last executing test programs: 12.023185467s ago: executing program 3 (id=256): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), r0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_STATS_GET(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=ANY=[@ANYBLOB="ec9c829f9ac3e85f0079b563bd621773120bcbb160895b739c029a7c6a132fd06d0eb15310499b7912e005a8b4eb7c523cece0a525b62d4e8679171ebff2e5ffe6285d5f910a5a4861bfe380711a6e8952831017e83fbd9d8cd9f8d4b7f9c33db501d426968031adf6c54488c0da714cd44b1d8142280cf7b7d15af15c4007af00", @ANYRES16=r2, @ANYRES8=r2], 0x2c}}, 0x4) mmap$auto(0x2, 0xaa06, 0xdf, 0xeb1, 0xffffffffffffffff, 0x2) close_range$auto(0x2, 0x8, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000740), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_COALESCE_SET(r3, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002dbd7000fcdbdf25140000000c00018008000100", @ANYRES32=r5, @ANYBLOB="080017"], 0x28}, 0x1, 0x0, 0x0, 0x80c0}, 0x0) read$auto_proc_pid_maps_operations_internal(0xffffffffffffffff, &(0x7f0000000180)=""/98, 0x62) r6 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000240)='/proc/fs/lockd/nlm_end_grace\x00', 0x8282, 0x0) read$auto_proc_reg_file_ops_compat_inode(r6, 0x0, 0x0) syz_genetlink_get_family_id$auto_nl802154(0x0, 0xffffffffffffffff) r7 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) adjtimex$auto(0x0) r8 = openat$auto_proc_pid_attr_operations_base(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/attr/exec\x00', 0x101002, 0x0) write$auto_proc_pid_attr_operations_base(r8, &(0x7f0000000200)="a597d9ce6359203d", 0x8) write$auto(r7, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x0, 0x4000c, 0xdf, 0x9b72, r0, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) r9 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x181101, 0x0) write$auto(r9, &(0x7f0000000040)='nbd\x00', 0x4) setresuid$auto(0x2, 0x7, 0x8080) ioprio_get$auto(0x3, 0x2) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000d80)='/sys/kernel/security/tomoyo/query\x00', 0xc0080, 0x0) swapon$auto(&(0x7f0000000dc0)='/sys/kernel/security/tomoyo/query\x00', 0xd) 10.856564979s ago: executing program 3 (id=262): mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0xc, 0x40008, 0xfff, 0x9b72, 0x7, 0x5) openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x400, 0x0) ioctl$auto_UI_SET_LEDBIT(0xffffffffffffffff, 0x40045569, &(0x7f00000003c0)=0x4) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x4, 0x0) r2 = open(&(0x7f0000000140)='./bus\x00', 0x0, 0x1) r3 = socket(0x6, 0x2, 0x2) ioctl$auto_XFS_IOC_ALLOCSP(r2, 0x4030580a, &(0x7f0000000280)={0x8, 0x6000, 0x200, 0x6, 0x4546, 0xffffffffffffffff}) waitid$auto_P_PID(0x1, r4, &(0x7f00000004c0)={@siginfo_0_0={0x2, 0xff, 0xac, @_sigfault={&(0x7f0000000440)="f80503bf83c0f51c3d6f67eebb9cf2fadeeee1784639029609c746d39eba375058f4e3609a05312b4d64f35592a7eff7291b80b2f143eea0c235063396f1b6685acab95206f07a4b976b63839af46a7c6c2caebd7531a595", @_addr_pkey={"81ba01618e2ede11"}}}}, 0x6, &(0x7f0000000540)={{0x55, 0xc0c5}, {0x3ff, 0x4}, 0x6c, 0x0, 0x8, 0x1, 0x5, 0x36, 0xfff, 0x5, 0x6, 0x4, 0xfffffffffffffffa, 0x62b11cbb, 0x7fffffff, 0x8001}) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r5 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYBLOB='^\x00\''], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) sendmmsg$auto(r5, &(0x7f00000002c0)={{0x0, 0xe, &(0x7f0000000100)={&(0x7f00000002c0), 0xfc2}, 0x2, &(0x7f0000000680)="65f250e641f9cd7e869602665644d8b217a0671d0c67cd5d0c1a53bd5592d2d80288d1bdd6e8a366cfa1bb342e0cc1ffce97b76ff33f5c806b83555937d4f2b2bb8fda336ccf2c3e8a2bd05418b20db64c97dd07a2a51e14eeeeaf1fae85b806a32a1923476ae84a0be5cd16f6d916a8377e42163eaaeea4679194171e1b5233", 0x6, 0xa505}, 0x801}, 0x1007, 0x6008) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r1, 0x8000) socket(0x29, 0x2, 0x0) r6 = socket(0x11, 0x2, 0x0) sendmsg$auto_ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x20000841}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="000000b37aea86b96f4c0400", @ANYRES64=r3, @ANYRESOCT], 0x1ac}}, 0x40000) recvmmsg$auto(r6, 0x0, 0xfffffff9, 0x10, 0x0) madvise$auto(0x110c230000, 0x8031ca, 0x9) mmap$auto(0x0, 0x20009, 0xdf, 0xeb3, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x9, 0x0, 0x0) io_uring_register$auto(0x2, 0x9, 0x0, 0x0) close_range$auto(0x2, 0x8000, 0x0) socket(0x6, 0x3, 0x3b) 9.844245845s ago: executing program 3 (id=266): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x406, 0x0) poll$auto(&(0x7f0000000d40)={0x3, 0x3, 0xa}, 0x5, 0x3fc) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) io_uring_enter$auto(0x3, 0xa84, 0x7ffffffe, 0xa, 0x0, 0x46) mq_open$auto(&(0x7f0000000040)='/dev/audio1\x00', 0x5, 0x0, &(0x7f00000000c0)={0x7, 0x1077ef97, 0x1, 0x7}) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0xffffffffffffffff, 0x27fff) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x686b05, 0x0) mmap$auto(0x2, 0x88b, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000500)='/sys/devices/virtual/block/ram12/queue/read_ahead_kb\x00', 0x80000, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000080)={0x0, 0x4}, 0xb) bpf$auto(0x1, 0x0, 0x4) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x3, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0xc02, 0x0) connect$auto(0x3, &(0x7f0000000000)=@in={0x2, 0x0, @rand_addr=0xfffffffe}, 0x55) socket(0x22, 0x3, 0x1) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) mmap$auto(0x200, 0x400008, 0x200, 0x9b72, 0xffffffffffffffff, 0x6) 8.258419478s ago: executing program 3 (id=270): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttynull\x00', 0x0, 0x0) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/ipv6_route\x00', 0x80000, 0x0) pread64$auto(r1, 0x0, 0x200000000004, 0x4) (async) ioctl$auto(0x3, 0x402c542b, 0x38) (async) ioctl$auto_TIOCSTI2(r0, 0x5412, 0x0) read$auto(0x3, 0x0, 0x80) ioctl$auto_SOUND_MIXER_WRITE_RECSRC2(r1, 0xc0044dff, &(0x7f0000000080)="fb9c832950a706236a09935e7e8b78bdea0a595a10e32b8bf25f2011466613dce13e5e371fdaaa5f7aa9b67312e64d5f612597057264120c55e744e36ccd0184517f69213fc3098242db11c4187133980962db821fd40e5696eec37e1e759fcef5e9ef07db7313b6b2a8ac9488e18c863a6edd41e57511e5243e7a28eeed264c78a9fd48add605e0478b5c9a2b5079b7a738d77691ef47b072b0e8bc34b2882c0e267cad6d25bdfce7f59089fc84686ff0900b9e850c1efd4773d78d216ba2184f6927ba554a95b412f7457810609e5dc4a16f2951c6c180d721e5377ed9660c3adea7ccd1fc40fcc187a23ba37390c3e7413ae2853bf9719ef9b5b388c921b40366c21e0b7b1ae186c48b6aa168ffa1e4b9c093c076793083fc6ead545b98c9625ba6041514780112f867a6e00c8f0b6186510fc26cfa886c199659ed88af07207ea76a63af0ee5c7482ca39fe99b11102d1a2d8ce5130e7bf92f8e33e3503f5270b362aec8d615605a1e179654eb2c1903bbdef77e4ddc591c7594889a8aca114adb63a1ede343f4f4d4125ed5b587a8c1a0191c749056ee47dca4212491cb71a506f1b8cdad1fa316f60a83798f9fe793b75f0c9f7074a2f8d9b47a2b31b87793ddb26344039ead921f30435e3ea86d1218cadff76c3085553a43ae4f79446f9556d668f7b9db538f4fabf3d22274f812d41ead43d1fde1b7f39771718686af73cd9e4b6e6c3b9518daa1c2ae2e759be75cdcc43216666e5f865b7ef95d570ea14d852a7d9907350db3e8875adb6892a4f5fd565de7fb21dec53e2440f4bf9372740ad4356e90225b6316bf2e312c1edf10cc8c270dfb13c695f3aa6e9f97ae93566bd592097e180e57ad19aca03b49accac345da53c874806c647daa30cc6a783adbb8a1dec7860f8f877bd5faecefa8504dc8b4fa382b39d740e06059060712e2dfdd26f7d231ff0cf41555bc9b2d4c2725c6c623430d6695158023488488d79b93d31f55231c4f8d619607b26b2754d4c327742a27dc27bb0d1e69aab6526a5ac6a1e4d8b3bce1f066932706207c460be7c5b0a72b8b3b4b835e7bfe319a75bf42436b3fb8f27140f01cdae07717bb1253aa696cb3ae6ca5fb0d65c67edfc2a1b12759e6295db4d896bc1c5621f97dcb9f4cebfe70281a4431c1ed6616473970c7fa965aa883c31a68b1b504db00ce54f946cda60c89d80eebe0e1e23592e1fd1b48a70893bf9f30365baa1083506e2717e14fc38d7b86bcac09b2760396f0b0e0d8bddb66c1db264c710cb59153bc87fc47b32a4ae11d697d102adc1a6a9613b4fdd699c18157dc77297b716a3322406ec5f13573cc608d40d765950f0be1aed5ed9cdb849e2b7d2b696c4f628744b5921220fcae3f92e315fc20d1c3b502b776b00ab81f1bb0391ae2d3f05377f284763b313ac6fb9886128a25f378c58237c3b472cf4a428246cffdee1ae6c452d4cbe1b4dfe2b0cc26ba1c4d93570bf46d7598ad071946ce9de8594c0e3490f88d81a9938a6c7f98f786e63561c5b64f54339606c751ff78c63804e4625e281c581d0acb933b5f775b8cd9383bb34fce6c9f68b2093c256479d19a0e567e1cefbdc24e5e0d77f245fbae2fb8021e259ef451957a56f89a2e6f4306e41a08a78ced063dc0b9fc4586194b8d66cc4904c8c65b31b6434ca5443429ab4256faf97a639fdb0ad1ad87164a87e5c9121ffd8a8e1501cf6f4d82240ea7ec78a1debbd5a5f4af41654f040b90fbd69939b9dac11f6e34f0e783becf1a5eeaf60dc16c0650802aab43e358f3f0197a3cd9f8655ad2619d32046cc6078d9b6846c020c5eca8fd8ad8b6ddb1d797c7f24573a3bd5fe6a8eb36d8fc313d2ebcc1ceb9baabdfb895e9c2d5e34101dcbb520403609eeabe2e668147464e6ffe8baeed55de0cc23719e33e31528d4bfb25b30315fdd4e85e9b894a8386ad9f677866b9b0526f61221708d565b8a9cb5f8737618c3640bea1e51b34886b2bcadcb7cb86dafb9bf03d413d93eb7f13df6031316dfb62411753e89d98683dc05feecb009141cd1758c20d29d8c2cd24b430140a8e77e9dbf796ac46e39d914db74da632f54d638e25a26f65c45cead33ed01759627b38cf6bb67eb18aa7272b2b5801088c2b8c7661be67225e3bc9a0274c2a89c71178577fba4d56c46cc43a356a1a95eca60d1ba5c99853d2a6d0cd54486501fd55cb0273c2969a665d54082f03003341a7fae773f1f8c8e8e5188e15532add92926fbc6356699fa2e2f1937b1cbf8e42577a532361fa60a04743dfd48288b0a1651b614486eb8cb38974d5d41af813ceead950a9b33f4f682d3452d35a83c6f911bb46dcd6bac50fefac8646b3b9d445951d2ecd3f4a79a5a007032350c2ec2d4c904aef24d34805e5ebf7da17651594cc237e99355db431d3c8b41bebc8033b44919b84f82abf3314e7319e85ca23610c93d899b9e40b535a90d748667d5e34147301837737eabcbcf6194282d7fc746b22c4bc72f43e6b86ecad4477e567d4d52f543dbdef1d66abe10dd450f86cdfc20bf3bb1e95572871f3db85bd4fe4a80ca497a9baca67c21f28f4dbfb34dea2dc11a1a76872d700b6615f992ad99a6cfb82bc07e126e9b06ba3e7a8743d21eb53fe750ce38014e3853ae4849596fb683bbcd52585fe2c640d0e4b6c6feacf70c22a07094110c443903a4b6c9b0c3e8771a73936519f7628645e7180901b527fb3bd9bff72c07d9af330ad620105bed7a53407edfba5cbc0ecef7701afffaf410c5853820907127a587236f3ffca682a91a00bdd35bea837b781671c935182b48eb3f2bd9b000025ecbdb39126bd2cb0974c52797fd51993bf865ab3ff32033830af633ec5b5cbd63bd0d57a74b444f7d7ad3a17a5108ca6a8474c9c107776a9a1ed88174ae7c8df33d0953de95b87e3c89e028a676579f4b9beab282bef45310b9ac93a19208ec3adf267c5f2559759daab7d57251afd7f27e18db89b3365c5f971e37b6e048524790bca34d3fd053263ab7e2f5a3a4480a7c0704e9f2a82a27556619ebed8d0d235da6293d271e7253cc49eca9fdc762197986a4e6dcf4ee582591a2b2f19875b40f374c4ab6eaee4ee7021f16812625f8c87abc92190481552f95768e75b461304cbc3f98a60a0155c6d9cd96e96bb9bee2d4751ec13995304e149bf1d8527d56b0a55c2a0594b946fd590c8776010efd17204674bfa02c1cdc61a92c3f87bba9bc2aaab76eb5f4fc97b9f88120dbab1c133aaeddf8948101b564670755941606e5d62376514b3bb3a3d718042091bddc7656f1b080cbc9477a138bc6e72b9d484900612a5892459a40c1e407203dc4bbac635ea9cefca027c9e68ef4c6485836bd526049d03073bf54eaea16b8b6a310687e01b2d40ddc73d56679dc5b163b67482452d9e83d28e460d001c69259aeffb2ab65ec7b013c436de6c063c77dc2c83f7329528073c49673e60fc5119caf2fe279be802cc5902e3637d05717cf5e79a700b40601df884d2271fdc6614c054214f3833e459d1623f6477deea32d94bd6399ae35d2a9a0afa3d189a5e93ad8b34dd8be5def2d9fe510ad40389f5fb04207ed5056c0ad2a8f6d4b316388fb967a912c459aa262d6ca81cfda99024871223f727a9b748b4dab126337c2e1e91f9e2d679f689e7c8426f2dfa0d81422e079b7af796d834bc54e1ca1ab7918806785adf440644a8c25409084be4f63dda181b9041aa9ee1e6a1afb6b50dffd80b2ecab871367c14aca9297e65f889336b9d019bc4c977b423a66640e1cf023ea51d7420aa711ce4b5dd291047193cf7e848e262efa8b35f09ed6fb335912039f6040e11b0cdc88ecd36bb4bbacf00d73e43fec95b6fe608ffbdae6193d73fb6fd9ca70abfab6be3bf6edb33c6ddb437e7f52e83e20aa4cc7e0d27de2e17bb605471e4418807b2ab101d64156948b4e6efed7ea8a237548cd7c76f72fb3c15eb54888bcc48f795b51f24a14d3d9b727ea2bd326d0c4eb94b3b8ad945f66b3f4bbf753f6a4813bd519bb9bcfbe6500155f3fd0337991950d57b371700f6726d9232ff799fe14391dbf6891afb5cdeaf0c42a13a058bbbf1a4f88bcfa9905df2b0ee9b4bc57d2033e7f201f7f6262b6741397a8b2defd64a30d0e7e69affa702a410330371b7cdd533489b479efc4f41bb122aae7b3250fb403e5aea4851b91d1843a30f184d8c987d61868cd7a382f6a6bd62d934154dd0d0c9c3846aed255b6a0844cbdee589afc3d03d1416ff5888a36c721fed385e2e3d71067bdb502f024f26e21fe4e1aabbb890b5eb93e56a8e988dd86916d6b00feff5775cc512ba617fd8ee151a91a504ad8fbb2aec776db90ad3eff8960ca9148e3af24bc12aa3af32d3c30c6ba0f1a78aae7bef5123e09e199696afd94ea63e585c96f7d49645e4afe128da8f1c770c29d4cd42eb037f686996527e4fa44e4d6383ec5ece11946d6874ecb3ff5f35e11f10a1a8cc52208179c21293736f3568e8c1a3282a735549f83a1b51042479be12723f15e1a780ea30acabaefb0890029287296562558ed747346d09f28177f9bd954763352c47f7f7305e3350c2eb6e7e1f113c42e5a35a01d4881a4b6a92627d79f241ea627658c6080ae090a75c3dd369367ef5e501962ec0e193ca5e5542e41b9b17c3f58c27eb9709450f8d9509c5a5ff68212506a4859c9be919e39f3fdc25b1c3169413919fc3d7b7718977ad036a3e1dbdc4b724b7a77bfab841788cd4fc1525119edfdb97280147ee7545bd2698d5591d68de41f28b7ad737e101524e75c0ab601d4a2bd39d5fd17cc67104e3f1433f3e28186bbcf1211ec7463a046d87253a9b6983130f25a759c04d18811ca9eae69e37926c41ef027ddb872d8604a17d9e0e7b75aa3df53e52ea1e754e3a4a89400b5415131d30264b903e996bf81ca225c240059a1ae96f7395ad731cf14964f1f4921ef7e6927c23b170f6d260801608636d4ce4947b60b50a22b5c23264608d4092651b69fa0c7b975d7d90866eb1d47b4527bda9596e5cc61a5a96813e05e3687d12a46a8ea721929c25136b4b32d70ca31bac61e776d0ff67b36f089faa1bb03bef7e99e48eb59dfa383a7d407f541c164d5a902ac669321770b6fedb78f17540a12e017a48e6289831fd4ddb84683e88f776cfcaf590ade8f0f047c6d185bd1b7fca04c1b27a6221cb1e949e1b30b7ace1233eaceab82b705ac93f60d2e6653f19b6e6d33212fab1f5a32f98983b097fd5ab02d79fdbcb82c585e29a995235545f248c65d0ce6f612a9e22078d75438abc7ea96faf75efdf8cfceee57a703756ad6d0e069d6ed2cb8f922c93f13043151498baf925ef93e6d9de9304a8417bb8b7441eafcc64da83e0c73572794135c17d96c815a80783275f0f18afd41329091c6ef1176361de3d13172bc8a13b10b07409d5c8c2f7e47e0aa4327c8874bcaffe1c81e901c13b91c930e9fbe1957e2794b686a4c41e5dfa370ca4b3bf74391ead7c1a71bd91c8875a54d199f23be602678cc60bbf5774bea1f6a34d44a58d442c7c136bb40e734c27cc16f989e719d1ac1f8ddb792303d9cfce89d2bbd9f46ed099cabaa6a3faa3fd2fc55585e484441ab0dee81a20883f6e1c3b04f1b6a4e8c1c8377caed7bcccd413fba246f96f7f7f33c1eb364c95e0660d8f6646cb9d5cf57970cb8e77bb2ae4fa83132016dabb6abd93b55f5dbbea4cab3c17799068d5815588bc760177c06ddd8011a3b7bdf063f43a5d02b6824fd21a12bfb28596") (async) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/system/cpu/cpuidle/current_governor\x00', 0xa42, 0x0) r3 = io_uring_setup$auto(0x59, 0x0) ioctl$auto_SNDCTL_SEQ_OUTOFBAND(r3, 0x40085112, 0x0) (async) ioctl$auto_SNDRV_PCM_IOCTL_WRITEI_FRAMES2(r3, 0x40184150, &(0x7f00000010c0)={0x77b73984000000, &(0x7f0000001080)="6302", 0xffffffffffffe68e}) sendfile$auto(r2, r2, 0x0, 0x1) 7.32647764s ago: executing program 0 (id=273): capset$auto(0x0, 0x0) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) select$auto(0x0, &(0x7f0000000040)={[0x9, 0x4, 0x34, 0x9, 0x1, 0x1, 0xa, 0x6, 0x5, 0x10000, 0xfffffffffffffffc, 0xcf, 0x4, 0x213, 0x5, 0x7ff]}, 0x0, 0x0, 0x0) sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000140)=ANY=[@ANYRES16, @ANYRESOCT], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x800) (async, rerun: 64) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/all/addr_gen_mode\x00', 0xa0202, 0x0) (rerun: 64) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r0, 0x4b67, 0x1) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/veth0/accept_ra_pinfo\x00', 0x2000, 0x0) read$auto(r1, 0x0, 0x1ff) (async, rerun: 64) write$auto(0x3, 0x0, 0xfdef) (rerun: 64) unshare$auto(0x40000080) (async) write$auto(0xca, &(0x7f0000000400)='\x04>\x00\x1d\xa4\xd2\xc3\xec&9\v\xbc\xdein\xe1G8\x02\x18\x00\x00\xd3b\x01\xbd\x9b@\xb0\x00\x00\x00\x84\xa2\\\x15\xc4>\xa9\x82,\x95\xeeH\xf8}v\xb3\xcb(\xa90Abe\xc3\x8c\xcc\xe7\xb8\x00F\x89#\xb4\xf0F\xa1GH\xb5\x8f\x9dZ~\xea\xa3\x93\xc2\x04\xe1;b\x99\x97}Z\x7f\x0f\x90\xce\x85-e\xb6n\xbc\xc6=\xf8\xce\xe7\x1e]\x85|\xce\xd7L\x9b\xd3lb\xc5\xee\xdb\xcb\xbb\xd8\xd9\xd3\xf8 \xe9e\xe5\x80\x1c7B+]\\!