last executing test programs: 12.439614206s ago: executing program 3 (id=333): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x100, 0x0) poll$auto(&(0x7f0000000000)={r0, 0xf}, 0x1, 0x5) read$auto(r0, 0x0, 0x1d) writev$auto(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x20800, 0x0) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) mmap$auto(0x5, 0xa, 0x6, 0xeb1, 0x3ff, 0x8000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x6, 0x0, 0x6, 0x0, 0x7, 0xa505}, 0x800}, 0x80000000, 0x4008) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) read$auto(0xffffffffffffffff, 0x0, 0x20) openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, 0x0, 0x101901, 0x0) socket(0x2, 0x80002, 0x73) r1 = io_uring_setup$auto(0x406, 0x0) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) io_uring_enter$auto(0x3, 0xa84, 0x80000001, 0xa, 0x0, 0x46) io_uring_enter$auto(r1, 0x7, 0x7ffffffb, 0x3, 0x0, 0x3) move_pages$auto(0x0, 0xa, 0x0, 0x0, 0x0, 0x2) io_uring_enter$auto(0x3, 0x5, 0x5f3, 0x3, 0x0, 0x2) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) mmap$auto(0x0, 0x2220009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) syz_genetlink_get_family_id$auto_ovs_flow(0x0, 0xffffffffffffffff) ioctl$auto(0xffffffffffffffff, 0xc0184d15, 0xd3) 11.135025457s ago: executing program 0 (id=338): unshare$auto(0x40000080) socket(0x2, 0x801, 0x100) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_BATADV_CMD_GET_NEIGHBORS(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={0x0}, 0x1, 0x0, 0x0, 0x4001}, 0x9800) socketpair$auto(0x1, 0x2, 0x5053, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x11, 0x80003, 0x300) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xc2481, 0x0) select$auto(0x3, 0x0, 0x0, 0x0, 0x0) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) r1 = ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) clone$auto(0x9001, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x6) write$auto_tomoyo_operations_securityfs_if(0xffffffffffffffff, 0x0, 0x0) mmap$auto(0x3, 0x40000b, 0xdf, 0x10010, 0xffffffffffffffff, 0x80) r2 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$auto_IMADDTIMER(r2, 0x80044940, 0x0) shmat$auto(0x0, &(0x7f0000000580)='(\x00', 0xfffffffa) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0xc76, 0x8000) fcntl$auto_F_NOTIFY(r2, 0x402, 0x4) fcntl$auto_F_CREATED_QUERY(r1, 0x404, 0x2) 11.125444586s ago: executing program 3 (id=339): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) r0 = openat$auto_btrfs_dir_file_operations_inode(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/bluetooth/hci1/power\x00', 0x402001, 0x0) ioctl$auto_BTRFS_IOC_SET_RECEIVED_SUBVOL_32(r0, 0xc0c09425, &(0x7f00000000c0)={"fc046fbad208ea51b7ae196256cf41de", 0x7, 0x6, {0x8000, 0x1ff}, {0x7, 0x5}, 0x5, [0x7, 0x81, 0xcb83, 0xfc, 0xf58, 0x6f41, 0xfffffffffffeffff, 0xe, 0x9a, 0x742, 0x3, 0x100, 0x500, 0x5, 0xfffffffffffffff4]}) fcntl$auto_F_SETOWN_EX(0xffffffffffffffff, 0xf, 0x5a5) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000080), 0x48180, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000280)={{0x3, 0x1000, 0x1, 0x1, 0x2}, "654c6dbc7a4d30983899a7e1325b6a29ba1e184410ba9f74e82a3fa6c3ccf1bf"}) ioctl$auto_SNDRV_TIMER_IOCTL_PARAMS(r1, 0x40505412, &(0x7f00000000c0)={0x4, 0x7, 0x0, 0x400, 0x9a, "077c1315ff06c9cc9ff4956913870ef95ebcd43e985b110210346f7f05f8bd5d8b4458e71254da2aab17208e518d2a9b3c20bd53a710ce119b1b61b0"}) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/dirty_ratio\x00', 0x2, 0x0) sendfile$auto(r2, r2, 0x0, 0x7fffe000) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, 0x0, 0x24000044) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/all/addr_gen_mode\x00', 0xa0202, 0x0) sendfile$auto(r3, r3, 0x0, 0x7fbfdffc) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) openat$auto_tomoyo_self_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000040), 0x40, 0x0) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) write$auto(0x3, 0x0, 0x100082) 10.772392444s ago: executing program 3 (id=340): rseq$auto(&(0x7f0000000340)={0xe, 0x401, 0x0, 0x806, 0xffffffff, 0x2}, 0x8000, 0x0, 0x8000006) msgsnd$auto(0x0, 0x0, 0x8, 0x7) membarrier$auto(0x4, 0x8000000000000000, 0xffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ioctl$auto_BTRFS_IOC_ENCODED_WRITE_32(0xffffffffffffffff, 0x40789440, &(0x7f0000000040)={0xb, 0x21993531, 0x10000, 0x3, 0x7, 0x5, 0x1, 0x3, 0x81, "4c0bac0814a5eca7a4dfa4d03c97a252a242a1d00ad956f4ffcc1647b80536b7a69a1e73da0d79ed9829ef950cb97cc98cb6f5986e094030913a3eff2030fded"}) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/extra\x00', 0xa142, 0x0) 9.833320982s ago: executing program 3 (id=344): r0 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8040, 0x0) r1 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="060000007000fbdbdf2503c10000040008000c0001800ec308ec610508001600ac1414aa"], 0x24}, 0x1, 0x0, 0x0, 0x40010}, 0x800) r3 = socket(0x2, 0x5, 0x0) bpf$auto(0x0, &(0x7f0000000780)=@link_update={r0, @new_map_fd=r0, 0x4007, @old_prog_fd=r3}, 0x8f) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NL80211_CMD_PROBE_CLIENT(r5, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x6c, 0x0, 0x300, 0x70bd2a, 0x25dfdbfc, {}, [@NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES={0x56, 0xbe, "a072d980f9e5ca0aa14001b6d14d195071c8646bdbb34a50f6c2b580ffcd45baab5cf6ad28f93eac8832d9894b5e9487ba1e1845b3844d71034a5bf111d837214a2dffa79c5eecaf648325fc7203a016ab9a"}]}, 0x6c}, 0x1, 0x0, 0x0, 0x4}, 0x14) socket(0x2, 0x80002, 0x73) socket(0xa, 0x5, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xae00, 0x0) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) socketpair$auto(0x1, 0x3, 0x5, 0x0) mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffffefffd, 0x17) unshare$auto(0x40000080) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x101c00, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xfffffffffffefffd, 0x17) madvise$auto(0x0, 0xfffffffffffffffb, 0x8) write$auto_seq_oss_f_ops_seq_oss(0xffffffffffffffff, 0x0, 0x0) rseq$auto(&(0x7f0000000300)={0xe, 0x401, 0x0, 0x6, 0x6, 0x2}, 0x8000, 0x0, 0x6) pkey_free$auto(0xfffffffd) fanotify_init$auto(0x5, 0x2000000000002) clone$auto(0x20003b46, 0x7, 0x0, 0x0, 0x2) 9.219954684s ago: executing program 0 (id=346): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0xa, 0x0) socket(0xa, 0x3, 0xff) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x3f) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000340)='/sys/kernel/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x96141, 0x0) r0 = socket(0x1b, 0x3, 0x76) madvise$auto(0x0, 0x2000040080000003, 0xe) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r1, &(0x7f0000000040)='//\xf2\x00', 0x80000000) getsockopt$auto_SO_RCVPRIORITY(r0, 0x2, 0x52, 0x0, &(0x7f0000000240)=0x7) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x4, 0x0, 0x0, 0x0, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) syz_clone(0x4040400, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x801, 0x106) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$auto(r1, 0x11c, 0x1, 0x0, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000001c0), r0) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000300)='/proc/asound/card1/pcm1c/sub3/xrun_injection\x00', 0x20, 0x0) pread64$auto(r3, &(0x7f0000000280)='\x00\x00\x00\x88\xde\x90\a\'\x9bM\xa0\x848\xbbz(\xe9\x05<\x82\xfe\xe2\xf6 \x0f8\xfb\xa7\xb4\xa0\x9e\xcb\xec\xc0\xf8\x01V?\x0f\x11\x90^\xdf/\x84\x99!*\xe3\x99s\x81Q\xca\xeb\xee.\xe3\x85\xcd\xd0\xae!\x9fl}x\xd4\xa5D\x16\x94Ip\f\x96\xb8\xfa\xe5\xf9odtQ', 0x87ff, 0x5) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) readahead$auto(0xffffffffffffffff, 0xcc7f, 0x6) mmap$auto(0x10, 0x101, 0x1007, 0x12, r2, 0x7ffe) 9.005790597s ago: executing program 2 (id=347): r0 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x2000000000000021, 0x2, 0x10000000000002) read$auto(0x3, 0x0, 0x7) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) sendmsg$auto_HWSIM_CMD_DEL_RADIO(r0, &(0x7f0000001a00)={0x0, 0x0, &(0x7f00000019c0)={&(0x7f0000000080)={0x1c, r1, 0x1, 0x70bd2d, 0x25dfdbfd, {}, [@HWSIM_ATTR_RADIO_ID={0x8, 0xa, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000080}, 0x4000010) 7.422590119s ago: executing program 0 (id=348): r0 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon14\x00', 0x0, 0x0) mmap$auto(0x0, 0x2000d, 0x4000000000df, 0xeb1, 0x800000404, 0x8000) io_uring_setup$auto(0x2, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/031/001\x00', 0x507380, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) socketpair$auto(0x2, 0x2, 0x8000000000000000, 0x0) mmap$auto(0x2b, 0x2000a, 0xdf, 0xeb5, 0xffffffffffffffff, 0xffffffffffffffff) sysfs$auto(0x2, 0x26, 0x0) fsopen$auto(0x0, 0x1) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/bus/pci/resource_alignment\x00', 0x8ea182, 0x0) recvmmsg$auto(r0, 0x0, 0x7ff, 0x5, 0x0) mmap$auto(0x31, 0x2020009, 0x100000000, 0xeb1, r0, 0x7ffc) madvise$auto(0x0, 0x8000000000000000, 0x15) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000e3d9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) r2 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48442, 0x0) read$auto(r2, 0x0, 0x1f40) socketpair$auto(0x10, 0x5, 0x80000001, &(0x7f0000000180)=0x40000002) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) kexec_load$auto(0x9, 0x0, 0x0, 0x1003e0000) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x7fff) 7.211575533s ago: executing program 1 (id=349): mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x752502, 0x0) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/udplite6\x00', 0x101000, 0x0) pread64$auto(r0, 0x0, 0x8, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x1, 0x106) socket(0x2, 0x1, 0x0) shutdown$auto(0x200000003, 0x2) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) listen$auto(0x3, 0x3) eventfd$auto(0x8e) openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, 0x0, 0x22a40, 0x0) mlock$auto(0xfbe8, 0x4) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r2, &(0x7f0000000000)='//\xf2\x00', 0x80000000) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) r3 = socket(0xa, 0x801, 0x84) getsockopt$auto(r3, 0x84, 0x2, 0x0, 0x0) munlock$auto(0xffff, 0x1) 7.003079434s ago: executing program 2 (id=350): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x28, 0x0, 0x2, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_WIPHY_TX_POWER_SETTING={0x8, 0x61, 0x1}, @NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI={0x5, 0xf6, 0x1}, @NL80211_ATTR_DONT_WAIT_FOR_ACK={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x40c0}, 0x800) openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) msgctl$auto_IPC_RMID(0x4, 0x0, &(0x7f0000000240)={{0x0, 0xffffffffffffffff, 0x0, 0x9, 0x5, 0xf870, 0x5}, 0x0, 0x0, 0x1, 0xfff, 0x0, 0x7, 0x9, 0x4, 0x1, 0xf}) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000003c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc\x8cg\x03\xe6\xfe\x88\xe3\xe9@\xee\xca\x8cH\xf4\xea\xe0p:\xd6\xf7\x97\x0e#', 0x100002a3db) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x109401, 0x0) ioctl$auto(r2, 0x540a, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/net/udp\x00', 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/sctp/eps\x00', 0x280, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/midi2\x00', 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptyt3\x00', 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r4) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="2f212dbd7000fcdbdf252100000008000300", @ANYRES32=r6, @ANYBLOB="08009e00", @ANYRES16=r3], 0x24}}, 0x4000000) r7 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x88000, 0x0) ioctl$auto_KVM_CREATE_VM(r7, 0xae01, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) rename$auto(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='./file0\x00') madvise$auto(0x0, 0x200007, 0x8) mmap$auto(0x0, 0x400008, 0xb, 0x9b72, r1, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) semctl$auto(0x80001ff, 0x804, 0x13, 0x4) keyctl$auto(0x1, 0x7, 0x100, 0x8, 0x4) 6.876892633s ago: executing program 3 (id=351): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x0) r0 = openat$auto_percpu_stats_fops_(0xffffffffffffff9c, 0x0, 0x200, 0x0) mmap$auto(0x0, 0x10000002020009, 0x3, 0xeb1, r0, 0x6) sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="080029bd7000efdbdf25020000002e00ac00672fb6451420fec1810bd236750741415e76ca9df1212137cc44f6f6ac9ca3ba918bf58dd3712fb6107200"], 0x44}, 0x1, 0x0, 0x0, 0x4880}, 0x8810) capset$auto(0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) r1 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000002340)='/dev/binderfs/binder0\x00', 0x0, 0x0) ioctl$auto_BINDER_WRITE_READ(r1, 0xc0306201, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cgroup.threads\x00', 0x280303, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) writev$auto(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x1}, 0x8) connect$auto(0x4, 0x0, 0x10) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x602, 0x1) r3 = open(&(0x7f0000000000)='./file1\x00', 0x1652c2, 0xe1d2b27bdc14aa98) fanotify_mark$auto(0x400000000000, 0x105, 0xf2b, r3, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x12ba7e, 0x45) fanotify_mark$auto(r2, 0x9, 0xa, r3, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x0, 0x0) mkdir$auto(0x0, 0x8001) mount$auto(0x0, 0x0, &(0x7f0000000140)='nfsd\x00', 0xf, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) mount$auto(0x0, 0x0, 0x0, 0x339, 0x0) madvise$auto(0xff010000, 0xffffffffffff0005, 0x17) 5.83585231s ago: executing program 1 (id=352): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) getpid() ioctl$auto_UBI_IOCDET(0xffffffffffffffff, 0x40046f41, 0x0) unshare$auto(0x40000080) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) r0 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0x88900, 0x0) readv$auto(r0, &(0x7f0000000680)={&(0x7f0000000540), 0x40200}, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0x2, 0x5, 0x0) io_uring_setup$auto(0x6, 0x0) (fail_nth: 26) openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x28641, 0x0) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, 0x0, 0x200, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x10b402, 0x0) socket(0xf, 0x3, 0x2) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card1/pcm1c/xrun_debug\x00', 0x8f3b7a51b8162d21, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000800)='/sys/devices/virtual/bdi/43:384/max_bytes\x00', 0x0, 0x0) socketpair$auto(0xffff7fff, 0x4, 0x80000001, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) ioctl$auto_TIOCSTI2(r1, 0x5412, 