last executing test programs: 34.886008s ago: executing program 3 (id=220): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0x0) fstat$auto(0xffffffffffffffff, &(0x7f0000000000)={0x5, 0x80000001, 0x0, 0x100, 0x0, 0x0, 0x0, 0xffffffffffffff91, 0xfd3, 0x2, 0xec, 0x4, 0x80000020281, 0x8, 0x2, 0xfffffffffffffff8}) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYBLOB="1a0027"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0006, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x2, 0xa7a9, 0x16000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x400053, 0x9) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sg0\x00', 0x8402, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_null_fops_mem(0xffffffffffffff9c, &(0x7f00000000c0), 0x6f4ccf2bee9fe3e6, 0x0) read$auto_null_fops_mem(r0, &(0x7f0000000100)=""/98, 0x62) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x24c802, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x56b583, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/igmp6\x00', 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000840), r1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) setgroups$auto(0xe32, 0x0) madvise$auto(0x0, 0x200007, 0x19) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop6\x00', 0x8081, 0x0) ioctl$auto_SG_GET_RESERVED_SIZE(r2, 0x4c04, 0x0) 31.673444254s ago: executing program 3 (id=231): r0 = socket(0xa, 0x802, 0x3a) setsockopt$auto(r0, 0x29, 0x21, &(0x7f0000000880)='\x15!\xa8^J/\xddCx4!\x00\xd3\x8f\xff\x1b\x01\x1e\xe2\xa8\xd6\xd9\xc0\xa2\x0f\x88\xb1e\x8a\xd8?\xfe\xda\xc4\xef\xff(i\xc6@\xf2Vw\xbe\x1c$\xddm\x8a\x9d\x91_\vBj\x0eQ\xce\x16\'C\x8c\x01\x80\x92u\xd5\xb8\\\x82,\xe2=y\x9bR\xbcn\xa0c\x16~\x86\"t\x00\x00\x00\x00\xe4\xa5\xfe\xb5h\xae\xec%\xf9\x94>\xd6,\xf3\x98\'\xb0\t~~\xb4\x98\xbb3=A\x9c\x17\xaa\xce\fh-M\xdb-\x15VX\xfe\xca+\xb5\x95\xb3JL\x0fl\xe84\xbd\xa3nO\x9f\xfa\xb1\x06$\b$i3\x83\xd7\x06\xd6\x1e\xdbB\x9bb\x1cXC\x8c\x8b\xd9\xff\xf2Bf\x99!Z\x13\xff\xca\xf3e\x015\x9b\x86\xd6$\x1a\r3\x91\xb7\x942\xeb\xadVA\xfc\x1f\xbf1\xb7T\xc1\xbf\xc0\xc2\xfc\xe8w\xd33\xb2,\xb0\x9fA3\xc2\xa2\x1cM\x825\x94U\xbbNeb\xd2\xa9\x0f\xed\x8b\xea\xfa\x8a\x04.\xffMIw\x0f\xd6\xae^\xd2\xf1j\xcb\r\xa4\x1d0d\xca\x81\x9c\x80GL\x0e\xe6\x19\x8au\x1a7\xc5|\xf6\x1e\xe00\xc6\"\x83\x1c\xa2\x9e\a\x1c\xea\xa3\x9c\xe1BF\x05b\xf6\xdcf\x04\xd9B\xb9\x98\x9cq\xbd\xfb\xb5~\xf2\x8d\x9f`\xec\xd0\xafY\xcf\x84', 0x18000113) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "3d64dc8bff7fff7f610000000024"}, 0x55) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) mmap$auto(0x0, 0x480008, 0x100000000df, 0x9b72, 0x2, 0x8000) r1 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0) ioctl$auto(r1, 0x41045508, r1) getpeername$auto(0x3, 0x0, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snd/midiC2D0\x00', 0x80102, 0x0) socket(0x28, 0x1, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nbd11/integrity/tag_size\x00', 0x0, 0x0) read$auto(r2, &(0x7f00000000c0)='/sys/devices/platform/vhci_hcd.7/usb23/23-0:1.0/ep_81/interval\x00', 0x3) socketcall$auto_SYS_RECVMMSG(0x13, 0x0) read$auto(0x3, 0x0, 0x80) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x800, 0x0) mmap$auto(0x9, 0x4, 0xdf, 0x9b72, r2, 0x800008000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r3 = socket(0x10, 0x2, 0x4) mmap$auto(0xfffffffffffffffc, 0x400000000000005, 0xdf, 0xaa78, r3, 0x200008003) mmap$auto(0x3, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) mremap$auto(0xa, 0x0, 0x9, 0x7, 0xfffffffffffffff9) close_range$auto(0x2, 0x8, 0x0) 30.336586872s ago: executing program 3 (id=238): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) (async, rerun: 64) socket(0xa, 0x1, 0x84) (rerun: 64) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) io_uring_setup$auto(0x6, 0x0) (async) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) (async, rerun: 64) setsockopt$auto(0x3, 0x10000000084, 0x75, 0x0, 0x8) (async, rerun: 64) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) setsockopt$auto(0xffffffffffffffff, 0x83, 0x79, 0x0, 0x4008) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async, rerun: 64) r0 = io_uring_setup$auto(0x6, 0x0) (rerun: 64) io_uring_register$auto(r0, 0x11, 0x0, 0x5) (async) r1 = socket(0xa, 0x1, 0x84) getsockopt$auto(r1, 0x84, 0xe, 0x0, &(0x7f0000000040)=0xb0) 29.227939005s ago: executing program 3 (id=242): openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20342, 0x0) mmap$auto(0x0, 0x16da, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/pci0000:00/0000:00:03.0/resource0\x00', 0x103000, 0x0) socket(0x2, 0x80002, 0x73) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/module/usb_storage/parameters/delay_use\x00', 0x181942, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000500)='/sys/devices/virtual/block/ram12/queue/read_ahead_kb\x00', 0x80000, 0x0) read$auto(r2, 0x0, 0x20) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/pci/00/01.3\x00', 0x149041, 0x0) writev$auto(r3, &(0x7f0000000200)={0x0, 0x5}, 0xa) read$auto(r0, 0x0, 0x7) r4 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r4, 0xaf01, 0x5) symlink$auto(&(0x7f0000000300)='\\\':.\x00', &(0x7f0000000340)='\xfb\x00') readlink$auto(&(0x7f0000000b00)='\xfb\x00', 0x0, 0x800) r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r5, &(0x7f0000000200)={0x0, 0x7}, 0x5) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) r6 = socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) poll$auto(&(0x7f0000000480)={r6, 0x8000, 0xff81}, 0x7, 0x54b) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0x3, 0x0, 0xfdef) 27.023519056s ago: executing program 3 (id=250): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000640)='/dev/loop4\x00', 0x101000, 0x0) ioctl$auto_IOC_PR_RESERVE(r0, 0x401070c9, 0x0) select$auto(0x0, &(0x7f0000000000)={[0xff, 0x6, 0xfffffffffffeffff, 0xfffffffffffffffb, 0x5, 0x766e8315, 0x6, 0x2000000000, 0xf1, 0x1dd, 0x8, 0x10000, 0x7fffffffffffffff, 0xfffffffffffffff7, 0x7, 0xfffffffffffffff8]}, &(0x7f0000000080)={[0x1ff, 0x8, 0x2d9, 0x8, 0x7, 0x100, 0x4, 0x3ff, 0x713, 0x8, 0x6, 0x623, 0x3, 0x9, 0x4, 0x7fff]}, &(0x7f0000000100)={[0x5135, 0x7ff, 0xe, 0x1, 0x3, 0x9e, 0x4, 0x4, 0x7, 0x866, 0x1ff, 0x9, 0xdc3, 0x90, 0x7, 0x2]}, &(0x7f0000000180)={0xf75, 0x8}) 25.924470882s ago: executing program 3 (id=257): r0 = open_tree_attr$auto(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x2, &(0x7f0000000040)={0xe72, 0x7fffffffffffffff, 0x9, @inferred=0xffffffffffffffff}, 0xffff) readv$auto(r0, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) r2 = socket(0xa, 0x801, 0x84) mmap$auto(0x0, 0x8, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) r3 = getsockopt$auto(0xffffffffffffffff, 0x4, 0x40400000, 0x0, &(0x7f0000000280)=0x3) lseek$auto(r2, 0x8000000000000003, 0x7fffffff) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) r4 = socket(0x2b, 0x1, 0x1) getsockopt$auto(r4, 0x11e, 0x1, 0xfffffffffffffffe, 0x0) mmap$auto(0x1, 0x5, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x110c230000, 0x1, 0x9) r5 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/pagetypeinfo\x00', 0x4d35c2, 0x0) futex$auto(0x0, 0xc, 0xffffffff, 0x0, 0x0, 0x4) read$auto_proc_iter_file_ops_compat_inode(r5, &(0x7f00000007c0)=""/153, 0x99) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r6 = socket(0x2, 0x4, 0x0) statx$auto(r3, 0x0, 0x40081, 0x10400803, 0x0) pread64$auto(0xffffffffffffffff, 0x0, 0x800, 0x45e) setsockopt$auto(r6, 0x29, 0x30, 0x0, 0x56b) mmap$auto(0x0, 0x40009, 0x36, 0x19, 0x7, 0x28000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x2003f0, 0x18) mlock$auto(0x5, 0xffff) r7 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r8 = openat$auto_urandom_fops_random(0xffffffffffffff9c, 0x0, 0x40, 0x0) ioctl$auto_RNDADDENTROPY2(r8, 0x40085203, 0x0) ptrace$auto(0x10, r7, 0x1000000009, 0x7fb) getsockopt$auto_SO_INCOMING_NAPI_ID(r1, 0x5, 0x38, &(0x7f00000000c0)='/proc/pagetypeinfo\x00', &(0x7f0000000100)=0x3) ptrace$auto(0xf, r7, 0x1, 0x4f) 10.789932199s ago: executing program 32 (id=257): r0 = open_tree_attr$auto(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x2, &(0x7f0000000040)={0xe72, 0x7fffffffffffffff, 0x9, @inferred=0xffffffffffffffff}, 0xffff) readv$auto(r0, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) r2 = socket(0xa, 0x801, 0x84) mmap$auto(0x0, 0x8, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) r3 = getsockopt$auto(0xffffffffffffffff, 0x4, 0x40400000, 0x0, &(0x7f0000000280)=0x3) lseek$auto(r2, 0x8000000000000003, 0x7fffffff) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) r4 = socket(0x2b, 0x1, 0x1) getsockopt$auto(r4, 0x11e, 0x1, 0xfffffffffffffffe, 0x0) mmap$auto(0x1, 0x5, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x110c230000, 0x1, 0x9) r5 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/pagetypeinfo\x00', 0x4d35c2, 0x0) futex$auto(0x0, 0xc, 0xffffffff, 0x0, 0x0, 0x4) read$auto_proc_iter_file_ops_compat_inode(r5, &(0x7f00000007c0)=""/153, 0x99) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r6 = socket(0x2, 0x4, 0x0) statx$auto(r3, 0x0, 0x40081, 0x10400803, 0x0) pread64$auto(0xffffffffffffffff, 0x0, 0x800, 0x45e) setsockopt$auto(r6, 0x29, 0x30, 0x0, 0x56b) mmap$auto(0x0, 0x40009, 0x36, 0x19, 0x7, 0x28000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x2003f0, 0x18) mlock$auto(0x5, 0xffff) r7 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r8 = openat$auto_urandom_fops_random(0xffffffffffffff9c, 0x0, 0x40, 0x0) ioctl$auto_RNDADDENTROPY2(r8, 0x40085203, 0x0) ptrace$auto(0x10, r7, 0x1000000009, 0x7fb) getsockopt$auto_SO_INCOMING_NAPI_ID(r1, 0x5, 0x38, &(0x7f00000000c0)='/proc/pagetypeinfo\x00', &(0x7f0000000100)=0x3) ptrace$auto(0xf, r7, 0x1, 0x4f) 9.166907327s ago: executing program 0 (id=320): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6f) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x9, 0x20000000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) syz_genetlink_get_family_id$auto_nl80211(0x0, r0) mmap$auto(0x3, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0xd4, 0x1, 0x9, 0x0, 0x1, 0x368e, 0x2, {0x100000002, 0x10000}, 0x5, 0x6, 0xfffffffffffffffd, 0x1008000, 0x0, 0x9, 0x81, 0xdfffffffffff628e, 0x6, 0xdeb1, 0x808}) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/fs/xfs/stats/stats_clear\x00', 0x20681, 0x0) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) socket(0xa, 0x7, 0x88) write$auto(0x3, 0x0, 0xfdef) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x8002, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D1\x00', 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0xa3db) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) madvise$auto(0x0, 0x20499d, 0x9) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0xa, 0x0, 0x1, 0x0, 0x0, 0x40008d0}, 0x40800) r2 = socket(0xa, 0x5, 0x84) sendto$auto(r2, 0x0, 0x401, 0x7f, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fe80fffefec03f00"}, 0x1c) r3 = signalfd4$auto(0xffffffff, 0x0, 0x8, 0x0) read$auto_l2cap_debugfs_fops_(r3, &(0x7f0000000240)=""/177, 0xb1) timer_create$auto(0x8, 0x0, 0x0) timer_settime$auto(0x0, 0x9, &(0x7f00000000c0)={{0x7fff, 0x30d}, {0x7, 0x4}}, 0x0) rt_sigaction$auto(0xe, &(0x7f0000000580)={&(0x7f00000004c0)=0x0, 0x100000001, 0x0, {0x7}}, 0x0, 0x8) unshare$auto(0x40000080) r4 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000680), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_SMC_NETLINK_REMOVE_UEID(r5, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000840)={0x3c, r4, 0x1, 0x70bd2c, 0x25dfdbfe, {}, [@SMC_NLA_EID_TABLE_ENTRY={0x25, 0x1, '/sys/kernel/debug/wakeup_sources\x00'}]}, 0x3c}, 0x1, 0x0, 0x0, 0x24008040}, 0x4040) 8.001128725s ago: executing program 2 (id=322): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) socket(0xa, 0x6, 0x0) (async) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa}, 0x55) unshare$auto(0x40000080) (async) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, 0x0, 0x8080) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) madvise$auto(0x0, 0xffffffffffff0005, 0x17) (async, rerun: 64) madvise$auto(0x0, 0xffffffffffff0001, 0x15) (rerun: 64) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NCSI_CMD_PKG_INFO(r0, 0x0, 0x44088) (async, rerun: 32) madvise$auto(0x0, 0xffffffffffff0005, 0x19) (rerun: 32) r1 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x40400, 0x0) ioctl$auto_posix_clock_file_operations_posix_clock(r1, 0xc, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r2) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="2f212dbd7000fcdbdf252100000008000300", @ANYRES32=r4, @ANYBLOB="08009e"], 0x24}}, 0x4000000) (async, rerun: 64) madvise$auto(0x0, 0x53, 0x9) (rerun: 64) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r5 = socket(0x10, 0x3, 0x6) (async, rerun: 32) r6 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) (rerun: 32) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)={0xf8, r6, 0x1, 0x70bd2d, 0x25dfdbfe, {}, [@ETHTOOL_A_LINKMODES_OURS={0xe4, 0x3, 0x0, 0x1, [@typed={0x8, 0xc2, 0x0, 0x0, @ipv4=@multicast2}, @typed={0x4, 0x2a}, @typed={0x4, 0x11}, @typed={0x8, 0x2e, 0x0, 0x0, @fd=r5}, @generic="d152e64e22695352dd73864415aa8a78c65e6ab752fb4d469a47a092ae7d5061cdd9690cac4138553ecfbb1b32dd7c33b14cc842bc1e2a5da4203e64ceaa9db5223aa655b6313c011b3e73a75f1aa1f7b2ea43344b15bd494886e355cf6d92c8fe670a42bc677830013e9c4aa4fa30c3e6630bf0ed13206d5a18f6813c6fb03466112aedf5d67bb5b99fe96a6dcd279916b0bce029925b63c48d41ca8a76e46c", @nested={0x28, 0x5, 0x0, 0x1, [@nested={0x24, 0x63, 0x0, 0x1, [@nested={0x20, 0x9e, 0x0, 0x1, [@typed={0x8, 0x5a, 0x0, 0x0, @str='/}!