last executing test programs: 7.954866878s ago: executing program 1 (id=499): mmap$auto(0x0, 0x9, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) sysfs$auto(0x2, 0x100000000000031, 0x0) fsopen$auto(0x0, 0x1) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) r0 = openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/dri/vkms/name\x00', 0x971b02, 0x0) r1 = mq_open$auto(&(0x7f00000000c0)='\x12\xe6D\b\x9e\x00\x80\x8d\f\xb9w-\xbd!\x9eb\xed\xfb\x0f\xe5\x9dZ\xc2\xd1\x01wBV\x91\x8f_\xc0.\x84\xfe\x84\xd1se\x01\x06\x00\xb3\x13_Y&\xa9\x88\xe4\xa2\xb0V\x85\x92<\xb6\xdcT \\\xf2\v\xb1\xe2\xd8\xfa\xd8V\xe5\x00\xfa\xe9!\xc5<\xce\x18=\x06\xdagq\xb5\r\t\xb2\xde\x99\xd50\xbb\x90\xc0\xba\xc0u\x192\x1c4\x86\xc0\xc1-\xd5\x10\xc3\xfc*[8\x89h\xc5\xba\xff\xc8u&\x81I6\v\xcc\x00\x00\x00\x00\x00\x00\x00\x00', 0x400062, 0xfffc, 0x0) mmap$auto(0xfffffffff8, 0xa, 0x8, 0x7427c1bb, r0, 0xfff) socket(0xa, 0x801, 0x84) setsockopt$auto(0x3, 0x10000000084, 0x76, 0x0, 0x2) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) unshare$auto(0x40000080) socket(0xa, 0x3, 0x3a) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x23, 0xc, 0x2008, 0x9, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/fs/orangefs/acache/hard_limit\x00', 0x142, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000000140)=""/156, 0x9c) setsockopt$auto(0x400000000000003, 0x29, 0xd1, 0x0, 0x4) ioctl$auto_BLKSECTGET(r1, 0x1267, 0x0) ioctl$auto(r2, 0x5608, 0x7) mq_timedreceive$auto(r1, 0x0, 0x4dc9, 0x0, 0x0) mq_timedreceive$auto(r1, 0x0, 0xfffffffffffffff9, 0x0, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/freezer.state\x00', 0x10b342, 0x0) pwrite64$auto(r4, &(0x7f0000000080)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdde\x1cJ\x99\x00\x00\x06\x00\x06\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\x00\x00\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e#\xae\xa9i8W\xe5Iq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00'/232, 0x2, 0x3) pidfd_open$auto(0x0, 0x0) r5 = set_tid_address$auto(0x0) ioprio_set$auto_IOPRIO_WHO_PGRP(0x2, r5, 0x8) kcmp$auto_KCMP_SIGHAND(0x0, r5, 0x4, 0x3, 0xc0) read$auto_drm_debugfs_entry_fops_drm_debugfs(r0, &(0x7f0000000180)=""/4125, 0x101d) 6.93323571s ago: executing program 2 (id=502): syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) mmap$auto(0x2, 0xaa06, 0xdf, 0xeb1, 0xffffffffffffffff, 0x2) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, r0, 0x2) madvise$auto(0x0, 0xffffffffffff0001, 0x15) close_range$auto(0x2, 0x8, 0x0) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000180), 0xffffffffffffffff) msgctl$auto_MSG_INFO(0x9, 0xc, &(0x7f0000000240)={{0x80020000, 0xee00, 0xee01, 0x9, 0x0, 0x7, 0x8}, 0x0, &(0x7f0000000200)=0xd5, 0x6, 0xfffffffffffff90b, 0x1fa1ac89, 0x10, 0x1000, 0x598, 0xf, 0x3, @inferred, @raw=0xffffffff}) sendmsg$auto_TIPC_NL_NET_SET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x4000080) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r3 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL802154_CMD_GET_SEC_KEY(r2, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0x24, r3, 0x400, 0x70bd2d, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0xffff}, @NL802154_ATTR_SCAN_TYPE={0x5, 0x1f, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x801) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x0, 0x4000c, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) prctl$auto(0x1000000003b, 0x7, 0x0, 0x9, 0x7) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) r4 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r4, 0x0, 0x14) setresuid$auto(0x2, 0x7, 0x8080) ioprio_get$auto(0x3, 0x2) 5.553160514s ago: executing program 2 (id=504): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x3ff, 0x8000) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = open(&(0x7f0000000040)='./file0\x00', 0x2200, 0xc4) close_range$auto(0x2, 0x8, 0x3) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_CREATE_VM(r1, 0xae80, 0xf0) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0x2000040080000004, 0xe) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x149181, 0x0) r3 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/smaps_rollup\x00', 0x40000, 0x0) read$auto_proc_pid_maps_operations_internal(r3, &(0x7f0000002100)=""/4099, 0x1003) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sysfs$auto(0x2, 0x100000000000028, 0x0) fsopen$auto(0x0, 0x1) close_range$auto(0x2, 0x5, 0x0) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$auto(0x3, 0x4020aeb2, 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x40001, 0x0) write$auto(0x3, 0x0, 0xfdef) ioctl$auto(0x3, 0x541a, r0) socket(0x10, 0x2, 0x0) tee$auto(0x2000000000000, 0x3, 0x402, 0xd) 5.383233369s ago: executing program 1 (id=505): mmap$auto(0x0, 0x1, 0xdf, 0xeb5, 0x401, 0x8000) unshare$auto(0x40000080) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f00000003c0)) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) timer_create$auto_CLOCK_BOOTTIME_ALARM(0x9, &(0x7f0000002b80)={@sival_int=0x1ff, @inferred=0xffffffffffffffff}, 0x0) r1 = getpgid(0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) rt_tgsigqueueinfo$auto(0xffffffffffffffff, r1, 0x8, &(0x7f0000000100)={@siginfo_0_0={0x6, 0xe, 0x5, @_sigchld={r1, 0x0, 0x401, 0x5, 0x3}}}) sendmsg$auto_MACSEC_CMD_ADD_RXSA(r2, 0xfffffffffffffffc, 0x8081) r3 = socket(0x11, 0x3, 0x2) r4 = getsockopt$auto(r3, 0x107, 0xc, 0x0, 0x0) syz_genetlink_get_family_id$auto_ovs_vport(0x0, 0xffffffffffffffff) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x40) ioctl$auto_PPPIOCSPASS(r0, 0x40107447, &(0x7f00000000c0)={0x8, &(0x7f0000000040)={0x78, 0x14, 0x1b, @inferred=r4}}) execve$auto(&(0x7f0000000180)='./file0\x00', &(0x7f0000000100)=&(0x7f0000000080)='\xac\x00', &(0x7f0000000000)=&(0x7f0000000200)=' ') 5.177481305s ago: executing program 3 (id=507): mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_NEW_KEY(r1, &(0x7f00000048c0)={0x0, 0x0, &(0x7f0000004880)={&(0x7f0000000140)={0x1c, r0, 0x1, 0x70bd29, 0x25dfdbfd, {}, [@NL80211_ATTR_IFINDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x890) (async, rerun: 64) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async, rerun: 64) write$auto(0xffffffffffffffff, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/system/node/node0/hugepages/hugepages-1048576kB/nr_hugepages\x00', 0xe8202, 0x0) sendfile$auto(r3, r3, 0x0, 0xcd) (async, rerun: 32) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000e3d9) (rerun: 32) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/slab/kmalloc-64/objects\x00', 0x20000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f00000008c0)=""/61, 0x3d) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) r5 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x2020009, 0x2, 0xf8, 0xfffffffffffffffa, 0x8000) memfd_create$auto(0x0, 0xe) (async) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nbd10\x00', 0x1206c2, 0x0) write$auto(r1, &(0x7f0000000300)='\x18\xd4W5Z\xdb\xec\f\xbd\xaef\xf1\xc2V}k\xef\xd2\xc9\nY\xdb\xfeJ9+\x7f*\xd2\xfd\xc8`28Tdv\x04\xc9\xfe\xb4\x84\xa8+\xfdR\xd1\x18xJ`\xbf\x84F\x93\xe2\x1f\xc13\x17]\xfa\xfc\x0fg=o\xca\xd1\xf3D\xf7\xb7[bd\x909Sg\xbc\xfd\xc8\xecU\xee\xbe*\x19\xfa\xaa\x80\xec', 0x80000000) ioctl$auto_BLKRRPART(r5, 0x125f, 0x0) unshare$auto(0x40000080) (async) mmap$auto(0x6, 0x9, 0xdf, 0xebf, r2, 0xea94) (async) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) (async) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) socket(0x2, 0x1, 0x0) (async) epoll_create$auto(0x4) r6 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptyv4\x00', 0x323c83, 0x0) ioctl$auto_TCSBRKP2(r6, 0x5425, 0x0) (async) r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptyxc\x00', 0x80001, 0x0) ioctl$auto_TCFLSH2(r7, 0x5408, 0x0) (async, rerun: 32) mremap$auto(0x200000, 0x7, 0x3fd6, 0x3, 0x20000000) (rerun: 32) 4.597999969s ago: executing program 1 (id=508): close_range$auto(0xffffffffffffffff, 0x8, 0xfffffffc) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000001980)=ANY=[@ANYBLOB="3c1f0000", @ANYRES16=r1, @ANYBLOB="1b0026bd7000fddbdf2503000000040008000c00038008000c800400018012000100898771f1c19f17790485908286dd000004000280"], 0x3c}, 0x1, 0x0, 0x0, 0x50}, 0xc800) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r2, 0xc0045516, &(0x7f00000001c0)=0x6) unshare$auto(0x40000080) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x80102, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\v\xba\x8av\xf0\x85\x9e`\x1fN$\xd4\x1c\xe0\xa6\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x89\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI', 0x100000a3db) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x5, 0x5, 0x2009, 0x0, 0x0) r4 = openat$auto_proc_pid_numa_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/numa_maps\x00', 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyq2\x00', 0x40001, 0x0) ioctl$auto_TCFLSH2(r5, 0x80045439, 0x0) ioctl$auto_TIOCSETD2(r5, 0x5423, 0x0) ioctl$auto(r5, 0x8926, r5) read$auto_proc_sessionid_operations_base(r4, &(0x7f00000000c0)=""/4096, 0x1000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0x200007, 0x19) r6 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000005800), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_TX_INFO_FRAME(0xffffffffffffffff, &(0x7f0000006940)={0x0, 0x0, &(0x7f0000006900)={&(0x7f0000006980)=ANY=[@ANYRES16=r6, @ANYBLOB="010029bd7000ffdbdf250300000038121c8084100580801000802400048008000200070000000c00030005000000000000000400050004000500040005004700010015498343c724307734086992dc1e25a2a9103e4bf48686438120218fc18eb8d92081607cef938d982b98b2ffabb3d4697d0e992a1ea9d3b471e918ae07e413f97503f800040004800800048004000500041001001fb5becd41368ab779a0b29218e67556fc4604877ebfcbd398c11fb77c35a8bf6e74ddc9b04a9138098aecf779ea7e3d541edf3023425cada97c0dc587c6fa47716dd359907f0a162a0b886614c1a7e9546da002cc83e2ed566b0379129f985c460fbbf435e700a4b5580b8a56632571928f8f21f4d11364a0ef75b476ff3956f1c7da142f79c10a4876ffcc63f2d86a0e69b888fc4f296dee02ad8557cdbfb9f0235a183eca304867b40759629cbc72b1502c43b99766ba6d68b0c0ab3c3f028eac0d0571801e5df2a1d739c243a58bf16cfb3859743e905b7ba869f46438f8ae3034bf72d5e80c5484943de2b70c62ef38e5219cc8006f282faca545419374470f9a70397a1f81bc4623e08269594bbebf9b08b81b87ccaebf876dcaf1fa4562e3163b353cb8ff91dba36cfd929ec300388d9224fe45abcc42e157398da0642301b14d590dd9a490eeb4555c64ae48caedffd84b246834f69dfa63f173ce93ba2775a6f4aba2492fe9d62fcae89dab6719935a28c2d614d93e984df4b3a292e0e5d6754a30e52d52b951092a4df3b6abb5c8b74740d551a77c41d02f0ea667e8acb61eac844c20151dac7c08ae95aed291d11cd81365501d3fb0120e11566f94afe38fb008e05536f93364d00a43b8f486bd9aeed50d5a38947982f5f700f06aa7d6783f30abda22a3c9948a274bfae36f6a66c3229520089d65cbddde93a28dd2a72e93bc6c0d9b98f49c9d771f73b1d4dcb6c06829b15422f0c596401ba563a88ded070e2a05a79c8070085502fb3ca34fc767ff2d3b490bb9a6abc3019eefaa4bd9f345f6b94d597166754c5f95140dc5fa9ce51a7cc3257885d074c7cdfd88bb400fd6dbe2d4a830134967cacad9beaff366bf7e3b0a4fa0526473a70c1f44e343a5b9fadf9fc536113772f0f7b0bf16f9b7a7dd8eaa5f7fd9cf259565247f0e58375156005c30e25691d7f8fbd489af83a18f71a38b1996be1ca10bdcbe8d850603d9b81ba828c907753483e9ff23d1d861c36d8045acadaa640a61357fcf9aed13afdf56d13861dd74ce620e592230d3c8699e9adccf2920614ae13c1e3e88a830f36bfcd40ff7c767995044f2ba1661c5f977d9754c58a0d9dd7aad1fbfd94d36dfc61c532c5cb3093ccc0c125ee0e762469f8680500675d4404db12b7062c19c4f0c81c0de489b5eb725f1d7d4cbe7a1f4b51fe8faffb6a709c0a7a4ae7efe75bc66d6c2e705fbee29c0858d9891735c97a28aa15c16fa0444ac2caeeffae42f1fbf0f17adbc9ee40236a844add60741eb64c722811c6f9fd7d614f9620d6f07914b6e7d5eb5dc3d7d6d5f5323575a7c9f864d9d5793d4ca606ab3234930a32e44d8a08d624861a6b94c72f551e7adc8daee91594175bdba18c663ced5991c0846f1c03a96b5d8f858c10dea4886e12ee90186d2130891eb1b354abb1040dd571589b4b7884b31cff7f8b3cdef5a61bc9644883c852106d9be09e5f4d649c669a64fadd3a9b129ab1c956e33dd5ac7224439feb0ccae51aa092c36b4e8d720170d20c22a49e5919d203b312096d625e4316f141f26a9257af159b3c47e025fa40d0150b7dd969d2ec67c727b81653f679f6ebbf8b3ad9c3b0acf232d1b869982879c4a2722cc1e4f0740e9d0feb661e45c5b081ad0546761e6a025529086ca4d38a4b22193e792bbfe6ceb22be5ca954210d0f93f5e38550054b6ae80e64673158815af6cd6adc3b942b4371d33d9662ac80e3ef2eb4acd44ec66cb6d8948d67c3ba8e578f52ac30ab107723e5ce51c4e6d59b20ba7085fd8dbde58cf9a0bd3385e95db6b56a9a68e3160ad36a93e26dc8b915cd4e4767d3dbd3b74052f55e3a74b1edb1068c973a5ca70809c6aeab8ad627955a815315330c51153dcdcb6e77029b0a3712a9231f0c188659e5bb9f89b6a8fd91536a47db7e5d596fa93f0719502e442417ee11bfcb364c6ddadfc8581ce7779d107d6f7aa8739c3254ce9b1e2dbbc1e75566b6d80817e1820e02e8df220e1c9b2d98a15e9db86c5a32bf52b0f1de1be7636cb21e87d777fa1e7828be02578cac204a8e9c7ca6119aa0bdd165bbf7d0f799f0d2ae118bd9037982c1fed3e223b60cc86f21e8c1d9336cb76cb521bc9791abcd99af0bf70a198de0d678cc8bdc0f74fef28407bf09d93054d5e20f5452fad596ae036bec1109e4541d5cb9d287b5498934fad3963a53030dc2264668467716afee211f4dc8082800be3829050b2e26c447b001c076dda2e2b7f17c96612b0f594b6ef5193c5dc3affa5778896e1e40a3953e5557d39799c312b4126a6086dd85393ed3322a48ca0afb9e5dd96ac9461dc7cfc8b02a23b7a1486ea8c9bb204e39298b1017a67a8c1cf1e0582c6b8d95a611c0053eccc9592e1af600e4386680be35c29acfd9033058a4842006fe429188e6a4783a9bf5fd7d1c36c0530f6a42be785419ef2192ffe02470d376f084a4352cdc7e34b9f4891304499b1e0946832b187762d191d7e9cd9cc9112ad768e5132f804f304a9ba0572d0e1c7eac6ff606baf0f0f2e1c836d9a9f7f01fe748dd5ae7b34ed6d51f6e4c8575de14c8552026c4c82516080d"], 0x124c}, 0x1, 0x0, 0x0, 