last executing test programs: 1m53.86921051s ago: executing program 1 (id=258): select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0xffffffffffffffff, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) 1m53.654678322s ago: executing program 1 (id=250): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) waitid$auto_P_PID(0x1, 0x0, 0x0, 0xfffffff8, &(0x7f0000000240)={{0xd60, 0x90d}, {0x5, 0x5}, 0xfffffffffffffffe, 0x9c8, 0xf51, 0x0, 0x1, 0x7, 0x1, 0x7ff, 0x2, 0x1, 0x3, 0x9, 0x200, 0x2}) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = io_uring_setup$auto(0x1, 0x0) io_uring_register$auto_IORING_UNREGISTER_PERSONALITY(r0, 0xa, &(0x7f0000000180), 0x6) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x103400, 0x0) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000001c00)=""/4104, 0x1008) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto(0xffffffffffffffff, 0x80045515, 0x1) r2 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$auto_OVS_FLOW_CMD_GET(0xffffffffffffffff, &(0x7f0000001300)={0x0, 0x0, &(0x7f00000012c0)={&(0x7f0000000080)=ANY=[@ANYBLOB, @ANYRES16=r2, @ANYBLOB="0103541870000a000400"/26], 0x20}, 0x1, 0x0, 0x0, 0x4080}, 0x4004050) close_range$auto(0x2, 0x8, 0x0) r3 = socket(0x2, 0x1, 0x0) sendmmsg$auto(r3, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, 0x0, 0xc0) mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000) r4 = openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/usb/usbmon/9t\x00', 0x0, 0x0) readv$auto(0x3, &(0x7f00000002c0)={0x0, 0x1}, 0x7) read$auto_mon_fops_text_t_mon_text(r4, 0x0, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/009/001\x00', 0x101600, 0x0) 1m52.943856053s ago: executing program 1 (id=254): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) waitid$auto_P_PID(0x1, 0x0, 0x0, 0xfffffff8, &(0x7f0000000240)={{0xd60, 0x90d}, {0x5, 0x5}, 0xfffffffffffffffe, 0x9c8, 0xf51, 0x0, 0x1, 0x7, 0x1, 0x7ff, 0x2, 0x1, 0x3, 0x9, 0x200, 0x2}) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = io_uring_setup$auto(0x1, 0x0) io_uring_register$auto_IORING_UNREGISTER_PERSONALITY(r0, 0xa, &(0x7f0000000180), 0x6) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x103400, 0x0) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000001c00)=""/4104, 0x1008) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto(0xffffffffffffffff, 0x80045515, 0x1) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000380), 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x1, 0x0) openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/usb/usbmon/9t\x00', 0x0, 0x0) readv$auto(0x3, &(0x7f00000002c0)={0x0, 0x1}, 0x7) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/009/001\x00', 0x101600, 0x0) 1m52.064748023s ago: executing program 1 (id=264): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x29, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) r0 = open(&(0x7f0000000080)='./file0\x00', 0xeee00, 0x31) write$auto(0x3, 0x0, 0x100082) lseek$auto(r0, 0xc, 0x4) close_range$auto(0x2, 0x8, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) preadv$auto(0xffffffffffffffff, 0x0, 0x8, 0x6, 0x5) mmap$auto(0x0, 0x2020009, 0x7, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) openat$auto_cpu_latency_qos_fops_qos(0xffffffffffffff9c, &(0x7f0000000100), 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) r1 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r2}, 0x6a) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'vcan0\x00', 0x0}) connect$auto(0x3, &(0x7f00000000c0)=@can={0x1d, r3}, 0x18) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0xc) 1m51.442374476s ago: executing program 1 (id=259): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) munmap$auto(0xfffffffffffff34b, 0x8592) write$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000040)="bdcda609d0dd307ad1", 0x9) socket(0x25, 0x805, 0x3) r0 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000080), 0x2000, 0x0) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/pcmC0D0p\x00', 0x0, 0x0) mmap$auto(0x0, 0x3, 0x3, 0xeb1, 0x7, 0x8000) r2 = socket(0x10, 0x3, 0x0) syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$auto_CTRL_CMD_GETPOLICY(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x22044080) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0xffffffffffffffff, 0x3, 0x62, 0x80000001, 0x4, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0xe0, 0x968b, 0x100, 0x15f4da07, 0x3, 0x3, 0x200000000fff, 0x8002001f, 0x1, 0x80080000002, 0x7, 0x2, 0x8]}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_tipcv2(0x0, 0xffffffffffffffff) sendmsg$auto_TIPC_NL_MON_GET(r3, 0x0, 0x8080) shutdown$auto(0x200000003, 0x2) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) 1m50.171885561s ago: executing program 1 (id=262): r0 = openat$auto_set_tracer_fops_trace(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/debug/tracing/current_tracer\x00', 0x1b43, 0x0) poll$auto(&(0x7f00000002c0)={r0, 0x8000, 0x3}, 0x4, 0xfff) r1 = openat$auto_generic(0xffffffffffffff9c, &(0x7f00000032c0)='/proc/kmsg\x00', 0x80002, 0x0) poll$auto(&(0x7f0000000040)={r1, 0x1000, 0x1c9}, 0x2, 0x7) unshare$auto(0x40000080) r2 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) pread64$auto(r2, &(0x7f0000000040)='\x00\x00\x00\x88\xde\x90\a\'\x9bM\xa0\x848\xbbz(\xe9\x05<\x82\xfe\xe2\xf6 \x0f8\xfb\xa7\xb4\xa0\x9e\xcb\xec\x9e{W\xed>\xe7l\xcb\x90\\/\x84\x99!*\xe3\x99}x\xd4\xa5D\xfa\xe5\xf9od^\xa6', 0x7ff, 0x400) r3 = open(&(0x7f0000000040)='./file0\x00', 0x4242, 0x40) flock$auto(r3, 0x2) flock$auto(r3, 0x2) sendmsg$auto_NL802154_CMD_DEL_SEC_DEV(r3, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00012bbd7000fddbdf251b00000005001200080000000500250009000000"], 0x24}, 0x1, 0x0, 0x0, 0x80}, 0xc011) sendmsg$auto_NLBL_CIPSOV4_C_LIST(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, 0x0, 0x100, 0x70bd28, 0x25dfdbfb, {}, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x3fc}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000810}, 0x24000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r4 = socket(0xa, 0x3, 0x4) getsockopt$auto(r4, 0xff, 0xb, 0x0, 0x0) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) unshare$auto(0x40000080) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_EEE_GET(r5, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f00000007c0)={0x2c, r6, 0x1, 0x70bd2a, 0x25dfdbfd, {}, [@ETHTOOL_A_EEE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vxcan1\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x804}, 0x400c850) open(0x0, 0x22240, 0x55) write$auto(0xca, &(0x7f0000000040)='\x04>\x01\r\a\x00\xf6OL\xc8\xbe\x94\xf2\xa2\x00\x00', 0x2d9) 1m34.986352532s ago: executing program 32 (id=262): r0 = openat$auto_set_tracer_fops_trace(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/debug/tracing/current_tracer\x00', 0x1b43, 0x0) poll$auto(&(0x7f00000002c0)={r0, 0x8000, 0x3}, 0x4, 0xfff) r1 = openat$auto_generic(0xffffffffffffff9c, &(0x7f00000032c0)='/proc/kmsg\x00', 0x80002, 0x0) poll$auto(&(0x7f0000000040)={r1, 0x1000, 0x1c9}, 0x2, 0x7) unshare$auto(0x40000080) r2 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) pread64$auto(r2, &(0x7f0000000040)='\x00\x00\x00\x88\xde\x90\a\'\x9bM\xa0\x848\xbbz(\xe9\x05<\x82\xfe\xe2\xf6 \x0f8\xfb\xa7\xb4\xa0\x9e\xcb\xec\x9e{W\xed>\xe7l\xcb\x90\\/\x84\x99!*\xe3\x99}x\xd4\xa5D\xfa\xe5\xf9od^\xa6', 0x7ff, 0x400) r3 = open(&(0x7f0000000040)='./file0\x00', 0x4242, 0x40) flock$auto(r3, 0x2) flock$auto(r3, 0x2) sendmsg$auto_NL802154_CMD_DEL_SEC_DEV(r3, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00012bbd7000fddbdf251b00000005001200080000000500250009000000"], 0x24}, 0x1, 0x0, 0x0, 0x80}, 0xc011) sendmsg$auto_NLBL_CIPSOV4_C_LIST(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, 0x0, 0x100, 0x70bd28, 0x25dfdbfb, {}, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x3fc}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000810}, 0x24000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r4 = socket(0xa, 0x3, 0x4) getsockopt$auto(r4, 0xff, 0xb, 0x0, 0x0) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) unshare$auto(0x40000080) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_EEE_GET(r5, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f00000007c0)={0x2c, r6, 0x1, 0x70bd2a, 0x25dfdbfd, {}, [@ETHTOOL_A_EEE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vxcan1\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x804}, 0x400c850) open(0x0, 0x22240, 0x55) write$auto(0xca, &(0x7f0000000040)='\x04>\x01\r\a\x00\xf6OL\xc8\xbe\x94\xf2\xa2\x00\x00', 0x2d9) 15.031081734s ago: executing program 0 (id=457): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x29, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) r0 = open(&(0x7f0000000080)='./file0\x00', 0xeee00, 0x31) write$auto(0x3, 0x0, 0x100082) lseek$auto(r0, 0xc, 0x4) close_range$auto(0x2, 0x8, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) mmap$auto(0x0, 0x2020009, 0x7, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) openat$auto_cpu_latency_qos_fops_qos(0xffffffffffffff9c, &(0x7f0000000100), 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) r1 = socket(0x1d, 0x2, 0x7) r2 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r3}, 0x6a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'vcan0\x00', 0x0}) connect$auto(0x3, &(0x7f00000000c0)=@can={0x1d, r4}, 0x18) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0xc) 13.657102812s ago: executing program 0 (id=459): open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) rseq$auto(0x0, 0x7ffd, 0xfffffff4, 0x6) open(0x0, 0xeee00, 0x31) mmap$auto(0x0, 0x5, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) open(0x0, 0x1e1481, 0x4c) prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0) rt_sigtimedwait$auto(&(0x7f0000000000)={0x86e}, 0x0, 0x0, 0x8) tkill$auto(0x0, 0x7) write$auto(0x3, 0x0, 0x85f) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) mmap$auto(0x0, 0xc, 0xbc5, 0x13, 0x3, 0x8000) lseek$auto(0x3, 0x7fffffffffffffff, 0x1) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) clone$auto(0x4, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x100000000006) writev$auto(0x1, &(0x7f0000000100)={0x0, 0x400000000000fdef}, 0x1) socket(0x5, 0x2, 0x73) mlockall$auto(0x7) rseq$auto(0x0, 0x4, 0x0, 0x4) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/vm/min_free_kbytes\x00', 0x202, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x40) pwrite64$auto(r0, &(0x7f0000000000)='/proc/sys/user/max_fanotify_groups\x00', 0x8, 0xf) open(&(0x7f0000000000)='./file0\x00', 0x40440, 0x40) 11.912255136s ago: executing program 2 (id=460): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff) sendmsg$auto_NBD_CMD_CONNECT(r0, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f00000001c0)={0x28, r1, 0x1, 0x703d25, 0x25dfdbfd, {}, [@NBD_ATTR_SOCKETS={0x8, 0x7, 0x0, 0x1, [@nested={0x4, 0x1}]}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x6}]}, 0x28}, 0x1, 0x0, 0x0, 0x4}, 0x8880) mmap$auto(0x8d, 0x20009, 0x4000000000df, 0x11, 0x401, 0x7ff) brk$auto(0x7fffffffafff) mmap$auto(0x7fff, 0x400008, 0xda, 0x9b72, 0x2, 0x480000000008001) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/kvm/mmu_pde_zapped\x00', 0x2100, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) write$auto(0x3, 0x0, 0xfffffdef) mmap$auto(0x0, 0x400020009, 0x10000000000df, 0x13, 0x8000000401, 0x7fffffffffffffff) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) fstat$auto(r3, &(0x7f0000000100)={0x4, 0x1a0000000000, 0x7f, 0x77d508f7, 0xee01, 0xee01, 0x0, 0x8, 0xa6ee, 0x8, 0x100000000, 0x7, 0x7fffffff, 0x10, 0x9, 0x4, 0xd}) semctl$auto_SETALL(0x2, 0x6, 0x11, 0xb1c) socket(0x15, 0x5, 0x0) r4 = openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/dri/vkms/state\x00', 0x2, 0x0) read$auto_drm_debugfs_entry_fops_drm_debugfs(r4, &(0x7f0000000240)=""/155, 0x9b) 11.912119363s ago: executing program 3 (id=461): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x2, 0x1, 0x0, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f0, 0x15) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio1\x00', 0x20b42, 0x0) mmap$auto(0x8, 0x9, 0x1, 0xeb3, 0xfffefffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/graphics/fbcon/cursor_blink\x00', 0x0, 0x0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x149443, 0x14) fcntl$auto(r1, 0x409, 0x40003f) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000100)=""/192, 0xc0) write$auto(0x3, 0x0, 0x100082) 11.909401775s ago: executing program 4 (id=468): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000340)='/dev/v4l-subdev2\x00', 0x80000, 0x0) ioctl$auto(0x3, 0xc038563c, 0x38) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket(0x6, 0x2, 0x80000000) sendmmsg$auto(0x3, 0x0, 0x2000004, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) set_mempolicy$auto(0x4006, &(0x7f0000000000)=0xa, 0x7) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) io_uring_setup$auto(0xfff, 0x0) kexec_load$auto(0x5, 0x2, &(0x7f0000000040)={@kbuf=0x0, 0x2aa7, 0x6c0000c000, 0xc000}, 0x4) r1 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r1, 0xaf01, 0x5) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2002, 0x6, 0x7, 0x4, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c4b, 0x29f, 0x100, 0x7f, 0x101, 0x6, 0x2}, {0xfd, 0x1, 0x52, 0x5, 0x1, 0x40, 0x2, 0x8, 0x100000000}}) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000002480)='/dev/midi2\x00', 0x2841, 0x0) writev$auto(0x4, &(0x7f0000000080)={&(0x7f0000000040), 0x8}, 0x5) ioctl$auto(r1, 0x5, r1) r2 = syz_genetlink_get_family_id$auto_nfc(&(0x7f0000000100), r0) sendmsg$auto_NFC_CMD_DEP_LINK_DOWN(r0, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000240)={&(0x7f0000000140)={0x94, r2, 0x0, 0x70bd25, 0x25dfdbfd, {}, [@NFC_ATTR_VENDOR_DATA={0x80, 0x1f, "68fe21f934abcbdf4013c805d3d440b8ca22986ccb1dca83fdeb92440c1d3272253f99543f76a910097118f4b89eea3f46e894dd71e86f3ae61389da6d4878c83e183e730bb894f2f194a3136660ec0191ba1f04eeea0b9900a52c66e4a28c83913571a8379fec5997f4dad68b223039f88e917aae28481c4e92045b"}]}, 0x94}, 0x1, 0x0, 0x0, 0x801}, 0x0) ioctl$auto(r1, 0x4004af07, 0xffffffffffffffff) 11.904411353s ago: executing program 0 (id=462): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x2, 0x1, 0x0, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f0, 0x15) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio1\x00', 0x20b42, 0x0) mmap$auto(0x8, 0x9, 0x1, 0xeb3, 0xfffefffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/graphics/fbcon/cursor_blink\x00', 0x0, 0x0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x149443, 0x14) fcntl$auto(r1, 0x409, 0x40003f) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000100)=""/192, 0xc0) write$auto(0x3, 0x0, 0x100082) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, 0x0, 0x8080) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x7, 0x4008) acct$auto(0x0) 10.539835658s ago: executing program 4 (id=463): close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x22, 