last executing test programs: 17.6177774s ago: executing program 1 (id=3363): close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x2, 0x88) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/nfs/parameters/nfs_idmap_cache_timeout\x00', 0xc2902, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0xc0400, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp1\x00', 0x20b42, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = socket(0x28, 0x5, 0x3ff) setsockopt$auto(r2, 0x29, 0x30, 0x0, 0x90) mmap$auto(0x0, 0x2020009, 0x8d7e, 0xeb1, 0xffffffffffffffff, 0x8000) r3 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x1, 0x0) poll$auto(&(0x7f0000000180)={r3, 0x1, 0x9816}, 0x7f, 0x0) ioctl$auto_VHOST_SET_OWNER(r4, 0xaf01, 0x0) ioctl$auto(0x3, 0x4008af03, 0x0) io_uring_setup$auto(0x166, 0x0) ioctl$auto_VHOST_VSOCK_SET_RUNNING(r3, 0x4004af61, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) socket(0x15, 0x5, 0x0) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, 0x0, 0x2, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20342, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snd/midiC2D0\x00', 0x109302, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x0, 0x0) select$auto(0x7, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x3, 0x1, 0x2, 0x3, 0x95f4da0a, 0xefffffffffffffff, 0x3, 0x62, 0x80000001, 0x10000000000004, 0x6d40, 0xffffffffffffffff, 0x4, 0xfffffffffffffffe]}, 0x0) 15.459992845s ago: executing program 2 (id=3389): r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer2\x00', 0x1c8340, 0x0) ioctl$auto(r0, 0xc0045401, 0xffffffffffffffff) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) (async) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x400, 0x0) (async, rerun: 64) ioctl$auto(0x3, 0x541b, 0x38) (async, rerun: 64) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/security/tomoyo/audit\x00', 0x200, 0x0) r1 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) write$auto(0xffffffffffffffff, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) (async) mmap$auto(0x0, 0x1000000004, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async, rerun: 64) r3 = io_uring_setup$auto(0x6, 0x0) (async, rerun: 64) close_range$auto(0x2, r1, 0x1) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x48140, 0x0) ioctl$auto(r4, 0x545c, 0xffffffffffffffff) (async) ioctl$auto_dma_heap_fops_dma_heap(r2, 0x0, &(0x7f0000000300)="5f7b2f660f41afdc342c16a714a0b96a81a7f40066b35d3c2fc6e0469e287bd61e685d281bfce82ea9a1d4b24962faf399f5b326f6b4794bccef68222cd358e9fe77b8755925938c763beb037dbb6149b337bfb19d21387e9899f3167a54f6def24e01c804f30289ecd39a9de6400fce8e33eaa6b5048f08010b6fa75d3d1d0a0c026db63d9e5db75d3cf724a0af59827950d684dc828e7ed262fafa10e62f39ae00"/179) (async) ioctl$auto_TIOCMSET2(r4, 0x5418, &(0x7f0000000200)="ea8e") (async) ioctl$auto_SNDRV_TIMER_IOCTL_PAUSE(0xffffffffffffffff, 0x54a3, 0x0) (async, rerun: 64) close_range$auto(r3, r3, 0x2) (rerun: 64) syz_clone3(&(0x7f0000000100)={0x80a08680, 0x0, 0x0, 0x0, {0x3e}, 0x0, 0x0, 0x0, 0x0}, 0x58) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x209280, 0x0) (async) unshare$auto(0x40000080) (async, rerun: 32) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/bonding/all_slaves_active\x00', 0xb02, 0x0) (rerun: 32) sendfile$auto(r5, r5, 0x0, 0x3) (async) r6 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000540)='/proc/sys/net/sctp/cookie_hmac_alg\x00', 0x40141, 0x0) write$auto_proc_sys_file_operations_proc_sysctl(r6, 0x0, 0x0) (async, rerun: 32) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (rerun: 32) 15.400404043s ago: executing program 1 (id=3391): r0 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) ioctl$auto_IOCTL_VMCI_NOTIFICATIONS_RECEIVE(r0, 0x7a6, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000001500), r1) (async) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000001540)={'netdevsim0\x00', 0x0}) sendmsg$auto_NET_SHAPER_CMD_GROUP(r1, &(0x7f0000001600)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x34, r2, 0x1, 0x70bd26, 0x25dfdbfe, {}, [@NET_SHAPER_A_HANDLE={0xc, 0x1, 0x0, 0x1, [@NET_SHAPER_A_HANDLE_SCOPE={0x8, 0x1, 0x1}]}, @NET_SHAPER_A_LEAVES={0x4}, @NET_SHAPER_A_IFINDEX={0x8, 0x8, r3}, @NET_SHAPER_A_PRIORITY={0x8, 0x6, 0x7}]}, 0x34}, 0x1, 0x0, 0x0, 0x2004c804}, 0x14) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f00000011c0), 0xa2741, 0x0) (async) mmap$auto(0x0, 0xffff, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) (async) recvfrom$auto(0x4, 0x0, 0x101d0, 0x3ffffd, 0x0, 0x0) (async) write$auto_seq_oss_f_ops_seq_oss(0xffffffffffffffff, 0x0, 0x0) (async) r4 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000000c0), r4) (async) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f0, 0x15) madvise$auto(0x0, 0x200007, 0x19) timerfd_create$auto(0x9, 0x0) (async) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) (async) r5 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r5, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) (async, rerun: 64) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/pcmC1D1p\x00', 0x0, 0x0) (async, rerun: 64) write$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000200)='4', 0x1) (async) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x4, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x2, 0x9, 0x2, 0x6]}, 0x0) close_range$auto(0x2, 0xa, 0x0) r6 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/adsp1\x00', 0x1, 0x0) ioctl$auto_SNDCTL_DSP_GETODELAY(r6, 0x80045017, &(0x7f0000000c00)) 15.287992463s ago: executing program 2 (id=3393): openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) r0 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) (async) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D3\x00', 0x101a01, 0x0) (async) prctl$auto(0xf, 0x4, 0x0, 0x0, 0x3ff) select$auto(0xd, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x5, 0x11, 0x59, 0x0, 0x5, 0x15f4da0e, 0x3, 0x7, 0x62, 0x7ffffffd, 0xd, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) getpid() (async) mlockall$auto(0x5) (async) rt_sigprocmask$auto(0x6, &(0x7f0000000080)={0x6}, 0xffffffffffffffff, 0x8) io_uring_setup$auto(0x6, 0x0) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) (async) unshare$auto(0x4) (async) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) (async) r2 = socket(0x5, 0xa, 0x301) (async) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) sendmmsg$auto(0x4, 0x0, 0x400, 0x7) (async) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/phonet\x00', 0x108a00, 0x0) (async) pread64$auto(r2, &(0x7f0000000100)='ve\x00\x9b\xad@\xa3\x96.\x1d\xb568\xc8\xf7T\x80th1\x00\xe0,\x17\xa0\xf7\x89Pl\x84K?\x01\x84\xa1i\xe00\x81p\xa0U \f\xdbP`:\xe2\'\xa7\xbf\xbd\x04\x18\xad\x90I^\x99M\xe0W\x14\x11\xf4\xeb\x90:\v\xc5\x13*\xfe\x90\xb1\xa9O\xa5\x05\xaa\x8fTi\xd6\x13', 0x20000000003f, 0x5) (async) close_range$auto(0x2, 0x8, 0x0) (async) r3 = socket(0x2, 0x80002, 0x73) mmap$auto(0x0, 0x400008, 0x7d5f, 0x25f8, r0, 0x7fff) (async) io_uring_setup$auto(0x406, 0x0) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) (async) getrandom$auto(0x0, 0x6000000, 0x3) socket(0x11, 0x80003, 0x300) (async) r4 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vbi15\x00', 0x802, 0x0) write$auto(r4, &(0x7f0000000340)='%]{\fZ', 0x100000000) close_range$auto(r3, r2, 0x2080008) (async) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) 15.203004487s ago: executing program 2 (id=3395): r0 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000006900)='/sys/kernel/config/target/dbroot\x00', 0x6049c0, 0x0) write$auto(r0, &(0x7f0000000000)='/dev/audio1\x00\'\xd8\x8fp\xf4\xb1\x18Z\xf5\xa0\x00\x00\x00\x00\x00\x00\x00\t\x00\x00V\xb9\xcb\xd3\xcbh\x18nh{M\x05', 0x101) 15.018408678s ago: executing program 2 (id=3397): r0 = openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000080), 0x58043, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000380)='/sys/devices/virtual/block/nbd12/queue/write_cache\x00', 0x80002, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="1b25030000000400060000000353ac00118012000100892d57701f0379048590828847000004000280"], 0x38}, 0x1, 0x0, 0x0, 0x4044}, 0xc800) write$auto(0x3, 0x0, 0xfdef) close_range$auto(0x0, 0xfffffffffffff000, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0x9, 0xb5, 0x1, 0x4, 0x4, 0xffffffffffffffff, 0xa, "2af051b26b658a20d8dc6b36c83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0x7, 0x7, 0x6}, 0x10) bpf$auto(0x1a, &(0x7f0000000380)=@link_create={@prog_fd, @target_ifindex=r3, 0x3, 0x2, @netfilter={0x4, 0x1, 0x40, 0x7}}, 0x81) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) getrusage$auto(0x1, &(0x7f0000000080)={{0x3, 0x6}, {0x9, 0xe}, 0x2, 0x800000101, 0x8000000000000001, 0x5, 0x1000e, 0x7, 0x3, 0x8000000000000001, 0x6, 0x2, 0x6, 0x0, 0x7, 0x2}) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x9, 0x2, 0xb, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) getcwd$auto(0x0, 0xffffffffffffffff) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000040), 0x80002, 0x0) ioctl$auto_KVM_CREATE_VM(r4, 0xc008ae09, 0x0) r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptyd9\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(r5, 0x5423, 0x0) ioctl$auto_TCFLSH2(r5, 0x40087101, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ttyv7\x00', 0x400, 0x0) readlinkat$auto(0xffffffffffffffff, 0x0, 0x0, 0x0) write$auto_kmsg_fops_printk(r0, &(0x7f0000000040)='<', 0x1) 14.820080296s ago: executing program 2 (id=3399): mmap$auto(0x0, 0x200004000400009, 0xdf, 0x40000000009b72, 0x8000000000000003, 0x8000) utime$auto(0x0, 0xfffffffffffffffc) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0xc, 0x24000000000000, 0xe1, 0xfffffffffffffffb, 0xffffffffffffffff, 0x40000000008000) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/controlC2\x00', 0x22000, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_LIST(r0, 0xc0505510, 0x0) sigaltstack$auto(&(0x7f0000000040)={0x0, 0x2, 0x2001}, 0x0) r1 = getpid() r2 = gettid() rt_tgsigqueueinfo$auto(r1, r2, 0x21, 0x0) r3 = openat$auto_loop_ctl_fops_loop(0xffffffffffffff9c, 0x0, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB="e80d1398", @ANYRES16=r5, @ANYRESHEX=r3], 0x18}}, 0x4044820) ioctl$auto_LOOP_CTL_REMOVE(r3, 0x4c81, r2) mmap$auto(0x800000000000, 0x420008, 0x7, 0xeb1, 0xffffffffffffffff, 0x7fff) close_range$auto(r0, 0x8, 0x0) socket(0xa, 0x3, 0x3f) openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8000, 0x0) socket(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r6 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r7 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r7) ioctl$auto_KVM_CREATE_VM(r6, 0xc048aeca, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/net/nr14/statistics/rx_bytes\x00', 0x100102, 0x0) 14.681891786s ago: executing program 2 (id=3401): r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0xa02, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_CARD_INFO(r0, 0x81785501, &(0x7f0000000500)={0x0, 0x0, "a68a78cddb9af7ac4c80865002a0d2e3", "213ea76652ad28e8b96ec5ed5243aea3", "25222c3aac25ccff5de7b81eefde747e7674da7f6154e6bcf81ec7dadaa3b485", "12f251f2492bb43c598ef0237d522cb86954c0763131c2f67eaa6356799448a9576c948fc3fb995daec2f1fc9170a70b4b71b44f04809f3ca99cb9b4e9d3abb67d33f3d3fe57d0289938f4ce01d60bfd", "e9e7f824968ee78f73dc2749d12c7e05", "402beaf8e2dfaba5303a6efa74256963183267b80c0b5a1f17a2c919b4c43dc3817ea4719a3e48cdb8c3e9873ecfe260f627c94bc35f96d615979b05547405d7e633a060cdb0fc80f9562c947ed257fd", "5c84948d2c357792b0c4be9a3a15ecfee836d93ae475d2bc8193e8ac53c0494bf16e9a6d85fa65416177e39fac9de9d4869f6e9602c6f01a500ba2ba3d5fef158c908f502afdfe316cf3ac63f1f4842ec3c180d103084776592ff9e4a66125f8f285cabc67891f381c9bcc345f41ee4f2d7f4bffb05d58b0377a76a50de67bb8"}) r1 = getpgid(0x0) pidfd_open$auto(r1, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f00000001c0)={{@inferred, 0x1, 0x6, 0x80000001, "a2b8e85fc56865ba529faa0000000000000000000000692a240000008000", @raw=0x6}, 0x6, 0x5, 0x7, @inferred=r1, @reserved="fb99d320be0de941ac3f58d7aae0c84cbe332d618e0342771e3ac6e9a9df07cf9b1c017c611ac455c01804d0d4c89bee7005c5affd5ab891b44e48364e8de3f344584996c31f9ae16c6c4f062d38f590125ed264000000000000000000000000000000000000000600", "a4699d30a05edbe0d28473c399a7dc920b153e9b1675451d7de94b4123f970bedd3460c667373fcc59b584d81592f4ab606c276852295e00af49090000008034"}) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f00000000c0)={@inferred=r1, 0x6, 0xd, 0xa4, "e3eabf11dce36a2eac9cb4682c339b3ce615a9b97386d4462bc6553245da56e4978f37368e849db4a6e0aa4e", @raw=0xa2cfa1c}) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x0, 0x0) read$auto_proc_reg_file_ops_compat_inode(r3, &(0x7f0000003600)=""/4110, 0x100e) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0x1, 0x80000000, 0x100, 0x83, 0x101, 0x6, 0x6}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x876c5, 0x8, 0x100000000}}) setsockopt$auto_SO_BSDCOMPAT(r0, 0x7f, 0xe, &(0x7f00000018c0)='\x00', 0x4) mmap$auto(0x8000000000000000, 0x400008, 0xdf, 0xe7ff, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0xe984, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) epoll_ctl$auto(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) sendmsg$auto_BATADV_CMD_GET_BLA_CLAIM(r4, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000340)={&(0x7f0000000140)=ANY=[@ANYBLOB="ab006cd5bfde93887eda286c266a00", @ANYRES16=0x0, @ANYBLOB="010026bd7000fcdbdf250b0000000a001f00aaaaaaaaaa3400000600200002000000"], 0x28}, 0x1, 0x0, 0x0, 0x24000004}, 0x2) connect$auto(0x4, 0x0, 0x10) r5 = pidfd_open$auto(0x0, 0xfffffffe) sendmsg$auto_CGROUPSTATS_CMD_GET(r5, 0x0, 0x44) r6 = prctl$auto(0x1000000003b, 0xffb, r2, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) mmap$auto(0x0, 0x1, 0x1, 0x44eb2, 0x3, 0x300000000000) bpf$auto(0x4, 0x0, 0xa4) r7 = openat$auto_proc_environ_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/environ\x00', 0x2000, 0x0) read$auto_proc_environ_operations_base(r7, &(0x7f0000000240)=""/80, 0x50) sendfile$auto(r6, r7, &(0x7f0000000000)=0x3, 0x2) unshare$auto(0x40000080) 14.237769658s ago: executing program 1 (id=3405): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) mmap$auto(0x2, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0x22, 0x2, 0x24) r1 = getsockopt$auto(r0, 0x3, 0x1, 0x0, 0x0) rseq$auto(0x0, 0x8000, 0x0, 0x6) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r1, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@xdp={0x2c, 0x2, 0x0, 0x33}, 0x7fff) sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x3, 0x20000000) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mbind$auto(0x3, 0x100000007, 0x1, 0x0, 0x2, 0x2) madvise$auto(0x0, 0xffffffff97fb20a5, 0x10002) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000080)='/dev/usbmon2\x00', 0x40080, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x7b1602, 0x0) socket(0x1f, 0x800, 0xffffff01) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x1, 0x5, 0x0) socket(0x2, 0x1, 0x0) sysfs$auto(0x2, 0x11, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) connect$auto(0x3, 0x0, 0x55) r3 = openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcsa1\x00', 0x101041, 0x0) writev$auto(r3, &(0x7f0000000000)={&(0x7f0000000080), 0x8}, 0x20094) 12.290913081s ago: executing program 1 (id=3427): openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) io_uring_setup$auto(0x7ff, &(0x7f0000000080)={0x7efffffc, 0x8, 0x3002, 0x7, 0xa, 0x4006, 0xffffffffffffffff, [0x0, 0x0, 0x4000000], {0x6, 0x6, 0x8c48, 0x29b, 0x3, 0x7f, 0x69cb, 0x6, 0x3}, {0x5, 0x8001, 0x2052, 0x85, 0x2, 0x1a7b870a, 0x76c5, 0x8, 0x100000000}}) r1 = openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000d00), 0x60100, 0x0) read$auto_vhci_fops_hci_vhci(r1, &(0x7f0000000040)=""/15, 0xf) mmap$auto(0x1, 0x20006, 0x4000000000df, 0x9010, 0xffffffffffffffff, 0xc) unshare$auto(0x40000080) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x9) r2 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video42\x00', 0x169000, 0x0) ioctl$auto(r2, 0xc0845658, r2) socket(0xa, 0x800, 0x401) getpeername$auto(r0, 0x0, 0x0) r3 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8040, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r3, 0x7fffffffffffffff, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) execve$auto(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r4 = socket(0xa, 0x5, 0x0) setsockopt$auto(r4, 0x0, 0x24, 0x0, 0x9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x4, 0x300000000000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) unshare$auto(0x40000080) socket(0x2, 