0x20000041}, 0x800) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x1, 0x0) r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000012c0)='/sys/devices/virtual/block/ram4/queue/physical_block_size\x00', 0xa00, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r7, &(0x7f00000004c0)=""/206, 0xce) 4.012602825s ago: executing program 0 (id=509): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="18000000", @ANYRES16=r1, @ANYBLOB="010022bd7200ffdbdb25040000000400160005ec7f065c3edaf9179f82243f36883920d4846a96adab44666db7394d76ee53755e728dd3d112db0413ee2addf80091924f1c27338ca047b3098fcb6af3edbbbc6d24a765f140a9ea68a7df51761c068056701f35bd36e2821ec384221be9578340f42c9df8afc2eb"], 0x18}, 0x1, 0x0, 0x0, 0x41}, 0x4004040) (async) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/all/forwarding\x00', 0x42a81, 0x0) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) ioctl$auto_SNDRV_PCM_IOCTL_CHANNEL_INFO(0xffffffffffffffff, 0x80184132, 0x0) sendmsg$auto(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x7fc, 0x0, 0x8, 0x0, 0x5, 0x4}, 0x0) (async) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x68100, 0x0) (async) sysfs$auto(0x39f04b1e, 0xffffffff, 0x1) ioctl$auto(r3, 0x545c, 0xffffffffffffffff) socket(0x2, 0x2, 0x0) (async) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x0) (async) setsockopt$auto(0x3, 0x0, 0x17, 0x0, 0x28) sysfs$auto(0x2, 0xe, 0x0) (async) lsm_list_modules$auto(0x0, 0x0, 0x0) (async) getcwd$auto(0x0, 0xffffffffffffffff) (async) r4 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f00000001c0), 0x80100, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r4, 0x40146f2c, 0x0) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/bdi/43:288/max_ratio_fine\x00', 0x10b142, 0x0) sendfile$auto(r2, r5, 0x0, 0x1000200) (async) sysfs$auto(0x2, 0x1, 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) mount$auto(&(0x7f0000000000), &(0x7f0000000380)='./file0\x00', 0x0, 0x9f1e, 0x0) (async) semctl$auto_SETALL(0x0, 0x2, 0x11, 0x4) (async) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nbd0\x00', 0xc0c00, 0x0) 3.896450765s ago: executing program 2 (id=510): r0 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000140), 0x80, 0x0) openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000040), 0x543c00, 0x0) openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000240), 0xa002, 0x0) writev$auto(r0, 0x0, 0x2) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) getpid() ioctl$auto_UBI_IOCDET(0xffffffffffffffff, 0x40046f41, 0x0) unshare$auto(0x40000080) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) r2 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0xad00, 0x0) readv$auto(r2, &(0x7f0000000680)={&(0x7f0000000540), 0x40200}, 0x3) ioctl$auto_SNDCTL_DSP_SPEED(r1, 0xc0045002, 0x0) clone3$auto(&(0x7f00000002c0)={0x4, 0x9, 0x1, 0x2, 0x8000, 0xffffffffffffffff, 0x7, 0x3, 0xffffffffffffffea, 0x8, 0x200}, 0x7) ioctl$auto_IOCTL_VMCI_DATAGRAM_SEND(0xffffffffffffffff, 0x7ab, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) io_setup$auto(0x7ffe, 0x0) io_setup$auto(0x7ffe, &(0x7f0000000000)) r4 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) 3.506621866s ago: executing program 3 (id=511): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptyx3\x00', 0x42880, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/graphics/fbcon/rotate\x00', 0x10b842, 0x0) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/veth0/accept_ra_pinfo\x00', 0x2000, 0x0) read$auto(r0, 0x0, 0x1ff) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) sysfs$auto(0x2, 0xe, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) r1 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000280), 0x141182, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r1, 0x40146f2c, 0x0) r2 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8040, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r2, 0x403c6f2b, 0x0) dup2$auto(0x0, 0x3) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) r3 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snd/controlC0\x00', 0x0, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_WRITE(r3, 0xc4c85513, 0x0) socket(0x2d, 0x2, 0x0) socket(0xa, 0x1, 0x84) socket(0x23, 0x80805, 0x0) fanotify_init$auto(0x5, 0x2000000000002) io_uring_setup$auto(0x3, 0x0) pipe$auto(0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x48140, 0x0) pipe$auto(0x0) socket(0x2, 0x3, 0xa) 3.174133104s ago: executing program 3 (id=512): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000140)='/dev/input/mice\x00', 0x80800, 0x0) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) r0 = openat$auto_nsim_dev_trap_fa_cookie_fops_dev(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim3/trap_flow_action_cookie\x00', 0x2202, 0x0) write$auto(r0, 0x0, 0x1) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/thread-self/net/rpc/nfs4.nametoid/channel\x00', 0x8f3b7a51b8162d21, 0x0) write$auto_proc_reg_file_ops_compat_inode(r1, &(0x7f0000000040)="f320f820c75c20d9d1027e0dc0023af10e9bfa1babfa3a3753ca9aee370a", 0x1e) read$auto(r0, &(0x7f0000000100)='\x00', 0x8) r2 = pidfd_open$auto(0x1, 0x0) setns(r2, 0x60020000) mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000180)='nfsd\x00', 0x8, 0x0) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) fcntl$auto_F_SETLEASE(r3, 0x400, 0xffffffffffffffff) statmount$auto(&(0x7f00000001c0)={0x6, @inferred=r1, 0x3, 0x5, 0x2}, &(0x7f0000000300)={0xff, 0x1b9efef9, 0xfffffffffffffff7, 0x6, 0x7, 0x0, 0x1ff, 0x1, 0x10001, 0x3, 0x7, 0xc495, 0x28ad, 0x9, 0xbddf, 0x5, 0x6, 0x3, 0x2, 0x7fff, 0x3, 0x2, 0x8, 0x9, 0x91d, 0x8, 0x1, 0x0, 0x3, 0xffffffff, 0x7, [0xfff, 0x58b, 0x3, 0x9, 0x5, 0x7, 0x5, 0x2, 0x101, 0xffffffffffffffff, 0x7, 0x7, 0x100000000, 0x9, 0x2, 0x3, 0x0, 0x5, 0x6, 0x80000001, 0xfce, 0x6, 0x7, 0x1000, 0x8, 0x1, 0x3, 0x7000000000000000, 0xa, 0x1, 0x6, 0x1b5, 0xff, 0x4, 0xd9, 0x1800000, 0xfa6, 0x0, 0x4, 0x1ff, 0x2d856c5b, 0x7fa, 0x2], "ab3afcb70b450a23fb217d8383cebd4b6cb8c05f9ea13b24c09903e21b1b4cec59764aeed08b8a39379dbd696600c0dc258d08ad"}, 0xfffffffffffffffd, 0x80) pivot_root$auto(&(0x7f0000000040)='..\x00', &(0x7f0000000080)='.\x00') r4 = signalfd4$auto(0xffffffff, 0x0, 0x8, 0x0) read$auto(r4, 0x0, 0x80000000006) signalfd$auto(r4, 0x0, 0x8) 3.011394788s ago: executing program 0 (id=513): close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x15, 0x5, 0x0) mmap$auto(0x0, 0x400008, 0x200000df, 0x9b72, 0x2, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) read$auto_kernfs_file_fops_kernfs_internal(r2, 0x0, 0x0) sendmsg$auto_NLBL_UNLABEL_C_STATICADD(r2, 0x0, 0x20000000) r3 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x9, 0x95f4da0a, 0x0, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x7, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x10, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x4, 0x100062, 0x80000023, 0x80007, 0x7, 0x9, 0x2, 0x4006]}, 0x0) r4 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x624c40, 0x0) write$auto_console_fops_tty_io(r4, &(0x7f0000000e00)="51426572911c17e9dd66bf94ea32689283bb895dbc0a97721ed6e250c974356905898b7d48acecddf280cf6dd4ba18c1aa3928071c6585025ceab0e2f34f37ddec138ea587fc4def825608b0ab2a6ecac42062bd3c58ba606307b7471b20a40ffa168b91dde4727571c4ec94bfbde1df90ccb265ffda374c98ffb1ee22069af38a3f200532dbbe5e98f4455170e9a137517b9b7b8840359940ab00f37125c2bec0ac36606b6c69edb35967d723fb81a15faea2bd280d1581ad1ef597bb4dc09f6a5d53aaff1877b77c4e425761dc09d34498c1fce72c0ba1041a99b8748a37597b9567cda1de2cbf6962798e5ee11bf7cb2c70a9502f33c43b8e5dc54de743a2e24cb94c22d669b434888a7ce4cb16cd77b324258e07af32adc0cb38f8c622085783f6804edc3913fb9e98c55713fa0bf8101ad0f6f43407ce4be0001d1bb201bec283ade79ab23484c1076e703864629ac9a6031533dc956f705f89f0e0ef7d3109e46859d1f2ad1b8cb3cfcedf868a3be101e8b9acd75e39e6a27a541aa9fe86ad3119b7049c3fad2a901222eb948cabb4b5c3e5ba6ffc02a15bf7d550b00ab0f3dd3002924f7bd0701269ae293c4cb231b9127d1f6b38dd6fbb3429905384eed7eed9330a9c5e732bdd510169d9ca3e420ea2102be3770a0ab598c037b8f01e8910cf8b0942aafb156ac90724cf552df158a7f59c26e62f3fcf32d860c2259cb1b3118a773ff3cfbaf9c5b068dade5cd7778f1ea98700629b62534735fef3071c30afa6ea26f7e651ec140936c07d9e90f1c9faef3e05376b1e121af6a6691616c10e19fd4f16b1858b44d99e597908cda0e8fa8c21d8b700987d7723a4b5a4ff3c371f2d1cb9fb2f054abc58727239ba67a173f1431083fedc7c4304488c13c75e4995a58ac9de085377356ddc5338aeb44e7f3d06f82a5e0c846159c881a0395a3dbf32a9f2530a520721431a752b13b01a89bdf2b38387b72e8a533936623ec396f6ef94ddfcca047bf20a6fe450a03dedb36a57355e2519ff579b5c63095f48407ece8a7c6c4f5b2582616f0a6bba059810c0a28355fb08dceec9e290026452c3135f8ad93f9617f22e590122d43f6fdc1ea0f9ec12c551b5127108443bb081f7a89660034ea4f3c4305108428cc91918dbb28c2a117f09609e40903b13055e92a727afa767b1f97df335ee729686c0113e4cc18aa50f4ad82b1d403cc6c11ac3bf63415560417d7d488df01b69c925ca3fce60ca7ac767fd11df61caf62f3ab67dad043faf1cc334903e0f419c2e97553ecaad5814bf097192e76e9a16bc5c9be932718aba32cd7dbcc6bc634a463c6f709cc81963b39442e710c14c7e107b0aeb7b6a0e3f3757860d10dd741863277c43ce4dcec49f4558959b08f59182baf4f250aa045fee383ceaec280817bf222dfbeeca8c1ec8473176326c1ffd49ea072b5f3c73f36865b6052a1595c1bb76cfe37f976848fbcb408381ddeff9c318a2e6bbfe6c18ef16531fec3c47874a5391238c0d6b0e033db3fce94127cc9c98a4211e5d873f7b4810846d96be2d6cac532fce0ddee737e4d1ddb65b8b2449984a897e4090449ed4fb4006fb9d133e51396d4664a3f0c395c5b24781f8389979ccb565c6461b66db7134d15cff5ae8f935a5bcb23caace2edd2b37a726575e3cb0528de05edd9f03e30feb617767b6a557280a0a288b52af44a1607b6063867e5c9d8d56c44968fd509b5983fa06e6b1eefb2f8cee0c1cb49b8b569cf13b77adbc22ce972cd718167ac571ee41a446d13931f849d5636c729996b36ec84171fde260a4e01e9770cf687591a79833ae6473c51e12c0faab96ef093e6178d485526dbf775c94324c76bd4af2652e9036b1cc0d3df05c9232ee6eef7c4f46a6cf8ad160ad087aba6928bf156bf3ade1d135a965c4a2b283485737da67fe99227f2fbfb3baa74d75fe29122adfd82fcb9325b7ea826a52559654e76d494a374d9535facfcd4ab248e388c516bb8a0dc151b1557e418fd7c625c67ab1c50d6f05b97ba15c55631aeea44b21131aa93ead176f7bfd1418856e28782f004f272738827a64bb695f6b6a08cff8d1917be52a8851bd2bfd57d08bb0660e2ffc23792a419c2e9b006e3b0ad05044d99b97391fd2cceb86cf26acebe089a861340b04fd01e1baa70583032a30ea2e605217b80f7ee16d7e28be43d12bb2b67937dd26a8aeb84fef2f2d52f75232a400e7b279dcfc01953b0c46203477a50b5853e8f7b14b2ba31db742504bca6ed95b18846706c9fd85bf2a3a2642029b9ff2828bf0f7cbd96109a237961be8fe5c62f0fcc04c994f123f4a22f048403eac9308cfd2f2e4350c72e9ef83416ce973d3aa90d281a0275886dd3858b5869784ae58e257aa5af6d373dcc9cf520e364be748833adbb10daa6f6a334b51d27529d86ea5ce874562f9f93da45d244224b936fced3b658abbe7aa1f0d502fffce823f528ab47ea3540722f144733666229ae08cfc7e61247742ea4e3c180938ae7c7b81c1ee975c831f79672e044cefc49894c2ab73bba2580ac476cc0e56b6748b8edbb37a3f8dda7ffad4ec07abce7c4d10fc32e40d5a9db37f7b1e3a6eabedbefa9dd8eef189b92363d3391d384af26b7d47958d3d82845c9b668da5bcbd64058dc9e1c6d903ab5d2aa049d197116a11309a1abe9e5b3f9e7f1c623242b1d8089bc369d145a7070e8a9bdf543dbffe899ff9366009a3b0424a634681b530dad9ef23f136a10c7287068e57f3c2de45adf0a105c328e0035b97168f4c17aa4610b2e6e1a6ba0b71c06417b7a9497be4a009b19d7162adfd4d7b6490faf3782a920281333ad09b848ab5f4d15534b8c4e43dc9604b0630f8d349b2c80a98fde04693c31cbed7d460edfc0138dcc5d3974e682bbd555ac19625bf6e0607d8803391ec9c2dc41fc4e8bceae4f53507137324dd02914a067d52a577b812ddac4a34765c26a98839b3edb6290abff0c75991d6f8c1bd7540f38a7f25fec2f3539f894c938e1f3cf0ff1e6994d6a6ecc457a482f045ba712a85e8e31afd49c8e3480dc1c36d56ab2eceac6e5a847455d8ef4e3d45cd463c421bd1bce2ca57dd88f0e7ab3446cdfa8cb3914c240936f1738af7009e9131b240b59af55d7e38307b91fc8f00410cfdcfacaa341607a801afa63640091eb00b860700ea882878a8d9838f5597b970366be7d167ddebfe3c9253b5dbf7f30a67ee4d87dccb3c723c20200aa5fc036caf12811b19ce49c81ce328d7b24587353ecb99bafd327e33303cf447b36800d1bed8ee10df527d55c0d5f7506fb11cb1338074113579e665c6f3cffde5a8", 0x93d) r5 = ioctl$auto_TUNSETPERSIST(r3, 0x400454cb, &(0x7f0000000100)=0x7ff) close_range$auto(r5, r1, 0x4) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0xffffffffffffffff, 0x28000) mmap$auto(0x0, 0x2060009, 0x3, 0xeb2, r0, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x6, 0x0) r6 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x100, 0x0) ioctl$auto_FBIOPUT_VSCREENINFO(r6, 0x4601, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) io_uring_setup$auto(0x7ff, &(0x7f0000000080)={0x7efffffc, 0x8, 0x3002, 0x4, 0x7, 0x4006, 0xffffffffffffffff, [0x0, 0x0, 0x4000000], {0x6, 0x6, 0x8c48, 0x29b, 0x3, 0x7f, 0x69cb, 0x6, 0x3}, {0x5, 0x8001, 0x2052, 0x85, 0x2, 0x1a7b870a, 0x76c5, 0x8, 0x100000000}}) openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000d00), 0x60100, 0x0) 2.432146084s ago: executing program 1 (id=514): prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0x2) (async) r0 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(r1, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x28, r0, 0x1, 0x70bd25, 0x25dfdc02, {}, [@OVS_FLOW_ATTR_PROBE={0x4}, @OVS_FLOW_ATTR_KEY={0x10, 0x1, 0x0, 0x1, [@nested={0xc, 0x10, 0x0, 0x1, [@typed={0x8, 0x1, 0x0, 0x0, @fd}]}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x200400f0}, 0x800) (async) syz_genetlink_get_family_id$auto_macsec(0x0, 0xffffffffffffffff) (async) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) (async) r4 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) (async) r6 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/pcm\x00', 0x88002, 0x0) (async) r7 = socket(0x11, 0x80003, 