\xcej}H\x03x\x83Z\x98\xb8\t\xde\xd4\xf5\xf32\xccR\xaa\xdd\x16\xab\xd8\x1d\"\xc7\xa5\xe1k\x1d\xd9k\xc6\xb2\xa7\x97\x9a\xf6\xfe\xef\x1a\xbd\xcb\xb8*\x8b9\x00R\xe9)?Em\xb2\xac\xd1\xf6\xff\xc1\xc7\xbdl\xa2+tI\xa3\xa8\xabVe\x87\xa9\xae9\x82\xd2.SCt\xcc\x8c7\x7f\xdc\xc3\xfb\x94\xfc\xdfc+\x04\xfb\xf5$\xecO1@\x99l;\xd3X\xd5\"\xec\x17hR\xc5\x99\x8b\x9f\xf3\xf48%\xfa\xf2\x1d\xc5\x10T\x83p0\xd7]\x83{\x81\xdei\xd2\xfc\xfd=3K\xc3\xfe\x12\x98\x8b\xbe\xd1+\xc4r\x7f\x8f5\xcc\xa6\xd8>k\xcc\xee\xe0\x9bW\x0e\xc63\x84^\xde`\xd2\xe8\xfc\x02\xef\xa4\xdc\xd0A\xd5`?9D\x1c\x1b\x1b\xd5\xcb\xfb\x03I\xc9\x97\xac#\x0ee\xc8ltL\x88\x17m~aA%\xd3\xaf\xaa6hf\x9b\x83\x02A\xb0\xf6\x14\xb3\x18B\xfd\x9ai\xf8j \a\x1es\xa3U\x98sqq,\xd2A4?l\xa2\x9c\xc9\x9fa\xe8\x99qw\xf3\x18\x12R+(%x\xb6\xf8\x92\xa5\xe4\xdd\xe9\xf2\x0e\xc8', 0x100) (async) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000180)='/dev/input/event1\x00', 0x30dc02, 0x0) (async) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) socket(0x2, 0x1, 0x106) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/platform/i8042/serio0/set\x00', 0x80302, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyz9\x00', 0x800, 0x0) (async, rerun: 32) io_uring_setup$auto(0x6, 0x0) (async, rerun: 32) openat$auto_uhid_fops_uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2201, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20342, 0x0) (async) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x101401, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14f602, 0x0) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xa041, 0x0) (async) socketpair$auto(0x1b, 0x9, 0x20000, 0x0) open(0x0, 0x14d443, 0x0) (async) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x8000, 0x0) (async) r3 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0) ioctl$auto(r3, 0xc10c5541, r2) 7.218548348s ago: executing program 3 (id=274): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001d80)='/sys/devices/virtual/sound/ctl-led/speaker/card0/attach\x00', 0x1, 0x0) rseq$auto(&(0x7f00000001c0)={0xe, 0x6, 0x0, 0x9, 0xffffffff, 0x2}, 0x8000, 0x0, 0x6) migrate_pages$auto(0x0, 0x2, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x38e90acd, 0xeb1, 0xfffefffffffffffa, 0x8000) mmap$auto(0x0, 0x3, 0x1, 0x10000000040eb1, 0x401, 0x300000000000) syz_clone(0x80f400, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x4, 0x3, 0x100040eb1, 0xffffffffffffffff, 0x300000000002) sendmsg$auto_NCSI_CMD_SEND_CMD(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbfc, {}, [@NCSI_ATTR_PACKAGE_ID={0x8, 0x3, 0xffffffd6}, @NCSI_ATTR_IFINDEX={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x4000) r0 = pidfd_open$auto(0x0, 0x0) setns(r0, 0x20000000) rt_tgsigqueueinfo$auto(0xffffffffffffffff, 0x0, 0x8, 0x0) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x40) execve$auto(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) mmap$auto(0x0, 0x400000000, 0x3, 0x18, 0xffffffffffffffff, 0x8005) move_pages$auto(0x1, 0x233, 0x0, 0x0, 0x0, 0x8000000000000000) symlink$auto(0x0, &(0x7f0000000000)='\'--[[\x14+\\\x00') mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80480, 0x0) ioctl$auto_PPPIOCSMRU(r1, 0xc004743e, 0x0) socket(0xf, 0x3, 0x2) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket(0x2, 0x2, 0x0) r3 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000040)='/dev/usbmon26\x00', 0x40000, 0x0) ioctl$auto_MON_IOCG_STATS(r3, 0x80089203, 0xffffffffffffffff) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0xffffffffffffffff, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x5, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) 6.278672337s ago: executing program 0 (id=278): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) mmap$auto(0x0, 0x10000, 0xde, 0x11, r0, 0x28000) syz_genetlink_get_family_id$auto_seg6(0x0, 0xffffffffffffffff) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x6, 0x0, 0x6, 0x0, 0x7, 0xa505}, 0x800}, 0x80000000, 0x4008) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = gettid() close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x5, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f00000001c0), 0x40, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) tkill$auto(r1, 0x7) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0001, 0x15) utimes$auto(0x0, 0x0) r2 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000180)='/dev/bus/usb/036/001\x00', 0xa901, 0x0) ioctl$auto_USBDEVFS_SUBMITURB(r2, 0x8038550a, &(0x7f0000000240)={0x1, 0x81, 0x5b, 0x4, &(0x7f0000000000), 0x7ff0bdbe, 0xeb90, 0x2, @stream_id=0x100, 0x7, 0x476, 0x0}) ioctl$auto(0xc8, 0x800454d7, 0x5c8d) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0) read$auto(r4, 0x0, 0x20) writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/orangefs/perf_history_size\x00', 0x1182, 0x0) madvise$auto(0x0, 0x2000040080000004, 0xe) madvise$auto(0x0, 0x2003f0, 0x15) r5 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$auto(r5, 0x900064d1, 0x6162) 5.842842546s ago: executing program 1 (id=279): socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec18\x00', 0x900, 0x0) ioctl$auto_CEC_DQEVENT(r0, 0xc0506107, 0x0) openat$auto_o2hb_debug_fops_heartbeat(0xffffffffffffff9c, &(0x7f0000001d80)='/sys/kernel/debug/o2hb/failed_regions\x00', 0x200, 0x0) ioctl$auto_CEC_DQEVENT(r0, 0xc0506107, &(0x7f0000000280)={0x4, 0x3, 0xa, @state_change={0xc, 0x6, 0x8}}) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80502, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f00000000c0)) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) getsockopt$auto(0x3, 0x200000000001, 0x42, 0x0, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x7) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC1\x00', 0x20400, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x4, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_tap_fops_tap(0xffffffffffffff9c, 0x0, 0x80000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x6, 0x1, 0x948b, 0x3, 0x1, 0x572f14dc, 0x80000000, 0x80000000, 0x0, 0x7, 0x6d3e, 0x7, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1fe, 0x3, 0xd, 0x1, 0x948b, 0x0, 0x15f4da0a, 0x41000000003, 0x9, 0x62, 0x8000001b, 0x7, 0x6d3e, 0x9, 0x2, 0x200]}, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) syz_genetlink_get_family_id$auto_mac80211_hwsim(0x0, r1) close_range$auto(0x2, 0x8, 0x0) 5.24024417s ago: executing program 2 (id=280): mmap$auto(0x0, 0x12, 0xdf, 0xeb1, 0x401, 0x8000) r0 = inotify_init1$auto(0x3) read$auto(r0, &(0x7f00000000c0)='/proc/sys/kernel/seccomp/actions_logged\x00', 0x9) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) (async) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) (async) sendmsg$auto_TASKSTATS_CMD_GET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x4001}, 0x20000000) (async) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/kernel/seccomp/actions_logged\x00', 0x8202, 0x0) sendfile$auto(r2, r2, 0x0, 0x1048) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x3, 0xff) openat$auto_fake_panic_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) (async) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/conf/team_slave_0/arp_notify\x00', 0x4cf32b925602680b, 0x0) read$auto(r3, 0x0, 0x1ff) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) 4.338509825s ago: executing program 2 (id=281): openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000340)='/sys/kernel/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x96141, 0x0) r0 = socket(0x1b, 0x3, 0x76) madvise$auto(0x0, 0x2000040080000003, 0xe) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x26a000, 0x0) write$auto(r1, &(0x7f0000000040)='//\xf2\x00', 0x80000000) getsockopt$auto_SO_RCVPRIORITY(r0, 0x2, 0x52, 0x0, &(0x7f0000000240)=0x7) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, 0x0, 0x121900, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000001c0), r3) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0xa, 0x801, 0x84) semctl$auto(0x1ff, 0x2, 0x13, 0x1) setsockopt$auto(0x3, 0x10000000084, 0x11, 0x0, 0x8) mmap$auto(0x0, 0x1000000002000c, 0x7fff, 0xeb1, 0x401, 0x8000) r4 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp1\x00', 0x20002, 0x0) ioctl$auto_SNDCTL_DSP_POST(r4, 0x5008, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r4, 0xc0045002, &(0x7f0000000440)="0db1eb") ioctl$auto_SNDCTL_DSP_GETODELAY(r4, 0x80045017, 0x0) close_range$auto(0x0, r4, 0x2) socket(0xa, 0xa, 0x73) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) socket(0x1, 0x1, 0x0) bind$auto(0x3, 0x0, 0x6b) r5 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/net/unix\x00', 0x0, 0x0) pread64$auto(r5, 0x0, 0x8, 0x8000) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) 4.027332917s ago: executing program 0 (id=282): mmap$auto(0x0, 0xa00006, 0x400002, 0x40eb1, 0x602, 0x300000000000) madvise$auto(0x0, 0xffffffffffff0006, 0x17) mmap$auto(0x0, 0x8de, 0xdf, 0x591b, 0x2, 0xb) r0 = socket(0x2, 0x1, 0x106) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) openat$dir(0xffffffffffffff9c, 0x0, 0x40000, 0x0) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x1a5001, 0x0) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da07, 0x3, 0x3, 0x65, 0x8000001f, 0x1000, 0x6d3e, 0x9, 0x2, 0x8]}, 0x0) sendmsg$auto(0xffffffffffffffff, 0x0, 0xfff) statmount$auto(&(0x7f0000000140)={0x9, @inferred=r2, 0x2, 0x3ff, 0x7f}, &(0x7f0000000440)={0x6, 0x6, 0x53, 0x4, 0x3, 0x101, 0x2, 0x3, 0x5, 0xffffffff80000001, 0x57d6, 0x53a0, 0x3, 0x1, 0x8, 0x3, 0x1, 0x8001, 0x400, 0x1ff, 0xfff, 0xd8, 0x4, 0x2, 0x9, 0xbef3, 0x411, 0x7, 0x0, 0x7, 0x7, [0x6, 0x7f, 0xbce7, 0x599, 0x56, 0x7, 0x6, 0x8, 0xffffffffffffffff, 0x0, 0x200000000000, 0x2, 0x1, 0x9, 0x100, 0x40004545, 0x4, 0xa, 0xb, 0xf5fd, 0x7, 0x4, 0x7fffffff, 0x1fc, 0x2, 0x5, 0x8, 0x4, 0x4, 0x7fffffff, 0x4, 0x0, 0x7, 0x10, 0x6, 0x4, 0x7, 0x4, 0xffc0000000000000, 0x1, 0x9, 0x8, 0x80000001], "73e9b0abe71d1e2aee680f7f0e812f294220578764aaba215588c48129939d0d8c6c8dcb488aeb5a653cee9f3407b9069269771811ce667d8ed9be2acd3e8d086701b3f03b438bda6b30b8ab183e2ad4220f1bc6f555e6bda8a270b5dc2c67dfe0f7795a"}, 0x40, 0x36) select$auto(0x9, &(0x7f00000000c0)={[0xeeda, 0x7, 0x100000001, 0x9, 0x6, 0x1ff, 0x6, 0x3, 0x4, 0x4618ecd2, 0x3, 0x42ff, 0x6, 0x9a8c, 0x9, 0x10001]}, 0x0, 0x0, &(0x7f0000000280)={0x6, 0xcb}) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) write$auto(0x3, 0x0, 0xfffffdef) 3.336444048s ago: executing program 2 (id=283): r0 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg1\x00', 0x82802, 0x0) ioctl$auto(r0, 0x2283, r0) 3.288436949s ago: executing program 1 (id=284): r0 = openat$auto_ftrace_set_event_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000002640)='/sys/kernel/debug/tracing/set_event_pid\x00', 0x2002, 0x0) pread64$auto(r0, 0x0, 0x9, 0xd) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/platform/dummy_hcd.0/usb1/1-0:1.0/bInterfaceNumber\x00', 0xa140, 0x0) (async) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0x7f}, 0x6, 0x40005, 0x2005) (async, rerun: 64) mmap$auto(0x2, 0x400000, 0x6, 0x19b73, 0x5, 0x9000) (async, rerun: 64) mmap$auto(0xfffffffffffffffe, 0x401, 0x6, 0x12, 0x2, 0x40007ffd) 3.165030184s ago: executing program 2 (id=285): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) r0 = open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x130) r1 = open(&(0x7f0000000080)='./file0\x00', 0xeee00, 0x31) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'pim6reg1\x00'}) unlink$auto(&(0x7f0000000380)='./file0\x00') mmap$auto(0xf000, 0x1, 0x3ff, 0x12, r1, 0x0) read$auto_ptdump_fops_(r1, &(0x7f00000005c0)=""/4096, 0x1000) syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r2 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cec18\x00', 0x0, 0x0) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r2, 0xc05c6104, &(0x7f00000000c0)={'\x00', 0x8, 0x6, 0x1, 0x3, 0x5, "4bb69ec4b3f4c14539898e4c5682f5", "347f00", "a630df9d", "0534a90a", ["3eaba44e9f052f3cb90401a9", "2f9c30017721de33c560b95a", "d3fe6c55a78d6932211c9b69", "ea334f1f1e5e27a1320d6edb"]}) mmap$auto(0xfffffffffffffffd, 0xfffffffffffffff9, 0x4000020000dc, 0x40eb1, 0x401, 0x1) socketpair$auto(0x1, 0x5, 0x1, 0x0) fanotify_init$auto(0x65, 0x2) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) chdir$auto(&(0x7f0000000000)='}[,&*}\x00') getcwd$auto(0x0, 0xffffffffffffffff) unlinkat$auto(0xffffffffffffffff, 0x0, 0x200) mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000180)='nfsd\x00', 0x7, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) capset$auto(0x0, &(0x7f0000000000)={0x3, 0x7, 0x8}) r3 = open(0x0, 0x14927f, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x40086602, 0x0) socket(0x2b, 0x1, 0x0) setsockopt$auto(0x3, 0x8000000000000006, 0x22, 0x0, 0x7ffffc) write$auto(0x6, 0x0, 0x100000001) 3.010328714s ago: executing program 1 (id=286): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_NET_SHAPER_CMD_GROUP(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x10, 0x0, 0x1, 0x0, 0x0, 0x2004c8a4}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r0 = prctl$auto(0x115, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f0, 0x15) madvise$auto(0x80000000, 0x20000b, 0x19) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x40, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/midi2\x00', 0x121f42, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x0, 0x80000400005, 0x9, 0x14, r1, 0x8001) close_range$auto(0xffffffffffffffff, r0, 0x2) acct$auto(&(0x7f0000000140)='./cgroup/cgroup.subtree_c\xdcntrol\x00\xf8WcM\x1c\xda\xdab\xcc\xa7\x01\xe0\x9cee\xf8\xad\xa5\x1a\xe5\xe3?