last executing test programs: 9.299164206s ago: executing program 1 (id=366): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/pcm0p/oss\x00', 0xaa102, 0x0) write$auto(r0, &(0x7f0000000100)='\x00\x00\x00\x00\x00\x00\x00x \xec(\x1d\x98\xe9\xc4\xe8\xfc@6=\xab\xf4\x89\x01\x93\xdc\x19\xffv\'\xa1\xd5\x14\x06S\xae\xadB}\xdf]\x99\xc9\x9f4\xbb\xc5\x81\x9d\x8ak\xdeB\xcbd\xd3\x05\xe4P\x84\xcb\xb8#\x13\nYU\'\x95R\xc8\x9d\xb7*\xe0.\xd2\xdf\x1b\x88D\x8c{k\xcec\xe1\xa2j\xec\xc9\xd2\x98\x94I\x102h\x06\x8c\xa2\xc8\x8a7\xb7t', 0x7ef) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82040, 0x0) socket(0xa, 0x1, 0x100) ioperm$auto(0x7, 0x5ad2, 0xc) modify_ldt$auto(0x1, 0x0, 0x10) r1 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0xc0000, 0x0) pread64$auto(r1, 0x0, 0x7ff, 0x400) socket(0x2, 0x1, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x12, 0x0, 0x0, &(0x7f0000000240)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x400000000000948f, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x3, 0x1, 0x9, 0x1]}, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x7, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x20000000003, 0x62, 0xfffffffffffffffd, 0x7, 0x3, 0x9, 0x2, 0x6]}, 0x0) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/kernel/kexec_load_disabled\x00', 0x202, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) mincore$auto(0x1000, 0x8001, 0x0) fcntl$auto(0x8000000000000001, 0x26, 0x8) sendfile$auto(r3, r3, 0x0, 0x0) mmap$auto(0xc, 0x20009, 0x5, 0xeb1, 0x405, 0x8000) unshare$auto(0x40000080) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000001d40), 0xffffffffffffffff) sendmsg$auto_BATADV_CMD_GET_TRANSTABLE_GLOBAL(r4, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\a\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="c79f25bd7000ffdbdf2507000000"], 0x14}, 0x1, 0x0, 0x0, 0xc031}, 0x44) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0004, 0x19) r6 = openat$auto_memtype_fops_memtype(0xffffffffffffff9c, &(0x7f0000000000), 0xa8200, 0x0) pread64$auto(r6, &(0x7f0000000040)='\x00', 0x40b6, 0x5) madvise$auto(0x0, 0x200007, 0x19) 6.903089341s ago: executing program 1 (id=379): r0 = socket(0x2, 0x1, 0x106) socket(0x18, 0x5, 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f00000018c0)=@in={0x2, 0x300, @loopback=0xac14140a}, 0x55) setsockopt$auto(r0, 0x1, 0x9, 0x0, 0xeb66) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000180), 0xffffffffffffffff) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000003140), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, 0x0, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) r3 = open(&(0x7f0000000800)='./file0\x00', 0xe4201, 0x17c) fcntl$auto(r3, 0x400, 0x1) unshare$auto(0x40000080) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/ip6_mr_vif\x00', 0x0, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='/sys/kernel/mm/transparent_hugepage/shrink_underused\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r4, 0x0, 0x0) setsockopt$auto(0x400000000000003, 0x20000029, 0x21b, 0x0, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd3/queue/iosched/write_expire\x00', 0x20681, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x30) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), r5) sendmsg$auto_NL80211_CMD_GET_WIPHY(r5, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000140)=ANY=[@ANYBLOB="18000000", @ANYRES16=r6, @ANYBLOB="810b25bd7080fbdbdf25010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x20000000}, 0xc004) recvmmsg$auto(r5, &(0x7f0000000180)={{0x0, 0x5, 0x0, 0x0, 0x0, 0x6, 0x5}, 0x20000804}, 0x210a, 0x6, 0x0) sendmsg$auto_OVS_CT_LIMIT_CMD_GET(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000bc0)=ANY=[@ANYBLOB=' 6\x00\x00', @ANYRES16=r2, @ANYBLOB="010025bd7000fcdbdf25030000000400"], 0x3620}, 0x1, 0x0, 0x0, 0x20000055}, 0x200400d0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x1ad240, 0x1b1) socket(0xa, 0x3, 0x3b) 6.802407309s ago: executing program 3 (id=373): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/pcm0p/oss\x00', 0xaa102, 0x0) write$auto(r0, &(0x7f0000000100)='\x00\x00\x00\x00\x00\x00\x00x \xec(\x1d\x98\xe9\xc4\xe8\xfc@6=\xab\xf4\x89\x01\x93\xdc\x19\xffv\'\xa1\xd5\x14\x06S\xae\xadB}\xdf]\x99\xc9\x9f4\xbb\xc5\x81\x9d\x8ak\xdeB\xcbd\xd3\x05\xe4P\x84\xcb\xb8#\x13\nYU\'\x95R\xc8\x9d\xb7*\xe0.\xd2\xdf\x1b\x88D\x8c{k\xcec\xe1\xa2j\xec\xc9\xd2\x98\x94I\x102h\x06\x8c\xa2\xc8\x8a7\xb7t', 0x7ef) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82040, 0x0) socket(0xa, 0x1, 0x100) ioperm$auto(0x7, 0x5ad2, 0xc) modify_ldt$auto(0x1, 0x0, 0x10) r1 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) pread64$auto(r1, 0x0, 0x7ff, 0x400) socket(0x2, 0x1, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x7, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x20000000003, 0x62, 0xfffffffffffffffd, 0x7, 0x3, 0x9, 0x2, 0x6]}, 0x0) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/kernel/kexec_load_disabled\x00', 0x202, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) mincore$auto(0x1000, 0x8001, 0x0) fcntl$auto(0x8000000000000001, 0x26, 0x8) sendfile$auto(r3, r3, 0x0, 0x0) mmap$auto(0xc, 0x20009, 0x5, 0xeb1, 0x405, 0x8000) unshare$auto(0x40000080) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000001d40), 0xffffffffffffffff) sendmsg$auto_BATADV_CMD_GET_TRANSTABLE_GLOBAL(r4, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\a\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="c79f25bd7000ffdbdf2507000000"], 0x14}, 0x1, 0x0, 0x0, 0xc031}, 0x44) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0004, 0x19) r6 = openat$auto_memtype_fops_memtype(0xffffffffffffff9c, &(0x7f0000000000), 0xa8200, 0x0) pread64$auto(r6, &(0x7f0000000040)='\x00', 0x40b6, 0x5) madvise$auto(0x0, 0x200007, 0x19) 6.481525077s ago: executing program 0 (id=374): r0 = socket(0x2, 0x1, 0x106) socket(0x18, 0x5, 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f00000018c0)=@in={0x2, 0x300, @loopback=0xac14140a}, 0x55) setsockopt$auto(r0, 0x1, 0x9, 0x0, 0xeb66) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000180), 0xffffffffffffffff) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000003140), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, 0x0, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) r3 = open(&(0x7f0000000800)='./file0\x00', 0xe4201, 0x17c) fcntl$auto(r3, 0x400, 0x1) unshare$auto(0x40000080) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/ip6_mr_vif\x00', 0x0, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='/sys/kernel/mm/transparent_hugepage/shrink_underused\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f0000000140)=""/1, 0x1) setsockopt$auto(0x400000000000003, 0x20000029, 0x21b, 0x0, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd3/queue/iosched/write_expire\x00', 0x20681, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x30) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), r5) sendmsg$auto_NL80211_CMD_GET_WIPHY(r5, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000140)=ANY=[@ANYBLOB="180000", @ANYRES16=r6, @ANYBLOB="810b25bd7080fbdbdf25010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x20000000}, 0xc004) recvmmsg$auto(r5, &(0x7f0000000180)={{0x0, 0x5, 0x0, 0x0, 0x0, 0x6, 0x5}, 0x20000804}, 0x210a, 0x6, 0x0) sendmsg$auto_OVS_CT_LIMIT_CMD_GET(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000bc0)=ANY=[@ANYBLOB=' 6\x00\x00', @ANYRES16=r2, @ANYBLOB="010025bd7000fcdbdf25030000000400"], 0x3620}, 0x1, 0x0, 0x0, 0x20000055}, 0x200400d0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x1ad240, 0x1b1) socket(0xa, 0x3, 0x3b) 4.849715195s ago: executing program 1 (id=376): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/pcm0p/oss\x00', 0xaa102, 0x0) write$auto(r0, &(0x7f0000000100)='\x00\x00\x00\x00\x00\x00\x00x \xec(\x1d\x98\xe9\xc4\xe8\xfc@6=\xab\xf4\x89\x01\x93\xdc\x19\xffv\'\xa1\xd5\x14\x06S\xae\xadB}\xdf]\x99\xc9\x9f4\xbb\xc5\x81\x9d\x8ak\xdeB\xcbd\xd3\x05\xe4P\x84\xcb\xb8#\x13\nYU\'\x95R\xc8\x9d\xb7*\xe0.