0x0) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) semctl$auto(0x201, 0xfffffffffffffffa, 0x3, 0x0) setsockopt$auto(r7, 0x107, 0xd, 0x0, 0x8000) pread64$auto(r6, 0x0, 0x594c, 0x9fffffffd) (async) r8 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) r9 = socket$nl_generic(0x10, 0x3, 0x10) (async) fdatasync$auto(r2) (async) r10 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/sit0/flags\x00', 0x143262, 0x0) write$auto(r10, &(0x7f00000000c0)='1\x00\xc7k\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00j(=\xd1<\xf9\x96\x10>\xb9\x05\xbe\xc8v\x81-ILplM\x98\x88J\xfd\x17\xc8K\xdd\x89;T@d\xa3_\xfcb8\x7fA\x11\xba\xefL\xe1L\x8aE}\xa7\x05\b\xd7\xe2\xae\xfek\xbbw\x8c\x88\x1emW-\xf5\x94\xdak\x81\xe4\x1e\x1dS\xf2~>\xb1\xc6\xd1\xee\xc8\x19e\xc1w\xf05%\xd76]\x0f\v\x01\xa4(\xec\xd3\xca\a\x15&nv\xc1}\xfcD', 0x81) (async) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r9, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000400)={0x14, r8, 0x1, 0x70bd2d, 0x25dfdbfc}, 0x14}, 0x1, 0x68, 0x0, 0x4000000}, 0x0) (async) sendmsg$auto_NL80211_CMD_GET_SURVEY(0xffffffffffffffff, 0x0, 0x14) (async) sendmsg$auto_OVS_FLOW_CMD_GET(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010029bd700002dcdf25030000000400087918000180140010800c"], 0x30}, 0x1, 0x0, 0x0, 0x200400f0}, 0x800) (async) sendmmsg$auto(r5, &(0x7f00000000c0)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000002c0), 0x3, 0xa505}, 0x7ff}, 0x7, 0x4008) (async) openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/usb/usbmon/9t\x00', 0xa00, 0x0) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x400, 0x0) (async) openat$auto_ftrace_set_event_notrace_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/tracing/set_event_notrace_pid\x00', 0x100242, 0x0) (async) ioctl$auto_SNDCTL_DSP_GETTRIGGER(r3, 0x80045010, &(0x7f0000000280)="7acca5c32b31b18d8888f8bb3c5ff5a718ebe172e690dbcbd1f9149c6bc53030efcf2a9c93c7a88c7dd1c5b612180b3dcada0bd2b16f9315ac254b541b2b6f893067de452f20e9d5437b5708022a4bd6b1ccf77916e13b338dd6ab6e46bb86d9307259341c28c37e0c18b7b72cd2de3ea88446f52cb59ba0d2e476614e0f762d84c6c09d64624d") 2.102256603s ago: executing program 3 (id=515): socket(0xa, 0x3, 0x3b) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup/cpu.weight.nice\x00', 0x10b142, 0x0) sendfile$auto(r0, r0, 0x0, 0x2f2) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa}, 0x58) mmap$auto(0x0, 0x4020009, 0x7fffffff, 0xeb1, 0x401, 0x8000) write$auto(0x3, 0x0, 0xfdef) mremap$auto(0x8000000000000000, 0x20a742c6, 0x3fd8, 0x3, 0x7fffffffb000) prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0) prctl$auto(0x43, 0x19, 0x0, 0x0, 0x0) r1 = openat$auto_random_fops_random(0xffffffffffffff9c, &(0x7f0000000000), 0x40001, 0x0) ioctl$auto_RNDADDENTROPY(r1, 0x40085203, 0xffffffffffffffff) ioctl$auto_UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000040)={{0x0, 0xf2cf, 0x1ff, 0x4}, "6a034a07c7b82d90b69a39e32576f893fba86c9dd051a0094a3836d61c9100fefbbabea6ef9368c7996e841f3f1561d4992f726b0a6c36b0b2fd1678e816201cf562367fe6596824588a2e3d84ba165f", 0x8}) r2 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) r3 = socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) r4 = socket(0x10, 0x2, 0xc) sendmsg$auto_TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000003780)={0x0, 0x0, &(0x7f0000003740)={&(0x7f0000000000)=ANY=[@ANYBLOB="b1000000", @ANYRES16, @ANYBLOB="01002dbd7000fddbdf25030000000c0001"], 0x20}, 0x1, 0x0, 0x0, 0x41}, 0x40080) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r3, @ANYRES8=r2], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x4000050) write$auto(r3, &(0x7f0000000000)='-\x00', 0xfdef) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) 1.970525845s ago: executing program 2 (id=516): mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000140), 0x2002, 0x0) socket(0x29, 0x2, 0x0) r0 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x8, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x9, 0xd, 0x2, 0x948b, 0x3, 0x10015f4da0a, 0x1, 0x3, 0x62, 0x80000002, 0x7, 0x8, 0x7, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f0000000400)='\x00\x00\x00\x00', 0x100000a3d9) r3 = getpid() mremap$auto(0x0, 0x4000007, 0x3fd7, 0x0, 0x20000020000000) acct$auto(&(0x7f0000000280)='}\x00') mmap$auto(0xfffffffffffffffe, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r4 = socket(0x10, 0x2, 0x0) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002f80)={&(0x7f0000001100)=ANY=[@ANYBLOB="f4749a982ea25cafe4bc8541da5d60960bea1c6d16f540c0a7e947ea09e69ea247087c917de9f23631ddbeedc804911ffc43c38da3846470519df7a2ffe142b1f7afa356faf5ac4e05e1bfe4fd325331d22240a59a2fe69f4b623752c0534d5d42eee8eaeb87408db7392d741ddef89ccde1eff1bf96f1", @ANYRES16=0x0, @ANYBLOB="010029bd7000ffdbdf250500000005000700050000006d00018008000100", @ANYRES32=0x0, @ANYBLOB], 0x28}, 0x1, 0x0, 0x0, 0x4008801}, 0x24000802) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="10002cbd7000fddbdf251c"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) fadvise64$auto(0x0, 0x9, 0x9, 0xb28) process_vm_readv$auto(r3, &(0x7f0000000000)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={&(0x7f0000000140), 0x40000000001243}, 0xa, 0x0) arch_prctl$auto_ARCH_MAP_VDSO_32(0x2002, 0x8001) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001040)='/sys/devices/virtual/block/ram3/queue/max_segment_size\x00', 0x1e1f00, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r5, &(0x7f00000011c0)=""/4093, 0xffd) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/pci/00/01.3\x00', 0x180, 0x0) lseek$auto(0x3, 0x8, 0x1) ioctl$auto(r0, 0x400454c7, r2) select$auto(0x9, 0x0, 0x0, &(0x7f0000001080)={[0x8001ff, 0x7, 0x3, 0x8fd6, 0x948d, 0x3, 0x80, 0x3, 0x6, 0x8000000000000001, 0x7, 0x100000000000007, 0xd, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto_lockdown_ops_lockdown(0xffffffffffffffff, &(0x7f0000000080)="a3c72e71ed506a221381f0538fefa465158fbbeb89451043553ff869189cf3250b65c544ccd3988b29f3cdb20660e616d3daa3e36b174c5661e383221287595a7e873202add9b0f11733de4ec2cd9c5b048058ed89c590d73c2e44d11636cb85ea9cb4180c5d1ab11f731cec20c57489baf87d298ef21b138e83a6a13cfdc39ffcf7c18ae6946c0d58c5026cd804c5d2f1a5348a159fe5e6746038217e838e23a24c5cda52d0af4c570a9983422fb706704f8410113a38fc2decb77fbcbca9e8f3dd2b2ccb939869852e91137af1e79ab833c8b104726d0a00", 0xd9) 1.583039019s ago: executing program 1 (id=517): r0 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$auto_SO_TXREHASH(r0, 0x1, 0x4a, &(0x7f0000000480)='\xc4\x00', &(0x7f00000004c0)=0x10) mmap$auto(0x6, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8003) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRESHEX=r1, @ANYRES16], 0x24}, 0x1, 0x0, 0x0, 0x40010}, 0x4004) unshare$auto(0x40000080) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dmmidi2\x00', 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) getpeername$auto(0x3, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdb, 0x9b72, 0x2, 0x7ffd) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0x40a0ae49, 0x38) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8004) socket(0x2a, 0x80000, 0xc) io_uring_setup$auto(0x2, 0x0) openat$auto_ecryptfs_miscdev_fops_miscdev(0xffffffffffffff9c, 0x0, 0x2, 0x0) mmap$auto(0x0, 0x9, 0x4000000000df, 0xeb1, 0x8, 0x8000) read$auto(0x3, 0x0, 0x80) r3 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) ioctl$auto(0x4000000000000c8, 0x800454cf, 0x3) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, 0x6) adjtimex$auto(0x0) ioctl$auto_IOCTL_VMCI_QUEUEPAIR_ALLOC(r3, 0x7a8, 0x0) 1.581065442s ago: executing program 3 (id=518): r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/virt_wifi0/router_solicitations\x00', 0x101202, 0x0) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/neigh/veth0_to_bridge/interval_probe_time_ms\x00', 0x202, 0x0) sendfile$auto(r1, r0, 0x0, 0x48) renameat2$auto(0xffffffffffffffff, 0x0, 0xffffffffffffff9c, 0x0, 0x7) syz_clone3(&(0x7f0000000100)={0x2000000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58) r2 = socket(0x2, 0x3, 0x100) pipe$auto(&(0x7f0000000000)=0xffffffffffffffff) splice$auto(r3, 0x0, 0x2, 0x0, 0x9, 0x8) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x20001, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x15, 0x5, 0x0) socket(0x2, 0x1, 0x106) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x32}}, 0x54) r4 = io_uring_setup$auto(0x6, 0x0) msgctl$auto_MSG_INFO(0xfffff8b3, 0xc, &(0x7f0000000740)={{0x5, 0x0, 0x0, 0x8, 0x0, 0x9, 0x401}, &(0x7f0000000580)=0x6, &(0x7f00000005c0)=0x6a, 0x480, 0x3ff, 0x2, 0x5, 0x100000001, 0x59f4, 0x3, 0x3ff, @raw=0x2}) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f00000018c0)=@in={0x2, 0x300, @loopback=0xac14140a}, 0x55) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x5, 0x0) shutdown$auto(0x200000003, 0x2) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x400408, 0xdd, 0x9b72, 0x2, 0x8000) sendmmsg$auto(r4, &(0x7f0000000380)={{&(0x7f0000000180)="8183e9c415610cc5a681b85603653db649dba4681a4590ce079a6ac46df7108b7718b017788dc5199144d34079275b479b1fb9a639976a39d038eb17de1fd77cba54151f9a5a1b09a1bab11b0eee27380347ef345ab91192dad3979850a118c8d5bb086a28ddcc0b6b455e10d8c6aa6c95849d2628911699db9b32994da0fc2a4558627ab5a3c0863503dcc847e1f1fb7db3b6bb4fb911b325d89b5e3da35fa50030224469ce0827c25bedd314c94813d4a783f376eb35e46ba6b494d7c6fbee23ede004f2d90d59", 0x25, &(0x7f00000002c0)={&(0x7f0000000280)="66a7792d", 0x2}, 0xffffffffffffffe7, &(0x7f0000000300)="fc266cb367e50762f4e7c26a3dcc78a375ed8045c235e31cd1163c1825fbf7cb93c1b4649e603ce29c5f3fd9368783660018970efeb4707264b6ee1f37e7ef1e1adc8cfc929f5f0fe63628990c1922b6745d6cf717ed40fd", 0x9, 0xffffff5e}, 0x1}, 0xfff, 0x6) madvise$auto(0x0, 0xffffffffffff0005, 0x19) ioctl$auto_FICLONE(r2, 0x40049409, r1) r5 = timerfd_create$auto_CLOCK_TAI(0xb, 0x6) mmap$auto(0x0, 0x40005, 0x1df, 0x9b72, r5, 0x28000) prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0) 1.142652197s ago: executing program 0 (id=519): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x143262, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop6\x00', 0x0, 0x0) ioctl$auto_SG_GET_RESERVED_SIZE(r0, 0x4c01, 0x0) 803.736449ms ago: executing program 2 (id=520): mmap$auto(0x0, 0x3, 0xb, 0x3132, 0x4008df3, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) munlock$auto(0xffff, 0x1) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/igmp6\x00', 0x0, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) futex$auto(0x0, 0x85, 0x8, 0x0, 0x0, 0x80800002) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/nbd13\x00', 0x1ad400, 0x0) mmap$auto(0x0, 0x10000, 0xde, 0x11, r0, 0x28000) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000003fc0), 0xffffffffffffffff) sendmsg$auto_CTRL_CMD_GETFAMILY2(r1, &(0x7f00000040c0)={0x0, 0x0, &(0x7f0000004080)={&(0x7f0000004000)={0x14, r2, 0x1, 0x70bd2c, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x4000050) madvise$auto(0x0, 0x2000040080000004, 0xe) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/block/loop8/io-timeout-fail\x00', 0x40400, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000000040)=""/44, 0x2c) fcntl$auto_F_SETLK(r0, 0x6, 0x0) 704.688025ms ago: executing program 0 (id=521): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptyx3\x00', 0x42880, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/graphics/fbcon/rotate\x00', 0x10b842, 0x0) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/veth0/accept_ra_pinfo\x00', 0x2000, 0x0) read$auto(r0, 0x0, 0x1ff) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) sysfs$auto(0x2, 0xe, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) r1 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000280), 0x141182, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r1, 0x40146f2c, 0x0) r2 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8040, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r2, 0x403c6f2b, 0x0) dup2$auto(0x0, 0x3) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) r3 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snd/controlC0\x00', 0x0, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_WRITE(r3, 0xc4c85513, 0x0) socket(0x2d, 0x2, 0x0) socket(0xa, 0x1, 0x84) socket(0x23, 0x80805, 0x0) fanotify_init$auto(0x5, 0x2000000000002) io_uring_setup$auto(0x3, 0x0) pipe$auto(0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x48140, 0x0) pipe$auto(0x0) socket(0x2, 0x3, 0xa) 448.946234ms ago: executing program 0 (id=522): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptyx3\x00', 0x42880, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/graphics/fbcon/rotate\x00', 0x10b842, 0x0) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/veth0/accept_ra_pinfo\x00', 0x2000, 0x0) read$auto(r0, 0x0, 0x1ff) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) sysfs$auto(0x2, 0xe, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) r1 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000280), 0x141182, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r1, 0x40146f2c, 0x0) r2 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8040, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r2, 0x403c6f2b, 0x0) dup2$auto(0x0, 0x3) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) r3 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snd/controlC0\x00', 0x0, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_WRITE(r3, 0xc4c85513, 0x0) socket(0x2d, 0x2, 0x0) socket(0xa, 0x1, 0x84) socket(0x23, 0x80805, 