last executing test programs: 7.618975796s ago: executing program 1 (id=179): mmap$auto(0x0, 0x100004005, 0x800002, 0x40eb2, 0x401, 0x300000000000) prctl$auto(0x1, 0x4, 0x4, 0x3, 0x4) mmap$auto(0x0, 0x400005, 0xffffffffffeffffe, 0x9b72, 0xc76, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x4008081}, 0x10004010) socket(0x2, 0x80802, 0x0) r0 = socket(0x2, 0x1, 0x0) fcntl$auto(0x3, 0x4, 0xa553) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/tcp_fastopen_blackhole_timeout_sec\x00', 0x0, 0x0) socket(0x2, 0x801, 0x100) connect$auto(0x3, &(0x7f00000000c0), 0x55) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) connect$auto(0x3, &(0x7f0000000140), 0x55) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x10}, 0x3, 0x1) select$auto(0xa, &(0x7f0000000180)={[0x80000000, 0xbfd3, 0x44, 0x1, 0x3, 0x7fffffffffffffff, 0x8, 0x4, 0x1, 0x8, 0x5, 0x9, 0xfffffffffffffffc, 0x9000000000, 0x9, 0x33ca]}, &(0x7f0000000240)={[0x8, 0xf, 0x7, 0x3ff, 0x9fed, 0x100000001, 0x800000000, 0x5, 0x5, 0x1, 0x7, 0xb, 0x63, 0x1, 0x1, 0x6]}, 0x0, 0x0) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) mmap$auto(0x0, 0x40000202000d, 0x3, 0xebd, 0xfffffffffffffffa, 0xb) read$auto(0xffffffffffffffff, 0x0, 0x20) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) openat$auto_proc_pid_set_comm_operations_base(0xffffffffffffff9c, 0x0, 0x10500, 0x0) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x8000, 0x0) pselect6$auto(0x7f, &(0x7f00000002c0)={[0x1, 0xd81e, 0x6, 0x1, 0x3, 0x200, 0x0, 0x3, 0x9, 0x8000000000000000, 0x9, 0x6ddc, 0x10, 0x5, 0x734, 0x7f]}, &(0x7f0000000340)={[0x2, 0x7ff, 0xfff, 0x8, 0x8000000000000001, 0xd, 0x0, 0x1, 0x14, 0x1, 0xfe00000000000, 0xd, 0x9, 0xaa, 0x9, 0x5]}, &(0x7f00000003c0)={[0x94, 0x7, 0x6, 0x3ff, 0x0, 0x9, 0x0, 0x0, 0x1, 0x0, 0x8, 0x1c, 0x0, 0xe72, 0x9, 0xfff]}, &(0x7f00000000c0)={0x9, 0x6}, &(0x7f0000000440)="8b658eff219bc23e277374adbbf2c7385ee33bd14e6af0d2e6949b8394ab6eba1b2c220b3c121ef552e897acffa1b181abe2273de823e3a65df8b0bc5412e3253ac331d40d085556e2169a3db046a218ce3c1efe444a7fce39742e9db66a8d8cd99f2019beee5693302b0f2ef0868d54cf75cbbe3b70a391d98898147d33114b01a854b600fe49a3eb42e5d73628cab002d3a41796c423e9242f614cfd8e862e529d5406a2ee244b3d42") ioctl$auto_SNDCTL_DSP_SPEED(r1, 0xc0045002, 0x0) read$auto_nsim_dev_trap_fa_cookie_fops_dev(r1, &(0x7f0000000000)=""/156, 0x9c) msync$auto(0x1ffff000, 0x180000000000000, 0x6) mmap$auto(0x0, 0x2020009, 0xfff, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0x3, 0x0, 0x100082) socket(0x2, 0x1, 0x106) 6.109937436s ago: executing program 2 (id=183): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/virtual/net/bond0/queues/rx-7/rps_cpus\x00', 0x143680, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000080)=""/86, 0x56) 5.69048508s ago: executing program 2 (id=184): r0 = openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/block/loop13/rqos/wbt/inflight\x00', 0x2040, 0x0) pread64$auto(r0, 0x0, 0x4, 0x2e) 5.390814942s ago: executing program 2 (id=186): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/i8042/serio0/force_release\x00', 0xc2082, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) munmap$auto(0x2, 0x1a525c0f) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x883, 0x0) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0xd4, 0x1, 0x6, 0x0, 0x1, 0x368e, 0x2, {0x100000000, 0x10000}, 0x5, 0x6, 0xfffffffffffffffd, 0x1008000, 0x0, 0x80000004, 0x81, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x804}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) connect$auto(0x3, 0x0, 0x54) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0xa00040, 0x0) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/team_slave_0/rpl_seg_enabled\x00', 0x20202, 0x0) sendfile$auto(r1, r2, 0x0, 0x1) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x4, 0x4000000000e2, 0x40eb1, 0xffffffffffffffff, 0x10000) r3 = open(0x0, 0x0, 0x408) adjtimex$auto(&(0x7f0000000240)={0x10000, 0x0, 0x7, 0x1, 0xffffffff, 0x5, 0x4, 0x0, 0x5, 0x0, 0xfffffffffffffffe, {0x24f, 0x8}, 0x0, 0x3, 0x4, 0x2, 0x0, 0xeca, 0x3, 0x7, 0x0, 0x12e, 0x5bbda88c}) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x40, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mbind$auto(0x0, 0x800605, 0x8003, &(0x7f0000000100)=0xfffe, 0x3, 0x3) mbind$auto(0x0, 0x800605, 0x8003, &(0x7f0000000100)=0xffff, 0x3, 0x3) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000140), r3) 4.918476129s ago: executing program 3 (id=191): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/block/loop15/mq/0/nr_reserved_tags\x00', 0x1c1800, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000080)=""/64, 0x40) 4.806805811s ago: executing program 3 (id=193): r0 = openat$auto_ecryptfs_miscdev_fops_miscdev(0xffffffffffffff9c, &(0x7f00000003c0), 0x101200, 0x0) poll$auto(&(0x7f0000000400)={r0, 0x4, 0x7}, 0x6, 0x7) 4.65014033s ago: executing program 3 (id=194): close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x2, 0x2, 0x1) openat$auto_ns_file_operations_nsfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/ns/cgroup\x00', 0x620002, 0x0) open(0x0, 0x220c0, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/pm_trace_dev_match\x00', 0x20080, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000280)=""/175, 0xaf) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xa0942, 0x0) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0f0026bd7000fcdbdf9907"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0xd4, 0x3, 0x6, 0x0, 0x200000000000001, 0x368e, 0x2, {0x100000000, 0x4}, 0x103, 0x6, 0xfffffffffffffffd, 0x7, 0x0, 0x8000000c, 0x81, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x804}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x101100, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) r4 = socket(0x15, 0x5, 0x0) ustat$auto(0x801, 0x0) sendmsg$auto(r4, &(0x7f0000000180)={&(0x7f0000000440)="73925c4b13d8b792c32f062b9bbe8a568390b5b63475cb4f8073c7db1468c855060d8f0c521177baf6376120f51691e4", 0x1, 0x0, 0x8, 0x0, 0x1, 0x4}, 0x0) mmap$auto(0x0, 0xffffffffffffff58, 0xfffffffffffffffd, 0xeb1, 0xffffffffffffffff, 0x8000) sysfs$auto(0x2, 0x1, 0xfffffffffffffff7) r5 = fsopen$auto(0x0, 0x2) fsconfig$auto(r5, 0x8, 0x0, 0x0, 0x0) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x103042, 0x0) sendfile$auto(r6, r6, 0x0, 0x200) listmount$auto(&(0x7f0000000040)={0x200, @raw=0x101, 0x7f, 0x81, 0x400}, &(0x7f0000000140)=0x10000, 0xf, 0x5) ioctl$auto_SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f00000000c0)) ioctl$auto(0x3, 0x80044944, 0x10000000000402) 3.805832539s ago: executing program 1 (id=195): r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000001100)='/proc/sys/net/ipv6/conf/veth0_vlan/mldv1_unsolicited_report_interval\x00', 0xa0202, 0x0) write$auto_proc_sys_file_operations_proc_sysctl(r0, 0x0, 0x0) 3.546301281s ago: executing program 3 (id=197): r0 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x129800, 0x0) sendmsg$auto_IOAM6_CMD_ADD_NAMESPACE(0xffffffffffffffff, &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8040}, 0x24004054) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) modify_ldt$auto(0x6d, &(0x7f0000000180)="f12f4b64f2705b564e4c2ad0731c6c03947d91729d66d442a512098867f15ad923846d833527b9ee78428fd7746a1dae57435d2f7b77035d01d5d720e2cf8b3dfcf0d7b6d418f845105f6a4303dac0f8d612", 0x7) r1 = socket(0x2, 0x1, 0x106) connect$auto(r1, &(0x7f0000000140)=@l2={0x1f, 0x7, @any, 0xca, 0x2}, 0x55) r2 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) r3 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x15, 0x5, 0x0) sendmsg$auto_NL802154_CMD_SET_SEC_PARAMS(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="05000000", @ANYRES16=0x0, @ANYBLOB="010025bd7000ffdbdf25150000000500120010000000080027000c000000380b2b80330b248004008080ba89ebda4be9067b59c90d50dab4ba175b1b13d15e19ee0f5bf6c6d2095efcc719c8e137b7ec6062c6c768e512acd0f1208ee2be2b891868abd1934bd95a54945e649a2afd1272f72e8fffb57e3ba1c8fb306ce2ba95180cf54dcca46ab950e626ff31022afd57f1306ee00962cb60c30a9946d642a00256ed0006ec8364307874f7c763c6e9af0222943721fb4fa5b1cecfe3a908b1fd515dad1e0ca0998fa55ca4bbf9412855250567f1b98186d8597ab6fb715cef224b510a7ccc4cae047b6d4ab94775e1158d87be4806455bbd76baaa3a656ed5f316b17a5a27a6ec9904006d80460a8e80b634a4b1ce57b5a586e945eb157cc566d02bed93630b901c93d3fde23606aa3e80e4d0644fef266741cf5f2879924594cd388ed548e2dea74f9d72af19edad4a810af64d79eaa131b2afaca3f428fd83499d9c7a99dfd9a24cbd9bf5b0f0446521fcf1f416f83791795dc86d63c7a05e38c547e208be35b17fb8aa1fa57ea4ac59aac09a5bfb9f08a6d02e58d5040324f4241a9eb63d5a1e48cff0ed3e97c4af9506ca950ce9d115d242277c614a27a77df014ced1df35f069b42113bc6bf5427f9c1ba6924ec8bafc11ba6d9303461e92e3c3e1b4d5b2954d259654ee2bab0385e3b106c4a93525200ce6e3f1e9f6d4b87b61583abced950ff97dade7ebde309c78d4f1ddbff5cb5c3fd141cbb4e56a97183f705019716cf6d6f300c9677b6f14b2b8d708b675b5c4f2357d9c22dd6bba1195ba295a5f713ac28f043cc671fc7b43fb9b40bf17766c79d698dd68d0e385e926971a18a3c3687c3c8202b806432be62b3030a2c9e31da55a6cd98165f7439f9a09508b8c4b9c5ea32aaf1f7c4246ea8700aaccaf476d9cd5e3b2340d17f13ba40c8fdaf4aa4c4b8763fd86d35bda9aab03e3a252d7e4aea01cdad1fad040b29a9e92ee1fd8c010c30b4cc69917cee531e42efa59c735fe8159a292f57fa7a4600e6833032846d87a515d9803770eb4db6712bce7b51fc2f0eff8a292023a8c7c1544c6e53012f9fe13aa8caf795caccfa4ff2321116a86938e2b782e7a57fe5cbff8df11b0bc86d691a7a8df0cc9486c4898e8bafd0b374798ecdba9af994890465f435d5e6408dd9ddd96df1673098864522e964b565d69882198a999ee41c980dafdf3538400c81ad57dc970a72b75d75850913452021a4dfe885342c4e5c33dbcd801b10866908de67b13c5dc4fb51dce74dae4c4c27413c00b50c8e18d1dcfe28974fee5df4cefd05f7e8e21e8881ef7300ca75af8ef7c8cfa0a1cf8771444e3bd449f957fa4500c1f371ccc31a7b196ca809935887d26d3ed24d2dc16c83aa263abd880df1d27d8463e4f29673fbb0a073caaf975314f5660bdf89c285291a46ddb2f8410b02e86bc522808052288fe16dbb7733976605ed2342c69717ba18334138bc68c994ffa20bbad1672a4ee0dc19a0ec177f36995edc671ef8d29211e4b7d0723a18c36c398df2e924a4f55ef95687e6a4aebcf86d36a9791d561c2203fc4a545d30a5173ffc84612c333a73fd0c84f92554294cfbbe86088e79bc6f1c9bc880b4502e4b47af767f47dbccbf4318ec6a33ee42cafc3e6ced6720adf772de614a754c7b0d93208cb0bdd285e8ff9ffe078bb782a57a14204784880a3379af47423967bf134933d350324a845e7aca06245efec7dd272177bbb663bf83c23161cf7d8b32d45502f6bbc6416720652aa197556c3cf5be55e2f8ace74ce95feb288f681d92ed529bb9892472c3633f744bfde252c8b00808d92daa2a3b4771eee9cc83745c326f8ea02119b55a99bddfc498948e53ce2efa0635276810d2211e9e0e63bc850029865d525cbf43cde05009dca149084d9569a1abb0e5f941bd5c67a77685e965b354dc744617960e642512f2cd86236c9a1791f446e822b86518185d668e7e93daec7b1a9f53034aeabc7c7bf52deefbf5e2a90b085c41c0f528ff2cf81