\xd2\xdf\x1b\x88D\x8c{k\xcec\xe1\xa2j\xec\xc9\xd2\x98\x94I\x102h\x06\x8c\xa2\xc8\x8a7\xb7t', 0x7ef) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, 0x0, 0x82040, 0x0) socket(0xa, 0x1, 0x100) ioperm$auto(0x7, 0x5ad2, 0xc) modify_ldt$auto(0x1, 0x0, 0x10) r1 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) pread64$auto(r1, 0x0, 0x7ff, 0x400) socket(0x2, 0x1, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x12, 0x0, 0x0, &(0x7f0000000240)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x400000000000948f, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x3, 0x1, 0x9, 0x1]}, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x7, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x20000000003, 0x62, 0xfffffffffffffffd, 0x7, 0x3, 0x9, 0x2, 0x6]}, 0x0) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/kernel/kexec_load_disabled\x00', 0x202, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) mincore$auto(0x1000, 0x8001, 0x0) fcntl$auto(0x8000000000000001, 0x26, 0x8) sendfile$auto(r3, r3, 0x0, 0x0) mmap$auto(0xc, 0x20009, 0x5, 0xeb1, 0x405, 0x8000) unshare$auto(0x40000080) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000001d40), 0xffffffffffffffff) sendmsg$auto_BATADV_CMD_GET_TRANSTABLE_GLOBAL(r4, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\a\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="c79f25bd7000ffdbdf2507000000"], 0x14}, 0x1, 0x0, 0x0, 0xc031}, 0x44) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0004, 0x19) r6 = openat$auto_memtype_fops_memtype(0xffffffffffffff9c, &(0x7f0000000000), 0xa8200, 0x0) pread64$auto(r6, &(0x7f0000000040)='\x00', 0x40b6, 0x5) madvise$auto(0x0, 0x200007, 0x19) 4.737695838s ago: executing program 3 (id=377): r0 = socket(0x2, 0x1, 0x106) socket(0x18, 0x5, 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f00000018c0)=@in={0x2, 0x300, @loopback=0xac14140a}, 0x55) setsockopt$auto(r0, 0x1, 0x9, 0x0, 0xeb66) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000180), 0xffffffffffffffff) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000003140), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, 0x0, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) r3 = open(&(0x7f0000000800)='./file0\x00', 0xe4201, 0x17c) fcntl$auto(r3, 0x400, 0x1) unshare$auto(0x40000080) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/ip6_mr_vif\x00', 0x0, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='/sys/kernel/mm/transparent_hugepage/shrink_underused\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f0000000140)=""/1, 0x1) setsockopt$auto(0x400000000000003, 0x20000029, 0x21b, 0x0, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd3/queue/iosched/write_expire\x00', 0x20681, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x30) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), r5) sendmsg$auto_NL80211_CMD_GET_WIPHY(r5, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000140)=ANY=[@ANYBLOB="180000", @ANYRES16=r6, @ANYBLOB="810b25bd7080fbdbdf25010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x20000000}, 0xc004) recvmmsg$auto(r5, &(0x7f0000000180)={{0x0, 0x5, 0x0, 0x0, 0x0, 0x6, 0x5}, 0x20000804}, 0x210a, 0x6, 0x0) sendmsg$auto_OVS_CT_LIMIT_CMD_GET(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000bc0)=ANY=[@ANYBLOB=' 6\x00\x00', @ANYRES16=r2, @ANYBLOB="010025bd7000fcdbdf25030000000400"], 0x3620}, 0x1, 0x0, 0x0, 0x20000055}, 0x200400d0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x1ad240, 0x1b1) socket(0xa, 0x3, 0x3b) 4.424072966s ago: executing program 0 (id=378): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/pcm0p/oss\x00', 0xaa102, 0x0) write$auto(r0, &(0x7f0000000100)='\x00\x00\x00\x00\x00\x00\x00x \xec(\x1d\x98\xe9\xc4\xe8\xfc@6=\xab\xf4\x89\x01\x93\xdc\x19\xffv\'\xa1\xd5\x14\x06S\xae\xadB}\xdf]\x99\xc9\x9f4\xbb\xc5\x81\x9d\x8ak\xdeB\xcbd\xd3\x05\xe4P\x84\xcb\xb8#\x13\nYU\'\x95R\xc8\x9d\xb7*\xe0.\xd2\xdf\x1b\x88D\x8c{k\xcec\xe1\xa2j\xec\xc9\xd2\x98\x94I\x102h\x06\x8c\xa2\xc8\x8a7\xb7t', 0x7ef) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82040, 0x0) socket(0xa, 0x1, 0x100) ioperm$auto(0x7, 0x5ad2, 0xc) modify_ldt$auto(0x1, 0x0, 0x10) r1 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) pread64$auto(r1, 0x0, 0x7ff, 0x400) socket(0x2, 0x1, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x12, 0x0, 0x0, &(0x7f0000000240)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x400000000000948f, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x3, 0x1, 0x9, 0x1]}, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x7, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x20000000003, 0x62, 0xfffffffffffffffd, 0x7, 0x3, 0x9, 0x2, 0x6]}, 0x0) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/kernel/kexec_load_disabled\x00', 0x202, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) mincore$auto(0x1000, 0x8001, 0x0) fcntl$auto(0x8000000000000001, 0x26, 0x8) sendfile$auto(r3, r3, 0x0, 0x0) mmap$auto(0xc, 0x20009, 0x5, 0xeb1, 0x405, 0x8000) unshare$auto(0x40000080) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000001d40), 0xffffffffffffffff) sendmsg$auto_BATADV_CMD_GET_TRANSTABLE_GLOBAL(r4, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\a\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="c79f25bd7000ffdbdf2507000000"], 0x14}, 0x1, 0x0, 0x0, 0xc031}, 0x44) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0004, 0x19) r6 = openat$auto_memtype_fops_memtype(0xffffffffffffff9c, &(0x7f0000000000), 0xa8200, 0x0) pread64$auto(r6, &(0x7f0000000040)='\x00', 0x40b6, 0x5) madvise$auto(0x0, 0x200007, 0x19) 4.143367734s ago: executing program 2 (id=380): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/pcm0p/oss\x00', 0xaa102, 0x0) write$auto(r0, &(0x7f0000000100)='\x00\x00\x00\x00\x00\x00\x00x \xec(\x1d\x98\xe9\xc4\xe8\xfc@6=\xab\xf4\x89\x01\x93\xdc\x19\xffv\'\xa1\xd5\x14\x06S\xae\xadB}\xdf]\x99\xc9\x9f4\xbb\xc5\x81\x9d\x8ak\xdeB\xcbd\xd3\x05\xe4P\x84\xcb\xb8#\x13\nYU\'\x95R\xc8\x9d\xb7*\xe0.\xd2\xdf\x1b\x88D\x8c{k\xcec\xe1\xa2j\xec\xc9\xd2\x98\x94I\x102h\x06\x8c\xa2\xc8\x8a7\xb7t', 0x7ef) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82040, 0x0) socket(0xa, 0x1, 0x100) ioperm$auto(0x7, 0x5ad2, 0xc) modify_ldt$auto(0x1, 0x0, 0x10) r1 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0xc0000, 0x0) pread64$auto(r1, 0x0, 0x7ff, 0x400) socket(0x2, 0x1, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x12, 0x0, 0x0, &(0x7f0000000240)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x400000000000948f, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x3, 0x1, 0x9, 0x1]}, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x7, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x20000000003, 0x62, 0xfffffffffffffffd, 0x7, 0x3, 0x9, 0x2, 0x6]}, 0x0) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/kernel/kexec_load_disabled\x00', 0x202, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) mincore$auto(0x1000, 0x8001, 0x0) fcntl$auto(0x8000000000000001, 0x26, 0x8) sendfile$auto(r3, r3, 0x0, 0x0) mmap$auto(0xc, 0x20009, 0x5, 0xeb1, 0x405, 0x8000) unshare$auto(0x40000080) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000001d40), 0xffffffffffffffff) sendmsg$auto_BATADV_CMD_GET_TRANSTABLE_GLOBAL(r4, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\a\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="c79f25bd7000ffdbdf2507000000"], 0x14}, 0x1, 0x0, 0x0, 0xc031}, 0x44) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0004, 0x19) r6 = openat$auto_memtype_fops_memtype(0xffffffffffffff9c, &(0x7f0000000000), 0xa8200, 0x0) pread64$auto(r6, &(0x7f0000000040)='\x00', 0x40b6, 0x5) madvise$auto(0x0, 0x200007, 0x19) 3.721272546s ago: executing program 3 (id=381): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/pcm0p/oss\x00', 0xaa102, 0x0) write$auto(r0, &(0x7f0000000100)='\x00\x00\x00\x00\x00\x00\x00x \xec(\x1d\x98\xe9\xc4\xe8\xfc@6=\xab\xf4\x89\x01\x93\xdc\x19\xffv\'\xa1\xd5\x14\x06S\xae\xadB}\xdf]\x99\xc9\x9f4\xbb\xc5\x81\x9d\x8ak\xdeB\xcbd\xd3\x05\xe4P\x84\xcb\xb8#\x13\nYU\'\x95R\xc8\x9d\xb7*\xe0.