0x1, 0x0) syslog$auto(0x9, &(0x7f0000000100)='/dev/vhci\x00', 0x713f) r5 = openat$auto_minstrel_ht_stat_csv_fops_rc80211_minstrel_ht_debugfs(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/ieee80211/phy13/netdev:wlan0/stations/08:02:11:00:00:01/rc_stats_csv\x00', 0x101102, 0x0) bpf$auto(0xfffffffe, &(0x7f0000000200)=@info={r5, 0x8, 0x8}, 0xc20) pkey_free$auto(0x1) 10.104143679s ago: executing program 3 (id=3456): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x20342, 0x0) mmap$auto(0x0, 0x202000a, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r1 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f00000017c0)='/sys/kernel/debug/lru_gen\x00', 0x1, 0x0) writev$auto(r1, &(0x7f0000000100)={0x0, 0x407114}, 0x8) mmap$auto(0xea, 0x4020009, 0x800000000000df, 0xeb1, r0, 0x6) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/adsp1\x00', 0x2042, 0x0) ioctl$auto_SNDCTL_DSP_SETFMT(r2, 0xc0045005, &(0x7f0000004900)) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) shmctl$auto_SHM_STAT_ANY(0x7, 0xf, &(0x7f0000000300)={{0x3fe, 0xee00, 0xffffffffffffffff, 0x9, 0xc53a, 0x29, 0xe}, 0x4, 0xffffffffffffffff, 0xff, 0x81, @raw=0x1, @inferred, 0x0, 0x0, 0x0, 0x0}) r3 = setfsgid$auto(0xee00) fchown$auto(0xffffffffffffffff, 0xee00, r3) mmap$auto(0x0, 0x10018, 0xdf, 0xeb1, 0x40000000000a5, 0x808000) socket(0x2, 0x1, 0x0) shutdown$auto(0x200000003, 0x2) bind$auto(0x3, &(0x7f0000000000)=@in={0x2, 0x3, @broadcast}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) listen$auto(0x3, 0x81) r4 = openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000000), 0x2400, 0x0) ioctl$auto_UBI_IOCATT(r4, 0x40186f40, 0x0) ioctl$auto_UBI_IOCDET(r4, 0x40046f41, 0x0) fsconfig$auto(0xffffffffffffffff, 0x6, 0x0, 0x0, r3) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x400, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000040)=""/5, 0x5) 9.108071825s ago: executing program 3 (id=3466): openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x18b002, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) getpgrp(0x0) r0 = getpid() mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x24044010}, 0xc0) clone$auto(0x20003b47, 0x3, 0x0, 0x0, 0x1000001fffffe) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) getsockname$auto(0xffffffffffffffff, &(0x7f0000000000)=@tipc=@name={0x1e, 0x2, 0x2, {{0x42}, 0x103}}, 0x0) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) r1 = socket(0x1e, 0x4, 0x0) setsockopt$auto(r1, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x101d0, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) close_range$auto(0x2, 0x8, 0x0) semget$auto(0x0, 0x2e4a, 0x8000) process_vm_readv$auto(r0, &(0x7f0000000000)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={&(0x7f0000000140), 0x40000000001243}, 0xa, 0x0) ioctl$auto(0x3, 0x400454ca, 0x38) io_uring_setup$auto(0x6, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) socket(0x15, 0x5, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = socket(0x2b, 0x1, 0x0) bind$auto(0xffffffffffffffff, &(0x7f0000000040)=@in={0x2, 0x4e22, @multicast2}, 0x6a) sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x80, 0xb}, 0x800009}, 0x5, 0x20000000) read$auto(0x3, 0x0, 0x10001) 8.338809528s ago: executing program 3 (id=3476): r0 = geteuid() mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r1 = openat$auto_generic(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/bluetooth/hci7/rfkill12/power/runtime_active_time\x00', 0x40000, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) write$auto(r2, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) socket(0xa, 0x2, 0x3a) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) arch_prctl$auto(0x5005, 0x9) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) connect$auto(0x3, 0x0, 0x55) connect$auto(r1, &(0x7f0000000080)=@l2tp={0x2, 0x0, @local, 0x3}, 0x14) close_range$auto(0x2, 0x8, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket(0x10, 0x2, 0xc) r5 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$auto_CTRL_CMD_GETPOLICY(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x1c, r5, 0x2, 0x70bd2c, 0x25dfdbfb, {0xa, 0x0, 0xa00}, [@CTRL_ATTR_OP={0x8, 0xa, 0x5}]}, 0x1c}}, 0x10004010) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000001f00), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_BEARER_ENABLE(r6, &(0x7f0000003a80)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x24040004) socket(0x21, 0x6, 0xffffff01) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/softrepeat\x00', 0xc2481, 0x0) write$auto(r7, &(0x7f0000000040)='\x06\x00\'k', 0x4) r8 = getsockopt$auto(0xffffffffffffffff, 0x1, 0x6, 0x0, 0x0) sendto$auto(0xffffffffffffffff, 0x0, 0x7, 0x6, &(0x7f0000000440)=@isdn={0x22, 0xc, 0x0, 0x8}, 0x7fff) ioctl$auto_IOCTL_VMCI_SET_NOTIFY(r8, 0x7cb, 0x0) readv$auto(r3, &(0x7f0000000200)={&(0x7f0000000180)="1e39cf77e1adcf22d2e620166be3a4e5026cf3e4fa43744c0896a3171b5f01a0df48812f0908dc58602fce51bf88d2b162fecb4b86112700634d80fccb15", 0xd4b}, 0xfffffffffffffffe) setreuid$auto(r0, r0) socket$nl_generic(0x10, 0x3, 0x10) 7.756417433s ago: executing program 1 (id=3486): unshare$auto(0x40000080) (async) openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x8081, 0x0) (async) openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0) socket(0x0, 0x801, 0x101) (async, rerun: 32) mmap$auto(0x0, 0xdf33, 0xe2, 0xeb1, 0x405, 0x8000) (async, rerun: 32) mmap$auto(0x0, 0x400008, 0x7fb, 0x80000011, 0x2, 0x208000) (async, rerun: 32) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) (rerun: 32) mmap$auto(0xfffffffffffffffe, 0x1ff, 0xdf, 0x200000810, 0xffffffffffffffff, 0x8000) (async) madvise$auto(0x196f, 0xf9cf, 0xdffff) (async) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x206000, 0x108) faccessat2$auto(r0, &(0x7f0000000080)='./file0\x00', 0x5, 0x3) (async) io_uring_setup$auto(0x6, 0x0) (async, rerun: 32) r1 = socket(0xa, 0x1, 0x84) (rerun: 32) getsockopt$auto(r1, 0x84, 0x81, 0x0, 0x0) 7.421755397s ago: executing program 3 (id=3490): openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x800, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x2003f0, 0x15) mmap$auto(0x0, 0x2a, 0xdf, 0x9b72, 0x1000, 0x28000) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/renderD128\x00', 0x20300, 0x0) r2 = socket(0xa, 0x5, 0x0) pwrite64$auto(0xc8, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x00\rs\x1cJ\x99\x00:c\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x1) close_range$auto(0x0, 0xfffffffffffff000, 0x2) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000001c0)={'ip6_vti0\x00'}) bpf$auto(0x40000000, &(0x7f0000000100)=@iter_create={r1, 0x81}, 0x96) bpf$auto(0x18, &(0x7f0000000040)=@raw_tracepoint={0x0, 0xffffffffffffffff, 0x0, 0x800}, 0x92) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x54) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) openat$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/dynamic_events\x00', 0x542, 0x0) statx$auto(0x2, 0x0, 0x1000, 0xbdfa, 0x0) writev$auto(0x3, 0x0, 0x8) getsockopt$auto(r2, 0x84, 0x1d, 0x0, 0x0) r3 = openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/dri/vgem/clients\x00', 0x60000, 0x0) read$auto_drm_debugfs_entry_fops_drm_debugfs(r3, &(0x7f0000000100)=""/153, 0x99) getpid() mincore$auto(0x1000, 0x8001, 0x0) r4 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/version\x00', 0x60002, 0x0) read$auto(r4, 0x0, 0xb4d3) write$auto(0x3, 0x0, 0xffd8) 4.88410648s ago: executing program 3 (id=3513): mmap$auto(0x0, 0xc, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) fallocate$auto(0xffffffffffffffff, 0xdd, 0x7fff, 0x81) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0x0, 0x20009, 0x4000800000df, 0x1000eb1, 0xffffffffffffffff, 0x40000008002) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xd, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x80, 0xd, 0x1, 0x948d, 0x3, 0x15f4da0a, 0x3, 0x6, 0x62, 0x80000000, 0x7, 0x6d3f, 0x1ff, 0x2, 0xfffffffffffff000]}, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) getpid() mlockall$auto(0x5) rt_sigprocmask$auto(0x6, &(0x7f0000000080)={0x6}, 0xffffffffffffffff, 0x8) close_range$auto(0x2, 0x8, 0x0) r1 = io_uring_setup$auto(0x6, 0x0) mmap$auto(0xffffffffffffffff, 0x65f, 0xd9, 0xeb1, r1, 0x80000000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) socketcall$auto(0x8000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/nullb0/queue/fua\x00', 0x0, 0x0) preadv$auto(0x3, &(0x7f00000004c0)={0x0, 0x8000001}, 0x3, 0x10000, 0x10) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8040, 0x0) socket(0x2, 0x5, 0x0) bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_map_fd=0x5, 0x4007, @old_prog_fd=0x13b}, 0xa3) socket(0x2, 0x801, 0x100) socket(0x25, 0x1, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x4000, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/amidi2\x00', 0x305003, 0x0) 1.087417832s ago: executing program 3 (id=3516): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x2, 0x1, 0x0, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, 0x0, 0x51) shutdown$auto(0x200000003, 0x2) madvise$auto(0x0, 0x2003f0, 0x15) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio1\x00', 0x20b42, 0x0) mq_open$auto(&(0x7f0000000000)='%\x00', 0x8, 0x8, &(0x7f0000000080)={0x94, 0x4, 0x40, 0x6}) mmap$auto(0x8, 0x9, 0x1, 0xeb3, 0xfffefffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = open(0x0, 0x149443, 0x14) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x40080, 0x0) ioctl$auto_UI_DEV_SETUP(r2, 0x405c5503, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, 0x0, 0x0) write$auto(0x3, 0x0, 0x100082) unshare$auto(0x40000080) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, 0x0, 0x8080) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x7, 0x4008) unshare$auto(0x40) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) migrate_pages$auto(0x0, 0x8, 0x0, &(0x7f00000001c0)=0x7b) r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80502, 0x0) ioctl$auto_SNDCTL_DSP_CHANNELS(r3, 0xc0045006, &(0x7f00000001c0)) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) openat$auto_ftrace_event_id_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/tracing/events/vmalloc/free_vmap_area_noflush/id\x00', 0x48102, 0x0) 475.211354ms ago: executing program 0 (id=3522): r0 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram11\x00', 0x14be02, 0x0) (async) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/mm/ksm/merge_across_nodes\x00', 0x80202, 0x0) write$auto_tomoyo_self_operations_securityfs_if(r2, &(0x7f0000000080)="60da", 0x2) (async) preadv2$auto(r1, &(0x7f0000000080)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x4, 0x2e) r3 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x1, 0x0) (async) r4 = socket(0xa, 0x802, 0x3a) setsockopt$auto(r4, 0x29, 0x21, 0x0, 0x18000113) r5 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$auto(0x3, 0x114, 0xa, 0x0, 0x4) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) (async) sendmsg$auto_NL80211_CMD_SET_WOWLAN(0xffffffffffffffff, 0x0, 0x4004010) r6 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001340), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r5, &(0x7f0000001400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r6, @ANYBLOB="01002bbd7000fcdbdf25040000000400100008000cf1edfba1d1e45aea61b8f7020700000002681af944a5465101930e1f4b991ef2f10f485ddf80e072"], 0x20}, 0x1, 0x0, 0x0, 0x24040000}, 0x18800) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event0\x00', 0x80, 0x0) fcntl$auto(0x3, 0x4, 0xa553) close_range$auto(r3, 0x8, 0x0) ioctl$auto_BLKFLSBUF(r1, 0x1261, 0x0) (async) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) mmap$auto(0x0, 0x810004, 0xfff, 0x8000000008012, 0x3, 0x8000) (async) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) (async) close_range$auto(0x0, 0xfffffffffffff000, 0x0) (async) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0xa, 0xb5, 0x10, 0x4, 0x4, 0xffffffffffffffff, 0xa, "2af051b26b658a20d8dc6b36c83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0x7, 0x7, 0x6}, 0x10) bpf$auto(0x19, &(0x7f0000000380)=@link_create={@prog_fd, @target_ifindex=r7, 0x3, 0x81, @uprobe_multi={0x81, 0x1ff, 0x3d7e, 0x0, 0x1, 0x4}}, 0x92) (async) sysfs$auto(0xfffffffe, 0x10000000000002a, 0x4) (async) ioctl$auto_VHOST_SET_BACKEND_FEATURES(0xffffffffffffffff, 0x4008af25, 0x0) ioctl$auto_RTC_RD_TIME(r0, 0x80247009, 0x0) 351.800841ms ago: executing program 0 (id=3524): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8400) openat$auto_tap_fops_tap(0xffffffffffffff9c, 0x0, 0x1, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/lru_gen_full\x00', 0x8a302, 0x0) socket(0x1a, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) r1 = epoll_create$auto(0x3e) epoll_ctl$auto(r1, 0x1, 0x8000000000000000, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000380)='/sys/devices/system/cpu/cpu1/hotplug/target\x00', 0x800, 0x0) read$auto(r2, 0x0, 0x7) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3) writev$auto(r0, &(0x7f0000000200)={0x0, 0x100000ff}, 0x2) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) write$auto(r4, &(0x7f0000000240)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8GZ5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80802, 0x0) r5 = socket(0x2b, 0x3, 0x7) ioctl$auto_IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @loopback}, 0x6a) sendmmsg$auto(r5, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, 0x0, 0x9, 0x0, 0x1f, 0x9}, 0x800009}, 0x7, 0x20000000) io_uring_setup$auto(0x6, 0x0) setsockopt$auto(0x3, 0x1, 0x2f, 0x0, 0x9) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) write$auto(0x3, 0x0, 0xfffffdef) 291.133476ms ago: executing program 0 (id=3525): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) prctl$auto_SECCOMP_MODE_STRICT(0xf, 0x1, 0x0, 0x9, 0x2) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/config/target/core/alua/lu_gps/default_lu_gp/lu_gp_id\x00', 0x189002, 0x0) openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/set_event\x00', 0x80000, 0x0) 164.061766ms ago: executing program 1 (id=3526): r0 = open(&(0x7f0000000000)='./cgroup\x00', 0x0, 0x64) setpriority$auto(0x1, 0xee01, 0xc) timer_gettime$auto(0x0, 0x0) fchdir$auto(r0) mkdir$auto(&(0x7f0000000480)='./cgroup\x00', 0x6) close_range$auto(0x0, 0x5, 0x0) fanotify_init$auto(0x5, 0x2000000000002) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/block2mtd/parameters/block2mtd\x00', 0x601, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000140)="e7696e5891a9bccbf2a814c2b1c2da6a4642e71e423e55bb3bdfb80fb3496c6bac2c4769", 0x24) inotify_init1$auto(0x3000000000000) socket(0x15, 0x5, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup/cgroup.type\x00', 0x103042, 0x0) rmdir$auto(&(0x7f0000000300)='./cgroup\x00') socket$nl_generic(0x10, 0x3, 0x10) socket(0x28, 0x801, 0x0) select$auto(0x6, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xfff, 0x1, 0x5, 0x3, 0x95f4da2d, 0xc, 0x6, 0x62, 0x7, 0x7, 0x6d3f, 0xa, 0x4, 0x5]}, 0x0) 80.048044ms ago: executing program 0 (id=3527): mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x402002, 0x0) r0 = socket(0x10, 0x3, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000004440), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'ip6gre0\x00', 0x0}) sendmsg$auto_OVS_DP_CMD_NEW(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000004540)={&(0x7f0000000340)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01e92aa97000db01000000000000010910", @ANYRES32=r2, @ANYRES32=r0, @ANYRESOCT=r2, @ANYBLOB="5e35ed6226065c5aa0dc2139caab704c9cf86b308cc4fc2b79b1b21ef9be7dc4669db2158005e4c7a92d573d14b8f117464f3072567ce8a3869747b873c896b13827fdfcdb938a505b35fd8633a98e212d20bc3144ca69e634f092e506475124e8e1c2e9ff0faeeaad26ac633199a74a75917b2a4bff5b08cc567a3957cfc26460085527fb20482d977f30f20d5778"], 0x40}, 0x1, 0x0, 0x0, 0x10}, 0x2000000) prctl$auto_PR_SCHED_CORE_GET(0x200, 0x0, 0x0, 0x1ff, 0x401) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, 0x0, 0x20401, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x129a00, 0x0) ioctl$auto(r1, 0x541e, 0x10000000000402) prctl$auto(0xfffffbff, 0x1, 0x0, 0x1, 0x0) select$auto(0x8, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x2, 0x948b, 0x3, 0x15f4da0a, 0x1, 0x1, 0x62, 0x80000001, 0x7, 0x6, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) close_range$auto(r1, 0xffffffffffffffff, 0xf8) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) mmap$auto(0x200, 0x6199f877, 0x20000000fffe, 0xfffffffffffffff6, r3, 