\x00'}, @nested={0x10, 0x86, 0x0, 0x1, [@typed={0xc, 0xd, 0x0, 0x0, @u64=0x6}]}, @nested={0x4, 0xc9}]}]}]}]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x40000}, 0x2404c810) (async) mremap$auto(0x1fc000, 0xfee0, 0x3fd6, 0x3, 0xfffff000) close_range$auto(0x2, 0x8, 0x0) migrate_pages$auto(0x0, 0x8, 0x0, 0x0) (async) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x80502, 0x0) ioperm$auto(0x7, 0x86, 0x40006) (async) socket$nl_generic(0x10, 0x3, 0x10) statmount$auto(0x0, 0x0, 0x9, 0xd) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) 6.082649848s ago: executing program 0 (id=325): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) read$auto(r0, 0x0, 0x80000001) open(0x0, 0x2a4c0, 0x20) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x8000, 0x0) r2 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0) ioctl$auto(r2, 0xc0045540, r1) 5.76400263s ago: executing program 2 (id=327): mmap$auto(0x0, 0x5, 0xdf, 0x9b72, 0x2, 0x9) read$auto(0xffffffffffffffff, 0x0, 0x20) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x48041, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) adjtimex$auto(&(0x7f00000004c0)={0xf332b6f, 0x0, 0x0, 0x7, 0xd4, 0x1, 0x6, 0x0, 0x1, 0x80000000368e, 0x8, {0x100000000, 0x10000}, 0x5, 0x6, 0xfffffffffffffffd, 0x1008000, 0x0, 0x80000004, 0x81, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x804}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000500)='/dev/video0\x00', 0x0, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/\x00'/12, 0xa3d6) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x6cb4, 0x3, 0x15f4da0a, 0x3, 0x3, 0x9, 0x80000001, 0x7, 0xd0a2, 0x9, 0x2, 0xfffffffffffffffd]}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) timerfd_create$auto(0x100, 0x1) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x2, 0x100) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x4, 0x3) socket$nl_generic(0x10, 0x3, 0x10) getcwd$auto(&(0x7f0000000100)='+:%[%\x00', 0x5) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/pagemap\x00', 0x102, 0x0) openat$auto_proc_gid_map_operations_base(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket(0x9, 0x1, 0x4) msync$auto(0x0, 0x2000000005, 0x6) r1 = socket$nl_generic(0x10, 0x3, 0x10) madvise$auto(0x7fffffffffffffff, 0x7fffffffffffffff, 0xa) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x5) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) setsockopt$auto(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x4) sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, 0x0, 0x8000) 4.982975067s ago: executing program 0 (id=328): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/can/rcvlist_inv\x00', 0x0, 0x0) pread64$auto(r0, 0x0, 0xe, 0x100000000007) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) close_range$auto(0x2, 0x8, 0x0) (async) ptrace$auto(0x4206, 0x1, 0x0, 0x200005) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0xf000, 0x8, 0x1000000003, 0x9b72, 0x2, 0x8000) open$dir(0x0, 0x42, 0x20) r1 = ioctl$auto_TUNSETVNETHDRSZ2(0xffffffffffffffff, 0x400454d8, &(0x7f0000000000)=0xd7) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) 4.543033342s ago: executing program 2 (id=329): r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) open(&(0x7f0000000100)='.\x00', 0x591083, 0x408) r1 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card0\x00', 0x20300, 0x0) ioctl$auto(r1, 0x64c5, r1) pipe$auto(&(0x7f0000000040)=r0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1d, 0x800, 0x3ab) openat$auto_xfs_dir_file_operations_xfs_file(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/bluetooth/hci7/hci7:201\x00', 0x4000, 0x0) r2 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/smaps_rollup\x00', 0x40000, 0x0) ioprio_set$auto(0x3, 0x0, 0x4b34) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x8081, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) open(0x0, 0xc0000, 0x1) writev$auto(0x1, &(0x7f0000000100)={0x0, 0x400000000000fdef}, 0x1) socket(0x1d, 0x2, 0x2) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/bridge/bridge-nf-pass-vlan-input-dev\x00', 0x80200, 0x0) sendfile$auto(r3, r3, 0x0, 0x200) connect$auto(0x3, 0x0, 0x55) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) write$auto(0x3, 0x0, 0x5c8) socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x16, 0x940, 0x1ffe0, 0x3, 0x1000000000006, 0xfffffffffffffffc, 0x9, 0x5, 0xfff, 0x7, 0xb0, 0x9, 0x5, 0x3, 0x5, 0x7, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x10000000000]}, 0x1fe, 0x81) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r4 = socket(0x10, 0x2, 0x0) mmap$auto(0x2, 0x5, 0x9, 0xffffffff80000011, r2, 0x8001) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) fcntl$auto(0x0, 0x407, 0x100000) madvise$auto(0x4, 0xffffffffffff0005, 0x19) 4.456115812s ago: executing program 0 (id=330): r0 = open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) close_range$auto(0x2, 0x8000, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) socket(0x10, 0x2, 0x0) sendmsg$auto_OVS_DP_CMD_DEL(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x14, 0x0, 0x1, 0x70bd29, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x20040c04}, 0xc0804) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB='i'], 0x1ac}}, 0x40000) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) r1 = socket(0xa, 0x2, 0x88) uname$auto(0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) write$auto_ocfs2_control_fops_stack_user(r0, &(0x7f0000000280), 0x0) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'ip_vti0\x00', 0x0}) (async) mmap$auto(0x0, 0x40, 0xdf, 0x9b72, 0x2, 0x8000) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) (async) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x68, 0x0, 0x200, 0x70bd26, 0x25dfdbfe, {}, [@HSR_A_IF1_AGE={0x8, 0x3, 0x204}, @HSR_A_IF2_SEQ={0x6, 0x7, 0x8000}, @HSR_A_IFINDEX={0x8}, @HSR_A_NODE_ADDR_B={0xa}, @HSR_A_NODE_ADDR={0xa}, @HSR_A_NODE_ADDR={0xa}, @HSR_A_IF2_AGE={0x8, 0x4, 0x9}, @HSR_A_IFINDEX={0x8}, @HSR_A_IF2_AGE={0x8, 0x4, 0x973}]}, 0x68}, 0x1, 0x0, 0x0, 0x18a64d47ddeca1f0}, 0x40090) socket(0x2, 0x3, 0x100) (async) socket(0x10, 0x2, 0x0) (async) r4 = socket(0x10, 0x2, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00082dbd7000fedbdf250300000008000400b70a0000060007000080000008000200", @ANYRES32, @ANYBLOB="0a0005000180c200000e00000a0001000180c200000e00000a000100aaaaaaaaaa35000008000200", @ANYRES32=r4, @ANYBLOB="060006000500dfff08000d"], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r3, r2, 0x4, 0x1ff, r1, @relative_id=0x13, 0xe600}, 0xf) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r0, 0x0, 0x3}, 0xc) 4.031853858s ago: executing program 1 (id=332): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x40008000) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x3, 0x0) r0 = pipe$auto(0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x801, 0x106) socket(0x15, 0x5, 0x0) socket(0x10, 0x2, 0x0) r2 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRESOCT=r0, @ANYRES8=r1, @ANYRES32], 0x18}, 0x1, 0x0, 0x0, 0x40040}, 0x80) 3.864061799s ago: executing program 0 (id=333): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) write$auto(0x3, 0x0, 0x7fffffff) write$auto(0x1, 0x0, 0x80000000) r0 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x5) r1 = socket(0x2b, 0x1, 0x1) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r1, 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) close_range$auto(r0, r0, 0x9) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyzb\x00', 0x800, 0x0) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="13002cbd7000dddbdf253d7c000008000300", @ANYRES32=r4], 0x24}, 0x1, 0x0, 0x0, 0x24004080}, 0x20040894) ioctl$auto(0x3, 0x40246f4c, 0x38) sendmsg$auto_NFC_CMD_DEP_LINK_DOWN(r1, 0x0, 0x20000001) mmap$auto(0x0, 0x400005, 0xe3, 0x9b72, r1, 0x7) kill$auto(0x0, 0x21) madvise$auto(0x0, 0x2003f0, 0x15) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) 3.538034749s ago: executing program 1 (id=334): syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async) r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x16, 0x401, 0x8000) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x16, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x6) (async) close_range$auto(0x2, 0x8, 0x6) r1 = io_uring_setup$auto(0x6, 0x0) r2 = socket(0xa, 0x2, 0x88) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x101000, 0x0) (async) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x101000, 0x0) mmap$auto(0x2, 0x208, 0x6, 0x15, r3, 0x2) r4 = gettid() kexec_load$auto(0x5, 0x2, &(0x7f0000000040)={@kbuf=0x0, 0x2aa7, 0x6c0000c000, 0xc000}, 0x4) kill$auto(r4, 0x11) ioperm$auto(0x90d5, 0xc, 0x2) syz_clone3(0x0, 0x2f) close_range$auto(0x2, r3, 0x0) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r5) mmap$auto(0x0, 0x20009, 0xffffffffffffffff, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, r1, 0x0) (async) close_range$auto(0x2, r1, 0x0) r6 = socket(0x10, 0x2, 0x4) mmap$auto(0x0, 0x2000d, 0x4, 0xeb1, 0x404, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={0x0}, 0x1, 0x0, 0x0, 0x4004814}, 0x800) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={0x0}, 0x1, 0x0, 0x0, 0x4004814}, 0x800) bpf$auto(0xffffffff, &(0x7f00000001c0)=@task_fd_query={0x0, r6, 0x800, 0x10008, 0x7, 0x1000049, 0xffffffffffffffff, 0x2, 0x3}, 0x6f3) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYRES16=r4, @ANYRES16=r2, @ANYRES8=r4], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) (async) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYRES16=r4, @ANYRES16=r2, @ANYRES8=r4], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_FLUSH_PMKSA(r7, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000380)={&(0x7f0000000440)=ANY=[@ANYBLOB="289540010045f45bb33cc843151c000010", @ANYRES16=r0, @ANYBLOB], 0x28}, 0x1, 0x0, 0x0, 0x20048000}, 0x4008040) sendmmsg$auto(r2, &(0x7f0000000080)={{0x0, 0x43a6, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x1009}, 0x7}, 0x3, 0x80004000) (async) sendmmsg$auto(r2, &(0x7f0000000080)={{0x0, 0x43a6, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x1009}, 0x7}, 0x3, 0x80004000) capget$auto(0x0, 0xfffffffffffffffe) capset$auto(0x0, &(0x7f0000000000)={0x3, 0x7, 0x8}) 3.088272087s ago: executing program 2 (id=335): socket(0x23, 0x2, 0x0) mmap$auto(0x0, 0x4020009, 0x4, 0x6d4, 0x401, 0x8000) mmap$auto(0x0, 0x40009, 0xa, 0x9b72, 0x2, 0x28000) capset$auto(&(0x7f0000000100)={0x20080522}, 0x0) r0 = openat$auto_evm_key_ops_evm_secfs(0xffffffffffffff9c, &(0x7f00000000c0), 0x40802, 0x0) write$auto(r0, 0x0, 0x881) ioctl$auto(0x3, 0x89e0, 0x38) 2.845270149s ago: executing program 2 (id=336): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) read$auto(r0, 0x0, 0x80000001) open(0x0, 0x2a4c0, 0x20) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x8000, 0x0) r2 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0) ioctl$auto(r2, 0xc0045540, r1) 1.872228161s ago: executing program 1 (id=337): mmap$auto(0x0, 0x10000, 0x4000000000db, 0xeb1, 0x2, 0x8000) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x801, 0x100) socket(0x11, 0x3, 0x2) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) getsockopt$auto(0x6, 0x107, 0x11, 0x0, 0x0) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000001100)='/proc/bus/pci/00/03.0\x00', 0xa0581, 0x0) write$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000001140)="8cbdca", 0x3) writev$auto(r0, &(0x7f0000001d40)={0x0, 0x2}, 0x6) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) madvise$auto(0x0, 0xffffffffffff0008, 0x19) mmap$auto(0x0, 0x6, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) madvise$auto(0x0, 0xa2c8, 0x14) 1.788508488s ago: executing program 2 (id=338): syz_clone3(&(0x7f0000000100)={0x2000000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58) mq_open$auto(&(0x7f0000000200)='{[/,\x00', 0x0, 0x1, &(0x7f0000000280)={0x3, 0x5, 0x100000001, 0x62}) mmap$auto(0x8001, 0xff, 0x80000001, 0x1010, 0xffffffffffffffff, 0x28000) mmap$auto(0xc1, 0x2000, 0xdf, 0x9b72, 0x2, 0x8000) unshare$auto(0x40000080) socket(0x29, 0x5, 0x8) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/bonding/all_slaves_active\x00', 0xb02, 0x0) r0 = openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x180b01, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) lsm_set_self_attr$auto(0x2, 0x0, 0x8001, 0x1) write$auto(0x3, 0x0, 0xfffffdef) writev$auto(r0, &(0x7f0000000240)={&(0x7f00000001c0), 0x3}, 0x9) unshare$auto(0x7ff) syz_clone3(&(0x7f0000000100)={0x2000000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58) (async) mq_open$auto(&(0x7f0000000200)='{[/,\x00', 0x0, 0x1, &(0x7f0000000280)={0x3, 0x5, 0x100000001, 0x62}) (async) mmap$auto(0x8001, 0xff, 0x80000001, 0x1010, 0xffffffffffffffff, 0x28000) (async) mmap$auto(0xc1, 0x2000, 0xdf, 0x9b72, 0x2, 0x8000) (async) unshare$auto(0x40000080) (async) socket(0x29, 0x5, 0x8) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/bonding/all_slaves_active\x00', 0xb02, 0x0) (async) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x180b01, 0x0) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) (async) lsm_set_self_attr$auto(0x2, 0x0, 0x8001, 0x1) (async) write$auto(0x3, 0x0, 