\xd2\xdf\x1b\x88D\x8c{k\xcec\xe1\xa2j\xec\xc9\xd2\x98\x94I\x102h\x06\x8c\xa2\xc8\x8a7\xb7t', 0x7ef) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82040, 0x0) socket(0xa, 0x1, 0x100) ioperm$auto(0x7, 0x5ad2, 0xc) modify_ldt$auto(0x1, 0x0, 0x10) r1 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) pread64$auto(r1, 0x0, 0x7ff, 0x400) socket(0x2, 0x1, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x12, 0x0, 0x0, 0x0, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x7, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x20000000003, 0x62, 0xfffffffffffffffd, 0x7, 0x3, 0x9, 0x2, 0x6]}, 0x0) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/kernel/kexec_load_disabled\x00', 0x202, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) mincore$auto(0x1000, 0x8001, 0x0) fcntl$auto(0x8000000000000001, 0x26, 0x8) sendfile$auto(r3, r3, 0x0, 0x0) mmap$auto(0xc, 0x20009, 0x5, 0xeb1, 0x405, 0x8000) unshare$auto(0x40000080) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000001d40), 0xffffffffffffffff) sendmsg$auto_BATADV_CMD_GET_TRANSTABLE_GLOBAL(r4, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\a\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="c79f25bd7000ffdbdf2507000000"], 0x14}, 0x1, 0x0, 0x0, 0xc031}, 0x44) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0004, 0x19) r6 = openat$auto_memtype_fops_memtype(0xffffffffffffff9c, &(0x7f0000000000), 0xa8200, 0x0) pread64$auto(r6, &(0x7f0000000040)='\x00', 0x40b6, 0x5) madvise$auto(0x0, 0x200007, 0x19) 2.824162749s ago: executing program 0 (id=382): openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x180b01, 0x0) ioctl$auto(0x3, 0x80000541b, 0x38) 2.564455661s ago: executing program 0 (id=383): r0 = openat$auto_check_wx_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x400, 0x0) read$auto_check_wx_fops_(r0, &(0x7f0000000080)=""/228, 0xe4) 2.302743724s ago: executing program 1 (id=384): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/pcm0p/oss\x00', 0xaa102, 0x0) write$auto(r0, &(0x7f0000000100)='\x00\x00\x00\x00\x00\x00\x00x \xec(\x1d\x98\xe9\xc4\xe8\xfc@6=\xab\xf4\x89\x01\x93\xdc\x19\xffv\'\xa1\xd5\x14\x06S\xae\xadB}\xdf]\x99\xc9\x9f4\xbb\xc5\x81\x9d\x8ak\xdeB\xcbd\xd3\x05\xe4P\x84\xcb\xb8#\x13\nYU\'\x95R\xc8\x9d\xb7*\xe0.\xd2\xdf\x1b\x88D\x8c{k\xcec\xe1\xa2j\xec\xc9\xd2\x98\x94I\x102h\x06\x8c\xa2\xc8\x8a7\xb7t', 0x7ef) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82040, 0x0) socket(0xa, 0x1, 0x100) ioperm$auto(0x7, 0x5ad2, 0xc) modify_ldt$auto(0x1, 0x0, 0x10) r1 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) pread64$auto(r1, 0x0, 0x7ff, 0x400) socket(0x2, 0x1, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x12, 0x0, 0x0, &(0x7f0000000240)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x400000000000948f, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x3, 0x1, 0x9, 0x1]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x7, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x20000000003, 0x62, 0xfffffffffffffffd, 0x7, 0x3, 0x9, 0x2, 0x6]}, 0x0) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/kernel/kexec_load_disabled\x00', 0x202, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) mincore$auto(0x1000, 0x8001, 0x0) fcntl$auto(0x8000000000000001, 0x26, 0x8) sendfile$auto(r2, r2, 0x0, 0x0) mmap$auto(0xc, 0x20009, 0x5, 0xeb1, 0x405, 0x8000) unshare$auto(0x40000080) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000001d40), 0xffffffffffffffff) sendmsg$auto_BATADV_CMD_GET_TRANSTABLE_GLOBAL(r3, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\a\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="c79f25bd7000ffdbdf2507000000"], 0x14}, 0x1, 0x0, 0x0, 0xc031}, 0x44) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0004, 0x19) r5 = openat$auto_memtype_fops_memtype(0xffffffffffffff9c, &(0x7f0000000000), 0xa8200, 0x0) pread64$auto(r5, &(0x7f0000000040)='\x00', 0x40b6, 0x5) madvise$auto(0x0, 0x200007, 0x19) 2.110273693s ago: executing program 3 (id=385): r0 = socket(0x2, 0x1, 0x106) socket(0x18, 0x5, 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f00000018c0)=@in={0x2, 0x300, @loopback=0xac14140a}, 0x55) setsockopt$auto(r0, 0x1, 0x9, 0x0, 0xeb66) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000180), 0xffffffffffffffff) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000003140), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, 0x0, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) r3 = open(&(0x7f0000000800)='./file0\x00', 0xe4201, 0x17c) fcntl$auto(r3, 0x400, 0x1) unshare$auto(0x40000080) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/ip6_mr_vif\x00', 0x0, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='/sys/kernel/mm/transparent_hugepage/shrink_underused\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r4, 0x0, 0x0) setsockopt$auto(0x400000000000003, 0x20000029, 0x21b, 0x0, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd3/queue/iosched/write_expire\x00', 0x20681, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x30) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), r5) sendmsg$auto_NL80211_CMD_GET_WIPHY(r5, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000140)=ANY=[@ANYBLOB="18000000", @ANYRES16=r6, @ANYBLOB="810b25bd7080fbdbdf25010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x20000000}, 0xc004) recvmmsg$auto(r5, &(0x7f0000000180)={{0x0, 0x5, 0x0, 0x0, 0x0, 0x6, 0x5}, 0x20000804}, 0x210a, 0x6, 0x0) sendmsg$auto_OVS_CT_LIMIT_CMD_GET(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000bc0)=ANY=[@ANYBLOB=' 6\x00\x00', @ANYRES16=r2, @ANYBLOB="010025bd7000fcdbdf25030000000400"], 0x3620}, 0x1, 0x0, 0x0, 0x20000055}, 0x200400d0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x1ad240, 0x1b1) socket(0xa, 0x3, 0x3b) 2.072905203s ago: executing program 2 (id=386): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x1, 0x106) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) sendmsg$auto_IPVS_CMD_GET_INFO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000580)={&(0x7f0000000cc0)={0x24, 0x0, 0x200, 0x70bd2c, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x7}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xad}]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x40980) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) openat$dir(0xffffffffffffff9c, 0x0, 0x40000, 0x0) bind$auto(0x3, 0x0, 0x6a) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x109001, 0x0) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'wlan0\x00'}) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) fcntl$auto(0xffffffffffffffff, 0x402, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x0) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da07, 0x3, 0x3, 0x62, 0x8000001f, 0x40007, 0x6d3e, 0x9, 0x2, 0x8]}, 0x0) sendmsg$auto(0xffffffffffffffff, 