last executing test programs: 7.314753168s ago: executing program 3 (id=185): mmap$auto(0xfffffffffffffffd, 0x4, 0x1, 0xeb2, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0x2003f0, 0x15) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio1\x00', 0x20b42, 0x0) mmap$auto(0x0, 0x9, 0x3, 0xeb3, 0xfffefffffffffffa, 0x8000) r0 = open(0x0, 0x5db443, 0x180) r1 = fcntl$auto(r0, 0x5, 0x40003f) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/module/batman_adv/parameters/routing_algo\x00', 0x8182, 0x0) write$auto(r2, 0x0, 0x9) mmap$auto(0x0, 0xe983, 0x7, 0xeb1, r2, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), r0) sendmsg$auto_NL80211_CMD_CRIT_PROTOCOL_START(r1, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="000bb300", @ANYRES16=r3, @ANYBLOB="020027bd7000fddbdf2562000000c300ac004a44510a86bbdda78a994e4df024fea53c8c02078a8921abe72f7f46b3ff57f7c63ea767eeb1caa0ba9c5f72fa5fe7adf48e14548fcafe8cc735fddd97c6e7d74adaaa17a4f25df9d24c5b26aa510310789c0de1764f7557e29146544e8a99f932236cba4235dd9fc33f5418f4e5e0c52191d5918592ed94f4c3cfab1060535a0806cf75a6872f2d9cef7b5557e9e88076a02b770125a61533eddb7e9d1658bf74074a15970790c0a067527fedd878a0e1ca5735b623e0aedfd9c933947240000e009d00811d57c8e0e53ccf34af00000500a30000000000050019000e00000008009e0002000000"], 0x100}, 0x1, 0x0, 0x0, 0xc800}, 0x44) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x69e200, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x80900, 0x0) openat$auto_ftrace_system_enable_fops_trace_events(0xffffffffffffff9c, 0x0, 0xdcf01, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r4 = io_uring_setup$auto(0x6, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r4, 0x0, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram13\x00', 0x10d440, 0x0) mmap$auto(0x0, 0x20007, 0x80000000000000df, 0x10004000eb1, 0x8, 0x8000) preadv2$auto(0x3, &(0x7f0000001000)={0x0, 0x80000000}, 0x5, 0xffffffffffffffff, 0x7, 0x2e) write$auto(0x3, 0x0, 0x100082) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) migrate_pages$auto(0x0, 0x8, 0x0, &(0x7f00000001c0)=0x7b) r5 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/adsp1\x00', 0x103002, 0x0) ioctl$auto_SNDCTL_DSP_CHANNELS(r5, 0xc0045006, &(0x7f0000000400)="392dbb18ab19fe5b971c37e0752babf4cd2b87e7db9e0a1831553c2246b43bb29e0cb2b49ba9534321a3253e5b39d360b68a3167adcee6c72b6c2e8b438a29006eb0c1") readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) 7.017248944s ago: executing program 1 (id=187): openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r0 = socket(0x10, 0x2, 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'xfrm0\x00'}) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400c7"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) getsockopt$auto_SO_TIMESTAMPNS_NEW(r0, 0x2, 0x40, &(0x7f0000000040)='*@&*-#]!.)\x00', &(0x7f0000000080)=0x8) write$auto(r0, &(0x7f0000000000)='-\x00', 0x2fb) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'veth0\x00'}) close_range$auto(0x0, 0xffffffffffffffff, 0x2) socket(0xa, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) r2 = socket(0x18, 0x5, 0x1) connect$auto(r2, &(0x7f0000000000)=@in={0x2, 0x100}, 0x3a) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) 6.678982987s ago: executing program 2 (id=189): r0 = openat$auto_stat_fops_(0xffffffffffffff9c, &(0x7f0000000300), 0x200000, 0x0) mmap$auto(0x9, 0x19088d91, 0xc00000076, 0x8b76, r0, 0x9) io_uring_setup$auto(0x86, 0x0) prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0x6) socket(0x28, 0x4, 0xffffffc0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1, 0x100000007, 0x800000000000000d, 0x8fd6, 0x19488, 0x3, 0x8, 0x7f, 0x2, 0xffffffffffffffff, 0xdfe, 0x8, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) write$auto(0xffffffffffffffff, &(0x7f00000001c0)='\b\x1c\xc7\x00\x80\x00\x00\x00\x00\x00\x00\x00', 0x81) r2 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(0x3, 0x114, 0xa, 0x0, 0x4) r3 = mq_open$auto(&(0x7f00000005c0)='\x12\xe6D\b\x9e\x00\x80\x8d\f\xb9w-\xbd!\x9e\xff\xff\xff\xff\xe5\x9dZ\xc2\xd1\x01wBV\x91\x80\x84%Y\x8f_\xc0.\x84\xfe\x84\xd1se\x01\x06\x00\xb3\x13_Y&\xa9\x88\xe4\xa2\xb0V\x85\x92<\xb6\xdcT \\\xf2\v\xb1\xe2\xd8\xfa\xd8V\xe5\x00\xfa\xe9!\xc5<\xce\x18=\x06\xdagq\xb5\r\t\xb2\xde\x99\xd50\xf9\x86\x9a\x0e\xc3~\xa5\xbd\xa3i\x1b\xde\x98\xbb\x192m4\x86\xc0\xc1-\xd5S?m\xbc\x97\x11\xe9\x84\x10\xc3\xfcj[8\x89h\xc5\xba\xff\xc8u5\xfb\xd3:z`\xff\xdc\x1e\x01\x00\x00\x00\x00\x00\x00\x00\x966Z\xc32\x83u\xa6\xc8d4\xd7\xc8H\xaa\vz\xf3}\xf663=su\b\xbd\xc3', 0x60, 0x1, 0x0) mq_timedsend$auto(r3, 0x0, 0x80, 0x9, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/bond0/queues/tx-9/xps_rxqs\x00', 0x1a1842, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000002100), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) r8 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_START_NAN(r6, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000002c0)={0x1c, r8, 0x623f20d942d860e9, 0x70bd26, 0x25dfdbfc, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r7}]}, 0x1c}}, 0x40) sendmsg$auto_NL80211_CMD_LEAVE_OCB(r2, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x24, r8, 0x8, 0x70bd27, 0x25dfdbfe, {}, [@NL80211_ATTR_ADMITTED_TIME={0x6, 0xd4, 0xffff}, @NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0x3}]}, 0x24}, 0x1, 0x0, 0x0, 0x44}, 0x1) sendmsg$auto_NBD_CMD_DISCONNECT(r4, &(0x7f0000002240)={0x0, 0x0, &(0x7f0000002200)={&(0x7f0000000000)={0x1c, r5, 0x1, 0x70bd28, 0x25dfdbfc, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x8470}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20044800}, 0x4000) unshare$auto(0x40000080) r9 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r9, &(0x7f0000000e00)="51426572911c17e9dd66bf94ea32689283bb895dbc0a97721ed6e250c974356905898b7d48acecddf280cf6dd4ba18c1aa3928071c6585025ceab0e2f34f37ddec138ea587fc4def825608b0ab2a6ecac42062bd3c58ba606307b7471b20a40ffa168b91dde4727571c4ec94bfbde1df90ccb265ffda374c98ffb1ee22069af38a3f200532dbbe5e98f4455170e9a137517b9b7b8840359940ab00f37125c2bec0ac36606b6c69edb35967d723fb81a15faea2bd280d1581ad1ef597bb4dc09f6a5d53aaff1877b77c4e425761dc09d34498c1fce72c0ba1041a99b8748a37597b9567cda1de2cbf6962798e5ee11bf7cb2c70a9502f33c43b8e5dc54de743a2e24cb94c22d669b434888a7ce4cb16cd77b324258e07af32adc0cb38f8c622085783f6804edc3913fb9e98c55713fa0bf8101ad0f6f43407ce4be0001d1bb201bec283ade79ab23484c1076e703864629ac9a6031533dc956f705f89f0e0ef7d3109e46859d1f2ad1b8cb3cfcedf868a3be101e8b9acd75e39e6a27a541aa9fe86ad3119b7049c3fad2a901222eb948cabb4b5c3e5ba6ffc02a15bf7d550b00ab0f3dd3002924f7bd0701269ae293c4cb231b9127d1f6b38dd6fbb3429905384eed7eed9330a9c5e732bdd510169d9ca3e420ea2102be3770a0ab598c037b8f01e8910cf8b0942aafb156ac90724cf552df158a7f59c26e62f3fcf32d860c2259cb1b3118a773ff3cfbaf9c5b068dade5cd7778f1ea98700629b62534735fef3071c30afa6ea26f7e651ec140936c07d9e90f1c9faef3e05376b1e121af6a6691616c10e19fd4f16b1858b44d99e597908cda0e8fa8c21d8b700987d7723a4b5a4ff3c371f2d1cb9fb2f054abc58727239ba67a173f1431083fedc7c4304488c13c75e4995a58ac9de085377356ddc5338aeb44e7f3d06f82a5e0c846159c881a0395a3dbf32a9f2530a520721431a752b13b01a89bdf2b38387b72e8a533936623ec396f6ef94ddfcca047bf20a6fe450a03dedb36a57355e2519ff579b5c63095f48407ece8a7c6c4f5b2582616f0a6bba059810c0a28355fb08dceec9e290026452c3135f8ad93f9617f22e590122d43f6fdc1ea0f9ec12c551b5127108443bb081f7a89660034ea4f3c4305108428cc91918dbb28c2a117f09609e40903b13055e92a727afa767b1f97df335ee729686c0113e4cc18aa50f4ad82b1d403cc6c11ac3bf63415560417d7d488df01b69c925ca3fce60ca7ac767fd11df61caf62f3ab67dad043faf1cc334903e0f419c2e97553ecaad5814bf097192e76e9a16bc5c9be932718aba32cd7dbcc6bc634a463c6f709cc81963b39442e710c14c7e107b0aeb7b6a0e3f3757860d10dd741863277c43ce4dcec49f4558959b08f59182baf4f250aa045fee383ceaec280817bf222dfbeeca8c1ec8473176326c1ffd49ea072b5f3c73f36865b6052a1595c1bb76cfe37f976848fbcb408381ddeff9c318a2e6bbfe6c18ef16531fec3c47874a5391238c0d6b0e033db3fce94127cc9c98a4211e5d873f7b4810846d96be2d6cac532fce0ddee737e4d1ddb65b8b2449984a897e4090449ed4fb4006fb9d133e51396d4664a3f0c395c5b24781f8389979ccb565c6461b66db7134d15cff5ae8f935a5bcb23caace2edd2b37a726575e3cb0528de05edd9f03e30feb617767b6a557280a0a288b52af44a1607b6063867e5c9d8d56c44968fd509b5983fa06e6b1eefb2f8cee0c1cb49b8b569cf13b77adbc22ce972cd718167ac571ee41a446d13931f849d5636c729996b36ec84171fde260a4e01e9770cf687591a79833ae6473c51e12c0faab96ef093e6178d485526dbf775c94324c76bd4af2652e9036b1cc0d3df05c9232ee6eef7c4f46a6cf8ad160ad087aba6928bf156bf3ade1d135a965c4a2b283485737da67fe99227f2fbfb3baa74d75fe29122adfd82fcb9325b7ea826a52559654e76d494a374d9535facfcd4ab248e388c516bb8a0dc151b1557e418fd7c625c67ab1c50d6f05b97ba15c55631aeea44b21131aa93ead176f7bfd1418856e28782f004f272738827a64bb695f6b6a08cff8d1917be52a8851bd2bfd57d08bb0660e2ffc23792a419c2e9b006e3b0ad05044d99b97391fd2cceb86cf26acebe089a861340b04fd01e1baa70583032a30ea2e605217b80f7ee16d7e28be43d12bb2b67937dd26a8aeb84fef2f2d52f75232a400e7b279dcfc01953b0c46203477a50b5853e8f7b14b2ba31db742504bca6ed95b18846706c9fd85bf2a3a2642029b9ff2828bf0f7cbd96109a237961be8fe5c62f0fcc04c994f123f4a22f048403eac9308cfd2f2e4350c72e9ef83416ce973d3aa90d281a0275886dd3858b5869784ae58e257aa5af6d373dcc9cf520e364be748833adbb10daa6f6a334b51d27529d86ea5ce874562f9f93da45d244224b936fced3b658abbe7aa1f0d502fffce823f528ab47ea3540722f144733666229ae08cfc7e61247742ea4e3c180938ae7c7b81c1ee975c831f79672e044cefc49894c2ab73bba2580ac476cc0e56b6748b8edbb37a3f8dda7ffad4ec07abce7c4d10fc32e40d5a9db37f7b1e3a6eabedbefa9dd8eef189b92363d3391d384af26b7d47958d3d82845c9b668da5bcbd64058dc9e1c6d903ab5d2aa049d197116a11309a1abe9e5b3f9e7f1c623242b1d8089bc369d145a7070e8a9bdf543dbffe899ff9366009a3b0424a634681b530dad9ef23f136a10c7287068e57f3c2de45adf0a105c328e0035b97168f4c17aa4610b2e6e1a6ba0b71c06417b7a9497be4a009b19d7162adfd4d7b6490faf3782a920281333ad09b848ab5f4d15534b8c4e43dc9604b0630f8d349b2c80a98fde04693c31cbed7d460edfc0138dcc5d3974e682bbd555ac19625bf6e0607d8803391ec9c2dc41fc4e8bceae4f53507137324dd02914a067d52a577b812ddac4a34765c26a98839b3edb6290abff0c75991d6f8c1bd7540f38a7f25fec2f3539f894c938e1f3cf0ff1e6994d6a6ecc457a482f045ba712a85e8e31afd49c8e3480dc1c36d56ab2eceac6e5a847455d8ef4e3d45cd463c421bd1bce2ca57dd88f0e7ab3446cdfa8cb3914c240936f1738af7009e9131b240b59af55d7e38307b91fc8f00410cfdcfacaa341607a801afa63640091eb00b860700ea882878a8d9838f5597b970366be7d167ddebfe3c9253b5dbf7f30a67ee4d87dccb3c723c20200aa5fc036caf12811b19ce49c81ce328d7b24587353ecb99bafd327e33303cf447b36800d1bed8ee10df527d55c0d5f7506fb11cb1338074113579e665c6f3cffde5a8ee98a7bf3f8157986cf7c1c5dbdedaacbe3946b3d8809dec7387f006c062b93b6b481a806e5544ddeea7218fcc15c25a88164bfd0735e6290167cb2dbf4b4a317ba00b1fc27d203a6cff71ef8fe97a97d8e07af2ce1d0a0a2aa9ede7dd0572325075c83c2ecf866aa01654eff55ebe4e489e72152e6a3090e2348732704eb02997ffd23a63faabfbbbd1fb124cab606faed24a393058cea1c1286001ee5c0c1fa26b6a81ebdd4718a94cebdb45bfe812c771df398d3305da03d37ced9d0242b6da212dc9f5c14d7ff999bee20f6621792d1442e449eba8589a823e5e99c65fdffbaefe89e2e32406ec4cf574e335e2d288e4cdad56f4b1b57c364ed3e28809e480d6f410c7ebf43bd2a605d6a8c9facae6b7f8f2c56f792ae21fc0cc5dd9beae0cab3547ebb5467183c2f01bc315bd7bd191088886752dc5108093bdbc91348743440130f33d3dfa9c25490245e5fa904f8660e82253c826b7bea4e9a7a1c627e10c56d71878a644bd176016f29cf5398be14cc0fdec45c65e2b967aedb75212eed1eb05a44da62190009d1c08163b74813b82c27f1e6cd681a4b5150f967444b7bc930da68603fd706e96ba8663b2e50ef0a9b04e321a8a337b08fea7288a3fef5062c7e4c17ad3d490870d39c10b78a74eab25c993527e313a4f59d86de55aa9a8a63f734c2db556692fe993b0cd08e0ab5434c9ec02d5127354f55e6b5d5a7b61685d02edae21ece71d203abf7408211229a9ebbfdeffa2c0f38db274066d0706d80398c172e6daf4a0dce62c2287cbf0d30cfa313d7baf4e5caa18f594f0ab0d854f3cef76ff83e96fa49d0e0f8a47193b51a0a45aee2e1d9a5b372b8ee828f645a06979ec351d798480c7824e846028c02f58b5641acbae1e2079abd86182a662bb1642c9346d7fba628fb012da293acef33b8b76a8885c2e5d685348b6148c5b44409f58d8d5f29344fe8a2e4c2432ae622bb1912ea65d5574bff895025bd72cd780d59cbaa0886afd5d6676d2de6266903115525c075cc3f75ce9eba3787a890e1f758f0e502c4c9c0538dc942cf4e2d69742edeeddb66b1d459fcf6f744b2c40111104ab21fd4e99b4477e25cc5a9af59108c8b2f569d4ba227c754f294fdc1e6b383fd89861a203f4d4ee33814aeb21ee411a0d6918533aa2450b1e35c97ab6f01f3829c8a4c33fe0fbc81dd579bbdb44eda4f335d2bc512ca7f38f603c29033c94df2c9533f4422432f574a021e90a0fe3a4cf54", 0xcb6) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/ubifs/parameters/default_version\x00', 0x8a041, 0x0) 5.545283641s ago: executing program 1 (id=192): r0 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x60201, 0x0) mmap$auto(0xff, 0x20009, 0x4000000000e0, 0xeb1, r0, 0x40000008000) r1 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r1, 0x0, 0x7, 0x8) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = prctl$auto(0x3f, 0x3, 0x0, 0x6, 0x2) select$auto(0x7, 0x0, 0x0, &(0x7f0000000080)={[0x9, 0x7, 0xd, 0xfffffffffffffffd, 0x948b, 0x8, 0x15f4da0a, 0x3, 0xffffffff80000001, 0x62, 0x40000080000001, 0x7, 0xfffffffffffffff9, 0x8000000009, 0x2, 0x40]}, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r4 = getpid() process_vm_readv$auto(r4, &(0x7f0000000000)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={&(0x7f0000000140), 0x40000000001243}, 0xa, 0x0) ioctl$auto(0x3, 0x400454ca, 0x38) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff) sendmsg$auto_NBD_CMD_CONNECT(r5, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000003240)={0x24, r6, 0x1, 0x70bd2b, 0x25dfdbfd, {}, [@NBD_ATTR_SOCKETS={0x4, 