\xd9\x1c|\xc6\xce\xcc\x84\an\xa3b*\x98\xf2\x06S\tS\x85\xbe!G\xabEc0\xbe\xeb\xc1\xd4\xfbV]-\x96\"\xd5e%\xd3\x8f\x85\xa4\xe1\xd2\xed\xf3\xa4\'\xd2\x87\xd4\xf3\xc9z\xb5\xc5\"\xd3\x8a\xe4a5+s\x98]\xfc:\xc7\xbf\xc5\xec\a\xb0\xa1\x89h\x1c\xcb\xf6\xa2\xfd2/\x80\x7f\xf9\xf7b\xf3\xfd\xf8\x8f\xec\x04\x95\vY\x98\xa5`\xd4\xd1$\x7f\xfe\x91\xff\x8a\x13\xb7\xcb\xe0aw\x82\r\xe1\xa5\x93jT\vAF\x11\"\xa9\xb2r\xc6\x05z\x9b\x93|.^\xae\x05\x99\x03_\xe6\n9\xb7k<\xa0m\x10`\x9e\xfd\xa0\x02') r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket(0x8, 0xf, 0x88) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0) bpf$auto(0x7, &(0x7f0000001500)=@bpf_attr_5={@target_ifindex, r3, 0x9, 0x1, r3, @relative_fd=r2, 0x1}, 0x1) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000009000), 0x101181, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) acct$auto(0x0) r5 = io_uring_setup$auto(0x808008, 0x0) io_uring_enter$auto(r5, 0x3, 0x7ffffffb, 0x3, 0x0, 0x3) bpf$auto(0x10, &(0x7f0000001700)=@query={@target_ifindex, 0x11, 0x1, 0x9, 0x7f, @prog_cnt=0x2, 0x0, 0xf, 0x8, 0x7, 0x400000000001}, 0x7) fcntl$auto_F_SETFD(r5, 0x2, 0x0) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x3, 0x3) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) 3.007683733s ago: executing program 3 (id=287): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x1, 0x106) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @broadcast}, 0x6e) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) sendmmsg$auto(0x3, &(0x7f00000000c0)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0x34000}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x3f3) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) write$auto(0x3, 0x0, 0xfffffdef) mmap$auto(0x0, 0x5, 0x4000000000e2, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x2000000000000021, 0x2, 0x10000000000002) syslog$auto(0x4, 0x0, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x0, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r0 = socket(0xa, 0x3, 0x5) ioctl$auto(0x3, 0x541b, 0x38) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) read$auto(r0, 0x0, 0x7) writev$auto(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0xffffffffffffffff}, 0x3) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xac}, 0x5, 0x0, 0x1, 0x697b}, 0xed7138c}, 0x2, 0x9) recvmmsg$auto(0x4, 0x0, 0x7, 0xe, 0x0) recvfrom$auto(0x4, 0x0, 0x101d0, 0x3ffffd, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000003fc0), 0xffffffffffffffff) sendmsg$auto_CTRL_CMD_GETFAMILY2(r1, &(0x7f00000040c0)={0x0, 0x0, &(0x7f0000004080)={&(0x7f0000004000)={0x24, r2, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@CTRL_ATTR_FAMILY_NAME={0xf, 0x2, 'veth0_vlan\x00'}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x4000050) socket$nl_generic(0x10, 0x3, 0x10) 2.634027772s ago: executing program 0 (id=288): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) r2 = syz_clone(0x2000000, &(0x7f0000000080)="759aa2fe68f69d2dbb0ad62c0e06c7eb3dab872252547fe5e1d61cf35123a87b3c97773cd52c2dc552d03f9b18939ff850d74976de5cc87c2bc28ae2dcabc9ef7c054593a82e53535d0865694910145064401bed9dba97113e29a6717c0e55e3bde8a58394bcec020561188c59b8fe476f8e70579313fcfbb7428beb35f8b8cefb2e2991f316e4", 0x87, &(0x7f0000000000), &(0x7f0000000140), &(0x7f0000000180)="64e69bda29bd1ec86b04119311ddc589f2823b9c9cc7616e11f6b3a88220cb64652e27912769b19ceade095537652d6b7ecb9be845b889df6be1d6bebf679713976d82e0ca4f2671f21db09da37727fe9115d45b6b2cda8cefdd243ccee5c68dcc85f2fc7fa409ca2eb132ad5422a812846dbd72eb0f30c6271effb3a327b9286c11f38013714d28d6ed3ab328e41c2e132f20ba41fa146d023eade0d0564f67ac58d2599af04c6a529bab12a89923293dae6de9e9babbc8fdb96da74fe64fc1878f3a812e165737ff39e43d1b5a6d172acce7a2cd8a63aacac55f262124d2d47f0170ba76c056015333") sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)={0x44, r1, 0x1, 0x70bd31, 0x25dfdbfd, {}, [@ETHTOOL_A_FEATURES_WANTED={0x18, 0x3, 0x0, 0x1, [@nested={0x14, 0x3, 0x0, 0x1, [@nested={0xc, 0xb0, 0x0, 0x1, [@typed={0x8, 0x2, 0x0, 0x0, @pid=r2}]}, @nested={0x4, 0x1e}]}]}, @ETHTOOL_A_FEATURES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan0\x00'}]}]}, 0x44}}, 0x24048084) setgroups$auto(0x9, &(0x7f0000000300)=0x6add) 2.3817839s ago: executing program 1 (id=289): openat$auto_autofs_root_operations_autofs_i(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/ieee80211/phy11/netdev:wlan1/stations\x00', 0x6108c1, 0x0) r0 = openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) getdents64$auto(0xffffffffffffffff, 0x0, 0x18) syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f00000003c0), 0xffffffffffffffff) write$auto_qrtr_tun_ops_tun(r0, &(0x7f0000000080), 0x0) openat$auto_uhid_fops_uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2201, 0x0) ioperm$auto(0x7, 0x5ad2, 0x8) modify_ldt$auto(0x5, 0x0, 0x10) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) socket(0x1e, 0x1, 0x0) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket(0x21, 0x3, 0x9) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0xc8101, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r3 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000180), 0x511000, 0x0) ioctl$auto_PPPIOCSMRU(r3, 0x40047452, &(0x7f0000000380)=0x5) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0xfffffffffffff801, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x7, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0xad9, 0x6]}, 0x0) write$auto(0x3, 0x0, 0xffd8) futimesat$auto(r2, &(0x7f0000000240)='./file0\x00', 0x0) unshare$auto(0x40000080) openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000280), 0x103a40, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x109401, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_nsim_pp_hold_fops_netdev(0xffffffffffffff9c, &(0x7f0000000340)='/sys/kernel/debug/netdevsim/netdevsim1/ports/3/pp_hold\x00', 0x200000, 0x0) r4 = socket(0x2, 0x80802, 0x0) setsockopt$auto(r4, 0x11, 0x67, 0x0, 0x8) close_range$auto(0x2, 0x8, 0x0) 2.269157654s ago: executing program 0 (id=290): set_mempolicy$auto(0x6, &(0x7f0000000000)=0x3, 0x21) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r0) 1.293379372s ago: executing program 0 (id=291): mmap$auto(0x3, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) sendmsg$auto_MAC802154_HWSIM_CMD_GET_RADIO(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001200)=ANY=[@ANYBLOB='X-\x00\x00', @ANYRES16, @ANYBLOB="000428bd7000fddbdf2501000000f6100380f0997f594c8e8e4a0ca3ab214f8fc226385d8a0ef63ba66092a498f653eb3648eaadd6c99e3232bc0bf4f721a68b262fc5aa89b88f8403394c4e4651fabcd11c0a475534a6f3039b9f853667585581a5577b2836af6fea1aba5cffa0217687336ba05324b2c28161ff0da248da9d4ce84bbfd99567990477abfe7184554815800f37d9ec45c5cbab613ae2b148de6638a0089035584aeb4e127c5b1a3409692538b613c2a2d9ce7f186ade085c0728190900174e11601e955548e02a8f3446dfd44ff757266c827a58e8ad23a0ecfb4534c35b732c2e27ce427c8867e5de8590b33eae98731eb2fd8ac7f0227ac56bf3a4792662c9930e478dcc313cece82f7668cbcaef1f824ea16437df8fd792e7ae997ef5aac710a86c2a68beb04b0cb55c715eee35f48b230b3fcf1eb2be4f6c1cc303336da7b0073c3f6753b3fcd379f4028554a3ddfd27de9dd08cdc113ff5bf77827652930a698f63d49a85ba9970fcd39b37c09ded9e5459b90e032d199a9abb5eb3f710037b9dede941a0972b7b50792db8d0af7617bd3bb0a041c1b9725ef9ca98b21123febbc289facaf2b38bfca0a7cce1e912ca63d28110c022d32dbc696cb672432b7886757b6f301ab5ff637e98573e9f2ecef9cddeb63bfc378cb6b3884221c6964e7ec92bf2f53ee4c382c68762de71a95506b57d482b1f5298aa8969b0d668435dd92c0f64fbaf38c83f92301dd46539953234c01da17cbe65819e7e56e213719a923e70c4837c7dc9247e94182dde464da542111abc5b987fb5926ce8271d50bb7ec112818fef5e9287d345b515cb474f8208f8c3d0e6fa4e4b80de31fc6a0f5b4cfac9a8ec708457e559f7dcc2e1225576330ef6ea147cbfa95a5da92dfb434d31f9f2b061ee646284489228512943c08792e50be72cbd5a40fa03e64854b3b0640b81029bfe93d67ca64efe3ea515be9e41f8f153207358e278c8de7b51d32c85c0d2213136aa07985dbc916835c58c779317c349cd669e4b23582ebfd7a4a57af73e630c8312b79bed8c7588e79141afb8acdc3bd3a41d648b56bcba295df8678210987d358878d0619d2b52af36c376440b18c103d751d13fa97f2f3484ceea7a15eaacd5c29e3ad096d67d4e95ecf27aeb94647077c2fee7d908455c06149022cb78ff9ae02833f441045b45cf4d4646b134fc555b523700faa87ea9da8edd4e3a34b0b91671b7164bcd517fb8b0bf83da59807f5832f0644ea2a4d3898e80def2be42f6c9d9310748939eb81e4e8d0017a46eb15b8126887b00cf01308000efe69807baa5b25cc64ea7c3467c914d35985e13dbf3534eff1ca092490fa52173dc7dacec906f2b7daf887c69ef28853eced64f4bd144c3f710b3a26bb1627a61d4b75a7448b61878dc28de35ef61e12b988024c5f570b066853e87abe64c0339b376ceee5ea1be0c5838a5ccf4c0cae993d0ba506345e13d170f6f7e28bd38f1b33b3277023bd06997e81e5d037d9bc93051e7e3627851c213b89c139d13b61d6de0d24933fa89854ab879efb10cca0e6bf69751338bb29ca5176c9fa3a97a55aaade4341d9ae5681ece0db73e0cc39d6bdbb06e1f970f366d2ee0c2194aee2f475ed5fd487db0857d7c80ea202ed091f8ae1ada767f6c9df06fb0ee749d109f82a794cd44e3556b3e91cc1651b388f8b3b67f0209f0333af74b11d2a1c98c16de85cf9732d9ac45dbdf82b49f85d83069c69228ac39c98927dd84bfb6212277ee30c5b4ad568d551f61dde62c38f45f6dbce418cf89b01b5f257d91e5546d622d337eb89b7217ff64c4e39c6a848dfc2b06974146401987ead38a79f979809c0bc5076458fba29ecf7f45350aa0514fb5fd0998154d5f289856c0c2037e75da2c3cd4f99bfe66dd389b9f2d554ccc62faa8b376679886df4204e1d6e7198fdaa6e82c20c904ec4fc8f8c7a3621aed866e6cb1bc86eeda8ee74d0392862887d98818b1730c5968a50cea7c76af0cc5d9c3acce4dc04765898dc2d887ffb1519b0af749fa03a974ada14cb5803cbae3c2d47ffcef1f7ce34f13bc3aa6a52f01c32d636f9673c0077f0848cac983604c666f5e0428ca223efbe87fb20b421f63caefacbc5c02dd41121dc596a30e43223a1c5de22035d4de0956ef630e662c27dbf8747689ca2b4fffc3226bfa22338a06c1410e720be971349ff60ef2418cf7697ad8f228b172bec910673c79a17eb84f725b10d9a91cf3b25271ebf697840126070f72514f2dc63b50768cb024e4a90d5a5102ca6a4c64ec1bbf46857a598680d9c996121725a4de18e8d0d697b10323ab60398f66ab42045f3776ef609b0ca1c2a0e3b4f75658717705ab070f21f2b72a6ffc14ec5e1c7b5ea9fe198a662a32ba96f5024749cdaf4107b28994c9bfbc92a2497c85b54519c50eeb5929b6108e70b8b3198a04e402"], 0x2d58}, 0x1, 0x0, 0x0, 0x48000}, 0x4000) socketpair$auto(0x6, 0x3, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0xa, 0x3, 0x3b) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "abe6de3d6468fe8000"}, 0x55) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) write$auto_proc_setgroups_operations_base(0xffffffffffffffff, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) socket(0xa, 0x3, 0x3a) socket(0xa, 0x3, 0x3a) setsockopt$auto(0x400000000000003, 0x29, 0xc8, 0x0, 0x567) close_range$auto(0x2, 0x8, 0x0) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) socket(0xa, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) clock_gettime$auto(0x1, 0x0) lstat$auto(0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_802_15_4_mac(&(0x7f0000000200), 0xffffffffffffffff) 1.260716554s ago: executing program 1 (id=292): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) sysfs$auto(0x2, 0x46, 0x0) (async) sysfs$auto(0x2, 0x46, 0x0) close_range$auto(0x2, 0x8000, 0x0) openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, 0x0, 0x22a40, 0x0) fsopen$auto(0x0, 0x1) fsconfig$auto(r0, 0x3, &(0x7f0000000200)='I\xee\"\xe3\xb7\xcfD\xe5\xb1\x05\x1e#\xff1<\xd9h[e\xdf\xc0M\xa2\x00\v\x97\xb5\xd4\x94\x99u\x9e\xf4O\x1a\xb1\x05\xb8\xcb\x96\fd\xa3\xf9&\xc9~\x10\x06X\a\xc8\xb7\x97\xc7M\x83\'^\xc9\x9e\xccAsv\xce8sw\v\xac\xcd\xa2B\xf8.\xce\xe6n\xfe\xd6\xc8\x06\x00\x00\x00z`C+\x0e\x8c<\xc5\x8f\xe6\x0f\x14\xfa\x9ea4>\xd8O[{\xede\xfd\xbc\xc7\xbd4_\xbc\xc6\x06\xe5h\x9e\xf5/4\xe8\xcfc\x95\xbb~\xd9.\xb3\x84\xb8K\xa7\xca\xda\xc8\x11u\xa1\x1d\x9d\xe1%\xc0m\xf6%1\xba\xe7^\xed0\xdc\x86\xeaG)?p,Up \xe9\b\x14\xaf\xbf\xd9\xc3,\xb8\x17\x10\x9f\x92\x95@),A\xb4\x92Q\x86\xbe\xed=p\x1b\x9d\xd4\x99_]K\xce.