0x0) 5.177092742s ago: executing program 0 (id=353): mmap$auto(0x0, 0x20009, 0x4000000000db, 0xeb1, 0x400, 0x8000) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) r0 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x0, 0x0) ioctl$auto_posix_clock_file_operations_posix_clock(r0, 0xc0603d06, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/tty/ttyp9/power/runtime_suspended_time\x00', 0x80880, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000100)=""/124, 0x7c) r2 = ioctl$auto_TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) sendmsg$auto_NL80211_CMD_GET_KEY(r2, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000440)={&(0x7f0000000680)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB="00022dbd7000fbdbdf2509000000040087000800c900ff7f000004008c001e08910093aef80c4f57dba9bbfb521feb77dc9e389590bee0c80ae39d1be392634d9d060a267523fb86189e80060d5af207a67252f93dde1a0a093a40aee47d4484637fa28e83dc65cf6e48426ee9c5cdf0fc25c923af3526bdb8542bbf1a7e1c7e0ebf19f64939c78a423f32b253ffefcad65122e6dad4e09c251bd2b39b25a3b9d552dabde907c5e3b1ef82c4956ced525a2efb146d47e4a4c9ff68305a9e9da648fa719c86a69067f337b45c02e59b95b3740bc230c56b6d44da58a347e3ac9de4721c9ef63825f22b49063a289b69a2f8eb13c4da77697f674ef1e06603b68b74ec828762322543c7f49bc7cd67283a55f25d4b708e18742f780cb5c8d9d9495eb6f10ace1e671690a483d284b3a8e5d15687d0ebe0529c1b5a2ed92c776691d434d42cca20102a33559ceef67e000f3ec48f17b807fc70624bb91fabf9187ab71977b20ac10388eeef42ec15a428f9a60a5ce3c42a5ce6a4a1c1d84fac0e0b0cc0be625ebee119282795258f3b87096e439a6b91138a0a296653a291549e02c69dcc630c0d684e66643609d7609be721b3607c984178ae205f11f8c401448ad83520b470ecec6ea256868bdaf1f25cc5486b0c19c8f90116d43e79753e5f68edb1d30cd01f4233ac54449111bfd41dfa3d824afe2b78cb61d0e84de3f088308c8e238dc0506b93760168863997ceb7a674c0ea887d28ebea2eb4142a8d9027142974daf14a64abdcb7d45c55b221ef71c16b6bd47f33514ef909dcbaf3cb9a903d5909ae8d4c97de55d6b07e9efe044490fa5761c39a71e77596614a2df1c794dbd1e474d4f5ade268ec1f1f2e79c95af4245fbefc35622b7238b00ec52759af39b955f013813890609c13f83b23ebaa44554e213f87ecfdc54279b8f388251079690f8f8c9aa2a9a96d61fc835b44751897094226187189a6121a861ce4ff66c441e358fe11e7f663cdfbbd91f240b0a158cfea97a9a4c2cd15a009f66f001bdf3eb445e0533c4049879178640835ba1098aee1b1bb684e7e07e0b6b478aa6fd4fa6b51c40e29bbe3947eb9d042e35f88a291d4a5f43493df31c325d63d17b21811469019e41c239f8ab6f9c623449c20eba4a05cb7a885345b1c3f014f05628d6062a3f9715e9a553431772496c385a3023380170db3e5d0363cb4342a73f1c6175d8a86066165833c64c9726747b9f22741738c492425ee1db5f9f877d8804cfff37e2613c606af44bd63b7abf8b0370aa43642b09d93bf3ac88b5ecdf8207e711f6f3269ba4299b438f7b902c7ea9f9022168cfdfced62c8195a15fd135deccba1cb45af0660cb9327bfae168a09c3a7060db5e5b688b83b1da7cc9cfe016e04b78ecbb1d1cc58f3a4dc9100de43b54ad0c8d0eb7ca294eb18e61667cfd38674a5bb490021cc8587df40529c9a5ecf5093acca722f89ccdc5980fe5b1a187f3c137dc013968a196b0bb51832025f1d252b0e8a1afbf0611900f5592e11f66f2dbcc4e38f64fccac56ddb131f4942e4d75f8d1cc5d32e83a2172100542351a930c283ecab83b44e576fd383ecd0e8b1b0a0dab271f18f199866f15a9a7c702dcc188cd73725dcfa4b73681ae8e899ebb7d472b17862c0108bffb02e513b350941b83182da8ef36a6fb8678a6311891ad6d2e309a3512fd8fbfe66e98097a3bb8405f70b39df65da82e847d3de5808814c899e00a8da78997ba1ede608c6c4c31998198fee751725cb3358cbb8464356bd26f615b8ae970ed1ab9865b61057adc5da5d6272942510f5e89c425bdce76a90b6ccd4ba89c8de9f0efb2551035e9fb3a992beb1699257c799ea723f0bbc714e26aa2765d664a0b9740224184ee19ed16a0c61c65a4478f29265fe8fe8218f1d0e6e804bdee204aa7c2154be8e1d3d5029249b4680b6c3015ce864e3b3abf43a046778203f63e6117d45119a9ee9f9f840b9becf94911ad0922d159f369c5cd26d754380bd5a37168a74b7204b76fa4d5acde41012b8f442032447f1d6de383cc1d03e36bf5f29a624ed91fd55d7a1776058ea6a09d46c3cc570cd303989cafcf79240305ece83907be0beab5fa40774cab0b1c7af89bd56de5998deb8fdce674fdbca2c823451ed579226c4d8c5b4762c5860cffa484b47c8649a2ca0b0e7d0db665a5f60f7ee2950fd9955b8c8b20b5bfc7bda1b555b065ebc11b05bc606a6c15f77743a21ce746f658771407ac129ddf25cf9312e5845950603025c032c6f9a3bf7de69ef2f90d9a9cccd626f9634d9586ea217636ae4ebcebdee1c5e6ed1fcf396cacf4d921c815b437efc33e808b8c57b0fab58cef2c7957813f9bc0e2507cad4babff6aa1ac5eb5b2795a6c918965005a87d8820a4f29e930163304e59db7793b73e955b0c6304796a43800ffac0ad7cc2eb0db6987aa7d962e50688425213cadbfa236dd32e1f0b49a16756e388cfca660c5919f6f895c9a7454a5bdbe77c281487bf15bd070caad414c23e8699d2b5591feca40955e1f6374df29b865935fcb1ffd2444aadb1e532d05c34edc7e79f3ac53b79d67024dcf25d3a143ca95ca45653b4d0fdf445c5d7741edf9ebf504eed8b5fed02cd3b1dceb49737e71ff2aa0a9040ff03ddfbbd145a0ac907ccfcae8c0379e5172c1b04a9b4cc004c01ae13f86af60379e0111fc14dbc111863bba5005d26152c07f39a4f3b6d820eb2df2b51744c1143f4ebaec6f5988e793168912ffe37e93c7fc47a444825c4d886179be38b82339cc6465c221ea180777d76bd146e0297b7f4c7e72d1638ba146238cebb25d11f34dd8b41784cdffec9fb11e35f6c14f4ff0043bf41e6fd3ac458cc4f88c14470a46bb0b5151d4098b6a9cb8c3bcc7c0119e14ffe81b24cff0056d80874b84893c9f7e6de4b0fef6afcde44a006866c0f0abb7be11fbb9b592b7f0817fe0948cbf4b700000400bf00060066004e2100004400fe002353e0110b01008d237ed543862f798a7cd022dd4d4495f4fff694680e634080d4a553db88c76879285ec442dae8af15d06c9a732da46d265c0e83f1"], 0x894}, 0x1, 0x0, 0x0, 0x8000}, 0x10) rt_sigaction$auto(0x11, &(0x7f0000000040)={0x0, 0x100000001, 0x0, {0x7}}, 0x0, 0x8) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) close_range$auto(0x2, 0xa, 0x0) r3 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC1\x00', 0x101082, 0x0) r4 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000340)='/dev/v4l-subdev2\x00', 0x80000, 0x0) ioctl$auto(r3, 0xc0045543, r4) mount_setattr$auto(0xffffffffffffffff, 0x0, 0x800, &(0x7f0000000640)={0x1, 0x200000002e, 0x180000, @raw}, 0x7e) mmap$auto(0x0, 0x20006, 0xe0, 0x12, 0x401, 0x7) r5 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/pagemap\x00', 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) r6 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r6, 0xae01, 0x0) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) ioctl$auto(0x3, 0xc018aec0, r5) close_range$auto(0x2, 0x8, 0x0) r7 = open(0x0, 0x400480, 0xc5) socket(0x2, 0x3, 0xa) setsockopt$auto(r1, 0xad, 0x3e, 0x0, 0x8) connect$auto(0x3, &(0x7f00000018c0)=@rc={0x1f, @any, 0xd2}, 0x55) recvmmsg$auto(r7, &(0x7f0000000100)={{0x0, 0xbb, 0x0, 0x8, &(0x7f0000000180)="c8125bf1b8cef686a382b8edd4dce31ec3f1a7fbc90fb162ba831484379967f22222c5c9bb3f0f2e69c0b05e197301e4b651ac19689e7ed06fa3070c48149329d32562b54a730345f5dde9f445aab42b318a45823592a5d63810159eb4762d270cad878251e20cf352052fbcc62537b8d2771c95d4c2d4356e25ffc96a27ce76f41b7bec7aad889ce8b041004e447eb0a99f21d0bac6e417eaeb51f1cd68df7d2d0588cf79f87d8ec0c5a2a3bf99b24895a358612dcdf3078caf1df24081e908ab7fc0d6d7ae4a", 0x81, 0x9}, 0xfffffffb}, 0x5, 0x658a, 0x0) 4.786387437s ago: executing program 1 (id=354): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/ptype\x00', 0x101000, 0x0) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) fstatfs$auto(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x4, 0x7fff, 0x4, 0x401, 0x6, 0x4000000007, {[0x6, 0x40]}, 0x9, 0x7, 0x982, [0x7fffffff, 0x9, 0xd0, 0x6]}) r1 = socket(0x22, 0x1, 0x2) getcwd$auto(0x0, 0xffffffffffffffff) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0x6a2240, 0x0) r2 = open(&(0x7f0000000000)='./cgroup.cpu/cgroup.procs\x00', 0x2000, 0xb5d1af1605322c72) r3 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(r3, r3, 0x2) r4 = prctl$auto(0x23, 0x0, 0x7fffffffefff, 0x0, 0x0) sendmsg$auto_NFC_CMD_DEV_UP(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000200)=ANY=[@ANYRES16=0x0, @ANYBLOB="20062abd7000fddbdf2502"], 0x9c}, 0x1, 0x0, 0x0, 0x1}, 0x80) open(&(0x7f0000000040)='./file0\x00', 0x149443, 0x0) ppoll$auto(0x0, 0x4007f, 0x0, &(0x7f00000001c0)={0x6}, 0x8) mount$auto(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='nfs\x00', 0x1, &(0x7f00000001c0)) r5 = socket(0x2, 0x80002, 0x73) r6 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000240)={'rose0\x00', 0x0}) bpf$auto_BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000280)=@bpf_attr_0={0xa3ad, 0x7, 0x6, 0x2, 0x4, r4, 0x9, "2f7094a3f3c7ecb12bd1ec60327715f7", r7, r6, 0x6e27, 0x1, 0xfffffff8, 0x101, r5, r4}, 0x9) r8 = syz_genetlink_get_family_id$auto_802_15_4_mac(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_IEEE802154_LLSEC_DEL_DEVKEY(r4, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x28, r8, 0x20, 0x70bd2d, 0x25dfdbfc, {}, [@IEEE802154_ATTR_LLSEC_ENABLED={0x5}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED={0xc, 0x2d, 0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x4080}, 0x4004840) sendmsg$auto_IEEE802154_LLSEC_LIST_SECLEVEL(r1, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x2c, r8, 0x4, 0x70bd29, 0x25dfdbfb, {}, [@IEEE802154_ATTR_DEV_TYPE={0x5, 0x20, 0x12}, @IEEE802154_ATTR_COORD_PAN_ID={0x6, 0xa, 0x3}, @IEEE802154_ATTR_STATUS={0x5, 0x3, 0x7}]}, 0x2c}}, 0x40080) landlock_create_ruleset$auto(&(0x7f0000000000)={0xd1d, 0x3, 0x7}, 0x9, 0x0) landlock_restrict_self$auto(r3, 0x0) open_by_handle_at$auto(r2, &(0x7f0000000040)={0x8, 0x100fe, "9700000000000000"}, 0x2) read$auto(r0, &(0x7f0000000100)='/sys/bus/usb/drivers/net1080/bind\x00', 0x6) 4.243610759s ago: executing program 1 (id=355): socket(0x2, 0x800, 0x73) bind$auto(0xffffffffffffffff, &(0x7f0000000040)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x7) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8002) r0 = socket(0x2, 0x6, 0x0) modify_ldt$auto(0x1, 0x0, 0x10) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) mmap$auto(0x0, 0x11, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r1 = socket(0x11, 0x3, 0x1) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0xc0000, 0x0) ioctl$auto(r2, 0x2, r1) ioctl$auto(r2, 0x400c4d00, r2) mmap$auto(0x0, 0x2020007, 0x3, 0xf8, r0, 0x8001) r3 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/net/dev_snmp6/virt_wifi0\x00', 0xc480, 0x0) r4 = socket(0x27, 0x4, 0x0) setsockopt$auto(r4, 0x29, 0x46, &(0x7f0000000000)='\x15!\xa8^J/\xddCx5!\x00\xd3\x8f\xff\x1b\x01\x1e\xe2\xa8\xd6\xd9\xc0\xa2\x0f\x88\xb1e\x93\xd8?\xfe\xda\xc4\xef\xff(i\xc6@\xf2Vw\xbe\x1c$\xddm\x8a\x9d\x91_\vBj\x0eQ\xce\x16\'C\x8c\x01\x80\x92u\xd5\xb8\\\x82,\xe2=y\x9bR\xbcn\xa0c\x16~\x86\"t\x00\x00\x00\x00\xe4\xa5\xfe\xb5h\xae\xec%\xf9\x94>\xd6,\xf3\x98\'\xb0\t~~\xb4\x98\xbb3=A\x9c\x17\xaa\x00\fh-M\xdb-\x15VX\xfe\xca+\xb5\x95\xb3JL\x0fl\xe84\xbd\xa3nO\x9f\xfa\xb1\x06$\b$i3\x83\xd7\x06\xd6\x1e\xdbB\x9bb\x1cXC\x8c\x8b\xd9\xff\xf2Bf\x99!Z\x13\xff\xca\xf3e\x015\x9b\x86\xd6$\x1a\r3\x91\xb7\x942\xeb\xadVA\xfc\x1f\xbf1\xb7T\xc1\xbf\xc0\xc2\xfc\xe8w\xd33\xb2,\xb0\x9fA3\xc2\xa2\x1cM\x825\x94U\xbbNeb\xd2\xa9\x0f\xed\x8b\xea\xfa\x8a\x04n\r\x13\"\xcb`\xdbr\xb6\xc4.\xffMIw\x0f\xd6\xae^\xd2\xf1j\xcb\r\xa4\x1d0d\xca\x81\x9c\x80GL\x0e\xe6\x19\x8au\x1a7\xc5\x8e\xf6\x1e\xe00\xc6\"\x83\x1c\xa2\x9e\a\x1c\xea\xa3\x9c\xe1BF\x05b\xf6\xdcf\x04\xd9B\xb9\x98\x9cq\xbd\xfb\xb5~\xdf\x8e\xff\x05\xd3JD\xe2&\x8f\xceG\x05YF\x85&\x9a\xe8A\xc5F\x18\xd13\x87m\xee\xddV\x16w?eh\xd2\xbfq\xdb\xee\x9b\xfe:R\xde\x12\x98\x8a\x1d\xc7B\xd0\x02l1`\x12l\xccL4\xe7A\xdd\xa3t\x85!\xee\x1cicV\xd4y\xd7\x9d\xcd4\xdb\xd8\x03\xcd\xfe\xdfzy\xfe]\xc5`c\x17\"\xc2\xf7\x95\xa5\xe2\xce\xd2\xe5', 0x18000112) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa}, 0x55) pread64$auto(r3, 0x0, 0x8100000041, 0x3) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000b40), 0x20000, 0x0) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) r5 = io_uring_setup$auto(0x86, 0x0) r6 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000001280)='/dev/v4l-subdev0\x00', 0x101000, 0x0) ioctl$auto(r6, 0xc0205648, r5) r7 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_macsec(&(0x7f00000003c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000040)={'macsec0\x00'}) 3.482846569s ago: executing program 2 (id=356): mmap$auto(0x5000000, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) getpid() ioctl$auto_UBI_IOCDET(0xffffffffffffffff, 0x40046f41, 0x0) unshare$auto(0x40000080) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) r0 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0x88900, 0x0) readv$auto(r0, &(0x7f0000000680)={&(0x7f0000000540), 0x40200}, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0x2, 0x5, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x28641, 0x0) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, 0x0, 0x200, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x10b402, 0x0) socket(0xf, 0x3, 0x2) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card1/pcm1c/xrun_debug\x00', 0x8f3b7a51b8162d21, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000800)='/sys/devices/virtual/bdi/43:384/max_bytes\x00', 0x0, 0x0) socketpair$auto(0xffff7fff, 0x4, 0x80000001, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) ioctl$auto_TIOCSTI2(r1, 0x5412, 0x0) 2.923958766s ago: executing program 1 (id=357): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) close_range$auto(0x0, 0x5, 0x0) inotify_init1$auto(0x800) r0 = openat$auto_lowpan_enable_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x109500, 0x0) read$auto(r0, 0x0, 0x4b) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000001f00), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_BEARER_ENABLE(r1, &(0x7f0000003a80)={0x0, 0x0, &(0x7f0000003a40)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x0) r2 = io_uring_setup$auto(0x4, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, 0x0, 0x173180, 0x0) mmap$auto(0x9, 0x6, 0x4000000000df, 0x800000000000eb1, r2, 0x5) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/block/loop5/queue/scheduler\x00', 0x3a3180, 0x0) mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, r3, 0x10008000) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r4, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/block/ram10/queue/discard_max_hw_bytes\x00', 0x68e00, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r5, &(0x7f00000001c0)=""/112, 0x70) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/mtd0\x00', 0x228800, 0x0) r6 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x101001, 0x0) ioctl$auto_UI_DEV_SETUP(r6, 0x405c5503, &(0x7f00000000c0)={{0x9, 0xf2cf, 0x8, 0x80}, "6a034a07c7b82d90b69a39e32576f893fb4a3836d61c9100fefbbabea6ef9368c7996e841f3f1561d4992f726b0a6c36b0b2fd1678e816201cf562367fe6596824588a2e3d84ba165f00", 0xa}) ioctl$auto_UI_DEV_CREATE(r6, 0x5501, 0x0) writev$auto(r6, &(0x7f0000000340)={0x0, 0xda7e}, 0x9) socket(0x5, 0x5, 0xe) unshare$auto(0x40000080) r7 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) ioctl$auto_USBDEVFS_CONTROL(r7, 0xc0185500, &(0x7f0000000180)={0x2, 0x2, 0x4a47, 0x81, 0x9f, 0x8, 0x0}) 2.687887329s ago: executing program 2 (id=358): r0 = open(&(0x7f0000000000)='./cgroup.cpu/cgroup.procs\x00', 0x2000, 0xb5d1af1605322c72) open_by_handle_at$auto(r0, &(0x7f0000000080)={0x8, 0x100fe, "9700000000000000"}, 0x2) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', 0x48400, 0x41) fchmod$auto(r1, 0x7439) setreuid$auto(0x4, 0x8) open(&(0x7f0000000000)='./cgroup\x00', 0x0, 0x165) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xa, 0x8000) io_uring_setup$auto(0x402, 0x0) socket(0xa, 0x5, 0x38) close_range$auto(0x2, 0xa, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xc0100, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) sendmsg$auto_NFSD_CMD_LISTENER_SET(0xffffffffffffffff, &(0x7f0000005380)={0x0, 0x0, &(0x7f0000005340)={&(0x7f0000000000)={0x1c, 0x0, 0x1, 0x870bd2b, 0x25dfdbfc, {}, [@NFSD_A_SERVER_SOCK_ADDR={0x8, 0x1, 0x0, 0x1, [@NFSD_A_SOCK_ADDR={0x4}]}]}, 0x1c}, 0x1, 0x0, 0x0, 0xc000}, 0x20000000) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/virtual/block/ram8/trace/pid\x00', 0x101042, 0x0) write$auto(r3, &(0x7f0000000380)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1=$:`\xa9\x06H\xafjc\x9c\x88\xefq:Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\x8dm\'+\xd0I>\x8f\x00\xe5\x1c*\xed`-a\xdb?