0x2, 0x2) sendmsg$auto_TIPC_NL_PEER_REMOVE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x40000}, 0x40) socket$nl_generic(0x10, 0x3, 0x10) socket(0x28, 0x801, 0x0) connect$auto(0x3, 0x0, 0x51) listen$auto(0x3, 0x83) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0) openat$auto_ep0_operations_inode(0xffffffffffffff9c, &(0x7f0000000000), 0x8a001, 0x0) write$auto(0x3, 0x0, 0x81) r1 = openat$auto_proc_setgroups_operations_base(0xffffffffffffff9c, &(0x7f0000003540)='/proc/thread-self/setgroups\x00', 0x2, 0x0) writev$auto(r1, 0x0, 0x8) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = socket(0xa, 0x5, 0x3ff) io_cancel$auto(0xb, &(0x7f0000000040)={0x7, 0x5, 0xffffffff, 0x6, 0x3, r3, 0x6, 0x4, 0x0, 0x0, 0x0, r0}, 0x0) r4 = socket(0x10, 0x3, 0x0) syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$auto_NETDEV_CMD_QUEUE_GET(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x801}, 0x4000000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x1, 0x0) setsockopt$auto(0x3, 0x0, 0x18, 0x0, 0x9) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x6, 0x15f4da07, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) 9.470959147s ago: executing program 4 (id=464): mmap$auto(0x0, 0x2000009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x1, 0x106) r1 = open(0x0, 0x111280, 0x18) socket(0x2, 0x1, 0x0) shutdown$auto(0x200000003, 0x2) r2 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x40, 0x0) read$auto_proc_iter_file_ops_compat_inode(r2, &(0x7f0000000180)=""/286, 0x11e) mmap$auto(0x0, 0x8, 0x80000000000000df, 0x10004000eb1, 0x8, 0x8000008000) r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/adsp1\x00', 0x20342, 0x0) openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/block/mtdblock0/sched/read0_fifo_list\x00', 0x0, 0x0) lseek$auto(r1, 0x7fffffffffffffff, 0x1) ioctl$auto_SOUND_MIXER_READ_DEVMASK2(r3, 0x80044dfe, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) listen$auto(0x3, 0x3) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) getrandom$auto(0x0, 0x6000000, 0x3) r4 = socket(0x15, 0x1, 0x0) setsockopt$auto(r4, 0x114, 0x1d, 0x0, 0x4) 9.470726007s ago: executing program 2 (id=465): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) nanosleep$auto(&(0x7f0000000180)={0x0, 0x44d4}, 0x0) getpid() clock_nanosleep$auto(0x9, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0x10001, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x1000, 0x62, 0x4000008000001f, 0x7, 0x6d3e, 0x5, 0x2, 0x2]}, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) socket(0xa, 0x2, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) 8.493655392s ago: executing program 3 (id=466): readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) 8.184781306s ago: executing program 0 (id=467): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000062c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bond_slave_0\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_LINKMODES_GET(r0, &(0x7f00000000c0)={0xfffffffffffffffd, 0x0, &(0x7f0000006340)={&(0x7f0000000100)={0x28, r1, 0x38f, 0x70bd29, 0x25dfdbfb, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x4044040}, 0x4000) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_CT_LIMIT_CMD_SET(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000006400)={0x2e20, 0x0, 0x1, 0x51bd2e, 0x25dfcbfb, {}, [@OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0x4}, @OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0x2e07}]}, 0x2e20}, 0x1, 0x0, 0x0, 0x2000c040}, 0x4) r4 = socket(0x2c, 0x3, 0x0) getsockopt$auto_SO_DEBUG(r4, 0x4, 0x1, 0x0, 0x0) openat$auto_dvb_dvr_fops_dmxdev(0xffffffffffffff9c, 0x0, 0x42a120, 0x0) r5 = getpid() process_vm_readv$auto(r5, &(0x7f0000000000)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={&(0x7f0000000140), 0x40000000001243}, 0xa, 0x0) ioctl$auto_SNDCTL_DSP_GETODELAY(0xffffffffffffffff, 0x80045017, &(0x7f0000000c00)) madvise$auto(0x0, 0x2000040080000004, 0xe) r6 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r6, &(0x7f0000000040)='//\xf2\x00', 0x80000000) getsockopt$auto_SO_RCVPRIORITY(0xffffffffffffffff, 0x2, 0x52, 0x0, &(0x7f0000000240)=0x7) r7 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r7, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) syz_clone(0x4040400, 0x0, 0x0, 0x0, 0x0, 0x0) readv$auto(0x3, 0x0, 0x1) 8.184007265s ago: executing program 3 (id=469): open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) rseq$auto(0x0, 0x7ffd, 0xfffffff4, 0x6) open(0x0, 0xeee00, 0x31) mmap$auto(0x0, 0x5, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) open(0x0, 0x1e1481, 0x4c) prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0) rt_sigtimedwait$auto(&(0x7f0000000000)={0x86e}, 0x0, 0x0, 0x8) tkill$auto(0x0, 0x7) write$auto(0x3, 0x0, 0x85f) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) mmap$auto(0x0, 0xc, 0xbc5, 0x13, 0x3, 0x8000) lseek$auto(0x3, 0x7fffffffffffffff, 0x1) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) clone$auto(0x4, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x100000000006) writev$auto(0x1, &(0x7f0000000100)={0x0, 0x400000000000fdef}, 0x1) socket(0x5, 0x2, 0x73) mlockall$auto(0x7) rseq$auto(0x0, 0x4, 0x0, 0x4) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/vm/min_free_kbytes\x00', 0x202, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x40) pwrite64$auto(r0, &(0x7f0000000000)='/proc/sys/user/max_fanotify_groups\x00', 0x8, 0xf) open(&(0x7f0000000000)='./file0\x00', 0x40440, 0x40) 7.470679522s ago: executing program 2 (id=470): madvise$auto(0x0, 0xffffffffffff0001, 0x15) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000200)='/dev/tty53\x00', 0x200, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snd/midiC2D0\x00', 0x109302, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x0, 0x0) select$auto(0x7, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x0, 0x1, 0x2, 0x3, 0x95f4da0a, 0xefffffffffffffff, 0x3, 0x62, 0x80000001, 0x10000000000004, 0x6d40, 0x1, 0x2, 0xfffffffffffffffe]}, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2b, 0x1, 0x1) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0xf87f, 0x400108, 0xdf, 0x9b72, 0x2, 0x8000) ioctl$auto_USBDEVFS_DISCSIGNAL(0xffffffffffffffff, 0x8010550e, &(0x7f0000000040)={0x6, 0x0}) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, 0x0, 0x4) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) r1 = socket(0x2, 0x1, 0x84) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) setsockopt$auto(r1, 0x10000000084, 0x19, 0x0, 0x8) madvise$auto(0x0, 0xffffffffffff0005, 0x19) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) 7.365860474s ago: executing program 4 (id=471): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/pcm0p/oss\x00', 0xaa102, 0x0) write$auto(r0, 0x0, 0x7ef) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82040, 0x0) socket(0xa, 0x1, 0x100) r1 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) pread64$auto(r1, 0x0, 0x7ff, 0x400) socket(0x2, 0x1, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x12, 0x0, 0x0, &(0x7f0000000240)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x400000000000948f, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x3, 0x1, 0x9, 0x1]}, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/kernel/kexec_load_disabled\x00', 0x202, 0x0) mmap$auto(0xc, 0x20009, 0x5, 0xeb1, 0x405, 0x8000) unshare$auto(0x40000080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0004, 0x19) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0xa, 0xb5, 0x10, 0x4, 0x4, 0xffffffffffffffff, 0xa, "2af051a940806ec05be276cfc83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0x7, 0xe5, 0x3}, 0x10) bpf$auto(0x1a, &(0x7f0000000380)=@link_create={@map_fd, @target_ifindex=r3, 0x3, 0x81, @uprobe_multi={0x81, 0x1ff, 0x3d7e, 0x0, 0x1, 0x4}}, 0x92) 6.037035115s ago: executing program 3 (id=472): mmap$auto(0x0, 0x400008, 0x3, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) read$auto_usbdev_file_operations_usb(0xffffffffffffffff, &(0x7f0000000040)=""/229, 0xe5) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/pcm0p/oss\x00', 0xaa102, 0x0) write$auto(r0, 0x0, 0x7ef) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x82040, 0x0) ioperm$auto(0x7, 0x800, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) r1 = socket(0x1e, 0x1, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x7, 0x0, 0x0, 0x0, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0x0, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0xa, 0x100, 0x1, 0x948d, 0x6, 0x15f4da0a, 0x4000000003, 0x3, 0x33c, 0x6, 0x20000007, 0x6d3e, 0x9, 0x2, 0x3]}, 0x0) ioctl$auto(r1, 0x400454cb, 0x5) mmap$auto(0xc, 0x20009, 0x5, 0x14, 0xffffffffffffffff, 0x0) unshare$auto(0x40000080) madvise$auto(0x0, 0x200007, 0x19) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x50b41, 0x0) msync$auto(0xe4, 0x180000000000000, 0x400000004) close_range$auto(0x0, 0xfffffffffffff000, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0xa, 0xb9, 0x10, 0x4, 0x4, 0xffffffffffffffff, 0xffff34e6, "2af051b26b658a20d8dc6b36c83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0x40000007, 0xffffffff, 0x6}, 0xf) bpf$auto(0x1a, &(0x7f0000000380)=@link_create={@map_fd, @target_ifindex=r3, 0x3, 0x81, @uprobe_multi={0x81, 0x1ff, 0x3d7e, 0x0, 0x1, 0x4}}, 0x92) 5.177603085s ago: executing program 2 (id=473): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff) sendmsg$auto_NBD_CMD_CONNECT(r0, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f00000001c0)={0x28, r1, 0x1, 0x703d25, 0x25dfdbfd, {}, [@NBD_ATTR_SOCKETS={0x8, 0x7, 0x0, 0x1, [@nested={0x4, 0x1}]}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x6}]}, 0x28}, 0x1, 0x0, 0x0, 0x4}, 0x8880) mmap$auto(0x8d, 0x20009, 0x4000000000df, 0x11, 0x401, 0x7ff) brk$auto(0x7fffffffafff) mmap$auto(0x7fff, 0x400008, 0xda, 0x9b72, 0x2, 0x480000000008001) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/kvm/mmu_pde_zapped\x00', 0x2100, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) write$auto(0x3, 0x0, 0xfffffdef) mmap$auto(0x0, 0x400020009, 0x10000000000df, 0x13, 0x8000000401, 0x7fffffffffffffff) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) fstat$auto(r3, &(0x7f0000000100)={0x4, 0x1a0000000000, 0x7f, 0x77d508f7, 0xee01, 0xee01, 0x0, 0x8, 0xa6ee, 0x8, 0x100000000, 0x7, 0x7fffffff, 0x10, 0x9, 0x4, 0xd}) semctl$auto_SETALL(0x2, 0x6, 0x11, 0xb1c) socket(0x15, 0x5, 0x0) r4 = openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/dri/vkms/state\x00', 0x2, 0x0) read$auto_drm_debugfs_entry_fops_drm_debugfs(r4, &(0x7f0000000240)=""/155, 0x9b) 3.033659193s ago: executing program 3 (id=474): mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) mbind$auto(0x0, 0x800605, 0x8003, &(0x7f0000000100)=0xffff, 0x3, 0x3) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socket(0x2, 0x2, 0x0) socket(0xa, 0x5, 0x0) getsockopt$auto(0xffffffffffffffff, 0x6, 0x7, 0x0, &(0x7f00000001c0)=0x7140) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) socket(0x1e, 0x1, 0x0) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event0\x00', 0x2000, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) fcntl$auto_F_ADD_SEALS(r0, 0x409, 0x4ce1) select$auto(0x11, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd5, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) r1 = socket(0x2b, 0x1, 0x1) getsockopt$auto(r1, 0x40000000029, 0x1, 0xfffffffffffffffe, 0x0) getdents64$auto(0x2, 0xfffffffffffffffe, 0x1) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x20000, 0x0) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/ip6_vti0/stable_secret\x00', 0x2, 0x0) pwrite64$auto(r2, &(0x7f0000000040)='.\'*&\x04!\x00', 0x1, 0x8) 3.032831328s ago: executing program 0 (id=482): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x29, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) r0 = open(&(0x7f0000000080)='./file0\x00', 0xeee00, 0x31) write$auto(0x3, 0x0, 0x100082) lseek$auto(r0, 0xc, 0x4) close_range$auto(0x2, 0x8, 0x0) preadv$auto(0xffffffffffffffff, 0x0, 0x8, 0x6, 0x5) mmap$auto(0x0, 0x2020009, 0x7, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) openat$auto_cpu_latency_qos_fops_qos(0xffffffffffffff9c, &(0x7f0000000100), 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) r1 = socket(0x1d, 0x2, 0x7) r2 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r3}, 0x6a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'vcan0\x00', 0x0}) connect$auto(0x3, &(0x7f00000000c0)=@can={0x1d, r4}, 0x18) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0xc) 3.029015193s ago: executing program 4 (id=483): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x1, 0x20009, 0x8, 0xeb1, 0x7f, 0x8000) rseq$auto(0x0, 0xfffffff5, 0x0, 0x5) sysfs$auto(0x2, 0x10000000000002a, 0x0) mmap$auto(0x0, 0x40009, 0x7, 0x9b72, 0x7, 0x28000) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) sendto$auto(0x3, 0x0, 0x2000f, 0x0, 0x0, 0x1c) sendmsg$auto_NL802154_CMD_DEL_SEC_LEVEL(0xffffffffffffffff, 0x0, 0x8000800) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) r0 = openat$auto_ftrace_system_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f0000001580)='/sys/kernel/debug/tracing/events/vmalloc/enable\x00', 0x204, 0x1a00) read$auto(r0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) listmount$auto(&(0x7f0000000100)={0xba, @raw, 0xffffffffffffffff, 0xfffffffffffffff7}, 0x0, 0xf4240, 0x1) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x60040, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x15) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x20000044) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYRESDEC=r1, @ANYBLOB="1000afa4a91b09c0d5dacdf7a6199fbf87765bfcbd8d2b"], 0x1ac}, 0x1, 0x0, 0x0, 0x22004840}, 0x4001) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 2.382212447s ago: executing program 2 (id=475): openat$auto_ptdump_fops_(0xffffffffffffff9c, &(0x7f0000000240), 0x2000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x106) bind$auto(0x3, &(0x7f0000000040)=@sco={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@nl=@kern={0x10, 0x0, 0x0, 0x800000}, 0x54) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x109001, 0x0) socket(0xa, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nbd8\x00', 0x0, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) semctl$auto(0x8, 0x806, 0x13, 0x46) getsockopt$auto(r0, 0xff, 0x90, &(0x7f0000000100)='\xaa\xaa\xaa\xaa\xaa', &(0x7f0000000140)=0x3) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da07, 0x3, 0x3, 0x62, 0x8000001f, 0x40007, 0x6d3e, 0x9, 0x2, 0x8]}, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0xa, 0x0) getsockopt$auto_SO_BROADCAST(0xffffffffffffffff, 0xf7f, 0x6, 0x0, &(0x7f0000000180)) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000000c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) close_range$auto(0x2, 0x8, 0x0) 1.512855ms ago: executing program 2 (id=476): sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x6, &(0x7f0000000000)={0x0, 