0x0, 0xfff) select$auto(0x9, &(0x7f00000000c0)={[0xeeda, 0x7, 0x100000001, 0x9, 0x6, 0x1ff, 0x400000000000006, 0x3, 0x4, 0x4618ecd2, 0x3, 0x42ff, 0x6, 0x9a8c, 0x9, 0x10001]}, 0x0, 0x0, &(0x7f0000000280)={0x6, 0xc8}) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) write$auto(0x3, 0x0, 0xfffffdef) ioctl$auto(0xffffffffffffffff, 0x900064b5, 0xc14) msgctl$auto(0x3ff, 0xf8, &(0x7f00000001c0)={{0x8, 0xee00, 0x0, 0x4, 0xa771, 0x7, 0x9}, &(0x7f0000000140)=0x1, &(0x7f0000000180)=0x1, 0x1c28a, 0x5f52, 0x3, 0x9, 0x8, 0x2cce, 0xfffc, 0x6, @inferred=0x0, @inferred=0xffffffffffffffff}) sendmsg$auto_MACSEC_CMD_UPD_RXSC(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="ca16b48700bc39b8eae35193c846ec9f6af8f2a872d633eec862046c889bc239ccef5dc68bc053c64452c7a6eda2fbd95f290beecb447136eb6f260010cce9e0f9c4ced184528f53561dc28784e93701ae1b1a78d6454eeea27caca1197d7aec2b937353c6ca8ce98e1e5ddd2c040900000000000000a517ff4bd1fe909f21a8c51d25122f39b5e83f83e82d8b61107bbca509cf3934ad3cf37bee507b3548f3879038706267946576c18758581ccae354928b3edb95dc8fe2f395d2ed72b1a4fc86cf60d3fb", @ANYRES16=0x0, @ANYBLOB="01022abd7000fedbdf25030000000c00028008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB], 0x28}}, 0x48010) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f00000027c0)={&(0x7f00000000c0), 0xc, &(0x7f0000002780)={&(0x7f00000009c0)=ANY=[@ANYBLOB="06fd6491cebca78beafc4b687ed8f3666c5a6d88c7f09791cdd11c597f22290fb5c9bd51421da568156e5fdc5918efbcb4c2ff5cb5ff2ca078cec1061a5dc8c7512d6a4f506f55f59e4b394709cd8b73734f2ce3e79d", @ANYBLOB="00022dbd7000fcdbdf250200000008000800", @ANYRES32=0x0, @ANYBLOB="0f0003002f6465762f616473703100001e020480ce0044800400750004006880d1506bbd2b1ebe4d19b0d1c0ab9c296454e83f6f917ac6b0097c35d5df5abbc18838f7a7f3b46966c809d12efc3a7a069afe67a71d5567097f060e60e752058afe2f21dd8e61df70ef93aeeebfdb2433f6f4fc2a08eaf6e20011cc4749ac9c02feb7059988773029c0283338878bcccdc09ee6318737f2af18d42604ad6bba937d6dd2f5a7d9c92e8f08d40b3f052e083a9bb7bf59ad99a2501b8622414a1400400000000000000000000000ffff0a010100040057800c000400070000000000000000003700ab80040012800400238008006900ffffffff04005f800800d000", @ANYRESDEC=r1, @ANYBLOB="0c007c0002000000000000000400908079d31828245d1d00a100e6809a9ee0a2123a8fa92a4224c5e320835bc1df4b86308f1eb106b640770860908a7ee198191bec22d0e1fe7b49b4428100781fc9231baa218eb9dff6587e85758d2557a569379b8216c1a1a193109a24a6cbf4ca980e8cd518672d8170bfc296672040c805d2805a666b2c10da076637bada153ac529599e829086c0d426fe1187195bc35fd30700a5007d2b00000800d8000a01010008003f", @ANYRES32=r2, @ANYBLOB="0000000800b6006401010178679f385b78dc0f0041002f6465762f6164737031000034dbb4a18fb580bda46a26cb741baeb66648b73e16593e6280ab1f493bdceced1b1cb8e704a055f6ba30c848e10359186bdac20f914fc3e87ed1e9d944940d1af2861a7aa210570710731e24a2b60c000004000a8008000100050000000800090000000000"], 0x260}, 0x1, 0x0, 0x0, 0xd5}, 0x4000040) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20002, 0x0) sendmsg$auto_MACSEC_CMD_UPD_RXSC(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01022abd7000fe01344a9701fa550cd6636ff75adb7cd800"/36, @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB], 0x28}}, 0x48010) 1.487529866s ago: executing program 0 (id=387): openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000140), 0x22081, 0x0) openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) 1.1553475s ago: executing program 0 (id=388): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$auto_dma_heap_fops_dma_heap(r0, 0xffffffffffdffe00, &(0x7f0000000140)=';') openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) socket(0xa, 0x1, 0x100) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x11a001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000340)={[0x100000001ff, 0x7, 0x0, 0x1000000000008fd6, 0x948b, 0x1000, 0x15f4da0a, 0x9, 0xfffffffffffffffb, 0x66, 0x9, 0x20000005, 0x200000005, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0xffffffffffff8000, 0x8000001f, 0xb, 0x6d41, 0xc, 0x2, 0x6]}, 0x0) mmap$auto(0x0, 0x20007, 0x4000000000df, 0xeb1, 0x401, 0xfffffffffffffffb) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/default/forwarding\x00', 0x141241, 0x0) pwrite64$auto(r2, &(0x7f0000000000)='./cgroup/memory.pressure\x00', 0x6bc, 0x5) readahead$auto(r2, 0x4, 0x4) mmap$auto(0x0, 0x4, 0x4000000000df, 0x78, r1, 0x310000000000) r3 = io_uring_setup$auto(0x6, 0x0) r4 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC0\x00', 0x802, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$auto(r4, 0xc1205531, r3) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.cpu/tasks\x00', 0x63102, 0x0) sendfile$auto(r5, r5, 0x0, 0x1) sendfile$auto(r5, r5, 0x0, 0x2) sysfs$auto(0x5, 0x100000074e, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) init_module$auto(0x0, 0xffff9, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x8000000000000000, 0x15) madvise$auto(0x0, 0x2000000080000001, 0x3) 792.591124ms ago: executing program 2 (id=389): r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x80000, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000140)={{@raw=0x80000000, 0x305, 0x1, 0x8, "3112d598004a614d19e22af9ffb683dbede3d0bf828bbfba40f035f4be6b7fe000900000000000755015e48d", @raw=0x4}, 0x3, 0x5, 0x4, @inferred, @integer={0x0, 0xfffffffffffffff9, 0x8}, "7a9fc199a16a2311eacf2fc7ae1da978dc3e8090334fdd7327b386425608af790ada71bdd70925450e24e87212f0bcab84a16f7ce8cbce0bb32777702b8d7c2d"}) 607.582944ms ago: executing program 2 (id=390): r0 = openat$auto_bm_entry_operations_binfmt_misc(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/fs/binfmt_misc/syz1\x00', 0x121801, 0x0) write$auto_bm_entry_operations_binfmt_misc(r0, 0x0, 0x0) 459.181297ms ago: executing program 1 (id=391): r0 = socket(0xa, 0x2, 0x3a) setsockopt$auto(r0, 0x29, 0x10, &(0x7f0000000080)='!\x00\xc6\xbd\xf1\x00q\a\xfb\x1d\xe1Jk\x92`\xc8Y\xd7l\x0f\xc4\x96\xbe\x99\t6\xe0y\xb8\xf9\xd8%\xd8\x8f\xe7\xf5*\xe8vG\xe8\xe9;(\xd2\xd4\xa3A\xc4\xde\x15\xaai\v9/(\xb2\xf3>\xa2[\xce\xf3\x11\xcfk\xdc\xa8\x9f\xb9]\x12\x9a\xb6\xe88P\xe2\f\xf2ZI\xa20\x9f\xa0\xc1\xb4', 0x202) 422.424209ms ago: executing program 3 (id=392): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/system/machinecheck/machinecheck1/ignore_ce\x00', 0xa0202, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000001580)="377809850576", 0x6) 237.439111ms ago: executing program 3 (id=393): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x1, 0x106) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) sendmsg$auto_IPVS_CMD_GET_INFO(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000580)={&(0x7f0000000cc0)={0x24, 0x0, 0x200, 0x70bd2c, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x7}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xad}]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x40980) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) openat$dir(0xffffffffffffff9c, 0x0, 0x40000, 0x0) bind$auto(0x3, 0x0, 0x6a) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x109001, 0x0) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'wlan0\x00'}) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) fcntl$auto(0xffffffffffffffff, 0x402, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x0) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da07, 0x3, 0x3, 0x62, 0x8000001f, 0x40007, 0x6d3e, 0x9, 0x2, 0x8]}, 0x0) sendmsg$auto(0xffffffffffffffff, 0x0, 0xfff) select$auto(0x9, &(0x7f00000000c0)={[0xeeda, 0x7, 0x100000001, 0x9, 0x6, 0x1ff, 0x400000000000006, 0x3, 0x4, 0x4618ecd2, 0x3, 0x42ff, 0x6, 0x9a8c, 0x9, 0x10001]}, 0x0, 0x0, &(0x7f0000000280)={0x6, 0xc8}) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) write$auto(0x3, 