0xfdef) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) get_mempolicy$auto(0x0, 0x0, 0x7f, 0x8, 0x3) mremap$auto(0x4000, 0xb8, 0x13fd4, 0x3, 0xfffff000) adjtimex$auto(0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffffff, 0x0, 0x0) io_uring_setup$auto(0x59, 0x0) 696.378379ms ago: executing program 2 (id=568): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x4000000000007, 0xa505}, 0x800}, 0x4, 0x4008) socket(0x29, 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) openat$auto_tracing_mark_raw_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/trace_marker_raw\x00', 0x401, 0x0) ioctl$auto_TIOCSWINSZ(0xffffffffffffffff, 0x5414, 0x0) socket(0x11, 0x3, 0x9) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x5, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x202002, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x40, 0x0) write$auto(0x3, 0x0, 0x5c8) ioctl$auto(0x3, 0xae41, r0) 643.333577ms ago: executing program 1 (id=569): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/LNXSYSTM:00/LNXPWRBN:00/input/input0/inhibited\x00', 0x20b42, 0x0) clone$auto(0x1, 0x0, &(0x7f0000000040)=0xad, &(0x7f0000000080)=0x6, 0x8) arch_prctl$auto_ARCH_SET_GS(0x1001, 0x7fff) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/fs/cifs/smbd_max_frmr_depth\x00', 0x40302, 0x0) mmap$auto(0x0, 0x1, 0x800000000df, 0x9b72, 0xffffffffffffffff, 0x8000) read$auto(0x3, 0x0, 0x80) write$auto(0x3, 0x0, 0x81) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth0\x00'}) close_range$auto(0x0, 0xffffffffffffffff, 0x2) capset$auto(0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) select$auto(0x0, &(0x7f0000000040)={[0x9, 0x4, 0x34, 0x9, 0x1, 0x1, 0xa, 0x6, 0x5, 0x1, 0x0, 0xcf, 0x5, 0x213, 0x5, 0xb98]}, 0x0, 0x0, 0x0) sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYRES16=0x0, @ANYRES16], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r1, 0x4b67, 0x1) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/veth0/accept_ra_pinfo\x00', 0x2000, 0x0) read$auto(r2, 0x0, 0x1ff) write$auto(0x3, 0x0, 0xfdef) 481.950415ms ago: executing program 2 (id=570): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) r0 = socket(0x11, 0x3, 0x9) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48}) sendmmsg$auto(r0, &(0x7f00000001c0)={{&(0x7f0000000000), 0x1aa, &(0x7f0000000100)={&(0x7f0000000040)="4a67d23edb3100000000000000000075210d2de48306c2fb", 0x49}, 0x5, 0x0, 0x5}, 0x1}, 0x2, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) lseek$auto(0x3, 0x2, 0x4) openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x66ab80, 0x0) r1 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000400), 0x101000, 0x0) ioctl$auto_UI_SET_EVBIT(r1, 0x40045564, &(0x7f0000000140)=0xfffffffd) socket(0xf, 0x3, 0x2) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket(0x2, 0xa, 0xe) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) readv$auto(0x3, 0x0, 0x87) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r2, 0x0, 0x20) write$auto(0x3, 0x0, 0xfdef) 136.254627ms ago: executing program 3 (id=571): writev$auto(0xffffffffffffffff, 0x0, 0x3) socket(0x11, 0x2, 0x9) capset$auto(0x0, &(0x7f0000000000)={0x4, 0xa, 0x48}) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @multicast1}, 0x6a) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socketpair$auto(0xfffffffd, 0x5, 0xffffffff, 0x0) unshare$auto(0x40000080) write$auto(0x3, 0x0, 0xffd8) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x23, 0x0, 0x9) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x400, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) 0s ago: executing program 0 (id=572): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1e, 0x5, 0x3, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000180), 0x103040, 0x0) ppoll$auto(&(0x7f00000001c0)={r0, 0x2c, 0x1000}, 0xb, 0x0, 0x0, 0x8) open(0x0, 0x422241, 0x155) socket(0x2, 0x2, 0x0) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) socket(0x2, 0x3, 0x4) r1 = pidfd_open$auto(0x1, 0x0) setns(r1, 0x60020000) syz_clone(0x10008000, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) newfstatat$auto(r2, 0x0, 0x0, 0xfffffffe) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x8) name_to_handle_at$auto(0xffffffffffffffff, &(0x7f00000000c0)='/\x00R\xa6\x00\xc8\xda\xdc\xb1\xb4#\xe4\xeb\xe1e/\x1b/\xb9L\xc6P\x82\xba\x90@\xb8\xb5\xb1\xe8\"\x88s\xdf\x15\xaa\x18\xa9\x86\xc7\x87g>8\xae\x99\xd4~\xc6\xa7\\\xcc\xfeV\x83\f\xdc\xdc~\x8e\xd5\x18\x13\x16\xc5\x93E\x10\xcb\x1c\x02\x00\xd2\xa4_\xa3\xdcS\xe2\xe2\xc6\x85p\xfa\xc3/G\x86\xea\x9f\xb0\x9a\xcc6\x1a\x06\x91\x9f\xcfC\xedU\x00f`\x02\x04\xef\xfe\x10\xec\x17\x83%K\x04\xd5s\x86\xe4\x9d\x15\f\x8c\xd9wj\xe5t\x82o7\xc05ul\xacU\xbf\xc0\xfe\xb4\xd7\t\xe0s]\xcd\xac\x87\xa5\xa6.t\xa9\xe8\xa6>\xf2\xd0\xb1\x83\x83\x91\a\xdc\xe9\xaa\x1dx\x06\xa77\xd6\xe1\xe9\x94\xb9Xi\xbbv_\x9a_bv%\xcb\xc7\xdd\xa3\xb4\tpr%\xdf\xc9\x06\xa2\xe7\xe1\xde\x16\xf7\x03x\xf8\v\v\x1a\xfcm\x87r\xc1\b\xca\x97\xb0\xeb\xd6F\x8f^\x94\xdf\x9ax\xf4\x03e[l\xa5', &(0x7f0000000200)={0x0, 0x6}, 0x0, 0x1001) write$auto(0x3, 0x0, 0xffeb) r3 = socket(0x2, 0x5, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/event0\x00', 0xc8000, 0x0) sendmmsg$auto(r3, &(0x7f0000000080)={{&(0x7f0000000040), 0x100012, 0x0, 0xa, 0x0, 0x80000000000001f, 0xb}, 0x800009}, 0x7, 0x20000000) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.128' (ED25519) to the list of known hosts. [ 91.512682][ T5837] cgroup: Unknown subsys name 'net' [ 91.664143][ T5837] cgroup: Unknown subsys name 'cpuset' [ 91.673254][ T5837] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 93.495370][ T5837] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 95.669743][ T5858] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 95.674904][ T5861] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 95.678395][ T5858] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 95.684452][ T5861] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 95.693049][ T5858] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 95.701020][ T5861] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 95.706930][ T5858] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 95.720144][ T5864] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 95.727865][ T5864] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 95.737490][ T5864] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 95.745209][ T5864] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 95.752698][ T5861] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 95.753303][ T5864] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 95.770047][ T5862] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 95.773306][ T5852] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 95.786735][ T5852] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 95.788452][ T5862] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 95.794888][ T5852] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 95.818998][ T5852] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 95.826810][ T5852] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 96.360094][ T5848] chnl_net:caif_netlink_parms(): no params data found [ 96.454389][ T5850] chnl_net:caif_netlink_parms(): no params data found [ 96.493196][ T5847] chnl_net:caif_netlink_parms(): no params data found [ 96.591111][ T5849] chnl_net:caif_netlink_parms(): no params data found [ 96.613385][ T5848] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.620742][ T5848] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.628190][ T5848] bridge_slave_0: entered allmulticast mode [ 96.637139][ T5848] bridge_slave_0: entered promiscuous mode [ 96.679130][ T5848] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.686666][ T5848] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.694017][ T5848] bridge_slave_1: entered allmulticast mode [ 96.701929][ T5848] bridge_slave_1: entered promiscuous mode [ 96.814756][ T5850] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.822108][ T5850] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.829280][ T5850] bridge_slave_0: entered allmulticast mode [ 96.836967][ T5850] bridge_slave_0: entered promiscuous mode [ 96.847403][ T5848] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.864426][ T5847] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.871985][ T5847] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.879173][ T5847] bridge_slave_0: entered allmulticast mode [ 96.887152][ T5847] bridge_slave_0: entered promiscuous mode [ 96.895144][ T5850] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.903422][ T5850] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.910880][ T5850] bridge_slave_1: entered allmulticast mode [ 96.919114][ T5850] bridge_slave_1: entered promiscuous mode [ 96.935469][ T43] cfg80211: failed to load regulatory.db [ 96.947947][ T5848] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.964308][ T5847] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.971746][ T5847] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.978980][ T5847] bridge_slave_1: entered allmulticast mode [ 96.987391][ T5847] bridge_slave_1: entered promiscuous mode [ 97.072620][ T5847] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 97.084642][ T5850] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 97.119031][ T5847] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 97.131166][ T5850] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 