last executing test programs: 12.028456814s ago: executing program 1 (id=114): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) mmap$auto(0x0, 0x10000, 0xde, 0x11, r0, 0x28000) syz_genetlink_get_family_id$auto_seg6(0x0, 0xffffffffffffffff) madvise$auto(0x0, 0x2000040080000004, 0xe) madvise$auto(0x0, 0x2003f0, 0x15) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x0, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0) ioctl$auto_TCFLSH2(r1, 0x540b, 0xfffffffffffffffd) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TCFLSH2(r2, 0x5453, 0x0) write$auto(0x3, 0x0, 0xfdef) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r4 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) syz_genetlink_get_family_id$auto_nlbl_unlbl(&(0x7f0000000080), r4) sendmsg$auto_NLBL_UNLABEL_C_STATICADD(r4, 0x0, 0x40040) socketpair$auto(0x80, 0x2b, 0xfffffffd, 0x0) r5 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x500, 0x0) ioctl$auto_posix_clock_file_operations_posix_clock(r5, 0xc0603d06, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0xffffffffdfffffff, 0xffffffffffffffff, 0x62, 0x84000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f0000000180)={[0x1ff, 0x7, 0xd, 0x1, 0x1b, 0x3, 0x15f4da07, 0x0, 0x3, 0x62, 0x80000023, 0x7, 0x6d43, 0x9, 0x2, 0x3]}, 0x0) ioctl$auto(r4, 0x57, r3) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/dummy_hcd.4/usb5/authorized_default\x00', 0x141000, 0x0) mmap$auto(0x0, 0xffffffffffffff00, 0x3, 0xffffffffffffffff, r6, 0x3) sysfs$auto(0x2, 0x10000000000048, 0x0) fsopen$auto(0x0, 0x1) mmap$auto(0x0, 0x9, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x0, 0x0) 10.708559476s ago: executing program 1 (id=116): openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x468401, 0x0) r0 = socket(0x10, 0x2, 0x4) write$auto(r0, &(0x7f0000000000)='-\x00', 0xfdef) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) read$auto_def_blk_fops_fs(r1, &(0x7f0000000140)=""/194, 0xc2) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) write$auto(r2, 0x0, 0xfffffdef) 9.903112922s ago: executing program 3 (id=118): mmap$auto(0x0, 0x20009, 0xde, 0xeb1, 0x405, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) mmap$auto(0x0, 0xc0da0cf, 0x4000000000df, 0x411, 0x401, 0x7ffd) keyctl$auto(0x4, 0xfffff7ffffffffff, 0x0, 0x8, 0x8) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x3, 0x202020009, 0x9, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x100000000000007, 0x0) openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x40080, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) 9.692085978s ago: executing program 1 (id=119): close_range$auto(0x2, 0x8, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0xfffffffd, 0x9, 0x3, 0x16, 0x940, 0x1ffe0, 0x3, 0x800000000000006, 0x2, 0x9, 0x401, 0x2, 0x7, 0xb0, 0x9, 0x5, 0x3, 0x5, 0x7, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xaa19, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffffffffffff, 0xfffffffffffffffc, 0x0, 0x8a03]}, 0x1fe, 0x81) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) unshare$auto(0x40000080) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000240), 0x10b000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_NEW(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="34230067d6dfbb6f11c1e400", @ANYRES16=r2, @ANYBLOB="010026bd7020f8dbdf250100000008000200", @ANYRES32=0x4, @ANYBLOB="080001004866520008000200", @ANYRES32=0x9, @ANYBLOB="0800070000010000"], 0x34}, 0x1, 0x0, 0x0, 0x801}, 0x80) syz_genetlink_get_family_id$auto_nbd(&(0x7f00000000c0), r1) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) prctl$auto(0x1000000003b, 0x4, 0x4, 0x9, 0x7) mmap$auto(0x0, 0x88b, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/loop14/queue/dma_alignment\x00', 0x80000, 0x0) read$auto(r4, 0x0, 0x20) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) r5 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x20002, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r5, 0xc0045002, &(0x7f0000000040)) ioctl$auto_SNDCTL_DSP_SPEED(r5, 0xc0045002, &(0x7f0000000440)="0db1eb") mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) name_to_handle_at$auto(0xffffffffffffffff, &(0x7f00000000c0)='/\x00R\xa6\x00\xc8\xda\xdc\xb1\xb4#\xe4\xeb\xe1c_\x1b/\xb9L\xc6P\x82\xba\x90@\xb8\xb5\xb1\xe8\"\x88s\xdf\x15\xaa\x18\xa9\x86\xc7\x87g>8\xae\x99\xd4~\xc6\xa7\\\xcc\xfeV\x83\f\xdc\xdc~\x8e\xd5\x18\x13\x16\xc5\x93E\x10\xcb\x1c\x02\x00\xd2\xa4_\xa3\xdcS\xe2\xe2\xc6\x85p\xfa\xc3/G\x86\xea\x9f\xb0\x9a\xcc6\x1a\x06\x91\x9f\xcfC\xedU\x00f`\x02\x04\xef\xfe\x10\xec\x17\x83%K\x04\xd5s\x86\xe4\x9d\x15\f\x8c\xd9wj\xe5t\x82o7\xc05ul\xacU\xbf\xc0\xee\xb4\xd7\t\xe0s]\xcd\xac\x87\xa5\xa6.t\xa9\xe8\xa6>\xf2\xd0\xb1\x83\x83\x91\a\xdc\xe9\xaa\x1dx\x06\xa77\xd6\xe1\xe9\x94\xb9Xi\xbbv_\x9a_bv%\xcb\xc7\xdd\xa3\xb4\tpr%\xdf\xc9\x06\xa2\xe7\xe1\xde\x16\xf7\x03x\xf8\v\v\x1a\xfcm\x87r\xc1\b\xca\x97\xb0\xeb\xd6F\x8f^\x94\xdf\x9ax\xf4\x03e[l\xa5', 0x0, 0x0, 0x1001) r6 = epoll_create$auto(0x8) epoll_ctl$auto(r6, 0x1, 0x8000000000000000, 0x0) r7 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r7, &(0x7f0000000200)={0x0, 0x7}, 0x3) 8.680719103s ago: executing program 3 (id=121): gettid() close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0) openat$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/dynamic_events\x00', 0x80301, 0x0) r0 = openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) read$auto_rfkill_fops_core(r0, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0x17, r0, 0x8000) socketpair$auto(0x5, 0xbc15, 0x8000000000000000, 0x0) r1 = getpid() prctl$auto(0x40, 0x7, r1, 0x1, 0x10004) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup/syz1\x00', 0x200002, 0x0) fcntl$auto_F_SETLK(r2, 0x6, 0x7) ptrace$auto_PTRACE_LISTEN(0x4208, r1, 0xd8a, 0x9) mlockall$auto(0x7) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) landlock_create_ruleset$auto(0x0, 0x9, 0x0) r3 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000280), 0x4a002, 0x0) writev$auto(r3, &(0x7f0000000300)={0x0, 0xd}, 0x100) r4 = getpid() ioctl$auto_UBI_IOCDET(0xffffffffffffffff, 0x40046f41, 0x0) unshare$auto(0x40000080) r5 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop2\x00', 0x24040, 0x0) ioctl$auto_BLKTRACESETUP(r5, 0xc0481273, &(0x7f0000000540)={"ef13a5421a8765cadfca437c4d1316833843180bb151ed36e8ce6cb454168d6c", 0x3ff, 0xc9, 0x1000, 0xd, 0x9}) ioctl$auto_BLKTRACESTART(r5, 0x1274, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x442302, 0x0) r6 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0xad00, 0x0) readv$auto(r6, 0x0, 0x3) socket(0x1, 0x1, 0x1) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYRES8=r3, @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25030000000800030000020000060007000080000008000300000400000a000500000000", @ANYRES32=0x0, @ANYBLOB="08080200", @ANYRES64=r4, @ANYBLOB], 0x60}, 0x1, 0x0, 0x0, 0x40080}, 0x40090) 8.448529672s ago: executing program 0 (id=122): pwrite64$auto(0xc8, &(0x7f0000000080)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdde\x1cJ\x99\x00\x00/\x00\x00\x00\xfd\xfdX\xd3\x1d\xf8\xbebZ\xddL\x01\x00\x00\x00^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x88\v\xae\xa9i8W\xe5\x00W\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00'/232, 0xfded, 0x3) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x3fd, 0x8000) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) socket(0x1d, 0x2, 0x7) setsockopt$auto(0x3, 0x6b, 0x1, 0x0, 0xfb3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) fsconfig$auto(0xffffffffffffffff, 0x8, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x7, 0x3e, 0xfffffffffffffffa, 0x1ffde, 0x0, 0xa, 0x2, 0x9, 0x3, 0x9, 0x4, 0xb4, 0x9, 0x2, 0x10000, 0x80, 0x7, 0x0, 0x7, 0x2000, 0x200, 0x0, 0x84}, 0x1fe, 0x200d) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df45"], 0x1ac}}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) recvmmsg$auto(r1, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={&(0x7f0000000040), 0xcb}, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0) r2 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), r0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYRES16=r2], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1c"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) madvise$auto(0x9, 0x8000000000000004, 0x7) madvise$auto(0x0, 0x2000000080000001, 0x3) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x0, 0x100000000008000) mremap$auto(0x4000, 0xfee0, 0x3fd6, 0x3, 0xfffff000) mmap$auto(0x200000000000000, 0x400006, 0xdf, 0x12, 0x2, 0x8001) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x100000000000006, 0x2) msgctl$auto(0x6, 0x3, &(0x7f00000001c0)={{0x1, 0xffffffffffffffff, 0xee01, 0x6, 0x0, 0x6, 0x3}, 0x0, 0x0, 0x8, 0x9, 0x6, 0x7, 0x5b73, 0x49, 0x9, 0x2, @raw=0x3}) pwrite64$auto(0xc8, &(0x7f0000000040)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00\x00\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbe\x01\x00\x00\x00\'\x03\x00\x00\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e#\xae\xa9i8W\xe5Iq\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00'/231, 0xfdf2, 0x3a) 7.329614349s ago: executing program 2 (id=123): openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) write$auto(0x3, 0x0, 0xfdef) sendmsg$auto_ETHTOOL_MSG_MODULE_FW_FLASH_ACT(0xffffffffffffffff, 0x0, 0x400c080) sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000380)=ANY=[@ANYRES16, @ANYBLOB="010026bd7000fbdbdf2504000000"], 0x14}, 0x1, 0x0, 0x0, 0x44004811}, 0x40000c0) getrandom$auto(0x0, 0x6000000, 0x3) madvise$auto(0x110c230000, 0x1, 0x9) 6.395231248s ago: executing program 1 (id=124): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000680)='/sys/devices/virtual/block/nbd0/make-it-fail\x00', 0xc2681, 0x0) (async) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000680)='/sys/devices/virtual/block/nbd0/make-it-fail\x00', 0xc2681, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffff7, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/icmp/ratemask\x00', 0xa0202, 0x0) sendfile$auto(r1, r1, 0x0, 0x5) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/008/001\x00', 0xa901, 0x0) (async) r2 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/008/001\x00', 0xa901, 0x0) signalfd$auto(r2, &(0x7f0000000080)={0x10000}, 0x100000000) fsopen$auto(0x0, 0x1) (async) fsopen$auto(0x0, 0x1) ioctl$auto_USBDEVFS_SETCONFIGURATION(r2, 0x80045505, 0x0) close_range$auto(0x2, 0x8, 0x0) fanotify_init$auto(0x65, 0x2) (async) fanotify_init$auto(0x65, 0x2) socket(0x1f, 0x3, 0x3) connect$auto(0x3, 0x0, 0x55) r3 = socket(0x10, 0x3, 0x6) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) (async) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) write$auto(0x3, 0x0, 0x5c8) (async) write$auto(0x3, 0x0, 0x5c8) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) fcntl$auto_F_SETLKW(r3, 0x7, 0x8) (async) fcntl$auto_F_SETLKW(r3, 0x7, 0x8) socket(0x11, 0x80003, 0x300) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x8000, &(0x7f0000000140)={0x2, 0x9, 0x3, 0x0, 0x7, 0x2, 