dbc1c28ed95ad75fd65c0e0d793d7111dce84883cbf60cd55e025b824d84e141d54da72111ea2fed1fd8f3c9cf47763ee47a7988d5021ac661641ee95ea9c9d57dd2f8e537f3cb71830a6c1608dadf6beb7339961811f8da34f8fb7b5190f9c146942fda73801812ed6bffa1a60c80e5fd6528e045b40fa78c10f37797d93f827539aa389d59c48254397ff7b72325465d18b04acac619d9d5f80d46b57d28a76fbe83203ecacb91328b145ebbe356178a1eb1c09101fe785c98aab93485ae7b4217412b7ea31fdd965eaaf78d3ab4eec8bc689062b738c002fd94f9cd18bbc5285c57854f9092e85d90ec205f43fcc9d27cd6041fb73ed3164e7f2cb3ea694b89a1879f8cbcdbffdab4b277d0fa3dba5061952d266b2f3821f79cd2b3bf107c6250e711c9ddba407c9ed323d2dfda23d5a4088f8199d1cbb311a1b051da8d792299f471f0ca7fd7925695acaf01e7ad022d96dfb30e66d551fb37522baf2ea71cc5a6416124ee2138c3f2fb5cca4b71eb9d3571deebc898b62406f416caa3fcd732f9661548d8b7ec74bc94d9dcc92b0048abc2b358c0007a905c9513affbd873a368e0b5872a2f4cdc4bb8602ad3ec77cba3e150c8993f5fc88ac7e6b2642f4660486d5823482aae8f90ee7913abdb064398cebe5946c2920d7d99935571f9b1eeb4529373538e699dda91425660a1010a4cf7e9a10713f57fa1d601467ec51ad5153bd94582320ff55380ca7efefacf62f822b948cb3b93f68978f248639c51ac97e3f56bcca9990839ee01df9773b22cf261310d4b3c6b03ef54a9a848c10d1252d0412a8f01ff61bd6978112d6b69e2f71e02a04f43f3a1a8259f7e83c26fc5bc703a8b6d3d325f08b08f9dc10b8f654871386ef94d2493463f7f3d0b20bf93be475b0ed9e870aaedd63b8d08877651bace68300e3a1b0a5d1a3da2b246fef82de3b57eca440ae7a7656ff31ae74cad3a80f1ae615f2747589d4859ec1981a6a5176168db86ab5f6930d4679762956e408d2268cad53aa10727c8b8952114b17c352782dc9afc120535bcb99bcf1161397f19ac4d288677e48f0e6bfdcf5f852a8bc1b432399f0ade5db9585e09e4cc96a63dd7bddecbbaae880678f94111108d76c5d825629a3eee16b2a6362c59ba3cf99a2e2bcfa62d010706bca5c0d009b141f1c3f6a9cc58234f97a5721a3ee31772877ffda5507f8e7053e15cb60df08184dbdd9f2af7a618781fdd39d32404f3e2dc6ac48f35ce31bc70a019235b7776114ef2ae75ebf7b7191e5a61e1c5c82340e12dd98cf9125a3fb1c8062a206ac2aa98e708a190b1b70d1c2450b47394d8e1f21c541b3f4139d2159e9a37acf2ee9ba5e0cf99221a43b46793cad7b7b71784032a0092abb25380fa77646f948ed456d6fa1fb749f736e10491e39569c073308ee782562a59a719e4b8910f737a41ee0644db9905d22f44bae257749b03667b535af492012ad1c50f1d88a46a2c3aeeca86026c6e5ca8289bb153ff85aade4bd00b9bb87017d7816c24a0e71b0d0dcf6dedbc956c81bf445d665da7cb1c009be2f8d7eb286e2e2595166b8df0541ff0b80ab20d9ba30058ef52dc2c1905133bcca7193320811e0bc083798b80bce7e84ea9135d976fbc339b0814cb4f4dd9a71f9a2f1a78da4c60c1671b6ef41798646a702fd9eeb67bd250df336f0c1889c54be82bfc4238d6568ca0e7bf7a3005126d605a867b47f2c96fd6a92a9cf463270a9e2df32c6959c2f272b48a6b76fe7393dc12713c99888e0d03ffdac04f5d3c87e5343bc1a6127484b6d7e18e97a329ae582b8c3dd1be170cff9fdebcadfb339c67a303e15d6f779da6fbd91b401ac8e32fe1a0f16b5aa52ca7801d12aaba5c57945b3d0e768370e031d268b101df06ceaca597ca754d933b08f3b248548d267cbb16430c5110cdaf5b36bc2cf6a7c24f143277f606cbe77ef320505986fa5dc876e87ec74a2c06d0e893ed3da67cd814f209b3720e98d1b2f6afd245bcb682167978b98b9976c2ef41c8e4d5018fca6b1643fc"], 0xb5c}, 0x1, 0x0, 0x0, 0x20000000}, 0x48880) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "abe6de3d6468fe8000"}, 0x55) bind$auto(r2, &(0x7f0000000080)=@in={0x2, 0x2, @loopback}, 0x6b) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000010c0)='/sys/devices/LNXSYSTM:00/LNXPWRBN:00/input/input0/id/version\x00', 0xa000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f00000000c0)=""/4096, 0x1000) sendmsg$auto_OVS_DP_CMD_GET(r2, 0x0, 0x0) setsockopt$auto(r1, 0x6, 0xd, 0x0, 0x6) r5 = syz_genetlink_get_family_id$auto_ovs_meter(&(0x7f00000016c0), 0xffffffffffffffff) sendmsg$auto_OVS_METER_CMD_GET(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001900)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="b80125bd7026e1e8f44c1f7f44c2dd00fbdbdfd4bce45bf0461b189167a12ecbff0300000000000000000008000100ff0f0000"], 0x24}, 0x1, 0x0, 0x0, 0x40008c0}, 0x8000000) getrandom$auto(0x0, 0x6000000, 0x3) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) socket$nl_generic(0x10, 0x3, 0x10) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x1, 0x2) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) mlockall$auto(0x7) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x20000000000006, 0x2) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) ioctl$auto(r0, 0x901064ae, 0x4) 3.503599417s ago: executing program 2 (id=198): openat$auto_uinput_fops_uinput(0xffffffffffffff9c, 0x0, 0x101000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffb, 0x8000) socket(0xa, 0x5, 0x0) getsockopt$auto(0x3, 0x200000000001, 0x48, 0x0, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0xa, 0x0) r0 = socket(0xa, 0x2, 0x0) r1 = socket(0xa, 0x3, 0xff) connect$auto(r1, &(0x7f00000018c0)=@generic={0xa}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x3f) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x0, 0x400008, 0x200, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x2000040080000004, 0xe) r2 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x401, 0x0) write$auto_proc_mem_operations_base(r2, &(0x7f0000001680)="a7", 0x80000) mmap$auto(0x0, 0x20009, 0x4001000000df, 0xeb1, 0x401, 0x8000) syz_clone3(&(0x7f0000000080)={0x123060000, 0x0, 0x0, 0x0, {0x14}, 0x0, 0x0, 0x0, &(0x7f00000011c0)=[0x0], 0x1}, 0x58) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x1ffff000, 0x7, 0x100000000) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x20000000000006, 0x2) shmget$auto(0x8, 0x10563, 0x568d1af2) statmount$auto(0x0, &(0x7f0000000080)={0xd24c, 0x7, 0x1ff, 0x7, 0x5180, 0x4909b6f8, 0x1ffdf, 0xa, 0x8, 0x7, 0xa121, 0x3, 0x0, 0x271, 0xb4, 0xa, 0x6, 0x10001, 0xffffffff, 0x100000000, 0xe, 0x7, 0x2100, 0x200, 0x0, 0x8, [0x4000000000, 0x0, 0x0, 0x50100000000000, 0x6, 0x4000002000, 0x0, 0x9, 0x8000, 0xff, 0x6, 0xaf1, 0x0, 0x80000, 0x5, 0x7fe, 0xffffffffffffbfff, 0xfffffffffffffffd, 0xfffffffffffffffe, 0x0, 0x6, 0x800000000000007, 0x4, 0x2000000000000000, 0x0, 0x0, 0x400000000005b8, 0xe, 0x0, 0x0, 0xfffffffffffffffe, 0x6, 0xfffffffffffffffc, 0x88e, 0x8000000000008, 0x1, 0x9, 0xa38, 0x7, 0x3, 0x8, 0x8, 0x9, 0x7, 0x1]}, 0x1ff, 0xd) r3 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event2\x00', 0x20081, 0x0) write$auto(r3, &(0x7f0000000000)='/dev/input/event0\x00', 0x7fe) syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000800), r0) getpgid$auto(0x0) 3.448133936s ago: executing program 1 (id=199): madvise$auto(0x0, 0x7fffffffffffffff, 0xa) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0x200007, 0x19) socketpair$auto(0x9, 0xe205, 0x3, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) io_uring_setup$auto(0x6, 0x0) capget$auto(0x0, 0xfffffffffffffffe) r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/smaps_rollup\x00', 0x40000, 0x0) read$auto_proc_pid_maps_operations_internal(r0, 0x0, 0x0) 2.514452898s ago: executing program 0 (id=201): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/queues/rx-8/rps_flow_cnt\x00', 0xa001, 0x0) write$auto(r0, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) 2.436195063s ago: executing program 1 (id=202): r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001000)='/dev/input/event1\x00', 0x40401, 0x0) writev$auto(r0, &(0x7f0000002ac0)={0x0, 0x18}, 0x4) 2.400340878s ago: executing program 0 (id=203): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) statmount$auto(&(0x7f0000000000)={0x7e, @raw, 0x80000022, 0xd97, 0x2}, 0x0, 0x7ffffffff000, 0x0) 2.142366283s ago: executing program 1 (id=204): unshare$auto(0x40000080) socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_XFS_IOC_ALLOCSP64(0xffffffffffffffff, 0x40305824, 0x0) r0 = memfd_secret$auto(0x0) r1 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0) r2 = openat$auto_proc_environ_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/environ\x00', 0x2000, 0x0) read$auto_proc_environ_operations_base(r2, &(0x7f0000000240)=""/80, 0x50) r3 = socket(0x10, 0x2, 0xc) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_ADD_LINK_STA(r3, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="11010000423698bb797f784b7d32d3cb0a1404298eb1e7b028d7c7cb3510825eb1658fb1be4029134edd6a96da20617ec1f2a4e48dc7579f206e2c506d1d5180ed387b2784663e5c037e454fb94d2746e9959084c727e1a43e0cdb8a1fef63ff950686ee92d015e0f713d9a8da86d121608b982a6d5b33173f69501d9c2f73a54284e069aa2c8eb1d1b29291cbc6b96a8483d89211aaff2c8a33d9b36bb9c7d63e4bf561d3a172a13e0fa4b03597b252ddee968272f187ee7761881275bb83b44ad98efffb58bea3dc00ab9198c0d27b062f28483604b765c26425edb8fb6057271330ca3488df1ee927a8968d66376ba37da839", @ANYRES16=r4, @ANYBLOB="010025bd7000fbdbdf2596000000"], 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x40) ioctl$auto(r1, 0x5646, r1) read$auto_v4l2_fops_v4l2_dev(r1, &(0x7f0000000080)=""/27, 0x1b) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r5 = socket(0x11, 0x3, 0x2) getsockopt$auto(r5, 0x107, 0x3, 0x0, 0x0) gettid() setsockopt$auto(r5, 0x4, 0x8, &(0x7f0000000040)='\x00', 0x7) ioctl$auto__ctl_fops_dm_ioctl(0xffffffffffffffff, 0x400050000, &(0x7f0000000000)="02c9a305bc8f") openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/dummy_hcd.1/usb2/avoid_reset_quirk\x00', 0x5a9881, 0x0) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/pci0000:00/0000:00:01.1/ata2/host1/target1:0:0/1:0:0:0/evt_mode_parameter_change_reported\x00', 0xe8b43, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r6, &(0x7f0000000040)="de91b83a075c", 0x6) mmap$auto(0x0, 0x20009, 0xfffffffffffffffe, 0xeb2, 0x401, 0x8000008000) unshare$auto(0x2) r7 = fcntl$auto_F_UNLCK(r0, 0x8, 0x2) ioctl$auto_FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, r7) setsockopt$auto(0xffffffffffffffff, 0x1, 0x2, 0x0, 0x4) ioctl$auto_EVIOCGEFFECTS(0xffffffffffffffff, 0x80044584, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) 2.117794048s ago: executing program 0 (id=206): close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x2, 0x2, 0x1) openat$auto_ns_file_operations_nsfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/ns/cgroup\x00', 0x620002, 0x0) open(0x0, 0x220c0, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/pm_trace_dev_match\x00', 0x20080, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000280)=""/175, 0xaf) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xa0942, 0x0) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0f0026bd7000fcdbdf9907"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0xd4, 0x3, 0x6, 0x0, 0x200000000000001, 0x368e, 0x2, {0x100000000, 0x4}, 0x103, 0x6, 0xfffffffffffffffd, 0x7, 0x0, 0x8000000c, 0x81, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x804}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x101100, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) r4 = socket(0x15, 0x5, 