0xfffffdef) (async) writev$auto(r0, &(0x7f0000000240)={&(0x7f00000001c0), 0x3}, 0x9) (async) unshare$auto(0x7ff) (async) 782.110258ms ago: executing program 1 (id=339): symlink$auto(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') symlink$auto(&(0x7f0000000500)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', &(0x7f0000000580)='./file0\x00') r0 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000880), 0xffffffffffffffff) mmap$auto(0x0, 0x2a, 0xdf, 0x9b72, 0x1000, 0x28000) r1 = socket(0x10, 0x2, 0x14) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r1, &(0x7f0000003000)={0x0, 0x0, &(0x7f0000002fc0)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000000a14af"], 0x14}, 0x1, 0x0, 0x0, 0x80c3}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4c084}, 0x51) sendmmsg$auto(r1, &(0x7f0000000080)={{0x0, 0x8001c01, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x1}, 0x7}, 0x3d55, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000940)={'batadv0\x00', 0x0}) r3 = socket(0xa, 0x80803, 0x6) openat$auto_proc_gid_map_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/gid_map\x00', 0x80, 0x0) bind$auto(r3, &(0x7f0000000040)=@generic={0xa, "2c551d000000fe8000"}, 0x66) sendmsg$auto_BATADV_CMD_GET_ORIGINATORS(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000280)={0x1c, r0, 0x3abba0b2ae0bab93, 0x70bd2d, 0x25dfdbfb, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x4000054) stat$auto(&(0x7f0000000ec0)='./file0\x00', 0x0) 663.92305ms ago: executing program 0 (id=340): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) write$auto(r0, 0x0, 0xea) write$auto(0x1, 0x0, 0x80000000) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x5) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tty48\x00', 0x800, 0x0) ioctl$auto(r1, 0x4b3b, r1) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sethostname$auto(0xfffffffffffffffe, 0x0) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x5, 0x2) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xf4, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0x2000040080000004, 0xe) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x123002, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) r2 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) move_pages$auto(r2, 0x1002, 0x0, 0x0, 0x0, 0x2) socket$nl_generic(0x10, 0x3, 0x10) socket(0x848000000015, 0x805, 0x0) bind$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x6b) sendmsg$auto_NL802154_CMD_SET_SEC_PARAMS(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="05000000", @ANYRES16=0x0, @ANYBLOB="010025bd7000ffdbdf25150000000500120010000000080027000c000000380b2b80330b248004008080ba89ebda4be9067b59c90d50dab4ba175b1b13d15e19ee0f5bf6c6d2095efcc719c8e137b7ec6062c6c768e512acd0f1208ee2be2b891868abd1934bd95a54945e649a2afd1272f72e8fffb57e3ba1c8fb306ce2ba95180cf54dcca46ab950e626ff31022afd57f1306ee00962cb60c30a9946d642a00256ed0006ec8364307874f7c763c6e9af0222943721fb4fa5b1cecfe3a908b1fd515dad1e0ca0998fa55ca4bbf9412855250567f1b98186d8597ab6fb715cef224b510a7ccc4cae047b6d4ab94775e1158d87be4806455bbd76baaa3a656ed5f316b17a5a27a6ec9904006d80460a8e80b634a4b1ce57b5a586e945eb157cc566d02bed93630b901c93d3fde23606aa3e80e4d0644fef266741cf5f2879924594cd388ed548e2dea74f9d72af19edad4a810af64d79eaa131b2afaca3f428fd83499d9c7a99dfd9a24cbd9bf5b0f0446521fcf1f416f83791795dc86d63c7a05e38c547e208be35b17fb8aa1fa57ea4ac59aac09a5bfb9f08a6d02e58d5040324f4241a9eb63d5a1e48cff0ed3e97c4af9506ca950ce9d115d242277c614a27a77df014ced1df35f069b42113bc6bf5427f9c1ba6924ec8bafc11ba6d9303461e92e3c3e1b4d5b2954d259654ee2bab0385e3b106c4a93525200ce6e3f1e9f6d4b87b61583abced950ff97dade7ebde309c78d4f1ddbff5cb5c3fd141cbb4e56a97183f705019716cf6d6f300c9677b6f14b2b8d708b675b5c4f2357d9c22dd6bba1195ba295a5f713ac28f043cc671fc7b43fb9b40bf17766c79d698dd68d0e385e926971a18a3c3687c3c8202b806432be62b3030a2c9e31da55a6cd98165f7439f9a09508b8c4b9c5ea32aaf1f7c4246ea8700aaccaf476d9cd5e3b2340d17f13ba40c8fdaf4aa4c4b8763fd86d35bda9aab03e3a252d7e4aea01cdad1fad040b29a9e92ee1fd8c010c30b4cc69917cee531e42efa59c735fe8159a292f57fa7a4600e6833032846d87a515d9803770eb4db6712bce7b51fc2f0eff8a292023a8c7c1544c6e53012f9fe13aa8caf795caccfa4ff2321116a86938e2b782e7a57fe5cbff8df11b0bc86d691a7a8df0cc9486c4898e8bafd0b374798ecdba9af994890465f435d5e6408dd9ddd96df1673098864522e964b565d69882198a999ee41c980dafdf3538400c81ad57dc970a72b75d75850913452021a4dfe885342c4e5c33dbcd801b10866908de67b13c5dc4fb51dce74dae4c4c27413c00b50c8e18d1dcfe28974fee5df4cefd05f7e8e21e8881ef7300ca75af8ef7c8cfa0a1cf8771444e3bd449f957fa4500c1f371ccc31a7b196ca809935887d26d3ed24d2dc16c83aa263abd880df1d27d8463e4f29673fbb0a073caaf975314f5660bdf89c285291a46ddb2f8410b02e86bc522808052288fe16dbb7733976605ed2342c69717ba18334138bc68c994ffa20bbad1672a4ee0dc19a0ec177f36995edc671ef8d29211e4b7d0723a18c36c398df2e924a4f55ef95687e6a4aebcf86d36a9791d561c2203fc4a545d30a5173ffc84612c333a73fd0c84f92554294cfbbe86088e79bc6f1c9bc880b4502e4b47af767f47dbccbf4318ec6a33ee42cafc3e6ced6720adf772de614a754c7b0d93208cb0bdd285e8ff9ffe078bb782a57a14204784880a3379af47423967bf134933d350324a845e7aca06245efec7dd272177bbb663bf83c23161cf7d8b32d45502f6bbc6416720652aa197556c3cf5be55e2f8ace74ce95feb288f681d92ed529bb9892472c3633f744bfde252c8b00808d92daa2a3b4771eee9cc83745c326f8ea02119b55a99bddfc498948e53ce2efa0635276810d2211e9e0e63bc850029865d525cbf43cde05009dca149084d9569a1abb0e5f941bd5c67a77685e965b354dc744617960e642512f2cd86236c9a1791f446e822b86518185d668e7e93daec7b1a9f53034aeabc7c7bf52deefbf5e2a90b085c41c0f528ff2cf81dbc1c28ed95ad75fd65c0e0d793d7111dce84883cbf60cd55e025b824d84e141d54da72111ea2fed1fd8f3c9cf47763ee47a7988d5021ac661641ee95ea9c9d57dd2f8e537f3cb71830a6c1608dadf6beb7339961811f8da34f8fb7b5190f9c146942fda73801812ed6bffa1a60c80e5fd6528e045b40fa78c10f37797d93f827539aa389d59c48254397ff7b72325465d18b04acac619d9d5f80d46b57d28a76fbe83203ecacb91328b145ebbe356178a1eb1c09101fe785c98aab93485ae7b4217412b7ea31fdd965eaaf78d3ab4eec8bc689062b738c002fd94f9cd18bbc5285c57854f9092e85d90ec205f43fcc9d27cd6041fb73ed3164e7f2cb3ea694b89a1879f8cbcdbffdab4b277d0fa3dba5061952d266b2f3821f79cd2b3bf107c6250e711c9ddba407c9ed323d2dfda23d5a4088f8199d1cbb311a1b051da8d792299f471f0ca7fd7925695acaf01e7ad022d96dfb30e66d551fb37522baf2ea71cc5a6416124ee2138c3f2fb5cca4b71eb9d3571deebc898b62406f416caa3fcd732f9661548d8b7ec74bc94d9dcc92b0048abc2b358c0007a905c9513affbd873a368e0b5872a2f4cdc4bb8602ad3ec77cba3e150c8993f5fc88ac7e6b2642f4660486d5823482aae8f90ee7913abdb064398cebe5946c2920d7d99935571f9b1eeb4529373538e699dda91425660a1010a4cf7e9a10713f57fa1d601467ec51ad5153bd94582320ff55380ca7efefacf62f822b948cb3b93f68978f248639c51ac97e3f56bcca9990839ee01df9773b22cf261310d4b3c6b03ef54a9a848c10d1252d0412a8f01ff61bd6978112d6b69e2f71e02a04f43f3a1a8259f7e83c26fc5bc703a8b6d3d325f08b08f9dc10b8f654871386ef94d2493463f7f3d0b20bf93be475b0ed9e870aaedd63b8d08877651bace68300e3a1b0a5d1a3da2b246fef82de3b57eca440ae7a7656ff31ae74cad3a80f1ae615f2747589d4859ec1981a6a5176168db86ab5f6930d4679762956e408d2268cad53aa10727c8b8952114b17c352782dc9afc120535bcb99bcf1161397f19ac4d288677e48f0e6bfdcf5f852a8bc1b432399f0ade5db9585e09e4cc96a63dd7bddecbbaae880678f94111108d76c5d825629a3eee16b2a6362c59ba3cf99a2e2bcfa62d010706bca5c0d009b141f1c3f6a9cc58234f97a5721a3ee31772877ffda5507f8e7053e15cb60df08184dbdd9f2af7a618781fdd39d32404f3e2dc6ac48f35ce31bc70a019235b7776114ef2ae75ebf7b7191e5a61e1c5c82340e12dd98cf9125a3fb1c8062a206ac2aa98e708a190b1b70d1c2450b47394d8e1f21c541b3f4139d2159e9a37acf2ee9ba5e0cf99221a43b46793cad7b7b71784032a0092abb25380fa77646f948ed456d6fa1fb749f736e10491e39569c073308ee782562a59a719e4b8910f737a41ee0644db9905d22f44bae257749b03667b535af492012ad1c50f1d88a46a2c3aeeca86026c6e5ca8289bb153ff85aade4bd00b9bb87017d7816c24a0e71b0d0dcf6dedbc956c81bf445d665da7cb1c009be2f8d7eb286e2e2595166b8df0541ff0b80ab20d9ba30058ef52dc2c1905133bcca7193320811e0bc083798b80bce7e84ea9135d976fbc339b0814cb4f4dd9a71f9a2f1a78da4c60c1671b6ef41798646a702fd9eeb67bd250df336f0c1889c54be82bfc4238d6568ca0e7bf7a3005126d605a867b47f2c96fd6a92a9cf463270a9e2df32c6959c2f272b48a6b76fe7393dc12713c99888e0d03ffdac04f5d3c87e5343bc1a6127484b6d7e18e97a329ae582b8c3dd1be170cff9fdebcadfb339c67a303e15d6f779da6fbd91b401ac8e32fe1a0f16b5aa52ca7801d12aaba5c57945b3d0e768370e031d268b101df06ceaca597ca754d933b08f3b248548d267cbb16430c5110cdaf5b36bc2cf6a7c24f143277f606cbe77ef320505986fa5dc876e87ec74a2c06d0e893ed3da67cd814f209b3720e98d1b2f6afd245bcb682167978b98b9976c2ef41c8e4d5018fca6b1643fc"], 0xb5c}, 0x1, 0x0, 0x0, 0x20000000}, 0x48880) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "abe6de3d6468fe8000"}, 0x5) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty0\x00', 0x102, 0x0) 310.300295ms ago: executing program 1 (id=341): r0 = socket(0xa, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bridge_slave_1\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r1, 0xffffffffffffffff, 0x4, 0x1ff, r0, @relative_id=0x13, 0xe600}, 0xf) statx$auto(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x8, 0x1, &(0x7f0000000200)={0x110f, 0xfffffffc, 0x9, 0xe, 0xee01, 0xee00, 0x5, 0x9f0, 0x1, 0x80000001, 0x8, 0x0, {0x32b, 0x8000}, {0x1a95, 0xfffffe31}, {0xd, 0x7}, {0x50e2}, 0x200, 0xe934, 0x7, 0xa, 0x26, 0x1, 0x5, 0x1, 0x1, 0xffffff80, 0x9, 0xe352, [0x8000000000000001, 0x40, 0x4, 0x3ff, 0xfa8, 0x8000000000000001, 0xc2b3, 0x2f8, 0x100000000]}) (async) fstat$auto(r2, &(0x7f0000000300)={0x7, 0x4, 0xffffffffeb99a5eb, 0x7, 0xffffffffffffffff, 0xee01, 0x0, 0xfff, 0x6, 0x80000001, 0x8000000000000000, 0x7, 0x7, 0x5, 0x3ff, 0x8, 0x8}) setreuid$auto(r4, r5) (async) fcntl$auto_F_UNLCK(r3, 0x9, 0x2) 0s ago: executing program 1 (id=342): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) fanotify_init$auto(0x65, 0x2) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x402, 0x8000) r0 = mq_open$auto(&(0x7f0000000280)='\\*)A\x00', 0x7e, 0x9, 0x0) ppoll$auto(&(0x7f0000000000)={r0, 0x81, 0x9}, 0x9, &(0x7f0000000040)={0x1}, &(0x7f00000000c0), 0x8) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_wireguard(&(0x7f0000000080), 0xffffffffffffffff) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r1 = getpid() process_vm_readv$auto(r1, 0x0, 0x1, 0x0, 0x6, 0x0) mq_timedsend$auto(r0, 0x0, 0x2000, 0x2, 0x0) pipe$auto(0x0) close_range$auto(0x2, 0x5, 0x0) write$auto(0x6, 0x0, 0x100000001) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.61' (ED25519) to the list of known hosts. [ 88.975448][ T5828] cgroup: Unknown subsys name 'net' [ 89.133754][ T5828] cgroup: Unknown subsys name 'cpuset' [ 89.143127][ T5828] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 90.987918][ T5828] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 93.329990][ T5850] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 93.338003][ T5850] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 93.346646][ T5850] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 93.354222][ T5850] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 93.357783][ T5852] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 93.362234][ T5850] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 93.375956][ T5850] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 93.384840][ T5850] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 93.394504][ T5850] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 93.399340][ T5854] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 93.404030][ T5850] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 93.411972][ T5854] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 93.416221][ T5850] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 93.423298][ T5854] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 93.438727][ T5854] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 93.440639][ T5152] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 93.448264][ T5854] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 93.462342][ T5854] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 93.472951][ T5854] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 93.480200][ T5152] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 94.099989][ T5841] chnl_net:caif_netlink_parms(): no params data found [ 94.134531][ T5839] chnl_net:caif_netlink_parms(): no params data found [ 94.171103][ T5840] chnl_net:caif_netlink_parms(): no params data found [ 94.183370][ T5838] chnl_net:caif_netlink_parms(): no params data found [ 94.461737][ T5839] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.469903][ T5839] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.477306][ T5839] bridge_slave_0: entered allmulticast mode [ 94.486360][ T5839] bridge_slave_0: entered promiscuous mode [ 94.494995][ T5841] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.502403][ T5841] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.509701][ T5841] bridge_slave_0: entered allmulticast mode [ 94.517052][ T5841] bridge_slave_0: entered promiscuous mode [ 94.551285][ T5839] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.558750][ T5839] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.566009][ T5839] bridge_slave_1: entered allmulticast mode [ 94.573958][ T5839] bridge_slave_1: entered promiscuous mode [ 94.581474][ T5841] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.590121][ T5841] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.597315][ T5841] bridge_slave_1: entered allmulticast mode [ 94.604976][ T5841] bridge_slave_1: entered promiscuous mode [ 