\xc8K\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3C', 0x4) r4 = socket(0x10, 0x3, 0x15) sendmsg$auto_NFSD_CMD_THREADS_SET(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400"], 0x2c}}, 0x400c001) write$auto(r4, &(0x7f0000000000)='-\x00', 0x2fb) ioctl$auto(0x3, 0xae60, 0xffffffffffffffff) ioctl$auto(0x3, 0xc208ae62, 0x38) 2.473193103s ago: executing program 0 (id=359): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp1\x00', 0x20b42, 0x0) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/asound/card1/pcm0p/sub0/hw_params\x00', 0x1c1282, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x80003, 0x109) open_tree_attr$auto(r2, &(0x7f0000000040)='./file0\x00', 0x6, &(0x7f0000000080)={0x3, 0x800, 0x8, @inferred=r0}, 0x8) read$auto_proc_reg_file_ops_compat_inode(r1, &(0x7f0000000280)=""/65, 0x41) 1.543751989s ago: executing program 2 (id=360): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x100, 0x0) read$auto(r0, 0x0, 0x1d) writev$auto(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x20800, 0x0) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) mmap$auto(0x5, 0xa, 0x6, 0xeb1, 0x3ff, 0x8000) r1 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x6, 0x0, 0x6, 0x0, 0x7, 0xa505}, 0x800}, 0x80000000, 0x4008) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) read$auto(0xffffffffffffffff, 0x0, 0x20) openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, 0x0, 0x101901, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) io_uring_setup$auto(0x406, 0x0) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) io_uring_enter$auto(0x3, 0xa84, 0x80000001, 0xa, 0x0, 0x46) move_pages$auto(0x0, 0xa, 0x0, 0x0, 0x0, 0x2) io_uring_enter$auto(0x3, 0x5, 0x5f3, 0x3, 0x0, 0x2) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) mmap$auto(0x0, 0x2220009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) syz_genetlink_get_family_id$auto_ovs_flow(0x0, 0xffffffffffffffff) ioctl$auto(r1, 0xc0184d15, 0xd3) 1.501607199s ago: executing program 3 (id=361): r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001340), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f0000001400)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000480)=ANY=[@ANYBLOB="df8a8422b5d14544000000", @ANYRES16=r1, @ANYBLOB="01002b3d7000fcdbdf2504000000120018008ad7d37754998b128fb9afe8a9c6000004000f00"], 0x2c}, 0x1, 0x0, 0x0, 0x24040000}, 0x18800) (async) r2 = syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$auto_OVS_VPORT_CMD_SET(r0, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000480)={0x5ac, r2, 0x4, 0x70bd26, 0x25dfdbfd, {}, [@OVS_VPORT_ATTR_TYPE={0x8}, @OVS_VPORT_ATTR_OPTIONS={0xe3, 0x4, 0x0, 0x1, [@generic="d019b5490c4f04303ba78efc149689e4ab86c9c4f5c36f54f7c333b973cffd86c847d157f7e0cd8514fe2bf980d8c0cb9c781c9f8bd58a4f94d0c1c59311e2d908d768339c", @generic="343673b8871e010c23c0bff0eff5cb839eeb5c42618cad26379cedcfd4b528fab56bbe3a96f431b2a3d45659cf37217fdc2585e54a078dfbfd25bd169274407e75499f39eab83b517369f6c1323ea18d9003997b583d7eb9370769f21a48168c1ee97d2496e74aa21a073f473f0987ab46bc0443344b680ce5150ba86c437e9d3693ceab9446f564f69fad77cdca", @nested={0xc, 0x11, 0x0, 0x1, [@nested={0x4, 0x97}, @nested={0x4, 0x11d}]}]}, @OVS_VPORT_ATTR_NAME={0xe, 0x3, '(..\'+--*:\x00'}, @OVS_VPORT_ATTR_UPCALL_PID={0xaa, 0x5, "0614c802770ea0a4b864bdd9b1a7aceaa8a03e8402060849e43cc77d36791f33db46a87b8ea9515d3d8e384ec0f51b6cd524ca0356060b5f85939baf50d23994589f0ea2bfe6e5d7b41a6fc97ad7caecace4f926105d6e974f810f4991958992d1fa16a5e1c7ac2f508670c2e25b0e0f7d88df9f7bd7e2b77409a7e595b1192b86e933a07f22132e334899498a11ee2dcb1fdec6500b0ad26baa666a24d6f7e3bdfd8519ff30"}, @OVS_VPORT_ATTR_UPCALL_PID={0x14, 0x5, "e63e1766ba9160d9b882ea1e1119653f"}, @OVS_VPORT_ATTR_UPCALL_PID={0xb7, 0x5, "5e659710885a3c61cb39e2daf3d8963e253ece1897f76debf2efe3dc1fcbd608ca96df7ba689e14e20e31e47f747d7814bfb5f2a21a10d4094e038a36ae3d46ef8322be5959ce569b3c40bfd5bb750d66301d375fb41af4d150667ceeda76af311ea4204e54cb31d45e69c5e462c4c107069bbf6d7b3907c947d1fd9ab64792528fb87fe9508731b1d805bd79cfe8a1c0e629a83199e4a8317f692c2a822e48c722143ad3279400a42dbe509b2281ea685663a"}, @OVS_VPORT_ATTR_UPCALL_PID={0x6c, 0x5, "4acbbac341ab6d996dd3b24a9a3f930bb40856700a1b7cb4b73e6a7f5690c0f5c08126febe028148d97bbbc9446860db180ef82c51b3f51f23f524b658d9615ec50d0bfb2df82fd2de4e01222408ca54b7b2dfe30e26b855ecf59baa04b279df8470ea43e5f2df55"}, @OVS_VPORT_ATTR_TYPE={0x8, 0x2, 0xf}, @OVS_VPORT_ATTR_UPCALL_STATS={0x2b0, 0xa, 0x0, 0x1, [@nested={0x2a4, 0xa3, 0x0, 0x1, [@nested={0x1bd, 0xb8, 0x0, 0x1, [@typed={0x8, 0x109, 0x0, 0x0, @fd=r0}, @generic="e49629bc4aec74e175b9fe27af59a1ab2f09ead92f1bf49530825b255f79253941038dd0575bc449c62da5486a730039d33ee161660b57c5bacf1ac6396177810a2c3f27f41f32d6469d43d0", @generic="4e5b5a33c4c27261ac3013d55297308e50553d2e7fec75c12dc22b61841cf6d8d13df8de6dfae5452085d3b8f1565c157a96cfe2ab6955b3c85021052d212d9d5be2b21efe8bb316024a385380d028e4a1567022c2f27f2250e6396b8c6615aed1a4e27db0d3e706f2604fb003c318e6866afca40eac36988e7c0799fd", @generic="45f42a21dfd5c031bc33b98eed63272d559f1603d71531acf7bd73d39b2da7b509e84ad5eab80e0e048cc941c3cf310c79b8b82e0fef995cb211aeed27a951bb8a7e24228b52fd7f387b38172d84baf8a5291dd8a9b75a82087af112dba3acdfc7c849ee50947f42ea9431bbfa6c9f26623137a597b18abe319f1f8e1ff08fb840bc6bff31d2c8a5b6e91bd18554d31f3cad543fe3f9830753840b011ec607d473cda30eb7087464b8a6e964d63cfcab2d79", @generic="397254e7b50e05ce013a59d79ee37206fde2ede4d0b204bf2138c92db936fddf84cd8745d82b4a35dfe37e286f1e306b63a9", @nested={0x4, 0x133}]}, @typed={0x8, 0x13d, 0x0, 0x0, @u32=0x7fffffff}, @typed={0xd7, 0x2e, 0x0, 0x0, @binary="f8e331b797a704f50c9ddf505a22dc5ff882e404981c70249e9efc29e8acafbb09d456349d3aae7bdb6bb30e26ae6e87810b41166023f938df640c4ecb5bf385a1cbc0d5474d9986743c0ab77b2d48062b18b000cabf2aea40a8d97d1fd1819ba918bbb171e474225b0abb5b0242bc204bc3afab3f3199763cdc9dd7e6274a1e46aa1a6fe74281dff67e4f46972e6fffee1937d5e0316098ec4016775a736612cdbe2be54c32cf493d357e6c5ab47d3d91370fb6cfd43f3078bc6403de0b662630b8338113831b309e862488edfbc051e579b8"}]}, @typed={0x8, 0xe0, 0x0, 0x0, @u32=0x3}]}]}, 0x5ac}, 0x1, 0x0, 0x0, 0x880}, 0x20000000) (async) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) (async) close_range$auto(0x2, 0x8, 0x0) (async) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mtd0ro\x00', 0x482be2, 0x0) (async) r3 = socket$nl_generic(0x10, 0x3, 0x10) (async) r4 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff) r5 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) pwrite64$auto(r5, &(0x7f0000000040)='+\x00', 0xfdef, 0x1ff) (async) sendmsg$auto_TIPC_NL_NODE_GET(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000001e40)={0x14, r4, 0x301, 0x70bd28, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x2000000}, 0x4) fanotify_init$auto(0x65, 0x2) pipe$auto(0x0) (async) r6 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x101002, 0x0) write$auto(r6, 0x0, 0xc3) (async) r7 = socket(0x28, 0x1, 0xfffff000) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x47, 0x4a}) (async) sendmmsg$auto(r7, &(0x7f00000001c0)={{&(0x7f0000000000), 0x5aa, &(0x7f0000000100)={&(0x7f0000000180), 0x5ee}, 0x8, 0x0, 0x0, 0x1001}, 0x5}, 0x4, 0x140) 983.813945ms ago: executing program 1 (id=362): bpf$auto(0x0, &(0x7f00000001c0)=@test={0xffffffffffffffff, 0xffff, 0xfffff0b6, 0xffff, 0x84, 0xac1, 0x2, 0x36242398, 0xfffff5b2, 0x3bb, 0x7, 0xffff, 0x6, 0x81, 0x68198}, 0x6f3) sendmsg$auto_ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="d4000000", @ANYRES16=0x0, @ANYBLOB="100027bd7000fbdbdf2518000000200001800247eea41fac000014000200766574683100000000000000000000000800070063fbffff0500060001000000840002803d00488013b37090badc49d6dc93876646d25a4d297d01cd3b7da38d12889cc50d505f353dc42d0a3c0a14c7b46428910708003600", @ANYRES32=0x0, @ANYBLOB="0400b3800000003d003b800400a4800c009a00008000000000000004008680c16ab1b1b39dcaa14b6af7dcc011b43cf706e562811c62b28a702b72e0a87126700294f2350000000c000180080003"], 0xd4}, 0x1, 0x0, 0x0, 0x20000010}, 0x20008000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) getpid() unshare$auto(0x40000080) r0 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0x88900, 0x0) readv$auto(r0, &(0x7f0000000680)={&(0x7f0000000540), 0x40200}, 0x3) ioctl$auto_SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, 0x0) ppoll$auto(&(0x7f0000000240)={0xffffffffffffffff, 0x5, 0x2}, 0x68, 0x0, 0x0, 0x8) ioctl$auto_SNDCTL_DSP_SYNC(0xffffffffffffffff, 0x5001, 0xfffffffffffffffc) mmap$auto(0x0, 0x3, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000080), 0x2000, 0x0) r1 = socket(0xa, 0x5, 0x84) bpf$auto(0xfffffffd, &(0x7f0000000000)=@bpf_attr_5={@target_ifindex, 0xffffffffffffffff, 0x4, 0x6, 0xffffffffffffffff, @relative_fd=r1, 0xa}, 0xa3) sendto$auto(r1, 0x0, 0x401, 0xffff, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fe8000"}, 0x1c) r2 = socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) setrlimit$auto(0x1000000007, 0x0) socket(0x1d, 0x2, 0x7) connect$auto(r2, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) socket(0x10, 0x2, 0x4) sendmsg$auto_NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x20000804) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000600), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_MODULE_FW_FLASH_ACT(r3, &(0x7f00000006c0)={0x0, 0xf0, &(0x7f0000000680)={&(0x7f0000000700)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010027bd7000fddbdf252c00000018000180140002006e6574646597bb76384ce9ee98d87673696d30000000000000618c9fe0650ac9d26e5332b24a045adab804e80044aaa39269df78555796c23e4d6442e4bffb21d1cc2b3ab749b91b3a4997f3837d6358f75b815cdcc0e7157c3d36f70ce00ba33d492e004ba749a87b1b371831355d1ef831f39ae1444a21925749b612cc205c6ed27ea9a5abcbd46ccc4e15e0bb0fad178a41661d1b10a00dce54fcba6625d96781b30ec3a676c04a71b6d5afe84ed0fb4a6a35b7d358fecc80cc5dc376c9c7bc38ebb13a1bc661818971386d70a48447ad45050687b6ef2ce9ed3715f8527f0c5ad74eb846fc9ea3719890db1597819a38507da5c581e5d5ac8d84161ac7791cc7a088593a69950f4acc1b88f770cd3c3718345cd044130493e4cce9ce030d52fee0b9d04c9a20c31683ba1c6fd699bbef8204d09e989d1b7d3ea1c186235e660cef35bdacac18768e4993ecb7a9300adbdee391691c25f984bb1d45642c49ed0a6177deab6c9116e16f1de9ba9df3b7ce599bd0fb681779016142f0a6eb61f9cae1ce02"], 0x2c}}, 0x400c080) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) 891.63159ms ago: executing program 0 (id=363): openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000040), 0x68a80, 0x0) close_range$auto(0x0, 0x5, 0x0) inotify_init1$auto(0x800) r0 = openat$auto_lowpan_enable_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x109500, 0x0) read$auto(r0, 0x0, 0x4b) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000001f00), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_BEARER_ENABLE(r1, &(0x7f0000003a80)={0x0, 0x0, &(0x7f0000003a40)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x0) r2 = io_uring_setup$auto(0x4, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, 0x0, 0x173180, 0x0) mmap$auto(0x9, 0x6, 0x4000000000df, 0x800000000000eb1, r2, 0x5) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/block/loop5/queue/scheduler\x00', 0x3a3180, 0x0) mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, r3, 0x10008000) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r4, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/block/ram10/queue/discard_max_hw_bytes\x00', 0x68e00, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r5, &(0x7f00000001c0)=""/112, 0x70) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/mtd0\x00', 0x228800, 0x0) r6 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x101001, 0x0) ioctl$auto_UI_DEV_SETUP(r6, 0x405c5503, &(0x7f00000000c0)={{0x9, 0xf2cf, 0x8, 0x80}, "6a034a07c7b82d90b69a39e32576f893fb4a3836d61c9100fefbbabea6ef9368c7996e841f3f1561d4992f726b0a6c36b0b2fd1678e816201cf562367fe6596824588a2e3d84ba165f00", 0xa}) ioctl$auto_UI_DEV_CREATE(r6, 0x5501, 0x0) writev$auto(r6, &(0x7f0000000340)={0x0, 0xda7e}, 0x9) socket(0x5, 0x5, 0xe) unshare$auto(0x40000080) r7 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) ioctl$auto_USBDEVFS_CONTROL(r7, 0xc0185500, &(0x7f0000000180)={0x2, 0x2, 0x4a47, 0x81, 0x9f, 0x8, 0x0}) 0s ago: executing program 2 (id=364): close_range$auto(0x2, 0x8, 0x0) socket(0x11, 0x80003, 0x300) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/tty/ptyv7/power/runtime_status\x00', 0x480, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x802, 0x0) socket(0x22, 0x5, 0x0) bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_map_fd=0x5, 0x4007, @old_prog_fd=0x13b}, 0xa3) socket(0x2, 0x801, 0x100) socket(0x25, 0x1, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x4000, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = pidfd_open$auto(0x1, 0x0) setns(r2, 0x20000) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x2, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0xe4, 0xd, 0xfffffffffff7ffff, 0x3, 0x62, 0x80000001, 0xa, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f0000000200)='/dev/audio1\x00', 0x100000a3d9) r4 = open(&(0x7f0000000040)='./file0\x00', 0x22240, 0x4) move_mount$auto(r4, 0x0, r4, 0x0, 0x277) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948d, 0x3, 0x15f4da0a, 0x4, 0xffffffffffffff3f, 0x100, 0x8000001f, 0x29, 0x6d3e, 0x6, 0x2, 0x6]}, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/renderD128\x00', 0x129800, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8422) recvmmsg$auto(0x3, 0x0, 0x10000, 0xfffffffd, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) r5 = ioctl$auto_TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000080)={0xd, &(0x7f0000000040)={0x9, 0xf, 0x0, @raw=0x2}}) r6 = syz_genetlink_get_family_id$auto_smbd_genl(&(0x7f00000004c0), r3) sendmsg$auto_KSMBD_EVENT_LOGOUT_REQUEST(r5, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x14, r6, 0x300, 0x70bd2b, 0x25dfdbfb, {}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x20) sendmsg$auto_NL80211_CMD_EXTERNAL_AUTH(r5, &(0x7f0000000480)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="24010000", @ANYRES16=0x0, @ANYBLOB="000227bd7000fcdbdf257f000000fc00c800e58ebe59e02a05facef95f91f34a3773f8c7b5b3307df1389675b2f9a1d58c116c0d72a5ddb3c40e54d8d367e9dfc97af5e92fc0a3a3a60a6dc419c4f5638e5f54de0d136accaad24d09efa39ad66f19dd4e3161e1f277889a9c6dbb40ceda9e32b1b31ca4e6af1851858570182a6534e57a96a5b641b9b988d0b9e9a9c561ada020ac0bf4af2d52cb1dc634a566b0aac509cd317a6ece85467d0924be4c43a84518bbfdc3436e4d07fb4909b6609a5afee72ca86992b8d86bd98a846638013f3e259eee02157dc5edec1e75a6cf491007c16aabaae8604e009caec82704bfe34421fb3450daf526ee1f58bd387cf3b56134b505a10c988c050019010400000008004b00000000008400e200"], 0x124}, 0x1, 0x0, 0x0, 0x4000804}, 0x881) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.68' (ED25519) to the list of known hosts. [ 108.146468][ T1218] cfg80211: failed to load regulatory.db [ 110.099014][ T5832] cgroup: Unknown subsys name 'net' [ 110.260580][ T5832] cgroup: Unknown subsys name 'cpuset' [ 110.273379][ T5832] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 112.260589][ T5832] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 114.670407][ T5164] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 114.676020][ T5855] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 114.705243][ T5164] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 114.724643][ T5164] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 114.726014][ T5855] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 114.748720][ T5858] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 114.755871][ T5855] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 114.765505][ T5855] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 114.767858][ T5857] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 114.774733][ T5855] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 114.784511][ T5857] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 114.791666][ T5855] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 114.797730][ T5857] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 114.805560][ T5855] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 114.811594][ T5857] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 114.822264][ T5855] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 114.829439][ T5857] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 114.840628][ T5850] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 114.841362][ T5857] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 114.865003][ T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 115.437572][ T5846] chnl_net:caif_netlink_parms(): no params data found [ 115.601318][ T5848] chnl_net:caif_netlink_parms(): no params data found [ 115.668577][ T5843] chnl_net:caif_netlink_parms(): no params data found [ 115.740408][ T5846] bridge0: port 1(bridge_slave_0) entered blocking state [ 115.748959][ T5846] bridge0: port 1(bridge_slave_0) entered disabled state [ 115.756602][ T5846] bridge_slave_0: entered allmulticast mode [ 115.765287][ T5846] bridge_slave_0: entered promiscuous mode [ 115.775728][ T5844] chnl_net:caif_netlink_parms(): no params data found [ 115.818762][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state [ 115.826775][ T5846] bridge0: port 2(bridge_slave_1) entered disabled state [ 115.834238][ T5846] bridge_slave_1: entered allmulticast mode [ 115.842632][ T5846] bridge_slave_1: entered promiscuous mode [ 115.952349][ T5846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 115.984098][ T5848] bridge0: port 1(bridge_slave_0) entered blocking state [ 115.992646][ T5848] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.001451][ T5848] bridge_slave_0: entered allmulticast mode [ 116.009518][ T5848] bridge_slave_0: entered promiscuous mode [ 116.021935][ T5846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 116.072335][ T5848] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.080227][ T5848] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.088676][ T5848] bridge_slave_1: entered allmulticast mode [ 116.096944][ T5848] bridge_slave_1: entered promiscuous mode [ 116.174570][ T5846] team0: Port device team_slave_0 added [ 116.188324][ T5843] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.195817][ T5843] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.203436][ T5843] bridge_slave_0: entered allmulticast mode [ 116.212773][ T5843] bridge_slave_0: entered promiscuous mode [ 116.225021][ T5848] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 116.237392][ T5846] team0: Port device team_slave_1 added [ 116.276052][ T5843] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.283796][ T5843] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.291778][ T5843] bridge_slave_1: entered allmulticast mode [ 116.300403][ T5843] bridge_slave_1: entered promiscuous mode [ 116.311724][ T5848] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 116.389497][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 116.397031][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 116.423466][ T5846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 116.438392][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 116.446168][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 116.472776][ T5846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 116.485000][ T5844] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.492664][ T5844] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.500217][ T5844] bridge_slave_0: entered allmulticast mode [ 116.507905][ T5844] bridge_slave_0: entered promiscuous mode [ 116.548995][ T5848] team0: Port device team_slave_0 added [ 116.563466][ T5844] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.571590][ T5844] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.579385][ T5844] bridge_slave_1: entered allmulticast mode [ 116.587736][ T5844] bridge_slave_1: entered promiscuous mode [ 116.599576][ T5843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 116.613073][ T5848] team0: Port device team_slave_1 added [ 116.674736][ T5843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 116.720388][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 116.729505][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 116.759268][ T5848] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 116.808720][ T5843] team0: Port device team_slave_0 added [ 116.816432][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 116.823947][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 116.855479][ T5848] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 116.870542][ T5844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 116.885573][ T5844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 116.910553][ T5843] team0: Port device team_slave_1 added [ 116.945487][ T51] Bluetooth: hci0: command tx timeout [ 116.945492][ T5847] Bluetooth: hci1: command tx timeout [ 116.945736][ T5847] Bluetooth: hci3: command tx timeout [ 116.951567][ T51] Bluetooth: hci2: command tx timeout [ 116.963932][ T5846] hsr_slave_0: entered promiscuous mode [ 116.976372][ T5846] hsr_slave_1: entered promiscuous mode [ 117.049102][ T5844] team0: Port device team_slave_0 added [ 117.058044][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 117.065723][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 117.094932][ T5843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 117.141499][ T5844] team0: Port device team_slave_1 added [ 117.164266][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 117.172176][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 117.200173][ T5843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 117.217842][ T5848] hsr_slave_0: entered promiscuous mode [ 117.225078][ T5848] hsr_slave_1: entered promiscuous mode [ 117.231899][ T5848] debugfs: 'hsr0' already exists in 'hsr' [ 117.238242][ T5848] Cannot create hsr debugfs directory [ 117.318553][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 117.326452][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 117.354188][ T5844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 117.369781][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 117.377724][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 117.407662][ T5844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 117.534862][ T5843] hsr_slave_0: entered promiscuous mode [ 117.542078][ T5843] hsr_slave_1: entered promiscuous mode [ 117.549064][ T5843] debugfs: 'hsr0' already exists in 'hsr' [ 117.555740][ T5843] Cannot create hsr debugfs directory [ 117.626879][ T5844] hsr_slave_0: entered promiscuous mode [ 117.633942][ T5844] hsr_slave_1: entered promiscuous mode [ 117.641293][ T5844] debugfs: 'hsr0' already exists in 'hsr' [ 117.647588][ T5844] Cannot create hsr debugfs directory [ 118.078313][ T5846] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 118.110625][ T5846] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 118.124680][ T5846] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 118.169472][ T5846] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 118.235786][ T5848] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 118.255547][ T5848] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 118.270111][ T5848] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 118.298673][ T5848] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 118.376346][ T5843] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 118.408830][ T5843] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 118.421051][ T5843] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 118.459472][ T5843] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 118.543830][ T5844] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 118.570212][ T5844] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 118.583096][ T5844] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 118.599224][ T5844] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 118.731559][ T5848] 8021q: adding VLAN 0 to HW filter on device bond0 [ 118.763151][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0 [ 118.817955][ T5846] 8021q: adding VLAN 0 to HW filter on device team0 [ 118.837645][ T5848] 8021q: adding VLAN 0 to HW filter on device team0 [ 118.860597][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 118.868081][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 118.895984][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 118.903465][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 118.920886][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 118.934758][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 118.966711][ T2961] bridge0: port 2(bridge_slave_1) entered blocking state [ 118.974110][ T2961] bridge0: port 2(bridge_slave_1) entered forwarding state [ 119.026996][ T5854] Bluetooth: hci3: command tx timeout [ 119.029485][ T5847] Bluetooth: hci0: command tx timeout [ 119.032838][ T5854] Bluetooth: hci1: command tx timeout [ 119.052143][ T51] Bluetooth: hci2: command tx timeout [ 119.121610][ T5843] 8021q: adding VLAN 0 to HW filter on device bond0 [ 119.167957][ T5844] 8021q: adding VLAN 0 to HW filter on device bond0 [ 119.200529][ T5843] 8021q: adding VLAN 0 to HW filter on device team0 [ 119.256957][ T5844] 8021q: adding VLAN 0 to HW filter on device team0 [ 119.310464][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 119.317811][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 119.331066][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.338900][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 119.353630][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 119.361360][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 119.403431][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.411244][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 119.750904][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 119.912544][ T5846] veth0_vlan: entered promiscuous mode [ 119.973412][ T5846] veth1_vlan: entered promiscuous mode [ 120.011685][ T5848] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 120.130497][ T5846] veth0_macvtap: entered promiscuous mode [ 120.167732][ T5848] veth0_vlan: entered promiscuous mode [ 120.186732][ T5846] veth1_macvtap: entered promiscuous mode [ 120.230238][ T5848] veth1_vlan: entered promiscuous mode [ 120.276822][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 120.300518][ T5844] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 120.317816][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 120.358242][ T36] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.369806][ T36] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.395178][ T5843] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 120.408404][ T36] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.418782][ T36] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.437370][ T5848] veth0_macvtap: entered promiscuous mode [ 120.450618][ T5848] veth1_macvtap: entered promiscuous mode [ 120.509432][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 120.526184][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 120.573784][ T5844] veth0_vlan: entered promiscuous mode [ 120.581064][ T1334] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.592151][ T1334] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.617985][ T1334] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.631129][ T1334] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.672644][ T5844] veth1_vlan: entered promiscuous mode [ 120.739888][ T5843] veth0_vlan: entered promiscuous mode [ 120.758855][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.777795][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.851089][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.860201][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.861382][ T5844] veth0_macvtap: entered promiscuous mode [ 120.897755][ T5843] veth1_vlan: entered promiscuous mode [ 120.908223][ T5844] veth1_macvtap: entered promiscuous mode [ 121.002137][ T2961] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.018070][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 