last executing test programs: 21.02042744s ago: executing program 0 (id=199): mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) sendmsg$auto_NL80211_CMD_SET_WIPHY(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16, @ANYBLOB="010029bd7000fbdbdf250200140008000300", @ANYRES32, @ANYBLOB='\b\x00?'], 0x24}, 0x1, 0x1400, 0x0, 0x80}, 0x20000084) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev5\x00', 0x280, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/hugetlb.1GB.max_usage_in_bytes\x00', 0x82002, 0x0) socket(0x2, 0x1, 0x106) io_uring_setup$auto(0x1, 0x0) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000002740), 0xffffffffffffffff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) process_vm_readv$auto(0x0, 0x0, 0x1, 0x0, 0x6, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) ioctl$auto_BLKALIGNOFF(0xffffffffffffffff, 0x127a, 0x0) madvise$auto(0x0, 0x1010001, 0x100000003) madvise$auto(0x1000, 0x400050, 0x9) openat$auto_tracing_err_log_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/error_log\x00', 0xb01, 0x0) clone$auto(0x6d8, 0xffe, 0x0, 0x0, 0x4000000a) io_uring_setup$auto(0x1, 0x0) futex$auto(&(0x7f0000000080)=0x1, 0xb, 0x1, 0x0, 0x0, 0xfffffffa) futex$auto(&(0x7f0000000080)=0xfffffffa, 0xc, 0x1, 0x0, 0x0, 0xfffffffa) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, &(0x7f0000000000)=0x200000000) clock_getres$auto(0x4, &(0x7f0000000340)={0x6, 0x81}) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) futex$auto(&(0x7f0000000080)=0x1, 0xb, 0x1, 0x0, 0x0, 0xfffffffa) futex$auto(&(0x7f0000000080)=0xfffffffb, 0x5, 0x1, 0x0, 0x0, 0x1) r1 = fanotify_init$auto(0x5, 0x0) fanotify_mark$auto(r1, 0x205, 0xa, 0x4, 0x0) read$auto(0x3, 0x0, 0x87f) 19.446505117s ago: executing program 0 (id=206): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x0, 0x5, 0x7) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) open(&(0x7f0000000000)='./file0\x00', 0x206042, 0xe1d2b27bdc14aabc) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x600347, 0x0) mmap$auto(0x0, 0x128009, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0x0) socket(0x80000000000000a, 0x2, 0x0) socket(0x10, 0x2, 0x0) socket(0x15, 0x5, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/bus/usb/013/001\x00', 0xa901, 0x0) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) socket(0x10, 0x2, 0xc) socket(0x10, 0x2, 0x0) socket(0x15, 0x4, 0x0) socket(0x2, 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) pipe$auto(0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x6f) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x2100, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = socket(0xa, 0x801, 0x84) getsockopt$auto(r1, 0x84, 0x82, 0x0, 0x0) ioctl$auto(0x3, 0x80106f53, r0) syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000340), 0xffffffffffffffff) 19.127243112s ago: executing program 0 (id=209): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x20000000}, 0x890) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x48080}, 0x40044011) (async) close_range$auto(0x2, 0x8, 0x0) (async) r0 = io_uring_setup$auto(0x6, 0x0) socket(0xa, 0x800, 0x84) (async) bind$auto(r0, &(0x7f0000000040)=@nl=@proc={0x10, 0x0, 0x25dfdbff, 0x4}, 0x6e) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async) prctl$auto(0x3e, 0x9, 0x0, 0x2, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) (async) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) (async) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) r2 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/pagemap\x00', 0x8000, 0x0) ioctl$auto_PAGEMAP_SCAN(r2, 0xc0606610, &(0x7f000000c380)={0x8001, 0x0, 0x900000, 0x7fffffffefff, 0xfffffffffffffffe, 0x1, 0x200000000008, 0xbff, 0x2c, 0xe6, 0xfee6, 0x7c}) (async) prctl$auto(0x1000000003b, 0x1, 0x0, 0x5, 0x7) (async) mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x8000000000000003, 0x8000) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/bus/usb/drivers/usbip-host/match_busid\x00', 0x28b42, 0x0) writev$auto(0x3, &(0x7f0000000100)={&(0x7f0000000340), 0x7111}, 0x8) (async) mlockall$auto(0x1000) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) (async) close_range$auto(0x0, 0xffffeffe, 0x2) fanotify_init$auto(0x602, 0x1) (async) open(0x0, 0x662c2, 0xe1d2b27bdc14aa0c) unshare$auto(0x40000080) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd) (async) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x4, &(0x7f00000002c0)={0x0, 0xffeb}, 0x18bf3ac3, 0x0, 0x5, 0x7}, 0x8}, 0xffffffff, 0xb00) (async) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r3, 0x4b68, 0x1) 18.094700461s ago: executing program 0 (id=212): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_OVS_VPORT_CMD_NEW(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002bbd7000fddbdd250100000004000a8008000200000e0000000003007d295b0004000540"], 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x80) 17.979690998s ago: executing program 0 (id=213): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) (async, rerun: 32) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/fs/jbd2/sda1-8/info\x00', 0x240, 0x0) (async, rerun: 32) r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2, 0x0) (async) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/net/rpc/nfs4.nametoid/flush\x00', 0x8002, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x1}, 0x9) (async) r2 = epoll_create$auto(0x8800001) (async) mmap$auto(0x0, 0x2020008, 0x100000001, 0x8011, 0xfffffffffffffffa, 0x8000) (async) r3 = prctl$auto(0x7fff, 0x9, 0x0, 0x400000000005, 0x7) (async) madvise$auto(0x0, 0x200007, 0x19) (async, rerun: 64) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, 0x0, 0x40005) (async, rerun: 64) r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) mmap$auto(0x0, 0x1002000d, 0x4000000000df, 0x16, 0x404, 0x2) (async) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x40100, 0x0) (async, rerun: 64) write$auto(r4, &(0x7f0000000280)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) (async, rerun: 64) r5 = ioctl$auto_TIOCGPTPEER2(r2, 0x5441, 0x0) (async) r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), r3) sendmsg$auto_NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(r5, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0xc0, r6, 0x1, 0x70bd2b, 0x25dfdbfd, {}, [@NL80211_ATTR_WIPHY_TX_POWER_SETTING={0x8, 0x61, 0x8}, @NL80211_ATTR_OBSS_COLOR_BITMAP={0xc, 0x12e, 0x100000000}, @NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY={0x4}, @NL80211_ATTR_FILS_CACHE_ID={0x94, 0xfd, "5080a230beb4c4958cf4cd30430079fff7bcc7d0db3a8632796d1a211b5df98e68507b0914430be98007f607331e0690e6a8d5b9c268e9eca5af1900092d11bb0e69358ca33fa31d9bc42dab29f28a986159a2db7d2361c9f0f1c3ac0e70404398040e12089a119a111e28b95b3480632475011708c7d37b960dfe20b0591e662cc5de05036a63ccf1471f23d33c06c6"}]}, 0xc0}, 0x1, 0x0, 0x0, 0x10}, 0x20000000) (async) fcntl$auto_F_SETFL(0xffffffffffffffff, 0x4, 0xe) (async) epoll_ctl$auto(r2, 0x1, r0, 0x0) close_range$auto(0x2, 0x8, 0x0) unshare$auto(0x40000080) (async, rerun: 32) close_range$auto(0x0, 0xfffffffffffff000, 0x2) (rerun: 32) r7 = socket(0x2, 0xa, 0x1) r8 = bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_4={0x1b, r7, 0x10000}, 0x10) mmap$auto(0x0, 0x2009, 0xfffffffffffffffb, 0x8000200008011, r8, 0x0) r9 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snd/controlC0\x00', 0x2849c3, 0x0) ioctl$auto(0xffffffffffffffff, 0xc038563b, r9) 16.650116482s ago: executing program 0 (id=218): mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) timer_settime$auto(0x1, 0x3, 0x0, 0x0) (async) timer_settime$auto(0x1, 0x3, 0x0, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) (async) r0 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) socket(0xa, 0x3, 0x8) (async) socket(0xa, 0x3, 0x8) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) ioctl$auto(r0, 0x400454ca, 0x38) fcntl$getown(r0, 0x9) (async) r1 = fcntl$getown(r0, 0x9) prctl$auto(0x79, 0x7, r1, 0x4d, 0x1) (async) prctl$auto(0x79, 0x7, r1, 0x4d, 0x1) getrlimit$auto(0x3, 0x0) ioctl$auto_TUNSETVNETLE2(r0, 0x400454dc, 0x0) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x3, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x0, 0xffffeffe, 0x2) openat$auto_bm_register_operations_binfmt_misc(0xffffffffffffff9c, 0x0, 0x181441, 0x0) socket(0xa, 0x1, 0x84) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x6) (async) socket(0x2, 0x1, 0x6) setsockopt$auto(0x3, 0x6, 0x20, 0x0, 0xfb3) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/ip_vs_conn_sync\x00', 0x101181, 0x0) setresuid$auto(0x0, 0xee00, 0xffffffffffffffff) write$auto(0x3, 0x0, 0xfdef) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) 9.079486573s ago: executing program 3 (id=248): r0 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc) fallocate$auto(r0, 0x0, 0x7, 0x4cbd5d) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, 0x0, 0x1c1041, 0x0) write$auto_fuse_dev_operations_fuse_i(r1, &(0x7f0000000440)="110000000300"/17, 0x11) timer_create$auto(0x2, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0xfff, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0x5, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0x80000012, 0xfffffffffffffffb, 0x8000) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r2, &(0x7f0000000440)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xe7k\xc9\xb7\x80T\xd0\xc2\xa0\a\xf6*:\xb7_\xf1\xb1yx\xc8\x00\xf1\xf9\x87\xa4D\xf4S\xda\xa9Y4*\x1a[\xcdv\x83q\xab\x1aK8 \xe9\xf7TU\xc6\xe3~\x92S\xef\x9c\xc0\xc9\x04/\x18\xf1\xe2\xe4_\xfa{\xe0DB\x1d\x83e\x12*\xa0K\xc0`\nt\xf5\xac$\x94\xf0>\xceXs\xb5\xd8dV\xc4lG\b~\x1cn\x80\xde?\xed~\xcfV\xcd\xdc\xdd\'\xc4^.=\xc4\x86\xce*\xba<\xbf\x19N\xc5~zFY\xc6\x90\xf6o>\xf7\x1a$\xfd\xc7\xf1[-9\xf5v/\x10\x87@\'1\xf3\xd7\xcd\xbf\xac\x84\xe2\x98\x96>\xff1\x8a\x1d\xdalWU\x1c\xc7N\xdf\xcbR\xf6\xea\x89\x01\x04\x00[\x1eP3\xec\x13\x1eh\xab#\x1do\xa1?s\n\xb6\xcc{\x9e\xbb\x06\xe4>J\xbew\xc2K\x1c\x97_=\xe6]\x06)`\xad*\x88k\x1d\x87&\n\xdf#?\x03\x06(\xef;\x7f\x1d\x7f\xb8\xd5\xe9\xfe`M\xe7\x95\xb2\xa6\v\x190\xce\xc4\x15`\xa5C\x9ar\ta\xec\x17\x16\xc6\xf0\x03\xc6\x85U).\xf5\xc5\a\x94\xc5\x86\xb6\xce\r,M\xd2]r\xe5m\x83X\xa82&\x01r3\x8dW\xb0\xf8/\xbf6\xee\x88\xf9LD\r\n\x17\x901\xa1\x10K\x85Yk\x99{\x88\x94\x13rp\xbb\xe18\xbdK\x92\xd8i\x89!l\xad\x1e\xf3M/W3E\xebZ\x92\x1c\xa34\xd2\x84vkf\n6z\x10!\x85\xd9(\xa17\xeb\x82\x97\xd2\x94Nu\x86\xac\x12a\xedp\xa3D\xf7_\x11\x96|V>\xbdj\xb6\x85/\xa6\x17\x11n%\xbe~\x15\x91\xe6\xa9z\xd4\x91\x8f\xac\xc5}\xe4\a\x9an\xa8\xf0\xda\xa1\xb2\xee\xef\xed+S\x1b&X\x82{\x8d\xe3m\xc7\xe8x\xe8V\xf7\xec\xcaH\tQ\xaehU+\x87@\x9b\xe3\xbc\x8e\x99\x8e\x8e\x06/\x0f\ax\xcc\xb0\x88*\xffsuV', 0x2) fanotify_init$auto(0x65, 0x2) r3 = openat$auto_force_wakeup_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/bluetooth/hci2/force_wakeup\x00', 0x8742, 0x0) r4 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) clone$auto(0x20003b11, 0x8, 0x0, 0x0, 0x3) write$auto(r4, 0x0, 0xe) r5 = openat$auto_lowpan_enable_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x109500, 0x0) r6 = open$dir(&(0x7f0000000080)='./file0\x00', 0x460040, 0x4) ioctl$auto_UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f0000000100)={0xfd, 0x25, [{r0, 0x0, 0x8, 0x7fffffff}, {r0, 0x0, 0x81a, 0x4}, {r3, 0x0, 0x6, 0x6}, {r6, 0x0, 0x7, 0x2}, {r4, 0x0, 0x5, 0x1b}, {r4, 0x0, 0x5, 0x3}]}) read$auto(r5, &(0x7f0000000040)='(-{%\x00', 0x4b) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) lseek$auto(0x3, 0x2, 0x4) 7.274248564s ago: executing program 3 (id=263): r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) clock_getres$auto(0x4, &(0x7f0000000340)={0x6, 0x81}) r1 = ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, 0x0, 0x2000, 0x0) r2 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/005/001\x00', 0x12081, 0x0) ioctl$auto_USBDEVFS_SUBMITURB32(r2, 0x802c550a, &(0x7f0000000080)={0x4, 0x4, 0x401, 0x9, 0x7, 0x7fffffff, 0x7, 0x80000000, 0x3, 0xff, 0x0, 0x2, [{0xd, 0x1ff, 0x4}, {0xb, 0x72, 0x5}, {0x8, 0x9, 0x5}, {0x1, 0x8, 0x2}, {0x8000, 0x7, 0x2}, {0x4dc, 0x7, 0x7}, {0x0, 0x2, 0x3}, {0x606, 0x6d, 0x8}]}) mmap$auto(0x0, 0xa00006, 0x400002, 0x40eb1, 0x602, 0x300000000000) socket(0x2, 0x1, 0x106) syz_clone(0x4100000, 0x0, 0x0, 0x0, 0x0, 0x0) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) ioctl$auto_KVM_GET_MSRS(0xffffffffffffffff, 0x4068aea3, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto_KVM_GET_MSRS(r1, 0x4068aea3, &(0x7f0000000040)={0x80, 0x100000}) 5.248890453s ago: executing program 1 (id=260): r0 = ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec18\x00', 0x900, 0x0) ioctl$auto_CEC_S_MODE(r1, 0x40046109, &(0x7f0000002c40)=0xf0) close_range$auto(0x2, 0x8, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) socket(0xa, 0x2, 0x0) pidfd_open$auto(0x1, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000) move_pages$auto(0x0, 0x4, 0x0, 0x0, 0x0, 0x400000) uname$auto(&(0x7f0000000180)={"ad84726f530323e52242c6a93688db926cbfc1df52329ce084257b9e88f3763fb54838f1f32351e3de4dd4d19cea9a1e55f92c76b8e5978d75f9c58a45d8c81aba", "04986eda295453432af666835d32fbc12209644003d240001d1b33e1b356e48cc9f32f6f6892796a7f54c8f602e987294f980934ebbb1d75bfd4978b3f61a500", "382bf3fe479186b41938be067ef57648446f01772f5396103529adfb49d37dd17d6d185aefe183b0c681f7c034ad1c4f6173d92f2dcb73c09afeb346dca00217dc", "c0d3b0a967eef631a8130db3027d9d90680cdaae7b014c340b219e3df22244da8c5970a188bbb4ba9d3eae86fd611f522462665398b71ca368a0d910e404cf64a7", "7eaaa11f4a5f991d3d554d459ab70f3fc9947e3348afcbe228be5279d2ac905668cb3cf3504c577c3e4bc62e06777689462f3ccd49455b84526f04d5ad5fa2667a", "0740565cd2129083d9584fa321770915e771bb111720f212c38bafbec6d9d6e89f0bdd0718eb627debedadebfb69443684364970e41228e894c17c7bcb955761ae"}) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_EEE_GET(r3, &(0x7f0000000840)={0x0, 0xffffffffffffff4a, &(0x7f0000000800)={&(0x7f00000007c0)={0x2c, r4, 0x1, 0x70bd2a, 0x25dfdbfd, {}, [@ETHTOOL_A_EEE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vxcan1\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4814}, 0x400c850) openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) writev$auto(r5, &(0x7f0000000080)={0x0, 0x1000}, 0x3) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x5, 0x0) settimeofday$auto(&(0x7f0000000180)={0x6ddb8b07, 0x9}, &(0x7f0000002680)={0x1, 0x4}) mknod$auto(&(0x7f0000000000)='}[,&*}\x00', 0x1, 0x4) read$auto_safesetid_gid_file_fops_securityfs(r0, &(0x7f0000000340)=""/145, 0x91) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, 0x0) link$auto(&(0x7f00000000c0)='}[,&*}\x00\xa2\xbd\xac\x1b\xa6\xee+\xbb\xddh\xf9Bb\xee.