94.627393][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.634667][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.641997][ T5840] bridge_slave_0: entered allmulticast mode [ 94.649995][ T5840] bridge_slave_0: entered promiscuous mode [ 94.700237][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.707444][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.715346][ T5840] bridge_slave_1: entered allmulticast mode [ 94.723102][ T5840] bridge_slave_1: entered promiscuous mode [ 94.732627][ T5838] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.739964][ T5838] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.747171][ T5838] bridge_slave_0: entered allmulticast mode [ 94.755584][ T5838] bridge_slave_0: entered promiscuous mode [ 94.806617][ T5838] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.814371][ T5838] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.821636][ T5838] bridge_slave_1: entered allmulticast mode [ 94.829283][ T5838] bridge_slave_1: entered promiscuous mode [ 94.839367][ T5839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.852416][ T5839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 94.864407][ T5841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.917967][ T5841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 94.933039][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.989191][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.001325][ T5838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.016428][ T5838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.030001][ T5839] team0: Port device team_slave_0 added [ 95.058901][ T5841] team0: Port device team_slave_0 added [ 95.094368][ T5839] team0: Port device team_slave_1 added [ 95.102513][ T5841] team0: Port device team_slave_1 added [ 95.141563][ T5840] team0: Port device team_slave_0 added [ 95.195712][ T5840] team0: Port device team_slave_1 added [ 95.220879][ T5838] team0: Port device team_slave_0 added [ 95.243035][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.250664][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.276795][ T5841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.309506][ T5838] team0: Port device team_slave_1 added [ 95.316147][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.323906][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.350668][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.362875][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.370107][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.396102][ T5839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.408935][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.415896][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.441901][ T5841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 95.468318][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.475363][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.501612][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 95.513640][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.521263][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.547932][ T5839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 95.548120][ T5854] Bluetooth: hci3: command tx timeout [ 95.565225][ T5843] Bluetooth: hci0: command tx timeout [ 95.565479][ T56] Bluetooth: hci2: command tx timeout [ 95.570933][ T5843] Bluetooth: hci1: command tx timeout [ 95.615888][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.623222][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.649251][ T5838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.662970][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.669989][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.695976][ T5838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 95.751257][ T5840] hsr_slave_0: entered promiscuous mode [ 95.759573][ T5840] hsr_slave_1: entered promiscuous mode [ 95.862733][ T5841] hsr_slave_0: entered promiscuous mode [ 95.870064][ T5841] hsr_slave_1: entered promiscuous mode [ 95.876283][ T5841] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 95.885135][ T5841] Cannot create hsr debugfs directory [ 95.899002][ T5838] hsr_slave_0: entered promiscuous mode [ 95.905600][ T5838] hsr_slave_1: entered promiscuous mode [ 95.911938][ T5838] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 95.919821][ T5838] Cannot create hsr debugfs directory [ 95.931886][ T5839] hsr_slave_0: entered promiscuous mode [ 95.938559][ T5839] hsr_slave_1: entered promiscuous mode [ 95.945759][ T5839] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 95.953413][ T5839] Cannot create hsr debugfs directory [ 96.491442][ T5841] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 96.504813][ T5841] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 96.516815][ T5841] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 96.529782][ T5841] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 96.619508][ T5840] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 96.632894][ T5840] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 96.647027][ T5840] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 96.659368][ T5840] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 96.762574][ T5838] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 96.800688][ T5838] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 96.824112][ T5838] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 96.834747][ T5838] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 96.908275][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.957801][ T5839] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 96.969984][ T5839] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 96.986315][ T5839] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 97.007702][ T5839] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 97.024207][ T5841] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.072536][ T48] cfg80211: failed to load regulatory.db [ 97.086738][ T83] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.094100][ T83] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.126248][ T63] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.133456][ T63] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.186758][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.250610][ T5838] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.294740][ T5840] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.357567][ T5838] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.372943][ T54] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.380112][ T54] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.404638][ T54] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.411842][ T54] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.437633][ T83] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.444848][ T83] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.473983][ T1110] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.481189][ T1110] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.506263][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.562338][ T5839] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.621894][ T5854] Bluetooth: hci0: command tx timeout [ 97.621977][ T56] Bluetooth: hci1: command tx timeout [ 97.627359][ T5854] Bluetooth: hci3: command tx timeout [ 97.640229][ T5843] Bluetooth: hci2: command tx timeout [ 97.654471][ T1110] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.661711][ T1110] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.675391][ T1110] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.682626][ T1110] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.914060][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.071684][ T5841] veth0_vlan: entered promiscuous mode [ 98.125109][ T5841] veth1_vlan: entered promiscuous mode [ 98.234214][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.290870][ T5841] veth0_macvtap: entered promiscuous mode [ 98.309402][ T5838] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.329382][ T5841] veth1_macvtap: entered promiscuous mode [ 98.370448][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.401467][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.413698][ T5841] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.423611][ T5841] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.433780][ T5841] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.443036][ T5841] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.463446][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.490973][ T5840] veth0_vlan: entered promiscuous mode [ 98.561325][ T5840] veth1_vlan: entered promiscuous mode [ 98.579344][ T5838] veth0_vlan: entered promiscuous mode [ 98.638809][ T5839] veth0_vlan: entered promiscuous mode [ 98.667495][ T5838] veth1_vlan: entered promiscuous mode [ 98.674273][ T1110] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.683010][ T1110] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.715334][ T5839] veth1_vlan: entered promiscuous mode [ 98.733100][ T5840] veth0_macvtap: entered promiscuous mode [ 98.758323][ T5840] veth1_macvtap: entered promiscuous mode [ 98.792744][ T1110] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.812195][ T1110] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.825775][ T5838] veth0_macvtap: entered promiscuous mode [ 98.857463][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 98.882053][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.896457][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.915393][ T5838] veth1_macvtap: entered promiscuous mode [ 98.932977][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.946213][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.958175][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.967799][ T5839] veth0_macvtap: entered promiscuous mode [ 98.992519][ T5839] veth1_macvtap: entered promiscuous mode [ 98.996474][ T5841] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 99.004579][ T5840] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.023839][ T5840] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.033795][ T5840] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.042727][ T5840] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.071913][ T5838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 99.084427][ T5838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.096309][ T5838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 99.118412][ T5838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.135300][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.172736][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 99.184144][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.184187][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 99.184211][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.184227][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 99.184248][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.185914][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.192769][ T5838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 99.192804][ T5838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.192820][ T5838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 99.192842][ T5838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.194408][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.223958][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 99.332410][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.342864][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 99.356606][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.366881][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 99.382090][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.395349][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.405535][ T5838] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.420529][ T5838] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.534489][ T5838] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.566285][ T5838] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.708417][ T5854] Bluetooth: hci3: command tx timeout [ 99.713897][ T5854] Bluetooth: hci2: command tx timeout [ 99.728427][ T5843] Bluetooth: hci1: command tx timeout [ 99.732197][ T56] Bluetooth: hci0: command tx timeout [ 99.911202][ T5839] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.933577][ T5839] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.953215][ T5839] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.962634][ T5839] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.296440][ T3021] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.363769][ T3021] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.411166][ T3021] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.427936][ T3021] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.501640][ T83] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.513564][ T83] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.577694][ T63] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.606486][ T63] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.685090][ T1110] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.696305][ T3021] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.701054][ T1110] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.729810][ T3021] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.249051][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 101.779094][ T56] Bluetooth: hci2: command tx timeout [ 101.779113][ T5854] Bluetooth: hci1: command tx timeout [ 101.779155][ T5854] Bluetooth: hci0: command tx timeout [ 101.784552][ T56] Bluetooth: hci3: command tx timeout [ 101.943638][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 102.163525][ T5934] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6'. [ 102.349648][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 102.419072][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 102.641696][ T5934] Zero length message leads to an empty skb [ 103.684749][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 103.766555][ T5954] Console: switching to colour VGA+ 80x25 [ 104.254258][ T5961] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 104.766383][ T5976] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input5 [ 104.868057][ T5974] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 105.458820][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 107.858886][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 107.862659][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 107.864738][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 109.054325][ T6052] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 109.220735][ T6055] netlink: 8 bytes leftover after parsing attributes in process `syz.2.30'. [ 110.490158][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! syzkaller syzkaller login: [ 110.806596][ T6079] netlink: 8 bytes leftover after parsing attributes in process `syz.0.36'. [ 111.042983][ T6090] tipc: Started in network mode [ 111.048041][ T6090] tipc: Node identity ee00, cluster identity 4711 [ 111.098540][ T6090] tipc: Node number set to 60928 [ 111.189135][ T6092] [U]  [ 111.192212][ T6092] [U] [ 111.194992][ T6092] [U] [ 111.197753][ T6092] [U] [ 111.235878][ T6092] [U] [ 111.238680][ T6092] [U] [ 111.241440][ T6092] [U] [ 111.244197][ T6092] [U] [ 111.309051][ T6093] [U] [ 112.018199][ T6108] random: crng reseeded on system resumption [ 112.281318][ T56] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 112.281362][ T56] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 112.299478][ T56] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 112.299543][ T56] Bluetooth: hci0: adv larger than maximum supported [ 112.306793][ T56] Bluetooth: hci0: Malformed LE Event: 0x0d [ 114.200253][ T6144] .^: entered promiscuous mode [ 114.544850][ T6152] Invalid ELF header magic: != ELF [ 114.919140][ T6158] netlink: 'syz.2.53': attribute type 1 has an invalid length. [ 114.946966][ T6158] netlink: 'syz.2.53': attribute type 1 has an invalid length. [ 114.958267][ T6158] netlink: 'syz.2.53': attribute type 1 has an invalid length. [ 114.966790][ T6158] netlink: 'syz.2.53': attribute type 1 has an invalid length. [ 114.980649][ T6158] netlink: 'syz.2.53': attribute type 1 has an invalid length. [ 114.988998][ T6158] netlink: 'syz.2.53': attribute type 1 has an invalid length. [ 114.997817][ T6158] netlink: 'syz.2.53': attribute type 1 has an invalid length. [ 115.006595][ T6158] netlink: 'syz.2.53': attribute type 1 has an invalid length. [ 115.015095][ T6158] netlink: 'syz.2.53': attribute type 1 has an invalid length. [ 115.024609][ T6158] netlink: 'syz.2.53': attribute type 1 has an invalid length. [ 115.755771][ T6163] sp0: Synchronizing with TNC [ 118.992798][ T6207] sd 0:0:1:0: device reset [ 119.119053][ T6216] capability: warning: `syz.3.67' uses 32-bit capabilities (legacy support in use) [ 119.147716][ T6211] Invalid ELF header magic: != ELF [ 120.168248][ T6242] netlink: 20 bytes leftover after parsing attributes in process `syz.2.72'. [ 120.895280][ T6251] syz.0.75 uses obsolete (PF_INET,SOCK_PACKET) [ 121.499980][ T6253] Invalid ELF header magic: != ELF [ 122.683905][ T6271] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 123.675388][ T6287] scsi_dev_info_list_add_str: bad dev info string '' '' '' [ 123.765406][ T30] audit: type=1800 audit(6039554506.818:2): pid=6289 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.86" name="discovery_nqn" dev="configfs" ino=9019 res=0 errno=0 [ 123.781115][ T6293] process 'syz.2.87' launched ':,' with NULL argv: empty string added [ 124.019157][ T6293] netlink: 338 bytes leftover after parsing attributes in process `syz.2.87'. [ 124.690454][ T6315] device-mapper: ioctl: ioctl interface mismatch: kernel(4.49.0), user(4294958695.0.0), cmd(5) [ 124.854384][ T6323] mmap: syz.3.88 (6323) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 125.405023][ T6333] perf: Dynamic interrupt throttling disabled, can hang your system! [ 128.336883][ T6366] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 128.360996][ T6366] FAULT_INJECTION: forcing a failure. [ 128.360996][ T6366] name failslab, interval 1, probability 0, space 0, times 1 [ 128.427079][ T6366] CPU: 1 UID: 0 PID: 6366 Comm: syz.2.103 Not tainted 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) [ 128.427134][ T6366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 128.427155][ T6366] Call Trace: [ 128.427166][ T6366] [ 128.427193][ T6366] dump_stack_lvl+0x16c/0x1f0 [ 128.427249][ T6366] should_fail_ex+0x512/0x640 [ 128.427288][ T6366] ? fs_reclaim_acquire+0xae/0x150 [ 128.427331][ T6366] ? tomoyo_encode2+0x100/0x3e0 [ 128.427374][ T6366] should_failslab+0xc2/0x120 [ 128.427406][ T6366] __kmalloc_noprof+0xd2/0x510 [ 128.427453][ T6366] ? d_absolute_path+0x136/0x1a0 [ 128.427495][ T6366] tomoyo_encode2+0x100/0x3e0 [ 128.427546][ T6366] tomoyo_encode+0x29/0x50 [ 128.427589][ T6366] tomoyo_realpath_from_path+0x18f/0x6e0 [ 128.427648][ T6366] tomoyo_check_open_permission+0x2ab/0x3c0 [ 128.427690][ T6366] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 128.427772][ T6366] ? do_raw_spin_lock+0x12c/0x2b0 [ 128.427821][ T6366] tomoyo_file_open+0x6b/0x90 [ 128.427875][ T6366] security_file_open+0x84/0x1e0 [ 128.427920][ T6366] do_dentry_open+0x596/0x1c10 [ 128.427981][ T6366] vfs_open+0x82/0x3f0 [ 128.428019][ T6366] path_openat+0x1e5e/0x2d40 [ 128.428084][ T6366] ? __pfx_path_openat+0x10/0x10 [ 128.428151][ T6366] do_filp_open+0x20b/0x470 [ 128.428201][ T6366] ? __pfx_do_filp_open+0x10/0x10 [ 128.428281][ T6366] ? alloc_fd+0x471/0x7d0 [ 128.428345][ T6366] do_sys_openat2+0x11b/0x1d0 [ 128.428378][ T6366] ? __pfx_do_sys_openat2+0x10/0x10 [ 128.428414][ T6366] ? __sys_sendmsg+0x199/0x220 [ 128.428465][ T6366] __x64_sys_openat+0x174/0x210 [ 128.428501][ T6366] ? __pfx___x64_sys_openat+0x10/0x10 [ 128.428540][ T6366] ? rcu_is_watching+0x12/0xc0 [ 128.428591][ T6366] do_syscall_64+0xcd/0x260 [ 128.428643][ T6366] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.428674][ T6366] RIP: 0033:0x7f075658d169 [ 128.428700][ T6366] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 128.428730][ T6366] RSP: 002b:00007f07574b1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 128.428759][ T6366] RAX: ffffffffffffffda RBX: 00007f07567a5fa0 RCX: 00007f075658d169 [ 128.428780][ T6366] RDX: 0000000000000002 RSI: 0000200000000400 RDI: ffffffffffffff9c [ 128.428800][ T6366] RBP: 00007f075660e990 R08: 0000000000000000 R09: 0000000000000000 [ 128.428817][ T6366] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 128.428835][ T6366] R13: 0000000000000000 R14: 00007f07567a5fa0 R15: 00007ffe366011a8 [ 128.428876][ T6366] [ 128.803845][ T6366] ERROR: Out of memory at tomoyo_realpath_from_path. [ 132.489561][ T6423] netlink: 28 bytes leftover after parsing attributes in process `syz.0.112'. [ 133.917915][ T6494] netlink: 186 bytes leftover after parsing attributes in process `syz.2.126'. [ 133.969836][ T6477] netlink: 8 bytes leftover after parsing attributes in process `syz.0.124'. [ 133.982139][ T56] Bluetooth: hci1: unexpected subevent 0x01 length: 4 < 18 [ 136.001332][ T6516] netlink: zone id is out of range [ 136.006526][ T6516] netlink: zone id is out of range [ 136.116839][ T6516] netlink: zone id is out of range [ 136.204602][ T6516] netlink: zone id is out of range [ 136.210069][ T6516] netlink: zone id is out of range [ 136.215233][ T6516] netlink: zone id is out of range [ 136.223992][ T6516] netlink: zone id is out of range [ 136.229423][ T6516] netlink: zone id is out of range [ 136.234579][ T6516] netlink: zone id is out of range [ 136.243493][ T6516] netlink: zone id is out of range [ 136.916034][ T6531] ptrace attach of "./syz-executor exec"[5840] was attempted by "./syz-executor exec"[6531] [ 137.609205][ T6544] netlink: 342 bytes leftover after parsing attributes in process `syz.2.140'. [ 138.026049][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.032803][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 140.860003][ T6600] validate_nla: 55 callbacks suppressed [ 140.860028][ T6600] netlink: 'syz.1.150': attribute type 1 has an invalid length. [ 140.899167][ T6600] netlink: 33 bytes leftover after parsing attributes in process `syz.1.150'. [ 141.210456][ T6612] netlink: 338 bytes leftover after parsing attributes in process `syz.1.152'. [ 141.239638][ T6612] netlink: 338 bytes leftover after parsing attributes in process `syz.1.152'. [ 141.250755][ T6612] netlink: 210 bytes leftover after parsing attributes in process `syz.1.152'. [ 141.335857][ T56] Bluetooth: hci2: Unable to find connection for big 0xd2 [ 143.856540][ T6659] netlink: 20 bytes leftover after parsing attributes in process `syz.0.159'. [ 145.030183][ T6681] netlink: 28 bytes leftover after parsing attributes in process `syz.0.166'. [ 145.048557][ T6681] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 145.122002][ T6681] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 146.848969][ T6730] ima: policy update failed [ 146.871727][ T30] audit: type=1802 audit(6039554529.938:3): pid=6730 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.177" res=0 errno=0 [ 147.000354][ T30] audit: type=1326 audit(6039554530.068:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6727 comm="syz.3.178" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5fc358d169 code=0x0 [ 147.015159][ T6730] nbd: illegal input index 2147483647 [ 147.238713][ T30] audit: type=1800 audit(6039554530.298:5): pid=6738 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.177" name=03 dev="tmpfs" ino=274 res=0 errno=0 [ 147.619552][ T6739] netlink: 'syz.3.178': attribute type 2 has an invalid length. [ 147.664837][ T6739] netlink: 12 bytes leftover after parsing attributes in process `syz.3.178'. [ 149.024958][ T6746] netlink: 'syz.0.181': attribute type 1 has an invalid length. [ 149.032852][ T6746] netlink: 13 bytes leftover after parsing attributes in process `syz.0.181'. [ 149.503989][ T6774] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 150.839331][ T30] audit: type=1326 audit(6039554533.888:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6790 comm="syz.1.192" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb2b1b8d169 code=0x0 [ 150.860732][ C0] vkms_vblank_simulate: vblank timer overrun [ 151.298838][ T6804] netlink: 'syz.1.192': attribute type 2 has an invalid length. [ 151.313454][ T6804] netlink: 12 bytes leftover after parsing attributes in process `syz.1.192'. [ 151.687058][ T6806] Unable to find swap-space signature [ 151.759551][ T6806] netlink: 'syz.3.194': attribute type 1 has an invalid length. [ 151.767358][ T6806] netlink: 33 bytes leftover after parsing attributes in process `syz.3.194'. [ 152.131557][ T30] audit: type=1326 audit(6039554535.198:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6811 comm="syz.2.196" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f075658d169 code=0x0 [ 152.362228][ T6820] netlink: 'syz.2.196': attribute type 2 has an invalid length. [ 152.412241][ T6820] netlink: 12 bytes leftover after parsing attributes in process `syz.2.196'. [ 153.949551][ T6827] netlink: 186 bytes leftover after parsing attributes in process `syz.3.199'. [ 154.821432][ T6863] netlink: 338 bytes leftover after parsing attributes in process `syz.1.207'. [ 154.840554][ T6856] netlink: 338 bytes leftover after parsing attributes in process `syz.1.207'. [ 155.468597][ T30] audit: type=1326 audit(6039554538.528:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6872 comm="syz.0.210" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f394b58d169 code=0x0 [ 156.152797][ T6884] netlink: 'syz.0.210': attribute type 2 has an invalid length. [ 156.192498][ T6884] netlink: 12 bytes leftover after parsing attributes in process `syz.0.210'. [ 158.220425][ T6929] CIFS: VFS: Unsupported security flags: 0x200 [ 159.467039][ T6952] FAULT_INJECTION: forcing a failure. [ 159.467039][ T6952] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 159.568446][ T6952] CPU: 0 UID: 0 PID: 6952 Comm: syz.1.226 Not tainted 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) [ 159.568494][ T6952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 159.568513][ T6952] Call Trace: [ 159.568528][ T6952] [ 159.568541][ T6952] dump_stack_lvl+0x16c/0x1f0 [ 159.568595][ T6952] should_fail_ex+0x512/0x640 [ 159.568638][ T6952] should_fail_alloc_page+0xe7/0x130 [ 159.568671][ T6952] prepare_alloc_pages+0x3c2/0x610 [ 159.568711][ T6952] ? rcu_is_watching+0x12/0xc0 [ 159.568756][ T6952] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 159.568807][ T6952] ? __kernel_text_address+0xd/0x40 [ 159.568845][ T6952] ? unwind_get_return_address+0x59/0xa0 [ 159.568888][ T6952] ? arch_stack_walk+0xa6/0x100 [ 159.568945][ T6952] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 159.568996][ T6952] ? stack_trace_save+0x8e/0xc0 [ 159.569039][ T6952] ? __pfx_stack_trace_save+0x10/0x10 [ 159.569082][ T6952] ? stack_depot_save_flags+0x28/0xa50 [ 159.569128][ T6952] ? find_held_lock+0x2b/0x80 [ 159.569174][ T6952] ? kasan_save_stack+0x42/0x60 [ 159.569226][ T6952] ? __lock_acquire+0xaa4/0x1ba0 [ 159.569275][ T6952] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 159.569312][ T6952] ? policy_nodemask+0xea/0x4e0 [ 159.569367][ T6952] alloc_pages_mpol+0x1fb/0x550 [ 159.569399][ T6952] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 159.569426][ T6952] ? __page_table_check_ptes_set+0x1ae/0x420 [ 159.569479][ T6952] ? find_held_lock+0x2b/0x80 [ 159.569526][ T6952] alloc_pages_noprof+0x131/0x390 [ 159.569557][ T6952] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 159.569621][ T6952] get_free_pages_noprof+0xc/0x40 [ 159.569653][ T6952] kasan_populate_vmalloc_pte+0x2d/0x160 [ 159.569700][ T6952] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 159.569746][ T6952] __apply_to_page_range+0x5f9/0xd30 [ 159.569789][ T6952] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 159.569843][ T6952] ? __pfx___apply_to_page_range+0x10/0x10 [ 159.569884][ T6952] ? alloc_vmap_area+0x872/0x2970 [ 159.569927][ T6952] alloc_vmap_area+0x919/0x2970 [ 159.569990][ T6952] ? __pfx_alloc_vmap_area+0x10/0x10 [ 159.570038][ T6952] __get_vm_area_node+0x1a7/0x300 [ 159.570086][ T6952] __vmalloc_node_range_noprof+0x277/0x1540 [ 159.570135][ T6952] ? __do_sys_listmount+0x1c2/0xed0 [ 159.570192][ T6952] ? __do_sys_listmount+0x1c2/0xed0 [ 159.570245][ T6952] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 159.570305][ T6952] __kvmalloc_node_noprof+0x2ff/0x600 [ 159.570352][ T6952] ? __do_sys_listmount+0x1c2/0xed0 [ 159.570397][ T6952] ? __do_sys_listmount+0x1c2/0xed0 [ 159.570448][ T6952] ? __do_sys_listmount+0x1c2/0xed0 [ 159.570488][ T6952] __do_sys_listmount+0x1c2/0xed0 [ 159.570539][ T6952] ? __x64_sys_futex+0x1e0/0x4c0 [ 159.570584][ T6952] ? __x64_sys_futex+0x1e9/0x4c0 [ 159.570630][ T6952] ? __pfx___do_sys_listmount+0x10/0x10 [ 159.570674][ T6952] ? xfd_validate_state+0x5d/0x180 [ 159.570726][ T6952] do_syscall_64+0xcd/0x260 [ 159.570777][ T6952] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 159.570810][ T6952] RIP: 0033:0x7fb2b1b8d169 [ 159.570835][ T6952] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 159.570867][ T6952] RSP: 002b:00007fb2af9d5038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 159.570897][ T6952] RAX: ffffffffffffffda RBX: 00007fb2b1da6160 RCX: 00007fb2b1b8d169 [ 159.570918][ T6952] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000140 [ 159.570937][ T6952] RBP: 00007fb2b1c0e990 R08: 0000000000000000 R09: 0000000000000000 [ 159.570956][ T6952] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 159.570974][ T6952] R13: 0000000000000000 R14: 00007fb2b1da6160 R15: 00007ffdc54e0168 [ 159.571013][ T6952] [ 159.571325][ T6952] syz.1.226: vmalloc error: size 8000000, vm_struct allocation failed, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null) [ 159.741809][ T6952] ,cpuset=/,mems_allowed=0-1 [ 160.058404][ T6952] CPU: 0 UID: 0 PID: 6952 Comm: syz.1.226 Not tainted 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) [ 160.058449][ T6952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 160.058468][ T6952] Call Trace: [ 160.058479][ T6952] [ 160.058491][ T6952] dump_stack_lvl+0x16c/0x1f0 [ 160.058543][ T6952] warn_alloc+0x248/0x3a0 [ 160.058594][ T6952] ? __pfx_warn_alloc+0x10/0x10 [ 160.058645][ T6952] ? kfree+0x2b6/0x4d0 [ 160.058696][ T6952] ? __get_vm_area_node+0x1e5/0x300 [ 160.058740][ T6952] __vmalloc_node_range_noprof+0xd31/0x1540 [ 160.058793][ T6952] ? __do_sys_listmount+0x1c2/0xed0 [ 160.058833][ T6952] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 160.058878][ T6952] __kvmalloc_node_noprof+0x2ff/0x600 [ 160.058914][ T6952] ? __do_sys_listmount+0x1c2/0xed0 [ 160.058949][ T6952] ? __do_sys_listmount+0x1c2/0xed0 [ 160.058987][ T6952] ? __do_sys_listmount+0x1c2/0xed0 [ 160.059018][ T6952] __do_sys_listmount+0x1c2/0xed0 [ 160.059058][ T6952] ? __x64_sys_futex+0x1e0/0x4c0 [ 160.059094][ T6952] ? __x64_sys_futex+0x1e9/0x4c0 [ 160.059131][ T6952] ? __pfx___do_sys_listmount+0x10/0x10 [ 160.059165][ T6952] ? xfd_validate_state+0x5d/0x180 [ 160.059207][ T6952] do_syscall_64+0xcd/0x260 [ 160.059247][ T6952] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 160.059275][ T6952] RIP: 0033:0x7fb2b1b8d169 [ 160.059295][ T6952] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 160.059319][ T6952] RSP: 002b:00007fb2af9d5038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 160.059344][ T6952] RAX: ffffffffffffffda RBX: 00007fb2b1da6160 RCX: 00007fb2b1b8d169 [ 160.059361][ T6952] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000140 [ 160.059376][ T6952] RBP: 00007fb2b1c0e990 R08: 0000000000000000 R09: 0000000000000000 [ 160.059392][ T6952] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 160.059408][ T6952] R13: 0000000000000000 R14: 00007fb2b1da6160 R15: 00007ffdc54e0168 [ 160.059438][ T6952] [ 160.059447][ T6952] Mem-Info: [ 160.280196][ T6952] active_anon:10079 inactive_anon:0 isolated_anon:0 [ 160.280196][ T6952] active_file:8196 inactive_file:45357 isolated_file:0 [ 160.280196][ T6952] unevictable:768 dirty:3897 writeback:0 [ 160.280196][ T6952] slab_reclaimable:10064 slab_unreclaimable:95804 [ 160.280196][ T6952] mapped:32636 shmem:5469 pagetables:903 [ 160.280196][ T6952] sec_pagetables:0 bounce:0 [ 160.280196][ T6952] kernel_misc_reclaimable:0 [ 160.280196][ T6952] free:1334338 free_pcp:2374 free_cma:0 [ 160.325513][ C0] vkms_vblank_simulate: vblank timer overrun [ 160.550384][ T6952] Node 0 active_anon:39964kB inactive_anon:0kB active_file:32784kB inactive_file:181416kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:107468kB dirty:15588kB writeback:0kB shmem:19896kB shmem_thp:2048kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10824kB pagetables:3616kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 160.584281][ C0] vkms_vblank_simulate: vblank timer overrun [ 160.643855][ T6952] Node 1 active_anon:2400kB inactive_anon:0kB active_file:0kB inactive_file:12kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 160.675551][ C0] vkms_vblank_simulate: vblank timer overrun [ 160.758674][ T6952] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 160.789461][ T6952] lowmem_reserve[]: 0 2482 2483 2483 2483 [ 160.796630][ T6952] Node 0 DMA32 free:1426016kB boost:0kB min:34092kB low:42612kB high:51132kB reserved_highatomic:0KB active_anon:31316kB inactive_anon:0kB active_file:32784kB inactive_file:179836kB unevictable:1536kB writepending:15460kB present:3129332kB managed:2541668kB mlocked:0kB bounce:0kB free_pcp:11320kB local_pcp:92kB free_cma:0kB [ 160.847929][ T6952] lowmem_reserve[]: 0 0 1 1 1 [ 160.854885][ T6952] Node 0 Normal free:0kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1580kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:8kB free_cma:0kB [ 160.928449][ T6952] lowmem_reserve[]: 0 0 0 0 0 [ 160.933287][ T6952] Node 1 Normal free:3898500kB boost:0kB min:55784kB low:69728kB high:83672kB reserved_highatomic:0KB active_anon:996kB inactive_anon:0kB active_file:0kB inactive_file:12kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:4788kB local_pcp:304kB free_cma:0kB [ 160.962772][ C0] vkms_vblank_simulate: vblank timer overrun [ 161.056960][ T6952] lowmem_reserve[]: 0 0 0 0 0 [ 161.101084][ T6952] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 161.148443][ T6952] Node 0 DMA32: 502*4kB (UME) 991*8kB (UME) 730*16kB (UME) 852*32kB (UME) 516*64kB (UME) 247*128kB (M) 155*256kB (ME) 76*512kB (UME) 42*1024kB (UME) 21*2048kB (UME) 283*4096kB (M) = 1437296kB [ 161.215097][ T6952] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 161.248167][ T6952] Node 1 Normal: 148*4kB (UE) 76*8kB (UE) 53*16kB (UME) 204*32kB (UE) 80*64kB (UE) 24*128kB (UME) 12*256kB (UE) 10*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 944*4096kB (M) = 3898752kB [ 161.278238][ T6952] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 161.296617][ T6952] Node 0 hugepages_total=2 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 161.314779][ T6952] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 161.380000][ T6952] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 161.392857][ T6952] 55702 total pagecache pages [ 161.397607][ T6952] 0 pages in swap cache [ 161.437953][ T6952] Free swap = 123188kB [ 161.460077][ T6952] Total swap = 124996kB [ 161.464294][ T6952] 2097051 pages RAM [ 161.518570][ T6952] 0 pages HighMem/MovableOnly [ 161.523346][ T6952] 429592 pages reserved [ 161.527625][ T6952] 0 pages cma reserved syzkaller syzkaller login: [ 164.338269][ T7035] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78c00 [ 164.348114][ T7035] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 164.361806][ T7035] memcg:ffff888033367701 [ 164.366108][ T7035] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 164.374985][ T7035] page_type: f5(slab) [ 164.382854][ T7035] raw: 00fff00000000040 ffff88801cefa640 dead000000000122 0000000000000000 [ 164.392093][ T7035] raw: 0000000000000000 00000000000c000c 00000000f5000000 ffff888033367701 [ 164.406068][ T7035] head: 00fff00000000040 ffff88801cefa640 dead000000000122 0000000000000000 [ 164.418676][ T7035] head: 0000000000000000 00000000000c000c 00000000f5000000 ffff888033367701 [ 164.427717][ T7035] head: 00fff00000000002 ffffea0001e30001 00000000ffffffff 00000000ffffffff [ 164.437259][ T7035] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 164.446996][ T7035] page dumped because: unmovable page [ 164.452796][ T7035] page_owner tracks the page as allocated [ 164.460151][ T7035] page last allocated via order 2, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 6874, tgid 6874 (syz-executor), ts 155211325741, free_ts 151935893431 [ 164.484056][ T7035] post_alloc_hook+0x181/0x1b0 [ 164.489234][ T7035] get_page_from_freelist+0x1193/0x39b0 [ 164.494991][ T7035] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 164.501371][ T56] Bluetooth: hci1: command 0x0c1a tx timeout [ 164.508958][ T6994] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 164.518151][ T7035] alloc_pages_mpol+0x1fb/0x550 [ 164.523817][ T7035] new_slab+0x23c/0x330 [ 164.528047][ T7035] ___slab_alloc+0xd9c/0x1940 [ 164.533288][ T7035] __slab_alloc.constprop.0+0x56/0xb0 [ 164.539158][ T7035] kmem_cache_alloc_lru_noprof+0xf4/0x3b0 [ 164.544951][ T7035] proc_alloc_inode+0x25/0x200 [ 164.550342][ T7035] alloc_inode+0x61/0x240 [ 164.554737][ T7035] new_inode+0x22/0x1c0 [ 164.559414][ T7035] proc_pid_make_inode+0x22/0x160 [ 164.564662][ T7035] proc_pident_instantiate+0x85/0x320 [ 164.570625][ T7035] proc_pident_lookup+0x21d/0x290 [ 164.575869][ T7035] lookup_open.isra.0+0x4d7/0x1580 [ 164.581563][ T7035] path_openat+0x905/0x2d40 [ 164.586269][ T7035] page last free pid 6811 tgid 6811 stack trace: [ 164.594306][ T7035] __free_frozen_pages+0x69d/0xff0 [ 164.599907][ T7035] __put_partials+0x16d/0x1c0 [ 164.604664][ T7035] qlist_free_all+0x4e/0x120 [ 164.609942][ T7035] kasan_quarantine_reduce+0x195/0x1e0 [ 164.617545][ T7035] __kasan_slab_alloc+0x69/0x90 [ 164.623166][ T7035] kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 164.629225][ T7035] jbd2__journal_start+0x193/0x6a0 [ 164.634583][ T7035] __ext4_journal_start_sb+0x195/0x690 [ 164.640654][ T7035] ext4_dirty_inode+0xa1/0x130 [ 164.646765][ T7035] __mark_inode_dirty+0x1eb/0xe50 [ 164.652370][ T7035] generic_update_time+0xcf/0xf0 [ 164.657514][ T7035] file_update_time+0x17d/0x1c0 [ 164.662972][ T7035] ext4_page_mkwrite+0x35e/0x1750 [ 164.668282][ T7035] do_page_mkwrite+0x171/0x380 [ 164.673670][ T7035] do_pte_missing+0x29c/0x3fb0 [ 164.678935][ T7035] __handle_mm_fault+0x103d/0x2a40 [ 165.322350][ T6994] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 165.350377][ T6994] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 165.369018][ T6994] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 165.377278][ T6994] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 165.393630][ T6994] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 165.409164][ T6994] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 165.415437][ T6994] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 165.425872][ T6994] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 165.437715][ T6994] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 165.444274][ T6994] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 165.454304][ T6994] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 166.580093][ T56] Bluetooth: hci1: command 0x0c1a tx timeout [ 167.055319][ T7079] netlink: 28 bytes leftover after parsing attributes in process `syz.0.258'. [ 167.066825][ T7079] bridge_slave_1: left allmulticast mode [ 167.076094][ T7079] bridge_slave_1: left promiscuous mode [ 167.086292][ T7079] bridge0: port 2(bridge_slave_1) entered disabled state [ 