97.143324][ T5848] team0: Port device team_slave_0 added [ 97.149358][ T5849] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.159960][ T5849] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.167380][ T5849] bridge_slave_0: entered allmulticast mode [ 97.174765][ T5849] bridge_slave_0: entered promiscuous mode [ 97.229335][ T5848] team0: Port device team_slave_1 added [ 97.241500][ T5849] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.248674][ T5849] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.256399][ T5849] bridge_slave_1: entered allmulticast mode [ 97.264205][ T5849] bridge_slave_1: entered promiscuous mode [ 97.302211][ T5850] team0: Port device team_slave_0 added [ 97.334574][ T5849] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 97.347023][ T5847] team0: Port device team_slave_0 added [ 97.354714][ T5850] team0: Port device team_slave_1 added [ 97.387560][ T5849] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 97.412182][ T5847] team0: Port device team_slave_1 added [ 97.432179][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 97.439145][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.465831][ T5848] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 97.507852][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 97.515087][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.541258][ T5850] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 97.554133][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.561854][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.587907][ T5848] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.608718][ T5849] team0: Port device team_slave_0 added [ 97.629417][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.636727][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.662967][ T5850] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.698889][ T5849] team0: Port device team_slave_1 added [ 97.705363][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 97.712700][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.738725][ T5847] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 97.752822][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.759798][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.786202][ T5847] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.801269][ T5852] Bluetooth: hci3: command tx timeout [ 97.852970][ T5848] hsr_slave_0: entered promiscuous mode [ 97.859528][ T5848] hsr_slave_1: entered promiscuous mode [ 97.868106][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 97.870461][ T5857] Bluetooth: hci2: command tx timeout [ 97.875530][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.880816][ T5169] Bluetooth: hci0: command tx timeout [ 97.911196][ T5852] Bluetooth: hci1: command tx timeout [ 97.912718][ T5849] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 97.961322][ T5850] hsr_slave_0: entered promiscuous mode [ 97.968346][ T5850] hsr_slave_1: entered promiscuous mode [ 97.975216][ T5850] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 97.983311][ T5850] Cannot create hsr debugfs directory [ 97.989787][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.997295][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 98.023572][ T5849] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 98.123649][ T5847] hsr_slave_0: entered promiscuous mode [ 98.129935][ T5847] hsr_slave_1: entered promiscuous mode [ 98.136638][ T5847] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 98.144722][ T5847] Cannot create hsr debugfs directory [ 98.207190][ T5849] hsr_slave_0: entered promiscuous mode [ 98.214137][ T5849] hsr_slave_1: entered promiscuous mode [ 98.220173][ T5849] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 98.229101][ T5849] Cannot create hsr debugfs directory [ 98.638473][ T5848] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 98.652018][ T5848] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 98.663058][ T5848] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 98.684631][ T5848] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 98.742213][ T5850] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 98.761746][ T5850] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 98.776374][ T5850] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 98.798769][ T5850] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 98.884677][ T5847] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 98.897878][ T5847] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 98.911814][ T5847] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 98.937678][ T5847] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 99.034377][ T5848] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.050121][ T5849] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 99.070389][ T5849] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 99.098743][ T5849] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 99.109397][ T5849] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 99.123455][ T5848] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.161059][ T1314] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.168263][ T1314] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.190221][ T3473] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.197452][ T3473] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.284099][ T5850] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.337711][ T5847] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.362155][ T5850] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.406232][ T3442] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.413544][ T3442] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.429175][ T5847] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.451083][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.458255][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.493921][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.501128][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.523094][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.530243][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.604050][ T5849] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.702281][ T5849] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.727952][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.735124][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.764702][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.771896][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.842553][ T5848] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 99.871289][ T5852] Bluetooth: hci3: command tx timeout [ 99.950947][ T5852] Bluetooth: hci1: command tx timeout [ 99.956412][ T5852] Bluetooth: hci2: command tx timeout [ 99.962107][ T5857] Bluetooth: hci0: command tx timeout [ 100.026921][ T5848] veth0_vlan: entered promiscuous mode [ 100.077357][ T5848] veth1_vlan: entered promiscuous mode [ 100.197717][ T5848] veth0_macvtap: entered promiscuous mode [ 100.208188][ T5850] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.247672][ T5847] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.261866][ T5848] veth1_macvtap: entered promiscuous mode [ 100.323487][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.351890][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.373364][ T5848] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.384117][ T5848] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.393309][ T5848] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.403399][ T5848] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.443702][ T5850] veth0_vlan: entered promiscuous mode [ 100.504990][ T5850] veth1_vlan: entered promiscuous mode [ 100.525369][ T5847] veth0_vlan: entered promiscuous mode [ 100.535712][ T5849] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.578150][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.593423][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.615040][ T5847] veth1_vlan: entered promiscuous mode [ 100.655938][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.656452][ T5850] veth0_macvtap: entered promiscuous mode [ 100.669762][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.702539][ T5850] veth1_macvtap: entered promiscuous mode [ 100.729162][ T5849] veth0_vlan: entered promiscuous mode [ 100.767070][ T5847] veth0_macvtap: entered promiscuous mode [ 100.777749][ T5849] veth1_vlan: entered promiscuous mode [ 100.788277][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.799716][ T5847] veth1_macvtap: entered promiscuous mode [ 100.800121][ T5848] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 100.827186][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.845498][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.863118][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.878589][ T5850] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.889908][ T5850] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.904510][ T5850] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.923065][ T5850] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.955177][ T5847] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.970627][ T5847] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.979391][ T5847] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.988220][ T5847] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.058819][ T5849] veth0_macvtap: entered promiscuous mode [ 101.112216][ T5849] veth1_macvtap: entered promiscuous mode [ 101.199913][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.234582][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.330679][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 101.354492][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 101.411471][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 101.433790][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.444514][ T3442] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.455624][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.459353][ T3442] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.482092][ T5849] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.493292][ T5849] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.502333][ T5849] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.511348][ T5849] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.606637][ T1314] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.625833][ T1314] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.702994][ T4523] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.736072][ T4523] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.852404][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.860667][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 101.896949][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.951032][ T5852] Bluetooth: hci3: command tx timeout [ 102.030842][ T5852] Bluetooth: hci2: command tx timeout [ 102.036351][ T5852] Bluetooth: hci0: command tx timeout [ 102.041936][ T5857] Bluetooth: hci1: command tx timeout [ 102.070786][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 102.376463][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 102.550359][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 102.945504][ T5957] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 103.421164][ T0] NOHZ tick-stop error: local softirq work is pending, handler #208!!! [ 103.429890][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 103.510965][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 103.519703][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 103.732808][ T5967] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 103.824257][ T5962] netlink: set zone limit has 8 unknown bytes [ 104.043795][ T5857] Bluetooth: hci3: command tx timeout [ 104.111041][ T5857] Bluetooth: hci1: command tx timeout [ 104.116531][ T5857] Bluetooth: hci0: command tx timeout [ 104.123298][ T5852] Bluetooth: hci2: command tx timeout [ 104.285059][ T5979] netlink: 20 bytes leftover after parsing attributes in process `syz.2.12'.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      syzkaller syzkaller login: [ 205.607176][ T7460] FAULT_INJECTION: forcing a failure. [ 205.607176][ T7460] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 205.620742][ T7460] CPU: 1 UID: 0 PID: 7460 Comm: syz.0.367 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 205.620773][ T7460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 205.620787][ T7460] Call Trace: [ 205.620794][ T7460] [ 205.620802][ T7460] dump_stack_lvl+0x16c/0x1f0 [ 205.620842][ T7460] should_fail_ex+0x512/0x640 [ 205.620880][ T7460] should_fail_alloc_page+0xe7/0x130 [ 205.620905][ T7460] prepare_alloc_pages+0x3c2/0x610 [ 205.620937][ T7460] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 205.620978][ T7460] ? find_held_lock+0x2b/0x80 [ 205.621003][ T7460] ? is_bpf_text_address+0x8a/0x1a0 [ 205.621035][ T7460] ? bpf_ksym_find+0x124/0x1c0 [ 205.621061][ T7460] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 205.621096][ T7460] ? is_bpf_text_address+0x94/0x1a0 [ 205.621128][ T7460] ? unwind_get_return_address+0x59/0xa0 [ 205.621165][ T7460] ? __kernel_text_address+0xd/0x40 [ 205.621186][ T7460] ? unwind_get_return_address+0x59/0xa0 [ 205.621235][ T7460] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 205.621285][ T7460] ? policy_nodemask+0xea/0x4e0 [ 205.621307][ T7460] alloc_pages_mpol+0x1fb/0x550 [ 205.621328][ T7460] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 205.621347][ T7460] ? kasan_save_stack+0x33/0x60 [ 205.621388][ T7460] ? __kasan_kmalloc+0xaa/0xb0 [ 205.621415][ T7460] ? __get_vm_area_node+0x101/0x330 [ 205.621444][ T7460] alloc_pages_noprof+0x131/0x390 [ 205.621464][ T7460] get_free_pages_noprof+0x10/0xb0 [ 205.621484][ T7460] kasan_populate_vmalloc+0x89/0x1f0 [ 205.621518][ T7460] alloc_vmap_area+0x959/0x29c0 [ 205.621550][ T7460] ? __pfx_alloc_vmap_area+0x10/0x10 [ 205.621579][ T7460] __get_vm_area_node+0x1ca/0x330 [ 205.621607][ T7460] __vmalloc_node_range_noprof+0x271/0x14b0 [ 205.621652][ T7460] ? kernel_read_file+0x6ff/0x910 [ 205.621671][ T7460] ? do_file_open_root+0x482/0x610 [ 205.621702][ T7460] ? stack_trace_save+0x8e/0xc0 [ 205.621747][ T7460] ? __lock_acquire+0x622/0x1c90 [ 205.621777][ T7460] ? kernel_read_file+0x6ff/0x910 [ 205.621805][ T7460] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 205.621837][ T7460] ? ima_read_file+0x142/0x1a0 [ 205.621870][ T7460] ? __pfx_ima_read_file+0x10/0x10 [ 205.621905][ T7460] ? kernel_read_file+0x6ff/0x910 [ 205.621925][ T7460] __vmalloc_node_noprof+0xad/0xf0 [ 205.621952][ T7460] ? kernel_read_file+0x6ff/0x910 [ 205.621976][ T7460] kernel_read_file+0x6ff/0x910 [ 205.622001][ T7460] ? __pfx_kernel_read_file+0x10/0x10 [ 205.622030][ T7460] kernel_read_file_from_path_initns+0x1cf/0x260 [ 205.622057][ T7460] ? __pfx_kernel_read_file_from_path_initns+0x10/0x10 [ 205.622080][ T7460] ? trace_kmem_cache_alloc+0x28/0xc0 [ 205.622105][ T7460] ? _request_firmware+0x503/0x1470 [ 205.622138][ T7460] _request_firmware+0x744/0x1470 [ 205.622177][ T7460] ? __pfx__request_firmware+0x10/0x10 [ 205.622217][ T7460] request_firmware+0x35/0x50 [ 205.622246][ T7460] valid_regdb+0x188/0x590 [ 205.622268][ T7460] ? __pfx___mutex_lock+0x10/0x10 [ 205.622301][ T7460] ? __pfx_valid_regdb+0x10/0x10 [ 205.622328][ T7460] reg_reload_regdb+0x11e/0x460 [ 205.622354][ T7460] ? __pfx_reg_reload_regdb+0x10/0x10 [ 205.622380][ T7460] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 205.622412][ T7460] ? nl80211_pre_doit+0x1b0/0xb10 [ 205.622446][ T7460] genl_family_rcv_msg_doit+0x209/0x2f0 [ 205.622476][ T7460] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 205.622501][ T7460] ? rcu_is_watching+0x12/0xc0 [ 205.622533][ T7460] ? bpf_lsm_capable+0x9/0x10 [ 205.622559][ T7460] ? security_capable+0x7e/0x260 [ 205.622584][ T7460] genl_rcv_msg+0x55c/0x800 [ 205.622614][ T7460] ? __pfx_genl_rcv_msg+0x10/0x10 [ 205.622640][ T7460] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 205.622670][ T7460] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 205.622692][ T7460] ? __pfx_nl80211_post_doit+0x10/0x10 [ 205.622768][ T7460] netlink_rcv_skb+0x158/0x420 [ 205.622791][ T7460] ? __pfx_genl_rcv_msg+0x10/0x10 [ 205.622818][ T7460] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 205.622851][ T7460] ? netlink_deliver_tap+0x1ae/0xd30 [ 205.622890][ T7460] genl_rcv+0x28/0x40 [ 205.622912][ T7460] netlink_unicast+0x53a/0x7f0 [ 205.622937][ T7460] ? __pfx_netlink_unicast+0x10/0x10 [ 205.622966][ T7460] netlink_sendmsg+0x8d1/0xdd0 [ 205.622992][ T7460] ? __pfx_netlink_sendmsg+0x10/0x10 [ 205.623024][ T7460] ____sys_sendmsg+0xa98/0xc70 [ 205.623049][ T7460] ? copy_msghdr_from_user+0x10a/0x160 [ 205.623081][ T7460] ? __pfx_____sys_sendmsg+0x10/0x10 [ 205.623110][ T7460] ? __pfx_futex_wake_mark+0x10/0x10 [ 205.623145][ T7460] ___sys_sendmsg+0x134/0x1d0 [ 205.623178][ T7460] ? __pfx____sys_sendmsg+0x10/0x10 [ 205.623208][ T7460] ? __lock_acquire+0x622/0x1c90 [ 205.623269][ T7460] __sys_sendmsg+0x16d/0x220 [ 205.623301][ T7460] ? __pfx___sys_sendmsg+0x10/0x10 [ 205.623332][ T7460] ? __x64_sys_futex+0x1e0/0x4c0 [ 205.623374][ T7460] do_syscall_64+0xcd/0x490 [ 205.623409][ T7460] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 205.623430][ T7460] RIP: 0033:0x7fa448b8e929 [ 205.623448][ T7460] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 205.623468][ T7460] RSP: 002b:00007fa449a94038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 205.623488][ T7460] RAX: ffffffffffffffda RBX: 00007fa448db6080 RCX: 00007fa448b8e929 [ 205.623501][ T7460] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000006 [ 205.623514][ T7460] RBP: 00007fa448c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 205.623526][ T7460] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 205.623539][ T7460] R13: 0000000000000000 R14: 00007fa448db6080 R15: 00007ffee5035048 [ 205.623565][ T7460] [ 205.623899][ T7460] syz.0.367: vmalloc error: size 1085, vm_struct allocation failed, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 206.224271][ T7460] CPU: 1 UID: 0 PID: 7460 Comm: syz.0.367 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 206.224311][ T7460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 206.224328][ T7460] Call Trace: [ 206.224338][ T7460] [ 206.224349][ T7460] dump_stack_lvl+0x16c/0x1f0 [ 206.224400][ T7460] warn_alloc+0x248/0x3a0 [ 206.224460][ T7460] ? __pfx_warn_alloc+0x10/0x10 [ 206.224506][ T7460] ? kfree+0x2b4/0x4d0 [ 206.224550][ T7460] ? __get_vm_area_node+0x208/0x330 [ 206.224593][ T7460] __vmalloc_node_range_noprof+0xb2d/0x14b0 [ 206.224629][ T7460] ? do_file_open_root+0x482/0x610 [ 206.224669][ T7460] ? stack_trace_save+0x8e/0xc0 [ 206.224710][ T7460] ? __lock_acquire+0x622/0x1c90 [ 206.224756][ T7460] ? kernel_read_file+0x6ff/0x910 [ 206.224793][ T7460] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 206.224835][ T7460] ? ima_read_file+0x142/0x1a0 [ 206.224877][ T7460] ? __pfx_ima_read_file+0x10/0x10 [ 206.224942][ T7460] ? kernel_read_file+0x6ff/0x910 [ 206.224970][ T7460] __vmalloc_node_noprof+0xad/0xf0 [ 206.225009][ T7460] ? kernel_read_file+0x6ff/0x910 [ 206.225044][ T7460] kernel_read_file+0x6ff/0x910 [ 206.225080][ T7460] ? __pfx_kernel_read_file+0x10/0x10 [ 206.225123][ T7460] kernel_read_file_from_path_initns+0x1cf/0x260 [ 206.225161][ T7460] ? __pfx_kernel_read_file_from_path_initns+0x10/0x10 [ 206.225195][ T7460] ? trace_kmem_cache_alloc+0x28/0xc0 [ 206.225231][ T7460] ? _request_firmware+0x503/0x1470 [ 206.225279][ T7460] _request_firmware+0x744/0x1470 [ 206.225336][ T7460] ? __pfx__request_firmware+0x10/0x10 [ 206.225394][ T7460] request_firmware+0x35/0x50 [ 206.225455][ T7460] valid_regdb+0x188/0x590 [ 206.225488][ T7460] ? __pfx___mutex_lock+0x10/0x10 [ 206.225534][ T7460] ? __pfx_valid_regdb+0x10/0x10 [ 206.225572][ T7460] reg_reload_regdb+0x11e/0x460 [ 206.225608][ T7460] ? __pfx_reg_reload_regdb+0x10/0x10 [ 206.225644][ T7460] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 206.225686][ T7460] ? nl80211_pre_doit+0x1b0/0xb10 [ 206.225741][ T7460] genl_family_rcv_msg_doit+0x209/0x2f0 [ 206.225782][ T7460] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 206.225817][ T7460] ? rcu_is_watching+0x12/0xc0 [ 206.225861][ T7460] ? bpf_lsm_capable+0x9/0x10 [ 206.225898][ T7460] ? security_capable+0x7e/0x260 [ 206.225934][ T7460] genl_rcv_msg+0x55c/0x800 [ 206.225974][ T7460] ? __pfx_genl_rcv_msg+0x10/0x10 [ 206.226011][ T7460] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 206.226052][ T7460] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 206.226084][ T7460] ? __pfx_nl80211_post_doit+0x10/0x10 [ 206.226141][ T7460] netlink_rcv_skb+0x158/0x420 [ 206.226172][ T7460] ? __pfx_genl_rcv_msg+0x10/0x10 [ 206.226209][ T7460] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 206.226256][ T7460] ? netlink_deliver_tap+0x1ae/0xd30 [ 206.226311][ T7460] genl_rcv+0x28/0x40 [ 206.226341][ T7460] netlink_unicast+0x53a/0x7f0 [ 206.226375][ T7460] ? __pfx_netlink_unicast+0x10/0x10 [ 206.226416][ T7460] netlink_sendmsg+0x8d1/0xdd0 [ 206.226453][ T7460] ? __pfx_netlink_sendmsg+0x10/0x10 [ 206.226497][ T7460] ____sys_sendmsg+0xa98/0xc70 [ 206.226543][ T7460] ? copy_msghdr_from_user+0x10a/0x160 [ 206.226585][ T7460] ? __pfx_____sys_sendmsg+0x10/0x10 [ 206.226637][ T7460] ? __pfx_futex_wake_mark+0x10/0x10 [ 206.226681][ T7460] ___sys_sendmsg+0x134/0x1d0 [ 206.226722][ T7460] ? __pfx____sys_sendmsg+0x10/0x10 [ 206.226768][ T7460] ? __lock_acquire+0x622/0x1c90 [ 206.226847][ T7460] __sys_sendmsg+0x16d/0x220 [ 206.226887][ T7460] ? __pfx___sys_sendmsg+0x10/0x10 [ 206.226926][ T7460] ? __x64_sys_futex+0x1e0/0x4c0 [ 206.226980][ T7460] do_syscall_64+0xcd/0x490 [ 206.227024][ T7460] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 206.227052][ T7460] RIP: 0033:0x7fa448b8e929 [ 206.227073][ T7460] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 206.227100][ T7460] RSP: 002b:00007fa449a94038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 206.227125][ T7460] RAX: ffffffffffffffda RBX: 00007fa448db6080 RCX: 00007fa448b8e929 [ 206.227143][ T7460] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000006 [ 206.227169][ T7460] RBP: 00007fa448c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 206.227184][ T7460] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 206.227198][ T7460] R13: 0000000000000000 R14: 00007fa448db6080 R15: 00007ffee5035048 [ 206.227229][ T7460] [ 206.227238][ T7460] Mem-Info: [ 206.677284][ T7460] active_anon:10374 inactive_anon:0 isolated_anon:3 [ 206.677284][ T7460] active_file:15954 inactive_file:40067 isolated_file:15 [ 206.677284][ T7460] unevictable:768 dirty:650 writeback:0 [ 206.677284][ T7460] slab_reclaimable:10172 slab_unreclaimable:93501 [ 206.677284][ T7460] mapped:26626 shmem:1364 pagetables:1131 [ 206.677284][ T7460] sec_pagetables:0 bounce:0 [ 206.677284][ T7460] kernel_misc_reclaimable:0 [ 206.677284][ T7460] free:1321534 free_pcp:17425 free_cma:0 [ 206.837055][ T7460] Node 0 active_anon:41344kB inactive_anon:0kB active_file:63816kB inactive_file:160068kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:110660kB dirty:2600kB writeback:0kB shmem:1900kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:2048kB writeback_tmp:0kB kernel_stack:11756kB pagetables:4432kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 206.930325][ T7460] Node 1 active_anon:152kB inactive_anon:0kB active_file:60kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:60kB dirty:0kB writeback:0kB shmem:3576kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:124kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 207.091088][ T7460] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 207.130890][ T7460] lowmem_reserve[]: 0 2480 2482 2482 2482 [ 207.138477][ T7460] Node 0 DMA32 free:1378248kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:39264kB inactive_anon:0kB active_file:63816kB inactive_file:158744kB unevictable:1536kB writepending:2596kB present:3129332kB managed:2540352kB mlocked:0kB bounce:0kB free_pcp:43548kB local_pcp:21488kB free_cma:0kB [ 207.180679][ T7460] lowmem_reserve[]: 0 0 1 1 1 [ 207.185484][ T7460] Node 0 Normal free:8kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1324kB unevictable:0kB writepending:4kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 207.217943][ T7460] lowmem_reserve[]: 0 0 0 0 0 [ 207.223003][ T7460] Node 1 Normal free:3898440kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:152kB inactive_anon:0kB active_file:60kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:25640kB local_pcp:10984kB free_cma:0kB [ 207.271619][ T7460] lowmem_reserve[]: 0 0 0 0 0 [ 207.276437][ T7460] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 207.298631][ T7460] Node 0 DMA32: 1432*4kB (UM) 1240*8kB (UM) 657*16kB (UM) 1355*32kB (UME) 716*64kB (UME) 333*128kB (UM) 216*256kB (UME) 125*512kB (UME) 59*1024kB (UME) 19*2048kB (UME) 245*4096kB (M) = 1380112kB [ 207.321830][ T7460] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 207.337706][ T7460] Node 1 Normal: 98*4kB (UME) 50*8kB (UME) 33*16kB (UME) 87*32kB (UME) 33*64kB (UME) 8*128kB (UME) 4*256kB (ME) 4*512kB (UM) 1*1024kB (E) 2*2048kB (UE) 948*4096kB (M) = 3898440kB [ 207.368114][ T7460] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 207.394548][ T7460] Node 0 hugepages_total=1 hugepages_free=1 hugepages_surp=1 hugepages_size=2048kB [ 207.407631][ T7460] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 207.420595][ T7460] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 207.433116][ T7460] 57401 total pagecache pages [ 207.437835][ T7460] 26 pages in swap cache [ 207.449467][ T7460] Free swap = 124868kB [ 207.456540][ T7460] Total swap = 124996kB [ 207.469628][ T7460] 2097051 pages RAM [ 207.478300][ T7460] 0 pages HighMem/MovableOnly [ 207.483103][ T7460] 429985 pages reserved [ 207.489830][ T7460] 0 pages cma reserved [ 207.494638][ T7460] platform regulatory.0: loading /lib/firmware/regulatory.db.p7s failed with error -12 [ 207.504426][ T7460] platform regulatory.0: Direct firmware load for regulatory.db.p7s failed with error -12 [ 207.537267][ T7460] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db.p7s [ 209.279046][ T7484] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 209.620095][ T7496] random: crng reseeded on system resumption [ 210.107921][ T7499] Unrecognized hibernate image header format! [ 210.228767][ T7499] PM: hibernation: Image mismatch: architecture specific data [ 213.394966][ T7561] capability: warning: `syz.1.395' uses deprecated v2 capabilities in a way that may be insecure [ 216.092580][ T7600] ======================================================= [ 216.092580][ T7600] WARNING: The mand mount option has been deprecated and [ 216.092580][ T7600] and is ignored by this kernel. Remove the mand [ 216.092580][ T7600] option from the mount to silence this warning. [ 216.092580][ T7600] ======================================================= [ 216.709295][ T7611] netlink: 20 bytes leftover after parsing attributes in process `syz.1.394'. [ 216.863130][ T7607] svc: failed to register nfsdv3 RPC service (errno 111). [ 216.892050][ T7607] svc: failed to register nfsaclv3 RPC service (errno 111). [ 216.976993][ T7611] hsr_slave_0 (unregistering): left promiscuous mode [ 218.594655][ T7645] futex_wake_op: syz.2.408 tries to shift op by -9; fix this program [ 219.130028][ T7656] netlink: 326 bytes leftover after parsing attributes in process `syz.0.411'. [ 220.819757][ T7688] syz.3.418 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 221.024355][ T7692] netlink: 'syz.2.419': attribute type 10 has an invalid length. [ 221.034150][ T7692] netlink: 230 bytes leftover after parsing attributes in process `syz.2.419'. [ 221.078408][ T7692] team0: Port device team_slave_1 removed [ 222.652943][ T7718] Invalid ELF header magic: != ELF [ 223.321950][ T7738] netlink: 'syz.0.438': attribute type 15 has an invalid length. [ 223.340595][ T7738] netlink: 252 bytes leftover after parsing attributes in process `syz.0.438'. [ 223.371990][ T7738] netlink: 