0xffffffffffffffff, [0x95, 0x9], {0xffffff80, 0x9, 0x10, 0xb831, 0x3, 0xdbb, 0x3, 0xee9, 0x2}, {0x8001, 0x6, 0x8, 0x1, 0x8, 0x0, 0x4, 0x6, 0xf}}) r4 = socket(0x11, 0x3, 0x6) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x47, 0x4a}) (async) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x47, 0x4a}) sendmmsg$auto(r4, &(0x7f00000001c0)={{&(0x7f0000000000), 0x5aa, &(0x7f0000000380)={&(0x7f0000000180), 0xf}, 0x2e, 0x0, 0x7, 0x1083}, 0x5}, 0x2, 0x100) write$auto(0x3, 0x0, 0x5c8) ioctl$auto(0x3, 0x8906, 0xd) preadv2$auto(0x3, &(0x7f0000001000)={0x0, 0xfff5}, 0x5, 0xffffffffffffffff, 0x7, 0x2e) (async) preadv2$auto(0x3, &(0x7f0000001000)={0x0, 0xfff5}, 0x5, 0xffffffffffffffff, 0x7, 0x2e) write$auto(r0, &(0x7f0000000040)='-\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) mq_open$auto(0x0, 0x10, 0x80, &(0x7f0000000040)={0xe, 0x1, 0x2, 0xfffffffffffffffa}) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) 6.349322599s ago: executing program 0 (id=125): prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0x6) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x2, 0x3, 0x15f4da0a, 0x3, 0x7, 0x862, 0x80000001, 0x7, 0x1, 0x9, 0x4, 0xfdfffffffffffffe]}, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xec\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xbcZ|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.6f\x13h\x05b\x88\xff@Z5`\xa4m\xffb\x17\xbb\x7f\xea4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xbb\'\x00\x00\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc\x00\x00', 0x100000a3d9) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/block/nbd7/trace/act_mask\x00', 0x120e2, 0x0) write$auto(r2, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x1000, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0xa, 0x0) r3 = io_uring_setup$auto(0x6, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r4) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="2f212dbd7000fcdbdf252100000008000300", @ANYRES32=r6, @ANYBLOB="08009e00", @ANYRESOCT=r3], 0x24}}, 0x4000000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) keyctl$auto(0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0) keyctl$auto(0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x6) r7 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmmsg$auto(r7, 0x0, 0x4f, 0x200) syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) madvise$auto(0x0, 0xffffffffffff0004, 0x1a) setgroups$auto(0xe32, 0x0) madvise$auto(0x4, 0x8000000000000001, 0x19) ioctl$auto_SG_GET_RESERVED_SIZE(r1, 0x4c04, 0x0) capget$auto(0x0, 0xfffffffffffffffe) 6.212100695s ago: executing program 2 (id=126): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x50, 0x401, 0x8000) unshare$auto(0x40000080) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x130) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/devices/pci0000:00/0000:00:01.1/ata1/host0/scsi_host/host0/sg_tablesize\x00', 0x20900, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000080)=""/58, 0x3a) r1 = open(&(0x7f0000000080)='./file0\x00', 0xee600, 0x31) fallocate$auto(r0, 0x0, 0x1, 0x4cbd5d) mmap$auto(0xf000, 0x1882, 0x3ff, 0x12, r1, 0x0) r2 = openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, &(0x7f0000000600), 0x142, 0x0) writev$auto(r2, &(0x7f0000000c00)={&(0x7f0000000180), 0x7}, 0x4) read$auto_ptdump_fops_(r1, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NLBL_CIPSOV4_C_REMOVE(r3, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="08002bbd7000fbdbdf25020000400500030003000000cbc791982189eab98d208133e0b11f7147c2ef2afab5398d4b7fbd9591caad0101f64bfc7b403cb02c30309a8c329595b177e5f2ba79bae1a6983fc79d4e3d01d29af18c2f143771fe5923866c8f184f212b28c129b39685f0c726c6dbe0ea5f1fb4a8baefa88d37b07dbf217e9bfbeeb1b451b168bbe078f61cd969e2537d866612e9d08a8358cd6c57202977fd9cbc32ed2f91ea55595f9367ebf5"], 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x20004410) openat$auto_hwsim_fops_rx_rssi_(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/ieee80211/phy3/hwsim/rx_rssi\x00', 0x80, 0x0) r4 = socket(0x15, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) r5 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, 0x0, 0x0, 0x0) r6 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x101001, 0x0) ioctl$auto_UI_DEV_SETUP(r6, 0x405c5503, &(0x7f0000000040)={{0x400, 0xf2cd, 0x7ff, 0x21}, "6a034a07c7b82d90b69a39e32576f893fba86c9dd051a0094a3836d61c9100fefbbabea6ef9368c7996e841f3f1561d4992f726b0a6c36b0b2fd1678d5aa201cf562367fe6596824588a2e3d84ba165f"}) r7 = socketpair$auto(0x1, 0x1, 0x400000, 0x0) r8 = socket(0x9, 0x800, 0x8) setsockopt$auto(r8, 0x107, 0x5, 0x0, 0x8004) write$auto_drm_edid_fops_drm_debugfs(0xffffffffffffffff, &(0x7f00000003c0), 0x0) sendfile$auto(r7, 0xffffffffffffffff, 0x0, 0x5) bpf$auto(0x21, &(0x7f0000000080)=@test={0xffffffffffffffff, 0x8, 0x80000001, 0x4, 0x9, 0x10, 0x4, 0x8, 0x8, 0xc3, 0xc, 0x6, 0x7, 0x400, 0x14}, 0xc4a) r9 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_TCP_METRICS_CMD_DEL(r9, 0x0, 0x40) connect$auto(r5, &(0x7f00000001c0)=@tipc=@nameseq={0x1e, 0x1, 0x3, {0x42, 0x0, 0x2}}, 0x50) sendmsg$auto_NL802154_CMD_NEW_SEC_LEVEL(r4, 0x0, 0x4) lsm_list_modules$auto(0x0, 0x0, 0x0) 6.019955739s ago: executing program 3 (id=127): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_ADDR_LEGACY_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000007a00)={0x14, r1, 0x1, 0x70bd29, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x24044081}, 0x24000800) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/rpc/auth.rpcsec.context/channel\x00', 0x101002, 0x0) r2 = socket(0x11, 0x3, 0x9) fcntl$auto_F_WRLCK(r0, 0xdcd, 0x1) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48}) sendmmsg$auto(r2, &(0x7f00000001c0)={{&(0x7f0000000000), 0x1aa, &(0x7f0000000100)={&(0x7f0000000040)='Jg', 0x49}, 0x5, &(0x7f0000000180), 0x5}, 0x1}, 0x2, 0x3) 5.778417023s ago: executing program 2 (id=128): openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x468401, 0x0) r0 = socket(0x10, 0x2, 0x4) write$auto(r0, &(0x7f0000000000)='-\x00', 0xfdef) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) read$auto_def_blk_fops_fs(r1, &(0x7f0000000140)=""/194, 0xc2) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) write$auto(r2, 0x0, 0xfffffdef) 5.720510914s ago: executing program 1 (id=129): openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/block/nbd15/sched/write0_next_rq\x00', 0x2000, 0x0) io_uring_setup$auto(0x1, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio1\x00', 0x1212c2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000200)='/dev/tty53\x00', 0x200, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snd/midiC2D0\x00', 0x109302, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x7, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x0, 0x1, 0x2, 0x3, 0x95f4da0a, 0xefffffffffffffff, 0x3, 0x62, 0x80000001, 0x10000000000004, 0x6d40, 0x1, 0x2, 0xfffffffffffffffe]}, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = socket(0x2b, 0x1, 0x1) setsockopt$auto(r1, 0x0, 0x1, 0x0, 0x1e) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f0000000140)={[0x1ff, 0x7, 0xc45d, 0x80, 0x6, 0x3, 0x2, 0x3, 0x3, 0x62, 0x80000022, 0x7, 0x6d3e, 0x2000000004000009, 0x2, 0x6]}, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0xeb1, 0x0, 0x8000) ioctl$auto_SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto(0xffffffffffffffff, 0x5522, 0xf15) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc) flock$auto(r2, 0x6) mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) socket(0x2, 0x3, 0x100) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x0, @local}, 0x55) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0xb00) openat$auto_bdi_debug_stats_fops_(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0x16, 0x401, 0x8000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vbi26\x00', 0x0, 0x0) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) 5.52643581s ago: executing program 2 (id=130): mmap$auto(0x0, 0x400008, 0x3, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) read$auto_usbdev_file_operations_usb(0xffffffffffffffff, &(0x7f0000000040)=""/229, 0xe5) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x802, 0x1) socket(0x2, 0x5, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7ffffffc, 0xd, 0x3000, 0x6, 0x7, 0x400a, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c48, 0x29b, 0x3, 0x7f, 0x104, 0x6, 0x3}, {0xfc, 0x1, 0x2052, 0x85, 0x2, 0x1a7b870a, 0x76c5, 0x8, 0x100000000}}) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/pcm0p/oss\x00', 0xaa102, 0x0) write$auto(r0, 0x0, 0x7ef) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82040, 0x0) ioperm$auto(0x7, 0x800, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) r1 = socket(0x2, 0x1, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x7, 0x0, 0x0, 0x0, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0x0, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0xa, 0xd, 0x1, 0x948d, 0x6, 0x15f4da0a, 0x3, 0x3, 0x33c, 0x8000001d, 0x20000007, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) ioctl$auto(r1, 0x400454cb, 0x5) mmap$auto(0xc, 0x20009, 0x5, 0x14, 0xffffffffffffffff, 0x0) unshare$auto(0x40000080) mmap$auto(0x7, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0004, 0x19) madvise$auto(0x0, 0x200007, 0x19) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x50b41, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) close_range$auto(0x0, 0xfffffffffffff000, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0xa, 0xb8, 0x10, 0x4, 0x4, 0xffffffffffffffff, 0xa, "2af051b26b658a20d8dc6b36c83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0x7, 0x7, 0x6}, 0xf) bpf$auto(0x1a, 0x0, 0x92) 5.337607336s ago: executing program 3 (id=131): prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0x6) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x2, 0x3, 0x15f4da0a, 0x3, 0x7, 0x862, 0x80000001, 0x7, 0x1, 0x9, 0x4, 0xfdfffffffffffffe]}, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xec\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xbcZ|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.6f\x13h\x05b\x88\xff@Z5`\xa4m\xffb\x17\xbb\x7f\xea4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xbb\'\x00\x00\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc\x00\x00', 0x100000a3d9) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/block/nbd7/trace/act_mask\x00', 0x120e2, 0x0) write$auto(r2, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x1000, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0xa, 0x0) r3 = io_uring_setup$auto(0x6, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r4) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="2f212dbd7000fcdbdf252100000008000300", @ANYRES32=r6, @ANYBLOB="08009e00", @ANYRESOCT=r3], 0x24}}, 0x4000000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) keyctl$auto(0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0) keyctl$auto(0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x6) r7 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmmsg$auto(r7, 