0xfc6}, 0x6, 0x0, 0x7, 0xa505}, 0x800}, 0x80000000, 0x4008) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$auto(0xc8, 0x800454d7, 0x5c8d) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x20) writev$auto(r0, &(0x7f0000000200)={0x0, 0x7}, 0x3) unshare$auto(0x40000080) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/orangefs/perf_history_size\x00', 0x1182, 0x0) mmap$auto(0x0, 0x4, 0xc00000072, 0x8b72, 0x1000000002, 0x8000) io_uring_setup$auto(0x86, 0x0) prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0x6) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x120e2, 0x0) write$auto(r3, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$auto_CTRL_CMD_GETPOLICY(r4, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x30000881}, 0xc040810) write$auto(r3, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) madvise$auto(0x0, 0xffffffffffff0001, 0x15) 1.259204ms ago: executing program 3 (id=477): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x2, 0x1, 0x0, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f0, 0x15) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio1\x00', 0x20b42, 0x0) mmap$auto(0x8, 0x9, 0x1, 0xeb3, 0xfffefffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/graphics/fbcon/cursor_blink\x00', 0x0, 0x0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x149443, 0x14) fcntl$auto(r1, 0x409, 0x40003f) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000100)=""/192, 0xc0) write$auto(0x3, 0x0, 0x100082) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, 0x0, 0x8080) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x7, 0x4008) acct$auto(0x0) 435.979µs ago: executing program 0 (id=478): readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) 0s ago: executing program 4 (id=487): mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) mbind$auto(0x0, 0x800605, 0x8003, &(0x7f0000000100)=0xffff, 0x3, 0x3) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socket(0x2, 0x2, 0x0) socket(0xa, 0x5, 0x0) getsockopt$auto(0xffffffffffffffff, 0x6, 0x7, 0x0, &(0x7f00000001c0)=0x7140) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) socket(0x1e, 0x1, 0x0) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event0\x00', 0x2000, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) fcntl$auto_F_ADD_SEALS(r0, 0x409, 0x4ce1) select$auto(0x11, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd5, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) r1 = socket(0x2b, 0x1, 0x1) getsockopt$auto(r1, 0x40000000029, 0x1, 0xfffffffffffffffe, 0x0) getdents64$auto(0x2, 0xfffffffffffffffe, 0x1) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x20000, 0x0) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/ip6_vti0/stable_secret\x00', 0x2, 0x0) pwrite64$auto(r2, &(0x7f0000000040)='.\'*&\x04!\x00', 0x1, 0x8) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.118' (ED25519) to the list of known hosts. [ 88.941546][ T5818] cgroup: Unknown subsys name 'net' [ 89.095202][ T5818] cgroup: Unknown subsys name 'cpuset' [ 89.104874][ T5818] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 91.093634][ T5818] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 93.357905][ T5841] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 93.366998][ T5841] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 93.374907][ T5841] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 93.383328][ T5841] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 93.391353][ T5841] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 93.400735][ T5838] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 93.433789][ T5838] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 93.448820][ T5843] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 93.471923][ T5838] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 93.480059][ T5838] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 93.480708][ T5843] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 93.492129][ T5838] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 93.499650][ T5844] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 93.510391][ T5838] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 93.511221][ T5843] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 93.519284][ T5838] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 93.532982][ T5838] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 93.540719][ T5838] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 93.554432][ T5838] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 93.562534][ T5838] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 93.976774][ T5831] chnl_net:caif_netlink_parms(): no params data found [ 94.183440][ T5829] chnl_net:caif_netlink_parms(): no params data found [ 94.264722][ T5828] chnl_net:caif_netlink_parms(): no params data found [ 94.288356][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.296170][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.303905][ T5831] bridge_slave_0: entered allmulticast mode [ 94.311299][ T5831] bridge_slave_0: entered promiscuous mode [ 94.351472][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.358691][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.365973][ T5831] bridge_slave_1: entered allmulticast mode [ 94.373378][ T5831] bridge_slave_1: entered promiscuous mode [ 94.380594][ T5830] chnl_net:caif_netlink_parms(): no params data found [ 94.458268][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.506831][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 94.583714][ T5829] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.593445][ T5829] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.600612][ T5829] bridge_slave_0: entered allmulticast mode [ 94.608425][ T5829] bridge_slave_0: entered promiscuous mode [ 94.649155][ T5828] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.656611][ T5828] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.664090][ T5828] bridge_slave_0: entered allmulticast mode [ 94.672046][ T5828] bridge_slave_0: entered promiscuous mode [ 94.679171][ T5829] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.686400][ T5829] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.695850][ T5829] bridge_slave_1: entered allmulticast mode [ 94.703150][ T5829] bridge_slave_1: entered promiscuous mode [ 94.713948][ T5831] team0: Port device team_slave_0 added [ 94.745547][ T5828] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.752994][ T5828] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.760176][ T5828] bridge_slave_1: entered allmulticast mode [ 94.767675][ T5828] bridge_slave_1: entered promiscuous mode [ 94.803963][ T5831] team0: Port device team_slave_1 added [ 94.813033][ T5829] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.824915][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.832148][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.839857][ T5830] bridge_slave_0: entered allmulticast mode [ 94.847694][ T5830] bridge_slave_0: entered promiscuous mode [ 94.871787][ T5829] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 94.893267][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.900430][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.908531][ T5830] bridge_slave_1: entered allmulticast mode [ 94.916232][ T5830] bridge_slave_1: entered promiscuous mode [ 94.951646][ T5828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.018861][ T5828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.030300][ T5829] team0: Port device team_slave_0 added [ 95.040058][ T5829] team0: Port device team_slave_1 added [ 95.047156][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.054578][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.082306][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.096830][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.144680][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.157644][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.184369][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 95.197812][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.210358][ T5828] team0: Port device team_slave_0 added [ 95.221165][ T5828] team0: Port device team_slave_1 added [ 95.274263][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.281683][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.307677][ T5829] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.349263][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.358262][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.385319][ T5829] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 95.408062][ T5830] team0: Port device team_slave_0 added [ 95.414963][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.422318][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.448641][ T5828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.471946][ T5838] Bluetooth: hci1: command tx timeout [ 95.497849][ T5830] team0: Port device team_slave_1 added [ 95.520023][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.527474][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.554273][ T5838] Bluetooth: hci0: command tx timeout [ 95.560150][ T5828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 95.590249][ T5831] hsr_slave_0: entered promiscuous mode [ 95.596781][ T5831] hsr_slave_1: entered promiscuous mode [ 95.625285][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.632339][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.650903][ T5838] Bluetooth: hci2: command tx timeout [ 95.658663][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.666858][ T5837] Bluetooth: hci3: command tx timeout [ 95.696334][ T5829] hsr_slave_0: entered promiscuous mode [ 95.703360][ T5829] hsr_slave_1: entered promiscuous mode [ 95.709396][ T5829] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 95.717882][ T5829] Cannot create hsr debugfs directory [ 95.724790][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.732208][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.758581][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 95.857749][ T5828] hsr_slave_0: entered promiscuous mode [ 95.865516][ T5828] hsr_slave_1: entered promiscuous mode [ 95.872134][ T5828] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 95.880260][ T5828] Cannot create hsr debugfs directory [ 95.950031][ T5830] hsr_slave_0: entered promiscuous mode [ 95.958220][ T5830] hsr_slave_1: entered promiscuous mode [ 95.964585][ T5830] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 95.972639][ T5830] Cannot create hsr debugfs directory [ 96.409580][ T5829] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 96.437712][ T5829] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 96.456329][ T5829] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 96.475144][ T5829] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 96.517300][ T5831] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 96.544967][ T5831] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 96.567185][ T5831] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 96.590606][ T5831] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 96.640614][ T5828] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 96.654335][ T5828] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 96.674685][ T5828] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 96.718240][ T5828] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 96.803448][ T5830] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 96.815070][ T5830] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 96.834680][ T5830] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 96.864740][ T5830] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 97.015232][ T5829] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.047407][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.087546][ T5829] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.117270][ T5828] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.130220][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.137543][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.158186][ T5831] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.189971][ T3511] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.197195][ T3511] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.210036][ T3511] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.217282][ T3511] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.250026][ T5828] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.285313][ T196] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.292535][ T196] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.303896][ T196] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.311115][ T196] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.325315][ T1208] cfg80211: failed to load regulatory.db [ 97.330336][ T196] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.338270][ T196] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.396204][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.478164][ T5830] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.532485][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.539801][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.551384][ T5837] Bluetooth: hci1: command tx timeout [ 97.558497][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.565767][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.633183][ T5837] Bluetooth: hci0: command tx timeout [ 97.713949][ T5837] Bluetooth: hci3: command tx timeout [ 97.719450][ T5837] Bluetooth: hci2: command tx timeout [ 98.096738][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.297412][ T5831] veth0_vlan: entered promiscuous mode [ 98.337771][ T5829] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.355323][ T5831] veth1_vlan: entered promiscuous mode [ 98.378523][ T5828] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.401531][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.458634][ T5831] veth0_macvtap: entered promiscuous mode [ 98.487773][ T5831] veth1_macvtap: entered promiscuous mode [ 98.563688][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.578352][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.588178][ T5828] veth0_vlan: entered promiscuous mode [ 98.597520][ T5829] veth0_vlan: entered promiscuous mode [ 98.618121][ T5831] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.627642][ T5831] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.638304][ T5831] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.647268][ T5831] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.669322][ T5828] veth1_vlan: entered promiscuous mode [ 98.705967][ T5830] veth0_vlan: entered promiscuous mode [ 98.727936][ T5829] veth1_vlan: entered promiscuous mode [ 98.771381][ T5828] veth0_macvtap: entered promiscuous