0x8000) sendmsg$auto_NL80211_CMD_CRIT_PROTOCOL_STOP(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000480)=ANY=[@ANYBLOB="98000000", @ANYRES16=0x0, @ANYBLOB="00042bbd7000ffdbdf25630000004300f300823685eea1b0a97c71f92fbea59ba60d6422860057df180f66cee3f219cdaa5c9c349074b9bb52bff18d8e52394f230c972e71d29766254c0f5bacc82632ed000400aff170eacb62f4835b210005005900000000000800520041a978d572af8a625238cca063f1046190f2821f6caa", @ANYRES32=0x0, @ANYBLOB="04005f001e0013000cbcf91846607bf659ad47a08cf7a59e3641e02f52fb83fcc459000008009e0004000000"], 0x98}, 0x1, 0x0, 0x0, 0x80}, 0x804) r4 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) read$auto(r4, 0x0, 0x1f42) r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x901, 0x0) writev$auto(r5, &(0x7f00000000c0)={0x0, 0x7}, 0x3) shmctl$auto(0x7ff, 0x7270, 0x0) msgctl$auto_IPC_SET(0xfffffffc, 0x1, &(0x7f0000000240)={{0xfffff852, 0x0, 0xee01, 0x3, 0x8, 0x8, 0x3ff}, 0x0, 0x0, 0x1, 0x6, 0x5, 0x3, 0x3ff, 0x6, 0x6, 0x3, @inferred, @raw=0x899}) shmctl$auto_IPC_STAT(0x8, 0x2, 0x0) socket(0x26, 0x5, 0x801) ioctl$auto(0x3, 0xae60, 0x10000000000402) getpid() 60.600861ms ago: executing program 0 (id=3528): mmap$auto(0x0, 0x3, 0xfffffffffffffff8, 0x200000eb1, 0xfffffffffffffffa, 0x1000000000000006) socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto(0x3, 0x4020565a, 0x38) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000100)='/dev/binderfs/binder0\x00', 0x800, 0x0) socket(0xa, 0x1, 0x100) socket(0x1e, 0x1, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D2\x00', 0x101, 0x0) socket(0x21, 0x3, 0x9) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x104, 0x3, 0x3739aae3, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x3, 0xd, 0x1, 0x948b, 0x1, 0x15f4da0a, 0x1, 0xffffffffd09d8d67, 0x62, 0x80000023, 0x7, 0x6d3e, 0x9, 0x2, 0x2]}, 0x0) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_BLKBSZSET(0xffffffffffffffff, 0x40081271, 0x0) unshare$auto(0x40000080) ioctl$auto_ECCGETSTATS(r1, 0x80104d12, &(0x7f0000000440)={0x3, 0xfffffff8, 0x8, 0x5}) mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) munmap$auto(0xfffffffffffff34b, 0x8592) mkdir$auto(0x0, 0x9) socket(0x25, 0x805, 0x3) openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000080), 0x2000, 0x0) mmap$auto(0x0, 0x40000a, 0xdf, 0x9b72, 0x2, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptytc\x00', 0x410101, 0x0) syz_genetlink_get_family_id$auto_macsec(0x0, 0xffffffffffffffff) r2 = set_tid_address$auto(0x0) ioprio_get$auto_IOPRIO_WHO_PROCESS(0x1, r2) 0s ago: executing program 0 (id=3529): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xc, 0x800008000) lsm_get_self_attr$auto(0x68, 0x0, &(0x7f0000002440)=0x8, 0x0) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) set_mempolicy_home_node$auto(0x0, 0x2010001, 0x0, 0x0) mbind$auto(0x3, 0x9, 0x6, &(0x7f0000000000)=0x1ff, 0x100000001, 0x7ff) openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/per_cpu/cpu1/trace\x00', 0x8000, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.74' (ED25519) to the list of known hosts. [ 95.745468][ T5836] cgroup: Unknown subsys name 'net' [ 95.922614][ T5836] cgroup: Unknown subsys name 'cpuset' [ 95.932439][ T5836] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 97.160182][ T55] cfg80211: failed to load regulatory.db [ 97.764120][ T5836] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 100.439961][ T5849] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 100.450489][ T5852] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 100.458704][ T5852] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 100.468614][ T5852] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 100.476471][ T5852] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 100.508578][ T5852] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 100.519276][ T5852] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 100.527355][ T5852] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 100.535735][ T5852] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 100.543169][ T5856] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 100.578487][ T5856] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 100.587182][ T5856] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 100.595920][ T5856] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 100.603943][ T5856] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 100.612386][ T5856] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 100.667550][ T5169] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 100.679949][ T5169] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 100.688784][ T5169] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 100.700742][ T5169] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 100.710113][ T5169] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 101.160249][ T5846] chnl_net:caif_netlink_parms(): no params data found [ 101.292735][ T5851] chnl_net:caif_netlink_parms(): no params data found [ 101.455075][ T5846] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.463633][ T5846] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.471933][ T5846] bridge_slave_0: entered allmulticast mode [ 101.481201][ T5846] bridge_slave_0: entered promiscuous mode [ 101.502886][ T5857] chnl_net:caif_netlink_parms(): no params data found [ 101.540333][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.547507][ T5846] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.555035][ T5846] bridge_slave_1: entered allmulticast mode [ 101.563478][ T5846] bridge_slave_1: entered promiscuous mode [ 101.633102][ T5853] chnl_net:caif_netlink_parms(): no params data found [ 101.650113][ T5846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 101.679515][ T5851] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.686695][ T5851] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.694451][ T5851] bridge_slave_0: entered allmulticast mode [ 101.702182][ T5851] bridge_slave_0: entered promiscuous mode [ 101.712840][ T5846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 101.751324][ T5851] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.758809][ T5851] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.766051][ T5851] bridge_slave_1: entered allmulticast mode [ 101.774335][ T5851] bridge_slave_1: entered promiscuous mode [ 101.841510][ T5846] team0: Port device team_slave_0 added [ 101.850912][ T5851] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 101.895084][ T5846] team0: Port device team_slave_1 added [ 101.903648][ T5851] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 101.991588][ T5857] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.999174][ T5857] bridge0: port 1(bridge_slave_0) entered disabled state [ 102.006545][ T5857] bridge_slave_0: entered allmulticast mode [ 102.014216][ T5857] bridge_slave_0: entered promiscuous mode [ 102.040114][ T5851] team0: Port device team_slave_0 added [ 102.061197][ T5857] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.068570][ T5857] bridge0: port 2(bridge_slave_1) entered disabled state [ 102.075778][ T5857] bridge_slave_1: entered allmulticast mode [ 102.084081][ T5857] bridge_slave_1: entered promiscuous mode [ 102.091848][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 102.099394][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 102.125585][ T5846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 102.146235][ T5851] team0: Port device team_slave_1 added [ 102.194282][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 102.201865][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 102.228991][ T5846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 102.269298][ T5853] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.276533][ T5853] bridge0: port 1(bridge_slave_0) entered disabled state [ 102.285828][ T5853] bridge_slave_0: entered allmulticast mode [ 102.294959][ T5853] bridge_slave_0: entered promiscuous mode [ 102.305733][ T5857] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 102.325014][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 102.332539][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 102.359336][ T5851] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 102.371160][ T5853] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.378815][ T5853] bridge0: port 2(bridge_slave_1) entered disabled state [ 102.386028][ T5853] bridge_slave_1: entered allmulticast mode [ 102.393875][ T5853] bridge_slave_1: entered promiscuous mode [ 102.417616][ T5857] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 102.458943][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 102.465974][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 102.492925][ T5851] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 102.519274][ T5849] Bluetooth: hci0: command tx timeout [ 102.569627][ T5857] team0: Port device team_slave_0 added [ 102.586170][ T5853] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 102.602961][ T5846] hsr_slave_0: entered promiscuous mode [ 102.610066][ T5846] hsr_slave_1: entered promiscuous mode [ 102.620350][ T5857] team0: Port device team_slave_1 added [ 102.643027][ T5853] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 102.678782][ T5849] Bluetooth: hci2: command tx timeout [ 102.678788][ T5169] Bluetooth: hci1: command tx timeout [ 102.706735][ T5857] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 102.713854][ T5857] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 102.739904][ T5857] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 102.758486][ T5849] Bluetooth: hci3: command tx timeout [ 102.786707][ T5853] team0: Port device team_slave_0 added [ 102.794255][ T5857] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 102.801745][ T5857] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 102.828708][ T5857] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 102.863449][ T5853] team0: Port device team_slave_1 added [ 102.900620][ T5851] hsr_slave_0: entered promiscuous mode [ 102.907246][ T5851] hsr_slave_1: entered promiscuous mode [ 102.914308][ T5851] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 102.922313][ T5851] Cannot create hsr debugfs directory [ 103.012796][ T5853] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 103.019966][ T5853] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 103.047089][ T5853] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 103.087189][ T5857] hsr_slave_0: entered promiscuous mode [ 103.093853][ T5857] hsr_slave_1: entered promiscuous mode [ 103.100730][ T5857] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 103.108412][ T5857] Cannot create hsr debugfs directory [ 103.114786][ T5853] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 103.121936][ T5853] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 103.149062][ T5853] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 103.406474][ T5853] hsr_slave_0: entered promiscuous mode [ 103.413503][ T5853] hsr_slave_1: entered promiscuous mode [ 103.419916][ T5853] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 103.427605][ T5853] Cannot create hsr debugfs directory [ 103.641860][ T5846] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 103.663810][ T5846] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 103.683208][ T5846] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 103.720185][ T5846] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 103.816749][ T5857] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 103.840118][ T5857] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 103.861335][ T5857] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 103.873261][ T5857] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 103.938405][ T5851] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 103.977439][ T5851] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 103.993047][ T5851] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 104.030471][ T5851] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 104.085917][ T5853] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 104.101699][ T5853] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 104.121062][ T5853] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 104.144679][ T5853] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 104.270970][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0 [ 104.317403][ T5857] 8021q: adding VLAN 0 to HW filter on device bond0 [ 104.365940][ T5846] 8021q: adding VLAN 0 to HW filter on device team0 [ 104.396587][ T5857] 8021q: adding VLAN 0 to HW filter on device team0 [ 104.411132][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.418473][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 104.452451][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.459655][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 104.471695][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.478906][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 104.488599][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.495737][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 104.569098][ T5851] 8021q: adding VLAN 0 to HW filter on device bond0 [ 104.598320][ T5849] Bluetooth: hci0: command tx timeout [ 104.630069][ T5853] 8021q: adding VLAN 0 to HW filter on device bond0 [ 104.662841][ T5851] 8021q: adding VLAN 0 to HW filter on device team0 [ 104.693585][ T5853] 8021q: adding VLAN 0 to HW filter on device team0 [ 104.737305][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.744540][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 104.760019][ T5849] Bluetooth: hci2: command tx timeout [ 104.760057][ T5169] Bluetooth: hci1: command tx timeout [ 104.778496][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.785720][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 104.821253][ T1094] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.828709][ T1094] bridge0: port 1(bridge_slave_0) entered forwarding state [ 104.839685][ T5169] Bluetooth: hci3: command tx timeout [ 104.910765][ T3546] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.917960][ T3546] bridge0: port 2(bridge_slave_1) entered forwarding state [ 105.273688][ T5857] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 105.414541][ T5857] veth0_vlan: entered promiscuous mode [ 105.467259][ T5857] veth1_vlan: entered promiscuous mode [ 105.514224][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 105.643958][ T5857] veth0_macvtap: entered promiscuous mode [ 105.657198][ T5857] veth1_macvtap: entered promiscuous mode [ 105.672443][ T5851] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 105.694588][ T5853] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 105.726136][ T5857] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 105.757668][ T5857] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 105.767692][ T5846] veth0_vlan: entered promiscuous mode [ 105.795994][ T5857] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.805670][ T5857] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.814799][ T5857] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.824353][ T5857] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.914361][ T5853] veth0_vlan: entered promiscuous mode [ 105.932305][ T5846] veth1_vlan: entered promiscuous mode [ 105.987110][ T5853] veth1_vlan: entered promiscuous mode [ 105.996471][ T5851] veth0_vlan: entered promiscuous mode [ 106.028874][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.039778][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.076656][ T5846] veth0_macvtap: entered promiscuous mode [ 106.095023][ T5851] veth1_vlan: entered promiscuous mode [ 106.137403][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.143102][ T5853] veth0_macvtap: entered promiscuous mode [ 106.156047][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.159432][ T5846] veth1_macvtap: entered promiscuous mode [ 106.184716][ T5853] veth1_macvtap: entered promiscuous mode [ 106.214009][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 106.245505][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 106.269408][ T5853] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 106.300566][ T5846] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.309582][ T5846] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.319864][ T5846] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.329611][ T5846] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.350085][ T5851] veth0_macvtap: entered promiscuous mode [ 106.361101][ T5857] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 