last executing test programs: 6.01621338s ago: executing program 0 (id=128): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0xffff) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80802, 0x0) r0 = socket(0x2b, 0x1, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x2020009, 0x1000000000000003, 0xeb1, 0xfffffffffffffffa, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) mbind$auto(0x0, 0x7fffffffffffffff, 0x4, 0x0, 0x5, 0xe) mmap$auto(0x0, 0x810004, 0x2000000efb, 0x8000000008011, r1, 0x8000) write$auto(0x3, 0x0, 0xfffffdf0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000012c0)='/sys/devices/virtual/block/ram7/queue/iostats\x00', 0x8502, 0x0) write$auto(r2, &(0x7f0000000100)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3C', 0x4) read$auto_clk_dump_fops_(0xffffffffffffffff, 0x0, 0x0) ioctl$auto_BLKRRPART(r1, 0x125f, 0x0) getpeername$auto(r0, &(0x7f0000000080)=@hci={0x1f, 0xffffffffffffffff}, &(0x7f00000000c0)=0x4) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCR(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB="000829bd7000fddbdf2506000000c30233eab2d2b875de5bae2a4b30e388993cea8751ea958db38885e2392818ff548dd389650dffd7beeef4bfc40c66ad486b04807d4b0f74b0760ad0eaeb0000"], 0x54}, 0x1, 0x0, 0x0, 0x4008800}, 0x4000) close_range$auto(r0, r2, 0x2) openat$auto_fuse_conn_congestion_threshold_ops_control(0xffffffffffffff9c, &(0x7f00000000c0), 0x42000, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x100e42, 0x0) sendmsg$auto_TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="00010000", @ANYRES16=0x0, @ANYBLOB="000326bd7000fcdbdf2503000000790008805b4f2525b2dc3a73ec37e7122e6f0d55382854d419b883b7ed64bd3c7b9fb15273e787030718751e0a22cc6cabcae114aa6448d0356183e1ca7c01536c5c6f37915b26a3e75515ab02807fe932b8a415a581dcdc7800f91e231c001d800400d3800c002000f3000000002b3c0c7e9b52ba"], 0x100}, 0x1, 0x0, 0x0, 0x8000}, 0x42) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x15) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYBLOB="a6a0257c8e9c3f31adf147f6bfdd433aaa065e4a7751a9f472dbd44022172bf4f3eadb090eaaa745dd14d0e0990a7c394a52bd8deb74102ec79eddba48d916be2d86ad403852080e0b12443c849fa7444539acb46bf9cfd3b9b797b084e302b6d444101e0f602153b85fefbda840a6af0b97614247f82a7d3c759dd078ba"], 0x1ac}, 0x1, 0x0, 0x0, 0x22004841}, 0x4044095) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/kernel/domainname\x00', 0x88042, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000300)='/dev/v4l-subdev0\x00', 0x200000, 0x0) madvise$auto(0x0, 0xf663, 0x15) socket$nl_generic(0x10, 0x3, 0x10) 4.753501522s ago: executing program 3 (id=134): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$auto_tap_fops_tap(0xffffffffffffff9c, 0x0, 0x1, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) sendmsg$auto_BATADV_CMD_SET_MESH(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)=ANY=[@ANYBLOB='8\x00\x00X', @ANYRES16=0x0, @ANYBLOB="000127bd7000fddbdf250f00000008003b0008000000060022000100000005001900ff0000000a0010006c8087e5cdf20000"], 0x38}, 0x1, 0x0, 0x0, 0x40}, 0x40000) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'veth0_to_bond\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_MM_GET(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="316b623900001f689080ab643200000000", @ANYRES16=0x0, @ANYBLOB, @ANYRES32=r1, @ANYBLOB], 0x34}, 0x1, 0x0, 0x0, 0x8000}, 0x4008800) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x40001, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) ioctl$auto_TUNSETGROUP(r2, 0x400454ce, &(0x7f00000002c0)) mmap$auto(0x0, 0x2, 0xdf, 0x33, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x9) socket(0x2b, 0x80802, 0x200000) socket(0x2b, 0x1, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) mlock$auto(0x112, 0x80006) mlockall$auto(0x800000000000005) madvise$auto(0x0, 0x1ea6, 0x6) r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/fail-nth\x00', 0x646002, 0x0) write$auto(r4, 0x0, 0x81) socket$nl_generic(0x10, 0x3, 0x1f) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0xffffffffffffffff, r2, 0xff) socket(0x80000000000000a, 0x2, 0x0) r5 = socket(0xa, 0x801, 0x84) bind$auto(0x3, &(0x7f0000000040)=@phonet={0x23, 0x55, 0x80, 0x6}, 0x401) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x11}}, 0x54) getsockopt$auto(r5, 0x6, 0x82, 0x0, &(0x7f0000000280)=0xb) 3.859547273s ago: executing program 0 (id=136): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x40380, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) settimeofday$auto(0x0, &(0x7f00000003c0)={0x3, 0x80000001}) openat$auto_proc_sessionid_operations_base(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/sessionid\x00', 0x40c1, 0x0) r0 = setfsgid$auto(0xee00) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x3000, 0x6, 0x7, 0xa, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c48, 0x29b, 0x8, 0x7f, 0x101, 0x6, 0x3}, {0x100, 0x1, 0x52, 0x5, 0x2, 0x1a7b870a, 0x76c5, 0x8, 0x100000000}}) select$auto(0xe, 0x0, 0x0, &(0x7f0000000200)={[0xffffffffffffff7d, 0x2a7fc689, 0x5, 0x1823, 0x800000000004, 0x1, 0x5, 0x19, 0x10, 0x5, 0x2dde, 0x4, 0xfffffffffffffffa, 0xab, 0x0, 0x1]}, &(0x7f0000000040)={0xfffffffffffffffd, 0x7}) fchown$auto(0xffffffffffffffff, 0xee00, r0) fsconfig$auto(0xffffffffffffffff, 0x6, 0x0, 0x0, r0) getpgid$auto(0xffffffffffffffff) getpgrp(0x0) mmap$auto(0x0, 0x9, 0xc00000072, 0x8b72, 0x1000000002, 0x8000) r1 = io_uring_setup$auto(0x86, 0x0) close_range$auto(0x2, 0x8000, 0x0) socket(0x2, 0x1, 0x0) ioctl$auto_dma_heap_fops_dma_heap(r1, 0x7, &(0x7f0000000280)="4abd73dda97cab95198e9ec2529bf0650709ff656a0f9ad04fd08692fdc201690d5c1c58a402862b4a6bffd47fe7e795a26d420c8e898b91889c6314b64ec0c8ca43dfe3cce43e8f6d564a8baebdbbbf5b4c1c97d8dad1ed7e9f05b9c05b62f0c7ef3edb9305b7ef52f422471902fd19388ceaf0d7a0f22144e29f338b98f3b1ae4699de5c0fec6b8780fef816bcb69675463d3d6f5b6f4a334cad725a201c5ac660862de3990f2709693860fbaee093c2c5deff616fdc48106cde5ee60f1f44c57e3455") socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) write$auto_ftrace_set_event_pid_fops_trace_events(r1, &(0x7f0000000040)="70a53433aa0c4380d66b4598bc1d81a94a2dec", 0x13) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r3) ioctl$auto_KVM_CREATE_VM(r2, 0x4080aebf, 0x0) r4 = openat$auto_ftrace_set_event_notrace_pid_fops_trace_events(0xffffffffffffff9c, 0x0, 0x204282, 0x0) setsockopt$auto_SO_DEVMEM_DONTNEED(r4, 0xdb, 0x50, 0x0, 0x9) clock_nanosleep$auto(0x400000, 0x1, 0x0, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0xe6e43, 0x0) 3.637981052s ago: executing program 1 (id=137): r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0xfffffffffffffffe, 0x40009, 0xdf, 0x9b71, r0, 0x28000) r1 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r1, 0x107, 0x12, 0x0, 0x8) setsockopt$auto(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x8) futex$auto(0x0, 0x8c, 0x1, 0x0, 0x0, 0x1) ioctl$auto_TIOCSPGRP(r0, 0x5410, &(0x7f0000000100)="6c335d8404874e11dbb5fc0239e09727d8a454071ae7d53d5c910912485f39da5cac744016c57c10aeb8839f75f5c996aa466dd07bbb67cf8aa8a8c9355b0173b2be9cb34d39d5a2c3ea441739a4b66a4810355153b0709cc89ac8bd8514bee84a5229480c71fadff47e2e4432d53f40d6") writev$auto(0xca, 0x0, 0x7e) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x1c1800, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) recvmmsg$auto(0x3, 0x0, 0x10000, 0x7000000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffff7, 0x8000) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) bpf$auto(0x5, &(0x7f0000000300)=@bpf_attr_3={0x9, 0x3a3, 0xf, 0x66, 0x400, 0x0, 0xffffffffffffffff, 0x80000000, 0x60, "38c1d5cbcb9f6b5e511f0cd8ed068f65", 0x0, 0x113e33f2, 0xffffffffffffffff, 0xe4, 0x6, 0x5, 0x8, 0x0, 0x0, 0xffffffff, @attach_prog_fd, 0x6, 0x6, 0x1cc, 0x4, 0xfffffffe}, 0x47) fsconfig$auto_EROFS_MOUNT_DAX_NEVER(r0, 0x4, 0x0, &(0x7f0000000340), 0x80) setsockopt$auto(0xffffffffffffffff, 0x1, 0x7, 0x0, 0xe388) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) syz_genetlink_get_family_id$auto_batadv(&(0x7f00000001c0), r0) sendmsg$auto_BATADV_CMD_GET_TRANSTABLE_GLOBAL(r1, 0x0, 0x10) socket(0x10, 0x2, 0x0) syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000000c0), 0xffffffffffffffff) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x5f53020000000000, 0x9}, 0x7}, 0x3, 0x0) 3.569540172s ago: executing program 3 (id=138): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, 0x0, 0x8040) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x80802, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, 0x0, 0x55) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x5ac, 0x0, 0x106, 0x0, 0x1, 0x697b}, 0xed7138c}, 0x9a6, 0xe000) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x30}, 0x1, 0x0, 0x34}, 0x20000800) 3.363463511s ago: executing program 3 (id=139): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) (async) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) (async) r0 = socket(0xa, 0x5, 0x84) (async, rerun: 32) r1 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) (rerun: 32) execveat$auto(r1, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) bpf$auto(0xfffffffd, &(0x7f0000000000)=@bpf_attr_5={@target_fd=0xffffffffffffffff, 0xffffffffffffffff, 0x1d30, 0x6, 0xffffffffffffffff, @relative_id=0x2, 0x7}, 0xa3) pread64$auto(r2, &(0x7f00000000c0)='/dev/dsp\x00', 0x8, 0xfffffffffffffe01) r4 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card0\x00', 0x0, 0x0) ioctl$auto(r4, 0x9000643c, 0xc35) (async) sendto$auto(r0, 0x0, 0x401, 0xffff, &(0x7f0000000000)=@llc={0x1a, 0x20, 0xf8, 0x9, 0x4, 0xf4}, 0x1c) madvise$auto(0x0, 0xffffffffffff0001, 0x15) (async) r5 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x0, 0x0) ioctl$auto_SOUND_MIXER_WRITE_RECSRC2(r5, 0xc0044dff, 0x0) (async) setsockopt$auto_SO_BSDCOMPAT(0xffffffffffffffff, 0x5, 0xe, &(0x7f0000000000)='+D^-$([:&\'\x00', 0x7fffffff) (async) close_range$auto(0x0, 0xfffffffffffff000, 0x2) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) ioctl$auto_SG_GET_RESERVED_SIZE(0xffffffffffffffff, 0x2272, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) ioctl$auto_SNDCTL_DSP_GETBLKSIZE(r1, 0xc0045004, &(0x7f00000001c0)="e089f9cbc5306c7707f304d4dd1333f26a9eba6a35f2ca9b952d30d46f18fcc9bddf8a2683fc6806d0a48d86fe8f742df515d2e464863cbc2eae23a966bd051a18c877b28de875aa167c38a4be30f4b68fa49b0531449e22b5914220309e1cc7e0376a9b9a44df65b3b83bdfe9606ddc958e099be41a4f109092c52f2c027acb5007f8beaa835d851231ad76c27afac9d4732234a77c3f7bed2ec87e9e84e51036743c37dd") socket(0xa, 0x2, 0x73) (async, rerun: 32) sendto$auto(0x4, 0x0, 0x3f000000, 0x10000, &(0x7f0000000140)=@in={0x23, 0x4e33}, 0x80) (async, rerun: 32) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x11, 0x80003, 0x0) r6 = openat$auto_wakeup_sources_stats_fops_wakeup(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$auto_VHOST_SET_LOG_FD(r3, 0x4004af07, &(0x7f0000000180)=r6) 2.965456181s ago: executing program 0 (id=140): r0 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card0\x00', 0x20100, 0x0) ioctl$auto(r0, 0x64c5, r0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec18\x00', 0x900, 0x0) ioctl$auto_CEC_DQEVENT(r1, 0xc0506107, &(0x7f0000000280)={0x4, 0x80003, 0xa, @state_change={0x200, 0x9, 0x3}}) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80502, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r2, 0xc0045002, &(0x7f0000000180)="adfde4867180163e6cbef783718e40a50bc2f7e69b8fcc92bde08fc48cf64e8a54d2486a00bc52a6dee1bf860ec85c352ddf0e25b52152fec6e95de340692229418d661df4854346c11ef0f3464e7ecec51b42fe75356fe54aead9ddc7a34d352672eb46ae90194d4777c466561c8bcb982a00593e28e90361f5ba9dc7790909c9e30defba391ddffc7ecb9103471508369c8ec4bdbf2817748a6bf1fc520bfa20b857715ff1a92836983bf5ea") openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC1\x00', 0x20402, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x0, 0x9, 0xeb1, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socketpair$auto(0x4, 0x2, 0x10, &(0x7f0000000040)=0x7) r4 = socket(0xa, 0x80000, 0x4) ioctl$auto(r2, 0x8e06, r4) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x6, 0x1, 0x948b, 0x3, 0x1, 0x572f14dc, 0x80000000, 0x80000000, 0x0, 0x7, 0x6d3c, 0x7, 0x2, 0x1]}, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1fe, 0x3, 0xd, 0x1, 0x948b, 0x0, 0x15f4da0a, 0x41000000003, 0x9, 0x62, 0x8000001b, 0x7, 0x6d3e, 0x9, 0x2, 0x200]}, 0x0) madvise$auto(0x700000000000000, 0xffffffffffff0001, 0x15) capset$auto(0x0, &(0x7f0000000000)={0xb213, 0x101, 0x6}) socket(0x27, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) 2.535553096s ago: executing program 1 (id=142): pwrite64$auto(0xc8, &(0x7f0000000000)='\vX\xb5o\x91p\xe6\x1eRN8\x99\x00\b\xaa\x1c?