last executing test programs: 27.001119852s ago: executing program 1 (id=525): sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25030000000800030004020000060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a0001000000000000000000060007000100000008000200", @ANYRES32=0x0, @ANYBLOB="04001a"], 0x68}, 0x1, 0x0, 0x0, 0x4044080}, 0x40090) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) iopl$auto(0x3) io_uring_setup$auto(0x4c2, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) openat$auto_snapshot_fops_user(0xffffffffffffff9c, 0x0, 0x184a01, 0x0) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/ip6_vti0/stable_secret\x00', 0x2, 0x0) pwrite64$auto(r0, 0x0, 0x1, 0x27) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x0, 0xc, 0x5) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x80, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/platform/dummy_hcd.3/usb4/ep_00/uevent\x00', 0xa001, 0x0) write$auto(r1, &(0x7f0000000040)=' ', 0x4) openat$auto_kmsg_fops_printk(0xffffffffffffff9c, 0x0, 0x22a080, 0x0) read$auto_proc_single_file_operations_base(0xffffffffffffffff, 0x0, 0x0) setreuid$auto(0x9, 0x1) socket(0x2c, 0x80003, 0x0) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) mmap$auto(0x1, 0x400008, 0xe0, 0x14, 0x2, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/asound/pcm\x00', 0x40302, 0x0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop6\x00', 0x0, 0x0) ioctl$auto_SG_GET_RESERVED_SIZE(r2, 0x4c00, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000100), 0x480c82, 0x0) 22.251567487s ago: executing program 1 (id=541): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c80"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0x280, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/v4l-subdev0\x00', 0x0, 0x0) io_uring_setup$auto(0x6, 0x0) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0xc0000, 0x0) ioctl$auto(r1, 0xc0184d03, r1) fanotify_init$auto(0x602, 0x1) setsockopt$auto(0x3, 0x6, 0x4, 0x0, 0xfb3) io_uring_register$auto_IORING_UNREGISTER_PERSONALITY(r0, 0xa, &(0x7f0000000000)="8b06e6ead7463ae2c79e93ef1399bd1cf939", 0x68) mmap$auto(0x400000001, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x40009, 0xdd, 0x9b72, 0x7, 0x28000) r2 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0) ioctl$auto_TUNSETVNETBE2(r2, 0x400454de, &(0x7f0000000040)=0x8000) r3 = socket(0x25, 0x800, 0x0) setsockopt$auto(r3, 0x114, 0x8, 0x0, 0x4) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socket(0x10, 0x2, 0x4) r4 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r4, 0x107, 0x12, 0x0, 0x4) io_uring_setup$auto(0x4bf15e08, &(0x7f0000000000)={0x401, 0x8, 0xfe, 0x6fb3, 0x8a, 0x9, 0xffffffffffffffff, [0x100, 0x9, 0x7f], {0x2, 0x7, 0x3032, 0xe, 0xf, 0x5, 0x5, 0xfffffff9, 0xf08a2b3}, {0x0, 0xfc, 0x6, 0xffffffff, 0x0, 0x5, 0x9, 0x837}}) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'dummy0\x00'}) syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/cgroup\x00') sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000740), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'syz_tun\x00'}) 16.499839375s ago: executing program 1 (id=549): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000001040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x5c, r1, 0x1, 0x70bd25, 0x25dfdbf7, {0x1, 0x0, 0x3f00}, [@L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x58}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x8}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x8}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @loopback}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @ipv4={'\x00', '\xff\xff', @broadcast}}]}, 0x5c}, 0x1, 0xc0fe, 0x0, 0x44000}, 0x0) 12.851538414s ago: executing program 0 (id=558): socket(0xa, 0x3, 0x87) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "00800000ffefffffff0200000001"}, 0x55) setsockopt$auto(0x400000000000003, 0x29, 0x6, 0x0, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC2\x00', 0x0, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x6) unshare$auto(0x40000080) unshare$auto(0x9) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) socket(0x1e, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x80fb1, 0xffffffff, 0x9b72, 0xffffffffffffffff, 0x8000) io_setup$auto(0x618, 0x0) socket(0x1, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_CREATE_VM(r1, 0xc080aebe, 0x0) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000010c0)='/sys/devices/system/cpu/cpu0/topology/die_id\x00', 0x8ad00, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f00000000c0)=""/4096, 0x1000) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket(0x11, 0x3, 0x9) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) clock_adjtime$auto(0x1, &(0x7f0000000280)={0xfff, 0x0, 0xf, 0x40003, 0x7, 0x4, 0x8227, 0x0, 0x2, 0x0, 0x8, {0x7, 0x800}, 0x101, 0xf6, 0xa, 0xd3, 0x0, 0x1, 0x7, 0x6, 0xa9, 0x4, 0xffffffff}) r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/afs/sysname\x00', 0x80002, 0x0) writev$auto(r4, &(0x7f0000000240)={0x0, 0x9}, 0xb) 12.820920868s ago: executing program 1 (id=559): memfd_secret$auto(0x0) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000003b40)={'xfrm0\x00'}) r1 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002f00), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_LISTENER_SET(r3, &(0x7f0000005380)={0x0, 0x0, &(0x7f0000005340)={&(0x7f0000000180)={0x14, r4, 0x1, 0x870bd2b, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x700000000000000, 0x200000c1}, 0x20000000) sendmsg$auto_NFSD_CMD_LISTENER_SET(r2, &(0x7f0000005380)={0x0, 0x0, &(0x7f0000005340)={&(0x7f0000000100)={0x14, r4, 0x1, 0x870bd2b, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x4014}, 0x20000000) io_uring_setup$auto(0x6, 0x0) socket(0x2, 0x80002, 0x73) setsockopt$auto(0x3, 0x0, 0x1a, 0x0, 0x28) read$auto(r1, &(0x7f0000000040)='nl80211\x00', 0xbe62) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) 7.440200302s ago: executing program 0 (id=566): memfd_secret$auto(0x0) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000003b40)={'xfrm0\x00'}) r1 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002f00), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_LISTENER_SET(r3, &(0x7f0000005380)={0x0, 0x0, &(0x7f0000005340)={&(0x7f0000000180)={0x14, r4, 0x1, 0x870bd2b, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x2f00000000000000, 0x200000c1}, 0x20000000) sendmsg$auto_NFSD_CMD_LISTENER_SET(r2, &(0x7f0000005380)={0x0, 0x0, &(0x7f0000005340)={&(0x7f0000000100)={0x14, r4, 0x1, 0x870bd2b, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x4014}, 0x20000000) io_uring_setup$auto(0x6, 0x0) socket(0x2, 0x80002, 0x73) setsockopt$auto(0x3, 0x0, 0x1a, 0x0, 0x28) read$auto(r1, &(0x7f0000000040)='nl80211\x00', 0xbe62) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) 7.314464858s ago: executing program 2 (id=567): r0 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x1, 0x0) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001340), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r1, &(0x7f0000001400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002bbd7000fcdbdf25040000000400100008000cf1edfba1d1e45aea61b8f7020700000002681af944a5465101930e1f4b991ef2f10f485ddf80e07251de39066555baed365ef307143959554d"], 0x20}, 0x1, 0x0, 0x0, 0x24040000}, 0x18800) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x112, r0, 0x8000) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) (async) madvise$auto(0x0, 0xffffffffffff0001, 0x15) close_range$auto(r0, 0x8, 0x0) (async) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r1) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000002c0)={&(0x7f0000000400)={0x30, r3, 0x704, 0x70bd26, 0x25dfdbfd, {}, [@NL80211_ATTR_SAE_PASSWORD={0x12, 0x115, "ebdeaa83c79c7b73e04df5ebc3ce"}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x20080040}, 0x24000810) (async, rerun: 32) brk$auto(0xffffffffffffff66) (rerun: 32) write$auto_tty_fops_tty_io(0xffffffffffffffff, &(0x7f0000000300)="352c8efa618c0bcf83a4ebdb278754e15f334a572cad539da201096bbbc2ce7db19c429be7137d848ef31b38b0b3c7da1c61fef8e0e24e400f96eb989b4f68220f90f3df243e352f17abbc44e0cfececd72dc611200c0fc4cb84d1fc175dc31b38e002c53627c31e0f3a31c079ae368fd33dfdfc97f40f7f", 0x78) (async) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000200), 0x100000, 0x0) (async) close_range$auto(0x2, 0xa, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) (async, rerun: 32) ioctl$auto(0x3, 0xae60, 0x10000000000402) (async, rerun: 32) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) (async) socket(0x1e, 0x4, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) syslog$auto(0x3, 0x0, 0xda) 6.952966628s ago: executing program 1 (id=569): syz_open_procfs$namespace(0xffffffffffffffff, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_generic(0xffffffffffffff9c, 0x0, 0x101000, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0xa, 0x11, 0x401bf, 0x7352, 0x43, 0xad, 0x1ffde, 0x7, 0x3, 0x2, 0x9, 0x9, 0x5, 0x4, 0x3000, 0x200, 0x6, 0x10003, 0x83, 0x800000004, 0x0, 0x7, 0x1ffc, 0x203, 0x400, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x1fe, 0xd) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) r0 = socket(0x10, 0x2, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/cgroup.max.descendants\x00', 0x22022, 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 6.265161728s ago: executing program 2 (id=570): r0 = socket(0x2a, 0x2, 0x1) connect$auto(r0, &(0x7f00000000c0)=@qipcrtr={0x2a, 0xffffffff, 0x4001}, 0x55) r1 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) ioctl$auto_USBDEVFS_CONTROL(r1, 0xc0185500, &(0x7f00000001c0)={0x80, 0x6, 0x2fd, 0x1, 0x3, 0x0, &(0x7f0000000040)}) write$auto(0x3, 0x0, 0x3f00) r2 = socket(0x2, 0x1, 0x106) getsockopt$auto(r2, 0x0, 0x8000833, 0xfffffffffffffffe, 0x0) r3 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cec18\x00', 0x900, 0x0) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r3, 0xc05c6104, &(0x7f0000000040)={"fda25684", 0xefff, 0x6, 0x3, 0x9b4, 0x9, "c625aa3f222ce10e00", '\x00', "0400e6ad", '\x00', ["22dfffffffefffff480400", "f8ffffffffffffff00e10001", "b06f8ca10c66eebcbd6f17c8", "5fe10eedab2c4b353c392a92"]}) 5.888310634s ago: executing program 0 (id=572): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) fstat$auto(0x2, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x89fc, &(0x7f0000000040)={'bridge0\x00'}) uname$auto(0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x8, 0x8000) close_range$auto(0x0, 0x5, 0x0) r1 = pipe$auto(0x0) writev$auto(0x1, &(0x7f0000000100)={0x0, 0x400000040000fdef}, 0x1) (async) writev$auto(0x1, &(0x7f0000000100)={0x0, 0x400000040000fdef}, 0x1) pipe$auto(0x0) (async) r2 = pipe$auto(0x0) r3 = syz_genetlink_get_family_id$auto_batadv(&(0x7f00000000c0), r2) sendmsg$auto_BATADV_CMD_SET_MESH(r1, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, r3, 0x2, 0x70bd28, 0x25dfdbfd, {}, [@BATADV_ATTR_TT_TTVN={0x5, 0x11, 0x1}]}, 0x1c}}, 0xc001) write$auto(0x3, 0x0, 0x2) (async) write$auto(0x3, 0x0, 0x2) tee$auto(0x2000000000000, 0x3, 0x1c79d797, 0xa) socket(0x28, 0x1, 0x0) (async) r4 = socket(0x28, 0x1, 0x0) getsockopt$auto(r4, 0x28, 0x1, 0x0, 0x0) (async) getsockopt$auto(r4, 0x28, 0x1, 0x0, 0x0) openat$auto_dvb_dvr_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0) 5.844767499s ago: executing program 2 (id=573): mmap$auto(0x0, 0x400008, 0xdf, 0xf1, 0x2, 0x8000) landlock_restrict_self$auto(0xffffffffffffffff, 