'syz.0.438': attribute type 15 has an invalid length. [ 223.379746][ T7738] netlink: 252 bytes leftover after parsing attributes in process `syz.0.438'. [ 224.898244][ T7766] vhci_hcd: invalid port number 16 [ 224.925373][ T7766] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub [ 226.018330][ T7770] FAULT_INJECTION: forcing a failure. [ 226.018330][ T7770] name failslab, interval 1, probability 0, space 0, times 0 [ 226.079766][ T7770] CPU: 0 UID: 0 PID: 7770 Comm: syz.2.437 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 226.079806][ T7770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 226.079823][ T7770] Call Trace: [ 226.079833][ T7770] [ 226.079843][ T7770] dump_stack_lvl+0x16c/0x1f0 [ 226.079891][ T7770] should_fail_ex+0x512/0x640 [ 226.079933][ T7770] ? __kmalloc_node_noprof+0xc5/0x500 [ 226.079983][ T7770] should_failslab+0xc2/0x120 [ 226.080011][ T7770] __kmalloc_node_noprof+0xd8/0x500 [ 226.080056][ T7770] ? __vmalloc_node_range_noprof+0x3e5/0x14b0 [ 226.080100][ T7770] __vmalloc_node_range_noprof+0x3e5/0x14b0 [ 226.080138][ T7770] ? do_file_open_root+0x482/0x610 [ 226.080188][ T7770] ? stack_trace_save+0x8e/0xc0 [ 226.080236][ T7770] ? kernel_read_file+0x6ff/0x910 [ 226.080275][ T7770] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 226.080318][ T7770] ? ima_read_file+0x142/0x1a0 [ 226.080362][ T7770] ? __pfx_ima_read_file+0x10/0x10 [ 226.080409][ T7770] ? kernel_read_file+0x6ff/0x910 [ 226.080436][ T7770] __vmalloc_node_noprof+0xad/0xf0 [ 226.080472][ T7770] ? kernel_read_file+0x6ff/0x910 [ 226.080504][ T7770] kernel_read_file+0x6ff/0x910 [ 226.080538][ T7770] ? __pfx_kernel_read_file+0x10/0x10 [ 226.080578][ T7770] kernel_read_file_from_path_initns+0x1cf/0x260 [ 226.080615][ T7770] ? __pfx_kernel_read_file_from_path_initns+0x10/0x10 [ 226.080646][ T7770] ? trace_kmem_cache_alloc+0x28/0xc0 [ 226.080680][ T7770] ? _request_firmware+0x503/0x1470 [ 226.080725][ T7770] _request_firmware+0x744/0x1470 [ 226.080778][ T7770] ? __pfx__request_firmware+0x10/0x10 [ 226.080832][ T7770] request_firmware+0x35/0x50 [ 226.080872][ T7770] valid_regdb+0x188/0x590 [ 226.080901][ T7770] ? __pfx___mutex_lock+0x10/0x10 [ 226.080946][ T7770] ? __pfx_valid_regdb+0x10/0x10 [ 226.080983][ T7770] reg_reload_regdb+0x11e/0x460 [ 226.081018][ T7770] ? __pfx_reg_reload_regdb+0x10/0x10 [ 226.081054][ T7770] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 226.081096][ T7770] ? nl80211_pre_doit+0x1b0/0xb10 [ 226.081144][ T7770] genl_family_rcv_msg_doit+0x209/0x2f0 [ 226.081192][ T7770] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 226.081227][ T7770] ? rcu_is_watching+0x12/0xc0 [ 226.081272][ T7770] ? bpf_lsm_capable+0x9/0x10 [ 226.081308][ T7770] ? security_capable+0x7e/0x260 [ 226.081344][ T7770] genl_rcv_msg+0x55c/0x800 [ 226.081384][ T7770] ? __pfx_genl_rcv_msg+0x10/0x10 [ 226.081419][ T7770] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 226.081460][ T7770] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 226.081490][ T7770] ? __pfx_nl80211_post_doit+0x10/0x10 [ 226.081544][ T7770] netlink_rcv_skb+0x158/0x420 [ 226.081573][ T7770] ? __pfx_genl_rcv_msg+0x10/0x10 [ 226.081610][ T7770] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 226.081656][ T7770] ? netlink_deliver_tap+0x1ae/0xd30 [ 226.081710][ T7770] genl_rcv+0x28/0x40 [ 226.081740][ T7770] netlink_unicast+0x53a/0x7f0 [ 226.081774][ T7770] ? __pfx_netlink_unicast+0x10/0x10 [ 226.081815][ T7770] netlink_sendmsg+0x8d1/0xdd0 [ 226.081851][ T7770] ? __pfx_netlink_sendmsg+0x10/0x10 [ 226.081896][ T7770] ____sys_sendmsg+0xa98/0xc70 [ 226.081929][ T7770] ? copy_msghdr_from_user+0x10a/0x160 [ 226.081970][ T7770] ? __pfx_____sys_sendmsg+0x10/0x10 [ 226.082011][ T7770] ? __pfx_futex_wake_mark+0x10/0x10 [ 226.082060][ T7770] ___sys_sendmsg+0x134/0x1d0 [ 226.082106][ T7770] ? __pfx____sys_sendmsg+0x10/0x10 [ 226.082146][ T7770] ? __lock_acquire+0x622/0x1c90 [ 226.082242][ T7770] __sys_sendmsg+0x16d/0x220 [ 226.082288][ T7770] ? __pfx___sys_sendmsg+0x10/0x10 [ 226.082330][ T7770] ? __x64_sys_futex+0x1e0/0x4c0 [ 226.082391][ T7770] do_syscall_64+0xcd/0x490 [ 226.082438][ T7770] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 226.082468][ T7770] RIP: 0033:0x7f01c0d8e929 [ 226.082491][ T7770] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 226.082518][ T7770] RSP: 002b:00007f01c1bcd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 226.082544][ T7770] RAX: ffffffffffffffda RBX: 00007f01c0fb5fa0 RCX: 00007f01c0d8e929 [ 226.082564][ T7770] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000006 [ 226.082581][ T7770] RBP: 00007f01c0e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 226.082599][ T7770] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 226.082615][ T7770] R13: 0000000000000000 R14: 00007f01c0fb5fa0 R15: 00007fff12aa63e8 [ 226.082651][ T7770] [ 226.559628][ T7770] syz.2.437: vmalloc error: size 4096, failed to allocated page array size 8, mode:0xcc2(GFP_KERNEL|__GFP_HIGHMEM), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 226.578739][ T7770] CPU: 1 UID: 0 PID: 7770 Comm: syz.2.437 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 226.578781][ T7770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 226.578798][ T7770] Call Trace: [ 226.578808][ T7770] [ 226.578819][ T7770] dump_stack_lvl+0x16c/0x1f0 [ 226.578870][ T7770] warn_alloc+0x248/0x3a0 [ 226.578919][ T7770] ? __pfx_warn_alloc+0x10/0x10 [ 226.578960][ T7770] ? dump_stack_lvl+0x1a1/0x1f0 [ 226.579017][ T7770] ? rcu_is_watching+0x12/0xc0 [ 226.579051][ T7770] ? __kmalloc_node_noprof+0x23b/0x500 [ 226.579108][ T7770] __vmalloc_node_range_noprof+0x101b/0x14b0 [ 226.579147][ T7770] ? do_file_open_root+0x482/0x610 [ 226.579190][ T7770] ? stack_trace_save+0x8e/0xc0 [ 226.579236][ T7770] ? kernel_read_file+0x6ff/0x910 [ 226.579276][ T7770] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 226.579328][ T7770] ? ima_read_file+0x142/0x1a0 [ 226.579373][ T7770] ? __pfx_ima_read_file+0x10/0x10 [ 226.579424][ T7770] ? kernel_read_file+0x6ff/0x910 [ 226.579453][ T7770] __vmalloc_node_noprof+0xad/0xf0 [ 226.579491][ T7770] ? kernel_read_file+0x6ff/0x910 [ 226.579525][ T7770] kernel_read_file+0x6ff/0x910 [ 226.579559][ T7770] ? __pfx_kernel_read_file+0x10/0x10 [ 226.579602][ T7770] kernel_read_file_from_path_initns+0x1cf/0x260 [ 226.579641][ T7770] ? __pfx_kernel_read_file_from_path_initns+0x10/0x10 [ 226.579674][ T7770] ? trace_kmem_cache_alloc+0x28/0xc0 [ 226.579709][ T7770] ? _request_firmware+0x503/0x1470 [ 226.579757][ T7770] _request_firmware+0x744/0x1470 [ 226.579814][ T7770] ? __pfx__request_firmware+0x10/0x10 [ 226.579872][ T7770] request_firmware+0x35/0x50 [ 226.579915][ T7770] valid_regdb+0x188/0x590 [ 226.579955][ T7770] ? __pfx___mutex_lock+0x10/0x10 [ 226.580000][ T7770] ? __pfx_valid_regdb+0x10/0x10 [ 226.580037][ T7770] reg_reload_regdb+0x11e/0x460 [ 226.580071][ T7770] ? __pfx_reg_reload_regdb+0x10/0x10 [ 226.580107][ T7770] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 226.580147][ T7770] ? nl80211_pre_doit+0x1b0/0xb10 [ 226.580192][ T7770] genl_family_rcv_msg_doit+0x209/0x2f0 [ 226.580234][ T7770] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 226.580268][ T7770] ? rcu_is_watching+0x12/0xc0 [ 226.580317][ T7770] ? bpf_lsm_capable+0x9/0x10 [ 226.580352][ T7770] ? security_capable+0x7e/0x260 [ 226.580386][ T7770] genl_rcv_msg+0x55c/0x800 [ 226.580424][ T7770] ? __pfx_genl_rcv_msg+0x10/0x10 [ 226.580457][ T7770] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 226.580495][ T7770] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 226.580524][ T7770] ? __pfx_nl80211_post_doit+0x10/0x10 [ 226.580578][ T7770] netlink_rcv_skb+0x158/0x420 [ 226.580607][ T7770] ? __pfx_genl_rcv_msg+0x10/0x10 [ 226.580641][ T7770] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 226.580686][ T7770] ? netlink_deliver_tap+0x1ae/0xd30 [ 226.580737][ T7770] genl_rcv+0x28/0x40 [ 226.580766][ T7770] netlink_unicast+0x53a/0x7f0 [ 226.580800][ T7770] ? __pfx_netlink_unicast+0x10/0x10 [ 226.580838][ T7770] netlink_sendmsg+0x8d1/0xdd0 [ 226.580872][ T7770] ? __pfx_netlink_sendmsg+0x10/0x10 [ 226.580916][ T7770] ____sys_sendmsg+0xa98/0xc70 [ 226.580950][ T7770] ? copy_msghdr_from_user+0x10a/0x160 [ 226.580991][ T7770] ? __pfx_____sys_sendmsg+0x10/0x10 [ 226.581031][ T7770] ? __pfx_futex_wake_mark+0x10/0x10 [ 226.581078][ T7770] ___sys_sendmsg+0x134/0x1d0 [ 226.581123][ T7770] ? __pfx____sys_sendmsg+0x10/0x10 [ 226.581161][ T7770] ? __lock_acquire+0x622/0x1c90 [ 226.581246][ T7770] __sys_sendmsg+0x16d/0x220 [ 226.581288][ T7770] ? __pfx___sys_sendmsg+0x10/0x10 [ 226.581338][ T7770] ? __x64_sys_futex+0x1e0/0x4c0 [ 226.581397][ T7770] do_syscall_64+0xcd/0x490 [ 226.581443][ T7770] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 226.581471][ T7770] RIP: 0033:0x7f01c0d8e929 [ 226.581494][ T7770] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 226.581537][ T7770] RSP: 002b:00007f01c1bcd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 226.581565][ T7770] RAX: ffffffffffffffda RBX: 00007f01c0fb5fa0 RCX: 00007f01c0d8e929 [ 226.581584][ T7770] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000006 [ 226.581602][ T7770] RBP: 00007f01c0e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 226.581620][ T7770] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 226.581636][ T7770] R13: 0000000000000000 R14: 00007f01c0fb5fa0 R15: 00007fff12aa63e8 [ 