121.026100][ T2961] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.048491][ T5846] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 121.105935][ T51] Bluetooth: hci2: command tx timeout [ 121.112154][ T51] Bluetooth: hci1: command tx timeout [ 121.113261][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 121.118653][ T5854] Bluetooth: hci0: command tx timeout [ 121.132030][ T5854] Bluetooth: hci3: command tx timeout [ 121.193111][ T2961] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 121.207809][ T2961] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 121.230224][ T2950] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 121.242856][ T2950] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 121.270526][ T5843] veth0_macvtap: entered promiscuous mode [ 121.284358][ T5843] veth1_macvtap: entered promiscuous mode [ 121.302872][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.317572][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.459543][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 121.540681][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 121.612530][ T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 121.663256][ T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 121.687910][ T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 121.721871][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.790539][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.948006][ T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.283306][ T2950] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.293859][ T2950] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.525159][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.533496][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.734199][ T1334] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.769605][ T1334] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.815408][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 122.858174][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 123.185049][ T5854] Bluetooth: hci3: command tx timeout [ 123.191381][ T5854] Bluetooth: hci1: command tx timeout [ 123.197129][ T51] Bluetooth: hci0: command tx timeout [ 123.197150][ T5857] Bluetooth: hci2: command tx timeout [ 123.595212][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 123.675171][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 124.217510][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 124.415393][ T5965] zswap: compressor 000 not available [ 124.496386][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 124.575694][ T5956] kexec: Could not allocate control_code_buffer [ 125.179123][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 125.188685][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 125.646161][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 125.651980][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 125.716730][ T5993] capability: warning: `syz.0.10' uses 32-bit capabilities (legacy support in use) [ 125.993117][ T5992] Process accounting resumed [ 126.576134][ T5999] Zero length message leads to an empty skb [ 126.879671][ T6009] process 'syz.1.13' launched './file0' with NULL argv: empty string added [ 127.504782][ T5986] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 127.511488][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 127.674790][ T6014] __vm_enough_memory: pid: 6014, comm: syz.0.12, bytes: 4398046511104 not enough memory for the allocation [ 128.929248][ T5986] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 129.517098][ T5986] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 129.588418][ T5854] Bluetooth: hci0: command 0x0c1a tx timeout [ 129.625516][ T5986] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 129.636108][ T5986] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 129.664670][ T5986] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 129.999630][ T5986] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 130.009822][ T5986] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 130.119021][ T5986] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 130.183000][ T5986] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 130.190503][ T5986] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 130.302302][ T5986] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 130.364842][ T6001] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 131.107062][ T6041] input: jJǸ-9%vJ86 as /devices/virtual/input/input5 [ 131.592226][ T6041] usb usb24: usbfs: process 6041 (syz.1.17) did not claim interface 0 before use [ 131.668711][ T5854] Bluetooth: hci1: command 0x0c1a tx timeout [ 131.669416][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 132.065691][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 132.237353][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 132.876105][ T6066] input: jJǸ-9%vJ86 as /devices/virtual/input/input6 [ 133.294088][ T6066] usb usb24: usbfs: process 6066 (syz.2.21) did not claim interface 0 before use [ 133.750170][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 133.967095][ T6075] input: jJǸ-9%vJ86 as /devices/virtual/input/input7 [ 134.154654][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 134.314609][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 135.743384][ T6088] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 135.825232][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 136.224679][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 136.395664][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 136.458599][ T6099] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 136.495221][ T6099] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 136.527891][ T6099] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 136.713114][ T6099] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 137.614157][ T6115] input: jJǸ-9%vJ86 as /devices/virtual/input/input8 [ 138.004445][ T6121] usb usb24: usbfs: process 6121 (syz.3.30) did not claim interface 0 before use [ 138.544593][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 138.544655][ T5847] Bluetooth: hci0: command 0x0c1a tx timeout [ 138.558736][ T5854] Bluetooth: hci1: command 0x0c1a tx timeout [ 138.723259][ T5854] Bluetooth: hci3: command 0x0c1a tx timeout [ 140.092673][ T6130] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 144.007337][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 144.014631][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 144.715980][ T6193] Setting dangerous option i915.mitigations - tainting kernel [ 145.949644][ T6205] input: jJǸ-9%vJ86 as /devices/virtual/input/input9 [ 146.334222][ T6211] input: jJǸ-9%vJ86 as /devices/virtual/input/input10 [ 147.068265][ T6216] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 147.079157][ T6216] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 147.108301][ T6216] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 147.115699][ T6216] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 148.480455][ T6238] input: jJǸ-9%vJ86 as /devices/virtual/input/input11 [ 148.622017][ T6222] syz.2.50 (6222) used greatest stack depth: 17736 bytes left [ 148.710918][ T6238] usb usb24: usbfs: process 6238 (syz.0.52) did not claim interface 0 before use [ 149.107297][ T5854] Bluetooth: hci1: command 0x0c1a tx timeout [ 149.114282][ T5854] Bluetooth: hci0: command 0x0c1a tx timeout [ 149.190891][ T5854] Bluetooth: hci2: command 0x0c1a tx timeout [ 149.200841][ T5847] Bluetooth: hci3: command 0x0c1a tx timeout [ 155.809995][ T6316] input: jJǸ-9%vJ86 as /devices/virtual/input/input12 [ 156.072771][ T6323] usb usb24: usbfs: process 6323 (syz.2.64) did not claim interface 0 before use [ 156.362727][ T6325] input: jJǸ-9%vJ86 as /devices/virtual/input/input13 [ 156.826074][ T6325] usb usb24: usbfs: process 6325 (syz.1.66) did not claim interface 0 before use [ 157.454486][ T6336] input: jJǸ-9%vJ86 as /devices/virtual/input/input14 [ 157.578544][ T30] audit: type=1804 audit(286.770:2): pid=6335 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.67" name="/newroot/17/file0" dev="tmpfs" ino=108 res=1 errno=0 [ 157.786528][ T6309] Process accounting paused [ 158.374668][ T6343] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 158.397204][ T6343] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 158.405747][ T6343] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 158.417093][ T6343] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 160.394501][ T5847] Bluetooth: hci0: command 0x0c1a tx timeout [ 160.474441][ T5847] Bluetooth: hci3: command 0x0c1a tx timeout [ 160.474650][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 160.487303][ T5854] Bluetooth: hci2: command 0x0c1a tx timeout [ 164.720070][ T6423] input: jJǸ-9%vJ86 as /devices/virtual/input/input15 [ 165.127755][ T6423] usb usb24: usbfs: process 6423 (syz.2.83) did not claim interface 0 before use [ 171.855831][ T6494] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 171.909040][ T6494] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 171.929149][ T6494] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 172.032873][ T6494] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 172.082924][ T6504] input: jJǸ-9%vJ86 as /devices/virtual/input/input16 [ 173.904579][ T5854] Bluetooth: hci0: command 0x0c1a tx timeout [ 173.984448][ T5854] Bluetooth: hci2: command 0x0c1a tx timeout [ 173.990942][ T5854] Bluetooth: hci1: command 0x0c1a tx timeout [ 174.048062][ T6528] FAULT_INJECTION: forcing a failure. [ 174.048062][ T6528] name failslab, interval 1, probability 0, space 0, times 0 [ 174.075911][ T5854] Bluetooth: hci3: command 0x0c1a tx timeout [ 174.120038][ T6528] CPU: 1 UID: 0 PID: 6528 Comm: syz.0.103 Tainted: G U 6.16.0-syzkaller-10499-g89748acdf226 #0 PREEMPT(full) [ 174.120087][ T6528] Tainted: [U]=USER [ 174.120095][ T6528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 174.120121][ T6528] Call Trace: [ 174.120142][ T6528] [ 174.120151][ T6528] dump_stack_lvl+0x16c/0x1f0 [ 174.120191][ T6528] should_fail_ex+0x512/0x640 [ 174.120214][ T6528] ? __kmalloc_noprof+0xbf/0x510 [ 174.120243][ T6528] ? realloc_user_queue+0x270/0x310 [ 174.120266][ T6528] should_failslab+0xc2/0x120 [ 174.120297][ T6528] __kmalloc_noprof+0xd2/0x510 [ 174.120330][ T6528] realloc_user_queue+0x270/0x310 [ 174.120356][ T6528] ? __pfx_snd_timer_user_open+0x10/0x10 [ 174.120380][ T6528] snd_timer_user_open+0xfc/0x180 [ 174.120403][ T6528] snd_open+0x1fe/0x450 [ 174.120440][ T6528] ? __pfx_snd_open+0x10/0x10 [ 174.120475][ T6528] chrdev_open+0x231/0x6a0 [ 174.120504][ T6528] ? __pfx_apparmor_file_open+0x10/0x10 [ 174.120530][ T6528] ? __pfx_chrdev_open+0x10/0x10 [ 174.120561][ T6528] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 174.120599][ T6528] do_dentry_open+0x97f/0x1530 [ 174.120628][ T6528] ? __pfx_chrdev_open+0x10/0x10 [ 174.120664][ T6528] vfs_open+0x82/0x3f0 [ 174.120702][ T6528] path_openat+0x1de4/0x2cb0 [ 174.120738][ T6528] ? __pfx_path_openat+0x10/0x10 [ 174.120767][ T6528] ? __lock_acquire+0xb8a/0x1c90 [ 174.120803][ T6528] do_filp_open+0x20b/0x470 [ 174.120830][ T6528] ? __pfx_do_filp_open+0x10/0x10 [ 174.120877][ T6528] ? alloc_fd+0x471/0x7d0 [ 174.120909][ T6528] do_sys_openat2+0x11b/0x1d0 [ 174.120944][ T6528] ? __pfx_do_sys_openat2+0x10/0x10 [ 174.120992][ T6528] __x64_sys_openat+0x174/0x210 [ 174.121029][ T6528] ? __pfx___x64_sys_openat+0x10/0x10 [ 174.121077][ T6528] do_syscall_64+0xcd/0x490 [ 174.121115][ T6528] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 174.121140][ T6528] RIP: 0033:0x7fa26df8eb69 [ 174.121159][ T6528] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 174.121181][ T6528] RSP: 002b:00007fa26edaa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 174.121204][ T6528] RAX: ffffffffffffffda RBX: 00007fa26e1b6240 RCX: 00007fa26df8eb69 [ 174.121219][ T6528] RDX: 0000000000101440 RSI: 0000200000001cc0 RDI: ffffffffffffff9c [ 174.121234][ T6528] RBP: 00007fa26e011df1 R08: 0000000000000000 R09: 0000000000000000 [ 174.121249][ T6528] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 174.121263][ T6528] R13: 0000000000000000 R14: 00007fa26e1b6240 R15: 00007ffc7f788b08 [ 174.121292][ T6528] [ 174.449000][ T6535] input: jJǸ-9%vJ86 as /devices/virtual/input/input17 [ 174.954613][ T6538] usb usb24: usbfs: process 6538 (syz.2.104) did not claim interface 0 before use [ 177.351548][ T6555] input: jJǸ-9%vJ86 as /devices/virtual/input/input18 [ 177.745959][ T6558] usb usb24: usbfs: process 6558 (syz.2.108) did not claim interface 0 before use [ 178.841630][ T6573] input: jJǸ-9%vJ86 as /devices/virtual/input/input19 [ 179.979133][ T6584] input: jJǸ-9%vJ86 as /devices/virtual/input/input20 [ 180.781969][ T6591] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 180.834976][ T6591] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 180.841900][ T6591] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 180.855234][ T6591] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 181.952027][ T6619] input: jJǸ-9%vJ86 as /devices/virtual/input/input21 [ 182.377587][ T6621] usb usb24: usbfs: process 6621 (syz.3.120) did not claim interface 0 before use [ 182.864501][ T5854] Bluetooth: hci3: command 0x0c1a tx timeout [ 182.870837][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 182.870892][ T5847] Bluetooth: hci1: command 0x0c1a tx timeout [ 182.877172][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 184.208696][ T6641] input: jJǸ-9%vJ86 as /devices/virtual/input/input22 [ 185.211955][ T6656] input: jJǸ-9%vJ86 as /devices/virtual/input/input23 [ 186.486037][ T6669] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 186.542821][ T6669] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 186.575245][ T6669] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 186.621667][ T6669] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 186.964667][ T6681] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 186.996270][ T6681] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 187.114562][ T6681] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 187.159124][ T6681] page_type: f5(slab) [ 187.184621][ T6681] raw: 00fff00000000040 ffff88801b842140 dead000000000122 0000000000000000 [ 187.194615][ T6681] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 187.208887][ T6681] head: 00fff00000000040 ffff88801b842140 dead000000000122 0000000000000000 [ 187.218675][ T6681] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 187.228672][ T6681] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 187.238613][ T6681] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 187.247854][ T6681] page dumped because: unmovable page [ 187.253785][ T6681] page_owner tracks the page as allocated [ 187.262360][ T6681] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 49, tgid 49 (kworker/u8:3), ts 175436817232, free_ts 175368740271 [ 187.307125][ T6681] post_alloc_hook+0x1c0/0x230 [ 187.323620][ T6681] get_page_from_freelist+0x132b/0x38e0 [ 187.380087][ T6681] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 187.419073][ T6681] alloc_pages_mpol+0x1fb/0x550 [ 187.450066][ T6681] new_slab+0x247/0x330 [ 187.466103][ T6681] ___slab_alloc+0xd1e/0x1780 [ 187.487871][ T6681] __slab_alloc.constprop.0+0x56/0xb0 [ 187.637519][ T6681] __kmalloc_node_track_caller_noprof+0x2ee/0x510 [ 187.644800][ T6681] kmalloc_reserve+0xef/0x2c0 [ 187.650556][ T6681] __alloc_skb+0x166/0x380 [ 187.655711][ T6681] nsim_dev_trap_report_work+0x2b1/0xcf0 [ 187.664513][ T6681] process_one_work+0x9cc/0x1b70 [ 187.669753][ T6681] worker_thread+0x6c8/0xf10 [ 187.675991][ T6681] kthread+0x3c5/0x780 [ 187.680222][ T6681] ret_from_fork+0x5d7/0x6f0 [ 187.685068][ T6681] ret_from_fork_asm+0x1a/0x30 [ 187.690538][ T6681] page last free pid 5842 tgid 5842 stack trace: [ 187.750736][ T6681] __free_frozen_pages+0x7d5/0x10f0 [ 187.798160][ T6681] __put_partials+0x165/0x1c0 [ 187.828270][ T6681] qlist_free_all+0x4d/0x120 [ 187.870524][ T6681] kasan_quarantine_reduce+0x195/0x1e0 [ 187.885993][ T6681] __kasan_slab_alloc+0x69/0x90 [ 187.928278][ T6681] __kmalloc_node_track_caller_noprof+0x1d3/0x510 [ 187.950138][ T6681] kmalloc_reserve+0xef/0x2c0 [ 187.967553][ T6691] Process accounting resumed [ 187.975554][ T6681] __alloc_skb+0x166/0x380 [ 187.989459][ T6681] alloc_skb_with_frags+0xe0/0x860 [ 188.026774][ T6681] sock_alloc_send_pskb+0x7fb/0x990 [ 188.048720][ T6681] unix_dgram_sendmsg+0x3e9/0x17f0 [ 188.079365][ T6681] sock_write_iter+0x4fc/0x5b0 [ 188.084964][ T6681] vfs_write+0x6c7/0x1150 [ 188.089923][ T6681] ksys_write+0x1f8/0x250 [ 188.094841][ T6681] do_syscall_64+0xcd/0x490 [ 188.169660][ T6681] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 188.544595][ T5847] Bluetooth: hci1: command 0x0c1a tx timeout [ 188.546277][ T5857] Bluetooth: hci0: command 0x0c1a tx timeout [ 188.624508][ T5857] Bluetooth: hci3: command 0x0c1a tx timeout [ 188.632181][ T5857] Bluetooth: hci2: command 0x0c1a tx timeout [ 190.212837][ T6712] ubi0: attaching mtd0 [ 190.260496][ T6712] ubi0: scanning is finished [ 190.388812][ T6712] ubi0: empty MTD device detected [ 191.016493][ T6712] ubi0 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt0d", error -4 [ 191.964877][ T6729] binder: 6727:6729 unknown command 3 [ 191.981444][ T6729] binder: 6727:6729 ioctl c0306201 0 returned -22 [ 193.278697][ T6741] input: jJǸ-9%vJ86 as /devices/virtual/input/input25 [ 193.558203][ T6742] usb usb24: usbfs: process 6742 (syz.2.141) did not claim interface 0 before use [ 200.398483][ T6829] FAULT_INJECTION: forcing a failure. [ 200.398483][ T6829] name failslab, interval 1, probability 0, space 0, times 0 [ 200.430799][ T6829] CPU: 1 UID: 0 PID: 6829 Comm: syz.3.159 Tainted: G U 6.16.0-syzkaller-10499-g89748acdf226 #0 PREEMPT(full) [ 200.430855][ T6829] Tainted: [U]=USER [ 200.430866][ T6829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 200.430885][ T6829] Call Trace: [ 200.430896][ T6829] [ 200.430910][ T6829] dump_stack_lvl+0x16c/0x1f0 [ 200.430965][ T6829] should_fail_ex+0x512/0x640 [ 200.430994][ T6829] ? fs_reclaim_acquire+0xae/0x150 [ 200.431046][ T6829] ? tomoyo_init_log+0x1385/0x2140 [ 200.431092][ T6829] should_failslab+0xc2/0x120 [ 200.431133][ T6829] __kmalloc_noprof+0xd2/0x510 [ 200.431180][ T6829] tomoyo_init_log+0x1385/0x2140 [ 200.431240][ T6829] ? __pfx_tomoyo_init_log+0x10/0x10 [ 200.431276][ T6829] ? tomoyo_profile+0x47/0x60 [ 200.431329][ T6829] ? tomoyo_domain_quota_is_ok+0x2f6/0x5a0 [ 200.431389][ T6829] tomoyo_supervisor+0x302/0x13b0 [ 200.431436][ T6829] ? vsnprintf+0x318/0x1160 [ 200.431483][ T6829] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 200.431533][ T6829] ? __pfx_vsnprintf+0x10/0x10 [ 200.431597][ T6829] ? snprintf+0xc7/0x100 [ 200.431649][ T6829] ? __pfx___schedule+0x10/0x10 [ 200.431704][ T6829] tomoyo_audit_inet_log+0x285/0x3a0 [ 200.431748][ T6829] ? __pfx_tomoyo_audit_inet_log+0x10/0x10 [ 200.431804][ T6829] ? tomoyo_check_acl+0x1f7/0x410 [ 200.431850][ T6829] ? __pfx_tomoyo_check_inet_acl+0x10/0x10 [ 200.431894][ T6829] tomoyo_check_inet_address+0x5a3/0x6c0 [ 200.431937][ T6829] ? __pfx_tomoyo_check_inet_address+0x10/0x10 [ 200.432000][ T6829] tomoyo_socket_connect_permission+0x274/0x360 [ 200.432042][ T6829] ? __pfx_tomoyo_socket_connect_permission+0x10/0x10 [ 200.432091][ T6829] ? __might_fault+0xe3/0x190 [ 200.432125][ T6829] ? __might_fault+0x13b/0x190 [ 200.432169][ T6829] security_socket_connect+0x9b/0x240 [ 200.432220][ T6829] __sys_connect_file+0x8f/0x1a0 [ 200.432265][ T6829] __sys_connect+0x13b/0x160 [ 200.432306][ T6829] ? __pfx___sys_connect+0x10/0x10 [ 200.432362][ T6829] ? xfd_validate_state+0x61/0x180 [ 200.432421][ T6829] __x64_sys_connect+0x72/0xb0 [ 200.432459][ T6829] ? lockdep_hardirqs_on+0x7c/0x110 [ 200.432504][ T6829] do_syscall_64+0xcd/0x490 [ 200.432555][ T6829] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 200.432600][ T6829] RIP: 0033:0x7f54c3d8eb69 [ 200.432628][ T6829] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 200.432659][ T6829] RSP: 002b:00007f54c4c59038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 200.432701][ T6829] RAX: ffffffffffffffda RBX: 00007f54c3fb5fa0 RCX: 00007f54c3d8eb69 [ 200.432722][ T6829] RDX: 0000000000000054 RSI: 0000200000000080 RDI: 0000000000000003 [ 200.432741][ T6829] RBP: 00007f54c3e11df1 R08: 0000000000000000 R09: 0000000000000000 [ 200.432759][ T6829] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 200.432777][ T6829] R13: 0000000000000000 R14: 00007f54c3fb5fa0 R15: 00007ffcbb4bbb28 [ 200.432818][ T6829] [ 200.767481][ T6822] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 200.774822][ T6822] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 200.781176][ T6822] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 200.788281][ T6822] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 201.493644][ T6845] input: jJǸ-9%vJ86 as /devices/virtual/input/input26 [ 201.543640][ T6836] zswap: compressor 000 not available [ 202.064495][ T5857] Bluetooth: hci0: command 0x0c1a tx timeout [ 202.123742][ T6843] zswap: compressor not available [ 202.864704][ T5857] Bluetooth: hci3: command 0x0c1a tx timeout [ 202.871004][ T5857] Bluetooth: hci2: command 0x0c1a tx timeout [ 202.881724][ T5847] Bluetooth: hci1: command 0x0c1a tx timeout [ 203.841104][ T6878] FAULT_INJECTION: forcing a failure. [ 203.841104][ T6878] name failslab, interval 1, probability 0, space 0, times 0 [ 203.899062][ T6878] CPU: 1 UID: 0 PID: 6878 Comm: syz.0.168 Tainted: G U 6.16.0-syzkaller-10499-g89748acdf226 #0 PREEMPT(full) [ 203.899116][ T6878] Tainted: [U]=USER [ 203.899127][ T6878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 203.899145][ T6878] Call Trace: [ 203.899155][ T6878] [ 203.899167][ T6878] dump_stack_lvl+0x16c/0x1f0 [ 203.899220][ T6878] should_fail_ex+0x512/0x640 [ 203.899252][ T6878] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 203.899305][ T6878] should_failslab+0xc2/0x120 [ 203.899348][ T6878] __kmalloc_cache_noprof+0x6a/0x3e0 [ 203.899380][ T6878] ? ima_add_digest_entry+0x52/0x540 [ 203.899428][ T6878] ima_add_digest_entry+0x52/0x540 [ 203.899566][ T6878] ima_add_template_entry+0x452/0x870 [ 203.899628][ T6878] ? __pfx_ima_add_template_entry+0x10/0x10 [ 203.899669][ T6878] ? __kmalloc_noprof+0x242/0x510 [ 203.899714][ T6878] ? ima_calc_field_array_hash+0x371/0x440 [ 203.899773][ T6878] ima_store_template+0xda/0x150 [ 203.899826][ T6878] ima_store_measurement+0x224/0x5c0 [ 203.899885][ T6878] ? __pfx_ima_store_measurement+0x10/0x10 [ 203.899938][ T6878] ? vfs_getxattr_alloc+0xec/0x340 [ 203.899988][ T6878] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 203.900040][ T6878] process_measurement+0x1ddb/0x23e0 [ 203.900111][ T6878] ? __mutex_trylock_common+0xe9/0x250 [ 203.900171][ T6878] ? __pfx_process_measurement+0x10/0x10 [ 203.900219][ T6878] ? __pfx___might_resched+0x10/0x10 [ 203.900256][ T6878] ? rcu_is_watching+0x12/0xc0 [ 203.900294][ T6878] ? tracing_check_open_get_tr.part.0+0xad/0x130 [ 203.900377][ T6878] ? tracing_check_open_get_tr.part.0+0xb2/0x130 [ 203.900424][ T6878] ? inode_to_bdi+0x9e/0x160 [ 203.900484][ T6878] ima_file_check+0xc5/0x110 [ 203.900529][ T6878] ? __pfx_ima_file_check+0x10/0x10 [ 203.900584][ T6878] security_file_post_open+0x8e/0x210 [ 203.900621][ T6878] path_openat+0x1404/0x2cb0 [ 203.900674][ T6878] ? __pfx_path_openat+0x10/0x10 [ 203.900716][ T6878] ? __lock_acquire+0xb8a/0x1c90 [ 203.900764][ T6878] do_filp_open+0x20b/0x470 [ 203.900803][ T6878] ? __pfx_do_filp_open+0x10/0x10 [ 203.900874][ T6878] ? alloc_fd+0x471/0x7d0 [ 203.900919][ T6878] do_sys_openat2+0x11b/0x1d0 [ 203.900970][ T6878] ? __pfx_do_sys_openat2+0x10/0x10 [ 203.901036][ T6878] __x64_sys_openat+0x174/0x210 [ 203.901088][ T6878] ? __pfx___x64_sys_openat+0x10/0x10 [ 203.901156][ T6878] do_syscall_64+0xcd/0x490 [ 203.901210][ T6878] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 203.901244][ T6878] RIP: 0033:0x7fa26df8eb69 [ 203.901272][ T6878] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 203.901304][ T6878] RSP: 002b:00007fa26edec038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 203.901335][ T6878] RAX: ffffffffffffffda RBX: 00007fa26e1b6080 RCX: 00007fa26df8eb69 [ 203.901357][ T6878] RDX: 0000000000080100 RSI: 0000200000008140 RDI: ffffffffffffff9c [ 203.901376][ T6878] RBP: 00007fa26e011df1 R08: 0000000000000000 R09: 0000000000000000 [ 203.901393][ T6878] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 203.901410][ T6878] R13: 0000000000000000 R14: 00007fa26e1b6080 R15: 00007ffc7f788b08 [ 203.901449][ T6878] [ 203.901473][ T6878] ima: OUT OF MEMORY ERROR creating queue entry [ 204.260843][ T30] audit: type=1804 audit(333.480:3): pid=6878 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=add_template_measure cause=ENOMEM comm="syz.0.168" name="/newroot/sys/kernel/tracing/per_cpu/cpu1/buffer_size_kb" dev="tracefs" ino=1302 res=0 errno=0 [ 205.441878][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 205.451493][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 206.828517][ T6912] FAULT_INJECTION: forcing a failure. [ 206.828517][ T6912] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 206.954362][ T6912] CPU: 0 UID: 0 PID: 6912 Comm: syz.2.177 Tainted: G U 6.16.0-syzkaller-10499-g89748acdf226 #0 PREEMPT(full) [ 206.954411][ T6912] Tainted: [U]=USER [ 206.954420][ T6912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 206.954437][ T6912] Call Trace: [ 206.954446][ T6912] [ 206.954458][ T6912] dump_stack_lvl+0x16c/0x1f0 [ 206.954508][ T6912] should_fail_ex+0x512/0x640 [ 206.954548][ T6912] _copy_to_user+0x32/0xd0 [ 206.954593][ T6912] simple_read_from_buffer+0xcb/0x170 [ 206.954645][ T6912] proc_fail_nth_read+0x197/0x240 [ 206.954677][ T6912] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 206.954711][ T6912] ? rw_verify_area+0xcf/0x6c0 [ 206.954740][ T6912] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 206.954772][ T6912] vfs_read+0x1e4/0xc60 [ 206.954809][ T6912] ? __pfx___mutex_lock+0x10/0x10 [ 206.954856][ T6912] ? __pfx_vfs_read+0x10/0x10 [ 206.954899][ T6912] ? __fget_files+0x20e/0x3c0 [ 206.954951][ T6912] ksys_read+0x12a/0x250 [ 206.954985][ T6912] ? __pfx_ksys_read+0x10/0x10 [ 206.955114][ T6912] do_syscall_64+0xcd/0x490 [ 206.955165][ T6912] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 206.955198][ T6912] RIP: 0033:0x7fb01b78d57c [ 206.955223][ T6912] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 206.955252][ T6912] RSP: 002b:00007fb01c624030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 206.955284][ T6912] RAX: ffffffffffffffda RBX: 00007fb01b9b5fa0 RCX: 00007fb01b78d57c [ 206.955304][ T6912] RDX: 000000000000000f RSI: 00007fb01c6240a0 RDI: 0000000000000005 [ 206.955322][ T6912] RBP: 00007fb01c624090 R08: 0000000000000000 R09: 0000000000000000 [ 206.955339][ T6912] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 206.955356][ T6912] R13: 0000000000000000 R14: 00007fb01b9b5fa0 R15: 00007fff27186c58 [ 206.955397][ T6912] [ 207.881048][ T6930] netlink: 28 bytes leftover after parsing attributes in process `syz.2.183'. [ 207.938419][ T6930] bridge_slave_1: left allmulticast mode [ 207.984087][ T6930] bridge_slave_1: left promiscuous mode [ 207.991271][ T6930] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.026138][ T6930] bridge_slave_0: left allmulticast mode [ 208.061939][ T6930] bridge_slave_0: left promiscuous mode [ 208.069295][ T6930] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.374360][ T6938] input: jJǸ-9%vJ86 as /devices/virtual/input/input27 [ 209.521649][ T6947] misc userio: No port type given on /dev/userio [ 209.941221][ T6956] FAULT_INJECTION: forcing a failure. [ 209.941221][ T6956] name fail_futex, interval 1, probability 0, space 0, times 1 [ 210.065490][ T6956] CPU: 0 UID: 0 PID: 6956 Comm: syz.3.188 Tainted: G U 6.16.0-syzkaller-10499-g89748acdf226 #0 PREEMPT(full) [ 210.065539][ T6956] Tainted: [U]=USER [ 210.065548][ T6956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 210.065564][ T6956] Call Trace: [ 210.065573][ T6956] [ 210.065586][ T6956] dump_stack_lvl+0x16c/0x1f0 [ 210.065639][ T6956] should_fail_ex+0x512/0x640 [ 210.065676][ T6956] get_futex_key+0x1d0/0x1540 [ 210.065720][ T6956] ? __pfx_get_futex_key+0x10/0x10 [ 210.065758][ T6956] ? tracing_entries_read+0x464/0x630 [ 210.065798][ T6956] futex_wake+0xea/0x530 [ 210.065851][ T6956] ? __pfx_futex_wake+0x10/0x10 [ 210.065892][ T6956] ? __pfx_tracing_entries_read+0x10/0x10 [ 210.065923][ T6956] ? ksys_read+0x190/0x250 [ 210.065958][ T6956] do_futex+0x1e3/0x350 [ 210.065992][ T6956] ? __pfx_do_futex+0x10/0x10 [ 210.066036][ T6956] __x64_sys_futex+0x1e0/0x4c0 [ 210.066071][ T6956] ? fput+0x70/0xf0 [ 210.066105][ T6956] ? __pfx___x64_sys_futex+0x10/0x10 [ 210.066138][ T6956] ? ksys_read+0x1ac/0x250 [ 210.066165][ T6956] ? __pfx_ksys_read+0x10/0x10 [ 210.066204][ T6956] do_syscall_64+0xcd/0x490 [ 210.066248][ T6956] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 210.066276][ T6956] RIP: 0033:0x7f54c3d8eb69 [ 210.066298][ T6956] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 