0x0, 0x4f, 0x200) syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) madvise$auto(0x0, 0xffffffffffff0004, 0x1a) setgroups$auto(0xe32, 0x0) madvise$auto(0x4, 0x8000000000000001, 0x19) ioctl$auto_SG_GET_RESERVED_SIZE(r1, 0x4c04, 0x0) capget$auto(0x0, 0xfffffffffffffffe) 4.302275166s ago: executing program 0 (id=132): r0 = socket(0xa, 0x1, 0x84) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = socket(0xa, 0x1, 0x84) bind$auto(r0, &(0x7f0000000300)=@in={0x2, 0x3, @rand_addr=0x64010101}, 0x66) connect$auto(0x3, &(0x7f0000000080)=@nfc={0x27, 0x0, 0x1, 0x6}, 0x54) socket(0x8, 0x3, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/dri/renderD128\x00', 0x109a80, 0x0) mmap$auto(0x0, 0x6, 0x3, 0xeb1, 0x7, 0x8000) r3 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) ioctl$auto_PPPIOCSMRU(r3, 0xc004743e, 0x0) mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2, 0x50, r1, 0x7) r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x121040, 0x0) read$auto_proc_reg_file_ops_compat_inode(r4, &(0x7f0000000040)=""/153, 0x99) syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000100), r2) bpf$auto(0x18, &(0x7f0000000040)=@bpf_attr_5={@target_fd, 0xffffffffffffffff, 0x8, 0x7, 0xffffffffffffffff, @relative_id=0x8, 0x41b5c1ff}, 0x92) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = socket(0xa, 0x2, 0x0) r7 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000240), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000280)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_NEW_KEY(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=ANY=[@ANYRESHEX=r1, @ANYRES16=r7, @ANYBLOB="13042dbd7000fbdbdf251300000008000300", @ANYRES32=r8], 0x20}, 0x1, 0x0, 0x0, 0x4804}, 0x80) ioctl$auto(r6, 0x7ff, 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_BINDER_GET_FROZEN_INFO(0xffffffffffffffff, 0xc00c620f, &(0x7f0000004e40)) r9 = socket(0x10, 0x2, 0x0) pwrite64$auto(0xffffffffffffffff, &(0x7f0000000140)='-$!\x00\xfa\xef\t\xa4\xe9\xb2r\x8cQ \xa6\xb7v\x93\xb6\b\xba\xfe\x1e\xab\xe7KC6z\x1a\xf0\x83~\xcd\x9a\x83\b\xb6\xb2\xd6PR\xbe\xec\xea\t\xde.\xc6%\x16\xc8\\\xb2\xe86\xe1\x84k\xa8\x02\xcb\xc9 \x1flY\xcb\xfa\xd9\xe0\xb8\x93\x12\xbc\xcf\xc2\'\x90\x9d\x1c\xb0\x1d\xb8\x80\xb4V\x9c\xf6J\xe8\"\xef@\xcd t\xe8\xe9Ip\xa74\x82\xb0\x9a\xecj\x9f\x8f\x9a\xe22\x8e\xce1\x9d\x0fW\xe7\xfb\"[\x17\x83\xfc}\xc7\xab\x93\xe4\x1ekP1\x01\bB\xbf*a\x93\xbd\xa7\xc8', 0x2, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df"], 0x1ac}}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB='R'], 0x1ac}}, 0x40000) syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000000380), 0xffffffffffffffff) sendmmsg$auto(r9, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x4, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x8) 3.438809428s ago: executing program 0 (id=133): unshare$auto(0x40000080) msgrcv$auto(0x0, 0x0, 0x1000, 0x8000000000000000, 0xb5) mprotect$auto(0x8000, 0x8, 0x8) poll$auto(&(0x7f0000003640)={0xffffffffffffffff, 0x4, 0xffff}, 0x4, 0x100000) syz_genetlink_get_family_id$auto_netdev(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0xc, 0x4000000000df, 0x44eb2, 0x10006, 0x300000000000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = socket(0x10, 0x80002, 0x0) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000007a80), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_MODULE_FW_FLASH_ACT(r0, 0x0, 0x40) 2.505274197s ago: executing program 3 (id=134): r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0x0, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f00000001c0)=0x6) unshare$auto(0x40000080) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) socket(0x1e, 0x1, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x8000000003, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) setresgid$auto(0x0, 0xee01, 0xffffffffffffffff) r3 = getegid() mmap$auto(0x400, 0x9, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8002) semctl$auto(0x7, 0x2, 0x13, 0x1) close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) openat$auto_ipsec_dbg_fops_ipsec(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/netdevsim/netdevsim0/ports/3/ipsec\x00', 0xc2040, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) setregid$auto(r3, r3) r4 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x0, 0x0) ioctl$auto_SOUND_MIXER_READ_RECMASK2(r4, 0x80044dfd, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x6, 0x9, 0x16, r2, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x8) socket(0x10, 0x2, 0xfffffffb) sendmmsg$auto(0x3, 0x0, 0x5, 0x7fffffe) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x3f) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x6, 0x101, 0x1, 0xfffffffffffffff1, 0x2, 0x8000) 2.442341659s ago: executing program 1 (id=135): socket(0x2, 0x1, 0x8) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) mincore$auto(0xb16f, 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x340000000000) close_range$auto(0x2, 0xa, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/platform/vhci_hcd.0/usbip_debug\x00', 0x8002, 0x0) r0 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) r1 = socket(0x2, 0x801, 0x6) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'team_slave_1\x00', 0x0}) r4 = geteuid() sendmsg$auto_NL80211_CMD_REQ_SET_REG(r2, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000580)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01002bbd7000fddbdf251b00000008000300", @ANYRES32=r3, @ANYBLOB="0c0025800800da00", @ANYRES32=r4, @ANYBLOB="8800508004000880"], 0x30}, 0x1, 0x0, 0x0, 0x814}, 0x80) ioprio_get$auto(0x360, r4) read$auto(r0, 0x0, 0xb4d3) write$auto(0x3, 0x0, 0x2) write$auto(0x3, 0x0, 0xffd8) r5 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/smaps_rollup\x00', 0x40000, 0x0) bpf$auto(0x6, 0xffffffffffffffff, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ioprio_set$auto(0x3, 0x0, 0x4b34) madvise$auto(0x1ffff000, 0x7, 0x100000000) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x0, 0x9, 0x3ff57696, 0x9b72, 0x2, 0x8000000000008000) fsopen$auto(0x0, 0x96) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x5, 0x2) read$auto_proc_pid_maps_operations_internal(r5, &(0x7f00000010c0)=""/4096, 0x1000) r6 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x88202, 0x0) ioctl$auto_PPPIOCSMRU(r6, 0xc004743e, 0x0) 2.349789524s ago: executing program 2 (id=136): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, 0x0, 0x900, 0x0) ioctl$auto_CEC_S_MODE(r0, 0x40046109, &(0x7f0000002c40)=0xd0) ioctl$auto_CEC_DQEVENT(r0, 0xc0506107, 0x0) ioctl$auto_CEC_DQEVENT(r0, 0xc0506107, &(0x7f0000000280)={0x4, 0x3, 0xa, @state_change={0xc, 0x6, 0x8}}) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80502, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f00000000c0)) prctl$auto_PR_GET_SPECULATION_CTRL(0x34, 0x10, 0xffffffffffffffff, 0x8000, 0x8acb) write$auto(0xffffffffffffffff, 0x0, 0x7) r2 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC1\x00', 0x20400, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_READ(r2, 0xc4c85512, &(0x7f00000012c0)={{@raw=0x9, 0x1, 0x6d2e99e8, 0x6, "0582a820061b5c51a65a6dd72b0b15addbdf55cb4b0f2381f2673e3a1ebe21e1bf1b26f0db7b62b67bd764f9"}, 0x0, @bytes=@data_ptr=&(0x7f00000000c0)='\x9e*:-$$\x00', "528d458095d42b72adda0cac2d45bdaacfc82245992af763188ba00ab57d5d73b094925aa928ca41e93023ab4510269ed959a79a7895fd181a33375018fc08050559d8936b8d72087a5689d4338da78b8b8bdcea81f7e333cf1c9da590b3fea1258074885c899d75cd52751f9be959d90fa5c200"}) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x80102, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000140), 0x1a3780, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r4 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x6, 0x1, 0x948b, 0x3, 0x1, 0x3, 0x80000000, 0x5f, 0x80000001, 0x7, 0x6d3f, 0x7, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x201, 0x3, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x1000000003, 0x9, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x200]}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r4, 0x0, 0x814) madvise$auto(0x0, 0xffffffffffff0001, 0x15) clock_gettime$auto(0x8, 0x0) 2.278554735s ago: executing program 0 (id=137): setsockopt$auto(0xffffffffffffffff, 0x9, 0x69ce, 0x0, 0x3) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400108, 0xdf, 0x9b72, 0x2, 0x8000) r0 = epoll_create$auto(0x3e) r1 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$auto_BATADV_CMD_TP_METER_CANCEL(r0, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x40, r1, 0x2, 0x70bd26, 0x25dfdbfb, {}, [@BATADV_ATTR_TPMETER_RESULT={0x5, 0xa, 0xe}, @BATADV_ATTR_ALGO_NAME={0x13, 0x2, '/dev/sequencer\x00'}, @BATADV_ATTR_MCAST_FLAGS={0x8, 0x26, 0xffffffff}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x3}]}, 0x40}, 0x1, 0x0, 0x0, 0x844}, 0x20000001) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/virtual/tty/ptyqe/power/control\x00', 0xa0b02, 0x0) write$auto(0x3, 0x0, 0xfdef) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) r2 = epoll_create$auto(0x7) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS1\x00', 0x20000, 0x0) ioctl$auto_TIOCEXCL2(r3, 0x540c, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS1\x00', 0x20000, 0x0) epoll_wait$auto(r2, 0x0, 0xe007, 0x1) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) fcntl$auto(0x8000000000000001, 0x26, 0x8) io_uring_setup$auto(0x1, 0x0) fcntl$auto(0x8000000000000001, 0x24, 0x4) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) get_mempolicy$auto(0x0, 0x0, 0x7f, 0x8, 0x3) adjtimex$auto(0x0) 1.027967472s ago: executing program 2 (id=138): socket(0x2, 0x2, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb5, 0x401, 0x300000000000) prctl$auto(0x16, 0x2, 0x2, 0x4000000d, 0x100) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000400)='/sys/kernel/debug/usb/usbmon/20u\x00', 0x202100, 0x0) pread64$auto(r0, 0x0, 0x59, 0x7) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/009/001\x00', 0xa101, 0x0) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/adsp1\x00', 0x1, 0x0) fanotify_init$auto(0x200, 0x2010000000000) openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000240), 0x48900, 0x0) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x4000804) lstat$auto(0x0, &(0x7f0000000180)={0x12, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000006, 0x7, 0x8, 0x5, 0x1000, 0x42, 0x6, 0x1, 0x60, 0x40000104}) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x89fc, &(0x7f0000000040)={'bridge0\x00'}) ppoll$auto(&(0x7f0000000080)={0xffffffffffffffff, 0x1, 0x7ff}, 0xc, &(0x7f00000000c0)={0x3, 0x80000007f}, 0x0, 0x8) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_SNDCTL_DSP_GETODELAY(r1, 0x80045017, &(0x7f0000000c00)) io_uring_setup$auto(0x6, 0x0) openat$auto_split_huge_pages_fops_huge_memory(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x40000008000) sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x2404c800) kexec_load$auto(0x5, 