\x00\x00\x00c\x14\xaf\r\x94\x1a\xd3\xd3\x1d\xf8\xbebR\xddL\'\x03\xf1`\x9f5\xf9\xa4\xf8\x15\xdd\xac\x00\x00\x00\x00\x00@\"\x01\x0e\xa4\xdf\xdav\x1cC\xff\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\x9d*\xd1\x14^\xbe\xa2\x00\x00\x00\x01\x00\x00\x00\x00\x00\xe8\xff\x00\x00\x00\x00\x00', 0xfdef, 0x500000000000) 2.477884976s ago: executing program 2 (id=143): r0 = getpid() getpgrp(r0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x5000bcf, 0x0) r1 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) read$auto_mISDN_fops_timerdev(r1, &(0x7f0000001a00)=""/4097, 0x1001) ioctl$auto_IMADDTIMER(r1, 0x80044940, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x2) setsockopt$auto(0x3, 0x0, 0xc8, 0xfffffffffffffffc, 0x3) socket(0xa, 0x3, 0x6) socket(0x10, 0x2, 0x0) r2 = socket(0x2a, 0x2, 0x1) connect$auto(r2, &(0x7f00000000c0)=@qipcrtr={0x2a, 0xffffffff, 0x4001}, 0x55) write$auto(0x3, 0x0, 0x3f00) mmap$auto(0x401, 0xa00003, 0x8, 0xce78, 0x602, 0x301000020000) socket(0x2, 0x1, 0x106) ioctl$auto(0x3, 0x8915, 0x38) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x7, 0x202000c, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) acct$auto(&(0x7f0000000100)='./cgroup/cgroup.subtree_control\x00') madvise$auto(0x0, 0x7fffffffffffffff, 0xa) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) acct$auto(0x0) mmap$auto(0x0, 0xa00006, 0x400002, 0x40eb1, 0x602, 0x300000000000) madvise$auto(0x0, 0xffffffffffff0006, 0x17) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) 2.353183279s ago: executing program 3 (id=144): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), r0) sendmsg$auto_NL80211_CMD_GET_WIPHY(r0, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000140)=ANY=[@ANYBLOB="18000000", @ANYRES16=r1, @ANYBLOB="810b25bd7080fbdbdf25010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x20000000}, 0xc004) recvmmsg$auto(r0, &(0x7f0000000180)={{0x0, 0x5, 0x0, 0x0, 0x0, 0x2, 0x6}, 0x803}, 0x10a, 0x6, 0x0) 2.303354861s ago: executing program 1 (id=145): openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000140), 0x2002, 0x0) (async, rerun: 64) socket(0x29, 0x2, 0x0) (async, rerun: 64) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x2002, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) select$auto(0x8, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x2, 0x948b, 0x3, 0x15f4da0a, 0x1, 0x3, 0x5, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffa]}, 0x0) (async) write$auto(r0, &(0x7f0000000400)='\x00\x00\x00\x00', 0x100000a3d9) (async) r2 = getpid() mremap$auto(0x0, 0x4000007, 0x3fd7, 0x0, 0x20000020000000) (async, rerun: 64) process_vm_readv$auto(r2, &(0x7f0000000000)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={&(0x7f0000000140), 0x40000000001243}, 0xa, 0x0) (async, rerun: 64) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/pci/00/01.3\x00', 0x100, 0x0) lseek$auto(0x3, 0x8, 0x1) ioctl$auto(0x3, 0x400454ca, 0x38) select$auto(0xd, 0x0, 0x0, &(0x7f0000000200)={[0x8001ff, 0x1000007, 0xd, 0x8fd6, 0x948d, 0x3, 0x80, 0x3, 0x6, 0x8000000000000001, 0x7, 0x100000000000007, 0xd, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) r3 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/config/nullb/features\x00', 0x80280, 0x0) (async) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) (async) ioctl$auto_EVIOCSCLOCKID(r1, 0x400445a0, &(0x7f0000000080)=0x81) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x0, 0x5, 0x0) r4 = pipe$auto(0x0) pipe$auto(0x0) (async) tee$auto(0x2000000000000, 0x3, 0x402, 0xd) (async, rerun: 64) r5 = socket(0x28, 0x80003, 0x300) (rerun: 64) sendfile$auto(0x1, r5, 0x0, 0x8fb5) madvise$auto(0x0, 0x2000000080000001, 0x3) (async) madvise$auto(0x0, 0xfffffffffffefffe, 0x15) close_range$auto(0x2, 0x8, 0x0) read$auto(r3, 0x0, 0x10) sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_TRIP(r4, &(0x7f00000003c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfd, {}, [@THERMAL_GENL_ATTR_TZ_ID={0x8, 0x2, 0x7}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4c001}, 0x0) (async) write$auto(0x3, 0x0, 0xffd8) 1.706836008s ago: executing program 1 (id=146): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), r0) sendmsg$auto_NL80211_CMD_GET_WIPHY(r0, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000140)=ANY=[@ANYBLOB="18000000", @ANYRES16=r1, @ANYBLOB="810b25bd7080fbdbdf25010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x20000000}, 0xc004) recvmmsg$auto(r0, &(0x7f0000000180)={{0x0, 0x5, 0x0, 0x0, 0x0, 0x2, 0x6}, 0x803}, 0x10a, 0x6, 0x0) (fail_nth: 1) 1.624282045s ago: executing program 3 (id=147): r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) mmap$auto(0x0, 0x2020009, 0x8000000000000003, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), 0xffffffffffffffff) (async) mmap$auto(0x2, 0xaa06, 0xdf, 0xeb1, 0xffffffffffffffff, 0x2) (async) mmap$auto(0x91, 0x810004, 0xfff, 0x1fd, 0xffffffffffffffff, 0x2) madvise$auto(0x0, 0xffffffffffff0001, 0x15) (async) close_range$auto(0x2, 0x8, 0x0) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto_dma_heap_fops_dma_heap(0xffffffffffffffff, 0xffffffffffdffe00, &(0x7f0000000140)=';') (async) openat$auto_ecryptfs_miscdev_fops_miscdev(0xffffffffffffff9c, &(0x7f0000000040), 0x230200, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, 0x0, 0x42c883, 0x0) (async) r1 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x40400, 0x0) ioctl$auto_posix_clock_file_operations_posix_clock(r1, 0xc4c03d12, 0x0) (async) symlink$auto(&(0x7f0000000140)='./file0/file0\x00', &(0x7f0000001200)='./file0\x00') chmod$auto(&(0x7f0000000080)='./file0/file0\x00', 0x4) (async) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, r0, 0x28000) (async) msync$auto(0x1ffff000, 0x180000000000dff, 0x400000004) msgrcv$auto(0x0, 0x0, 0x3, 0x1, 0xf1) (async) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r3 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) mmap$auto(0x0, 0x2020005, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) prctl$auto(0x1000000003b, 0x7, 0x0, 0x5, 0x7) (async) r4 = mq_open$auto(&(0x7f0000000180)='\\*)A\x00\x98\x8cCFFu\xb4\xec4\x00\v\xd8\xe6\xc1,\x02r\x81$N\x85\x0f\xe8b#7\xaf\x9b>[\xcdj\xe12B8\xee\xbf\x1cr\xde\xe5AJ\xfbB\x17=\xc8\xee}Q\x90\x86op\xd4\xb3\x99\x88\x90W\xd6\x12\x99\xd2\x97\xd7\xc5\x9aJ\xe86\xc4\xcdO\x82alh|v\xc3MKV\x9f\xa1\x7f\x1f$A\x80\xa7\xe1\x86%\x06\xec\xffr\xd8*\xfc\xe8\x9d\x11\xabu_\xae\xd7)\xf7\x80Zh\x86wo{\x96\xb9L\xb9\x87\xc7*?\xe9\xbc7\xcc', 0x7e, 0x9, 0x0) mq_notify$auto(r4, 0x0) (async) r5 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r3, 0x5609, r5) 1.490452018s ago: executing program 0 (id=148): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/pm_trace\x00', 0x80302, 0x0) write$auto(r0, &(0x7f0000000000)='/sys/power/pm_trace\x00', 0x4) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) mmap$auto(0x80000000, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fb0\x00', 0x2, 0x0) r1 = openat$auto_ipsec_dbg_fops_ipsec(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim6/ports/0/ipsec\x00', 0x80, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) socket(0x10, 0x2, 0xc) getitimer$auto_ITIMER_VIRTUAL(0x1, 0x0) socket(0x10, 0x2, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0x1, 0xb9, 0x200, 0x4, 0x4, r1, 0xa, "2af051b26b658a20d8dc6b36c83ce63f", 0x0, 0xffffffffffffffff, 0x800005, 0x20008, 0x87, 0x6}, 0x10) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r2, 0x0, 0x20) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x182, 0x0) writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/stat/rt_cache\x00', 0x20000, 0x0) r4 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x8000, 0x0) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) clone$auto(0x0, 0x4, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x9) ioctl$auto_SNDCTL_DSP_SPEED(r4, 0xc0045002, 0x0) (fail_nth: 33) read$auto(r4, 0x0, 0xcefbce6) r5 = socket(0x2b, 0x1, 0x1) setsockopt$auto(r5, 0x29, 0x20, 0x0, 0x23) socket(0xa, 0x2, 0x0) connect$auto(0x3, 0x0, 0x55) 1.169396127s ago: executing program 2 (id=149): openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000001080)='/proc/sys/kernel/random/boot_id\x00', 0x0, 0x0) getegid() mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x6) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) getxattrat$auto(0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0, 0xb91) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f00000000c0), 0x189002, 0x0) fanotify_init$auto(0x5, 0x0) unshare$auto(0x40000080) write$auto(0x3, 0x0, 0xffd8) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) socketpair$auto(0x1e, 0x3, 0xfffffffe, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x10002, 0x0, 0x1, 0x0, 0xb00000000000000, 0x3}, 0x7}, 0x3, 0xcad7) 1.087381367s ago: executing program 1 (id=150): r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec18\x00', 0x900, 0x0) ioctl$auto_CEC_S_MODE(r0, 0x40046109, &(0x7f0000002c40)=0xd0) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f0000000400)={"f8ab071a", 0x5, 0x4, 0x3, 0x81, 0xaf06, "c27dd21e130257a235608f35b9ff46", "72d15067", "b8919662", "17aba429", ["74ea2a52b5d44affc0a38054", "f97aba2b29705640cf05bf58", "cf66ac3036b01605f0aad490", "e6c21d2bda70d054d9ad103c"]}) socket(0xa, 0x801, 0x84) futex$auto(&(0x7f0000000000)=0x5, 0x2, 0x7, &(0x7f00000000c0)={0x5, 0x3}, &(0x7f0000000100)=0x81, 0x401) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) clock_gettime$auto(0x1, 0x0) setrlimit$auto(0x1000000007, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) setsockopt$auto(0x3, 0x10000000084, 0x83, 0x0, 0x8) 858.025063ms ago: executing program 1 (id=151): openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/kernel/cad_pid\x00', 0x242, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) read$auto(0x3, 0x0, 0x7) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mknod$auto(&(0x7f00000003c0)=':,\x00\xbd\x80\xd6\x002\xb37\xff\x1a\x9e99\xda\xd1v\'\xc6\xd2Fw;\x00v\xdce\xad\xf4\xdb\xc7\x946\xe4\f\x9el]L+\x06\x130V\x1b,d\x8f\xa0\xabDUdk\xac\x82\\tyQ\xd8j\a\x1a[\xdb\x96\x1f{2\x04\xc5Y\xc1@\x0e\xeeWZ\x94N\xd4\xc8q=\x9b\xd1\x7fR3\xb6`\x00\xb3\xe5|1\xba\r\x85\x89\xfe\xed\xe1\xad`\x92\xc7\x9c\xd7\xd8\x15\t&\xb7\xfc\x82\xc4\xd3J\xae\x810\x19\x14\t\xc2\xa5V\xaa\x8d\x04\xf5\xf3\xd6\xd1\xe9k\xaf\x1a\xc6u\x96\xf7\xaa\x84\x92\x995m\xf9O\xc0\x1e\xa05\xdb\xa5\xae\r\x06\xe6\xc3\xd0\xf8:\xf7\xc5u\x91\xf8\x91\xee\xd8y\xb8\xc1)\xad\x05\xeb\xe9\xab\r\x9a@\aa(\x1a\xa4\xc1\xcf\\\xf0\xc3~\xbbd\x94\x9c\x02\xd4\xfc\xd2`\xd9\x83{-\x81zY\\\xac!#\xea\xba\x86)\xe9\xbc\x82\xf6\xd2\x7f\xdb\xa1\xd5\x89|\xa0O\xfcqZ\x85@A\x90\"\x11L\xdd\xa5\x9f\xf5', 0x20e9, 0x103) open(&(0x7f0000000000)=':,\x00\xbd\x80\xd6\x002\xb37\xff\x1a\x9e99\xda\xd1v\'\xc6\xd2Fw;\x00v\xdce\xad\xf4\xdb\xc7\x946\xe4\f\x9el]L+\x06\x130V\x1b,d\x8f\xa0\xabDUdk\xac\x82\\tyQ\xd8j\a\x1a[\xdb\x96\x1f{2\x04\xc5Y\xc1@\x0e\xeeWZ\x94N\xd4\xc8q=\x9b\xd1\x7fR3\xb6`\x00\xb3\xe5|1\xba\r\x85\x89\xfe\xed\xe1\xad`\x92\xc7\x9c\xd7\xd8\x15\t&\xb7\xfc\x82\xc4\xd3J\xae\x810\x19\x14\t\xc2\xa5V\xaa\x8d\x04\xf5\xf3\xd6\xd1\xe9k\xaf\x1a\xc6u\x96\xf7\xaa\x84\x92\x995m\xf9O\xc0\x1e\xa05\xdb\xa5\xae\r\x06\xe6\xc3\xd0\xf8:\xf7\xc5u\x91\xf8\x91\xee\xd8y\xb8\xc1)\xad\x05\xeb\xe9\xab\r\x9a@\aa(\x1a\xa4\xc1\xcf\\\xf0\xc3~\xbbd\x94\x9c\x02\xd4\xfc\xd2`\xd9\x83{-\x81zY\\\xac!