167.104219][ T7079] bridge_slave_0: left allmulticast mode [ 167.112417][ T7079] bridge_slave_0: left promiscuous mode [ 167.120678][ T7079] bridge0: port 1(bridge_slave_0) entered disabled state [ 167.378585][ T56] Bluetooth: hci0: command 0x0c1a tx timeout [ 167.459391][ T5152] Bluetooth: hci2: command 0x0c1a tx timeout [ 167.468088][ T56] Bluetooth: hci3: command 0x0c1a tx timeout [ 167.901338][ T7093] netlink: 19 bytes leftover after parsing attributes in process `syz.1.261'. [ 168.003694][ T7093] netlink: 28 bytes leftover after parsing attributes in process `syz.1.261'. [ 168.658885][ T56] Bluetooth: hci1: command 0x0c1a tx timeout [ 169.460277][ T56] Bluetooth: hci0: command 0x0c1a tx timeout [ 169.538614][ T56] Bluetooth: hci3: command 0x0c1a tx timeout [ 169.545465][ T5152] Bluetooth: hci2: command 0x0c1a tx timeout [ 169.656962][ T7122] zswap: compressor not available [ 171.540947][ T5152] Bluetooth: hci0: command 0x0c1a tx timeout [ 171.572192][ T7165] Invalid ELF header magic: != ELF [ 171.610717][ T7172] kernel read not supported for file /\*)A (pid: 7172 comm: syz.1.279) [ 171.619398][ T5152] Bluetooth: hci2: command 0x0c1a tx timeout [ 171.619452][ T5152] Bluetooth: hci3: command 0x0c1a tx timeout [ 171.696697][ T30] audit: type=1800 audit(6039554554.758:9): pid=7172 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.279" name="\*)A" dev="mqueue" ino=13438 res=0 errno=0 [ 173.055153][ T56] Bluetooth: hci0: Malformed LE Event: 0x1d [ 173.069741][ T7187] FAULT_INJECTION: forcing a failure. [ 173.069741][ T7187] name failslab, interval 1, probability 0, space 0, times 0 [ 173.136534][ T7187] CPU: 1 UID: 0 PID: 7187 Comm: syz.0.281 Not tainted 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) [ 173.136576][ T7187] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 173.136593][ T7187] Call Trace: [ 173.136602][ T7187] [ 173.136614][ T7187] dump_stack_lvl+0x16c/0x1f0 [ 173.136664][ T7187] should_fail_ex+0x512/0x640 [ 173.136704][ T7187] should_failslab+0xc2/0x120 [ 173.136734][ T7187] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 173.136785][ T7187] ? skb_clone+0x190/0x3f0 [ 173.136833][ T7187] skb_clone+0x190/0x3f0 [ 173.136878][ T7187] netlink_deliver_tap+0xabd/0xd30 [ 173.136960][ T7187] netlink_unicast+0x5df/0x7f0 [ 173.137014][ T7187] ? __pfx_netlink_unicast+0x10/0x10 [ 173.137074][ T7187] netlink_sendmsg+0x8d1/0xdd0 [ 173.137130][ T7187] ? __pfx_netlink_sendmsg+0x10/0x10 [ 173.137195][ T7187] __sys_sendto+0x495/0x510 [ 173.137234][ T7187] ? __pfx___sys_sendto+0x10/0x10 [ 173.137286][ T7187] ? fd_install+0x225/0x750 [ 173.137348][ T7187] ? arch_syscall_is_vdso_sigreturn+0xb6/0x230 [ 173.137392][ T7187] ? syscall_user_dispatch+0x78/0x140 [ 173.137433][ T7187] __x64_sys_sendto+0xe0/0x1c0 [ 173.137470][ T7187] ? syscall_trace_enter+0x5e/0x260 [ 173.137506][ T7187] do_syscall_64+0xcd/0x260 [ 173.137558][ T7187] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 173.137589][ T7187] RIP: 0033:0x7f394b58effc [ 173.137613][ T7187] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b [ 173.137651][ T7187] RSP: 002b:00007f394c41fec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 173.137680][ T7187] RAX: ffffffffffffffda RBX: 00007f394c41ffc0 RCX: 00007f394b58effc [ 173.137701][ T7187] RDX: 0000000000000028 RSI: 00007f394c420010 RDI: 0000000000000006 [ 173.137720][ T7187] RBP: 0000000000000000 R08: 00007f394c41ff14 R09: 000000000000000c [ 173.137739][ T7187] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000006 [ 173.137758][ T7187] R13: 00007f394c41ff68 R14: 00007f394c420010 R15: 0000000000000000 [ 173.137799][ T7187] [ 179.514540][ T7264] ima: policy update failed [ 179.522698][ T7265] netlink: 330 bytes leftover after parsing attributes in process `syz.1.299'. [ 179.532416][ T7265] : renamed from veth0_vlan (while UP) [ 179.538389][ T30] audit: type=1802 audit(6039554562.598:10): pid=7264 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.299" res=0 errno=0 [ 179.925901][ T7276] netlink: 8 bytes leftover after parsing attributes in process `syz.0.301'. [ 180.356296][ T7285] FAULT_INJECTION: forcing a failure. [ 180.356296][ T7285] name failslab, interval 1, probability 0, space 0, times 0 [ 180.408550][ T7285] CPU: 0 UID: 0 PID: 7285 Comm: syz.2.303 Not tainted 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) [ 180.408593][ T7285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 180.408616][ T7285] Call Trace: [ 180.408626][ T7285] [ 180.408641][ T7285] dump_stack_lvl+0x16c/0x1f0 [ 180.408692][ T7285] should_fail_ex+0x512/0x640 [ 180.408735][ T7285] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 180.408791][ T7285] should_failslab+0xc2/0x120 [ 180.408823][ T7285] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 180.408873][ T7285] ? find_held_lock+0x2b/0x80 [ 180.408907][ T7285] ? kstrdup_const+0x63/0x80 [ 180.408946][ T7285] kstrdup+0x53/0x100 [ 180.408977][ T7285] kstrdup_const+0x63/0x80 [ 180.409007][ T7285] __kernfs_new_node+0x9b/0x8a0 [ 180.409079][ T7285] ? __pfx___kernfs_new_node+0x10/0x10 [ 180.409135][ T7285] ? find_held_lock+0x2b/0x80 [ 180.409186][ T7285] ? kernfs_root+0xee/0x2a0 [ 180.409237][ T7285] kernfs_new_node+0x13c/0x1e0 [ 180.409270][ T7285] ? net_ns_get_ownership+0xf8/0x1b0 [ 180.409318][ T7285] kernfs_create_dir_ns+0x4c/0x1a0 [ 180.409359][ T7285] sysfs_create_dir_ns+0x13a/0x2b0 [ 180.409409][ T7285] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 180.409455][ T7285] ? find_held_lock+0x2b/0x80 [ 180.409499][ T7285] ? net_namespace+0x12/0x50 [ 180.409554][ T7285] ? device_namespace+0x76/0xa0 [ 180.409586][ T7285] kobject_add_internal+0x2c4/0x9b0 [ 180.409643][ T7285] kobject_add+0x16e/0x240 [ 180.409670][ T7285] ? __pfx_kobject_add+0x10/0x10 [ 180.409699][ T7285] ? get_device_parent+0x1c5/0x4e0 [ 180.409756][ T7285] ? kobject_put+0xab/0x5a0 [ 180.409814][ T7285] device_add+0x288/0x1a70 [ 180.409845][ T7285] ? __pfx_dev_set_name+0x10/0x10 [ 180.409880][ T7285] ? __pfx_device_add+0x10/0x10 [ 180.409911][ T7285] ? lockdep_init_map_type+0x5c/0x280 [ 180.409941][ T7285] ? __init_waitqueue_head+0xca/0x150 [ 180.409985][ T7285] netdev_register_kobject+0x182/0x3a0 [ 180.410036][ T7285] register_netdevice+0x13dc/0x2270 [ 180.410087][ T7285] ? __pfx_register_netdevice+0x10/0x10 [ 180.410143][ T7285] __ip_tunnel_create+0x4a8/0x680 [ 180.410188][ T7285] ? __pfx___ip_tunnel_create+0x10/0x10 [ 180.410233][ T7285] ? read_word_at_a_time+0xe/0x20 [ 180.410269][ T7285] ip_tunnel_init_net+0x22f/0x7d0 [ 180.410318][ T7285] ? __pfx_ip_tunnel_init_net+0x10/0x10 [ 180.410370][ T7285] ? trace_kmalloc+0x2b/0xd0 [ 180.410400][ T7285] ? lockdep_init_map_type+0x5c/0x280 [ 180.410453][ T7285] ? __pfx_ipgre_tap_init_net+0x10/0x10 [ 180.410511][ T7285] ops_init+0x1df/0x5f0 [ 180.410561][ T7285] setup_net+0x21e/0x850 [ 180.410612][ T7285] ? __pfx_setup_net+0x10/0x10 [ 180.410655][ T7285] ? lockdep_init_map_type+0x5c/0x280 [ 180.410687][ T7285] ? __pfx_down_read_killable+0x10/0x10 [ 180.410737][ T7285] ? debug_mutex_init+0x37/0x70 [ 180.410781][ T7285] copy_net_ns+0x2a6/0x5f0 [ 180.410836][ T7285] create_new_namespaces+0x3ea/0xad0 [ 180.410907][ T7285] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 180.410960][ T7285] ksys_unshare+0x45b/0xa40 [ 180.411011][ T7285] ? __pfx_ksys_unshare+0x10/0x10 [ 180.411058][ T7285] ? xfd_validate_state+0x5d/0x180 [ 180.411096][ T7285] ? rcu_is_watching+0x12/0xc0 [ 180.411146][ T7285] __x64_sys_unshare+0x31/0x40 [ 180.411196][ T7285] do_syscall_64+0xcd/0x260 [ 180.411246][ T7285] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 180.411280][ T7285] RIP: 0033:0x7f075658d169 [ 180.411306][ T7285] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 180.411337][ T7285] RSP: 002b:00007f07574b1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 180.411366][ T7285] RAX: ffffffffffffffda RBX: 00007f07567a5fa0 RCX: 00007f075658d169 [ 180.411386][ T7285] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 180.411404][ T7285] RBP: 00007f075660e990 R08: 0000000000000000 R09: 0000000000000000 [ 180.411422][ T7285] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 180.411440][ T7285] R13: 0000000000000000 R14: 00007f07567a5fa0 R15: 00007ffe366011a8 [ 180.411480][ T7285] [ 180.411496][ T7285] kobject: kobject_add_internal failed for gretap0 (error: -12 parent: net) [ 181.048109][ T7292] netlink: 8 bytes leftover after parsing attributes in process `syz.0.305'. [ 181.874841][ T7306] tipc: Enabling of bearer rejected, media not registered [ 182.631227][ T5152] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 182.640161][ T5152] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 182.649377][ T5152] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 182.658023][ T5152] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 182.667592][ T5152] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 183.787222][ T7326] netlink: 28 bytes leftover after parsing attributes in process `syz.2.315'. [ 183.838798][ T7320] chnl_net:caif_netlink_parms(): no params data found [ 184.742467][ T56] Bluetooth: hci4: command tx timeout [ 185.032183][ T7320] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.039846][ T7320] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.047086][ T7320] bridge_slave_0: entered allmulticast mode [ 185.070536][ T7320] bridge_slave_0: entered promiscuous mode [ 185.150670][ T7320] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.158019][ T7320] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.178299][ T7320] bridge_slave_1: entered allmulticast mode [ 185.186338][ T7320] bridge_slave_1: entered promiscuous mode [ 185.583882][ T7320] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 185.612394][ T7320] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 185.942810][ T7320] team0: Port device team_slave_0 added [ 185.979217][ T7320] team0: Port device team_slave_1 added [ 186.084258][ T7320] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 186.112132][ T7320] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 186.140437][ T7320] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 186.155053][ T7320] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 186.162361][ T7320] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 186.195451][ T7320] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 186.453945][ T7320] hsr_slave_0: entered promiscuous mode [ 186.470116][ T7320] hsr_slave_1: entered promiscuous mode [ 186.487388][ T7320] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 186.522934][ T7320] Cannot create hsr debugfs directory [ 186.828662][ T56] Bluetooth: hci4: command tx timeout [ 187.765024][ T7396] ptrace attach of "./syz-executor exec"[5839] was attempted by "./syz-executor exec"[7396] [ 188.367368][ T7408] netlink: 330 bytes leftover after parsing attributes in process `syz.0.330'. [ 188.385119][ T7412] netlink: 28 bytes leftover after parsing attributes in process `syz.2.329'. [ 188.890133][ T7320] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 188.898540][ T56] Bluetooth: hci4: command tx timeout [ 189.016662][ T7320] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 189.104776][ T7320] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 189.182399][ T7320] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 189.890096][ T7419] netlink: 8 bytes leftover after parsing attributes in process `syz.0.333'. [ 190.116995][ T3021] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 190.219759][ T7320] 8021q: adding VLAN 0 to HW filter on device bond0 [ 190.300495][ T3021] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 190.366288][ T7320] 8021q: adding VLAN 0 to HW filter on device team0 [ 190.441282][ T3021] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 190.485634][ T54] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.493689][ T54] bridge0: port 1(bridge_slave_0) entered forwarding state [ 190.524319][ T7422] kexec: Could not allocate control_code_buffer [ 190.580665][ T3021] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 190.620054][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.627339][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 190.978515][ T56] Bluetooth: hci4: command tx timeout [ 191.147288][ T3021] bridge_slave_1: left allmulticast mode [ 191.171969][ T7442] random: crng reseeded on system resumption [ 191.172400][ T3021] bridge_slave_1: left promiscuous mode [ 191.214216][ T3021] bridge0: port 2(bridge_slave_1) entered disabled state [ 191.354550][ T3021] bridge_slave_0: left allmulticast mode [ 191.398551][ T3021] bridge_slave_0: left promiscuous mode [ 191.420766][ T3021] bridge0: port 1(bridge_slave_0) entered disabled state [ 192.098086][ T7452] netlink: 4 bytes leftover after parsing attributes in process `syz.1.339'. [ 192.156331][ T7457] netlink: 354 bytes leftover after parsing attributes in process `syz.1.339'. [ 193.133891][ T3021] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 193.165823][ T3021] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 193.205087][ T3021] bond0 (unregistering): Released all slaves [ 193.695532][ T7320] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 194.035980][ T3021] hsr_slave_0: left promiscuous mode [ 194.055218][ T3021] hsr_slave_1: left promiscuous mode [ 194.079281][ T3021] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 