\x00\x00\x00\x8eDv\x0fl\xed\x93ey\xf9\x19\xf0\x9d\xf5\xfe\x06\x00Q\xc0ZJ\xc9*7\xf2\x1a\xa7\xb3\xc6v\v\xe1u\x16:\x15\xefel\xf0\x8c/\xa2\x95\xc1\xacd\xc9\a\xe5\x888F\xaa\xce\x94\xa2zsx\xea\x96\x7f~]\xdbj\xd1#\x94K\xcf\x11l\xe5Z\xec\xa6B\x90\xb6\xa3`\x88\xd4\x87\x17\x8a\xedFx\x95#\x83\x99\x00\xc6Z\x1au\x8e\xa7}\xa7\xe9\x83X\xa3\x03\xe2T\xea\xa0\xba\xd7R8T\x00\x8e0h\x8ck4\x15\xf3sh0\xd3\x1e\xedU@\xab\xc0g\xeeT\xc5\x8d\x9b\x188x)\xf0i]\xdcf\xdd\xf9\xffA\"ZQ\x8d\x15\xff\xf3WYX\x8a/\xb36\x1d\x8e7\xb2d3\xe8\xf4\x1e3\xec\xfe\xbf\xbbo\xbb\xd2Z\x89:\xa2\xc8n8k\xa8\xba\xa5E\x9f\xbe>3,\xcb\xa2\xa7q \xe2', &(0x7f0000000580)="de", 0x0) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x47, 0x4a}) unshare$auto(0x40000080) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x7, 0x4008) (async) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x7, 0x4008) capset$auto(0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) (async) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x20) socket(0xa, 0x801, 0x84) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) (async) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000) ioctl$auto(0xffffffffffffffff, 0x2203, 0xffffffffffffffff) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/afs/cells\x00', 0x4a801, 0x0) (async) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/afs/cells\x00', 0x4a801, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/ieee80211/phy1/rc/name\x00', 0x2, 0x0) (async) openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/ieee80211/phy1/rc/name\x00', 0x2, 0x0) io_uring_setup$auto(0x6, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) (async) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) (async) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) 1.157883021s ago: executing program 2 (id=293): mmap$auto(0x0, 0xa00006, 0x400002, 0x40eb1, 0x602, 0x300000000000) madvise$auto(0x0, 0xffffffffffff0006, 0x17) mmap$auto(0x0, 0x8de, 0xdf, 0x591b, 0x2, 0xb) r0 = socket(0x2, 0x1, 0x106) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) openat$dir(0xffffffffffffff9c, 0x0, 0x40000, 0x0) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x1a5001, 0x0) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da07, 0x3, 0x3, 0x65, 0x8000001f, 0x1000, 0x6d3e, 0x9, 0x2, 0x8]}, 0x0) sendmsg$auto(0xffffffffffffffff, 0x0, 0xfff) statmount$auto(&(0x7f0000000140)={0x9, @inferred=r2, 0x2, 0x3ff, 0x7f}, &(0x7f0000000440)={0x6, 0x6, 0x53, 0x4, 0x3, 0x101, 0x2, 0x3, 0x5, 0xffffffff80000001, 0x57d6, 0x53a0, 0x3, 0x1, 0x8, 0x3, 0x1, 0x8001, 0x400, 0x1ff, 0xfff, 0xd8, 0x4, 0x2, 0x9, 0xbef3, 0x411, 0x7, 0x0, 0x7, 0x7, [0x6, 0x7f, 0xbce7, 0x599, 0x56, 0x7, 0x6, 0x8, 0xffffffffffffffff, 0x0, 0x200000000000, 0x2, 0x1, 0x9, 0x100, 0x40004545, 0x4, 0xa, 0xb, 0xf5fd, 0x7, 0x4, 0x7fffffff, 0x1fc, 0x2, 0x5, 0x8, 0x4, 0x4, 0x7fffffff, 0x4, 0x0, 0x7, 0x10, 0x6, 0x4, 0x7, 0x4, 0xffc0000000000000, 0x1, 0x9, 0x8, 0x80000001], "73e9b0abe71d1e2aee680f7f0e812f294220578764aaba215588c48129939d0d8c6c8dcb488aeb5a653cee9f3407b9069269771811ce667d8ed9be2acd3e8d086701b3f03b438bda6b30b8ab183e2ad4220f1bc6f555e6bda8a270b5dc2c67dfe0f7795a"}, 0x40, 0x36) select$auto(0x9, &(0x7f00000000c0)={[0xeeda, 0x7, 0x100000001, 0x9, 0x6, 0x1ff, 0x6, 0x3, 0x4, 0x4618ecd2, 0x3, 0x42ff, 0x6, 0x9a8c, 0x9, 0x10001]}, 0x0, 0x0, &(0x7f0000000280)={0x6, 0xcb}) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) write$auto(0x3, 0x0, 0xfffffdef) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_ftrace_avail_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/available_events\x00', 0x2, 0x0) unshare$auto(0x40000080) socket(0x27, 0x5, 0x7) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000080), 0x60d80, 0x0) 658.669568ms ago: executing program 1 (id=294): r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r1 = pipe2$auto(0x0, 0x80) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) keyctl$auto(0x15, 0xffffffffffffffff, 0x5, 0xffffffffffffffff, 0x8) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000080), r2) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000dc0)={&(0x7f0000002b40)={0x28, r3, 0x1, 0x70bd2a, 0x25dfdbfb, {}, [@HWSIM_ATTR_PMSR_SUPPORT={0x14, 0x1a, 0x0, 0x1, [@NL80211_PMSR_ATTR_TYPE_CAPA={0x10, 0x4, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0xc, 0x1, 0x0, 0x1, [@NL80211_PMSR_FTM_CAPA_ATTR_MAX_BURSTS_EXPONENT={0x5, 0x7, 0x4}]}]}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x4008040}, 0x4000800) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r4, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c, r5, 0x2, 0x70bd2c, 0x25dfdbfd, {}, [@L2TP_ATTR_FD={0x8, 0x17, r1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x6445467f281d3ae4) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) r6 = socket(0x11, 0x2, 0x6) sendmmsg$auto(r6, &(0x7f00000001c0)={{&(0x7f0000000000), 0x1aa, &(0x7f0000000100)={&(0x7f00000003c0), 0x49}, 0x5, &(0x7f0000000180), 0x5, 0x1000}, 0x5}, 0x2, 0x100) sendfile$auto(r0, r6, &(0x7f0000000180)=0x8, 0x2) mmap$auto(0x2, 0x2020009, 0x5, 0x18, 0xfffffffffffffffa, 0x7ffc) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000340)='/dev/v4l-subdev2\x00', 0x80000, 0x0) mmap$auto(0x0, 0x800000002020009, 0x4ba, 0xeb1, 0xfffffffffffffffa, 0x8000) r8 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x0, 0x0) ioctl$auto_MON_IOCX_MFETCH(r8, 0xc0109207, &(0x7f0000000100)={0x0, 0x2000004, 0x7}) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/010/001\x00', 0x20000, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D0\x00', 0x2d0043, 0x0) ioctl$auto(r7, 0x5607, 0x7) inotify_add_watch$auto(r7, 0x0, 0x9) 0s ago: executing program 2 (id=295): r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r0, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/rose11/flags\x00', 0x1a3042, 0x0) write$auto(r1, 0x0, 0x8) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd10/queue/nr_requests\x00', 0x82942, 0x0) sendfile$auto(r2, r2, 0x0, 0x200) bpf$auto(0x0, &(0x7f0000000100)=@bpf_attr_4={0x5, r2, 0x7, r0}, 0x98) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) (async) write$auto(r0, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) (async) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/rose11/flags\x00', 0x1a3042, 0x0) (async) write$auto(r1, 0x0, 0x8) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd10/queue/nr_requests\x00', 0x82942, 0x0) (async) sendfile$auto(r2, r2, 0x0, 0x200) (async) bpf$auto(0x0, &(0x7f0000000100)=@bpf_attr_4={0x5, r2, 0x7, r0}, 0x98) (async) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.86' (ED25519) to the list of known hosts. [ 83.855428][ T5837] cgroup: Unknown subsys name 'net' [ 84.030945][ T5837] cgroup: Unknown subsys name 'cpuset' [ 84.040300][ T5837] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 85.716368][ T5837] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 87.761426][ T5858] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 87.788106][ T5858] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 87.793627][ T5861] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 87.795554][ T5858] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 87.809432][ T5864] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 87.817264][ T5864] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 87.825389][ T5864] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 87.832864][ T5862] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 87.833650][ T5858] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 87.847627][ T5864] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 87.848429][ T5861] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 87.855466][ T5864] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 87.862801][ T5861] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 87.869918][ T5858] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 87.876974][ T5861] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 87.886419][ T5858] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 87.891172][ T5861] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 87.909662][ T5169] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 87.918065][ T5858] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 87.925913][ T5169] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 88.374100][ T5849] chnl_net:caif_netlink_parms(): no params data found [ 88.421763][ T5846] chnl_net:caif_netlink_parms(): no params data found [ 88.603479][ T5847] chnl_net:caif_netlink_parms(): no params data found [ 88.634285][ T5851] chnl_net:caif_netlink_parms(): no params data found [ 88.714887][ T5849] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.722687][ T5849] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.730186][ T5849] bridge_slave_0: entered allmulticast mode [ 88.737573][ T5849] bridge_slave_0: entered promiscuous mode [ 88.773204][ T5849] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.780583][ T5849] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.788057][ T5849] bridge_slave_1: entered allmulticast mode [ 88.795368][ T5849] bridge_slave_1: entered promiscuous mode [ 88.845057][ T5846] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.852279][ T5846] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.859620][ T5846] bridge_slave_0: entered allmulticast mode [ 88.866701][ T5846] bridge_slave_0: entered promiscuous mode [ 88.905420][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.912636][ T5846] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.920732][ T5846] bridge_slave_1: entered allmulticast mode [ 88.928465][ T5846] bridge_slave_1: entered promiscuous mode [ 88.944042][ T5849] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.002782][ T5849] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.025083][ T5847] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.032652][ T5847] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.039968][ T5847] bridge_slave_0: entered allmulticast mode [ 89.047058][ T5847] bridge_slave_0: entered promiscuous mode [ 89.067025][ T5851] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.074712][ T5851] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.082281][ T5851] bridge_slave_0: entered allmulticast mode [ 89.089403][ T5851] bridge_slave_0: entered promiscuous mode [ 89.110420][ T5847] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.117764][ T5847] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.124897][ T5847] bridge_slave_1: entered allmulticast mode [ 89.132423][ T5847] bridge_slave_1: entered promiscuous mode [ 89.154246][ T5846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.166532][ T5846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.176440][ T5851] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.183710][ T5851] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.191274][ T5851] bridge_slave_1: entered allmulticast mode [ 89.199288][ T5851] bridge_slave_1: entered promiscuous mode [ 89.219590][ T5849] team0: Port device team_slave_0 added [ 89.262678][ T5849] team0: Port device team_slave_1 added [ 89.284488][ T5851] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.302868][ T5847] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.339107][ T5851] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.349616][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.356630][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.382913][ T5849] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.397740][ T5847] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.409608][ T5846] team0: Port device team_slave_0 added [ 89.439007][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.445969][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.472499][ T5849] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.497817][ T5846] team0: Port device team_slave_1 added [ 89.506189][ T5851] team0: Port device team_slave_0 added [ 89.545224][ T5851] team0: Port device team_slave_1 added [ 89.566548][ T5847] team0: Port device team_slave_0 added [ 89.627361][ T5847] team0: Port device team_slave_1 added [ 89.633786][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.641131][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.667341][ T5851] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.679220][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.686210][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.712609][ T5846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.729515][ T5849] hsr_slave_0: entered promiscuous mode [ 89.735926][ T5849] hsr_slave_1: entered promiscuous mode [ 89.766563][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.773862][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.800242][ T5851] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.812339][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.819359][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.846728][ T5846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.867342][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.874318][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.900257][ T5847] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.928099][ T5858] Bluetooth: hci0: command tx timeout [ 89.928104][ T5853] Bluetooth: hci1: command tx timeout [ 89.939357][ T5169] Bluetooth: hci3: command tx timeout [ 89.969871][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.976852][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.005078][ T5847] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.016120][ T5169] Bluetooth: hci2: command tx timeout [ 90.062925][ T5846] hsr_slave_0: entered promiscuous mode [ 90.069536][ T5846] hsr_slave_1: entered promiscuous mode [ 90.075728][ T5846] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 90.083478][ T5846] Cannot create hsr debugfs directory [ 90.096185][ T5851] hsr_slave_0: entered promiscuous mode [ 90.103039][ T5851] hsr_slave_1: entered promiscuous mode [ 90.109561][ T5851] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 90.117191][ T5851] Cannot create hsr debugfs directory [ 90.223821][ T5847] hsr_slave_0: entered promiscuous mode [ 90.230330][ T5847] hsr_slave_1: entered promiscuous mode [ 90.236526][ T5847] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 90.244199][ T5847] Cannot create hsr debugfs directory [ 90.521521][ T5849] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 90.556187][ T5849] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 90.568537][ T5849] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 90.597204][ T5849] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 90.733820][ T5846] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 90.749991][ T5846] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 90.761084][ T5846] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 90.773451][ T5846] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 90.859682][ T5851] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 90.875493][ T5851] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 90.896106][ T5851] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 90.916764][ T5851] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 90.984390][ T5849] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.019978][ T5847] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 91.038565][ T5847] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 91.049200][ T5847] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 91.061397][ T5847] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 91.093257][ T5849] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.133598][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.140846][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.167301][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.174492][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.216811][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.265238][ T5846] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.313513][ T5851] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.339943][ T3028] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.347064][ T3028] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.370294][ T2124] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.377460][ T2124] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.391178][ T5851] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.421189][ T2124] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.428429][ T2124] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.439716][ T2124] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.446874][ T2124] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.523045][ T5847] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.596938][ T5847] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.629129][ T3028] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.636311][ T3028] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.660525][ T3028] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.667728][ T3028] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.813496][ T5847] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 91.966666][ T5849] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.008829][ T5169] Bluetooth: hci0: command tx timeout [ 92.014289][ T5169] Bluetooth: hci1: command tx timeout [ 92.017433][ T5858] Bluetooth: hci3: command tx timeout [ 92.088104][ T5858] Bluetooth: hci2: command tx timeout [ 92.116399][ T5849] veth0_vlan: entered promiscuous mode [ 92.157642][ T5849] veth1_vlan: entered promiscuous mode [ 92.224966][ T5849] veth0_macvtap: entered promiscuous mode [ 92.264105][ T5849] veth1_macvtap: entered promiscuous mode [ 92.315243][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.371731][ T5851] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.399001][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.445059][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.489370][ T5849] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.499289][ T5849] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.513964][ T5849] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.524100][ T5849] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.553837][ T5846] veth0_vlan: entered promiscuous mode [ 92.603505][ T5851] veth0_vlan: entered promiscuous mode [ 92.612742][ T5846] veth1_vlan: entered promiscuous mode [ 92.634515][ T5847] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.654107][ T5851] veth1_vlan: entered promiscuous mode [ 92.750688][ T5846] veth0_macvtap: entered promiscuous mode [ 92.767995][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.775952][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.800450][ T5846] veth1_macvtap: entered promiscuous mode [ 92.829682][ T5851] veth0_macvtap: entered promiscuous mode [ 92.853232][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.853275][ T5851] veth1_macvtap: entered promiscuous mode [ 92.862183][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.915436][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.932859][ T5847] veth0_vlan: entered promiscuous mode [ 92.948208][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.965423][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.971186][ T5849] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 92.991535][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.001889][ T5846] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.011873][ T5846] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.021018][ T5846] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.030454][ T5846] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.048664][ T5847] veth1_vlan: entered promiscuous mode [ 93.059683][ T5851] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.069409][ T5851] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.082338][ T5851] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.094071][ T5851] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.213571][ T5847] veth0_macvtap: entered promiscuous mode [ 93.346340][ T5847] veth1_macvtap: entered promiscuous mode [ 93.422266][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.430947][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 93.490915][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.504837][ T3028] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.522158][ T3028] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.555565][ T5942] random: crng reseeded on system resumption [ 93.644561][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.709124][ T3028] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.722227][ T3028] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.795400][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.821203][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.846124][ T5847] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.855011][ T5847] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.857693][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.864217][ T5847] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.879784][ T5847] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.917618][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 94.034508][ T5939] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 94.045278][ T5939] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 94.087535][ T5858] Bluetooth: hci3: command tx timeout [ 94.093532][ T5853] Bluetooth: hci1: command tx timeout [ 94.093705][ T5169] Bluetooth: hci0: command tx timeout [ 94.154510][ T5945] UHID_CREATE from different security context by process 3 (syz.3.4), this is not allowed. [ 94.177299][ T5169] Bluetooth: hci2: command tx timeout [ 94.274559][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.315988][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.565317][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.577303][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.897447][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 95.627516][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 96.167587][ T5169] Bluetooth: hci3: command tx timeout [ 96.169870][ T5858] Bluetooth: hci1: command tx timeout [ 96.178847][ T5858] Bluetooth: hci0: command tx timeout [ 96.237479][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 96.247881][ T5858] Bluetooth: hci2: command tx timeout [ 96.277541][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 96.815345][ T9] cfg80211: failed to load regulatory.db [ 97.447297][ T5991] FAULT_INJECTION: forcing a failure. [ 97.447297][ T5991] name failslab, interval 1, probability 0, space 0, times 1 [ 97.464139][ T5991] CPU: 0 UID: 0 PID: 5991 Comm: syz.0.10 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 97.464183][ T5991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 97.464206][ T5991] Call Trace: [ 97.464218][ T5991] [ 97.464234][ T5991] dump_stack_lvl+0x16c/0x1f0 [ 97.464289][ T5991] should_fail_ex+0x512/0x640 [ 97.464336][ T5991] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 97.464397][ T5991] should_failslab+0xc2/0x120 [ 97.464429][ T5991] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 97.464486][ T5991] ? kstrdup_const+0x63/0x80 [ 97.464540][ T5991] kstrdup+0x53/0x100 [ 97.464589][ T5991] kstrdup_const+0x63/0x80 [ 97.464637][ T5991] __kernfs_new_node+0x9b/0x8e0 [ 97.464688][ T5991] ? __pfx___kernfs_new_node+0x10/0x10 [ 97.464745][ T5991] ? find_held_lock+0x2b/0x80 [ 97.464780][ T5991] ? kernfs_root+0xee/0x2a0 [ 97.464842][ T5991] kernfs_new_node+0x13c/0x1e0 [ 97.464902][ T5991] __kernfs_create_file+0x53/0x350 [ 97.464945][ T5991] cgroup_addrm_files+0x546/0xc20 [ 97.465012][ T5991] ? __pfx_cgroup_addrm_files+0x10/0x10 [ 97.465079][ T5991] ? idr_replace+0xfa/0x170 [ 97.465124][ T5991] ? __pfx_idr_replace+0x10/0x10 [ 97.465176][ T5991] css_populate_dir+0x169/0x580 [ 97.465220][ T5991] cgroup_apply_control_enable+0x3f3/0xbb0 [ 97.465286][ T5991] cgroup_mkdir+0x5e7/0x11f0 [ 97.465344][ T5991] ? __pfx_cgroup_mkdir+0x10/0x10 [ 97.465396][ T5991] kernfs_iop_mkdir+0x111/0x190 [ 97.465445][ T5991] ? bpf_lsm_inode_mkdir+0x9/0x10 [ 97.465478][ T5991] vfs_mkdir+0x590/0x8c0 [ 97.465524][ T5991] do_mkdirat+0x304/0x3e0 [ 97.465574][ T5991] ? __pfx_do_mkdirat+0x10/0x10 [ 97.465627][ T5991] ? getname_flags.part.0+0x1c5/0x550 [ 97.465670][ T5991] __x64_sys_mkdir+0xef/0x140 [ 97.465720][ T5991] do_syscall_64+0xcd/0x490 [ 97.465773][ T5991] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 97.465812][ T5991] RIP: 0033:0x7f1a4878e929 [ 97.465845][ T5991] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 97.465876][ T5991] RSP: 002b:00007f1a495eb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 97.465906][ T5991] RAX: ffffffffffffffda RBX: 00007f1a489b5fa0 RCX: 00007f1a4878e929 [ 97.465928][ T5991] RDX: 0000000000000000 RSI: 00000000000008cd RDI: 0000200000000000 [ 97.465948][ T5991] RBP: 00007f1a48810b39 R08: 0000000000000000 R09: 0000000000000000 [ 97.465968][ T5991] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 97.465988][ T5991] R13: 0000000000000000 R14: 00007f1a489b5fa0 R15: 00007ffc2c609d88 [ 97.466031][ T5991] [ 97.466372][ T5991] cgroup: cgroup_addrm_files: failed to add stat, err=-12 [ 97.600772][ T5992] netlink: 28 bytes leftover after parsing attributes in process `syz.3.11'. [ 97.877726][ T5992] Zero length message leads to an empty skb [ 98.248345][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 98.301015][ T6006] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 99.529555][ T6020] process 'syz.0.17' launched './file0' with NULL argv: empty string added [ 99.712955][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 99.721851][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 99.734189][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 99.849131][ T6021] Invalid ELF header magic: != ELF [ 99.897662][ T6025] netlink: 40 bytes leftover after parsing attributes in process `syz.0.17'. [ 100.986933][ T6037] can: request_module (can-proto-3) failed. [ 101.145107][ T6039] random: crng reseeded on system resumption [ 101.741305][ T6047] [U]  [ 101.744230][ T6047] [U] [ 101.746952][ T6047] [U] [ 101.749683][ T6047] [U] [ 101.784231][ T6047] [U] [ 101.786960][ T6047] [U] [ 101.789667][ T6047] [U] [ 101.792376][ T6047] [U] [ 101.832543][ T6047] [U] [ 101.835313][ T6047] [U] [ 101.838059][ T6047] [U] [ 101.840803][ T6047] [U] [ 101.850127][ T6047] [U] [ 101.853026][ T6047] [U] [ 101.855775][ T6047] [U] [ 101.858521][ T6047] [U] [ 101.901569][ T6047] [U] [ 101.904327][ T6047] [U] [ 101.907116][ T6047] [U] [ 101.909872][ T6047] [U] [ 101.928201][ T6047] [U] [ 101.930957][ T6047] [U] [ 101.933676][ T6047] [U] [ 101.936379][ T6047] [U] [ 101.942175][ T6047] [U] [ 101.944926][ T6047] [U] [ 101.947664][ T6047] [U] [ 101.950390][ T6047] [U] [ 102.010290][ T6047] [U] [ 102.013032][ T6047] [U] [ 102.015733][ T6047] [U] [ 102.018436][ T6047] [U] [ 102.060426][ T6047] [U] [ 102.063245][ T6047] [U] [ 102.065956][ T6047] [U] [ 102.068659][ T6047] [U] [ 102.117580][ T6047] [U] [ 102.120320][ T6047] [U] [ 102.123047][ T6047] [U] [ 102.125746][ T6047] [U] [ 102.140976][ T6047] [U] [ 102.143818][ T6047] [U] [ 102.146564][ T6047] [U] [ 102.149317][ T6047] [U] [ 102.153037][ T6047] [U] [ 102.155787][ T6047] [U] [ 102.158573][ T6047] [U] [ 102.161297][ T6047] [U] [ 102.187220][ T6047] [U] [ 102.189988][ T6047] [U] [ 102.192705][ T6047] [U] [ 102.195414][ T6047] [U] [ 102.205547][ T6047] [U] [ 102.208303][ T6047] [U] [ 102.211021][ T6047] [U] [ 102.213726][ T6047] [U] [ 102.220550][ T6047] [U] [ 102.223307][ T6047] [U] [ 102.226023][ T6047] [U] [ 102.228761][ T6047] [U] [ 102.232551][ T6047] [U] [ 102.235319][ T6047] [U] [ 102.238068][ T6047] [U] [ 102.240793][ T6047] [U] [ 102.244290][ T6047] [U] [ 102.247036][ T6047] [U] [ 102.249781][ T6047] [U] [ 102.252520][ T6047] [U] [ 102.260833][ T6047] [U] [ 102.263597][ T6047] [U] [ 102.266331][ T6047] [U] [ 102.269073][ T6047] [U] [ 102.272982][ T6047] [U] [ 102.275728][ T6047] [U] [ 102.278465][ T6047] [U] [ 102.281209][ T6047] [U] [ 102.307682][ T6047] [U] [ 102.310516][ T6047] [U] [ 102.313266][ T6047] [U] [ 102.316015][ T6047] [U] [ 102.324202][ T6047] [U] [ 102.326944][ T6047] [U] [ 102.329703][ T6047] [U] [ 102.332468][ T6047] [U] [ 102.341830][ T6047] [U] [ 102.344599][ T6047] [U] [ 102.347356][ T6047] [U] [ 102.350120][ T6047] [U] [ 102.373575][ T6047] [U] [ 102.378593][ T6054] tipc: Started in network mode [ 102.383550][ T6054] tipc: Node identity ee00, cluster identity 4711 [ 102.398774][ T6054] tipc: Node number set to 60928 [ 102.901098][ T6066] device-mapper: ioctl: Invalid ioctl structure: name , dev 8000010007 [ 102.917890][ T6066] Unable to find swap-space signature [ 104.457416][ T6100] input: jJǸ-9%vlQ J8fi as /devices/virtual/input/input5 [ 105.173907][ T6103] random: crng reseeded on system resumption [ 105.237692][ T6106] netlink: 8 bytes leftover after parsing attributes in process `syz.1.33'. [ 106.304574][ T30] audit: type=1800 audit(1752592057.653:2): pid=6127 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.36" name="features" dev="configfs" ino=8360 res=0 errno=0 [ 106.388435][ T6131] FAULT_INJECTION: forcing a failure. [ 106.388435][ T6131] name failslab, interval 1, probability 0, space 