0x7, 0x0, 0x1, [@generic]}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x51}]}, 0x24}, 0x1, 0x100000000000000, 0x2000000, 0x4}, 0x8c0) close_range$auto(0x2, r2, 0x0) r7 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/018/001\x00', 0x802, 0x0) ioctl$auto_USBDEVFS_CONTROL(r7, 0xc0185500, &(0x7f0000000240)={0x23, 0x3, 0x14, 0x10, 0x8, 0x7fb, &(0x7f00000002c0)}) fsopen$auto(0x0, 0x1) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x80502, 0x0) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_BLKIOMIN(r3, 0x1278, 0x0) r8 = socket(0x28, 0x5, 0x0) connect$auto(r8, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x2710, @hyper=0x1000000}, 0x56) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff) r9 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r9, &(0x7f0000000040)='nbd\x00', 0x4) mlockall$auto(0x3) ioctl$auto(0x3, 0xae41, 0xffffffffffffffff) 5.265894146s ago: executing program 0 (id=193): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ram15\x00', 0x1, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) read$auto(r0, 0x0, 0x1f40) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) pwrite64$auto(0xc8, 0x0, 0x4e, 0x1) read$auto_force_wakeup_fops_hci_vhci(0xffffffffffffffff, 0x0, 0x0) mmap$auto(0x8000000000000000, 0x400008, 0xdf, 0x9b72, r0, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mremap$auto(0x0, 0x7, 0x3fd6, 0x3, 0x20000000) r2 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0xb8, 0x100000000, 0x5, 0x1b, 0x93c, 0x1ffdc, 0x7, 0x2000000000000006, 0x2, 0x9, 0x5, 0x2, 0x8001, 0xae, 0x9, 0x922, 0x7, 0x5, 0x5, 0x3, 0xfffffffe, 0x0, 0x200, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000, 0x0, 0x8000000000000000, 0x1, 0x10]}, 0x1fe, 0x81) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d1e66611858431292aa7661c6f48179607a4efdb9504ca8b8f2950c9cf869fd708b1f49c447fee3296791adcf69"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xdc5e}, 0x800}, 0x7, 0x4008) r3 = accept$auto(0xffffffffffffffff, 0x0, 0x0) pread64$auto(0xffffffffffffffff, 0x0, 0x3, 0x5) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r3, 0x0, 0x4000000) mmap$auto(0x0, 0xc, 0xdf, 0xeb1, 0xffffffffffffffff, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x149443, 0x0) mount$auto(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='nfs4\x00', 0x200, &(0x7f00000001c0)) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, 0x0, 0x303002, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) writev$auto(0x1, &(0x7f0000000100)={0x0, 0x400000000000fdef}, 0x1) close_range$auto(0x2, 0xa, 0x0) fanotify_init$auto(0x65, 0x2) splice$auto(0x4, 0x0, 0xffffffffffffffff, 0x0, 0x80000001, 0x9) 4.791003954s ago: executing program 3 (id=194): r0 = landlock_create_ruleset$auto(0x0, 0x0, 0x2) memfd_secret$auto(0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = socket(0x11, 0x3, 0x9) close_range$auto(0x2, r1, 0x0) r2 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r2, 0x107, 0x14, 0x0, 0x4) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) sendmmsg$auto(r1, &(0x7f0000000400)={{&(0x7f0000000000), 0x205aa, &(0x7f0000000100)={0x0, 0x4b}, 0x1, 0x0, 0x5, 0x1000}, 0x5}, 0x2, 0x100) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/dynamic_debug/control\x00', 0x482, 0x0) write$auto_console_fops_tty_io(r0, &(0x7f0000000280)="40ecea0b5003551f9c8291baaba72e3a9e165b0a", 0x14) mmap$auto(0x0, 0x400, 0xdf, 0xeb1, 0x1272, 0x8000) setuid$auto(0xe) bpf$auto(0x5, &(0x7f0000001100)=@bpf_attr_7={@prog_id=0x8, 0x81, 0xf}, 0x7) 4.601252327s ago: executing program 2 (id=195): mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/zram0/reset\x00', 0xa001, 0x0) write$auto(r0, &(0x7f0000001580)='LnAY\xef\x1c\xcb\x1c\xae)\x13\xf7J1\xa8\x90<\xb9x\xae\x0e\xbe\x158\x81\xd4\xd0\x81KO./p\xc1\x81\x1d^\b\xb7do\xb0\xc1/\xdct\xd6@\x84\xcfJ\xd6\x90\xb4\xf6\x03\x94@\x1f\xbc\xe9\xf6\x10Pm\xabt\xdcP\xbb}F\x9e\x8f\x9b\r\xe2A\xa73\xccp\xbf\f\xd9\x0e\x10>\xfe\x86\xb9\xa3\xb6\ad\xab\x18\xffc\rD+J^\xea\x01^\xc2\x96{\x81\x7f@\xb8\x0e\x80\x85\x93\x93\x85Y\x06\xf7t\xe1\x02<\xce@\xda=.\xf8S\xd5\xd8[GF\x93\xc7\xaa/#\xe0%*C\x1a_\x85\xe1*\xdf\xc2\xc6\"\xda \xa7\x1e\xae\x96YH\x87j\xa8\xf1\xed\x0f\xb5)N\xa9\xe8\x8f\xb0vN\x8f\xffv\xa5bTmx\xb1\xf7\xae\xb9\xcc\xcd\n\xf6\x90\x93\x19$F\xa5\xa3\xcf\'\xf3\x9c\xcd\xe3\xc5\xff\x8a\xe6\xd9\x95\x05>\xfc\x87\xf6\x8a\xb5\a\r\xde\x11\x8ay\xfe\x83\xec\xf2I\x13>\xf2\xf5^\x88C\xe5\x12\xea\xdfYi*Q0lN\f\xd9i\xb6\x0f\x13\xb14r\x1e\x98+\x04\xce\x85q\xaa\xec\xb9\xefTv\x1fr2\xff\xaa\xaf\x84\xdb', 0x200081) openat$auto_tun_fops_tun(0xffffffffffffff9c, 0x0, 0x2002, 0x0) mmap$auto(0x0, 0x6, 0xdb, 0x9b72, 0xffffffffffffffff, 0x8000) socket(0x2b, 0x1, 0x1) socket(0x21, 0x5, 0x2) mremap$auto(0x0, 0x7, 0x3fd6, 0x3, 0x7fffffffb000) prctl$auto(0x23, 0x200000000000009, 0x7fffffffefff, 0x0, 0x0) r1 = openat$auto_proc_pid_cmdline_ops_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/cmdline\x00', 0x2000, 0x0) read$auto_proc_pid_cmdline_ops_base(r1, &(0x7f0000000280)=""/165, 0xa5) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r2 = socket(0x10, 0x2, 0x0) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_WOL_SET(r2, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f0000000400)=ANY=[], 0x18}, 0x1, 0x0, 0x0, 0x4801}, 0x0) sysfs$auto(0x2, 0x10000000000002a, 0x0) fsopen$auto(0x0, 0x1) close_range$auto(0x2, 0x8, 0x0) close_range$auto(0x2, 0x8, 0xffffffff) socket(0x2, 0x80002, 0x73) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0) lseek$auto(0x3, 0x2, 0x4) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54) sendmsg$auto_TIPC_NL_NET_SET(0xffffffffffffffff, &(0x7f00000079c0)={0x0, 0x0, &(0x7f0000007980)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="01007050a7f82fc634b10f"], 0x1c}, 0x1, 0x0, 0x0, 0x40010}, 0x2) r3 = openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000100), 0x80, 0x0) ioctl$auto_SNAPSHOT_FREE(r3, 0x3305, 0x0) write$auto(0x3, 0x0, 0xfdef) 4.113539483s ago: executing program 3 (id=196): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000bc0)='/dev/dsp\x00', 0x1, 0x0) write$auto(0xc8, 0x0, 0x40f6) r1 = waitid$auto_P_PIDFD(0x3, 0xffffffffffffffff, &(0x7f0000000200)={@_si_pad}, 0x1, &(0x7f0000000280)={{0x4, 0xa33a}, {0x6, 0x5}, 0x7fff, 0x7fffffffffffffff, 0x6, 0x7b, 0x4, 0x4, 0x5, 0xfffffffffffffffa, 0x6, 0x455d, 0x1f, 0xe, 0xffffffff, 0x6}) fcntl$auto(r0, 0x6, r1) r2 = openat$auto_ep0_operations_inode(0xffffffffffffff9c, &(0x7f0000000040), 0x121000, 0x0) ioctl$auto(0x3, 0x89ed, 0x74) ioctl$auto_SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000080)="5facc68822f773a86892398ce49593d5b1f2a805efb6422cd434e31ada5e75d0c33483deb750791c6be9226ea87902f382b0741f347999a69197d0bba1dbaef5f5f8288ef136abc4a09ab7c28674141b0d89fe554edcc59c1bdc2e920edb01fdbcb8d1bd9f32e3d768db8db2232231e94f2d7f49ad0541e821732fb96b725f2984690712121a92ef8b25a8fca5ca62c7cc9ed562cd7f916f0b5bc2f31123d4856839a943ee1e7c85b820d715e950e3b87a02ef9473a2983afc7645b2500f8797e49629af4cc00f59a421b9a66e8a482afa9f52ee89b5f710589a989169ac0a8ea7ea398a400ffe6ef8d034e105") ioctl$auto_TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, &(0x7f00000001c0)={0x5, &(0x7f0000000180)={0x4c, 0x80, 0xb, @inferred=r2}}) r3 = openat$auto__dev_ioctl_fops_dev_ioctl(0xffffffffffffff9c, &(0x7f0000000000), 0x4e180, 0x0) ioctl$auto(r2, 0x8, r3) set_mempolicy$auto(0x6, &(0x7f0000000080)=0x3, 0x21) unshare$auto(0x40000080) ioctl$auto_SNDCTL_DSP_GETODELAY(r0, 0x80045035, 0x0) 4.016981223s ago: executing program 0 (id=197): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x0) sysfs$auto(0x2, 0xe, 0x0) (async) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) (async) r0 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='}[,&*}\x00', &(0x7f0000000080)={0x220000, 0x0, 0x10}, 0x18) r1 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f00000001c0), 0x80100, 0x0) (async) prctl$auto_PR_SCHED_CORE_CREATE(0x1, 0x1, 0x0, 0x0, 0x4) (async) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/platform/i8042/serio1/power/wakeup_count\x00', 0x40, 0x0) preadv2$auto(r2, &(0x7f0000000280)={0x0, 0x1}, 0x9, 0x3, 0x5, 0x3) (async) openat$auto_dvb_dvr_fops_dmxdev(0xffffffffffffff9c, &(0x7f00000002c0), 0x44100, 0x0) (async) r3 = fcntl$getown(r0, 0x9) capset$auto(&(0x7f0000000040)={0x7505, r3}, &(0x7f00000000c0)={0x655, 0x6, 0x6}) ioctl$auto_dvb_demux_fops_dmxdev(r1, 0x40146f2c, 0x0) fcntl$auto(0x3, 0x8, 0x9ebfffffffffffff) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) (async, rerun: 64) r4 = openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/block/nbd3/state\x00', 0x301802, 0x0) (rerun: 64) write$auto(r4, 0x0, 0x3) close_range$auto(0x2, 0x8, 0x0) (async) open(0x0, 0xeee00, 0x31) (async) unshare$auto(0x40000080) mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) (async) r5 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x20b42, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r5, 0xc0045002, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) (async) madvise$auto(0x0, 0x2000040080000004, 0xe) fsopen$auto(0x0, 0x1) epoll_ctl$auto(0x5, 0x1, 0xffffffffffffffff, 0x0) 3.379048369s ago: executing program 0 (id=198): openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x180b01, 0x0) mmap$auto(0x0, 0x400008, 0x3, 0x9b72, 0x2, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_MON_GET(r0, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000b4c4294dd4daa78cb0da00f2502147d55e7583c731fea1542376defe4105874386a11a21a3f97cfd0337954c816b8443de4a2eea8e987297eb858d1a77676524a56240e866ef7de130eef512321427af75e42cfde7", @ANYRES16=r1, @ANYBLOB="01002bbd7000fedbdf2512000000"], 0x14}, 0x1, 0x0, 0x0, 0x24008000}, 0x4000) write$auto(0x4, 0x0, 0x100082) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS0\x00', 0x1, 0x0) ioctl$auto(r2, 0x5408, r2) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/pci/00/01.3\x00', 0x48041, 0x0) write$auto_proc_reg_file_ops_compat_inode(r3, &(0x7f0000000240)="1c520b214b197e", 0x7) unshare$auto(0x40000080) r4 = socket(0xa, 0x1, 0x84) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg1\x00', 0x82802, 0x0) close_range$auto(r4, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) open(&(0x7f0000000140)='./file0\x00', 0x40, 0xa2) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) fadvise64$auto_POSIX_FADV_SEQUENTIAL(0xffffffffffffffff, 0xca, 0x5, 0x2) r5 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/igmp\x00', 0x80441, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r6 = openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/ieee80211/phy5/netdev:wlan0/stations/08:02:11:00:00:01/flags\x00', 0xc00, 0x0) read$auto_debugfs_full_proxy_file_operations_internal(r6, 0x0, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x40102, 0x0) pread64$auto(r5, 0x0, 0x40000000f42c, 0x585) mbind$auto(0x2000, 0x100000005, 0x100000000, 0x0, 0x5, 0x5) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) socket(0x1e, 0x805, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/misc/hw_random/rng_current\x00', 0x129102, 0x0) 2.933491878s ago: executing program 1 (id=199): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x4000000000eb2, 0x6, 0x7fff) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) mmap$auto(0x8, 0x3a02, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000180)={{0x0, 0x0, 0x0, 0x9, 0x0, 0x4000000000007, 0xa505}, 0x800}, 0x4, 0x4008) r0 = socket(0x1f, 0x3, 0x400001) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[], 0x1ac}}, 0x4c041) setsockopt$auto(0xffffffffffffffff, 0x6, 0xc, 0x0, 0x7fffffff) mmap$auto(0x0, 0x20009, 0xdf, 0xebf, 0x401, 0x5) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0) sendmsg$auto_NLBL_UNLABEL_C_STATICADD(r2, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10010}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4081}, 0xc000) ioperm$auto(0x7, 0x6, 0x2) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x2, 0x88) syz_clone3(&(0x7f0000000100)={0x2000000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_tracing_mark_fops_trace(0xffffffffffffff9c, 0x0, 0x201, 0x0) close_range$auto(0x2, 0x8, 0x4) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) write$auto(0x3, 0x0, 0xffd8) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) open(0x0, 0x2a4c0, 0x40) execve$auto(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) pidfd_open$auto(0xffffffffffffffff, 0x5) 2.587742301s ago: executing program 3 (id=200): setreuid$auto(0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r0 = socket(0x15, 0x5, 0x0) bind$auto(0x3, 0x0, 0x6a) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) sendmsg$auto(r0, 0x0, 0x0) writev$auto(0x1, 0x0, 0x1) readahead$auto(0xffffffffffffffff, 0x6, 0x2) r1 = socket(0x23, 0x5, 0x0) listen$auto(r1, 0x5ed) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$auto_BLKSECTGET(0xffffffffffffffff, 0x1267, 0x0) unshare$auto(0x40000080) r2 = open(&(0x7f0000000480)='./cgroup.cpu/cgroup.procs\x00', 0x42842, 0x95) read$auto(r2, 0x0, 0x1) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/net/rpc/use-gss-proxy\x00', 0x80100, 0x0) write$auto(r3, 0x0, 0x6) r4 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, 0x0, 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r4, 0xc004743e, 0x0) ioctl$auto_PPPIOCSPASS(r4, 0x40107447, 0x0) ioctl$auto_PPPIOCSPASS(r4, 0x40107447, 0x0) 2.542606568s ago: executing program 2 (id=201): open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc) fallocate$auto(0x8000000000000003, 