0x2, &(0x7f0000000140)={@buf=&(0x7f0000000440)="0f6f93e94b4e872c435047ca17659f26d9acb1c89e96c0f8b8b0ad6cf136045f663863cab1c96749733dd481d085e9f43b3b51c462f0b3334eff4a3acf90f80983f037a589c978309314e88f8356539e6b13ddaf51d9cac499f62ba6e9bde7a64950f9e22ecd3be0435e36cb53cd31432159cf1a5c8b153806cdb84c8956c633fbd0f35782d89f66ddf44967c799a634b06fd46be385280ca8b0b81197d5b8dddab2f75b57ea8d9f91b8ced40d7ee3bf8d7c8e66d94e91a5646629838d", 0x800c000, 0x4800c000, 0x800c000}, 0x4) r3 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/stat\x00', 0x8c40, 0x0) read$auto_proc_single_file_operations_base(r3, &(0x7f0000000380)=""/101, 0x65) 289.998033ms ago: executing program 3 (id=139): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) r1 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000010c0)='/sys/devices/virtual/block/loop1/queue/wbt_lat_usec\x00', 0x2062, 0x0) write$auto(r2, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x9) ioctl$auto(r1, 0x400454ca, 0x38) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0x80900, 0x0) openat$auto_ftrace_system_enable_fops_trace_events(0xffffffffffffff9c, 0x0, 0x20a01, 0x0) ioctl$auto_BLKFLSBUF(r3, 0x1261, 0x0) r4 = openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vcsa\x00', 0x80, 0x0) mmap$auto(0xb2, 0x14, 0xffb, 0x8000000008015, r0, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) io_uring_setup$auto(0x3501, &(0x7f0000000080)={0x80, 0x1000, 0x8, 0x8, 0x3, 0xfffffff1, r0, [0xbc, 0xffff, 0x40], {0x81, 0x9, 0x4, 0x80000000, 0x3, 0x101, 0xfbff, 0x0, 0x8}, {0x7, 0xa, 0xf, 0x7fff, 0x9, 0x0, 0x0, 0xfffffffa, 0xc}}) ioctl$auto_BLKTRACETEARDOWN(r3, 0x1276, 0x0) mmap$auto(0x8000000000002001, 0x20009, 0xdf, 0x15, r5, 0x8000) r6 = io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x11, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) r7 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r7, 0xae01, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r8 = socket(0xa, 0x3, 0x3c) r9 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000200)='/dev/tty48\x00', 0x880, 0x0) ioctl$auto(r9, 0x5609, r8) madvise$auto(0x0, 0x20499d, 0x9) open_tree$auto(0xffffffffffffffff, 0x0, 0x74ee) ioctl$auto_NS_GET_PID_FROM_PIDNS(r5, 0x8004b706, &(0x7f0000000180)=0x4) sendmsg$auto_NFSD_CMD_THREADS_SET(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYRES32=r4, @ANYBLOB="000229bd0080fbdbdf350a0000000800fbffffffff"], 0x24}, 0x1, 0x0, 0x0, 0x24000051}, 0x400c0) 0s ago: executing program 0 (id=140): mmap$auto(0x0, 0x61, 0x100001000000004, 0xfa31, 0x400, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0xa, 0x4, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = socketpair$auto(0x4, 0x9, 0x800, &(0x7f0000000000)=0x9) r2 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0) ioctl$auto(r2, 0x40104d14, r2) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r3 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/mtd\x00', 0xc40, 0x0) read$auto_proc_iter_file_ops_compat_inode(r3, 0x0, 0x4d) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0xa4e00, 0x0) adjtimex$auto(&(0x7f00000008c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0x20000000000000d4, 0x1, 0x6, 0x0, 0x7, 0x368a, 0x20002, {0x100000000, 0x9}, 0x5, 0x8, 0xfffffffffffffffd, 0xfffedfff, 0x0, 0x4, 0x9, 0xdfffffffffff628e, 0x6, 0xdeb1, 0xfffffff8}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) r5 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D1\x00', 0x1, 0x0) write$auto(r5, &(0x7f0000000400)='/dev/audio1\x00', 0xa3db) mmap$auto(0x0, 0x2, 0x20ffb, 0x8000000008011, r4, 0x8000) r6 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$auto(r6, 0x5453, r6) getrandom$auto(0x0, 0x8, 0x7) sendmsg$auto_NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000000100)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16, @ANYRESOCT=r1], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x8880) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) shmctl$auto_SHM_STAT(0x200, 0xd, &(0x7f0000000340)={{0x0, 0xee00, 0xee01, 0xfffffe00, 0x4, 0x10000, 0xe002}, 0x10000, 0x5, 0x6, 0x5, @raw=0x1ff, @inferred, 0x3, 0x0, &(0x7f0000000280)="3f6686954d5a196a2bd141f83069d2db2df57e6142fab2c431aa1b8794614dc3e733722c26456415c5cc0f139b9542c60dcb097c32f3f12974a1e7382bf662e24157a211bece1495ce0628015109da603bb49c5b69febd7de9a0985035cfd8a1f0ace1c6f49a2a9b0bc4d78026a5ef2eeab0908e9bf943effcd2c51b8965d753fdcb8b5cceb3d51f5924886be042c07b34edb1a02daeb6b5", &(0x7f00000005c0)="03bbb342f6f25cb7c72d51d69a12bc7a55034fc3a205e159fab6967e2c7d018a16df91e16a03048479073cf5fc32a39bffae5def30984377e49ecb275d537f7534f68087744a6b680c8e0854afd353536169ba8dc7dd8a2f66952adfbd3a35bcfe6b0f6893a65dea859bc17f9a64a661542e84b9c2419ff2f87082ec6051064580db838ee250d6ebe3a2dbdc7461886fab995d4bcc6b54972bbd0efa1fcb3e7056419bbec1983c7a42efa1a89e1270d82930439ad62cfe2ef51e75ec7e3565000b921e14b87f67c5ca0679d67dd27449c0bb54c2aa632d6ed0121904e6b846"}) newfstatat$auto(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', &(0x7f00000006c0)={0x7, 0x3, 0xffff, 0x4, 0x0, r7, 0x0, 0x7, 0x4, 0x8, 0x7, 0x5, 0x4, 0xb3, 0x1, 0x4, 0x60b8}, 0x5) madvise$auto(0x110c230000, 0x1, 0x9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/i8042/serio0/force_release\x00', 0xc2082, 0x0) write$auto(r0, &(0x7f0000000780)='N\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7ku\x03\xaf\xe7\x9e\xcdT\xa9\xa2\x02\xd9\t\xd2\xe3\xe5\xfa>5\x9b\xe4\xfa\xc6\x96\x12q\xf1\aU\xe3\x9e\x0f\xf2\xdb\x05\xf5\x10\xc4w\xf6\xca\xda\xbc\aOce\a\x88\xcb\xb5\x9d\xa3\xc8\x04\x8c2\x1b\xd3\t\xaa\x05\xa0A\x89\x15\x80\xca\xe6\\\xe0\xd46\xcd\x1f\x90G\xacR\x7f\xdf \xb5\x8e\xdd\x84\n\xe1\x8f\xd9\x9f\x11S\x95lU8\xad\xfc\xb8^o\xde\xdb\'\xc7)\x90\xc7\xa1\xdf\x00^\xff\xa8\xb3\xe6(x6\xd9\xcf\x16\xd65T{\xe8?\xd83L\xbd\xf2\x18]\vA>\xb9#h>a\x98\xe2\xe6e\x15~\x03R\xec\xc0\xf8\x96\xd7H\x81Y6\xe0Y\xae\x99\xcb\xe7\x1b>;\xb7\x9b\xc2\xac\x00d\x8a\xa9_\x15\x87\xf2w\xeb\x8aw\x1fNS<\xae@\x05\xc1\xbd\xd2+\f\x13\x9d\x9e\x97\x8a\x1al\xe3O]oxZ2ao(\xbdk\xceD\x03\xf9\x96\xa2\x9d\b\x9e\x90\x83\x8e4\xf1\x88\xff\xc2}\b\xcd\xeb\x14\xbf\xf6\xf4\xbd\xaf\xadG\xe6\xee\xdf\xe295\x16', 0x5) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.155' (ED25519) to the list of known hosts. [ 98.155668][ T5823] cgroup: Unknown subsys name 'net' [ 98.323428][ T5823] cgroup: Unknown subsys name 'cpuset' [ 98.332842][ T5823] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 100.219237][ T5823] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 102.260585][ T924] cfg80211: failed to load regulatory.db [ 102.648372][ T5835] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 102.660848][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 102.669582][ T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 102.678850][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 102.687042][ T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 102.695544][ T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 102.703919][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 102.715479][ T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 102.724436][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 102.773081][ T5839] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 102.773147][ T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 102.798517][ T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 102.805929][ T5839] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 102.815482][ T5835] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 102.833172][ T5835] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 102.870746][ T5838] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 102.879630][ T5838] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 102.892006][ T5838] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 102.900559][ T5838] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 102.908492][ T5838] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 103.433479][ T5833] chnl_net:caif_netlink_parms(): no params data found [ 103.547256][ T5840] chnl_net:caif_netlink_parms(): no params data found [ 103.583085][ T5836] chnl_net:caif_netlink_parms(): no params data found [ 103.662891][ T5844] chnl_net:caif_netlink_parms(): no params data found [ 103.751925][ T5833] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.760937][ T5833] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.768305][ T5833] bridge_slave_0: entered allmulticast mode [ 103.777202][ T5833] bridge_slave_0: entered promiscuous mode [ 103.807769][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.815130][ T5833] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.822664][ T5833] bridge_slave_1: entered allmulticast mode [ 103.830831][ T5833] bridge_slave_1: entered promiscuous mode [ 103.967297][ T5833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 103.985495][ T5836] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.993608][ T5836] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.000957][ T5836] bridge_slave_0: entered allmulticast mode [ 104.008345][ T5836] bridge_slave_0: entered promiscuous mode [ 104.016620][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.023983][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.031303][ T5840] bridge_slave_0: entered allmulticast mode [ 104.039000][ T5840] bridge_slave_0: entered promiscuous mode [ 104.051183][ T5833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 104.089427][ T5836] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.096679][ T5836] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.104406][ T5836] bridge_slave_1: entered allmulticast mode [ 104.113108][ T5836] bridge_slave_1: entered promiscuous mode [ 104.120511][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.127678][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.135525][ T5840] bridge_slave_1: entered allmulticast mode [ 104.143430][ T5840] bridge_slave_1: entered promiscuous mode [ 104.179055][ T5833] team0: Port device team_slave_0 added [ 104.271865][ T5833] team0: Port device team_slave_1 added [ 104.294827][ T5844] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.304378][ T5844] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.311788][ T5844] bridge_slave_0: entered allmulticast mode [ 104.319541][ T5844] bridge_slave_0: entered promiscuous mode [ 104.330874][ T5836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 104.344074][ T5836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 104.370959][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 104.380820][ T5844] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.388106][ T5844] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.395802][ T5844] bridge_slave_1: entered allmulticast mode [ 104.403369][ T5844] bridge_slave_1: entered promiscuous mode [ 104.462008][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 104.505024][ T5836] team0: Port device team_slave_0 added [ 104.512493][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 104.519755][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.545906][ T5833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 104.575965][ T5844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 104.587393][ T5836] team0: Port device team_slave_1 added [ 104.609512][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 104.616514][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.642650][ T5833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 104.678376][ T5844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 104.720205][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 104.727242][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.753951][ T5836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 104.777113][ T5840] team0: Port device team_slave_0 added [ 104.806663][ T5844] team0: Port device team_slave_0 added [ 104.815664][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 104.820130][ T5835] Bluetooth: hci0: command tx timeout [ 104.822833][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.855624][ T5836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 104.882191][ T5840] team0: Port device team_slave_1 added [ 104.889070][ T5835] Bluetooth: hci1: command tx timeout [ 104.894804][ T5835] Bluetooth: hci2: command tx timeout [ 104.914691][ T5844] team0: Port device team_slave_1 added [ 104.947716][ T5833] hsr_slave_0: entered promiscuous mode [ 104.954637][ T5833] hsr_slave_1: entered promiscuous mode [ 104.968913][ T5835] Bluetooth: hci3: command tx timeout [ 104.999147][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 105.006174][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.032843][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 105.101660][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 105.109170][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.136232][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 105.156509][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 105.163643][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.189659][ T5844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 105.220453][ T5836] hsr_slave_0: entered promiscuous mode [ 105.227042][ T5836] hsr_slave_1: entered promiscuous mode [ 105.233703][ T5836] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 105.241712][ T5836] Cannot create hsr debugfs directory [ 105.264238][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 105.273337][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.299795][ T5844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 105.384168][ T5840] hsr_slave_0: entered promiscuous mode [ 105.390851][ T5840] hsr_slave_1: entered promiscuous mode [ 105.397007][ T5840] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 105.405093][ T5840] Cannot create hsr debugfs directory [ 105.543691][ T5844] hsr_slave_0: entered promiscuous mode [ 105.550314][ T5844] hsr_slave_1: entered promiscuous mode [ 105.556476][ T5844] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 105.565134][ T5844] Cannot create hsr debugfs directory [ 105.951460][ T5836] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 105.967393][ T5836] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 105.984986][ T5836] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 106.003230][ T5836] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 106.084086][ T5833] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 106.113461][ T5833] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 106.125171][ T5833] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 106.151130][ T5833] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 106.221630][ T5840] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 106.250348][ T5840] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 106.272977][ T5840] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 106.285194][ T5840] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 106.398538][ T5844] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 106.420223][ T5844] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 106.433285][ T5844] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 106.460688][ T5844] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 106.534869][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.627423][ T5836] 8021q: adding VLAN 0 to HW filter on device team0 [ 106.673754][ T1152] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.681195][ T1152] bridge0: port 1(bridge_slave_0) entered forwarding state [ 106.710051][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.727504][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.739893][ T71] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.747096][ T71] bridge0: port 2(bridge_slave_1) entered forwarding state [ 106.797060][ T5840] 8021q: adding VLAN 0 to HW filter on device team0 [ 106.834654][ T5833] 8021q: adding VLAN 0 to HW filter on device team0 [ 106.848323][ T5844] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.867724][ T4266] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.874967][ T4266] bridge0: port 1(bridge_slave_0) entered forwarding state [ 106.899047][ T1152] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.899421][ T5835] Bluetooth: hci0: command tx timeout [ 106.906246][ T1152] bridge0: port 2(bridge_slave_1) entered forwarding state [ 106.926219][ T1152] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.933450][ T1152] bridge0: port 1(bridge_slave_0) entered forwarding state [ 106.969743][ T5835] Bluetooth: hci2: command tx timeout [ 106.975238][ T5835] Bluetooth: hci1: command tx timeout [ 106.987624][ T1152] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.994863][ T1152] bridge0: port 2(bridge_slave_1) entered forwarding state [ 107.009678][ T5844] 8021q: adding VLAN 0 to HW filter on device team0 [ 107.041817][ T1152] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.049057][ T1152] bridge0: port 1(bridge_slave_0) entered forwarding state [ 107.057163][ T5835] Bluetooth: hci3: command tx timeout [ 107.067080][ T1152] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.074320][ T1152] bridge0: port 2(bridge_slave_1) entered forwarding state [ 107.626573][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 107.791778][ T5836] veth0_vlan: entered promiscuous mode [ 107.828713][ T5836] veth1_vlan: entered promiscuous mode [ 107.905344][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 107.942391][ T5844] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 107.980302][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 108.025423][ T5836] veth0_macvtap: entered promiscuous mode [ 108.047929][ T5833] veth0_vlan: entered promiscuous mode [ 108.067780][ T5836] veth1_macvtap: entered promiscuous mode [ 108.113855][ T5833] veth1_vlan: entered promiscuous mode [ 108.128354][ T5844] veth0_vlan: entered promiscuous mode [ 108.193534][ T5844] veth1_vlan: entered promiscuous mode [ 108.210045][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 108.220599][ T5840] veth0_vlan: entered promiscuous mode [ 108.248037][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 108.267872][ T5833] veth0_macvtap: entered promiscuous mode [ 108.281831][ T5833] veth1_macvtap: entered promiscuous mode [ 108.291794][ T5836] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.301692][ T5836] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.310939][ T5836] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.320748][ T5836] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.340075][ T5840] veth1_vlan: entered promiscuous mode [ 108.424270][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 108.435856][ T5844] veth0_macvtap: entered promiscuous mode [ 108.464024][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 108.483074][ T5844] veth1_macvtap: entered promiscuous mode [ 108.500938][ T5833] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.511608][ T5833] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.520659][ T5833] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.529623][ T5833] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.589584][ T71] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.595826][ T5840] veth0_macvtap: entered promiscuous mode [ 108.598229][ T71] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.656356][ T5840] veth1_macvtap: entered promiscuous mode [ 108.667922][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 108.689342][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 108.707450][ T1140] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.720659][ T5844] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.730238][ T1140] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.735148][ T5844] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.746402][ T5844] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.758006][ T5844] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.782428][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 108.804457][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 108.865414][ T5840] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.880390][ T5840] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.892541][ T5840] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.902853][ T5840] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.952409][ T5836] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 108.973500][ T5835] Bluetooth: hci0: command tx timeout [ 109.001033][ T71] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.016002][ T71] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.058946][ T5835] Bluetooth: hci1: command tx timeout [ 109.064434][ T5838] Bluetooth: hci2: command tx timeout [ 109.130182][ T5835] Bluetooth: hci3: command tx timeout [ 109.157245][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.166595][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.235458][ T71] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.266003][ T71] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.400719][ T1152] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.420449][ T5926] capability: warning: `syz.3.5' uses 32-bit capabilities (legacy support in use) [ 109.431375][ T1152] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.494906][ T71] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.516761][ T71] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.562569][ T5926] HfR: entered promiscuous mode [ 109.621258][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.638234][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.653337][ T5926] device-mapper: ioctl: Unable to rename non-existent device,  to „ [ 111.049309][ T5835] Bluetooth: hci0: command tx timeout [ 111.132412][ T5835] Bluetooth: hci1: command tx timeout [ 111.138366][ T5838] Bluetooth: hci2: command tx timeout [ 111.210118][ T5835] Bluetooth: hci3: command tx timeout [ 111.913667][ T5960] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 112.273945][ T5966] FAULT_INJECTION: forcing a failure. [ 112.273945][ T5966] name failslab, interval 1, probability 0, space 0, times 1 [ 112.286956][ T5966] CPU: 1 UID: 0 PID: 5966 Comm: syz.1.10 Not tainted 6.15.0-syzkaller-13655-gbdc7f8c5adad #0 PREEMPT(full) [ 112.287001][ T5966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 112.287027][ T5966] Call Trace: [ 112.287042][ T5966] [ 112.287059][ T5966] dump_stack_lvl+0x16c/0x1f0 [ 112.287104][ T5966] should_fail_ex+0x512/0x640 [ 112.287170][ T5966] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 112.287225][ T5966] should_failslab+0xc2/0x120 [ 112.287260][ T5966] __kmalloc_cache_noprof+0x6a/0x3e0 [ 112.287309][ T5966] ? lockdep_init_map_type+0x5c/0x280 [ 112.287357][ T5966] ? qrtr_endpoint_register+0x85/0x500 [ 112.287402][ T5966] qrtr_endpoint_register+0x85/0x500 [ 112.287444][ T5966] qrtr_tun_open+0x151/0x220 [ 112.287490][ T5966] ? __pfx_qrtr_tun_open+0x10/0x10 [ 112.287539][ T5966] misc_open+0x35d/0x420 [ 112.287586][ T5966] ? __pfx_misc_open+0x10/0x10 [ 112.287631][ T5966] chrdev_open+0x231/0x6a0 [ 112.287666][ T5966] ? __pfx_chrdev_open+0x10/0x10 [ 112.287702][ T5966] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 112.287757][ T5966] do_dentry_open+0x744/0x1c10 [ 112.287812][ T5966] ? __pfx_chrdev_open+0x10/0x10 [ 112.287854][ T5966] vfs_open+0x82/0x3f0 [ 112.287899][ T5966] path_openat+0x1de4/0x2cb0 [ 112.287962][ T5966] ? __pfx_path_openat+0x10/0x10 [ 112.288010][ T5966] ? __lock_acquire+0xb8a/0x1c90 [ 112.288058][ T5966] do_filp_open+0x20b/0x470 [ 112.288108][ T5966] ? __pfx_do_filp_open+0x10/0x10 [ 112.288193][ T5966] ? alloc_fd+0x471/0x7d0 [ 112.288254][ T5966] do_sys_openat2+0x11b/0x1d0 [ 112.288293][ T5966] ? __pfx_do_sys_openat2+0x10/0x10 [ 112.288348][ T5966] __x64_sys_openat+0x174/0x210 [ 112.288387][ T5966] ? __pfx___x64_sys_openat+0x10/0x10 [ 112.288444][ T5966] do_syscall_64+0xcd/0x490 [ 112.288479][ T5966] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.288515][ T5966] RIP: 0033:0x7f38c938e929 [ 112.288551][ T5966] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 112.288591][ T5966] RSP: 002b:00007f38ca14b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 112.288617][ T5966] RAX: ffffffffffffffda RBX: 00007f38c95b6080 RCX: 00007f38c938e929 [ 112.288635][ T5966] RDX: 0000000000000101 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 112.288660][ T5966] RBP: 00007f38c9410b39 R08: 0000000000000000 R09: 0000000000000000 [ 112.288678][ T5966] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 112.288697][ T5966] R13: 0000000000000000 R14: 00007f38c95b6080 R15: 00007ffdf89bd618 [ 112.288738][ T5966] [ 113.543694][ T5987] process 'syz.2.13' launched './file0' with NULL argv: empty string added [ 113.628217][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 113.729939][ T0] NOHZ tick-stop error: local softirq work is pending, handler #342!!! [ 113.738451][ T0] NOHZ tick-stop error: local softirq work is pending, handler #342!!! [ 113.747716][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 113.771032][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 113.799269][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 113.809739][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 113.929483][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 114.190923][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 114.200957][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 114.602358][ T6007] ovs_ÿþ: entered promiscuous mode [ 114.914233][ T5835] Bluetooth: hci2: Malformed LE Event: 0x1d [ 115.462387][ T6023] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 116.986408][ T6041] Zero length message leads to an empty skb [ 119.995429][ T5835] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 119.995467][ T5835] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 120.010879][ T5835] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 120.010924][ T5835] Bluetooth: hci3: adv larger than maximum supported [ 120.018077][ T5835] Bluetooth: hci3: adv larger than maximum supported [ 120.025052][ T5835] Bluetooth: hci3: Unknown advertising packet type: 0x72 [ 120.032036][ T5835] Bluetooth: hci3: adv larger than maximum supported [ 120.039287][ T5835] Bluetooth: hci3: Malformed LE Event: 0x0d [ 120.518930][ T6093] mmap: syz.3.39 (6093) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 120.676358][ T6093] Invalid ELF header magic: != ELF [ 121.710317][ T6093] could not allocate digest TFM handle " [ 121.717980][ T6097] could not allocate digest TFM handle [ 124.595218][ T6150] netlink: 12 bytes leftover after parsing attributes in process `syz.2.51'. [ 124.608061][ T6148] HfR: entered promiscuous mode [ 124.761285][ T6150] openvswitch: HfR: Dropping previously announced user features [ 124.814810][ T6148] device-mapper: ioctl: Unable to rename non-existent device,  to „ [ 125.884601][ T6170] netlink: 4 bytes leftover after parsing attributes in process `syz.3.58'. [ 125.984638][ T6171] netlink: 4 bytes leftover after parsing attributes in process `syz.1.56'. [ 128.288013][ T6212] ======================================================= [ 128.288013][ T6212] WARNING: The mand mount option has been deprecated and [ 128.288013][ T6212] and is ignored by this kernel. Remove the mand [ 128.288013][ T6212] option from the mount to silence this warning. [ 128.288013][ T6212] ======================================================= [ 128.322980][ C1] vkms_vblank_simulate: vblank timer overrun [ 129.647182][ T6218] netlink: 8 bytes leftover after parsing attributes in process `syz.3.64'. [ 130.595507][ T6232] syz.1.69 (6232) used greatest stack depth: 19800 bytes left [ 130.807342][ T6246] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 130.829980][ T6246] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 131.077854][ T6253] random: crng reseeded on system resumption [ 132.691724][ T31] audit: type=1800 audit(6044303904.147:2): pid=6275 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.78" name="lu_gp_id" dev="configfs" ino=9233 res=0 errno=0 [ 133.597664][ T6281] syz.2.78 uses obsolete (PF_INET,SOCK_PACKET) [ 133.719933][ T6297] vivid-007: ================= START STATUS ================= [ 133.755790][ T6297] vivid-007: Generate PTS: true [ 133.763574][ T6297] vivid-007: Generate SCR: true [ 133.768621][ T6297] tpg source WxH: 320x240 (Y'CbCr) [ 133.777021][ T6297] tpg field: 1 [ 133.796357][ T6297] tpg crop: (0,0)/320x240 [ 133.805827][ T6297] tpg compose: (0,0)/320x240 [ 133.822574][ T6297] tpg colorspace: 8 [ 133.826470][ T6297] tpg transfer function: 0/0 [ 133.842159][ T6297] tpg Y'CbCr encoding: 0/0 [ 133.846674][ T6297] tpg quantization: 0/0 [ 133.872662][ T6297] tpg RGB range: 0/2 [ 133.897333][ T6297] vivid-007: ================== END STATUS ================== [ 135.487007][ T31] audit: type=1800 audit(6044303906.957:3): pid=6322 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.90" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 136.419134][ T6341] unchecked MSR access error: WRMSR to 0x418 (tried to write 0x0000000000000322) at rIP: 0xffffffff8163eb69 (__mcheck_cpu_init_clear_banks+0x109/0x1f0) [ 136.434762][ T6341] Call Trace: [ 136.438103][ T6341] [ 136.441092][ T6341] ? __pfx_mce_cpu_restart+0x10/0x10 [ 136.446461][ T6341] mce_cpu_restart+0x98/0xb0 [ 136.451138][ T6341] smp_call_function_many_cond+0xef9/0x1510 [ 136.457119][ T6341] ? __pfx_mce_cpu_restart+0x10/0x10 [ 136.462502][ T6341] ? lockdep_hardirqs_on+0x7c/0x110 [ 136.467800][ T6341] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 136.473703][ T6341] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 136.480109][ T6341] ? __pfx___try_to_del_timer_sync+0x10/0x10 [ 136.486187][ T6341] ? __pfx_mce_cpu_restart+0x10/0x10 [ 136.491576][ T6341] on_each_cpu_cond_mask+0x40/0x90 [ 136.496760][ T6341] set_bank+0x240/0x3a0 [ 136.501004][ T6341] ? __pfx_set_bank+0x10/0x10 [ 136.505752][ T6341] ? find_held_lock+0x2b/0x80 [ 136.510473][ T6341] ? __pfx_set_bank+0x10/0x10 [ 136.515188][ T6341] dev_attr_store+0x58/0x80 [ 136.519728][ T6341] ? __pfx_dev_attr_store+0x10/0x10 [ 136.524965][ T6341] sysfs_kf_write+0xf2/0x150 [ 136.529605][ T6341] kernfs_fop_write_iter+0x351/0x510 [ 136.534936][ T6341] ? __pfx_sysfs_kf_write+0x10/0x10 [ 136.540181][ T6341] vfs_write+0x6c7/0x1150 [ 136.544596][ T6341] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 136.550448][ T6341] ? __pfx___mutex_lock+0x10/0x10 [ 136.555512][ T6341] ? __pfx_vfs_write+0x10/0x10 [ 136.560360][ T6341] ksys_write+0x12a/0x250 [ 136.564752][ T6341] ? __pfx_ksys_write+0x10/0x10 [ 136.569664][ T6341] do_syscall_64+0xcd/0x490 [ 136.574208][ T6341] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.580146][ T6341] RIP: 0033:0x7f02c318e929 [ 136.584589][ T6341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 136.604234][ T6341] RSP: 002b:00007f02c0ff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 136.612679][ T6341] RAX: ffffffffffffffda RBX: 00007f02c33b5fa0 RCX: 00007f02c318e929 [ 136.620676][ T6341] RDX: 0000000000000003 RSI: 0000200000000240 RDI: 0000000000000003 [ 136.628676][ T6341] RBP: 00007f02c3210b39 R08: 0000000000000000 R09: 0000000000000000 [ 136.636704][ T6341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 136.644702][ T6341] R13: 0000000000000000 R14: 00007f02c33b5fa0 R15: 00007ffeaae66478 [ 136.652730][ T6341] [ 139.141263][ T6374] FAULT_INJECTION: forcing a failure. [ 139.141263][ T6374] name failslab, interval 1, probability 0, space 0, times 0 [ 139.169175][ T6374] CPU: 0 UID: 0 PID: 6374 Comm: syz.1.102 Not tainted 6.15.0-syzkaller-13655-gbdc7f8c5adad #0 PREEMPT(full) [ 139.169221][ T6374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 139.169241][ T6374] Call Trace: [ 139.169252][ T6374] [ 139.169264][ T6374] dump_stack_lvl+0x16c/0x1f0 [ 139.169303][ T6374] should_fail_ex+0x512/0x640 [ 139.169355][ T6374] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 139.169412][ T6374] should_failslab+0xc2/0x120 [ 139.169445][ T6374] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 139.169495][ T6374] ? kernfs_add_one+0x37d/0x840 [ 139.169525][ T6374] ? __kernfs_new_node+0xd2/0x8e0 [ 139.169577][ T6374] __kernfs_new_node+0xd2/0x8e0 [ 139.169633][ T6374] ? kernfs_add_one+0x14e/0x840 [ 139.169663][ T6374] ? __pfx___kernfs_new_node+0x10/0x10 [ 139.169719][ T6374] ? find_held_lock+0x2b/0x80 [ 139.169753][ T6374] ? kernfs_root+0xee/0x2a0 [ 139.169809][ T6374] kernfs_new_node+0x13c/0x1e0 [ 139.169849][ T6374] kernfs_create_link+0xcc/0x240 [ 139.169893][ T6374] sysfs_do_create_link_sd+0x90/0x140 [ 139.169945][ T6374] sysfs_create_link+0x61/0xc0 [ 139.169990][ T6374] device_add+0x50a/0x1a70 [ 139.170033][ T6374] ? __pfx_device_add+0x10/0x10 [ 139.170070][ T6374] ? lockdep_init_map_type+0x5c/0x280 [ 139.170118][ T6374] ? __init_waitqueue_head+0xca/0x150 [ 139.170186][ T6374] rfkill_register+0x1ad/0xb40 [ 139.170236][ T6374] nfc_register_device+0x11f/0x3c0 [ 139.170276][ T6374] nci_register_device+0x7f1/0xb80 [ 139.170329][ T6374] ? __pfx_nci_register_device+0x10/0x10 [ 139.170387][ T6374] ? lockdep_init_map_type+0x5c/0x280 [ 139.170442][ T6374] virtual_ncidev_open+0x141/0x220 [ 139.170488][ T6374] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 139.170533][ T6374] misc_open+0x35d/0x420 [ 139.170578][ T6374] ? __pfx_misc_open+0x10/0x10 [ 139.170629][ T6374] chrdev_open+0x231/0x6a0 [ 139.170659][ T6374] ? __pfx_apparmor_file_open+0x10/0x10 [ 139.170707][ T6374] ? __pfx_chrdev_open+0x10/0x10 [ 139.170743][ T6374] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 139.170798][ T6374] do_dentry_open+0x744/0x1c10 [ 139.170851][ T6374] ? __pfx_chrdev_open+0x10/0x10 [ 139.170891][ T6374] vfs_open+0x82/0x3f0 [ 139.170935][ T6374] path_openat+0x1de4/0x2cb0 [ 139.171002][ T6374] ? __pfx_path_openat+0x10/0x10 [ 139.171054][ T6374] ? __lock_acquire+0xb8a/0x1c90 [ 139.171103][ T6374] do_filp_open+0x20b/0x470 [ 139.171152][ T6374] ? __pfx_do_filp_open+0x10/0x10 [ 139.171237][ T6374] ? alloc_fd+0x471/0x7d0 [ 139.171297][ T6374] do_sys_openat2+0x11b/0x1d0 [ 139.171336][ T6374] ? __pfx_do_sys_openat2+0x10/0x10 [ 139.171378][ T6374] ? find_held_lock+0x2b/0x80 [ 139.171421][ T6374] __x64_sys_openat+0x174/0x210 [ 139.171461][ T6374] ? __pfx___x64_sys_openat+0x10/0x10 [ 139.171521][ T6374] do_syscall_64+0xcd/0x490 [ 139.171558][ T6374] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 139.171592][ T6374] RIP: 0033:0x7f38c938e929 [ 139.171619][ T6374] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 139.171656][ T6374] RSP: 002b:00007f38ca16c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 139.171687][ T6374] RAX: ffffffffffffffda RBX: 00007f38c95b5fa0 RCX: 00007f38c938e929 [ 139.171708][ T6374] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 139.171728][ T6374] RBP: 00007f38c9410b39 R08: 0000000000000000 R09: 0000000000000000 [ 139.171747][ T6374] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 139.171765][ T6374] R13: 0000000000000000 R14: 00007f38c95b5fa0 R15: 00007ffdf89bd618 [ 139.171808][ T6374] [ 142.292637][ T6406] FAULT_INJECTION: forcing a failure. [ 142.292637][ T6406] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 142.378949][ T6406] CPU: 1 UID: 0 PID: 6406 Comm: syz.0.108 Not tainted 6.15.0-syzkaller-13655-gbdc7f8c5adad #0 PREEMPT(full) [ 142.378993][ T6406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 142.379011][ T6406] Call Trace: [ 142.379021][ T6406] [ 142.379032][ T6406] dump_stack_lvl+0x16c/0x1f0 [ 142.379068][ T6406] should_fail_ex+0x512/0x640 [ 142.379122][ T6406] _copy_from_iter+0x29f/0x16f0 [ 142.379164][ T6406] ? __pfx__copy_from_iter+0x10/0x10 [ 142.379202][ T6406] ? rcu_is_watching+0x12/0xc0 [ 142.379234][ T6406] ? trace_kmalloc+0x2b/0xd0 [ 142.379267][ T6406] ? __kmalloc_noprof+0x242/0x510 [ 142.379323][ T6406] kernfs_fop_write_iter+0x19a/0x510 [ 142.379365][ T6406] vfs_write+0x6c7/0x1150 [ 142.379419][ T6406] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 142.379456][ T6406] ? __pfx___mutex_lock+0x10/0x10 [ 142.379489][ T6406] ? __pfx_vfs_write+0x10/0x10 [ 142.379572][ T6406] ksys_write+0x12a/0x250 [ 142.379620][ T6406] ? __pfx_ksys_write+0x10/0x10 [ 142.379687][ T6406] do_syscall_64+0xcd/0x490 [ 142.379722][ T6406] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 142.379759][ T6406] RIP: 0033:0x7f02c318e929 [ 142.379783][ T6406] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 142.379813][ T6406] RSP: 002b:00007f02c0ff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 142.379841][ T6406] RAX: ffffffffffffffda RBX: 00007f02c33b5fa0 RCX: 00007f02c318e929 [ 142.379862][ T6406] RDX: 0000000000000003 RSI: 0000200000000240 RDI: 0000000000000003 [ 142.379880][ T6406] RBP: 00007f02c0ff6090 R08: 0000000000000000 R09: 0000000000000000 [ 142.379898][ T6406] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 142.379915][ T6406] R13: 0000000000000000 R14: 00007f02c33b5fa0 R15: 00007ffeaae66478 [ 142.379962][ T6406] [ 143.214944][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 143.263941][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 144.043427][ T6424] bdi 43:96: the stable_pages_required attribute has been removed. Use the stable_writes queue attribute instead. [ 144.137801][ T6418] Invalid ELF header magic: != ELF [ 146.241273][ T6437] Invalid ELF header magic: != ELF [ 147.230910][ T6465] FAULT_INJECTION: forcing a failure. [ 147.230910][ T6465] name failslab, interval 1, probability 0, space 0, times 0 [ 147.332396][ T6465] CPU: 1 UID: 0 PID: 6465 Comm: syz.3.118 Not tainted 6.15.0-syzkaller-13655-gbdc7f8c5adad #0 PREEMPT(full) [ 147.332441][ T6465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 147.332461][ T6465] Call Trace: [ 147.332472][ T6465] [ 147.332486][ T6465] dump_stack_lvl+0x16c/0x1f0 [ 147.332526][ T6465] should_fail_ex+0x512/0x640 [ 147.332579][ T6465] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 147.332637][ T6465] should_failslab+0xc2/0x120 [ 147.332670][ T6465] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 147.332721][ T6465] ? __asan_memcpy+0x3c/0x60 [ 147.332762][ T6465] ? __kernfs_new_node+0xd2/0x8e0 [ 147.332815][ T6465] __kernfs_new_node+0xd2/0x8e0 [ 147.332868][ T6465] ? __pfx___kernfs_new_node+0x10/0x10 [ 147.332925][ T6465] ? find_held_lock+0x2b/0x80 [ 147.332957][ T6465] ? kernfs_root+0xee/0x2a0 [ 147.333022][ T6465] kernfs_new_node+0x13c/0x1e0 [ 147.333062][ T6465] kernfs_create_link+0xcc/0x240 [ 147.333103][ T6465] sysfs_do_create_link_sd+0x90/0x140 [ 147.333155][ T6465] sysfs_create_link+0x61/0xc0 [ 147.333203][ T6465] device_add+0x62c/0x1a70 [ 147.333246][ T6465] ? __pfx_device_add+0x10/0x10 [ 147.333284][ T6465] ? lockdep_init_map_type+0x5c/0x280 [ 147.333330][ T6465] ? __init_waitqueue_head+0xca/0x150 [ 147.333400][ T6465] rfkill_register+0x1ad/0xb40 [ 147.333451][ T6465] nfc_register_device+0x11f/0x3c0 [ 147.333493][ T6465] nci_register_device+0x7f1/0xb80 [ 147.333545][ T6465] ? __pfx_nci_register_device+0x10/0x10 [ 147.333603][ T6465] ? lockdep_init_map_type+0x5c/0x280 [ 147.333657][ T6465] virtual_ncidev_open+0x141/0x220 [ 147.333702][ T6465] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 147.333746][ T6465] misc_open+0x35d/0x420 [ 147.333793][ T6465] ? __pfx_misc_open+0x10/0x10 [ 147.333837][ T6465] chrdev_open+0x231/0x6a0 [ 147.333867][ T6465] ? __pfx_apparmor_file_open+0x10/0x10 [ 147.333912][ T6465] ? __pfx_chrdev_open+0x10/0x10 [ 147.333948][ T6465] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 147.334003][ T6465] do_dentry_open+0x744/0x1c10 [ 147.334065][ T6465] ? __pfx_chrdev_open+0x10/0x10 [ 147.334103][ T6465] vfs_open+0x82/0x3f0 [ 147.334146][ T6465] path_openat+0x1de4/0x2cb0 [ 147.334212][ T6465] ? __pfx_path_openat+0x10/0x10 [ 147.334267][ T6465] ? __lock_acquire+0xb8a/0x1c90 [ 147.334317][ T6465] do_filp_open+0x20b/0x470 [ 147.334369][ T6465] ? __pfx_do_filp_open+0x10/0x10 [ 147.334451][ T6465] ? alloc_fd+0x471/0x7d0 [ 147.334512][ T6465] do_sys_openat2+0x11b/0x1d0 [ 147.334552][ T6465] ? __pfx_do_sys_openat2+0x10/0x10 [ 147.334612][ T6465] ? find_held_lock+0x2b/0x80 [ 147.334690][ T6465] __x64_sys_openat+0x174/0x210 [ 147.334738][ T6465] ? __pfx___x64_sys_openat+0x10/0x10 [ 147.334794][ T6465] do_syscall_64+0xcd/0x490 [ 147.334829][ T6465] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 147.334861][ T6465] RIP: 0033:0x7f84d6d8e929 [ 147.334887][ T6465] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 147.334918][ T6465] RSP: 002b:00007f84d7b20038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 147.334949][ T6465] RAX: ffffffffffffffda RBX: 00007f84d6fb5fa0 RCX: 00007f84d6d8e929 [ 147.334968][ T6465] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 147.334987][ T6465] RBP: 00007f84d6e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 147.335007][ T6465] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 147.335034][ T6465] R13: 0000000000000000 R14: 00007f84d6fb5fa0 R15: 00007ffc3cc44548 [ 147.335078][ T6465] [ 148.928514][ T6480] netlink: 338 bytes leftover after parsing attributes in process `syz.0.122'. [ 149.729752][ T6489] FAULT_INJECTION: forcing a failure. [ 149.729752][ T6489] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 149.795790][ T6489] CPU: 0 UID: 0 PID: 6489 Comm: syz.2.123 Not tainted 6.15.0-syzkaller-13655-gbdc7f8c5adad #0 PREEMPT(full) [ 149.795833][ T6489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 149.795858][ T6489] Call Trace: [ 149.795866][ T6489] [ 149.795875][ T6489] dump_stack_lvl+0x16c/0x1f0 [ 149.795903][ T6489] should_fail_ex+0x512/0x640 [ 149.795945][ T6489] _copy_from_user+0x2e/0xd0 [ 149.795969][ T6489] csum_and_copy_from_iter_full+0x21a/0x1f70 [ 149.796023][ T6489] ? __pfx_csum_and_copy_from_iter_full+0x10/0x10 [ 149.796058][ T6489] ? rcu_is_watching+0x12/0xc0 [ 149.796083][ T6489] ? trace_kmalloc+0x2b/0xd0 [ 149.796107][ T6489] ? __kmalloc_node_track_caller_noprof+0x23e/0x510 [ 149.796148][ T6489] ? __alloc_skb+0x166/0x380 [ 149.796184][ T6489] ? trace_kmem_cache_alloc+0x28/0xc0 [ 149.796214][ T6489] ip_generic_getfrag+0x170/0x270 [ 149.796244][ T6489] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 149.796273][ T6489] ? __alloc_skb+0x200/0x380 [ 149.796309][ T6489] ? __pfx___alloc_skb+0x10/0x10 [ 149.796350][ T6489] raw6_getfrag+0x22d/0x2a0 [ 149.796374][ T6489] ? find_held_lock+0x2b/0x80 [ 149.796402][ T6489] __ip6_append_data+0x3e81/0x4780 [ 149.796440][ T6489] ? __pfx_raw6_getfrag+0x10/0x10 [ 149.796479][ T6489] ? __pfx___ip6_append_data+0x10/0x10 [ 149.796511][ T6489] ? __pfx_ip6_mtu+0x10/0x10 [ 149.796535][ T6489] ? ip6_setup_cork+0xc51/0x1530 [ 149.796570][ T6489] ip6_append_data+0x1bd/0x4c0 [ 149.796602][ T6489] ? __pfx_raw6_getfrag+0x10/0x10 [ 149.796632][ T6489] rawv6_sendmsg+0x1642/0x47a0 [ 149.796660][ T6489] ? lockdep_hardirqs_on+0x7c/0x110 [ 149.796709][ T6489] ? __pfx_rawv6_sendmsg+0x10/0x10 [ 149.796742][ T6489] ? __lock_acquire+0x622/0x1c90 [ 149.796788][ T6489] ? __pfx___might_resched+0x10/0x10 [ 149.796836][ T6489] ? __pfx_aa_sk_perm+0x10/0x10 [ 149.796868][ T6489] ? __pfx_rawv6_sendmsg+0x10/0x10 [ 149.796898][ T6489] ? inet_sendmsg+0x119/0x140 [ 149.796932][ T6489] inet_sendmsg+0x119/0x140 [ 149.796970][ T6489] sock_write_iter+0x4aa/0x5b0 [ 149.797002][ T6489] ? __pfx_sock_write_iter+0x10/0x10 [ 149.797043][ T6489] ? bpf_lsm_file_permission+0x9/0x10 [ 149.797069][ T6489] ? security_file_permission+0x71/0x210 [ 149.797103][ T6489] ? rw_verify_area+0xcf/0x680 [ 149.797137][ T6489] vfs_write+0x6c7/0x1150 [ 149.797172][ T6489] ? __pfx_sock_write_iter+0x10/0x10 [ 149.797205][ T6489] ? __pfx_vfs_write+0x10/0x10 [ 149.797237][ T6489] ? find_held_lock+0x2b/0x80 [ 149.797278][ T6489] ksys_write+0x1f8/0x250 [ 149.797313][ T6489] ? __pfx_ksys_write+0x10/0x10 [ 149.797356][ T6489] do_syscall_64+0xcd/0x490 [ 149.797381][ T6489] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 149.797405][ T6489] RIP: 0033:0x7f04c098e929 [ 149.797423][ T6489] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 149.797446][ T6489] RSP: 002b:00007f04c1753038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 149.797467][ T6489] RAX: ffffffffffffffda RBX: 00007f04c0bb5fa0 RCX: 00007f04c098e929 [ 149.797482][ T6489] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 0000000000000003 [ 149.797496][ T6489] RBP: 00007f04c0a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 149.797510][ T6489] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 149.797524][ T6489] R13: 0000000000000000 R14: 00007f04c0bb5fa0 R15: 00007fffee2dd098 [ 149.797552][ T6489] [ 150.130800][ C0] vkms_vblank_simulate: vblank timer overrun [ 150.740070][ T6500] usb usb8: usbfs: interface 0 claimed by hub while 'syz.1.124' sets config #0 [ 150.913326][ T31] audit: type=1804 audit(6044303922.387:4): pid=6504 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.126" name="/newroot/27/file0" dev="tmpfs" ino=166 res=1 errno=0 [ 150.941961][ T31] audit: type=1800 audit(6044303922.407:5): pid=6504 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.126" name="file0" dev="tmpfs" ino=166 res=0 errno=0 [ 153.209432][ T6534] netlink: 350 bytes leftover after parsing attributes in process `syz.0.132'. [ 155.476596][ T6548] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 155.499954][ T6548] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 155.664400][ T6548] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 155.737283][ T6548] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 155.758452][ T6548] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 155.882196][ T6548] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 155.925375][ T6548] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 155.938863][ T6548] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 155.985730][ T6548] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 156.124825][ T6548] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 156.171519][ T6548] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 156.394892][ T6548] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 156.968857][ T5838] Bluetooth: hci0: command 0x0c1a tx timeout [ 157.123072][ T6570] kexec: Could not allocate control_code_buffer [ 157.209402][ T6574] [ 157.211835][ T6574] ====================================================== [ 157.218900][ T6574] WARNING: possible circular locking dependency detected [ 157.225977][ T6574] 6.15.0-syzkaller-13655-gbdc7f8c5adad #0 Not tainted [ 157.232790][ T6574] ------------------------------------------------------ [ 157.239871][ T6574] syz.3.139/6574 is trying to acquire lock: [ 157.245820][ T6574] ffffffff8e52f5c8 (pcpu_alloc_mutex){+.+.}-{4:4}, at: pcpu_alloc_noprof+0xb4c/0x1470 [ 157.255514][ T6574] [ 157.255514][ T6574] but task is already holding lock: [ 157.262932][ T6574] ffff888025bce278 (&q->q_usage_counter(io)#18){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 157.274276][ T6574] [ 157.274276][ T6574] which lock already depends on the new lock. [ 157.274276][ T6574] [ 157.284734][ T6574] [ 157.284734][ T6574] the existing dependency chain (in reverse order) is: [ 157.293812][ T6574] [ 157.293812][ T6574] -> #2 (&q->q_usage_counter(io)#18){++++}-{0:0}: [ 157.303000][ T6574] blk_alloc_queue+0x619/0x760 [ 157.308552][ T6574] blk_mq_alloc_queue+0x175/0x290 [ 157.314176][ T6574] __blk_mq_alloc_disk+0x29/0x120 [ 157.319778][ T6574] loop_add+0x49e/0xb70 [ 157.324504][ T6574] loop_init+0x164/0x270 [ 157.329318][ T6574] do_one_initcall+0x120/0x6e0 [ 157.334632][ T6574] kernel_init_freeable+0x5c2/0x900 [ 157.340398][ T6574] kernel_init+0x1c/0x2b0 [ 157.345286][ T6574] ret_from_fork+0x5d7/0x6f0 [ 157.350448][ T6574] ret_from_fork_asm+0x1a/0x30 [ 157.355770][ T6574] [ 157.355770][ T6574] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 157.363134][ T6574] fs_reclaim_acquire+0x102/0x150 [ 157.368905][ T6574] prepare_alloc_pages+0x162/0x610 [ 157.374581][ T6574] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 157.381059][ T6574] __alloc_pages_noprof+0xb/0x1b0 [ 157.386666][ T6574] pcpu_populate_chunk+0x110/0xb00 [ 157.392343][ T6574] pcpu_alloc_noprof+0x86a/0x1470 [ 157.397945][ T6574] xt_percpu_counter_alloc+0x13e/0x1b0 [ 157.403971][ T6574] find_check_entry.constprop.0+0xbc/0x9b0 [ 157.410345][ T6574] translate_table+0xc98/0x1720 [ 157.415766][ T6574] ipt_register_table+0x102/0x430 [ 157.421357][ T6574] iptable_nat_table_init+0x4b/0x250 [ 157.427213][ T6574] xt_find_table_lock+0x2e4/0x520 [ 157.432809][ T6574] xt_request_find_table_lock+0x28/0xf0 [ 157.438939][ T6574] get_info+0x190/0x610 [ 157.443743][ T6574] do_ipt_get_ctl+0x169/0xa10 [ 157.448990][ T6574] nf_getsockopt+0x79/0xe0 [ 157.453974][ T6574] ip_getsockopt+0x18c/0x1e0 [ 157.459137][ T6574] tcp_getsockopt+0xa1/0x100 [ 157.464284][ T6574] do_sock_getsockopt+0x3fc/0x800 [ 157.469876][ T6574] __sys_getsockopt+0x123/0x1b0 [ 157.475279][ T6574] __x64_sys_getsockopt+0xbd/0x160 [ 157.480947][ T6574] do_syscall_64+0xcd/0x490 [ 157.486005][ T6574] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.492561][ T6574] [ 157.492561][ T6574] -> #0 (pcpu_alloc_mutex){+.+.}-{4:4}: [ 157.500343][ T6574] __lock_acquire+0x126f/0x1c90 [ 157.505758][ T6574] lock_acquire+0x179/0x350 [ 157.510828][ T6574] __mutex_lock+0x199/0xb90 [ 157.515894][ T6574] pcpu_alloc_noprof+0xb4c/0x1470 [ 157.521483][ T6574] blk_stat_alloc_callback+0xc8/0x280 [ 157.527410][ T6574] wbt_init+0xac/0x540 [ 157.532039][ T6574] queue_wb_lat_store+0x354/0x3d0 [ 157.537626][ T6574] queue_attr_store+0x279/0x320 [ 157.543030][ T6574] sysfs_kf_write+0xf2/0x150 [ 157.548181][ T6574] kernfs_fop_write_iter+0x351/0x510 [ 157.554017][ T6574] vfs_write+0x6c7/0x1150 [ 157.558922][ T6574] ksys_write+0x12a/0x250 [ 157.563824][ T6574] do_syscall_64+0xcd/0x490 [ 157.568979][ T6574] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.575433][ T6574] [ 157.575433][ T6574] other info that might help us debug this: [ 157.575433][ T6574] [ 157.585684][ T6574] Chain exists of: [ 157.585684][ T6574] pcpu_alloc_mutex --> fs_reclaim --> &q->q_usage_counter(io)#18 [ 157.585684][ T6574] [ 157.599391][ T6574] Possible unsafe locking scenario: [ 157.599391][ T6574] [ 157.606883][ T6574] CPU0 CPU1 [ 157.612324][ T6574] ---- ---- [ 157.617711][ T6574] lock(&q->q_usage_counter(io)#18); [ 157.623135][ T6574] lock(fs_reclaim); [ 157.629763][ T6574] lock(&q->q_usage_counter(io)#18); [ 157.637785][ T6574] lock(pcpu_alloc_mutex); [ 157.642351][ T6574] [ 157.642351][ T6574] *** DEADLOCK *** [ 157.642351][ T6574] [ 157.650514][ T6574] 6 locks held by syz.3.139/6574: [ 157.655559][ T6574] #0: ffff888033452478 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2a2/0x370 [ 157.664688][ T6574] #1: ffff888035ffc428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 157.673744][ T6574] #2: ffff888028b1ac88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 [ 157.683553][ T6574] #3: ffff888025533788 (kn->active#94){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 [ 157.693632][ T6574] #4: ffff888025bce278 (&q->q_usage_counter(io)#18){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 157.705412][ T6574] #5: ffff888025bce2b0 (&q->q_usage_counter(queue)#20){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 157.717411][ T6574] [ 157.717411][ T6574] stack backtrace: [ 157.723323][ T6574] CPU: 1 UID: 0 PID: 6574 Comm: syz.3.139 Not tainted 6.15.0-syzkaller-13655-gbdc7f8c5adad #0 PREEMPT(full) [ 157.723358][ T6574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 157.723374][ T6574] Call Trace: [ 157.723384][ T6574] [ 157.723395][ T6574] dump_stack_lvl+0x116/0x1f0 [ 157.723424][ T6574] print_circular_bug+0x275/0x350 [ 157.723462][ T6574] check_noncircular+0x14c/0x170 [ 157.723502][ T6574] __lock_acquire+0x126f/0x1c90 [ 157.723544][ T6574] lock_acquire+0x179/0x350 [ 157.723578][ T6574] ? pcpu_alloc_noprof+0xb4c/0x1470 [ 157.723619][ T6574] ? __pfx___might_resched+0x10/0x10 [ 157.723647][ T6574] ? ksys_write+0x12a/0x250 [ 157.723687][ T6574] ? do_syscall_64+0xcd/0x490 [ 157.723712][ T6574] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.723743][ T6574] __mutex_lock+0x199/0xb90 [ 157.723769][ T6574] ? pcpu_alloc_noprof+0xb4c/0x1470 [ 157.723809][ T6574] ? pcpu_alloc_noprof+0xb4c/0x1470 [ 157.723856][ T6574] ? __pfx___mutex_lock+0x10/0x10 [ 157.723892][ T6574] ? pcpu_alloc_noprof+0xb4c/0x1470 [ 157.723930][ T6574] pcpu_alloc_noprof+0xb4c/0x1470 [ 157.723975][ T6574] ? __pfx_wbt_data_dir+0x10/0x10 [ 157.724016][ T6574] ? __pfx_wb_timer_fn+0x10/0x10 [ 157.724044][ T6574] blk_stat_alloc_callback+0xc8/0x280 [ 157.724073][ T6574] ? kasan_save_track+0x14/0x30 [ 157.724118][ T6574] wbt_init+0xac/0x540 [ 157.724149][ T6574] queue_wb_lat_store+0x354/0x3d0 [ 157.724176][ T6574] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 157.724203][ T6574] ? __mutex_trylock_common+0xe9/0x250 [ 157.724241][ T6574] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 157.724267][ T6574] queue_attr_store+0x279/0x320 [ 157.724293][ T6574] ? __pfx_queue_attr_store+0x10/0x10 [ 157.724317][ T6574] ? __lock_acquire+0x622/0x1c90 [ 157.724361][ T6574] ? find_held_lock+0x2b/0x80 [ 157.724386][ T6574] ? sysfs_file_kobj+0xe4/0x290 [ 157.724422][ T6574] ? __pfx_queue_attr_store+0x10/0x10 [ 157.724448][ T6574] sysfs_kf_write+0xf2/0x150 [ 157.724482][ T6574] kernfs_fop_write_iter+0x351/0x510 [ 157.724511][ T6574] ? __pfx_sysfs_kf_write+0x10/0x10 [ 157.724547][ T6574] vfs_write+0x6c7/0x1150 [ 157.724586][ T6574] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 157.724617][ T6574] ? __pfx___mutex_lock+0x10/0x10 [ 157.724643][ T6574] ? __pfx_vfs_write+0x10/0x10 [ 157.724693][ T6574] ksys_write+0x12a/0x250 [ 157.724732][ T6574] ? __pfx_ksys_write+0x10/0x10 [ 157.724777][ T6574] do_syscall_64+0xcd/0x490 [ 157.724805][ T6574] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.724832][ T6574] RIP: 0033:0x7f84d6d8e929 [ 157.724860][ T6574] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 157.724887][ T6574] RSP: 002b:00007f84d4bf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 157.724912][ T6574] RAX: ffffffffffffffda RBX: 00007f84d6fb6080 RCX: 00007f84d6d8e929 [ 157.724930][ T6574] RDX: 0000000000000009 RSI: 00002000000001c0 RDI: 0000000000000004 [ 157.724947][ T6574] RBP: 00007f84d6e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 157.724964][ T6574] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 157.724980][ T6574] R13: 0000000000000000 R14: 00007f84d6fb6080 R15: 00007ffc3cc44548 [ 157.725006][ T6574] [ 157.798841][ T5838] Bluetooth: hci1: command 0x0c1a tx timeout [ 158.058795][ T5838] Bluetooth: hci2: command 0x0c1a tx timeout [ 158.168726][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 159.048786][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 160.098855][ T5838] Bluetooth: hci1: command 0x0c1a tx timeout [ 160.101854][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 160.248825][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 161.129354][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 162.168825][ T5838] Bluetooth: hci2: command 0x0c1a tx timeout [ 162.168893][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 162.328902][ T51] Bluetooth: hci3: command 0x0c1a tx timeout