0x0, 0xfffffdef) ioctl$auto(0xffffffffffffffff, 0x900064b5, 0xc14) msgctl$auto(0x3ff, 0xf8, &(0x7f00000001c0)={{0x8, 0xee00, 0x0, 0x4, 0xa771, 0x7, 0x9}, &(0x7f0000000140)=0x1, &(0x7f0000000180)=0x1, 0x1c28a, 0x5f52, 0x3, 0x9, 0x8, 0x2cce, 0xfffc, 0x6, @inferred=0x0, @inferred=0xffffffffffffffff}) sendmsg$auto_MACSEC_CMD_UPD_RXSC(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="ca16b48700bc39b8eae35193c846ec9f6af8f2a872d633eec862046c889bc239ccef5dc68bc053c64452c7a6eda2fbd95f290beecb447136eb6f260010cce9e0f9c4ced184528f53561dc28784e93701ae1b1a78d6454eeea27caca1197d7aec2b937353c6ca8ce98e1e5ddd2c040900000000000000a517ff4bd1fe909f21a8c51d25122f39b5e83f83e82d8b61107bbca509cf3934ad3cf37bee507b3548f3879038706267946576c18758581ccae354928b3edb95dc8fe2f395d2ed72b1a4fc86cf60d3fb", @ANYRES16=0x0, @ANYBLOB="01022abd7000fedbdf25030000000c00028008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB], 0x28}}, 0x48010) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f00000027c0)={&(0x7f00000000c0), 0xc, &(0x7f0000002780)={&(0x7f00000009c0)=ANY=[@ANYBLOB="06fd6491cebca78beafc4b687ed8f3666c5a6d88c7f09791cdd11c597f22290fb5c9bd51421da568156e5fdc5918efbcb4c2ff5cb5ff2ca078cec1061a5dc8c7512d6a4f506f55f59e4b394709cd8b73734f2ce3e79d", @ANYBLOB="00022dbd7000fcdbdf2502000000", @ANYRES32=0x0, @ANYBLOB="0f0003002f6465762f616473703100001e020480ce0044800400750004006880d1506bbd2b1ebe4d19b0d1c0ab9c296454e83f6f917ac6b0097c35d5df5abbc18838f7a7f3b46966c809d12efc3a7a069afe67a71d5567097f060e60e752058afe2f21dd8e61df70ef93aeeebfdb2433f6f4fc2a08eaf6e20011cc4749ac9c02feb7059988773029c0283338878bcccdc09ee6318737f2af18d42604ad6bba937d6dd2f5a7d9c92e8f08d40b3f052e083a9bb7bf59ad99a2501b8622414a1400400000000000000000000000ffff0a010100040057800c000400070000000000000000003700ab80040012800400238008006900ffffffff04005f800800d000", @ANYRESDEC=r1, @ANYBLOB="0c007c0002000000000000000400908079d31828245d1d00a100e6809a9ee0a2123a8fa92a4224c5e320835bc1df4b86308f1eb106b640770860908a7ee198191bec22d0e1fe7b49b4428100781fc9231baa218eb9dff6587e85758d2557a569379b8216c1a1a193109a24a6cbf4ca980e8cd518672d8170bfc296672040c805d2805a666b2c10da076637bada153ac529599e829086c0d426fe1187195bc35fd30700a5007d2b00000800d8000a01010008003f00", @ANYRES32=r2, @ANYBLOB="0000000800b6006401010178679f385b78dc0f0041002f6465762f6164737031000034dbb4a18fb580bda46a26cb741baeb66648b73e16593e6280ab1f493bdceced1b1cb8e704a055f6ba30c848e10359186bdac20f914fc3e87ed1e9d944940d1af2861a7aa210570710731e24a2b60c000004000a8008000100050000000800090000000000"], 0x260}, 0x1, 0x0, 0x0, 0xd5}, 0x4000040) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20002, 0x0) sendmsg$auto_MACSEC_CMD_UPD_RXSC(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01022abd7000fe01344a9701fa550cd6636ff75adb7cd800"/36, @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB], 0x28}}, 0x48010) 226.915744ms ago: executing program 1 (id=394): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/pcm0p/oss\x00', 0xaa102, 0x0) write$auto(r0, &(0x7f0000000100)='\x00\x00\x00\x00\x00\x00\x00x \xec(\x1d\x98\xe9\xc4\xe8\xfc@6=\xab\xf4\x89\x01\x93\xdc\x19\xffv\'\xa1\xd5\x14\x06S\xae\xadB}\xdf]\x99\xc9\x9f4\xbb\xc5\x81\x9d\x8ak\xdeB\xcbd\xd3\x05\xe4P\x84\xcb\xb8#\x13\nYU\'\x95R\xc8\x9d\xb7*\xe0.\xd2\xdf\x1b\x88D\x8c{k\xcec\xe1\xa2j\xec\xc9\xd2\x98\x94I\x102h\x06\x8c\xa2\xc8\x8a7\xb7t', 0x7ef) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82040, 0x0) socket(0xa, 0x1, 0x100) ioperm$auto(0x7, 0x5ad2, 0xc) modify_ldt$auto(0x1, 0x0, 0x10) r1 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0xc0000, 0x0) pread64$auto(r1, 0x0, 0x7ff, 0x400) socket(0x2, 0x1, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x12, 0x0, 0x0, &(0x7f0000000240)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x400000000000948f, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x3, 0x1, 0x9, 0x1]}, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x7, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x20000000003, 0x62, 0xfffffffffffffffd, 0x7, 0x3, 0x9, 0x2, 0x6]}, 0x0) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/kernel/kexec_load_disabled\x00', 0x202, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) mincore$auto(0x1000, 0x8001, 0x0) fcntl$auto(0x8000000000000001, 0x26, 0x8) sendfile$auto(r3, r3, 0x0, 0x0) mmap$auto(0xc, 0x20009, 0x5, 0xeb1, 0x405, 0x8000) unshare$auto(0x40000080) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000001d40), 0xffffffffffffffff) sendmsg$auto_BATADV_CMD_GET_TRANSTABLE_GLOBAL(r4, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\a\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="c79f25bd7000ffdbdf2507000000"], 0x14}, 0x1, 0x0, 0x0, 0xc031}, 0x44) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0004, 0x19) r6 = openat$auto_memtype_fops_memtype(0xffffffffffffff9c, &(0x7f0000000000), 0xa8200, 0x0) pread64$auto(r6, &(0x7f0000000040)='\x00', 0x40b6, 0x5) madvise$auto(0x0, 0x200007, 0x19) 208.430566ms ago: executing program 2 (id=395): r0 = openat$auto_regulator_summary_fops_(0xffffffffffffff9c, &(0x7f0000000140), 0x200, 0x0) read$auto_regulator_summary_fops_(r0, &(0x7f0000000180)=""/4067, 0xfe3) 0s ago: executing program 2 (id=396): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/devices/virtual/block/loop5/queue/scheduler\x00', 0x20a42, 0x0) write$auto(r0, &(0x7f0000000080)='/\xe4ev/auYio\x00', 0x4) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.44' (ED25519) to the list of known hosts. [ 98.854725][ T5822] cgroup: Unknown subsys name 'net' [ 98.965124][ T5822] cgroup: Unknown subsys name 'cpuset' [ 98.975173][ T5822] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 100.890655][ T5822] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 102.553123][ T9] cfg80211: failed to load regulatory.db [ 103.285720][ T5834] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 103.294108][ T5834] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 103.303064][ T5834] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 103.310922][ T5834] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 103.319997][ T5834] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 103.351434][ T5834] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 103.392177][ T5845] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 103.395648][ T5842] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 103.400134][ T5845] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 103.417073][ T5844] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 103.417223][ T5845] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 103.427018][ T5844] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 103.433020][ T5845] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 103.440086][ T5844] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 103.447546][ T5845] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 103.454538][ T5844] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 103.466156][ T5845] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 103.467451][ T5844] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 103.492162][ T5845] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 103.500527][ T5844] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 104.142990][ T5832] chnl_net:caif_netlink_parms(): no params data found [ 104.203800][ T5841] chnl_net:caif_netlink_parms(): no params data found [ 104.294257][ T5836] chnl_net:caif_netlink_parms(): no params data found [ 104.357001][ T5835] chnl_net:caif_netlink_parms(): no params data found [ 104.517197][ T5832] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.524818][ T5832] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.532970][ T5832] bridge_slave_0: entered allmulticast mode [ 104.542089][ T5832] bridge_slave_0: entered promiscuous mode [ 104.581371][ T5841] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.588664][ T5841] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.596268][ T5841] bridge_slave_0: entered allmulticast mode [ 104.604989][ T5841] bridge_slave_0: entered promiscuous mode [ 104.612844][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.620034][ T5832] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.627847][ T5832] bridge_slave_1: entered allmulticast mode [ 104.635834][ T5832] bridge_slave_1: entered promiscuous mode [ 104.689354][ T5841] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.696662][ T5841] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.704450][ T5841] bridge_slave_1: entered allmulticast mode [ 104.713681][ T5841] bridge_slave_1: entered promiscuous mode [ 104.742114][ T5832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 104.767263][ T5836] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.774603][ T5836] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.781940][ T5836] bridge_slave_0: entered allmulticast mode [ 104.789429][ T5836] bridge_slave_0: entered promiscuous mode [ 104.844057][ T5832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 104.873174][ T5836] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.880629][ T5836] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.887841][ T5836] bridge_slave_1: entered allmulticast mode [ 104.898305][ T5836] bridge_slave_1: entered promiscuous mode [ 104.938545][ T5841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 104.980880][ T5835] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.988265][ T5835] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.996091][ T5835] bridge_slave_0: entered allmulticast mode [ 105.004963][ T5835] bridge_slave_0: entered promiscuous mode [ 105.015489][ T5841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 105.063414][ T5832] team0: Port device team_slave_0 added [ 105.072894][ T5836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 105.082457][ T5835] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.089646][ T5835] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.097832][ T5835] bridge_slave_1: entered allmulticast mode [ 105.105507][ T5835] bridge_slave_1: entered promiscuous mode [ 105.131786][ T5841] team0: Port device team_slave_0 added [ 105.140853][ T5832] team0: Port device team_slave_1 added [ 105.149906][ T5836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 105.177764][ T5841] team0: Port device team_slave_1 added [ 105.250665][ T5835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 105.276789][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 105.284625][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.310987][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 105.340794][ T5835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 105.351866][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 105.358882][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.385584][ T5841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 105.398728][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 105.406399][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.432550][ T5841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 105.445352][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 105.452668][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.478704][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 105.493759][ T5836] team0: Port device team_slave_0 added [ 105.511344][ T5839] Bluetooth: hci0: command tx timeout [ 105.511386][ T5845] Bluetooth: hci1: command tx timeout [ 105.523272][ T5844] Bluetooth: hci3: command tx timeout [ 105.548614][ T5836] team0: Port device team_slave_1 added [ 105.594497][ T5844] Bluetooth: hci2: command tx timeout [ 105.611710][ T5835] team0: Port device team_slave_0 added [ 105.652069][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 105.659089][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.685507][ T5836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 105.699067][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 105.706591][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.733328][ T5836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 105.747405][ T5835] team0: Port device team_slave_1 added [ 105.791974][ T5841] hsr_slave_0: entered promiscuous mode [ 105.799548][ T5841] hsr_slave_1: entered promiscuous mode [ 105.839179][ T5832] hsr_slave_0: entered promiscuous mode [ 105.846581][ T5832] hsr_slave_1: entered promiscuous mode [ 105.853191][ T5832] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 105.861178][ T5832] Cannot create hsr debugfs directory [ 105.961624][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 105.968633][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.995335][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 106.036141][ T5836] hsr_slave_0: entered promiscuous mode [ 106.042690][ T5836] hsr_slave_1: entered promiscuous mode [ 106.048872][ T5836] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 106.056958][ T5836] Cannot create hsr debugfs directory [ 106.070125][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 106.077346][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 106.103610][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 106.270049][ T5835] hsr_slave_0: entered promiscuous mode [ 106.276710][ T5835] hsr_slave_1: entered promiscuous mode [ 106.283533][ T5835] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 106.291267][ T5835] Cannot create hsr debugfs directory [ 106.681454][ T5841] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 106.713296][ T5841] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 106.743059][ T5841] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 106.781819][ T5841] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 106.821000][ T5832] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 106.854291][ T5832] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 106.867991][ T5832] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 106.898477][ T5832] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 106.978391][ T5836] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 107.008511][ T5836] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 107.022219][ T5836] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 107.056959][ T5836] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 107.169790][ T5835] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 107.184691][ T5835] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 107.196426][ T5835] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 107.228139][ T5835] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 107.255844][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 107.323164][ T5841] 8021q: adding VLAN 0 to HW filter on device team0 [ 107.346456][ T1096] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.353977][ T1096] bridge0: port 1(bridge_slave_0) entered forwarding state [ 107.375132][ T1096] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.382430][ T1096] bridge0: port 2(bridge_slave_1) entered forwarding state [ 107.424318][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0 [ 107.455504][ T5832] 8021q: adding VLAN 0 to HW filter on device team0 [ 107.497757][ T56] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.505018][ T56] bridge0: port 1(bridge_slave_0) entered forwarding state [ 107.587558][ T56] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.591528][ T5844] Bluetooth: hci0: command tx timeout [ 107.594820][ T56] bridge0: port 2(bridge_slave_1) entered forwarding state [ 107.607638][ T5844] Bluetooth: hci3: command tx timeout [ 107.608686][ T5845] Bluetooth: hci1: command tx timeout [ 107.668043][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0 [ 107.681478][ T5845] Bluetooth: hci2: command tx timeout [ 107.798417][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0 [ 107.839734][ T5836] 8021q: adding VLAN 0 to HW filter on device team0 [ 107.873513][ T1105] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.880756][ T1105] bridge0: port 1(bridge_slave_0) entered forwarding state [ 107.925199][ T1105] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.932489][ T1105] bridge0: port 2(bridge_slave_1) entered forwarding state [ 107.993501][ T5835] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.048710][ T1096] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.056573][ T1096] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.075031][ T1096] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.082355][ T1096] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.197395][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 108.232150][ T5835] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 108.380115][ T5841] veth0_vlan: entered promiscuous mode [ 108.418332][ T5841] veth1_vlan: entered promiscuous mode [ 108.557736][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 108.588949][ T5841] veth0_macvtap: entered promiscuous mode [ 108.649138][ T5841] veth1_macvtap: entered promiscuous mode [ 108.726910][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 108.772912][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 108.808161][ T5841] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.819342][ T5841] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.828342][ T5841] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.838324][ T5841] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.853940][ T5832] veth0_vlan: entered promiscuous mode [ 108.887625][ T5832] veth1_vlan: entered promiscuous mode [ 108.929873][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 108.954412][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 109.071079][ T56] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.088601][ T56] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.095290][ T5832] veth0_macvtap: entered promiscuous mode [ 109.152592][ T5832] veth1_macvtap: entered promiscuous mode [ 109.199279][ T1105] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.207904][ T1105] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.223883][ T5835] veth0_vlan: entered promiscuous mode [ 109.240006][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 109.258948][ T5835] veth1_vlan: entered promiscuous mode [ 109.289543][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 109.326954][ T5832] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.336715][ T5832] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.349465][ T5832] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.359008][ T5841] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 109.379993][ T5832] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.398068][ T5836] veth0_vlan: entered promiscuous mode [ 109.438106][ T5836] veth1_vlan: entered promiscuous mode [ 109.541998][ T5835] veth0_macvtap: entered promiscuous mode [ 109.621072][ T5835] veth1_macvtap: entered promiscuous mode [ 109.664019][ T5836] veth0_macvtap: entered promiscuous mode [ 109.671691][ T5845] Bluetooth: hci1: command tx timeout [ 109.677230][ T5839] Bluetooth: hci0: command tx timeout [ 109.683381][ T5844] Bluetooth: hci3: command tx timeout [ 109.685851][ T5836] veth1_macvtap: entered promiscuous mode [ 109.736740][ T1105] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.745132][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 109.753981][ T5845] Bluetooth: hci2: command tx timeout [ 109.767966][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 109.777836][ T1105] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.806903][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 109.820107][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 109.830464][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 109.866682][ T5835] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.875975][ T5835] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.889413][ T5835] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.952386][ T5835] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.008046][ T1170] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.041423][ T1170] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.131538][ T5904] Invalid ELF header magic: != ELF [ 110.172983][ T5836] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.203951][ T5836] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.217365][ T5836] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.226433][ T5836] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.509880][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 110.519758][ T1153] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.580703][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 110.630841][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 110.639320][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 110.648375][ T0] NOHZ tick-stop error: local softirq work is pending, handler #208!!! [ 110.791508][ T1153] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.919930][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 111.090938][ T1105] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.167660][ T1105] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.219902][ T56] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.229659][ T56] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.316347][ T5907] process 'syz.3.4' launched './file0' with NULL argv: empty string added [ 111.427561][ T1105] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.463153][ T1105] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.750533][ T5845] Bluetooth: hci1: command tx timeout [ 111.756841][ T5845] Bluetooth: hci3: command tx timeout [ 111.762702][ T5844] Bluetooth: hci0: command tx timeout [ 111.834617][ T5844] Bluetooth: hci2: command tx timeout [ 112.720986][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 113.289835][ T5928] [U] [ 113.597871][ T5936] Zero length message leads to an empty skb [ 113.891136][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 114.071682][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 114.147871][ T5938] bridge0: port 3(vlan1) entered blocking state [ 114.188072][ T5938] bridge0: port 3(vlan1) entered disabled state [ 114.209035][ T5938] vlan1: entered allmulticast mode [ 114.217473][ T5938] veth0_vlan: entered allmulticast mode [ 114.226232][ T5938] vlan1: entered promiscuous mode [ 114.234595][ T5938] bridge0: port 3(vlan1) entered blocking state [ 114.241226][ T5938] bridge0: port 3(vlan1) entered forwarding state [ 115.328964][ T5949] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 117.654623][ T5962] nbd: socks must be embedded in a SOCK_ITEM attr [ 118.173119][ T5975] syz.0.15 uses obsolete (PF_INET,SOCK_PACKET) [ 119.118608][ T5996] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 119.118608][ T5996] The