0x2) socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb5, 0x401, 0x300000000000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000440), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'veth1_to_bond\x00', 0x0}) sendmsg$auto_NETDEV_CMD_QUEUE_GET(r0, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f00000015c0)={0x24, r1, 0x1, 0x70bd26, 0x25dfdbfe, {}, [@NETDEV_A_QUEUE_IFINDEX={0x8, 0x2, r2}, @NETDEV_A_QUEUE_ID={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x810) prctl$auto(0x16, 0x2, 0x2, 0x4000000d, 0x100) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/adsp1\x00', 0x1, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_split_huge_pages_fops_huge_memory(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x40000008000) sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x2404c800) kexec_load$auto(0x5, 0x2, &(0x7f0000000040)={@kbuf=0x0, 0x800c000, 0x4800c000, 0x800c000}, 0x4) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf250300000052c4030000020000060007000080000008000200", @ANYBLOB="0a00050000000000000000000a00"], 0x58}, 0x1, 0x0, 0x0, 0x40080}, 0x40090) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/asound/card1/pcm0p/sub0/hw_params\x00', 0x1c1282, 0x0) read$auto_proc_reg_file_ops_compat_inode(r3, &(0x7f0000000280)=""/65, 0x41) close_range$auto(0x2, 0x8, 0x0) 5.075297247s ago: executing program 3 (id=575): close_range$auto(0x0, 0xfffffffffffff000, 0x2) r0 = socket(0x2, 0xa, 0x1) r1 = bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_4={0x1f, r0, 0x10000}, 0x10) mmap$auto(0x0, 0xe, 0xd9, 0x9b72, 0x96ab, 0x800000008000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) memfd_create$auto(0x0, 0xa) fcntl$auto(0xff80000000000000, 0x409, 0x3f) writev$auto(0x0, &(0x7f0000000040)={0x0, 0x202}, 0x9) mmap$auto(0x0, 0x2009, 0xfffffffffffffffa, 0x8000200008011, r1, 0x8000) 4.812004905s ago: executing program 2 (id=576): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x2, 0x2, 0x1) socket(0x15, 0x5, 0x0) io_uring_setup$auto(0xa, 0x0) clone$auto(0x1ff00, 0x0, 0x0, 0x0, 0x9) exit$auto(0x7) (async) exit$auto(0x7) ioctl$auto(0x3, 0xff08, 0x0) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) (async) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$auto(0x3, 0x2287, 0xffffffffffffffff) (async) ioctl$auto(0x3, 0x2287, 0xffffffffffffffff) 4.749151344s ago: executing program 0 (id=577): openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x180b01, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) write$auto(0x3, 0x0, 0x100082) (async) write$auto(0x3, 0x0, 0x100082) read$auto_proc_single_file_operations_base(0xffffffffffffffff, &(0x7f00000000c0)=""/41, 0x11) r0 = socket(0x10, 0x2, 0x4) setsockopt$auto(r0, 0x104000000000010e, 0xfffffffe, 0x0, 0x0) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/icmp/ratemask\x00', 0xa0202, 0x0) sendfile$auto(r1, r1, 0x0, 0x2) bind$auto(0xffffffffffffffff, &(0x7f0000000100)=@nl=@unspec, 0x0) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) write$auto(0x3, 0x0, 0xfffffdef) (async) write$auto(0x3, 0x0, 0xfffffdef) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) (async) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) unshare$auto(0x40000080) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0xa0202, 0x0) (async) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0xa0202, 0x0) close_range$auto(0x2, 0x8, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) pwrite64$auto(0xc8, &(0x7f0000000240)='\vX\xb5n\x91p\xe6\x1eRN8\x99\b\x06e\x1cJ\x99\x00\x03\x00\x00\x00\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbe\x01\x00\x00\x00\'\x03\xf2\xff\x9e\x1e\xf9\xa4*\x01\x00\x00\x00^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e#\xae\xa9i8W\xe5Iq\xcd^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00F\xd7\x02\xd2\xe7?\xaaw\x89\xea\xb1\x1d\xea\xa8\xb1\xaf\xdc\xdeS\xe4\x88\x16\x8eu8\x7f\xa7\xe5\xbb\xf8\v \x90E\xd8\nw,S\xf5\x00\xd8\xda\x16\xb6C\xe6\xc0j\xae\x19\x1eU\f\x18\x14 \x05\xd9:\'\xf5\r\xd8C\xc7,\xe1\xa9wzVf\xa4\xfc\xff\xb87\xa5.\x14\x81mgI\xb2\xbc\x91o\x1c\xfd/\x88\xa0\x02n\x98C\xd3\xfcY\xf4\x98\xb3-\xec\x87\x1f\xe5\xdcn[\x19\xac\'\xc86s{ \x0f', 0xfdf2, 0x3a) (async) pwrite64$auto(0xc8, &(0x7f0000000240)='\vX\xb5n\x91p\xe6\x1eRN8\x99\b\x06e\x1cJ\x99\x00\x03\x00\x00\x00\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbe\x01\x00\x00\x00\'\x03\xf2\xff\x9e\x1e\xf9\xa4*\x01\x00\x00\x00^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e#\xae\xa9i8W\xe5Iq\xcd^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00F\xd7\x02\xd2\xe7?\xaaw\x89\xea\xb1\x1d\xea\xa8\xb1\xaf\xdc\xdeS\xe4\x88\x16\x8eu8\x7f\xa7\xe5\xbb\xf8\v \x90E\xd8\nw,S\xf5\x00\xd8\xda\x16\xb6C\xe6\xc0j\xae\x19\x1eU\f\x18\x14 \x05\xd9:\'\xf5\r\xd8C\xc7,\xe1\xa9wzVf\xa4\xfc\xff\xb87\xa5.\x14\x81mgI\xb2\xbc\x91o\x1c\xfd/\x88\xa0\x02n\x98C\xd3\xfcY\xf4\x98\xb3-\xec\x87\x1f\xe5\xdcn[\x19\xac\'\xc86s{ \x0f', 0xfdf2, 0x3a) bpf$auto(0xfff, &(0x7f0000000040)=@bpf_attr_4={0x1, r2, 0x5, r2}, 0x800) 4.706974616s ago: executing program 3 (id=578): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop2\x00', 0x24040, 0x0) ioctl$auto_BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000540)={"ef13a5421a8765cadfca436c4d13dd823843180bb151e936e8ce6cb454168d6c", 0x3ff, 0x70, 0x1000, 0x2, 0x2000000000000009}) prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0x2) socket(0x3, 0x3, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x7, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) r3 = open(&(0x7f00000000c0)='./cgroup\x00', 0x80400, 0xb5d1af1605322dd2) open_by_handle_at$auto(r3, &(0x7f0000000300)={0xc0, 0x2, "0200000000000000c32f1a88a7d2ac4f994d42b9ccb04eead5e03d771a33bb03d2d7de959b4fd3cea3ebd9c48b2687fb19852b1da5ab33a6ca4c2b285666489ad5391024feca142d2ce5d558ded9719dea51d787328f8ead177dce68174a0f5524b4ae35369f8a21404d65bd5f6de5969ae3ab017c1bfc19029e678420377d0f040a0177ed0345f589774ee5a94eaa7f61f9b3f5deed725ac61251cf2764951f92e1945bfc2f2a921c06506e166743fbd01a69d364e3a9b990ef201ef568c367"}, 0x9) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) rseq$auto(&(0x7f00000005c0)={0x7, 0x6, 0x9, 0xfff, 0xa896, 0xffffffff, "af18c8a1eea866e9840b50cd944973113586d3c13361bac7f306af96f7efff43128e2b8c922b8fb895af349b0e062b81eb9c283c708b70b3acce9ee9cb134a7d7b89f2ffb21780113116e8528cfb4e952a1b38f43f7f7b0488d02d3f54d5f95a2b518d94598435ff9e3cb359f175b4a79e5debbe3437a9ee705e85abac6b17f188af31073da2af00acf600fea4db39bb050ffdfdf77046"}, 0x584, 0x1, 0x2) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) write$auto(r4, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) write$auto(r4, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) mmap$auto(0x401, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x1c, 0x9, 0x63, 0x0, 0x0, 0x0, 0x1002, 0x8, 0x80000008000000a, 0x40000402, 0x9, 0x8, 0xffffffff80000000, 0x800000000000d, 0x6, 0x240000100103}) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0f"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) r5 = socket(0x10, 0x2, 0x6) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB, @ANYBLOB="13"], 0x1ac}}, 0x14001) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x5, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x10000) socket(0x10, 0x2, 0x0) sendmmsg$auto(r2, 0x0, 0x6, 0x10004008) r6 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/ipv6_route\x00', 0x101000, 0x0) pread64$auto(r6, 0x0, 0x8, 0xffff) r7 = openat$auto_nsim_dev_take_snapshot_fops_dev(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/netdevsim/netdevsim3/take_snapshot\x00', 0x2001, 0x0) write$auto_nsim_dev_take_snapshot_fops_dev(r7, 0x0, 0x0) 3.835260217s ago: executing program 2 (id=579): mmap$auto(0x6, 0x20009, 0x4000000000df, 0xebe, 0xffffffffffffffff, 0x8400) socket(0x1, 0x1, 0x4d8) ioperm$auto(0x7, 0x5ad2, 0x20000a) modify_ldt$auto(0x3, 0x0, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x741143, 0x0) r0 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) pread64$auto(r0, &(0x7f0000000040)='\x00\x00\x00\x88\xde\x90\a\'\x9bM\xa0\x848\xbbz(\xe9\x05<\x82\xfe\xe2\xf6 \x0f8\xfb\xa7\xb4\xa0\x9e\xcb\xec\x9e{W\xed>\xe7\x99!*\xe3\x99}x\xd4\xa5D\xfa\xe5\xf9od^\xa6\x00\x00\x00\x00\x00\x00', 0x7, 0x80000000000000) socket(0x1e, 0x1, 0x0) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000100)={[0x9, 0x7, 0xe, 0xd9, 0x948b, 0x141, 0x15f4da0a, 0x3, 0x2, 0x62, 0xfffffffffffffff7, 0x7, 0x1, 0x4, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r0, &(0x7f0000000340)='0e_\xf9\xc8e\xf8\xe2\x00b/Eev/audio1\x00VI\xa3\xaa\xb1;\x95J\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc\x00\xc1i\xc1>\x10\xcb\xc3d\xba\xb4\xac\xc4\x11\xb2\x9a\xec;#\xff\x17\x0f8<\xc8\xc5J-\xd8.;P\x01\xf2\xc4AT', 0x0) select$auto(0x1000, 0x0, 0x0, &(0x7f00000002c0)={[0x157d, 0x8, 0xd, 0x2, 0x8000000948b, 0x3, 0x10015f4da0a, 0x43, 0x8, 0x66, 0x40, 0x8, 0x6d3e, 0x2, 0x5, 0x7]}, 0x0) mmap$auto(0xc, 0x20009, 0x5, 0xeb1, 0x405, 0x8000) write$auto(0x3, 0x0, 0xffd8) unshare$auto(0x40000080) process_mrelease$auto(0xffffffffffffffff, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x8800) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000800), r1) sendmsg$auto_NBD_CMD_CONNECT(r1, &(0x7f00000008c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4040}, 0x88d4) syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000900), r1) connect$auto(r1, &(0x7f0000000940)=@nl=@proc={0x10, 0x0, 0x25dfdbfd}, 0x1e) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000a00), r1) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x50b41, 0x0) msync$auto(0x1ffff000, 0x0, 0x400000004) open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x124) 2.789116529s ago: executing program 3 (id=580): r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, 0x0, 0x1000, 0x0) mmap$auto(0x0, 0x2000009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/graphics/fbcon/rotate\x00', 0x10b842, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) write$auto(r0, &(0x7f0000000040)='!