106.387066][ T5853] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 106.417804][ T5853] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.427058][ T5853] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.436906][ T5853] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.452205][ T5853] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.464523][ T5851] veth1_macvtap: entered promiscuous mode [ 106.606657][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 106.630020][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 106.677016][ T37] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.681902][ T5851] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.686332][ T5169] Bluetooth: hci0: command tx timeout [ 106.724719][ T5851] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.739371][ T37] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.748856][ T5851] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.780656][ T5851] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.836682][ T5936] could not allocate digest TFM handle [ 106.842908][ T5169] Bluetooth: hci2: command tx timeout [ 106.848577][ T5849] Bluetooth: hci1: command tx timeout [ 106.918897][ T5169] Bluetooth: hci3: command tx timeout [ 106.975953][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.994221][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.076677][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.086599][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.248480][ T3546] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.263232][ T3546] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.324664][ T5936] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3'. [ 107.455299][ T5936] Zero length message leads to an empty skb [ 107.501601][ T5943] netlink: set zone limit has 8 unknown bytes [ 107.532786][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.567702][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.573142][ T5943] process 'syz.0.1' launched ':,' with NULL argv: empty string added [ 107.743363][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.768490][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 107.777008][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.777022][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 107.934613][ T5952] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 108.024182][ T5952] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 108.072340][ T5952] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 108.110926][ T5952] page_type: f5(slab) [ 108.138251][ T5952] raw: 00fff00000000040 ffff88801b842140 dead000000000122 0000000000000000 [ 108.176565][ T5952] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 108.210247][ T5952] head: 00fff00000000040 ffff88801b842140 dead000000000122 0000000000000000 [ 108.225357][ T5952] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 108.241202][ T5952] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 108.314507][ T5952] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 108.344408][ T5952] page dumped because: unmovable page [ 108.384283][ T5952] page_owner tracks the page as allocated [ 108.393552][ T5952] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5857, tgid 5857 (syz-executor), ts 101247124546, free_ts 101201565525 [ 108.416291][ T5952] post_alloc_hook+0x1c0/0x230 [ 108.421249][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 108.431410][ T5952] get_page_from_freelist+0x1321/0x3890 [ 108.437165][ T5952] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 108.443835][ T5952] alloc_pages_mpol+0x1fb/0x550 [ 108.514790][ T5952] new_slab+0x23b/0x330 [ 108.549111][ T5952] ___slab_alloc+0xd9c/0x1940 [ 108.554023][ T5952] __slab_alloc.constprop.0+0x56/0xb0 [ 108.559661][ T5952] __kmalloc_cache_noprof+0xfb/0x3e0 [ 108.565574][ T5952] kobject_uevent_env+0x265/0x1870 [ 108.571277][ T5952] net_rx_queue_update_kobjects+0x1de/0x770 [ 108.577345][ T5952] netdev_register_kobject+0x269/0x3a0 [ 108.586442][ T5952] register_netdevice+0x13dc/0x2270 [ 108.596088][ T5952] team_newlink+0xb4/0x190 [ 108.606220][ T5952] rtnl_newlink+0xc45/0x2000 [ 108.614533][ T5952] rtnetlink_rcv_msg+0x95b/0xe90 [ 108.622818][ T5952] netlink_rcv_skb+0x158/0x420 [ 108.633254][ T5952] page last free pid 5857 tgid 5857 stack trace: [ 108.665089][ T5952] __free_frozen_pages+0x7fe/0x1180 [ 108.685459][ T5952] __put_partials+0x16d/0x1c0 [ 108.713573][ T5952] qlist_free_all+0x4d/0x120 [ 108.728462][ T5952] kasan_quarantine_reduce+0x195/0x1e0 [ 108.748108][ T5952] __kasan_slab_alloc+0x69/0x90 [ 108.753212][ T5952] __kmalloc_cache_noprof+0x1f1/0x3e0 [ 108.760875][ T5169] Bluetooth: hci0: command tx timeout [ 108.781897][ T5952] ref_tracker_alloc+0x18e/0x5b0 [ 108.787000][ T5952] netdev_queue_update_kobjects+0x2db/0x720 [ 108.809319][ T5952] netdev_register_kobject+0x28c/0x3a0 [ 108.814918][ T5952] register_netdevice+0x13dc/0x2270 [ 108.828720][ T5952] bond_newlink+0x87/0x100 [ 108.849693][ T5952] rtnl_newlink+0xc45/0x2000 [ 108.854540][ T5952] rtnetlink_rcv_msg+0x95b/0xe90 [ 108.860104][ T5952] netlink_rcv_skb+0x158/0x420 [ 108.865056][ T5952] netlink_unicast+0x53a/0x7f0 [ 108.870693][ T5952] netlink_sendmsg+0x8d1/0xdd0 [ 108.925351][ T5169] Bluetooth: hci1: command tx timeout [ 108.925372][ T5849] Bluetooth: hci2: command tx timeout [ 108.998670][ T5849] Bluetooth: hci3: command tx timeout [ 109.547514][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 109.868419][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 110.152342][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 110.161338][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 110.578220][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 110.587971][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 110.598185][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 111.897857][ T5997] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input5 [ 112.872241][ T6000] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 112.996979][ T5998] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input6 [ 113.891983][ T6020] capability: warning: `syz.0.15' uses 32-bit capabilities (legacy support in use) [ 117.918591][ T6063] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 133.408941][ T6263] random: crng reseeded on system resumption [ 138.055589][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.062551][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 138.496962][ T6333] warning: `syz.2.68' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 152.169201][ T6474] FAULT_INJECTION: forcing a failure. [ 152.169201][ T6474] name failslab, interval 1, probability 0, space 0, times 1 [ 152.246923][ T6474] CPU: 0 UID: 0 PID: 6474 Comm: syz.3.88 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 152.246968][ T6474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 152.246990][ T6474] Call Trace: [ 152.247001][ T6474] [ 152.247015][ T6474] dump_stack_lvl+0x16c/0x1f0 [ 152.247078][ T6474] should_fail_ex+0x512/0x640 [ 152.247124][ T6474] ? __kmalloc_noprof+0xbf/0x510 [ 152.247175][ T6474] ? kobject_get_path+0xd2/0x2a0 [ 152.247223][ T6474] should_failslab+0xc2/0x120 [ 152.247254][ T6474] __kmalloc_noprof+0xd2/0x510 [ 152.247311][ T6474] kobject_get_path+0xd2/0x2a0 [ 152.247366][ T6474] kobject_uevent_env+0x289/0x1870 [ 152.247390][ T6474] ? ksys_unshare+0x9d0/0xa40 [ 152.247428][ T6474] ? internal_create_groups+0x11a/0x150 [ 152.247465][ T6474] netdev_queue_update_kobjects+0x1a7/0x720 [ 152.247498][ T6474] netdev_register_kobject+0x28c/0x3a0 [ 152.247525][ T6474] register_netdevice+0x13dc/0x2270 [ 152.247553][ T6474] ? __pfx_register_netdevice+0x10/0x10 [ 152.247581][ T6474] ? __pfx_loopback_net_init+0x10/0x10 [ 152.247609][ T6474] register_netdev+0x34/0x50 [ 152.247629][ T6474] loopback_net_init+0x7a/0x170 [ 152.247656][ T6474] ? __pfx_loopback_net_init+0x10/0x10 [ 152.247682][ T6474] ops_init+0x1df/0x5f0 [ 152.247721][ T6474] setup_net+0x1ff/0x510 [ 152.247755][ T6474] ? lockdep_init_map_type+0x5c/0x280 [ 152.247789][ T6474] ? __pfx_setup_net+0x10/0x10 [ 152.247827][ T6474] ? debug_mutex_init+0x37/0x70 [ 152.247853][ T6474] copy_net_ns+0x2a6/0x5f0 [ 152.247894][ T6474] create_new_namespaces+0x3ea/0xa90 [ 152.247929][ T6474] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 152.247958][ T6474] ksys_unshare+0x45b/0xa40 [ 152.247990][ T6474] ? __pfx_ksys_unshare+0x10/0x10 [ 152.248023][ T6474] ? xfd_validate_state+0x61/0x180 [ 152.248070][ T6474] __x64_sys_unshare+0x31/0x40 [ 152.248119][ T6474] do_syscall_64+0xcd/0x490 [ 152.248158][ T6474] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 152.248186][ T6474] RIP: 0033:0x7fdf5598e929 [ 152.248216][ T6474] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 152.248248][ T6474] RSP: 002b:00007fdf568d3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 152.248278][ T6474] RAX: ffffffffffffffda RBX: 00007fdf55bb5fa0 RCX: 00007fdf5598e929 [ 152.248299][ T6474] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 152.248320][ T6474] RBP: 00007fdf55a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 152.248340][ T6474] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 152.248355][ T6474] R13: 0000000000000000 R14: 00007fdf55bb5fa0 R15: 00007ffd026f8be8 [ 152.248385][ T6474] [ 153.934221][ T6481] kexec: Could not allocate control_code_buffer [ 154.816861][ T6502] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78008 [ 154.835010][ T6502] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 154.865685][ T6502] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 154.876884][ T6502] page_type: f5(slab) [ 154.880993][ T6502] raw: 00fff00000000040 ffff88801ce95640 0000000000000000 dead000000000001 [ 154.907806][ T6502] raw: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000 [ 154.907879][ T6502] head: 00fff00000000040 ffff88801ce95640 0000000000000000 dead000000000001 [ 154.907921][ T6502] head: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000 [ 154.907956][ T6502] head: 00fff00000000003 ffffea0001e00201 00000000ffffffff 00000000ffffffff [ 154.907990][ T6502] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 154.908011][ T6502] page dumped because: unmovable page [ 154.908028][ T6502] page_owner tracks the page as allocated [ 154.908052][ T6502] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5219, tgid 5219 (udevd), ts 119507313771, free_ts 119506996175 [ 154.908114][ T6502] post_alloc_hook+0x1c0/0x230 [ 154.908164][ T6502] get_page_from_freelist+0x1321/0x3890 [ 154.908212][ T6502] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 154.908261][ T6502] alloc_pages_mpol+0x1fb/0x550 [ 154.908291][ T6502] new_slab+0x23b/0x330 [ 154.908330][ T6502] ___slab_alloc+0xd9c/0x1940 [ 154.908371][ T6502] __slab_alloc.constprop.0+0x56/0xb0 [ 154.908413][ T6502] kmem_cache_alloc_noprof+0xef/0x3b0 [ 154.908461][ T6502] getname_flags.part.0+0x4c/0x550 [ 154.908496][ T6502] getname_flags+0x93/0xf0 [ 154.908539][ T6502] do_readlinkat+0xb4/0x3a0 [ 154.908569][ T6502] __x64_sys_readlink+0x78/0xc0 [ 154.908607][ T6502] do_syscall_64+0xcd/0x490 [ 154.908657][ T6502] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.908692][ T6502] page last free pid 5219 tgid 5219 stack trace: [ 154.908712][ T6502] __free_frozen_pages+0x7fe/0x1180 [ 154.908754][ T6502] __put_partials+0x16d/0x1c0 [ 154.908797][ T6502] qlist_free_all+0x4d/0x120 [ 154.908843][ T6502] kasan_quarantine_reduce+0x195/0x1e0 [ 154.908892][ T6502] __kasan_slab_alloc+0x69/0x90 [ 154.908966][ T6502] __kmalloc_noprof+0x1d4/0x510 [ 154.909013][ T6502] tomoyo_realpath_from_path+0xc2/0x6e0 [ 154.909059][ T6502] tomoyo_path_perm+0x274/0x460 [ 154.909094][ T6502] security_inode_getattr+0x116/0x290 [ 154.909131][ T6502] vfs_fstat+0x4b/0xe0 [ 154.909161][ T6502] __do_sys_newfstat+0x87/0x100 [ 154.909194][ T6502] do_syscall_64+0xcd/0x490 [ 154.909242][ T6502] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.109112][ C1] vkms_vblank_simulate: vblank timer overrun [ 155.674298][ T6512] overlayfs: missing 'lowerdir' [ 156.369468][ T6528] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 156.387847][ T6528] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 156.399503][ T6528] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 156.412057][ T6528] page_type: f5(slab) [ 156.416354][ T6528] raw: 00fff00000000040 ffff88801b842140 dead000000000122 0000000000000000 [ 156.428353][ T6528] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 156.484862][ T6528] head: 00fff00000000040 ffff88801b842140 dead000000000122 0000000000000000 [ 156.530516][ T6528] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 156.560331][ T6528] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 156.570238][ T6528] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 156.600317][ T6528] page dumped because: unmovable page [ 156.632599][ T6528] page_owner tracks the page as allocated [ 156.646042][ T6528] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 13, tgid 13 (kworker/u8:1), ts 155892572837, free_ts 154222541556 [ 156.689689][ T6528] post_alloc_hook+0x1c0/0x230 [ 156.754227][ T6528] get_page_from_freelist+0x1321/0x3890 [ 156.872340][ T6528] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 156.886620][ T6528] alloc_pages_mpol+0x1fb/0x550 [ 156.891896][ T6528] new_slab+0x23b/0x330 [ 156.896759][ T6528] ___slab_alloc+0xd9c/0x1940 [ 156.901691][ T6528] __slab_alloc.constprop.0+0x56/0xb0 [ 156.907673][ T6528] __kmalloc_node_track_caller_noprof+0x2ee/0x510 [ 156.914514][ T6528] kmalloc_reserve+0xef/0x2c0 [ 156.919523][ T6528] __alloc_skb+0x166/0x380 [ 156.925798][ T6528] nsim_dev_trap_report_work+0x2b1/0xcf0 [ 156.932066][ T6528] process_one_work+0x9cf/0x1b70 [ 156.937757][ T6528] worker_thread+0x6c8/0xf10 [ 156.944036][ T6528] kthread+0x3c2/0x780 [ 156.948338][ T6528] ret_from_fork+0x5d7/0x6f0 [ 156.953042][ T6528] ret_from_fork_asm+0x1a/0x30 [ 157.013142][ T6528] page last free pid 6477 tgid 6473 stack trace: [ 157.048379][ T6528] __free_frozen_pages+0x7fe/0x1180 [ 157.157401][ T6528] __put_partials+0x16d/0x1c0 [ 157.162171][ T6528] qlist_free_all+0x4d/0x120 [ 157.211824][ T6528] kasan_quarantine_reduce+0x195/0x1e0 [ 157.241197][ T6528] __kasan_slab_alloc+0x69/0x90 [ 157.266680][ T6528] __kmalloc_cache_noprof+0x1f1/0x3e0 [ 157.309398][ T6528] kobject_uevent_env+0x265/0x1870 [ 157.401536][ T6528] device_del+0x623/0x9f0 [ 157.406125][ T6528] unregister_netdevice_many_notify+0x1903/0x2700 [ 157.412833][ T6528] ops_undo_list+0x8fc/0xab0 [ 157.418971][ T6528] setup_net+0x2e1/0x510 [ 157.425509][ T6528] copy_net_ns+0x2a6/0x5f0 [ 157.430596][ T6528] create_new_namespaces+0x3ea/0xa90 [ 157.436606][ T6528] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 157.442531][ T6528] ksys_unshare+0x45b/0xa40 [ 157.451309][ T6528] __x64_sys_unshare+0x31/0x40 [ 158.883005][ T6571] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 158.948808][ T6571] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 158.987651][ T6571] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 159.389708][ T6571] page_type: f5(slab) [ 159.436388][ T6571] raw: 00fff00000000040 ffff88801b842140 dead000000000122 0000000000000000 [ 159.600197][ T6571] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 159.764182][ T6571] head: 00fff00000000040 ffff88801b842140 dead000000000122 0000000000000000 [ 159.868874][ T6571] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 159.877668][ T6571] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 159.997219][ T6571] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 160.034845][ T6571] page dumped because: unmovable page [ 160.040636][ T6571] page_owner tracks the page as allocated [ 160.046535][ T6571] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 13, tgid 13 (kworker/u8:1), ts 155892572837, free_ts 154222541556 [ 160.067215][ C1] vkms_vblank_simulate: vblank timer overrun [ 160.098912][ T6571] post_alloc_hook+0x1c0/0x230 [ 160.104109][ T6571] get_page_from_freelist+0x1321/0x3890 [ 160.179511][ T6571] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 160.298168][ T6571] alloc_pages_mpol+0x1fb/0x550 [ 160.507818][ T6571] new_slab+0x23b/0x330 [ 160.538073][ T6571] ___slab_alloc+0xd9c/0x1940 [ 160.585322][ T6571] __slab_alloc.constprop.0+0x56/0xb0 [ 160.591402][ T6571] __kmalloc_node_track_caller_noprof+0x2ee/0x510 [ 160.601327][ T6571] kmalloc_reserve+0xef/0x2c0 [ 160.613663][ T6571] __alloc_skb+0x166/0x380 [ 160.622167][ T6571] nsim_dev_trap_report_work+0x2b1/0xcf0 [ 160.629717][ T6571] process_one_work+0x9cf/0x1b70 [ 160.637078][ T6571] worker_thread+0x6c8/0xf10 [ 160.641901][ T6571] kthread+0x3c2/0x780 [ 160.707417][ T6571] ret_from_fork+0x5d7/0x6f0 [ 160.746925][ T6571] ret_from_fork_asm+0x1a/0x30 [ 160.806597][ T6571] page last free pid 6477 tgid 6473 stack trace: [ 160.815011][ T6571] __free_frozen_pages+0x7fe/0x1180 [ 160.820372][ T6571] __put_partials+0x16d/0x1c0 [ 160.825963][ T6571] qlist_free_all+0x4d/0x120 [ 160.832544][ T6571] kasan_quarantine_reduce+0x195/0x1e0 [ 160.840864][ T6571] __kasan_slab_alloc+0x69/0x90 [ 160.860355][ T6571] __kmalloc_cache_noprof+0x1f1/0x3e0 [ 160.923132][ T6571] kobject_uevent_env+0x265/0x1870 [ 160.944254][ T6571] device_del+0x623/0x9f0 [ 160.958959][ T6571] unregister_netdevice_many_notify+0x1903/0x2700 [ 160.979188][ T6571] ops_undo_list+0x8fc/0xab0 [ 161.066334][ T6571] setup_net+0x2e1/0x510 [ 161.070824][ T6571] copy_net_ns+0x2a6/0x5f0 [ 161.075654][ T6571] create_new_namespaces+0x3ea/0xa90 [ 161.081297][ T6571] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 161.087543][ T6571] ksys_unshare+0x45b/0xa40 [ 161.092384][ T6571] __x64_sys_unshare+0x31/0x40 [ 162.215916][ T6608] tipc: Started in network mode [ 162.215955][ T6608] tipc: Node identity ee00, cluster identity 4711 [ 162.215968][ T6608] tipc: Node number set to 60928 [ 164.865401][ T6635] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 164.874893][ T6635] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 164.883880][ T6635] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 164.897703][ T6635] page_type: f5(slab) [ 164.949066][ T6635] raw: 00fff00000000040 ffff88801b842140 dead000000000122 0000000000000000 [ 165.016232][ T6635] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 165.103518][ T6635] head: 00fff00000000040 ffff88801b842140 dead000000000122 0000000000000000 [ 165.112491][ T6635] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 165.121586][ T6635] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 165.130665][ T6635] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 165.166187][ T6635] page dumped because: unmovable page [ 165.260399][ T6635] page_owner tracks the page as allocated [ 165.280540][ T6635] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 13, tgid 13 (kworker/u8:1), ts 155892572837, free_ts 154222541556 [ 165.310372][ T6635] post_alloc_hook+0x1c0/0x230 [ 165.316287][ T6635] get_page_from_freelist+0x1321/0x3890 [ 165.329532][ T6635] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 165.336607][ T6635] alloc_pages_mpol+0x1fb/0x550 [ 165.342144][ T6635] new_slab+0x23b/0x330 [ 165.346571][ T6635] ___slab_alloc+0xd9c/0x1940 [ 165.352434][ T6635] __slab_alloc.constprop.0+0x56/0xb0 [ 165.358108][ T6635] __kmalloc_node_track_caller_noprof+0x2ee/0x510 [ 165.434923][ T6635] kmalloc_reserve+0xef/0x2c0 [ 165.462624][ T6635] __alloc_skb+0x166/0x380 [ 165.467203][ T6635] nsim_dev_trap_report_work+0x2b1/0xcf0 [ 165.474644][ T6635] process_one_work+0x9cf/0x1b70 [ 165.480063][ T6635] worker_thread+0x6c8/0xf10 [ 165.484845][ T6635] kthread+0x3c2/0x780 [ 165.489129][ T6635] ret_from_fork+0x5d7/0x6f0 [ 165.514928][ T6635] ret_from_fork_asm+0x1a/0x30 [ 165.546115][ T6635] page last free pid 6477 tgid 6473 stack trace: [ 165.596944][ T6635] __free_frozen_pages+0x7fe/0x1180 [ 165.605940][ T6635] __put_partials+0x16d/0x1c0 [ 165.628908][ T6635] qlist_free_all+0x4d/0x120 [ 165.633645][ T6635] kasan_quarantine_reduce+0x195/0x1e0 [ 165.666161][ T6635] __kasan_slab_alloc+0x69/0x90 [ 165.697505][ T6635] __kmalloc_cache_noprof+0x1f1/0x3e0 [ 165.768222][ T6635] kobject_uevent_env+0x265/0x1870 [ 165.850867][ T6635] device_del+0x623/0x9f0 [ 165.855313][ T6635] unregister_netdevice_many_notify+0x1903/0x2700 [ 166.185142][ T6635] ops_undo_list+0x8fc/0xab0 [ 166.304307][ T6635] setup_net+0x2e1/0x510 [ 166.435157][ T6635] copy_net_ns+0x2a6/0x5f0 [ 166.473698][ T6635] create_new_namespaces+0x3ea/0xa90 [ 166.670829][ T6635] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 166.713036][ T6635] ksys_unshare+0x45b/0xa40 [ 166.721087][ T6635] __x64_sys_unshare+0x31/0x40 [ 168.820101][ T6666] netlink: zone id is out of range [ 168.825507][ T6666] netlink: zone id is out of range [ 168.830642][ T6666] netlink: zone id is out of range [ 168.844057][ T6666] netlink: zone id is out of range [ 168.878327][ T6666] netlink: zone id is out of range [ 168.938787][ T6666] netlink: zone id is out of range [ 169.037129][ T6666] netlink: zone id is out of range [ 169.042794][ T6666] netlink: zone id is out of range [ 169.057665][ T6666] netlink: zone id is out of range [ 169.092594][ T6666] netlink: zone id is out of range [ 170.472610][ T6715] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 170.515505][ T6715] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 170.566929][ T6715] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 170.608741][ T6715] page_type: f5(slab) [ 170.637583][ T6715] raw: 00fff00000000040 ffff88801b842140 dead000000000122 0000000000000000 [ 170.772093][ T6715] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 170.780819][ T6715] head: 00fff00000000040 ffff88801b842140 dead000000000122 0000000000000000 [ 170.885495][ T6715] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 170.927523][ T6715] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 170.956565][ T6715] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 171.139216][ T6715] page dumped because: unmovable page [ 171.212730][ T6715] page_owner tracks the page as allocated [ 171.272941][ T6715] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 13, tgid 13 (kworker/u8:1), ts 155892572837, free_ts 154222541556 [ 171.483867][ T6715] post_alloc_hook+0x1c0/0x230 [ 171.528507][ T6715] get_page_from_freelist+0x1321/0x3890 [ 171.534349][ T6715] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 171.540493][ T6715] alloc_pages_mpol+0x1fb/0x550 [ 171.545757][ T6715] new_slab+0x23b/0x330 [ 171.876380][ T6715] ___slab_alloc+0xd9c/0x1940 [ 171.881199][ T6715] __slab_alloc.constprop.0+0x56/0xb0 [ 171.955833][ T6715] __kmalloc_node_track_caller_noprof+0x2ee/0x510 [ 172.016451][ T6715] kmalloc_reserve+0xef/0x2c0 [ 172.021255][ T6715] __alloc_skb+0x166/0x380 [ 172.075187][ T6715] nsim_dev_trap_report_work+0x2b1/0xcf0 [ 172.163234][ T6715] process_one_work+0x9cf/0x1b70 [ 172.188920][ T6715] worker_thread+0x6c8/0xf10 [ 172.244750][ T6715] kthread+0x3c2/0x780 [ 172.248914][ T6715] ret_from_fork+0x5d7/0x6f0 [ 172.257445][ T6715] ret_from_fork_asm+0x1a/0x30 [ 172.267519][ T6715] page last free pid 6746 tgid 6741 stack trace: [ 172.278821][ T6715] __free_frozen_pages+0x7fe/0x1180 [ 172.289350][ T6715] __put_partials+0x16d/0x1c0 [ 172.304573][ T6715] qlist_free_all+0x4d/0x120 [ 172.314100][ T6715] kasan_quarantine_reduce+0x195/0x1e0 [ 172.323979][ T6715] __kasan_slab_alloc+0x69/0x90 [ 172.329049][ T6715] __kmalloc_noprof+0x1d4/0x510 [ 172.531786][ T6715] tomoyo_realpath_from_path+0xc2/0x6e0 [ 172.601499][ T6715] tomoyo_path_number_perm+0x245/0x580 [ 172.616491][ T6715] security_file_ioctl+0x9b/0x240 [ 172.642032][ T6715] __x64_sys_ioctl+0xb7/0x210 [ 172.655633][ T6715] do_syscall_64+0xcd/0x490 [ 172.673071][ T6715] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 180.043589][ T6833] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input9 [ 180.123723][ T6822] random: crng reseeded on system resumption [ 180.919659][ T6834] netlink: 40 bytes leftover after parsing attributes in process `syz.2.153'. [ 198.327019][ T7089] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 198.368839][ T7089] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 198.418299][ T7089] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 198.425964][ T7089] page_type: f5(slab) [ 198.552477][ T7089] raw: 00fff00000000040 ffff88801b842140 dead000000000122 0000000000000000 [ 198.704153][ T7089] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 198.820596][ T7089] head: 00fff00000000040 ffff88801b842140 dead000000000122 0000000000000000 [ 198.829648][ T7089] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 198.838566][ T7089] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 198.853658][ T7089] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 198.863218][ T7089] page dumped because: unmovable page [ 198.869617][ T7089] page_owner tracks the page as allocated [ 198.875592][ T7089] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 12, tgid 12 (kworker/u8:0), ts 189069868955, free_ts 188977539284 [ 198.942015][ T7089] post_alloc_hook+0x1c0/0x230 [ 198.947961][ T7089] get_page_from_freelist+0x1321/0x3890 [ 198.965027][ T7089] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 198.973144][ T7089] alloc_pages_mpol+0x1fb/0x550 [ 198.979647][ T7089] new_slab+0x23b/0x330 [ 198.984133][ T7089] ___slab_alloc+0xd9c/0x1940 [ 198.992039][ T7089] __slab_alloc.constprop.0+0x56/0xb0 [ 199.044966][ T7089] __kmalloc_node_track_caller_noprof+0x2ee/0x510 [ 199.055025][ T7089] kmalloc_reserve+0xef/0x2c0 [ 199.059770][ T7089] __alloc_skb+0x166/0x380 [ 199.064387][ T7089] nsim_dev_trap_report_work+0x2b1/0xcf0 [ 199.071052][ T7089] process_one_work+0x9cf/0x1b70 [ 199.076587][ T7089] worker_thread+0x6c8/0xf10 [ 199.087697][ T7089] kthread+0x3c2/0x780 [ 199.118406][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.124953][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 199.149232][ T7089] ret_from_fork+0x5d7/0x6f0 [ 199.228343][ T7089] ret_from_fork_asm+0x1a/0x30 [ 199.264170][ T7089] page last free pid 5851 tgid 5851 stack trace: [ 199.299438][ T7089] __free_frozen_pages+0x7fe/0x1180 [ 199.333931][ T7089] __put_partials+0x16d/0x1c0 [ 199.338941][ T7089] qlist_free_all+0x4d/0x120 [ 199.361254][ T7089] kasan_quarantine_reduce+0x195/0x1e0 [ 199.367304][ T7089] __kasan_slab_alloc+0x69/0x90 [ 199.372368][ T7089] kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 199.380324][ T7089] ptlock_alloc+0x1f/0x70 [ 199.391362][ T7089] pte_alloc_one+0x82/0x3a0 [ 199.399681][ T7089] __pte_alloc+0x6d/0x3c0 [ 199.404615][ T7089] copy_page_range+0x1aed/0x5740 [ 199.409936][ T7089] dup_mmap+0xe88/0x21d0 [ 199.414934][ T7089] copy_process+0x4081/0x7650 [ 199.421334][ T7089] kernel_clone+0xfc/0x960 [ 199.490781][ T7089] __do_sys_clone+0xce/0x120 [ 199.557247][ T7089] do_syscall_64+0xcd/0x490 [ 199.566414][ T7089] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 201.216368][ T7124] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 201.271686][ T7124] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 201.296188][ T7124] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 201.313129][ T7124] page_type: f5(slab) [ 201.322392][ T7124] raw: 00fff00000000040 ffff88801b842140 dead000000000122 0000000000000000 [ 201.344783][ T7124] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 201.364545][ T7124] head: 00fff00000000040 ffff88801b842140 dead000000000122 0000000000000000 [ 201.381057][ T7124] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 201.391868][ T7124] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 201.440048][ T7124] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 201.492351][ T7124] page dumped because: unmovable page [ 201.533550][ T7124] page_owner tracks the page as allocated [ 201.540323][ T7124] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 12, tgid 12 (kworker/u8:0), ts 189069868955, free_ts 188977539284 [ 201.566072][ T7124] post_alloc_hook+0x1c0/0x230 [ 201.571095][ T7124] get_page_from_freelist+0x1321/0x3890 [ 201.606663][ T7124] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 201.665393][ T7124] alloc_pages_mpol+0x1fb/0x550 [ 201.670547][ T7124] new_slab+0x23b/0x330 [ 201.683995][ T7124] ___slab_alloc+0xd9c/0x1940 [ 201.706934][ T7124] __slab_alloc.constprop.0+0x56/0xb0 [ 201.706998][ T7124] __kmalloc_node_track_caller_noprof+0x2ee/0x510 [ 201.707057][ T7124] kmalloc_reserve+0xef/0x2c0 [ 201.707093][ T7124] __alloc_skb+0x166/0x380 [ 201.707139][ T7124] nsim_dev_trap_report_work+0x2b1/0xcf0 [ 201.707184][ T7124] process_one_work+0x9cf/0x1b70 [ 201.707239][ T7124] worker_thread+0x6c8/0xf10 [ 201.707292][ T7124] kthread+0x3c2/0x780 [ 201.707339][ T7124] ret_from_fork+0x5d7/0x6f0 [ 201.707387][ T7124] ret_from_fork_asm+0x1a/0x30 [ 201.707424][ T7124] page last free pid 5851 tgid 5851 stack trace: [ 201.707446][ T7124] __free_frozen_pages+0x7fe/0x1180 [ 201.707490][ T7124] __put_partials+0x16d/0x1c0 [ 201.707534][ T7124] qlist_free_all+0x4d/0x120 [ 201.707580][ T7124] kasan_quarantine_reduce+0x195/0x1e0 [ 201.707631][ T7124] __kasan_slab_alloc+0x69/0x90 [ 201.707684][ T7124] kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 201.707734][ T7124] ptlock_alloc+0x1f/0x70 [ 201.707776][ T7124] pte_alloc_one+0x82/0x3a0 [ 201.707806][ T7124] __pte_alloc+0x6d/0x3c0 [ 201.707846][ T7124] copy_page_range+0x1aed/0x5740 [ 201.707888][ T7124] dup_mmap+0xe88/0x21d0 [ 201.707927][ T7124] copy_process+0x4081/0x7650 [ 201.718070][ T7124] kernel_clone+0xfc/0x960 [ 201.718115][ T7124] __do_sys_clone+0xce/0x120 [ 201.718144][ T7124] do_syscall_64+0xcd/0x490 [ 201.718179][ T7124] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 201.966467][ T7133] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 201.966508][ T7133] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 201.966537][ T7133] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 201.966568][ T7133] page_type: f5(slab) [ 201.966597][ T7133] raw: 00fff00000000040 ffff88801b842140 dead000000000122 0000000000000000 [ 201.967844][ T7133] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 201.967882][ T7133] head: 00fff00000000040 ffff88801b842140 dead000000000122 0000000000000000 [ 201.967915][ T7133] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 201.967949][ T7133] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 201.967983][ T7133] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 201.968004][ T7133] page dumped because: unmovable page [ 201.968021][ T7133] page_owner tracks the page as allocated [ 201.968035][ T7133] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 12, tgid 12 (kworker/u8:0), ts 189069868955, free_ts 188977539284 [ 201.968097][ T7133] post_alloc_hook+0x1c0/0x230 [ 201.968147][ T7133] get_page_from_freelist+0x1321/0x3890 [ 201.968197][ T7133] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 201.968251][ T7133] alloc_pages_mpol+0x1fb/0x550 [ 201.968281][ T7133] new_slab+0x23b/0x330 [ 201.968321][ T7133] ___slab_alloc+0xd9c/0x1940 [ 201.968362][ T7133] __slab_alloc.constprop.0+0x56/0xb0 [ 201.968407][ T7133] __kmalloc_node_track_caller_noprof+0x2ee/0x510 [ 201.968462][ T7133] kmalloc_reserve+0xef/0x2c0 [ 201.968496][ T7133] __alloc_skb+0x166/0x380 [ 201.968540][ T7133] nsim_dev_trap_report_work+0x2b1/0xcf0 [ 201.968596][ T7133] process_one_work+0x9cf/0x1b70 [ 201.968648][ T7133] worker_thread+0x6c8/0xf10 [ 201.968696][ T7133] kthread+0x3c2/0x780 [ 201.968742][ T7133] ret_from_fork+0x5d7/0x6f0 [ 201.968797][ T7133] ret_from_fork_asm+0x1a/0x30 [ 201.968833][ T7133] page last free pid 5851 tgid 5851 stack trace: [ 201.968853][ T7133] __free_frozen_pages+0x7fe/0x1180 [ 201.968943][ T7133] __put_partials+0x16d/0x1c0 [ 201.968987][ T7133] qlist_free_all+0x4d/0x120 [ 201.969030][ T7133] kasan_quarantine_reduce+0x195/0x1e0 [ 201.969077][ T7133] __kasan_slab_alloc+0x69/0x90 [ 201.969125][ T7133] kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 201.969173][ T7133] ptlock_alloc+0x1f/0x70 [ 201.969210][ T7133] pte_alloc_one+0x82/0x3a0 [ 201.969237][ T7133] __pte_alloc+0x6d/0x3c0 [ 201.969266][ T7133] copy_page_range+0x1aed/0x5740 [ 201.969305][ T7133] dup_mmap+0xe88/0x21d0 [ 201.969341][ T7133] copy_process+0x4081/0x7650 [ 201.969379][ T7133] kernel_clone+0xfc/0x960 [ 201.969417][ T7133] __do_sys_clone+0xce/0x120 [ 201.969456][ T7133] do_syscall_64+0xcd/0x490 [ 201.969503][ T7133] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 206.393501][ T7174] FAULT_INJECTION: forcing a failure. [ 206.393501][ T7174] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 206.409292][ T7174] CPU: 0 UID: 0 PID: 7174 Comm: syz.2.211 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 206.409337][ T7174] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 206.409358][ T7174] Call Trace: [ 206.409368][ T7174] [ 206.409381][ T7174] dump_stack_lvl+0x16c/0x1f0 [ 206.409437][ T7174] should_fail_ex+0x512/0x640 [ 206.409494][ T7174] core_sys_select+0x949/0xc10 [ 206.409553][ T7174] ? __pfx_core_sys_select+0x10/0x10 [ 206.409645][ T7174] ? read_tsc+0x9/0x20 [ 206.409680][ T7174] ? ktime_get_ts64+0x256/0x400 [ 206.409736][ T7174] kern_select+0x15d/0x1e0 [ 206.409798][ T7174] ? __pfx_kern_select+0x10/0x10 [ 206.409849][ T7174] ? xfd_validate_state+0x61/0x180 [ 206.409895][ T7174] ? __pfx_ksys_write+0x10/0x10 [ 206.409949][ T7174] __x64_sys_select+0xbd/0x160 [ 206.409991][ T7174] ? do_syscall_64+0x91/0x490 [ 206.410037][ T7174] ? lockdep_hardirqs_on+0x7c/0x110 [ 206.410086][ T7174] do_syscall_64+0xcd/0x490 [ 206.410142][ T7174] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 206.410176][ T7174] RIP: 0033:0x7f46d0d8e929 [ 206.410203][ T7174] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 206.410230][ T7174] RSP: 002b:00007f46d1c24038 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 206.410261][ T7174] RAX: ffffffffffffffda RBX: 00007f46d0fb5fa0 RCX: 00007f46d0d8e929 [ 206.410276][ T7174] RDX: 00002000000005c0 RSI: 0000200000000480 RDI: 0000000000000005 [ 206.410290][ T7174] RBP: 00007f46d0e10b39 R08: 00002000000001c0 R09: 0000000000000000 [ 206.410305][ T7174] R10: 00002000000006c0 R11: 0000000000000246 R12: 0000000000000000 [ 206.410319][ T7174] R13: 0000000000000000 R14: 00007f46d0fb5fa0 R15: 00007fffa4c38fd8 [ 206.410348][ T7174] [ 210.766768][ T7236] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78010 [ 210.766851][ T7236] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 210.766884][ T7236] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 210.766918][ T7236] page_type: f5(slab) [ 210.766948][ T7236] raw: 00fff00000000040 ffff88801e299140 dead000000000122 0000000000000000 [ 210.766980][ T7236] raw: 0000000000000000 0000000000130013 00000000f5000000 0000000000000000 [ 210.767024][ T7236] head: 00fff00000000040 ffff88801e299140 dead000000000122 0000000000000000 [ 210.767055][ T7236] head: 0000000000000000 0000000000130013 00000000f5000000 0000000000000000 [ 210.767087][ T7236] head: 00fff00000000003 ffffea0001e00401 00000000ffffffff 00000000ffffffff [ 210.767118][ T7236] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 210.767500][ T7236] page dumped because: unmovable page [ 210.767520][ T7236] page_owner tracks the page as allocated [ 210.767533][ T7236] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5227, tgid 5227 (udevd), ts 62672207297, free_ts 62653875010 [ 210.767593][ T7236] post_alloc_hook+0x1c0/0x230 [ 210.767642][ T7236] get_page_from_freelist+0x1321/0x3890 [ 210.767690][ T7236] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 210.767759][ T7236] alloc_pages_mpol+0x1fb/0x550 [ 210.767789][ T7236] new_slab+0x23b/0x330 [ 210.767830][ T7236] ___slab_alloc+0xd9c/0x1940 [ 210.767871][ T7236] __slab_alloc.constprop.0+0x56/0xb0 [ 210.769229][ T7236] kmem_cache_alloc_lru_noprof+0xf4/0x3b0 [ 210.769287][ T7236] shmem_alloc_inode+0x25/0x50 [ 210.769320][ T7236] alloc_inode+0x61/0x240 [ 210.769351][ T7236] new_inode+0x22/0x1c0 [ 210.770155][ T7236] shmem_get_inode+0x19a/0xfb0 [ 210.770190][ T7236] shmem_mknod+0x1a8/0x450 [ 210.770215][ T7236] lookup_open.isra.0+0x11d3/0x1580 [ 210.770243][ T7236] path_openat+0x893/0x2cb0 [ 210.770274][ T7236] do_filp_open+0x20b/0x470 [ 210.770306][ T7236] page last free pid 5225 tgid 5225 stack trace: [ 210.770321][ T7236] __free_frozen_pages+0x7fe/0x1180 [ 210.770351][ T7236] __put_partials+0x16d/0x1c0 [ 210.770380][ T7236] qlist_free_all+0x4d/0x120 [ 210.770411][ T7236] kasan_quarantine_reduce+0x195/0x1e0 [ 210.772928][ T7236] __kasan_slab_alloc+0x69/0x90 [ 210.772989][ T7236] __kmalloc_noprof+0x1d4/0x510 [ 210.773037][ T7236] tomoyo_realpath_from_path+0xc2/0x6e0 [ 210.773084][ T7236] tomoyo_path_perm+0x274/0x460 [ 210.773121][ T7236] security_inode_getattr+0x116/0x290 [ 210.773159][ T7236] vfs_fstat+0x4b/0xe0 [ 210.773189][ T7236] __do_sys_newfstat+0x87/0x100 [ 210.773222][ T7236] do_syscall_64+0xcd/0x490 [ 210.773270][ T7236] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 213.886400][ T7276] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78010 [ 213.940432][ T7276] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 213.958183][ T7276] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 213.992910][ T7276] page_type: f5(slab) [ 214.018799][ T7276] raw: 00fff00000000040 ffff88801e299140 dead000000000122 0000000000000000 [ 214.096313][ T7276] raw: 0000000000000000 0000000000130013 00000000f5000000 0000000000000000 [ 214.160115][ T7276] head: 00fff00000000040 ffff88801e299140 dead000000000122 0000000000000000 [ 214.226512][ T7276] head: 0000000000000000 0000000000130013 00000000f5000000 0000000000000000 [ 214.257893][ T7276] head: 00fff00000000003 ffffea0001e00401 00000000ffffffff 00000000ffffffff [ 214.340736][ T7276] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 214.465645][ T7276] page dumped because: unmovable page [ 214.471118][ T7276] page_owner tracks the page as allocated [ 214.600526][ T7276] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5227, tgid 5227 (udevd), ts 62672207297, free_ts 62653875010 [ 214.621403][ C1] vkms_vblank_simulate: vblank timer overrun [ 214.841349][ T7276] post_alloc_hook+0x1c0/0x230 [ 214.846600][ T7276] get_page_from_freelist+0x1321/0x3890 [ 214.852327][ T7276] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 214.861561][ T7276] alloc_pages_mpol+0x1fb/0x550 [ 214.866655][ T7276] new_slab+0x23b/0x330 [ 214.871052][ T7276] ___slab_alloc+0xd9c/0x1940 [ 214.876786][ T7276] __slab_alloc.constprop.0+0x56/0xb0 [ 214.882385][ T7276] kmem_cache_alloc_lru_noprof+0xf4/0x3b0 [ 214.891257][ T7276] shmem_alloc_inode+0x25/0x50 [ 214.898078][ T7276] alloc_inode+0x61/0x240 [ 215.044955][ T7276] new_inode+0x22/0x1c0 [ 215.175507][ T7276] shmem_get_inode+0x19a/0xfb0 [ 215.180548][ T7276] shmem_mknod+0x1a8/0x450 [ 215.187865][ T7276] lookup_open.isra.0+0x11d3/0x1580 [ 215.193551][ T7276] path_openat+0x893/0x2cb0 [ 215.198192][ T7276] do_filp_open+0x20b/0x470 [ 215.300517][ T7276] page last free pid 5225 tgid 5225 stack trace: [ 215.306919][ T7276] __free_frozen_pages+0x7fe/0x1180 [ 215.428416][ T7276] __put_partials+0x16d/0x1c0 [ 215.532590][ T7276] qlist_free_all+0x4d/0x120 [ 215.537315][ T7276] kasan_quarantine_reduce+0x195/0x1e0 [ 215.549146][ T7276] __kasan_slab_alloc+0x69/0x90 [ 215.554284][ T7276] __kmalloc_noprof+0x1d4/0x510 [ 215.560200][ T7276] tomoyo_realpath_from_path+0xc2/0x6e0 [ 215.566009][ T7276] tomoyo_path_perm+0x274/0x460 [ 215.571484][ T7276] security_inode_getattr+0x116/0x290 [ 215.577102][ T7276] vfs_fstat+0x4b/0xe0 [ 215.581705][ T7276] __do_sys_newfstat+0x87/0x100 [ 215.587174][ T7276] do_syscall_64+0xcd/0x490 [ 215.618862][ T7276] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 215.758314][ T7291] random: crng reseeded on system resumption [ 221.357917][ T7353] can: request_module (can-proto-0) failed. [ 226.087013][ T7422] ======================================================= [ 226.087013][ T7422] WARNING: The mand mount option has been deprecated and [ 226.087013][ T7422] and is ignored by this kernel. Remove the mand [ 226.087013][ T7422] option from the mount to silence this warning. [ 226.087013][ T7422] ======================================================= [ 226.121936][ C0] vkms_vblank_simulate: vblank timer overrun [ 226.676264][ T7400] Bluetooth: hci0: command 0x0406 tx timeout [ 226.679629][ T7399] Bluetooth: hci1: command 0x0406 tx timeout [ 226.682603][ T7400] Bluetooth: hci2: command 0x0406 tx timeout [ 226.682651][ T7400] Bluetooth: hci3: command 0x0406 tx timeout [ 231.782077][ T7487] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 231.834773][ T7487] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 231.878338][ T7487] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 231.917432][ T7487] page_type: f5(slab) [ 231.927500][ T7487] raw: 00fff00000000040 ffff88801b842140 dead000000000122 0000000000000000 [ 231.981822][ T7487] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 232.003393][ T7487] head: 00fff00000000040 ffff88801b842140 dead000000000122 0000000000000000 [ 232.015401][ T7487] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 232.028700][ T7487] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 232.038668][ T7487] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 232.049937][ T7487] page dumped because: unmovable page [ 232.056907][ T7487] page_owner tracks the page as allocated [ 232.064630][ T7487] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 13, tgid 13 (kworker/u8:1), ts 223628371872, free_ts 222196584218 [ 232.099362][ T7487] post_alloc_hook+0x1c0/0x230 [ 232.107780][ T7487] get_page_from_freelist+0x1321/0x3890 [ 232.114874][ T7487] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 232.136564][ T7487] alloc_pages_mpol+0x1fb/0x550 [ 232.146492][ T7487] new_slab+0x23b/0x330 [ 232.150777][ T7487] ___slab_alloc+0xd9c/0x1940 [ 232.198419][ T7487] __slab_alloc.constprop.0+0x56/0xb0 [ 232.219522][ T7487] __kmalloc_node_track_caller_noprof+0x2ee/0x510 [ 232.254096][ T7487] kmalloc_reserve+0xef/0x2c0 [ 232.269127][ T7487] __alloc_skb+0x166/0x380 [ 232.276797][ T7487] nsim_dev_trap_report_work+0x2b1/0xcf0 [ 232.298745][ T7487] process_one_work+0x9cf/0x1b70 [ 232.315046][ T7487] worker_thread+0x6c8/0xf10 [ 232.329845][ T7493] netlink: 338 bytes leftover after parsing attributes in process `syz.0.273'. [ 232.339386][ T7487] kthread+0x3c2/0x780 [ 232.352890][ T7487] ret_from_fork+0x5d7/0x6f0 [ 232.360291][ T7487] ret_from_fork_asm+0x1a/0x30 [ 232.369647][ T7487] page last free pid 5982 tgid 5982 stack trace: [ 232.379729][ T7487] __free_frozen_pages+0x7fe/0x1180 [ 232.389835][ T7487] __folio_put+0x329/0x450 [ 232.396791][ T7487] skb_release_data+0x7fb/0x9c0 [ 232.406785][ T7487] napi_consume_skb+0x15a/0x220 [ 232.416848][ T7487] net_rx_action+0x47f/0xfe0 [ 232.426764][ T7487] handle_softirqs+0x219/0x8e0 [ 232.437425][ T7487] do_softirq+0xb2/0xf0 [ 232.446283][ T7487] __local_bh_enable_ip+0x100/0x120 [ 232.458652][ T7487] wg_socket_send_skb_to_peer+0x145/0x210 [ 232.471656][ T7487] wg_packet_tx_worker+0x1aa/0x810 [ 232.481510][ T7487] process_one_work+0x9cf/0x1b70 [ 232.493435][ T7487] worker_thread+0x6c8/0xf10 [ 232.505690][ T7487] kthread+0x3c2/0x780 [ 232.515778][ T7487] ret_from_fork+0x5d7/0x6f0 [ 232.528413][ T7487] ret_from_fork_asm+0x1a/0x30 [ 233.731000][ T7511] net_ratelimit: 25 callbacks suppressed [ 233.731019][ T7511] openvswitch: netlink: Message has 8 unknown bytes. [ 235.455315][ T7538] ovs_ÿþ: entered promiscuous mode [ 235.842989][ T7536] mmap: syz.1.281 (7536) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 236.137230][ T30] audit: type=1800 audit(6047137688.861:2): pid=7541 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.282" name="dbroot" dev="configfs" ino=13501 res=0 errno=0 [ 239.100806][ T7595] usb usb2: usbfs: process 7595 (syz.0.292) did not claim interface 1 before use [ 242.864941][ T7642] ovs_ÿþ: entered promiscuous mode [ 243.174181][ T30] audit: type=1800 audit(6047137695.938:3): pid=7642 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.303" name="dbroot" dev="configfs" ino=12841 res=0 errno=0 [ 260.243058][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 260.249954][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 288.465512][T10107] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 0, inode_bitmap = 137 [ 288.503960][T10107] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 1, inode_bitmap = 138 [ 288.593764][T10107] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz-executor: bg 0: bad block bitmap checksum [ 289.609644][ T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 289.815190][ T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 289.888038][ T5852] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 289.897981][ T5852] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 289.912492][ T5852] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 289.937920][ T5852] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 289.950695][ T5852] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 290.030106][ T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 290.351493][ T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 290.965733][ T12] bridge_slave_1: left allmulticast mode [ 290.980278][ T12] bridge_slave_1: left promiscuous mode [ 291.016628][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 291.062565][ T12] bridge_slave_0: left allmulticast mode [ 291.077293][ T12] bridge_slave_0: left promiscuous mode [ 291.083254][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 291.991962][ T5852] Bluetooth: hci2: command tx timeout [ 292.680288][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 292.714909][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 292.766566][ T12] bond0 (unregistering): Released all slaves [ 293.303851][T10165] chnl_net:caif_netlink_parms(): no params data found [ 293.881612][ T12] hsr_slave_0: left promiscuous mode [ 293.911997][ T12] hsr_slave_1: left promiscuous mode [ 293.918298][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 293.961376][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 293.982002][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 293.989483][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 294.060938][ T5852] Bluetooth: hci2: command tx timeout [ 294.123344][ T12] veth1_macvtap: left promiscuous mode [ 294.129294][ T12] veth0_macvtap: left promiscuous mode [ 294.135217][ T12] veth1_vlan: left promiscuous mode [ 294.143080][ T12] veth0_vlan: left promiscuous mode [ 296.130254][ T5852] Bluetooth: hci2: command tx timeout [ 296.493242][ T12] team0 (unregistering): Port device team_slave_1 removed [ 296.734005][ T12] team0 (unregistering): Port device team_slave_0 removed [ 298.208579][ T5852] Bluetooth: hci2: command tx timeout [ 300.279514][T10165] bridge0: port 1(bridge_slave_0) entered blocking state [ 300.286752][T10165] bridge0: port 1(bridge_slave_0) entered disabled state [ 300.358362][T10165] bridge_slave_0: entered allmulticast mode [ 300.390112][T10165] bridge_slave_0: entered promiscuous mode [ 300.455324][T10165] bridge0: port 2(bridge_slave_1) entered blocking state [ 300.537345][T10165] bridge0: port 2(bridge_slave_1) entered disabled state [ 300.564169][T10165] bridge_slave_1: entered allmulticast mode [ 300.598878][T10165] bridge_slave_1: entered promiscuous mode [ 300.955343][T10165] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 301.021049][T10165] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 301.292425][T10165] team0: Port device team_slave_0 added [ 301.350633][T10165] team0: Port device team_slave_1 added [ 301.627293][T10165] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 301.672316][T10165] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 301.820566][T10165] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 301.862751][T10165] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 301.869768][T10165] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 301.962249][T10165] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 302.288564][T10165] hsr_slave_0: entered promiscuous mode [ 302.325816][T10165] hsr_slave_1: entered promiscuous mode [ 302.376879][T10165] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 302.405207][T10165] Cannot create hsr debugfs directory [ 304.422945][T10165] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 304.494344][T10165] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 304.555547][T10165] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 304.671523][T10165] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 305.135612][T10165] 8021q: adding VLAN 0 to HW filter on device bond0 [ 305.217855][T10165] 8021q: adding VLAN 0 to HW filter on device team0 [ 305.301302][ T1105] bridge0: port 1(bridge_slave_0) entered blocking state [ 305.308542][ T1105] bridge0: port 1(bridge_slave_0) entered forwarding state [ 305.369797][ T1105] bridge0: port 2(bridge_slave_1) entered blocking state [ 305.377090][ T1105] bridge0: port 2(bridge_slave_1) entered forwarding state [ 305.672777][T10165] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 306.628751][T10165] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 306.871036][T10165] veth0_vlan: entered promiscuous mode [ 306.956856][T10165] veth1_vlan: entered promiscuous mode [ 307.158544][T10165] veth0_macvtap: entered promiscuous mode [ 307.235326][T10165] veth1_macvtap: entered promiscuous mode [ 307.336392][T10165] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 