0x0) fanotify_init$auto(0x5, 0x2000000000002) io_uring_setup$auto(0x3, 0x0) pipe$auto(0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x48140, 0x0) socket(0x1e, 0xa, 0xa) socket(0x2, 0x3, 0xa) 220.06872ms ago: executing program 2 (id=523): r0 = socket(0x2, 0x3, 0xa) connect$auto(r0, &(0x7f0000000080)=@l2tp={0x2, 0x0, @loopback}, 0x54) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) recvmmsg$auto(r0, 0x0, 0x400fffd, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) ioperm$auto(0x5, 0x4, 0x800005) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x100842, 0x0) r2 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000001cc0), 0x101440, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f00000000c0)={{0x0, 0x2, 0x200800, 0xffffffff, 0xfffffffb}, "0dd7fd004929347eeeccdf0732f77b1f6de0d6d51768a257a97ca5e9ca6310ea"}) ioctl$auto_SNDRV_TIMER_IOCTL_START_OLD(r2, 0x5420, 0x0) r3 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)) fcntl$auto(r3, 0x402, 0x2) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) ioctl$auto_SNDCTL_TMR_CONTINUE(r1, 0x5404, 0x0) socket(0x11, 0x80003, 0x300) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) semget$auto(0x0, 0x13c, 0x1ff) semtimedop$auto(0x0, 0x0, 0x1f4, 0x0) semtimedop$auto(0x0, &(0x7f0000000000)={0x7, 0x8000, 0x36ec}, 0x1, 0x0) semctl$auto(0x6, 0x85, 0x0, 0x2) close_range$auto(0x2, 0xa, 0x0) r4 = dup$auto(r2) read$auto_tomoyo_operations_securityfs_if(r4, &(0x7f0000000040)=""/120, 0x78) lsm_set_self_attr$auto(0x1, 0x0, 0x7, 0x6) 219.280555ms ago: executing program 0 (id=531): openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/sctp/remaddr\x00', 0xb00, 0x0) rseq$auto(&(0x7f0000000300)={0xe, 0x401, 0x0, 0x6, 0xffffffff, 0x2}, 0x8000, 0x0, 0x6) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='./file0\x00', 0x2000, 0x104) r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="01002dbd7000fddbdf250800030008000300", @ANYRES32=r2], 0x24}, 0x1, 0x0, 0x0, 0x5c5fd097f751b33e}, 0x80) 21.042279ms ago: executing program 1 (id=524): r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0xfadd05655703f2b4) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000740), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000640)={0x28, r2, 0x1, 0x70bd2d, 0x25dfdbfc, {}, [@ETHTOOL_A_COALESCE_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}, @ETHTOOL_A_COALESCE_TX_AGGR_MAX_FRAMES={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x48804) syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000180), r0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x3, 0xff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/virtual/block/nbd9/queue/wbt_lat_usec\x00', 0x101142, 0x0) r4 = gettid() process_vm_writev$auto(r4, &(0x7f0000002980)={0x0, 0x7ff}, 0x3, &(0x7f0000002a40)={0x0, 0x100000004007}, 0x400, 0x0) prctl$auto(0xce08, 0x80000000, r4, 0x7fff, 0x5) r5 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000400)='/dev/cuse\x00', 0x1c1041, 0x0) r6 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv6/conf/default/ioam6_id_wide\x00', 0x40100, 0x0) read$auto(r6, 0x0, 0x1ff) write$auto(0x3, 0x0, 0xfdef) sendfile$auto(r5, 0x3, 0x0, 0x7ffff000) getcpu$auto(&(0x7f0000001140), 0x0, 0x0) r7 = timerfd_create$auto_CLOCK_TAI(0xb, 0xfffff865) bpf$auto(0x101, &(0x7f0000000040)=@bpf_attr_5={@target_ifindex=r3, r0, 0xe, 0x80000001, r0, @relative_fd=r7, 0x3}, 0x1b) ftruncate$auto(r0, 0xa0) 0s ago: executing program 3 (id=525): r0 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$auto_SO_TXREHASH(r0, 0x1, 0x4a, &(0x7f0000000480)='\xc4\x00', &(0x7f00000004c0)=0x10) mmap$auto(0x6, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8003) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRESHEX=r1, @ANYRES16], 0x24}, 0x1, 0x0, 0x0, 0x40010}, 0x4004) unshare$auto(0x40000080) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dmmidi2\x00', 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) getpeername$auto(0x3, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdb, 0x9b72, 0x2, 0x7ffd) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0x40a0ae49, 0x38) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8004) socket(0x2a, 0x80000, 0xc) io_uring_setup$auto(0x2, 0x0) openat$auto_ecryptfs_miscdev_fops_miscdev(0xffffffffffffff9c, 0x0, 0x2, 0x0) mmap$auto(0x0, 0x9, 0x4000000000df, 0xeb1, 0x8, 0x8000) r3 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) ioctl$auto(0x4000000000000c8, 0x800454cf, 0x3) ioctl$auto_IOCTL_VMCI_VERSION2(r3, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, 0x6) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) adjtimex$auto(0x0) ioctl$auto_IOCTL_VMCI_QUEUEPAIR_ALLOC(r3, 0x7a8, 0x0) close_range$auto(0x2, 0x8, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.90' (ED25519) to the list of known hosts. [ 103.109171][ T980] cfg80211: failed to load regulatory.db [ 105.522888][ T5826] cgroup: Unknown subsys name 'net' [ 105.762947][ T5826] cgroup: Unknown subsys name 'cpuset' [ 105.773468][ T5826] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 107.833954][ T5826] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 110.299354][ T5840] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 110.309507][ T5850] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 110.328108][ T5850] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 110.335980][ T5850] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 110.359597][ T5850] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 110.379758][ T5849] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 110.382030][ T5840] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 110.388893][ T5849] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 110.397161][ T5840] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 110.404552][ T5850] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 110.411483][ T5840] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 110.418861][ T5849] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 110.426184][ T5840] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 110.437203][ T5849] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 110.447770][ T5840] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 110.449050][ T5849] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 110.469791][ T5840] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 110.479593][ T5849] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 110.487592][ T5852] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 110.490104][ T5849] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 111.129099][ T5836] chnl_net:caif_netlink_parms(): no params data found [ 111.244245][ T5837] chnl_net:caif_netlink_parms(): no params data found [ 111.300886][ T5842] chnl_net:caif_netlink_parms(): no params data found [ 111.398004][ T5838] chnl_net:caif_netlink_parms(): no params data found [ 111.521862][ T5836] bridge0: port 1(bridge_slave_0) entered blocking state [ 111.530549][ T5836] bridge0: port 1(bridge_slave_0) entered disabled state [ 111.540330][ T5836] bridge_slave_0: entered allmulticast mode [ 111.548531][ T5836] bridge_slave_0: entered promiscuous mode [ 111.605287][ T5836] bridge0: port 2(bridge_slave_1) entered blocking state [ 111.613234][ T5836] bridge0: port 2(bridge_slave_1) entered disabled state [ 111.621851][ T5836] bridge_slave_1: entered allmulticast mode [ 111.632282][ T5836] bridge_slave_1: entered promiscuous mode [ 111.671904][ T5842] bridge0: port 1(bridge_slave_0) entered blocking state [ 111.685829][ T5842] bridge0: port 1(bridge_slave_0) entered disabled state [ 111.697189][ T5842] bridge_slave_0: entered allmulticast mode [ 111.711448][ T5842] bridge_slave_0: entered promiscuous mode [ 111.744221][ T5837] bridge0: port 1(bridge_slave_0) entered blocking state [ 111.752791][ T5837] bridge0: port 1(bridge_slave_0) entered disabled state [ 111.763191][ T5837] bridge_slave_0: entered allmulticast mode [ 111.772131][ T5837] bridge_slave_0: entered promiscuous mode [ 111.794461][ T5842] bridge0: port 2(bridge_slave_1) entered blocking state [ 111.804010][ T5842] bridge0: port 2(bridge_slave_1) entered disabled state [ 111.813537][ T5842] bridge_slave_1: entered allmulticast mode [ 111.822772][ T5842] bridge_slave_1: entered promiscuous mode [ 111.848307][ T5837] bridge0: port 2(bridge_slave_1) entered blocking state [ 111.857323][ T5837] bridge0: port 2(bridge_slave_1) entered disabled state [ 111.865244][ T5837] bridge_slave_1: entered allmulticast mode [ 111.873514][ T5837] bridge_slave_1: entered promiscuous mode [ 111.938947][ T5836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 111.953274][ T5836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 112.005499][ T5842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 112.025889][ T5842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 112.071172][ T5838] bridge0: port 1(bridge_slave_0) entered blocking state [ 112.079879][ T5838] bridge0: port 1(bridge_slave_0) entered disabled state [ 112.088295][ T5838] bridge_slave_0: entered allmulticast mode [ 112.096670][ T5838] bridge_slave_0: entered promiscuous mode [ 112.142888][ T5836] team0: Port device team_slave_0 added [ 112.153333][ T5837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 112.164117][ T5838] bridge0: port 2(bridge_slave_1) entered blocking state [ 112.172606][ T5838] bridge0: port 2(bridge_slave_1) entered disabled state [ 112.180683][ T5838] bridge_slave_1: entered allmulticast mode [ 112.189272][ T5838] bridge_slave_1: entered promiscuous mode [ 112.212419][ T5836] team0: Port device team_slave_1 added [ 112.221751][ T5837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 112.275992][ T5842] team0: Port device team_slave_0 added [ 112.339228][ T5842] team0: Port device team_slave_1 added [ 112.366017][ T5837] team0: Port device team_slave_0 added [ 112.380450][ T5838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 112.396625][ T5838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 112.424328][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 112.432396][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 112.461865][ T5836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 112.478284][ T5837] team0: Port device team_slave_1 added [ 112.517393][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 112.528035][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 112.563552][ T5849] Bluetooth: hci1: command tx timeout [ 112.567980][ T5844] Bluetooth: hci2: command tx timeout [ 112.571668][ T5852] Bluetooth: hci0: command tx timeout [ 112.578079][ T5847] Bluetooth: hci3: command tx timeout [ 112.584855][ T5836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 112.636370][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 112.645486][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 112.679883][ T5842] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 112.703788][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 112.714048][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 112.752493][ T5842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 112.807881][ T5838] team0: Port device team_slave_0 added [ 112.853964][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 112.862746][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 112.894139][ T5837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 112.912186][ T5838] team0: Port device team_slave_1 added [ 112.966714][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 112.975158][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 113.005289][ T5837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 113.052280][ T5842] hsr_slave_0: entered promiscuous mode [ 113.059567][ T5842] hsr_slave_1: entered promiscuous mode [ 113.074857][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 113.083222][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 113.111418][ T5838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 113.129628][ T5836] hsr_slave_0: entered promiscuous mode [ 113.137677][ T5836] hsr_slave_1: entered promiscuous mode [ 113.144796][ T5836] debugfs: 'hsr0' already exists in 'hsr' [ 113.151192][ T5836] Cannot create hsr debugfs directory [ 113.205021][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 113.212832][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 113.244324][ T5838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 113.420785][ T5837] hsr_slave_0: entered promiscuous mode [ 113.429607][ T5837] hsr_slave_1: entered promiscuous mode [ 113.438484][ T5837] debugfs: 'hsr0' already exists in 'hsr' [ 113.444777][ T5837] Cannot create hsr debugfs directory [ 113.496132][ T5838] hsr_slave_0: entered promiscuous mode [ 113.504108][ T5838] hsr_slave_1: entered promiscuous mode [ 113.513018][ T5838] debugfs: 'hsr0' already exists in 'hsr' [ 113.519071][ T5838] Cannot create hsr debugfs directory [ 113.965186][ T5836] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 113.981941][ T5836] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 114.003700][ T5836] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 114.026085][ T5836] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 114.103846][ T5842] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 114.123105][ T5842] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 114.135222][ T5842] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 114.162187][ T5842] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 114.253513][ T5837] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 114.268930][ T5837] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 114.282789][ T5837] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 114.318351][ T5837] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 114.455419][ T5838] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 114.484901][ T5838] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 114.498927][ T5838] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 114.512296][ T5838] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 114.565176][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0 [ 114.627331][ T5852] Bluetooth: hci1: command tx timeout [ 114.637181][ T5847] Bluetooth: hci3: command tx timeout [ 114.643474][ T5844] Bluetooth: hci2: command tx timeout [ 114.650654][ T5852] Bluetooth: hci0: command tx timeout [ 114.669064][ T5836] 8021q: adding VLAN 0 to HW filter on device team0 [ 114.689113][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 114.697329][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 114.726479][ T5842] 8021q: adding VLAN 0 to HW filter on device bond0 [ 114.749726][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 114.757371][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 114.805652][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0 [ 114.852383][ T5842] 8021q: adding VLAN 0 to HW filter on device team0 [ 114.909260][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 114.917705][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 114.930238][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 114.937638][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 114.972850][ T5837] 8021q: adding VLAN 0 to HW filter on device team0 [ 115.006401][ T1110] bridge0: port 1(bridge_slave_0) entered blocking state [ 115.014331][ T1110] bridge0: port 1(bridge_slave_0) entered forwarding state [ 115.053158][ T1110] bridge0: port 2(bridge_slave_1) entered blocking state [ 115.060942][ T1110] bridge0: port 2(bridge_slave_1) entered forwarding state [ 115.094635][ T5838] 8021q: adding VLAN 0 to HW filter on device bond0 [ 115.238499][ T5838] 8021q: adding VLAN 0 to HW filter on device team0 [ 115.281754][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 115.289398][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 115.332468][ T1014] bridge0: port 2(bridge_slave_1) entered blocking state [ 115.340008][ T1014] bridge0: port 2(bridge_slave_1) entered forwarding state [ 115.644110][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 115.821566][ T5836] veth0_vlan: entered promiscuous mode [ 115.911759][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 115.930744][ T5836] veth1_vlan: entered promiscuous mode [ 116.058781][ T5836] veth0_macvtap: entered promiscuous mode [ 116.085338][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 116.094219][ T5836] veth1_macvtap: entered promiscuous mode [ 116.156281][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 116.171628][ T5842] veth0_vlan: entered promiscuous mode [ 116.185942][ T5838] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 116.205649][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 116.223079][ T5836] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.236562][ T5836] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.246250][ T5836] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.255861][ T5836] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.276569][ T5842] veth1_vlan: entered promiscuous mode [ 116.355750][ T5837] veth0_vlan: entered promiscuous mode [ 116.419490][ T5837] veth1_vlan: entered promiscuous mode [ 116.474057][ T5838] veth0_vlan: entered promiscuous mode [ 116.515498][ T5842] veth0_macvtap: entered promiscuous mode [ 116.517830][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.537716][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.567866][ T5838] veth1_vlan: entered promiscuous mode [ 116.586570][ T5842] veth1_macvtap: entered promiscuous mode [ 116.597871][ T5837] veth0_macvtap: entered promiscuous mode [ 116.637658][ T5837] veth1_macvtap: entered promiscuous mode [ 116.669742][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 116.678942][ T1160] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.694614][ T1160] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.711856][ T5844] Bluetooth: hci2: command tx timeout [ 116.711866][ T5849] Bluetooth: hci1: command tx timeout [ 116.724067][ T5847] Bluetooth: hci3: command tx timeout [ 116.728984][ T5852] Bluetooth: hci0: command tx timeout [ 116.746521][ T5838] veth0_macvtap: entered promiscuous mode [ 116.762976][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 116.791125][ T5842] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.803692][ T5842] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.819182][ T5842] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.829293][ T5842] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.848503][ T5838] veth1_macvtap: entered promiscuous mode [ 116.875966][ T5836] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 116.884476][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 116.934377][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 116.971698][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 116.993012][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 117.044000][ T5838] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.054214][ T5838] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.066251][ T5838] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.076006][ T5838] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.095664][ T5837] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.114408][ T5837] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.124457][ T5837] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.137801][ T5837] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.215853][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.242234][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.346518][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.361579][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.457996][ T1110] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.477738][ T1110] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.607833][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.644306][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.810390][ T5935] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 117.863297][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.901552][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.985072][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.024175][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.790106][ T5852] Bluetooth: hci3: command tx timeout [ 118.790248][ T5847] Bluetooth: hci2: command tx timeout [ 118.799207][ T5852] Bluetooth: hci0: command tx timeout [ 118.805099][ T5844] Bluetooth: hci1: command tx timeout [ 118.837203][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 119.567726][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 119.867077][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! syzkaller syzkaller login: [ 120.677259][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 120.767332][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 120.777312][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 120.787621][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 120.797253][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 120.806418][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 121.108247][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 121.919339][ T6000] Zero length message leads to an empty skb [ 121.963378][ T6002] binder: 6001:6002 unknown command 3 [ 121.969418][ T6002] binder: 6001:6002 ioctl c0306201 0 returned -22 [ 123.437833][ T30] audit: type=1800 audit(1753887542.327:2): pid=6023 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.19" name="members" dev="configfs" ino=7857 res=0 errno=0 [ 123.922173][ T6026] syz.3.20 uses obsolete (PF_INET,SOCK_PACKET) [ 123.965958][ T6026] FAULT_INJECTION: forcing a failure. [ 123.965958][ T6026] name failslab, interval 1, probability 0, space 0, times 1 [ 124.043880][ T6026] CPU: 1 UID: 0 PID: 6026 Comm: syz.3.20 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 124.043928][ T6026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 124.043956][ T6026] Call Trace: [ 124.043968][ T6026] [ 124.043981][ T6026] dump_stack_lvl+0x16c/0x1f0 [ 124.044151][ T6026] should_fail_ex+0x512/0x640 [ 124.044201][ T6026] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 124.044242][ T6026] should_failslab+0xc2/0x120 [ 124.044280][ T6026] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 124.044316][ T6026] ? __thp_vma_allowable_orders+0x1c5/0xb10 [ 124.044358][ T6026] ? ptlock_alloc+0x1f/0x70 [ 124.044394][ T6026] ptlock_alloc+0x1f/0x70 [ 124.044432][ T6026] pte_alloc_one+0x82/0x3a0 [ 124.044474][ T6026] __handle_mm_fault+0x3a36/0x5390 [ 124.044530][ T6026] ? __pfx___handle_mm_fault+0x10/0x10 [ 124.044559][ T6026] ? __pfx_mt_find+0x10/0x10 [ 124.044631][ T6026] ? find_vma+0xbf/0x140 [ 124.044673][ T6026] ? __pfx_find_vma+0x10/0x10 [ 124.044721][ T6026] handle_mm_fault+0x589/0xd10 [ 124.044755][ T6026] ? __pkru_allows_pkey+0x51/0xb0 [ 124.044809][ T6026] do_user_addr_fault+0x7a6/0x1370 [ 124.044865][ T6026] ? rcu_is_watching+0x12/0xc0 [ 124.044906][ T6026] exc_page_fault+0x5c/0xb0 [ 124.044945][ T6026] asm_exc_page_fault+0x26/0x30 [ 124.044992][ T6026] RIP: 0010:__get_user_4+0x14/0x20 [ 124.045035][ T6026] Code: 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 ba 00 f0 ff ff ff 7f 00 00 48 39 d0 48 0f 47 c2 0f 01 cb <8b> 10 31 c0 0f 01 ca e9 c0 19 04 00 90 90 90 90 90 90 90 90 90 90 [ 124.045065][ T6026] RSP: 0018:ffffc9000aaf7dd8 EFLAGS: 00050287 [ 124.045092][ T6026] RAX: 0000000000000000 RBX: ffff888074e571c0 RCX: ffffc9000bf4c000 [ 124.045113][ T6026] RDX: 00007ffffffff000 RSI: ffffffff89281646 RDI: ffffffff8c15d680 [ 124.045133][ T6026] RBP: 0000000000000000 R08: a23edf14cf8df726 R09: 0000000000000000 [ 124.045158][ T6026] R10: 0000000000000000 R11: 0000000000000001 R12: 1ffff9200155efc3 [ 124.045177][ T6026] R13: 00000000c0045005 R14: ffff88803239ec40 R15: 0000000000000050 [ 124.045211][ T6026] ? snd_pcm_oss_ioctl+0x2eb6/0x37a0 [ 124.045273][ T6026] snd_pcm_oss_ioctl+0x2ebe/0x37a0 [ 124.045325][ T6026] ? find_held_lock+0x2b/0x80 [ 124.045358][ T6026] ? hook_file_ioctl_common+0x145/0x410 [ 124.045415][ T6026] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 124.045474][ T6026] ? __fget_files+0x20e/0x3c0 [ 124.045514][ T6026] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 124.045571][ T6026] __x64_sys_ioctl+0x18b/0x210 [ 124.045624][ T6026] do_syscall_64+0xcd/0x490 [ 124.045668][ T6026] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.045701][ T6026] RIP: 0033:0x7f263b78e9a9 [ 124.045737][ T6026] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 124.045768][ T6026] RSP: 002b:00007f263c583038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 124.045797][ T6026] RAX: ffffffffffffffda RBX: 00007f263b9b5fa0 RCX: 00007f263b78e9a9 [ 124.045818][ T6026] RDX: 0000000000000000 RSI: 00000000c0045005 RDI: 0000000000000007 [ 124.045837][ T6026] RBP: 00007f263b810d69 R08: 0000000000000000 R09: 0000000000000000 [ 124.045856][ T6026] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 124.045874][ T6026] R13: 0000000000000000 R14: 00007f263b9b5fa0 R15: 00007ffe92151298 [ 124.045916][ T6026] [ 124.759853][ T6028] binder: 6027:6028 unknown command 3 [ 124.765950][ T6028] binder: 6027:6028 ioctl c0306201 0 returned -22 [ 125.601509][ T6042] FAULT_INJECTION: forcing a failure. [ 125.601509][ T6042] name failslab, interval 1, probability 0, space 0, times 0 [ 125.647152][ T6042] CPU: 0 UID: 0 PID: 6042 Comm: syz.3.24 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 125.647212][ T6042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 125.647232][ T6042] Call Trace: [ 125.647243][ T6042] [ 125.647255][ T6042] dump_stack_lvl+0x16c/0x1f0 [ 125.647306][ T6042] should_fail_ex+0x512/0x640 [ 125.647368][ T6042] ? fs_reclaim_acquire+0xae/0x150 [ 125.647423][ T6042] ? security_inode_init_security+0x13f/0x390 [ 125.647469][ T6042] should_failslab+0xc2/0x120 [ 125.647512][ T6042] __kmalloc_noprof+0xd2/0x510 [ 125.647560][ T6042] security_inode_init_security+0x13f/0x390 [ 125.647601][ T6042] ? __pfx_shmem_initxattrs+0x10/0x10 [ 125.647643][ T6042] ? __pfx_security_inode_init_security+0x10/0x10 [ 125.647685][ T6042] ? shmem_get_inode+0x73a/0xfb0 [ 125.647740][ T6042] shmem_symlink+0x135/0x9f0 [ 125.647781][ T6042] ? __pfx_shmem_symlink+0x10/0x10 [ 125.647817][ T6042] ? bpf_lsm_inode_permission+0x9/0x10 [ 125.647878][ T6042] ? security_inode_permission+0xbf/0x260 [ 125.647936][ T6042] ? inode_permission+0x156/0x630 [ 125.647989][ T6042] vfs_symlink+0x403/0x680 [ 125.648045][ T6042] do_symlinkat+0x261/0x310 [ 125.648084][ T6042] ? __pfx_do_symlinkat+0x10/0x10 [ 125.648136][ T6042] ? getname_flags.part.0+0x1c5/0x550 [ 125.648199][ T6042] __x64_sys_symlink+0x75/0x90 [ 125.648243][ T6042] do_syscall_64+0xcd/0x490 [ 125.648287][ T6042] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 125.648318][ T6042] RIP: 0033:0x7f263b78e9a9 [ 125.648345][ T6042] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 125.648386][ T6042] RSP: 002b:00007f263c583038 EFLAGS: 00000246 ORIG_RAX: 0000000000000058 [ 125.648417][ T6042] RAX: ffffffffffffffda RBX: 00007f263b9b5fa0 RCX: 00007f263b78e9a9 [ 125.648437][ T6042] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000180 [ 125.648457][ T6042] RBP: 00007f263b810d69 R08: 0000000000000000 R09: 0000000000000000 [ 125.648475][ T6042] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 125.648492][ T6042] R13: 0000000000000000 R14: 00007f263b9b5fa0 R15: 00007ffe92151298 [ 125.648534][ T6042] [ 126.068468][ T6048] process 'syz.2.25' launched './file0' with NULL argv: empty string added [ 126.218232][ T6052] binder: 6051:6052 unknown command 3 [ 126.223933][ T6052] binder: 6051:6052 ioctl c0306201 0 returned -22 [ 129.469708][ T6093] random: crng reseeded on system resumption [ 131.012223][ T6114] binder: 6110:6114 unknown command 3 [ 131.066273][ T6114] binder: 6110:6114 ioctl c0306201 0 returned -22 [ 132.279078][ T6131] mmap: syz.1.40 (6131) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 133.794421][ T6146] FAULT_INJECTION: forcing a failure. [ 133.794421][ T6146] name failslab, interval 1, probability 0, space 0, times 0 [ 133.884453][ T6146] CPU: 1 UID: 0 PID: 6146 Comm: syz.2.43 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 133.884498][ T6146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 133.884516][ T6146] Call Trace: [ 133.884527][ T6146] [ 133.884539][ T6146] dump_stack_lvl+0x16c/0x1f0 [ 133.884597][ T6146] should_fail_ex+0x512/0x640 [ 133.884647][ T6146] ? fs_reclaim_acquire+0xae/0x150 [ 133.884702][ T6146] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 133.884739][ T6146] should_failslab+0xc2/0x120 [ 133.884781][ T6146] __kmalloc_noprof+0xd2/0x510 [ 133.884830][ T6146] tomoyo_realpath_from_path+0xc2/0x6e0 [ 133.884878][ T6146] tomoyo_get_exe+0x63/0xa0 [ 133.884922][ T6146] tomoyo_write_control+0x689/0x1430 [ 133.884982][ T6146] ? __pfx_tomoyo_write_control+0x10/0x10 [ 133.885033][ T6146] ? __pfx_tomoyo_write+0x10/0x10 [ 133.885066][ T6146] vfs_write+0x29d/0x1150 [ 133.885106][ T6146] ? __pfx___mutex_lock+0x10/0x10 [ 133.885160][ T6146] ? __pfx_vfs_write+0x10/0x10 [ 133.885206][ T6146] ? __fget_files+0x20e/0x3c0 [ 133.885251][ T6146] ksys_write+0x12a/0x250 [ 133.885285][ T6146] ? __pfx_ksys_write+0x10/0x10 [ 133.885332][ T6146] do_syscall_64+0xcd/0x490 [ 133.885378][ T6146] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.885422][ T6146] RIP: 0033:0x7f829d98e9a9 [ 133.885447][ T6146] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 133.885476][ T6146] RSP: 002b:00007f829e7d1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 133.885505][ T6146] RAX: ffffffffffffffda RBX: 00007f829dbb5fa0 RCX: 00007f829d98e9a9 [ 133.885617][ T6146] RDX: 00000000000005c8 RSI: 0000000000000000 RDI: 0000000000000003 [ 133.885635][ T6146] RBP: 00007f829e7d1090 R08: 0000000000000000 R09: 0000000000000000 [ 133.885652][ T6146] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 133.885669][ T6146] R13: 0000000000000000 R14: 00007f829dbb5fa0 R15: 00007fff0ebe46e8 [ 133.885736][ T6146] [ 133.885859][ T6146] ERROR: Out of memory at tomoyo_realpath_from_path. [ 134.411223][ T6151] random: crng reseeded on system resumption [ 135.066654][ T6155] RDS: rds_bind could not find a transport for ::ffff:100.1.1.1, load rds_tcp or rds_rdma? [ 137.675897][ T6179] binder: 6178:6179 unknown command 3 [ 137.726030][ T6179] binder: 6178:6179 ioctl c0306201 0 returned -22 [ 139.456534][ T6190] netlink: 28 bytes leftover after parsing attributes in process `syz.1.52'. [ 139.517366][ T6190] hsr_slave_0: left promiscuous mode [ 139.547262][ T6190] hsr_slave_1: left promiscuous mode [ 140.363733][ T30] audit: type=1800 audit(1753887559.237:3): pid=6205 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.57" name="members" dev="configfs" ino=8151 res=0 errno=0 [ 140.573963][ T6208] binder: 6207:6208 unknown command 3 [ 140.601047][ T6208] binder: 6207:6208 ioctl c0306201 0 returned -22 [ 144.074859][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 144.081928][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 144.429189][ T6253] random: crng reseeded on system resumption [ 145.719753][ T6268] ubi0: attaching mtd0 [ 145.808902][ T6268] ubi0: scanning is finished [ 145.814970][ T6268] ubi0: empty MTD device detected [ 146.245626][ T6268] ubi0 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt0d", error -4 [ 146.959012][ T6291] syz.0.71 (6291): /proc/6289/oom_adj is deprecated, please use /proc/6289/oom_score_adj instead. [ 148.480427][ T30] audit: type=1800 audit(4294967298.190:4): pid=6316 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.76" name="members" dev="configfs" ino=8442 res=0 errno=0 [ 152.563762][ C0] vcan0: j1939_tp_rxtimer: 0xffff88807a317400: rx timeout, send abort [ 153.073405][ C0] vcan0: j1939_tp_rxtimer: 0xffff88807a317400: abort rx timeout. Force session deactivation [ 154.037350][ T6395] netlink: 'syz.2.91': attribute type 2 has an invalid length. [ 154.931759][ T30] audit: type=1800 audit(4294967304.643:5): pid=6408 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.94" name="members" dev="configfs" ino=8712 res=0 errno=0 [ 155.293075][ T5847] Bluetooth: hci0: Unable to find connection for big 0xd2 [ 159.743147][ T6474] ecryptfs_miscdev_write: Minimum acceptable packet size is [14], but amount of data written is only [5]. Discarding response packet. [ 160.323694][ T6481] binder: 6480:6481 unknown command 3 [ 160.334549][ T6481] binder: 6480:6481 ioctl c0306201 0 returned -22 [ 160.354770][ T6475] FAULT_INJECTION: forcing a failure. [ 160.354770][ T6475] name fail_futex, interval 1, probability 0, space 0, times 1 [ 160.370568][ T6475] CPU: 0 UID: 0 PID: 6475 Comm: syz.3.108 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 160.370608][ T6475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 160.370625][ T6475] Call Trace: [ 160.370634][ T6475] [ 160.370645][ T6475] dump_stack_lvl+0x16c/0x1f0 [ 160.370689][ T6475] should_fail_ex+0x512/0x640 [ 160.370756][ T6475] get_futex_key+0x1d0/0x1540 [ 160.370797][ T6475] ? find_held_lock+0x2b/0x80 [ 160.370828][ T6475] ? __pfx_get_futex_key+0x10/0x10 [ 160.370868][ T6475] ? __mutex_trylock_common+0xe9/0x250 [ 160.370922][ T6475] futex_wake+0xea/0x530 [ 160.370974][ T6475] ? __pfx_futex_wake+0x10/0x10 [ 160.371018][ T6475] ? __lock_acquire+0xb8a/0x1c90 [ 160.371080][ T6475] do_futex+0x1e3/0x350 [ 160.371121][ T6475] ? __pfx_do_futex+0x10/0x10 [ 160.371157][ T6475] ? __might_fault+0xe3/0x190 [ 160.371204][ T6475] mm_release+0x24e/0x300 [ 160.371240][ T6475] do_exit+0x68b/0x2bd0 [ 160.371291][ T6475] ? __pfx_do_exit+0x10/0x10 [ 160.371331][ T6475] ? do_raw_spin_lock+0x12c/0x2b0 [ 160.371378][ T6475] ? find_held_lock+0x2b/0x80 [ 160.371416][ T6475] do_group_exit+0xd3/0x2a0 [ 160.371462][ T6475] get_signal+0x2673/0x26d0 [ 160.371513][ T6475] ? __pfx_get_signal+0x10/0x10 [ 160.371546][ T6475] ? do_futex+0x122/0x350 [ 160.371585][ T6475] ? __pfx_do_futex+0x10/0x10 [ 160.371629][ T6475] arch_do_signal_or_restart+0x8f/0x790 [ 160.371670][ T6475] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 160.371720][ T6475] ? xfd_validate_state+0x61/0x180 [ 160.371772][ T6475] ? __pfx_do_writev+0x10/0x10 [ 160.371811][ T6475] exit_to_user_mode_loop+0x84/0x110 [ 160.371861][ T6475] do_syscall_64+0x3f6/0x490 [ 160.371902][ T6475] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 160.371931][ T6475] RIP: 0033:0x7f263b78e9a9 [ 160.371955][ T6475] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 160.371986][ T6475] RSP: 002b:00007f263c5620e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 160.372015][ T6475] RAX: fffffffffffffe00 RBX: 00007f263b9b6088 RCX: 00007f263b78e9a9 [ 160.372034][ T6475] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f263b9b6088 [ 160.372051][ T6475] RBP: 00007f263b9b6080 R08: 0000000000000000 R09: 0000000000000000 [ 160.372067][ T6475] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f263b9b608c [ 160.372085][ T6475] R13: 0000000000000000 R14: 00007ffe921511b0 R15: 00007ffe92151298 [ 160.372123][ T6475] [ 162.015817][ T6496] netlink: 12 bytes leftover after parsing attributes in process `syz.0.111'. [ 163.521704][ T6534] block nbd0: Unsupported socket: shutdown callout must be supported. [ 164.849545][ T6521] sp0: Synchronizing with TNC [ 165.094725][ T6536] random: crng reseeded on system resumption [ 165.119046][ T30] audit: type=1800 audit(4294967314.828:6): pid=6542 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.120" name="members" dev="configfs" ino=10145 res=0 errno=0 [ 168.009699][ T6573] capability: warning: `syz.1.122' uses 32-bit capabilities (legacy support in use) [ 168.408604][ T6582] zswap: compressor 000 not available [ 168.816944][ T6584] zswap: compressor not available [ 168.846190][ T6582] zswap: compressor [ 168.846190][ T6582] use_profile 0 [ 168.846190][ T6582] [ 168.846190][ T6582] file mkdir/chmod /dev/ 0755 [ 168.846190][ T6582] file chown/chgrp /dev/ 0 [ 168.846190][ T6582] file mkchar /dev/console 0600 5 1 [ 168.846190][ T6582] file chown/chgrp /dev/console 0 [ 168.846190][ T6582] file chmod /dev/console 0600 [ 168.846190][ T6582] file mkdir/chmod /root/ 0700 [ 168.846190][ T6582] file chown/chgrp /root/ 0 [ 168.846190][ T6582] file read/write /dev/console [ 168.846190][ T6582] file mkblock /dev/ram 0600 1 0 [ 168.846190][ T6582] file read/write/unlink /dev/ram [ 168.846190][ T6582] file mkblock /dev/root 0600 8 1 [ 168.846190][ T6582] file mount /dev/root /root/ ext3 0x8001 [ 168.846190][ T6582] file mount /dev/root /root/ ext2 0x8001 [ 168.846190][ T6582] file mount /dev/root /root/ ext4 0x8001 [ 168.846190][ T6582] file mount devtmpfs /root/dev/ devtmpfs 0x8000 [ 168.846190][ T6582] file mount /root/ / --move 0x0 [ 168.846190][ T6582] file chroot / [ 168.846190][ T6582] file write proc:/sys/kernel/hung_task_all_cpu_backtrace [ 168.846190][ T6582] file write proc:/sys/vm/nr_hugepages [ 168.846190][ T6582] file write proc:/sys/vm/nr_overcommit_hugepages [ 168.846190][ T6582] file write proc:/sys/net/core/netdev_unregister_timeout_secs [ 168.846190][ T6582] file execute /sbin/init exec.realpath="/sbin/init" exec.argv[0]="/sbin/init" [ 168.846190][ T6582] file execute /sbin/modprobe exec.realpath="/sbin/modprobe" exec.argv[0]="/sbin/modprobe" [ 168.846190][ T6582] [ 168.846190][ T6582] /sbin/init [ 168.846190][ T6582] use_profile 0 [ 168.846190][ T6582] [ 168.846190][ T6582] misc env HOME [ 168.846190][ T6582] misc env TERM [ 168.846190][ T6582] misc env [ 168.847249][ T6600] zswap: compressor 600 [ 168.847249][ T6600] nel> [ 168.847249][ T6600] use_profile 0 [ 168.847249][ T6600] [ 168.847249][ T6600] file mkdir/chmod /dev/ 0755 [ 168.847249][ T6600] file chown/chgrp /dev/ 0 [ 168.847249][ T6600] file mkchar /dev/console 0600 5 1 [ 168.847249][ T6600] file chown/chgrp /dev/console 0 [ 168.847249][ T6600] file chmod /dev/console 0600 [ 168.847249][ T6600] file mkdir/chmod /root/ 0700 [ 168.847249][ T6600] file chown/chgrp /root/ 0 [ 168.847249][ T6600] file read/write /dev/console [ 168.847249][ T6600] file mkblock /dev/ram 0600 1 0 [ 168.847249][ T6600] file read/write/unlink /dev/ram [ 168.847249][ T6600] file mkblock /dev/root 0600 8 1 [ 168.847249][ T6600] file mount /dev/root /root/ ext3 0x8001 [ 168.847249][ T6600] file mount /dev/root /root/ ext2 0x8001 [ 168.847249][ T6600] file mount /dev/root /root/ ext4 0x8001 [ 168.847249][ T6600] file mount devtmpfs /root/dev/ devtmpfs 0x8000 [ 168.847249][ T6600] file mount /root/ / --move 0x0 [ 168.847249][ T6600] file chroot / [ 168.847249][ T6600] file write proc:/sys/kernel/hung_task_all_cpu_backtrace [ 168.847249][ T6600] file write proc:/sys/vm/nr_hugepages [ 168.847249][ T6600] file write proc:/sys/vm/nr_overcommit_hugepages [ 168.847249][ T6600] file write proc:/sys/net/core/netdev_unregister_timeout_secs [ 168.847249][ T6600] file execute /sbin/init exec.realpath="/sbin/init" exec.argv[0]="/sbin/init" [ 168.847249][ T6600] file execute /sbin/modprobe exec.realpath="/sbin/modprobe" exec.argv[0]="/sbin/modprobe" [ 168.847249][ T6600] [ 168.847249][ T6600] /sbin/init [ 168.847249][ T6600] use_profile 0 [ 168.847249][ T6600] [ 168.847249][ T6600] misc env HOME [ 168.847249][ T6600] misc env TERM [ 168.847249][ T6600] misc env [ 172.423824][ T6636] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 172.600482][ T6636] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 175.004277][ T30] audit: type=1800 audit(4294967302.430:7): pid=6657 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.141" name="members" dev="configfs" ino=11347 res=0 errno=0 ë[ 178.933641][ T6701] binder: 6700:6701 unknown command 3 [ 178.942245][ T6704] binder: 6702:6704 unknown command 3 [ 178.984813][ T6701] binder: 6700:6701 ioctl c0306201 0 returned -22 [ 178.992262][ T6704] binder: 6702:6704 ioctl c0306201 0 returned -22 [ 180.380197][ T6717] netlink: 8 bytes leftover after parsing attributes in process `syz.0.153'. syzkaller syzkaller login: [ 187.714068][ T6814] binder: 6811:6814 unknown command 3 [ 187.735121][ T6814] binder: 6811:6814 ioctl c0306201 0 returned -22 [ 