\x06nt\xf6`\xa5\xfaJ\x01\xfb\xff87\x830^\x8c\xf8\xa7\xbcXs\x06w\x7f}g\xa1\xccBV\xb4\x84\x15\x97;eO\xebKV\xe8\x11\x1b&\x96f\x9b.\xb1J\x81\t\x98\x92\xc4\xfb\xf0]f\x18\x1b\xabCK<\xf0\xfcI\xc3*\x96\x8cHvh\x06L\xfdC\xc2\x01\xaf6dA\xd6\x8d7\n\xc7y\xbbV\x13\xb8\a\xe9\xba7w\xd5v\x1d\x95\xcer\xaap\xa0\x7f\x9f\x02\xc3]\xf4\xe89\x86S\xfb\xc1\x03OZ\'7\f\xcc>\xf8\xa9\xa8\xc8\x02\xc4\xc1\xe0\r\xd7\xc2(\x18w\xc9\x85\b\xd7\xef\xbbg\x96\xe5\xdc/\xa5V\x90#\v\xbd\xe8}\x1d\\}\x8f\x16w1\x00n\xd1\xa7\xd1s\x19d\xff)g', &(0x7f0000000080)='#\x00') r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), r6) 5.176516827s ago: executing program 3 (id=261): mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r1, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f0000004300)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\v'], 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x810) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), r1) read$auto(r1, &(0x7f0000000000)='\x00', 0x91e2) socket(0x10, 0x2, 0x4) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000000)='/dev/usbmon7\x00', 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) r3 = socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) r4 = socket(0x10, 0x2, 0xc) openat$auto_dmaengine_summary_fops_(0xffffffffffffff9c, &(0x7f0000000080), 0x80100, 0x0) lseek$auto(0x3, 0x7fffffffffffffff, 0x1) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYRES8=r4, @ANYBLOB="18000000", @ANYRES8=r2], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x40000f0) write$auto(r3, &(0x7f0000000000)='\xde\x00', 0xfded) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) sendmsg$auto_NL80211_CMD_SET_WIPHY(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16, @ANYBLOB="010029bd7000fbdbdf250200140008000300", @ANYRES32, @ANYBLOB='\b\x00?'], 0x24}, 0x1, 0x1400, 0x0, 0x80}, 0x20000084) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev5\x00', 0x280, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/hugetlb.1GB.max_usage_in_bytes\x00', 0x82002, 0x0) socket(0x2, 0x1, 0x106) io_uring_setup$auto(0x1, 0x0) ioctl$auto_VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, &(0x7f0000000000)=0x200000000) clock_getres$auto(0x4, &(0x7f0000000340)={0x6, 0x81}) r5 = fanotify_init$auto(0x5, 0x0) fanotify_mark$auto(r5, 0x205, 0xa, 0x4, 0x0) read$auto(0x3, 0x0, 0x87f) 4.611141128s ago: executing program 3 (id=262): r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyrc\x00', 0x400, 0x0) read$auto(r1, &(0x7f00000000c0)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1a) r2 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/014/001\x00', 0x58a002, 0x0) ioctl$auto_USBDEVFS_CONTROL(r2, 0xc0185500, &(0x7f0000000080)={0x0, 0x5, 0x2, 0xc, 0x0, 0x7fb, 0x0}) ioctl$auto_TIOCGEXCL2(r1, 0x80045440, &(0x7f0000000100)=0x40000014) mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x20010, r0, 0xfffffffffffffffe) mmap$auto(0x0, 0x202000b, 0xfffffffffffffffe, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) r3 = socket(0xa, 0x1, 0x84) getsockopt$auto(r3, 0x84, 0x8, 0x0, &(0x7f0000000000)=0x3) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) epoll_create$auto(0x4) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptyyb\x00', 0x0, 0x0) poll$auto(&(0x7f0000000040)={r2, 0xad0, 0x3}, 0x4, 0x6) rseq$auto(0x0, 0x8000, 0x0, 0x6) socket(0x2, 0x1, 0x106) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snd/midiC2D2\x00', 0x1, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) select$auto(0xa, 0x0, 0x0, &(0x7f00000002c0)={[0x1fd, 0x9, 0xd3e, 0x1, 0x948b, 0x2, 0x95f4da0a, 0x7f3, 0xe07, 0x8000000000000001, 0x2a61, 0x6, 0x8, 0x9, 0x6, 0x4]}, 0x0) write$auto(r4, &(0x7f0000000400)=' \x00\x00\x00\xf7\xff\xff\xff\xff\xff\xff\xff', 0x100000a3d9) select$auto(0x12, 0x0, 0x0, 0x0, 0x0) r5 = gettid() rt_sigqueueinfo$auto(r5, 0x5, &(0x7f0000000000)={@siginfo_0_0={0x276bb, 0x1b40, 0x4, @_sigchld={0x0, 0xee00, 0x800, 0x8, 0x2}}}) ptrace$auto_PTRACE_GETFPREGS(0xe, r5, 0x5, 0x4) close_range$auto(0x2, 0x8, 0x0) madvise$auto(0xfff, 0x3, 0xd) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) fcntl$auto_F_SETSIG(r1, 0xa, 0x5) 3.614511288s ago: executing program 3 (id=265): r0 = syz_genetlink_get_family_id$auto_802_15_4_mac(&(0x7f0000000100), 0xffffffffffffffff) acct$auto(&(0x7f00000001c0)='/dev/cuse\x00') sendmsg$auto_IEEE802154_LLSEC_SETPARAMS(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="020027bd7000fddbdf2525000000050019009a000000060004000000000005002300080000003566ca2e7ce8e02b4f3aac6302c7fa3e483c90375aeb3d70008f14bae39cb08ee304e1ac864f6b96459a56356ead3f8f5d1b9f71288edad8ffe347074d3c703c0de2438c331b417fcdd06fb38aaac50b2505b4816590884e9cc67c2ce29515ca2b79c6b803bf98c6a1101619adeff3ae9226caa0e561e9d33b0d345f8e32c4f625926c97ca1c4075ac17714a09dbfbd8313ca91658e5bccad54b17d4803824f501943b540792e0363f7c2f08f2ee76834f08eea9d7a36a0c08c7e6216fbe48c0713d37478aa304fe0531be7c061c7f6e163e5041be29927f80"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000000) mmap$auto(0x0, 0x400008, 0x5f, 0x9b72, 0x2, 0x8000) r1 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/netfilter/nf_log/3\x00', 0xa0202, 0x0) sendfile$auto(r2, r2, 0x0, 0xd) fallocate$auto(r1, 0x0, 0x7, 0x4cbd5d) r3 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snd/controlC0\x00', 0x0, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_WRITE(r3, 0xc4c85513, 0x0) r4 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cec26\x00', 0x301081, 0x0) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r4, 0xc05c6104, &(0x7f0000000100)={"0e00", 0x0, 0x6, 0x2, 0x9b0, 0x9, "02bb0000ecff090000007646222ce1", '\x00', "0001410c", "b000", ["f5404de9641f0000000060c1", "70d9a9a3af9f39d000000001", "ef5ac4927ad89c5c00"]}) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r4, 0xc05c6104, &(0x7f0000000480)={'\x00', 0x8, 0x4, 0x10, 0x0, 0x20000001, "0573830014ae6d1c64f0c9cfc40a01", "354d40de", ' \x00', "0bea5a5a", ["8844f3d239ba5a2b00d1d4f1", "39eb04fad47fb285746e614c", '\x00', "19c57f7fee8d089a10cdd8c3"]}) ioctl$auto_CEC_TRANSMIT(r1, 0xc0386105, 0x0) write$auto(0x3, 0x0, 0x400000000000050) r5 = socket(0xa, 0x1, 0x84) getsockopt$auto(r5, 0x0, 0x53, 0x0, 0x0) mmap$auto(0xea88, 0x810004, 0xb, 0x10, 0x3, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) socket(0x29, 0x2, 0x0) socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x400005, 0xffffffffffeffffe, 0x9b72, 0xc76, 0x8002) r6 = getpid() process_vm_readv$auto(r6, &(0x7f0000000000)={0x0, 0xfff}, 0x800000005, &(0x7f0000000500)={&(0x7f0000000080), 0x1ffffffff}, 0x2, 0x0) unshare$auto(0x40000080) mmap$auto(0x2, 0x2020009, 0x100000005, 0x400000000eb1, r5, 0x8000) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40602, 0x0) setfsuid$auto(0xee00) madvise$auto(0x0, 0xffffffffffff0005, 0x17) 3.612540117s ago: executing program 1 (id=273): r0 = openat$auto_stats_seq_fops_netdebug(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0) r1 = openat$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffff9c, &(0x7f0000000bc0)='/sys/kernel/tracing/dynamic_events\x00', 0x1, 0x0) write$auto_dynamic_events_ops_trace_dynevent(r1, &(0x7f0000000300)="234751a0cc0bafad59f83847854e875d850a4d197ec4b029fba4d9ea9aee6b48844ea09e2bbf5fd0fd3bb02ffd2773db9383c7153478f9420e66317eed986a03b01f4e058639651a79481bb55990570866369eeccabb9dcc25ed8b92057516ae28b8cbbe6582f0e6e0b276407aaaa436ee10ac38c3afb7d5b517ae864eff15684ef3c720d504b99e878905e7e4b2bb6b5e01d0ce0cf498295599b79a7c0283", 0x9f) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/fs/ocfs2/active_cluster_plugin\x00', 0x22100, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) mmap$auto(0x0, 0x40000a, 0x5f, 0x9b72, r0, 0x8000) close_range$auto(0x2, 0x8, 0x0) unshare$auto(0x40000080) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) madvise$auto(0x20000, 0x100000000200007, 0x19) r2 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001340), 0xffffffffffffffff) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) r5 = clone$auto(0x1, 0x0, 0x0, 0x0, 0x42) syz_clone3(&(0x7f0000000180)={0xa7102000, 0x0, 0x0, 0x0, {0x2a}, 0x0, 0x0, 0x0, &(0x7f0000000100)=[r5], 0x1}, 0x58) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000000"], 0x20}, 0x1, 0x0, 0x0, 0x24040000}, 0x18800) sendmsg$auto_CTRL_CMD_GETPOLICY(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000005c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01032cb57000fbdbdf250a000000050002000000000006000100400200000600010003000000080002000200000043ae480bd87d13725d0d2937ee3a83a24cf9a9c143604ad95e54c6ae17f946a669ecda26c9e4f346911e70887a79b3d78560288532f57ee4ab54ce7495e390a34aadb4b5267f65a8e61129a7a7a56c21c2ed7fc1012f07cff4ea3e3fdce45c115f3274587f8100bcf7550ae57cc0315a8e9f476d006c36a39bb5b039662271ace0e1cc85ea0000000036d403e2ed3364ed465880f80bc51296e01973c3e6858aa815f2caf68ee8b8381307f22fa3e0d45709de"], 0x34}, 0x1, 0x0, 0x0, 0x400c01d}, 0x0) ioctl$auto_SNDCTL_TMR_CONTINUE(r1, 0x5404, &(0x7f00000003c0)="4dd9defb134195b1aa9d0962ba475f32dfca7cf77c4c2b78e453d4461064007e855ef5c66faa1e28ff6617eadfae64aced0814baddb9f47b53a63eeb5aa8ab5f41cff3c309402f3ffca2cad07a4e6f645fbca43aac38dd22a84b437352555054eca34eba08f6c451eab43e58974ebe78ad50c1d380db942a88f2c41b32cb51083841cff9e835207b09d5608648c04e3bc511106bbaf680b855b33f8910ea046107ebb55ceb0a6c9cb02691ffbd376785dc1e45b6a506257b0c0ffc2a251f57c2fa98b7d7f9c2b06ece3a4c0a562aa8e9703eb5") bpf$auto_BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f00000004c0)=@bpf_attr_4={0x37c, r3, 0x1, r0}, 0x8) getcpu$auto(0xfffffffffffffffc, 0xffffffffffffffff, 0xfffffffffffffffd) sendmsg$auto_NL80211_CMD_GET_SURVEY(r3, &(0x7f0000000580)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x18, 0x0, 0x8, 0x70bd25, 0x25dfdbfb, {}, [@NL80211_ATTR_MLO_SUPPORT={0x4}]}, 0x18}}, 0x8800) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r6 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r6, 0xae01, 0x0) 3.264279679s ago: executing program 2 (id=266): mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) close_range$auto(0x2, 0x8, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC2\x00', 0x101802, 0x0) ioctl$auto(0x3, 0x80045530, 0xffffffffffffffff) r0 = bpf$auto_BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000280)=@query={@target_ifindex, 0x8, 0x10001, 0xa40, 0xc5f, @prog_cnt=0x5, 0x0, 0x0, 0x8, 0x46bd, 0x5}, 0x7f) ioctl$auto_TCFLSH2(r0, 0x540b, &(0x7f0000000340)="1a59e44c35283a2fd0969b516d6be2db8459fc19ce1b5ff226c7ad5099daca249ceddc6ab244f96734d4e5e48e844df14bb432be2dc4d06c7a7e") r1 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2, 0xe2, 0xeb1, 0x405, 0xfffffffffffffff9) r2 = socket(0xa, 0x5, 0x0) setsockopt$auto(r2, 0x10000000084, 0x79, 0x0, 0xd) r3 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002a40), r1) sendmsg$auto_NFSD_CMD_LISTENER_SET(r1, &(0x7f00000050c0)={0x0, 0x5c1e, &(0x7f0000005080)={&(0x7f0000002a80)={0x14, r3, 0x1, 0x70bd25, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x20008050) sendmsg$auto_NFSD_CMD_LISTENER_SET(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x14, r3, 0x1, 0x70bd27, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0xeda47ee5ad433e65}, 0x20000000) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_hsr(&(0x7f0000000180), r4) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) pread64$auto(0xffffffffffffffff, 0x0, 0x3ef, 0x9) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) mremap$auto(0x4000, 0x8000b8, 0x13fd4, 0x3, 0xfffff000) sendmsg$auto_HSR_C_GET_NODE_LIST(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)={0x14, r5, 0x1, 0x70bda6, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x20000080}, 0x20000800) r6 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000200)='/proc/kcore\x00', 0x28000, 0x0) pread64$auto(r6, 0x0, 0x840003, 0x40000000002e72) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$auto_OVS_FLOW_CMD_NEW(r7, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000001240)={&(0x7f0000000140)={0x1c, r8, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@OVS_FLOW_ATTR_PROBE={0x4}, @OVS_FLOW_ATTR_PROBE={0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x40) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) 2.339677998s ago: executing program 2 (id=267): r0 = socket(0x2, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) setsockopt$auto(0x3, 0x0, 0x2, 0x0, 0x3) write$auto(r0, 0x0, 0x6) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_VHOST_SET_VRING_ERR2(0xffffffffffffffff, 0x4008af22, &(0x7f0000000100)={0xfffffffe, r1}) ioctl$auto_USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0185500, &(0x7f0000000100)={0x9, 0xfc, 0x5, 0x80, 0xc79, 0x2, &(0x7f0000000000)="e22363bfac"}) pidfd_send_signal$auto_PIDFD_SIGNAL_THREAD(r0, 0x2, &(0x7f0000000180)={@_si_pad}, 0x1) write$auto_fops_init_pkru_pkeys(0xffffffffffffffff, 0x0, 0x0) ioctl$auto_FUSE_DEV_IOC_CLONE(0xffffffffffffffff, 0x8004e500, 0x0) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x10000}, 0x7, 0x0, 0x5, 0xb}, 0xfff}, 0x8, 0x311) bpf$auto(0x0, 0x0, 0xa3) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) r2 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000080)='/dev/usbmon8\x00', 0x2800, 0x0) ioctl$auto_MON_IOCQ_RING_SIZE(r2, 0x9205, 0x0) rseq$auto(&(0x7f0000000280)={0xe, 0x403, 0x7, 0x80b, 0x83, 0x2}, 0x20, 0x0, 0x8000006) mmap$auto(0x0, 0x3, 0xb, 0x3132, 0x4008df3, 0x0) futex_wake$auto(&(0x7f00000001c0), 0x5, 0x4, 0xa) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x1, 0x0) socket(0xa, 0x3, 0x3a) epoll_create$auto(0x2) r3 = epoll_create$auto(0x2) epoll_pwait2$auto(r3, 0x0, 0x8, 0x0, 0x0, 0x8) sysfs$auto(0x2, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) epoll_ctl$auto(0x5, 