\x00', 0xffff) r2 = openat$auto_vga_arb_device_fops_vgaarb(0xffffffffffffff9c, &(0x7f0000000240), 0x80700, 0x0) read$auto(r2, 0x0, 0x200) 1.309966146s ago: executing program 3 (id=581): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000001040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x5c, r1, 0x1, 0x70bd25, 0x25dfdbf7, {0x1, 0x0, 0x3f00}, [@L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x58}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x8}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x8}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @loopback}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @ipv4={'\x00', '\xff\xff', @broadcast}}]}, 0x5c}, 0x1, 0x2000000, 0x0, 0x44000}, 0x0) 1.208723982s ago: executing program 3 (id=582): memfd_secret$auto(0x0) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000003b40)={'xfrm0\x00'}) r1 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002f00), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_LISTENER_SET(r3, &(0x7f0000005380)={0x0, 0x0, &(0x7f0000005340)={&(0x7f0000000180)={0x14, r4, 0x1, 0x870bd2b, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x3800000000000000, 0x200000c1}, 0x20000000) sendmsg$auto_NFSD_CMD_LISTENER_SET(r2, &(0x7f0000005380)={0x0, 0x0, &(0x7f0000005340)={&(0x7f0000000100)={0x14, r4, 0x1, 0x870bd2b, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x4014}, 0x20000000) io_uring_setup$auto(0x6, 0x0) socket(0x2, 0x80002, 0x73) setsockopt$auto(0x3, 0x0, 0x1a, 0x0, 0x28) read$auto(r1, &(0x7f0000000040)='nl80211\x00', 0xbe62) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) 516.643629ms ago: executing program 0 (id=583): ioctl$auto_VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000000)={0x0, 0xffffffffffffffff}) bpf$auto_BPF_PROG_ATTACH(0x8, &(0x7f0000000080)=@iter_create={r0, 0x6}, 0x2) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/sit0/flags\x00', 0x143262, 0x0) openat$auto_ftrace_set_event_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000002640)='/sys/kernel/debug/tracing/set_event_pid\x00', 0x2002, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv6/conf/default/ioam6_id_wide\x00', 0x40100, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) timer_create$auto(0x9, 0x0, 0x0) getcwd$auto(0x0, 0xffffffffffffffff) read$auto_l2cap_debugfs_fops_(0xffffffffffffffff, &(0x7f0000000240)=""/177, 0xb1) rt_sigprocmask$auto(0x0, &(0x7f0000000000)={0xfffffffffffffe01}, 0x0, 0x8) timer_settime$auto(0x0, 0x3, &(0x7f00000000c0)={{0x26b, 0x4}, {0x0, 0x83}}, 0x0) read$auto(r1, 0x0, 0x1ff) write$auto(0x3, 0x0, 0xfdef) 510.427632ms ago: executing program 2 (id=584): r0 = socket$nl_generic(0x10, 0x3, 0x10) open(&(0x7f0000000000)='./file0\x00', 0x267c3, 0x84) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) clone$auto(0x20003b4b, 0x8000000000000000, 0x0, 0x0, 0x1b0) close_range$auto(0x2, 0x8, 0x0) r1 = open(0x0, 0xae841, 0x1fb) r2 = socket(0x1, 0x1, 0xff) r3 = socket(0x2, 0x1, 0x106) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/rpc/nfsd.export/channel\x00', 0x8f3b7a51b8162d21, 0x0) setsockopt$auto(r3, 0x6, 0xd, &(0x7f0000000040)='nsKcg>', 0x2) connect$auto(0x3, &(0x7f0000000000), 0x55) sendmsg$auto_NL80211_CMD_TDLS_CHANNEL_SWITCH(r2, &(0x7f0000000240)={&(0x7f00000000c0), 0xc, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="000000e7", @ANYRES16=0x0, @ANYBLOB="020028bd7000fddbdf256f0000000600ab0000020000"], 0x1c}, 0x1, 0x0, 0x0, 0x4040091}, 0x20008000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffb) setsockopt$auto(0x3, 0x0, 0x4, 0x0, 0x0) fstat$auto(0x1, &(0x7f0000001a40)={0x2, 0x3, 0x1, 0x2, 0x3, 0x0, 0x0, 0x6, 0xe, 0x7, 0x803, 0x7, 0x7ff, 0xffffffff80000000, 0x7, 0x400000000007ff, 0x81}) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0xffffffffffffffff, 0x2000) r4 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp1\x00', 0x20b42, 0x0) write$auto(0x3, 0x0, 0x100082) write$auto(0x3, 0x0, 0x100082) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(r4, r1, 0xfff) eventfd$auto(0x3) socketpair$auto(0x9, 0x2, 0xb, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptyd9\x00', 0x0, 0x0) mount$auto(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='afs\x00', 0x5, 0x0) r5 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_NEW(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="e8999883", @ANYRES16=r5, @ANYBLOB="010026bd7020fddbdf250100000008000200", @ANYRES32=0x4, @ANYBLOB="080001000130000008000200", @ANYRES32, @ANYBLOB], 0x2c}, 0x1, 0x0, 0x0, 0x4c855}, 0x4880) 206.747628ms ago: executing program 0 (id=585): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x21, 0x5, 0x8000000000000000, 0x0) r0 = open(0x0, 0x22240, 0x55) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa}, 0x55) statx$auto(r0, 0x0, 0x2001003, 0x4005, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x121000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0xc4) execve$auto(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0xa, 0x2, 0x73) socket(0x1d, 0x2, 0x6) openat$auto_tracing_mark_raw_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/trace_marker_raw\x00', 0x200000, 0x0) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/netfilter/nf_log/3\x00', 0xa2202, 0x0) sendfile$auto(r2, r2, 0x0, 0xd) close_range$auto(r2, r1, 0x6c87fffc) syz_genetlink_get_family_id$auto_nlctrl(0x0, 0xffffffffffffffff) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x10008, 0xdf, 0xeb1, 0x40000000000a5, 0x808000) socket(0x10, 0x2, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, 0x0, 0x102, 0x0) r3 = openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000000), 0x88600, 0x0) ioctl$auto_UBI_IOCATT(r3, 0x40186f40, 0x0) ioctl$auto_UBI_IOCDET(r3, 0x40046f41, 0x0) syz_genetlink_get_family_id$auto_mac80211_hwsim(0x0, 0xffffffffffffffff) socket(0x1, 0x1, 0x0) 174.801311ms ago: executing program 3 (id=586): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) r0 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000010c0)='/sys/devices/virtual/block/loop1/queue/wbt_lat_usec\x00', 0x2062, 0x0) write$auto(r1, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x9) ioctl$auto(r0, 0x400454ca, 0x38) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0x80900, 0x0) openat$auto_ftrace_system_enable_fops_trace_events(0xffffffffffffff9c, 0x0, 0x20a01, 0x0) ioctl$auto_BLKFLSBUF(r2, 0x1261, 0x0) openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vcsa\x00', 0x80, 0x0) mmap$auto(0xb2, 0x14, 0xffb, 0x8000000008015, 0xffffffffffffffff, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) io_uring_setup$auto(0x3501, &(0x7f0000000080)={0x80, 0x1000, 0x8, 0x5, 0x3, 0xfffffff1, 0xffffffffffffffff, [0xbc, 0xffff, 0x40], {0x81, 0x9, 0x0, 0x80000000, 0x3, 0x101, 0xffff, 0x0, 0x6}, {0x7, 0xa, 0xf, 0x7fff, 0x3, 0x0, 0x0, 0xfffffffa, 0xc}}) ioctl$auto_BLKTRACETEARDOWN(r2, 0x1276, 0x0) mmap$auto(0x8000000000002001, 0x20009, 0xdf, 0x15, r3, 0x8000) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x11, 0x0, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000040), 0x4e0182, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tty48\x00', 0x880, 0x0) ioctl$auto(r4, 0x5609, 0xffffffffffffffff) madvise$auto(0x0, 0x20499d, 0x9) open_tree$auto(0xffffffffffffffff, 0x0, 0x74ee) ioctl$auto_NS_GET_PID_FROM_PIDNS(r3, 0x8004b706, &(0x7f0000000180)=0x4) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x20000050}, 0x400c0) 0s ago: executing program 1 (id=587): r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cec18\x00', 0x900, 0x0) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f0000000040)={"fda25684", 0xefff, 0x6, 0x3, 0x9b4, 0x9, "c625aa3f222ce10e00000000000600", '\x00', "0400e6ad", '\x00', ["22dfffffffefffff480400", "f8ffffffffffffff00e10001", "b06f8ca10c66eebcbd6f17c8", "5fe10eedab2c4b353c392a92"]}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.40' (ED25519) to the list of known hosts. [ 91.117030][ T5820] cgroup: Unknown subsys name 'net' [ 91.266502][ T5820] cgroup: Unknown subsys name 'cpuset' [ 91.275692][ T5820] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 93.235894][ T5820] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 95.383859][ T5833] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 95.413691][ T5836] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 95.421416][ T5836] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 95.429625][ T5836] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 95.440888][ T5838] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 95.462779][ T5838] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 95.498224][ T5838] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 95.509710][ T5841] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 95.528941][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 95.537214][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 95.553588][ T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 95.562955][ T5153] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 95.570559][ T5841] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 95.572520][ T5836] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 95.579942][ T5841] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 95.593803][ T5841] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 95.601453][ T5841] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 95.615748][ T5841] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 95.623584][ T5841] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 95.632232][ T5841] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 96.278991][ T5834] chnl_net:caif_netlink_parms(): no params data found [ 96.303474][ T5839] chnl_net:caif_netlink_parms(): no params data found [ 96.360213][ T5840] chnl_net:caif_netlink_parms(): no params data found [ 96.487646][ T5830] chnl_net:caif_netlink_parms(): no params data found [ 96.617962][ T5834] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.625298][ T5834] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.633896][ T5834] bridge_slave_0: entered allmulticast mode [ 96.641338][ T5834] bridge_slave_0: entered promiscuous mode [ 96.686479][ T5834] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.694269][ T5834] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.701466][ T5834] bridge_slave_1: entered allmulticast mode [ 96.710126][ T5834] bridge_slave_1: entered promiscuous mode [ 96.737780][ T5839] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.745193][ T5839] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.753003][ T5839] bridge_slave_0: entered allmulticast mode [ 96.760371][ T5839] bridge_slave_0: entered promiscuous mode [ 96.802271][ T5839] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.809497][ T5839] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.816849][ T5839] bridge_slave_1: entered allmulticast mode [ 96.824968][ T5839] bridge_slave_1: entered promiscuous mode [ 96.865543][ T5834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.874865][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.882719][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.889939][ T5840] bridge_slave_0: entered allmulticast mode [ 96.898294][ T5840] bridge_slave_0: entered promiscuous mode [ 96.922122][ T9] cfg80211: failed to load regulatory.db [ 96.940931][ T5834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.950362][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.958760][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.966053][ T5840] bridge_slave_1: entered allmulticast mode [ 96.973945][ T5840] bridge_slave_1: entered promiscuous mode [ 97.013555][ T5839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 97.069273][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.076644][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.084135][ T5830] bridge_slave_0: entered allmulticast mode [ 97.091864][ T5830] bridge_slave_0: entered promiscuous mode [ 97.102465][ T5839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 97.115310][ T5834] team0: Port device team_slave_0 added [ 97.139915][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.147153][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.154723][ T5830] bridge_slave_1: entered allmulticast mode [ 97.162611][ T5830] bridge_slave_1: entered promiscuous mode [ 97.198582][ T5834] team0: Port device team_slave_1 added [ 97.222420][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 97.249495][ T5839] team0: Port device team_slave_0 added [ 97.274686][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 97.314905][ T5839] team0: Port device team_slave_1 added [ 97.337449][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 97.346809][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.373747][ T5834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 97.400882][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 