194.109795][ T3021] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 194.139616][ T3021] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 194.147089][ T3021] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 194.196518][ T3021] veth1_macvtap: left promiscuous mode [ 194.219567][ T3021] veth0_macvtap: left promiscuous mode [ 194.225364][ T3021] veth1_vlan: left promiscuous mode [ 194.238944][ T3021] veth0_vlan: left promiscuous mode [ 194.880656][ T3021] team0 (unregistering): Port device team_slave_1 removed [ 194.934447][ T3021] team0 (unregistering): Port device team_slave_0 removed [ 195.632489][ T7320] veth0_vlan: entered promiscuous mode [ 195.656304][ T7320] veth1_vlan: entered promiscuous mode [ 195.781171][ T7320] veth0_macvtap: entered promiscuous mode [ 195.805260][ T7320] veth1_macvtap: entered promiscuous mode [ 195.853090][ T7320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 195.870874][ T7320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 195.885622][ T7320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 195.897986][ T7320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 195.910756][ T7320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 195.923206][ T7320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 195.937776][ T7320] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 195.966496][ T7320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 195.982504][ T7320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 195.994382][ T7320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 196.009723][ T7320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 196.024418][ T7320] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 196.039904][ T7320] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.052416][ T7320] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.062399][ T7320] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.078115][ T7320] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.198843][ T83] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 196.206725][ T83] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 196.269717][ T7012] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 196.277705][ T7012] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 199.463464][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.470065][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 260.902959][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 260.909485][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 309.059395][ T5152] Bluetooth: hci4: command 0x0406 tx timeout [ 322.344572][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.351056][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 334.498595][ T31] INFO: task dhcpcd:5506 blocked for more than 143 seconds. [ 334.505959][ T31] Not tainted 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 [ 334.513738][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 334.522841][ T31] task:dhcpcd state:D stack:23064 pid:5506 tgid:5506 ppid:5505 task_flags:0x440140 flags:0x00004002 [ 334.540834][ T31] Call Trace: [ 334.544169][ T31] [ 334.547135][ T31] __schedule+0x116f/0x5de0 [ 334.551858][ T31] ? __lock_acquire+0x5ca/0x1ba0 [ 334.556875][ T31] ? __pfx___schedule+0x10/0x10 [ 334.563057][ T31] ? find_held_lock+0x2b/0x80 [ 334.567802][ T31] ? schedule+0x2d7/0x3a0 [ 334.572496][ T31] schedule+0xe7/0x3a0 [ 334.576658][ T31] io_schedule+0xbf/0x130 [ 334.581234][ T31] bit_wait_io+0x15/0xe0 [ 334.585555][ T31] __wait_on_bit+0x62/0x180 [ 334.593641][ T31] ? __pfx_bit_wait_io+0x10/0x10 [ 334.599330][ T31] out_of_line_wait_on_bit+0xd9/0x110 [ 334.604785][ T31] ? __pfx_out_of_line_wait_on_bit+0x10/0x10 [ 334.611044][ T31] ? __pfx_wake_bit_function+0x10/0x10 [ 334.616575][ T31] ? __pfx___might_resched+0x10/0x10 [ 334.622311][ T31] __wait_on_buffer+0x64/0x70 [ 334.627059][ T31] __ext4_get_inode_loc+0x1085/0x1540 [ 334.632581][ T31] ? __pfx___ext4_get_inode_loc+0x10/0x10 [ 334.638434][ T31] ? ksys_read+0x12a/0x240 [ 334.642956][ T31] ? ext4_get_inode_loc+0xbd/0x160 [ 334.648132][ T31] ext4_get_inode_loc+0xbd/0x160 [ 334.653243][ T31] ? __pfx_ext4_get_inode_loc+0x10/0x10 [ 334.658921][ T31] ext4_reserve_inode_write+0x14c/0x320 [ 334.664538][ T31] __ext4_mark_inode_dirty+0x197/0x870 [ 334.675147][ T31] ? __pfx___ext4_mark_inode_dirty+0x10/0x10 [ 334.681480][ T31] ? rcu_is_watching+0x12/0xc0 [ 334.686315][ T31] ? trace_jbd2_handle_start+0x1a8/0x230 [ 334.693287][ T31] ? jbd2__journal_start+0xf6/0x6a0 [ 334.698723][ T31] ? __ext4_journal_start_sb+0x195/0x690 [ 334.704422][ T31] ? __ext4_journal_start_sb+0x19e/0x690 [ 334.710268][ T31] ? ext4_dirty_inode+0xa1/0x130 [ 334.715269][ T31] ? __pfx_ext4_dirty_inode+0x10/0x10 [ 334.724408][ T31] ext4_dirty_inode+0xd9/0x130 [ 334.729302][ T31] ? rcu_is_watching+0x12/0xc0 [ 334.734124][ T31] __mark_inode_dirty+0x1eb/0xe50 [ 334.739470][ T31] generic_update_time+0xcf/0xf0 [ 334.744468][ T31] touch_atime+0x4ee/0x5d0 [ 334.749019][ T31] filemap_read+0xc85/0xe90 [ 334.753597][ T31] ? __pfx_filemap_read+0x10/0x10 [ 334.758790][ T31] generic_file_read_iter+0x344/0x450 [ 334.764218][ T31] ext4_file_read_iter+0x1d6/0x6a0 [ 334.769482][ T31] vfs_read+0x8c8/0xc70 [ 334.773710][ T31] ? __pfx_vfs_read+0x10/0x10 [ 334.779787][ T31] ? __pfx_do_sys_openat2+0x10/0x10 [ 334.785164][ T31] ksys_read+0x12a/0x240 [ 334.789718][ T31] ? __pfx_ksys_read+0x10/0x10 [ 334.794542][ T31] ? rcu_is_watching+0x12/0xc0 [ 334.801915][ T31] do_syscall_64+0xcd/0x260 [ 334.806515][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 334.812552][ T31] RIP: 0033:0x7f5aa5ce0b6a [ 334.817025][ T31] RSP: 002b:00007ffc06b66a38 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 334.825628][ T31] RAX: ffffffffffffffda RBX: 00000000000100a0 RCX: 00007f5aa5ce0b6a [ 334.836714][ T31] RDX: 00000000000100a0 RSI: 00007ffc06b66ad8 RDI: 0000000000000018 [ 334.844787][ T31] RBP: 0000000000000018 R08: 0000000000000000 R09: 00007ffc06b76bc8 [ 334.856835][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff [ 334.864925][ T31] R13: 00007ffc06b66ad8 R14: 00007ffc06b66ad8 R15: 0000000000000000 [ 334.873138][ T31] [ 334.876242][ T31] [ 334.876242][ T31] Showing all locks held in the system: [ 334.884033][ T31] 4 locks held by kworker/u8:0/12: [ 334.889259][ T31] #0: ffff88801f682948 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 [ 334.900601][ T31] #1: ffffc90000117d18 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 [ 334.912776][ T31] #2: ffff88814e7120e0 (&type->s_umount_key#31){++++}-{4:4}, at: super_trylock_shared+0x1e/0xf0 [ 334.923497][ T31] #3: ffff88814e714b98 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: do_writepages+0x1b2/0x820 [ 334.935251][ T31] 1 lock held by khungtaskd/31: [ 334.940280][ T31] #0: ffffffff8e3c15c0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0 [ 334.950996][ T31] 3 locks held by kworker/u8:8/3021: [ 334.956330][ T31] #0: ffff88801c2f6148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 [ 334.966903][ T31] #1: ffffc9000b737d18 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 [ 334.977206][ T31] #2: ffffffff90118690 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xc9/0xb30 [ 334.987011][ T31] 2 locks held by dhcpcd/5506: [ 334.992317][ T31] #0: ffff88814e712420 (sb_writers#4){.+.+}-{0:0}, at: filemap_read+0xc85/0xe90 [ 335.001633][ T31] #1: ffff88814e716950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0x5e4/0x1410 [ 335.011633][ T31] 2 locks held by syz-executor/5828: [ 335.016949][ T31] #0: ffff88807abcb588 (vm_lock){++++}-{0:0}, at: do_user_addr_fault+0x452/0x1370 [ 335.026394][ T31] #1: ffff88814e712518 (sb_pagefaults){.+.+}-{0:0}, at: do_page_mkwrite+0x171/0x380 [ 335.036303][ T31] 2 locks held by getty/7019: [ 335.041131][ T31] #0: ffff888031b1c0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 335.051118][ T31] #1: ffffc9000b24b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0 [ 335.061402][ T31] 2 locks held by syz-executor/7320: [ 335.066736][ T31] #0: ffff88814e712420 (sb_writers#4){.+.+}-{0:0}, at: filename_create+0x10e/0x4a0 [ 335.076340][ T31] #1: ffff88805f4e8e20 (&type->i_mutex_dir_key#3/1){+.+.}-{4:4}, at: filename_create+0x1bb/0x4a0 [ 335.087220][ T31] 2 locks held by syz.0.340/7450: [ 335.092314][ T31] #0: ffff88805ea9c1c8 (vm_lock){++++}-{0:0}, at: do_user_addr_fault+0x452/0x1370 [ 335.101774][ T31] #1: ffff88814e712518 (sb_pagefaults){.+.+}-{0:0}, at: do_page_mkwrite+0x171/0x380 [ 335.111547][ T31] 2 locks held by syz.1.342/7465: [ 335.116596][ T31] #0: ffff888026b8d1c8 (vm_lock){++++}-{0:0}, at: do_user_addr_fault+0x452/0x1370 [ 335.126220][ T31] #1: ffff88814e712518 (sb_pagefaults){.+.+}-{0:0}, at: do_page_mkwrite+0x171/0x380 [ 335.136120][ T31] [ 335.138887][ T31] ============================================= [ 335.138887][ T31] [ 335.147337][ T31] NMI backtrace for cpu 0 [ 335.147353][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) [ 335.147386][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 335.147399][ T31] Call Trace: [ 335.147406][ T31] [ 335.147415][ T31] dump_stack_lvl+0x116/0x1f0 [ 335.147451][ T31] nmi_cpu_backtrace+0x27b/0x390 [ 335.147478][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 335.147507][ T31] nmi_trigger_cpumask_backtrace+0x29c/0x300 [ 335.147537][ T31] watchdog+0xf70/0x12c0 [ 335.147565][ T31] ? __pfx_watchdog+0x10/0x10 [ 335.147585][ T31] ? lockdep_hardirqs_on+0x7c/0x110 [ 335.147618][ T31] ? __kthread_parkme+0x19e/0x250 [ 335.147653][ T31] ? __pfx_watchdog+0x10/0x10 [ 335.147675][ T31] kthread+0x3c2/0x780 [ 335.147697][ T31] ? __pfx_kthread+0x10/0x10 [ 335.147717][ T31] ? __pfx_kthread+0x10/0x10 [ 335.147738][ T31] ? __pfx_kthread+0x10/0x10 [ 335.147758][ T31] ? __pfx_kthread+0x10/0x10 [ 335.147779][ T31] ? rcu_is_watching+0x12/0xc0 [ 335.147807][ T31] ? __pfx_kthread+0x10/0x10 [ 335.147829][ T31] ret_from_fork+0x45/0x80 [ 335.147852][ T31] ? __pfx_kthread+0x10/0x10 [ 335.147873][ T31] ret_from_fork_asm+0x1a/0x30 [ 335.147920][ T31] [ 335.147928][ T31] Sending NMI from CPU 0 to CPUs 1: [ 335.281275][ C1] NMI backtrace for cpu 1 [ 335.281306][ C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) [ 335.281336][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 335.281351][ C1] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 335.281392][ C1] Code: 55 5f 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 93 bc 19 00 fb f4 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 335.281415][ C1] RSP: 0018:ffffc90000197df8 EFLAGS: 000002c6 [ 335.281434][ C1] RAX: 000000000010915b RBX: 0000000000000001 RCX: ffffffff8b703439 [ 335.281450][ C1] RDX: 0000000000000000 RSI: ffffffff8dbeb4de RDI: ffffffff8bf44f80 [ 335.281465][ C1] RBP: ffffed1003b59b40 R08: 0000000000000001 R09: ffffed10170a65bd [ 335.281481][ C1] R10: ffff8880b8532deb R11: 0000000000000000 R12: 0000000000000001 [ 335.281495][ C1] R13: ffff88801dacda00 R14: ffffffff90867f10 R15: 0000000000000000 [ 335.281511][ C1] FS: 0000000000000000(0000) GS:ffff888124ab9000(0000) knlGS:0000000000000000 [ 335.281534][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 335.281550][ C1] CR2: 000055ffc5378e00 CR3: 000000000e182000 CR4: 00000000003526f0 [ 335.281565][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 335.281579][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 335.281594][ C1] Call Trace: [ 335.281601][ C1] [ 335.281609][ C1] default_idle+0x13/0x20 [ 335.281637][ C1] default_idle_call+0x6d/0xb0 [ 335.281659][ C1] do_idle+0x391/0x510 [ 335.281693][ C1] ? __pfx_do_idle+0x10/0x10 [ 335.281724][ C1] ? trace_sched_exit_tp+0x31/0x130 [ 335.281764][ C1] cpu_startup_entry+0x4f/0x60 [ 335.281796][ C1] start_secondary+0x21d/0x2b0 [ 335.281820][ C1] ? __pfx_start_secondary+0x10/0x10 [ 335.281848][ C1] common_startup_64+0x13e/0x148 [ 335.281888][ C1] [ 335.282314][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 335.477837][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) [ 335.489647][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 335.499713][ T31] Call Trace: [ 335.502993][ T31] [ 335.505929][ T31] dump_stack_lvl+0x3d/0x1f0 [ 335.510556][ T31] panic+0x71c/0x800 [ 335.514481][ T31] ? __pfx_panic+0x10/0x10 [ 335.518925][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 335.524329][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 335.530339][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 335.535751][ T31] ? watchdog+0xdda/0x12c0 [ 335.540190][ T31] ? watchdog+0xdcd/0x12c0 [ 335.544633][ T31] watchdog+0xdeb/0x12c0 [ 335.548964][ T31] ? __pfx_watchdog+0x10/0x10 [ 335.553668][ T31] ? lockdep_hardirqs_on+0x7c/0x110 [ 335.558902][ T31] ? __kthread_parkme+0x19e/0x250 [ 335.563970][ T31] ? __pfx_watchdog+0x10/0x10 [ 335.568667][ T31] kthread+0x3c2/0x780 [ 335.572751][ T31] ? __pfx_kthread+0x10/0x10 [ 335.577392][ T31] ? __pfx_kthread+0x10/0x10 [ 335.582001][ T31] ? __pfx_kthread+0x10/0x10 [ 335.586615][ T31] ? __pfx_kthread+0x10/0x10 [ 335.591231][ T31] ? rcu_is_watching+0x12/0xc0 [ 335.596022][ T31] ? __pfx_kthread+0x10/0x10 [ 335.600630][ T31] ret_from_fork+0x45/0x80 [ 335.605099][ T31] ? __pfx_kthread+0x10/0x10 [ 335.609738][ T31] ret_from_fork_asm+0x1a/0x30 [ 335.614574][ T31] [ 335.617876][ T31] Kernel Offset: disabled [ 335.622235][ T31] Rebooting in 86400 seconds..