0x0) ustat$auto(0x801, 0x0) sendmsg$auto(r4, &(0x7f0000000180)={&(0x7f0000000440)="73925c4b13d8b792c32f062b9bbe8a568390b5b63475cb4f8073c7db1468c855060d8f0c521177baf6376120f51691e4", 0x1, 0x0, 0x8, 0x0, 0x1, 0x4}, 0x0) mmap$auto(0x0, 0xffffffffffffff58, 0xfffffffffffffffd, 0xeb1, 0xffffffffffffffff, 0x8000) sysfs$auto(0x2, 0x1, 0xfffffffffffffff7) r5 = fsopen$auto(0x0, 0x2) fsconfig$auto(r5, 0x8, 0x0, 0x0, 0x0) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x103042, 0x0) sendfile$auto(r6, r6, 0x0, 0x200) listmount$auto(&(0x7f0000000040)={0x200, @raw=0x101, 0x7f, 0x81, 0x400}, &(0x7f0000000140)=0x10000, 0xf, 0x5) ioctl$auto_SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f00000000c0)) ioctl$auto(0x3, 0x80044944, 0x10000000000402) 1.330671671s ago: executing program 0 (id=207): r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/025/001\x00', 0x802, 0x0) ioctl$auto_USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000240)={0x0, 0x3, 0x1, 0x10, 0x1, 0x4, &(0x7f00000001c0)}) 1.130781739s ago: executing program 3 (id=208): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/i8042/serio0/force_release\x00', 0xc2082, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) munmap$auto(0x2, 0x1a525c0f) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x883, 0x0) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0xd4, 0x1, 0x6, 0x0, 0x1, 0x368e, 0x2, {0x100000000, 0x10000}, 0x5, 0x6, 0xfffffffffffffffd, 0x1008000, 0x0, 0x80000004, 0x81, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x804}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) connect$auto(0x3, 0x0, 0x54) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0xa00040, 0x0) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/team_slave_0/rpl_seg_enabled\x00', 0x20202, 0x0) sendfile$auto(r1, r2, 0x0, 0x1) ioctl$auto_USBDEVFS_RELEASE_PORT(0xffffffffffffffff, 0x80045519, &(0x7f00000000c0)=0x9) mmap$auto(0x0, 0x4, 0x4000000000e2, 0x40eb1, 0xffffffffffffffff, 0x10000) r3 = open(0x0, 0x0, 0x408) adjtimex$auto(&(0x7f0000000240)={0x10000, 0x0, 0x7, 0x1, 0xffffffff, 0x5, 0x4, 0x0, 0x5, 0x0, 0xfffffffffffffffe, {0x24f, 0x8}, 0x0, 0x3, 0x4, 0x2, 0x0, 0xeca, 0x3, 0x7, 0x0, 0x12e, 0x5bbda88c}) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x40, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mbind$auto(0x0, 0x800605, 0x8003, &(0x7f0000000100)=0xfffe, 0x3, 0x3) mbind$auto(0x0, 0x800605, 0x8003, &(0x7f0000000100)=0xffff, 0x3, 0x3) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000140), r3) 1.081305721s ago: executing program 0 (id=209): r0 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/security/tomoyo/query\x00', 0x20002, 0x0) write$auto_tomoyo_operations_securityfs_if(r0, &(0x7f0000000100)="0a1b9a615c", 0x5) 1.076076939s ago: executing program 2 (id=217): sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x20000800) bpf$auto(0x0, &(0x7f0000000380)=@task_fd_query={0x12, 0x3, 0x4, 0x8, 0x8, 0xae85, 0x66b, 0x4, 0x7ff}, 0x6f4) 1.269661ms ago: executing program 3 (id=210): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/system/memory/memory15/online\x00', 0xa001, 0x0) write$auto(r0, &(0x7f0000000140)='0[.[\x00', 0xcd04) sysfs$auto(0x2, 0x101000000000007, 0x0) keyctl$auto(0x2000000000000017, 0x8000, 0x2d, 0xc4, 0x20803) r1 = bpf$auto(0x4, &(0x7f0000000780)=@test={r0, 0xb7bb, 0x6, 0x6048d597, 0x2000000000, 0x7, 0x3ff8, 0x8, 0xfffffff5, 0x1, 0x1d, 0xf9d, 0x10000, 0x2, 0xe867}, 0xa3) mmap$auto(0x0, 0x20009, 0x20004000010000df, 0xeb2, r1, 0x8000) fallocate$auto(0x8000000000000003, 0x0, 0xd, 0xcbd5d) sendfile$auto(0x6, 0x3, 0x0, 0xfdef) mmap$auto(0x2000000000000, 0x2, 0x9, 0x9b71, 0xffffffffffffffff, 0x2) io_setup$auto(0x80002, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_FORWARD2(0xffffffffffffffff, 0x40084149, &(0x7f0000001080)=0x7) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400006, 0x5f, 0xfffffffffffffffc, r0, 0x8000) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS1\x00', 0x0, 0x0) io_setup$auto(0x0, &(0x7f0000001040)=0xfffffffffffffffe) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x340000000000) close_range$auto(0x2, 0xa, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/platform/vhci_hcd.0/usbip_debug\x00', 0x8002, 0x0) r3 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) r4 = socket(0x2, 0x801, 0x6) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'team_slave_1\x00', 0x0}) r7 = geteuid() sendmsg$auto_NL80211_CMD_REQ_SET_REG(r5, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000080)={&(0x7f0000000380)=ANY=[@ANYBLOB="d57eee5d", @ANYRES16=0x0, @ANYBLOB="01002bbd700000dbdf251b00000008000300", @ANYRES32=r6, @ANYBLOB="0c0025800800da00", @ANYRESHEX=0x0, @ANYBLOB="08005080040004807c1d69571ec846a63e4d3c22aab771aca6bafbbeecc92f4aec865914be20dc973995ad0de7ffa11700a69ad342654890d6cddff4bd66338ef8b4ef4b4e32eb82a691ce5eec67546c45991962ddb7b0c13c1f5dfefb8f090000008215d9bcd2bac28507721fc474480793be9db744cd3ed1a1b3addd81"], 0x30}, 0x1, 0x0, 0x0, 0x850}, 0x80) ioprio_get$auto(0x360, r7) read$auto(r3, 0x0, 0xb4d3) write$auto(0x3, 0x0, 0x2) write$auto(0x3, 0x0, 0xffd8) ioctl$auto_TIOCVHANGUP2(r2, 0x5437, 0x0) 389.705µs ago: executing program 0 (id=219): r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x104, 0x2100002, 0x92, 0x0) r1 = socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) getsockopt$auto(r1, 0x84, 0x9, 0x0, &(0x7f0000000000)=0x98) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socket(0x2, 0x1, 0x0) sendmsg$auto_NL80211_CMD_SET_INTERFACE(r0, 0x0, 0x4000) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) unshare$auto(0x40000080) madvise$auto(0x0, 0xffffffffffff0005, 0x19) munmap$auto(0x20001000, 0x7) poll$auto(&(0x7f0000000040)={0x3, 0x1, 0xa}, 0x5, 0x108) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00022abd6c00fbdbdf250200000008000300000000000800010047c7e2"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="10002cbd7000fddbdf251c"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) openat$auto_proc_projid_map_operations_base(0xffffffffffffff9c, 0x0, 0x101002, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0xf1, 0x2, 0x8000) io_uring_setup$auto(0x6, 0x0) clock_nanosleep$auto(0x2, 0x8, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) 57.369µs ago: executing program 1 (id=211): madvise$auto(0x0, 0x7fffffffffffffff, 0xa) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0x200007, 0x19) socketpair$auto(0x9, 0xe205, 0x3, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) io_uring_setup$auto(0x6, 0x0) capget$auto(0x0, 0xfffffffffffffffe) r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/smaps_rollup\x00', 0x40000, 0x0) read$auto_proc_pid_maps_operations_internal(r0, 0x0, 0x0) 0s ago: executing program 2 (id=212): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/virtual/block/nbd9/queue/scheduler\x00', 0x12aa02, 0x0) sendfile$auto(r0, r0, 0x0, 0x3) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.236' (ED25519) to the list of known hosts. syzkaller login: [ 75.911992][ T5822] cgroup: Unknown subsys name 'net' [ 76.024685][ T5822] cgroup: Unknown subsys name 'cpuset' [ 76.033095][ T5822] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 76.643301][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.650806][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 77.622126][ T5822] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 79.520743][ T5839] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 79.536777][ T5841] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 79.545869][ T5847] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 79.554415][ T5841] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 79.562513][ T5847] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 79.564047][ T5842] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 79.571173][ T5841] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 79.581030][ T5842] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 79.584622][ T5848] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 79.592051][ T5842] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 79.600045][ T5848] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 79.607150][ T5842] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 79.614758][ T5848] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 79.621899][ T5842] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 79.628117][ T5848] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 79.635018][ T5842] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 79.642723][ T5841] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 79.651078][ T5842] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 79.664080][ T5848] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 79.664659][ T5842] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 80.070069][ T5832] chnl_net:caif_netlink_parms(): no params data found [ 80.085004][ T5831] chnl_net:caif_netlink_parms(): no params data found [ 80.136231][ T5835] chnl_net:caif_netlink_parms(): no params data found [ 80.194770][ T5843] chnl_net:caif_netlink_parms(): no params data found [ 80.278637][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.286730][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.294384][ T5831] bridge_slave_0: entered allmulticast mode [ 80.302062][ T5831] bridge_slave_0: entered promiscuous mode [ 80.331744][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.338941][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.346259][ T5831] bridge_slave_1: entered allmulticast mode [ 80.353840][ T5831] bridge_slave_1: entered promiscuous mode [ 80.391538][ T5832] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.398671][ T5832] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.407990][ T5832] bridge_slave_0: entered allmulticast mode [ 80.415477][ T5832] bridge_slave_0: entered promiscuous mode [ 80.444320][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.453779][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.464486][ T5832] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.471831][ T5832] bridge_slave_1: entered allmulticast mode [ 80.478787][ T5832] bridge_slave_1: entered promiscuous mode [ 80.493892][ T5835] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.501213][ T5835] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.508486][ T5835] bridge_slave_0: entered allmulticast mode [ 80.516399][ T5835] bridge_slave_0: entered promiscuous mode [ 80.524763][ T5835] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.532079][ T5835] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.539310][ T5835] bridge_slave_1: entered allmulticast mode [ 80.546711][ T5835] bridge_slave_1: entered promiscuous mode [ 80.559201][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.578993][ T5832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.622128][ T5835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.634046][ T5832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.660290][ T5835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.680242][ T5843] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.688320][ T5843] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.695826][ T5843] bridge_slave_0: entered allmulticast mode [ 80.703072][ T5843] bridge_slave_0: entered promiscuous mode [ 80.713185][ T5831] team0: Port device team_slave_0 added [ 80.719231][ T5843] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.726419][ T5843] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.733716][ T5843] bridge_slave_1: entered allmulticast mode [ 80.740716][ T5843] bridge_slave_1: entered promiscuous mode [ 80.765100][ T5831] team0: Port device team_slave_1 added [ 80.808367][ T5835] team0: Port device team_slave_0 added [ 80.817048][ T5832] team0: Port device team_slave_0 added [ 80.825515][ T5832] team0: Port device team_slave_1 added [ 80.841833][ T5843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.853310][ T5843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.863919][ T5835] team0: Port device team_slave_1 added [ 80.877819][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 80.885864][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.912194][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 80.946186][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 80.953395][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.979929][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.008009][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.015322][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.042378][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.058742][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.066138][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.092412][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.106314][ T5843] team0: Port device team_slave_0 added [ 81.125268][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.132712][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.158959][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.185387][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.192633][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.220739][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.235742][ T5843] team0: Port device team_slave_1 added [ 81.256973][ T5832] hsr_slave_0: entered promiscuous mode [ 81.263407][ T5832] hsr_slave_1: entered promiscuous mode [ 81.300722][ T5831] hsr_slave_0: entered promiscuous mode [ 81.306995][ T5831] hsr_slave_1: entered promiscuous mode [ 81.315488][ T5831] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 81.323895][ T5831] Cannot create hsr debugfs directory [ 81.347529][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.354980][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.382776][ T5843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.395822][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.403074][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.429714][ T5843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.489064][ T5835] hsr_slave_0: entered promiscuous mode [ 81.495503][ T5835] hsr_slave_1: entered promiscuous mode [ 81.501839][ T5835] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 81.509443][ T5835] Cannot create hsr debugfs directory [ 81.614766][ T5843] hsr_slave_0: entered promiscuous mode [ 81.621301][ T5843] hsr_slave_1: entered promiscuous mode [ 81.627304][ T5843] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 81.635339][ T5843] Cannot create hsr debugfs directory [ 81.681305][ T5848] Bluetooth: hci1: command tx timeout [ 81.760463][ T5848] Bluetooth: hci3: command tx timeout [ 81.770614][ T5848] Bluetooth: hci2: command tx timeout [ 81.776508][ T5848] Bluetooth: hci0: command tx timeout [ 81.829095][ T5832] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 81.842835][ T5832] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 81.875641][ T5832] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 81.894787][ T5832] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 81.922427][ T5831] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 81.958219][ T5831] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 81.973387][ T5831] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 81.990260][ T5831] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 82.009703][ T5835] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 82.021299][ T5835] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 82.047131][ T5835] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 82.070693][ T5835] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 82.123670][ T5843] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 82.150816][ T5843] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 82.175627][ T5843] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 82.195593][ T5843] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 82.216341][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.264241][ T5832] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.309611][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.332827][ T56] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.340175][ T56] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.365175][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.372412][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.400847][ T5835] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.412920][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.440081][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.447271][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.476642][ T3513] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.483843][ T3513] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.520825][ T5831] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.551981][ T3513] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.559120][ T3513] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.581378][ T3513] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.588602][ T3513] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.606288][ T5843] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.679270][ T5843] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.714717][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.722868][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.749856][ T5831] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 82.788714][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.796119][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.944328][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.052739][ T5832] veth0_vlan: entered promiscuous mode [ 83.093801][ T5832] veth1_vlan: entered promiscuous mode [ 83.119236][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.148739][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.195051][ T5832] veth0_macvtap: entered promiscuous mode [ 83.205817][ T5832] veth1_macvtap: entered promiscuous mode [ 83.233371][ T5843] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.267975][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.288916][ T5835] veth0_vlan: entered promiscuous mode [ 83.303523][ T5835] veth1_vlan: entered promiscuous mode [ 83.313684][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.343838][ T5832] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.356012][ T5832] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.366009][ T5832] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.375338][ T5832] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.387994][ T5831] veth0_vlan: entered promiscuous mode [ 83.419742][ T5831] veth1_vlan: entered promiscuous mode [ 83.429714][ T5835] veth0_macvtap: entered promiscuous mode [ 83.475860][ T5835] veth1_macvtap: entered promiscuous mode [ 83.512599][ T5831] veth0_macvtap: entered promiscuous mode [ 83.531002][ T5843] veth0_vlan: entered promiscuous mode [ 83.556599][ T5835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 83.569254][ T5835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.582164][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.593389][ T5843] veth1_vlan: entered promiscuous mode [ 83.609746][ T5831] veth1_macvtap: entered promiscuous mode [ 83.625291][ T3513] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.629937][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 83.647484][ T3513] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.647950][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.665483][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 83.676946][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.688442][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.705908][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.716937][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.728382][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.736190][ T5835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.747200][ T5835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.757523][ T5835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.769199][ T5835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.770671][ T5848] Bluetooth: hci1: command tx timeout [ 83.781521][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.799528][ T5835] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.808763][ T5835] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.817941][ T5835] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.826852][ T5835] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.850773][ T5848] Bluetooth: hci0: command tx timeout [ 83.851000][ T5842] Bluetooth: hci2: command tx timeout [ 83.856316][ T5848] Bluetooth: hci3: command tx timeout [ 83.875081][ T1082] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.885565][ T1082] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.904494][ T5831] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.913819][ T5831] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.923080][ T5831] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.935960][ T5831] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.957833][ T5843] veth0_macvtap: entered promiscuous mode [ 83.990216][ T5843] veth1_macvtap: entered promiscuous mode [ 84.045573][ T3006] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.070743][ T3006] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.092114][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 84.105805][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.115820][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 84.126790][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.136849][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 84.147945][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.159700][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.174209][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 84.185016][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.194979][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 84.205717][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.215881][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 84.227018][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.228687][ T5832] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 84.238835][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.303163][ T5843] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.314156][ T5843] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.340450][ T5843] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.349316][ T5843] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.375092][ T3006] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.387141][ T3006] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.429256][ T3513] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.443439][ T3513] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.536159][ T82] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.554921][ T82] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.643774][ T1082] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.671354][ T1082] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.743617][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.753296][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.842062][ T5848] Bluetooth: hci1: command tx timeout [ 85.921739][ T5848] Bluetooth: hci2: command tx timeout [ 85.921767][ T5836] Bluetooth: hci3: command tx timeout [ 85.932693][ T5842] Bluetooth: hci0: command tx timeout [ 87.920465][ T5836] Bluetooth: hci1: command tx timeout [ 88.003161][ T5836] Bluetooth: hci2: command tx timeout [ 88.008665][ T5836] Bluetooth: hci3: command tx timeout [ 88.015830][ T5842] Bluetooth: hci0: command tx timeout [ 88.673560][ T5956] netlink: 28 bytes leftover after parsing attributes in process `syz.0.12'. [ 88.746599][ T5957] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 89.610747][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 89.710937][ T5972] vivid-003: ================= START STATUS ================= [ 89.737160][ T5972] vivid-003: Radio HW Seek Mode: Bounded [ 89.785970][ T5972] vivid-003: Radio Programmable HW Seek: false [ 89.863083][ T5972] vivid-003: RDS Rx I/O Mode: Block I/O [ 89.899410][ T5972] vivid-003: Generate RBDS Instead of RDS: false [ 89.923520][ T5972] vivid-003: RDS Reception: true [ 90.007170][ T5972] vivid-003: RDS Program Type: 0 inactive [ 90.033821][ T5972] vivid-003: RDS PS Name: inactive [ 90.064755][ T5972] vivid-003: RDS Radio Text: inactive [ 90.088463][ T5972] vivid-003: RDS Traffic Announcement: false inactive [ 90.130812][ T5972] vivid-003: RDS Traffic Program: false inactive [ 90.155058][ T5972] vivid-003: RDS Music: false inactive [ 90.175483][ T5972] vivid-003: ================== END STATUS ================== [ 90.746693][ T5986] netlink: 'syz.2.16': attribute type 1 has an invalid length. [ 91.446273][ T6000] Zero length message leads to an empty skb [ 92.177751][ T5989] netlink: 342 bytes leftover after parsing attributes in process `syz.3.19'. [ 92.290286][ T5989] netlink: 342 bytes leftover after parsing attributes in process `syz.3.19'. [ 92.299772][ T5989] netlink: 342 bytes leftover after parsing attributes in process `syz.3.19'. [ 92.408768][ T5989] netlink: 342 bytes leftover after parsing attributes in process `syz.3.19'. [ 92.506763][ T5989] netlink: 342 bytes leftover after parsing attributes in process `syz.3.19'. [ 93.840467][ T5842] Bluetooth: hci0: command 0x0c1a tx timeout [ 93.849157][ T5999] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 94.518840][ T6024] process 'syz.1.26' launched ':,' with NULL argv: empty string added [ 94.595060][ T5999] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 94.652608][ T5999] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 94.828056][ T5999] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 94.850585][ T5999] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 94.869176][ T5999] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 94.894005][ T5999] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 94.953694][ T5999] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 95.007148][ T5999] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 95.150981][ T5999] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 95.246637][ T5999] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 95.273662][ T5999] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 96.080731][ T5842] Bluetooth: hci0: command 0x0c1a tx timeout [ 96.321341][ T6051] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input6 [ 96.880456][ T5842] Bluetooth: hci1: command 0x0c1a tx timeout [ 96.960501][ T5842] Bluetooth: hci2: command 0x0c1a tx timeout [ 97.148589][ T1206] cfg80211: failed to load regulatory.db [ 97.200482][ T5842] Bluetooth: hci3: command 0x0c1a tx timeout [ 98.160475][ T5842] Bluetooth: hci0: command 0x0c1a tx timeout [ 98.266042][ T6085] netlink: 544 bytes leftover after parsing attributes in process `syz.1.37'. [ 98.858840][ T6096] random: crng reseeded on system resumption [ 98.961343][ T5842] Bluetooth: hci1: command 0x0c1a tx timeout [ 99.044031][ T5842] Bluetooth: hci2: command 0x0c1a tx timeout [ 99.264840][ T6110] FAULT_INJECTION: forcing a failure. [ 99.264840][ T6110] name failslab, interval 1, probability 0, space 0, times 0 [ 99.280517][ T5836] Bluetooth: hci3: command 0x0c1a tx timeout [ 99.426935][ T6110] CPU: 1 UID: 0 PID: 6110 Comm: syz.0.44 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) [ 99.426982][ T6110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 99.427002][ T6110] Call Trace: [ 99.427012][ T6110] [ 99.427030][ T6110] dump_stack_lvl+0x16c/0x1f0 [ 99.427072][ T6110] should_fail_ex+0x512/0x640 [ 99.427113][ T6110] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 99.427166][ T6110] should_failslab+0xc2/0x120 [ 99.427217][ T6110] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 99.427267][ T6110] ? __d_alloc+0x31/0xaa0 [ 99.427295][ T6110] ? set_normalized_timespec64+0x69/0xc0 [ 99.427336][ T6110] __d_alloc+0x31/0xaa0 [ 99.427368][ T6110] d_alloc+0x4a/0x1e0 [ 99.427398][ T6110] d_alloc_parallel+0xe3/0x12d0 [ 99.427453][ T6110] ? find_held_lock+0x2b/0x80 [ 99.427488][ T6110] ? __pfx_d_alloc_parallel+0x10/0x10 [ 99.427532][ T6110] ? __d_lookup+0x266/0x4a0 [ 99.427578][ T6110] lookup_open.isra.0+0x665/0x1580 [ 99.427626][ T6110] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 99.427682][ T6110] ? mnt_get_write_access+0x20c/0x300 [ 99.427723][ T6110] path_openat+0x905/0x2d40 [ 99.427781][ T6110] ? __pfx_path_openat+0x10/0x10 [ 99.427836][ T6110] do_filp_open+0x20b/0x470 [ 99.427889][ T6110] ? __pfx_do_filp_open+0x10/0x10 [ 99.427936][ T6110] ? find_held_lock+0x2b/0x80 [ 99.427988][ T6110] ? alloc_fd+0x420/0x760 [ 99.428039][ T6110] do_sys_openat2+0x11b/0x1d0 [ 99.428073][ T6110] ? __pfx_do_sys_openat2+0x10/0x10 [ 99.428119][ T6110] __x64_sys_openat+0x174/0x210 [ 99.428159][ T6110] ? __pfx___x64_sys_openat+0x10/0x10 [ 99.428195][ T6110] ? rcu_is_watching+0x12/0xc0 [ 99.428235][ T6110] do_syscall_64+0xcd/0x260 [ 99.428269][ T6110] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.428301][ T6110] RIP: 0033:0x7f518038d169 [ 99.428326][ T6110] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 99.428363][ T6110] RSP: 002b:00007f5181110038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 99.428394][ T6110] RAX: ffffffffffffffda RBX: 00007f51805a6080 RCX: 00007f518038d169 [ 99.428416][ T6110] RDX: 0000000000124001 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 99.428442][ T6110] RBP: 00007f518040e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 99.428462][ T6110] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 99.428480][ T6110] R13: 0000000000000000 R14: 00007f51805a6080 R15: 00007ffcdb1f2e68 [ 99.428512][ T6110] [ 99.868428][ T6106] FAULT_INJECTION: forcing a failure. [ 99.868428][ T6106] name failslab, interval 1, probability 0, space 0, times 0 [ 99.904087][ T6106] CPU: 0 UID: 0 PID: 6106 Comm: syz.0.44 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) [ 99.904135][ T6106] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 99.904154][ T6106] Call Trace: [ 99.904164][ T6106] [ 99.904177][ T6106] dump_stack_lvl+0x16c/0x1f0 [ 99.904215][ T6106] should_fail_ex+0x512/0x640 [ 99.904254][ T6106] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 99.904306][ T6106] should_failslab+0xc2/0x120 [ 99.904365][ T6106] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 99.904414][ T6106] ? vm_area_dup+0x53/0x2f0 [ 99.904455][ T6106] vm_area_dup+0x53/0x2f0 [ 99.904492][ T6106] __split_vma+0x17f/0x11a0 [ 99.904542][ T6106] ? __pfx___split_vma+0x10/0x10 [ 99.904601][ T6106] vms_gather_munmap_vmas+0x393/0x1780 [ 99.904648][ T6106] ? mtree_range_walk+0x718/0xc00 [ 99.904705][ T6106] ? __pfx_vms_gather_munmap_vmas+0x10/0x10 [ 99.904757][ T6106] ? mas_walk+0x6a6/0x910 [ 99.904817][ T6106] __mmap_region+0x320/0x27c0 [ 99.904869][ T6106] ? __pfx___mmap_region+0x10/0x10 [ 99.904919][ T6106] ? finish_task_switch.isra.0+0x221/0xc10 [ 99.904964][ T6106] ? __schedule+0x1131/0x5c00 [ 99.905013][ T6106] ? register_lock_class+0x41/0x4c0 [ 99.905104][ T6106] ? trace_cap_capable+0x18d/0x200 [ 99.905143][ T6106] ? cap_capable+0xb3/0x250 [ 99.905185][ T6106] mmap_region+0x1ab/0x3f0 [ 99.905239][ T6106] do_mmap+0xd8e/0x11b0 [ 99.905285][ T6106] ? __pfx_do_mmap+0x10/0x10 [ 99.905324][ T6106] ? __pfx_down_write_killable+0x10/0x10 [ 99.905373][ T6106] vm_mmap_pgoff+0x281/0x450 [ 99.905422][ T6106] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 99.905473][ T6106] ? __x64_sys_futex+0x1e0/0x4c0 [ 99.905511][ T6106] ? __x64_sys_futex+0x1e9/0x4c0 [ 99.905553][ T6106] ksys_mmap_pgoff+0x7d/0x5c0 [ 99.905589][ T6106] ? rcu_is_watching+0x12/0xc0 [ 99.905623][ T6106] __x64_sys_mmap+0x125/0x190 [ 99.905659][ T6106] do_syscall_64+0xcd/0x260 [ 99.905692][ T6106] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.905725][ T6106] RIP: 0033:0x7f518038d169 [ 99.905750][ T6106] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 99.905782][ T6106] RSP: 002b:00007f5181131038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 99.905812][ T6106] RAX: ffffffffffffffda RBX: 00007f51805a5fa0 RCX: 00007f518038d169 [ 99.905833][ T6106] RDX: 0000000000000007 RSI: 000000000002000d RDI: 0000000000000000 [ 99.905853][ T6106] RBP: 00007f518040e2a0 R08: 0000000000000404 R09: 0000000000008000 [ 99.905873][ T6106] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 99.905892][ T6106] R13: 0000000000000000 R14: 00007f51805a5fa0 R15: 00007ffcdb1f2e68 [ 99.905927][ T6106] [ 101.040434][ T5836] Bluetooth: hci1: command 0x0c1a tx timeout [ 101.120975][ T5836] Bluetooth: hci2: command 0x0c1a tx timeout [ 101.360477][ T5836] Bluetooth: hci3: command 0x0c1a tx timeout [ 102.343570][ T6160] random: crng reseeded on system resumption [ 102.440621][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 102.488052][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 102.496587][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 106.348780][ T6228] netlink: 544 bytes leftover after parsing attributes in process `syz.0.64'. [ 106.636676][ T6234] random: crng reseeded on system resumption [ 107.543756][ T6244] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 107.590455][ T6244] File: /dev/ram7 PID: 6244 Comm: syz.1.68 [ 109.474839][ T6272] netlink: 12 bytes leftover after parsing attributes in process `syz.1.73'. [ 110.975474][ T6296] mmap: syz.2.78 (6296) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 114.555026][ T6335] netlink: 28 bytes leftover after parsing attributes in process `syz.1.85'. [ 114.565043][ T6335] bridge_slave_1: left allmulticast mode [ 114.570818][ T6335] bridge_slave_1: left promiscuous mode [ 114.577644][ T6335] bridge0: port 2(bridge_slave_1) entered disabled state [ 114.921184][ T6335] bridge_slave_0: left allmulticast mode [ 114.937976][ T6335] bridge_slave_0: left promiscuous mode [ 114.994078][ T6335] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.574691][ T6359] netlink: 28 bytes leftover after parsing attributes in process `syz.0.90'. [ 118.536708][ T6379] snd_aloop snd_aloop.0: Parsing timer source 'i~Q' failed with -22 [ 119.424667][ T6393] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 120.880683][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 120.889619][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 121.600470][ T0] NOHZ tick-stop error: local softirq work is pending, handler #c2!!! [ 122.101149][ T6428] snd_aloop snd_aloop.0: Parsing timer source 'i~Q' failed with -22 [ 124.193201][ T6452] random: crng reseeded on system resumption [ 125.100762][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 127.301245][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 127.430838][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 127.752710][ T6497] random: crng reseeded on system resumption [ 129.096597][ T6510] vivid-003: ================= START STATUS ================= [ 129.130431][ T6510] vivid-003: Radio HW Seek Mode: Bounded [ 129.146724][ T6510] vivid-003: Radio Programmable HW Seek: false [ 129.175924][ T6510] vivid-003: RDS Rx I/O Mode: Block I/O [ 129.232899][ T6510] vivid-003: Generate RBDS Instead of RDS: false [ 129.239699][ T6510] vivid-003: RDS Reception: true [ 129.282897][ T6510] vivid-003: RDS Program Type: 0 inactive [ 129.288959][ T6510] vivid-003: RDS PS Name: inactive [ 129.294480][ T6510] vivid-003: RDS Radio Text: inactive [ 129.310526][ T6510] vivid-003: RDS Traffic Announcement: false inactive [ 129.320928][ T6510] vivid-003: RDS Traffic Program: false inactive [ 129.330700][ T6510] vivid-003: RDS Music: false inactive [ 129.336280][ T6510] vivid-003: ================== END STATUS ================== [ 131.917160][ T6520] netlink: 342 bytes leftover after parsing attributes in process `syz.0.123'. [ 131.936980][ T6520] netlink: 342 bytes leftover after parsing attributes in process `syz.0.123'. [ 131.959421][ T6532] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88807fe02200 pfn:0x7fe00 [ 131.960250][ T6520] netlink: 342 bytes leftover after parsing attributes in process `syz.0.123'. [ 132.000616][ T6532] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 132.007834][ T6532] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 132.049254][ T6532] raw: ffff88807fe02200 ffff888144ee2000 00000001ffffffff 0000000000000000 [ 132.088681][ T6532] page dumped because: unmovable page [ 132.133587][ T6532] page_owner tracks the page as allocated [ 132.139780][ T6532] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2cc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN), pid 6485, tgid 6481 (syz.2.117), ts 126896310701, free_ts 125115639463 [ 132.156111][ T6520] netlink: 342 bytes leftover after parsing attributes in process `syz.0.123'. [ 132.188966][ T6535] could not allocate digest TFM handle binfmt_misc [ 132.230502][ T6532] post_alloc_hook+0x181/0x1b0 [ 132.235385][ T6532] get_page_from_freelist+0x10c4/0x34c0 [ 132.301776][ T6532] __alloc_frozen_pages_noprof+0x223/0x24d0 [ 132.324582][ T6532] __alloc_pages_noprof+0xb/0x1b0 [ 132.347124][ T6532] pcpu_populate_chunk+0x110/0xb00 [ 132.370567][ T6532] pcpu_alloc_noprof+0xce4/0x14b0 [ 132.407132][ T6532] bpf_map_alloc_percpu+0x9a/0x4b0 [ 132.440273][ T6532] htab_map_alloc+0x1352/0x18f0 [ 132.445638][ T6532] map_create+0x588/0x1d80 [ 132.480608][ T6532] __sys_bpf+0x44fa/0x4c80 [ 132.500938][ T6532] __x64_sys_bpf+0x78/0xc0 [ 132.527616][ T6532] do_syscall_64+0xcd/0x260 [ 132.621777][ T6532] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.627789][ T6532] page last free pid 6462 tgid 6459 stack trace: [ 132.702135][ T6532] free_frozen_pages+0x6d8/0xf40 [ 132.707218][ T6532] vfree+0x176/0x960 [ 132.909254][ T6532] dvb_dvr_do_ioctl+0x205/0x290 [ 132.983974][ T6532] dvb_usercopy+0x164/0x330 [ 133.080415][ T6532] dvb_dvr_ioctl+0x29/0x40 [ 133.126517][ T6532] __x64_sys_ioctl+0x190/0x200 [ 133.204348][ T6532] do_syscall_64+0xcd/0x260 [ 133.268125][ T6532] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 138.091782][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.098160][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 138.299889][ T6613] aoe: can't write to that file. [ 138.651133][ T6598] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 139.074066][ T6612] netlink: 28 bytes leftover after parsing attributes in process `syz.0.143'. [ 139.083212][ T6612] bridge_slave_1: left allmulticast mode [ 139.088913][ T6612] bridge_slave_1: left promiscuous mode [ 139.094838][ T6612] bridge0: port 2(bridge_slave_1) entered disabled state [ 139.184743][ T6615] snd_aloop snd_aloop.0: Parsing timer source '<' failed with -22 [ 139.201404][ T6612] bridge_slave_0: left allmulticast mode [ 139.207183][ T6612] bridge_slave_0: left promiscuous mode [ 139.252896][ T6612] bridge0: port 1(bridge_slave_0) entered disabled state [ 142.752537][ T6657] netlink: 342 bytes leftover after parsing attributes in process `syz.3.154'. [ 142.761957][ T6657] FAULT_INJECTION: forcing a failure. [ 142.761957][ T6657] name failslab, interval 1, probability 0, space 0, times 0 [ 142.850403][ T6657] CPU: 1 UID: 0 PID: 6657 Comm: syz.3.154 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) [ 142.850451][ T6657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 142.850470][ T6657] Call Trace: [ 142.850480][ T6657] [ 142.850495][ T6657] dump_stack_lvl+0x16c/0x1f0 [ 142.850540][ T6657] should_fail_ex+0x512/0x640 [ 142.850578][ T6657] ? __kmalloc_noprof+0xbf/0x510 [ 142.850625][ T6657] ? tnode_new+0x25a/0x340 [ 142.850659][ T6657] should_failslab+0xc2/0x120 [ 142.850709][ T6657] __kmalloc_noprof+0xd2/0x510 [ 142.850762][ T6657] tnode_new+0x25a/0x340 [ 142.850799][ T6657] resize+0x3af/0x22a0 [ 142.850835][ T6657] ? trace_kmalloc+0x2b/0xd0 [ 142.850879][ T6657] fib_insert_alias+0x9b9/0xe30 [ 142.850918][ T6657] ? __pfx_rtnl_is_locked+0x10/0x10 [ 142.850957][ T6657] fib_trie_unmerge+0x2f9/0xcb0 [ 142.851004][ T6657] ? __pfx_fib_trie_unmerge+0x10/0x10 [ 142.851047][ T6657] ? ____sys_sendmsg+0xa8d/0xc60 [ 142.851076][ T6657] ? __pfx___mutex_lock+0x10/0x10 [ 142.851114][ T6657] fib_unmerge+0xf8/0x520 [ 142.851158][ T6657] ? __pfx_fib_nl2rule.constprop.0+0x10/0x10 [ 142.851204][ T6657] fib4_rule_configure+0x383/0x10c0 [ 142.851243][ T6657] fib_newrule+0x34c/0x1e60 [ 142.851296][ T6657] ? __pfx_fib_newrule+0x10/0x10 [ 142.851341][ T6657] ? kmem_cache_free+0x2d4/0x4d0 [ 142.851383][ T6657] ? __pfx_skb_network_protocol+0x10/0x10 [ 142.851442][ T6657] ? find_held_lock+0x2b/0x80 [ 142.851471][ T6657] ? __pfx_fib_nl_newrule+0x10/0x10 [ 142.851521][ T6657] ? __pfx_fib_nl_newrule+0x10/0x10 [ 142.851564][ T6657] ? rtnetlink_rcv_msg+0x93a/0xe90 [ 142.851611][ T6657] ? __pfx_fib_nl_newrule+0x10/0x10 [ 142.851656][ T6657] rtnetlink_rcv_msg+0x95b/0xe90 [ 142.851705][ T6657] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 142.851763][ T6657] netlink_rcv_skb+0x16a/0x440 [ 142.851812][ T6657] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 142.851876][ T6657] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 142.851941][ T6657] ? netlink_deliver_tap+0x1ae/0xd30 [ 142.851992][ T6657] netlink_unicast+0x53a/0x7f0 [ 142.852043][ T6657] ? __pfx_netlink_unicast+0x10/0x10 [ 142.852092][ T6657] ? __phys_addr_symbol+0x30/0x80 [ 142.852134][ T6657] ? __check_object_size+0x4c7/0x710 [ 142.852190][ T6657] netlink_sendmsg+0x8da/0xd70 [ 142.852243][ T6657] ? __pfx_netlink_sendmsg+0x10/0x10 [ 142.852302][ T6657] ____sys_sendmsg+0xa8d/0xc60 [ 142.852333][ T6657] ? copy_msghdr_from_user+0x10a/0x160 [ 142.852376][ T6657] ? __pfx_____sys_sendmsg+0x10/0x10 [ 142.852421][ T6657] ___sys_sendmsg+0x134/0x1d0 [ 142.852466][ T6657] ? __pfx____sys_sendmsg+0x10/0x10 [ 142.852550][ T6657] __sys_sendmsg+0x16d/0x220 [ 142.852594][ T6657] ? __pfx___sys_sendmsg+0x10/0x10 [ 142.852636][ T6657] ? __x64_sys_futex+0x1e0/0x4c0 [ 142.852683][ T6657] ? rcu_is_watching+0x12/0xc0 [ 142.852722][ T6657] do_syscall_64+0xcd/0x260 [ 142.852755][ T6657] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 142.852787][ T6657] RIP: 0033:0x7f953c18d169 [ 142.852822][ T6657] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 142.852852][ T6657] RSP: 002b:00007f953d064038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 142.852882][ T6657] RAX: ffffffffffffffda RBX: 00007f953c3a5fa0 RCX: 00007f953c18d169 [ 142.852903][ T6657] RDX: 0000000000040000 RSI: 0000200000000240 RDI: 0000000000000009 [ 142.852923][ T6657] RBP: 00007f953c20e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 142.852943][ T6657] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 142.852962][ T6657] R13: 0000000000000000 R14: 00007f953c3a5fa0 R15: 00007ffd9c3129a8 [ 142.852997][ T6657] [ 145.053804][ T6683] netlink: 342 bytes leftover after parsing attributes in process `syz.0.161'. [ 145.665608][ T6702] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88807fe02200 pfn:0x7fe00 [ 145.736795][ T6702] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 145.777143][ T6702] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 145.805120][ T6702] raw: ffff88807fe02200 ffff888144ee2000 00000001ffffffff 0000000000000000 [ 145.856222][ T6702] page dumped because: unmovable page [ 145.903745][ T6702] page_owner tracks the page as allocated [ 145.909643][ T6702] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2cc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN), pid 6485, tgid 6481 (syz.2.117), ts 126896310701, free_ts 125115639463 [ 145.935336][ T6708] vivid-003: ================= START STATUS ================= [ 145.977445][ T6708] vivid-003: Radio HW Seek Mode: Bounded [ 145.991684][ T6702] post_alloc_hook+0x181/0x1b0 [ 145.996551][ T6702] get_page_from_freelist+0x10c4/0x34c0 [ 146.021013][ T6703] could not allocate digest TFM handle binfmt_misc [ 146.029473][ T6708] vivid-003: Radio Programmable HW Seek: false [ 146.038641][ T6702] __alloc_frozen_pages_noprof+0x223/0x24d0 [ 146.050426][ T6708] vivid-003: RDS Rx I/O Mode: Block I/O [ 146.056092][ T6708] vivid-003: Generate RBDS Instead of RDS: false [ 146.076612][ T6702] __alloc_pages_noprof+0xb/0x1b0 [ 146.082184][ T6708] vivid-003: RDS Reception: true [ 146.087415][ T6708] vivid-003: RDS Program Type: 0 inactive [ 146.093396][ T6708] vivid-003: RDS PS Name: inactive [ 146.098925][ T6708] vivid-003: RDS Radio Text: inactive [ 146.112353][ T6702] pcpu_populate_chunk+0x110/0xb00 [ 146.119508][ T6702] pcpu_alloc_noprof+0xce4/0x14b0 [ 146.124654][ T6708] vivid-003: RDS Traffic Announcement: false inactive [ 146.124714][ T6708] vivid-003: RDS Traffic Program: false inactive [ 146.132702][ T6702] bpf_map_alloc_percpu+0x9a/0x4b0 [ 146.145094][ T6702] htab_map_alloc+0x1352/0x18f0 [ 146.150209][ T6702] map_create+0x588/0x1d80 [ 146.154859][ T6702] __sys_bpf+0x44fa/0x4c80 [ 146.159567][ T6702] __x64_sys_bpf+0x78/0xc0 [ 146.164917][ T6708] [ 146.177463][ T6702] do_syscall_64+0xcd/0x260 [ 146.179885][ T6708] vivid-003: RDS Music: false inactive [ 146.192111][ T6708] vivid-003: ================== END STATUS ================== [ 146.200177][ T6702] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 146.239522][ T6702] page last free pid 6462 tgid 6459 stack trace: [ 146.285330][ T6702] free_frozen_pages+0x6d8/0xf40 [ 146.298817][ T6702] vfree+0x176/0x960 [ 146.303572][ T6702] dvb_dvr_do_ioctl+0x205/0x290 [ 146.308763][ T6702] dvb_usercopy+0x164/0x330 [ 146.314143][ T6702] dvb_dvr_ioctl+0x29/0x40 [ 146.319716][ T6702] __x64_sys_ioctl+0x190/0x200 [ 146.325012][ T6702] do_syscall_64+0xcd/0x260 [ 146.329803][ T6702] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 148.402428][ T6739] FAULT_INJECTION: forcing a failure. [ 148.402428][ T6739] name fail_futex, interval 1, probability 0, space 0, times 1 [ 148.417322][ T6739] CPU: 0 UID: 0 PID: 6739 Comm: syz.2.174 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) [ 148.417361][ T6739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 148.417378][ T6739] Call Trace: [ 148.417386][ T6739] [ 148.417395][ T6739] dump_stack_lvl+0x16c/0x1f0 [ 148.417426][ T6739] should_fail_ex+0x512/0x640 [ 148.417464][ T6739] get_futex_key+0x49e/0x1000 [ 148.417496][ T6739] ? __pfx_get_futex_key+0x10/0x10 [ 148.417539][ T6739] futex_wake+0xe7/0x4e0 [ 148.417577][ T6739] ? __pfx_futex_wake+0x10/0x10 [ 148.417616][ T6739] ? percpu_counter_add_batch+0xb8/0x1f0 [ 148.417644][ T6739] ? errseq_sample+0x53/0x70 [ 148.417688][ T6739] ? file_init_path+0x4fe/0x760 [ 148.417718][ T6739] do_futex+0x1e3/0x350 [ 148.417748][ T6739] ? __pfx_do_futex+0x10/0x10 [ 148.417780][ T6739] ? fd_install+0x1db/0x670 [ 148.417821][ T6739] __x64_sys_futex+0x1e0/0x4c0 [ 148.417857][ T6739] ? __sys_socket+0xac/0x260 [ 148.417888][ T6739] ? __pfx___x64_sys_futex+0x10/0x10 [ 148.417924][ T6739] ? rcu_is_watching+0x12/0xc0 [ 148.417963][ T6739] do_syscall_64+0xcd/0x260 [ 148.417997][ T6739] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 148.418027][ T6739] RIP: 0033:0x7fc8be58d169 [ 148.418051][ T6739] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 148.418081][ T6739] RSP: 002b:00007fc8bf3cd0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 148.418109][ T6739] RAX: ffffffffffffffda RBX: 00007fc8be7a5fa8 RCX: 00007fc8be58d169 [ 148.418129][ T6739] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fc8be7a5fac [ 148.418148][ T6739] RBP: 00007fc8be7a5fa0 R08: 00007fc8bf3ce000 R09: 0000000000000000 [ 148.418167][ T6739] R10: 0000000000000002 R11: 0000000000000246 R12: 00007fc8be7a5fac [ 148.418186][ T6739] R13: 0000000000000000 R14: 00007fffc31e6e40 R15: 00007fffc31e6f28 [ 148.418218][ T6739] [ 149.567178][ T6754] syz.1.177 uses obsolete (PF_INET,SOCK_PACKET) [ 149.975223][ T6758] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input7 [ 150.929022][ T6769] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88807fe02200 pfn:0x7fe00 [ 150.984856][ T6769] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 150.993072][ T6769] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 151.001887][ T6769] raw: ffff88807fe02200 ffff888144ee2000 00000001ffffffff 0000000000000000 [ 151.010672][ T6769] page dumped because: unmovable page [ 151.016102][ T6769] page_owner tracks the page as allocated [ 151.030555][ T6769] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2cc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN), pid 6485, tgid 6481 (syz.2.117), ts 126896310701, free_ts 125115639463 [ 151.058060][ T6770] vivid-003: ================= START STATUS ================= [ 151.075421][ T6769] post_alloc_hook+0x181/0x1b0 [ 151.081204][ T6769] get_page_from_freelist+0x10c4/0x34c0 [ 151.087271][ T6769] __alloc_frozen_pages_noprof+0x223/0x24d0 [ 151.094258][ T6769] __alloc_pages_noprof+0xb/0x1b0 [ 151.099541][ T6769] pcpu_populate_chunk+0x110/0xb00 [ 151.105849][ T6769] pcpu_alloc_noprof+0xce4/0x14b0 [ 151.111032][ T6769] bpf_map_alloc_percpu+0x9a/0x4b0 [ 151.116391][ T6770] vivid-003: Radio HW Seek Mode: Bounded [ 151.116412][ T6769] htab_map_alloc+0x1352/0x18f0 [ 151.128305][ T6769] map_create+0x588/0x1d80 [ 151.132982][ T6769] __sys_bpf+0x44fa/0x4c80 [ 151.137566][ T6769] __x64_sys_bpf+0x78/0xc0 [ 151.142345][ T6769] do_syscall_64+0xcd/0x260 [ 151.146921][ T6769] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.152994][ T6769] page last free pid 6462 tgid 6459 stack trace: [ 151.159426][ T6769] free_frozen_pages+0x6d8/0xf40 [ 151.160487][ T6770] vivid-003: Radio Programmable HW Seek: [ 151.164634][ T6769] vfree+0x176/0x960 [ 151.174496][ T6769] dvb_dvr_do_ioctl+0x205/0x290 [ 151.179466][ T6769] dvb_usercopy+0x164/0x330 [ 151.184127][ T6769] dvb_dvr_ioctl+0x29/0x40 [ 151.188653][ T6769] __x64_sys_ioctl+0x190/0x200 [ 151.194709][ T6769] do_syscall_64+0xcd/0x260 [ 151.199304][ T6769] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.205572][ T6770] false [ 151.208408][ T6770] vivid-003: RDS Rx I/O Mode: Block I/O [ 151.214139][ T6770] vivid-003: Generate RBDS Instead of RDS: false [ 151.220721][ T6770] vivid-003: RDS Reception: true [ 151.225729][ T6770] vivid-003: RDS Program Type: 0 inactive [ 151.232197][ T6770] vivid-003: RDS PS Name: inactive [ 151.237579][ T6770] vivid-003: RDS Radio Text: inactive [ 151.243321][ T6770] vivid-003: RDS Traffic Announcement: false inactive [ 151.250198][ T6770] vivid-003: RDS Traffic Program: false inactive [ 151.259085][ T6770] vivid-003: RDS Music: false inactive [ 151.279369][ T6770] vivid-003: ================== END STATUS ================== [ 151.308117][ T6771] could not allocate digest TFM handle binfmt_misc [ 152.128745][ T6785] snd_aloop snd_aloop.0: Parsing timer source '<' failed with -22 [ 153.014661][ T6803] vivid-003: ================= START STATUS ================= [ 153.097339][ T6803] vivid-003: Radio HW Seek Mode: Bounded [ 153.222077][ T6803] vivid-003: Radio Programmable HW Seek: false [ 153.228358][ T6803] vivid-003: RDS Rx I/O Mode: Block I/O [ 153.234178][ T6803] vivid-003: Generate RBDS Instead of RDS: false [ 153.241048][ T6803] vivid-003: RDS Reception: true [ 153.246935][ T6803] vivid-003: RDS Program Type: 0 inactive [ 153.253318][ T6803] vivid-003: RDS PS Name: inactive [ 153.258690][ T6803] vivid-003: RDS Radio Text: inactive [ 153.264766][ T6803] vivid-003: RDS Traffic Announcement: false inactive [ 153.271948][ T6803] vivid-003: RDS Traffic Program: false inactive [ 153.278372][ T6803] vivid-003: RDS Music: false inactive [ 153.284545][ T6803] vivid-003: ================== END STATUS ================== [ 154.175412][ T6824] snd_aloop snd_aloop.0: Parsing timer source '<' failed with -22 [ 155.608992][ T6848] vivid-003: ================= START STATUS ================= [ 155.718989][ T6848] vivid-003: Radio HW Seek Mode: Bounded [ 155.829739][ T6848] vivid-003: Radio Programmable HW Seek: false [ 155.920043][ T6848] vivid-003: RDS Rx I/O Mode: Block I/O [ 156.015891][ T6848] vivid-003: Generate RBDS Instead of RDS: false [ 156.158058][ T6848] vivid-003: RDS Reception: true [ 156.200761][ T6848] vivid-003: RDS Program Type: 0 inactive [ 156.206623][ T6848] vivid-003: RDS PS Name: inactive [ 156.212805][ T6837] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 156.230543][ T6837] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 156.236734][ T6837] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 156.243913][ T6837] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 156.274611][ T6848] vivid-003: RDS Radio Text: inactive [ 156.280241][ T6848] vivid-003: RDS Traffic Announcement: false inactive [ 156.320516][ T6848] vivid-003: RDS Traffic Program: false inactive [ 156.350759][ T6848] vivid-003: RDS Music: false inactive [ 156.356347][ T6848] vivid-003: ================== END STATUS ================== [ 157.065158][ T5836] Bluetooth: hci0: command 0x0c1a tx timeout [ 157.656171][ T6873] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88807fe02200 pfn:0x7fe00 [ 157.679664][ T6873] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 157.694458][ T6873] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 157.708848][ T6873] raw: ffff88807fe02200 ffff888144ee2000 00000001ffffffff 0000000000000000 [ 157.722351][ T6868] [ 157.724750][ T6868] ====================================================== [ 157.728928][ T6873] page dumped because: unmovable page [ 157.731781][ T6868] WARNING: possible circular locking dependency detected [ 157.731802][ T6868] 6.14.0-syzkaller-05877-g1a9239bb4253 #0 Not tainted [ 157.731819][ T6868] ------------------------------------------------------ [ 157.731830][ T6868] syz.2.212/6868 is trying to acquire lock: [ 157.731846][ T6868] ffff88814332b698 (&q->elevator_lock){+.