last executing test programs: 5.17145099s ago: executing program 0 (id=1): mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x8000000000000003, 0x8000) mkdir$auto(&(0x7f00000000c0)='./file1\x00', 0x8) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file1/file0\x00', 0x840, 0xc) socket(0x1d, 0x2, 0x6) io_uring_setup$auto(0x6, 0x0) io_uring_setup$auto(0x7, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/009/001\x00', 0xa101, 0x0) r0 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r0, 0x0, 0x6, 0x2) io_uring_setup$auto(0x4, 0x0) openat$auto_ftrace_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/events/vmalloc/free_vmap_area_noflush/enable\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_lowpan_enable_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x109500, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) io_uring_setup$auto(0x85, 0x0) socket(0x1d, 0x2, 0x7) socketpair$auto(0x4004, 0x7, 0x4, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r2, 0x5423, 0x0) ioctl$auto_TCFLSH2(r1, 0x5408, 0x0) 4.60732544s ago: executing program 0 (id=5): madvise$auto(0x7f, 0x7fff, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) r0 = socket(0xa, 0x1, 0x100) setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b) prctl$auto(0x801, 0x1, 0x0, 0x3, 0xfffffffffffffffb) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nbd(0x0, 0xffffffffffffffff) io_uring_setup$auto(0x9, &(0x7f0000000100)={0x694f, 0x4, 0x2, 0x80, 0xbf, 0x1, r0, [0x81, 0x1, 0x1], {0xffffffff, 0xb627, 0x1, 0x8, 0x0, 0x1, 0x1, 0xfffffff7, 0xa}, {0x8, 0x9f33, 0xb27, 0x3, 0x9, 0x9, 0xabd, 0x3, 0x9}}) socket(0x22, 0x2, 0x2) setsockopt$auto(0x7, 0x114, 0x3, 0xffffffffffffffff, 0xa0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r1, 0x0, 0xe8) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000001240)='/proc/thread-self/fail-nth\x00', 0xa0302, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) r3 = openat$auto_vrr_range_fops_(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/dri/vkms/Writeback-1/vrr_range\x00', 0x0, 0x0) read$auto_vrr_range_fops_(r3, &(0x7f0000000080)=""/212, 0xd4) unshare$auto(0x40000080) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x181000, 0x0) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) 3.848891703s ago: executing program 1 (id=2): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, 0x0, 0x6e) io_uring_setup$auto(0x1, 0x0) r1 = socket(0x1f, 0x2, 0x200000) sendmsg$auto_NL80211_CMD_PEER_MEASUREMENT_START(r0, 0x0, 0x4008080) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) write$auto(0x3, 0x0, 0xfffffdef) unshare$auto(0x40000080) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x3b87, 0xa) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x0, 0x402000a, 0xdf, 0x10000000000eb1, r1, 0x8000) capset$auto(0x0, 0x0) madvise$auto(0x0, 0x200007, 0x19) mprotect$auto(0x0, 0x806121, 0x6) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) writev$auto(r2, &(0x7f0000000080)={&(0x7f0000000040), 0x1000}, 0x3) close_range$auto(0x2, 0x8, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0x169000, 0x0) open(0x0, 0x6041, 0x0) 3.496936363s ago: executing program 2 (id=3): prctl$auto(0x41, 0x3, 0x0, 0x0, 0x0) prctl$auto(0x41, 0x3, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x28, 0x801, 0x0) connect$auto(0x3, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x2711}, 0x51) socket(0xf, 0x3, 0x2) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) open(&(0x7f0000000100)='./bus\x00', 0x14d27e, 0x72) socket(0x2, 0x1, 0x0) socket(0x1e, 0x1, 0x0) fallocate$auto(0x8000000000000003, 0x0, 0xd, 0x9) setrlimit$auto(0x7, &(0x7f0000000080)={0x0, 0x6}) select$auto(0x6, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x3, 0xfff, 0x1, 0x948b, 0x3, 0x95f4da2d, 0xc, 0x6, 0x62, 0x7, 0x7, 0x6d3f, 0xa, 0x4, 0x5]}, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f0000000100)={[0x1ff, 0x6, 0x1, 0xfffffffffffffff7, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000021, 0x7, 0x6d3e, 0x7fff, 0x2, 0x6]}, 0x0) socket(0x1d, 0x2, 0x3) r1 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r1, 0xc0686611, &(0x7f0000000340)={0x8000000000000001, 0xfffffffffffffffe, 0xfffffffffffffffb, 0xfffffffffffffff8, 0x8, 0xe, 0x3, 0x9, 0x0, 0x200, 0xe223, 0x80000000, 0x2000009, 0x7, 0xfffffffffffffff7}) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x8, 0x10, 0x3000, 0x6, 0x7, 0x400a, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c48, 0x29b, 0x3, 0x7f, 0x104, 0x6, 0x3}, {0x100, 0x1, 0x52, 0x6, 0x2, 0x1a7b870a, 0x76c5, 0x9, 0xfffffffd}}) 3.320363239s ago: executing program 0 (id=6): arch_prctl$auto_ARCH_MAP_VDSO_64(0x2003, 0x5) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) gettid() open(0x0, 0x0, 0x152) rseq$auto(&(0x7f00000001c0)={0x20006, 0x5, 0x0, 0x7, 0xffffffff, 0x80000001}, 0x7ffd, 0xa, 0xa) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) mmap$auto(0x100000000000000, 0x2, 0x4000000000df, 0x40df, 0x401, 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0xffffffffffffffff, &(0x7f0000000140)='\x00', 0x0) rt_sigtimedwait$auto(0x0, 0x0, 0x0, 0x8) bpf$auto(0x0, 0x0, 0xa3) unshare$auto(0x40000080) ioctl$auto(0xffffffffffffffff, 0xc0404d1a, 0xffffffffffffffff) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20b42, 0x0) write$auto(r0, &(0x7f0000000040)='7\x00\\\x80\x04|\x03\xcb\x12\xfa\b\x1c\xc7k\x00\x0e\v9\xb5j\x00\x04\xc8\x1fa\x1c\x1a\x05 \xfdr/D\xbf\x98\x06\xe5\xf6\x8d\x1fX\xe5\xbc\xbc\"}$', 0x7fffffff) ioctl$auto_SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000040)) openat$auto_rfkill_fops_core(0xffffffffffffff9c, 0x0, 0x200dc0, 0x0) io_setup$auto(0x10000, 0x0) 3.020028877s ago: executing program 3 (id=4): mmap$auto(0x0, 0xc, 0xfffffffffffffff7, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0xa, 0xb5, 0x10, 0x4, 0x4, 0xffffffffffffffff, 0xa, "2af051a940806ec05be276cfc83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0x7, 0xe5, 0x3}, 0x10) socket(0x2, 0x1, 0x0) openat$auto_dvb_dvr_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000040), 0x2003, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x8, 0x200000000000948b, 0x3, 0x200015f4da0a, 0x9, 0x3, 0x3, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0x8000]}, 0x0) ioperm$auto(0x7, 0x6, 0x2) r0 = gettid() rt_sigqueueinfo$auto(r0, 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffffffffff0001, 0x15) io_uring_setup$auto(0x6, 0x0) madvise$auto(0x0, 0x200007, 0x19) r1 = socket(0x2, 0x2, 0x38) getsockopt$auto(r1, 0x3a, 0xce, 0x0, 0x0) mmap$auto(0x0, 0x408, 0x3, 0x20000000eb1, 0x401, 0x4000008000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) 2.327752684s ago: executing program 2 (id=7): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x100, 0x0) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000100), 0x40000, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0xa02, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = socketpair$auto(0x1e, 0x5, 0x80000000, 0x0) socket(0xa, 0x5, 0x0) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x4000010}, 0x804) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001740)='/sys/devices/virtual/vtconsole/vtcon1/name\x00', 0x8000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r3, 0x0, 0x0) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x4, 0x4, 0x2000063, 0x0, 0x0, 0x0, 0x1000, 0xb, 0x2005, 0x40000402, 0x4009, 0x9, 0xffffffff80000000, 0x9, 0x3, 0x200000100103}) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = gettid() ioctl$auto_XFS_IOC_ALLOCSP64(r2, 0x40305824, &(0x7f00000000c0)={0x5, 0x0, 0x9, 0x7fff80000000, 0x0, r5}) kexec_load$auto(0x5, 0x2, &(0x7f0000000040)={@kbuf=0x0, 0x2aa7, 0x6c0000c000, 0xc000}, 0x4) kill$auto(r5, 0x11) r6 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r6, 0xaf01, 0x5) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r4, 0x89fc, 0x0) 1.510805118s ago: executing program 2 (id=8): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/blkio.prio.class\x00', 0x183042, 0x0) sendfile$auto(r0, r0, 0x0, 0x8000) write$auto(0x3, 0x0, 0xc3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_proc_pid_set_comm_operations_base(0xffffffffffffff9c, 0x0, 0x2, 0x0) prctl$auto(0x16, 0x1, 0x6, 0xfffffffffffffffe, 0x4) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x20) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_proc_pid_set_comm_operations_base(0xffffffffffffff9c, 0x0, 0x10500, 0x0) ppoll$auto(0x0, 0x95, 0x0, 0x0, 0x8) pidfd_send_signal$auto_PIDFD_SIGNAL_PROCESS_GROUP(0xffffffffffffffff, 0x7, 0x0, 0x4) r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x8000, 0x0) sendmsg$auto_IPVS_CMD_GET_SERVICE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="d0000000", @ANYRES16=0x0, @ANYBLOB="040026bd7000fcdbdf2504000000b1000180f5c53c7461b64f8c60fb90f69a1d13d52d6da3527ec7b5be48e686e7364c12793198cdcb6a78253c3bdd7916ced602b5b19762a916baa53c0411bfbf1477407c42963b5791e719e91567d82c697af89370f6f7872979c6713c9b4265a481e529d40b485bc24dac0ed112ebaf8e0f59b20e48f9cffcaa0bed04dad70c00c2d584eb40a6d01a4f463f88d47ae307e73bfd4123c7765a43faedde7088214666ba0cf2c894acec08005c00", @ANYRES32, @ANYBLOB="0000000800040003000000780202807402da8004009f0005e969299377c515fba1ec068cf4bc524696ccfa31f0636e86e9ead7a57c5dbae9d25916617bca2061dd5109486efe289114244d0c6b80caaf44760684e204b8876de8a0be5b0e17915bb9319b3c9b0ea637785ac9c473387c78951f2e5681ea6de1c41585d4670ddf860bee32d836b7c722958b98d3c6ca547a8d2a99f065c895a7a693ce1c31ee96b46349a872953f95a123cdd6b248acb46bfdee74435ae6960a7f9110d0ea3cea56807ee682aa3818fef4060a827c6c620eab5f613a328e5b19470fa68d3e826521934812845d14a26c47162bcf977874cd87d5daf11c6ddff26a7c90d36a2d49505279443e865f2beec2a52ff4647a39e8a9095099451761676eeef529b758e77058e60eee85cc1a11b8173bdc6390f34fe4b2d2b6aa970a1f910e17f15b76f23cebd2db9a666baa88a0af389db9d878b62228aabdb38027a0099eb28639daf5bd097fcb651bd20c6285ef1132bcd652c10d1a82e509664187f88d18fb34fece5cd402d2d44de461c8e4e245904bd84a5b84536f98bc99656e175bc70d347c1ae0db88bb8f8a83dc6ad41337219bf9a455fd49d08fa9e1510fd2bc9aa21cc0d2f0a7da678b1131e84cbb17f4bae6a4e1275a923da597227894408b42621463854c2413378da3ac87ee8a3e062eb7b848d75e2f8b7829def9cb40535f8692e425829e9ac0897f2bc69101b37560cf143836552c50503f4935b0da024cff0eb4c078717e8333a12d535fa892b66b83fb53d54fc86f2f35ec87270380abe8c87cacf9b19aec7ea950bd374ecefa9c64c1d9e607a6fd71a4192aa1ab0e56d7cf158926d30423efc5d623475976b104306eef14bde160ce0921bb758c1967d648b8783fc799"], 0x348}, 0x1, 0x0, 0x0, 0x4004080}, 0x0) r4 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000680)=ANY=[@ANYBLOB="17000000", @ANYBLOB='j\x00'], 0x1ac}, 0x1, 0x0, 0x0, 0x40814}, 0x2004c0c4) sendmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) ioctl$auto_SNDCTL_DSP_SPEED(r3, 0xc0045002, 0x0) read$auto(r3, 0x0, 0xcefbce6) read$auto_nsim_dev_trap_fa_cookie_fops_dev(r3, &(0x7f0000000000)=""/156, 0x9c) 1.24915309s ago: executing program 1 (id=9): socket(0xa, 0x801, 0x84) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20342, 0x0) mmap$auto(0x0, 0x16da, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) writev$auto(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x5}, 0xa) read$auto(0xffffffffffffffff, 0x0, 0x7) r0 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r0, 0xaf01, 0x5) bpf$auto(0x0, &(0x7f0000000000)=@task_fd_query={0x7, 0x4, 0x200, 0x39, 0x8, 0xf, 0x1, 0x0, 0x2}, 0x6f4) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x800000) writev$auto(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0xa}, 0x5) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) r1 = socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) poll$auto(&(0x7f0000000480)={r1, 0x8000, 0xff81}, 0x7, 0x54b) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/rpc/use-gss-proxy\x00', 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0x3, 0x0, 0xfdef) 729.135319ms ago: executing program 3 (id=10): openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/cifs/Stats\x00', 0x28102, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_ima_measure_policy_ops_ima_fs(0xffffffffffffff9c, 0x0, 0x2dc08f24db163610, 0x0) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0x20000000000000d4, 0x1, 0x6, 0x0, 0x7, 0x368a, 0x4, {0x100000000, 0x10000}, 0x7, 0x1, 0xfffffffffffffffa, 0x1007fff, 0x0, 0x8, 0xfff, 0xdfffffffffff628e, 0x6, 0x6, 0x808}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D1\x00', 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0xa3db) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$auto(r1, 0x5453, r1) getrandom$auto(0x0, 0x6000000, 0x3) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) madvise$auto(0x110c230000, 0x1, 0x9) r2 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/pagetypeinfo\x00', 0x43102, 0x0) futex$auto(0x0, 0xc, 0xffffffff, 0x0, 0x0, 0x4) read$auto_proc_iter_file_ops_compat_inode(r2, &(0x7f00000007c0)=""/153, 0x99) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) statx$auto(0xffffff9c, 0x0, 0x1000, 0x803, 0x0) setsockopt$auto(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x56b) mmap$auto(0x0, 0x40009, 0x36, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0x2003f0, 0x18) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 368.425455ms ago: executing program 2 (id=11): socket(0x28, 0x1, 0x0) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB="2f212abd7800fd"], 0x14}}, 0x4000000) mmap$auto(0x0, 