97.415119][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 97.439652][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.446726][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.476432][ T5834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.490550][ T5840] team0: Port device team_slave_0 added [ 97.511913][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 97.518904][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.545121][ T5839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 97.566459][ T5840] team0: Port device team_slave_1 added [ 97.602194][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.609193][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.636696][ T5841] Bluetooth: hci0: command tx timeout [ 97.639254][ T5839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.642508][ T5841] Bluetooth: hci1: command tx timeout [ 97.685136][ T5830] team0: Port device team_slave_0 added [ 97.691897][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 97.698878][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.725013][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 97.736252][ T5833] Bluetooth: hci2: command tx timeout [ 97.742470][ T5841] Bluetooth: hci3: command tx timeout [ 97.775713][ T5830] team0: Port device team_slave_1 added [ 97.782582][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.789566][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.816599][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.847117][ T5834] hsr_slave_0: entered promiscuous mode [ 97.853992][ T5834] hsr_slave_1: entered promiscuous mode [ 97.900804][ T5839] hsr_slave_0: entered promiscuous mode [ 97.907428][ T5839] hsr_slave_1: entered promiscuous mode [ 97.914416][ T5839] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 97.922301][ T5839] Cannot create hsr debugfs directory [ 97.970096][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 97.977474][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 98.004837][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 98.058096][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 98.065471][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 98.091670][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 98.122770][ T5840] hsr_slave_0: entered promiscuous mode [ 98.129154][ T5840] hsr_slave_1: entered promiscuous mode [ 98.135532][ T5840] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 98.143204][ T5840] Cannot create hsr debugfs directory [ 98.275872][ T5830] hsr_slave_0: entered promiscuous mode [ 98.283710][ T5830] hsr_slave_1: entered promiscuous mode [ 98.289931][ T5830] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 98.298552][ T5830] Cannot create hsr debugfs directory [ 98.695439][ T5834] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 98.713065][ T5834] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 98.725412][ T5834] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 98.747738][ T5834] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 98.814669][ T5839] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 98.847793][ T5839] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 98.865102][ T5839] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 98.888379][ T5839] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 98.948110][ T5840] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 98.972991][ T5840] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 98.992589][ T5840] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 99.024730][ T5840] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 99.108033][ T5834] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.128793][ T5830] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 99.154076][ T5830] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 99.172963][ T5830] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 99.209959][ T5830] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 99.225584][ T5834] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.285760][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.293103][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.330544][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.337784][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.384170][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.476079][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.486779][ T5839] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.524711][ T5834] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 99.550694][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.557896][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.578313][ T5840] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.620683][ T74] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.627994][ T74] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.657556][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.680247][ T74] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.687502][ T74] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.705564][ T74] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.712808][ T74] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.713179][ T5841] Bluetooth: hci0: command tx timeout [ 99.730872][ T5833] Bluetooth: hci1: command tx timeout [ 99.778684][ T5830] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.800203][ T5833] Bluetooth: hci2: command tx timeout [ 99.806069][ T5841] Bluetooth: hci3: command tx timeout [ 99.817637][ T5839] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 99.914910][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.922150][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.968570][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.975849][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.008330][ T5840] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 100.166475][ T5834] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.359861][ T5834] veth0_vlan: entered promiscuous mode [ 100.416782][ T5834] veth1_vlan: entered promiscuous mode [ 100.476717][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.534750][ T5834] veth0_macvtap: entered promiscuous mode [ 100.557896][ T5834] veth1_macvtap: entered promiscuous mode [ 100.625782][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.678133][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.716273][ T5834] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.726988][ T5834] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.739568][ T5834] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.748608][ T5834] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.767343][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.800743][ T5839] veth0_vlan: entered promiscuous mode [ 100.830332][ T5839] veth1_vlan: entered promiscuous mode [ 100.879424][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.962251][ T74] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.970262][ T74] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.000437][ T5839] veth0_macvtap: entered promiscuous mode [ 101.020860][ T5839] veth1_macvtap: entered promiscuous mode [ 101.049707][ T5840] veth0_vlan: entered promiscuous mode [ 101.086641][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.096068][ T5840] veth1_vlan: entered promiscuous mode [ 101.106428][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.129651][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 101.144504][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 101.183882][ T5839] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.200131][ T5839] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.209046][ T5839] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.217927][ T5839] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.256004][ T5834] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 101.279619][ T5830] veth0_vlan: entered promiscuous mode [ 101.350504][ T5840] veth0_macvtap: entered promiscuous mode [ 101.391926][ T5830] veth1_vlan: entered promiscuous mode [ 101.423748][ T5840] veth1_macvtap: entered promiscuous mode [ 101.463938][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.474132][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 101.488035][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.499719][ T5924] tipc: Started in network mode [ 101.507498][ T5924] tipc: Node identity ee00, cluster identity 4711 [ 101.514265][ T5924] tipc: Node number set to 60928 [ 101.539823][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 101.549894][ T5830] veth0_macvtap: entered promiscuous mode [ 101.562086][ T5840] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.583963][ T5840] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.598032][ T5840] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.610134][ T5840] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.656087][ T5830] veth1_macvtap: entered promiscuous mode [ 101.718445][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.739956][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 101.747598][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.793164][ T5841] Bluetooth: hci0: command tx timeout [ 101.798654][ T5841] Bluetooth: hci1: command tx timeout [ 101.838418][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 101.857041][ T5830] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.865883][ T5830] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.872732][ T5833] Bluetooth: hci2: command tx timeout [ 101.880374][ T5841] Bluetooth: hci3: command tx timeout [ 101.886910][ T5830] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.911756][ T5830] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.008936][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.024563][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.146256][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.174976][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.304559][ T74] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.323819][ T74] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.530271][ T74] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.565568][ T74] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.721167][ T5939] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input5 [ 102.759155][ T5935] ubi0: attaching mtd0 [ 102.867297][ T5935] ubi0: scanning is finished [ 102.897938][ T5935] ubi0: empty MTD device detected [ 103.004211][ T5944] size and base must be multiples of 4 kiB [ 103.084386][ T5944] CPU: 0 UID: 0 PID: 5944 Comm: syz.3.5 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) [ 103.084432][ T5944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 103.084455][ T5944] Call Trace: [ 103.084469][ T5944] [ 103.084484][ T5944] dump_stack_lvl+0x16c/0x1f0 [ 103.084541][ T5944] mtrr_del+0xd1/0x110 [ 103.084582][ T5944] mtrr_ioctl+0x922/0xcf0 [ 103.084624][ T5944] ? __pfx_mtrr_ioctl+0x10/0x10 [ 103.084674][ T5944] ? find_held_lock+0x2b/0x80 [ 103.084728][ T5944] ? __fget_files+0x20e/0x3c0 [ 103.084773][ T5944] ? __pfx_mtrr_ioctl+0x10/0x10 [ 103.084810][ T5944] proc_reg_unlocked_ioctl+0x226/0x320 [ 103.084856][ T5944] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 103.084908][ T5944] __x64_sys_ioctl+0x18e/0x210 [ 103.084949][ T5944] do_syscall_64+0xcd/0x490 [ 103.084995][ T5944] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.085025][ T5944] RIP: 0033:0x7f932bd8e929 [ 103.085053][ T5944] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 103.085086][ T5944] RSP: 002b:00007f932cc7a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 103.085114][ T5944] RAX: ffffffffffffffda RBX: 00007f932bfb6240 RCX: 00007f932bd8e929 [ 103.085143][ T5944] RDX: 000000000000000a RSI: 00000000400c4d04 RDI: 000000000000000a [ 103.085161][ T5944] RBP: 00007f932be10b39 R08: 0000000000000000 R09: 0000000000000000 [ 103.085179][ T5944] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 103.085197][ T5944] R13: 0000000000000000 R14: 00007f932bfb6240 R15: 00007ffd0d95db58 [ 103.085252][ T5944] [ 103.254966][ T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!! [ 103.330979][ T5940] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input6 [ 103.461856][ T5948] Zero length message leads to an empty skb [ 103.541578][ T0] NOHZ tick-stop error: local softirq work is pending, handler #242!!! [ 103.550573][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 103.612787][ T5950] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6'. [ 103.631905][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 103.684112][ T5950] ipvlan1: entered allmulticast mode [ 103.718967][ T5950] veth0_vlan: entered allmulticast mode [ 103.781838][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 103.783336][ T5935] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 103.806802][ T5955] netlink: 330 bytes leftover after parsing attributes in process `syz.0.6'. [ 103.872694][ T5841] Bluetooth: hci1: command tx timeout [ 103.878578][ T5833] Bluetooth: hci0: command tx timeout [ 103.910078][ T5935] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 103.953364][ T5841] Bluetooth: hci3: command tx timeout [ 103.958836][ T5841] Bluetooth: hci2: command tx timeout [ 103.972587][ T5955] netlink: 20 bytes leftover after parsing attributes in process `syz.0.6'. [ 104.034128][ T5935] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 104.041140][ T5935] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 104.074019][ T5935] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 104.097439][ T5935] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 104.126129][ T5935] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 4200631722 [ 104.171394][ T5935] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 104.229440][ T5954] ubi0: background thread "ubi_bgt0d" started, PID 5954 [ 104.752215][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 104.912405][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 104.973723][ T5968] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input7 [ 105.181966][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 105.641851][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 105.708341][ T5970] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input8 [ 105.871983][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 106.672708][ T5977] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 107.085416][ T5984] sctp: [Deprecated]: syz.2.13 (pid 5984) Use of int in max_burst socket option. [ 107.085416][ T5984] Use struct sctp_assoc_value instead [ 107.171764][ T5984] ubi: mtd0 is already attached to ubi0 [ 108.734123][ T6011] blktrace: Concurrent blktraces are not allowed on loop2 [ 108.795046][ T5841] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 108.904242][ T6014] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input9 [ 109.386836][ T6015] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input10 [ 111.348260][ T6041] blktrace: Concurrent blktraces are not allowed on loop2 [ 112.620271][ T6049] process 'syz.1.25' launched ':,' with NULL argv: empty string added [ 113.227947][ T6068] ptrace attach of "./syz-executor exec"[5830] was attempted by "./syz-executor exec"[6068] [ 113.252068][ T6049] FAULT_INJECTION: forcing a failure. [ 113.252068][ T6049] name failslab, interval 1, probability 0, space 0, times 1 [ 113.278249][ T6049] CPU: 0 UID: 0 PID: 6049 Comm: syz.1.25 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) [ 113.278296][ T6049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 113.278315][ T6049] Call Trace: [ 113.278326][ T6049] [ 113.278337][ T6049] dump_stack_lvl+0x16c/0x1f0 [ 113.278390][ T6049] should_fail_ex+0x512/0x640 [ 113.278440][ T6049] ? __kmalloc_noprof+0xbf/0x510 [ 113.278496][ T6049] ? devlink_fmsg_put_name+0xf0/0x3f0 [ 113.278527][ T6049] should_failslab+0xc2/0x120 [ 113.278559][ T6049] __kmalloc_noprof+0xd2/0x510 [ 113.278621][ T6049] devlink_fmsg_put_name+0xf0/0x3f0 [ 113.278659][ T6049] devlink_fmsg_u32_pair_put+0xff/0x2f0 [ 113.278704][ T6049] ? __pfx_devlink_fmsg_u32_pair_put+0x10/0x10 [ 113.278754][ T6049] ? kasan_save_stack+0x21/0x60 [ 113.278812][ T6049] nsim_dev_dummy_fmsg_put+0x4d/0x1e0 [ 113.278853][ T6049] devlink_health_do_dump+0x240/0x620 [ 113.278897][ T6049] devlink_health_report+0x3c9/0x9c0 [ 113.278941][ T6049] ? __pfx_devlink_health_report+0x10/0x10 [ 113.278980][ T6049] ? _copy_from_user+0x59/0xd0 [ 113.279024][ T6049] nsim_dev_health_break_write+0x166/0x210 [ 113.279065][ T6049] ? __pfx_nsim_dev_health_break_write+0x10/0x10 [ 113.279118][ T6049] full_proxy_write+0x13f/0x200 [ 113.279154][ T6049] ? __pfx_full_proxy_write+0x10/0x10 [ 113.279186][ T6049] vfs_write+0x2a0/0x1150 [ 113.279241][ T6049] ? __pfx___mutex_lock+0x10/0x10 [ 113.279290][ T6049] ? __pfx_vfs_write+0x10/0x10 [ 113.279350][ T6049] ? __fget_files+0x20e/0x3c0 [ 113.279409][ T6049] ksys_write+0x12a/0x250 [ 113.279457][ T6049] ? __pfx_ksys_write+0x10/0x10 [ 113.279518][ T6049] do_syscall_64+0xcd/0x490 [ 113.279568][ T6049] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.279601][ T6049] RIP: 0033:0x7f166998e929 [ 113.279627][ T6049] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 113.279658][ T6049] RSP: 002b:00007f166a89e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 113.279687][ T6049] RAX: ffffffffffffffda RBX: 00007f1669bb5fa0 RCX: 00007f166998e929 [ 113.279709][ T6049] RDX: 00000000000001ff RSI: 0000000000000000 RDI: 0000000000000006 [ 113.279728][ T6049] RBP: 00007f1669a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 113.279747][ T6049] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 113.279766][ T6049] R13: 0000000000000000 R14: 00007f1669bb5fa0 R15: 00007ffe60b612e8 [ 113.279808][ T6049] [ 113.980392][ T6079] sd 0:0:1:0: PR command failed: 1026 [ 113.988653][ T6079] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 113.996107][ T6079] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 115.731212][ T6095] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 116.082025][ T6097] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 117.750014][ T6118] blktrace: Concurrent blktraces are not allowed on loop2 [ 117.854201][ T6121] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input11 [ 118.074548][ T6116] netlink: 'syz.2.38': attribute type 11 has an invalid length. [ 118.111661][ T6116] netlink: 'syz.2.38': attribute type 11 has an invalid length. [ 118.129812][ T6116] netlink: 'syz.2.38': attribute type 11 has an invalid length. [ 118.148574][ T6116] netlink: 'syz.2.38': attribute type 11 has an invalid length. [ 118.297758][ T6122] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input12 [ 118.584951][ T6127] ptrace attach of "./syz-executor exec"[5840] was attempted by "./syz-executor exec"[6127] [ 119.386382][ T6136] blktrace: Concurrent blktraces are not allowed on loop2 [ 119.494395][ T6137] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input13 [ 120.033755][ T6140] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input14 [ 120.092899][ T6145] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input15 [ 121.211274][ T6146] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input16 [ 122.006520][ T6159] FAULT_INJECTION: forcing a failure. [ 122.006520][ T6159] name failslab, interval 1, probability 0, space 0, times 0 [ 122.051798][ T6159] CPU: 0 UID: 0 PID: 6159 Comm: syz.2.45 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) [ 122.051837][ T6159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 122.051856][ T6159] Call Trace: [ 122.051865][ T6159] [ 122.051875][ T6159] dump_stack_lvl+0x16c/0x1f0 [ 122.051918][ T6159] should_fail_ex+0x512/0x640 [ 122.051962][ T6159] ? __kmalloc_noprof+0xbf/0x510 [ 122.052010][ T6159] ? devlink_fmsg_put_value+0xaa/0x2d0 [ 122.052040][ T6159] should_failslab+0xc2/0x120 [ 122.052068][ T6159] __kmalloc_noprof+0xd2/0x510 [ 122.052122][ T6159] devlink_fmsg_put_value+0xaa/0x2d0 [ 122.052159][ T6159] devlink_fmsg_u32_put+0xef/0x150 [ 122.052189][ T6159] ? __pfx_devlink_fmsg_u32_put+0x10/0x10 [ 122.052223][ T6159] ? devlink_fmsg_arr_pair_nest_start+0xec/0x130 [ 122.052262][ T6159] nsim_dev_dummy_fmsg_put+0x131/0x1e0 [ 122.052302][ T6159] devlink_health_do_dump+0x240/0x620 [ 122.052342][ T6159] devlink_health_report+0x3c9/0x9c0 [ 122.052385][ T6159] ? __pfx_devlink_health_report+0x10/0x10 [ 122.052421][ T6159] ? _copy_from_user+0x59/0xd0 [ 122.052456][ T6159] nsim_dev_health_break_write+0x166/0x210 [ 122.052494][ T6159] ? __pfx_nsim_dev_health_break_write+0x10/0x10 [ 122.052554][ T6159] full_proxy_write+0x13f/0x200 [ 122.052589][ T6159] ? __pfx_full_proxy_write+0x10/0x10 [ 122.052619][ T6159] vfs_write+0x2a0/0x1150 [ 122.052677][ T6159] ? __pfx___mutex_lock+0x10/0x10 [ 122.052723][ T6159] ? __pfx_vfs_write+0x10/0x10 [ 122.052784][ T6159] ? __fget_files+0x20e/0x3c0 [ 122.052841][ T6159] ksys_write+0x12a/0x250 [ 122.052891][ T6159] ? __pfx_ksys_write+0x10/0x10 [ 122.052954][ T6159] do_syscall_64+0xcd/0x490 [ 122.053005][ T6159] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.053038][ T6159] RIP: 0033:0x7fed8a18e929 [ 122.053064][ T6159] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 122.053096][ T6159] RSP: 002b:00007fed8af6c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 122.053134][ T6159] RAX: ffffffffffffffda RBX: 00007fed8a3b5fa0 RCX: 00007fed8a18e929 [ 122.053154][ T6159] RDX: 00000000000001ff RSI: 0000000000000000 RDI: 0000000000000006 [ 122.053172][ T6159] RBP: 00007fed8a210b39 R08: 0000000000000000 R09: 0000000000000000 [ 122.053191][ T6159] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 122.053209][ T6159] R13: 0000000000000000 R14: 00007fed8a3b5fa0 R15: 00007ffd49cff9d8 [ 122.053250][ T6159] [ 122.635138][ T6165] FAULT_INJECTION: forcing a failure. [ 122.635138][ T6165] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 122.661731][ T6165] CPU: 0 UID: 0 PID: 6165 Comm: syz.2.47 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) [ 122.661775][ T6165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 122.661795][ T6165] Call Trace: [ 122.661804][ T6165] [ 122.661817][ T6165] dump_stack_lvl+0x16c/0x1f0 [ 122.661869][ T6165] should_fail_ex+0x512/0x640 [ 122.661929][ T6165] should_fail_alloc_page+0xe7/0x130 [ 122.661966][ T6165] prepare_alloc_pages+0x3c2/0x610 [ 122.662015][ T6165] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 122.662071][ T6165] ? mas_next_slot+0x12d3/0x21b0 [ 122.662123][ T6165] ? __up_read+0x1f8/0x750 [ 122.662184][ T6165] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 122.662242][ T6165] ? validate_mm+0x40a/0x570 [ 122.662301][ T6165] ? __pfx_validate_mm+0x10/0x10 [ 122.662351][ T6165] ? lockdep_hardirqs_on+0x7c/0x110 [ 122.662406][ T6165] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 