+.}-{4:4}, at: elv_iosched_store+0x201/0x5f0 [ 157.731926][ T6868] [ 157.731926][ T6868] but task is already holding lock: [ 157.731935][ T6868] ffff88814332b168 (&q->q_usage_counter(io)#58){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 157.732022][ T6868] [ 157.732022][ T6868] which lock already depends on the new lock. [ 157.732022][ T6868] [ 157.732032][ T6868] [ 157.732032][ T6868] the existing dependency chain (in reverse order) is: [ 157.732042][ T6868] [ 157.732042][ T6868] -> #2 [ 157.740257][ T6873] page_owner tracks the page as allocated [ 157.744433][ T6868] (&q->q_usage_counter(io)#58){++++}-{0:0}: [ 157.744480][ T6868] blk_alloc_queue+0x619/0x760 [ 157.744520][ T6868] blk_mq_alloc_queue+0x179/0x290 [ 157.744562][ T6868] __blk_mq_alloc_disk+0x29/0x120 [ 157.744603][ T6868] nbd_dev_add+0x49d/0xbb0 [ 157.744647][ T6868] nbd_init+0x181/0x320 [ 157.744682][ T6868] do_one_initcall+0x120/0x6e0 [ 157.744724][ T6868] kernel_init_freeable+0x5c2/0x900 [ 157.744772][ T6868] kernel_init+0x1c/0x2b0 [ 157.744816][ T6868] ret_from_fork+0x45/0x80 [ 157.744843][ T6868] ret_from_fork_asm+0x1a/0x30 [ 157.754614][ T6873] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2cc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN), pid 6485, tgid 6481 (syz.2.117), ts 126896310701, free_ts 125115639463 [ 157.758707][ T6868] [ 157.758707][ T6868] -> #1 ( [ 157.770424][ T6873] post_alloc_hook+0x181/0x1b0 [ 157.774130][ T6868] fs_reclaim){+.+.}-{0:0}: [ 157.913621][ T6868] fs_reclaim_acquire+0x102/0x150 [ 157.919195][ T6868] blk_mq_alloc_and_init_hctx+0x503/0x11c0 [ 157.925549][ T6868] blk_mq_realloc_hw_ctxs+0x8f6/0xc00 [ 157.931464][ T6868] blk_mq_init_allocated_queue+0x3af/0x1230 [ 157.937912][ T6868] blk_mq_alloc_queue+0x1c2/0x290 [ 157.943496][ T6868] __blk_mq_alloc_disk+0x29/0x120 [ 157.949334][ T6868] loop_add+0x496/0xb70 [ 157.954037][ T6868] loop_init+0x164/0x270 [ 157.958831][ T6868] do_one_initcall+0x120/0x6e0 [ 157.964150][ T6868] kernel_init_freeable+0x5c2/0x900 [ 157.970000][ T6868] kernel_init+0x1c/0x2b0 [ 157.974892][ T6868] ret_from_fork+0x45/0x80 [ 157.979847][ T6868] ret_from_fork_asm+0x1a/0x30 [ 157.985167][ T6868] [ 157.985167][ T6868] -> #0 (&q->elevator_lock){+.+.}-{4:4}: [ 157.993022][ T6868] __lock_acquire+0x1173/0x1ba0 [ 157.998423][ T6868] lock_acquire+0x179/0x350 [ 158.003481][ T6868] __mutex_lock+0x19a/0xb00 [ 158.008527][ T6868] elv_iosched_store+0x201/0x5f0 [ 158.014029][ T6868] queue_attr_store+0x270/0x310 [ 158.019610][ T6868] sysfs_kf_write+0x117/0x170 [ 158.024932][ T6868] kernfs_fop_write_iter+0x349/0x510 [ 158.030773][ T6868] iter_file_splice_write+0x91c/0x1150 [ 158.036872][ T6868] direct_splice_actor+0x18f/0x6c0 [ 158.042532][ T6868] splice_direct_to_actor+0x342/0xa30 [ 158.048544][ T6868] do_splice_direct+0x174/0x240 [ 158.053944][ T6868] do_sendfile+0xafd/0xe50 [ 158.058987][ T6868] __x64_sys_sendfile64+0x1d8/0x220 [ 158.064734][ T6868] do_syscall_64+0xcd/0x260 [ 158.069787][ T6868] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.076342][ T6868] [ 158.076342][ T6868] other info that might help us debug this: [ 158.076342][ T6868] [ 158.086582][ T6868] Chain exists of: [ 158.086582][ T6868] &q->elevator_lock --> fs_reclaim --> &q->q_usage_counter(io)#58 [ 158.086582][ T6868] [ 158.100364][ T6868] Possible unsafe locking scenario: [ 158.100364][ T6868] [ 158.107821][ T6868] CPU0 CPU1 [ 158.113220][ T6868] ---- ---- [ 158.118676][ T6868] lock(&q->q_usage_counter(io)#58); [ 158.124100][ T6868] lock(fs_reclaim); [ 158.130624][ T6868] lock(&q->q_usage_counter(io)#58); [ 158.138634][ T6868] lock(&q->elevator_lock); [ 158.143260][ T6868] [ 158.143260][ T6868] *** DEADLOCK *** [ 158.143260][ T6868] [ 158.151439][ T6868] 5 locks held by syz.2.212/6868: [ 158.156488][ T6868] #0: ffff8880248b6420 (sb_writers#7){.+.+}-{0:0}, at: splice_direct_to_actor+0x342/0xa30 [ 158.166664][ T6868] #1: ffff8880296cd088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x287/0x510 [ 158.176751][ T6868] #2: ffff888025c505a8 (kn->active#91){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2aa/0x510 [ 158.187265][ T6868] #3: ffff88814332b168 (&q->q_usage_counter(io)#58){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 158.198985][ T6868] #4: ffff88814332b1a0 (&q->q_usage_counter(queue)#10){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 158.211004][ T6868] [ 158.211004][ T6868] stack backtrace: [ 158.216904][ T6868] CPU: 0 UID: 0 PID: 6868 Comm: syz.2.212 Not tainted 6.14.0-syzkaller-05877-g1a9239bb4253 #0 PREEMPT(full) [ 158.216937][ T6868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 158.216953][ T6868] Call Trace: [ 158.216962][ T6868] [ 158.216972][ T6868] dump_stack_lvl+0x116/0x1f0 [ 158.217000][ T6868] print_circular_bug+0x275/0x350 [ 158.217037][ T6868] check_noncircular+0x14c/0x170 [ 158.217074][ T6868] __lock_acquire+0x1173/0x1ba0 [ 158.217111][ T6868] ? __lock_acquire+0xaa4/0x1ba0 [ 158.217146][ T6868] lock_acquire+0x179/0x350 [ 158.217180][ T6868] ? elv_iosched_store+0x201/0x5f0 [ 158.217215][ T6868] ? __pfx___might_resched+0x10/0x10 [ 158.217249][ T6868] __mutex_lock+0x19a/0xb00 [ 158.217273][ T6868] ? elv_iosched_store+0x201/0x5f0 [ 158.217306][ T6868] ? mark_held_locks+0x49/0x80 [ 158.217339][ T6868] ? elv_iosched_store+0x201/0x5f0 [ 158.217371][ T6868] ? lockdep_hardirqs_on+0x7c/0x110 [ 158.217412][ T6868] ? __pfx___mutex_lock+0x10/0x10 [ 158.217437][ T6868] ? blk_mq_freeze_queue_wait+0xad/0x1b0 [ 158.217479][ T6868] ? __pfx_autoremove_wake_function+0x10/0x10 [ 158.217515][ T6868] ? elv_iosched_store+0x201/0x5f0 [ 158.217547][ T6868] elv_iosched_store+0x201/0x5f0 [ 158.217579][ T6868] ? do_syscall_64+0xcd/0x260 [ 158.217603][ T6868] ? __pfx_elv_iosched_store+0x10/0x10 [ 158.217638][ T6868] ? __mutex_trylock_common+0xe9/0x250 [ 158.217675][ T6868] ? __pfx_elv_iosched_store+0x10/0x10 [ 158.217708][ T6868] queue_attr_store+0x270/0x310 [ 158.217756][ T6868] ? __pfx_queue_attr_store+0x10/0x10 [ 158.217797][ T6868] ? __lock_acquire+0x5ca/0x1ba0 [ 158.217833][ T6868] ? kernfs_fop_write_iter+0x287/0x510 [ 158.217870][ T6868] ? __pfx_queue_attr_store+0x10/0x10 [ 158.217911][ T6868] sysfs_kf_write+0x117/0x170 [ 158.217943][ T6868] kernfs_fop_write_iter+0x349/0x510 [ 158.217973][ T6868] ? __pfx_sysfs_kf_write+0x10/0x10 [ 158.218008][ T6868] iter_file_splice_write+0x91c/0x1150 [ 158.218054][ T6868] ? __pfx_iter_file_splice_write+0x10/0x10 [ 158.218094][ T6868] ? __pfx_copy_splice_read+0x10/0x10 [ 158.218134][ T6868] ? __pfx_iter_file_splice_write+0x10/0x10 [ 158.218173][ T6868] direct_splice_actor+0x18f/0x6c0 [ 158.218211][ T6868] splice_direct_to_actor+0x342/0xa30 [ 158.218247][ T6868] ? __pfx_direct_splice_actor+0x10/0x10 [ 158.218285][ T6868] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 158.218323][ T6868] do_splice_direct+0x174/0x240 [ 158.218358][ T6868] ? __pfx_do_splice_direct+0x10/0x10 [ 158.218393][ T6868] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 158.218429][ T6868] ? rw_verify_area+0xcf/0x680 [ 158.218460][ T6868] do_sendfile+0xafd/0xe50 [ 158.218495][ T6868] ? __pfx_do_sendfile+0x10/0x10 [ 158.218528][ T6868] ? __x64_sys_futex+0x1e0/0x4c0 [ 158.218558][ T6868] ? __x64_sys_futex+0x1e9/0x4c0 [ 158.218589][ T6868] __x64_sys_sendfile64+0x1d8/0x220 [ 158.218613][ T6868] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 158.218636][ T6868] ? rcu_is_watching+0x12/0xc0 [ 158.218664][ T6868] do_syscall_64+0xcd/0x260 [ 158.218689][ T6868] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.218715][ T6868] RIP: 0033:0x7fc8be58d169 [ 158.218735][ T6868] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 158.218766][ T6868] RSP: 002b:00007fc8bf3cd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 158.218790][ T6868] RAX: ffffffffffffffda RBX: 00007fc8be7a5fa0 RCX: 00007fc8be58d169 [ 158.218807][ T6868] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 158.218822][ T6868] RBP: 00007fc8be60e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 158.218837][ T6868] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 158.218852][ T6868] R13: 0000000000000000 R14: 00007fc8be7a5fa0 R15: 00007fffc31e6f28 [ 158.218874][ T6868] [ 158.218954][ C0] vkms_vblank_simulate: vblank timer overrun [ 158.593033][ C0] vkms_vblank_simulate: vblank timer overrun [ 158.600154][ T6873] get_page_from_freelist+0x10c4/0x34c0 [ 158.678616][ T5836] Bluetooth: hci1: command 0x0c1a tx timeout [ 158.684770][ T5836] Bluetooth: hci3: command 0x0c1a tx timeout [ 158.692160][ T5836] Bluetooth: hci2: command 0x0c1a tx timeout [ 158.704873][ T6873] __alloc_frozen_pages_noprof+0x223/0x24d0 [ 158.710902][ T6873] __alloc_pages_noprof+0xb/0x1b0 [ 158.721154][ T6873] pcpu_populate_chunk+0x110/0xb00 [ 158.726382][ T6873] pcpu_alloc_noprof+0xce4/0x14b0 [ 158.731577][ T6873] bpf_map_alloc_percpu+0x9a/0x4b0 [ 158.736800][ T6873] htab_map_alloc+0x1352/0x18f0 [ 158.745640][ T6873] map_create+0x588/0x1d80 [ 158.750190][ T6873] __sys_bpf+0x44fa/0x4c80 [ 158.755139][ T6873] __x64_sys_bpf+0x78/0xc0 [ 158.759637][ T6873] do_syscall_64+0xcd/0x260 [ 158.765307][ T6873] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.773182][ T6873] page last free pid 6462 tgid 6459 stack trace: [ 158.779597][ T6873] free_frozen_pages+0x6d8/0xf40 [ 158.790699][ T6873] vfree+0x176/0x960 [ 158.810950][ T6873] dvb_dvr_do_ioctl+0x205/0x290 [ 158.815987][ T6873] dvb_usercopy+0x164/0x330 [ 158.820561][ T6873] dvb_dvr_ioctl+0x29/0x40 [ 158.825002][ T6873] __x64_sys_ioctl+0x190/0x200 [ 158.829826][ T6873] do_syscall_64+0xcd/0x260 [ 158.841766][ T6873] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.850520][ T6877] could not allocate digest TFM handle binfmt_misc