0x20009, 0xe0, 0xeb1, 0x40000000000a5, 0x8000) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000000)='/dev/usbmon1\x00', 0x4ad03, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/fs/pipe-max-size\x00', 0x6d4382, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/user\x00') fremovexattr$auto(r1, &(0x7f0000000240)='\xe8\x8b:\x1e\x98$\xddGi\x82\x12\xc1,platform/duoiY_hcd\xb0z\x85.4/usb5/descripto') openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, 0x0, 0x200000, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x61, 0x100001000000003, 0x9b72, 0x2, 0x8000) getsockopt$auto(0x3, 0x200000000001, 0x41, 0x0, 0x0) madvise$auto(0x108000, 0x800034, 0xa) unshare$auto(0x40000080) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x0) close_range$auto(0x2, 0x8, 0x3) r2 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x0, 0x0) ioctl$auto_MON_IOCX_MFETCH(r2, 0xc0109207, &(0x7f0000000100)={0x0, 0xcf, 0x7}) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptyz9\x00', 0x101800, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/010/001\x00', 0x20000, 0x0) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/platform/i8042/serio1/resolution\x00', 0x183902, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) write$auto(0x3, 0x0, 0xfdef) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) 118.995924ms ago: executing program 0 (id=12): mmap$auto(0x0, 0x2020005, 0x3, 0xeb5, 0xffffffffffffffff, 0x80000000) r0 = openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/tracing/trace_pipe\x00', 0x0, 0x0) ppoll$auto(&(0x7f0000000040)={r0, 0x4, 0xa7}, 0x1c, &(0x7f0000000080)={0x2, 0x6}, 0x0, 0x8) ioctl$auto_SNDRV_PCM_IOCTL_DRAIN2(0xffffffffffffffff, 0x4144, 0x0) mmap$auto(0x0, 0x4020004, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000e4, 0xeb1, 0x7f, 0x208000) read$auto_drm_debugfs_entry_fops_drm_debugfs(r1, &(0x7f0000000180)=""/66, 0x42) mmap$auto(0x0, 0x3, 0x4000000000df, 0x17, r1, 0x9) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0xffffffffffffffff, r0, 0x0) socket(0x2, 0x80802, 0x0) socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) io_uring_setup$auto(0x2, 0x0) setsockopt$auto(0x3, 0x1, 0x9, 0x0, 0x888) ioctl$auto(r2, 0x405c5503, 0x81) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0x54, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) r3 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC2\x00', 0x8001, 0x0) fcntl$auto_F_OFD_SETLKW(r3, 0x26, 0x2) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) unshare$auto(0x9) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nbd10/queue/iosched/read_expire\x00', 0x1c2b02, 0x0) sendfile$auto(r4, r4, 0x0, 0x3) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0) socket(0x22, 0x1, 0x80000000) openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/trace\x00', 0x600, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) 0s ago: executing program 1 (id=13): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/loop13/queue/wbt_lat_usec\x00', 0x206a1, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f00000000c0)='-', 0x1) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/softrepeat\x00', 0xc2481, 0x0) openat$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(0xffffffffffffff9c, 0x0, 0x40081, 0x0) r1 = openat$auto_xfs_dir_file_operations_xfs_file(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/bluetooth/hci4\x00', 0x20001, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/dummy_hcd.4/usb5/5-0:1.0/usb5-port1/power/pm_qos_no_power_off\x00', 0x20a42, 0x0) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/veth0/accept_ra_pinfo\x00', 0x2000, 0x0) read$auto(r3, 0x0, 0x1ff) write$auto(0x3, 0x0, 0xfdef) sendmsg$auto_ETHTOOL_MSG_LINKMODES_GET(r2, &(0x7f0000002300)={0x0, 0x0, &(0x7f00000022c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB], 0x14}}, 0x10040) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) semctl$auto(0x211, 0xfffffffffffffffa, 0x80000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r4 = socket(0x11, 0x3, 0x2) ioctl$sock_SIOCGIFINDEX(r4, 0x8955, 0x0) syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000000), r2) syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000080), r4) shmctl$auto_IPC_INFO(0x6, 0x3, &(0x7f0000000440)={{0x0, 0xffffffffffffffff, 0xee00, 0x9, 0xc1e, 0x0, 0x7}, 0x7fff, 0xe9, 0x5, 0x100, @inferred=0xffffffffffffffff, @inferred, 0xfffc, 0x0, &(0x7f0000000240)="140ecc14221384adf3da1575e6f23f863c15d5b50c853fb945618b52aa938224086741359696e56e3d333a58808b2669e210d0b030a1f266e6be5685cf52e8b6997c35fc51d11183abdb3d74e4d3c0c70c780399eb6588d3356a69d7cfffe6bac6927ce0ea22f0ec0b5cb18de50e6518ae20afd6765fea1b41e9b286bc", &(0x7f0000000340)="f4a331fad52ae43ebc3440ce9d2d9e058714df2d86e3b81944195601692f2018cea2253265e4d1923f472041e568861fffbb64e4b58b875ae19017b6acbd5ad5a3210f2d2590b4c79f7aad6a382c5860e2c744cc1ee46cd16cb3e8870659f609b781e74ee1fac93bfdfec606bfcca6bc84d80f6641970b78ed344ed1233c6e84cd36b1e6efae9259a0b86029ad77d4f0d4074003e26a7bcc1a01faefeb56c74da48891cfb4b46750b2e1f8b279ebd27131ff9c7c7d1f835f2dd82c5cc202fff358a3529010619a53f732922ab38e59920f646e2fcd723fbec7e2d96e56ac4cd4ffb2b482394aa1c8"}) ioctl$auto_XFS_IOC_FREE_EOFBLOCKS(r1, 0x8080583a, &(0x7f00000004c0)={0x205, 0x1b59, 0x0, r5, 0x9, 0x0, 0x4}) r6 = socket(0x2, 0x5, 0x0) mmap$auto(0xfffffffffffffffd, 0x20009, 0xe2, 0xeb1, 0x405, 0x7) getcwd$auto(0x0, 0xffffffffffffffff) setsockopt$auto(0x3, 0x10000000084, 0x3, 0x0, 0x4) io_uring_register$auto_IORING_REGISTER_ZCRX_IFQ(r6, 0x20, &(0x7f0000000180)="0c8702781fde14ff273ef7b57147584ef09e97942ac9657e4c22d669a638acce7bfcd9af843661e2af2215ebed431e5ae9eb9b5db04aaf72d7278110eed8dcab67c2a3dfd975b3cad762498dcb4901341e5ea30dca44db96440ed10c198be3455a4b1884d54d4572a498dca27b09e480b9614d5344738b2bd7b29e2b56b7d9520804b6a15d20988cabb4f8c32c8ecca892758c486265ef04444d3619a757fa6d49add83ed8406dfe65d19ca01567", 0xd) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f00000002c0)="4f1be9d411b1a47c3207e121dd49cc897ebca3ca93ffd37fe8cbbf71b6564641b3d08eec248c7d300f4bbe487b2ae56aebe99b1162fc206138afdf72de5abbf5d8628839b5c65e7b36", 0x10, &(0x7f00000000c0)={0x0, 0x1fff8}, 0x7, 0x0, 0x2, 0x8000b}, 0xfff}, 0x1, 0x311) r7 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x8001, 0x0) ioctl$auto(r7, 0x4, r7) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.70' (ED25519) to the list of known hosts. [ 90.643237][ T5816] cgroup: Unknown subsys name 'net' [ 90.761667][ T5816] cgroup: Unknown subsys name 'cpuset' [ 90.770890][ T5816] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 92.735998][ T5816] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 94.947467][ T5840] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 94.955245][ T5840] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 94.963744][ T5840] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 94.972102][ T5840] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 94.980091][ T5840] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 94.987987][ T5840] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 94.991884][ T5841] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 95.002203][ T5840] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 95.012174][ T5840] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 95.020414][ T5844] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 95.020537][ T5841] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 95.028628][ T5840] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 95.042090][ T5841] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 95.049261][ T5842] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 95.061470][ T5838] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 95.061583][ T5841] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 95.082552][ T5841] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 95.090149][ T5842] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 95.098902][ T55] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 95.116995][ T55] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 95.619395][ T5827] chnl_net:caif_netlink_parms(): no params data found [ 95.679574][ T5829] chnl_net:caif_netlink_parms(): no params data found [ 95.921671][ T5826] chnl_net:caif_netlink_parms(): no params data found [ 95.961188][ T5829] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.968600][ T5829] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.975983][ T5829] bridge_slave_0: entered allmulticast mode [ 95.983654][ T5829] bridge_slave_0: entered promiscuous mode [ 96.003940][ T5827] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.012048][ T5827] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.019355][ T5827] bridge_slave_0: entered allmulticast mode [ 96.027319][ T5827] bridge_slave_0: entered promiscuous mode [ 96.037073][ T5827] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.044250][ T5827] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.051556][ T5827] bridge_slave_1: entered allmulticast mode [ 96.059253][ T5827] bridge_slave_1: entered promiscuous mode [ 96.070286][ T5829] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.077526][ T5829] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.084756][ T5829] bridge_slave_1: entered allmulticast mode [ 96.093190][ T5829] bridge_slave_1: entered promiscuous mode [ 96.178864][ T5827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.188165][ T5828] chnl_net:caif_netlink_parms(): no params data found [ 96.222064][ T5827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.256056][ T5829] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.310073][ T5829] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.329597][ T5827] team0: Port device team_slave_0 added [ 96.387929][ T5827] team0: Port device team_slave_1 added [ 96.403541][ T5829] team0: Port device team_slave_0 added [ 96.413283][ T5829] team0: Port device team_slave_1 added [ 96.465991][ T5826] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.473265][ T5826] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.481402][ T5826] bridge_slave_0: entered allmulticast mode [ 96.489283][ T5826] bridge_slave_0: entered promiscuous mode [ 96.497896][ T5826] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.505009][ T5826] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.512301][ T5826] bridge_slave_1: entered allmulticast mode [ 96.520517][ T5826] bridge_slave_1: entered promiscuous mode [ 96.589033][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 96.596047][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.623138][ T5827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 96.649313][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 96.656739][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.682951][ T5829] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 96.709042][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 96.716046][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.743055][ T5827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 96.754524][ T5828] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.762235][ T5828] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.769536][ T5828] bridge_slave_0: entered allmulticast mode [ 96.777237][ T5828] bridge_slave_0: entered promiscuous mode [ 96.785124][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 96.792269][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.818653][ T5829] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 96.835856][ T5826] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.848749][ T5826] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.865595][ T5828] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.873155][ T5828] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.880808][ T5828] bridge_slave_1: entered allmulticast mode [ 96.889293][ T5828] bridge_slave_1: entered promiscuous mode [ 96.963852][ T9] cfg80211: failed to load regulatory.db [ 96.974288][ T5828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.988082][ T5826] team0: Port device team_slave_0 added [ 96.998495][ T5826] team0: Port device team_slave_1 added [ 97.022391][ T5828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 97.076765][ T5829] hsr_slave_0: entered promiscuous mode [ 97.083315][ T5829] hsr_slave_1: entered promiscuous mode [ 97.117128][ T5832] Bluetooth: hci3: command tx timeout [ 97.158571][ T5827] hsr_slave_0: entered promiscuous mode [ 97.164961][ T5827] hsr_slave_1: entered promiscuous mode [ 97.171373][ T5827] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 97.179431][ T5827] Cannot create hsr debugfs directory [ 97.190266][ T5828] team0: Port device team_slave_0 added [ 97.196607][ T5832] Bluetooth: hci0: command tx timeout [ 97.199811][ T5844] Bluetooth: hci2: command tx timeout [ 97.202268][ T5832] Bluetooth: hci1: command tx timeout [ 97.215103][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 97.222544][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.248754][ T5826] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 97.261918][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.269024][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.295231][ T5826] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.324252][ T5828] team0: Port device team_slave_1 added [ 97.431353][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 97.439021][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.465455][ T5828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 97.504105][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.511157][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.537327][ T5828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.607253][ T5826] hsr_slave_0: entered promiscuous mode [ 97.613739][ T5826] hsr_slave_1: entered promiscuous mode [ 97.621148][ T5826] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 97.628752][ T5826] Cannot create hsr debugfs directory [ 97.773711][ T5828] hsr_slave_0: entered promiscuous mode [ 97.780597][ T5828] hsr_slave_1: entered promiscuous mode [ 97.787595][ T5828] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 97.795220][ T5828] Cannot create hsr debugfs directory [ 98.077872][ T5829] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 98.101627][ T5829] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 98.113460][ T5829] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 98.142473][ T5829] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 98.214832][ T5827] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 98.230062][ T5827] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 98.242434][ T5827] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 98.261584][ T5827] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 98.399862][ T5826] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 98.413004][ T5826] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 98.425227][ T5826] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 98.443020][ T5826] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 98.547694][ T5829] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.559698][ T5828] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 98.571065][ T5828] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 98.583839][ T5828] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 98.594664][ T5828] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 98.672614][ T5829] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.718947][ T5827] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.729884][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.737237][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.752671][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.759895][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.828017][ T5827] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.884717][ T5826] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.934994][ T79] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.942217][ T79] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.954625][ T79] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.961862][ T79] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.043570][ T5826] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.076912][ T5828] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.114623][ T145] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.121911][ T145] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.152136][ T5058] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.159386][ T5058] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.199739][ T5832] Bluetooth: hci3: command tx timeout [ 99.272796][ T5828] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.277590][ T5832] Bluetooth: hci1: command tx timeout [ 99.284888][ T5832] Bluetooth: hci2: command tx timeout [ 99.294235][ T55] Bluetooth: hci0: command tx timeout [ 99.345969][ T145] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.353236][ T145] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.393076][ T1111] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.400357][ T1111] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.560609][ T5829] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 99.728679][ T5829] veth0_vlan: entered promiscuous mode [ 99.764611][ T5829] veth1_vlan: entered promiscuous mode [ 99.800608][ T5827] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 99.921369][ T5829] veth0_macvtap: entered promiscuous mode [ 99.965407][ T5829] veth1_macvtap: entered promiscuous mode [ 100.010379][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.050523][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.076036][ T5826] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.095426][ T5827] veth0_vlan: entered promiscuous mode [ 100.105379][ T5829] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.114929][ T5829] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.125797][ T5829] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.134969][ T5829] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.201021][ T5827] veth1_vlan: entered promiscuous mode [ 100.262677][ T5828] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.330519][ T5826] veth0_vlan: entered promiscuous mode [ 100.350131][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.364868][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.375597][ T5826] veth1_vlan: entered promiscuous mode [ 100.411086][ T5827] veth0_macvtap: entered promiscuous mode [ 100.453098][ T5058] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.453644][ T5827] veth1_macvtap: entered promiscuous mode [ 100.469512][ T5058] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.522811][ T5828] veth0_vlan: entered promiscuous mode [ 100.542836][ T5827] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 100.555097][ T5827] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 100.571556][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.588940][ T5829] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 100.608099][ T5828] veth1_vlan: entered promiscuous mode [ 100.622248][ T5826] veth0_macvtap: entered promiscuous mode [ 100.633481][ T5827] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 100.649361][ T5827] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 100.661359][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.682911][ T5826] veth1_macvtap: entered promiscuous mode [ 100.704640][ T5827] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.717279][ T5827] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.726079][ T5827] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.767646][ T5827] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.860873][ T5828] veth0_macvtap: entered promiscuous mode [ 100.877596][ T5826] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 100.899679][ T5826] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 100.912037][ T5826] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 100.923434][ T5826] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 100.940877][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.952071][ T5828] veth1_macvtap: entered promiscuous mode [ 101.000779][ T5896] can0: slcan on ttyS2. [ 101.009351][ T5826] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 101.020632][ T5826] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 101.030690][ T5826] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 101.042693][ T5826] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 101.054299][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 101.113618][ T5826] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.124639][ T5895] can0 (unregistered): slcan off ttyS2. [ 101.130443][ T5826] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.130508][ T5826] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.130550][ T5826] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.171881][ T5828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 101.183685][ T79] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.192055][ T79] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.202169][ T5828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 101.213451][ T5828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 101.224472][ T5828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 101.238009][ T5828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 101.251220][ T5828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 101.268124][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 101.285754][ T5832] Bluetooth: hci3: command tx timeout [ 101.319451][ T5828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 101.337435][ T5828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 101.352675][ T5828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 101.364426][ T5832] Bluetooth: hci2: command tx timeout [ 101.370050][ T55] Bluetooth: hci0: command tx timeout [ 101.373215][ T5844] Bluetooth: hci1: command tx timeout [ 101.377073][ T5828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 101.390859][ T5828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 101.403044][ T5828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 101.414817][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 101.449384][ T5828] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.459271][ T5828] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.469560][ T5828] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.478376][ T5828] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.526365][ T5900] FAULT_INJECTION: forcing a failure. [ 101.526365][ T5900] name failslab, interval 1, probability 0, space 0, times 1 [ 101.530866][ T145] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.571330][ T145] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.573314][ T5900] CPU: 0 UID: 0 PID: 5900 Comm: syz.0.5 Not tainted 6.15.0-rc5-syzkaller-00300-g3ce9925823c7 #0 PREEMPT(full) [ 101.573363][ T5900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 101.573388][ T5900] Call Trace: [ 101.573400][ T5900] [ 101.573416][ T5900] dump_stack_lvl+0x16c/0x1f0 [ 101.573477][ T5900] should_fail_ex+0x512/0x640 [ 101.573525][ T5900] ? __kmalloc_node_noprof+0xc5/0x500 [ 101.573571][ T5900] should_failslab+0xc2/0x120 [ 101.573613][ T5900] __kmalloc_node_noprof+0xd8/0x500 [ 101.573652][ T5900] ? obj_cgroup_charge+0x365/0x640 [ 101.573693][ T5900] ? alloc_slab_obj_exts+0x41/0xa0 [ 101.573754][ T5900] alloc_slab_obj_exts+0x41/0xa0 [ 101.573808][ T5900] __memcg_slab_post_alloc_hook+0x27b/0x940 [ 101.573866][ T5900] ? __register_sysctl_table+0xb3/0x1900 [ 101.573903][ T5900] __kmalloc_noprof+0x3f9/0x510 [ 101.573950][ T5900] __register_sysctl_table+0xb3/0x1900 [ 101.573998][ T5900] ? is_module_address+0x5f/0xf0 [ 101.574049][ T5900] ? __pfx___register_sysctl_table+0x10/0x10 [ 101.574087][ T5900] ? is_module_address+0x69/0xf0 [ 101.574130][ T5900] ? register_net_sysctl_sz+0x228/0x3e0 [ 101.574186][ T5900] ? __asan_memcpy+0x3c/0x60 [ 101.574221][ T5900] sysctl_core_net_init+0xe3/0x280 [ 101.574280][ T5900] ? __pfx_sysctl_core_net_init+0x10/0x10 [ 101.574336][ T5900] ops_init+0x1df/0x5f0 [ 101.574382][ T5900] setup_net+0x21e/0x850 [ 101.574428][ T5900] ? __pfx_setup_net+0x10/0x10 [ 101.574467][ T5900] ? lockdep_init_map_type+0x5c/0x280 [ 101.574514][ T5900] ? __pfx_down_read_killable+0x10/0x10 [ 101.574550][ T5900] ? debug_mutex_init+0x37/0x70 [ 101.574587][ T5900] copy_net_ns+0x2a6/0x5f0 [ 101.574637][ T5900] create_new_namespaces+0x3ea/0xad0 [ 101.574685][ T5900] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 101.574728][ T5900] ksys_unshare+0x45b/0xa40 [ 101.574775][ T5900] ? __pfx_ksys_unshare+0x10/0x10 [ 101.574818][ T5900] ? xfd_validate_state+0x5d/0x180 [ 101.574877][ T5900] ? rcu_is_watching+0x12/0xc0 [ 101.574918][ T5900] __x64_sys_unshare+0x31/0x40 [ 101.574975][ T5900] do_syscall_64+0xcd/0x230 [ 101.575030][ T5900] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 101.575065][ T5900] RIP: 0033:0x7f9897f8e969 [ 101.575093][ T5900] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 101.575125][ T5900] RSP: 002b:00007f9898d68038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 101.575157][ T5900] RAX: ffffffffffffffda RBX: 00007f98981b5fa0 RCX: 00007f9897f8e969 [ 101.575179][ T5900] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 101.575200][ T5900] RBP: 00007f9898010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 101.575219][ T5900] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 101.575240][ T5900] R13: 0000000000000000 R14: 00007f98981b5fa0 R15: 00007ffc25781b28 [ 101.575283][ T5900] [ 101.585812][ T5901] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 101.920663][ T5058] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.943589][ T5058] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.066612][ T5058] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.074501][ T5058] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.252782][ T145] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.304435][ T145] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.357001][ T145] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.377521][ T145] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.596773][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 102.605362][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 102.780652][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 102.832702][ T5917] can: request_module (can-proto-3) failed. [ 103.356344][ T5844] Bluetooth: hci3: command tx timeout [ 103.436690][ T5844] Bluetooth: hci2: command tx timeout [ 103.436708][ T5832] Bluetooth: hci1: command tx timeout [ 103.436747][ T5832] Bluetooth: hci0: command tx timeout [ 103.748668][ T5926] FAULT_INJECTION: forcing a failure. [ 103.748668][ T5926] name failslab, interval 1, probability 0, space 0, times 0 [ 103.763630][ T5926] CPU: 0 UID: 0 PID: 5926 Comm: syz.2.7 Not tainted 6.15.0-rc5-syzkaller-00300-g3ce9925823c7 #0 PREEMPT(full) [ 103.763673][ T5926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 103.763691][ T5926] Call Trace: [ 103.763700][ T5926] [ 103.763711][ T5926] dump_stack_lvl+0x16c/0x1f0 [ 103.763761][ T5926] should_fail_ex+0x512/0x640 [ 103.763802][ T5926] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 103.763836][ T5926] should_failslab+0xc2/0x120 [ 103.763873][ T5926] __kmalloc_cache_noprof+0x6a/0x3e0 [ 103.763902][ T5926] ? vhost_net_open+0xb4/0x8a0 [ 103.763934][ T5926] ? kasan_save_track+0x14/0x30 [ 103.763968][ T5926] vhost_net_open+0xb4/0x8a0 [ 103.763999][ T5926] ? __pfx_vhost_net_open+0x10/0x10 [ 103.764032][ T5926] misc_open+0x35a/0x420 [ 103.764080][ T5926] ? __pfx_misc_open+0x10/0x10 [ 103.764124][ T5926] chrdev_open+0x231/0x6a0 [ 103.764157][ T5926] ? __pfx_chrdev_open+0x10/0x10 [ 103.764192][ T5926] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 103.764243][ T5926] do_dentry_open+0x741/0x1c10 [ 103.764275][ T5926] ? __pfx_chrdev_open+0x10/0x10 [ 103.764314][ T5926] vfs_open+0x82/0x3f0 [ 103.764357][ T5926] path_openat+0x1e5e/0x2d40 [ 103.764399][ T5926] ? __pfx_path_openat+0x10/0x10 [ 103.764438][ T5926] do_filp_open+0x20b/0x470 [ 103.764467][ T5926] ? __pfx_do_filp_open+0x10/0x10 [ 103.764523][ T5926] ? alloc_fd+0x471/0x7d0 [ 103.764588][ T5926] do_sys_openat2+0x11b/0x1d0 [ 103.764628][ T5926] ? __pfx_do_sys_openat2+0x10/0x10 [ 103.764683][ T5926] __x64_sys_openat+0x174/0x210 [ 103.764723][ T5926] ? __pfx___x64_sys_openat+0x10/0x10 [ 103.764765][ T5926] ? rcu_is_watching+0x12/0xc0 [ 103.764803][ T5926] do_syscall_64+0xcd/0x230 [ 103.764851][ T5926] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.764881][ T5926] RIP: 0033:0x7fbd8e58e969 [ 103.764904][ T5926] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 103.764932][ T5926] RSP: 002b:00007fbd8f35b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 103.764960][ T5926] RAX: ffffffffffffffda RBX: 00007fbd8e7b5fa0 RCX: 00007fbd8e58e969 [ 103.764980][ T5926] RDX: 0000000000000000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 103.764999][ T5926] RBP: 00007fbd8e610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 103.765017][ T5926] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 103.765034][ T5926] R13: 0000000000000000 R14: 00007fbd8e7b5fa0 R15: 00007ffeebc85758 [ 103.765071][ T5926] [ 104.530677][ T30] audit: type=1326 audit(1746932886.425:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5933 comm="syz.2.8" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fbd8e58e969 code=0x0 [ 104.589251][ T5936] Zero length message leads to an empty skb [ 104.615459][ T5936] FAULT_INJECTION: forcing a failure. [ 104.615459][ T5936] name failslab, interval 1, probability 0, space 0, times 0 [ 104.648952][ T5936] CPU: 1 UID: 0 PID: 5936 Comm: syz.2.8 Not tainted 6.15.0-rc5-syzkaller-00300-g3ce9925823c7 #0 PREEMPT(full) [ 104.648994][ T5936] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 104.649012][ T5936] Call Trace: [ 104.649022][ T5936] [ 104.649034][ T5936] dump_stack_lvl+0x16c/0x1f0 [ 104.649083][ T5936] should_fail_ex+0x512/0x640 [ 104.649127][ T5936] ? __kvmalloc_node_noprof+0x122/0x600 [ 104.649166][ T5936] should_failslab+0xc2/0x120 [ 104.649204][ T5936] __kvmalloc_node_noprof+0x135/0x600 [ 104.649236][ T5936] ? rcu_is_watching+0x12/0xc0 [ 104.649266][ T5936] ? kfree+0x252/0x4d0 [ 104.649289][ T5936] ? snd_pcm_plugin_alloc+0x5f8/0x7f0 [ 104.649348][ T5936] ? snd_pcm_plugin_alloc+0x5f8/0x7f0 [ 104.649396][ T5936] snd_pcm_plugin_alloc+0x5f8/0x7f0 [ 104.649452][ T5936] snd_pcm_plug_alloc+0x146/0x330 [ 104.649505][ T5936] snd_pcm_oss_change_params_locked+0x19b8/0x3b40 [ 104.649575][ T5936] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 104.649657][ T5936] snd_pcm_oss_get_active_substream+0x168/0x1d0 [ 104.649726][ T5936] snd_pcm_oss_ioctl+0x21e9/0x37a0 [ 104.649788][ T5936] ? hook_file_ioctl_common+0x145/0x410 [ 104.649830][ T5936] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 104.649882][ T5936] ? __fget_files+0x20e/0x3c0 [ 104.649939][ T5936] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 104.649990][ T5936] __x64_sys_ioctl+0x190/0x200 [ 104.650036][ T5936] do_syscall_64+0xcd/0x230 [ 104.650086][ T5936] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.650119][ T5936] RIP: 0033:0x7fbd8e58e969 [ 104.650143][ T5936] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 104.650174][ T5936] RSP: 002b:00007fbd8f33a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 104.650203][ T5936] RAX: ffffffffffffffda RBX: 00007fbd8e7b6080 RCX: 00007fbd8e58e969 [ 104.650223][ T5936] RDX: 0000000000000000 RSI: 00000000c0045002 RDI: 0000000000000006 [ 104.650242][ T5936] RBP: 00007fbd8e610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 104.650262][ T5936] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 104.650280][ T5936] R13: 0000000000000000 R14: 00007fbd8e7b6080 R15: 00007ffeebc85758 [ 104.650322][ T5936] [ 105.371347][ T5946] mmap: syz.3.10 (5946) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 106.263718][ T5956] [ 106.266116][ T5956] ====================================================== [ 106.273157][ T5956] WARNING: possible circular locking dependency detected [ 106.280191][ T5956] 6.15.0-rc5-syzkaller-00300-g3ce9925823c7 #0 Not tainted [ 106.287318][ T5956] ------------------------------------------------------ [ 106.294348][ T5956] syz.1.13/5956 is trying to acquire lock: [ 106.300165][ T5956] ffff888143fe5d98 (&q->elevator_lock){+.+.