0x0, 0xc, 0x4cbd5d) rename$auto(&(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='./file1\x00') setresuid$auto(0x0, 0x7, 0x8080) setfsuid$auto(0x0) mmap$auto(0x0, 0x88b, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) fanotify_init$auto(0x5, 0x2000000000002) open(&(0x7f0000000080)='./file0\x00', 0xc00, 0x409) getcwd$auto(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x5, 0x0) inotify_add_watch$auto(0x4, 0x0, 0xe6a) mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x9) open(0x0, 0x101800, 0x181) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/net/bond0/napi_defer_hard_irqs\x00', 0xc2481, 0x0) write$auto(r0, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xc3\x12\xfa\b\x1c\xc7k', 0x100000000084) socket(0xa, 0x3, 0xff) setsockopt$auto(0x400000000000003, 0x29, 0x8, 0x0, 0x7) close_range$auto(0x0, 0xfffffffffffff000, 0x2) bpf$auto(0x100000001, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0xa, 0x5, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r1 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$auto_NETDEV_CMD_PAGE_POOL_GET(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010026bd"], 0x50}, 0x1, 0x0, 0x0, 0x4048000}, 0x0) openat$auto_trace_options_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/tracing/options/blk_classic\x00', 0x4000, 0x0) socket(0x10, 0x2, 0x6) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) 2.018392963s ago: executing program 1 (id=202): r0 = socket(0x2, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) shutdown$auto(0x200000003, 0x2) setsockopt$auto(r0, 0x0, 0x1, &(0x7f0000000180)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/wakeup/wakeup7/event_count\x00', 0x1) io_uring_setup$auto(0x6, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) mmap$auto(0x0, 0xc, 0x9c0f, 0x44eb2, 0x10006, 0x300000000000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x23, 0x80805, 0x0) io_uring_setup$auto(0x1, 0x0) fcntl$auto(0x8000000000000001, 0x26, 0x0) prctl$auto(0x41555856, 0x4, 0x2008, 0x0, 0x0) fcntl$auto(0x8000000000000001, 0x25, 0x8) connect$auto(0x3, &(0x7f00000018c0)=@in={0x2, 0x300, @loopback=0xac14140a}, 0x55) 1.808416368s ago: executing program 2 (id=203): set_mempolicy$auto(0x3, &(0x7f0000000000)=0x7, 0x9) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0) socket(0x28, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) getsockopt$auto_SO_RCVPRIORITY(r0, 0x1, 0x52, &(0x7f0000000040)='%\x00', &(0x7f0000000080)=0xfffffffa) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) 1.707083208s ago: executing program 0 (id=204): mmap$auto(0x0, 0x3, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = io_uring_setup$auto(0x6, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$auto_SMC_PNETID_DEL(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, r2, 0x1, 0x70bd27, 0x25dfdbfe, {}, [@SMC_PNETID_NAME={0x5, 0x1, 'm'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x8000) mmap$auto(0x0, 0x2020009, 0x100003, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_NL802154_CMD_SET_CHANNEL(r0, &(0x7f0000000880)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000840)={&(0x7f00000002c0)={0x464, 0x0, 0x100, 0x70bd29, 0x25dfdbff, {}, [@NL802154_ATTR_CCA_MODE={0x8, 0xc, 0xd832}, @NL802154_ATTR_PAGE={0x5, 0x7, 0x9}, @NL802154_ATTR_IFTYPE={0x8, 0x5, 0x4}, @NL802154_ATTR_SEC_DEVICE={0x134, 0x2e, 0x0, 0x1, [@generic="9c02b0eb18f21e7a0ee9d83c179facc3fbfe26e94f8a1b39d13388c7543a80fd610c56d0dfe3e97b1c893896aaa4d770918aa7248839bdeb2917d99f65f3fe1824be1f83d0ac", @nested={0x18, 0xc0, 0x0, 0x1, [@nested={0x14, 0x131, 0x0, 0x1, [@typed={0x8, 0x7b, 0x0, 0x0, @fd=r0}, @typed={0x8, 0xe, 0x0, 0x0, @ipv4=@loopback}]}]}, @generic="e8", @typed={0x8, 0xee, 0x0, 0x0, @fd=r1}, @generic="788549badb13a2b5248df051c1c90f6327d92b6353b94bf5337653c88047b8bb1462063e092f7092b341d29da22c8d8ed5758c85000335d692b2f5f6f0ad669b19453908ab26765e4817ccf790004f7f3d412ea0a2f2bea22ddec95053d7215ec255504e099d4c816176dad081bf00066ff6e6baff38da364a06ff1054c7c8104fc7237bdfa4d088fc6d81e70d07e1aaf476fced61663053918049fc786b8d7c246337ac13ae947f7845a89fb0404cd7b6775cd95d0f206d902138043ccea590e2b9e5ccee2c23a2fc"]}, @NL802154_ATTR_SEC_OUT_KEY_ID={0x2e4, 0x2b, 0x0, 0x1, [@typed={0x8, 0x85, 0x0, 0x0, @uid=0xee00}, @generic="4b9bc290f45369052ee32dc0e8215923b07d241b9d00634394dda81a152f5903a0512e491694c8fda9e9f2d3ecafdecabf27b3cd25e58e739777fb0a159fdd6897b9ba2224dbfa8b2bb4bafa", @nested={0x289, 0x151, 0x0, 0x1, [@nested={0x4, 0xe6}, @generic="b0973d40c8f1bc6f9bb77dd2c8d64f1176fc83388d4bd12850a054294055923f89ffda495c5f1ee66c9f13518bc00d9f5e50194065ecf8d8022866af8e877761c80b69022ca33a462f3f1ce39cf32379e75c27708b9d0ea9bb255a71023191fa63f72a06d06d21f6cff55a016c401afa3c4436c4ff21b513f79cdfc44232b9a62dde884b5a790fc370a9d15920863e69dead05c6e4f2bc77db83f772cfc360768fb3159df5c9a9aa9f80ea", @typed={0x8, 0xcf, 0x0, 0x0, @uid}, @typed={0x42, 0x130, 0x0, 0x0, @str='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00'}, @typed={0x8, 0x143, 0x0, 0x0, @ipv4=@initdev={0xac, 0x1e, 0x1, 0x0}}, @typed={0x8, 0xc5, 0x0, 0x0, @uid}, @generic="d8c3f5f544acb71eeb12cba302a9987f54df857eeebf960e2e39a4054bde8ae2b24aa9c6a7d3f80112f94baebc6d0de449010c3e", @nested={0x4, 0x7}, @typed={0x66, 0x18, 0x0, 0x0, @binary="e0e2af9232cd0932761d5fd3d8a520f7b8f63622e44ee0f10d4feb5bb8d5fd18648f2d1eef2f6d345f9e173085af900253a973b69047f8ac15bba07d61bf735f5247e960127af9416280148f8d76e32908dd3b0765ff31f5f36c0f57ca94768d9612"}, @generic="9a10a872e4f6415bbc203b3144600d9c8124015578b6a21e8f9c2dfdb8cedda2557459794c12d99c6a488079d05b468a8c64fad2ddd9dc1118055c8fb172e7e93aabce1fb8b5197ab574f457f250a0d3d20dfdc56c32229a5281d7dd1459fdd1ffa9f7e466e6817c4058233cdcf75582f417e28793690d62ef40edd6e1d596d1cbc7a357c17201f549e6f5e64cbb7b1280efdad794cee0ab0c618d2c3b4a68ebb039799a044b1ebb9b5fa3d115931dab94964ef7b82d5d3e4fa9310d10eefb476ef554ba79dc711d4af0bdaf902ab3b5a173e3133c2c7fbb9293"]}]}, @NL802154_ATTR_SUPPORTED_CHANNEL={0x8, 0x16, 0x6}, @NL802154_ATTR_IFTYPE={0x8, 0x5, 0x5}, @NL802154_ATTR_SEC_OUT_LEVEL={0x8, 0x2a, 0x400}, @NL802154_ATTR_TX_POWER={0x8, 0xb, 0x5}]}, 0x464}, 0x1, 0x0, 0x0, 0x4c045}, 0x40080a0) socket(0xa, 0x2, 0x73) ioctl$auto(0x3, 0x80000541b, 0x38) close_range$auto(0x2, 0x8, 0x0) openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000080), 0x2000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty52\x00', 0x0, 0x0) socket(0xa, 0x2, 0x84) r4 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r3, 0x4b4d, r4) r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x48140, 0x0) readv$auto(r5, &(0x7f00000000c0)={0x0, 0x5}, 0x3) ioctl$auto_TIOCVHANGUP2(r5, 0x5437, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0x1010001, 0x100000003) read$auto(r6, 0x0, 0x20) sendmsg$auto_NL80211_CMD_UPDATE_OWE_INFO(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x2408c810}, 0x40418c0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_IPVS_CMD_NEW_SERVICE(r4, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000240)={&(0x7f0000003d40)={0x105c, 0x0, 0x4, 0x70bd27, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_SERVICE={0x1018, 0x1, 0x0, 0x1, [@typed={0x14, 0x10d, 0x0, 0x0, @ipv6=@private1}, @generic="9836101e14c5361a735bc14cd66d0880fb3833b0978379a979ea17566f9f2271409d68f8ca03528de41196a7de6709f21585548bda3934d8477eb71990b20901b39b22c79ac73b1e3619c0653e3f1fc53ffde287ac8aab425f7021504212473000179f2e98d391b41f145cb6b459e2002c380974a34dd2fa8e0f690357ab731967dee3ce0bf6cf4102da4944f1c599ed18f33b468c20f9a2f8e055c21187d34444dd9a971794aca4be29f5006fbcd70fa36a90afae6a7954b9407ed2efd004ea05a505e04c102b9b621008df1a64ac7ccdc127405ce32183534bdf5df011522a4cbcf01debbb43c6960295cd1f0a2b6df3b4e2c7c0bff5085d21582e15c48e4e4bef198a7af7381c362e031204521eafc412252a9a7af9197a6b01ba3f2f3f892cfd34f2df924f24281fe3491e8d0fba1fabc497e8577b36cf905d1bc9e8f12736f7d967b5fcb28f8b33c13c3e97f08e33233c11fe3fc80c03ec1e6743345e2f0bea44daa6fa43f993cf00d9275ec841aad5999113765f1fb025213a2fe27e52786b79dad28d6518fc40401c6ffab629fbf034b284be6eaedb8143948b41efb6bf04f494c642cf7835af3c95ef34c1390c259e5ba5196d1df632a2743790ea7306e34f0ff554c99a8d21d2e04751e04300dd7a383f43aebe5f88a01e5ef3b6065098deb9fdf99b4fa6c0ab962e580dd5619fa9ab1fbfa67c79290e15cc07532d1b37ef89c3e6e1c7d2962a3dadae5c27ab9f004ee93684f5e6402eb304d06a8721608d065c24055ca0eb5ef15d987401672f53cfd21ed0d0e6d637406bb1bf99a24a948063e5c049ae61429e49c5027ae9626499c3d8c4121d86be77395ad388c5444251d7345a3c68c439f4d54bb55a673e9adb5e20a4bce3aa25707949cf09df12ce63956503443046cd00a138d594d8ccf754140766ac96b35ad0cf79fb69c51db7ce7ac0dca4c79ce682d4ab072fb3a18ca01e71852ee956007ea73764c251ab53372e37ce8c3252e956cd1a9117ab0f58f35dc84f57aaf624298cbb6a4722e4ac852f0f85b099a8cc92e4f7e0cef98cde6adaf79b942ffb82bc1d019d52b2fc36c03fcc6465a56f2a7ed1a316f798abe69df43d3a9b0750691a0eb29961cdb07f4d5e15d1e606ee1f4918b14d374848a1eae97da859a77f494e03b0c2c1bd574d3e8a15e566d27ca4564a961fb34e8512544059ed1e6b068f5863d7134d6a03edde91fbf4fa402199c3ca570a979aeb6fdcccd04ed5a76a7f782414d5e2579c317a6ead45cddbc7f344fe8804efb5a4aab7ba109cd3d48e6296e893600c8bb234ac51c696f1e058f09867bf082f8d022fb50e43cde090e5042ab733db1219f77b339b616b19feea3028dc70790f98eb3d66ae8e567fb2538c18384c6c098225ea2a81c2e04c98ea13932342e56537569631439dbd6132dc3d58d3d3aea0d3ed20a4ada970d1446b9172f1df3baa775157dcdaace95a9747e3620fbc171cdae8bbdcf1bdd7c7bcda31b16beef59a3e47e9bf910cd3316ea60d7e3ccfb79ed027029fe384cd4e1a521577a71085246066026cfe31915f90e191705d9ec43bea3d0fd63a2121c0b596443d07bfffbeed6b51d71415f0db3b6fd49e9434df2bf828f1cb01d22ceec1065bdc1099153c11ab6c03983e7d2ca313085ef6bd22a73a49240d9c7b5a4b34172dab5cea0d4a6eef4bf78515d9b4779fd02af23a48cd74cf5406e9687f35a4cad9d9766d8d4351b4d3d9533f1e4ec3245aaa72ab7a5822664ed2ccb2d287c57f532e510ee045d57979fe32e76f7700f2bae20d1facaa83ef2511f1204285fd185f1104da0261415f8e3f1633d8592744ea39a956a28d55ca898613a9391bac819eb07ca0d3c22c32db18a4411482bee104be6cd636187eebcd18cf16bd6cd93b38f1751d9eb12aaf91dd967f19fc4a9d0f33794562382097274238629637ceba5f631374955ce7d0da031375bd28101eb052efa121cc6f6cb9b0ece6fcf7ca5bb8ed4fe16c27749912da49a92cd46e0a555e8dd35ad2945eeaf7187da450a8476952f51670712c4d9e64678a99c651c47091836f37784d5cceddf27a101ad510629a81fcd2e3b8e3ac20d7383d279f2442feed4b4fe5e0822e4186990dfa16b7685933769b2ffccc1d09e26885a71628163bc1b11a6bf70926cac5c9d84fd0f08a22a2154f39adb2a43354be00d36a01431744dfed1c59bc9229a0814cd743586dc6a922653a78923137146a28eb6f3999d7fde9a956e8175d5dda858dad6cd2752700513c6e6e151c11b58d77ef4916940cc523bd719f4a543f8607505d68dc0f0113b4efda89787302ef22bc2e7fb11c6e1f2b917044a2adccc0eb3d790342cf1b41e53b6014582b4abdbf186b9dd8d9f4bc07803c4f7638f65f16f846278381fc6f12f7ba3997cbe828aadc35313ab7c7f1b9515baf3c23d986884a4e5c96027751822e24e39f33e3f3e3554b89aaaef6cf6028ca0caaafadf30326fe2dfb015297038861914c85c77f04c5b00d1e155f16551dd57921daba843db3babf43d47225cffb895b4301ace09f7d50eea01a7d5debe3c40801b98e9cd3f4a59d44dab984d2223ed02c96e669bfd010fb9e02df72247b87a1c765fde9e7f2ee6bc268eae5dd2e7fd06216904449fd8d9f27b48247acfcbf5d94260e32f8127508a92798e6c885fed12d8a6a735f6078a25215b857b54245a413fe87ac283e69af1d62990ff3eebea220bb510ed56dfb5b07003cf277fdba4be270fb617a2cf1a6d6c94f115bb9aaece053cf76781342e337b7fa42d24a185161d9044abee1abef909dcb3b8615382b893f374e44b05a6d0ce8f119724f9e919c4f1fcaf0da20a74197fed83b889c641f84f9571fd8950882598e26f1d51dbf7b439d4424546ef876710b7587c74a22178641441e03057e2fd557e25d4749e52a20f326f0b95360513b9c7a30ce9ca7b52291c6d9fa94c9df42c805d4b702c1fe6d1c8076b9e6c764f736550d547754bfd147666f8e081682fd299cff492689f72ddc591c99cd7e2a4a579797e6aa7201c87acd32cb7c764bc06c77d4e4debb63572aecc037a3d10f19bfdbbdf0bbd8d64a13f2d414ada349f45f82b84ad6d6007d96d69b82dacdd02f018e2ee56ccf68f42688d96976083be38f73cecc58f54020dad6c7d57c1ef238cbaf31acd490c564c82606ed605c0bffbdf6cdf65adbd856ff238bbeb39d3d2829d755d264f6bde70cdfe25b78f8803654065878d7139c16e3104f66ff19897fc8a01dab0fb48a636b48215985a9af3d62c4c6e2768646f10dc98e6d5f9b80a726da11822be8180d14d77c3c42fd0f470afda3fbdb4657631595edd8288fca32dacb8d35484f46c5ed214627c605ddc30e8b73e3cd992e7956841a294e4cebf523f99889a5698aa30d7bd76d886e99a7a8427b5befab2c90644ec2d868c15105453e9a13b50a514ac1eabdd03241d4ee8be3564592823dd434fae4c2806f0b34da3cb1381a38ec90c2e0d4292202825276ad8aee4301f676261e9a4e721f30d3ca57f8cd9d857faa943a364078cf34ab8f81f17651e78e4c10f164709d7ebfa40eb1e48b997b962a64d5918719bb9d791aa1d50f1d4767b848870bd4024fc2cf47afbf0364b8676c8c5b24924936d084c19aeb35fd718d8ead2a29cc4916467b79e9dafe0e00c57d3f527ae9db6c8472c09829af13c83737d804b19de384950e2046863f5ffaca51ba356d82e0aae85858cba1aaf5c492e40a1275b41f3d76e8389553bd06e5206fbd748820a77d2142d88040e16ecf8a7ecafd342aced9aa3622d8111703a4cebd563e4856a24804190a19f69dd4b4786eca37a3a39797390a449938ce995153853ba389ecd9026d35d0d986d7c11266c8e9df79a1a84c4cd9ea0d94356145c9714459ea16c4bee09c4b9e3cd78801ddaa975471da1287e8f3864d72ad4f2732a23ee5051113e6721e27c7fbbb619af92c0100586b54e9ea9e08488741df863b8d4021f182dc3d325142167c17f8a4d942425431a1b13c6f9c33f246c0c6c2d556b5b4188a295515047246df34d9e757c5a1cb102e871894ad4a166a8ea6d1af4416bb5f2a9563baea1479bf5e53fc10ae610a9b6d9b6a29b1f97677b05f7f27fe2c2c6cfa5dcf7bd8acfe78c9444dd72e384ce2e7bc2824471cea036cc987dd9e5547397728dd20b533c5d3ec5d5a07e352441670e66c7adee4984e3fec1b7a668f105f6aa9755a4796b87d0668c7caa90a56cdd738c4f8912e69632b414cb57344c14c011041f4f41c656883e18ed52ebf063152d816c325dae6b1f1e2da4c9e945425a41