0x1, r4, 0x0) setreuid$auto(0xee01, 0x0) 2.059322658s ago: executing program 1 (id=268): r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r0, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) futex$auto(0x0, 0x204, 0x3, 0x0, 0x0, 0x7d) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r1 = open(&(0x7f0000000180)='./file0\x00', 0x404100, 0x40) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=ANY=[@ANYBLOB="d6a46ff6110e146d5a47df5b5ff9317f40d63e0004d59aebabfbbbca08dc2079cb87b8f6b7e57ccbf5ac86a91206960b35ad26d7b1ff1f338a838b3a6f5d444bba0dd30ea8137973e511bbdb85423853bf383dca16a801ea4c33fb9b037b0dfb78cabd75bb7c1c98626b4461322947c3d15801a1155aa2ce5dde8c4311", @ANYRES64=r2, @ANYRES8=r0], 0x24}, 0x1, 0x0, 0x0, 0x64008014}, 0x400c8c1) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="10002cbd7000fddbdf251c"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) munmap$auto(0x0, 0xffffffff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x20004801}, 0x80a4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYRESHEX=r2, @ANYRESOCT=r2, @ANYBLOB="a6f49a6bed00bb0706c828e128ee6d94e9123ea07637b8dca971d37fa553c6daada123ae58341a4757d8d6", @ANYRES8=0x0, @ANYRES64=r0], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x40000000, 0xd}, 0x7}, 0x3, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/midi2\x00', 0x2, 0x0) futex_wake$auto(0x0, 0x5, 0x8, 0x8a) read$auto_proc_pid_maps_operations_internal(r1, &(0x7f0000000440)=""/135, 0x87) ppoll$auto(&(0x7f0000000140)={r3, 0x7, 0x4}, 0x7f, 0x0, 0x0, 0x8) setresuid$auto(0x2, 0x7, 0x0) io_uring_register$auto_IORING_REGISTER_RESTRICTIONS(r2, 0xb, &(0x7f0000000140)="786f5f882e3322835a16f5d0fbadb58a6a5fea30a7556c32ee5deea10b187527a39e82", 0x2) 1.972005942s ago: executing program 2 (id=269): mmap$auto(0x0, 0x400004, 0xdc, 0x9b72, 0x2, 0x8000) select$auto(0x9, 0x0, &(0x7f0000000080)={[0x209c, 0xfffffffffffffff7, 0x8, 0x8001, 0xffffe7fffffffffb, 0x100000005, 0x2c2, 0x800002017d, 0x5, 0x102000000000000, 0x1, 0xd59, 0xfb, 0xff, 0xffffffffffffffff, 0x8001]}, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_SMC_NETLINK_DISABLE_SEID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="013b"], 0x14}, 0x1, 0x0, 0x0, 0x880}, 0x810) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f00000001c0), r0) 1.479179075s ago: executing program 32 (id=218): mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) timer_settime$auto(0x1, 0x3, 0x0, 0x0) (async) timer_settime$auto(0x1, 0x3, 0x0, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) (async) r0 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) socket(0xa, 0x3, 0x8) (async) socket(0xa, 0x3, 0x8) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) ioctl$auto(r0, 0x400454ca, 0x38) fcntl$getown(r0, 0x9) (async) r1 = fcntl$getown(r0, 0x9) prctl$auto(0x79, 0x7, r1, 0x4d, 0x1) (async) prctl$auto(0x79, 0x7, r1, 0x4d, 0x1) getrlimit$auto(0x3, 0x0) ioctl$auto_TUNSETVNETLE2(r0, 0x400454dc, 0x0) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x3, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x0, 0xffffeffe, 0x2) openat$auto_bm_register_operations_binfmt_misc(0xffffffffffffff9c, 0x0, 0x181441, 0x0) socket(0xa, 0x1, 0x84) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x6) (async) socket(0x2, 0x1, 0x6) setsockopt$auto(0x3, 0x6, 0x20, 0x0, 0xfb3) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/ip_vs_conn_sync\x00', 0x101181, 0x0) setresuid$auto(0x0, 0xee00, 0xffffffffffffffff) write$auto(0x3, 0x0, 0xfdef) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) 1.443693636s ago: executing program 2 (id=271): socket(0xa, 0x2, 0x73) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x1b9, 0x3, 0x1b, 0xfffffffffffffffa, 0x80000008000) mmap$auto(0x0, 0x40006, 0xdf, 0x200009b72, 0x7, 0x20000) io_uring_setup$auto(0x6, 0x0) ustat$auto(0x801, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x2, 0x0) r0 = socket(0x2, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x26241, 0x20) socket(0x2, 0x1, 0x106) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) socket(0x2, 0x1, 0x106) mmap$auto(0x0, 0x7, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dsp\x00', 0x88d42, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f0000000380)="7a47301037954c081c9a0bb84bb7b04ef84993eab91abe1686f43e43d786e964e8f04455bd620de9f3fb6d65e6c078c1a672c549dbc7876cb528ba081a81d884bfc00dd4eef57cedc0cc4156ff6a5b0aa8ba9511fe2b07c6e7f4732fe36ba218aa5b0ff402f2e6adb8ea60886c1e52c60d7d87e4c0551386501763ad098eb2b9602f83b2a643") readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) listen$auto(0x3, 0x81) sendmsg$auto_NL80211_CMD_UPDATE_FT_IES(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x34, 0x0, 0x100, 0x70bd27, 0x25dfdbff, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0x55}, @NL80211_ATTR_WIPHY_ANTENNA_RX={0x8}, @NL80211_ATTR_BSS_SHORT_PREAMBLE={0x5, 0x1d, 0x7}, @NL80211_ATTR_WIPHY_FRAG_THRESHOLD={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x800}, 0x2008001) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) sendmsg$auto_BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f0000001ac0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x4000080) mmap$auto(0x0, 0xd, 0xdc, 0x9b72, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0xa, 0x6, 0x84) sysfs$auto(0x2, 0x23, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, 0x0, 0x20000, 0x0) 1.442122658s ago: executing program 1 (id=279): r0 = socket(0xa, 0x2, 0x0) close_range$auto(0x2, 0x8000, 0x0) socket(0x18, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000280), 0x101000, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r0) ioctl$auto_KVM_CREATE_VM(r1, 0x8004ae98, 0x0) unshare$auto(0x40000080) listen$auto(0x3, 0xfffffffe) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000001f80), 0xffffffffffffffff) sendmsg$auto_BATADV_CMD_GET_BLA_CLAIM(r3, &(0x7f0000002040)={0x0, 0x0, &(0x7f0000002000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r4, @ANYBLOB="7d3f2dbd70008000000000000001"], 0x14}, 0x1, 0x0, 0x0, 0x48018}, 0x400c880) r5 = socket(0x2a, 0xa, 0x74f) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) set_tid_address$auto(0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000080)) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) recvfrom$auto(0x4, 0x0, 0x101d0, 0x3ffffd, 0x0, 0x0) madvise$auto(0x0, 0x2003f2, 0x15) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) r6 = socket(0x2, 0x80002, 0x73) socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), r5) sendmsg$auto_NL80211_CMD_SET_PMKSA(r6, &(0x7f0000000d80)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000d40)={&(0x7f0000000680)=ANY=[@ANYBLOB="a8060000", @ANYRES16=r7, @ANYBLOB="01002cbd7000ffdbdf2534000000060065000100000008003500010400000800770006000000150024006925aed6ded7d2ccb05863ed6592957abf00000008005200", @ANYRES32=r3, @ANYBLOB="5a06910048f86ccbb96d2a4f1aced3fe441c85c041188116edfdbedca503f288f26f8be5065f7f7e5c6dfcbeb2a1fa53c19e04167d2c6786d359c7c10726cf21603244ebebba0fa202a288092f23e4b7e8acc09ed75ccb5c66df50aee23fa784ca63f546adf6bdd639e4c371f17b3d62e9c9aec56ca8ebbe471049ce653e3247d557d30549d32ad29018e19e6faebaa43f0d0380ab98d16c019c8adc1b792bb1c226a9eb5eeb5056e54cb7d1f5567d5a6c662b33a41e14cb00ffed2c7037c36c6734a04afb60e2673174079cf39cfaff0cef1e22df00b0aebbae3bb248b7c7567eb73e60e2c57f7f10c9166db1725e55f426f0e6ebcfaf6bbc2c0836a26a4b5dc91b2e4e7adb5957f9acb58654f6258cc5b19e675fd4907c8966ab26ce71ed0f402c4306ce0b38159275088bf7e400a2d5e160f9bade50583af1f0065cf9f0c5852b6c5fb2b9adddf59a74443aa8712ebcdf6634f82acedf12010d63f5ecfb1b41ba6b759f72665b0cefdc61bee58c285d89ddc59c3499e49f299451e23fe3b7803ec7e9d2c6ae41da6f3be959c5479f9dbc929c4d0e7ec89f2998e74998d97b1d462b45bbaf6ff45891e66153d5f6130f72c7bd0398084d9fe310920175fcb35eb47a68513676be2267c9a96e5f904e577f9e2453fb84f1bf772e97f89b5ba02fb9fb87d29e7ba18c3ffd90c259946b62f81938267298c7e07e1ef02628a4c3cff3ac898d4abfcb08a7f5860d80f41bc78ed014c7d77e0422d66abcd82113ac0e4eee9f290c911cd3b84701ca38847ac64ade8482f3f1d978fb36c8996e7013ad3e070fcf98b62224ea4954f3c18c864044ad65361193dff64c5ea858b5f4e28c6391ae2d64f5874c3c502832c9eb3f38c67bad8d20885459cacc8264b06e7e98e96ee3241cb3f5529be847f2dd93a45584544416394d829aa131431029e7a7d2e1a77e575db1806a2832c80a2e4fc228dde502a1860bd6d3a93fc9a1fa59c07604b974b3c06f41316355010e3ed8e67d0c7ae7103cf4bece6b362ee8a0a666a62a85e7f87ece1509a1159e46b3409bae333aa61fa40a7d3d171c190aee0a56920ce3782476c97d14984f1446a482102afb2750a8a115c0caf5d466bed0ed5c4f67d8cc74aa3eb07829725d58d3201f9c2c71cea0d9ba4cca0f6a8fb9928e033204abc149017301a28f68e83af7c364399d25f3df7f04724e2d21ebbe3f1e55a26e93274090688c8cacd3b39e7d41b9932acbf183bde07fedf7631e9a1fd82b6c7ccd49b8c6351ac96156c36764534360f9e229c27474ede742a14440e2a219d0c2e306fec317421c0fe66bec8157a3873815a0a8253cc482788c28b40649917c9352847507e217c6b00afdae2d23b74953ca55a94da50e6ac6b43841f1f6582444f54cadbf7ecf2d0a558ff42f3f432238c7d2f676466e3ea2885f371f2e5de1d978f5558e98630e23796fee00011ac859c9e6112cc46961242a50894257e0c4a56478861e5f3828949f42c54f1e44dcee8b2cc7f99bfe27a6c06bf9b3734fd997b3436d1c7b478bc89f2de84dfef1fb4c3dd133e2c9537fc17f8e10dfbb9358e527b23e9e4a0d1a44b32e6cb35ae5e472835bfebf948a62f668acd4b22a500882caf5fd14dab43835f92d571e9a9f754b004f3daa9fad16002aef32d77700826808b2c1789798d831979505cc69e25d7d271a1791a30d8f7bb73e21e163e30618e742049dad8901d3a1bff19f458258f840e0a4fd5c3be292326eae1cacbba0b837ee715d43f7a9530da615d5954bdd78880b85fb4219715e4e65b8dbd71224cab61e30a8f7b197716a938d87e2563bc6dc197c60646c0c4eed1a6a48c0781f81ce7da7806ef5ccb726398f6128d4ed3f8c75b57bdc2ea35ec287e26bb5c46e61d584aa960fa59f3d45071e394f2283133dd2e8779ab85ea8e1a91cf3a390fedec46248fc60ddebcfd5c63293efe58f7f36cf54545e1502eeaa71fe5a0faa4dbc3ef7053d6f0cb3d554c07ff5d1c67c79516bceb760a5c3a3c5b2c0e621cda3210c4a51b1ac423d7ee864e6f63cb19ea75be731c5ebe5c5fa1d55d424220b51f1a567ab7f1d2fb9632e56bc639bf70ed2096a00e41d9b8164f13bdecacab2fe2542f9a6da18269c38569ad301600db483e1f963e54b2a3a4b974d89b8ee660ec17e86cf9d3e5f2857ca3ae7107e5e4a3a6a5f446d6c7a2923991e99d7195ee98d4b51205e782a1d164c9b488eff0acce9d777ca4d8ed9bc81ef682a85ba4d19e38b3a35334b0a38f9eeb7b721aed8fd3634ccfaf0044e4727ffe2"], 0x6a8}, 0x1, 0x0, 0x0, 0x24048010}, 0x20004000) syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff) 1.061928237s ago: executing program 1 (id=272): mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r0, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f0000004300)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\v'], 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x810) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), r0) read$auto(r0, &(0x7f0000000000)='\x00', 0x91e2) socket(0x10, 0x2, 0x4) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000000)='/dev/usbmon7\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) openat$auto_dmaengine_summary_fops_(0xffffffffffffff9c, &(0x7f0000000080), 0x80100, 0x0) lseek$auto(0x3, 0x7fffffffffffffff, 0x1) 833.907654ms ago: executing program 2 (id=274): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) preadv2$auto(r0, &(0x7f0000000040)={0x0, 0x80000006}, 0x6, 0xffffffffffffffff, 0x28000006000000, 0x2f) 792.132824ms ago: executing program 1 (id=275): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) preadv2$auto(r0, &(0x7f0000000040)={0x0, 0x80000006}, 0x6, 0xffffffffffffffff, 0x28000000000600, 0x2f) 279.585715ms ago: executing program 2 (id=276): r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) r1 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) ioctl$auto_BLKZEROOUT(r2, 0x127f, 0x0) r3 = getsockopt$auto(r1, 0x1, 0x9, 0x0, &(0x7f0000000080)=0x84) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) r4 = socket(0x10, 0x2, 0x0) sendmsg$auto_ETHTOOL_MSG_RINGS_GET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000640)=ANY=[@ANYRESDEC=r4, @ANYRES64=r0, @ANYRES64=r4, @ANYBLOB="a531275e28de95f9aada9121f9b2e29f4c4e77bf80427cbbfd92aecfccba48246b88be4f679e6a5a9298a6ab371aa89b42a1871a3fd25531016cee1fdcb6d0869251991949ea18001075ba5f73ba3bf62aa2fab62ec2fa975ad97888afe5a2ebd4b78e955abdd71c01da3270bebe40509139b1b8769321a0ef51da3ff7fc244867c777", @ANYBLOB="08000100", @ANYRESHEX=r3, @ANYRES64=r2, @ANYRESHEX, @ANYRESOCT=r4, @ANYRES64=r0, @ANYRESHEX=0x0, @ANYRESDEC=r1, @ANYBLOB="08000300010000002448b377b505c86c3ccd66"], 0x68}, 0x1, 0x0, 0x0, 0x800}, 0x1) pread64$auto(0xffffffffffffffff, &(0x7f0000000000)='\xf0\xff\xff\xff3z?\xec\xd68\xd9\x12+\xd1=\xd2f\x1c\xae\x15\x1d;\xab\xefe\xec\xee\xd3\xad\xad\x8b\xf8G3\xdcd\x96\xcdV6Q\xb05o\xa4\xee\xa9\xa6\xd1\xc8{\t|\a\xd1\x82\xd4\xb4!\xc1v\xea\xb5\xc3\xc8w\x86\x1f!