}-{4:4}, at: queue_wb_lat_store+0x187/0x3d0 [ 106.309890][ T5956] [ 106.309890][ T5956] but task is already holding lock: [ 106.317282][ T5956] ffff888143fe5868 (&q->q_usage_counter(io)#30){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 106.328567][ T5956] [ 106.328567][ T5956] which lock already depends on the new lock. [ 106.328567][ T5956] [ 106.338981][ T5956] [ 106.338981][ T5956] the existing dependency chain (in reverse order) is: [ 106.348004][ T5956] [ 106.348004][ T5956] -> #2 (&q->q_usage_counter(io)#30){++++}-{0:0}: [ 106.356649][ T5956] blk_alloc_queue+0x619/0x760 [ 106.361967][ T5956] blk_mq_alloc_queue+0x179/0x290 [ 106.367555][ T5956] __blk_mq_alloc_disk+0x29/0x120 [ 106.373140][ T5956] loop_add+0x496/0xb70 [ 106.377843][ T5956] loop_init+0x164/0x270 [ 106.382638][ T5956] do_one_initcall+0x120/0x6e0 [ 106.387961][ T5956] kernel_init_freeable+0x5c2/0x900 [ 106.393718][ T5956] kernel_init+0x1c/0x2b0 [ 106.398594][ T5956] ret_from_fork+0x45/0x80 [ 106.403551][ T5956] ret_from_fork_asm+0x1a/0x30 [ 106.408875][ T5956] [ 106.408875][ T5956] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 106.416210][ T5956] fs_reclaim_acquire+0x102/0x150 [ 106.421787][ T5956] kmem_cache_alloc_noprof+0x53/0x3b0 [ 106.427699][ T5956] __kernfs_new_node+0xd2/0x8a0 [ 106.433106][ T5956] kernfs_new_node+0x13c/0x1e0 [ 106.438409][ T5956] kernfs_create_dir_ns+0x4c/0x1a0 [ 106.444068][ T5956] sysfs_create_dir_ns+0x13a/0x2b0 [ 106.449737][ T5956] kobject_add_internal+0x2c4/0x9b0 [ 106.455498][ T5956] kobject_add+0x16e/0x240 [ 106.460452][ T5956] elv_register_queue+0xd3/0x2a0 [ 106.465948][ T5956] blk_register_queue+0x3c4/0x560 [ 106.471520][ T5956] add_disk_fwnode+0x911/0x13a0 [ 106.476924][ T5956] nbd_dev_add+0x78e/0xbb0 [ 106.481882][ T5956] nbd_init+0x181/0x320 [ 106.486581][ T5956] do_one_initcall+0x120/0x6e0 [ 106.491895][ T5956] kernel_init_freeable+0x5c2/0x900 [ 106.497641][ T5956] kernel_init+0x1c/0x2b0 [ 106.502510][ T5956] ret_from_fork+0x45/0x80 [ 106.507466][ T5956] ret_from_fork_asm+0x1a/0x30 [ 106.512781][ T5956] [ 106.512781][ T5956] -> #0 (&q->elevator_lock){+.+.}-{4:4}: [ 106.520626][ T5956] __lock_acquire+0x1173/0x1ba0 [ 106.526026][ T5956] lock_acquire+0x179/0x350 [ 106.531074][ T5956] __mutex_lock+0x199/0xb90 [ 106.536129][ T5956] queue_wb_lat_store+0x187/0x3d0 [ 106.541732][ T5956] queue_attr_store+0x270/0x310 [ 106.547246][ T5956] sysfs_kf_write+0xef/0x150 [ 106.552396][ T5956] kernfs_fop_write_iter+0x351/0x510 [ 106.558232][ T5956] vfs_write+0x5ba/0x1180 [ 106.563101][ T5956] ksys_write+0x12a/0x240 [ 106.567965][ T5956] do_syscall_64+0xcd/0x230 [ 106.573022][ T5956] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.579466][ T5956] [ 106.579466][ T5956] other info that might help us debug this: [ 106.579466][ T5956] [ 106.589715][ T5956] Chain exists of: [ 106.589715][ T5956] &q->elevator_lock --> fs_reclaim --> &q->q_usage_counter(io)#30 [ 106.589715][ T5956] [ 106.603539][ T5956] Possible unsafe locking scenario: [ 106.603539][ T5956] [ 106.610993][ T5956] CPU0 CPU1 [ 106.616365][ T5956] ---- ---- [ 106.621737][ T5956] lock(&q->q_usage_counter(io)#30); [ 106.627136][ T5956] lock(fs_reclaim); [ 106.633674][ T5956] lock(&q->q_usage_counter(io)#30); [ 106.641607][ T5956] lock(&q->elevator_lock); [ 106.646221][ T5956] [ 106.646221][ T5956] *** DEADLOCK *** [ 106.646221][ T5956] [ 106.654374][ T5956] 6 locks held by syz.1.13/5956: [ 106.659322][ T5956] #0: ffff888077abe2b8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2a2/0x370 [ 106.668506][ T5956] #1: ffff88807e50a420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x240 [ 106.677608][ T5956] #2: ffff8880223ecc88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 [ 106.687424][ T5956] #3: ffff888025b003c8 (kn->active#63){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 [ 106.697487][ T5956] #4: ffff888143fe5868 (&q->q_usage_counter(io)#30){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 106.709291][ T5956] #5: ffff888143fe58a0 (&q->q_usage_counter(queue)#20){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 106.721358][ T5956] [ 106.721358][ T5956] stack backtrace: [ 106.727264][ T5956] CPU: 0 UID: 0 PID: 5956 Comm: syz.1.13 Not tainted 6.15.0-rc5-syzkaller-00300-g3ce9925823c7 #0 PREEMPT(full) [ 106.727296][ T5956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 106.727312][ T5956] Call Trace: [ 106.727319][ T5956] [ 106.727328][ T5956] dump_stack_lvl+0x116/0x1f0 [ 106.727368][ T5956] print_circular_bug+0x275/0x350 [ 106.727401][ T5956] check_noncircular+0x14c/0x170 [ 106.727442][ T5956] __lock_acquire+0x1173/0x1ba0 [ 106.727481][ T5956] lock_acquire+0x179/0x350 [ 106.727512][ T5956] ? queue_wb_lat_store+0x187/0x3d0 [ 106.727554][ T5956] ? __pfx___might_resched+0x10/0x10 [ 106.727582][ T5956] ? do_raw_spin_lock+0x12c/0x2b0 [ 106.727628][ T5956] __mutex_lock+0x199/0xb90 [ 106.727665][ T5956] ? queue_wb_lat_store+0x187/0x3d0 [ 106.727706][ T5956] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 106.727739][ T5956] ? queue_wb_lat_store+0x187/0x3d0 [ 106.727777][ T5956] ? lockdep_hardirqs_on+0x7c/0x110 [ 106.727812][ T5956] ? __pfx___mutex_lock+0x10/0x10 [ 106.727852][ T5956] ? __pfx_autoremove_wake_function+0x10/0x10 [ 106.727886][ T5956] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 106.727926][ T5956] ? queue_wb_lat_store+0x187/0x3d0 [ 106.727965][ T5956] queue_wb_lat_store+0x187/0x3d0 [ 106.728005][ T5956] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 106.728047][ T5956] ? __mutex_trylock_common+0xe9/0x250 [ 106.728082][ T5956] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 106.728122][ T5956] queue_attr_store+0x270/0x310 [ 106.728163][ T5956] ? __pfx_queue_attr_store+0x10/0x10 [ 106.728210][ T5956] ? find_held_lock+0x2b/0x80 [ 106.728234][ T5956] ? sysfs_file_kobj+0xe4/0x290 [ 106.728271][ T5956] ? __pfx_queue_attr_store+0x10/0x10 [ 106.728312][ T5956] sysfs_kf_write+0xef/0x150 [ 106.728349][ T5956] kernfs_fop_write_iter+0x351/0x510 [ 106.728381][ T5956] ? __pfx_sysfs_kf_write+0x10/0x10 [ 106.728504][ T5956] vfs_write+0x5ba/0x1180 [ 106.728529][ T5956] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 106.728562][ T5956] ? __pfx___mutex_lock+0x10/0x10 [ 106.728599][ T5956] ? __pfx_vfs_write+0x10/0x10 [ 106.728631][ T5956] ksys_write+0x12a/0x240 [ 106.728654][ T5956] ? __pfx_ksys_write+0x10/0x10 [ 106.728677][ T5956] ? rcu_is_watching+0x12/0xc0 [ 106.728704][ T5956] do_syscall_64+0xcd/0x230 [ 106.728743][ T5956] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.728769][ T5956] RIP: 0033:0x7fe33938e969 [ 106.728789][ T5956] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 106.728813][ T5956] RSP: 002b:00007fe33a222038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 106.728836][ T5956] RAX: ffffffffffffffda RBX: 00007fe3395b5fa0 RCX: 00007fe33938e969 [ 106.728853][ T5956] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 0000000000000003 [ 106.728868][ T5956] RBP: 00007fe339410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 106.728884][ T5956] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 106.728898][ T5956] R13: 0000000000000000 R14: 00007fe3395b5fa0 R15: 00007fff1adfb4e8 [ 106.728922][ T5956] [ 107.270886][ T5956] program syz.1.13 is using a deprecated SCSI ioctl, please convert it to SG_IO