ce67674d7dc92042f8cfb679d22a886811f1a4d5bd9ff16f44e2abb0cd52a7a6ed73b614c9337ca43d6fd61acda7063a20c11fca93be41a9d784f6d7c7995a970e5e8fe1d256998a8550ee5471925b508e8f923b557d279af7012bb9b325229e92492ae4f1f2688d50d89f7cb228f62795833029ad37c2317bb689d0a859ce4a36cefea4be5ac7421ec0ed52956f9b511a44bf4c186fd87ca0acb1680b236bd53409ae5df469a173401beb5a207e41cfcbeec41fbba0532e728abc219c0c6f71bcfc5d3a9854343037f00857804c57ea81f5d92dde97584ec8836881e927675555a07d0126f4ad1facbca807179eb1adaba7817cd2e7c6b27af4b2c6c085dd39bdc2fcd3fd08385a65a4816d638f8bc3b55f1bb0e0fab2b558311370a260f8188ef54eb27e1b1c1285a16149a8677d2c7bab1256fe1c898100d4741ba96f1352183a95c9ae5136d1c7a22e7c2ee54a73159d86e4c8fd2b8bfdaf74dcb4d2b389c7b0721ebb1133413a89c13bcf39da713d3c39af7d661050e119bc919bca56ca0aca9751917eb74c8f0fdabf13b264d21120923dd92a57236f743c48a42e1220a26a8bd3ba1bbd76e21d06ce190e0bdd5e8eee4fb4ad540e8e345d57002327a80b6a900baba18582ef7d60dccb42d62614580bf492136a2c32b7e2cb1e4ff234d23f80a9155b3bad1c3b76ed50079329d7aa124bb15db1458d86920c8abf114f8fb70abdca01bd9c62f939e708379434015ba14658e0f70a120c0d82735a2a132969d88738c1513f2202d1b8dd8fe4846818082558a0df20edece5bd5e6888714bcafcd8bd864a926e53b0648ece9c94be4a983424cd7f5476819b63be792718ea7ceb04bde930244bb41947073d3ad57b7c863faeac807823e64a9e8e66e0c7e4e34102e2fa0a4dc0b7247a4891f4778b1a852b1fd3188ec185e7a2487e5973309112648462a4ec745dc8adeaff7e90b044a5e150e1b6b4780dd6b9e34bac9e268973d0421d2aa4d72db11f80064acd2b3b844d436de2f139794e1926899d1cf512fcca4f595578fd201a883aa9a11c79918ba918fdc7dc49cd938210cbdcd73385f816a552c1016178d0c27adc8edd2e43d6b65e1d3020272f1ac5e377a941306e8649aa8d213f0a1a539ddecb44bc18f297a71e910019c28a94cad034d54a24d5292f1a05b07bdd85f40d4c10163428cd37dfb07448b587211a80ea5c084a57ab2e854c6d27d50907ff0ee34a4cec78062dcbff609e98656f24cbb7ff45c9caba2ef45abacf0629952fe2f60b835c72f74a4f1f6c7b0b1234d2dde95be41cb220d4337c46a4d030fff2068792e16f10c785db61bffea29bf92a7d709e894651326351028422f14e394995e3cdbcd9da5038e136527e1bbe93bf4cd9e6c04587c29d15bbfaba6201142861db9b6bae3d8740d5f4a67cc4ed2968cea64cda5377056545c4c664b9f"]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x6}, @IPVS_CMD_ATTR_DAEMON={0x28, 0x3, 0x0, 0x1, [@typed={0x23, 0x99, 0x0, 0x0, @str='/sys/kernel/debug/sync/sw_sync\x00'}]}]}, 0x105c}, 0x1, 0x0, 0x0, 0x20004010}, 0x4) 1.511219337s ago: executing program 3 (id=205): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup/cgroup.type\x00', 0x103042, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x6) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio1\x00', 0x20b42, 0x0) (async) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio1\x00', 0x20b42, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/graphics/fbcon/cursor_blink\x00', 0x0, 0x0) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/graphics/fbcon/cursor_blink\x00', 0x0, 0x0) r0 = open(0x0, 0x149443, 0x14) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) write$auto(0x3, 0x0, 0x100082) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/neigh/veth1_to_team/ucast_solicit\x00', 0x208200, 0x0) fcntl$auto(r1, 0x2, 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) (async) io_uring_setup$auto(0x6, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/module/sunrpc/parameters/pool_mode\x00', 0x80302, 0x0) sendfile$auto(r2, r2, 0x0, 0x43) migrate_pages$auto(0x0, 0x8, 0x0, &(0x7f00000001c0)=0x7b) (async) migrate_pages$auto(0x0, 0x8, 0x0, &(0x7f00000001c0)=0x7b) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80502, 0x0) (async) r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80502, 0x0) ioctl$auto_SNDCTL_DSP_CHANNELS(r3, 0xc0045006, &(0x7f00000001c0)) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) move_pages$auto(0x0, 0x1002, 0x0, &(0x7f0000001140), 0x0, 0x2) (async) move_pages$auto(0x0, 0x1002, 0x0, &(0x7f0000001140), 0x0, 0x2) 1.363293324s ago: executing program 1 (id=206): close_range$auto(0x0, 0xfffffffffffff000, 0x2) landlock_create_ruleset$auto(&(0x7f0000000000)={0x6, 0x400, 0x7}, 0x9, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01002abd7000fcdbdf250400ff0f00000000000034e6de69a1509e3e2906366733"], 0x2c}, 0x1, 0x0, 0x0, 0x44048058}, 0x4000800) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card0\x00', 0x0, 0x0) ioctl$auto(r0, 0x9000643c, 0xc35) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = openat$auto_fops_atomic_t_ro_(0xffffffffffffff9c, &(0x7f0000000040), 0x4980, 0x0) ioctl$auto_FS_IOC_GETFSUUID(r3, 0x80111500, 0x1ff) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_GET_MSRS(r1, 0xc008ae88, &(0x7f0000000080)={0x2, 0x0, [{0xc1, 0x400, 0x9}]}) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) socket(0x10, 0x3, 0x6) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11"], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 1.244209142s ago: executing program 2 (id=207): socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) pipe2$auto(0x0, 0x80) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) keyctl$auto(0x15, 0xffffffffffffffff, 0x5, 0xffffffffffffffff, 0x8) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000080), r0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000dc0)={&(0x7f0000002b40)={0x20, r1, 0x1, 0x70bd2a, 0x25dfdbfb, {}, [@HWSIM_ATTR_PMSR_SUPPORT={0xc, 0x1a, 0x0, 0x1, [@NL80211_PMSR_ATTR_TYPE_CAPA={0x8, 0x4, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x4}]}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x4008040}, 0x4000800) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) mmap$auto(0x2, 0x2020009, 0x5, 0x18, 0xfffffffffffffffa, 0x7ffc) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/kernel/cad_pid\x00', 0x242, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) write$auto(0x3, 0x0, 0xffd8) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000340)='/dev/v4l-subdev2\x00', 0x80000, 0x0) mmap$auto(0x0, 0x800000002020009, 0x4ba, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x0, 0x0) ioctl$auto_MON_IOCX_MFETCH(r3, 0xc0109207, &(0x7f0000000100)={0x0, 0x2000004, 0x7}) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/010/001\x00', 0x20000, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D0\x00', 0x2d0043, 0x0) ioctl$auto(r2, 0x5607, 0x7) inotify_add_watch$auto(r2, 0x0, 0x9) 389.085554ms ago: executing program 1 (id=208): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4ea2, @remote}, 0x6a) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/rxrpc/calls\x00', 0x40280, 0x0) pread64$auto(r1, &(0x7f0000000040)='veth1\x00', 0x200000000004, 0x4) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/batadv_slave_1/accept_ra_min_hop_limit\x00', 0x320000, 0x0) mmap$auto(0x0, 0x9, 0xdf, 0x1000000eb1, 0x401, 0x8000) io_uring_setup$auto(0x2, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x101e81, 0x0) mmap$auto(0x0, 0xf4, 0xdf, 0xeb1, 0x69a5, 0xa800000000000000) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0x101}, 0x8}, 0x7, 0x20020000) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) write$auto(0x3, 0x0, 0xfffffdef) getsockopt$auto(0xffffffffffffffff, 0x84, 0x1b, 0x0, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) close_range$auto(0x2, 0x8, 0x0) 350.620462ms ago: executing program 0 (id=209): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_wireguard(&(0x7f0000001140), r0) (async) r2 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/event2\x00', 0x4400, 0x0) ioctl$auto_EVIOCSCLOCKID(r2, 0x400445a0, &(0x7f0000000040)=0x955) (async) sendmsg$auto_WG_CMD_SET_DEVICE(r0, &(0x7f00000028c0)={0x0, 0x0, &(0x7f0000002880)={&(0x7f0000001180)={0x14, r1, 0x21, 0x70bd26, 0x25dfdbfa}, 0x14}, 0x1, 0x0, 0x0, 0x20000040}, 0x80) 142.994892ms ago: executing program 3 (id=210): r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0x0, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x6) (async) unshare$auto(0x40000080) (async) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async, rerun: 64) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x80102, 0x0) (rerun: 64) madvise$auto(0x7, 0x0, 0x9) (async) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) setrlimit$auto(0x1000000007, 0x0) dup$auto(0x1) (async) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) (async, rerun: 64) socket(0xa, 0x2, 0x0) (async, rerun: 64) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) (async) getpid() (async, rerun: 32) clock_nanosleep$auto(0x9, 0x0, 0x0, 0x0) (async, rerun: 32) socketpair$auto(0x6, 0x3, 0x0, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) (async) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/i8042/serio1/resetafter\x00', 0x129102, 0x0) (async, rerun: 32) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async, rerun: 32) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x6) (async, rerun: 32) openat$auto_evm_key_ops_evm_secfs(0xffffffffffffff9c, &(0x7f00000000c0), 0x8800, 0x0) (async, rerun: 32) r3 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(r3, r3, 0x0) 142.69088ms ago: executing program 0 (id=211): openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x60201, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) r0 = socket(0x28, 0x1, 0x0) sendmmsg$auto(r0, 0x0, 0x7, 0x8) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x7, 0x0, 0x0, &(0x7f0000000080)={[0x9, 0x7, 0xd, 0xfffffffffffffffd, 0x948b, 0x8, 0x15f4da0a, 0x3, 0xffffffff80000001, 0x62, 0x40000080000001, 0x7, 0xfffffffffffffff9, 0x8000000009, 0x2, 0x40]}, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r3 = getpid() process_vm_readv$auto(r3, &(0x7f0000000000)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={&(0x7f0000000140), 0x40000000001243}, 0xa, 0x0) ioctl$auto(0x3, 0x400454ca, 0x38) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff) sendmsg$auto_NBD_CMD_CONNECT(r4, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000000280)=ANY=[@ANYBLOB="24010000f29c2a1bdbdb783b2c3adfb0b6c71e361540d72bf63db928927fd1175946d32d94dcad28e49dc305369978c5bf5bfd71bc99e5160739b06c4aa766ad781496b37f233f840d8293ca20b71484064345e081d3bf40fc1f83c9243eb108f828ccc7be35217cf7e7399d", @ANYRES16=r5, @ANYBLOB="010025bd5000fddbdf2501000000040007800c0002000600000000200000"], 0x24}, 0x1, 0x100000000000000, 0x2000000, 0x4}, 0x8c0) close_range$auto(0x2, 0x8, 0x0) r6 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/018/001\x00', 0x802, 0x0) ioctl$auto_USBDEVFS_CONTROL(r6, 0xc0185500, &(0x7f0000000240)={0x23, 0x3, 0x14, 0x10, 0x8, 0x7fb, &(0x7f00000002c0)}) fsopen$auto(0x0, 0x1) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x80502, 0x0) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_BLKIOMIN(r2, 0x1278, 0x0) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff) mmap$auto(0x803, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r7 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r7, &(0x7f0000000040)='nbd\x00', 0x4) mlockall$auto(0x3) ioctl$auto(0x3, 0xae41, 0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) 0s ago: executing program 2 (id=212): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd10/queue/nr_requests\x00', 0x82942, 0x0) sendfile$auto(r0, r0, 0x0, 0x200) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r1 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event0\x00', 0x3498c2, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x2, 0x1, 0x0) setsockopt$auto(0x3, 0x0, 0x33, 0x0, 0x8) r3 = ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, 0xffffffffffffffff) ioctl$auto_KVM_GET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)={0x2, 0x0, [{0x4b564d06, 0xe3, 0x100000007f}]}) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/audit\x00', 0x40, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_seg6(&(0x7f0000002e40), 0xffffffffffffffff) sendmsg$auto_SEG6_CMD_SET_TUNSRC(r4, &(0x7f0000002f00)={0x0, 0x0, &(0x7f0000002ec0)={&(0x7f0000002e80)=ANY=[@ANYRES16=r1, @ANYRES16=r5, @ANYBLOB="010428bd7000fcdbdf2503000000"], 0x14}, 0x1, 0x0, 0x0, 0x4008c40}, 0x4) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/firmware/devicetree/base/name\x00', 0x8000, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) read$auto(r6, 0x0, 0x9) sendmsg$auto_SEG6_CMD_DUMPHMAC(r3, &(0x7f0000000240)={&(0x7f0000000180), 0xc, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="7d02ff62a636051c000000", @ANYRES16=r5, @ANYBLOB="01002dbd7000fcdbdf2502000000"], 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x4000040) r7 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/xfrm_stat\x00', 0x0, 0x0) read$auto_proc_reg_file_ops_compat_inode(r7, &(0x7f0000000340)=""/140, 0x19) pselect6$auto(0x5, &(0x7f0000000400)={[0x2000000000000008, 0x5, 0x0, 0x5, 0x8001, 0x2, 0xf15, 0x200000c, 0x3, 0x0, 0x7fffffffffffffff, 0x0, 0x3, 0x4, 0x8, 0x3fe]}, 0x0, 0x0, 0x0, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x2) landlock_create_ruleset$auto(&(0x7f0000000000)={0x6, 0x400, 0xfff}, 0x9, 0x0) landlock_restrict_self$auto(r8, 0x0) execve$auto(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)=&(0x7f0000000080)=',{\x00', &(0x7f0000000140)=&(0x7f0000000100)='}.