189.633039][ T6836] netlink: 8 bytes leftover after parsing attributes in process `syz.0.176'. [ 192.860029][ T5847] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 193.364777][ T6878] random: crng reseeded on system resumption [ 198.198938][ T6944] netlink: 8 bytes leftover after parsing attributes in process `syz.0.194'. [ 200.304783][ T5844] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 200.304830][ T5844] Bluetooth: hci2: unexpected subevent 0x0e length: 725 > 15 [ 200.323016][ T5844] Bluetooth: hci2: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f [ 200.490494][ T6980] nbd: illegal input index 2147483647 [ 202.966756][ T7003] FAULT_INJECTION: forcing a failure. [ 202.966756][ T7003] name failslab, interval 1, probability 0, space 0, times 0 [ 203.201547][ T7003] CPU: 0 UID: 0 PID: 7003 Comm: syz.1.205 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 203.201585][ T7003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 203.201599][ T7003] Call Trace: [ 203.201607][ T7003] [ 203.201617][ T7003] dump_stack_lvl+0x16c/0x1f0 [ 203.201657][ T7003] should_fail_ex+0x512/0x640 [ 203.201696][ T7003] ? __kvmalloc_node_noprof+0x124/0x620 [ 203.201726][ T7003] should_failslab+0xc2/0x120 [ 203.201759][ T7003] __kvmalloc_node_noprof+0x137/0x620 [ 203.201786][ T7003] ? io_alloc_cache_init+0x33/0x170 [ 203.201832][ T7003] ? io_alloc_cache_init+0x33/0x170 [ 203.201869][ T7003] io_alloc_cache_init+0x33/0x170 [ 203.201911][ T7003] io_uring_setup+0x5e1/0x2080 [ 203.201951][ T7003] ? __pfx_io_uring_setup+0x10/0x10 [ 203.201984][ T7003] ? do_futex+0x122/0x350 [ 203.202017][ T7003] ? __pfx_do_futex+0x10/0x10 [ 203.202065][ T7003] ? xfd_validate_state+0x61/0x180 [ 203.202108][ T7003] __x64_sys_io_uring_setup+0xc2/0x170 [ 203.202145][ T7003] do_syscall_64+0xcd/0x490 [ 203.202184][ T7003] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 203.202209][ T7003] RIP: 0033:0x7fb19e18e9a9 [ 203.202232][ T7003] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 203.202257][ T7003] RSP: 002b:00007fb19eff9038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 203.202280][ T7003] RAX: ffffffffffffffda RBX: 00007fb19e3b5fa0 RCX: 00007fb19e18e9a9 [ 203.202297][ T7003] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000059 [ 203.202312][ T7003] RBP: 00007fb19e210d69 R08: 0000000000000000 R09: 0000000000000000 [ 203.202328][ T7003] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 203.202342][ T7003] R13: 0000000000000000 R14: 00007fb19e3b5fa0 R15: 00007ffe2260eac8 [ 203.202373][ T7003] [ 203.882134][ T7012] netlink: 8 bytes leftover after parsing attributes in process `syz.1.208'. [ 204.597769][ T7014] netlink: 226 bytes leftover after parsing attributes in process `syz.3.209'. [ 204.663171][ T7014] netlink: 4 bytes leftover after parsing attributes in process `syz.3.209'. [ 204.681465][ T7014] A link change request failed with some changes committed already. Interface wg1 may have been left with an inconsistent configuration, please check. [ 205.344495][ T7019] netlink: 28 bytes leftover after parsing attributes in process `syz.2.210'. [ 205.508675][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 205.518456][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 206.558371][ T30] audit: type=1800 audit(4294967333.980:8): pid=7042 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.215" name="members" dev="configfs" ino=12358 res=0 errno=0 [ 207.519448][ T7059] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 211.545107][ T7121] warning: `syz.3.228' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 212.303566][ T7132] openvswitch: netlink: IP tunnel dst address not specified [ 217.646673][ T7190] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 218.599691][ T7222] ======================================================= [ 218.599691][ T7222] WARNING: The mand mount option has been deprecated and [ 218.599691][ T7222] and is ignored by this kernel. Remove the mand [ 218.599691][ T7222] option from the mount to silence this warning. [ 218.599691][ T7222] ======================================================= [ 218.726733][ T7224] binder: 7223:7224 unknown command 3 [ 218.732406][ T7224] binder: 7223:7224 ioctl c0306201 0 returned -22 [ 220.289179][ T7250] netlink: 8 bytes leftover after parsing attributes in process `syz.2.255'. [ 222.987774][ T7269] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input5 [ 223.458096][ T7271] FAULT_INJECTION: forcing a failure. [ 223.458096][ T7271] name failslab, interval 1, probability 0, space 0, times 0 [ 223.492712][ T7271] CPU: 1 UID: 0 PID: 7271 Comm: syz.1.260 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 223.492754][ T7271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 223.492771][ T7271] Call Trace: [ 223.492780][ T7271] [ 223.492790][ T7271] dump_stack_lvl+0x16c/0x1f0 [ 223.492831][ T7271] should_fail_ex+0x512/0x640 [ 223.492873][ T7271] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 223.492924][ T7271] should_failslab+0xc2/0x120 [ 223.492966][ T7271] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 223.493004][ T7271] ? __d_alloc+0x32/0xae0 [ 223.493049][ T7271] __d_alloc+0x32/0xae0 [ 223.493089][ T7271] d_alloc_pseudo+0x1c/0xc0 [ 223.493135][ T7271] alloc_file_pseudo+0xcf/0x230 [ 223.493184][ T7271] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 223.493237][ T7271] ? alloc_fd+0x471/0x7d0 [ 223.493278][ T7271] sock_alloc_file+0x50/0x210 [ 223.493329][ T7271] __sys_socket+0x1c0/0x260 [ 223.493380][ T7271] ? __pfx___sys_socket+0x10/0x10 [ 223.493407][ T7271] ? xfd_validate_state+0x61/0x180 [ 223.493448][ T7271] ? __pfx___do_sys_close_range+0x10/0x10 [ 223.493493][ T7271] __x64_sys_socket+0x72/0xb0 [ 223.493530][ T7271] ? lockdep_hardirqs_on+0x7c/0x110 [ 223.493567][ T7271] do_syscall_64+0xcd/0x490 [ 223.493611][ T7271] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 223.493643][ T7271] RIP: 0033:0x7fb19e18e9a9 [ 223.493668][ T7271] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 223.493699][ T7271] RSP: 002b:00007fb19efd8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 223.493728][ T7271] RAX: ffffffffffffffda RBX: 00007fb19e3b6080 RCX: 00007fb19e18e9a9 [ 223.493748][ T7271] RDX: 0000000000000106 RSI: 0000000000000801 RDI: 000000000000000a [ 223.493767][ T7271] RBP: 00007fb19e210d69 R08: 0000000000000000 R09: 0000000000000000 [ 223.493785][ T7271] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 223.493801][ T7271] R13: 0000000000000000 R14: 00007fb19e3b6080 R15: 00007ffe2260eac8 [ 223.493840][ T7271] [ 224.095547][ T7270] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input6 [ 226.575476][ T5844] Bluetooth: hci0: unexpected event 0x32 length: 10 > 9 [ 227.277390][ T5844] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 227.277443][ T5844] Bluetooth: hci1: unexpected subevent 0x0e length: 725 > 15 [ 227.297195][ T5844] Bluetooth: hci1: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f [ 228.479889][ T5844] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 228.479925][ T5844] Bluetooth: hci0: unexpected subevent 0x0e length: 725 > 15 [ 228.496287][ T5844] Bluetooth: hci0: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f [ 231.347312][ T7383] binder: 7382:7383 unknown command 3 [ 231.353217][ T7383] binder: 7382:7383 ioctl c0306201 0 returned -22 [ 231.563686][ T7391] netlink: 8 bytes leftover after parsing attributes in process `syz.2.279'. [ 233.162357][ T51] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 233.162408][ T51] Bluetooth: hci2: unexpected subevent 0x0e length: 725 > 15 [ 233.182101][ T5840] Bluetooth: hci1: command 0x0406 tx timeout [ 233.185862][ T5158] Bluetooth: hci0: command 0x0406 tx timeout [ 233.193889][ T5840] Bluetooth: hci3: command 0x0406 tx timeout [ 233.403197][ T51] Bluetooth: hci2: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f [ 233.413992][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 234.257731][ T7441] netlink: 8 bytes leftover after parsing attributes in process `syz.1.288'. [ 235.051932][ T7457] tty tty18: ldisc open failed (-12), clearing slot 17 [ 235.378991][ T7463] netlink: 28 bytes leftover after parsing attributes in process `syz.0.294'. [ 235.927470][ T7463] team0: Port device team_slave_1 removed [ 237.392156][ T7490] netlink: 4 bytes leftover after parsing attributes in process `syz.1.300'. [ 238.642791][ T7504] sp0: Synchronizing with TNC [ 240.941677][ T7544] netlink: 8 bytes leftover after parsing attributes in process `syz.3.309'. [ 249.861665][ T7664] netlink: 346 bytes leftover after parsing attributes in process `syz.2.330'. [ 250.141309][ T7676] netlink: 8 bytes leftover after parsing attributes in process `syz.1.332'. [ 250.153464][ T7674] sp0: Synchronizing with TNC [ 253.212897][ T7722] sp0: Synchronizing with TNC [ 254.259719][ T7738] FAULT_INJECTION: forcing a failure. [ 254.259719][ T7738] name failslab, interval 1, probability 0, space 0, times 0 [ 254.273394][ T7738] CPU: 1 UID: 0 PID: 7738 Comm: syz.1.344 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 254.273426][ T7738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 254.273444][ T7738] Call Trace: [ 254.273452][ T7738] [ 254.273460][ T7738] dump_stack_lvl+0x16c/0x1f0 [ 254.273496][ T7738] should_fail_ex+0x512/0x640 [ 254.273624][ T7738] ? fs_reclaim_acquire+0xae/0x150 [ 254.273663][ T7738] ? tomoyo_encode2+0x100/0x3e0 [ 254.273686][ T7738] should_failslab+0xc2/0x120 [ 254.273717][ T7738] __kmalloc_noprof+0xd2/0x510 [ 254.273744][ T7738] ? d_absolute_path+0x136/0x1a0 [ 254.273783][ T7738] tomoyo_encode2+0x100/0x3e0 [ 254.273811][ T7738] tomoyo_encode+0x29/0x50 [ 254.273835][ T7738] tomoyo_realpath_from_path+0x18f/0x6e0 [ 254.273869][ T7738] tomoyo_path_number_perm+0x245/0x580 [ 254.273906][ T7738] ? tomoyo_path_number_perm+0x237/0x580 [ 254.273947][ T7738] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 254.274015][ T7738] ? find_held_lock+0x2b/0x80 [ 254.274038][ T7738] ? hook_file_ioctl_common+0x145/0x410 [ 254.274080][ T7738] ? __fget_files+0x20e/0x3c0 [ 254.274109][ T7738] security_file_ioctl+0x9b/0x240 [ 254.274151][ T7738] __x64_sys_ioctl+0xb7/0x210 [ 254.274190][ T7738] do_syscall_64+0xcd/0x490 [ 254.274228][ T7738] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 254.274253][ T7738] RIP: 0033:0x7fb19e18e9a9 [ 254.274272][ T7738] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 254.274294][ T7738] RSP: 002b:00007fb19efd8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 254.274316][ T7738] RAX: ffffffffffffffda RBX: 00007fb19e3b6080 RCX: 00007fb19e18e9a9 [ 254.274331][ T7738] RDX: 00002000000001c0 RSI: fffffffffffffd03 RDI: 000000000000000a [ 254.274346][ T7738] RBP: 00007fb19e210d69 R08: 0000000000000000 R09: 0000000000000000 [ 254.274360][ T7738] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 254.274374][ T7738] R13: 0000000000000000 R14: 00007fb19e3b6080 R15: 00007ffe2260eac8 [ 254.274403][ T7738] [ 254.274428][ T7738] ERROR: Out of memory at tomoyo_realpath_from_path. [ 254.866621][ T7750] binder: 7749:7750 unknown command 3 [ 254.872085][ T7750] binder: 7749:7750 ioctl c0306201 0 returned -22 [ 255.856148][ T7765] random: crng reseeded on system resumption [ 256.856785][ T7734] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 256.911732][ T7734] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 257.964848][ T7786] sp0: Synchronizing with TNC [ 260.180663][ T7801] random: crng reseeded on system resumption [ 261.315552][ T7828] nbd: must specify a size in bytes for the device [ 262.399705][ T7841] sp0: Synchronizing with TNC [ 262.413087][ T7842] sp0: Found TNC [ 262.691056][ T7845] binder: 7844:7845 unknown command 3 [ 262.714018][ T7845] binder: 7844:7845 ioctl c0306201 0 returned -22 [ 264.190841][ T7862] ovs_: entered promiscuous mode [ 266.945920][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 266.954700][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 268.042458][ T7922] Invalid ELF header magic: != ELF [ 270.767410][ T7952] sp0: Synchronizing with TNC [ 270.796436][ T7957] sp0: Found TNC [ 270.804542][ T7955] sp1: Synchronizing with TNC [ 270.815931][ T7959] sp1: Found TNC [ 275.129586][ T8016] syz.2.396 (8016) used greatest stack depth: 19784 bytes left [ 278.800043][ T51] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 278.800092][ T51] Bluetooth: hci0: unexpected subevent 0x0e length: 725 > 15 [ 278.816202][ T51] Bluetooth: hci0: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f [ 278.963808][ T8087] openvswitch: netlink: IPv4 tunnel dst address is zero [ 279.285836][ T8101] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 282.780436][ T51] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 282.780471][ T51] Bluetooth: hci2: unexpected subevent 0x0e length: 725 > 15 [ 282.797178][ T51] Bluetooth: hci2: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f [ 283.742114][ T8153] openvswitch: netlink: IPv4 tunnel dst address is zero [ 284.286767][ T8163] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 284.668113][ T8172] netlink: 8 bytes leftover after parsing attributes in process `syz.1.430'. [ 285.016626][ T8175] netlink: 8 bytes leftover after parsing attributes in process `syz.3.433'. [ 285.353489][ T8179] binder: 8178:8179 unknown command 3 [ 285.361887][ T8179] binder: 8178:8179 ioctl c0306201 0 returned -22 [ 286.550358][ T8206] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 288.052599][ T8223] netlink: 8 bytes leftover after parsing attributes in process `syz.0.444'. [ 289.083740][ T51] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 289.083785][ T51] Bluetooth: hci2: unexpected subevent 0x0e length: 725 > 15 [ 289.096331][ T5847] Bluetooth: hci0: ACL packet for unknown connection handle 0 [ 289.109174][ T51] Bluetooth: hci2: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f [ 289.246246][ T8234] netlink: 28 bytes leftover after parsing attributes in process `syz.1.446'. [ 289.299176][ T8234] ipvlan0: entered allmulticast mode [ 289.305020][ T8234] veth0_vlan: entered allmulticast mode [ 290.903454][ T8270] binder: 8269:8270 unknown command 3 [ 290.909463][ T8270] binder: 8269:8270 ioctl c0306201 0 returned -22 [ 291.628508][ T8285] netlink: 8 bytes leftover after parsing attributes in process `syz.3.456'. [ 292.545013][ T8303] sp0: Synchronizing with TNC [ 292.576466][ T8303] FAULT_INJECTION: forcing a failure. [ 292.576466][ T8303] name failslab, interval 1, probability 0, space 0, times 0 [ 292.635541][ T8303] CPU: 0 UID: 0 PID: 8303 Comm: syz.3.459 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 292.635585][ T8303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 292.635603][ T8303] Call Trace: [ 292.635614][ T8303] [ 292.635627][ T8303] dump_stack_lvl+0x16c/0x1f0 [ 292.635671][ T8303] should_fail_ex+0x512/0x640 [ 292.635720][ T8303] ? fs_reclaim_acquire+0xae/0x150 [ 292.635769][ T8303] ? tomoyo_encode2+0x100/0x3e0 [ 292.635800][ T8303] should_failslab+0xc2/0x120 [ 292.635841][ T8303] __kmalloc_noprof+0xd2/0x510 [ 292.635887][ T8303] tomoyo_encode2+0x100/0x3e0 [ 292.635926][ T8303] tomoyo_encode+0x29/0x50 [ 292.635972][ T8303] tomoyo_realpath_from_path+0x18f/0x6e0 [ 292.636009][ T8303] ? tomoyo_profile+0x47/0x60 [ 292.636059][ T8303] tomoyo_path_number_perm+0x245/0x580 [ 292.636106][ T8303] ? tomoyo_path_number_perm+0x237/0x580 [ 292.636158][ T8303] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 292.636209][ T8303] ? find_held_lock+0x2b/0x80 [ 292.636279][ T8303] ? find_held_lock+0x2b/0x80 [ 292.636309][ T8303] ? hook_file_ioctl_common+0x145/0x410 [ 292.636365][ T8303] ? __fget_files+0x20e/0x3c0 [ 292.636404][ T8303] security_file_ioctl+0x9b/0x240 [ 292.636455][ T8303] __x64_sys_ioctl+0xb7/0x210 [ 292.636503][ T8303] do_syscall_64+0xcd/0x490 [ 292.636547][ T8303] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 292.636584][ T8303] RIP: 0033:0x7f263b78e9a9 [ 292.636609][ T8303] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 292.636639][ T8303] RSP: 002b:00007f263c583038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 292.636667][ T8303] RAX: ffffffffffffffda RBX: 00007f263b9b5fa0 RCX: 00007f263b78e9a9 [ 292.636686][ T8303] RDX: 0000200000000000 RSI: 0000000000005412 RDI: 0000000000000009 [ 292.636703][ T8303] RBP: 00007f263c583090 R08: 0000000000000000 R09: 0000000000000000 [ 292.636719][ T8303] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 292.636735][ T8303] R13: 0000000000000000 R14: 00007f263b9b5fa0 R15: 00007ffe92151298 [ 292.636775][ T8303] [ 292.636885][ T8303] ERROR: Out of memory at tomoyo_realpath_from_path. [ 292.902764][ T8303] sp0: Found TNC [ 294.936961][ T8336] pci 0000:00:01.0: [8086:7110] type 00 class 0x060100 conventional PCI endpoint [ 295.506972][ T51] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 295.507021][ T51] Bluetooth: hci2: unexpected subevent 0x0e length: 725 > 15 [ 295.529840][ T51] Bluetooth: hci2: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f [ 295.951387][ T8357] binder: 8354:8357 unknown command 3 [ 295.957518][ T8357] binder: 8354:8357 ioctl c0306201 0 returned -22 [ 303.768618][ T8442] netlink: 8 bytes leftover after parsing attributes in process `syz.0.487'. [ 304.829057][ T8453] zswap: compressor not available [ 308.052763][ T8494] sysfs_service_op_show: Client not running :-5: [ 308.240497][ T8502] netlink: 8 bytes leftover after parsing attributes in process `syz.2.501'. [ 310.982851][ T8538] [U]  [ 310.986144][ T8538] [U] [ 310.988932][ T8538] [U] [ 310.991805][ T8538] [U] [ 311.018846][ T8538] [U] [ 311.021770][ T8538] [U] [ 311.024917][ T8538] [U] [ 311.027884][ T8538] [U] [ 311.051141][ T8538] [U] [ 311.054700][ T8538] [U] [ 311.057487][ T8538] [U] [ 311.060348][ T8538] [U] [ 311.111611][ T8538] [U] [ 311.114520][ T8538] [U] [ 311.117322][ T8538] [U] [ 311.120195][ T8538] [U] [ 311.171592][ T8538] [U] [ 311.174422][ T8538] [U] [ 311.177338][ T8538] [U] [ 311.180201][ T8538] [U] [ 311.281138][ T8538] [U] [ 311.283953][ T8538] [U] [ 311.287062][ T8538] [U] [ 311.290271][ T8538] [U] [ 311.412579][ T8538] [U] [ 312.309822][ T8564] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 313.629858][ T8577] netlink: 4 bytes leftover after parsing attributes in process `syz.3.515'. [ 313.682424][ T8579] openvswitch: netlink: IPv4 tunnel dst address is zero [ 313.766850][ T8583] netlink: 'syz.3.515': attribute type 1 has an invalid length. [ 313.803460][ T8583] netlink: 13 bytes leftover after parsing attributes in process `syz.3.515'. [ 315.167035][ T8600] futex_wake_op: syz.2.520 tries to shift op by -2048; fix this program [ 315.215208][ T8600] futex_wake_op: syz.2.520 tries to shift op by -2048; fix this program [ 315.575239][ T8614] netlink: 8 bytes leftover after parsing attributes in process `syz.0.531'. [ 315.908086][ T8624] [ 315.910591][ T8624] ====================================================== [ 315.918164][ T8624] WARNING: possible circular locking dependency detected [ 315.926203][ T8624] 6.16.0-syzkaller-04405-g4b290aae788e #0 Not tainted [ 315.933122][ T8624] ------------------------------------------------------ [ 315.940532][ T8624] syz.1.524/8624 is trying to acquire lock: [ 315.946820][ T8624] ffffffff8e465250 (cpu_hotplug_lock){++++}-{0:0}, at: static_key_slow_inc+0x12/0x30 [ 315.957231][ T8624] [ 315.957231][ T8624] but task is already holding lock: [ 315.964801][ T8624] ffff8880263fd130 (&q->rq_qos_mutex){+.+.}-{4:4}, at: wbt_init+0x393/0x540 [ 315.974024][ T8624] [ 315.974024][ T8624] which lock already depends on the new lock. [ 315.974024][ T8624] [ 315.985370][ T8624] [ 315.985370][ T8624] the existing dependency chain (in reverse order) is: [ 315.995397][ T8624] [ 315.995397][ T8624] -> #3 (&q->rq_qos_mutex){+.+.}-{4:4}: [ 316.003629][ T8624] __mutex_lock+0x191/0x1070 [ 316.009191][ T8624] wbt_init+0x393/0x540 [ 316.016225][ T8624] queue_wb_lat_store+0x354/0x3d0 [ 316.022952][ T8624] queue_attr_store+0x26b/0x310 [ 316.029017][ T8624] sysfs_kf_write+0xef/0x150 [ 316.036605][ T8624] kernfs_fop_write_iter+0x354/0x510 [ 316.043362][ T8624] vfs_write+0x6c4/0x1150 [ 316.048913][ T8624] ksys_write+0x12a/0x250 [ 316.054538][ T8624] do_syscall_64+0xcd/0x490 [ 316.060448][ T8624] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 316.067794][ T8624] [ 316.067794][ T8624] -> #2 (&q->q_usage_counter(io)#58){++++}-{0:0}: [ 316.079418][ T8624] blk_alloc_queue+0x619/0x760 [ 316.085943][ T8624] blk_mq_alloc_queue+0x172/0x280 [ 316.092994][ T8624] __blk_mq_alloc_disk+0x29/0x120 [ 316.099946][ T8624] nbd_dev_add+0x492/0xbb0 [ 316.106096][ T8624] nbd_init+0x181/0x320 [ 316.112415][ T8624] do_one_initcall+0x120/0x6e0 [ 316.118605][ T8624] kernel_init_freeable+0x5c2/0x900 [ 316.126447][ T8624] kernel_init+0x1c/0x2b0 [ 316.133442][ T8624] ret_from_fork+0x5d4/0x6f0 [ 316.141760][ T8624] ret_from_fork_asm+0x1a/0x30 [ 316.148786][ T8624] [ 316.148786][ T8624] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 316.156750][ T8624] fs_reclaim_acquire+0x102/0x150 [ 316.162816][ T8624] __kmalloc_cache_node_noprof+0x53/0x420 [ 316.170167][ T8624] create_worker+0x10f/0x7e0 [ 316.176914][ T8624] workqueue_prepare_cpu+0xb5/0x160 [ 316.183035][ T8624] cpuhp_invoke_callback+0x3d2/0xa10 [ 316.189240][ T8624] __cpuhp_invoke_callback_range+0x101/0x210 [ 316.196006][ T8624] _cpu_up+0x3f5/0x930 [ 316.200693][ T8624] cpu_up+0x1dc/0x240 [ 316.205420][ T8624] cpuhp_bringup_mask+0xd8/0x210 [ 316.211095][ T8624] bringup_nonboot_cpus+0x176/0x1c0 [ 316.216966][ T8624] smp_init+0x34/0x160 [ 316.221791][ T8624] kernel_init_freeable+0x3a8/0x900 [ 316.227661][ T8624] kernel_init+0x1c/0x2b0 [ 316.233008][ T8624] ret_from_fork+0x5d4/0x6f0 [ 316.238314][ T8624] ret_from_fork_asm+0x1a/0x30 [ 316.244244][ T8624] [ 316.244244][ T8624] -> #0 (cpu_hotplug_lock){++++}-{0:0}: [ 316.252761][ T8624] __lock_acquire+0x126f/0x1c90 [ 316.258645][ T8624] lock_acquire+0x179/0x350 [ 316.264188][ T8624] cpus_read_lock+0x42/0x160 [ 316.270089][ T8624] static_key_slow_inc+0x12/0x30 [ 316.277072][ T8624] rq_qos_add+0x2f8/0x4b0 [ 316.283877][ T8624] wbt_init+0x3a9/0x540 [ 316.289129][ T8624] queue_wb_lat_store+0x354/0x3d0 [ 316.296240][ T8624] queue_attr_store+0x26b/0x310 [ 316.302513][ T8624] sysfs_kf_write+0xef/0x150 [ 316.308100][ T8624] kernfs_fop_write_iter+0x354/0x510 [ 316.315517][ T8624] vfs_write+0x6c4/0x1150 [ 316.321131][ T8624] ksys_write+0x12a/0x250 [ 316.326582][ T8624] do_syscall_64+0xcd/0x490 [ 316.331947][ T8624] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 316.338786][ T8624] [ 316.338786][ T8624] other info that might help us debug this: [ 316.338786][ T8624] [ 316.349977][ T8624] Chain exists of: [ 316.349977][ T8624] cpu_hotplug_lock --> &q->q_usage_counter(io)#58 --> &q->rq_qos_mutex [ 316.349977][ T8624] [ 316.365138][ T8624] Possible unsafe locking scenario: [ 316.365138][ T8624] [ 316.373093][ T8624] CPU0 CPU1 [ 316.378680][ T8624] ---- ---- [ 316.384188][ T8624] lock(&q->rq_qos_mutex); [ 316.388847][ T8624] lock(&q->q_usage_counter(io)#58); [ 316.397056][ T8624] lock(&q->rq_qos_mutex); [ 316.404673][ T8624] rlock(cpu_hotplug_lock); [ 316.409423][ T8624] [ 316.409423][ T8624] *** DEADLOCK *** [ 316.409423][ T8624] [ 316.417865][ T8624] 7 locks held by syz.1.524/8624: [ 316.423252][ T8624] #0: ffff88807cae17b8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2a2/0x370 [ 316.433268][ T8624] #1: ffff888024e5a428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 316.442844][ T8624] #2: ffff88805a31ac88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 [ 316.453214][ T8624] #3: ffff888142b85008 (kn->active#162){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 [ 316.463905][ T8624] #4: ffff8880263fcf28 (&q->q_usage_counter(io)#58){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 316.475848][ T8624] #5: ffff8880263fcf60 (&q->q_usage_counter(queue)#10){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 316.488766][ T8624] #6: ffff8880263fd130 (&q->rq_qos_mutex){+.+.}-{4:4}, at: wbt_init+0x393/0x540 [ 316.498325][ T8624] [ 316.498325][ T8624] stack backtrace: [ 316.504254][ T8624] CPU: 0 UID: 0 PID: 8624 Comm: syz.1.524 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 316.504288][ T8624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 316.504304][ T8624] Call Trace: [ 316.504314][ T8624] [ 316.504324][ T8624] dump_stack_lvl+0x116/0x1f0 [ 316.504360][ T8624] print_circular_bug+0x275/0x350 [ 316.504398][ T8624] check_noncircular+0x14c/0x170 [ 316.504437][ T8624] __lock_acquire+0x126f/0x1c90 [ 316.504480][ T8624] lock_acquire+0x179/0x350 [ 316.504515][ T8624] ? static_key_slow_inc+0x12/0x30 [ 316.504543][ T8624] ? __pfx___might_resched+0x10/0x10 [ 316.504575][ T8624] cpus_read_lock+0x42/0x160 [ 316.504604][ T8624] ? static_key_slow_inc+0x12/0x30 [ 316.504629][ T8624] static_key_slow_inc+0x12/0x30 [ 316.504654][ T8624] rq_qos_add+0x2f8/0x4b0 [ 316.504693][ T8624] wbt_init+0x3a9/0x540 [ 316.504722][ T8624] queue_wb_lat_store+0x354/0x3d0 [ 316.504766][ T8624] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 316.504809][ T8624] ? __mutex_trylock_common+0xe9/0x250 [ 316.504849][ T8624] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 316.504890][ T8624] queue_attr_store+0x26b/0x310 [ 316.504932][ T8624] ? __pfx_queue_attr_store+0x10/0x10 [ 316.504979][ T8624] ? __lock_acquire+0x622/0x1c90 [ 316.505022][ T8624] ? find_held_lock+0x2b/0x80 [ 316.505049][ T8624] ? sysfs_file_kobj+0xe4/0x290 [ 316.505078][ T8624] ? __pfx_queue_attr_store+0x10/0x10 [ 316.505120][ T8624] sysfs_kf_write+0xef/0x150 [ 316.505146][ T8624] kernfs_fop_write_iter+0x354/0x510 [ 316.505187][ T8624] ? __pfx_sysfs_kf_write+0x10/0x10 [ 316.505216][ T8624] vfs_write+0x6c4/0x1150 [ 316.505246][ T8624] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 316.505291][ T8624] ? __pfx___mutex_lock+0x10/0x10 [ 316.505326][ T8624] ? __pfx_vfs_write+0x10/0x10 [ 316.505364][ T8624] ksys_write+0x12a/0x250 [ 316.505392][ T8624] ? __pfx_ksys_write+0x10/0x10 [ 316.505425][ T8624] do_syscall_64+0xcd/0x490 [ 316.505459][ T8624] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 316.505494][ T8624] RIP: 0033:0x7fb19e18e9a9 [ 316.505515][ T8624] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 316.505540][ T8624] RSP: 002b:00007fb19eff9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 316.505564][ T8624] RAX: ffffffffffffffda RBX: 00007fb19e3b5fa0 RCX: 00007fb19e18e9a9 [ 316.505581][ T8624] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 0000000000000003 [ 316.505597][ T8624] RBP: 00007fb19e210d69 R08: 0000000000000000 R09: 0000000000000000 [ 316.505613][ T8624] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 316.505629][ T8624] R13: 0000000000000000 R14: 00007fb19e3b5fa0 R15: 00007ffe2260eac8 [ 316.505653][ T8624]