122.662465][ T6165] ? policy_nodemask+0xea/0x4e0 [ 122.662500][ T6165] alloc_pages_mpol+0x1fb/0x550 [ 122.662534][ T6165] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 122.662581][ T6165] alloc_pages_noprof+0x131/0x390 [ 122.662617][ T6165] __pmd_alloc+0x3b/0x930 [ 122.662661][ T6165] __handle_mm_fault+0xaac/0x5490 [ 122.662732][ T6165] ? __pfx___handle_mm_fault+0x10/0x10 [ 122.662814][ T6165] handle_mm_fault+0x589/0xd10 [ 122.662868][ T6165] __get_user_pages+0x589/0x3b80 [ 122.662920][ T6165] ? __pfx_mt_find+0x10/0x10 [ 122.662970][ T6165] ? __pfx___get_user_pages+0x10/0x10 [ 122.663022][ T6165] populate_vma_page_range+0x278/0x3a0 [ 122.663064][ T6165] ? __pfx_populate_vma_page_range+0x10/0x10 [ 122.663104][ T6165] ? __pfx_find_vma_intersection+0x10/0x10 [ 122.663146][ T6165] ? do_mmap+0x69c/0x1210 [ 122.663189][ T6165] __mm_populate+0x1d8/0x380 [ 122.663232][ T6165] ? __pfx___mm_populate+0x10/0x10 [ 122.663277][ T6165] ? up_write+0x1b2/0x520 [ 122.663330][ T6165] vm_mmap_pgoff+0x362/0x450 [ 122.663370][ T6165] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 122.663414][ T6165] ? __x64_sys_futex+0x1e0/0x4c0 [ 122.663460][ T6165] ? __x64_sys_futex+0x1e9/0x4c0 [ 122.663507][ T6165] ksys_mmap_pgoff+0x7d/0x5c0 [ 122.663543][ T6165] ? xfd_validate_state+0x61/0x180 [ 122.663585][ T6165] ? __pfx_ksys_write+0x10/0x10 [ 122.663639][ T6165] __x64_sys_mmap+0x125/0x190 [ 122.663688][ T6165] do_syscall_64+0xcd/0x490 [ 122.663739][ T6165] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.663772][ T6165] RIP: 0033:0x7fed8a18e929 [ 122.663799][ T6165] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 122.663830][ T6165] RSP: 002b:00007fed8af6c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 122.663861][ T6165] RAX: ffffffffffffffda RBX: 00007fed8a3b5fa0 RCX: 00007fed8a18e929 [ 122.663882][ T6165] RDX: 00000000000000df RSI: 0000000000040009 RDI: 0000000000000000 [ 122.663901][ T6165] RBP: 00007fed8a210b39 R08: 0000000000000007 R09: 0000000000028000 [ 122.663921][ T6165] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 122.663940][ T6165] R13: 0000000000000000 R14: 00007fed8a3b5fa0 R15: 00007ffd49cff9d8 [ 122.663981][ T6165] [ 124.509681][ T6182] sp0: Synchronizing with TNC [ 125.411830][ T6198] blktrace: Concurrent blktraces are not allowed on loop2 [ 125.496287][ T6201] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input17 [ 126.014465][ T6203] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input18 [ 127.139680][ T6221] ======================================================= [ 127.139680][ T6221] WARNING: The mand mount option has been deprecated and [ 127.139680][ T6221] and is ignored by this kernel. Remove the mand [ 127.139680][ T6221] option from the mount to silence this warning. [ 127.139680][ T6221] ======================================================= [ 129.379293][ T6244] bridge0: port 3(team0) entered blocking state [ 129.497699][ T6244] bridge0: port 3(team0) entered disabled state [ 129.550128][ T6244] team0: entered allmulticast mode [ 129.591601][ T6244] team_slave_0: entered allmulticast mode [ 129.627714][ T6244] team_slave_1: entered allmulticast mode [ 129.685472][ T6251] can: request_module (can-proto-0) failed. [ 129.709521][ T6244] team0: entered promiscuous mode [ 129.760833][ T6244] team_slave_0: entered promiscuous mode [ 129.775156][ T6244] team_slave_1: entered promiscuous mode [ 129.788768][ T6244] bridge0: port 3(team0) entered blocking state [ 129.795551][ T6244] bridge0: port 3(team0) entered forwarding state [ 129.882653][ T6256] FAULT_INJECTION: forcing a failure. [ 129.882653][ T6256] name failslab, interval 1, probability 0, space 0, times 0 [ 129.895628][ T6256] CPU: 0 UID: 0 PID: 6256 Comm: syz.1.64 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) [ 129.895669][ T6256] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 129.895687][ T6256] Call Trace: [ 129.895697][ T6256] [ 129.895709][ T6256] dump_stack_lvl+0x116/0x1f0 [ 129.895759][ T6256] should_fail_ex+0x512/0x640 [ 129.895823][ T6256] should_failslab+0xc2/0x120 [ 129.895855][ T6256] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 129.895906][ T6256] ? __send_signal_locked+0x159/0x12c0 [ 129.895962][ T6256] __send_signal_locked+0x159/0x12c0 [ 129.896013][ T6256] ? __lock_task_sighand+0x146/0x340 [ 129.896067][ T6256] do_send_specific+0x1e8/0x370 [ 129.896107][ T6256] ? __pfx_do_send_specific+0x10/0x10 [ 129.896142][ T6256] ? __task_pid_nr_ns+0x17c/0x500 [ 129.896194][ T6256] do_rt_tgsigqueueinfo+0xa9/0x100 [ 129.896236][ T6256] __x64_sys_rt_tgsigqueueinfo+0x17a/0x210 [ 129.896283][ T6256] ? __pfx___x64_sys_rt_tgsigqueueinfo+0x10/0x10 [ 129.896348][ T6256] do_syscall_64+0xcd/0x490 [ 129.896396][ T6256] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.896427][ T6256] RIP: 0033:0x7f166998e929 [ 129.896451][ T6256] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 129.896481][ T6256] RSP: 002b:00007f166a87d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000129 [ 129.896510][ T6256] RAX: ffffffffffffffda RBX: 00007f1669bb6080 RCX: 00007f166998e929 [ 129.896529][ T6256] RDX: 0000000000000021 RSI: 0000000000000046 RDI: 0000000000000044 [ 129.896564][ T6256] RBP: 00007f1669a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 129.896584][ T6256] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 129.896604][ T6256] R13: 0000000000000000 R14: 00007f1669bb6080 R15: 00007ffe60b612e8 [ 129.896647][ T6256] [ 132.605424][ T6284] syz.0.71 uses obsolete (PF_INET,SOCK_PACKET) [ 132.790967][ T6293] HSR: entered promiscuous mode [ 133.291017][ T6304] netlink: 222 bytes leftover after parsing attributes in process `syz.0.73'. [ 133.945275][ T6314] capability: warning: `syz.2.75' uses 32-bit capabilities (legacy support in use) [ 136.519947][ T6338] ubi: mtd0 is already attached to ubi0 [ 137.724522][ T6355] netlink: 28 bytes leftover after parsing attributes in process `syz.3.83'. [ 137.875019][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 137.881460][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 138.669013][ T6363] can: request_module (can-proto-0) failed. [ 139.165858][ T6374] blktrace: Concurrent blktraces are not allowed on loop2 [ 139.257726][ T6374] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input19 [ 139.506126][ T6382] netlink: 20 bytes leftover after parsing attributes in process `syz.0.88'. [ 139.645450][ T30] audit: type=1800 audit(4294967332.030:2): pid=6378 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.89" name="lu_gp_id" dev="configfs" ino=9693 res=0 errno=0 [ 139.784118][ T6379] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input20 [ 139.814180][ T6382] team0: Port device team_slave_1 removed [ 140.497105][ T6390] netlink: 28 bytes leftover after parsing attributes in process `syz.0.91'. [ 140.510619][ T6390] bridge0: port 2(bridge_slave_1) entered disabled state [ 140.603632][ T6390] bridge_slave_1 (unregistering): left allmulticast mode [ 140.611297][ T6390] bridge_slave_1 (unregistering): left promiscuous mode [ 140.640214][ T6390] bridge0: port 2(bridge_slave_1) entered disabled state [ 140.815743][ T6398] netlink: 4 bytes leftover after parsing attributes in process `syz.2.92'. [ 141.568617][ T6403] random: crng reseeded on system resumption                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               [ 250.122458][ T8244] program syz.2.490 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 250.833109][ T8262] sctp: [Deprecated]: syz.3.493 (pid 8262) Use of int in max_burst socket option deprecated. [ 250.833109][ T8262] Use struct sctp_assoc_value instead [ 250.895023][ T8262] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 syzkaller syzkaller login: [ 251.968662][ T8288] blktrace: Concurrent blktraces are not allowed on loop2 [ 252.162416][ T8291] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input48 [ 252.583028][ T8292] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input49 [ 253.290051][ T8292] Failed to create region snapshot [ 253.578898][ T8299] netlink: 28 bytes leftover after parsing attributes in process `syz.1.502'. [ 253.842058][ T8327] Console: switching to colour VGA+ 80x25 [ 254.863509][ T8352] FAULT_INJECTION: forcing a failure. [ 254.863509][ T8352] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 254.865681][ T8352] CPU: 1 UID: 0 PID: 8352 Comm: syz.2.510 Tainted: G U 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) [ 254.865736][ T8352] Tainted: [U]=USER [ 254.865747][ T8352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 254.865770][ T8352] Call Trace: [ 254.865784][ T8352] [ 254.865800][ T8352] dump_stack_lvl+0x16c/0x1f0 [ 254.865851][ T8352] should_fail_ex+0x512/0x640 [ 254.865908][ T8352] should_fail_alloc_page+0xe7/0x130 [ 254.865944][ T8352] prepare_alloc_pages+0x3c2/0x610 [ 254.865985][ T8352] ? rcu_is_watching+0x12/0xc0 [ 254.866022][ T8352] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 254.866079][ T8352] ? __lock_acquire+0xb8a/0x1c90 [ 254.866140][ T8352] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 254.866191][ T8352] ? do_raw_spin_lock+0x12c/0x2b0 [ 254.866242][ T8352] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 254.866293][ T8352] ? find_held_lock+0x2b/0x80 [ 254.866337][ T8352] ? __lock_acquire+0xb8a/0x1c90 [ 254.866378][ T8352] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 254.866430][ T8352] ? policy_nodemask+0xea/0x4e0 [ 254.866466][ T8352] alloc_pages_mpol+0x1fb/0x550 [ 254.866501][ T8352] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 254.866546][ T8352] folio_alloc_mpol_noprof+0x36/0x2f0 [ 254.866588][ T8352] shmem_alloc_folio+0x135/0x160 [ 254.866650][ T8352] shmem_alloc_and_add_folio+0x499/0xc20 [ 254.866716][ T8352] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 254.866770][ T8352] ? shmem_allowable_huge_orders+0xcb/0x2f0 [ 254.866829][ T8352] shmem_get_folio_gfp+0x67f/0x1600 [ 254.866890][ T8352] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 254.866945][ T8352] ? __lock_acquire+0x622/0x1c90 [ 254.866994][ T8352] shmem_fault+0x1fe/0xa30 [ 254.867046][ T8352] ? __pfx_shmem_fault+0x10/0x10 [ 254.867105][ T8352] ? __lock_acquire+0xb8a/0x1c90 [ 254.867160][ T8352] __do_fault+0x10a/0x490 [ 254.867213][ T8352] ? __pfx_filemap_map_pages+0x10/0x10 [ 254.867268][ T8352] __handle_mm_fault+0x374c/0x5490 [ 254.867327][ T8352] ? __pfx___handle_mm_fault+0x10/0x10 [ 254.867376][ T8352] ? __pte_offset_map_lock+0x174/0x310 [ 254.867413][ T8352] ? find_held_lock+0x2b/0x80 [ 254.867443][ T8352] ? find_held_lock+0x2b/0x80 [ 254.867487][ T8352] ? follow_page_pte+0x3af/0x14c0 [ 254.867537][ T8352] handle_mm_fault+0x589/0xd10 [ 254.867594][ T8352] __get_user_pages+0x589/0x3b80 [ 254.867648][ T8352] ? __pfx___get_user_pages+0x10/0x10 [ 254.867685][ T8352] ? __pfx_down_read_killable+0x10/0x10 [ 254.867759][ T8352] ? __lock_acquire+0xb8a/0x1c90 [ 254.867810][ T8352] faultin_page_range+0x249/0x980 [ 254.867861][ T8352] madvise_do_behavior+0x268/0x3f0 [ 254.867903][ T8352] ? __pfx_madvise_do_behavior+0x10/0x10 [ 254.867965][ T8352] do_madvise+0x161/0x230 [ 254.868001][ T8352] ? __pfx_do_madvise+0x10/0x10 [ 254.868057][ T8352] ? xfd_validate_state+0x61/0x180 [ 254.868099][ T8352] ? __pfx_do_writev+0x10/0x10 [ 254.868152][ T8352] __x64_sys_madvise+0xa9/0x110 [ 254.868187][ T8352] ? lockdep_hardirqs_on+0x7c/0x110 [ 254.868230][ T8352] do_syscall_64+0xcd/0x490 [ 254.868280][ T8352] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 254.868312][ T8352] RIP: 0033:0x7fed8a18e929 [ 254.868338][ T8352] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 254.868369][ T8352] RSP: 002b:00007fed8af6c038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 254.868400][ T8352] RAX: ffffffffffffffda RBX: 00007fed8a3b5fa0 RCX: 00007fed8a18e929 [ 254.868421][ T8352] RDX: 0000000000000017 RSI: 0000000000100000 RDI: 0000000000000000 [ 254.868440][ T8352] RBP: 00007fed8a210b39 R08: 0000000000000000 R09: 0000000000000000 [ 254.868462][ T8352] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 254.868481][ T8352] R13: 0000000000000000 R14: 00007fed8a3b5fa0 R15: 00007ffd49cff9d8 [ 254.868520][ T8352] [ 255.612730][ T8361] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 255.833548][ T8367] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 256.252658][ T8384] synth uevent: /module/ubifs: unknown uevent action string [ 256.914094][ T8393] queue_state_write: unsupported operation '' [ 256.937608][ T8393] queue_state_write: use 'run', 'start' or 'kick' [ 257.472512][ T8415] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 259.168361][ T8455] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 259.990993][ T8473] netlink: 28 bytes leftover after parsing attributes in process `syz.2.532'. [ 260.759183][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 260.778592][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 262.781493][ T30] audit: type=1800 audit(4294968542.428:7): pid=8508 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.540" name="dmabuf" dev="dmabuf" ino=8 res=0 errno=0 [ 267.011507][ T8520] blktrace: Concurrent blktraces are not allowed on loop2 [ 267.181431][ T8523] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input50 [ 268.144775][ T8524] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input51 [ 268.173497][ T8537] netlink: 28 bytes leftover after parsing attributes in process `syz.3.547'. [ 268.994018][ T8525] Failed to create region snapshot [ 269.548093][ T8546] Invalid ELF header magic: != ELF [ 269.755898][ T8546] FAULT_INJECTION: forcing a failure. [ 269.755898][ T8546] name failslab, interval 1, probability 0, space 0, times 0 [ 269.778609][ T8546] CPU: 1 UID: 0 PID: 8546 Comm: syz.2.551 Tainted: G U 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) [ 269.778657][ T8546] Tainted: [U]=USER [ 269.778664][ T8546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 269.778678][ T8546] Call Trace: [ 269.778686][ T8546] [ 269.778695][ T8546] dump_stack_lvl+0x16c/0x1f0 [ 269.778732][ T8546] should_fail_ex+0x512/0x640 [ 269.778768][ T8546] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 269.778804][ T8546] should_failslab+0xc2/0x120 [ 269.778827][ T8546] __kmalloc_cache_noprof+0x6a/0x3e0 [ 269.778859][ T8546] ? nci_allocate_device+0x105/0x430 [ 269.778891][ T8546] nci_allocate_device+0x105/0x430 [ 269.778920][ T8546] virtual_ncidev_open+0x6f/0x220 [ 269.778951][ T8546] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 269.778981][ T8546] misc_open+0x35a/0x420 [ 269.779012][ T8546] ? __pfx_misc_open+0x10/0x10 [ 269.779042][ T8546] chrdev_open+0x234/0x6a0 [ 269.779062][ T8546] ? __pfx_apparmor_file_open+0x10/0x10 [ 269.779093][ T8546] ? __pfx_chrdev_open+0x10/0x10 [ 269.779116][ T8546] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 269.779153][ T8546] do_dentry_open+0x741/0x1c10 [ 269.779189][ T8546] ? __pfx_chrdev_open+0x10/0x10 [ 269.779215][ T8546] vfs_open+0x82/0x3f0 [ 269.779244][ T8546] path_openat+0x1de4/0x2cb0 [ 269.779287][ T8546] ? __pfx_path_openat+0x10/0x10 [ 269.779328][ T8546] ? __lock_acquire+0xb8a/0x1c90 [ 269.779362][ T8546] do_filp_open+0x20b/0x470 [ 269.779397][ T8546] ? __pfx_do_filp_open+0x10/0x10 [ 269.779452][ T8546] ? alloc_fd+0x471/0x7d0 [ 269.779493][ T8546] do_sys_openat2+0x11b/0x1d0 [ 269.779527][ T8546] ? __pfx_do_sys_openat2+0x10/0x10 [ 269.779565][ T8546] __x64_sys_openat+0x174/0x210 [ 269.779593][ T8546] ? __pfx___x64_sys_openat+0x10/0x10 [ 269.779632][ T8546] do_syscall_64+0xcd/0x490 [ 269.779668][ T8546] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 269.779691][ T8546] RIP: 0033:0x7fed8a18e929 [ 269.779709][ T8546] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 269.779731][ T8546] RSP: 002b:00007fed8af6c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 269.779751][ T8546] RAX: ffffffffffffffda RBX: 00007fed8a3b5fa0 RCX: 00007fed8a18e929 [ 269.779766][ T8546] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 269.779780][ T8546] RBP: 00007fed8a210b39 R08: 0000000000000000 R09: 0000000000000000 [ 269.779794][ T8546] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 269.779807][ T8546] R13: 0000000000000000 R14: 00007fed8a3b5fa0 R15: 00007ffd49cff9d8 [ 269.779835][ T8546] [ 271.619733][ T8569] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_tx_wq": -EINTR [ 274.428622][ T8598] can: request_module (can-proto-0) failed. [ 276.473721][ T8616] ksmbd: Unknown IPC event: 14, ignore. [ 276.898802][ T8596] syz.1.559 (8596) used greatest stack depth: 20504 bytes left [ 279.135807][ T8654] Invalid ELF header magic: != ELF [ 279.159473][ T8655] netlink: 330 bytes leftover after parsing attributes in process `syz.3.574'. [ 279.183198][ T8648] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 280.013443][ T8666] random: crng reseeded on system resumption [ 280.095944][ T8668] blktrace: Concurrent blktraces are not allowed on loop2 [ 280.174358][ T8670] Unrecognized hibernate image header format! [ 280.195461][ T8670] PM: hibernation: Image mismatch: architecture specific data [ 280.217503][ T8671] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input52 [ 280.344537][ T8669] Unrecognized hibernate image header format! [ 280.351202][ T8669] PM: hibernation: Image mismatch: architecture specific data [ 280.368575][ T8670] Unrecognized hibernate image header format! [ 280.374734][ T8670] PM: hibernation: Image mismatch: architecture specific data [ 281.034025][ T8672] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input53 [ 282.804947][ T8419] syz.1.523 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 282.816133][ T8419] CPU: 0 UID: 0 PID: 8419 Comm: syz.1.523 Tainted: G U 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) [ 282.816177][ T8419] Tainted: [U]=USER [ 282.816186][ T8419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 282.816201][ T8419] Call Trace: [ 282.816210][ T8419] [ 282.816220][ T8419] dump_stack_lvl+0x16c/0x1f0 [ 282.816265][ T8419] dump_header+0x101/0x930 [ 282.816317][ T8419] oom_kill_process+0x270/0xa60 [ 282.816373][ T8419] out_of_memory+0x350/0x1700 [ 282.816433][ T8419] ? __pfx_out_of_memory+0x10/0x10 [ 282.816497][ T8419] mem_cgroup_out_of_memory+0x118/0x130 [ 282.816540][ T8419] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 282.816604][ T8419] ? do_raw_spin_unlock+0x172/0x230 [ 282.816664][ T8419] try_charge_memcg+0x72b/0xd50 [ 282.816705][ T8419] ? __pfx_try_charge_memcg+0x10/0x10 [ 282.816738][ T8419] ? __print_lock_name+0x91/0xe0 [ 282.816772][ T8419] ? rcu_read_unlock+0x17/0x60 [ 282.816819][ T8419] charge_memcg+0x8a/0x230 [ 282.816852][ T8419] __mem_cgroup_charge+0x2b/0x1e0 [ 282.816892][ T8419] shmem_alloc_and_add_folio+0x514/0xc20 [ 282.816951][ T8419] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 282.817006][ T8419] ? shmem_allowable_huge_orders+0xcb/0x2f0 [ 282.817064][ T8419] shmem_get_folio_gfp+0x67f/0x1600 [ 282.817123][ T8419] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 282.817174][ T8419] ? __pte_offset_map_lock+0x174/0x310 [ 282.817217][ T8419] shmem_write_begin+0x160/0x300 [ 282.817268][ T8419] ? find_held_lock+0x2b/0x80 [ 282.817300][ T8419] ? __pfx_shmem_write_begin+0x10/0x10 [ 282.817351][ T8419] ? balance_dirty_pages_ratelimited_flags+0x92/0x1260 [ 282.817393][ T8419] ? __pfx_timestamp_truncate+0x10/0x10 [ 282.817452][ T8419] generic_perform_write+0x3cd/0x930 [ 282.817517][ T8419] ? __pfx_generic_perform_write+0x10/0x10 [ 282.817574][ T8419] ? inode_needs_update_time.part.0+0x191/0x270 [ 282.817642][ T8419] shmem_file_write_iter+0x10e/0x140 [ 282.817679][ T8419] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 282.817711][ T8419] __kernel_write_iter+0x31a/0xa90 [ 282.817765][ T8419] ? __pfx___kernel_write_iter+0x10/0x10 [ 282.817815][ T8419] ? __up_read+0x1f8/0x750 [ 282.817870][ T8419] ? dump_user_range+0x745/0xb60 [ 282.817919][ T8419] dump_user_range+0x41f/0xb60 [ 282.817969][ T8419] ? __pfx_dump_user_range+0x10/0x10 [ 282.818012][ T8419] ? elf_coredump_extra_notes_write+0xbd/0x4f0 [ 282.818070][ T8419] ? __pfx_writenote+0x10/0x10 [ 282.818125][ T8419] elf_core_dump+0x288a/0x3a90 [ 282.818192][ T8419] ? __pfx_elf_core_dump+0x10/0x10 [ 282.818235][ T8419] ? finish_task_switch.isra.0+0x221/0xc10 [ 282.818275][ T8419] ? trace_sched_exit_tp+0xde/0x130 [ 282.818314][ T8419] ? __schedule+0x1181/0x5de0 [ 282.818359][ T8419] ? 0xffffffffff600000 [ 282.818404][ T8419] ? __pfx___schedule+0x10/0x10 [ 282.818498][ T8419] ? do_coredump+0x399c/0x4f10 [ 282.818533][ T8419] do_coredump+0x399c/0x4f10 [ 282.818594][ T8419] ? __pfx_do_coredump+0x10/0x10 [ 282.818634][ T8419] ? find_held_lock+0x2b/0x80 [ 282.818666][ T8419] ? is_bpf_text_address+0x8a/0x1a0 [ 282.818718][ T8419] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 282.818758][ T8419] ? is_bpf_text_address+0x94/0x1a0 [ 282.818806][ T8419] ? kernel_text_address+0x8d/0x100 [ 282.818858][ T8419] ? __kernel_text_address+0xd/0x40 [ 282.818907][ T8419] ? unwind_get_return_address+0x59/0xa0 [ 282.818986][ T8419] ? stack_depot_save_flags+0x28/0xa40 [ 282.819042][ T8419] ? __lock_acquire+0xb8a/0x1c90 [ 282.819090][ T8419] ? kasan_save_stack+0x42/0x60 [ 282.819138][ T8419] ? kasan_save_stack+0x33/0x60 [ 282.819186][ T8419] ? kasan_save_track+0x14/0x30 [ 282.819233][ T8419] ? kasan_save_free_info+0x3b/0x60 [ 282.819272][ T8419] ? __kasan_slab_free+0x51/0x70 [ 282.819322][ T8419] ? kmem_cache_free+0x2d1/0x4d0 [ 282.819370][ T8419] ? __sigqueue_free+0xba/0x2a0 [ 282.819412][ T8419] ? get_signal+0xcba/0x26d0 [ 282.819445][ T8419] ? arch_do_signal_or_restart+0x8f/0x790 [ 282.819540][ T8419] ? proc_coredump_connector+0x2d1/0x4f0 [ 282.819591][ T8419] ? __pfx_proc_coredump_connector+0x10/0x10 [ 282.819647][ T8419] ? rcu_is_watching+0x12/0xc0 [ 282.819699][ T8419] get_signal+0x22e3/0x26d0 [ 282.819744][ T8419] ? force_sig_fault+0xc4/0x100 [ 282.819782][ T8419] ? __pfx_get_signal+0x10/0x10 [ 282.819829][ T8419] arch_do_signal_or_restart+0x8f/0x790 [ 282.819864][ T8419] ? trace_irq_disable.constprop.0+0xd4/0x120 [ 282.819916][ T8419] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 282.819977][ T8419] irqentry_exit_to_user_mode+0x12a/0x270 [ 282.820026][ T8419] asm_exc_page_fault+0x26/0x30 [ 282.820057][ T8419] RIP: 0033:0x7f166998e931 [ 282.820081][ T8419] Code: 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 282.820111][ T8419] RSP: 002b:0000000080000001 EFLAGS: 00010217 [ 282.820135][ T8419] RAX: 0000000000000000 RBX: 00007f1669bb6160 RCX: 00007f166998e929 [ 282.820154][ T8419] RDX: 0000000000000000 RSI: 0000000080000001 RDI: 0000000020003b49 [ 282.820173][ T8419] RBP: 00007f1669a10b39 R08: 0000000000000001 R09: 0000000000000000 [ 282.820192][ T8419] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 282.820209][ T8419] R13: 0000000000000000 R14: 00007f1669bb6160 R15: 00007ffe60b612e8 [ 282.820250][ T8419] [ 