mode [ 98.798964][ T5830] veth1_vlan: entered promiscuous mode [ 98.828571][ T5828] veth1_macvtap: entered promiscuous mode [ 98.886102][ T5829] veth0_macvtap: entered promiscuous mode [ 98.899485][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.919807][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.935202][ T5829] veth1_macvtap: entered promiscuous mode [ 98.950469][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.980741][ T5830] veth0_macvtap: entered promiscuous mode [ 99.005254][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.019286][ T5828] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.028876][ T5828] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.038683][ T5828] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.048131][ T5828] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.069119][ T5830] veth1_macvtap: entered promiscuous mode [ 99.087428][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.096502][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.126743][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.149821][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.179969][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.228393][ T5831] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 99.229034][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.263820][ T5829] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.273569][ T5829] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.283083][ T5829] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.292076][ T5829] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.330021][ T5830] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.340788][ T5830] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.349799][ T5830] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.371016][ T5830] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.413104][ T3511] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.429739][ T3511] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.509204][ T3455] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.519429][ T3455] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.631122][ T5837] Bluetooth: hci1: command tx timeout [ 99.712036][ T5837] Bluetooth: hci0: command tx timeout [ 99.746862][ T3511] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.791742][ T5838] Bluetooth: hci3: command tx timeout [ 99.797399][ T5837] Bluetooth: hci2: command tx timeout [ 99.804786][ T3511] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.865881][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.874608][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 99.906585][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.092895][ T69] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.100783][ T69] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.210743][ T3511] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.250613][ T3511] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.333699][ T5946] process 'syz.2.3' launched '/dev/fd/8' with NULL argv: empty string added [ 101.606583][ T5937] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 101.621022][ T5937] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 101.693761][ T5937] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 101.711858][ T5837] Bluetooth: hci1: command tx timeout [ 101.788253][ T5937] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 101.807912][ T5937] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 101.866376][ T5937] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 101.873084][ T5837] Bluetooth: hci2: command tx timeout [ 101.878740][ T5838] Bluetooth: hci3: command tx timeout [ 101.918869][ T5937] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 101.997812][ T5937] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 102.163535][ T5937] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 102.252671][ T5937] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 102.311156][ T5937] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 102.367179][ T5937] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 102.753848][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 103.550921][ T5837] Bluetooth: hci0: command 0x0c1a tx timeout [ 103.631385][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 103.632634][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 103.637501][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 103.637998][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 103.640087][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 103.665833][ T5972] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.711164][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 103.802808][ T5837] Bluetooth: hci1: command 0x0c1a tx timeout [ 103.951567][ T5837] Bluetooth: hci3: command 0x0c1a tx timeout [ 104.271426][ T5837] Bluetooth: hci2: command 0x0c1a tx timeout [ 104.991614][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 105.211451][ T0] NOHZ tick-stop error: local softirq work is pending, handler #142!!! [ 105.660251][ T5837] Bluetooth: hci0: command 0x0c1a tx timeout [ 105.881295][ T5837] Bluetooth: hci1: command 0x0c1a tx timeout [ 106.032381][ T5837] Bluetooth: hci3: command 0x0c1a tx timeout [ 106.351021][ T5837] Bluetooth: hci2: command 0x0c1a tx timeout [ 106.461476][ T5993] Zero length message leads to an empty skb [ 106.934238][ T6010] netlink: 4 bytes leftover after parsing attributes in process `syz.1.15'. [ 106.945565][ T6009] ima: policy update failed [ 106.956040][ T30] audit: type=1802 audit(6045596024.404:2): pid=6009 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.15" res=0 errno=0 [ 107.368180][ T6012] can: request_module (can-proto-3) failed. [ 107.711333][ T5837] Bluetooth: hci0: command 0x0c1a tx timeout [ 107.951435][ T5837] Bluetooth: hci1: command 0x0c1a tx timeout [ 108.130990][ T5837] Bluetooth: hci3: command 0x0c1a tx timeout [ 108.363257][ T6034] [U] [ 108.366221][ T6034] [U] [ 108.368981][ T6034] [U] [ 108.371738][ T6034] [U] [ 108.413106][ T6034] [U] [ 108.415919][ T6034] [U] [ 108.418675][ T6034] [U] [ 108.421443][ T6034] [U] [ 108.444670][ T5837] Bluetooth: hci2: command 0x0c1a tx timeout [ 108.459600][ T6034] [U] [ 108.462367][ T6034] [U] [ 108.465068][ T6034] [U] [ 108.467767][ T6034] [U] [ 108.599318][ T6034] [U] [ 108.602111][ T6034] [U] [ 108.604877][ T6034] [U] [ 108.607633][ T6034] [U] [ 108.631592][ T6034] [U] [ 108.634395][ T6034] [U] [ 108.637141][ T6034] [U] [ 108.639898][ T6034] [U] [ 108.681017][ T6034] [U] [ 108.683806][ T6034] [U] [ 108.686580][ T6034] [U] [ 108.689311][ T6034] [U] [ 108.723399][ T6034] [U] [ 108.726145][ T6034] [U] [ 108.728857][ T6034] [U] [ 108.731579][ T6034] [U] [ 108.752986][ T6034] [U] [ 108.755808][ T6034] [U] [ 108.758577][ T6034] [U] [ 108.761341][ T6034] [U] [ 108.804958][ T6034] [U] [ 108.807727][ T6034] [U] [ 108.810432][ T6034] [U] [ 108.813148][ T6034] [U] [ 108.829424][ T6034] [U] [ 108.832227][ T6034] [U] [ 108.835139][ T6034] [U] [ 108.837899][ T6034] [U] [ 108.861824][ T6034] [U] [ 108.864638][ T6034] [U] [ 108.867391][ T6034] [U] [ 108.870100][ T6034] [U] [ 108.898693][ T6034] [U] [ 108.901505][ T6034] [U] [ 108.904273][ T6034] [U] [ 108.907024][ T6034] [U] [ 108.919304][ T6034] [U] [ 108.922103][ T6034] [U] [ 108.924860][ T6034] [U] [ 108.927616][ T6034] [U] [ 108.936764][ T6034] [U] [ 108.939568][ T6034] [U] [ 108.942321][ T6034] [U] [ 108.945069][ T6034] [U] [ 108.967708][ T6034] [U] [ 108.970505][ T6034] [U] [ 108.973281][ T6034] [U] [ 108.976063][ T6034] [U] [ 108.995830][ T6034] [U] [ 108.998621][ T6034] [U] [ 109.001375][ T6034] [U] [ 109.004118][ T6034] [U] [ 109.058505][ T6034] [U] [ 109.061326][ T6034] [U] [ 109.064078][ T6034] [U] [ 109.066824][ T6034] [U] [ 109.073799][ T6034] [U] [ 109.076601][ T6034] [U] [ 109.079349][ T6034] [U] [ 109.082102][ T6034] [U] [ 109.457426][ T6034] [U] [ 109.460233][ T6034] [U] [ 109.463060][ T6034] [U] [ 109.465802][ T6034] [U] [ 109.519060][ T6034] [U] [ 109.804857][ T6057] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 110.155176][ T5840] udevd[5840]: inotify_add_watch(7, /dev/nbd4128, 10) failed: No such file or directory [ 110.342827][ T5840] udevd[5840]: inotify_add_watch(7, /dev/nbd4128, 10) failed: No such file or directory [ 113.714273][ T6076] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 118.407438][ T6150] capability: warning: `syz.0.39' uses 32-bit capabilities (legacy support in use) [ 118.791597][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805f3fa400: rx timeout, send abort [ 118.801049][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805f3f9c00: rx timeout, send abort [ 118.809876][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88805f3fa400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 118.825062][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88805f3f9c00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 120.688182][ T6158] loop6: detected capacity change from 0 to 8192 [ 122.449155][ T6187] ======================================================= [ 122.449155][ T6187] WARNING: The mand mount option has been deprecated and [ 122.449155][ T6187] and is ignored by this kernel. Remove the mand [ 122.449155][ T6187] option from the mount to silence this warning. [ 122.449155][ T6187] ======================================================= [ 122.608954][ T6188] FAULT_INJECTION: forcing a failure. [ 122.608954][ T6188] name failslab, interval 1, probability 0, space 0, times 1 [ 122.671878][ T6188] CPU: 0 UID: 0 PID: 6188 Comm: syz.2.46 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) [ 122.671923][ T6188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 122.671941][ T6188] Call Trace: [ 122.671952][ T6188] [ 122.671964][ T6188] dump_stack_lvl+0x16c/0x1f0 [ 122.672016][ T6188] should_fail_ex+0x512/0x640 [ 122.672059][ T6188] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 122.672110][ T6188] should_failslab+0xc2/0x120 [ 122.672140][ T6188] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 122.672183][ T6188] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.672215][ T6188] ? fuse_request_alloc+0x22/0x200 [ 122.672251][ T6188] fuse_request_alloc+0x22/0x200 [ 122.672282][ T6188] fuse_get_req+0x748/0xfd0 [ 122.672323][ T6188] ? __pfx_fuse_get_req+0x10/0x10 [ 122.672376][ T6188] fuse_simple_background+0x464/0x5f0 [ 122.672408][ T6188] ? kasan_save_track+0x14/0x30 [ 122.672465][ T6188] cuse_channel_open+0x561/0x7f0 [ 122.672507][ T6188] ? __pfx_cuse_channel_open+0x10/0x10 [ 122.672549][ T6188] misc_open+0x35d/0x420 [ 122.672587][ T6188] ? __pfx_misc_open+0x10/0x10 [ 122.672624][ T6188] chrdev_open+0x234/0x6a0 [ 122.672672][ T6188] ? __pfx_chrdev_open+0x10/0x10 [ 122.672723][ T6188] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 122.672771][ T6188] do_dentry_open+0x741/0x1c10 [ 122.672817][ T6188] ? __pfx_chrdev_open+0x10/0x10 [ 122.672874][ T6188] vfs_open+0x82/0x3f0 [ 122.672912][ T6188] path_openat+0x1de4/0x2cb0 [ 122.672971][ T6188] ? __pfx_path_openat+0x10/0x10 [ 122.673018][ T6188] ? __lock_acquire+0xb8a/0x1c90 [ 122.673064][ T6188] do_filp_open+0x20b/0x470 [ 122.673110][ T6188] ? __pfx_do_filp_open+0x10/0x10 [ 122.673184][ T6188] ? alloc_fd+0x471/0x7d0 [ 122.673235][ T6188] do_sys_openat2+0x11b/0x1d0 [ 122.673269][ T6188] ? __pfx_do_sys_openat2+0x10/0x10 [ 122.673320][ T6188] __x64_sys_openat+0x174/0x210 [ 122.673356][ T6188] ? __pfx___x64_sys_openat+0x10/0x10 [ 122.673409][ T6188] do_syscall_64+0xcd/0x490 [ 122.673470][ T6188] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.673503][ T6188] RIP: 0033:0x7f3d9bb8e929 [ 122.673528][ T6188] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 122.673558][ T6188] RSP: 002b:00007f3d9caa8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 122.673589][ T6188] RAX: ffffffffffffffda RBX: 00007f3d9bdb6080 RCX: 00007f3d9bb8e929 [ 122.673610][ T6188] RDX: 00000000001c1041 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 122.673630][ T6188] RBP: 00007f3d9bc10b39 R08: 0000000000000000 R09: 0000000000000000 [ 122.673649][ T6188] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 122.673667][ T6188] R13: 0000000000000000 R14: 00007f3d9bdb6080 R15: 00007ffdcbbebc48 [ 122.673712][ T6188] [ 125.443039][ T6207] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 125.443328][ T6207] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 125.443548][ T6207] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 125.443800][ T6207] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 126.442978][ T5843] Bluetooth: hci0: command 0x0c1a tx timeout [ 127.473098][ T5843] Bluetooth: hci2: command 0x0c1a tx timeout [ 127.479688][ T5838] Bluetooth: hci1: command 0x0c1a tx timeout [ 127.485836][ T5837] Bluetooth: hci3: command 0x0c1a tx timeout [ 128.749234][ T6268] FAULT_INJECTION: forcing a failure. [ 128.749234][ T6268] name failslab, interval 1, probability 0, space 0, times 0 [ 128.778002][ T6268] CPU: 0 UID: 0 PID: 6268 Comm: syz.2.58 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) [ 128.778049][ T6268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 128.778066][ T6268] Call Trace: [ 128.778078][ T6268] [ 128.778090][ T6268] dump_stack_lvl+0x16c/0x1f0 [ 128.778142][ T6268] should_fail_ex+0x512/0x640 [ 128.778193][ T6268] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 128.778245][ T6268] should_failslab+0xc2/0x120 [ 128.778275][ T6268] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 128.778320][ T6268] ? d_instantiate+0x77/0x90 [ 128.778345][ T6268] ? alloc_empty_file+0x55/0x1e0 [ 128.778386][ T6268] alloc_empty_file+0x55/0x1e0 [ 128.778420][ T6268] alloc_file_pseudo+0x13a/0x230 [ 128.778455][ T6268] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 128.778503][ T6268] __anon_inode_getfile+0xf7/0x3a0 [ 128.778557][ T6268] io_uring_setup+0x154d/0x2080 [ 128.778601][ T6268] ? __pfx_io_uring_setup+0x10/0x10 [ 128.778677][ T6268] ? xfd_validate_state+0x61/0x180 [ 128.778729][ T6268] __x64_sys_io_uring_setup+0xc2/0x170 [ 128.778771][ T6268] do_syscall_64+0xcd/0x490 [ 128.778822][ T6268] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.778854][ T6268] RIP: 0033:0x7f3d9bb8e929 [ 128.778879][ T6268] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 128.778906][ T6268] RSP: 002b:00007f3d9caa8038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 128.778936][ T6268] RAX: ffffffffffffffda RBX: 00007f3d9bdb6080 RCX: 00007f3d9bb8e929 [ 128.778956][ T6268] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 128.778973][ T6268] RBP: 00007f3d9bc10b39 R08: 0000000000000000 R09: 0000000000000000 [ 128.778990][ T6268] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 128.779007][ T6268] R13: 0000000000000000 R14: 00007f3d9bdb6080 R15: 00007ffdcbbebc48 [ 128.779045][ T6268] [ 130.587323][ T5843] Bluetooth: hci2: unexpected event 0x3d length: 726 > 14 [ 132.709808][ T6322] netlink: 4 bytes leftover after parsing attributes in process `syz.2.68'. [ 135.752643][ T6346] kafs: addr_prefs: Invalid Command [ 136.041359][ T6371] Invalid ELF header magic: != ELF [ 137.112323][ T6380] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input5 [ 137.145788][ T6351] kexec: Could not allocate control_code_buffer [ 138.056840][ T6391] random: crng reseeded on system resumption [ 138.284667][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.293892][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 141.080633][ T6432] netlink: 8 bytes leftover after parsing attributes in process `syz.0.86'. [ 146.179185][ T6484] netlink: 28 bytes leftover after parsing attributes in process `syz.1.97'. [ 146.271778][ T6484] hsr_slave_0: left promiscuous mode [ 146.309316][ T6484] hsr_slave_1: left promiscuous mode [ 148.918982][ T30] audit: type=1800 audit(6045596074.335:3): pid=6517 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.103" name="dbroot" dev="configfs" ino=9541 res=0 errno=0 [ 150.814135][ T6522] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 153.767210][ T6555] scsi_strcpy_devinfo: vendor string '/&c~n] | [ 153.767210][ T6555] M' is too long [ 153.816966][ T6555] scsi_strcpy_devinfo: model string 'Dd5 K2b [ 153.816966][ T6555] W ' is too long [ 155.531581][ T6557] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 155.551441][ T5843] Bluetooth: hci0: command 0x0c1a tx timeout [ 155.593766][ T6557] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 155.600576][ T6557] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 155.643028][ T6557] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 155.908571][ T6576] can: request_module (can-proto-0) failed. [ 155.929245][ T6576] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input6 [ 157.631077][ T5843] Bluetooth: hci3: command 0x0c1a tx timeout [ 157.631089][ T5837] Bluetooth: hci1: command 0x0c1a tx timeout [ 157.711915][ T5843] Bluetooth: hci2: command 0x0c1a tx timeout [ 165.515783][ T6659] FAULT_INJECTION: forcing a failure. [ 165.515783][ T6659] name failslab, interval 1, probability 0, space 0, times 0 [ 165.619879][ T6659] CPU: 0 UID: 0 PID: 6659 Comm: syz.1.128 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) [ 165.619922][ T6659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 165.619939][ T6659] Call Trace: [ 165.619950][ T6659] [ 165.619961][ T6659] dump_stack_lvl+0x16c/0x1f0 [ 165.620027][ T6659] should_fail_ex+0x512/0x640 [ 165.620069][ T6659] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 165.620116][ T6659] should_failslab+0xc2/0x120 [ 165.620146][ T6659] __kmalloc_cache_noprof+0x6a/0x3e0 [ 165.620188][ T6659] ? snd_pcm_oss_change_params_locked+0x247/0x3a30 [ 165.620233][ T6659] snd_pcm_oss_change_params_locked+0x247/0x3a30 [ 165.620270][ T6659] ? preempt_count_sub+0x95/0x160 [ 165.620307][ T6659] ? trace_contention_end+0xdd/0x130 [ 165.620351][ T6659] ? __mutex_lock+0x1ca/0xb90 [ 165.620395][ T6659] ? rcu_is_watching+0x12/0xc0 [ 165.620428][ T6659] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 165.620466][ T6659] ? __pfx___mutex_lock+0x10/0x10 [ 165.620524][ T6659] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 165.620585][ T6659] snd_pcm_oss_get_active_substream+0x168/0x1d0 [ 165.620629][ T6659] snd_pcm_oss_ioctl+0x21e9/0x37a0 [ 165.620667][ T6659] ? hook_file_ioctl_common+0x145/0x410 [ 165.620701][ T6659] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 165.620741][ T6659] ? __fget_files+0x20e/0x3c0 [ 165.620801][ T6659] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 165.620836][ T6659] __x64_sys_ioctl+0x18e/0x210 [ 165.620875][ T6659] do_syscall_64+0xcd/0x490 [ 165.620920][ T6659] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 165.620950][ T6659] RIP: 0033:0x7fcf00b8e929 [ 165.620976][ T6659] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 165.621003][ T6659] RSP: 002b:00007fcefe9f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 165.621040][ T6659] RAX: ffffffffffffffda RBX: 00007fcf00db6080 RCX: 00007fcf00b8e929 [ 165.621060][ T6659] RDX: 0000000000000000 RSI: 00000000c0045002 RDI: 0000000000000008 [ 165.621078][ T6659] RBP: 00007fcf00c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 165.621096][ T6659] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 165.621114][ T6659] R13: 0000000000000000 R14: 00007fcf00db6080 R15: 00007ffc43f55658 [ 165.621160][ T6659] [ 166.990313][ T30] audit: type=1804 audit(6045596092.445:4): pid=6676 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.131" name="/newroot/32/file0" dev="tmpfs" ino=189 res=1 errno=0 [ 167.020494][ T30] audit: type=1800 audit(6045596092.475:5): pid=6676 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.131" name="file0" dev="tmpfs" ino=189 res=0 errno=0 [ 167.723248][ T6682] FAULT_INJECTION: forcing a failure. [ 167.723248][ T6682] name failslab, interval 1, probability 0, space 0, times 0 [ 167.803786][ T6682] CPU: 1 UID: 0 PID: 6682 Comm: syz.2.133 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) [ 167.803833][ T6682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 167.803851][ T6682] Call Trace: [ 167.803861][ T6682] [ 167.803873][ T6682] dump_stack_lvl+0x16c/0x1f0 [ 167.803925][ T6682] should_fail_ex+0x512/0x640 [ 167.803968][ T6682] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 167.804015][ T6682] should_failslab+0xc2/0x120 [ 167.804045][ T6682] __kmalloc_cache_noprof+0x6a/0x3e0 [ 167.804085][ T6682] ? ovs_dp_cmd_new+0x42e/0xe60 [ 167.804135][ T6682] ovs_dp_cmd_new+0x42e/0xe60 [ 167.804192][ T6682] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 167.804246][ T6682] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 167.804288][ T6682] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 167.804339][ T6682] genl_family_rcv_msg_doit+0x206/0x2f0 [ 167.804382][ T6682] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 167.804421][ T6682] ? trace_cap_capable+0x18d/0x200 [ 167.804464][ T6682] ? bpf_lsm_capable+0x9/0x10 [ 167.804500][ T6682] ? security_capable+0x7e/0x260 [ 167.804551][ T6682] ? ns_capable+0xd7/0x110 [ 167.804586][ T6682] genl_rcv_msg+0x55c/0x800 [ 167.804628][ T6682] ? __pfx_genl_rcv_msg+0x10/0x10 [ 167.804664][ T6682] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 167.804725][ T6682] netlink_rcv_skb+0x155/0x420 [ 167.804764][ T6682] ? __pfx_genl_rcv_msg+0x10/0x10 [ 167.804803][ T6682] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 167.804852][ T6682] ? netlink_deliver_tap+0x1ae/0xd30 [ 167.804891][ T6682] genl_rcv+0x28/0x40 [ 167.804924][ T6682] netlink_unicast+0x53a/0x7f0 [ 167.804962][ T6682] ? __pfx_netlink_unicast+0x10/0x10 [ 167.805007][ T6682] netlink_sendmsg+0x8d1/0xdd0 [ 167.805046][ T6682] ? __pfx_netlink_sendmsg+0x10/0x10 [ 167.805093][ T6682] ____sys_sendmsg+0xa95/0xc70 [ 167.805130][ T6682] ? copy_msghdr_from_user+0x10a/0x160 [ 167.805175][ T6682] ? __pfx_____sys_sendmsg+0x10/0x10 [ 167.805220][ T6682] ? __pfx_futex_wake_mark+0x10/0x10 [ 167.805270][ T6682] ___sys_sendmsg+0x134/0x1d0 [ 167.805319][ T6682] ? __pfx____sys_sendmsg+0x10/0x10 [ 167.805361][ T6682] ? __lock_acquire+0x622/0x1c90 [ 167.805454][ T6682] __sys_sendmsg+0x16d/0x220 [ 167.805501][ T6682] ? __pfx___sys_sendmsg+0x10/0x10 [ 167.805545][ T6682] ? __x64_sys_futex+0x1e0/0x4c0 [ 167.805608][ T6682] do_syscall_64+0xcd/0x490 [ 167.805656][ T6682] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.805687][ T6682] RIP: 0033:0x7f3d9bb8e929 [ 167.805713][ T6682] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 167.805741][ T6682] RSP: 002b:00007f3d9cac9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 167.805779][ T6682] RAX: ffffffffffffffda RBX: 00007f3d9bdb5fa0 RCX: 00007f3d9bb8e929 [ 167.805799][ T6682] RDX: 0000000000000080 RSI: 0000200000000140 RDI: 0000000000000008 [ 167.805818][ T6682] RBP: 00007f3d9bc10b39 R08: 0000000000000000 R09: 0000000000000000 [ 167.805836][ T6682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 167.805855][ T6682] R13: 0000000000000000 R14: 00007f3d9bdb5fa0 R15: 00007ffdcbbebc48 [ 167.805901][ T6682] [ 168.883293][ T6692] FAULT_INJECTION: forcing a failure. [ 168.883293][ T6692] name failslab, interval 1, probability 0, space 0, times 0 [ 168.902939][ T6690] FAULT_INJECTION: forcing a failure. [ 168.902939][ T6690] name failslab, interval 1, probability 0, space 0, times 0 [ 168.961272][ T6692] CPU: 1 UID: 0 PID: 6692 Comm: syz.3.136 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) [ 168.961316][ T6692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 168.961332][ T6692] Call Trace: [ 168.961342][ T6692] [ 168.961354][ T6692] dump_stack_lvl+0x16c/0x1f0 [ 168.961408][ T6692] should_fail_ex+0x512/0x640 [ 168.961451][ T6692] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 168.961499][ T6692] should_failslab+0xc2/0x120 [ 168.961527][ T6692] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 168.961569][ T6692] ? d_instantiate+0x77/0x90 [ 168.961594][ T6692] ? alloc_empty_file+0x55/0x1e0 [ 168.961632][ T6692] alloc_empty_file+0x55/0x1e0 [ 168.961663][ T6692] alloc_file_pseudo+0x13a/0x230 [ 168.961695][ T6692] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 168.961726][ T6692] ? alloc_fd+0x471/0x7d0 [ 168.961768][ T6692] sock_alloc_file+0x50/0x210 [ 168.961794][ T6692] __sys_socket+0x1c0/0x260 [ 168.961827][ T6692] ? __pfx___sys_socket+0x10/0x10 [ 168.961861][ T6692] ? xfd_validate_state+0x61/0x180 [ 168.961895][ T6692] ? __pfx_do_writev+0x10/0x10 [ 168.961939][ T6692] __x64_sys_socket+0x72/0xb0 [ 168.961971][ T6692] ? lockdep_hardirqs_on+0x7c/0x110 [ 168.962018][ T6692] do_syscall_64+0xcd/0x490 [ 168.962065][ T6692] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.962096][ T6692] RIP: 0033:0x7f5746b8e929 [ 168.962120][ T6692] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 168.962146][ T6692] RSP: 002b:00007f5747a24038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 168.962176][ T6692] RAX: ffffffffffffffda RBX: 00007f5746db5fa0 RCX: 00007f5746b8e929 [ 168.962195][ T6692] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 000000000000000a [ 168.962211][ T6692] RBP: 00007f5746c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 168.962228][ T6692] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 168.962243][ T6692] R13: 0000000000000000 R14: 00007f5746db5fa0 R15: 00007ffe8e829548 [ 168.962281][ T6692] [ 168.962684][ T6690] CPU: 1 UID: 0 PID: 6690 Comm: syz.2.135 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) [ 168.962723][ T6690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 168.962737][ T6690] Call Trace: [ 168.962747][ T6690] [ 168.962758][ T6690] dump_stack_lvl+0x16c/0x1f0 [ 168.962804][ T6690] should_fail_ex+0x512/0x640 [ 168.962844][ T6690] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 168.962892][ T6690] should_failslab+0xc2/0x120 [ 168.962920][ T6690] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 168.962967][ T6690] ? __d_alloc+0x31/0xaa0 [ 168.963029][ T6690] __d_alloc+0x31/0xaa0 [ 168.963081][ T6690] d_alloc+0x4a/0x1e0 [ 168.963127][ T6690] d_alloc_parallel+0xe3/0x12e0 [ 168.963174][ T6690] ? find_held_lock+0x2b/0x80 [ 168.963206][ T6690] ? __pfx_d_alloc_parallel+0x10/0x10 [ 168.963247][ T6690] ? __d_lookup+0x266/0x4a0 [ 168.963289][ T6690] lookup_open.isra.0+0x665/0x1580 [ 168.963336][ T6690] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 168.963399][ T6690] ? mnt_get_write_access+0x20c/0x300 [ 168.963439][ T6690] path_openat+0x893/0x2cb0 [ 168.963492][ T6690] ? __pfx_path_openat+0x10/0x10 [ 168.963539][ T6690] ? __lock_acquire+0xb8a/0x1c90 [ 168.963582][ T6690] do_filp_open+0x20b/0x470 [ 168.963626][ T6690] ? __pfx_do_filp_open+0x10/0x10 [ 168.963698][ T6690] ? alloc_fd+0x471/0x7d0 [ 168.963747][ T6690] do_sys_openat2+0x11b/0x1d0 [ 168.963780][ T6690] ? __pfx_do_sys_openat2+0x10/0x10 [ 168.963828][ T6690] __x64_sys_openat+0x174/0x210 [ 168.963863][ T6690] ? __pfx___x64_sys_openat+0x10/0x10 [ 168.963914][ T6690] do_syscall_64+0xcd/0x490 [ 168.963961][ T6690] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.964000][ T6690] RIP: 0033:0x7f3d9bb8e929 [ 168.964024][ T6690] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 168.964051][ T6690] RSP: 002b:00007f3d9cac9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 168.964080][ T6690] RAX: ffffffffffffffda RBX: 00007f3d9bdb5fa0 RCX: 00007f3d9bb8e929 [ 168.964100][ T6690] RDX: 0000000000001182 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 168.964117][ T6690] RBP: 00007f3d9bc10b39 R08: 0000000000000000 R09: 0000000000000000 [ 168.964135][ T6690] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 168.964151][ T6690] R13: 0000000000000000 R14: 00007f3d9bdb5fa0 R15: 00007ffdcbbebc48 [ 168.964190][ T6690] [ 174.674073][ T6736] netlink: 28 bytes leftover after parsing attributes in process `syz.3.143'. syzkaller syzkaller login: [ 174.995764][ T30] audit: type=1326 audit(6045596100.455:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6741 comm="syz.1.144" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fcf00b8e929 code=0x0 [ 175.735035][ T6750] netlink: 4 bytes leftover after parsing attributes in process `syz.3.146'. [ 179.413049][ T6784] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 179.413049][ T6784] The task syz.2.153 (6784) triggered the difference, watch for misbehavior. [ 180.685931][ T6790] syz.0.155 uses obsolete (PF_INET,SOCK_PACKET) [ 182.447187][ T30] audit: type=1800 audit(6045596107.905:7): pid=6823 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.161" name="members" dev="configfs" ino=15462 res=0 errno=0 [ 182.575816][ T6825] FAULT_INJECTION: forcing a failure. [ 182.575816][ T6825] name failslab, interval 1, probability 0, space 0, times 0 [ 182.725623][ T6825] CPU: 1 UID: 0 PID: 6825 Comm: syz.1.162 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) [ 182.725657][ T6825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 182.725668][ T6825] Call Trace: [ 182.725675][ T6825] [ 182.725683][ T6825] dump_stack_lvl+0x16c/0x1f0 [ 182.725715][ T6825] should_fail_ex+0x512/0x640 [ 182.725741][ T6825] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 182.725771][ T6825] should_failslab+0xc2/0x120 [ 182.725788][ T6825] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 182.725814][ T6825] ? number+0x9aa/0xc70 [ 182.725833][ T6825] ? __d_alloc+0x31/0xaa0 [ 182.725862][ T6825] __d_alloc+0x31/0xaa0 [ 182.725888][ T6825] ? __pfx_number+0x10/0x10 [ 182.725917][ T6825] d_alloc+0x4a/0x1e0 [ 182.725945][ T6825] d_alloc_parallel+0xe3/0x12e0 [ 182.725970][ T6825] ? stack_depot_save_flags+0x28/0xa40 [ 182.725998][ T6825] ? __pfx_default_pointer+0x10/0x10 [ 182.726023][ T6825] ? __pfx_d_alloc_parallel+0x10/0x10 [ 182.726046][ T6825] ? lockdep_init_map_type+0x5c/0x280 [ 182.726073][ T6825] ? lockdep_init_map_type+0x5c/0x280 [ 182.726101][ T6825] __lookup_slow+0x193/0x460 [ 182.726122][ T6825] ? __pfx___lookup_slow+0x10/0x10 [ 182.726144][ T6825] ? pcpu_populate_chunk+0x500/0xb00 [ 182.726174][ T6825] ? pcpu_populate_chunk+0x500/0xb00 [ 182.726198][ T6825] ? d_lookup+0xe7/0x190 [ 182.726222][ T6825] lookup_noperm+0xe1/0x110 [ 182.726242][ T6825] start_creating.part.0+0x15a/0x3e0 [ 182.726269][ T6825] debugfs_create_dir+0x6c/0x5f0 [ 182.726293][ T6825] ptp_open+0x307/0x520 [ 182.726318][ T6825] ? __pfx_ptp_open+0x10/0x10 [ 182.726345][ T6825] ? __pfx_ptp_open+0x10/0x10 [ 182.726365][ T6825] posix_clock_open+0x17b/0x290 [ 182.726397][ T6825] ? __pfx_posix_clock_open+0x10/0x10 [ 182.726427][ T6825] chrdev_open+0x234/0x6a0 [ 182.726466][ T6825] ? __pfx_apparmor_file_open+0x10/0x10 [ 182.726503][ T6825] ? __pfx_chrdev_open+0x10/0x10 [ 182.726548][ T6825] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 182.726592][ T6825] do_dentry_open+0x741/0x1c10 [ 182.726639][ T6825] ? __pfx_chrdev_open+0x10/0x10 [ 182.726689][ T6825] vfs_open+0x82/0x3f0 [ 182.726727][ T6825] path_openat+0x1de4/0x2cb0 [ 182.726784][ T6825] ? __pfx_path_openat+0x10/0x10 [ 182.726830][ T6825] ? __lock_acquire+0xb8a/0x1c90 [ 182.726872][ T6825] do_filp_open+0x20b/0x470 [ 182.726921][ T6825] ? __pfx_do_filp_open+0x10/0x10 [ 182.726999][ T6825] ? alloc_fd+0x471/0x7d0 [ 182.727051][ T6825] do_sys_openat2+0x11b/0x1d0 [ 182.727082][ T6825] ? __pfx_do_sys_openat2+0x10/0x10 [ 182.727134][ T6825] __x64_sys_openat+0x174/0x210 [ 182.727167][ T6825] ? __pfx___x64_sys_openat+0x10/0x10 [ 182.727220][ T6825] do_syscall_64+0xcd/0x490 [ 182.727264][ T6825] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 182.727291][ T6825] RIP: 0033:0x7fcf00b8e929 [ 182.727316][ T6825] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 182.727343][ T6825] RSP: 002b:00007fcefe9f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 182.727371][ T6825] RAX: ffffffffffffffda RBX: 00007fcf00db6080 RCX: 00007fcf00b8e929 [ 182.727391][ T6825] RDX: 0000000000000440 RSI: 0000200000000280 RDI: ffffffffffffff9c [ 182.727408][ T6825] RBP: 00007fcf00c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 182.727426][ T6825] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 182.727443][ T6825] R13: 0000000000000000 R14: 00007fcf00db6080 R15: 00007ffc43f55658 [ 182.727482][ T6825] [ 183.746584][ T6833] netlink: 342 bytes leftover after parsing attributes in process `syz.3.164'. [ 183.825316][ T6833] netlink: 114 bytes leftover after parsing attributes in process `syz.3.164'. [ 184.028150][ T6833] mmap: syz.3.164 (6833) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 185.107428][ T6847] Invalid ELF header magic: != ELF [ 185.156930][ T6849] netlink: 504 bytes leftover after parsing attributes in process `syz.2.167'. [ 185.211122][ T6849] netlink: 350 bytes leftover after parsing attributes in process `syz.2.167'. [ 188.100603][ T6880] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input8 syzkaller syzkaller login: [ 189.545791][ T6894] netlink: 4 bytes leftover after parsing attributes in process `syz.1.176'. [ 189.572529][ T6894] netlink: 354 bytes leftover after parsing attributes in process `syz.1.176'. [ 193.448432][ T6944] FAULT_INJECTION: forcing a failure. [ 193.448432][ T6944] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 193.512956][ T6944] CPU: 0 UID: 0 PID: 6944 Comm: syz.0.185 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) [ 193.512987][ T6944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 193.512997][ T6944] Call Trace: [ 193.513003][ T6944] [ 193.513010][ T6944] dump_stack_lvl+0x16c/0x1f0 [ 193.513044][ T6944] should_fail_ex+0x512/0x640 [ 193.513074][ T6944] should_fail_alloc_page+0xe7/0x130 [ 193.513094][ T6944] prepare_alloc_pages+0x3c2/0x610 [ 193.513116][ T6944] ? __lock_acquire+0x622/0x1c90 [ 193.513142][ T6944] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 193.513177][ T6944] ? find_held_lock+0x2b/0x80 [ 193.513195][ T6944] ? mtree_load+0x309/0xa40 [ 193.513220][ T6944] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 193.513250][ T6944] ? mtree_load+0x325/0xa40 [ 193.513280][ T6944] ? __up_read+0x1f8/0x750 [ 193.513307][ T6944] ? __pfx___up_read+0x10/0x10 [ 193.513332][ T6944] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 193.513360][ T6944] ? policy_nodemask+0xea/0x4e0 [ 193.513379][ T6944] alloc_pages_mpol+0x1fb/0x550 [ 193.513397][ T6944] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 193.513414][ T6944] ? do_raw_spin_lock+0x12c/0x2b0 [ 193.513441][ T6944] ? __pfx___access_remote_vm+0x10/0x10 [ 193.513473][ T6944] alloc_pages_noprof+0x131/0x390 [ 193.513494][ T6944] get_free_pages_noprof+0x10/0xb0 [ 193.513512][ T6944] proc_pid_cmdline_read+0x46d/0x900 [ 193.513536][ T6944] ? __pfx_proc_pid_cmdline_read+0x10/0x10 [ 193.513560][ T6944] ? rw_verify_area+0xcf/0x680 [ 193.513582][ T6944] ? __pfx_proc_pid_cmdline_read+0x10/0x10 [ 193.513604][ T6944] vfs_read+0x1e1/0xc60 [ 193.513631][ T6944] ? __pfx___mutex_lock+0x10/0x10 [ 193.513659][ T6944] ? __pfx_vfs_read+0x10/0x10 [ 193.513689][ T6944] ? __fget_files+0x20e/0x3c0 [ 193.513719][ T6944] ksys_read+0x12a/0x250 [ 193.513754][ T6944] ? __pfx_ksys_read+0x10/0x10 [ 193.513785][ T6944] do_syscall_64+0xcd/0x490 [ 193.513815][ T6944] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.513834][ T6944] RIP: 0033:0x7fe93278e929 [ 193.513849][ T6944] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 193.513865][ T6944] RSP: 002b:00007fe933571038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 193.513883][ T6944] RAX: ffffffffffffffda RBX: 00007fe9329b5fa0 RCX: 00007fe93278e929 [ 193.513894][ T6944] RDX: 000000000000009f RSI: 0000200000000040 RDI: 0000000000000007 [ 193.513905][ T6944] RBP: 00007fe932810b39 R08: 0000000000000000 R09: 0000000000000000 [ 193.513915][ T6944] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 193.513925][ T6944] R13: 0000000000000000 R14: 00007fe9329b5fa0 R15: 00007fff95454578 [ 193.513947][ T6944] [ 194.009696][ T6946] HfR: entered promiscuous mode [ 194.147135][ T6946] netlink: 12 bytes leftover after parsing attributes in process `syz.1.184'. [ 194.218646][ T6951] FAULT_INJECTION: forcing a failure. [ 194.218646][ T6951] name failslab, interval 1, probability 0, space 0, times 0 [ 194.282211][ T6951] CPU: 1 UID: 0 PID: 6951 Comm: syz.2.186 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) [ 194.282263][ T6951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 194.282280][ T6951] Call Trace: [ 194.282292][ T6951] [ 194.282304][ T6951] dump_stack_lvl+0x16c/0x1f0 [ 194.282355][ T6951] should_fail_ex+0x512/0x640 [ 194.282398][ T6951] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 194.282443][ T6951] should_failslab+0xc2/0x120 [ 194.282484][ T6951] __kmalloc_cache_noprof+0x6a/0x3e0 [ 194.282525][ T6951] ? netdev_create_hash+0x3c/0xc0 [ 194.282562][ T6951] ? __pfx_netdev_init+0x10/0x10 [ 194.282595][ T6951] netdev_create_hash+0x3c/0xc0 [ 194.282630][ T6951] ? __pfx_netdev_init+0x10/0x10 [ 194.282658][ T6951] netdev_init+0xa5/0x230 [ 194.282691][ T6951] ops_init+0x1e2/0x5f0 [ 194.282724][ T6951] setup_net+0x1ff/0x510 [ 194.282749][ T6951] ? lockdep_init_map_type+0x5c/0x280 [ 194.282789][ T6951] ? __pfx_setup_net+0x10/0x10 [ 194.282820][ T6951] ? debug_mutex_init+0x37/0x70 [ 194.282853][ T6951] copy_net_ns+0x2a6/0x5f0 [ 194.282888][ T6951] create_new_namespaces+0x3ea/0xa90 [ 194.282929][ T6951] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 194.282965][ T6951] ksys_unshare+0x45b/0xa40 [ 194.283003][ T6951] ? __pfx_ksys_unshare+0x10/0x10 [ 194.283043][ T6951] ? xfd_validate_state+0x61/0x180 [ 194.283093][ T6951] __x64_sys_unshare+0x31/0x40 [ 194.283130][ T6951] do_syscall_64+0xcd/0x490 [ 194.283180][ T6951] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 194.283209][ T6951] RIP: 0033:0x7f3d9bb8e929 [ 194.283232][ T6951] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 194.283259][ T6951] RSP: 002b:00007f3d9caa8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 194.283286][ T6951] RAX: ffffffffffffffda RBX: 00007f3d9bdb6080 RCX: 00007f3d9bb8e929 [ 194.283306][ T6951] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 194.283323][ T6951] RBP: 00007f3d9bc10b39 R08: 0000000000000000 R09: 0000000000000000 [ 194.283340][ T6951] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 194.283357][ T6951] R13: 0000000000000000 R14: 00007f3d9bdb6080 R15: 00007ffdcbbebc48 [ 194.283396][ T6951] [ 194.539881][ T6946] openvswitch: HfR: Dropping previously announced user features [ 195.361166][ T6961] could not allocate digest TFM handle [ 195.438211][ T30] audit: type=1800 audit(6045596120.900:8): pid=6969 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.189" name="members" dev="configfs" ino=15738 res=0 errno=0 [ 197.668455][ T6997] bridge0: port 3(batadv0) entered blocking state [ 197.675463][ T6997] bridge0: port 3(batadv0) entered disabled state [ 197.682534][ T6997] batadv0: entered allmulticast mode [ 197.693020][ T6997] batadv0: entered promiscuous mode [ 197.699477][ T6997] bridge0: port 3(batadv0) entered blocking state [ 197.706311][ T6997] bridge0: port 3(batadv0) entered forwarding state [ 198.208529][ T7015] FAULT_INJECTION: forcing a failure. [ 198.208529][ T7015] name failslab, interval 1, probability 0, space 0, times 0 [ 198.227095][ T7015] CPU: 1 UID: 0 PID: 7015 Comm: syz.3.199 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) [ 198.227140][ T7015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 198.227157][ T7015] Call Trace: [ 198.227168][ T7015] [ 198.227180][ T7015] dump_stack_lvl+0x16c/0x1f0 [ 198.227236][ T7015] should_fail_ex+0x512/0x640 [ 198.227273][ T7015] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 198.227319][ T7015] should_failslab+0xc2/0x120 [ 198.227350][ T7015] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 198.227395][ T7015] ? __proc_create+0xc3/0x8c0 [ 198.227441][ T7015] ? __proc_create+0x2ce/0x8c0 [ 198.227504][ T7015] __proc_create+0x2ce/0x8c0 [ 198.227554][ T7015] ? __pfx___proc_create+0x10/0x10 [ 198.227599][ T7015] ? _raw_write_unlock+0x28/0x50 [ 198.227642][ T7015] ? proc_register+0x314/0x5f0 [ 198.227704][ T7015] _proc_mkdir+0xb9/0x200 [ 198.227734][ T7015] ? __pfx__proc_mkdir+0x10/0x10 [ 198.227759][ T7015] ? kmem_cache_alloc_noprof+0x21e/0x3b0 [ 198.227813][ T7015] ? __pfx_netfilter_net_init+0x10/0x10 [ 198.227861][ T7015] netfilter_net_init+0x37b/0x4b0 [ 198.227905][ T7015] ? sysctl_net_init+0x27/0x30 [ 198.227934][ T7015] ops_init+0x1e2/0x5f0 [ 198.227969][ T7015] setup_net+0x1ff/0x510 [ 198.227998][ T7015] ? lockdep_init_map_type+0x5c/0x280 [ 198.228040][ T7015] ? __pfx_setup_net+0x10/0x10 [ 198.228072][ T7015] ? debug_mutex_init+0x37/0x70 [ 198.228108][ T7015] copy_net_ns+0x2a6/0x5f0 [ 198.228145][ T7015] create_new_namespaces+0x3ea/0xa90 [ 198.228190][ T7015] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 198.228226][ T7015] ksys_unshare+0x45b/0xa40 [ 198.228265][ T7015] ? __pfx_ksys_unshare+0x10/0x10 [ 198.228306][ T7015] ? xfd_validate_state+0x61/0x180 [ 198.228358][ T7015] __x64_sys_unshare+0x31/0x40 [ 198.228398][ T7015] do_syscall_64+0xcd/0x490 [ 198.228449][ T7015] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 198.228489][ T7015] RIP: 0033:0x7f5746b8e929 [ 198.228515][ T7015] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 198.228550][ T7015] RSP: 002b:00007f5747a24038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 198.228581][ T7015] RAX: ffffffffffffffda RBX: 00007f5746db5fa0 RCX: 00007f5746b8e929 [ 198.228600][ T7015] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 198.228618][ T7015] RBP: 00007f5746c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 198.228637][ T7015] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 198.228655][ T7015] R13: 0000000000000000 R14: 00007f5746db5fa0 R15: 00007ffe8e829548 [ 198.228696][ T7015] [ 198.533270][ T7015] cannot create netfilter proc entry [ 199.164218][ T7025] tipc: Started in network mode [ 199.196609][ T7025] tipc: Node identity ee00, cluster identity 4711 [ 199.213875][ T7025] tipc: Node number set to 60928 [ 199.721556][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.738420][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 199.957379][ T7023] GUP no longer grows the stack in syz.2.200 (7023): 14000-401000 (4000) [ 200.034229][ T7023] CPU: 0 UID: 0 PID: 7023 Comm: syz.2.200 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) [ 200.034272][ T7023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 200.034289][ T7023] Call Trace: [ 200.034298][ T7023] [ 200.034309][ T7023] dump_stack_lvl+0x16c/0x1f0 [ 200.034358][ T7023] gup_vma_lookup+0x1d2/0x220 [ 200.034392][ T7023] __get_user_pages+0x271/0x3b80 [ 200.034440][ T7023] ? process_vm_rw_core.constprop.0+0x1d8/0x9a0 [ 200.034495][ T7023] ? kasan_save_stack+0x42/0x60 [ 200.034536][ T7023] ? __pfx___get_user_pages+0x10/0x10 [ 200.034569][ T7023] ? register_lock_class+0x41/0x4c0 [ 200.034604][ T7023] ? __x64_sys_process_vm_readv+0xe2/0x1c0 [ 200.034648][ T7023] ? do_syscall_64+0xcd/0x490 [ 200.034706][ T7023] __gup_longterm_locked+0x20d/0x1850 [ 200.034741][ T7023] ? __lock_acquire+0xb8a/0x1c90 [ 200.034783][ T7023] ? __pfx___gup_longterm_locked+0x10/0x10 [ 200.034836][ T7023] pin_user_pages_remote+0xed/0x140 [ 200.034872][ T7023] ? __pfx_pin_user_pages_remote+0x10/0x10 [ 200.034903][ T7023] ? mm_access+0x22d/0x2e0 [ 200.034950][ T7023] process_vm_rw_core.constprop.0+0x41b/0x9a0 [ 200.035015][ T7023] ? __pfx_process_vm_rw_core.constprop.0+0x10/0x10 [ 200.035064][ T7023] ? iovec_from_user+0xbb/0x140 [ 200.035128][ T7023] ? iovec_from_user+0xbb/0x140 [ 200.035175][ T7023] process_vm_rw+0x216/0x2c0 [ 200.035221][ T7023] ? __pfx_process_vm_rw+0x10/0x10 [ 200.035277][ T7023] ? __pfx___sys_sendmmsg+0x10/0x10 [ 200.035361][ T7023] ? xfd_validate_state+0x61/0x180 [ 200.035395][ T7023] ? __task_pid_nr_ns+0x17c/0x500 [ 200.035437][ T7023] __x64_sys_process_vm_readv+0xe2/0x1c0 [ 200.035494][ T7023] ? do_syscall_64+0x91/0x490 [ 200.035535][ T7023] ? lockdep_hardirqs_on+0x7c/0x110 [ 200.035574][ T7023] do_syscall_64+0xcd/0x490 [ 200.035619][ T7023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 200.035650][ T7023] RIP: 0033:0x7f3d9bb8e929 [ 200.035674][ T7023] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 200.035700][ T7023] RSP: 002b:00007f3d9caa8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000136 [ 200.035728][ T7023] RAX: ffffffffffffffda RBX: 00007f3d9bdb6080 RCX: 00007f3d9bb8e929 [ 200.035747][ T7023] RDX: 0000000000000004 RSI: 0000200000000040 RDI: 00000000000000f5 [ 200.035764][ T7023] RBP: 00007f3d9bc10b39 R08: 0000000000000003 R09: 0000000000000000 [ 200.035781][ T7023] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000000 [ 200.035798][ T7023] R13: 0000000000000000 R14: 00007f3d9bdb6080 R15: 00007ffdcbbebc48 [ 200.035838][ T7023] [ 202.917800][ T7072] Invalid