307.420678][T10165] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 307.497732][T10165] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 307.560758][T10165] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 307.600779][T10165] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 307.660148][T10165] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 308.039553][ T1147] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 308.047484][ T1147] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 308.305744][ T1147] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 308.342017][ T1147] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 310.187653][ T5856] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 310.207368][ T5856] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 310.216094][ T5856] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 310.243197][ T5856] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 310.252097][ T5856] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 310.803613][ T37] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 311.129002][ T37] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 311.363732][ T37] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 311.586399][ T30] audit: type=1804 audit(6047137764.704:4): pid=10959 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.3039" name="/newroot/sys/kernel/debug/tracing/dynamic_events" dev="tracefs" ino=29 res=1 errno=0 [ 311.716555][ T37] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 311.850029][T10968] Line length is too long: Should be less than 4094 [ 311.984620][T10968] Line length is too long: Should be less than 4094 [ 312.366200][ T5856] Bluetooth: hci1: command tx timeout [ 312.747575][ T37] bridge_slave_1: left allmulticast mode [ 312.786638][ T37] bridge_slave_1: left promiscuous mode [ 312.792532][ T37] bridge0: port 2(bridge_slave_1) entered disabled state [ 312.868689][ T37] bridge_slave_0: left allmulticast mode [ 312.891071][T10994] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3063'. [ 312.896779][ T37] bridge_slave_0: left promiscuous mode [ 312.936625][T10994] netlink: 354 bytes leftover after parsing attributes in process `syz.1.3063'. [ 312.942935][ T37] bridge0: port 1(bridge_slave_0) entered disabled state [ 314.436178][ T5856] Bluetooth: hci1: command tx timeout [ 315.271510][ T37] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 315.341332][ T37] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 315.391254][ T37] bond0 (unregistering): Released all slaves [ 315.601184][T10918] chnl_net:caif_netlink_parms(): no params data found [ 315.749917][ T37] tipc: Left network mode [ 316.504342][ T5856] Bluetooth: hci1: command tx timeout [ 316.658583][T10918] bridge0: port 1(bridge_slave_0) entered blocking state [ 316.730136][T10918] bridge0: port 1(bridge_slave_0) entered disabled state [ 316.764801][T10918] bridge_slave_0: entered allmulticast mode [ 316.799077][T10918] bridge_slave_0: entered promiscuous mode [ 317.063292][T11091] random: crng reseeded on system resumption [ 317.261171][T10918] bridge0: port 2(bridge_slave_1) entered blocking state [ 317.268399][T10918] bridge0: port 2(bridge_slave_1) entered disabled state [ 317.340464][T10918] bridge_slave_1: entered allmulticast mode [ 317.348542][T10918] bridge_slave_1: entered promiscuous mode [ 317.842516][ T37] hsr_slave_0: left promiscuous mode [ 317.914071][ T37] hsr_slave_1: left promiscuous mode [ 317.958169][ T37] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 318.005888][ T37] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 318.057227][ T37] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 318.105491][ T37] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 318.240172][ T37] veth1_macvtap: left promiscuous mode [ 318.287954][ T37] veth0_macvtap: left promiscuous mode [ 318.310960][ T37] veth1_vlan: left promiscuous mode [ 318.327100][ T37] veth0_vlan: left promiscuous mode [ 318.574004][ T5856] Bluetooth: hci1: command tx timeout [ 320.884578][ T37] team0 (unregistering): Port device team_slave_1 removed [ 321.126537][ T37] team0 (unregistering): Port device team_slave_0 removed [ 321.365581][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 321.372070][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 323.487396][T10918] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 323.531757][T10918] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 324.037295][T10918] team0: Port device team_slave_0 added [ 324.078486][T10918] team0: Port device team_slave_1 added [ 324.281089][T10918] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 324.323979][T10918] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 324.392158][T10918] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 324.568033][T10918] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 324.597316][T10918] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 324.654398][T10918] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 324.946080][T10918] hsr_slave_0: entered promiscuous mode [ 324.976270][T10918] hsr_slave_1: entered promiscuous mode [ 325.011091][T10918] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 325.018760][T10918] Cannot create hsr debugfs directory [ 326.901877][T11337] kafs: addr_prefs: Invalid Command [ 327.430758][T10918] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 327.473517][T10918] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 327.518233][T10918] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 327.675396][T10918] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 328.195133][T10918] 8021q: adding VLAN 0 to HW filter on device bond0 [ 328.324312][T10918] 8021q: adding VLAN 0 to HW filter on device team0 [ 328.477308][ T1163] bridge0: port 1(bridge_slave_0) entered blocking state [ 328.484574][ T1163] bridge0: port 1(bridge_slave_0) entered forwarding state [ 328.540058][ T1163] bridge0: port 2(bridge_slave_1) entered blocking state [ 328.547282][ T1163] bridge0: port 2(bridge_slave_1) entered forwarding state [ 329.283876][T11447] syz.1.3363: vmalloc error: size 1896448, failed to allocate pages, mode:0xcc2(GFP_KERNEL|__GFP_HIGHMEM), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 329.403302][T11447] CPU: 1 UID: 0 PID: 11447 Comm: syz.1.3363 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 329.403355][T11447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 329.403374][T11447] Call Trace: [ 329.403385][T11447] [ 329.403402][T11447] dump_stack_lvl+0x16c/0x1f0 [ 329.403460][T11447] warn_alloc+0x248/0x3a0 [ 329.403514][T11447] ? __pfx_warn_alloc+0x10/0x10 [ 329.403568][T11447] ? alloc_pages_mpol+0x25a/0x550 [ 329.403610][T11447] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 329.403661][T11447] __vmalloc_node_range_noprof+0x11d4/0x14b0 [ 329.403722][T11447] ? __snd_dma_alloc_pages+0x50/0x90 [ 329.403778][T11447] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 329.403830][T11447] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 329.403888][T11447] ? __snd_dma_alloc_pages+0x50/0x90 [ 329.403930][T11447] __vmalloc_node_noprof+0xad/0xf0 [ 329.403973][T11447] ? __snd_dma_alloc_pages+0x50/0x90 [ 329.404014][T11447] ? __pfx_snd_dma_vmalloc_alloc+0x10/0x10 [ 329.404064][T11447] __snd_dma_alloc_pages+0x50/0x90 [ 329.404108][T11447] snd_dma_alloc_dir_pages+0x151/0x240 [ 329.404155][T11447] do_alloc_pages+0x115/0x280 [ 329.404200][T11447] snd_pcm_lib_malloc_pages+0x3df/0x980 [ 329.404250][T11447] snd_pcm_hw_params+0x15e1/0x1b40 [ 329.404297][T11447] ? __pfx_snd_pcm_hw_params+0x10/0x10 [ 329.404339][T11447] ? snd_pcm_hw_param_near.constprop.0+0x734/0x8e0 [ 329.404383][T11447] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 329.404420][T11447] ? __asan_memset+0x23/0x50 [ 329.404467][T11447] snd_pcm_kernel_ioctl+0x147/0x2e0 [ 329.404511][T11447] snd_pcm_oss_change_params_locked+0x1432/0x3a30 [ 329.404569][T11447] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 329.404620][T11447] ? snd_pcm_oss_sync+0x30c/0x840 [ 329.404687][T11447] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 329.404726][T11447] snd_pcm_oss_sync+0x32e/0x840 [ 329.404771][T11447] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 329.404807][T11447] snd_pcm_oss_release+0x28b/0x310 [ 329.404846][T11447] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 329.404881][T11447] __fput+0x402/0xb70 [ 329.404924][T11447] task_work_run+0x150/0x240 [ 329.404980][T11447] ? __pfx_task_work_run+0x10/0x10 [ 329.405035][T11447] ? __pfx___do_sys_close_range+0x10/0x10 [ 329.405094][T11447] exit_to_user_mode_loop+0xeb/0x110 [ 329.405150][T11447] do_syscall_64+0x3f6/0x490 [ 329.405204][T11447] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 329.405236][T11447] RIP: 0033:0x7f431f58e929 [ 329.405262][T11447] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 329.405294][T11447] RSP: 002b:00007f4320414038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 329.405325][T11447] RAX: 0000000000000000 RBX: 00007f431f7b5fa0 RCX: 00007f431f58e929 [ 329.405345][T11447] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 329.405363][T11447] RBP: 00007f431f610b39 R08: 0000000000000000 R09: 0000000000000000 [ 329.405383][T11447] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 329.405401][T11447] R13: 0000000000000000 R14: 00007f431f7b5fa0 R15: 00007ffe1fa1f6c8 [ 329.405443][T11447] [ 329.406234][T11447] Mem-Info: [ 329.845835][T11447] active_anon:3544 inactive_anon:7391 isolated_anon:0 [ 329.845835][T11447] active_file:4516 inactive_file:47821 isolated_file:0 [ 329.845835][T11447] unevictable:768 dirty:113 writeback:0 [ 329.845835][T11447] slab_reclaimable:9906 slab_unreclaimable:94303 [ 329.845835][T11447] mapped:14523 shmem:1375 pagetables:1174 [ 329.845835][T11447] sec_pagetables:0 bounce:0 [ 329.845835][T11447] kernel_misc_reclaimable:0 [ 329.845835][T11447] free:1329585 free_pcp:12328 free_cma:0 [ 329.964318][T11447] Node 0 active_anon:14184kB inactive_anon:29712kB active_file:18064kB inactive_file:191152kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:58128kB dirty:500kB writeback:0kB shmem:3972kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11576kB pagetables:4708kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 330.031050][T11447] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:132kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:112kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 330.091411][T10918] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 330.108902][T11447] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 330.177739][T11447] lowmem_reserve[]: 0 2480 2482 2482 2482 [ 330.190002][T11447] Node 0 DMA32 free:1396140kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:14140kB inactive_anon:29612kB active_file:16828kB inactive_file:191080kB unevictable:1536kB writepending:500kB present:3129332kB managed:2540352kB mlocked:0kB bounce:0kB free_pcp:36560kB local_pcp:20840kB free_cma:0kB [ 330.325680][T11447] lowmem_reserve[]: 0 0 1 1 1 [ 330.353912][T11447] Node 0 Normal free:16kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:1236kB inactive_file:72kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:20kB local_pcp:12kB free_cma:0kB [ 330.385653][T11447] lowmem_reserve[]: 0 0 0 0 0 [ 330.428158][T10918] veth0_vlan: entered promiscuous mode [ 330.434329][T11447] Node 1 Normal free:3906676kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:132kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:11968kB local_pcp:2368kB free_cma:0kB [ 330.520077][T10918] veth1_vlan: entered promiscuous mode [ 330.532162][T11447] lowmem_reserve[]: 0 0 0 0 0 [ 330.540358][T11447] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 330.575284][T11447] Node 0 DMA32: 1*4kB (E) 275*8kB (M) 623*16kB (M) 441*32kB (ME) 330*64kB (ME) 117*128kB (UME) 56*256kB (ME) 37*512kB (UME) 32*1024kB (UM) 13*2048kB (UME) 303*4096kB (UM) = 1396140kB [ 330.610007][T11447] Node 0 Normal: 0*4kB 2*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 330.622436][T11447] Node 1 Normal: 199*4kB (UME) 63*8kB (UME) 46*16kB (UME) 164*32kB (UME) 52*64kB (UME) 10*128kB (UME) 6*256kB (UM) 4*512kB (UME) 2*1024kB (ME) 1*2048kB (E) 949*4096kB (M) = 3906676kB [ 330.656193][T11447] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 330.667585][T11447] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 330.721779][T11447] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 330.734780][T10918] veth0_macvtap: entered promiscuous mode [ 330.771276][T10918] veth1_macvtap: entered promiscuous mode [ 330.804881][T11447] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 330.862234][T10918] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 330.869799][T11447] 53710 total pagecache pages [ 330.874527][T11447] 0 pages in swap cache [ 330.878694][T11447] Free swap = 124996kB [ 330.937171][T11447] Total swap = 124996kB [ 330.943583][T10918] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 330.961798][T11447] 2097051 pages RAM [ 330.965649][T11447] 0 pages HighMem/MovableOnly [ 330.996959][T10918] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 331.018297][T11447] 429985 pages reserved [ 331.027132][T10918] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 331.038467][T11447] 0 pages cma reserved [ 331.070886][T10918] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 331.108639][T10918] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 331.477799][ T1163] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 331.530878][ T1163] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 331.643932][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 331.710252][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 333.526323][ T5852] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 333.538400][ T5852] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 333.558327][ T5852] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 333.572471][ T5852] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 333.586502][ T5852] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 333.753218][T11551] delete_channel: no stack [ 333.818013][ T60] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 334.100256][ T60] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 334.406471][ T60] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 335.153477][ T60] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 335.247062][T11546] chnl_net:caif_netlink_parms(): no params data found [ 335.614948][ T5856] Bluetooth: hci3: command tx timeout [ 335.858412][T11546] bridge0: port 1(bridge_slave_0) entered blocking state [ 335.901116][T11546] bridge0: port 1(bridge_slave_0) entered disabled state [ 335.914537][T11546] bridge_slave_0: entered allmulticast mode [ 335.934111][T11546] bridge_slave_0: entered promiscuous mode [ 336.001925][T11546] bridge0: port 2(bridge_slave_1) entered blocking state [ 336.036647][T11546] bridge0: port 2(bridge_slave_1) entered disabled state [ 336.075951][T11546] bridge_slave_1: entered allmulticast mode [ 336.136383][T11546] bridge_slave_1: entered promiscuous mode [ 336.406898][T11546] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 336.444278][ T60] bridge_slave_1: left allmulticast mode [ 336.450022][ T60] bridge_slave_1: left promiscuous mode [ 336.462519][ T60] bridge0: port 2(bridge_slave_1) entered disabled state [ 336.555161][ T60] bridge_slave_0: left allmulticast mode [ 336.599290][ T60] bridge_slave_0: left promiscuous mode [ 336.619945][ T60] bridge0: port 1(bridge_slave_0) entered disabled state [ 336.944925][T11635] ubi0: attaching mtd0 [ 336.976035][T11635] ubi0: scanning is finished [ 337.027799][T11635] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 337.244748][T11635] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 337.674938][ T5856] Bluetooth: hci3: command tx timeout [ 338.527431][ T60] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 338.554050][ T60] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 338.593545][ T60] bond0 (unregistering): Released all slaves [ 338.650752][T11546] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 338.828512][ T60] ovs_ÿþ: left promiscuous mode [ 339.026387][T11546] team0: Port device team_slave_0 added [ 339.103108][T11546] team0: Port device team_slave_1 added [ 339.637927][T11546] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 339.691449][T11546] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 339.743488][ T5856] Bluetooth: hci3: command tx timeout [ 339.812991][T11546] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 339.936686][T11546] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 339.964968][T11546] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 340.066559][T11546] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 340.801398][ T60] hsr_slave_0: left promiscuous mode [ 340.893516][ T60] hsr_slave_1: left promiscuous mode [ 340.928630][ T60] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 340.936133][ T60] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 341.001609][ T60] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 341.025051][ T60] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 341.087464][ T60] veth1_macvtap: left promiscuous mode [ 341.102618][ T60] veth0_macvtap: left promiscuous mode [ 341.116360][ T60] veth1_vlan: left promiscuous mode [ 341.125245][ T60] veth0_vlan: left promiscuous mode [ 341.812659][ T5856] Bluetooth: hci3: command tx timeout [ 343.057454][ T60] team0 (unregistering): Port device team_slave_1 removed [ 343.221134][ T60] team0 (unregistering): Port device team_slave_0 removed [ 345.496705][T11546] hsr_slave_0: entered promiscuous mode [ 345.514778][T11546] hsr_slave_1: entered promiscuous mode [ 345.521406][T11546] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 345.584907][T11546] Cannot create hsr debugfs directory [ 346.676858][T11788] [ 346.679270][T11788] ====================================================== [ 346.686360][T11788] WARNING: possible circular locking dependency detected [ 346.693468][T11788] 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 Not tainted [ 346.700639][T11788] ------------------------------------------------------ [ 346.707720][T11788] syz.1.3526/11788 is trying to acquire lock: [ 346.713843][T11788] ffff88805cb96988 (&type->i_mutex_dir_key#6){++++}-{4:4}, at: walk_component+0x345/0x5b0 [ 346.723896][T11788] [ 346.723896][T11788] but task is already holding lock: [ 346.731307][T11788] ffffffff8e483528 (param_lock){+.