#\xea\xba\x86)\xe9\xbc\x82\xf6\xd2\x7f\xdb\xa1\xd5\x89|\xa0O\xfcqZ\x85@A\x90\"\x11L\xdd\xa5\x9f\xf5\x00', 0x8000, 0x50) lseek$auto(0x3, 0x7ffffffffffffffd, 0x0) mmap$auto(0x3, 0x400004, 0xe1, 0x9b72, 0x2, 0x100005) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000b80), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_WOWLAN(r0, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000000)={0x30, r1, 0x1, 0x70bd2b, 0x25dfdbfe, {}, [@NL80211_ATTR_HE_CAPABILITY={0x19, 0x10d, "9bfcc642fb8222e81879d39dc6fd94f765ecdeabfd"}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x0) sysfs$auto(0x2, 0x44, 0x0) r2 = fsopen$auto(0x0, 0x1) socketpair$auto(0xf, 0x1, 0xd, &(0x7f0000000000)=0x4) fsconfig$auto_SHMEM_HUGE_NEVER(r2, 0x3, &(0x7f0000000900)=';\xcd+XB\xf5f\xbe\xd3\xf9\xf0]C\xf7\xda\xd6\xad\xa5\t\xf5\xc0\xa3;,O[_\xfe\f\xaaV!G\x90\xc9&WV\xa9\xcaW\x88\x90b\x82S\xe0\xa8r3f\x15\xa6\x8cu\x8f\xde3\xbc\xe0\x95\xa8\rg\x04\x1bBs\xa30\x92\xa2\x99\x1cY\xdch\xbd-\x11Fc\xc4\x8b7\x87Q4\xbfJ\f\xd6\x95\xa7\xed\xbf\xd8u\x12\n:\xe3^\x99\xa9\xea\xa8g\xc48\x9fIl`\x88\xe2\xc7X\xf7\xdf\x85x\xa9\x93\b\xec\xa7\x1ebm\x8d\xb4\xe7\xd6V\xda\x1ax@\x81\xbb', &(0x7f0000001680)="df", 0xffffff9c) 672.494205ms ago: executing program 2 (id=152): mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) socket(0x10, 0x2, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0002000000000000000000008869e71e0000", @ANYRES32=0x0, @ANYBLOB="060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a000500aaaaaaaaaabb00000a00010000000000000000000a000100bbbbbbbbbbbb0000060006000f00000008000400010000880800030004"], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x6004000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) openat$auto_evm_key_ops_evm_secfs(0xffffffffffffff9c, &(0x7f0000000000), 0x600601, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0xffffffffffffffe4, 0x9}, 0x7}, 0x3, 0x0) 547.341727ms ago: executing program 3 (id=153): r0 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x80040, 0x40, 0xe}, 0x18) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x200000008000) memfd_create$auto(0x0, 0x9) write$auto(0x3, 0x0, 0xfffffdef) fallocate$auto(0x3, 0x0, 0xe, 0x8ec8) openat$auto_proc_sessionid_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/sessionid\x00', 0x0, 0x0) exit$auto(0x7) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x5) socket(0xa, 0x801, 0x84) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) setsockopt$auto(0x3, 0x10000000084, 0x10, 0x0, 0xc) fremovexattr$auto(r0, &(0x7f0000000000)='system.posix_acl_access\x00') r1 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_ecryptfs_miscdev_fops_miscdev(0xffffffffffffff9c, &(0x7f0000000080), 0x8000, 0x0) r2 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$auto_NETDEV_CMD_PAGE_POOL_GET(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="20b3015742000000a328fccf016dda93def1cc1f48c6791006024c1ef4b288b2b4b7a8685d39c1768e3a87ab91e7d780ad75d503b1c1196e2d7b9bc3b10272ac421b36a5a8de9dfa7fbaefdfc7d7f33b1e0529aef9223372799a444663d35ad2a5db676db08c5fd5bc9f44c461f6aedd6eabe47b197706c7a0bba64e24a58b6bac0696dbaabe668148d45827819dc7051a437f8909beab5703242464214005d4e06659bedca31ea8b389ba62ed9d6886683541a3e3c932b04f250f7f062ac1f326e864e1170fab01e02f86c177468ed40cefde7e61366b17b1ecaa0827b65340aa1afc4be8daf25e", @ANYRES16=r2, @ANYBLOB="010028bd7000ffdbdf25050000000c0001000400000000000000"], 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0xd0) 434.720581ms ago: executing program 2 (id=154): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x14fa02, 0x0) mmap$auto(0x80000000000000, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) 283.639092ms ago: executing program 0 (id=155): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_TSINFO_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r1, 0x936355e497c8b7e3, 0x70bd25, 0x25dfdbfd}, 0x14}, 0x1, 0x100000000000000, 0x0, 0x10}, 0x48000) 159.39667ms ago: executing program 2 (id=156): write$auto(0xffffffffffffffff, &(0x7f0000000180)='/:$]\x00', 0x0) r0 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0) ioctl$auto_FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000080)) kexec_load$auto(0x9, 0x0, 0x0, 0x1003e0000) close_range$auto(0x2, 0x8, 0x0) madvise$auto(0x0, 0x2000040080000004, 0xe) socket(0xf, 0x3, 0x2) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x9, 0x6, 0x63, 0x0, 0x0, 0x0, 0x8, 0x200, 0x2, 0x40000402, 0x9, 0x9, 0x2, 0xd, 0x6, 0x200000100103}) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0f"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) r1 = socket(0x10, 0x2, 0x6) socket(0xf, 0x3, 0x2) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_OVS_VPORT_CMD_NEW(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000080)={0x34, r3, 0x1, 0x70bd2b, 0x25dfdbfd, {}, [@OVS_VPORT_ATTR_UPCALL_STATS={0x4}, @OVS_VPORT_ATTR_TYPE={0x8, 0x2, 0xe00}, @OVS_VPORT_ATTR_NAME={0x8, 0x3, '})[\x00'}, @OVS_VPORT_ATTR_UPCALL_PID={0x4}, @OVS_VPORT_ATTR_PORT_NO={0x8, 0x1, 0x7}]}, 0x34}, 0x1, 0x9e, 0x0, 0x4000}, 0x80) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}, 0x1, 0x0, 0x0, 0x2000c000}, 0x4004) 119.458692ms ago: executing program 0 (id=157): r0 = getpid() getpgrp(r0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x5000bcf, 0x0) r1 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) read$auto_mISDN_fops_timerdev(r1, &(0x7f0000001a00)=""/4097, 0x1001) ioctl$auto_IMADDTIMER(r1, 0x80044940, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x2) setsockopt$auto(0x3, 0x0, 0xc8, 0xfffffffffffffffc, 0x3) socket(0xa, 0x3, 0x6) socket(0x10, 0x2, 0x0) r2 = socket(0x2a, 0x2, 0x1) connect$auto(r2, &(0x7f00000000c0)=@qipcrtr={0x2a, 0xffffffff, 0x4001}, 0x55) write$auto(0x3, 0x0, 0x3f00) mmap$auto(0x401, 0xa00003, 0x8, 0xce78, 0x602, 0x301000020000) socket(0x2, 0x1, 0x106) ioctl$auto(0x3, 0x8915, 0x38) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x7, 0x202000c, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) acct$auto(&(0x7f0000000100)='./cgroup/cgroup.subtree_control\x00') madvise$auto(0x0, 0x7fffffffffffffff, 0xa) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) acct$auto(0x0) mmap$auto(0x0, 0xa00006, 0x400002, 0x40eb1, 0x602, 0x300000000000) madvise$auto(0x0, 0xffffffffffff0006, 0x17) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) 0s ago: executing program 2 (id=158): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x5, 0x0) close_range$auto(0x2, 0x8, 0x0) sysfs$auto(0x0, 0x5d77, 0x2) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptye9\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) open(0x0, 0x22240, 0x155) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/block/loop13/queue/wbt_lat_usec\x00', 0xa801, 0x0) write$auto(r1, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) r2 = socket(0x2, 0x80802, 0x0) r3 = open(&(0x7f0000000100)='./cgroup\x00', 0x50800, 0x412) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket(0xa, 0x2, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0x1d, 0x3000, 0x6, 0x7, 0x400a, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c48, 0x29b, 0x3, 0x7f, 0x0, 0x6}, {0x100, 0x1, 0x52, 0x85, 0x2, 0x1a7b870a, 0x76c5, 0x8, 0x100000000}}) io_uring_setup$auto(0x6, 0x0) poll$auto(&(0x7f0000000040)={0x3, 0x1, 0x5}, 0x5, 0x80000000) close_range$auto(0x2, 0x8000, 0x0) getdents$auto(r3, 0x0, 0xde) setsockopt$auto(r2, 0x0, 0x20, 0x0, 0x20000b) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_TSINFO_GET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r5, 0x936355e497c8b7e3, 0x70bd25, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x48000) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.172' (ED25519) to the list of known hosts. [ 89.032430][ T5834] cgroup: Unknown subsys name 'net' [ 89.186475][ T5834] cgroup: Unknown subsys name 'cpuset' [ 89.196290][ T5834] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 91.194114][ T5834] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 93.395865][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 93.404863][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 93.414169][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 93.423180][ T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 93.432023][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 93.440313][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 93.490069][ T5852] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 93.498523][ T5852] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 93.506423][ T5852] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 93.514879][ T5852] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 93.522916][ T5852] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 93.529443][ T5167] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 93.538471][ T5167] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 93.561665][ T5846] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 93.570038][ T5846] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 93.658309][ T5850] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 93.667025][ T5850] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 93.675322][ T5850] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 93.684334][ T5850] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 93.692533][ T5850] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 94.172263][ T5843] chnl_net:caif_netlink_parms(): no params data found [ 94.290617][ T5847] chnl_net:caif_netlink_parms(): no params data found [ 94.371608][ T5851] chnl_net:caif_netlink_parms(): no params data found [ 94.454768][ T5843] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.462424][ T5843] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.469856][ T5843] bridge_slave_0: entered allmulticast mode [ 94.477738][ T5843] bridge_slave_0: entered promiscuous mode [ 94.485850][ T5858] chnl_net:caif_netlink_parms(): no params data found [ 94.535133][ T5843] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.542417][ T5843] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.550406][ T5843] bridge_slave_1: entered allmulticast mode [ 94.558905][ T5843] bridge_slave_1: entered promiscuous mode [ 94.578526][ T5847] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.586113][ T5847] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.593486][ T5847] bridge_slave_0: entered allmulticast mode [ 94.600601][ T5847] bridge_slave_0: entered promiscuous mode [ 94.655067][ T5843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.665049][ T5847] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.672306][ T5847] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.680181][ T5847] bridge_slave_1: entered allmulticast mode [ 94.687420][ T5847] bridge_slave_1: entered promiscuous mode [ 94.731211][ T5843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 94.810323][ T5851] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.817758][ T5851] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.825554][ T5851] bridge_slave_0: entered allmulticast mode [ 94.833137][ T5851] bridge_slave_0: entered promiscuous mode [ 94.857237][ T5847] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.870596][ T5847] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 94.891770][ T5851] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.899232][ T5851] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.906912][ T5851] bridge_slave_1: entered allmulticast mode [ 94.915049][ T5851] bridge_slave_1: entered promiscuous mode [ 94.924879][ T5843] team0: Port device team_slave_0 added [ 94.975353][ T5843] team0: Port device team_slave_1 added [ 94.981468][ T5858] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.989183][ T5858] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.996856][ T5858] bridge_slave_0: entered allmulticast mode [ 95.005100][ T5858] bridge_slave_0: entered promiscuous mode [ 95.028837][ T5851] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.065639][ T5858] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.073212][ T5858] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.080379][ T5858] bridge_slave_1: entered allmulticast mode [ 95.088972][ T5858] bridge_slave_1: entered promiscuous mode [ 95.098809][ T5851] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.110832][ T5847] team0: Port device team_slave_0 added [ 95.171993][ T5847] team0: Port device team_slave_1 added [ 95.192277][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.200111][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.226539][ T5843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.255570][ T5851] team0: Port device team_slave_0 added [ 95.278048][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.285183][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.311687][ T5843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 95.327266][ T5858] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.338714][ T5851] team0: Port device team_slave_1 added [ 95.360566][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.367623][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.395056][ T5847] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.408955][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.416029][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.442238][ T5847] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 95.465431][ T5858] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.541198][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.548420][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.575160][ T5851] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.615121][ T5858] team0: Port device team_slave_0 added [ 95.623882][ T5858] team0: Port device team_slave_1 added [ 95.630430][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.637061][ T5850] Bluetooth: hci1: command tx timeout [ 95.637617][ T51] Bluetooth: hci0: command tx timeout [ 95.643262][ T5846] Bluetooth: hci2: command tx timeout [ 95.648554][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.679742][ T5851] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 95.709022][ T5843] hsr_slave_0: entered promiscuous mode [ 95.717457][ T5843] hsr_slave_1: entered promiscuous mode [ 95.750395][ T5847] hsr_slave_0: entered promiscuous mode [ 95.758664][ T5847] hsr_slave_1: entered promiscuous mode [ 95.765302][ T5847] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 95.773682][ T5847] Cannot create hsr debugfs directory [ 95.792733][ T5846] Bluetooth: hci3: command tx timeout [ 95.809177][ T5858] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.816431][ T5858] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.842546][ T5858] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.888908][ T5858] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.895944][ T5858] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.922508][ T5858] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 95.957578][ T5851] hsr_slave_0: entered promiscuous mode [ 95.966142][ T5851] hsr_slave_1: entered promiscuous mode [ 95.972258][ T5851] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 95.980119][ T5851] Cannot create hsr debugfs directory [ 96.112399][ T5858] hsr_slave_0: entered promiscuous mode [ 96.119073][ T5858] hsr_slave_1: entered promiscuous mode [ 96.125770][ T5858] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 96.133384][ T5858] Cannot create hsr debugfs directory [ 96.524753][ T5843] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 96.554279][ T5843] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 96.580030][ T5843] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 96.600082][ T5843] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 96.660124][ T5847] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 96.678831][ T5847] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 96.689872][ T5847] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 96.712087][ T5847] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 96.791302][ T5851] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 96.802324][ T5851] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 96.815487][ T5851] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 96.840119][ T5851] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 96.959366][ T5858] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 96.988242][ T5858] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 97.000282][ T5858] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 97.021973][ T5858] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 97.039931][ T5843] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.110764][ T5843] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.146931][ T4778] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.154217][ T4778] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.166061][ T55] cfg80211: failed to load regulatory.db [ 97.217274][ T5847] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.227492][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.234726][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.349973][ T5851] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.361138][ T5847] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.399368][ T4778] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.406584][ T4778] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.432057][ T4778] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.439292][ T4778] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.477294][ T5851] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.530890][ T5858] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.547950][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.555166][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.587533][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.594799][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.625928][ T5858] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.707659][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.714946][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.727787][ T5846] Bluetooth: hci2: command tx timeout [ 97.727808][ T51] Bluetooth: hci1: command tx timeout [ 97.734339][ T5846] Bluetooth: hci0: command tx timeout [ 97.765593][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.772819][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.873487][ T5846] Bluetooth: hci3: command tx timeout [ 97.946555][ T5843] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.186478][ T5843] veth0_vlan: entered promiscuous mode [ 98.286128][ T5843] veth1_vlan: entered promiscuous mode [ 98.309491][ T5847] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.495954][ T5843] veth0_macvtap: entered promiscuous mode [ 98.546984][ T5843] veth1_macvtap: entered promiscuous mode [ 98.576528][ T5847] veth0_vlan: entered promiscuous mode [ 98.610128][ T5847] veth1_vlan: entered promiscuous mode [ 98.622240][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.648009][ T5858] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.665484][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.689764][ T5843] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.700117][ T5843] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.709531][ T5843] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.719014][ T5843] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.739174][ T5851] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.787236][ T5847] veth0_macvtap: entered promiscuous mode [ 98.835170][ T5847] veth1_macvtap: entered promiscuous mode [ 98.890592][ T5858] veth0_vlan: entered promiscuous mode [ 98.906837][ T5858] veth1_vlan: entered promiscuous mode [ 98.934233][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.989196][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.998141][ T5851] veth0_vlan: entered promiscuous mode [ 99.009769][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.022243][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.043419][ T5847] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.052273][ T5847] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.061150][ T5847] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.070619][ T5847] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.099685][ T5851] veth1_vlan: entered promiscuous mode [ 99.151068][ T5858] veth0_macvtap: entered promiscuous mode [ 99.170614][ T1148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.181451][ T1148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.181880][ T5858] veth1_macvtap: entered promiscuous mode [ 99.297480][ T5858] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.326670][ T5843] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 99.333296][ T5851] veth0_macvtap: entered promiscuous mode [ 99.373163][ T1148] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.381082][ T1148] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.396969][ T5851] veth1_macvtap: entered promiscuous mode [ 99.412237][ T5858] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.518961][ T5858] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.531489][ T5858] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.540417][ T5858] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.549936][ T5858] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.608161][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.629241][ T67] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.638355][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.653597][ T67] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.720507][ T5851] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.735207][ T5851] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.744423][ T5851] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.753576][ T5851] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.794060][ T5846] Bluetooth: hci0: command tx timeout [ 99.799773][ T5850] Bluetooth: hci1: command tx timeout [ 99.799916][ T51] Bluetooth: hci2: command tx timeout [ 99.954182][ T51] Bluetooth: hci3: command tx timeout [ 99.981817][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.038471][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.078809][ T67] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.102820][ T67] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.208256][ T1148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.227918][ T1148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.251169][ T5943] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5'. [ 100.331361][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.371158][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.563209][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 101.132821][ T0] NOHZ tick-stop error: local softirq work is pending, handler #2c2!!! [ 101.493578][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 101.523089][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 101.531732][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 101.540352][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 101.549461][ T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!! [ 101.665346][ T0] NOHZ tick-stop error: local softirq work is pending, handler #01!!! [ 101.872749][ T5850] Bluetooth: hci0: command tx timeout [ 101.878258][ T5846] Bluetooth: hci2: command tx timeout [ 101.883882][ T51] Bluetooth: hci1: command tx timeout [ 102.041526][ T51] Bluetooth: hci3: command tx timeout [ 103.080795][ T5982] Format for linking two devices is "netnsfd_a:ifidx_a netnsfd_b:ifidx_b" (int uint int uint). [ 103.634380][ T0] NOHZ tick-stop error: local softirq work is pending, handler #208!!! [ 103.692503][ T0] NOHZ tick-stop error: local softirq work is pending, handler #2c2!!! [ 107.014675][ T6023] Process accounting resumed [ 108.112877][ T6033] can: request_module (can-proto-0) failed. [ 109.463749][ T6047] ovs_: entered promiscuous mode [ 110.304521][ T6051] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 111.470657][ T6072] FAULT_INJECTION: forcing a failure. [ 111.470657][ T6072] name failslab, interval 1, probability 0, space 0, times 1 [ 111.592439][ T6072] CPU: 1 UID: 0 PID: 6072 Comm: syz.2.27 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) [ 111.592482][ T6072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 111.592499][ T6072] Call Trace: [ 111.592508][ T6072] [ 111.592520][ T6072] dump_stack_lvl+0x16c/0x1f0 [ 111.592556][ T6072] should_fail_ex+0x512/0x640 [ 111.592584][ T6072] ? fs_reclaim_acquire+0xae/0x150 [ 111.592626][ T6072] should_failslab+0xc2/0x120 [ 111.592661][ T6072] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 111.592691][ T6072] ? security_inode_alloc+0x3b/0x2b0 [ 111.592735][ T6072] security_inode_alloc+0x3b/0x2b0 [ 111.592774][ T6072] inode_init_always_gfp+0xce4/0x1030 [ 111.592824][ T6072] alloc_inode+0x86/0x240 [ 111.592859][ T6072] new_inode+0x22/0x1c0 [ 111.592898][ T6072] __rpc_create_common+0x57/0x2f0 [ 111.592945][ T6072] rpc_populate.constprop.0+0x153/0x5d0 [ 111.593000][ T6072] rpc_fill_super+0x345/0x840 [ 111.593043][ T6072] ? sget_fc+0x808/0xc20 [ 111.593090][ T6072] ? __pfx_rpc_fill_super+0x10/0x10 [ 111.593132][ T6072] get_tree_keyed+0x10b/0x1d0 [ 111.593179][ T6072] vfs_get_tree+0x8e/0x340 [ 111.593226][ T6072] vfs_cmd_create+0xd7/0x2a0 [ 111.593260][ T6072] __do_sys_fsconfig+0x7b8/0xbe0 [ 111.593295][ T6072] ? __pfx___do_sys_fsconfig+0x10/0x10 [ 111.593349][ T6072] do_syscall_64+0xcd/0x490 [ 111.593380][ T6072] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.593408][ T6072] RIP: 0033:0x7f280ff8e9a9 [ 111.593432][ T6072] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 111.593457][ T6072] RSP: 002b:00007f2810e73038 EFLAGS: 00000246 ORIG_RAX: 00000000000001af [ 111.593484][ T6072] RAX: ffffffffffffffda RBX: 00007f28101b5fa0 RCX: 00007f280ff8e9a9 [ 111.593503][ T6072] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000005 [ 111.593519][ T6072] RBP: 00007f2810010d69 R08: 0000000000000000 R09: 0000000000000000 [ 111.593536][ T6072] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 111.593553][ T6072] R13: 0000000000000000 R14: 00007f28101b5fa0 R15: 00007ffd5f1668a8 [ 111.593592][ T6072] [ 112.043559][ T6072] net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry clntXX [ 112.053664][ T6072] net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory gssd [ 112.167205][ T6078] netlink: 4 bytes leftover after parsing attributes in process `syz.0.28'. [ 112.324397][ T6074] netlink: 25 bytes leftover after parsing attributes in process `syz.0.28'. [ 112.975721][ T6092] netlink: set zone limit has 8 unknown bytes [ 113.863647][ T6096] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 113.931296][ T5913] Process accounting resumed [ 116.812054][ T6124] Process accounting resumed [ 117.119347][ T6128] process 'syz.2.41' launched '/dev/fd/10' with NULL argv: empty string added [ 117.214022][ T6126] FAULT_INJECTION: forcing a failure. [ 117.214022][ T6126] name fail_futex, interval 1, probability 0, space 0, times 1 [ 117.260455][ T6126] CPU: 0 UID: 0 PID: 6126 Comm: syz.2.41 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) [ 117.260496][ T6126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 117.260511][ T6126] Call Trace: [ 117.260521][ T6126] [ 117.260532][ T6126] dump_stack_lvl+0x16c/0x1f0 [ 117.260564][ T6126] should_fail_ex+0x512/0x640 [ 117.260598][ T6126] get_futex_key+0x1d0/0x1540 [ 117.260634][ T6126] ? __pfx_get_futex_key+0x10/0x10 [ 117.260665][ T6126] ? __mutex_trylock_common+0xe9/0x250 [ 117.260716][ T6126] futex_wake+0xe7/0x4e0 [ 117.260757][ T6126] ? __pfx_futex_wake+0x10/0x10 [ 117.260792][ T6126] ? __lock_acquire+0xb8a/0x1c90 [ 117.260843][ T6126] do_futex+0x1e3/0x350 [ 117.260876][ T6126] ? __pfx_do_futex+0x10/0x10 [ 117.260905][ T6126] ? __might_fault+0xe3/0x190 [ 117.260943][ T6126] mm_release+0x24e/0x300 [ 117.260978][ T6126] do_exit+0x68b/0x2bd0 [ 117.261024][ T6126] ? __pfx_do_exit+0x10/0x10 [ 117.261060][ T6126] ? do_raw_spin_lock+0x12c/0x2b0 [ 117.261102][ T6126] ? find_held_lock+0x2b/0x80 [ 117.261138][ T6126] do_group_exit+0xd3/0x2a0 [ 117.261176][ T6126] get_signal+0x2673/0x26d0 [ 117.261219][ T6126] ? __pfx_get_signal+0x10/0x10 [ 117.261250][ T6126] ? do_futex+0x122/0x350 [ 117.261285][ T6126] ? __pfx_do_futex+0x10/0x10 [ 117.261322][ T6126] arch_do_signal_or_restart+0x8f/0x790 [ 117.261358][ T6126] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 117.261401][ T6126] ? xfd_validate_state+0x61/0x180 [ 117.261461][ T6126] exit_to_user_mode_loop+0x84/0x110 [ 117.261506][ T6126] do_syscall_64+0x3f6/0x490 [ 117.261541][ T6126] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.261570][ T6126] RIP: 0033:0x7f280ff8e9a9 [ 117.261592][ T6126] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 117.261619][ T6126] RSP: 002b:00007f2810e730e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 117.261645][ T6126] RAX: fffffffffffffe00 RBX: 00007f28101b5fa8 RCX: 00007f280ff8e9a9 [ 117.261663][ T6126] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f28101b5fa8 [ 117.261680][ T6126] RBP: 00007f28101b5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 117.261696][ T6126] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f28101b5fac [ 117.261712][ T6126] R13: 0000000000000000 R14: 00007ffd5f1667c0 R15: 00007ffd5f1668a8 [ 117.261749][ T6126] [ 117.540437][ T5850] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 117.693401][ T5850] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 117.718136][ T5850] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 117.730278][ T5850] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 117.739574][ T5850] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 119.113876][ T6129] chnl_net:caif_netlink_parms(): no params data found [ 119.792666][ T51] Bluetooth: hci0: command tx timeout [ 119.809682][ T6129] bridge0: port 1(bridge_slave_0) entered blocking state [ 119.819596][ T6129] bridge0: port 1(bridge_slave_0) entered disabled state [ 119.836890][ T6129] bridge_slave_0: entered allmulticast mode [ 119.849073][ T6129] bridge_slave_0: entered promiscuous mode [ 119.904310][ T6147] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 119.983068][ T6147] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 120.474099][ T6129] bridge0: port 2(bridge_slave_1) entered blocking state [ 120.502730][ T6129] bridge0: port 2(bridge_slave_1) entered disabled state [ 120.525090][ T6129] bridge_slave_1: entered allmulticast mode [ 120.584330][ T6129] bridge_slave_1: entered promiscuous mode [ 121.107850][ T6129] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 121.148845][ T6129] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 121.378373][ T6129] team0: Port device team_slave_0 added [ 121.398241][ T6129] team0: Port device team_slave_1 added [ 121.556122][ T6129] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 121.570845][ T6129] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 121.615169][ T6129] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 121.700881][ T6129] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 121.700907][ T6129] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 121.700954][ T6129] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 121.872680][ T51] Bluetooth: hci0: command tx timeout [ 121.911351][ T6129] hsr_slave_0: entered promiscuous mode [ 121.936249][ T6129] hsr_slave_1: entered promiscuous mode [ 121.951756][ T6129] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 121.975857][ T6129] Cannot create hsr debugfs directory [ 122.631480][ T6129] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 122.862372][ T6180] FAULT_INJECTION: forcing a failure. [ 122.862372][ T6180] name failslab, interval 1, probability 0, space 0, times 0 [ 122.876001][ T6180] CPU: 0 UID: 0 PID: 6180 Comm: syz.0.49 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) [ 122.876030][ T6180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 122.876041][ T6180] Call Trace: [ 122.876047][ T6180] [ 122.876054][ T6180] dump_stack_lvl+0x16c/0x1f0 [ 122.876091][ T6180] should_fail_ex+0x512/0x640 [ 122.876109][ T6180] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 122.876140][ T6180] should_failslab+0xc2/0x120 [ 122.876161][ T6180] __kmalloc_cache_noprof+0x6a/0x3e0 [ 122.876191][ T6180] ? devlink_fmsg_nest_common.part.0+0x48/0x1e0 [ 122.876219][ T6180] devlink_fmsg_nest_common.part.0+0x48/0x1e0 [ 122.876245][ T6180] devlink_fmsg_bool_pair_put+0x270/0x2f0 [ 122.876271][ T6180] ? __pfx_devlink_fmsg_bool_pair_put+0x10/0x10 [ 122.876296][ T6180] ? __kasan_kmalloc+0x30/0xb0 [ 122.876314][ T6180] ? devlink_fmsg_nest_common.part.0+0xcd/0x1e0 [ 122.876340][ T6180] nsim_dev_dummy_fmsg_put+0xe7/0x1e0 [ 122.876366][ T6180] devlink_health_do_dump+0x240/0x620 [ 122.876395][ T6180] devlink_health_report+0x3c9/0x9c0 [ 122.876424][ T6180] ? __pfx_devlink_health_report+0x10/0x10 [ 122.876450][ T6180] ? _copy_from_user+0x59/0xd0 [ 122.876472][ T6180] nsim_dev_health_break_write+0x166/0x210 [ 122.876498][ T6180] ? __pfx_nsim_dev_health_break_write+0x10/0x10 [ 122.876530][ T6180] full_proxy_write+0x13c/0x200 [ 122.876554][ T6180] ? __pfx_full_proxy_write+0x10/0x10 [ 122.876575][ T6180] vfs_write+0x29d/0x1150 [ 122.876596][ T6180] ? __pfx___mutex_lock+0x10/0x10 [ 122.876615][ T6180] ? __pfx_vfs_write+0x10/0x10 [ 122.876638][ T6180] ? __fget_files+0x20e/0x3c0 [ 122.876673][ T6180] ksys_write+0x12a/0x250 [ 122.876689][ T6180] ? __pfx_ksys_write+0x10/0x10 [ 122.876713][ T6180] do_syscall_64+0xcd/0x490 [ 122.876733][ T6180] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.876752][ T6180] RIP: 0033:0x7fd428d8e9a9 [ 122.876767][ T6180] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 122.876784][ T6180] RSP: 002b:00007fd429c45038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 122.876802][ T6180] RAX: ffffffffffffffda RBX: 00007fd428fb5fa0 RCX: 00007fd428d8e9a9 [ 122.876813][ T6180] RDX: 00000000000001ff RSI: 0000000000000000 RDI: 0000000000000007 [ 122.876823][ T6180] RBP: 00007fd428e10d69 R08: 0000000000000000 R09: 0000000000000000 [ 122.876833][ T6180] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 122.876844][ T6180] R13: 0000000000000000 R14: 00007fd428fb5fa0 R15: 00007fff4e275278 [ 122.876866][ T6180] [ 123.133819][ C0] vkms_vblank_simulate: vblank timer overrun [ 123.186437][ T6129] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.585834][ T6129] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.761541][ T6188] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 123.796179][ T6129] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.956968][ T51] Bluetooth: hci0: command tx timeout [ 124.168101][ T6129] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 124.213861][ T6129] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 124.307028][ T6129] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 124.328452][ T6129] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 124.529327][ T6188] mmap: syz.2.51 (6188) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 124.693917][ T6129] 8021q: adding VLAN 0 to HW filter on device bond0 [ 124.729120][ T6129] 8021q: adding VLAN 0 to HW filter on device team0 [ 124.756260][ T67] bridge0: port 1(bridge_slave_0) entered blocking state [ 124.763445][ T67] bridge0: port 1(bridge_slave_0) entered forwarding state [ 124.917349][ T67] bridge0: port 2(bridge_slave_1) entered blocking state [ 124.924615][ T67] bridge0: port 2(bridge_slave_1) entered forwarding state [ 124.963455][ T6201] syz.3.52 uses obsolete (PF_INET,SOCK_PACKET) [ 125.017689][ T6129] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 125.028492][ T6129] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 125.122315][ T6190] platform regulatory.0: loading /lib/firmware/regulatory.db.p7s failed with error -4 [ 125.223293][ T6190] platform regulatory.0: Direct firmware load for regulatory.db.p7s failed with error -4 [ 125.268731][ T6190] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db.p7s [ 125.341587][ T6190] syz.2.51 (6190) used greatest stack depth: 19784 bytes left [ 125.574047][ T6204] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 125.799943][ T6129] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 125.918769][ T6129] veth0_vlan: entered promiscuous mode [ 125.951331][ T6129] veth1_vlan: entered promiscuous mode [ 126.033442][ T51] Bluetooth: hci0: command tx timeout [ 126.046173][ T6129] veth0_macvtap: entered promiscuous mode [ 126.060474][ T6129] veth1_macvtap: entered promiscuous mode [ 126.102277][ T6129] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 126.128780][ T6129] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 126.158043][ T6129] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 126.175690][ T6129] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 126.186529][ T6129] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 126.197575][ T6129] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 126.416478][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.452603][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.563658][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.571550][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.720874][ T6215] could not allocate digest TFM handle binfmt_misc [ 126.933190][ T6210] Zero length message leads to an empty skb [ 127.544987][ T6233] netlink: 4 bytes leftover after parsing attributes in process `syz.0.59'. [ 127.573369][ T6235] FAULT_INJECTION: forcing a failure. [ 127.573369][ T6235] name failslab, interval 1, probability 0, space 0, times 0 [ 127.617227][ T6235] CPU: 0 UID: 0 PID: 6235 Comm: syz.1.58 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) [ 127.617268][ T6235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 127.617285][ T6235] Call Trace: [ 127.617295][ T6235] [ 127.617305][ T6235] dump_stack_lvl+0x16c/0x1f0 [ 127.617348][ T6235] should_fail_ex+0x512/0x640 [ 127.617375][ T6235] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 127.617423][ T6235] should_failslab+0xc2/0x120 [ 127.617456][ T6235] __kmalloc_cache_noprof+0x6a/0x3e0 [ 127.617500][ T6235] ? qrtr_tun_open+0x47/0x220 [ 127.617545][ T6235] ? __pfx_qrtr_tun_open+0x10/0x10 [ 127.617583][ T6235] qrtr_tun_open+0x47/0x220 [ 127.617622][ T6235] ? __pfx_qrtr_tun_open+0x10/0x10 [ 127.617662][ T6235] misc_open+0x35d/0x420 [ 127.617704][ T6235] ? __pfx_misc_open+0x10/0x10 [ 127.617744][ T6235] chrdev_open+0x231/0x6a0 [ 127.617780][ T6235] ? __pfx_chrdev_open+0x10/0x10 [ 127.617816][ T6235] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 127.617866][ T6235] do_dentry_open+0x744/0x1c10 [ 127.617896][ T6235] ? __pfx_chrdev_open+0x10/0x10 [ 127.617935][ T6235] vfs_open+0x82/0x3f0 [ 127.617975][ T6235] path_openat+0x1de4/0x2cb0 [ 127.618017][ T6235] ? __pfx_path_openat+0x10/0x10 [ 127.618047][ T6235] ? __lock_acquire+0xb8a/0x1c90 [ 127.618090][ T6235] do_filp_open+0x20b/0x470 [ 127.618119][ T6235] ? __pfx_do_filp_open+0x10/0x10 [ 127.618178][ T6235] ? alloc_fd+0x471/0x7d0 [ 127.618232][ T6235] do_sys_openat2+0x11b/0x1d0 [ 127.618275][ T6235] ? __pfx_do_sys_openat2+0x10/0x10 [ 127.618315][ T6235] ? find_held_lock+0x2b/0x80 [ 127.618363][ T6235] __x64_sys_openat+0x174/0x210 [ 127.618402][ T6235] ? __pfx___x64_sys_openat+0x10/0x10 [ 127.618455][ T6235] do_syscall_64+0xcd/0x490 [ 127.618489][ T6235] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.618518][ T6235] RIP: 0033:0x7f4a5138e9a9 [ 127.618542][ T6235] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 127.618568][ T6235] RSP: 002b:00007f4a4edf4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 127.618596][ T6235] RAX: ffffffffffffffda RBX: 00007f4a515b6240 RCX: 00007f4a5138e9a9 [ 127.618615][ T6235] RDX: 0000000000000001 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 127.618634][ T6235] RBP: 00007f4a51410d69 R08: 0000000000000000 R09: 0000000000000000 [ 127.618651][ T6235] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 127.618668][ T6235] R13: 0000000000000000 R14: 00007f4a515b6240 R15: 00007fff00560688 [ 127.618707][ T6235] [ 128.257499][ T6244] netlink: 4 bytes leftover after parsing attributes in process `syz.2.61'. [ 128.306701][ T5912] Process accounting resumed [ 130.727116][ T6268] could not allocate digest TFM handle binfmt_misc [ 131.343047][ T6265] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 131.801977][ T6281] FAULT_INJECTION: forcing a failure. [ 131.801977][ T6281] name failslab, interval 1, probability 0, space 0, times 0 [ 131.822670][ T6281] CPU: 0 UID: 0 PID: 6281 Comm: syz.1.68 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) [ 131.822712][ T6281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 131.822728][ T6281] Call Trace: [ 131.822737][ T6281] [ 131.822750][ T6281] dump_stack_lvl+0x16c/0x1f0 [ 131.822787][ T6281] should_fail_ex+0x512/0x640 [ 131.822817][ T6281] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 131.822868][ T6281] should_failslab+0xc2/0x120 [ 131.822904][ T6281] __kmalloc_cache_noprof+0x6a/0x3e0 [ 131.822952][ T6281] ? devlink_fmsg_u8_pair_put+0x225/0x2f0 [ 131.822993][ T6281] ? devlink_fmsg_nest_common.part.0+0x48/0x1e0 [ 131.823039][ T6281] devlink_fmsg_nest_common.part.0+0x48/0x1e0 [ 131.823082][ T6281] devlink_fmsg_obj_nest_end+0xa2/0xc0 [ 131.823123][ T6281] nsim_dev_dummy_fmsg_put+0x100/0x1e0 [ 131.823168][ T6281] devlink_health_do_dump+0x240/0x620 [ 131.823215][ T6281] devlink_health_report+0x3c9/0x9c0 [ 131.823265][ T6281] ? __pfx_devlink_health_report+0x10/0x10 [ 131.823308][ T6281] ? _copy_from_user+0x59/0xd0 [ 131.823356][ T6281] nsim_dev_health_break_write+0x166/0x210 [ 131.823398][ T6281] ? __pfx_nsim_dev_health_break_write+0x10/0x10 [ 131.823456][ T6281] full_proxy_write+0x13c/0x200 [ 131.823497][ T6281] ? __pfx_full_proxy_write+0x10/0x10 [ 131.823534][ T6281] vfs_write+0x29d/0x1150 [ 131.823569][ T6281] ? __pfx___mutex_lock+0x10/0x10 [ 131.823600][ T6281] ? __pfx_vfs_write+0x10/0x10 [ 131.823641][ T6281] ? __fget_files+0x20e/0x3c0 [ 131.823701][ T6281] ksys_write+0x12a/0x250 [ 131.823729][ T6281] ? __pfx_ksys_write+0x10/0x10 [ 131.823770][ T6281] do_syscall_64+0xcd/0x490 [ 131.823804][ T6281] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.823834][ T6281] RIP: 0033:0x7f4a5138e9a9 [ 131.823859][ T6281] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 131.823886][ T6281] RSP: 002b:00007f4a52163038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 131.823914][ T6281] RAX: ffffffffffffffda RBX: 00007f4a515b5fa0 RCX: 00007f4a5138e9a9 [ 131.823934][ T6281] RDX: 00000000000001ff RSI: 0000000000000000 RDI: 0000000000000007 [ 131.823950][ T6281] RBP: 00007f4a51410d69 R08: 0000000000000000 R09: 0000000000000000 [ 131.823968][ T6281] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 131.823984][ T6281] R13: 0000000000000000 R14: 00007f4a515b5fa0 R15: 00007fff00560688 [ 131.824025][ T6281] [ 132.412281][ T6291] netlink: 4 bytes leftover after parsing attributes in process `syz.0.72'. [ 132.464970][ T6288] netlink: 4 bytes leftover after parsing attributes in process `syz.3.70'. [ 132.963512][ T5878] Process accounting resumed [ 133.463522][ T6305] netlink: set zone limit has 8 unknown bytes [ 136.743661][ T6318] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 137.125050][ T6339] Format for linking two devices is "netnsfd_a:ifidx_a netnsfd_b:ifidx_b" (int uint int uint). [ 138.172767][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.179220][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 143.366195][ T6407] FAULT_INJECTION: forcing a failure. [ 143.366195][ T6407] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 143.462517][ T6407] CPU: 0 UID: 0 PID: 6407 Comm: syz.1.94 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) [ 143.462671][ T6407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 143.462687][ T6407] Call Trace: [ 143.462697][ T6407] [ 143.462707][ T6407] dump_stack_lvl+0x16c/0x1f0 [ 143.462800][ T6407] should_fail_ex+0x512/0x640 [ 143.462836][ T6407] _copy_to_user+0x32/0xd0 [ 143.462870][ T6407] simple_read_from_buffer+0xcb/0x170 [ 143.462928][ T6407] proc_fail_nth_read+0x197/0x270 [ 143.462970][ T6407] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 143.463014][ T6407] ? rw_verify_area+0xcf/0x680 [ 143.463056][ T6407] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 143.463093][ T6407] vfs_read+0x1e4/0xc60 [ 143.463127][ T6407] ? __pfx___mutex_lock+0x10/0x10 [ 143.463157][ T6407] ? __pfx_vfs_read+0x10/0x10 [ 143.463195][ T6407] ? __fget_files+0x20e/0x3c0 [ 143.463250][ T6407] ksys_read+0x12a/0x250 [ 143.463278][ T6407] ? __pfx_ksys_read+0x10/0x10 [ 143.463316][ T6407] do_syscall_64+0xcd/0x490 [ 143.463350][ T6407] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 143.463380][ T6407] RIP: 0033:0x7f4a5138d3bc [ 143.463404][ T6407] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 143.463431][ T6407] RSP: 002b:00007f4a52163030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 143.463460][ T6407] RAX: ffffffffffffffda RBX: 00007f4a515b5fa0 RCX: 00007f4a5138d3bc [ 143.463479][ T6407] RDX: 000000000000000f RSI: 00007f4a521630a0 RDI: 0000000000000004 [ 143.463496][ T6407] RBP: 00007f4a52163090 R08: 0000000000000000 R09: 0000000000000000 [ 143.463513][ T6407] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 143.463530][ T6407] R13: 0000000000000000 R14: 00007f4a515b5fa0 R15: 00007fff00560688 [ 143.463568][ T6407] [ 144.040097][ T6411] netlink: 330 bytes leftover after parsing attributes in process `syz.0.95'. [ 144.353749][ T6404] netlink: 20 bytes leftover after parsing attributes in process `syz.3.93'. [ 144.380403][ T6404] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 145.345946][ T6425] netlink: 4 bytes leftover after parsing attributes in process `syz.3.99'. [ 146.295409][ T9] Process accounting resumed [ 147.009428][ T6446] usb usb8: usbfs: interface 0 claimed by hub while 'syz.1.105' sets config #0 [ 150.934400][ T6488] FAULT_INJECTION: forcing a failure. [ 150.934400][ T6488] name failslab, interval 1, probability 0, space 0, times 0 [ 151.002642][ T6488] CPU: 1 UID: 0 PID: 6488 Comm: syz.2.114 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) [ 151.002684][ T6488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 151.002701][ T6488] Call Trace: [ 151.002711][ T6488] [ 151.002722][ T6488] dump_stack_lvl+0x16c/0x1f0 [ 151.002760][ T6488] should_fail_ex+0x512/0x640 [ 151.002788][ T6488] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 151.002820][ T6488] should_failslab+0xc2/0x120 [ 151.002851][ T6488] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 151.002880][ T6488] ? alloc_empty_file+0x55/0x1e0 [ 151.002927][ T6488] alloc_empty_file+0x55/0x1e0 [ 151.002965][ T6488] path_openat+0xda/0x2cb0 [ 151.003001][ T6488] ? rcu_is_watching+0x12/0xc0 [ 151.003034][ T6488] ? trace_kmem_cache_alloc+0x28/0xc0 [ 151.003068][ T6488] ? kmem_cache_alloc_noprof+0x21e/0x3b0 [ 151.003100][ T6488] ? __pfx_path_openat+0x10/0x10 [ 151.003133][ T6488] ? __asan_memcpy+0x3c/0x60 [ 151.003183][ T6488] do_file_open_root+0x322/0x610 [ 151.003211][ T6488] ? stack_trace_save+0x8e/0xc0 [ 151.003247][ T6488] ? __pfx_do_file_open_root+0x10/0x10 [ 151.003317][ T6488] ? vsnprintf+0x318/0x1160 [ 151.003369][ T6488] file_open_root+0x2a7/0x450 [ 151.003402][ T6488] ? __pfx_file_open_root+0x10/0x10 [ 151.003429][ T6488] ? find_held_lock+0x2b/0x80 [ 151.003463][ T6488] ? kernel_read_file_from_path_initns+0x17a/0x260 [ 151.003510][ T6488] kernel_read_file_from_path_initns+0x189/0x260 [ 151.003554][ T6488] ? __pfx_kernel_read_file_from_path_initns+0x10/0x10 [ 151.003591][ T6488] ? trace_kmem_cache_alloc+0x28/0xc0 [ 151.003631][ T6488] ? _request_firmware+0x503/0x1470 [ 151.003684][ T6488] _request_firmware+0x744/0x1470 [ 151.003746][ T6488] ? __pfx__request_firmware+0x10/0x10 [ 151.003791][ T6488] ? __pfx_netdev_run_todo+0x10/0x10 [ 151.003824][ T6488] ? __pfx___mutex_lock+0x10/0x10 [ 151.003868][ T6488] request_firmware+0x35/0x50 [ 151.003914][ T6488] reg_reload_regdb+0x89/0x460 [ 151.003956][ T6488] ? __pfx_reg_reload_regdb+0x10/0x10 [ 151.003998][ T6488] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 151.004025][ T6488] ? nl80211_pre_doit+0x1b0/0xb10 [ 151.004061][ T6488] genl_family_rcv_msg_doit+0x209/0x2f0 [ 151.004107][ T6488] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 151.004154][ T6488] ? rcu_is_watching+0x12/0xc0 [ 151.004199][ T6488] ? bpf_lsm_capable+0x9/0x10 [ 151.004241][ T6488] ? security_capable+0x7e/0x260 [ 151.004286][ T6488] genl_rcv_msg+0x55c/0x800 [ 151.004332][ T6488] ? __pfx_genl_rcv_msg+0x10/0x10 [ 151.004373][ T6488] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 151.004400][ T6488] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 151.004436][ T6488] ? __pfx_nl80211_post_doit+0x10/0x10 [ 151.004480][ T6488] netlink_rcv_skb+0x158/0x420 [ 151.004517][ T6488] ? __pfx_genl_rcv_msg+0x10/0x10 [ 151.004559][ T6488] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 151.004614][ T6488] ? netlink_deliver_tap+0x1ae/0xd30 [ 151.004655][ T6488] genl_rcv+0x28/0x40 [ 151.004691][ T6488] netlink_unicast+0x58a/0x850 [ 151.004734][ T6488] ? __pfx_netlink_unicast+0x10/0x10 [ 151.004784][ T6488] netlink_sendmsg+0x8d1/0xdd0 [ 151.004828][ T6488] ? __pfx_netlink_sendmsg+0x10/0x10 [ 151.004880][ T6488] ____sys_sendmsg+0xa95/0xc70 [ 