210.066326][ T6956] RSP: 002b:00007f54c4c380e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 210.066353][ T6956] RAX: ffffffffffffffda RBX: 00007f54c3fb6088 RCX: 00007f54c3d8eb69 [ 210.066371][ T6956] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f54c3fb608c [ 210.066388][ T6956] RBP: 00007f54c3fb6080 R08: 00007f54c4c5a000 R09: 0000000000000000 [ 210.066406][ T6956] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f54c3fb608c [ 210.066423][ T6956] R13: 0000000000000000 R14: 00007ffcbb4bba40 R15: 00007ffcbb4bbb28 [ 210.066483][ T6956] [ 210.069178][ T6951] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input28 [ 210.502656][ T6964] input: jJǸ-9%vJ86 as /devices/virtual/input/input29 [ 210.892268][ T6966] usb usb24: usbfs: process 6966 (syz.1.189) did not claim interface 0 before use [ 210.932313][ T6972] input: jJǸ-9%vJ86 as /devices/virtual/input/input30 [ 211.317618][ T6972] usb usb24: usbfs: process 6972 (syz.3.190) did not claim interface 0 before use [ 211.808536][ T6959] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input31 [ 214.184794][ T7002] netlink: 4 bytes leftover after parsing attributes in process `syz.0.195'. [ 215.498763][ T7023] mmap: syz.0.198 (7023) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 215.713465][ T7029] input: jJǸ-9%vJ86 as /devices/virtual/input/input32 [ 216.229185][ T7032] usb usb24: usbfs: process 7032 (syz.1.200) did not claim interface 0 before use [ 219.198628][ T7046] Process accounting paused [ 219.866458][ T7076] input: jJǸ-9%vJ86 as /devices/virtual/input/input33 [ 220.951472][ T7090] FAULT_INJECTION: forcing a failure. [ 220.951472][ T7090] name failslab, interval 1, probability 0, space 0, times 0 [ 221.053259][ T7090] CPU: 1 UID: 0 PID: 7090 Comm: syz.3.214 Tainted: G U 6.16.0-syzkaller-10499-g89748acdf226 #0 PREEMPT(full) [ 221.053311][ T7090] Tainted: [U]=USER [ 221.053321][ T7090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 221.053339][ T7090] Call Trace: [ 221.053349][ T7090] [ 221.053360][ T7090] dump_stack_lvl+0x16c/0x1f0 [ 221.053404][ T7090] should_fail_ex+0x512/0x640 [ 221.053429][ T7090] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 221.053459][ T7090] should_failslab+0xc2/0x120 [ 221.053493][ T7090] __kmalloc_cache_noprof+0x6a/0x3e0 [ 221.053520][ T7090] ? alloc_super+0x52/0xbd0 [ 221.053555][ T7090] alloc_super+0x52/0xbd0 [ 221.053579][ T7090] ? sget_fc+0xd3/0xc20 [ 221.053611][ T7090] sget_fc+0x116/0xc20 [ 221.053638][ T7090] ? __pfx_set_anon_super_fc+0x10/0x10 [ 221.053700][ T7090] ? __pfx_dlmfs_fill_super+0x10/0x10 [ 221.053738][ T7090] get_tree_nodev+0x28/0x190 [ 221.053769][ T7090] vfs_get_tree+0x8e/0x340 [ 221.053809][ T7090] vfs_cmd_create+0xd7/0x2a0 [ 221.053845][ T7090] __do_sys_fsconfig+0x7b8/0xbe0 [ 221.053883][ T7090] ? __pfx___do_sys_fsconfig+0x10/0x10 [ 221.053920][ T7090] ? fput+0x70/0xf0 [ 221.053974][ T7090] do_syscall_64+0xcd/0x490 [ 221.054015][ T7090] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 221.054043][ T7090] RIP: 0033:0x7f54c3d8eb69 [ 221.054063][ T7090] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 221.054087][ T7090] RSP: 002b:00007f54c4c59038 EFLAGS: 00000246 ORIG_RAX: 00000000000001af [ 221.054111][ T7090] RAX: ffffffffffffffda RBX: 00007f54c3fb5fa0 RCX: 00007f54c3d8eb69 [ 221.054129][ T7090] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000008 [ 221.054144][ T7090] RBP: 00007f54c4c59090 R08: 0000000000000000 R09: 0000000000000000 [ 221.054159][ T7090] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 221.054174][ T7090] R13: 0000000000000000 R14: 00007f54c3fb5fa0 R15: 00007ffcbb4bbb28 [ 221.054206][ T7090] [ 225.935363][ T7144] ubi0: attaching mtd0 [ 225.961310][ T7144] ubi0: scanning is finished [ 226.326022][ T7144] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 226.368442][ T7144] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 226.421257][ T7144] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 226.478760][ T7144] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 226.548303][ T7144] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 226.631702][ T7144] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 226.894806][ T7144] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2118469687 [ 226.954536][ T7144] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 226.990817][ T7147] ubi0: detaching mtd0 [ 226.991746][ T7153] ubi0: background thread "ubi_bgt0d" started, PID 7153 [ 227.041628][ T7147] ubi0: mtd0 is detached [ 227.854682][ T7172] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input35 [ 228.619483][ T7175] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input36 g&[ 234.250137][ T7244] FAULT_INJECTION: forcing a failure. [ 234.250137][ T7244] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 234.292931][ T7244] CPU: 0 UID: 0 PID: 7244 Comm: syz.2.247 Tainted: G U 6.16.0-syzkaller-10499-g89748acdf226 #0 PREEMPT(full) [ 234.292969][ T7244] Tainted: [U]=USER [ 234.292976][ T7244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 234.292989][ T7244] Call Trace: [ 234.292996][ T7244] [ 234.293005][ T7244] dump_stack_lvl+0x16c/0x1f0 [ 234.293051][ T7244] should_fail_ex+0x512/0x640 [ 234.293077][ T7244] strncpy_from_user+0x3b/0x2e0 [ 234.293114][ T7244] getname_flags.part.0+0x8f/0x550 [ 234.293151][ T7244] getname_flags+0x93/0xf0 [ 234.293173][ T7244] do_sys_openat2+0xb8/0x1d0 [ 234.293206][ T7244] ? __pfx_do_sys_openat2+0x10/0x10 [ 234.293241][ T7244] ? __fget_files+0x20e/0x3c0 [ 234.293270][ T7244] __x64_sys_open+0x153/0x1e0 [ 234.293302][ T7244] ? __pfx___x64_sys_open+0x10/0x10 [ 234.293341][ T7244] ? rcu_is_watching+0x12/0xc0 [ 234.293365][ T7244] do_syscall_64+0xcd/0x490 [ 234.293399][ T7244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 234.293422][ T7244] RIP: 0033:0x7fb01b78eb69 [ 234.293440][ T7244] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 234.293462][ T7244] RSP: 002b:00007fb01c603038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 234.293482][ T7244] RAX: ffffffffffffffda RBX: 00007fb01b9b6080 RCX: 00007fb01b78eb69 [ 234.293498][ T7244] RDX: 0000000000000100 RSI: 0000000000161342 RDI: 0000200000000000 [ 234.293512][ T7244] RBP: 00007fb01c603090 R08: 0000000000000000 R09: 0000000000000000 [ 234.293526][ T7244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 234.293539][ T7244] R13: 0000000000000001 R14: 00007fb01b9b6080 R15: 00007fff27186c58 [ 234.293568][ T7244] [ 235.055527][ T7250] input: jJǸ-9%vJ86 as /devices/virtual/input/input37 [ 235.289075][ T7254] usb usb24: usbfs: process 7254 (syz.0.249) did not claim interface 0 before use [ 235.489008][ T7256] vhci_hcd: default hub control req: 0000 v0000 i0000 l0 [ 237.080661][ T7268] Invalid ELF header magic: != ELF [ 238.350330][ T7288] input: jJǸ-9%vJ86 as /devices/virtual/input/input38 [ 239.127890][ T7275] ptrace attach of "./syz-executor exec"[5844] was attempted by "./syz-executor exec"[7275] [ 239.484502][ T7296] FAULT_INJECTION: forcing a failure. [ 239.484502][ T7296] name fail_futex, interval 1, probability 0, space 0, times 0 [ 239.524488][ T7296] CPU: 0 UID: 0 PID: 7296 Comm: syz.0.257 Tainted: G U 6.16.0-syzkaller-10499-g89748acdf226 #0 PREEMPT(full) [ 239.524537][ T7296] Tainted: [U]=USER [ 239.524544][ T7296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 239.524557][ T7296] Call Trace: [ 239.524564][ T7296] [ 239.524573][ T7296] dump_stack_lvl+0x16c/0x1f0 [ 239.524617][ T7296] should_fail_ex+0x512/0x640 [ 239.524643][ T7296] get_futex_key+0xf36/0x1540 [ 239.524674][ T7296] ? __pfx_get_futex_key+0x10/0x10 [ 239.524698][ T7296] ? find_held_lock+0x2b/0x80 [ 239.524729][ T7296] ? __lock_acquire+0x622/0x1c90 [ 239.524764][ T7296] futex_requeue+0x1f9/0x2030 [ 239.524804][ T7296] ? find_held_lock+0x2b/0x80 [ 239.524825][ T7296] ? __pfx_futex_requeue+0x10/0x10 [ 239.524862][ T7296] ? get_pid_task+0x106/0x250 [ 239.524896][ T7296] ? find_held_lock+0x2b/0x80 [ 239.524922][ T7296] ? find_held_lock+0x2b/0x80 [ 239.524944][ T7296] ? ksys_write+0x190/0x250 [ 239.524973][ T7296] do_futex+0x1ad/0x350 [ 239.525004][ T7296] ? __pfx_do_futex+0x10/0x10 [ 239.525052][ T7296] __x64_sys_futex+0x1e0/0x4c0 [ 239.525085][ T7296] ? fput+0x70/0xf0 [ 239.525115][ T7296] ? __pfx___x64_sys_futex+0x10/0x10 [ 239.525141][ T7296] ? ksys_write+0x1ac/0x250 [ 239.525164][ T7296] ? __pfx_ksys_write+0x10/0x10 [ 239.525197][ T7296] do_syscall_64+0xcd/0x490 [ 239.525232][ T7296] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.525254][ T7296] RIP: 0033:0x7fa26df8eb69 [ 239.525271][ T7296] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 239.525292][ T7296] RSP: 002b:00007fa26edec038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 239.525313][ T7296] RAX: ffffffffffffffda RBX: 00007fa26e1b6080 RCX: 00007fa26df8eb69 [ 239.525328][ T7296] RDX: 000000000000001f RSI: 0000000000000003 RDI: 0000200000000080 [ 239.525342][ T7296] RBP: 00007fa26edec090 R08: 0000200000000100 R09: 00000000440a48d3 [ 239.525357][ T7296] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 239.525377][ T7296] R13: 0000000000000001 R14: 00007fa26e1b6080 R15: 00007ffc7f788b08 [ 239.525405][ T7296] [ 240.136441][ T7299] input: jJǸ-9%vJ86 as /devices/virtual/input/input39 [ 240.729060][ T7309] netlink: 28 bytes leftover after parsing attributes in process `syz.3.259'. [ 244.343752][ T7361] input: jJǸ-9%vJ86 as /devices/virtual/input/input40 [ 244.758409][ T7363] usb usb24: usbfs: process 7363 (syz.1.273) did not claim interface 0 before use [ 245.387652][ T7377] aoe: skb alloc failure [ 245.408939][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 245.415875][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 245.426370][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 245.438022][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 245.455968][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 245.462469][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 245.479454][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 245.486864][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 247.126651][ T7404] netlink: 28 bytes leftover after parsing attributes in process `syz.2.282'. [ 247.136838][ T7404] hsr_slave_0: left promiscuous mode [ 247.173163][ T7404] hsr_slave_1: left promiscuous mode [ 248.739375][ T7420] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 250.331670][ T7431] Process accounting resumed [ 250.649400][ T7443] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input41 [ 250.875552][ T7444] FAULT_INJECTION: forcing a failure. [ 250.875552][ T7444] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 250.930424][ T7444] CPU: 1 UID: 0 PID: 7444 Comm: syz.0.291 Tainted: G U 6.16.0-syzkaller-10499-g89748acdf226 #0 PREEMPT(full) [ 250.930471][ T7444] Tainted: [U]=USER [ 250.930480][ T7444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 250.930496][ T7444] Call Trace: [ 250.930505][ T7444] [ 250.930516][ T7444] dump_stack_lvl+0x16c/0x1f0 [ 250.930567][ T7444] should_fail_ex+0x512/0x640 [ 250.930600][ T7444] _copy_from_user+0x2e/0xd0 [ 250.930635][ T7444] snd_rawmidi_kernel_write1+0x50a/0x8a0 [ 250.930683][ T7444] snd_rawmidi_write+0x26e/0xc10 [ 250.930729][ T7444] ? __pfx_snd_rawmidi_write+0x10/0x10 [ 250.930767][ T7444] ? __pfx_default_wake_function+0x10/0x10 [ 250.930802][ T7444] ? bpf_lsm_file_permission+0x9/0x10 [ 250.930849][ T7444] ? security_file_permission+0x71/0x210 [ 250.930884][ T7444] ? rw_verify_area+0xcf/0x6c0 [ 250.930916][ T7444] ? __pfx_snd_rawmidi_write+0x10/0x10 [ 250.930949][ T7444] vfs_write+0x29d/0x1150 [ 250.930990][ T7444] ? __pfx_vfs_write+0x10/0x10 [ 250.931021][ T7444] ? find_held_lock+0x2b/0x80 [ 250.931050][ T7444] ? __fget_files+0x204/0x3c0 [ 250.931086][ T7444] ? __fget_files+0x20e/0x3c0 [ 250.931127][ T7444] ksys_write+0x1f8/0x250 [ 250.931160][ T7444] ? __pfx_ksys_write+0x10/0x10 [ 250.931204][ T7444] do_syscall_64+0xcd/0x490 [ 250.931252][ T7444] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 250.931293][ T7444] RIP: 0033:0x7fa26df8eb69 [ 250.931318][ T7444] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 250.931346][ T7444] RSP: 002b:00007fa26edec038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 250.931375][ T7444] RAX: ffffffffffffffda RBX: 00007fa26e1b6080 RCX: 00007fa26df8eb69 [ 250.931394][ T7444] RDX: 000000100000a3d9 RSI: 00002000000000c0 RDI: 0000000000000007 [ 250.931412][ T7444] RBP: 00007fa26edec090 R08: 0000000000000000 R09: 0000000000000000 [ 250.931429][ T7444] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 250.931446][ T7444] R13: 0000000000000000 R14: 00007fa26e1b6080 R15: 00007ffc7f788b08 [ 250.931483][ T7444] [ 251.152655][ C1] vkms_vblank_simulate: vblank timer overrun [ 251.358877][ T7445] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input42 [ 251.393916][ T7449] __vm_enough_memory: pid: 7449, comm: syz.0.291, bytes: 4398046511104 not enough memory for the allocation [ 251.719003][ T7455] input: jJǸ-9%vJ86 as /devices/virtual/input/input43 [ 252.042299][ T7459] random: crng reseeded on system resumption [ 252.152866][ T7455] usb usb24: usbfs: process 7455 (syz.1.292) did not claim interface 0 before use [ 252.190830][ T7459] binder: 7458:7459 ioctl 1260 7fffffffffffffff returned -22 [ 252.542820][ T7467] input: jJǸ-9%vJ86 as /devices/virtual/input/input44 [ 253.476210][ T7478] ecryptfs_miscdev_write: Minimum acceptable packet size is [14], but amount of data written is only [5]. Discarding response packet. [ 253.617687][ T7478] FAULT_INJECTION: forcing a failure. [ 253.617687][ T7478] name failslab, interval 1, probability 0, space 0, times 0 [ 253.652711][ T7478] CPU: 0 UID: 0 PID: 7478 Comm: syz.1.296 Tainted: G U 6.16.0-syzkaller-10499-g89748acdf226 #0 PREEMPT(full) [ 253.652752][ T7478] Tainted: [U]=USER [ 253.652760][ T7478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 253.652774][ T7478] Call Trace: [ 253.652782][ T7478] [ 253.652791][ T7478] dump_stack_lvl+0x16c/0x1f0 [ 253.652832][ T7478] should_fail_ex+0x512/0x640 [ 253.652854][ T7478] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 253.652898][ T7478] should_failslab+0xc2/0x120 [ 253.652929][ T7478] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 253.652957][ T7478] ? find_held_lock+0x2b/0x80 [ 253.652978][ T7478] ? sock_alloc_inode+0x25/0x1c0 [ 253.653006][ T7478] ? __pfx_sock_alloc_inode+0x10/0x10 [ 253.653026][ T7478] sock_alloc_inode+0x25/0x1c0 [ 253.653047][ T7478] alloc_inode+0x61/0x240 [ 253.653079][ T7478] sock_alloc+0x40/0x280 [ 253.653115][ T7478] __sock_create+0xc1/0x8d0 [ 253.653144][ T7478] __sys_socketpair+0x1d8/0x5a0 [ 253.653173][ T7478] ? __pfx___sys_socketpair+0x10/0x10 [ 253.653198][ T7478] ? __pfx_blkcg_maybe_throttle_current+0x10/0x10 [ 253.653234][ T7478] ? xfd_validate_state+0x61/0x180 [ 253.653282][ T7478] __x64_sys_socketpair+0x96/0x100 [ 253.653310][ T7478] ? lockdep_hardirqs_on+0x7c/0x110 [ 253.653343][ T7478] do_syscall_64+0xcd/0x490 [ 253.653383][ T7478] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 253.653407][ T7478] RIP: 0033:0x7fe58a18eb69 [ 253.653426][ T7478] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 253.653448][ T7478] RSP: 002b:00007fe58b076038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 253.653470][ T7478] RAX: ffffffffffffffda RBX: 00007fe58a3b5fa0 RCX: 00007fe58a18eb69 [ 253.653486][ T7478] RDX: 8000000000000000 RSI: 0000000000000002 RDI: 0000000000000001 [ 253.653500][ T7478] RBP: 00007fe58a211df1 R08: 0000000000000000 R09: 0000000000000000 [ 253.653515][ T7478] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 253.653529][ T7478] R13: 0000000000000000 R14: 00007fe58a3b5fa0 R15: 00007ffff60269a8 [ 253.653558][ T7478] [ 253.653702][ T7478] socket: no more sockets [ 254.846011][ T5854] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 254.846064][ T5854] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 254.865863][ T5854] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 254.866171][ T5854] Bluetooth: hci3: Malformed LE Event: 0x0d [ 255.484388][ T30] audit: type=1804 audit(384.700:4): pid=7502 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.301" name="/newroot/sys/kernel/debug/tracing/events/vmalloc/alloc_vmap_area/filter" dev="tracefs" ino=19680823 res=1 errno=0 [ 255.511194][ C1] vkms_vblank_simulate: vblank timer overrun [ 256.651018][ T7521] FAULT_INJECTION: forcing a failure. [ 256.651018][ T7521] name failslab, interval 1, probability 0, space 0, times 0 [ 256.673243][ T7521] CPU: 0 UID: 0 PID: 7521 Comm: syz.2.306 Tainted: G U 6.16.0-syzkaller-10499-g89748acdf226 #0 PREEMPT(full) [ 256.673297][ T7521] Tainted: [U]=USER [ 256.673308][ T7521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 256.673325][ T7521] Call Trace: [ 256.673336][ T7521] [ 256.673348][ T7521] dump_stack_lvl+0x16c/0x1f0 [ 256.673402][ T7521] should_fail_ex+0x512/0x640 [ 256.673432][ T7521] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 256.673469][ T7521] ? __pfx_stats_fop_open+0x10/0x10 [ 256.673509][ T7521] should_failslab+0xc2/0x120 [ 256.673553][ T7521] __kmalloc_cache_noprof+0x6a/0x3e0 [ 256.673586][ T7521] ? __pfx___debugfs_file_get+0x10/0x10 [ 256.673626][ T7521] ? sc_common_open+0x46/0x200 [ 256.673665][ T7521] ? __pfx_apparmor_file_open+0x10/0x10 [ 256.673716][ T7521] ? __pfx_stats_fop_open+0x10/0x10 [ 256.673757][ T7521] sc_common_open+0x46/0x200 [ 256.673810][ T7521] full_proxy_open_regular+0x1b9/0x360 [ 256.673863][ T7521] do_dentry_open+0x97f/0x1530 [ 256.674006][ T7521] ? __pfx_full_proxy_open_regular+0x10/0x10 [ 256.674069][ T7521] vfs_open+0x82/0x3f0 [ 256.674189][ T7521] path_openat+0x1de4/0x2cb0 [ 256.674251][ T7521] ? __pfx_path_openat+0x10/0x10 [ 256.674290][ T7521] ? __lock_acquire+0xb8a/0x1c90 [ 256.674335][ T7521] do_filp_open+0x20b/0x470 [ 256.674370][ T7521] ? __pfx_do_filp_open+0x10/0x10 [ 256.674434][ T7521] ? alloc_fd+0x471/0x7d0 [ 256.674477][ T7521] do_sys_openat2+0x11b/0x1d0 [ 256.674526][ T7521] ? __pfx_do_sys_openat2+0x10/0x10 [ 256.674590][ T7521] __x64_sys_openat+0x174/0x210 [ 256.674649][ T7521] ? __pfx___x64_sys_openat+0x10/0x10 [ 256.674728][ T7521] do_syscall_64+0xcd/0x490 [ 256.675203][ T7521] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 256.675236][ T7521] RIP: 0033:0x7fb01b78eb69 [ 256.675260][ T7521] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 256.675291][ T7521] RSP: 002b:00007fb01c624038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 256.675320][ T7521] RAX: ffffffffffffffda RBX: 00007fb01b9b5fa0 RCX: 00007fb01b78eb69 [ 256.675340][ T7521] RDX: 0000000000145440 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 256.675360][ T7521] RBP: 00007fb01b811df1 R08: 0000000000000000 R09: 0000000000000000 [ 256.675378][ T7521] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 256.675396][ T7521] R13: 0000000000000000 R14: 00007fb01b9b5fa0 R15: 00007fff27186c58 [ 256.675434][ T7521] [ 260.135025][ T7563] netlink: 294 bytes leftover after parsing attributes in process `syz.3.313'. [ 260.734586][ T7569] input: jJǸ-9%vJ86 as /devices/virtual/input/input45 [ 261.104110][ T7576] Process accounting resumed [ 261.209648][ T7575] binder: 7574:7575 ioctl c0306201 0 returned -14 [ 262.586992][ T7594] input: jJǸ-9%vJ86 as /devices/virtual/input/input46 [ 262.871582][ T7600] netlink: 13832 bytes leftover after parsing attributes in process `syz.0.322'. [ 262.931031][ T7597] usb usb24: usbfs: process 7597 (syz.2.321) did not claim interface 0 before use [ 266.870550][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 266.877154][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 270.655107][ T7698] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 270.715541][ T7698] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 270.722177][ T7698] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 270.857486][ T7698] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 272.704587][ T5857] Bluetooth: hci0: command 0x0c1a tx timeout [ 272.784422][ T5857] Bluetooth: hci2: command 0x0c1a tx timeout [ 272.784477][ T5854] Bluetooth: hci1: command 0x0c1a tx timeout [ 272.864415][ T5854] Bluetooth: hci3: command 0x0c1a tx timeout [ 273.351429][ T7729] binder: 7728:7729 unknown command 3 [ 273.434983][ T7729] binder: 7728:7729 ioctl c0306201 0 returned -22 [ 274.267349][ T7731] syz.0.348 (7731): /proc/7718/oom_adj is deprecated, please use /proc/7718/oom_score_adj instead. [ 277.057522][ T7767] input: jJǸ-9%vJ86 as /devices/virtual/input/input47 [ 277.199482][ T7774] netlink: 'syz.2.358': attribute type 1 has an invalid length. [ 277.326026][ T7776] usb usb24: usbfs: process 7776 (syz.1.357) did not claim interface 0 before use [ 279.361853][ T7799] input: jJǸ-9%vJ86 as /devices/virtual/input/input48 [ 279.816830][ T7805] [ 279.819276][ T7805] ====================================================== [ 279.826503][ T7805] WARNING: possible circular locking dependency detected [ 279.833780][ T7805] 6.16.0-syzkaller-10499-g89748acdf226 #0 Tainted: G U [ 279.842495][ T7805] ------------------------------------------------------ [ 279.851310][ T7805] syz.2.364/7805 is trying to acquire lock: [ 279.857574][ T7805] ffffffff8e75a5c0 (fs_reclaim){+.+.}-{0:0}, at: prepare_alloc_pages+0x162/0x610 [ 279.867186][ T7805] [ 279.867186][ T7805] but task is already holding lock: [ 279.875076][ T7805] ffffffff8e726d68 (pcpu_alloc_mutex){+.+.}-{4:4}, at: pcpu_alloc_noprof+0xb4c/0x1470 [ 279.884918][ T7805] [ 279.884918][ T7805] which lock already depends on the new lock. [ 279.884918][ T7805] [ 279.895793][ T7805] [ 279.895793][ T7805] the existing dependency chain (in reverse order) is: [ 279.905297][ T7805] [ 279.905297][ T7805] -> #3 (pcpu_alloc_mutex){+.+.}-{4:4}: [ 279.913445][ T7805] __mutex_lock+0x191/0x1070 [ 279.918737][ T7805] pcpu_alloc_noprof+0xb4c/0x1470 [ 279.925046][ T7805] sbitmap_init_node+0x2fd/0x770 [ 279.930933][ T7805] sbitmap_queue_init_node+0x41/0x560 [ 279.937000][ T7805] blk_mq_init_tags+0x12d/0x2b0 [ 279.943038][ T7805] blk_mq_alloc_map_and_rqs+0x237/0xf60 [ 279.949378][ T7805] blk_mq_init_sched+0x30c/0x610 [ 279.955025][ T7805] elevator_switch+0x1e1/0x7f0 [ 279.960418][ T7805] elevator_change+0x2ac/0x400 [ 279.966020][ T7805] elevator_set_default+0x2c4/0x360 [ 279.971885][ T7805] blk_register_queue+0x393/0x4f0 [ 279.977559][ T7805] __add_disk+0x74a/0xf00 [ 279.982730][ T7805] add_disk_fwnode+0x13f/0x5d0 [ 279.988153][ T7805] nbd_dev_add+0x783/0xbb0 [ 279.994118][ T7805] nbd_init+0x181/0x320 [ 279.998965][ T7805] do_one_initcall+0x120/0x6e0 [ 280.004775][ T7805] kernel_init_freeable+0x5c2/0x900 [ 280.011100][ T7805] kernel_init+0x1c/0x2b0 [ 280.016190][ T7805] ret_from_fork+0x5d7/0x6f0 [ 280.021473][ T7805] ret_from_fork_asm+0x1a/0x30 [ 280.027240][ T7805] [ 280.027240][ T7805] -> #2 (&q->elevator_lock){+.+.}-{4:4}: [ 280.035623][ T7805] __mutex_lock+0x191/0x1070 [ 280.041435][ T7805] elevator_change+0x103/0x400 [ 280.047139][ T7805] elv_iosched_store+0x2eb/0x3a0 [ 280.053018][ T7805] queue_attr_store+0x268/0x310 [ 280.058899][ T7805] sysfs_kf_write+0xef/0x150 [ 280.064303][ T7805] kernfs_fop_write_iter+0x354/0x510 [ 280.070287][ T7805] vfs_write+0x6c7/0x1150 [ 280.075270][ T7805] ksys_write+0x12a/0x250 [ 280.080181][ T7805] do_syscall_64+0xcd/0x490 [ 280.085352][ T7805] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 280.092253][ T7805] [ 280.092253][ T7805] -> #1 (&q->q_usage_counter(io)#18){++++}-{0:0}: [ 280.101367][ T7805] blk_alloc_queue+0x619/0x760 [ 280.106972][ T7805] blk_mq_alloc_queue+0x172/0x280 [ 280.112757][ T7805] __blk_mq_alloc_disk+0x29/0x120 [ 280.118848][ T7805] loop_add+0x490/0xb70 [ 280.123748][ T7805] loop_init+0x164/0x270 [ 280.128812][ T7805] do_one_initcall+0x120/0x6e0 [ 280.134136][ T7805] kernel_init_freeable+0x5c2/0x900 [ 280.140002][ T7805] kernel_init+0x1c/0x2b0 [ 280.144895][ T7805] ret_from_fork+0x5d7/0x6f0 [ 280.150069][ T7805] ret_from_fork_asm+0x1a/0x30 [ 280.155683][ T7805] [ 280.155683][ T7805] -> #0 (fs_reclaim){+.+.}-{0:0}: [ 280.163043][ T7805] __lock_acquire+0x126f/0x1c90 [ 280.168558][ T7805] lock_acquire+0x179/0x350 [ 280.173724][ T7805] fs_reclaim_acquire+0x102/0x150 [ 280.179858][ T7805] prepare_alloc_pages+0x162/0x610 [ 280.185639][ T7805] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 280.192544][ T7805] __alloc_pages_noprof+0xb/0x1b0 [ 280.198137][ T7805] pcpu_populate_chunk+0x110/0xb00 [ 280.203807][ T7805] pcpu_alloc_noprof+0x86a/0x1470 [ 280.209470][ T7805] bpf_map_alloc_percpu+0x9a/0x4b0 [ 280.215406][ T7805] htab_map_alloc+0x10ca/0x1570 [ 280.221494][ T7805] map_create+0x58f/0x1db0 [ 280.226836][ T7805] __sys_bpf+0x44d2/0x4de0 [ 280.232106][ T7805] __x64_sys_bpf+0x78/0xc0 [ 280.237522][ T7805] do_syscall_64+0xcd/0x490 [ 280.242950][ T7805] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 280.249528][ T7805] [ 280.249528][ T7805] other info that might help us debug this: [ 280.249528][ T7805] [ 280.261129][ T7805] Chain exists of: [ 280.261129][ T7805] fs_reclaim --> &q->elevator_lock --> pcpu_alloc_mutex [ 280.261129][ T7805] [ 280.275106][ T7805] Possible unsafe locking scenario: [ 280.275106][ T7805] [ 280.282675][ T7805] CPU0 CPU1 [ 280.288243][ T7805] ---- ---- [ 280.294191][ T7805] lock(pcpu_alloc_mutex); [ 280.298985][ T7805] lock(&q->elevator_lock); [ 280.306481][ T7805] lock(pcpu_alloc_mutex); [ 280.314068][ T7805] lock(fs_reclaim); [ 280.318745][ T7805] [ 280.318745][ T7805] *** DEADLOCK *** [ 280.318745][ T7805] [ 280.328051][ T7805] 1 lock held by syz.2.364/7805: [ 280.333184][ T7805] #0: ffffffff8e726d68 (pcpu_alloc_mutex){+.+.}-{4:4}, at: pcpu_alloc_noprof+0xb4c/0x1470 [ 280.344301][ T7805] [ 280.344301][ T7805] stack backtrace: [ 280.350495][ T7805] CPU: 0 UID: 0 PID: 7805 Comm: syz.2.364 Tainted: G U 6.16.0-syzkaller-10499-g89748acdf226 #0 PREEMPT(full) [ 280.350538][ T7805] Tainted: [U]=USER [ 280.350546][ T7805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 280.350561][ T7805] Call Trace: [ 280.350569][ T7805] [ 280.350579][ T7805] dump_stack_lvl+0x116/0x1f0 [ 280.350623][ T7805] print_circular_bug+0x275/0x350 [ 280.350658][ T7805] check_noncircular+0x14c/0x170 [ 280.350695][ T7805] __lock_acquire+0x126f/0x1c90 [ 280.350735][ T7805] lock_acquire+0x179/0x350 [ 280.350768][ T7805] ? prepare_alloc_pages+0x162/0x610 [ 280.350813][ T7805] fs_reclaim_acquire+0x102/0x150 [ 280.350851][ T7805] ? prepare_alloc_pages+0x162/0x610 [ 280.350890][ T7805] prepare_alloc_pages+0x162/0x610 [ 280.350929][ T7805] ? __pick_eevdf+0x30a/0x670 [ 280.350960][ T7805] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 280.350995][ T7805] ? tracing_record_taskinfo_sched_switch+0x54/0x400 [ 280.351038][ T7805] ? find_held_lock+0x2b/0x80 [ 280.351062][ T7805] ? try_to_wake_up+0xa25/0x1680 [ 280.351105][ T7805] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 280.351137][ T7805] ? do_raw_spin_unlock+0x172/0x230 [ 280.351178][ T7805] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 280.351220][ T7805] ? try_to_wake_up+0x157/0x1680 [ 280.351264][ T7805] ? __pfx_try_to_wake_up+0x10/0x10 [ 280.351308][ T7805] ? find_held_lock+0x2b/0x80 [ 280.351331][ T7805] ? find_held_lock+0x2b/0x80 [ 280.351360][ T7805] __alloc_pages_noprof+0xb/0x1b0 [ 280.351389][ T7805] pcpu_populate_chunk+0x110/0xb00 [ 280.351417][ T7805] ? mark_held_locks+0x49/0x80 [ 280.351450][ T7805] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 280.351486][ T7805] pcpu_alloc_noprof+0x86a/0x1470 [ 280.351523][ T7805] bpf_map_alloc_percpu+0x9a/0x4b0 [ 280.351560][ T7805] htab_map_alloc+0x10ca/0x1570 [ 280.351605][ T7805] ? ns_capable+0xd7/0x110 [ 280.351634][ T7805] map_create+0x58f/0x1db0 [ 280.351675][ T7805] ? __pfx_map_create+0x10/0x10 [ 280.351708][ T7805] ? __might_fault+0xe3/0x190 [ 280.351736][ T7805] ? __might_fault+0xe3/0x190 [ 280.351763][ T7805] ? __might_fault+0x13b/0x190 [ 280.351797][ T7805] __sys_bpf+0x44d2/0x4de0 [ 280.351837][ T7805] ? __pfx___sys_bpf+0x10/0x10 [ 280.351874][ T7805] ? iput+0x519/0x880 [ 280.351911][ T7805] ? do_futex+0x122/0x350 [ 280.351944][ T7805] ? __pfx_do_futex+0x10/0x10 [ 280.351982][ T7805] ? __sys_socket+0xac/0x260 [ 280.352011][ T7805] ? __x64_sys_openat+0x174/0x210 [ 280.352053][ T7805] ? xfd_validate_state+0x61/0x180 [ 280.352097][ T7805] __x64_sys_bpf+0x78/0xc0 [ 280.352136][ T7805] ? lockdep_hardirqs_on+0x7c/0x110 [ 280.352173][ T7805] do_syscall_64+0xcd/0x490 [ 280.352219][ T7805] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 280.352246][ T7805] RIP: 0033:0x7fb01b78eb69 [ 280.352267][ T7805] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 280.352292][ T7805] RSP: 002b:00007fb01c624038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 280.352316][ T7805] RAX: ffffffffffffffda RBX: 00007fb01b9b5fa0 RCX: 00007fb01b78eb69 [ 280.352334][ T7805] RDX: 00000000000000a3 RSI: 0000200000000780 RDI: 0000000000000000 [ 280.352350][ T7805] RBP: 00007fb01b811df1 R08: 0000000000000000 R09: 0000000000000000 [ 280.352365][ T7805] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 280.352381][ T7805] R13: 0000000000000000 R14: 00007fb01b9b5fa0 R15: 00007fff27186c58 [ 280.352405][ T7805] [ 281.409286][ T7797] Process accounting paused [ 281.598113][ T7804] caif:caif_disconnect_client(): nothing to disconnect