+.}-{4:4}, at: param_attr_store+0xec/0x300 [ 346.740175][T11788] [ 346.740175][T11788] which lock already depends on the new lock. [ 346.740175][T11788] [ 346.750607][T11788] [ 346.750607][T11788] the existing dependency chain (in reverse order) is: [ 346.759654][T11788] [ 346.759654][T11788] -> #3 (param_lock){+.+.}-{4:4}: [ 346.766927][T11788] __mutex_lock+0x199/0xb90 [ 346.772014][T11788] ieee80211_init_rate_ctrl_alg+0x18d/0x6b0 [ 346.778505][T11788] ieee80211_register_hw+0x2124/0x4140 [ 346.784524][T11788] mac80211_hwsim_new_radio+0x3034/0x54d0 [ 346.790824][T11788] init_mac80211_hwsim+0x44e/0x900 [ 346.796523][T11788] do_one_initcall+0x120/0x6e0 [ 346.801859][T11788] kernel_init_freeable+0x5c2/0x900 [ 346.807635][T11788] kernel_init+0x1c/0x2b0 [ 346.812527][T11788] ret_from_fork+0x5d7/0x6f0 [ 346.817688][T11788] ret_from_fork_asm+0x1a/0x30 [ 346.823007][T11788] [ 346.823007][T11788] -> #2 (rtnl_mutex){+.+.}-{4:4}: [ 346.830266][T11788] __mutex_lock+0x199/0xb90 [ 346.835345][T11788] cgrp_css_online+0xa2/0x1f0 [ 346.840581][T11788] online_css+0xaf/0x350 [ 346.845389][T11788] cgroup_apply_control_enable+0x702/0xbb0 [ 346.851764][T11788] cgroup_mkdir+0x5e7/0x11f0 [ 346.856922][T11788] kernfs_iop_mkdir+0x10e/0x190 [ 346.862347][T11788] vfs_mkdir+0x593/0x8c0 [ 346.867160][T11788] do_mkdirat+0x304/0x3e0 [ 346.872072][T11788] __x64_sys_mkdirat+0x83/0xb0 [ 346.877420][T11788] do_syscall_64+0xcd/0x490 [ 346.882495][T11788] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 346.888957][T11788] [ 346.888957][T11788] -> #1 (cgroup_mutex){+.+.}-{4:4}: [ 346.896400][T11788] __mutex_lock+0x199/0xb90 [ 346.901487][T11788] cgroup_kn_lock_live+0x116/0x520 [ 346.907164][T11788] cgroup_rmdir+0x20/0x2b0 [ 346.912152][T11788] kernfs_iop_rmdir+0x103/0x170 [ 346.917572][T11788] vfs_rmdir+0x206/0x690 [ 346.922505][T11788] do_rmdir+0x2e8/0x3c0 [ 346.927229][T11788] __x64_sys_rmdir+0xc5/0x110 [ 346.932475][T11788] do_syscall_64+0xcd/0x490 [ 346.937548][T11788] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 346.943996][T11788] [ 346.943996][T11788] -> #0 (&type->i_mutex_dir_key#6){++++}-{4:4}: [ 346.952485][T11788] __lock_acquire+0x126f/0x1c90 [ 346.957902][T11788] lock_acquire+0x179/0x350 [ 346.962970][T11788] down_read+0x9b/0x480 [ 346.967676][T11788] walk_component+0x345/0x5b0 [ 346.972915][T11788] path_lookupat+0x142/0x6d0 [ 346.978067][T11788] filename_lookup+0x224/0x5f0 [ 346.983406][T11788] kern_path+0x35/0x50 [ 346.988043][T11788] lookup_bdev+0xd8/0x280 [ 346.992942][T11788] bdev_file_open_by_path+0x82/0x330 [ 346.998797][T11788] block2mtd_setup2+0x317/0xe10 [ 347.004215][T11788] block2mtd_setup+0xbd/0x110 [ 347.009463][T11788] param_attr_store+0x196/0x300 [ 347.014869][T11788] module_attr_store+0x58/0x80 [ 347.020183][T11788] sysfs_kf_write+0xef/0x150 [ 347.025333][T11788] kernfs_fop_write_iter+0x354/0x510 [ 347.031272][T11788] vfs_write+0x6c4/0x1150 [ 347.036176][T11788] ksys_write+0x12a/0x250 [ 347.041069][T11788] do_syscall_64+0xcd/0x490 [ 347.046205][T11788] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 347.052652][T11788] [ 347.052652][T11788] other info that might help us debug this: [ 347.052652][T11788] [ 347.062990][T11788] Chain exists of: [ 347.062990][T11788] &type->i_mutex_dir_key#6 --> rtnl_mutex --> param_lock [ 347.062990][T11788] [ 347.076010][T11788] Possible unsafe locking scenario: [ 347.076010][T11788] [ 347.083486][T11788] CPU0 CPU1 [ 347.088873][T11788] ---- ---- [ 347.094256][T11788] lock(param_lock); [ 347.098273][T11788] lock(rtnl_mutex); [ 347.104809][T11788] lock(param_lock); [ 347.111342][T11788] rlock(&type->i_mutex_dir_key#6); [ 347.116671][T11788] [ 347.116671][T11788] *** DEADLOCK *** [ 347.116671][T11788] [ 347.124834][T11788] 5 locks held by syz.1.3526/11788: [ 347.130057][T11788] #0: ffff88807529c9b8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2a2/0x370 [ 347.139205][T11788] #1: ffff888035f0a428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 347.148261][T11788] #2: ffff888030e82c88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 [ 347.158069][T11788] #3: ffff888032c66968 (kn->active#4){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 [ 347.168067][T11788] #4: ffffffff8e483528 (param_lock){+.+.}-{4:4}, at: param_attr_store+0xec/0x300 [ 347.177368][T11788] [ 347.177368][T11788] stack backtrace: [ 347.183284][T11788] CPU: 1 UID: 0 PID: 11788 Comm: syz.1.3526 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 347.183319][T11788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 347.183335][T11788] Call Trace: [ 347.183346][T11788] [ 347.183357][T11788] dump_stack_lvl+0x116/0x1f0 [ 347.183401][T11788] print_circular_bug+0x275/0x350 [ 347.183440][T11788] check_noncircular+0x14c/0x170 [ 347.183481][T11788] __lock_acquire+0x126f/0x1c90 [ 347.183526][T11788] lock_acquire+0x179/0x350 [ 347.183562][T11788] ? walk_component+0x345/0x5b0 [ 347.183599][T11788] ? __pfx___might_resched+0x10/0x10 [ 347.183630][T11788] ? __d_lookup+0x25c/0x4a0 [ 347.183662][T11788] down_read+0x9b/0x480 [ 347.183686][T11788] ? walk_component+0x345/0x5b0 [ 347.183720][T11788] ? __d_lookup+0x266/0x4a0 [ 347.183749][T11788] ? __pfx_down_read+0x10/0x10 [ 347.183775][T11788] ? lookup_fast+0x156/0x610 [ 347.183811][T11788] walk_component+0x345/0x5b0 [ 347.183848][T11788] path_lookupat+0x142/0x6d0 [ 347.183886][T11788] filename_lookup+0x224/0x5f0 [ 347.183926][T11788] ? __pfx_filename_lookup+0x10/0x10 [ 347.183978][T11788] ? getname_kernel+0x52/0x370 [ 347.184004][T11788] ? __asan_memcpy+0x3c/0x60 [ 347.184044][T11788] kern_path+0x35/0x50 [ 347.184081][T11788] lookup_bdev+0xd8/0x280 [ 347.184118][T11788] ? __pfx_lookup_bdev+0x10/0x10 [ 347.184155][T11788] bdev_file_open_by_path+0x82/0x330 [ 347.184193][T11788] ? __pfx_bdev_file_open_by_path+0x10/0x10 [ 347.184237][T11788] block2mtd_setup2+0x317/0xe10 [ 347.184287][T11788] ? __pfx_block2mtd_setup2+0x10/0x10 [ 347.184336][T11788] ? __pfx___mutex_trylock_common+0x10/0x10 [ 347.184384][T11788] ? __pfx___might_resched+0x10/0x10 [ 347.184419][T11788] ? rcu_is_watching+0x12/0xc0 [ 347.184454][T11788] ? trace_contention_end+0xdd/0x130 [ 347.184519][T11788] block2mtd_setup+0xbd/0x110 [ 347.184561][T11788] param_attr_store+0x196/0x300 [ 347.184593][T11788] ? __pfx_param_attr_store+0x10/0x10 [ 347.184623][T11788] module_attr_store+0x58/0x80 [ 347.184647][T11788] ? __pfx_module_attr_store+0x10/0x10 [ 347.184673][T11788] sysfs_kf_write+0xef/0x150 [ 347.184707][T11788] kernfs_fop_write_iter+0x354/0x510 [ 347.184736][T11788] ? __pfx_sysfs_kf_write+0x10/0x10 [ 347.184770][T11788] vfs_write+0x6c4/0x1150 [ 347.184810][T11788] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 347.184840][T11788] ? __pfx___mutex_lock+0x10/0x10 [ 347.184882][T11788] ? __pfx_vfs_write+0x10/0x10 [ 347.184931][T11788] ksys_write+0x12a/0x250 [ 347.184970][T11788] ? __pfx_ksys_write+0x10/0x10 [ 347.185014][T11788] do_syscall_64+0xcd/0x490 [ 347.185057][T11788] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 347.185092][T11788] RIP: 0033:0x7f431f58e929 [ 347.185113][T11788] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 347.185140][T11788] RSP: 002b:00007f4320414038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 347.185165][T11788] RAX: ffffffffffffffda RBX: 00007f431f7b5fa0 RCX: 00007f431f58e929 [ 347.185184][T11788] RDX: 0000000000000024 RSI: 0000200000000140 RDI: 0000000000000001 [ 347.185201][T11788] RBP: 00007f431f610b39 R08: 0000000000000000 R09: 0000000000000000 [ 347.185217][T11788] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 347.185234][T11788] R13: 0000000000000000 R14: 00007f431f7b5fa0 R15: 00007ffe1fa1f6c8 [ 347.185259][T11788] SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 347.623479][T11788] block2mtd: error: cannot open device çinX‘©¼Ëò¨±ÂÚjFBçB>U»;߸³Ilk¬ [ 348.174489][ T5842] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem [ 348.199083][ T5842] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem [ 348.267723][T10120] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem [ 348.279746][T10120] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem [ 348.314387][ T60] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 348.387339][ T60] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 348.459383][ T60] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 348.536153][ T60] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 348.705714][ T60] bridge_slave_1: left allmulticast mode [ 348.728259][ T60] bridge_slave_1: left promiscuous mode [ 348.734086][ T60] bridge0: port 2(bridge_slave_1) entered disabled state [ 348.738058][T11546] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem [ 348.761889][ T60] bridge_slave_0: left allmulticast mode [ 348.775033][ T60] bridge_slave_0: left promiscuous mode [ 348.779125][T11546] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem [ 348.790684][ T60] bridge0: port 1(bridge_slave_0) entered disabled state [ 348.914607][ T60] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 348.926862][ T60] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 348.937284][ T60] bond0 (unregistering): Released all slaves [ 348.994877][ T60] ovs_ÿþ: left promiscuous mode [ 349.132710][T11777] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem [ 349.191792][T11777] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem [ 349.237741][ T60] hsr_slave_0: left promiscuous mode [ 349.255461][ T60] hsr_slave_1: left promiscuous mode [ 349.261429][ T60] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 349.277296][ T60] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 349.295661][ T60] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 349.303147][ T60] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 349.346616][ T60] veth1_macvtap: left promiscuous mode [ 349.352222][ T60] veth0_macvtap: left promiscuous mode [ 349.375727][ T60] veth1_vlan: left promiscuous mode [ 349.381112][ T60] veth0_vlan: left promiscuous mode [ 349.580640][T11777] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem [ 349.724841][ T60] team0 (unregistering): Port device team_slave_1 removed [ 349.752813][ T60] team0 (unregistering): Port device team_slave_0 removed [ 350.193208][ T60] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 350.235692][ T60] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 350.307860][ T60] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 350.365355][ T60] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 350.490221][ T60] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 350.543498][ T60] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 350.627069][ T60] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 350.682780][ T60] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 350.804100][ T60] bridge_slave_1: left allmulticast mode [ 350.823970][ T60] bridge_slave_1: left promiscuous mode [ 350.830442][ T60] bridge0: port 2(bridge_slave_1) entered disabled state [ 350.839511][ T60] bridge_slave_0: left allmulticast mode [ 350.845317][ T60] bridge_slave_0: left promiscuous mode [ 350.855132][ T60] bridge0: port 1(bridge_slave_0) entered disabled state [ 350.866547][ T60] bridge_slave_1: left allmulticast mode [ 350.872266][ T60] bridge_slave_1: left promiscuous mode [ 350.880026][ T60] bridge0: port 2(bridge_slave_1) entered disabled state [ 350.888794][ T60] bridge_slave_0: left allmulticast mode [ 350.894658][ T60] bridge_slave_0: left promiscuous mode [ 350.902796][ T60] bridge0: port 1(bridge_slave_0) entered disabled state [ 350.913067][ T60] bridge_slave_1: left allmulticast mode [ 350.920466][ T60] bridge_slave_1: left promiscuous mode [ 350.927884][ T60] bridge0: port 2(bridge_slave_1) entered disabled state [ 350.938079][ T60] bridge_slave_0: left allmulticast mode [ 350.943798][ T60] bridge_slave_0: left promiscuous mode [ 350.950032][ T60] bridge0: port 1(bridge_slave_0) entered disabled state [ 351.152015][ T60] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 351.163244][ T60] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 351.173123][ T60] bond0 (unregistering): Released all slaves [ 351.246561][ T60] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 351.257301][ T60] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 351.268655][ T60] bond0 (unregistering): Released all slaves [ 351.362100][ T60] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 351.372845][ T60] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 351.382538][ T60] bond0 (unregistering): Released all slaves [ 351.713176][ T60] hsr_slave_0: left promiscuous mode [ 351.719142][ T60] hsr_slave_1: left promiscuous mode [ 351.728362][ T60] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 351.736135][ T60] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 351.748907][ T60] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 351.756978][ T60] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 351.767940][ T60] hsr_slave_0: left promiscuous mode [ 351.774900][ T60] hsr_slave_1: left promiscuous mode [ 351.780913][ T60] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 351.788681][ T60] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 351.799657][ T60] hsr_slave_0: left promiscuous mode [ 351.807188][ T60] hsr_slave_1: left promiscuous mode [ 351.814272][ T60] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 351.823150][ T60] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 351.831304][ T60] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 351.838748][ T60] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 351.856587][ T60] veth1_macvtap: left promiscuous mode [ 351.863468][ T60] veth0_macvtap: left promiscuous mode [ 351.869099][ T60] veth1_vlan: left promiscuous mode [ 351.874487][ T60] veth0_vlan: left promiscuous mode [ 351.880856][ T60] veth1_macvtap: left promiscuous mode [ 351.886381][ T60] veth0_macvtap: left promiscuous mode [ 351.892329][ T60] veth1_vlan: left promiscuous mode [ 351.897634][ T60] veth0_vlan: left promiscuous mode [ 352.104378][ T60] team0 (unregistering): Port device team_slave_1 removed [ 352.126419][ T60] team0 (unregistering): Port device team_slave_0 removed [ 352.286607][ T60] team0 (unregistering): Port device team_slave_1 removed [ 352.299492][ T60] team0 (unregistering): Port device team_slave_0 removed [ 352.460476][ T60] team0 (unregistering): Port device team_slave_1 removed [ 352.472582][ T60] team0 (unregistering): Port device team_slave_0 removed