283.496766][ T8419] memory: usage 307200kB, limit 307200kB, failcnt 19672 [ 283.606641][ T8419] memory+swap: usage 432156kB, limit 9007199254740988kB, failcnt 0 [ 283.623398][ T8419] kmem: usage 3212kB, limit 9007199254740988kB, failcnt 0 [ 283.632219][ T8419] Memory cgroup stats for /syz1: [ 283.632848][ T8419] cache 310751232 [ 283.644644][ T8419] rss 352256 [ 283.647922][ T8419] rss_huge 0 [ 283.651269][ T8419] shmem 310747136 [ 283.655118][ T8419] mapped_file 17584128 [ 283.665745][ T8419] dirty 0 [ 283.673903][ T8419] writeback 0 [ 283.677413][ T8419] workingset_refault_anon 1297 [ 283.682332][ T8419] workingset_refault_file 311 [ 283.687628][ T8419] swap 127954944 [ 283.693962][ T8419] swapcached 36864 [ 283.697871][ T8419] nr_memmap_boot_pages 226727 [ 283.703984][ T8419] pgpgin 153320 [ 283.707485][ T8419] pglazyfree 187556 [ 283.711870][ T8419] pgfault 367 [ 283.715200][ T8419] a_other 223363072 [ 283.723336][ T8419] inactive_anon 87773184 [ 283.727617][ T8419] active_anon 0 [ 283.744577][ T8419] inactive_file 4096 [ 283.749426][ T8419] active_file 0 [ 283.753045][ T8419] hierarchical_memory_limit 314572800 [ 283.758632][ T8419] hierarchical_memsw_limit 9223372036854771712 [ 283.768209][ T8419] total_cache 310751232 [ 283.777259][ T8419] total_rss 352256 [ 283.781160][ T8419] total_rss_huge 0 [ 283.784901][ T8419] total_shmem 310747136 [ 283.789314][ T8419] total_mapped_file 17584128 [ 283.793933][ T8419] total_dirty 0 [ 283.797428][ T8419] total_writeback 0 [ 283.801445][ T8419] total_workingset_refault_anon 1297 [ 283.806755][ T8419] total_workingset_refault_file 311 [ 283.812108][ T8419] total_swap 127954944 [ 283.816201][ T8419] total_swapcached 36864 [ 283.820558][ T8419] total_nr_memmap_boot_pages 226727 [ 283.825888][ T8419] total_pgpgin 153320 [ 283.829917][ T8419] total_pglazyfree 187556 [ 283.834252][ T8419] total_pgfault 367 [ 283.838191][ T8419] total_a_other 223363072 [ 283.842644][ T8419] total_inactive_anon 87773184 [ 283.847426][ T8419] total_active_anon 0 [ 283.851569][ T8419] total_inactive_file 4096 [ 283.856008][ T8419] total_active_file 0 [ 283.860119][ T8419] anon_cost 0 [ 283.863569][ T8419] file_cost 0 [ 283.870585][ T8419] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.523,pid=8423,uid=0 [ 283.905891][ T8419] Memory cgroup out of memory: Killed process 8423 (syz.1.523) total-vm:131404kB, anon-rss:944kB, file-rss:55788kB, shmem-rss:17024kB, UID:0 pgtables:264kB oom_score_adj:1000 [ 284.031539][ T8676] netlink: 28 bytes leftover after parsing attributes in process `syz.1.569'. [ 284.742785][ T8697] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 284.854191][ T8711] ubi: mtd0 is already attached to ubi0 [ 284.861790][ T8711] ubi0: detaching mtd0 [ 284.874828][ T8703] kAFS: No cell specified [ 284.894141][ T8711] ubi0: mtd0 is detached [ 285.011219][ T8709] [ 285.013634][ T8709] ====================================================== [ 285.020683][ T8709] WARNING: possible circular locking dependency detected [ 285.027723][ T8709] 6.15.0-syzkaller-12426-ge271ed52b344 #0 Tainted: G U [ 285.036066][ T8709] ------------------------------------------------------ [ 285.043110][ T8709] syz.3.586/8709 is trying to acquire lock: [ 285.049033][ T8709] ffffffff8e52f4c8 (pcpu_alloc_mutex){+.+.}-{4:4}, at: pcpu_alloc_noprof+0xb4c/0x1470 [ 285.058674][ T8709] [ 285.058674][ T8709] but task is already holding lock: [ 285.066053][ T8709] ffff888025b59e00 (&q->q_usage_counter(io)#18){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 285.077355][ T8709] [ 285.077355][ T8709] which lock already depends on the new lock. [ 285.077355][ T8709] [ 285.087778][ T8709] [ 285.087778][ T8709] the existing dependency chain (in reverse order) is: [ 285.096817][ T8709] [ 285.096817][ T8709] -> #2 (&q->q_usage_counter(io)#18){++++}-{0:0}: [ 285.105480][ T8709] blk_alloc_queue+0x619/0x760 [ 285.110806][ T8709] blk_mq_alloc_queue+0x175/0x290 [ 285.116395][ T8709] __blk_mq_alloc_disk+0x29/0x120 [ 285.121985][ T8709] loop_add+0x49e/0xb70 [ 285.126698][ T8709] loop_init+0x164/0x270 [ 285.131492][ T8709] do_one_initcall+0x120/0x6e0 [ 285.136801][ T8709] kernel_init_freeable+0x5c2/0x900 [ 285.142553][ T8709] kernel_init+0x1c/0x2b0 [ 285.147429][ T8709] ret_from_fork+0x5d7/0x6f0 [ 285.152583][ T8709] ret_from_fork_asm+0x1a/0x30 [ 285.157934][ T8709] [ 285.157934][ T8709] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 285.165187][ T8709] fs_reclaim_acquire+0x102/0x150 [ 285.170767][ T8709] prepare_alloc_pages+0x162/0x610 [ 285.176432][ T8709] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 285.182977][ T8709] __alloc_pages_noprof+0xb/0x1b0 [ 285.188563][ T8709] pcpu_populate_chunk+0x110/0xb00 [ 285.194238][ T8709] pcpu_alloc_noprof+0x86a/0x1470 [ 285.199833][ T8709] xt_percpu_counter_alloc+0x13e/0x1b0 [ 285.205937][ T8709] find_check_entry.constprop.0+0xbc/0x9b0 [ 285.212306][ T8709] translate_table+0xc98/0x1720 [ 285.217715][ T8709] ipt_register_table+0x102/0x430 [ 285.223306][ T8709] iptable_nat_table_init+0x4b/0x250 [ 285.229153][ T8709] xt_find_table_lock+0x2e4/0x520 [ 285.234916][ T8709] xt_request_find_table_lock+0x28/0xf0 [ 285.241020][ T8709] get_info+0x190/0x610 [ 285.245724][ T8709] do_ipt_get_ctl+0x169/0xa10 [ 285.250956][ T8709] nf_getsockopt+0x79/0xe0 [ 285.255920][ T8709] ip_getsockopt+0x18c/0x1e0 [ 285.261062][ T8709] tcp_getsockopt+0x9e/0x100 [ 285.266213][ T8709] do_sock_getsockopt+0x3ff/0x800 [ 285.271788][ T8709] __sys_getsockopt+0x123/0x1b0 [ 285.277195][ T8709] __x64_sys_getsockopt+0xbd/0x160 [ 285.282865][ T8709] do_syscall_64+0xcd/0x490 [ 285.287931][ T8709] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 285.294414][ T8709] [ 285.294414][ T8709] -> #0 (pcpu_alloc_mutex){+.+.}-{4:4}: [ 285.302209][ T8709] __lock_acquire+0x126f/0x1c90 [ 285.307624][ T8709] lock_acquire+0x179/0x350 [ 285.312687][ T8709] __mutex_lock+0x199/0xb90 [ 285.317750][ T8709] pcpu_alloc_noprof+0xb4c/0x1470 [ 285.323352][ T8709] blk_stat_alloc_callback+0xc8/0x280 [ 285.329275][ T8709] wbt_init+0xac/0x540 [ 285.333893][ T8709] queue_wb_lat_store+0x354/0x3d0 [ 285.339462][ T8709] queue_attr_store+0x279/0x320 [ 285.344862][ T8709] sysfs_kf_write+0xef/0x150 [ 285.350010][ T8709] kernfs_fop_write_iter+0x354/0x510 [ 285.355842][ T8709] vfs_write+0x6c4/0x1150 [ 285.360729][ T8709] ksys_write+0x12a/0x250 [ 285.365636][ T8709] do_syscall_64+0xcd/0x490 [ 285.370720][ T8709] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 285.377158][ T8709] [ 285.377158][ T8709] other info that might help us debug this: [ 285.377158][ T8709] [ 285.387401][ T8709] Chain exists of: [ 285.387401][ T8709] pcpu_alloc_mutex --> fs_reclaim --> &q->q_usage_counter(io)#18 [ 285.387401][ T8709] [ 285.401114][ T8709] Possible unsafe locking scenario: [ 285.401114][ T8709] [ 285.408597][ T8709] CPU0 CPU1 [ 285.413989][ T8709] ---- ---- [ 285.419377][ T8709] lock(&q->q_usage_counter(io)#18); [ 285.424790][ T8709] lock(fs_reclaim); [ 285.431319][ T8709] lock(&q->q_usage_counter(io)#18); [ 285.439255][ T8709] lock(pcpu_alloc_mutex); [ 285.443782][ T8709] [ 285.443782][ T8709] *** DEADLOCK *** [ 285.443782][ T8709] [ 285.451940][ T8709] 6 locks held by syz.3.586/8709: [ 285.456981][ T8709] #0: ffff88803351a0f8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2a2/0x370 [ 285.466102][ T8709] #1: ffff888031210428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 285.475146][ T8709] #2: ffff888059ef5488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 [ 285.484951][ T8709] #3: ffff888025c2d968 (kn->active#180){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 [ 285.495108][ T8709] #4: ffff888025b59e00 (&q->q_usage_counter(io)#18){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 285.506845][ T8709] #5: ffff888025b59e38 (&q->q_usage_counter(queue)#23){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 285.518883][ T8709] [ 285.518883][ T8709] stack backtrace: [ 285.524792][ T8709] CPU: 1 UID: 0 PID: 8709 Comm: syz.3.586 Tainted: G U 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) [ 285.524832][ T8709] Tainted: [U]=USER [ 285.524840][ T8709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 285.524856][ T8709] Call Trace: [ 285.524863][ T8709] [ 285.524873][ T8709] dump_stack_lvl+0x116/0x1f0 [ 285.524914][ T8709] print_circular_bug+0x275/0x350 [ 285.524950][ T8709] check_noncircular+0x14c/0x170 [ 285.524988][ T8709] __lock_acquire+0x126f/0x1c90 [ 285.525026][ T8709] ? __kmalloc_noprof+0x2a5/0x510 [ 285.525069][ T8709] lock_acquire+0x179/0x350 [ 285.525104][ T8709] ? pcpu_alloc_noprof+0xb4c/0x1470 [ 285.525144][ T8709] ? __pfx___might_resched+0x10/0x10 [ 285.525175][ T8709] __mutex_lock+0x199/0xb90 [ 285.525213][ T8709] ? pcpu_alloc_noprof+0xb4c/0x1470 [ 285.525252][ T8709] ? pcpu_alloc_noprof+0xb4c/0x1470 [ 285.525291][ T8709] ? __pfx___mutex_lock+0x10/0x10 [ 285.525338][ T8709] ? pcpu_alloc_noprof+0xb4c/0x1470 [ 285.525380][ T8709] pcpu_alloc_noprof+0xb4c/0x1470 [ 285.525424][ T8709] ? __pfx_wbt_data_dir+0x10/0x10 [ 285.525484][ T8709] ? __pfx_wb_timer_fn+0x10/0x10 [ 285.525511][ T8709] blk_stat_alloc_callback+0xc8/0x280 [ 285.525540][ T8709] ? kasan_save_track+0x14/0x30 [ 285.525584][ T8709] wbt_init+0xac/0x540 [ 285.525615][ T8709] queue_wb_lat_store+0x354/0x3d0 [ 285.525641][ T8709] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 285.525689][ T8709] ? __mutex_trylock_common+0xe9/0x250 [ 285.525728][ T8709] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 285.525773][ T8709] queue_attr_store+0x279/0x320 [ 285.525799][ T8709] ? __pfx_queue_attr_store+0x10/0x10 [ 285.525824][ T8709] ? __lock_acquire+0x622/0x1c90 [ 285.525867][ T8709] ? find_held_lock+0x2b/0x80 [ 285.525893][ T8709] ? sysfs_file_kobj+0xe4/0x290 [ 285.525928][ T8709] ? __pfx_queue_attr_store+0x10/0x10 [ 285.525953][ T8709] sysfs_kf_write+0xef/0x150 [ 285.525988][ T8709] kernfs_fop_write_iter+0x354/0x510 [ 285.526017][ T8709] ? __pfx_sysfs_kf_write+0x10/0x10 [ 285.526053][ T8709] vfs_write+0x6c4/0x1150 [ 285.526093][ T8709] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 285.526126][ T8709] ? __pfx___mutex_lock+0x10/0x10 [ 285.526166][ T8709] ? __pfx_vfs_write+0x10/0x10 [ 285.526216][ T8709] ksys_write+0x12a/0x250 [ 285.526256][ T8709] ? __pfx_ksys_write+0x10/0x10 [ 285.526302][ T8709] do_syscall_64+0xcd/0x490 [ 285.526343][ T8709] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 285.526387][ T8709] RIP: 0033:0x7f932bd8e929 [ 285.526408][ T8709] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 285.526434][ T8709] RSP: 002b:00007f932cc9b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 285.526458][ T8709] RAX: ffffffffffffffda RBX: 00007f932bfb6160 RCX: 00007f932bd8e929 [ 285.526475][ T8709] RDX: 0000000000000009 RSI: 00002000000001c0 RDI: 0000000000000004 [ 285.526491][ T8709] RBP: 00007f932be10b39 R08: 0000000000000000 R09: 0000000000000000 [ 285.526507][ T8709] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 285.526523][ T8709] R13: 0000000000000000 R14: 00007f932bfb6160 R15: 00007ffd0d95db58 [ 285.526548][ T8709] [ 286.066299][ T8417] syz.1.523 (8417) used greatest stack depth: 19048 bytes left [ 286.118383][ T8410] syz.1.523 (8410) used greatest stack depth: 18984 bytes left [ 286.157194][ T32] oom_reaper: reaped process 8423 (syz.1.523), now anon-rss:0kB, file-rss:53108kB, shmem-rss:17024kB [ 286.490718][ T8411] syz.1.523 (8411) used greatest stack depth: 18376 bytes left