\x00') move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.171' (ED25519) to the list of known hosts. [ 86.313736][ T5836] cgroup: Unknown subsys name 'net' [ 86.452216][ T5836] cgroup: Unknown subsys name 'cpuset' [ 86.462042][ T5836] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 88.153994][ T5836] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 90.349690][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 90.357982][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 90.365786][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 90.373933][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 90.381700][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 90.413666][ T5168] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 90.428409][ T5168] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 90.436035][ T5168] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 90.445202][ T5168] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 90.453019][ T5168] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 90.488228][ T5168] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 90.498131][ T5168] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 90.508531][ T5168] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 90.521823][ T5168] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 90.539010][ T5168] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 90.622945][ T5168] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 90.631333][ T5168] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 90.639212][ T5168] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 90.651170][ T5168] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 90.659538][ T5168] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 90.973158][ T5849] chnl_net:caif_netlink_parms(): no params data found [ 91.105638][ T5845] chnl_net:caif_netlink_parms(): no params data found [ 91.267152][ T5849] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.276583][ T5849] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.284292][ T5849] bridge_slave_0: entered allmulticast mode [ 91.292467][ T5849] bridge_slave_0: entered promiscuous mode [ 91.320800][ T5849] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.328442][ T5849] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.336176][ T5849] bridge_slave_1: entered allmulticast mode [ 91.344021][ T5849] bridge_slave_1: entered promiscuous mode [ 91.371655][ T5857] chnl_net:caif_netlink_parms(): no params data found [ 91.448241][ T5845] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.455480][ T5845] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.462958][ T5845] bridge_slave_0: entered allmulticast mode [ 91.470556][ T5845] bridge_slave_0: entered promiscuous mode [ 91.478696][ T5852] chnl_net:caif_netlink_parms(): no params data found [ 91.499993][ T5849] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.509950][ T5845] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.517088][ T5845] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.525931][ T5845] bridge_slave_1: entered allmulticast mode [ 91.533159][ T5845] bridge_slave_1: entered promiscuous mode [ 91.575266][ T5849] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.641813][ T5845] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.672048][ T5849] team0: Port device team_slave_0 added [ 91.681646][ T5849] team0: Port device team_slave_1 added [ 91.690101][ T5845] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.795288][ T5845] team0: Port device team_slave_0 added [ 91.835830][ T5857] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.843398][ T5857] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.851321][ T5857] bridge_slave_0: entered allmulticast mode [ 91.859352][ T5857] bridge_slave_0: entered promiscuous mode [ 91.868720][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.875696][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.903140][ T5849] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.917031][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.924310][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.953340][ T5849] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.967781][ T5845] team0: Port device team_slave_1 added [ 92.001551][ T5857] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.009671][ T5857] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.017105][ T5857] bridge_slave_1: entered allmulticast mode [ 92.025614][ T5857] bridge_slave_1: entered promiscuous mode [ 92.093391][ T5852] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.101439][ T5852] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.108703][ T5852] bridge_slave_0: entered allmulticast mode [ 92.115969][ T5852] bridge_slave_0: entered promiscuous mode [ 92.129399][ T5852] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.136538][ T5852] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.144319][ T5852] bridge_slave_1: entered allmulticast mode [ 92.151708][ T5852] bridge_slave_1: entered promiscuous mode [ 92.161943][ T5857] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.185659][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.192657][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.218744][ T5845] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.245347][ T5857] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.280666][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.287675][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.313815][ T5845] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.374800][ T5849] hsr_slave_0: entered promiscuous mode [ 92.381781][ T5849] hsr_slave_1: entered promiscuous mode [ 92.391657][ T5852] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.405011][ T5852] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.416975][ T5857] team0: Port device team_slave_0 added [ 92.427134][ T5857] team0: Port device team_slave_1 added [ 92.438765][ T51] Bluetooth: hci0: command tx timeout [ 92.489972][ T5857] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.497056][ T5857] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.523390][ T51] Bluetooth: hci1: command tx timeout [ 92.527154][ T5857] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.556250][ T5852] team0: Port device team_slave_0 added [ 92.577276][ T5857] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.584355][ T5857] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.610896][ T51] Bluetooth: hci2: command tx timeout [ 92.613349][ T5857] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.642754][ T5852] team0: Port device team_slave_1 added [ 92.666946][ T5845] hsr_slave_0: entered promiscuous mode [ 92.673320][ T5845] hsr_slave_1: entered promiscuous mode [ 92.679650][ T51] Bluetooth: hci3: command tx timeout [ 92.686194][ T5845] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 92.694040][ T5845] Cannot create hsr debugfs directory [ 92.750768][ T5852] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.757741][ T5852] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.784186][ T5852] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.797157][ T5852] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.804447][ T5852] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.830803][ T5852] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.910235][ T5857] hsr_slave_0: entered promiscuous mode [ 92.916608][ T5857] hsr_slave_1: entered promiscuous mode [ 92.923889][ T5857] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 92.932188][ T5857] Cannot create hsr debugfs directory [ 93.088401][ T5852] hsr_slave_0: entered promiscuous mode [ 93.095015][ T5852] hsr_slave_1: entered promiscuous mode [ 93.101471][ T5852] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 93.109111][ T5852] Cannot create hsr debugfs directory [ 93.383513][ T5849] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 93.410008][ T5849] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 93.431423][ T5849] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 93.450619][ T5849] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 93.500619][ T5845] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 93.513179][ T5845] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 93.523753][ T5845] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 93.540194][ T5845] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 93.633858][ T5857] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 93.644538][ T5857] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 93.656254][ T5857] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 93.672657][ T5857] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 93.779395][ T5852] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 93.801285][ T5852] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 93.824821][ T5849] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.837315][ T5852] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 93.849222][ T5852] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 93.924954][ T5849] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.964925][ T1335] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.972278][ T1335] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.999491][ T1335] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.006626][ T1335] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.047152][ T5845] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.110995][ T5857] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.120427][ T5845] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.160737][ T4587] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.167903][ T4587] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.191222][ T5852] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.201466][ T5857] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.216955][ T5849] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 94.248661][ T5852] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.257375][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.264547][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.290645][ T4587] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.297797][ T4587] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.319741][ T1335] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.326936][ T1335] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.353349][ T1335] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.360511][ T1335] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.395963][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.403121][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.533081][ T51] Bluetooth: hci0: command tx timeout [ 94.551964][ T5845] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 94.598606][ T51] Bluetooth: hci1: command tx timeout [ 94.680823][ T51] Bluetooth: hci2: command tx timeout [ 94.723049][ T5849] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.758518][ T51] Bluetooth: hci3: command tx timeout [ 94.833995][ T5849] veth0_vlan: entered promiscuous mode [ 94.861481][ T5849] veth1_vlan: entered promiscuous mode [ 94.955478][ T5849] veth0_macvtap: entered promiscuous mode [ 94.982707][ T5849] veth1_macvtap: entered promiscuous mode [ 95.036868][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.052499][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.100628][ T5849] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.109927][ T5849] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.127166][ T5849] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.139898][ T5849] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.194829][ T5845] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.251323][ T5852] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.277488][ T5857] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.366634][ T5845] veth0_vlan: entered promiscuous mode [ 95.368652][ T66] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.387765][ T66] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.423469][ T5852] veth0_vlan: entered promiscuous mode [ 95.447119][ T5845] veth1_vlan: entered promiscuous mode [ 95.475649][ T5852] veth1_vlan: entered promiscuous mode [ 95.491552][ T1335] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.504241][ T1335] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.564837][ T5857] veth0_vlan: entered promiscuous mode [ 95.586930][ T5845] veth0_macvtap: entered promiscuous mode [ 95.591861][ T5849] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 95.610483][ T5857] veth1_vlan: entered promiscuous mode [ 95.619381][ T5852] veth0_macvtap: entered promiscuous mode [ 95.633042][ T5845] veth1_macvtap: entered promiscuous mode [ 95.652057][ T5852] veth1_macvtap: entered promiscuous mode [ 95.703577][ T5852] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.733520][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.772704][ T5852] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.800578][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.811377][ T5852] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.822081][ T5852] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.831310][ T5852] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.840346][ T5852] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.864296][ T5845] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.873988][ T5845] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.907444][ T5845] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.920326][ T5845] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.942005][ T5857] veth0_macvtap: entered promiscuous mode [ 96.034213][ T5857] veth1_macvtap: entered promiscuous mode [ 96.154460][ T5857] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.189406][ T5857] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.203135][ T1099] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.223665][ T1099] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.264848][ T5857] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.301201][ T5857] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.303445][ T5941] netlink: 342 bytes leftover after parsing attributes in process `syz.3.6'. [ 96.327292][ T5857] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.331713][ T5941] netlink: 342 bytes leftover after parsing attributes in process `syz.3.6'. [ 96.348722][ T5941] netlink: 342 bytes leftover after parsing attributes in process `syz.3.6'. [ 96.368283][ T5857] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.427583][ T5940] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 96.479503][ T5940] CIFS mount error: No usable UNC path provided in device string! [ 96.479503][ T5940] [ 96.492961][ T5940] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 96.500296][ T4587] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.544263][ T1335] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.552421][ T4587] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.561200][ T1335] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.598327][ T51] Bluetooth: hci0: command tx timeout [ 96.666956][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.678829][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 96.682758][ T51] Bluetooth: hci1: command tx timeout [ 96.720480][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.758321][ T51] Bluetooth: hci2: command tx timeout [ 96.838231][ T51] Bluetooth: hci3: command tx timeout [ 96.850072][ T980] cfg80211: failed to load regulatory.db [ 96.961675][ T4587] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.009897][ T4587] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.117696][ T989] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.174033][ T989] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.449941][ T5957] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 97.521959][ T5960] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 98.082109][ T5961] process 'syz.0.1' launched './file0' with NULL argv: empty string added [ 98.112801][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 98.138716][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.188567][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.695173][ T51] Bluetooth: hci0: command tx timeout [ 98.708575][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.758571][ T51] Bluetooth: hci1: command tx timeout [ 98.848139][ T51] Bluetooth: hci2: command tx timeout [ 98.924665][ T51] Bluetooth: hci3: command tx timeout [ 99.407581][ T5988] netlink: 330 bytes leftover after parsing attributes in process `syz.3.13'. [ 99.437340][ T5988] Zero length message leads to an empty skb [ 99.509614][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 99.648797][ T0] NOHZ tick-stop error: local softirq work is pending, handler #342!!! [ 99.788496][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 100.078221][ T5994] FAULT_INJECTION: forcing a failure. [ 100.078221][ T5994] name failslab, interval 1, probability 0, space 0, times 1 [ 100.092027][ T5994] CPU: 1 UID: 0 PID: 5994 Comm: syz.0.15 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) [ 100.092066][ T5994] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 100.092089][ T5994] Call Trace: [ 100.092099][ T5994] [ 100.092113][ T5994] dump_stack_lvl+0x16c/0x1f0 [ 100.092166][ T5994] should_fail_ex+0x512/0x640 [ 100.092210][ T5994] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 100.092254][ T5994] should_failslab+0xc2/0x120 [ 100.092282][ T5994] __kmalloc_cache_noprof+0x6a/0x3e0 [ 100.092322][ T5994] ? mark_held_locks+0x49/0x80 [ 100.092359][ T5994] ? rfkill_fop_open+0x1b6/0x750 [ 100.092400][ T5994] rfkill_fop_open+0x1b6/0x750 [ 100.092439][ T5994] ? __pfx_rfkill_fop_open+0x10/0x10 [ 100.092475][ T5994] misc_open+0x35d/0x420 [ 100.092511][ T5994] ? __pfx_misc_open+0x10/0x10 [ 100.092546][ T5994] chrdev_open+0x234/0x6a0 [ 100.092591][ T5994] ? __pfx_apparmor_file_open+0x10/0x10 [ 100.092628][ T5994] ? __pfx_chrdev_open+0x10/0x10 [ 100.092676][ T5994] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 100.092723][ T5994] do_dentry_open+0x741/0x1c10 [ 100.092767][ T5994] ? __pfx_chrdev_open+0x10/0x10 [ 100.092825][ T5994] vfs_open+0x82/0x3f0 [ 100.092862][ T5994] path_openat+0x1de4/0x2cb0 [ 100.092916][ T5994] ? __pfx_path_openat+0x10/0x10 [ 100.092961][ T5994] ? __lock_acquire+0xb8a/0x1c90 [ 100.093005][ T5994] do_filp_open+0x20b/0x470 [ 100.093045][ T5994] ? __pfx_do_filp_open+0x10/0x10 [ 100.093114][ T5994] ? alloc_fd+0x471/0x7d0 [ 100.093162][ T5994] do_sys_openat2+0x11b/0x1d0 [ 100.093194][ T5994] ? __pfx_do_sys_openat2+0x10/0x10 [ 100.093240][ T5994] __x64_sys_openat+0x174/0x210 [ 100.093272][ T5994] ? __pfx___x64_sys_openat+0x10/0x10 [ 100.093320][ T5994] do_syscall_64+0xcd/0x490 [ 100.093367][ T5994] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.093394][ T5994] RIP: 0033:0x7f47c258e929 [ 100.093417][ T5994] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 100.093463][ T5994] RSP: 002b:00007f47c341b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 100.093491][ T5994] RAX: ffffffffffffffda RBX: 00007f47c27b5fa0 RCX: 00007f47c258e929 [ 100.093511][ T5994] RDX: 0000000000183440 RSI: 0000200000000240 RDI: ffffffffffffff9c [ 100.093530][ T5994] RBP: 00007f47c2610b39 R08: 0000000000000000 R09: 0000000000000000 [ 100.093548][ T5994] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 100.093565][ T5994] R13: 0000000000000000 R14: 00007f47c27b5fa0 R15: 00007ffcce9dac58 [ 100.093605][ T5994] [ 100.637520][ T5998] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 100.647681][ T5998] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 101.719116][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 102.358518][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 102.410586][ T6044] netlink: 342 bytes leftover after parsing attributes in process `syz.2.23'. [ 102.431731][ T6044] netlink: 342 bytes leftover after parsing attributes in process `syz.2.23'. [ 102.478778][ T6044] netlink: 342 bytes leftover after parsing attributes in process `syz.2.23'. [ 102.538545][ T6044] netlink: 342 bytes leftover after parsing attributes in process `syz.2.23'. [ 102.572490][ T6044] netlink: 342 bytes leftover after parsing attributes in process `syz.2.23'. [ 102.614871][ T6044] capability: warning: `syz.2.23' uses 32-bit capabilities (legacy support in use) [ 106.172462][ T6095] FAULT_INJECTION: forcing a failure. [ 106.172462][ T6095] name failslab, interval 1, probability 0, space 0, times 0 [ 106.185588][ T6095] CPU: 1 UID: 0 PID: 6095 Comm: syz.1.34 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) [ 106.185626][ T6095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 106.185644][ T6095] Call Trace: [ 106.185653][ T6095] [ 106.185664][ T6095] dump_stack_lvl+0x16c/0x1f0 [ 106.185713][ T6095] should_fail_ex+0x512/0x640 [ 106.185757][ T6095] ? fs_reclaim_acquire+0xae/0x150 [ 106.185796][ T6095] should_failslab+0xc2/0x120 [ 106.185825][ T6095] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 106.185871][ T6095] ? security_inode_alloc+0x3b/0x2b0 [ 106.185910][ T6095] security_inode_alloc+0x3b/0x2b0 [ 106.185945][ T6095] inode_init_always_gfp+0xce4/0x1030 [ 106.185996][ T6095] alloc_inode+0x86/0x240 [ 106.186027][ T6095] new_inode+0x22/0x1c0 [ 106.186062][ T6095] shmem_get_inode+0x19a/0xfb0 [ 106.186106][ T6095] shmem_mknod+0x1a8/0x450 [ 106.186146][ T6095] ? __pfx_shmem_create+0x10/0x10 [ 106.186179][ T6095] lookup_open.isra.0+0x11d3/0x1580 [ 106.186226][ T6095] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 106.186287][ T6095] ? __pfx_down_write+0x10/0x10 [ 106.186313][ T6095] ? mnt_get_write_access+0x20c/0x300 [ 106.186352][ T6095] path_openat+0x893/0x2cb0 [ 106.186411][ T6095] ? __pfx_path_openat+0x10/0x10 [ 106.186458][ T6095] ? __lock_acquire+0xb8a/0x1c90 [ 106.186505][ T6095] do_filp_open+0x20b/0x470 [ 106.186557][ T6095] ? __pfx_do_filp_open+0x10/0x10 [ 106.186631][ T6095] ? alloc_fd+0x471/0x7d0 [ 106.186685][ T6095] do_sys_openat2+0x11b/0x1d0 [ 106.186719][ T6095] ? __pfx_do_sys_openat2+0x10/0x10 [ 106.186770][ T6095] __x64_sys_openat+0x174/0x210 [ 106.186805][ T6095] ? __pfx___x64_sys_openat+0x10/0x10 [ 106.186857][ T6095] do_syscall_64+0xcd/0x490 [ 106.186906][ T6095] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.186935][ T6095] RIP: 0033:0x7fbbe338e929 [ 106.186958][ T6095] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 106.186986][ T6095] RSP: 002b:00007fbbe416b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 106.187013][ T6095] RAX: ffffffffffffffda RBX: 00007fbbe35b6080 RCX: 00007fbbe338e929 [ 106.187031][ T6095] RDX: 0000000000080040 RSI: 0000000000000000 RDI: ffffffffffffff9c [ 106.187049][ T6095] RBP: 00007fbbe3410b39 R08: 0000000000000000 R09: 0000000000000000 [ 106.187066][ T6095] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 106.187083][ T6095] R13: 0000000000000000 R14: 00007fbbe35b6080 R15: 00007ffd4276ece8 [ 106.187122][ T6095] [ 107.139467][ T6089] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 108.312919][ T6121] netlink: 48 bytes leftover after parsing attributes in process `syz.1.38'. [ 108.371862][ T6121] mmap: syz.1.38 (6121) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 109.120354][ T6124] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 109.162982][ T6128] zswap: compressor Ȯ9Qz%;0*lH`Bkjwjӳ<85'.Y[`2Y$`Yvgִq"b%zN[O EiFi(Sh3Kx>ԝRS=kHɟ{?Bbޝ4)> not available [ 109.203975][ T6124] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 109.345526][ T6133] XFS: Clearing xfsstats [ 110.016362][ T6145] syz.3.43 uses obsolete (PF_INET,SOCK_PACKET) [ 111.065660][ T6160] netlink: 'syz.2.47': attribute type 4 has an invalid length. [ 111.085873][ T6160] netlink: 314 bytes leftover after parsing attributes in process `syz.2.47'. [ 118.064240][ T6261] can: request_module (can-proto-0) failed. [ 118.581555][ T6254] FAULT_INJECTION: forcing a failure. [ 118.581555][ T6254] name failslab, interval 1, probability 0, space 0, times 0 [ 118.661203][ T6254] CPU: 1 UID: 0 PID: 6254 Comm: syz.0.66 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) [ 118.661246][ T6254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 118.661268][ T6254] Call Trace: [ 118.661278][ T6254] [ 118.661289][ T6254] dump_stack_lvl+0x16c/0x1f0 [ 118.661344][ T6254] should_fail_ex+0x512/0x640 [ 118.661396][ T6254] ? fs_reclaim_acquire+0xae/0x150 [ 118.661435][ T6254] should_failslab+0xc2/0x120 [ 118.661464][ T6254] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 118.661513][ T6254] ? ima_inode_get+0x120/0x580 [ 118.661563][ T6254] ima_inode_get+0x120/0x580 [ 118.661611][ T6254] process_measurement+0x585/0x23e0 [ 118.661669][ T6254] ? __pfx_process_measurement+0x10/0x10 [ 118.661719][ T6254] ? alloc_empty_file+0x73/0x1e0 [ 118.661750][ T6254] ? hugetlb_file_setup+0x4cd/0x620 [ 118.661780][ T6254] ? ksys_mmap_pgoff+0x189/0x5c0 [ 118.661809][ T6254] ? __x64_sys_mmap+0x125/0x190 [ 118.661904][ T6254] ima_file_mmap+0x1b1/0x1d0 [ 118.661969][ T6254] ? __pfx_ima_file_mmap+0x10/0x10 [ 118.662035][ T6254] security_mmap_file+0x88c/0x990 [ 118.662076][ T6254] vm_mmap_pgoff+0xec/0x450 [ 118.662110][ T6254] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 118.662135][ T6254] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 118.662158][ T6254] ? hugetlbfs_get_inode+0x31f/0x730 [ 118.662186][ T6254] ksys_mmap_pgoff+0x1c8/0x5c0 [ 118.662212][ T6254] __x64_sys_mmap+0x125/0x190 [ 118.662244][ T6254] do_syscall_64+0xcd/0x490 [ 118.662294][ T6254] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.662316][ T6254] RIP: 0033:0x7f47c258e929 [ 118.662333][ T6254] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 118.662377][ T6254] RSP: 002b:00007f47c341b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 118.662399][ T6254] RAX: ffffffffffffffda RBX: 00007f47c27b5fa0 RCX: 00007f47c258e929 [ 118.662412][ T6254] RDX: 00004000000000df RSI: 0000000000000004 RDI: 0000000000000000 [ 118.662424][ T6254] RBP: 00007f47c2610b39 R08: 0000000000000401 R09: 0000300000000000 [ 118.662437][ T6254] R10: 0000000000040eb1 R11: 0000000000000246 R12: 0000000000000000 [ 118.662448][ T6254] R13: 0000000000000000 R14: 00007f47c27b5fa0 R15: 00007ffcce9dac58 [ 118.662473][ T6254] [ 120.122195][ T6297] FAULT_INJECTION: forcing a failure. [ 120.122195][ T6297] name failslab, interval 1, probability 0, space 0, times 0 [ 120.153125][ T6297] CPU: 1 UID: 0 PID: 6297 Comm: syz.3.74 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) [ 120.153176][ T6297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 120.153197][ T6297] Call Trace: [ 120.153208][ T6297] [ 120.153221][ T6297] dump_stack_lvl+0x16c/0x1f0 [ 120.153278][ T6297] should_fail_ex+0x512/0x640 [ 120.153327][ T6297] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 120.153385][ T6297] should_failslab+0xc2/0x120 [ 120.153418][ T6297] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 120.153486][ T6297] ? __d_alloc+0x31/0xaa0 [ 120.153553][ T6297] __d_alloc+0x31/0xaa0 [ 120.153600][ T6297] ? __pfx_rpc_fill_super+0x10/0x10 [ 120.153642][ T6297] d_make_root+0x3e/0x90 [ 120.153668][ T6297] rpc_fill_super+0x272/0x840 [ 120.153708][ T6297] ? sget_fc+0x808/0xc20 [ 120.153748][ T6297] ? __pfx_set_anon_super_fc+0x10/0x10 [ 120.153786][ T6297] ? __pfx_rpc_fill_super+0x10/0x10 [ 120.153828][ T6297] get_tree_keyed+0x10e/0x1d0 [ 120.153901][ T6297] vfs_get_tree+0x8e/0x340 [ 120.153941][ T6297] vfs_cmd_create+0xd7/0x2a0 [ 120.153974][ T6297] __do_sys_fsconfig+0x7b8/0xbe0 [ 120.154010][ T6297] ? __pfx___do_sys_fsconfig+0x10/0x10 [ 120.154066][ T6297] do_syscall_64+0xcd/0x490 [ 120.154121][ T6297] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.154155][ T6297] RIP: 0033:0x7f5ac038e929 [ 120.154183][ T6297] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 120.154215][ T6297] RSP: 002b:00007f5ac1208038 EFLAGS: 00000246 ORIG_RAX: 00000000000001af [ 120.154246][ T6297] RAX: ffffffffffffffda RBX: 00007f5ac05b6160 RCX: 00007f5ac038e929 [ 120.154267][ T6297] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005 [ 120.154285][ T6297] RBP: 00007f5ac0410b39 R08: 0000000000000000 R09: 0000000000000000 [ 120.154304][ T6297] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 120.154323][ T6297] R13: 0000000000000000 R14: 00007f5ac05b6160 R15: 00007ffc073e86c8 [ 120.154366][ T6297] [ 122.564587][ T51] Bluetooth: hci1: SCO packet for unknown connection handle 0 [ 123.029843][ T6336] FAULT_INJECTION: forcing a failure. [ 123.029843][ T6336] name fail_futex, interval 1, probability 0, space 0, times 1 [ 123.126155][ T6336] CPU: 0 UID: 0 PID: 6336 Comm: syz.1.83 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) [ 123.126200][ T6336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 123.126219][ T6336] Call Trace: [ 123.126229][ T6336] [ 123.126241][ T6336] dump_stack_lvl+0x16c/0x1f0 [ 123.126294][ T6336] should_fail_ex+0x512/0x640 [ 123.126348][ T6336] get_futex_key+0x1d0/0x1540 [ 123.126392][ T6336] ? __pfx_get_futex_key+0x10/0x10 [ 123.126436][ T6336] ? __lock_acquire+0xb8a/0x1c90 [ 123.126488][ T6336] futex_wake+0xe7/0x4e0 [ 123.126538][ T6336] ? __pfx_futex_wake+0x10/0x10 [ 123.126599][ T6336] ? __might_fault+0xe3/0x190 [ 123.126643][ T6336] ? __might_fault+0x13b/0x190 [ 123.126698][ T6336] do_futex+0x1e3/0x350 [ 123.126737][ T6336] ? __pfx_do_futex+0x10/0x10 [ 123.126774][ T6336] ? fput+0x70/0xf0 [ 123.126803][ T6336] ? __sys_connect+0xe0/0x160 [ 123.126848][ T6336] __x64_sys_futex+0x1e0/0x4c0 [ 123.126892][ T6336] ? __pfx___x64_sys_futex+0x10/0x10 [ 123.126932][ T6336] ? xfd_validate_state+0x61/0x180 [ 123.126972][ T6336] ? __pfx_ksys_write+0x10/0x10 [ 123.127057][ T6336] do_syscall_64+0xcd/0x490 [ 123.127112][ T6336] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.127149][ T6336] RIP: 0033:0x7fbbe338e929 [ 123.127174][ T6336] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 123.127205][ T6336] RSP: 002b:00007fbbe416b0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 123.127247][ T6336] RAX: ffffffffffffffda RBX: 00007fbbe35b6088 RCX: 00007fbbe338e929 [ 123.127267][ T6336] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fbbe35b608c [ 123.127286][ T6336] RBP: 00007fbbe35b6080 R08: 00007fbbe418d000 R09: 0000000000000000 [ 123.127305][ T6336] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007fbbe35b608c [ 123.127324][ T6336] R13: 0000000000000000 R14: 00007ffd4276ec00 R15: 00007ffd4276ece8 [ 123.127362][ T6336] [ 125.592619][ T6366] netlink: 28 bytes leftover after parsing attributes in process `syz.3.89'. [ 126.553746][ T6385] netlink: 28 bytes leftover after parsing attributes in process `syz.1.94'. [ 128.126876][ T6413] sd 0:0:1:0: PR command failed: 1026 [ 128.142943][ T6413] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 128.170156][ T6413] sd 0:0:1:0: Add. Sense: Invalid command operation code syzkaller syzkaller login: [ 131.029567][ T6457] netlink: 28 bytes leftover after parsing attributes in process `syz.1.110'. [ 131.117150][ T6458] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 131.222344][ T6457] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 131.222387][ T6457] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 131.223994][ T6457] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 131.224024][ T6457] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 131.425004][ T6449] tty tty48: ldisc open failed (-12), clearing slot 47 [ 131.476522][ T6445] tty tty48: ldisc open failed (-12), clearing slot 47 [ 132.139889][ T6481] random: crng reseeded on system resumption [ 134.680681][ T6520] tty tty34: ldisc open failed (-12), clearing slot 33 [ 136.897677][ T30] audit: type=1800 audit(6047213563.544:2): pid=6553 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.129" name="lu_gp_id" dev="configfs" ino=9975 res=0 errno=0 [ 137.545214][ T6572] FAULT_INJECTION: forcing a failure. [ 137.545214][ T6572] name fail_futex, interval 1, probability 0, space 0, times 0 [ 137.558655][ T6572] CPU: 0 UID: 0 PID: 6572 Comm: syz.0.133 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) [ 137.558688][ T6572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 137.558702][ T6572] Call Trace: [ 137.558709][ T6572] [ 137.558717][ T6572] dump_stack_lvl+0x16c/0x1f0 [ 137.558757][ T6572] should_fail_ex+0x512/0x640 [ 137.558796][ T6572] get_futex_key+0x1d0/0x1540 [ 137.558827][ T6572] ? __pfx_get_futex_key+0x10/0x10 [ 137.558865][ T6572] futex_wake+0xe7/0x4e0 [ 137.558901][ T6572] ? __pfx_futex_wake+0x10/0x10 [ 137.558938][ T6572] ? lockdep_hardirqs_on+0x7c/0x110 [ 137.558981][ T6572] do_futex+0x1e3/0x350 [ 137.559010][ T6572] ? __pfx_do_futex+0x10/0x10 [ 137.559038][ T6572] ? putname+0x154/0x1a0 [ 137.559061][ T6572] ? do_unlinkat+0x159/0x6a0 [ 137.559100][ T6572] __x64_sys_futex+0x1e0/0x4c0 [ 137.559133][ T6572] ? __pfx___x64_sys_futex+0x10/0x10 [ 137.559166][ T6572] ? getname_flags.part.0+0x1c5/0x550 [ 137.559206][ T6572] do_syscall_64+0xcd/0x490 [ 137.559245][ T6572] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 137.559269][ T6572] RIP: 0033:0x7f47c258e929 [ 137.559286][ T6572] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 137.559318][ T6572] RSP: 002b:00007f47c341b0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 137.559349][ T6572] RAX: ffffffffffffffda RBX: 00007f47c27b5fa8 RCX: 00007f47c258e929 [ 137.559371][ T6572] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f47c27b5fac [ 137.559392][ T6572] RBP: 00007f47c27b5fa0 R08: 00007f47c341c000 R09: 0000000000000000 [ 137.559411][ T6572] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f47c27b5fac [ 137.559425][ T6572] R13: 0000000000000000 R14: 00007ffcce9dab70 R15: 00007ffcce9dac58 [ 137.559454][ T6572] [ 137.838349][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 137.845733][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 139.583194][ T6596] FAULT_INJECTION: forcing a failure. [ 139.583194][ T6596] name failslab, interval 1, probability 0, space 0, times 0 [ 139.583232][ T6596] CPU: 1 UID: 0 PID: 6596 Comm: syz.1.138 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) [ 139.583257][ T6596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 139.583268][ T6596] Call Trace: [ 139.583274][ T6596] [ 139.583282][ T6596] dump_stack_lvl+0x16c/0x1f0 [ 139.583315][ T6596] should_fail_ex+0x512/0x640 [ 139.583345][ T6596] ? fs_reclaim_acquire+0xae/0x150 [ 139.583370][ T6596] ? tomoyo_encode2+0x100/0x3e0 [ 139.583396][ T6596] should_failslab+0xc2/0x120 [ 139.583415][ T6596] __kmalloc_noprof+0xd2/0x510 [ 139.583445][ T6596] ? d_absolute_path+0x136/0x1a0 [ 139.583469][ T6596] tomoyo_encode2+0x100/0x3e0 [ 139.583500][ T6596] tomoyo_encode+0x29/0x50 [ 139.583526][ T6596] tomoyo_realpath_from_path+0x18f/0x6e0 [ 139.583561][ T6596] tomoyo_check_open_permission+0x2ab/0x3c0 [ 139.583587][ T6596] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 139.583636][ T6596] ? do_raw_spin_lock+0x12c/0x2b0 [ 139.583675][ T6596] tomoyo_file_open+0x6b/0x90 [ 139.583708][ T6596] security_file_open+0x84/0x1e0 [ 139.583735][ T6596] do_dentry_open+0x596/0x1c10 [ 139.583772][ T6596] vfs_open+0x82/0x3f0 [ 139.583800][ T6596] path_openat+0x1de4/0x2cb0 [ 139.583873][ T6596] ? __pfx_path_openat+0x10/0x10 [ 139.583926][ T6596] ? __lock_acquire+0xb8a/0x1c90 [ 139.583977][ T6596] do_filp_open+0x20b/0x470 [ 139.584028][ T6596] ? __pfx_do_filp_open+0x10/0x10 [ 139.584126][ T6596] ? alloc_fd+0x471/0x7d0 [ 139.584187][ T6596] do_sys_openat2+0x11b/0x1d0 [ 139.584225][ T6596] ? __pfx_do_sys_openat2+0x10/0x10 [ 139.584282][ T6596] __x64_sys_openat+0x174/0x210 [ 139.584322][ T6596] ? __pfx___x64_sys_openat+0x10/0x10 [ 139.584381][ T6596] do_syscall_64+0xcd/0x490 [ 139.584436][ T6596] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 139.584470][ T6596] RIP: 0033:0x7fbbe338e929 [ 139.584495][ T6596] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 139.584527][ T6596] RSP: 002b:00007fbbe418c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 139.584558][ T6596] RAX: ffffffffffffffda RBX: 00007fbbe35b5fa0 RCX: 00007fbbe338e929 [ 139.584580][ T6596] RDX: 000000000010b000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 139.584601][ T6596] RBP: 00007fbbe3410b39 R08: 0000000000000000 R09: 0000000000000000 [ 139.584621][ T6596] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 139.584640][ T6596] R13: 0000000000000000 R14: 00007fbbe35b5fa0 R15: 00007ffd4276ece8 [ 139.584681][ T6596] [ 139.585377][ T6596] ERROR: Out of memory at tomoyo_realpath_from_path. [ 139.840312][ T6600] FAULT_INJECTION: forcing a failure. [ 139.840312][ T6600] name failslab, interval 1, probability 0, space 0, times 0 [ 139.840351][ T6600] CPU: 0 UID: 0 PID: 6600 Comm: syz.2.139 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) [ 139.840385][ T6600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 139.840400][ T6600] Call Trace: [ 139.840408][ T6600] [ 139.840418][ T6600] dump_stack_lvl+0x16c/0x1f0 [ 139.840464][ T6600] should_fail_ex+0x512/0x640 [ 139.840505][ T6600] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 139.840550][ T6600] should_failslab+0xc2/0x120 [ 139.840576][ T6600] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 139.840619][ T6600] ? getname_flags.part.0+0x4c/0x550 [ 139.840657][ T6600] getname_flags.part.0+0x4c/0x550 [ 139.840693][ T6600] getname_flags+0x93/0xf0 [ 139.840730][ T6600] do_sys_openat2+0xb8/0x1d0 [ 139.840761][ T6600] ? __pfx_do_sys_openat2+0x10/0x10 [ 139.840806][ T6600] __x64_sys_openat+0x174/0x210 [ 139.840838][ T6600] ? __pfx___x64_sys_openat+0x10/0x10 [ 139.840886][ T6600] do_syscall_64+0xcd/0x490 [ 139.840931][ T6600] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 139.840959][ T6600] RIP: 0033:0x7f97e5f8d290 [ 139.840979][ T6600] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 139.841005][ T6600] RSP: 002b:00007f97e6d4bf10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 139.841035][ T6600] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f97e5f8d290 [ 139.841052][ T6600] RDX: 0000000000000002 RSI: 00007f97e6d4bfa0 RDI: 00000000ffffff9c [ 139.841070][ T6600] RBP: 00007f97e6d4bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 139.841087][ T6600] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 139.841099][ T6600] R13: 0000000000000000 R14: 00007f97e61b5fa0 R15: 00007ffd99fdb798 [ 139.841123][ T6600] [ 140.627337][ T6613] ima: policy update failed [ 140.669700][ T30] audit: type=1802 audit(6047213567.284:3): pid=6613 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.142" res=0 errno=0 [ 141.303595][ T6622] netlink: 28 bytes leftover after parsing attributes in process `syz.3.144'. [ 141.320926][ T6622] ipvlan1: entered allmulticast mode [ 141.340938][ T6622] veth0_vlan: entered allmulticast mode [ 141.429641][ T6622] netlink: 28 bytes leftover after parsing attributes in process `syz.3.144'. [ 141.647470][ T6628] ubi0: attaching mtd0 [ 141.670123][ T6628] ubi0: scanning is finished [ 141.674798][ T6628] ubi0: empty MTD device detected [ 141.750999][ T5930] smpboot: CPU 1 is now offline [ 142.019829][ T6628] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 142.079557][ T6628] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 142.087891][ T6638] netlink: 4 bytes leftover after parsing attributes in process `syz.3.148'. [ 142.142574][ T6628] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 142.180722][ T6628] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 142.228134][ T6628] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 142.262120][ T6628] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 142.313838][ T6643] netlink: 25 bytes leftover after parsing attributes in process `syz.3.148'. [ 142.329123][ T6628] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 3151861890 [ 142.392688][ T6628] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 142.523341][ T6637] ubi0: background thread "ubi_bgt0d" started, PID 6637 [ 143.161094][ T6657] netlink: 28 bytes leftover after parsing attributes in process `syz.2.152'. [ 143.875544][ T30] audit: type=1800 audit(6047213570.534:4): pid=6670 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.155" name="members" dev="configfs" ino=10480 res=0 errno=0 [ 144.216255][ T6633] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 144.282014][ T6676] netlink: 8 bytes leftover after parsing attributes in process `syz.2.157'. [ 144.902283][ T6682] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !PjE r҄y*"l-y– [ 145.300055][ T6690] ICMPv6: process `syz.2.161' is using deprecated sysctl (syscall) net.ipv6.neigh.wg1.retrans_time - use net.ipv6.neigh.wg1.retrans_time_ms instead [ 148.336642][ T6729] kexec: Could not allocate control_code_buffer [ 150.476565][ T6765] netlink: 28 bytes leftover after parsing attributes in process `syz.1.176'. [ 151.103315][ T6770] kmem.tcp.limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 151.905135][ T6799] netlink: 334 bytes leftover after parsing attributes in process `syz.0.184'. [ 152.013110][ T6789] could not allocate digest TFM handle [ 152.820572][ T6814] batman_adv: Routing algorithm '' is not supported [ 153.406236][ T6824] bridge0: port 3(vlan1) entered blocking state [ 153.494748][ T6824] bridge0: port 3(vlan1) entered disabled state [ 153.576970][ T6824] vlan1: entered allmulticast mode [ 153.637960][ T6824] veth0_vlan: entered allmulticast mode [ 153.647539][ T6827] nbd: couldn't find device at index 33904 [ 153.697261][ T6824] vlan1: entered promiscuous mode [ 153.763450][ T6824] bridge0: port 3(vlan1) entered blocking state [ 153.769999][ T6824] bridge0: port 3(vlan1) entered forwarding state [ 154.546974][ T6838] nfs4: Unknown parameter '@' [ 155.230465][ T6843] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 155.237126][ T6843] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 155.310018][ T6843] dyndbg: bad flag-op P, at start of PU.:[ [ 155.336722][ T6843] dyndbg: flags parse failed [ 156.306083][ T6846] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 156.335900][ T6846] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 156.421475][ T6846] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 156.486166][ T6846] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 156.506056][ T6846] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 156.556749][ T6846] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 156.629352][ T6846] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 156.669118][ T6846] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 156.726438][ T6846] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 156.850069][ T6846] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 156.856071][ T6846] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 156.931630][ T6846] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 157.798108][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 158.524788][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 158.678275][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 158.927177][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 159.879250][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 159.920304][ T6925] [ 159.922664][ T6925] ====================================================== [ 159.929675][ T6925] WARNING: possible circular locking dependency detected [ 159.936691][ T6925] 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 Not tainted [ 159.943794][ T6925] ------------------------------------------------------ [ 159.950820][ T6925] syz.2.212/6925 is trying to acquire lock: [ 159.956704][ T6925] ffff8880266eca58 (&q->elevator_lock){+.+.}-{4:4}, at: queue_requests_store+0x1c7/0x310 [ 159.966554][ T6925] [ 159.966554][ T6925] but task is already holding lock: [ 159.973930][ T6925] ffff8880266ec520 (&q->q_usage_counter(io)#59){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 159.985193][ T6925] [ 159.985193][ T6925] which lock already depends on the new lock. [ 159.985193][ T6925] [ 159.995591][ T6925] [ 159.995591][ T6925] the existing dependency chain (in reverse order) is: [ 160.004602][ T6925] [ 160.004602][ T6925] -> #3 (&q->q_usage_counter(io)#59){++++}-{0:0}: [ 160.013227][ T6925] blk_alloc_queue+0x619/0x760 [ 160.018525][ T6925] blk_mq_alloc_queue+0x175/0x290 [ 160.024097][ T6925] __blk_mq_alloc_disk+0x29/0x120 [ 160.029679][ T6925] nbd_dev_add+0x4a0/0xbc0 [ 160.034730][ T6925] nbd_init+0x181/0x320 [ 160.039425][ T6925] do_one_initcall+0x120/0x6e0 [ 160.044724][ T6925] kernel_init_freeable+0x5c2/0x900 [ 160.050468][ T6925] kernel_init+0x1c/0x2b0 [ 160.055343][ T6925] ret_from_fork+0x5d7/0x6f0 [ 160.060473][ T6925] ret_from_fork_asm+0x1a/0x30 [ 160.065770][ T6925] [ 160.065770][ T6925] -> #2 (fs_reclaim){+.+.}-{0:0}: [ 160.072995][ T6925] fs_reclaim_acquire+0x102/0x150 [ 160.078547][ T6925] prepare_alloc_pages+0x162/0x610 [ 160.084200][ T6925] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 160.090670][ T6925] __alloc_pages_noprof+0xb/0x1b0 [ 160.096228][ T6925] pcpu_populate_chunk+0x110/0xb00 [ 160.101876][ T6925] pcpu_alloc_noprof+0x86a/0x1470 [ 160.107427][ T6925] xt_percpu_counter_alloc+0x13e/0x1b0 [ 160.113419][ T6925] find_check_entry.constprop.0+0xbf/0xa20 [ 160.119749][ T6925] translate_table+0xd0b/0x17b0 [ 160.125143][ T6925] ip6t_register_table+0x102/0x430 [ 160.130800][ T6925] ip6table_raw_table_init+0x63/0x90 [ 160.136611][ T6925] xt_find_table_lock+0x2e1/0x520 [ 160.142165][ T6925] xt_request_find_table_lock+0x28/0xf0 [ 160.148244][ T6925] get_info+0x190/0x620 [ 160.152939][ T6925] do_ip6t_get_ctl+0x169/0xa50 [ 160.158228][ T6925] nf_getsockopt+0x7c/0xe0 [ 160.163179][ T6925] ipv6_getsockopt+0x1f7/0x280 [ 160.168462][ T6925] tcp_getsockopt+0x9e/0x100 [ 160.173585][ T6925] do_sock_getsockopt+0x3fc/0x800 [ 160.179137][ T6925] __sys_getsockopt+0x123/0x1b0 [ 160.184537][ T6925] __x64_sys_getsockopt+0xbd/0x160 [ 160.190203][ T6925] do_syscall_64+0xcd/0x490 [ 160.195261][ T6925] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 160.201689][ T6925] [ 160.201689][ T6925] -> #1 (pcpu_alloc_mutex){+.+.}-{4:4}: [ 160.209442][ T6925] __mutex_lock+0x199/0xb90 [ 160.214494][ T6925] pcpu_alloc_noprof+0xb4c/0x1470 [ 160.220060][ T6925] sbitmap_init_node+0x2fd/0x770 [ 160.225522][ T6925] sbitmap_queue_init_node+0x41/0x560 [ 160.231418][ T6925] blk_mq_init_tags+0x12d/0x2b0 [ 160.236803][ T6925] blk_mq_alloc_map_and_rqs+0x237/0xf60 [ 160.242919][ T6925] blk_mq_init_sched+0x30c/0x610 [ 160.248392][ T6925] elevator_switch+0x1e1/0x7f0 [ 160.253690][ T6925] elevator_change+0x2ac/0x400 [ 160.258984][ T6925] elevator_set_default+0x292/0x320 [ 160.264722][ T6925] blk_register_queue+0x393/0x4f0 [ 160.270302][ T6925] __add_disk+0x74a/0xf00 [ 160.275177][ T6925] add_disk_fwnode+0x13f/0x5d0 [ 160.280473][ T6925] nbd_dev_add+0x791/0xbc0 [ 160.285424][ T6925] nbd_init+0x181/0x320 [ 160.290112][ T6925] do_one_initcall+0x120/0x6e0 [ 160.295407][ T6925] kernel_init_freeable+0x5c2/0x900 [ 160.301136][ T6925] kernel_init+0x1c/0x2b0 [ 160.306006][ T6925] ret_from_fork+0x5d7/0x6f0 [ 160.311129][ T6925] ret_from_fork_asm+0x1a/0x30 [ 160.316417][ T6925] [ 160.316417][ T6925] -> #0 (&q->elevator_lock){+.+.}-{4:4}: [ 160.324244][ T6925] __lock_acquire+0x126f/0x1c90 [ 160.329641][ T6925] lock_acquire+0x179/0x350 [ 160.334690][ T6925] __mutex_lock+0x199/0xb90 [ 160.339733][ T6925] queue_requests_store+0x1c7/0x310 [ 160.345461][ T6925] queue_attr_store+0x276/0x320 [ 160.350843][ T6925] sysfs_kf_write+0xef/0x150 [ 160.355984][ T6925] kernfs_fop_write_iter+0x354/0x510 [ 160.361788][ T6925] iter_file_splice_write+0x91f/0x1150 [ 160.367775][ T6925] direct_splice_actor+0x192/0x6c0 [ 160.373410][ T6925] splice_direct_to_actor+0x342/0xa30 [ 160.379310][ T6925] do_splice_direct+0x174/0x240 [ 160.384689][ T6925] do_sendfile+0xb06/0xe50 [ 160.389642][ T6925] __x64_sys_sendfile64+0x1d8/0x220 [ 160.395366][ T6925] do_syscall_64+0xcd/0x490 [ 160.400399][ T6925] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 160.406813][ T6925] [ 160.406813][ T6925] other info that might help us debug this: [ 160.406813][ T6925] [ 160.417034][ T6925] Chain exists of: [ 160.417034][ T6925] &q->elevator_lock --> fs_reclaim --> &q->q_usage_counter(io)#59 [ 160.417034][ T6925] [ 160.430789][ T6925] Possible unsafe locking scenario: [ 160.430789][ T6925] [ 160.438232][ T6925] CPU0 CPU1 [ 160.443596][ T6925] ---- ---- [ 160.448955][ T6925] lock(&q->q_usage_counter(io)#59); [ 160.454340][ T6925] lock(fs_reclaim); [ 160.460847][ T6925] lock(&q->q_usage_counter(io)#59); [ 160.468746][ T6925] lock(&q->elevator_lock); [ 160.473342][ T6925] [ 160.473342][ T6925] *** DEADLOCK *** [ 160.473342][ T6925] [ 160.481480][ T6925] 5 locks held by syz.2.212/6925: [ 160.486516][ T6925] #0: ffff888031b2c428 (sb_writers#7){.+.+}-{0:0}, at: splice_direct_to_actor+0x342/0xa30 [ 160.496551][ T6925] #1: ffff88805e192888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 [ 160.506310][ T6925] #2: ffff8880269c1788 (kn->active#111){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 [ 160.516430][ T6925] #3: ffff8880266ec520 (&q->q_usage_counter(io)#59){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 160.528106][ T6925] #4: ffff8880266ec558 (&q->q_usage_counter(queue)#11){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 160.540045][ T6925] [ 160.540045][ T6925] stack backtrace: [ 160.545932][ T6925] CPU: 0 UID: 0 PID: 6925 Comm: syz.2.212 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) [ 160.545959][ T6925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 160.545972][ T6925] Call Trace: [ 160.545980][ T6925] [ 160.545989][ T6925] dump_stack_lvl+0x116/0x1f0 [ 160.546021][ T6925] print_circular_bug+0x275/0x350 [ 160.546051][ T6925] check_noncircular+0x14c/0x170 [ 160.546082][ T6925] __lock_acquire+0x126f/0x1c90 [ 160.546113][ T6925] ? __lock_acquire+0xb8a/0x1c90 [ 160.546142][ T6925] lock_acquire+0x179/0x350 [ 160.546170][ T6925] ? queue_requests_store+0x1c7/0x310 [ 160.546206][ T6925] ? __pfx___might_resched+0x10/0x10 [ 160.546237][ T6925] ? do_raw_spin_lock+0x12c/0x2b0 [ 160.546273][ T6925] __mutex_lock+0x199/0xb90 [ 160.546304][ T6925] ? queue_requests_store+0x1c7/0x310 [ 160.546339][ T6925] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 160.546368][ T6925] ? queue_requests_store+0x1c7/0x310 [ 160.546401][ T6925] ? lockdep_hardirqs_on+0x7c/0x110 [ 160.546431][ T6925] ? __pfx___mutex_lock+0x10/0x10 [ 160.546466][ T6925] ? __pfx_autoremove_wake_function+0x10/0x10 [ 160.546497][ T6925] ? queue_requests_store+0x1c7/0x310 [ 160.546530][ T6925] queue_requests_store+0x1c7/0x310 [ 160.546565][ T6925] ? __pfx_queue_requests_store+0x10/0x10 [ 160.546601][ T6925] ? __mutex_trylock_common+0xe9/0x250 [ 160.546632][ T6925] ? __pfx_queue_requests_store+0x10/0x10 [ 160.546667][ T6925] queue_attr_store+0x276/0x320 [ 160.546700][ T6925] ? __pfx_queue_attr_store+0x10/0x10 [ 160.546731][ T6925] ? __lock_acquire+0x622/0x1c90 [ 160.546765][ T6925] ? find_held_lock+0x2b/0x80 [ 160.546786][ T6925] ? sysfs_file_kobj+0xe4/0x290 [ 160.546812][ T6925] ? __pfx_queue_attr_store+0x10/0x10 [ 160.546845][ T6925] sysfs_kf_write+0xef/0x150 [ 160.546870][ T6925] kernfs_fop_write_iter+0x354/0x510 [ 160.546891][ T6925] ? __pfx_sysfs_kf_write+0x10/0x10 [ 160.546917][ T6925] iter_file_splice_write+0x91f/0x1150 [ 160.546953][ T6925] ? __pfx_iter_file_splice_write+0x10/0x10 [ 160.546984][ T6925] ? __pfx_copy_splice_read+0x10/0x10 [ 160.547017][ T6925] ? __pfx_iter_file_splice_write+0x10/0x10 [ 160.547047][ T6925] direct_splice_actor+0x192/0x6c0 [ 160.547076][ T6925] splice_direct_to_actor+0x342/0xa30 [ 160.547104][ T6925] ? __pfx_direct_splice_actor+0x10/0x10 [ 160.547134][ T6925] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 160.547166][ T6925] do_splice_direct+0x174/0x240 [ 160.547192][ T6925] ? __pfx_do_splice_direct+0x10/0x10 [ 160.547219][ T6925] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 160.547253][ T6925] ? rw_verify_area+0xcf/0x680 [ 160.547280][ T6925] do_sendfile+0xb06/0xe50 [ 160.547311][ T6925] ? __pfx_do_sendfile+0x10/0x10 [ 160.547338][ T6925] ? handle_mm_fault+0x2ab/0xd10 [ 160.547367][ T6925] ? __x64_sys_futex+0x1e0/0x4c0 [ 160.547393][ T6925] ? __x64_sys_futex+0x1e9/0x4c0 [ 160.547419][ T6925] __x64_sys_sendfile64+0x1d8/0x220 [ 160.547440][ T6925] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 160.547464][ T6925] do_syscall_64+0xcd/0x490 [ 160.547497][ T6925] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 160.547518][ T6925] RIP: 0033:0x7f97e5f8e929 [ 160.547535][ T6925] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 160.547555][ T6925] RSP: 002b:00007f97e6d4c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 160.547574][ T6925] RAX: ffffffffffffffda RBX: 00007f97e61b5fa0 RCX: 00007f97e5f8e929 [ 160.547587][ T6925] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 160.547600][ T6925] RBP: 00007f97e6010b39 R08: 0000000000000000 R09: 0000000000000000 [ 160.547612][ T6925] R10: 0000000000000200 R11: 0000000000000246 R12: 0000000000000000 [ 160.547625][ T6925] R13: 0000000000000000 R14: 00007f97e61b5fa0 R15: 00007ffd99fdb798 [ 160.547644][ T6925] [ 161.647132][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 161.656921][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 161.663068][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 162.066262][ T5168] Bluetooth: hci0: command 0x0c1a tx timeout [ 163.718280][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 163.724345][ T5851] Bluetooth: hci1: command 0x0c1a tx timeout [ 163.730384][ T5168] Bluetooth: hci3: command 0x0c1a tx timeout