ELF header magic: != ELF [ 203.330170][ T7069] random: crng reseeded on system resumption [ 204.593272][ T7093] Invalid ELF header magic: != ELF syzkaller syzkaller login: [ 220.755328][ T6806] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 220.755373][ T6806] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 220.771234][ T6806] Bluetooth: hci2: adv larger than maximum supported [ 220.771289][ T6806] Bluetooth: hci2: adv larger than maximum supported [ 220.778179][ T6806] Bluetooth: hci2: adv larger than maximum supported [ 220.786500][ T6806] Bluetooth: hci2: Unknown advertising packet type: 0x20 [ 220.793303][ T6806] Bluetooth: hci2: adv larger than maximum supported [ 221.233525][ T7296] Invalid ELF header magic: != ELF [ 224.458877][ T30] audit: type=1800 audit(6045596157.897:9): pid=7343 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.260" name="dbroot" dev="configfs" ino=17432 res=0 errno=0 [ 225.107539][ T6806] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 225.107587][ T6806] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 225.123683][ T6806] Bluetooth: hci3: adv larger than maximum supported [ 225.123735][ T6806] Bluetooth: hci3: adv larger than maximum supported [ 225.130690][ T6806] Bluetooth: hci3: adv larger than maximum supported [ 225.137407][ T6806] Bluetooth: hci3: Unknown advertising packet type: 0x20 [ 225.145585][ T6806] Bluetooth: hci3: adv larger than maximum supported [ 226.468642][ T7370] Invalid ELF header magic: != ELF [ 232.494594][ T7446] Invalid ELF header magic: != ELF [ 240.606804][ T7520] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 240.615652][ T7520] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 240.627554][ T7520] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 240.637746][ T7520] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 240.646823][ T7520] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 240.956466][ T7518] chnl_net:caif_netlink_parms(): no params data found [ 241.062783][ T7518] bridge0: port 1(bridge_slave_0) entered blocking state [ 241.069948][ T7518] bridge0: port 1(bridge_slave_0) entered disabled state [ 241.077399][ T7518] bridge_slave_0: entered allmulticast mode [ 241.086176][ T7518] bridge_slave_0: entered promiscuous mode [ 241.095452][ T7518] bridge0: port 2(bridge_slave_1) entered blocking state [ 241.102755][ T7518] bridge0: port 2(bridge_slave_1) entered disabled state [ 241.109994][ T7518] bridge_slave_1: entered allmulticast mode [ 241.119047][ T7518] bridge_slave_1: entered promiscuous mode [ 241.149328][ T7518] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 241.161557][ T7518] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 241.196558][ T7518] team0: Port device team_slave_0 added [ 241.205333][ T7518] team0: Port device team_slave_1 added [ 241.236108][ T7518] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 241.243244][ T7518] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 241.269962][ T7518] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 241.282472][ T7518] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 241.289443][ T7518] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 241.317328][ T7518] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 241.364806][ T7518] hsr_slave_0: entered promiscuous mode [ 241.371851][ T7518] hsr_slave_1: entered promiscuous mode [ 241.378116][ T7518] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 241.386496][ T7518] Cannot create hsr debugfs directory [ 241.536859][ T7518] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 241.548673][ T7518] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 241.558757][ T7518] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 241.569169][ T7518] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 241.600497][ T7518] bridge0: port 2(bridge_slave_1) entered blocking state [ 241.607755][ T7518] bridge0: port 2(bridge_slave_1) entered forwarding state [ 241.615424][ T7518] bridge0: port 1(bridge_slave_0) entered blocking state [ 241.622573][ T7518] bridge0: port 1(bridge_slave_0) entered forwarding state [ 241.676522][ T7518] 8021q: adding VLAN 0 to HW filter on device bond0 [ 241.692907][ T6814] bridge0: port 1(bridge_slave_0) entered disabled state [ 241.704243][ T6814] bridge0: port 2(bridge_slave_1) entered disabled state [ 241.722906][ T7518] 8021q: adding VLAN 0 to HW filter on device team0 [ 241.740356][ T6802] bridge0: port 1(bridge_slave_0) entered blocking state [ 241.747585][ T6802] bridge0: port 1(bridge_slave_0) entered forwarding state [ 241.762378][ T6814] bridge0: port 2(bridge_slave_1) entered blocking state [ 241.769546][ T6814] bridge0: port 2(bridge_slave_1) entered forwarding state [ 241.972557][ T7518] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 242.203294][ T7518] veth0_vlan: entered promiscuous mode [ 242.215355][ T7518] veth1_vlan: entered promiscuous mode [ 242.246817][ T7518] veth0_macvtap: entered promiscuous mode [ 242.257224][ T7518] veth1_macvtap: entered promiscuous mode [ 242.279514][ T7518] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 242.294657][ T7518] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 242.307691][ T7518] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.317673][ T7518] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.327161][ T7518] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.336061][ T7518] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.417760][ T6814] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 242.434170][ T6814] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 242.468247][ T6861] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 242.477894][ T6861] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 242.691083][ T7520] Bluetooth: hci4: command tx timeout [ 244.771556][ T7520] Bluetooth: hci4: command tx timeout [ 246.851004][ T7520] Bluetooth: hci4: command tx timeout [ 248.996964][ T7520] Bluetooth: hci4: command tx timeout [ 249.057119][ T7604] Invalid ELF header magic: != ELF [ 255.760822][ T7664] netlink: 504 bytes leftover after parsing attributes in process `syz.0.319'. [ 255.786812][ T7664] netlink: 350 bytes leftover after parsing attributes in process `syz.0.319'. [ 260.058260][ T7710] Invalid ELF header magic: != ELF [ 261.175194][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 261.181678][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 263.230535][ T7738] netlink: 504 bytes leftover after parsing attributes in process `syz.3.333'. [ 263.266514][ T7738] netlink: 350 bytes leftover after parsing attributes in process `syz.3.333'. [ 286.265351][ T7990] Invalid ELF header magic: != ELF [ 291.201025][ T8039] scsi_strcpy_devinfo: vendor string '/&c~n] | [ 291.201025][ T8039] M' is too long [ 291.240453][ T8039] scsi_strcpy_devinfo: model string 'Dd5 K2b [ 291.240453][ T8039] W ' is too long [ 292.010685][ T8057] Invalid ELF header magic: != ELF [ 292.811850][ T8067] netlink: 342 bytes leftover after parsing attributes in process `syz.0.395'. [ 292.825228][ T8067] netlink: 342 bytes leftover after parsing attributes in process `syz.0.395'. [ 292.844189][ T8067] netlink: 114 bytes leftover after parsing attributes in process `syz.0.395'. [ 300.533036][ T8138] kafs: addr_prefs: Invalid Command [ 301.504469][ C1] vcan0: j1939_tp_rxtimer: 0xffff888070b16400: rx timeout, send abort [ 301.512805][ C1] vcan0: j1939_tp_rxtimer: 0xffff888070b15400: rx timeout, send abort [ 301.521265][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888070b16400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 301.535740][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888070b15400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 305.536649][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805b47e400: rx timeout, send abort [ 305.545253][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805e86b800: rx timeout, send abort [ 305.560485][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88805b47e400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 305.575011][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88805e86b800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 307.539468][ T8217] scsi_strcpy_devinfo: vendor string '/&c~n] | [ 307.539468][ T8217] M' is too long [ 307.658950][ T8226] FAULT_INJECTION: forcing a failure. [ 307.658950][ T8226] name failslab, interval 1, probability 0, space 0, times 0 [ 307.672666][ T8226] CPU: 0 UID: 0 PID: 8226 Comm: syz.3.425 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) [ 307.672694][ T8226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 307.672704][ T8226] Call Trace: [ 307.672710][ T8226] [ 307.672718][ T8226] dump_stack_lvl+0x16c/0x1f0 [ 307.672751][ T8226] should_fail_ex+0x512/0x640 [ 307.672777][ T8226] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 307.672807][ T8226] should_failslab+0xc2/0x120 [ 307.672824][ T8226] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 307.672850][ T8226] ? lockdep_init_map_type+0x5c/0x280 [ 307.672875][ T8226] ? seq_open+0x55/0x170 [ 307.672895][ T8226] seq_open+0x55/0x170 [ 307.672914][ T8226] kernfs_fop_open+0x59f/0xda0 [ 307.672934][ T8226] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 307.672961][ T8226] do_dentry_open+0x741/0x1c10 [ 307.672989][ T8226] ? __pfx_kernfs_fop_open+0x10/0x10 [ 307.673012][ T8226] vfs_open+0x82/0x3f0 [ 307.673033][ T8226] path_openat+0x1de4/0x2cb0 [ 307.673065][ T8226] ? __pfx_path_openat+0x10/0x10 [ 307.673092][ T8226] ? __lock_acquire+0xb8a/0x1c90 [ 307.673117][ T8226] do_filp_open+0x20b/0x470 [ 307.673143][ T8226] ? __pfx_do_filp_open+0x10/0x10 [ 307.673184][ T8226] ? alloc_fd+0x471/0x7d0 [ 307.673214][ T8226] do_sys_openat2+0x11b/0x1d0 [ 307.673233][ T8226] ? __pfx_do_sys_openat2+0x10/0x10 [ 307.673261][ T8226] __x64_sys_openat+0x174/0x210 [ 307.673281][ T8226] ? __pfx___x64_sys_openat+0x10/0x10 [ 307.673310][ T8226] do_syscall_64+0xcd/0x490 [ 307.673339][ T8226] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 307.673357][ T8226] RIP: 0033:0x7f5746b8e929 [ 307.673372][ T8226] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 307.673389][ T8226] RSP: 002b:00007f5747a24038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 307.673406][ T8226] RAX: ffffffffffffffda RBX: 00007f5746db5fa0 RCX: 00007f5746b8e929 [ 307.673427][ T8226] RDX: 0000000000001182 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 307.673438][ T8226] RBP: 00007f5746c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 307.673448][ T8226] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 307.673458][ T8226] R13: 0000000000000000 R14: 00007f5746db5fa0 R15: 00007ffe8e829548 [ 307.673480][ T8226] [ 307.921169][ T8217] scsi_strcpy_devinfo: model string 'Dd5 K2b [ 307.921169][ T8217] W ' is too long [ 308.712648][ T8233] FAULT_INJECTION: forcing a failure. [ 308.712648][ T8233] name failslab, interval 1, probability 0, space 0, times 0 [ 308.742731][ T8233] CPU: 0 UID: 0 PID: 8233 Comm: syz.4.427 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) [ 308.742779][ T8233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 308.742796][ T8233] Call Trace: [ 308.742806][ T8233] [ 308.742818][ T8233] dump_stack_lvl+0x16c/0x1f0 [ 308.742863][ T8233] should_fail_ex+0x512/0x640 [ 308.742891][ T8233] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 308.742922][ T8233] should_failslab+0xc2/0x120 [ 308.742939][ T8233] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 308.742966][ T8233] ? proc_net_ns_init+0x42/0x410 [ 308.742985][ T8233] ? __pfx_proc_net_ns_init+0x10/0x10 [ 308.743002][ T8233] proc_net_ns_init+0x42/0x410 [ 308.743019][ T8233] ? __pfx_proc_net_ns_init+0x10/0x10 [ 308.743035][ T8233] ops_init+0x1e2/0x5f0 [ 308.743054][ T8233] setup_net+0x1ff/0x510 [ 308.743070][ T8233] ? lockdep_init_map_type+0x5c/0x280 [ 308.743095][ T8233] ? __pfx_setup_net+0x10/0x10 [ 308.743114][ T8233] ? debug_mutex_init+0x37/0x70 [ 308.743133][ T8233] copy_net_ns+0x2a6/0x5f0 [ 308.743154][ T8233] create_new_namespaces+0x3ea/0xa90 [ 308.743179][ T8233] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 308.743201][ T8233] ksys_unshare+0x45b/0xa40 [ 308.743225][ T8233] ? __pfx_ksys_unshare+0x10/0x10 [ 308.743249][ T8233] ? xfd_validate_state+0x61/0x180 [ 308.743278][ T8233] __x64_sys_unshare+0x31/0x40 [ 308.743301][ T8233] do_syscall_64+0xcd/0x490 [ 308.743331][ T8233] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 308.743349][ T8233] RIP: 0033:0x7f39a218e929 [ 308.743364][ T8233] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 308.743380][ T8233] RSP: 002b:00007f39a30de038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 308.743397][ T8233] RAX: ffffffffffffffda RBX: 00007f39a23b5fa0 RCX: 00007f39a218e929 [ 308.743409][ T8233] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 308.743419][ T8233] RBP: 00007f39a2210b39 R08: 0000000000000000 R09: 0000000000000000 [ 308.743430][ T8233] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 308.743447][ T8233] R13: 0000000000000000 R14: 00007f39a23b5fa0 R15: 00007fff198fe838 [ 308.743469][ T8233] [ 311.779228][ C1] vcan0: j1939_tp_rxtimer: 0xffff888026196800: rx timeout, send abort [ 311.787711][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805eecc000: rx timeout, send abort [ 311.796768][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888026196800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 311.811269][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88805eecc000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 312.614625][ T8267] can: request_module (can-proto-0) failed. [ 316.549080][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805c1ca400: rx timeout, send abort [ 316.557499][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805c1c8800: rx timeout, send abort [ 316.566150][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88805c1ca400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 316.581178][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88805c1c8800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 317.825088][ T8329] FAULT_INJECTION: forcing a failure. [ 317.825088][ T8329] name failslab, interval 1, probability 0, space 0, times 0 [ 317.845647][ T8329] CPU: 1 UID: 0 PID: 8329 Comm: syz.0.449 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) [ 317.845683][ T8329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 317.845693][ T8329] Call Trace: [ 317.845699][ T8329] [ 317.845707][ T8329] dump_stack_lvl+0x16c/0x1f0 [ 317.845738][ T8329] should_fail_ex+0x512/0x640 [ 317.845764][ T8329] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 317.845793][ T8329] should_failslab+0xc2/0x120 [ 317.845811][ T8329] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 317.845837][ T8329] ? proc_net_ns_init+0x42/0x410 [ 317.845856][ T8329] ? __pfx_proc_net_ns_init+0x10/0x10 [ 317.845873][ T8329] proc_net_ns_init+0x42/0x410 [ 317.845891][ T8329] ? __pfx_proc_net_ns_init+0x10/0x10 [ 317.845906][ T8329] ops_init+0x1e2/0x5f0 [ 317.845926][ T8329] setup_net+0x1ff/0x510 [ 317.845941][ T8329] ? lockdep_init_map_type+0x5c/0x280 [ 317.845966][ T8329] ? __pfx_setup_net+0x10/0x10 [ 317.845985][ T8329] ? debug_mutex_init+0x37/0x70 [ 317.846004][ T8329] copy_net_ns+0x2a6/0x5f0 [ 317.846025][ T8329] create_new_namespaces+0x3ea/0xa90 [ 317.846049][ T8329] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 317.846071][ T8329] ksys_unshare+0x45b/0xa40 [ 317.846094][ T8329] ? __pfx_ksys_unshare+0x10/0x10 [ 317.846118][ T8329] ? xfd_validate_state+0x61/0x180 [ 317.846148][ T8329] __x64_sys_unshare+0x31/0x40 [ 317.846171][ T8329] do_syscall_64+0xcd/0x490 [ 317.846200][ T8329] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 317.846219][ T8329] RIP: 0033:0x7fe93278e929 [ 317.846233][ T8329] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 317.846250][ T8329] RSP: 002b:00007fe933571038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 317.846268][ T8329] RAX: ffffffffffffffda RBX: 00007fe9329b5fa0 RCX: 00007fe93278e929 [ 317.846279][ T8329] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 317.846290][ T8329] RBP: 00007fe932810b39 R08: 0000000000000000 R09: 0000000000000000 [ 317.846300][ T8329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 317.846310][ T8329] R13: 0000000000000000 R14: 00007fe9329b5fa0 R15: 00007fff95454578 [ 317.846331][ T8329] [ 320.775610][ C0] vcan0: j1939_tp_rxtimer: 0xffff888022f01000: rx timeout, send abort [ 320.784982][ C0] vcan0: j1939_tp_rxtimer: 0xffff888022f02800: rx timeout, send abort [ 320.800362][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888022f01000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 320.814988][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888022f02800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 321.687174][ T8357] kexec: Could not allocate control_code_buffer [ 322.615338][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.626854][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 323.908981][ T8390] kexec: Could not allocate control_code_buffer [ 333.173679][ C1] vcan0: j1939_tp_rxtimer: 0xffff888041058400: rx timeout, send abort [ 333.182166][ C1] vcan0: j1939_tp_rxtimer: 0xffff888041058800: rx timeout, send abort [ 333.190737][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888041058400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 333.205201][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888041058800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 334.729087][ T8493] FAULT_INJECTION: forcing a failure. [ 334.729087][ T8493] name failslab, interval 1, probability 0, space 0, times 0 [ 334.742033][ T8493] CPU: 0 UID: 0 PID: 8493 Comm: syz.2.476 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) [ 334.742073][ T8493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 334.742090][ T8493] Call Trace: [ 334.742101][ T8493] [ 334.742112][ T8493] dump_stack_lvl+0x16c/0x1f0 [ 334.742182][ T8493] should_fail_ex+0x512/0x640 [ 334.742223][ T8493] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 334.742275][ T8493] should_failslab+0xc2/0x120 [ 334.742305][ T8493] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 334.742353][ T8493] ? proc_net_ns_init+0x42/0x410 [ 334.742385][ T8493] ? __pfx_proc_net_ns_init+0x10/0x10 [ 334.742415][ T8493] proc_net_ns_init+0x42/0x410 [ 334.742445][ T8493] ? __pfx_proc_net_ns_init+0x10/0x10 [ 334.742471][ T8493] ops_init+0x1e2/0x5f0 [ 334.742505][ T8493] setup_net+0x1ff/0x510 [ 334.742532][ T8493] ? lockdep_init_map_type+0x5c/0x280 [ 334.742573][ T8493] ? __pfx_setup_net+0x10/0x10 [ 334.742605][ T8493] ? debug_mutex_init+0x37/0x70 [ 334.742639][ T8493] copy_net_ns+0x2a6/0x5f0 [ 334.742673][ T8493] create_new_namespaces+0x3ea/0xa90 [ 334.742714][ T8493] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 334.742750][ T8493] ksys_unshare+0x45b/0xa40 [ 334.742785][ T8493] ? __pfx_ksys_unshare+0x10/0x10 [ 334.742822][ T8493] ? xfd_validate_state+0x61/0x180 [ 334.742870][ T8493] __x64_sys_unshare+0x31/0x40 [ 334.742907][ T8493] do_syscall_64+0xcd/0x490 [ 334.742954][ T8493] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 334.742984][ T8493] RIP: 0033:0x7f3d9bb8e929 [ 334.743008][ T8493] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 334.743036][ T8493] RSP: 002b:00007f3d9cac9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 334.743065][ T8493] RAX: ffffffffffffffda RBX: 00007f3d9bdb5fa0 RCX: 00007f3d9bb8e929 [ 334.743085][ T8493] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 334.743102][ T8493] RBP: 00007f3d9bc10b39 R08: 0000000000000000 R09: 0000000000000000 [ 334.743120][ T8493] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 334.743146][ T8493] R13: 0000000000000000 R14: 00007f3d9bdb5fa0 R15: 00007ffdcbbebc48 [ 334.743186][ T8493] [ 334.974659][ T31] INFO: task kworker/u10:0:6797 blocked for more than 143 seconds. [ 334.982628][ T31] Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 [ 334.990650][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 334.999319][ T31] task:kworker/u10:0 state:D stack:26952 pid:6797 tgid:6797 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 335.011473][ T31] Workqueue: netns cleanup_net [ 335.017119][ T31] Call Trace: [ 335.020488][ T31] [ 335.023484][ T31] __schedule+0x116a/0x5de0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 335.028075][ T31] ? __lock_acquire+0x622/0x1c90 [ 335.033205][ T31] ? __pfx___schedule+0x10/0x10 [ 335.038117][ T31] ? find_held_lock+0x2b/0x80 [ 335.043029][ T31] ? schedule+0x2d7/0x3a0 [ 335.047522][ T31] schedule+0xe7/0x3a0 [ 335.053453][ T31] schedule_timeout+0x257/0x290 [ 335.058389][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 335.063923][ T31] ? mark_held_locks+0x49/0x80 [ 335.069009][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 335.074377][ T31] __wait_for_common+0x2ff/0x4e0 [ 335.079346][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 335.088433][ T31] ? __pfx___wait_for_common+0x10/0x10 [ 335.123264][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 335.132640][ T31] ? flush_workqueue_prep_pwqs+0x2e9/0x510 [ 335.297636][ T31] __flush_workqueue+0x3e2/0x1230 [ 335.330883][ T31] ? __pfx___flush_workqueue+0x10/0x10 [ 335.345375][ T31] ? reacquire_held_locks+0xcd/0x1f0 [ 335.364917][ T31] ? __pfx_sock_def_readable+0x10/0x10 [ 335.388250][ T31] ? __pfx_sock_def_readable+0x10/0x10 [ 335.405743][ T31] rds_tcp_listen_stop+0x104/0x150 [ 335.560338][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 335.570963][ T31] rds_tcp_exit_net+0xcb/0x810 [ 335.575958][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 335.581948][ T31] ? __pfx___might_resched+0x10/0x10 [ 335.587392][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 335.593257][ T31] ops_undo_list+0x2ee/0xab0 [ 335.597870][ T31] ? __pfx_ops_undo_list+0x10/0x10 [ 335.603464][ T31] ? __local_bh_enable_ip+0xa4/0x120 [ 335.608941][ T31] cleanup_net+0x408/0x890 [ 335.614086][ T31] ? __pfx_cleanup_net+0x10/0x10 [ 335.619049][ T31] ? rcu_is_watching+0x12/0xc0 [ 335.624312][ T31] process_one_work+0x9cc/0x1b70 [ 335.629381][ T31] ? __pfx_process_one_work+0x10/0x10 [ 335.636222][ T31] ? assign_work+0x1a0/0x250 [ 335.641199][ T31] worker_thread+0x6c8/0xf10 [ 335.645875][ T31] ? __pfx_worker_thread+0x10/0x10 [ 335.652088][ T31] kthread+0x3c5/0x780 [ 335.656203][ T31] ? __pfx_kthread+0x10/0x10 [ 335.670909][ T31] ? rcu_is_watching+0x12/0xc0 [ 335.675749][ T31] ? __pfx_kthread+0x10/0x10 [ 335.700547][ T31] ret_from_fork+0x5d4/0x6f0 [ 335.711624][ T31] ? __pfx_kthread+0x10/0x10 [ 335.722059][ T31] ret_from_fork_asm+0x1a/0x30 [ 335.740387][ T31] [ 335.743631][ T31] [ 335.743631][ T31] Showing all locks held in the system: [ 335.751515][ T31] 1 lock held by khungtaskd/31: [ 335.756494][ T31] #0: ffffffff8e5c47c0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0 [ 335.767769][ T31] 2 locks held by syz-executor/5818: [ 335.773200][ T31] 3 locks held by kworker/u10:0/6797: [ 335.778796][ T31] #0: ffff88801c6fe148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 [ 335.789549][ T31] #1: ffffc90004567d10 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 [ 335.810079][ T31] #2: ffffffff90338190 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xad/0x890 [ 335.846745][ T31] 2 locks held by kworker/u10:6/6913: [ 335.852372][ T31] #0: ffff8881446df148 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 [ 335.879770][ T31] #1: ffffc90004c57d10 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 [ 335.923155][ T31] 2 locks held by getty/7265: [ 335.940512][ T31] #0: ffff888031d040a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 335.963748][ T31] #1: ffffc900044b32f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0 [ 335.987561][ T31] 1 lock held by syz.1.262/7355: [ 336.001357][ T31] #0: ffffffff90338190 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x286/0x5f0 [ 336.027282][ T31] 1 lock held by syz.4.487/8495: [ 336.036289][ T31] #0: ffffffff8e5cfdb8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x284/0x3c0 [ 336.058225][ T31] 1 lock held by syz.2.476/8491: [ 336.067296][ T31] [ 336.073740][ T31] ============================================= [ 336.073740][ T31] [ 336.090493][ T31] NMI backtrace for cpu 1 [ 336.090517][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) [ 336.090552][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 336.090569][ T31] Call Trace: [ 336.090578][ T31] [ 336.090589][ T31] dump_stack_lvl+0x116/0x1f0 [ 336.090638][ T31] nmi_cpu_backtrace+0x27b/0x390 [ 336.090670][ T31] ? _raw_spin_unlock_irqrestore+0x61/0x80 [ 336.090712][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 336.090749][ T31] nmi_trigger_cpumask_backtrace+0x29c/0x300 [ 336.090787][ T31] watchdog+0xf70/0x12c0 [ 336.090835][ T31] ? __pfx_watchdog+0x10/0x10 [ 336.090872][ T31] ? lockdep_hardirqs_on+0x7c/0x110 [ 336.090916][ T31] ? __kthread_parkme+0x19e/0x250 [ 336.090952][ T31] ? __pfx_watchdog+0x10/0x10 [ 336.090990][ T31] kthread+0x3c5/0x780 [ 336.091029][ T31] ? __pfx_kthread+0x10/0x10 [ 336.091071][ T31] ? rcu_is_watching+0x12/0xc0 [ 336.091100][ T31] ? __pfx_kthread+0x10/0x10 [ 336.091139][ T31] ret_from_fork+0x5d4/0x6f0 [ 336.091173][ T31] ? __pfx_kthread+0x10/0x10 [ 336.091213][ T31] ret_from_fork_asm+0x1a/0x30 [ 336.091261][ T31] [ 336.091272][ T31] Sending NMI from CPU 1 to CPUs 0: [ 336.216679][ C0] NMI backtrace for cpu 0 [ 336.216698][ C0] CPU: 0 UID: 0 PID: 8277 Comm: kworker/u10:9 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) [ 336.216725][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 336.216739][ C0] Workqueue: events_unbound toggle_allocation_gate [ 336.216775][ C0] RIP: 0010:memcmp+0x2d/0x1d0 [ 336.216798][ C0] Code: fa 41 56 41 55 49 bd 00 00 00 00 00 fc ff df 41 54 49 89 d4 55 48 89 f5 53 48 89 fb 48 83 ec 08 48 83 fa 07 0f 87 05 01 00 00 <4d> 85 e4 0f 84 45 01 00 00 49 bd 00 00 00 00 00 fc ff df 49 01 dc [ 336.216817][ C0] RSP: 0018:ffffc90003eaf8f8 EFLAGS: 00000097 [ 336.216833][ C0] RAX: 0000000000000000 RBX: ffffffff8216c313 RCX: 0000000000000000 [ 336.216846][ C0] RDX: 0000000000000001 RSI: ffffffff93d11b2b RDI: ffffffff8216c313 [ 336.216860][ C0] RBP: ffffffff93d11b2b R08: 0000000000000000 R09: 0000000000029fbd [ 336.216873][ C0] R10: ffff88801b870737 R11: 0000000000000001 R12: 0000000000000001 [ 336.216886][ C0] R13: dffffc0000000000 R14: 0000000000000001 R15: 8000000000000063 [ 336.216899][ C0] FS: 0000000000000000(0000) GS:ffff88812475f000(0000) knlGS:0000000000000000 [ 336.216920][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 336.216934][ C0] CR2: 0000200000591000 CR3: 000000000e382000 CR4: 00000000003526f0 [ 336.216948][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 336.216961][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 336.216974][ C0] Call Trace: [ 336.216980][ C0] [ 336.216990][ C0] ? kmem_cache_alloc_noprof+0x83/0x3b0 [ 336.217021][ C0] __text_poke+0x7b5/0xb70 [ 336.217053][ C0] ? __pfx_text_poke_memcpy+0x10/0x10 [ 336.217087][ C0] ? __pfx___text_poke+0x10/0x10 [ 336.217117][ C0] ? kmem_cache_alloc_noprof+0x83/0x3b0 [ 336.217149][ C0] smp_text_poke_batch_finish+0x4f2/0xdb0 [ 336.217175][ C0] ? __pfx_smp_text_poke_batch_finish+0x10/0x10 [ 336.217201][ C0] ? arch_jump_label_transform_queue+0xc0/0x120 [ 336.217232][ C0] arch_jump_label_transform_apply+0x1c/0x30 [ 336.217255][ C0] jump_label_update+0x376/0x550 [ 336.217283][ C0] static_key_enable_cpuslocked+0x1b7/0x270 [ 336.217310][ C0] static_key_enable+0x1a/0x20 [ 336.217336][ C0] toggle_allocation_gate+0xfa/0x280 [ 336.217366][ C0] ? __pfx_toggle_allocation_gate+0x10/0x10 [ 336.217406][ C0] ? rcu_is_watching+0x12/0xc0 [ 336.217429][ C0] process_one_work+0x9cc/0x1b70 [ 336.217464][ C0] ? __pfx_cfg80211_wiphy_work+0x10/0x10 [ 336.217488][ C0] ? __pfx_process_one_work+0x10/0x10 [ 336.217522][ C0] ? assign_work+0x1a0/0x250 [ 336.217551][ C0] worker_thread+0x6c8/0xf10 [ 336.217586][ C0] ? __kthread_parkme+0x19e/0x250 [ 336.217610][ C0] ? __pfx_worker_thread+0x10/0x10 [ 336.217639][ C0] kthread+0x3c5/0x780 [ 336.217667][ C0] ? __pfx_kthread+0x10/0x10 [ 336.217695][ C0] ? rcu_is_watching+0x12/0xc0 [ 336.217716][ C0] ? __pfx_kthread+0x10/0x10 [ 336.217743][ C0] ret_from_fork+0x5d4/0x6f0 [ 336.217769][ C0] ? __pfx_kthread+0x10/0x10 [ 336.217796][ C0] ret_from_fork_asm+0x1a/0x30 [ 336.217826][ C0] [ 336.644697][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 336.651622][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) [ 336.663444][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 336.673606][ T31] Call Trace: [ 336.676899][ T31] [ 336.679833][ T31] dump_stack_lvl+0x3d/0x1f0 [ 336.684450][ T31] panic+0x71c/0x800 [ 336.688358][ T31] ? __pfx___irq_work_queue_local+0x10/0x10 [ 336.694266][ T31] ? __pfx_panic+0x10/0x10 [ 336.698708][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 336.704121][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 336.710118][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 336.715499][ T31] ? watchdog+0xdda/0x12c0 [ 336.719926][ T31] ? watchdog+0xdcd/0x12c0 [ 336.724356][ T31] watchdog+0xdeb/0x12c0 [ 336.728618][ T31] ? __pfx_watchdog+0x10/0x10 [ 336.733306][ T31] ? lockdep_hardirqs_on+0x7c/0x110 [ 336.738518][ T31] ? __kthread_parkme+0x19e/0x250 [ 336.743554][ T31] ? __pfx_watchdog+0x10/0x10 [ 336.748262][ T31] kthread+0x3c5/0x780 [ 336.752349][ T31] ? __pfx_kthread+0x10/0x10 [ 336.756973][ T31] ? rcu_is_watching+0x12/0xc0 [ 336.761771][ T31] ? __pfx_kthread+0x10/0x10 [ 336.766373][ T31] ret_from_fork+0x5d4/0x6f0 [ 336.770975][ T31] ? __pfx_kthread+0x10/0x10 [ 336.775588][ T31] ret_from_fork_asm+0x1a/0x30 [ 336.780369][ T31] [ 336.783671][ T31] Kernel Offset: disabled [ 336.788018][ T31] Rebooting in 86400 seconds..