151.004921][ T6488] ? copy_msghdr_from_user+0x10a/0x160 [ 151.004952][ T6488] ? __pfx_____sys_sendmsg+0x10/0x10 [ 151.005012][ T6488] ___sys_sendmsg+0x134/0x1d0 [ 151.005047][ T6488] ? __pfx____sys_sendmsg+0x10/0x10 [ 151.005075][ T6488] ? __lock_acquire+0x622/0x1c90 [ 151.005174][ T6488] __sys_sendmsg+0x16d/0x220 [ 151.005208][ T6488] ? __pfx___sys_sendmsg+0x10/0x10 [ 151.005267][ T6488] do_syscall_64+0xcd/0x490 [ 151.005302][ T6488] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.005332][ T6488] RIP: 0033:0x7f280ff8e9a9 [ 151.005356][ T6488] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 151.005383][ T6488] RSP: 002b:00007f2810e73038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 151.005411][ T6488] RAX: ffffffffffffffda RBX: 00007f28101b5fa0 RCX: 00007f280ff8e9a9 [ 151.005430][ T6488] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000003 [ 151.005447][ T6488] RBP: 00007f2810e73090 R08: 0000000000000000 R09: 0000000000000000 [ 151.005464][ T6488] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 151.005481][ T6488] R13: 0000000000000000 R14: 00007f28101b5fa0 R15: 00007ffd5f1668a8 [ 151.005521][ T6488] [ 151.007303][ T6488] platform regulatory.0: loading /lib/firmware/updates/regulatory.db failed with error -12 [ 152.201169][ T6504] FAULT_INJECTION: forcing a failure. [ 152.201169][ T6504] name failslab, interval 1, probability 0, space 0, times 0 [ 152.262729][ T6504] CPU: 1 UID: 0 PID: 6504 Comm: syz.2.116 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) [ 152.262771][ T6504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 152.262787][ T6504] Call Trace: [ 152.262797][ T6504] [ 152.262807][ T6504] dump_stack_lvl+0x16c/0x1f0 [ 152.262840][ T6504] should_fail_ex+0x512/0x640 [ 152.262869][ T6504] ? __kvmalloc_node_noprof+0x124/0x620 [ 152.262918][ T6504] should_failslab+0xc2/0x120 [ 152.262951][ T6504] __kvmalloc_node_noprof+0x137/0x620 [ 152.262999][ T6504] ? sock_devmem_dontneed+0x1e1/0x6e0 [ 152.263048][ T6504] ? sock_devmem_dontneed+0x1e1/0x6e0 [ 152.263094][ T6504] sock_devmem_dontneed+0x1e1/0x6e0 [ 152.263134][ T6504] ? __might_fault+0xe3/0x190 [ 152.263162][ T6504] ? __might_fault+0x13b/0x190 [ 152.263196][ T6504] ? __pfx_sock_devmem_dontneed+0x10/0x10 [ 152.263267][ T6504] sk_setsockopt+0x209/0x3e40 [ 152.263311][ T6504] ? __pfx_sk_setsockopt+0x10/0x10 [ 152.263356][ T6504] ? aa_sk_perm+0x2f4/0xb10 [ 152.263402][ T6504] ? __pfx_aa_sk_perm+0x10/0x10 [ 152.263443][ T6504] ? __fget_files+0x204/0x3c0 [ 152.263502][ T6504] do_sock_setsockopt+0x193/0x1d0 [ 152.263546][ T6504] __sys_setsockopt+0x120/0x1a0 [ 152.263584][ T6504] __x64_sys_setsockopt+0xbd/0x160 [ 152.263610][ T6504] ? do_syscall_64+0x91/0x490 [ 152.263639][ T6504] ? lockdep_hardirqs_on+0x7c/0x110 [ 152.263666][ T6504] do_syscall_64+0xcd/0x490 [ 152.263699][ T6504] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 152.263728][ T6504] RIP: 0033:0x7f280ff8e9a9 [ 152.263752][ T6504] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 152.263778][ T6504] RSP: 002b:00007f2810e73038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 152.263806][ T6504] RAX: ffffffffffffffda RBX: 00007f28101b5fa0 RCX: 00007f280ff8e9a9 [ 152.263824][ T6504] RDX: 0000000000000050 RSI: 0000000000000001 RDI: 0000000000000008 [ 152.263839][ T6504] RBP: 00007f2810e73090 R08: 0000000000000400 R09: 0000000000000000 [ 152.263856][ T6504] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001 [ 152.263872][ T6504] R13: 0000000000000000 R14: 00007f28101b5fa0 R15: 00007ffd5f1668a8 [ 152.263909][ T6504] [ 152.863246][ T9] Process accounting resumed [ 154.038836][ T6516] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 154.841982][ T6528] syz.2.123 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 155.597598][ T6545] FAULT_INJECTION: forcing a failure. [ 155.597598][ T6545] name failslab, interval 1, probability 0, space 0, times 0 [ 155.692584][ T6545] CPU: 1 UID: 0 PID: 6545 Comm: syz.0.125 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) [ 155.692628][ T6545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 155.692644][ T6545] Call Trace: [ 155.692654][ T6545] [ 155.692665][ T6545] dump_stack_lvl+0x16c/0x1f0 [ 155.692701][ T6545] should_fail_ex+0x512/0x640 [ 155.692730][ T6545] ? fs_reclaim_acquire+0xae/0x150 [ 155.692773][ T6545] ? tomoyo_encode2+0x100/0x3e0 [ 155.692798][ T6545] should_failslab+0xc2/0x120 [ 155.692832][ T6545] __kmalloc_noprof+0xd2/0x510 [ 155.692860][ T6545] ? d_absolute_path+0x136/0x1a0 [ 155.692903][ T6545] tomoyo_encode2+0x100/0x3e0 [ 155.692937][ T6545] tomoyo_encode+0x29/0x50 [ 155.692963][ T6545] tomoyo_realpath_from_path+0x18f/0x6e0 [ 155.693004][ T6545] tomoyo_path_number_perm+0x245/0x580 [ 155.693044][ T6545] ? tomoyo_path_number_perm+0x237/0x580 [ 155.693088][ T6545] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 155.693140][ T6545] ? find_held_lock+0x2b/0x80 [ 155.693207][ T6545] ? find_held_lock+0x2b/0x80 [ 155.693236][ T6545] ? hook_file_ioctl_common+0x145/0x410 [ 155.693284][ T6545] ? __fget_files+0x20e/0x3c0 [ 155.693334][ T6545] security_file_ioctl+0x9b/0x240 [ 155.693379][ T6545] __x64_sys_ioctl+0xb7/0x210 [ 155.693423][ T6545] do_syscall_64+0xcd/0x490 [ 155.693456][ T6545] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.693485][ T6545] RIP: 0033:0x7fd428d8e9a9 [ 155.693508][ T6545] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 155.693534][ T6545] RSP: 002b:00007fd429c24038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 155.693561][ T6545] RAX: ffffffffffffffda RBX: 00007fd428fb6080 RCX: 00007fd428d8e9a9 [ 155.693579][ T6545] RDX: 0000000000000000 RSI: 0000000080044940 RDI: 0000000000000003 [ 155.693596][ T6545] RBP: 00007fd429c24090 R08: 0000000000000000 R09: 0000000000000000 [ 155.693618][ T6545] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 155.693635][ T6545] R13: 0000000000000001 R14: 00007fd428fb6080 R15: 00007fff4e275278 [ 155.693675][ T6545] [ 155.700873][ T6545] ERROR: Out of memory at tomoyo_realpath_from_path. [ 155.837015][ T6551] netlink: 28 bytes leftover after parsing attributes in process `syz.3.127'. [ 156.924804][ T55] Process accounting resumed [ 159.381907][ T6569] kexec: Could not allocate control_code_buffer [ 159.823656][ T5892] Process accounting resumed [ 160.580218][ T6621] FAULT_INJECTION: forcing a failure. [ 160.580218][ T6621] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 160.644490][ T6621] CPU: 0 UID: 0 PID: 6621 Comm: syz.1.146 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) [ 160.644530][ T6621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 160.644546][ T6621] Call Trace: [ 160.644555][ T6621] [ 160.644567][ T6621] dump_stack_lvl+0x16c/0x1f0 [ 160.644602][ T6621] should_fail_ex+0x512/0x640 [ 160.644638][ T6621] _copy_from_user+0x2e/0xd0 [ 160.644672][ T6621] copy_msghdr_from_user+0x98/0x160 [ 160.644704][ T6621] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 160.644744][ T6621] ? __lock_acquire+0x622/0x1c90 [ 160.644790][ T6621] ___sys_recvmsg+0xdb/0x1a0 [ 160.644819][ T6621] ? __pfx____sys_recvmsg+0x10/0x10 [ 160.644854][ T6621] ? find_held_lock+0x2b/0x80 [ 160.644910][ T6621] do_recvmmsg+0x2fe/0x750 [ 160.644947][ T6621] ? __pfx_do_recvmmsg+0x10/0x10 [ 160.644987][ T6621] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 160.645031][ T6621] ? __fget_files+0x20e/0x3c0 [ 160.645096][ T6621] __x64_sys_recvmmsg+0x22a/0x280 [ 160.645130][ T6621] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 160.645176][ T6621] do_syscall_64+0xcd/0x490 [ 160.645209][ T6621] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 160.645238][ T6621] RIP: 0033:0x7f4a5138e9a9 [ 160.645260][ T6621] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 160.645286][ T6621] RSP: 002b:00007f4a52163038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 160.645315][ T6621] RAX: ffffffffffffffda RBX: 00007f4a515b5fa0 RCX: 00007f4a5138e9a9 [ 160.645335][ T6621] RDX: 000000000000010a RSI: 0000200000000180 RDI: 0000000000000003 [ 160.645354][ T6621] RBP: 00007f4a52163090 R08: 0000000000000000 R09: 0000000000000000 [ 160.645371][ T6621] R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000001 [ 160.645388][ T6621] R13: 0000000000000000 R14: 00007f4a515b5fa0 R15: 00007fff00560688 [ 160.645427][ T6621] [ 162.185135][ T5878] Process accounting resumed [ 162.377886][ T6660] [ 162.380289][ T6660] ====================================================== [ 162.387355][ T6660] WARNING: possible circular locking dependency detected [ 162.394403][ T6660] 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 Not tainted [ 162.401529][ T6660] ------------------------------------------------------ [ 162.408908][ T6660] syz.2.158/6660 is trying to acquire lock: [ 162.414826][ T6660] ffffffff8e72a5a8 (pcpu_alloc_mutex){+.+.}-{4:4}, at: pcpu_alloc_noprof+0xb4c/0x1470 [ 162.424434][ T6660] [ 162.424434][ T6660] but task is already holding lock: [ 162.431811][ T6660] ffff888143311e00 (&q->q_usage_counter(io)#30){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 162.443095][ T6660] [ 162.443095][ T6660] which lock already depends on the new lock. [ 162.443095][ T6660] [ 162.453520][ T6660] [ 162.453520][ T6660] the existing dependency chain (in reverse order) is: [ 162.462561][ T6660] [ 162.462561][ T6660] -> #2 (&q->q_usage_counter(io)#30){++++}-{0:0}: [ 162.471217][ T6660] blk_alloc_queue+0x619/0x760 [ 162.476714][ T6660] blk_mq_alloc_queue+0x175/0x290 [ 162.482286][ T6660] __blk_mq_alloc_disk+0x29/0x120 [ 162.487855][ T6660] loop_add+0x49e/0xb70 [ 162.492560][ T6660] loop_init+0x164/0x270 [ 162.497355][ T6660] do_one_initcall+0x120/0x6e0 [ 162.502662][ T6660] kernel_init_freeable+0x5c2/0x900 [ 162.508446][ T6660] kernel_init+0x1c/0x2b0 [ 162.513320][ T6660] ret_from_fork+0x5d4/0x6f0 [ 162.518462][ T6660] ret_from_fork_asm+0x1a/0x30 [ 162.523775][ T6660] [ 162.523775][ T6660] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 162.531031][ T6660] fs_reclaim_acquire+0x102/0x150 [ 162.536613][ T6660] prepare_alloc_pages+0x162/0x610 [ 162.542273][ T6660] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 162.548706][ T6660] __alloc_pages_noprof+0xb/0x1b0 [ 162.554266][ T6660] pcpu_populate_chunk+0x110/0xb00 [ 162.559931][ T6660] pcpu_alloc_noprof+0x86a/0x1470 [ 162.565489][ T6660] xt_percpu_counter_alloc+0x13e/0x1b0 [ 162.571492][ T6660] find_check_entry.constprop.0+0xbf/0xa20 [ 162.577848][ T6660] translate_table+0xd0b/0x17b0 [ 162.583250][ T6660] do_ip6t_set_ctl+0x4fa/0xa70 [ 162.588558][ T6660] nf_setsockopt+0x8a/0xf0 [ 162.593516][ T6660] ipv6_setsockopt+0x135/0x170 [ 162.598825][ T6660] tcp_setsockopt+0xa7/0x100 [ 162.603949][ T6660] do_sock_setsockopt+0xf0/0x1d0 [ 162.609439][ T6660] __sys_setsockopt+0x120/0x1a0 [ 162.614824][ T6660] __x64_sys_setsockopt+0xbd/0x160 [ 162.620473][ T6660] do_syscall_64+0xcd/0x490 [ 162.625514][ T6660] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.631949][ T6660] [ 162.631949][ T6660] -> #0 (pcpu_alloc_mutex){+.+.