226.581675][ T7770] [ 227.115180][ T7770] Mem-Info: [ 227.138644][ T7770] active_anon:9816 inactive_anon:0 isolated_anon:0 [ 227.138644][ T7770] active_file:14125 inactive_file:40046 isolated_file:0 [ 227.138644][ T7770] unevictable:768 dirty:624 writeback:0 [ 227.138644][ T7770] slab_reclaimable:10812 slab_unreclaimable:92461 [ 227.138644][ T7770] mapped:24505 shmem:1363 pagetables:1106 [ 227.138644][ T7770] sec_pagetables:0 bounce:0 [ 227.138644][ T7770] kernel_misc_reclaimable:0 [ 227.138644][ T7770] free:1327471 free_pcp:14659 free_cma:0 [ 227.223118][ T7770] Node 0 active_anon:39124kB inactive_anon:0kB active_file:56500kB inactive_file:159984kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:98020kB dirty:2496kB writeback:0kB shmem:1876kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11360kB pagetables:4300kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 227.256895][ T7770] Node 1 active_anon:140kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:3576kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:124kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 227.288749][ T7770] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 227.318393][ T7770] lowmem_reserve[]: 0 2480 2482 2482 2482 [ 227.324357][ T7770] Node 0 DMA32 free:1395008kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:39076kB inactive_anon:0kB active_file:56500kB inactive_file:158660kB unevictable:1536kB writepending:2496kB present:3129332kB managed:2540352kB mlocked:0kB bounce:0kB free_pcp:33992kB local_pcp:14132kB free_cma:0kB [ 227.356932][ T7770] lowmem_reserve[]: 0 0 1 1 1 [ 227.362067][ T7770] Node 0 Normal free:8kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1324kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 227.391256][ T7770] lowmem_reserve[]: 0 0 0 0 0 [ 227.396010][ T7770] Node 1 Normal free:3899508kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:140kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:24652kB local_pcp:13764kB free_cma:0kB [ 227.428384][ T7770] lowmem_reserve[]: 0 0 0 0 0 [ 227.433623][ T7770] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 227.446655][ T7770] Node 0 DMA32: 2026*4kB (UM) 1507*8kB (UM) 1126*16kB (UM) 1229*32kB (UME) 812*64kB (UME) 349*128kB (UME) 229*256kB (UME) 130*512kB (UME) 62*1024kB (UM) 14*2048kB (UME) 245*4096kB (M) = 1395008kB [ 227.467217][ T7770] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 227.479536][ T7770] Node 1 Normal: 215*4kB (UE) 51*8kB (UE) 38*16kB (UE) 97*32kB (UE) 36*64kB (UME) 8*128kB (UE) 2*256kB (ME) 3*512kB (UM) 2*1024kB (ME) 2*2048kB (UE) 948*4096kB (M) = 3899508kB [ 227.499697][ T7770] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 227.510480][ T7770] Node 0 hugepages_total=1 hugepages_free=1 hugepages_surp=1 hugepages_size=2048kB [ 227.535736][ T7770] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 227.546033][ T7770] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 227.570982][ T7770] 55555 total pagecache pages [ 227.576902][ T7770] 0 pages in swap cache [ 227.627521][ T7770] Free swap = 124996kB [ 227.644573][ T7770] Total swap = 124996kB [ 227.650534][ T7770] 2097051 pages RAM [ 227.654480][ T7770] 0 pages HighMem/MovableOnly [ 227.659295][ T7770] 429985 pages reserved [ 227.680319][ T7770] 0 pages cma reserved [ 227.684678][ T7770] platform regulatory.0: loading /lib/firmware/regulatory.db.p7s failed with error -12 [ 227.705006][ T7770] platform regulatory.0: Direct firmware load for regulatory.db.p7s failed with error -12 [ 227.717159][ T7770] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db.p7s [ 227.990338][ T7793] vhci_hcd: invalid port number 16 [ 228.000464][ T7793] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub [ 229.284817][ T7813] FAULT_INJECTION: forcing a failure. [ 229.284817][ T7813] name failslab, interval 1, probability 0, space 0, times 0 [ 229.297628][ T7813] CPU: 0 UID: 0 PID: 7813 Comm: syz.0.458 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 229.297665][ T7813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 229.297683][ T7813] Call Trace: [ 229.297692][ T7813] [ 229.297702][ T7813] dump_stack_lvl+0x16c/0x1f0 [ 229.297750][ T7813] should_fail_ex+0x512/0x640 [ 229.297790][ T7813] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 229.297848][ T7813] should_failslab+0xc2/0x120 [ 229.297875][ T7813] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 229.297921][ T7813] ? alloc_uid+0x13d/0x4c0 [ 229.297958][ T7813] ? _raw_spin_unlock_irq+0x23/0x50 [ 229.298000][ T7813] alloc_uid+0x13d/0x4c0 [ 229.298037][ T7813] ? __pfx_alloc_uid+0x10/0x10 [ 229.298074][ T7813] ? security_prepare_creds+0xa7/0x270 [ 229.298123][ T7813] __sys_setresuid+0x507/0x1160 [ 229.298161][ T7813] do_syscall_64+0xcd/0x490 [ 229.298208][ T7813] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 229.298237][ T7813] RIP: 0033:0x7fa448b8e929 [ 229.298259][ T7813] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 229.298286][ T7813] RSP: 002b:00007fa449ab5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000075 [ 229.298312][ T7813] RAX: ffffffffffffffda RBX: 00007fa448db5fa0 RCX: 00007fa448b8e929 [ 229.298330][ T7813] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000008 [ 229.298346][ T7813] RBP: 00007fa448c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 229.298362][ T7813] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 229.298377][ T7813] R13: 0000000000000000 R14: 00007fa448db5fa0 R15: 00007ffee5035048 [ 229.298412][ T7813] [ 230.063034][ T7831] kmem.tcp.limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 230.731227][ T7841] netlink: 4 bytes leftover after parsing attributes in process `syz.0.466'. [ 230.752963][ T7841] netlink: 354 bytes leftover after parsing attributes in process `syz.0.466'. [ 230.975444][ T7844] netlink: 4 bytes leftover after parsing attributes in process `syz.0.459'. [ 231.011209][ T7844] netlink: 'syz.0.459': attribute type 1 has an invalid length. [ 231.019015][ T7844] netlink: 'syz.0.459': attribute type 6 has an invalid length. [ 235.155162][ T7924] program syz.2.480 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 235.390614][ T7929] netlink: 4 bytes leftover after parsing attributes in process `syz.3.481'. [ 235.464900][ T7929] netlink: 354 bytes leftover after parsing attributes in process `syz.3.481'. [ 236.696390][ T7947] sysfs_service_op_store: Client not running :-5: [ 237.663037][ T7960] FAULT_INJECTION: forcing a failure. [ 237.663037][ T7960] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 237.681627][ T7960] CPU: 0 UID: 0 PID: 7960 Comm: syz.1.496 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 237.681665][ T7960] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 237.681682][ T7960] Call Trace: [ 237.681690][ T7960] [ 237.681701][ T7960] dump_stack_lvl+0x16c/0x1f0 [ 237.681753][ T7960] should_fail_ex+0x512/0x640 [ 237.681802][ T7960] should_fail_alloc_page+0xe7/0x130 [ 237.681833][ T7960] prepare_alloc_pages+0x3c2/0x610 [ 237.681874][ T7960] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 237.681929][ T7960] ? __lock_acquire+0x622/0x1c90 [ 237.681976][ T7960] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 237.682036][ T7960] ? is_bpf_text_address+0x8a/0x1a0 [ 237.682076][ T7960] ? bpf_ksym_find+0x124/0x1c0 [ 237.682107][ T7960] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 237.682142][ T7960] ? is_bpf_text_address+0x94/0x1a0 [ 237.682180][ T7960] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 237.682226][ T7960] ? policy_nodemask+0xea/0x4e0 [ 237.682256][ T7960] alloc_pages_mpol+0x1fb/0x550 [ 237.682286][ T7960] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 237.682325][ T7960] alloc_pages_noprof+0x131/0x390 [ 237.682354][ T7960] __pud_alloc+0x3b/0x750 [ 237.682389][ T7960] copy_page_range+0x23b6/0x5740 [ 237.682436][ T7960] ? dup_mmap+0x152e/0x21d0 [ 237.682469][ T7960] ? copy_process+0x4081/0x7650 [ 237.682504][ T7960] ? kernel_clone+0xfc/0x960 [ 237.682538][ T7960] ? __do_sys_clone+0xce/0x120 [ 237.682580][ T7960] ? __lock_acquire+0x622/0x1c90 [ 237.682653][ T7960] ? __pfx_copy_page_range+0x10/0x10 [ 237.682691][ T7960] ? mas_store+0x7a9/0x1160 [ 237.682720][ T7960] ? find_held_lock+0x2b/0x80 [ 237.682751][ T7960] ? __pfx_mas_store+0x10/0x10 [ 237.682774][ T7960] ? __vma_enter_locked+0x163/0x3f0 [ 237.682832][ T7960] dup_mmap+0xe88/0x21d0 [ 237.682879][ T7960] ? __pfx_dup_mmap+0x10/0x10 [ 237.682935][ T7960] copy_process+0x4081/0x7650 [ 237.682972][ T7960] ? __pfx___futex_wait+0x10/0x10 [ 237.683029][ T7960] ? __pfx_copy_process+0x10/0x10 [ 237.683072][ T7960] ? __lock_acquire+0xb8a/0x1c90 [ 237.683111][ T7960] ? __futex_hash.constprop.0+0x1e9/0x440 [ 237.683151][ T7960] kernel_clone+0xfc/0x960 [ 237.683190][ T7960] ? __pfx_kernel_clone+0x10/0x10 [ 237.683249][ T7960] __do_sys_clone+0xce/0x120 [ 237.683283][ T7960] ? __pfx___do_sys_clone+0x10/0x10 [ 237.683315][ T7960] ? ksys_unshare+0x687/0xa40 [ 237.683362][ T7960] ? xfd_validate_state+0x61/0x180 [ 237.683413][ T7960] do_syscall_64+0xcd/0x490 [ 237.683456][ T7960] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 237.683485][ T7960] RIP: 0033:0x7f162318e929 [ 237.683509][ T7960] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 237.683537][ T7960] RSP: 002b:00007f1623f81fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 237.683564][ T7960] RAX: ffffffffffffffda RBX: 00007f16233b6080 RCX: 00007f162318e929 [ 237.683582][ T7960] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000002360411 [ 237.683617][ T7960] RBP: 00007f1623210b39 R08: 0000000000000000 R09: 0000000000000000 [ 237.683634][ T7960] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 237.683651][ T7960] R13: 0000000000000000 R14: 00007f16233b6080 R15: 00007fff63c87008 [ 237.683688][ T7960] [ 240.782741][ T8006] Unable to find swap-space signature [ 241.934290][ T8025] sysfs_service_op_show: Client not running :-5: [ 242.473673][ T8038] netlink: 194 bytes leftover after parsing attributes in process `syz.1.505'. [ 246.264133][ T8082] netlink: 342 bytes leftover after parsing attributes in process `syz.2.514'. [ 246.293442][ T8082] netlink: 214 bytes leftover after parsing attributes in process `syz.2.514'. [ 246.304473][ T8082] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 246.311892][ T8082] IPv6: NLM_F_CREATE should be set when creating new route [ 246.319163][ T8082] IPv6: NLM_F_CREATE should be set when creating new route [ 246.326393][ T8082] IPv6: NLM_F_CREATE should be set when creating new route [ 246.702420][ T8102] netlink: 28 bytes leftover after parsing attributes in process `syz.1.517'. [ 246.714835][ T8102] bridge0: port 2(bridge_slave_1) entered disabled state [ 246.805117][ T8102] bridge_slave_1 (unregistering): left allmulticast mode [ 246.814575][ T8102] bridge_slave_1 (unregistering): left promiscuous mode [ 246.823492][ T8102] bridge0: port 2(bridge_slave_1) entered disabled state [ 246.902061][ T8107] Invalid ELF header magic: != ELF [ 247.365176][ T8117] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input7 [ 247.702169][ T8121] netlink: 8 bytes leftover after parsing attributes in process `syz.0.523'. [ 247.742569][ T8119] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input8 [ 247.956447][ T8133] ima: policy update failed [ 247.967448][ T30] audit: type=1802 audit(4294967350.670:4): pid=8133 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.526" res=0 errno=0 [ 247.994456][ T8133] netlink: 25 bytes leftover after parsing attributes in process `syz.2.526'. [ 249.519904][ T8138] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 250.179459][ T8158] netlink: 8 bytes leftover after parsing attributes in process `syz.3.533'. [ 250.496171][ T8168] netlink: 4 bytes leftover after parsing attributes in process `syz.1.534'. [ 250.536710][ T8168] netlink: 354 bytes leftover after parsing attributes in process `syz.1.534'. [ 251.245432][ T8187] netlink: 4 bytes leftover after parsing attributes in process `syz.1.541'. [ 252.121097][ T30] audit: type=1800 audit(4294967354.823:5): pid=8206 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.546" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 253.125451][ T8219] FAULT_INJECTION: forcing a failure. [ 253.125451][ T8219] name failslab, interval 1, probability 0, space 0, times 0 [ 253.168193][ T8219] CPU: 1 UID: 0 PID: 8219 Comm: syz.2.549 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 253.168238][ T8219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 253.168257][ T8219] Call Trace: [ 253.168268][ T8219] [ 253.168280][ T8219] dump_stack_lvl+0x16c/0x1f0 [ 253.168337][ T8219] should_fail_ex+0x512/0x640 [ 253.168384][ T8219] ? __kmalloc_noprof+0xbf/0x510 [ 253.168437][ T8219] ? __netlink_kernel_create+0x17f/0x750 [ 253.168468][ T8219] should_failslab+0xc2/0x120 [ 253.168500][ T8219] __kmalloc_noprof+0xd2/0x510 [ 253.168556][ T8219] __netlink_kernel_create+0x17f/0x750 [ 253.168592][ T8219] ? __pfx___netlink_kernel_create+0x10/0x10 [ 253.168632][ T8219] ? proc_create_reg+0xe3/0x180 [ 253.168667][ T8219] xfrm_user_net_init+0xc6/0x190 [ 253.168706][ T8219] ? __pfx_xfrm_user_net_init+0x10/0x10 [ 253.168746][ T8219] ? __pfx_xfrm_netlink_rcv+0x10/0x10 [ 253.168785][ T8219] ? __pfx_tls_init_net+0x10/0x10 [ 253.168835][ T8219] ? tls_proc_init+0x58/0x70 [ 253.168877][ T8219] ? __pfx_xfrm_user_net_init+0x10/0x10 [ 253.168913][ T8219] ops_init+0x1df/0x5f0 [ 253.168970][ T8219] setup_net+0x1ff/0x510 [ 253.169039][ T8219] ? lockdep_init_map_type+0x5c/0x280 [ 253.169081][ T8219] ? __pfx_setup_net+0x10/0x10 [ 253.169129][ T8219] ? debug_mutex_init+0x37/0x70 [ 253.169170][ T8219] copy_net_ns+0x2a6/0x5f0 [ 253.169203][ T8219] create_new_namespaces+0x3ea/0xa90 [ 253.169246][ T8219] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 253.169285][ T8219] ksys_unshare+0x45b/0xa40 [ 253.169326][ T8219] ? __pfx_ksys_unshare+0x10/0x10 [ 253.169367][ T8219] ? xfd_validate_state+0x61/0x180 [ 253.169418][ T8219] __x64_sys_unshare+0x31/0x40 [ 253.169457][ T8219] do_syscall_64+0xcd/0x490 [ 253.169503][ T8219] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 253.169532][ T8219] RIP: 0033:0x7f01c0d8e929 [ 253.169555][ T8219] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 253.169582][ T8219] RSP: 002b:00007f01c1bcd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 253.169609][ T8219] RAX: ffffffffffffffda RBX: 00007f01c0fb5fa0 RCX: 00007f01c0d8e929 [ 253.169628][ T8219] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 253.169644][ T8219] RBP: 00007f01c0e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 253.169661][ T8219] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 253.169677][ T8219] R13: 0000000000000000 R14: 00007f01c0fb5fa0 R15: 00007fff12aa63e8 [ 253.169715][ T8219] [ 253.460852][ T8222] netlink: 28 bytes leftover after parsing attributes in process `syz.0.550'. [ 253.711757][ T8222] ipvlan1: entered allmulticast mode [ 253.724361][ T8222] veth0_vlan: entered allmulticast mode [ 253.845229][ T8223] netlink: 28 bytes leftover after parsing attributes in process `syz.0.550'. [ 254.647110][ T8237] netlink: 28 bytes leftover after parsing attributes in process `syz.1.553'. [ 254.759478][ T8237] hsr_slave_1: left promiscuous mode [ 257.628445][ T30] audit: type=1800 audit(4294967360.313:6): pid=8272 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.561" name="members" dev="configfs" ino=16652 res=0 errno=0 [ 257.989599][ T8277] vivid-007: ================= START STATUS ================= [ 258.060595][ T8277] vivid-007: Generate PTS: true [ 258.065807][ T8277] vivid-007: Generate SCR: true [ 258.071623][ T8277] tpg source WxH: 320x240 (Y'CbCr) [ 258.076779][ T8277] tpg field: 1 [ 258.080174][ T8277] tpg crop: (0,0)/320x240 [ 258.084698][ T8277] tpg compose: (0,0)/320x240 [ 258.089328][ T8277] tpg colorspace: 8 [ 258.093265][ T8277] tpg transfer function: 0/0 [ 258.098008][ T8277] tpg Y'CbCr encoding: 0/0 [ 258.102527][ T8277] tpg quantization: 0/0 [ 258.107725][ T8277] tpg RGB range: 0/2 [ 258.130344][ T8277] vivid-007: ================== END STATUS ================== [ 260.111109][ T8306] Console: switching to colour VGA+ 80x25 [ 260.755454][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 260.755543][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 260.851569][ T8306] ================================================================== [ 260.851584][ T8306] BUG: KASAN: slab-out-of-bounds in fbcon_prepare_logo+0xa03/0xc70 [ 260.851622][ T8306] Read of size 256 at addr ffff88807f059860 by task syz.2.570/8306 [ 260.851638][ T8306] [ 260.851647][ T8306] CPU: 0 UID: 0 PID: 8306 Comm: syz.2.570 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 260.851677][ T8306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 260.851693][ T8306] Call Trace: [ 260.851702][ T8306] [ 260.851713][ T8306] dump_stack_lvl+0x116/0x1f0 [ 260.851757][ T8306] print_report+0xcd/0x680 [ 260.851781][ T8306] ? __virt_addr_valid+0x81/0x610 [ 260.851803][ T8306] ? __phys_addr+0xe8/0x180 [ 260.851825][ T8306] ? fbcon_prepare_logo+0xa03/0xc70 [ 260.851855][ T8306] kasan_report+0xe0/0x110 [ 260.851873][ T8306] ? fbcon_prepare_logo+0xa03/0xc70 [ 260.851907][ T8306] kasan_check_range+0x100/0x1b0 [ 260.851930][ T8306] __asan_memcpy+0x23/0x60 [ 260.851957][ T8306] fbcon_prepare_logo+0xa03/0xc70 [ 260.851992][ T8306] fbcon_init+0xd77/0x1900 [ 260.852023][ T8306] ? __pfx_drm_fb_helper_set_par+0x10/0x10 [ 260.852058][ T8306] visual_init+0x31d/0x620 [ 260.852084][ T8306] do_bind_con_driver.isra.0+0x57a/0xbf0 [ 260.852118][ T8306] store_bind+0x61d/0x760 [ 260.852148][ T8306] ? sysfs_file_kobj+0xe4/0x290 [ 260.852172][ T8306] ? __pfx_store_bind+0x10/0x10 [ 260.852200][ T8306] dev_attr_store+0x58/0x80 [ 260.852219][ T8306] ? __pfx_dev_attr_store+0x10/0x10 [ 260.852237][ T8306] sysfs_kf_write+0xef/0x150 [ 260.852261][ T8306] kernfs_fop_write_iter+0x354/0x510 [ 260.852284][ T8306] ? __pfx_sysfs_kf_write+0x10/0x10 [ 260.852309][ T8306] vfs_write+0x6c4/0x1150 [ 260.852338][ T8306] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 260.852360][ T8306] ? __pfx___mutex_lock+0x10/0x10 [ 260.852390][ T8306] ? __pfx_vfs_write+0x10/0x10 [ 260.852426][ T8306] ksys_write+0x12a/0x250 [ 260.852454][ T8306] ? __pfx_ksys_write+0x10/0x10 [ 260.852486][ T8306] do_syscall_64+0xcd/0x490 [ 260.852517][ T8306] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 260.852547][ T8306] RIP: 0033:0x7f01c0d8e929 [ 260.852562][ T8306] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 260.852581][ T8306] RSP: 002b:00007f01c1bcd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 260.852600][ T8306] RAX: ffffffffffffffda RBX: 00007f01c0fb5fa0 RCX: 00007f01c0d8e929 [ 260.852614][ T8306] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 0000000000000003 [ 260.852626][ T8306] RBP: 