0, times 0 [ 106.427717][ T6131] CPU: 0 UID: 0 PID: 6131 Comm: syz.1.38 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 106.427753][ T6131] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 106.427769][ T6131] Call Trace: [ 106.427777][ T6131] [ 106.427787][ T6131] dump_stack_lvl+0x16c/0x1f0 [ 106.427833][ T6131] should_fail_ex+0x512/0x640 [ 106.427873][ T6131] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 106.427918][ T6131] should_failslab+0xc2/0x120 [ 106.427944][ T6131] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 106.427987][ T6131] ? security_file_alloc+0x34/0x2b0 [ 106.428029][ T6131] security_file_alloc+0x34/0x2b0 [ 106.428064][ T6131] init_file+0x93/0x4c0 [ 106.428100][ T6131] alloc_empty_file+0x73/0x1e0 [ 106.428130][ T6131] path_openat+0xda/0x2cb0 [ 106.428168][ T6131] ? stack_depot_save_flags+0x28/0xa40 [ 106.428218][ T6131] ? kasan_save_stack+0x42/0x60 [ 106.428258][ T6131] ? __pfx_path_openat+0x10/0x10 [ 106.428295][ T6131] ? kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 106.428333][ T6131] ? getname_flags.part.0+0x4c/0x550 [ 106.428362][ T6131] ? getname_flags+0x93/0xf0 [ 106.428396][ T6131] ? __do_sys_swapon+0x845/0x3ab0 [ 106.428436][ T6131] ? do_syscall_64+0xcd/0x490 [ 106.428475][ T6131] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.428509][ T6131] do_filp_open+0x20b/0x470 [ 106.428550][ T6131] ? __pfx_do_filp_open+0x10/0x10 [ 106.428616][ T6131] ? find_held_lock+0x2b/0x80 [ 106.428643][ T6131] ? __might_fault+0xe3/0x190 [ 106.428682][ T6131] ? __might_fault+0xe3/0x190 [ 106.428719][ T6131] ? __might_fault+0x13b/0x190 [ 106.428765][ T6131] file_open_name+0x2a3/0x450 [ 106.428797][ T6131] ? __pfx_file_open_name+0x10/0x10 [ 106.428832][ T6131] ? getname_flags.part.0+0x1c5/0x550 [ 106.428861][ T6131] ? lockdep_init_map_type+0x5c/0x280 [ 106.428907][ T6131] __do_sys_swapon+0x87f/0x3ab0 [ 106.428950][ T6131] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 106.428998][ T6131] ? __fget_files+0x20e/0x3c0 [ 106.429042][ T6131] ? fput+0x70/0xf0 [ 106.429067][ T6131] ? ksys_write+0x1ac/0x250 [ 106.429110][ T6131] ? __pfx___do_sys_swapon+0x10/0x10 [ 106.429162][ T6131] do_syscall_64+0xcd/0x490 [ 106.429205][ T6131] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.429232][ T6131] RIP: 0033:0x7f9deb78e929 [ 106.429253][ T6131] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 106.429278][ T6131] RSP: 002b:00007f9de95f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a7 [ 106.429304][ T6131] RAX: ffffffffffffffda RBX: 00007f9deb9b5fa0 RCX: 00007f9deb78e929 [ 106.429322][ T6131] RDX: 0000000000000000 RSI: 000000000000000d RDI: 0000200000000dc0 [ 106.429338][ T6131] RBP: 00007f9de95f6090 R08: 0000000000000000 R09: 0000000000000000 [ 106.429355][ T6131] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 106.429370][ T6131] R13: 0000000000000000 R14: 00007f9deb9b5fa0 R15: 00007ffeeda4d2b8 [ 106.429405][ T6131] [ 106.826991][ T30] audit: type=1400 audit(1752592058.183:3): apparmor="DENIED" operation="setprocattr" info="invalid" error=-22 profile="unconfined" pid=6134 comm="syz.1.39" [ 106.856077][ T6135] nbd: must specify at least one socket [ 107.199788][ T6140] netlink: 28 bytes leftover after parsing attributes in process `syz.3.41'. [ 107.483107][ T6156] mmap: syz.0.44 (6156) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 108.413297][ T6158] ptrace attach of "./syz-executor exec"[5849] was attempted by "./syz-executor exec"[6158] [ 108.603184][ T6180] FAULT_INJECTION: forcing a failure. [ 108.603184][ T6180] name failslab, interval 1, probability 0, space 0, times 0 [ 108.624848][ T6180] CPU: 1 UID: 0 PID: 6180 Comm: syz.3.48 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 108.624884][ T6180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 108.624900][ T6180] Call Trace: [ 108.624908][ T6180] [ 108.624918][ T6180] dump_stack_lvl+0x16c/0x1f0 [ 108.624962][ T6180] should_fail_ex+0x512/0x640 [ 108.625001][ T6180] ? fs_reclaim_acquire+0xae/0x150 [ 108.625036][ T6180] should_failslab+0xc2/0x120 [ 108.625063][ T6180] __kmalloc_cache_noprof+0x6a/0x3e0 [ 108.625098][ T6180] ? find_held_lock+0x2b/0x80 [ 108.625126][ T6180] ? tomoyo_open_control+0x56/0xa30 [ 108.625175][ T6180] tomoyo_open_control+0x56/0xa30 [ 108.625223][ T6180] do_dentry_open+0x744/0x1c10 [ 108.625266][ T6180] ? __pfx_tomoyo_open+0x10/0x10 [ 108.625312][ T6180] vfs_open+0x82/0x3f0 [ 108.625346][ T6180] path_openat+0x1de4/0x2cb0 [ 108.625394][ T6180] ? kasan_save_stack+0x42/0x60 [ 108.625435][ T6180] ? __pfx_path_openat+0x10/0x10 [ 108.625471][ T6180] ? kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 108.625511][ T6180] ? getname_flags.part.0+0x4c/0x550 [ 108.625539][ T6180] ? getname_flags+0x93/0xf0 [ 108.625572][ T6180] ? __do_sys_swapon+0x845/0x3ab0 [ 108.625611][ T6180] ? do_syscall_64+0xcd/0x490 [ 108.625650][ T6180] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.625692][ T6180] do_filp_open+0x20b/0x470 [ 108.625731][ T6180] ? __pfx_do_filp_open+0x10/0x10 [ 108.625797][ T6180] ? find_held_lock+0x2b/0x80 [ 108.625824][ T6180] ? __might_fault+0xe3/0x190 [ 108.625864][ T6180] ? __might_fault+0xe3/0x190 [ 108.625902][ T6180] ? __might_fault+0x13b/0x190 [ 108.625948][ T6180] file_open_name+0x2a3/0x450 [ 108.625981][ T6180] ? __pfx_file_open_name+0x10/0x10 [ 108.626016][ T6180] ? getname_flags.part.0+0x1c5/0x550 [ 108.626045][ T6180] ? lockdep_init_map_type+0x5c/0x280 [ 108.626091][ T6180] __do_sys_swapon+0x87f/0x3ab0 [ 108.626133][ T6180] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 108.626176][ T6180] ? __fget_files+0x20e/0x3c0 [ 108.626217][ T6180] ? fput+0x70/0xf0 [ 108.626242][ T6180] ? ksys_write+0x1ac/0x250 [ 108.626277][ T6180] ? __pfx___do_sys_swapon+0x10/0x10 [ 108.626329][ T6180] do_syscall_64+0xcd/0x490 [ 108.626370][ T6180] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.626395][ T6180] RIP: 0033:0x7f380098e929 [ 108.626415][ T6180] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 108.626438][ T6180] RSP: 002b:00007f3801855038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a7 [ 108.626461][ T6180] RAX: ffffffffffffffda RBX: 00007f3800bb5fa0 RCX: 00007f380098e929 [ 108.626477][ T6180] RDX: 0000000000000000 RSI: 000000000000000d RDI: 0000200000000dc0 [ 108.626493][ T6180] RBP: 00007f3801855090 R08: 0000000000000000 R09: 0000000000000000 [ 108.626508][ T6180] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 108.626523][ T6180] R13: 0000000000000000 R14: 00007f3800bb5fa0 R15: 00007ffe4aaf71a8 [ 108.626554][ T6180] [ 108.917606][ C1] vkms_vblank_simulate: vblank timer overrun [ 109.519706][ T6192] ptrace attach of "./syz-executor exec"[5851] was attempted by "./syz-executor exec"[6192] [ 109.724719][ T6186] Invalid ELF header magic: != ELF [ 113.102150][ T979] Process accounting resumed [ 115.084867][ T6299] netlink: 322 bytes leftover after parsing attributes in process `syz.2.74'. [ 118.242253][ T6350] vhci_hcd: invalid port number 16 [ 118.264166][ T6350] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub [ 118.404643][ T6352] FAULT_INJECTION: forcing a failure. [ 118.404643][ T6352] name failslab, interval 1, probability 0, space 0, times 0 [ 118.442643][ T6352] CPU: 0 UID: 0 PID: 6352 Comm: syz.2.88 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 118.442691][ T6352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 118.442712][ T6352] Call Trace: [ 118.442723][ T6352] [ 118.442735][ T6352] dump_stack_lvl+0x16c/0x1f0 [ 118.442790][ T6352] should_fail_ex+0x512/0x640 [ 118.442838][ T6352] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 118.442897][ T6352] should_failslab+0xc2/0x120 [ 118.442929][ T6352] __kmalloc_cache_noprof+0x6a/0x3e0 [ 118.442974][ T6352] ? lockdep_hardirqs_on+0x7c/0x110 [ 118.443021][ T6352] ? snd_seq_fifo_new+0x42/0x260 [ 118.443067][ T6352] ? seq_create_client1+0x420/0x5e0 [ 118.443118][ T6352] ? __pfx_snd_seq_open+0x10/0x10 [ 118.443161][ T6352] snd_seq_fifo_new+0x42/0x260 [ 118.443197][ T6352] snd_seq_open+0x15c/0x550 [ 118.443241][ T6352] ? __pfx_snd_seq_open+0x10/0x10 [ 118.443283][ T6352] snd_open+0x201/0x450 [ 118.443328][ T6352] ? __pfx_snd_open+0x10/0x10 [ 118.443372][ T6352] chrdev_open+0x231/0x6a0 [ 118.443415][ T6352] ? __pfx_chrdev_open+0x10/0x10 [ 118.443464][ T6352] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 118.443509][ T6352] do_dentry_open+0x744/0x1c10 [ 118.443552][ T6352] ? __pfx_chrdev_open+0x10/0x10 [ 118.443604][ T6352] vfs_open+0x82/0x3f0 [ 118.443640][ T6352] path_openat+0x1de4/0x2cb0 [ 118.443693][ T6352] ? __pfx_path_openat+0x10/0x10 [ 118.443737][ T6352] ? __lock_acquire+0xb8a/0x1c90 [ 118.443781][ T6352] do_filp_open+0x20b/0x470 [ 118.443823][ T6352] ? __pfx_do_filp_open+0x10/0x10 [ 118.443898][ T6352] ? alloc_fd+0x471/0x7d0 [ 118.443947][ T6352] do_sys_openat2+0x11b/0x1d0 [ 118.443979][ T6352] ? __pfx_do_sys_openat2+0x10/0x10 [ 118.444009][ T6352] ? ktime_get+0x1a7/0x310 [ 118.444057][ T6352] __x64_sys_openat+0x174/0x210 [ 118.444091][ T6352] ? __pfx___x64_sys_openat+0x10/0x10 [ 118.444139][ T6352] do_syscall_64+0xcd/0x490 [ 118.444186][ T6352] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.444214][ T6352] RIP: 0033:0x7fa52e98e929 [ 118.444237][ T6352] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 118.444271][ T6352] RSP: 002b:00007fa52f7e8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 118.444298][ T6352] RAX: ffffffffffffffda RBX: 00007fa52ebb5fa0 RCX: 00007fa52e98e929 [ 118.444316][ T6352] RDX: 0000000000000100 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 118.444335][ T6352] RBP: 00007fa52ea10b39 R08: 0000000000000000 R09: 0000000000000000 [ 118.444352][ T6352] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 118.444368][ T6352] R13: 0000000000000000 R14: 00007fa52ebb5fa0 R15: 00007fff9ad06148 [ 118.444405][ T6352] [ 121.851141][ T6405] capability: warning: `syz.2.96' uses 32-bit capabilities (legacy support in use) [ 122.452634][ T6417] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 123.678226][ T6436] netlink: 28 bytes leftover after parsing attributes in process `syz.3.101'. [ 124.763706][ T6460] netlink: 'syz.1.103': attribute type 4 has an invalid length. [ 124.773566][ T6422] kexec: Could not allocate control_code_buffer [ 124.824133][ T6460] netlink: 314 bytes leftover after parsing attributes in process `syz.1.103'. [ 125.044029][ T6456] svc: failed to register nfsdv3 RPC service (errno 111). [ 125.089506][ T6456] svc: failed to register nfsaclv3 RPC service (errno 111). [ 125.803521][ T6490] netlink: 16 bytes leftover after parsing attributes in process `syz.2.111'. [ 128.194196][ T6519] ubi0: attaching mtd0 [ 128.235205][ T6519] ubi0: scanning is finished [ 128.241388][ T6519] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 128.801488][ T6533] Invalid ELF header magic: != ELF [ 128.823085][ T6533] Invalid ELF header magic: != ELF [ 128.850827][ T6519] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 129.246883][ T6533] Invalid ELF header magic: != ELF [ 131.712811][ T6597] netlink: 334 bytes leftover after parsing attributes in process `syz.1.131'. [ 131.934423][ T30] audit: type=1804 audit(6047559379.294:4): pid=6606 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.134" name="/newroot/40/file0" dev="tmpfs" ino=225 res=1 errno=0 [ 132.107453][ T30] audit: type=1800 audit(6047559379.294:5): pid=6606 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.134" name="file0" dev="tmpfs" ino=225 res=0 errno=0 [ 132.212382][ T6599] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input6 [ 133.166302][ T6624] netlink: 334 bytes leftover after parsing attributes in process `syz.2.137'. [ 136.173362][ T6692] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !PjE r҄y*"l-y– [ 136.686370][ T6713] binder: 6712:6713 unknown command 0 [ 136.701767][ T6713] binder: 6712:6713 ioctl c0306201 0 returned -22 [ 137.044976][ T6721] Invalid ELF header magic: != ELF [ 137.786702][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 137.793424][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 138.483902][ T6740] FAULT_INJECTION: forcing a failure. [ 138.483902][ T6740] name failslab, interval 1, probability 0, space 0, times 0 [ 138.558248][ T6740] CPU: 1 UID: 0 PID: 6740 Comm: syz.1.161 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 138.558277][ T6740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 138.558289][ T6740] Call Trace: [ 138.558295][ T6740] [ 138.558303][ T6740] dump_stack_lvl+0x16c/0x1f0 [ 138.558337][ T6740] should_fail_ex+0x512/0x640 [ 138.558370][ T6740] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 138.558400][ T6740] should_failslab+0xc2/0x120 [ 138.558419][ T6740] __kmalloc_cache_noprof+0x6a/0x3e0 [ 138.558446][ T6740] ? can_pernet_init+0x11c/0x370 [ 138.558478][ T6740] ? kasan_save_track+0x14/0x30 [ 138.558508][ T6740] ? __pfx_can_pernet_init+0x10/0x10 [ 138.558540][ T6740] can_pernet_init+0x11c/0x370 [ 138.558599][ T6740] ? __pfx_can_pernet_init+0x10/0x10 [ 138.558632][ T6740] ops_init+0x1e2/0x5f0 [ 138.558668][ T6740] setup_net+0x1ff/0x510 [ 138.558700][ T6740] ? lockdep_init_map_type+0x5c/0x280 [ 138.558736][ T6740] ? __pfx_setup_net+0x10/0x10 [ 138.558771][ T6740] ? debug_mutex_init+0x37/0x70 [ 138.558795][ T6740] copy_net_ns+0x2a6/0x5f0 [ 138.558819][ T6740] create_new_namespaces+0x3ea/0xa90 [ 138.558850][ T6740] copy_namespaces+0x468/0x560 [ 138.558875][ T6740] copy_process+0x2822/0x7650 [ 138.558915][ T6740] ? __pfx_copy_process+0x10/0x10 [ 138.558942][ T6740] ? find_held_lock+0x2b/0x80 [ 138.558974][ T6740] kernel_clone+0xfc/0x960 [ 138.559004][ T6740] ? __pfx_kernel_clone+0x10/0x10 [ 138.559046][ T6740] __do_sys_clone+0xce/0x120 [ 138.559073][ T6740] ? __pfx___do_sys_clone+0x10/0x10 [ 138.559113][ T6740] ? xfd_validate_state+0x61/0x180 [ 138.559152][ T6740] do_syscall_64+0xcd/0x490 [ 138.559186][ T6740] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 138.559207][ T6740] RIP: 0033:0x7f9deb78e929 [ 138.559223][ T6740] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 138.559243][ T6740] RSP: 002b:00007f9de95f5fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 138.559262][ T6740] RAX: ffffffffffffffda RBX: 00007f9deb9b5fa0 RCX: 00007f9deb78e929 [ 138.559276][ T6740] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000068000000 [ 138.559288][ T6740] RBP: 00007f9deb810b39 R08: 0000000000000000 R09: 0000000000000000 [ 138.559301][ T6740] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 138.559313][ T6740] R13: 0000000000000000 R14: 00007f9deb9b5fa0 R15: 00007ffeeda4d2b8 [ 138.559339][ T6740] [ 139.197738][ T6742] WARNING! power/level is deprecated; use power/control instead [ 139.814015][ T6757] syz.0.165 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 140.695097][ T6775] ======================================================= [ 140.695097][ T6775] WARNING: The mand mount option has been deprecated and [ 140.695097][ T6775] and is ignored by this kernel. Remove the mand [ 140.695097][ T6775] option from the mount to silence this warning. [ 140.695097][ T6775] ======================================================= [ 143.313677][ T6826] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input8 [ 144.101077][ T6840] usbip-vudc usbip-vudc.0: gadget not bound [ 144.900247][ T6849] openvswitch: netlink: nsh attribute has 14 unknown bytes. [ 146.414305][ T6864] Invalid ELF header magic: != ELF [ 147.021241][ T6897] netlink: 20 bytes leftover after parsing attributes in process `syz.3.194'. [ 147.145279][ T6897] hsr_slave_0 (unregistering): left promiscuous mode [ 148.407695][ T6912] can: request_module (can-proto-0) failed. [ 149.230008][ T6946] netlink: 28 bytes leftover after parsing attributes in process `syz.2.206'. [ 149.246223][ T6946] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 149.352693][ T6946] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 149.617415][ T6946] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 149.817280][ T6946] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 151.451596][ T6979] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 151.462134][ T6979] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 155.927196][ T7036] syz.3.223 uses obsolete (PF_INET,SOCK_PACKET) [ 160.517890][ T7106] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 160.528162][ T7106] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 160.602232][ T7106] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 160.625195][ T7106] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 160.647736][ T7106] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 160.692485][ T7106] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 160.719870][ T7106] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 160.725993][ T7106] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 160.757684][ T7106] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 160.766502][ T7106] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 160.772652][ T7106] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 160.781863][ T7106] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 160.954955][ T7117] ima: policy update failed [ 160.967628][ T30] audit: type=1802 audit(6047559408.324:6): pid=7117 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.238" res=0 errno=0 [ 161.066688][ T7119] FAULT_INJECTION: forcing a failure. [ 161.066688][ T7119] name failslab, interval 1, probability 0, space 0, times 0 [ 161.254014][ T7119] CPU: 1 UID: 0 PID: 7119 Comm: syz.3.239 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 161.254053][ T7119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 161.254070][ T7119] Call Trace: [ 161.254079][ T7119] [ 161.254090][ T7119] dump_stack_lvl+0x16c/0x1f0 [ 161.254138][ T7119] should_fail_ex+0x512/0x640 [ 161.254179][ T7119] ? __kmalloc_noprof+0xbf/0x510 [ 161.254224][ T7119] ? iter_file_splice_write+0x1cc/0x1150 [ 161.254261][ T7119] should_failslab+0xc2/0x120 [ 161.254289][ T7119] __kmalloc_noprof+0xd2/0x510 [ 161.254338][ T7119] iter_file_splice_write+0x1cc/0x1150 [ 161.254384][ T7119] ? kfree+0x2b4/0x4d0 [ 161.254419][ T7119] ? copy_splice_read+0x897/0xba0 [ 161.254462][ T7119] ? __pfx_iter_file_splice_write+0x10/0x10 [ 161.254513][ T7119] ? __lock_acquire+0xb8a/0x1c90 [ 161.254557][ T7119] ? __pfx_copy_splice_read+0x10/0x10 [ 161.254614][ T7119] ? __pfx_iter_file_splice_write+0x10/0x10 [ 161.254657][ T7119] direct_splice_actor+0x18f/0x6c0 [ 161.254700][ T7119] splice_direct_to_actor+0x345/0xa30 [ 161.254740][ T7119] ? __pfx_direct_splice_actor+0x10/0x10 [ 161.254787][ T7119] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 161.254835][ T7119] do_splice_direct+0x174/0x240 [ 161.254873][ T7119] ? __pfx_do_splice_direct+0x10/0x10 [ 161.254912][ T7119] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 161.254954][ T7119] ? rw_verify_area+0xcf/0x680 [ 161.254994][ T7119] do_sendfile+0xb06/0xe50 [ 161.255040][ T7119] ? __pfx_do_sendfile+0x10/0x10 [ 161.255078][ T7119] ? __sys_sendmsg+0x18c/0x220 [ 161.255125][ T7119] ? __x64_sys_futex+0x1e0/0x4c0 [ 161.255159][ T7119] ? __x64_sys_futex+0x1e9/0x4c0 [ 161.255199][ T7119] __x64_sys_sendfile64+0x1d8/0x220 [ 161.255229][ T7119] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 161.255269][ T7119] do_syscall_64+0xcd/0x490 [ 161.255316][ T7119] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.255345][ T7119] RIP: 0033:0x7f380098e929 [ 161.255368][ T7119] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 161.255394][ T7119] RSP: 002b:00007f3801855038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 161.255421][ T7119] RAX: ffffffffffffffda RBX: 00007f3800bb5fa0 RCX: 00007f380098e929 [ 161.255440][ T7119] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000005 [ 161.255455][ T7119] RBP: 00007f3800a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 161.255472][ T7119] R10: 0000000100000000 R11: 0000000000000246 R12: 0000000000000000 [ 161.255488][ T7119] R13: 0000000000000000 R14: 00007f3800bb5fa0 R15: 00007ffe4aaf71a8 [ 161.255532][ T7119] [ 161.867499][ T7131] netlink: 342 bytes leftover after parsing attributes in process `syz.3.242'. [ 162.577819][ T5858] Bluetooth: hci0: command 0x0c1a tx timeout [ 162.648011][ T5858] Bluetooth: hci1: command 0x0c1a tx timeout [ 162.728717][ T5858] Bluetooth: hci2: command 0x0c1a tx timeout [ 162.807183][ T5858] Bluetooth: hci3: command 0x0c1a tx timeout [ 163.132028][ T7156] netlink: 342 bytes leftover after parsing attributes in process `syz.3.247'. [ 163.533983][ T7155] FAULT_INJECTION: forcing a failure. [ 163.533983][ T7155] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 163.548411][ T7155] CPU: 0 UID: 0 PID: 7155 Comm: syz.3.247 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 163.548440][ T7155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 163.548453][ T7155] Call Trace: [ 163.548460][ T7155] [ 163.548468][ T7155] dump_stack_lvl+0x16c/0x1f0 [ 163.548505][ T7155] should_fail_ex+0x512/0x640 [ 163.548554][ T7155] should_fail_alloc_page+0xe7/0x130 [ 163.548577][ T7155] prepare_alloc_pages+0x3c2/0x610 [ 163.548602][ T7155] ? rcu_is_watching+0x12/0xc0 [ 163.548627][ T7155] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 163.548664][ T7155] ? css_rstat_updated+0x9d/0xd30 [ 163.548692][ T7155] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 163.548723][ T7155] ? __lock_acquire+0x622/0x1c90 [ 163.548761][ T7155] ? __lock_acquire+0x622/0x1c90 [ 163.548790][ T7155] ? __lock_acquire+0x622/0x1c90 [ 163.548818][ T7155] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 163.548852][ T7155] ? policy_nodemask+0xea/0x4e0 [ 163.548874][ T7155] alloc_pages_mpol+0x1fb/0x550 [ 163.548895][ T7155] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 163.548922][ T7155] folio_alloc_mpol_noprof+0x36/0x2f0 [ 163.548947][ T7155] vma_alloc_folio_noprof+0xed/0x1e0 [ 163.548971][ T7155] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 163.548993][ T7155] ? find_held_lock+0x2b/0x80 [ 163.549015][ T7155] ? __handle_mm_fault+0x1092/0x5490 [ 163.549046][ T7155] __handle_mm_fault+0x2f21/0x5490 [ 163.549081][ T7155] ? __pfx___handle_mm_fault+0x10/0x10 [ 163.549109][ T7155] ? __pte_offset_map_lock+0x174/0x310 [ 163.549130][ T7155] ? find_held_lock+0x2b/0x80 [ 163.549150][ T7155] ? find_held_lock+0x2b/0x80 [ 163.549177][ T7155] ? follow_page_pte+0x3af/0x14c0 [ 163.549207][ T7155] handle_mm_fault+0x589/0xd10 [ 163.549240][ T7155] __get_user_pages+0x589/0x3b80 [ 163.549270][ T7155] ? __pfx_mt_find+0x10/0x10 [ 163.549289][ T7155] ? __pfx___get_user_pages+0x10/0x10 [ 163.549322][ T7155] populate_vma_page_range+0x278/0x3a0 [ 163.549350][ T7155] ? __pfx_populate_vma_page_range+0x10/0x10 [ 163.549374][ T7155] ? __pfx_find_vma_intersection+0x10/0x10 [ 163.549404][ T7155] ? do_mmap+0x69c/0x1210 [ 163.549429][ T7155] __mm_populate+0x1d8/0x380 [ 163.549458][ T7155] ? __pfx___mm_populate+0x10/0x10 [ 163.549485][ T7155] ? up_write+0x1b2/0x520 [ 163.549519][ T7155] vm_mmap_pgoff+0x362/0x450 [ 163.549544][ T7155] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 163.549562][ T7155] ? map_id_range_up+0x2ce/0x3b0 [ 163.549600][ T7155] ? __x64_sys_futex+0x1e0/0x4c0 [ 163.549625][ T7155] ? __x64_sys_futex+0x1e9/0x4c0 [ 163.549653][ T7155] ksys_mmap_pgoff+0x7d/0x5c0 [ 163.549675][ T7155] ? xfd_validate_state+0x61/0x180 [ 163.549702][ T7155] ? __pfx_from_kuid_munged+0x10/0x10 [ 163.549737][ T7155] __x64_sys_mmap+0x125/0x190 [ 163.549770][ T7155] do_syscall_64+0xcd/0x490 [ 163.549804][ T7155] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 163.549824][ T7155] RIP: 0033:0x7f380098e929 [ 163.549840][ T7155] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 163.549859][ T7155] RSP: 002b:00007f3801834038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 163.549877][ T7155] RAX: ffffffffffffffda RBX: 00007f3800bb6080 RCX: 00007f380098e929 [ 163.549891][ T7155] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 163.549916][ T7155] RBP: 00007f3800a10b39 R08: 0000000000000002 R09: 0000000000008000 [ 163.549927][ T7155] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 163.549939][ T7155] R13: 0000000000000000 R14: 00007f3800bb6080 R15: 00007ffe4aaf71a8 [ 163.549963][ T7155] [ 164.644797][ T7171] vivid-007: ================= START STATUS ================= [ 164.653958][ T5858] Bluetooth: hci0: command 0x0c1a tx timeout [ 164.667684][ T7171] vivid-007: Generate PTS: true [ 164.672704][ T7171] vivid-007: Generate SCR: true [ 164.721368][ T7171] tpg source WxH: 320x240 (Y'CbCr) [ 164.726856][ T7171] tpg field: 1 [ 164.734907][ T5858] Bluetooth: hci1: command 0x0c1a tx timeout [ 164.741226][ T7171] tpg crop: (0,0)/320x240 [ 164.745565][ T7171] tpg compose: (0,0)/320x240 [ 164.750611][ T7171] tpg colorspace: 8 [ 164.755335][ T7171] tpg transfer function: 0/0 [ 164.760707][ T7171] tpg Y'CbCr encoding: 0/0 [ 164.768739][ T7171] tpg quantization: 0/0 [ 164.806045][ T7171] tpg RGB range: 0/2 [ 164.810238][ T5858] Bluetooth: hci2: command 0x0c1a tx timeout [ 164.816538][ T7171] vivid-007: ================== END STATUS ================== [ 164.887224][ T5858] Bluetooth: hci3: command 0x0c1a tx timeout [ 165.339715][ T7182] can: request_module (can-proto-3) failed. [ 165.598284][ T7189] netlink: 'syz.2.253': attribute type 19 has an invalid length. [ 165.646632][ T7189] netlink: 334 bytes leftover after parsing attributes in process `syz.2.253'. [ 166.179814][ T30] audit: type=1400 audit(6047559413.544:7): apparmor="DENIED" operation="setprocattr" info="exec" error=-22 profile="unconfined" pid=7196 comm="syz.3.256" [ 166.727500][ T5858] Bluetooth: hci0: command 0x0c1a tx timeout [ 166.807199][ T5858] Bluetooth: hci1: command 0x0c1a tx timeout [ 166.887159][ T5858] Bluetooth: hci2: command 0x0c1a tx timeout [ 166.967157][ T5858] Bluetooth: hci3: command 0x0c1a tx timeout [ 168.429217][ T7234] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 168.939397][ T7233] sctp: failed to load transform for md5: -2 [ 169.584150][ T7256] Invalid ELF header magic: != ELF [ 170.657691][ T7277] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 170.961384][ T5858] Bluetooth: hci1: Unable to find connection for big 0xd2 [ 171.512124][ T7296] kafs: addr_prefs: Invalid Command [ 172.818156][ T7308] usb usb36: usbfs: process 7308 (syz.0.278) did not claim interface 0 before use [ 172.869997][ T7308] FAULT_INJECTION: forcing a failure. [ 172.869997][ T7308] name failslab, interval 1, probability 0, space 0, times 0 [ 172.883107][ T7308] CPU: 1 UID: 0 PID: 7308 Comm: syz.0.278 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 172.883135][ T7308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 172.883147][ T7308] Call Trace: [ 172.883153][ T7308] [ 172.883161][ T7308] dump_stack_lvl+0x16c/0x1f0 [ 172.883196][ T7308] should_fail_ex+0x512/0x640 [ 172.883225][ T7308] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 172.883259][ T7308] should_failslab+0xc2/0x120 [ 172.883278][ T7308] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 172.883310][ T7308] ? alloc_inode+0xc3/0x240 [ 172.883333][ T7308] alloc_inode+0xc3/0x240 [ 172.883353][ T7308] iget_locked+0x2e4/0x830 [ 172.883376][ T7308] ? __pfx_iget_locked+0x10/0x10 [ 172.883399][ T7308] ? find_held_lock+0x2b/0x80 [ 172.883421][ T7308] ? kernfs_root+0xee/0x2a0 [ 172.883453][ T7308] kernfs_get_inode+0x48/0x460 [ 172.883481][ T7308] kernfs_iop_lookup+0x1a7/0x2d0 [ 172.883512][ T7308] ? __pfx_kernfs_iop_lookup+0x10/0x10 [ 172.883541][ T7308] lookup_open.isra.0+0x4d7/0x1580 [ 172.883573][ T7308] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 172.883614][ T7308] ? mnt_get_write_access+0x20c/0x300 [ 172.883640][ T7308] path_openat+0x893/0x2cb0 [ 172.883678][ T7308] ? __pfx_path_openat+0x10/0x10 [ 172.883709][ T7308] ? __lock_acquire+0xb8a/0x1c90 [ 172.883740][ T7308] do_filp_open+0x20b/0x470 [ 172.883770][ T7308] ? __pfx_do_filp_open+0x10/0x10 [ 172.883825][ T7308] ? alloc_fd+0x471/0x7d0 [ 172.883860][ T7308] do_sys_openat2+0x11b/0x1d0 [ 172.883882][ T7308] ? __pfx_do_sys_openat2+0x10/0x10 [ 172.883915][ T7308] __x64_sys_openat+0x174/0x210 [ 172.883938][ T7308] ? __pfx___x64_sys_openat+0x10/0x10 [ 172.883972][ T7308] do_syscall_64+0xcd/0x490 [ 172.884005][ T7308] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 172.884025][ T7308] RIP: 0033:0x7f1a4878e929 [ 172.884041][ T7308] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 172.884060][ T7308] RSP: 002b:00007f1a495eb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 172.884078][ T7308] RAX: ffffffffffffffda RBX: 00007f1a489b5fa0 RCX: 00007f1a4878e929 [ 172.884091][ T7308] RDX: 0000000000001182 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 172.884103][ T7308] RBP: 00007f1a48810b39 R08: 0000000000000000 R09: 0000000000000000 [ 172.884115][ T7308] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 172.884127][ T7308] R13: 0000000000000000 R14: 00007f1a489b5fa0 R15: 00007ffc2c609d88 [ 172.884151][ T7308] [ 175.671091][ T30] audit: type=1804 audit(6047559423.034:8): pid=7350 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.285" name="/newroot/79/file0" dev="tmpfs" ino=427 res=1 errno=0 [ 175.734503][ T30] audit: type=1800 audit(6047559423.044:9): pid=7350 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.285" name="file0" dev="tmpfs" ino=427 res=0 errno=0 [ 178.173155][ T7401] FAULT_INJECTION: forcing a failure. [ 178.173155][ T7401] name failslab, interval 1, probability 0, space 0, times 0 [ 178.221906][ T7401] CPU: 1 UID: 0 PID: 7401 Comm: syz.2.295 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 178.221942][ T7401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 178.221955][ T7401] Call Trace: [ 178.221962][ T7401] [ 178.221971][ T7401] dump_stack_lvl+0x16c/0x1f0 [ 178.222009][ T7401] should_fail_ex+0x512/0x640 [ 178.222044][ T7401] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 178.222082][ T7401] should_failslab+0xc2/0x120 [ 178.222104][ T7401] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 178.222139][ T7401] ? ptlock_alloc+0x1f/0x70 [ 178.222172][ T7401] ptlock_alloc+0x1f/0x70 [ 178.222201][ T7401] pte_alloc_one+0x82/0x3a0 [ 178.222223][ T7401] __pte_alloc+0x6d/0x3c0 [ 178.222244][ T7401] ? __pfx___pte_alloc+0x10/0x10 [ 178.222268][ T7401] ? _raw_spin_unlock+0x28/0x50 [ 178.222297][ T7401] ? __pmd_alloc+0x3fb/0x930 [ 178.222325][ T7401] __handle_mm_fault+0x4358/0x5490 [ 178.222363][ T7401] ? __pfx___handle_mm_fault+0x10/0x10 [ 178.222424][ T7401] handle_mm_fault+0x589/0xd10 [ 178.222460][ T7401] __get_user_pages+0x589/0x3b80 [ 178.222495][ T7401] ? __pfx_mt_find+0x10/0x10 [ 178.222516][ T7401] ? __pfx___get_user_pages+0x10/0x10 [ 178.222553][ T7401] populate_vma_page_range+0x278/0x3a0 [ 178.222583][ T7401] ? __pfx_populate_vma_page_range+0x10/0x10 [ 178.222611][ T7401] ? __pfx_find_vma_intersection+0x10/0x10 [ 178.222638][ T7401] ? do_mmap+0x69c/0x1210 [ 178.222666][ T7401] __mm_populate+0x1d8/0x380 [ 178.222695][ T7401] ? __pfx___mm_populate+0x10/0x10 [ 178.222725][ T7401] ? up_write+0x1b2/0x520 [ 178.222764][ T7401] vm_mmap_pgoff+0x362/0x450 [ 178.222791][ T7401] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 178.222821][ T7401] ? __x64_sys_futex+0x1e0/0x4c0 [ 178.222848][ T7401] ? __x64_sys_futex+0x1e9/0x4c0 [ 178.222880][ T7401] ksys_mmap_pgoff+0x7d/0x5c0 [ 178.222903][ T7401] ? xfd_validate_state+0x61/0x180 [ 178.222938][ T7401] ? __pfx_ksys_write+0x10/0x10 [ 178.222974][ T7401] __x64_sys_mmap+0x125/0x190 [ 178.223011][ T7401] do_syscall_64+0xcd/0x490 [ 178.223054][ T7401] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 178.223075][ T7401] RIP: 0033:0x7fa52e98e929 [ 178.223089][ T7401] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 178.223107][ T7401] RSP: 002b:00007fa52f7e8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 178.223125][ T7401] RAX: ffffffffffffffda RBX: 00007fa52ebb5fa0 RCX: 00007fa52e98e929 [ 178.223138][ T7401] RDX: 00000000000000df RSI: 0000000000040009 RDI: 0000000000000000 [ 178.223149][ T7401] RBP: 00007fa52ea10b39 R08: 0000000000000007 R09: 0000000000028000 [ 178.223161][ T7401] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 178.223172][ T7401] R13: 0000000000000000 R14: 00007fa52ebb5fa0 R15: 00007fff9ad06148 [ 178.223196][ T7401] [ 178.940523][ T7401] [ 178.942996][ T7401] ====================================================== [ 178.950044][ T7401] WARNING: possible circular locking dependency detected [ 178.957096][ T7401] 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 Not tainted [ 178.964222][ T7401] ------------------------------------------------------ [ 178.971257][ T7401] syz.2.295/7401 is trying to acquire lock: [ 178.977164][ T7401] ffff88802687ad00 (&q->elevator_lock){+.+.}-{4:4}, at: queue_requests_store+0x1c7/0x310 [ 178.987043][ T7401] [ 178.987043][ T7401] but task is already holding lock: [ 178.994433][ T7401] ffff88802687a7c8 (&q->q_usage_counter(io)#59){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 179.005719][ T7401] [ 179.005719][ T7401] which lock already depends on the new lock. [ 179.005719][ T7401] [ 179.016124][ T7401] [ 179.016124][ T7401] the existing dependency chain (in reverse order) is: [ 179.025147][ T7401] [ 179.025147][ T7401] -> #3 (&q->q_usage_counter(io)#59){++++}-{0:0}: [ 179.033770][ T7401] blk_alloc_queue+0x619/0x760 [ 179.039068][ T7401] blk_mq_alloc_queue+0x175/0x290 [ 179.044635][ T7401] __blk_mq_alloc_disk+0x29/0x120 [ 179.050197][ T7401] nbd_dev_add+0x4a0/0xbc0 [ 179.055152][ T7401] nbd_init+0x181/0x320 [ 179.059851][ T7401] do_one_initcall+0x120/0x6e0 [ 179.065146][ T7401] kernel_init_freeable+0x5c2/0x900 [ 179.070885][ T7401] kernel_init+0x1c/0x2b0 [ 179.075755][ T7401] ret_from_fork+0x5d7/0x6f0 [ 179.080883][ T7401] ret_from_fork_asm+0x1a/0x30 [ 179.086182][ T7401] [ 179.086182][ T7401] -> #2 (fs_reclaim){+.+.}-{0:0}: [ 179.093409][ T7401] fs_reclaim_acquire+0x102/0x150 [ 179.098969][ T7401] prepare_alloc_pages+0x162/0x610 [ 179.104615][ T7401] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 179.111055][ T7401] __alloc_pages_noprof+0xb/0x1b0 [ 179.116623][ T7401] pcpu_populate_chunk+0x110/0xb00 [ 179.122279][ T7401] pcpu_alloc_noprof+0x86a/0x1470 [ 179.127871][ T7401] xt_percpu_counter_alloc+0x13e/0x1b0 [ 179.133865][ T7401] find_check_entry.constprop.0+0xbc/0x9b0 [ 179.140228][ T7401] translate_table+0xc98/0x1720 [ 179.145624][ T7401] ipt_register_table+0x102/0x430 [ 179.151222][ T7401] iptable_security_table_init+0x40/0x60 [ 179.157399][ T7401] xt_find_table_lock+0x2e1/0x520 [ 179.162962][ T7401] xt_request_find_table_lock+0x28/0xf0 [ 179.169061][ T7401] get_info+0x190/0x610 [ 179.173797][ T7401] do_ipt_get_ctl+0x169/0xa10 [ 179.179007][ T7401] nf_getsockopt+0x7c/0xe0 [ 179.183955][ T7401] ip_getsockopt+0x18c/0x1e0 [ 179.189094][ T7401] tcp_getsockopt+0x9e/0x100 [ 179.194234][ T7401] do_sock_getsockopt+0x3fc/0x800 [ 179.199793][ T7401] __sys_getsockopt+0x123/0x1b0 [ 179.205195][ T7401] __x64_sys_getsockopt+0xbd/0x160 [ 179.210848][ T7401] do_syscall_64+0xcd/0x490 [ 179.215898][ T7401] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 179.222340][ T7401] [ 179.222340][ T7401] -> #1 (pcpu_alloc_mutex){+.+.}-{4:4}: [ 179.230103][ T7401] __mutex_lock+0x199/0xb90 [ 179.235168][ T7401] pcpu_alloc_noprof+0xb4c/0x1470 [ 179.240732][ T7401] sbitmap_init_node+0x2fd/0x770 [ 179.246210][ T7401] sbitmap_queue_init_node+0x41/0x560 [ 179.252119][ T7401] blk_mq_init_tags+0x12d/0x2b0 [ 179.257524][ T7401] blk_mq_alloc_map_and_rqs+0x237/0xf60 [ 179.263607][ T7401] blk_mq_init_sched+0x30c/0x610 [ 179.269084][ T7401] elevator_switch+0x1e1/0x7f0 [ 179.274382][ T7401] elevator_change+0x2ac/0x400 [ 179.279681][ T7401] elevator_set_default+0x292/0x320 [ 179.285419][ T7401] blk_register_queue+0x393/0x4f0 [ 179.290992][ T7401] __add_disk+0x74a/0xf00 [ 179.295875][ T7401] add_disk_fwnode+0x13f/0x5d0 [ 179.301189][ T7401] nbd_dev_add+0x791/0xbc0 [ 179.306156][ T7401] nbd_init+0x181/0x320 [ 179.310879][ T7401] do_one_initcall+0x120/0x6e0 [ 179.316182][ T7401] kernel_init_freeable+0x5c2/0x900 [ 179.321927][ T7401] kernel_init+0x1c/0x2b0 [ 179.326801][ T7401] ret_from_fork+0x5d7/0x6f0 [ 179.331948][ T7401] ret_from_fork_asm+0x1a/0x30 [ 179.337256][ T7401] [ 179.337256][ T7401] -> #0 (&q->elevator_lock){+.+.}-{4:4}: [ 179.345098][ T7401] __lock_acquire+0x126f/0x1c90 [ 179.350488][ T7401] lock_acquire+0x179/0x350 [ 179.355548][ T7401] __mutex_lock+0x199/0xb90 [ 179.360598][ T7401] queue_requests_store+0x1c7/0x310 [ 179.366334][ T7401] queue_attr_store+0x279/0x320 [ 179.371735][ T7401] sysfs_kf_write+0xef/0x150 [ 179.376869][ T7401] kernfs_fop_write_iter+0x351/0x510 [ 179.382697][ T7401] iter_file_splice_write+0x91c/0x1150 [ 179.388708][ T7401] direct_splice_actor+0x18f/0x6c0 [ 179.394361][ T7401] splice_direct_to_actor+0x345/0xa30 [ 179.400280][ T7401] do_splice_direct+0x174/0x240 [ 179.405697][ T7401] do_sendfile+0xb06/0xe50 [ 179.410651][ T7401] __x64_sys_sendfile64+0x1d8/0x220 [ 179.416380][ T7401] do_syscall_64+0xcd/0x490 [ 179.421434][ T7401] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 179.427855][ T7401] [ 179.427855][ T7401] other info that might help us debug this: [ 179.427855][ T7401] [ 179.438087][ T7401] Chain exists of: [ 179.438087][ T7401] &q->elevator_lock --> fs_reclaim --> &q->q_usage_counter(io)#59 [ 179.438087][ T7401] [ 179.451867][ T7401] Possible unsafe locking scenario: [ 179.451867][ T7401] [ 179.459327][ T7401] CPU0 CPU1 [ 179.464695][ T7401] ---- ---- [ 179.470062][ T7401] lock(&q->q_usage_counter(io)#59); [ 179.475463][ T7401] lock(fs_reclaim); [ 179.481979][ T7401] lock(&q->q_usage_counter(io)#59); [ 179.489908][ T7401] lock(&q->elevator_lock); [ 179.494535][ T7401] [ 179.494535][ T7401] *** DEADLOCK *** [ 179.494535][ T7401] [ 179.502686][ T7401] 5 locks held by syz.2.295/7401: [ 179.507740][ T7401] #0: ffff88803155e428 (sb_writers#7){.+.+}-{0:0}, at: splice_direct_to_actor+0x345/0xa30 [ 179.517786][ T7401] #1: ffff88805a2f0088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 [ 179.527560][ T7401] #2: ffff888141bc34b8 (kn->active#128){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 [ 179.537697][ T7401] #3: ffff88802687a7c8 (&q->q_usage_counter(io)#59){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 179.549390][ T7401] #4: ffff88802687a800 (&q->q_usage_counter(queue)#11){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 179.561350][ T7401] [ 179.561350][ T7401] stack backtrace: [ 179.567243][ T7401] CPU: 0 UID: 0 PID: 7401 Comm: syz.2.295 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 179.567271][ T7401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 179.567284][ T7401] Call Trace: [ 179.567291][ T7401] [ 179.567309][ T7401] dump_stack_lvl+0x116/0x1f0 [ 179.567343][ T7401] print_circular_bug+0x275/0x350 [ 179.567374][ T7401] check_noncircular+0x14c/0x170 [ 179.567406][ T7401] __lock_acquire+0x126f/0x1c90 [ 179.567439][ T7401] ? __lock_acquire+0xb8a/0x1c90 [ 179.567470][ T7401] lock_acquire+0x179/0x350 [ 179.567499][ T7401] ? queue_requests_store+0x1c7/0x310 [ 179.567520][ T7401] ? __pfx___might_resched+0x10/0x10 [ 179.567545][ T7401] ? do_raw_spin_lock+0x12c/0x2b0 [ 179.567581][ T7401] __mutex_lock+0x199/0xb90 [ 179.567613][ T7401] ? queue_requests_store+0x1c7/0x310 [ 179.567633][ T7401] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 179.567662][ T7401] ? queue_requests_store+0x1c7/0x310 [ 179.567681][ T7401] ? lockdep_hardirqs_on+0x7c/0x110 [ 179.567713][ T7401] ? __pfx___mutex_lock+0x10/0x10 [ 179.567749][ T7401] ? __pfx_autoremove_wake_function+0x10/0x10 [ 179.567781][ T7401] ? queue_requests_store+0x1c7/0x310 [ 179.567800][ T7401] queue_requests_store+0x1c7/0x310 [ 179.567820][ T7401] ? __pfx_queue_requests_store+0x10/0x10 [ 179.567842][ T7401] ? __mutex_trylock_common+0xe9/0x250 [ 179.567874][ T7401] ? __pfx_queue_requests_store+0x10/0x10 [ 179.567894][ T7401] queue_attr_store+0x279/0x320 [ 179.567929][ T7401] ? __pfx_queue_attr_store+0x10/0x10 [ 179.567962][ T7401] ? __lock_acquire+0x622/0x1c90 [ 179.567998][ T7401] ? find_held_lock+0x2b/0x80 [ 179.568020][ T7401] ? sysfs_file_kobj+0xe4/0x290 [ 179.568055][ T7401] ? __pfx_queue_attr_store+0x10/0x10 [ 179.568089][ T7401] sysfs_kf_write+0xef/0x150 [ 179.568116][ T7401] kernfs_fop_write_iter+0x351/0x510 [ 179.568139][ T7401] ? __pfx_sysfs_kf_write+0x10/0x10 [ 179.568166][ T7401] iter_file_splice_write+0x91c/0x1150 [ 179.568205][ T7401] ? __pfx_iter_file_splice_write+0x10/0x10 [ 179.568237][ T7401] ? __pfx_copy_splice_read+0x10/0x10 [ 179.568272][ T7401] ? __pfx_iter_file_splice_write+0x10/0x10 [ 179.568304][ T7401] direct_splice_actor+0x18f/0x6c0 [ 179.568335][ T7401] splice_direct_to_actor+0x345/0xa30 [ 179.568364][ T7401] ? __pfx_direct_splice_actor+0x10/0x10 [ 179.568395][ T7401] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 179.568428][ T7401] do_splice_direct+0x174/0x240 [ 179.568456][ T7401] ? __pfx_do_splice_direct+0x10/0x10 [ 179.568484][ T7401] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 179.568514][ T7401] ? rw_verify_area+0xcf/0x680 [ 179.568542][ T7401] do_sendfile+0xb06/0xe50 [ 179.568574][ T7401] ? __pfx_do_sendfile+0x10/0x10 [ 179.568606][ T7401] ? __x64_sys_futex+0x1e0/0x4c0 [ 179.568632][ T7401] ? __x64_sys_futex+0x1e9/0x4c0 [ 179.568660][ T7401] __x64_sys_sendfile64+0x1d8/0x220 [ 179.568682][ T7401] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 179.568707][ T7401] do_syscall_64+0xcd/0x490 [ 179.568741][ T7401] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 179.568763][ T7401] RIP: 0033:0x7fa52e98e929 [ 179.568779][ T7401] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 179.568800][ T7401] RSP: 002b:00007fa52f7e8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 179.568820][ T7401] RAX: ffffffffffffffda RBX: 00007fa52ebb5fa0 RCX: 00007fa52e98e929 [ 179.568835][ T7401] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000005 [ 179.568848][ T7401] RBP: 00007fa52ea10b39 R08: 0000000000000000 R09: 0000000000000000 [ 179.568861][ T7401] R10: 0000000000000200 R11: 0000000000000246 R12: 0000000000000000 [ 179.568874][ T7401] R13: 0000000000000000 R14: 00007fa52ebb5fa0 R15: 00007fff9ad06148 [ 179.568894][ T7401]