}-{4:4}: [ 162.639714][ T6660] __lock_acquire+0x126f/0x1c90 [ 162.645131][ T6660] lock_acquire+0x179/0x350 [ 162.650200][ T6660] __mutex_lock+0x199/0xb90 [ 162.655261][ T6660] pcpu_alloc_noprof+0xb4c/0x1470 [ 162.660849][ T6660] blk_stat_alloc_callback+0xc8/0x280 [ 162.666791][ T6660] wbt_init+0xac/0x540 [ 162.671422][ T6660] queue_wb_lat_store+0x354/0x3d0 [ 162.676996][ T6660] queue_attr_store+0x276/0x320 [ 162.682394][ T6660] sysfs_kf_write+0xf2/0x150 [ 162.687545][ T6660] kernfs_fop_write_iter+0x354/0x510 [ 162.693378][ T6660] vfs_write+0x6c4/0x1150 [ 162.698242][ T6660] ksys_write+0x12a/0x250 [ 162.703107][ T6660] do_syscall_64+0xcd/0x490 [ 162.708171][ T6660] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.714618][ T6660] [ 162.714618][ T6660] other info that might help us debug this: [ 162.714618][ T6660] [ 162.724877][ T6660] Chain exists of: [ 162.724877][ T6660] pcpu_alloc_mutex --> fs_reclaim --> &q->q_usage_counter(io)#30 [ 162.724877][ T6660] [ 162.738583][ T6660] Possible unsafe locking scenario: [ 162.738583][ T6660] [ 162.746052][ T6660] CPU0 CPU1 [ 162.751432][ T6660] ---- ---- [ 162.756828][ T6660] lock(&q->q_usage_counter(io)#30); [ 162.762233][ T6660] lock(fs_reclaim); [ 162.768753][ T6660] lock(&q->q_usage_counter(io)#30); [ 162.776685][ T6660] lock(pcpu_alloc_mutex); [ 162.781319][ T6660] [ 162.781319][ T6660] *** DEADLOCK *** [ 162.781319][ T6660] [ 162.789474][ T6660] 6 locks held by syz.2.158/6660: [ 162.794512][ T6660] #0: ffff8880335e9438 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2a2/0x370 [ 162.803605][ T6660] #1: ffff888031620428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 162.812613][ T6660] #2: ffff88805a97e488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 [ 162.822405][ T6660] #3: ffff888140f05c38 (kn->active#77){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 [ 162.832472][ T6660] #4: ffff888143311e00 (&q->q_usage_counter(io)#30){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 162.844228][ T6660] #5: ffff888143311e38 (&q->q_usage_counter(queue)#20){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 162.856203][ T6660] [ 162.856203][ T6660] stack backtrace: [ 162.862122][ T6660] CPU: 0 UID: 0 PID: 6660 Comm: syz.2.158 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) [ 162.862153][ T6660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 162.862167][ T6660] Call Trace: [ 162.862175][ T6660] [ 162.862184][ T6660] dump_stack_lvl+0x116/0x1f0 [ 162.862209][ T6660] print_circular_bug+0x275/0x350 [ 162.862241][ T6660] check_noncircular+0x14c/0x170 [ 162.862275][ T6660] __lock_acquire+0x126f/0x1c90 [ 162.862311][ T6660] lock_acquire+0x179/0x350 [ 162.862342][ T6660] ? pcpu_alloc_noprof+0xb4c/0x1470 [ 162.862366][ T6660] ? __pfx___might_resched+0x10/0x10 [ 162.862390][ T6660] ? ksys_write+0x12a/0x250 [ 162.862411][ T6660] ? do_syscall_64+0xcd/0x490 [ 162.862438][ T6660] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.862464][ T6660] __mutex_lock+0x199/0xb90 [ 162.862487][ T6660] ? pcpu_alloc_noprof+0xb4c/0x1470 [ 162.862509][ T6660] ? pcpu_alloc_noprof+0xb4c/0x1470 [ 162.862530][ T6660] ? __pfx___mutex_lock+0x10/0x10 [ 162.862561][ T6660] ? pcpu_alloc_noprof+0xb4c/0x1470 [ 162.862581][ T6660] pcpu_alloc_noprof+0xb4c/0x1470 [ 162.862607][ T6660] ? __pfx_wbt_data_dir+0x10/0x10 [ 162.862629][ T6660] ? __pfx_wb_timer_fn+0x10/0x10 [ 162.862657][ T6660] blk_stat_alloc_callback+0xc8/0x280 [ 162.862685][ T6660] ? kasan_save_track+0x14/0x30 [ 162.862709][ T6660] wbt_init+0xac/0x540 [ 162.862739][ T6660] queue_wb_lat_store+0x354/0x3d0 [ 162.862775][ T6660] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 162.862802][ T6660] ? __mutex_trylock_common+0xe9/0x250 [ 162.862836][ T6660] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 162.862861][ T6660] queue_attr_store+0x276/0x320 [ 162.862887][ T6660] ? __pfx_queue_attr_store+0x10/0x10 [ 162.862911][ T6660] ? __lock_acquire+0x622/0x1c90 [ 162.862948][ T6660] ? find_held_lock+0x2b/0x80 [ 162.862971][ T6660] ? sysfs_file_kobj+0xe4/0x290 [ 162.863005][ T6660] ? __pfx_queue_attr_store+0x10/0x10 [ 162.863030][ T6660] sysfs_kf_write+0xf2/0x150 [ 162.863063][ T6660] kernfs_fop_write_iter+0x354/0x510 [ 162.863092][ T6660] ? __pfx_sysfs_kf_write+0x10/0x10 [ 162.863125][ T6660] vfs_write+0x6c4/0x1150 [ 162.863146][ T6660] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 162.863177][ T6660] ? __pfx___mutex_lock+0x10/0x10 [ 162.863200][ T6660] ? __pfx_vfs_write+0x10/0x10 [ 162.863229][ T6660] ksys_write+0x12a/0x250 [ 162.863250][ T6660] ? __pfx_ksys_write+0x10/0x10 [ 162.863278][ T6660] do_syscall_64+0xcd/0x490 [ 162.863309][ T6660] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.863333][ T6660] RIP: 0033:0x7f280ff8e9a9 [ 162.863351][ T6660] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 162.863374][ T6660] RSP: 002b:00007f2810e52038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 162.863396][ T6660] RAX: ffffffffffffffda RBX: 00007f28101b6080 RCX: 00007f280ff8e9a9 [ 162.863411][ T6660] RDX: 0000000000000081 RSI: 0000200000000040 RDI: 0000000000000004 [ 162.863425][ T6660] RBP: 00007f2810010d69 R08: 0000000000000000 R09: 0000000000000000 [ 162.863440][ T6660] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 162.863454][ T6660] R13: 0000000000000000 R14: 00007f28101b6080 R15: 00007ffd5f1668a8 [ 162.863475][ T6660] SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 163.847340][ T4778] bridge_slave_1: left allmulticast mode [ 163.853988][ T4778] bridge_slave_1: left promiscuous mode [ 163.859722][ T4778] bridge0: port 2(bridge_slave_1) entered disabled state [ 163.893749][ T4778] bridge_slave_0: left allmulticast mode [ 163.899588][ T4778] bridge_slave_0: left promiscuous mode [ 163.912630][ T4778] bridge0: port 1(bridge_slave_0) entered disabled state [ 164.058698][ T4778] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 164.069908][ T4778] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 164.081046][ T4778] bond0 (unregistering): Released all slaves [ 164.375518][ T4778] hsr_slave_0: left promiscuous mode [ 164.393009][ T4778] hsr_slave_1: left promiscuous mode [ 164.398959][ T4778] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 164.409863][ T4778] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 164.419947][ T4778] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 164.429082][ T4778] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 164.441190][ T4778] veth1_macvtap: left promiscuous mode [ 164.448478][ T4778] veth0_macvtap: left promiscuous mode [ 164.454552][ T4778] veth1_vlan: left promiscuous mode [ 164.459977][ T4778] veth0_vlan: left promiscuous mode [ 164.670605][ T4778] team0 (unregistering): Port device team_slave_1 removed [ 164.691472][ T4778] team0 (unregistering): Port device team_slave_0 removed [ 165.082229][ T4778] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 165.128022][ T4778] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 165.166646][ T4778] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 165.237761][ T4778] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 165.321788][ T4778] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 165.388013][ T4778] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 165.438530][ T4778] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 165.511900][ T4778] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 165.660126][ T4778] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 165.712045][ T4778] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 165.778924][ T4778] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 165.892342][ T4778] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 165.985230][ T4778] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 166.026810][ T4778] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 166.078490][ T4778] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 166.185805][ T4778] bridge_slave_1: left allmulticast mode [ 166.191514][ T4778] bridge_slave_1: left promiscuous mode [ 166.200647][ T4778] bridge0: port 2(bridge_slave_1) entered disabled state [ 166.210065][ T4778] bridge_slave_0: left allmulticast mode [ 166.216130][ T4778] bridge_slave_0: left promiscuous mode [ 166.221867][ T4778] bridge0: port 1(bridge_slave_0) entered disabled state [ 166.233456][ T4778] bridge_slave_1: left allmulticast mode [ 166.239177][ T4778] bridge_slave_1: left promiscuous mode [ 166.245254][ T4778] bridge0: port 2(bridge_slave_1) entered disabled state [ 166.255103][ T4778] bridge_slave_0: left allmulticast mode [ 166.261422][ T4778] bridge_slave_0: left promiscuous mode [ 166.267662][ T4778] bridge0: port 1(bridge_slave_0) entered disabled state [ 166.281671][ T4778] bridge_slave_1: left allmulticast mode [ 166.288697][ T4778] bridge_slave_1: left promiscuous mode [ 166.295550][ T4778] bridge0: port 2(bridge_slave_1) entered disabled state [ 166.307108][ T4778] bridge_slave_0: left allmulticast mode [ 166.313287][ T4778] bridge_slave_0: left promiscuous mode [ 166.319015][ T4778] bridge0: port 1(bridge_slave_0) entered disabled state [ 166.330262][ T4778] bridge_slave_1: left allmulticast mode [ 166.336509][ T4778] bridge_slave_1: left promiscuous mode [ 166.342233][ T4778] bridge0: port 2(bridge_slave_1) entered disabled state [ 166.357266][ T4778] bridge_slave_0: left allmulticast mode [ 166.364946][ T4778] bridge_slave_0: left promiscuous mode [ 166.370726][ T4778] bridge0: port 1(bridge_slave_0) entered disabled state [ 166.533007][ T4778] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 166.545790][ T4778] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 166.555192][ T4778] bond0 (unregistering): Released all slaves [ 166.667670][ T4778] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 166.679993][ T4778] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 166.689682][ T4778] bond0 (unregistering): Released all slaves [ 166.758295][ T4778] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 166.768682][ T4778] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 166.781539][ T4778] bond0 (unregistering): Released all slaves [ 166.879071][ T4778] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 166.888865][ T4778] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 166.898558][ T4778] bond0 (unregistering): Released all slaves [ 167.000456][ T4778] ovs_: left promiscuous mode [ 167.559771][ T4778] hsr_slave_0: left promiscuous mode [ 167.567298][ T4778] hsr_slave_1: left promiscuous mode [ 167.578227][ T4778] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 167.587997][ T4778] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 167.596153][ T4778] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 167.603680][ T4778] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 167.612973][ T4778] hsr_slave_0: left promiscuous mode [ 167.618955][ T4778] hsr_slave_1: left promiscuous mode [ 167.626712][ T4778] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 167.634254][ T4778] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 167.641935][ T4778] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 167.649579][ T4778] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 167.659506][ T4778] hsr_slave_0: left promiscuous mode [ 167.665804][ T4778] hsr_slave_1: left promiscuous mode [ 167.671458][ T4778] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 167.679424][ T4778] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 167.688247][ T4778] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 167.695694][ T4778] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 167.705926][ T4778] hsr_slave_0: left promiscuous mode [ 167.711633][ T4778] hsr_slave_1: left promiscuous mode [ 167.717553][ T4778] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 167.725076][ T4778] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 167.732774][ T4778] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 167.740179][ T4778] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 167.755884][ T4778] veth1_macvtap: left promiscuous mode [ 167.761382][ T4778] veth0_macvtap: left promiscuous mode [ 167.767086][ T4778] veth1_vlan: left promiscuous mode [ 167.772610][ T4778] veth0_vlan: left promiscuous mode [ 167.778748][ T4778] veth1_macvtap: left promiscuous mode [ 167.784360][ T4778] veth0_macvtap: left promiscuous mode [ 167.790469][ T4778] veth1_macvtap: left promiscuous mode [ 167.796650][ T4778] veth0_macvtap: left promiscuous mode [ 167.802168][ T4778] veth1_vlan: left promiscuous mode [ 167.807500][ T4778] veth0_vlan: left promiscuous mode [ 167.813420][ T4778] veth1_macvtap: left promiscuous mode [ 167.818899][ T4778] veth0_macvtap: left promiscuous mode [ 167.824640][ T4778] veth1_vlan: left promiscuous mode [ 167.829950][ T4778] veth0_vlan: left promiscuous mode [ 168.066295][ T4778] team0 (unregistering): Port device team_slave_1 removed [ 168.086154][ T4778] team0 (unregistering): Port device team_slave_0 removed [ 168.211141][ T4778] team0 (unregistering): Port device team_slave_1 removed [ 168.231190][ T4778] team0 (unregistering): Port device team_slave_0 removed [ 168.382233][ T4778] team0 (unregistering): Port device team_slave_1 removed [ 168.403966][ T4778] team0 (unregistering): Port device team_slave_0 removed [ 168.559150][ T4778] team0 (unregistering): Port device team_slave_1 removed [ 168.578564][ T4778] team0 (unregistering): Port device team_slave_0 removed