00007f01c0e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 260.852638][ T8306] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 260.852650][ T8306] R13: 0000000000000000 R14: 00007f01c0fb5fa0 R15: 00007fff12aa63e8 [ 260.852669][ T8306] [ 260.852676][ T8306] [ 260.852681][ T8306] Allocated by task 8115: [ 260.852690][ T8306] kasan_save_stack+0x33/0x60 [ 260.852719][ T8306] kasan_save_track+0x14/0x30 [ 260.852746][ T8306] __kasan_kmalloc+0xaa/0xb0 [ 260.852773][ T8306] __kmalloc_noprof+0x223/0x510 [ 260.852811][ T8306] sk_prot_alloc+0x1a8/0x2a0 [ 260.852840][ T8306] sk_alloc+0x36/0xc20 [ 260.852876][ T8306] __netlink_create+0x5e/0x2c0 [ 260.852917][ T8306] __netlink_kernel_create+0xed/0x750 [ 260.852944][ T8306] uevent_net_init+0xf8/0x350 [ 260.852970][ T8306] ops_init+0x1df/0x5f0 [ 260.853010][ T8306] setup_net+0x1ff/0x510 [ 260.853051][ T8306] copy_net_ns+0x2a6/0x5f0 [ 260.853075][ T8306] create_new_namespaces+0x3ea/0xa90 [ 260.853104][ T8306] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 260.853135][ T8306] ksys_unshare+0x45b/0xa40 [ 260.853170][ T8306] __x64_sys_unshare+0x31/0x40 [ 260.853206][ T8306] do_syscall_64+0xcd/0x490 [ 260.853246][ T8306] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 260.853272][ T8306] [ 260.853278][ T8306] Freed by task 8118: [ 260.853292][ T8306] kasan_save_stack+0x33/0x60 [ 260.853330][ T8306] kasan_save_track+0x14/0x30 [ 260.853369][ T8306] kasan_save_free_info+0x3b/0x60 [ 260.853401][ T8306] __kasan_slab_free+0x51/0x70 [ 260.853441][ T8306] kfree+0x2b4/0x4d0 [ 260.853473][ T8306] __sk_destruct+0x740/0x980 [ 260.853507][ T8306] sk_destruct+0xc2/0xf0 [ 260.853548][ T8306] __sk_free+0xf4/0x3e0 [ 260.853583][ T8306] sk_free+0x6a/0x90 [ 260.853617][ T8306] deferred_put_nlk_sk+0xc9/0x110 [ 260.853657][ T8306] rcu_core+0x79c/0x14e0 [ 260.853680][ T8306] handle_softirqs+0x219/0x8e0 [ 260.853710][ T8306] __irq_exit_rcu+0x109/0x170 [ 260.853739][ T8306] irq_exit_rcu+0x9/0x30 [ 260.853768][ T8306] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 260.853805][ T8306] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 260.853834][ T8306] [ 260.853841][ T8306] Last potentially related work creation: [ 260.853850][ T8306] kasan_save_stack+0x33/0x60 [ 260.853889][ T8306] kasan_record_aux_stack+0xa7/0xc0 [ 260.853921][ T8306] __call_rcu_common.constprop.0+0xa5/0xa10 [ 260.853965][ T8306] netlink_release+0x12f4/0x2020 [ 260.853989][ T8306] sock_release+0x91/0x1d0 [ 260.854017][ T8306] netlink_kernel_release+0x4e/0x60 [ 260.854056][ T8306] uevent_net_exit+0xe4/0x2a0 [ 260.854081][ T8306] ops_undo_list+0x2eb/0xab0 [ 260.854123][ T8306] cleanup_net+0x408/0x890 [ 260.854147][ T8306] process_one_work+0x9cf/0x1b70 [ 260.854189][ T8306] worker_thread+0x6c8/0xf10 [ 260.854230][ T8306] kthread+0x3c2/0x780 [ 260.854266][ T8306] ret_from_fork+0x5d7/0x6f0 [ 260.854304][ T8306] ret_from_fork_asm+0x1a/0x30 [ 260.854333][ T8306] [ 260.854340][ T8306] The buggy address belongs to the object at ffff88807f059000 [ 260.854340][ T8306] which belongs to the cache kmalloc-2k of size 2048 [ 260.854363][ T8306] The buggy address is located 96 bytes to the right of [ 260.854363][ T8306] allocated 2048-byte region [ffff88807f059000, ffff88807f059800) [ 260.854392][ T8306] [ 260.854399][ T8306] The buggy address belongs to the physical page: [ 260.854416][ T8306] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7f058 [ 260.854442][ T8306] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 260.854465][ T8306] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 260.854490][ T8306] page_type: f5(slab) [ 260.854514][ T8306] raw: 00fff00000000040 ffff88801b842000 dead000000000100 dead000000000122 [ 260.854548][ T8306] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 260.854575][ T8306] head: 00fff00000000040 ffff88801b842000 dead000000000100 dead000000000122 [ 260.854601][ T8306] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 260.854627][ T8306] head: 00fff00000000003 ffffea0001fc1601 00000000ffffffff 00000000ffffffff [ 260.854653][ T8306] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 260.854669][ T8306] page dumped because: kasan: bad access detected [ 260.854687][ T8306] page_owner tracks the page as allocated [ 260.854696][ T8306] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5849, tgid 5849 (syz-executor), ts 100548631845, free_ts 100543744491 [ 260.854745][ T8306] post_alloc_hook+0x1c0/0x230 [ 260.854783][ T8306] get_page_from_freelist+0x1321/0x3890 [ 260.854824][ T8306] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 260.854865][ T8306] alloc_pages_mpol+0x1fb/0x550 [ 260.854889][ T8306] new_slab+0x23b/0x330 [ 260.854920][ T8306] ___slab_alloc+0xd9c/0x1940 [ 260.854953][ T8306] __slab_alloc.constprop.0+0x56/0xb0 [ 260.854988][ T8306] __kmalloc_cache_noprof+0xfb/0x3e0 [ 260.855024][ T8306] rtnl_newlink+0x11b/0x2000 [ 260.855064][ T8306] rtnetlink_rcv_msg+0x95b/0xe90 [ 260.855104][ T8306] netlink_rcv_skb+0x158/0x420 [ 260.855129][ T8306] netlink_unicast+0x53a/0x7f0 [ 260.855152][ T8306] netlink_sendmsg+0x8d1/0xdd0 [ 260.855176][ T8306] __sys_sendto+0x4a3/0x520 [ 260.855209][ T8306] __x64_sys_sendto+0xe0/0x1c0 [ 260.855243][ T8306] do_syscall_64+0xcd/0x490 [ 260.855282][ T8306] page last free pid 10 tgid 10 stack trace: [ 260.855296][ T8306] __free_frozen_pages+0x7fe/0x1180 [ 260.855331][ T8306] __put_partials+0x16d/0x1c0 [ 260.855366][ T8306] qlist_free_all+0x4d/0x120 [ 260.855420][ T8306] kasan_quarantine_reduce+0x195/0x1e0 [ 260.855467][ T8306] __kasan_slab_alloc+0x69/0x90 [ 260.855515][ T8306] __kmalloc_cache_noprof+0x1f1/0x3e0 [ 260.855568][ T8306] nsim_fib_event_work+0x8bb/0x2e80 [ 260.855596][ T8306] process_one_work+0x9cf/0x1b70 [ 260.855646][ T8306] worker_thread+0x6c8/0xf10 [ 260.855695][ T8306] kthread+0x3c2/0x780 [ 260.855739][ T8306] ret_from_fork+0x5d7/0x6f0 [ 260.855783][ T8306] ret_from_fork_asm+0x1a/0x30 [ 260.855818][ T8306] [ 260.855826][ T8306] Memory state around the buggy address: [ 260.855843][ T8306] ffff88807f059700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 260.855868][ T8306] ffff88807f059780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 260.855892][ T8306] >ffff88807f059800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 260.855911][ T8306] ^ [ 260.855929][ T8306] ffff88807f059880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 260.855953][ T8306] ffff88807f059900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 260.855971][ T8306] ================================================================== [ 260.856183][ T8306] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 260.856206][ T8306] CPU: 0 UID: 0 PID: 8306 Comm: syz.2.570 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 260.856250][ T8306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 260.856270][ T8306] Call Trace: [ 260.856281][ T8306] [ 260.856294][ T8306] dump_stack_lvl+0x3d/0x1f0 [ 260.856346][ T8306] panic+0x71c/0x800 [ 260.856396][ T8306] ? __pfx_panic+0x10/0x10 [ 260.856444][ T8306] ? irqentry_exit+0x3b/0x90 [ 260.856492][ T8306] ? lockdep_hardirqs_on+0x7c/0x110 [ 260.856561][ T8306] ? preempt_schedule_thunk+0x16/0x30 [ 260.856614][ T8306] ? fbcon_prepare_logo+0xa03/0xc70 [ 260.856670][ T8306] ? preempt_schedule_common+0x44/0xc0 [ 260.856714][ T8306] ? fbcon_prepare_logo+0xa03/0xc70 [ 260.856756][ T8306] check_panic_on_warn+0xab/0xb0 [ 260.856800][ T8306] end_report+0x107/0x170 [ 260.856824][ T8306] kasan_report+0xee/0x110 [ 260.856851][ T8306] ? fbcon_prepare_logo+0xa03/0xc70 [ 260.856898][ T8306] kasan_check_range+0x100/0x1b0 [ 260.856931][ T8306] __asan_memcpy+0x23/0x60 [ 260.856968][ T8306] fbcon_prepare_logo+0xa03/0xc70 [ 260.857019][ T8306] fbcon_init+0xd77/0x1900 [ 260.857063][ T8306] ? __pfx_drm_fb_helper_set_par+0x10/0x10 [ 260.857113][ T8306] visual_init+0x31d/0x620 [ 260.857150][ T8306] do_bind_con_driver.isra.0+0x57a/0xbf0 [ 260.857199][ T8306] store_bind+0x61d/0x760 [ 260.857243][ T8306] ? sysfs_file_kobj+0xe4/0x290 [ 260.857279][ T8306] ? __pfx_store_bind+0x10/0x10 [ 260.857319][ T8306] dev_attr_store+0x58/0x80 [ 260.857346][ T8306] ? __pfx_dev_attr_store+0x10/0x10 [ 260.857371][ T8306] sysfs_kf_write+0xef/0x150 [ 260.857402][ T8306] kernfs_fop_write_iter+0x354/0x510 [ 260.857429][ T8306] ? __pfx_sysfs_kf_write+0x10/0x10 [ 260.857465][ T8306] vfs_write+0x6c4/0x1150 [ 260.857506][ T8306] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 260.857546][ T8306] ? __pfx___mutex_lock+0x10/0x10 [ 260.857590][ T8306] ? __pfx_vfs_write+0x10/0x10 [ 260.857658][ T8306] ksys_write+0x12a/0x250 [ 260.857701][ T8306] ? __pfx_ksys_write+0x10/0x10 [ 260.857749][ T8306] do_syscall_64+0xcd/0x490 [ 260.857798][ T8306] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 260.857829][ T8306] RIP: 0033:0x7f01c0d8e929 [ 260.857852][ T8306] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 260.857882][ T8306] RSP: 002b:00007f01c1bcd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 260.857911][ T8306] RAX: ffffffffffffffda RBX: 00007f01c0fb5fa0 RCX: 00007f01c0d8e929 [ 260.857932][ T8306] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 0000000000000003 [ 260.857949][ T8306] RBP: 00007f01c0e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 260.857969][ T8306] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 260.857987][ T8306] R13: 0000000000000000 R14: 00007f01c0fb5fa0 R15: 00007fff12aa63e8 [ 260.858017][ T8306] [ 260.858345][ T8306] Kernel Offset: disabled