\xb3\xd1\xcd\xfc\xfa\r\x00\x8b]', 0x5, 0x9) sendmsg$auto_NL80211_CMD_DEL_INTERFACE(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="7c5a0010", @ANYRES16, @ANYBLOB="080026bd7000ffdbdf25080000004700a680de5f2bb1d6533e45e81d124a6d7e7cfdc7fb6e1a5829342ffd8e18194be946b180f56aabe96bea5dfe08000200", @ANYRES32, @ANYBLOB="b8d5496131e417b2c038a4c0dd43c6082f6500c201b2006a409074605225ed6a4ef99d9b5deb9c56c8e4a58a844f483c07f85f394093b441d82ca65340ff50e3313cd7337be6332143b77d999adf87eb9b75a0694d2693ffd50a8e8ac11fae4741afa4f7367840bbb1616dd37a868630262e38312246f02025ccac02a82194f26abc0e7b9eaa1341b00013452d885fc6ba9a2ec8f9e7d678a3379af0aa6f8575f87a69283d29b1051547ec7c8cd6c53586c9045beca3d09c065bac8af61d3af5423f617b969be8d96ddf82d98b2584a4012b10cf2de806c00db33226f185ec7c03c80a043cf581dfece8203632b50f5bff0007c032fbdc242eb66e2c437aec293871575013d33befff86b5c6f43122eca52fb41efa991f65cfaf9666231912460f4a3c96f8c52c9c8c434f5dfcacf048184f61ca350b49457a8ca3affd5e71c9069d12323ac1dda72071"], 0x27c}, 0x1, 0x0, 0x0, 0x20040881}, 0x40000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r5 = socket(0x1d, 0x2, 0x7) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r6}, 0x6a) sendto$auto(r5, 0x0, 0x6fffff9, 0xfffffff8, &(0x7f0000000440)=@can, 0x36) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) r7 = socket(0x1d, 0x2, 0x7) r8 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(r7, &(0x7f0000000000)=@can={0x1d, r9}, 0x6a) connect$auto(0x3, &(0x7f00000018c0)=@can={0x1d, r10}, 0x18) write$auto(0x3, 0x0, 0xffd8) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0xd, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10e6af91ae19f8f99fe3a63f42c62eefece7759b8d4969f71bc14c482e2e0e09047333c606d6095e8f1ef40ca1beb9f8a8c720328500000088539a0a58390c3ed76887e6116ed0cd8c36eafdb420164b17bedda387072cf2eefc0700d64fd0cd2dbf98799488bc28b96d32c5e41f730398c33123bee8ea47c8a0579d4c3990cc92b5c017fa5c7285fd15d5b4616894b3486fc9924afc0642e541e7fde33c7b3af74c0b9123957952729b9ac3fcce8cb6afba7d1acabb1a3914e16bcfce2672eb26d05935e32d8f3ea8795ca8482a0a4b0e7af62be97cb514f6b53cdf033a489ed504a50700d9ff467c711997d455f873f46ad8ed6bc4a63423ab56e46b9167f488149c3ebbfe8792e294590f0c85055cfd7ba95e13321490d51444ca1518e7cf61546ef25e29f1232b8a94060039dae8bc9a7c13f32da0bc0b529c34949f22c003742b0a85a9b0f185dd65ef603038f1ae840f4d48b802972053032049b1773e0987378bd7c66d2a2a2f5ee600956ff5a33a3efd9c53fd0e69c4da19a008d00288a4cb81f16abc9f846fd373f591"], 0x3c}, 0x1, 0x0, 0x0, 0x8001}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa511}, 0x5}, 0x7, 0x0) ioctl$auto_KVM_GET_MSR_FEATURE_INDEX_LIST(0xffffffffffffffff, 0xc004ae0a, 0x0) 0s ago: executing program 3 (id=277): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x14fa02, 0x0) mmap$auto(0x0, 0x810004, 0x2, 0x8000000008011, 0x3, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) r1 = socket(0xa, 0x3, 0x3a) close$auto(r1) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(r1, 0x8, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) r2 = open(0x0, 0x0, 0x408) getdents$auto(r2, 0x0, 0x400018) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) preadv2$auto(r0, &(0x7f0000000080)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x4, 0x2e) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000000c0), r2) r5 = semctl$auto_GETPID(0x401, 0x9, 0xb, 0x9) sendmsg$auto_NL802154_CMD_SET_CCA_ED_LEVEL(r3, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x64, r4, 0x400, 0x70bd2b, 0x25dfdbfb, {}, [@NL802154_ATTR_ACKREQ_DEFAULT={0x5, 0x1a, 0x81}, @NL802154_ATTR_CCA_ED_LEVEL={0x8, 0xe, 0x44}, @NL802154_ATTR_IFNAME={0x14, 0x4, 'rose0\x00'}, @NL802154_ATTR_ACKREQ_DEFAULT={0x5, 0x1a, 0x3}, @NL802154_ATTR_IFNAME={0x14, 0x4, 'macvlan1\x00'}, @NL802154_ATTR_MAX_BE={0x5, 0x10, 0x2}, @NL802154_ATTR_PID={0x8, 0x1c, r5}]}, 0x64}, 0x1, 0x0, 0x0, 0x4000800}, 0x8000000) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.56' (ED25519) to the list of known hosts. [ 72.374634][ T5611] cgroup: Unknown subsys name 'net' [ 72.508888][ T5611] cgroup: Unknown subsys name 'cpuset' [ 72.517354][ T5611] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 73.929842][ T5611] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 76.312890][ T5631] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 76.330937][ T5629] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 76.341678][ T5637] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 76.342126][ T5629] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 76.349697][ T5637] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 76.358465][ T5629] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 76.371847][ T5629] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 76.373742][ T5638] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 76.380877][ T5629] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 76.394286][ T5638] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 76.395344][ T5629] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 76.402156][ T5638] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 76.410347][ T5629] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 76.416545][ T5638] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 76.423294][ T5629] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 76.431286][ T5638] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 76.443491][ T50] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 76.446034][ T5638] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 76.472009][ T5627] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 76.496288][ T50] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 77.936852][ T5623] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.944046][ T5623] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.951282][ T5623] bridge_slave_0: entered allmulticast mode [ 77.958373][ T5623] bridge_slave_0: entered promiscuous mode [ 77.994311][ T5625] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.001470][ T5625] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.008824][ T5625] bridge_slave_0: entered allmulticast mode [ 78.015870][ T5625] bridge_slave_0: entered promiscuous mode [ 78.023822][ T5623] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.030992][ T5623] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.038385][ T5623] bridge_slave_1: entered allmulticast mode [ 78.045254][ T5623] bridge_slave_1: entered promiscuous mode [ 78.065383][ T5625] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.072610][ T5625] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.079771][ T5625] bridge_slave_1: entered allmulticast mode [ 78.086744][ T5625] bridge_slave_1: entered promiscuous mode [ 78.158932][ T5623] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.186461][ T5625] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.197749][ T5623] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.216948][ T5624] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.224102][ T5624] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.231351][ T5624] bridge_slave_0: entered allmulticast mode [ 78.238915][ T5624] bridge_slave_0: entered promiscuous mode [ 78.248659][ T5625] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.288176][ T5624] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.295352][ T5624] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.302761][ T5624] bridge_slave_1: entered allmulticast mode [ 78.309921][ T5624] bridge_slave_1: entered promiscuous mode [ 78.332570][ T5622] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.339759][ T5622] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.346993][ T5622] bridge_slave_0: entered allmulticast mode [ 78.354292][ T5622] bridge_slave_0: entered promiscuous mode [ 78.361961][ T5622] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.369828][ T5622] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.377074][ T5622] bridge_slave_1: entered allmulticast mode [ 78.383998][ T5622] bridge_slave_1: entered promiscuous mode [ 78.413337][ T5625] team0: Port device team_slave_0 added [ 78.421041][ T5623] team0: Port device team_slave_0 added [ 78.445801][ T5625] team0: Port device team_slave_1 added [ 78.453229][ T5623] team0: Port device team_slave_1 added [ 78.473949][ T5622] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.485609][ T5624] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.513697][ T5622] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.525548][ T5624] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.543587][ T5623] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.547054][ T4944] Bluetooth: hci3: command tx timeout [ 78.550903][ T50] Bluetooth: hci2: command tx timeout [ 78.556514][ T4944] Bluetooth: hci0: command tx timeout [ 78.562178][ T5631] Bluetooth: hci1: command tx timeout [ 78.568744][ T5623] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.600368][ T5623] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.636818][ T5625] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.643767][ T5625] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.669684][ T5625] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.681184][ T5623] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.688321][ T5623] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.714387][ T5623] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.752118][ T5625] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.759283][ T5625] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.785247][ T5625] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.808794][ T5622] team0: Port device team_slave_0 added [ 78.816423][ T5624] team0: Port device team_slave_0 added [ 78.825284][ T5624] team0: Port device team_slave_1 added [ 78.841597][ T5622] team0: Port device team_slave_1 added [ 78.909097][ T5624] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.916142][ T5624] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.942079][ T5624] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.963148][ T5622] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.970181][ T5622] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.996272][ T5622] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.013493][ T5623] hsr_slave_0: entered promiscuous mode [ 79.019993][ T5623] hsr_slave_1: entered promiscuous mode [ 79.027444][ T5624] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.034446][ T5624] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.060390][ T5624] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.077554][ T5625] hsr_slave_0: entered promiscuous mode [ 79.083721][ T5625] hsr_slave_1: entered promiscuous mode [ 79.089979][ T5625] debugfs: 'hsr0' already exists in 'hsr' [ 79.095846][ T5625] Cannot create hsr debugfs directory [ 79.101935][ T5622] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.109124][ T5622] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.135297][ T5622] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.224507][ T5624] hsr_slave_0: entered promiscuous mode [ 79.230732][ T5624] hsr_slave_1: entered promiscuous mode [ 79.236929][ T5624] debugfs: 'hsr0' already exists in 'hsr' [ 79.242654][ T5624] Cannot create hsr debugfs directory [ 79.277917][ T5622] hsr_slave_0: entered promiscuous mode [ 79.284287][ T5622] hsr_slave_1: entered promiscuous mode [ 79.290501][ T5622] debugfs: 'hsr0' already exists in 'hsr' [ 79.296267][ T5622] Cannot create hsr debugfs directory [ 79.722280][ T5623] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 79.740555][ T5623] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 79.749407][ T5623] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 79.759841][ T5623] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 79.769036][ T5623] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 79.780070][ T5623] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 79.787939][ T5623] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 79.799179][ T5623] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 79.866989][ T5625] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 79.879929][ T5625] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 79.891603][ T5625] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 79.901543][ T5625] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 79.909560][ T5625] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 79.919719][ T5625] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 79.927641][ T5625] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 79.937692][ T5625] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 80.021389][ T5624] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 80.030629][ T5624] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 80.040148][ T5624] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 80.050482][ T5624] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 80.059375][ T5624] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 80.070403][ T5624] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 80.080646][ T5624] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 80.089909][ T5624] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 80.197369][ T5622] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 80.207547][ T5622] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 80.221063][ T5622] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 80.231170][ T5622] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 80.247324][ T5622] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 80.257964][ T5622] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 80.272994][ T5622] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 80.282015][ T5622] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 80.346410][ T5625] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.363193][ T5623] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.422124][ T5625] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.433936][ T5623] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.452521][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.459887][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.469631][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.476788][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.505345][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.512445][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.522296][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.529424][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.543774][ T5624] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.610882][ T5624] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.626065][ T50] Bluetooth: hci2: command tx timeout [ 80.626090][ T5631] Bluetooth: hci1: command tx timeout [ 80.631688][ T50] Bluetooth: hci0: command tx timeout [ 80.637157][ T5627] Bluetooth: hci3: command tx timeout [ 80.672828][ T1011] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.679948][ T1011] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.704846][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.711962][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.739822][ T5622] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.822016][ T5622] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.853549][ T1011] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.860740][ T1011] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.891662][ T1011] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.898836][ T1011] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.822233][ T5625] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.862396][ T5623] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.967718][ T5624] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.035444][ T5622] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.083941][ T5623] veth0_vlan: entered promiscuous mode [ 82.121851][ T5625] veth0_vlan: entered promiscuous mode [ 82.150182][ T5623] veth1_vlan: entered promiscuous mode [ 82.178271][ T5625] veth1_vlan: entered promiscuous mode [ 82.234321][ T5624] veth0_vlan: entered promiscuous mode [ 82.261477][ T5624] veth1_vlan: entered promiscuous mode [ 82.277131][ T5622] veth0_vlan: entered promiscuous mode [ 82.283346][ T5623] veth0_macvtap: entered promiscuous mode [ 82.315419][ T5623] veth1_macvtap: entered promiscuous mode [ 82.332702][ T5625] veth0_macvtap: entered promiscuous mode [ 82.340386][ T5622] veth1_vlan: entered promiscuous mode [ 82.355424][ T5625] veth1_macvtap: entered promiscuous mode [ 82.383851][ T5623] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 82.407275][ T5623] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 82.430395][ T5624] veth0_macvtap: entered promiscuous mode [ 82.441646][ T5625] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 82.451444][ T3373] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.460916][ T3373] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.478093][ T5624] veth1_macvtap: entered promiscuous mode [ 82.487052][ T3373] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.496348][ T3373] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.510288][ T5622] veth0_macvtap: entered promiscuous mode [ 82.519103][ T5625] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 82.552480][ T5622] veth1_macvtap: entered promiscuous mode [ 82.560235][ T3373] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.569192][ T3373] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.587060][ T3373] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.596267][ T3373] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.621610][ T5624] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 82.667516][ T5624] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 82.700406][ T1011] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.709467][ T50] Bluetooth: hci0: command tx timeout [ 82.709519][ T1011] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.723639][ T50] Bluetooth: hci1: command tx timeout [ 82.723669][ T50] Bluetooth: hci3: command tx timeout [ 82.723695][ T50] Bluetooth: hci2: command tx timeout [ 82.750246][ T5622] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 82.776137][ T1011] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.804820][ T1011] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.818841][ T127] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.819695][ T5622] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 82.828327][ T127] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.873752][ T3373] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.882881][ T3373] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.909434][ T3373] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.911724][ T127] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.922089][ T3373] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.926739][ T127] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.993188][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.004430][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.068937][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.089276][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.134551][ T1123] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.152662][ T1123] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.182118][ T5623] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 83.228883][ T1123] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.240219][ T1123] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.281216][ T1123] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.292523][ T1123] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.381854][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.410754][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.488001][ T5781] process 'syz.0.1' launched './file0' with NULL argv: empty string added [ 83.826261][ T5791] netlink: 158 bytes leftover after parsing attributes in process `syz.0.5'. [ 83.864793][ T5791] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5'. [ 84.126885][ T5786] Zero length message leads to an empty skb [ 84.786512][ T4944] Bluetooth: hci2: command tx timeout [ 84.788138][ T50] Bluetooth: hci3: command tx timeout [ 84.792143][ T5631] Bluetooth: hci1: command tx timeout [ 84.797402][ T50] Bluetooth: hci0: command tx timeout [ 86.159058][ T5810] ima: policy update failed [ 86.211046][ T30] audit: type=1802 audit(1778697543.572:2): pid=5810 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.6" res=0 errno=0 [ 86.577705][ T5854] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 86.610211][ T5854] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 86.629414][ T5854] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 86.673075][ T5854] page_type: f5(slab) [ 86.696768][ T5854] raw: 00fff00000000040 ffff88801ce938c0 dead000000000100 dead000000000122 [ 86.722696][ T29] cfg80211: failed to load regulatory.db [ 86.771645][ T5854] raw: 0000000000000000 00000008000d000d 00000000f5000000 0000000000000000 [ 86.849939][ T5854] head: 00fff00000000040 ffff88801ce938c0 dead000000000100 dead000000000122 [ 86.899195][ T5854] head: 0000000000000000 00000008000d000d 00000000f5000000 0000000000000000 [ 86.970220][ T5854] head: 00fff00000000002 ffffffffffffff01 00000000ffffffff 00000000ffffffff [ 87.009072][ T5854] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 87.076461][ T5854] page dumped because: unmovable page [ 87.098909][ T5854] page_owner tracks the page as allocated [ 87.117385][ T50] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 87.131923][ T5854] page last allocated via order 2, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5006, tgid 5006 (udevadm), ts 29580300325, free_ts 22843375893 [ 87.173752][ T5854] post_alloc_hook+0x153/0x170 [ 87.186336][ T5854] get_page_from_freelist+0x11a6/0x33b0 [ 87.207168][ T5854] __alloc_frozen_pages_noprof+0x27c/0x2bc0 [ 87.233399][ T5854] new_slab+0xa6/0x6c0 [ 87.248402][ T5854] refill_objects+0x277/0x420 [ 87.263367][ T5854] __pcs_replace_empty_main+0x375/0x650 [ 87.286344][ T5854] kmem_cache_alloc_lru_noprof+0x485/0x6e0 [ 87.302419][ T5854] alloc_inode+0x183/0x250 [ 87.313858][ T5854] iget_locked+0x1d9/0x6d0 [ 87.330973][ T5854] kernfs_get_inode+0x46/0x470 [ 87.344021][ T5854] kernfs_iop_lookup+0x1a7/0x2d0 [ 87.358884][ T5854] __lookup_slow+0x251/0x460 [ 87.373770][ T5854] lookup_slow+0x50/0x70 [ 87.385809][ T5854] path_lookupat+0x5e8/0xc40 [ 87.397065][ T5854] filename_lookup+0x202/0x590 [ 87.406880][ T5854] do_readlinkat+0xd3/0x370 [ 87.419290][ T5854] page last free pid 1 tgid 1 stack trace: [ 87.445413][ T5854] __free_frozen_pages+0x747/0x1040 [ 87.452402][ T5854] free_contig_range+0xda/0x140 [ 87.473151][ T5854] destroy_args+0xa8/0x7a0 [ 87.478561][ T5854] debug_vm_pgtable+0x1d69/0x3490 [ 87.500766][ T5854] do_one_initcall+0x121/0x750 [ 87.516670][ T5854] kernel_init_freeable+0x6ea/0x7b0 [ 87.527790][ T5854] kernel_init+0x1f/0x1e0 [ 87.539552][ T5854] ret_from_fork+0x72b/0xd50 [ 87.545751][ T5854] ret_from_fork_asm+0x1a/0x30 [ 89.601129][ T5924] netlink: 350 bytes leftover after parsing attributes in process `syz.0.24'. [ 89.717500][ T5927] __vm_enough_memory: pid: 5927, comm: syz.2.25, bytes: 4398046457856 not enough memory for the allocation [ 89.766488][ T5927] netlink: 8 bytes leftover after parsing attributes in process `syz.2.25'. [ 90.760879][ T5952] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 90.798024][ T5934] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 90.827595][ T5934] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 90.839870][ T5954] netlink: 8 bytes leftover after parsing attributes in process `syz.2.32'. [ 90.888449][ T5934] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 90.928889][ T5934] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 90.955267][ T5934] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 91.003200][ T5934] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 91.050733][ T5934] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 91.077702][ T5934] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 91.111785][ T5934] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 91.155730][ T5934] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 91.177838][ T5934] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 91.224670][ T5934] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 91.305584][ T5954] random: crng reseeded on system resumption [ 91.691439][ T5967] FAULT_INJECTION: forcing a failure. [ 91.691439][ T5967] name failslab, interval 1, probability 0, space 0, times 0 [ 91.707495][ T5967] CPU: 0 UID: 0 PID: 5967 Comm: syz.3.34 Not tainted syzkaller #0 PREEMPT(full) [ 91.707535][ T5967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 91.707560][ T5967] Call Trace: [ 91.707570][ T5967] [ 91.707581][ T5967] dump_stack_lvl+0x100/0x190 [ 91.707623][ T5967] should_fail_ex.cold+0x5/0xa [ 91.707662][ T5967] should_failslab+0xc2/0x120 [ 91.707696][ T5967] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 91.707740][ T5967] ? __d_alloc+0x34/0xa40 [ 91.707784][ T5967] __d_alloc+0x34/0xa40 [ 91.707822][ T5967] d_alloc+0x4a/0x1e0 [ 91.707861][ T5967] lookup_one_qstr_excl+0x171/0x250 [ 91.707909][ T5967] start_dirop+0x59/0xb0 [ 91.707943][ T5967] simple_start_creating+0xf9/0x110 [ 91.707978][ T5967] ? __pfx_simple_start_creating+0x10/0x10 [ 91.708015][ T5967] ? mntput+0x70/0xa0 [ 91.708045][ T5967] ? simple_pin_fs+0xa3/0x190 [ 91.708077][ T5967] debugfs_start_creating.part.0+0x82/0x170 [ 91.708122][ T5967] debugfs_create_symlink+0x7f/0x220 [ 91.708168][ T5967] drm_debugfs_clients_add+0x199/0x210 [ 91.708212][ T5967] drm_file_alloc+0x5c6/0xb40 [ 91.708260][ T5967] drm_open_helper+0x1fc/0x540 [ 91.708316][ T5967] drm_open+0x1a0/0x3e0 [ 91.708358][ T5967] ? __pfx_drm_open+0x10/0x10 [ 91.708401][ T5967] drm_stub_open+0x20f/0x380 [ 91.708447][ T5967] ? __pfx_drm_stub_open+0x10/0x10 [ 91.708490][ T5967] chrdev_open+0x234/0x6a0 [ 91.708526][ T5967] ? __pfx_chrdev_open+0x10/0x10 [ 91.708564][ T5967] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 91.708610][ T5967] do_dentry_open+0x6d8/0x1660 [ 91.708643][ T5967] ? __pfx_chrdev_open+0x10/0x10 [ 91.708686][ T5967] vfs_open+0x82/0x3f0 [ 91.708731][ T5967] path_openat+0x208c/0x31a0 [ 91.708779][ T5967] ? __pfx_path_openat+0x10/0x10 [ 91.708829][ T5967] do_file_open+0x20e/0x430 [ 91.708868][ T5967] ? __pfx_do_file_open+0x10/0x10 [ 91.708931][ T5967] ? alloc_fd+0x476/0x790 [ 91.708969][ T5967] ? do_getname+0x191/0x390 [ 91.709014][ T5967] do_sys_openat2+0x10d/0x1e0 [ 91.709057][ T5967] ? __pfx_do_sys_openat2+0x10/0x10 [ 91.709103][ T5967] ? __fget_files+0x21f/0x3d0 [ 91.709144][ T5967] __x64_sys_openat+0x12d/0x210 [ 91.709188][ T5967] ? __pfx___x64_sys_openat+0x10/0x10 [ 91.709239][ T5967] ? rcu_is_watching+0x12/0xc0 [ 91.709276][ T5967] do_syscall_64+0x10b/0xf80 [ 91.709325][ T5967] ? clear_bhb_loop+0x40/0x90 [ 91.709361][ T5967] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.709390][ T5967] RIP: 0033:0x7f196bd9ce59 [ 91.709421][ T5967] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 91.709449][ T5967] RSP: 002b:00007f196cc5c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 91.709477][ T5967] RAX: ffffffffffffffda RBX: 00007f196c015fa0 RCX: 00007f196bd9ce59 [ 91.709494][ T5967] RDX: 0000000000028900 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 91.709510][ T5967] RBP: 00007f196be32d6f R08: 0000000000000000 R09: 0000000000000000 [ 91.709527][ T5967] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 91.709542][ T5967] R13: 00007f196c016038 R14: 00007f196c015fa0 R15: 00007fff44a1dc18 [ 91.709578][ T5967] [ 92.138143][ T5974] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 92.145799][ T50] Bluetooth: hci1: command 0x0c1a tx timeout [ 92.945776][ T4944] Bluetooth: hci0: command 0x0c1a tx timeout [ 93.106242][ T4944] Bluetooth: hci3: command 0x0c1a tx timeout [ 93.185899][ T4944] Bluetooth: hci2: command 0x0c1a tx timeout [ 93.299229][ T6006] FAULT_INJECTION: forcing a failure. [ 93.299229][ T6006] name failslab, interval 1, probability 0, space 0, times 0 [ 93.393500][ T6006] CPU: 1 UID: 0 PID: 6006 Comm: syz.3.41 Not tainted syzkaller #0 PREEMPT(full) [ 93.393539][ T6006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 93.393556][ T6006] Call Trace: [ 93.393565][ T6006] [ 93.393576][ T6006] dump_stack_lvl+0x100/0x190 [ 93.393612][ T6006] should_fail_ex.cold+0x5/0xa [ 93.393649][ T6006] should_failslab+0xc2/0x120 [ 93.393683][ T6006] __kmalloc_cache_noprof+0x7a/0x6f0 [ 93.393723][ T6006] ? snd_pcm_oss_change_params_locked+0x81c/0x39f0 [ 93.393768][ T6006] ? _snd_pcm_hw_param_min+0x1ea/0x670 [ 93.393813][ T6006] snd_pcm_oss_change_params_locked+0x81c/0x39f0 [ 93.393867][ T6006] ? snd_pcm_oss_sync+0x243/0x840 [ 93.393908][ T6006] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 93.393956][ T6006] ? __pfx___mutex_lock+0x10/0x10 [ 93.394014][ T6006] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 93.394057][ T6006] snd_pcm_oss_sync+0x265/0x840 [ 93.394102][ T6006] snd_pcm_oss_release+0x238/0x300 [ 93.394144][ T6006] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 93.394188][ T6006] __fput+0x3ff/0xb50 [ 93.394245][ T6006] task_work_run+0x150/0x240 [ 93.394276][ T6006] ? __pfx_task_work_run+0x10/0x10 [ 93.394312][ T6006] ? rcu_is_watching+0x12/0xc0 [ 93.394351][ T6006] exit_to_user_mode_loop+0x107/0x4f0 [ 93.394380][ T6006] ? rcu_is_watching+0x12/0xc0 [ 93.394418][ T6006] do_syscall_64+0x6f2/0xf80 [ 93.394457][ T6006] ? clear_bhb_loop+0x40/0x90 [ 93.394492][ T6006] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.394521][ T6006] RIP: 0033:0x7f196bd9ce59 [ 93.394545][ T6006] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 93.394571][ T6006] RSP: 002b:00007f196cc3b028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 93.394599][ T6006] RAX: 0000000000000000 RBX: 00007f196c016090 RCX: 00007f196bd9ce59 [ 93.394615][ T6006] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 93.394630][ T6006] RBP: 00007f196be32d6f R08: 0000000000000000 R09: 0000000000000000 [ 93.394645][ T6006] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 93.394659][ T6006] R13: 00007f196c016128 R14: 00007f196c016090 R15: 00007fff44a1dc18 [ 93.394693][ T6006] [ 94.142730][ T6040] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 94.227812][ T4944] Bluetooth: hci1: command 0x0c1a tx timeout [ 95.033160][ T4944] Bluetooth: hci0: command 0x0c1a tx timeout [ 95.156789][ T6073] netlink: 25 bytes leftover after parsing attributes in process `syz.0.51'. [ 95.186932][ T4944] Bluetooth: hci3: command 0x0c1a tx timeout [ 95.203661][ T6075] netlink: 8 bytes leftover after parsing attributes in process `syz.2.53'. [ 95.266601][ T4944] Bluetooth: hci2: command 0x0c1a tx timeout [ 95.500659][ T6087] WARNING! power/level is deprecated; use power/control instead [ 95.538299][ T6087] random: crng reseeded on system resumption [ 95.744651][ T6081] vhci_hcd vhci_hcd.0: ClearPortFeature: USB_PORT_FEAT_SUSPEND req not supported for USB 3.0 roothub [ 96.314647][ T4944] Bluetooth: hci1: command 0x0c1a tx timeout [ 97.105975][ T4944] Bluetooth: hci0: command 0x0c1a tx timeout [ 97.236766][ T4944] Bluetooth: hci3: unexpected event 0x3e length: 508 > 260 [ 97.236803][ T4944] Bluetooth: hci3: unexpected subevent 0x02 length: 507 > 260 [ 97.254053][ T4944] Bluetooth: hci3: Dropping invalid advertising data [ 97.262343][ T4944] Bluetooth: hci3: unknown advertising packet type: 0xe9 [ 97.262383][ T4944] Bluetooth: hci3: unknown advertising packet type: 0x8b [ 97.270848][ T4944] Bluetooth: hci3: unknown advertising packet type: 0xee [ 97.278544][ T4944] Bluetooth: hci3: command 0x0c1a tx timeout [ 97.346522][ T4944] Bluetooth: hci2: command 0x0c1a tx timeout [ 97.876788][ T6143] netlink: 8 bytes leftover after parsing attributes in process `syz.0.68'. [ 98.359783][ T6153] bond0: invalid ARP target specified [ 98.735877][ T6159] syz.1.71(6159): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 99.746960][ T6174] netlink: 24 bytes leftover after parsing attributes in process `syz.1.74'. [ 99.747028][ T6174] nbd: must specify at least one socket [ 100.343517][ T6188] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 100.501921][ T6202] netlink: 334 bytes leftover after parsing attributes in process `syz.3.78'. [ 100.537960][ T6186] random: crng reseeded on system resumption [ 100.604439][ T6186] FAULT_INJECTION: forcing a failure. [ 100.604439][ T6186] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 100.679346][ T6186] CPU: 0 UID: 0 PID: 6186 Comm: syz.2.77 Not tainted syzkaller #0 PREEMPT(full) [ 100.679381][ T6186] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 100.679398][ T6186] Call Trace: [ 100.679408][ T6186] [ 100.679418][ T6186] dump_stack_lvl+0x100/0x190 [ 100.679458][ T6186] should_fail_ex.cold+0x5/0xa [ 100.679488][ T6186] ? prepare_alloc_pages+0x16d/0x5f0 [ 100.679530][ T6186] should_fail_alloc_page+0xeb/0x140 [ 100.679567][ T6186] prepare_alloc_pages+0x1f0/0x5f0 [ 100.679609][ T6186] __alloc_frozen_pages_noprof+0x19a/0x2bc0 [ 100.679657][ T6186] ? __alloc_frozen_pages_noprof+0x2b1/0x2bc0 [ 100.679712][ T6186] ? stack_trace_save+0x8e/0xc0 [ 100.679749][ T6186] ? __pfx_stack_trace_save+0x10/0x10 [ 100.679786][ T6186] ? arch_stack_walk+0xa6/0xf0 [ 100.679822][ T6186] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 100.679869][ T6186] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 100.679920][ T6186] ? kasan_save_stack+0x30/0x50 [ 100.679945][ T6186] ? kasan_save_track+0x14/0x30 [ 100.679970][ T6186] ? __kasan_kmalloc+0xaa/0xb0 [ 100.680002][ T6186] ? memory_bm_create+0x14d/0xba0 [ 100.680044][ T6186] ? do_syscall_64+0x10b/0xf80 [ 100.680083][ T6186] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.680118][ T6186] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 100.680166][ T6186] ? policy_nodemask+0xed/0x4f0 [ 100.680203][ T6186] alloc_pages_mpol+0x1fb/0x540 [ 100.680237][ T6186] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 100.680272][ T6186] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 100.680311][ T6186] alloc_pages_noprof+0x1a/0x160 [ 100.680349][ T6186] get_zeroed_page_noprof+0x18/0xb0 [ 100.680382][ T6186] get_image_page+0x18/0x1a0 [ 100.680418][ T6186] alloc_rtree_node+0x3c/0xb0 [ 100.680455][ T6186] memory_bm_create+0x65e/0xba0 [ 100.680516][ T6186] create_basic_memory_bitmaps+0x10b/0x350 [ 100.680566][ T6186] snapshot_open+0x230/0x2a0 [ 100.680608][ T6186] ? __pfx_snapshot_open+0x10/0x10 [ 100.680655][ T6186] misc_open+0x26d/0x450 [ 100.680691][ T6186] ? __pfx_misc_open+0x10/0x10 [ 100.680725][ T6186] chrdev_open+0x234/0x6a0 [ 100.680759][ T6186] ? __pfx_apparmor_file_open+0x10/0x10 [ 100.680802][ T6186] ? __pfx_chrdev_open+0x10/0x10 [ 100.680838][ T6186] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 100.680879][ T6186] do_dentry_open+0x6d8/0x1660 [ 100.680911][ T6186] ? __pfx_chrdev_open+0x10/0x10 [ 100.680954][ T6186] vfs_open+0x82/0x3f0 [ 100.681011][ T6186] path_openat+0x208c/0x31a0 [ 100.681061][ T6186] ? __pfx_path_openat+0x10/0x10 [ 100.681112][ T6186] do_file_open+0x20e/0x430 [ 100.681159][ T6186] ? __pfx_do_file_open+0x10/0x10 [ 100.681223][ T6186] ? alloc_fd+0x476/0x790 [ 100.681262][ T6186] ? do_getname+0x191/0x390 [ 100.681307][ T6186] do_sys_openat2+0x10d/0x1e0 [ 100.681350][ T6186] ? __pfx_do_sys_openat2+0x10/0x10 [ 100.681396][ T6186] ? __pfx_restore_altstack+0x10/0x10 [ 100.681448][ T6186] __x64_sys_openat+0x12d/0x210 [ 100.681493][ T6186] ? __pfx___x64_sys_openat+0x10/0x10 [ 100.681535][ T6186] ? __do_sys_rt_sigreturn+0x1da/0x2c0 [ 100.681585][ T6186] ? rcu_is_watching+0x12/0xc0 [ 100.681625][ T6186] do_syscall_64+0x10b/0xf80 [ 100.681664][ T6186] ? clear_bhb_loop+0x40/0x90 [ 100.681699][ T6186] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.681728][ T6186] RIP: 0033:0x7f628ef9ce59 [ 100.681751][ T6186] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 100.681778][ T6186] RSP: 002b:00007f628fdba028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 100.681804][ T6186] RAX: ffffffffffffffda RBX: 00007f628f216090 RCX: 00007f628ef9ce59 [ 100.681823][ T6186] RDX: 0000000000008001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 100.681842][ T6186] RBP: 00007f628f032d6f R08: 0000000000000000 R09: 0000000000000000 [ 100.681860][ T6186] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 100.681876][ T6186] R13: 00007f628f216128 R14: 00007f628f216090 R15: 00007ffc45405928 [ 100.681915][ T6186] [ 102.196528][ T6227] ACPI: EC: Assuming SCI_EVT clearing on QR_EC writes [ 102.329664][ T6223] futex_wake_op: syz.1.85 tries to shift op by -2048; fix this program [ 102.363066][ T6223] 0x000000000001-0x000000020000 : "" [ 102.463848][ T6223] ftl_cs: FTL header corrupt! [ 102.549577][ T6229] vhci_hcd vhci_hcd.2: invalid port number 16 [ 102.614708][ T6229] vhci_hcd vhci_hcd.2: invalid port number 16 [ 105.310587][ T6293] warning: `syz.3.100' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 106.688296][ T6318] ima: policy update failed [ 106.699352][ T30] audit: type=1802 audit(1778697564.062:3): pid=6318 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.105" res=0 errno=0 [ 106.833540][ T6310] netlink: 306 bytes leftover after parsing attributes in process `syz.1.104'. [ 107.513055][ T6318] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 107.728859][ T6314] kexec: Could not allocate control_code_buffer [ 109.134095][ T6371] program syz.0.118 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 109.305877][ T6377] FAULT_INJECTION: forcing a failure. [ 109.305877][ T6377] name failslab, interval 1, probability 0, space 0, times 0 [ 109.356195][ T6377] CPU: 0 UID: 0 PID: 6377 Comm: syz.0.119 Not tainted syzkaller #0 PREEMPT(full) [ 109.356234][ T6377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 109.356251][ T6377] Call Trace: [ 109.356260][ T6377] [ 109.356271][ T6377] dump_stack_lvl+0x100/0x190 [ 109.356308][ T6377] should_fail_ex.cold+0x5/0xa [ 109.356344][ T6377] should_failslab+0xc2/0x120 [ 109.356378][ T6377] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 109.356422][ T6377] ? security_inode_alloc+0x3b/0x2c0 [ 109.356466][ T6377] ? lockdep_init_map_type+0x5c/0x250 [ 109.356502][ T6377] security_inode_alloc+0x3b/0x2c0 [ 109.356549][ T6377] inode_init_always_gfp+0xcc0/0x1000 [ 109.356590][ T6377] alloc_inode+0x8e/0x250 [ 109.356635][ T6377] new_inode+0x22/0x1c0 [ 109.356680][ T6377] shmem_get_inode+0x1e3/0xfb0 [ 109.356722][ T6377] ? __pfx_shmem_get_inode+0x10/0x10 [ 109.356770][ T6377] __shmem_file_setup+0x382/0x460 [ 109.356811][ T6377] ? __pfx___shmem_file_setup+0x10/0x10 [ 109.356854][ T6377] ? vm_area_alloc+0x1f/0x160 [ 109.356898][ T6377] shmem_zero_setup+0x96/0x1b0 [ 109.356930][ T6377] __mmap_region+0x24e9/0x2da0 [ 109.356980][ T6377] ? __pfx___mmap_region+0x10/0x10 [ 109.357030][ T6377] ? find_held_lock+0x2b/0x80 [ 109.357066][ T6377] ? process_measurement+0x4c8/0x2350 [ 109.357105][ T6377] ? process_measurement+0x4c8/0x2350 [ 109.357155][ T6377] ? __lock_acquire+0x4a5/0x2630 [ 109.357169][ T6377] ? do_raw_spin_unlock+0x145/0x1e0 [ 109.357194][ T6377] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 109.357226][ T6377] ? rcu_is_watching+0x12/0xc0 [ 109.357252][ T6377] ? rcu_is_watching+0x12/0xc0 [ 109.357268][ T6377] ? finish_task_switch.isra.0+0x2cb/0x1010 [ 109.357288][ T6377] ? lockdep_hardirqs_on+0x78/0x100 [ 109.357337][ T6377] mmap_region+0x35d/0x620 [ 109.357352][ T6377] ? rcu_is_watching+0x12/0xc0 [ 109.357371][ T6377] ? __pfx_mmap_region+0x10/0x10 [ 109.357387][ T6377] ? cap_mmap_addr+0x4b/0x120 [ 109.357407][ T6377] ? bpf_lsm_mmap_addr+0x9/0x30 [ 109.357421][ T6377] ? security_mmap_addr+0x71/0x1e0 [ 109.357440][ T6377] ? __get_unmapped_area+0x255/0x3e0 [ 109.357460][ T6377] do_mmap+0xc63/0x12f0 [ 109.357481][ T6377] ? __pfx_do_mmap+0x10/0x10 [ 109.357498][ T6377] ? __pfx_down_write_killable+0x10/0x10 [ 109.357516][ T6377] vm_mmap_pgoff+0x29e/0x470 [ 109.357542][ T6377] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 109.357576][ T6377] ? __pfx___schedule+0x10/0x10 [ 109.357596][ T6377] ? preempt_schedule_irq+0x7b/0x90 [ 109.357619][ T6377] ksys_mmap_pgoff+0xe4/0x610 [ 109.357638][ T6377] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 109.357660][ T6377] __x64_sys_mmap+0x125/0x190 [ 109.357679][ T6377] do_syscall_64+0x10b/0xf80 [ 109.357699][ T6377] ? clear_bhb_loop+0x40/0x90 [ 109.357716][ T6377] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.357731][ T6377] RIP: 0033:0x7ff2aad9ce59 [ 109.357745][ T6377] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 109.357758][ T6377] RSP: 002b:00007ff2a8ff6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 109.357773][ T6377] RAX: ffffffffffffffda RBX: 00007ff2ab015fa0 RCX: 00007ff2aad9ce59 [ 109.357783][ T6377] RDX: 0000000000000003 RSI: 0000000000000006 RDI: 0000000000000000 [ 109.357792][ T6377] RBP: 00007ff2aae32d6f R08: 0000000000000007 R09: 0000000000008000 [ 109.357800][ T6377] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 109.357809][ T6377] R13: 00007ff2ab016038 R14: 00007ff2ab015fa0 R15: 00007ffde8fc0928 [ 109.357829][ T6377] [ 110.803414][ T6403] FAULT_INJECTION: forcing a failure. [ 110.803414][ T6403] name failslab, interval 1, probability 0, space 0, times 0 [ 110.832733][ T6396] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 110.918663][ T6403] CPU: 1 UID: 0 PID: 6403 Comm: syz.0.127 Not tainted syzkaller #0 PREEMPT(full) [ 110.918699][ T6403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 110.918716][ T6403] Call Trace: [ 110.918726][ T6403] [ 110.918738][ T6403] dump_stack_lvl+0x100/0x190 [ 110.918778][ T6403] should_fail_ex.cold+0x5/0xa [ 110.918812][ T6403] ? __pfx_bonding_sysfs_store_option+0x10/0x10 [ 110.918850][ T6403] should_failslab+0xc2/0x120 [ 110.918883][ T6403] ? __pfx_bonding_sysfs_store_option+0x10/0x10 [ 110.918921][ T6403] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 110.918952][ T6403] ? bonding_sysfs_store_option+0x67/0x120 [ 110.918998][ T6403] ? __pfx_bonding_sysfs_store_option+0x10/0x10 [ 110.919036][ T6403] kstrndup+0x64/0x120 [ 110.919066][ T6403] bonding_sysfs_store_option+0x67/0x120 [ 110.919116][ T6403] dev_attr_store+0x58/0x80 [ 110.919153][ T6403] ? __pfx_dev_attr_store+0x10/0x10 [ 110.919190][ T6403] sysfs_kf_write+0xf2/0x150 [ 110.919223][ T6403] kernfs_fop_write_iter+0x3e0/0x5f0 [ 110.919263][ T6403] ? __pfx_sysfs_kf_write+0x10/0x10 [ 110.919309][ T6403] iter_file_splice_write+0x830/0x10a0 [ 110.919367][ T6403] ? __pfx_iter_file_splice_write+0x10/0x10 [ 110.919415][ T6403] ? __pfx_copy_splice_read+0x10/0x10 [ 110.919471][ T6403] ? __pfx_iter_file_splice_write+0x10/0x10 [ 110.919505][ T6403] direct_splice_actor+0x192/0x6c0 [ 110.919537][ T6403] splice_direct_to_actor+0x345/0xa30 [ 110.919576][ T6403] ? __pfx_direct_splice_actor+0x10/0x10 [ 110.919621][ T6403] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 110.919671][ T6403] do_splice_direct+0x174/0x240 [ 110.919710][ T6403] ? __pfx_do_splice_direct+0x10/0x10 [ 110.919750][ T6403] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 110.919791][ T6403] ? rw_verify_area+0xce/0x6d0 [ 110.919825][ T6403] do_sendfile+0xadc/0xe20 [ 110.919866][ T6403] ? __pfx_do_sendfile+0x10/0x10 [ 110.919896][ T6403] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 110.919942][ T6403] ? irqentry_exit+0x24d/0x7e0 [ 110.919998][ T6403] __x64_sys_sendfile64+0x1d8/0x220 [ 110.920042][ T6403] ? exit_to_user_mode_loop+0xe2/0x4f0 [ 110.920074][ T6403] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 110.920118][ T6403] ? exit_to_user_mode_loop+0xe2/0x4f0 [ 110.920149][ T6403] ? rcu_is_watching+0x12/0xc0 [ 110.920186][ T6403] do_syscall_64+0x10b/0xf80 [ 110.920226][ T6403] ? clear_bhb_loop+0x40/0x90 [ 110.920257][ T6403] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.920283][ T6403] RIP: 0033:0x7ff2aad9ce59 [ 110.920305][ T6403] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 110.920330][ T6403] RSP: 002b:00007ff2a8fd5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 110.920354][ T6403] RAX: ffffffffffffffda RBX: 00007ff2ab016090 RCX: 00007ff2aad9ce59 [ 110.920369][ T6403] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000007 [ 110.920385][ T6403] RBP: 00007ff2aae32d6f R08: 0000000000000000 R09: 0000000000000000 [ 110.920402][ T6403] R10: 0000000000000071 R11: 0000000000000246 R12: 0000000000000000 [ 110.920421][ T6403] R13: 00007ff2ab016128 R14: 00007ff2ab016090 R15: 00007ffde8fc0928 [ 110.920458][ T6403] [ 111.587511][ T6417] netlink: 8 bytes leftover after parsing attributes in process `syz.1.128'. [ 111.716608][ T6396] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.143615][ T6396] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.830740][ T6396] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.234903][ T6444] zswap: compressor 000 not available [ 115.304209][ T6481] netlink: 4 bytes leftover after parsing attributes in process `syz.3.142'. [ 115.314248][ T6481] netlink: 17 bytes leftover after parsing attributes in process `syz.3.142'. [ 116.227877][ T6489] netlink: 8 bytes leftover after parsing attributes in process `syz.2.145'. [ 116.436436][ T6509] netlink: 62 bytes leftover after parsing attributes in process `syz.1.148'. [ 117.493581][ T6537] netlink: 28 bytes leftover after parsing attributes in process `syz.0.156'. [ 117.593155][ T6529] sd 0:0:1:0: PR command failed: 1026 [ 117.644848][ T6529] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 117.729602][ T6529] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 118.324690][ T6547] FAULT_INJECTION: forcing a failure. [ 118.324690][ T6547] name failslab, interval 1, probability 0, space 0, times 0 [ 118.382975][ T6547] CPU: 0 UID: 0 PID: 6547 Comm: syz.2.157 Not tainted syzkaller #0 PREEMPT(full) [ 118.383013][ T6547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 118.383030][ T6547] Call Trace: [ 118.383039][ T6547] [ 118.383049][ T6547] dump_stack_lvl+0x100/0x190 [ 118.383086][ T6547] should_fail_ex.cold+0x5/0xa [ 118.383123][ T6547] should_failslab+0xc2/0x120 [ 118.383157][ T6547] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 118.383202][ T6547] ? shmem_alloc_inode+0x25/0x50 [ 118.383241][ T6547] ? __pfx_shmem_alloc_inode+0x10/0x10 [ 118.383279][ T6547] shmem_alloc_inode+0x25/0x50 [ 118.383312][ T6547] alloc_inode+0x68/0x250 [ 118.383355][ T6547] new_inode+0x22/0x1c0 [ 118.383395][ T6547] ? trace_kmem_cache_alloc+0xd5/0x100 [ 118.383433][ T6547] shmem_get_inode+0x1e3/0xfb0 [ 118.383488][ T6547] ? __pfx_shmem_get_inode+0x10/0x10 [ 118.383538][ T6547] __shmem_file_setup+0x382/0x460 [ 118.383580][ T6547] ? __pfx___shmem_file_setup+0x10/0x10 [ 118.383631][ T6547] ? vm_area_alloc+0x1f/0x160 [ 118.383677][ T6547] shmem_zero_setup+0x96/0x1b0 [ 118.383710][ T6547] __mmap_region+0x24e9/0x2da0 [ 118.383760][ T6547] ? __pfx___mmap_region+0x10/0x10 [ 118.383805][ T6547] ? __lock_acquire+0x4a5/0x2630 [ 118.383857][ T6547] ? __lock_acquire+0x4a5/0x2630 [ 118.383884][ T6547] ? do_raw_spin_unlock+0x145/0x1e0 [ 118.383918][ T6547] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 118.383977][ T6547] ? rcu_is_watching+0x12/0xc0 [ 118.384027][ T6547] ? rcu_is_watching+0x12/0xc0 [ 118.384061][ T6547] ? finish_task_switch.isra.0+0x2cb/0x1010 [ 118.384099][ T6547] ? lockdep_hardirqs_on+0x78/0x100 [ 118.384201][ T6547] mmap_region+0x35d/0x620 [ 118.384229][ T6547] ? rcu_is_watching+0x12/0xc0 [ 118.384263][ T6547] ? __pfx_mmap_region+0x10/0x10 [ 118.384295][ T6547] ? cap_mmap_addr+0x4b/0x120 [ 118.384337][ T6547] ? bpf_lsm_mmap_addr+0x9/0x30 [ 118.384364][ T6547] ? security_mmap_addr+0x71/0x1e0 [ 118.384397][ T6547] ? __get_unmapped_area+0x255/0x3e0 [ 118.384437][ T6547] do_mmap+0xc63/0x12f0 [ 118.384478][ T6547] ? __pfx_do_mmap+0x10/0x10 [ 118.384512][ T6547] ? __pfx_down_write_killable+0x10/0x10 [ 118.384548][ T6547] vm_mmap_pgoff+0x29e/0x470 [ 118.384591][ T6547] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 118.384636][ T6547] ? do_futex+0x192/0x350 [ 118.384669][ T6547] ? __pfx_do_futex+0x10/0x10 [ 118.384706][ T6547] ksys_mmap_pgoff+0xe4/0x610 [ 118.384741][ T6547] ? __x64_sys_futex+0x358/0x4d0 [ 118.384774][ T6547] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 118.384807][ T6547] ? xfd_validate_state+0x129/0x190 [ 118.384836][ T6547] ? ksys_write+0x1ac/0x250 [ 118.384874][ T6547] __x64_sys_mmap+0x125/0x190 [ 118.384909][ T6547] do_syscall_64+0x10b/0xf80 [ 118.384949][ T6547] ? clear_bhb_loop+0x40/0x90 [ 118.384984][ T6547] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.385013][ T6547] RIP: 0033:0x7f628ef9ce59 [ 118.385036][ T6547] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 118.385062][ T6547] RSP: 002b:00007f628fddb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 118.385088][ T6547] RAX: ffffffffffffffda RBX: 00007f628f215fa0 RCX: 00007f628ef9ce59 [ 118.385107][ T6547] RDX: 00004000000000df RSI: 0000000000020009 RDI: 0000000000000000 [ 118.385124][ T6547] RBP: 00007f628f032d6f R08: 0000000000000401 R09: 0000000000008000 [ 118.385142][ T6547] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 118.385159][ T6547] R13: 00007f628f216038 R14: 00007f628f215fa0 R15: 00007ffc45405928 [ 118.385196][ T6547] [ 118.728888][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805aab1c00: rx timeout, send abort [ 118.739272][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88805aab1c00: 0x40000: (3) A timeout occurred and this is the connection abort to close the session. [ 118.818942][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 119.439384][ T6558] ima: policy update failed [ 119.475001][ T30] audit: type=1802 audit(1778697576.832:4): pid=6558 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.161" res=0 errno=0 [ 119.645438][ T30] audit: type=1326 audit(1778697577.002:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6553 comm="syz.2.160" exe="/root/ci-qemu-gce-upstream-auto/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f628ef9ce59 code=0x0 [ 120.001135][ T6577] netlink: 'syz.0.165': attribute type 64 has an invalid length. [ 120.026693][ T6577] netlink: 74 bytes leftover after parsing attributes in process `syz.0.165'. [ 120.916595][ T6603] futex_wake_op: syz.2.170 tries to shift op by -2048; fix this program [ 121.033039][ T6603] 0x000000000001-0x000000020000 : "" [ 121.082204][ T6603] ftl_cs: FTL header corrupt! [ 121.561647][ T6621] netlink: 146 bytes leftover after parsing attributes in process `syz.1.173'. [ 122.782733][ T6644] netlink: 206 bytes leftover after parsing attributes in process `syz.1.178'. [ 123.734630][ T6659] kexec: Could not allocate control_code_buffer [ 124.053349][ T6674] netlink: 'syz.0.184': attribute type 12 has an invalid length. [ 125.149293][ T6667] kexec: Could not allocate control_code_buffer [ 125.430464][ T6696] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 125.462606][ T6702] could not allocate digest TFM handle [ 125.503624][ T6696] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 125.545112][ T6696] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 125.566114][ T6696] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 125.667276][ T6684] netlink: 12 bytes leftover after parsing attributes in process `syz.3.189'. [ 127.185902][ T4944] Bluetooth: hci1: command 0x0c1a tx timeout [ 127.314262][ T6752] ======================================================= [ 127.314262][ T6752] WARNING: The mand mount option has been deprecated and [ 127.314262][ T6752] and is ignored by this kernel. Remove the mand [ 127.314262][ T6752] option from the mount to silence this warning. [ 127.314262][ T6752] ======================================================= [ 127.506203][ T4944] Bluetooth: hci0: command 0x0c1a tx timeout [ 127.585730][ T4944] Bluetooth: hci2: command 0x0c1a tx timeout [ 127.591811][ T4944] Bluetooth: hci3: command 0x0c1a tx timeout [ 128.046686][ T6777] Kernel: The 'panic_print' parameter is now deprecated. Please use 'panic_sys_info' and 'panic_console_replay' instead. [ 128.103957][ T6780] netlink: 206 bytes leftover after parsing attributes in process `syz.1.207'. [ 129.254611][ T6810] netlink: 12 bytes leftover after parsing attributes in process `syz.0.212'. [ 129.954063][ T6817] syz.0.213 uses obsolete (PF_INET,SOCK_PACKET) [ 130.556485][ T6837] udc dummy_udc.0: soft-connect without a gadget driver [ 130.995552][ T6843] mmap: syz.0.218 (6843) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 131.260101][ T6851] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 131.278098][ T6851] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 131.297276][ T6851] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 131.317219][ T6851] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 132.791574][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.799961][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.266033][ T4944] Bluetooth: hci1: command 0x0c1a tx timeout [ 133.345738][ T4944] Bluetooth: hci2: command 0x0c1a tx timeout [ 133.351818][ T50] Bluetooth: hci3: command 0x0c1a tx timeout [ 133.351867][ T5631] Bluetooth: hci0: command 0x0c1a tx timeout [ 133.500500][ T6922] random: crng reseeded on system resumption [ 134.440913][ T6944] syz.3.238 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 137.160336][ T5631] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 137.208220][ T6971] ovs_: entered promiscuous mode [ 138.699548][ T7009] netlink: 158 bytes leftover after parsing attributes in process `syz.1.250'. [ 138.720651][ T7009] netlink: 8 bytes leftover after parsing attributes in process `syz.1.250'. [ 138.812810][ T6995] FAULT_INJECTION: forcing a failure. [ 138.812810][ T6995] name failslab, interval 1, probability 0, space 0, times 0 [ 138.855565][ T30] audit: type=1800 audit(1778697596.202:6): pid=7017 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.251" name="discovery_nqn" dev="configfs" ino=13972 res=0 errno=0 [ 138.961226][ T6995] CPU: 1 UID: 0 PID: 6995 Comm: syz.3.248 Tainted: G L syzkaller #0 PREEMPT(full) [ 138.961273][ T6995] Tainted: [L]=SOFTLOCKUP [ 138.961283][ T6995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 138.961308][ T6995] Call Trace: [ 138.961317][ T6995] [ 138.961328][ T6995] dump_stack_lvl+0x100/0x190 [ 138.961380][ T6995] should_fail_ex.cold+0x5/0xa [ 138.961417][ T6995] should_failslab+0xc2/0x120 [ 138.961451][ T6995] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 138.961496][ T6995] ? alloc_empty_file+0x5b/0x1c0 [ 138.961544][ T6995] alloc_empty_file+0x5b/0x1c0 [ 138.961591][ T6995] alloc_file_pseudo+0x13a/0x230 [ 138.961636][ T6995] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 138.961677][ T6995] ? alloc_fd+0x476/0x790 [ 138.961713][ T6995] ? do_raw_spin_unlock+0x145/0x1e0 [ 138.961751][ T6995] __anon_inode_getfile+0xe8/0x280 [ 138.961796][ T6995] anon_inode_getfile_fmode+0x37/0xa0 [ 138.961838][ T6995] __do_sys_fanotify_init+0xab8/0xe80 [ 138.961877][ T6995] do_syscall_64+0x10b/0xf80 [ 138.961917][ T6995] ? clear_bhb_loop+0x40/0x90 [ 138.961953][ T6995] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 138.961983][ T6995] RIP: 0033:0x7f196bd9ce59 [ 138.962011][ T6995] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 138.962043][ T6995] RSP: 002b:00007f196cc5c028 EFLAGS: 00000246 ORIG_RAX: 000000000000012c [ 138.962070][ T6995] RAX: ffffffffffffffda RBX: 00007f196c015fa0 RCX: 00007f196bd9ce59 [ 138.962090][ T6995] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000065 [ 138.962107][ T6995] RBP: 00007f196be32d6f R08: 0000000000000000 R09: 0000000000000000 [ 138.962125][ T6995] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 138.962142][ T6995] R13: 00007f196c016038 R14: 00007f196c015fa0 R15: 00007fff44a1dc18 [ 138.962193][ T6995] [ 139.195652][ T5631] Bluetooth: hci1: command 0x0c1a tx timeout [ 139.744344][ T7033] netlink: 28 bytes leftover after parsing attributes in process `syz.1.254'. [ 139.749741][ T7030] netlink: 206 bytes leftover after parsing attributes in process `syz.2.253'. [ 141.266014][ T4944] Bluetooth: hci1: command 0x0c1a tx timeout [ 141.542097][ T7047] netlink: 12 bytes leftover after parsing attributes in process `syz.2.255'. [ 142.095878][ T7071] netlink: 28 bytes leftover after parsing attributes in process `syz.2.259'. [ 142.141388][ T7071] team0: Port device team_slave_1 removed [ 142.336696][ T7074] NFSD: Failed to start, no listeners configured. [ 142.370227][ T7078] netlink: 158 bytes leftover after parsing attributes in process `syz.3.261'. [ 142.456986][ T7078] netlink: 8 bytes leftover after parsing attributes in process `syz.3.261'. [ 143.857633][ T7091] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 143.878734][ T7091] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 143.915725][ T7091] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 143.942395][ T7091] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 144.780737][ T7098] netlink: 12 bytes leftover after parsing attributes in process `syz.1.273'. [ 145.282512][ T7117] FAULT_INJECTION: forcing a failure. [ 145.282512][ T7117] name failslab, interval 1, probability 0, space 0, times 0 [ 145.306061][ T7117] CPU: 1 UID: 0 PID: 7117 Comm: syz.1.268 Tainted: G L syzkaller #0 PREEMPT(full) [ 145.306105][ T7117] Tainted: [L]=SOFTLOCKUP [ 145.306116][ T7117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 145.306132][ T7117] Call Trace: [ 145.306141][ T7117] [ 145.306150][ T7117] dump_stack_lvl+0x100/0x190 [ 145.306187][ T7117] should_fail_ex.cold+0x5/0xa [ 145.306225][ T7117] should_failslab+0xc2/0x120 [ 145.306258][ T7117] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 145.306304][ T7117] ? shmem_alloc_inode+0x25/0x50 [ 145.306344][ T7117] ? __pfx_shmem_alloc_inode+0x10/0x10 [ 145.306381][ T7117] shmem_alloc_inode+0x25/0x50 [ 145.306415][ T7117] alloc_inode+0x68/0x250 [ 145.306456][ T7117] new_inode+0x22/0x1c0 [ 145.306495][ T7117] ? trace_kmem_cache_alloc+0xd5/0x100 [ 145.306534][ T7117] shmem_get_inode+0x1e3/0xfb0 [ 145.306576][ T7117] ? __pfx_shmem_get_inode+0x10/0x10 [ 145.306625][ T7117] __shmem_file_setup+0x382/0x460 [ 145.306666][ T7117] ? __pfx___shmem_file_setup+0x10/0x10 [ 145.306710][ T7117] ? vm_area_alloc+0x1f/0x160 [ 145.306755][ T7117] shmem_zero_setup+0x96/0x1b0 [ 145.306788][ T7117] __mmap_region+0x24e9/0x2da0 [ 145.306838][ T7117] ? __pfx___mmap_region+0x10/0x10 [ 145.306884][ T7117] ? __lock_acquire+0x4a5/0x2630 [ 145.306924][ T7117] ? __lock_acquire+0x4a5/0x2630 [ 145.306970][ T7117] ? __lock_acquire+0x4a5/0x2630 [ 145.306999][ T7117] ? do_raw_spin_unlock+0x145/0x1e0 [ 145.307032][ T7117] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 145.307092][ T7117] ? rcu_is_watching+0x12/0xc0 [ 145.307144][ T7117] ? rcu_is_watching+0x12/0xc0 [ 145.307182][ T7117] ? finish_task_switch.isra.0+0x2cb/0x1010 [ 145.307220][ T7117] ? lockdep_hardirqs_on+0x78/0x100 [ 145.307322][ T7117] mmap_region+0x35d/0x620 [ 145.307351][ T7117] ? rcu_is_watching+0x12/0xc0 [ 145.307385][ T7117] ? __pfx_mmap_region+0x10/0x10 [ 145.307417][ T7117] ? cap_mmap_addr+0x4b/0x120 [ 145.307458][ T7117] ? bpf_lsm_mmap_addr+0x9/0x30 [ 145.307486][ T7117] ? security_mmap_addr+0x71/0x1e0 [ 145.307519][ T7117] ? __get_unmapped_area+0x255/0x3e0 [ 145.307560][ T7117] do_mmap+0xc63/0x12f0 [ 145.307601][ T7117] ? __pfx_do_mmap+0x10/0x10 [ 145.307636][ T7117] ? __pfx_down_write_killable+0x10/0x10 [ 145.307674][ T7117] vm_mmap_pgoff+0x29e/0x470 [ 145.307717][ T7117] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 145.307756][ T7117] ? do_futex+0x192/0x350 [ 145.307787][ T7117] ? __pfx_do_futex+0x10/0x10 [ 145.307825][ T7117] ksys_mmap_pgoff+0xe4/0x610 [ 145.307859][ T7117] ? __x64_sys_futex+0x358/0x4d0 [ 145.307891][ T7117] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 145.307932][ T7117] ? xfd_validate_state+0x129/0x190 [ 145.307961][ T7117] ? ksys_write+0x1ac/0x250 [ 145.307997][ T7117] __x64_sys_mmap+0x125/0x190 [ 145.308025][ T7117] do_syscall_64+0x10b/0xf80 [ 145.308046][ T7117] ? clear_bhb_loop+0x40/0x90 [ 145.308064][ T7117] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 145.308080][ T7117] RIP: 0033:0x7fa678d9ce59 [ 145.308092][ T7117] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 145.308106][ T7117] RSP: 002b:00007fa679c72028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 145.308120][ T7117] RAX: ffffffffffffffda RBX: 00007fa679015fa0 RCX: 00007fa678d9ce59 [ 145.308130][ T7117] RDX: 00004000000000df RSI: 0000000000020009 RDI: 0000000000000000 [ 145.308139][ T7117] RBP: 00007fa678e32d6f R08: 0000000000000401 R09: 0000000000008000 [ 145.308149][ T7117] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 145.308157][ T7117] R13: 00007fa679016038 R14: 00007fa679015fa0 R15: 00007ffc90212608 [ 145.308177][ T7117] [ 145.729252][ T5631] Bluetooth: hci1: command 0x0c1a tx timeout [ 145.906089][ T5631] Bluetooth: hci0: command 0x0c1a tx timeout [ 145.985760][ T5631] Bluetooth: hci2: command 0x0c1a tx timeout [ 145.991855][ T4944] Bluetooth: hci3: command 0x0c1a tx timeout [ 146.086519][ T4944] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 146.101188][ T4944] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 146.113938][ T4944] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 146.133190][ T4944] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 146.142760][ T4944] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 148.232086][ T4944] Bluetooth: hci4: command tx timeout [ 148.425788][ C0] vcan0: j1939_tp_rxtimer: 0xffff8880357e6000: rx timeout, send abort [ 148.456976][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff8880357e6000: 0x40000: (3) A timeout occurred and this is the connection abort to close the session. [ 148.752046][ T6842] ------------[ cut here ]------------ [ 148.757814][ T6842] ODEBUG: free active (active state 0) object: ffff888071b19438 object type: timer_list hint: hci_devcd_timeout+0x0/0x2e0 [ 148.771645][ T6842] WARNING: lib/debugobjects.c:629 at debug_print_object+0x18e/0x2a0, CPU#1: syz.0.218/6842 [ 148.782294][ T6842] Modules linked in: [ 148.788488][ T6842] CPU: 1 UID: 0 PID: 6842 Comm: syz.0.218 Tainted: G L syzkaller #0 PREEMPT(full) [ 148.799756][ T6842] Tainted: [L]=SOFTLOCKUP [ 148.805184][ T6842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 148.815370][ T6842] RIP: 0010:debug_print_object+0x19b/0x2a0 [ 148.821232][ T6842] Code: b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 4f 48 8d 3d 52 a9 e2 0b 41 56 48 8b 14 dd c0 39 1c 8c 4c 89 e6 <67> 48 0f b9 3a 58 83 05 ac 25 d8 0b 01 48 83 c4 18 5b 5d 41 5c 41 [ 148.840886][ T6842] RSP: 0018:ffffc90007b076f8 EFLAGS: 00010246 [ 148.847178][ T6842] RAX: dffffc0000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 148.855142][ T6842] RDX: ffffffff8c1c3900 RSI: ffffffff8c1c3520 RDI: ffffffff90e29360 [ 148.863212][ T6842] RBP: 0000000000000001 R08: ffff888071b19438 R09: ffffffff8bb2b700 [ 148.871212][ T6842] R10: 0000000000000001 R11: 0000000000000000 R12: ffffffff8c1c3520 [ 148.880079][ T6842] R13: ffffffff8bb2b740 R14: ffffffff8a92bd10 R15: ffffc90007b077f8 [ 148.888470][ T6842] FS: 0000000000000000(0000) GS:ffff888124477000(0000) knlGS:0000000000000000 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 148.897439][ T6842] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 148.904033][ T6842] CR2: 00007f196cc3bd58 CR3: 00000000356be000 CR4: 00000000003526f0 [ 148.912036][ T6842] Call Trace: [ 148.915327][ T6842] [ 148.918318][ T6842] ? __pfx_hci_devcd_timeout+0x10/0x10 [ 148.923799][ T6842] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 148.929668][ T6842] debug_check_no_obj_freed+0x4da/0x630 [ 148.935223][ T6842] ? __pfx_debug_check_no_obj_freed+0x10/0x10 [ 148.941306][ T6842] ? __page_table_check_zero+0x333/0x410 [ 148.947084][ T6842] ? __page_table_check_zero+0x333/0x410 [ 148.952751][ T6842] ? __page_table_check_zero+0x338/0x410 [ 148.958418][ T6842] __free_frozen_pages+0x3f5/0x1040 [ 148.963618][ T6842] hci_release_dev+0x4ef/0x630 [ 148.968407][ T6842] ? __pfx_hci_release_dev+0x10/0x10 [ 148.973686][ T6842] ? device_release+0x97/0x270 [ 148.978960][ T6842] ? rcu_is_watching+0x12/0xc0 [ 148.983722][ T6842] ? device_release+0x97/0x270 [ 148.988840][ T6842] bt_host_release+0x6a/0xb0 [ 148.993433][ T6842] ? __pfx_bt_host_release+0x10/0x10 [ 148.998735][ T6842] device_release+0xd2/0x270 [ 149.003332][ T6842] kobject_put+0x1f7/0x640 [ 149.007767][ T6842] put_device+0x1f/0x30 [ 149.011944][ T6842] vhci_release+0x185/0x230 [ 149.016463][ T6842] ? __pfx_vhci_release+0x10/0x10 [ 149.021480][ T6842] __fput+0x3ff/0xb50 [ 149.025469][ T6842] task_work_run+0x150/0x240 [ 149.030266][ T6842] ? __pfx_task_work_run+0x10/0x10 [ 149.035400][ T6842] do_exit+0x8d2/0x2a60 [ 149.039580][ T6842] ? __pfx___might_resched+0x10/0x10 [ 149.044865][ T6842] ? rcu_is_watching+0x12/0xc0 [ 149.049649][ T6842] ? __pfx_do_exit+0x10/0x10 [ 149.054243][ T6842] ? do_raw_spin_lock+0x128/0x260 [ 149.059275][ T6842] ? find_held_lock+0x2b/0x80 [ 149.063946][ T6842] ? get_signal+0x7e0/0x21e0 [ 149.068555][ T6842] do_group_exit+0xd5/0x2a0 [ 149.073047][ T6842] get_signal+0x1ec7/0x21e0 [ 149.078177][ T6842] ? __pfx_get_signal+0x10/0x10 [ 149.083026][ T6842] ? kernel_move_pages+0xcfd/0x13f0 [ 149.088544][ T6842] ? do_futex+0x192/0x350 [ 149.092868][ T6842] arch_do_signal_or_restart+0x91/0x7a0 [ 149.098444][ T6842] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 149.104605][ T6842] ? rcu_is_watching+0x12/0xc0 [ 149.109400][ T6842] exit_to_user_mode_loop+0x8b/0x4f0 [ 149.114673][ T6842] ? rcu_is_watching+0x12/0xc0 [ 149.119451][ T6842] do_syscall_64+0x6f2/0xf80 [ 149.124038][ T6842] ? clear_bhb_loop+0x40/0x90 [ 149.128729][ T6842] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 149.134611][ T6842] RIP: 0033:0x7ff2aad9ce59 [ 149.139045][ T6842] Code: Unable to access opcode bytes at 0x7ff2aad9ce2f. [ 149.146067][ T6842] RSP: 002b:00007ff2a8ff6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000117 [ 149.154464][ T6842] RAX: fffffffffffffff2 RBX: 00007ff2ab015fa0 RCX: 00007ff2aad9ce59 [ 149.162441][ T6842] RDX: 0000000000000000 RSI: 0002000000000003 RDI: 0000000000000001 [ 149.170437][ T6842] RBP: 00007ff2aae32d6f R08: 0000000000000000 R09: 8000400000000000 [ 149.178416][ T6842] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 149.186871][ T6842] R13: 00007ff2ab016038 R14: 00007ff2ab015fa0 R15: 00007ffde8fc0928 [ 149.194859][ T6842] [ 149.198214][ T6842] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 149.205489][ T6842] CPU: 1 UID: 0 PID: 6842 Comm: syz.0.218 Tainted: G L syzkaller #0 PREEMPT(full) [ 149.216238][ T6842] Tainted: [L]=SOFTLOCKUP [ 149.220544][ T6842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 149.230585][ T6842] Call Trace: [ 149.233852][ T6842] [ 149.236770][ T6842] dump_stack_lvl+0x100/0x190 [ 149.241439][ T6842] vpanic+0x552/0x970 [ 149.245410][ T6842] ? __pfx_vpanic+0x10/0x10 [ 149.249904][ T6842] panic+0xd1/0xe0 [ 149.253612][ T6842] ? __pfx_panic+0x10/0x10 [ 149.258027][ T6842] ? check_panic_on_warn+0x1f/0x90 [ 149.263131][ T6842] check_panic_on_warn.cold+0x19/0x34 [ 149.268491][ T6842] ? debug_print_object+0x18e/0x2a0 [ 149.273681][ T6842] __warn.cold+0x191/0x328 [ 149.278083][ T6842] __report_bug+0x296/0x3d0 [ 149.282587][ T6842] ? debug_print_object+0x18e/0x2a0 [ 149.287817][ T6842] ? __pfx___report_bug+0x10/0x10 [ 149.292840][ T6842] ? __lock_acquire+0x4a5/0x2630 [ 149.297760][ T6842] ? unwind_next_frame+0x3c8/0x2090 [ 149.302951][ T6842] report_bug_entry+0xe1/0x290 [ 149.307710][ T6842] ? debug_print_object+0x19b/0x2a0 [ 149.312902][ T6842] handle_bug+0x1cd/0x2a0 [ 149.317221][ T6842] exc_invalid_op+0x17/0x50 [ 149.321712][ T6842] asm_exc_invalid_op+0x1a/0x20 [ 149.326549][ T6842] RIP: 0010:debug_print_object+0x19b/0x2a0 [ 149.332344][ T6842] Code: b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 4f 48 8d 3d 52 a9 e2 0b 41 56 48 8b 14 dd c0 39 1c 8c 4c 89 e6 <67> 48 0f b9 3a 58 83 05 ac 25 d8 0b 01 48 83 c4 18 5b 5d 41 5c 41 [ 149.351939][ T6842] RSP: 0018:ffffc90007b076f8 EFLAGS: 00010246 [ 149.357992][ T6842] RAX: dffffc0000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 149.365953][ T6842] RDX: ffffffff8c1c3900 RSI: ffffffff8c1c3520 RDI: ffffffff90e29360 [ 149.373928][ T6842] RBP: 0000000000000001 R08: ffff888071b19438 R09: ffffffff8bb2b700 [ 149.381887][ T6842] R10: 0000000000000001 R11: 0000000000000000 R12: ffffffff8c1c3520 [ 149.389849][ T6842] R13: ffffffff8bb2b740 R14: ffffffff8a92bd10 R15: ffffc90007b077f8 [ 149.397820][ T6842] ? __pfx_hci_devcd_timeout+0x10/0x10 [ 149.403281][ T6842] ? __pfx_hci_devcd_timeout+0x10/0x10 [ 149.408734][ T6842] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 149.414566][ T6842] debug_check_no_obj_freed+0x4da/0x630 [ 149.420114][ T6842] ? __pfx_debug_check_no_obj_freed+0x10/0x10 [ 149.426175][ T6842] ? __page_table_check_zero+0x333/0x410 [ 149.431797][ T6842] ? __page_table_check_zero+0x333/0x410 [ 149.437420][ T6842] ? __page_table_check_zero+0x338/0x410 [ 149.443041][ T6842] __free_frozen_pages+0x3f5/0x1040 [ 149.448237][ T6842] hci_release_dev+0x4ef/0x630 [ 149.452989][ T6842] ? __pfx_hci_release_dev+0x10/0x10 [ 149.458262][ T6842] ? device_release+0x97/0x270 [ 149.463044][ T6842] ? rcu_is_watching+0x12/0xc0 [ 149.467797][ T6842] ? device_release+0x97/0x270 [ 149.472554][ T6842] bt_host_release+0x6a/0xb0 [ 149.477136][ T6842] ? __pfx_bt_host_release+0x10/0x10 [ 149.482411][ T6842] device_release+0xd2/0x270 [ 149.486999][ T6842] kobject_put+0x1f7/0x640 [ 149.491429][ T6842] put_device+0x1f/0x30 [ 149.495578][ T6842] vhci_release+0x185/0x230 [ 149.500086][ T6842] ? __pfx_vhci_release+0x10/0x10 [ 149.505100][ T6842] __fput+0x3ff/0xb50 [ 149.509078][ T6842] task_work_run+0x150/0x240 [ 149.513656][ T6842] ? __pfx_task_work_run+0x10/0x10 [ 149.518756][ T6842] do_exit+0x8d2/0x2a60 [ 149.522907][ T6842] ? __pfx___might_resched+0x10/0x10 [ 149.528178][ T6842] ? rcu_is_watching+0x12/0xc0 [ 149.532933][ T6842] ? __pfx_do_exit+0x10/0x10 [ 149.537520][ T6842] ? do_raw_spin_lock+0x128/0x260 [ 149.542536][ T6842] ? find_held_lock+0x2b/0x80 [ 149.547200][ T6842] ? get_signal+0x7e0/0x21e0 [ 149.551784][ T6842] do_group_exit+0xd5/0x2a0 [ 149.556275][ T6842] get_signal+0x1ec7/0x21e0 [ 149.560780][ T6842] ? __pfx_get_signal+0x10/0x10 [ 149.565624][ T6842] ? kernel_move_pages+0xcfd/0x13f0 [ 149.570825][ T6842] ? do_futex+0x192/0x350 [ 149.575144][ T6842] arch_do_signal_or_restart+0x91/0x7a0 [ 149.580686][ T6842] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 149.586838][ T6842] ? rcu_is_watching+0x12/0xc0 [ 149.591597][ T6842] exit_to_user_mode_loop+0x8b/0x4f0 [ 149.596878][ T6842] ? rcu_is_watching+0x12/0xc0 [ 149.601631][ T6842] do_syscall_64+0x6f2/0xf80 [ 149.606212][ T6842] ? clear_bhb_loop+0x40/0x90 [ 149.610881][ T6842] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 149.616760][ T6842] RIP: 0033:0x7ff2aad9ce59 [ 149.621162][ T6842] Code: Unable to access opcode bytes at 0x7ff2aad9ce2f. [ 149.628156][ T6842] RSP: 002b:00007ff2a8ff6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000117 [ 149.636553][ T6842] RAX: fffffffffffffff2 RBX: 00007ff2ab015fa0 RCX: 00007ff2aad9ce59 [ 149.644507][ T6842] RDX: 0000000000000000 RSI: 0002000000000003 RDI: 0000000000000001 [ 149.652461][ T6842] RBP: 00007ff2aae32d6f R08: 0000000000000000 R09: 8000400000000000 [ 149.660415][ T6842] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 149.668368][ T6842] R13: 00007ff2ab016038 R14: 00007ff2ab015fa0 R15: 00007ffde8fc0928 [ 149.676341][ T6842] [ 149.679885][ T6842] Kernel Offset: disabled [ 149.684218][ T6842] Rebooting in 86400 seconds..