task syz.2.18 (5996) triggered the difference, watch for misbehavior. [ 119.605306][ T5984] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78008 [ 119.615021][ T5984] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 119.625326][ T5984] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 119.634054][ T5984] page_type: f5(slab) [ 119.760328][ T5984] raw: 00fff00000000040 ffff88801b442140 dead000000000122 0000000000000000 [ 119.769205][ T5984] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 119.925829][ T5984] head: 00fff00000000040 ffff88801b442140 dead000000000122 0000000000000000 [ 119.937651][ T5984] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 120.020395][ T5984] head: 00fff00000000003 ffffea0001e00201 00000000ffffffff 00000000ffffffff [ 120.194141][ T5984] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 120.393741][ T5989] could not allocate digest TFM handle binfmt_misc [ 120.420433][ T5984] page dumped because: unmovable page [ 120.594353][ T5984] page_owner tracks the page as allocated [ 120.602585][ T5984] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5832, tgid 5832 (syz-executor), ts 105780985522, free_ts 87813956291 [ 120.760810][ T5984] post_alloc_hook+0x1c0/0x230 [ 120.773559][ T5984] get_page_from_freelist+0x1321/0x3890 [ 120.779337][ T5984] __alloc_frozen_pages_noprof+0x261/0x23f0 syzkaller syzkaller login: [ 120.827069][ T5984] alloc_pages_mpol+0x1fb/0x550 [ 120.832217][ T5984] new_slab+0x23b/0x330 [ 120.836555][ T5984] ___slab_alloc+0xd9c/0x1940 [ 120.844654][ T5984] __slab_alloc.constprop.0+0x56/0xb0 [ 120.861612][ T5984] __kmalloc_cache_noprof+0xfb/0x3e0 [ 120.900416][ T5984] kobject_uevent_env+0x265/0x1870 [ 120.905722][ T5984] netdev_queue_update_kobjects+0x1a7/0x720 [ 120.918973][ T5984] netdev_register_kobject+0x28c/0x3a0 [ 120.928885][ T5984] register_netdevice+0x13dc/0x2270 [ 120.939264][ T5984] veth_newlink+0x446/0xa00 [ 121.008896][ T5984] rtnl_newlink+0xc42/0x2000 [ 121.019474][ T5984] rtnetlink_rcv_msg+0x95e/0xe90 [ 121.025972][ T5984] netlink_rcv_skb+0x155/0x420 [ 121.123449][ T5984] page last free pid 5734 tgid 5734 stack trace: [ 121.151563][ T5984] __free_frozen_pages+0x7fe/0x1180 [ 121.167470][ T5984] __put_partials+0x16d/0x1c0 [ 121.184033][ T5984] qlist_free_all+0x4d/0x120 [ 121.190306][ T5984] kasan_quarantine_reduce+0x195/0x1e0 [ 121.215804][ T5984] __kasan_slab_alloc+0x69/0x90 [ 121.240286][ T5984] kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 121.256527][ T5984] vm_area_alloc+0x1f/0x160 [ 121.277121][ T5984] __mmap_region+0xf0e/0x25e0 [ 121.282066][ T5984] mmap_region+0x1ab/0x3f0 [ 121.293613][ T5984] do_mmap+0xa3e/0x1210 [ 121.300610][ T5984] vm_mmap_pgoff+0x281/0x450 [ 121.314128][ T5984] ksys_mmap_pgoff+0x32c/0x5c0 [ 121.319077][ T5984] __x64_sys_mmap+0x125/0x190 [ 121.338420][ T5984] do_syscall_64+0xcd/0x490 [ 121.358996][ T5984] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.174814][ T6032] Format for linking two devices is "netnsfd_a:ifidx_a netnsfd_b:ifidx_b" (int uint int uint). [ 126.312557][ T6069] random: crng reseeded on system resumption [ 127.218350][ T6070] FAULT_INJECTION: forcing a failure. [ 127.218350][ T6070] name failslab, interval 1, probability 0, space 0, times 1 [ 127.238742][ T6074] HfR: entered promiscuous mode [ 127.249857][ T6070] CPU: 0 UID: 0 PID: 6070 Comm: syz.0.29 Not tainted 6.15.0-syzkaller-12141-gec7714e49479 #0 PREEMPT(full) [ 127.249905][ T6070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 127.249928][ T6070] Call Trace: [ 127.249943][ T6070] [ 127.249959][ T6070] dump_stack_lvl+0x16c/0x1f0 [ 127.250011][ T6070] should_fail_ex+0x512/0x640 [ 127.250058][ T6070] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 127.250111][ T6070] should_failslab+0xc2/0x120 [ 127.250156][ T6070] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 127.250211][ T6070] ? __proc_create+0xc3/0x8c0 [ 127.250242][ T6070] ? __proc_create+0x2ce/0x8c0 [ 127.250279][ T6070] __proc_create+0x2ce/0x8c0 [ 127.250311][ T6070] ? __pfx___proc_create+0x10/0x10 [ 127.250360][ T6070] proc_create_reg+0x7d/0x180 [ 127.250397][ T6070] proc_create_data+0x86/0x110 [ 127.250430][ T6070] ? __pfx_proc_create_data+0x10/0x10 [ 127.250478][ T6070] gss_svc_init_net+0x238/0x660 [ 127.250527][ T6070] ? __pfx_canbcm_pernet_init+0x10/0x10 [ 127.250568][ T6070] ? __pfx_rpcsec_gss_init_net+0x10/0x10 [ 127.250623][ T6070] ops_init+0x1e2/0x5f0 [ 127.250691][ T6070] setup_net+0x1ff/0x510 [ 127.250744][ T6070] ? lockdep_init_map_type+0x5c/0x280 [ 127.250795][ T6070] ? __pfx_setup_net+0x10/0x10 [ 127.250852][ T6070] ? debug_mutex_init+0x37/0x70 [ 127.250891][ T6070] copy_net_ns+0x2a6/0x5f0 [ 127.250930][ T6070] create_new_namespaces+0x3ea/0xa90 [ 127.250980][ T6070] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 127.251030][ T6070] ksys_unshare+0x45b/0xa40 [ 127.251080][ T6070] ? __pfx_ksys_unshare+0x10/0x10 [ 127.251143][ T6070] ? xfd_validate_state+0x61/0x180 [ 127.251206][ T6070] __x64_sys_unshare+0x31/0x40 [ 127.251254][ T6070] do_syscall_64+0xcd/0x490 [ 127.251310][ T6070] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.251345][ T6070] RIP: 0033:0x7fd01a58e929 [ 127.251383][ T6070] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 127.251419][ T6070] RSP: 002b:00007fd01b31f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 127.251459][ T6070] RAX: ffffffffffffffda RBX: 00007fd01a7b6080 RCX: 00007fd01a58e929 [ 127.251484][ T6070] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 127.251504][ T6070] RBP: 00007fd01a610b39 R08: 0000000000000000 R09: 0000000000000000 [ 127.251525][ T6070] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 127.251546][ T6070] R13: 0000000000000000 R14: 00007fd01a7b6080 R15: 00007fff412555c8 [ 127.251591][ T6070]                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     [ 215.842219][ T7207] Invalid ELF header magic: != ELF [ 216.240436][ T6352] Bluetooth: hci1: command 0x0c1a tx timeout [ 216.470634][ T6352] Bluetooth: hci0: command 0x0c1a tx timeout [ 216.560367][ T6352] Bluetooth: hci2: command 0x0c1a tx timeout [ 216.713614][ T6352] Bluetooth: hci3: command 0x0c1a tx timeout syzkaller syzkaller login: [ 216.993501][ T7233] netlink: 13832 bytes leftover after parsing attributes in process `syz.3.213'. [ 217.101429][ T7234] netlink: 13832 bytes leftover after parsing attributes in process `syz.0.214'. [ 218.310745][ T6352] Bluetooth: hci1: command 0x0c1a tx timeout [ 218.552230][ T6352] Bluetooth: hci0: command 0x0c1a tx timeout [ 218.630597][ T6352] Bluetooth: hci2: command 0x0c1a tx timeout [ 218.790232][ T6352] Bluetooth: hci3: command 0x0c1a tx timeout [ 219.954901][ T7253] netlink: 48 bytes leftover after parsing attributes in process `syz.1.218'. [ 220.017734][ T6352] Bluetooth: hci2: Unable to find connection for big 0xd2 [ 220.390644][ T6352] Bluetooth: hci1: command 0x0c1a tx timeout [ 220.710219][ T6352] Bluetooth: hci2: command 0x0c1a tx timeout [ 220.870310][ T6352] Bluetooth: hci3: command 0x0c1a tx timeout [ 221.261583][ T7272] netlink: 13832 bytes leftover after parsing attributes in process `syz.0.227'. [ 223.617124][ T7300] capability: warning: `syz.0.223' uses 32-bit capabilities (legacy support in use) [ 225.487076][ T7328] netlink: 13832 bytes leftover after parsing attributes in process `syz.2.228'. [ 227.162446][ T7358] netlink: 13832 bytes leftover after parsing attributes in process `syz.3.230'. [ 228.586962][ T7390] netlink: 13832 bytes leftover after parsing attributes in process `syz.2.234'. [ 231.106863][ T7443] netlink: 13832 bytes leftover after parsing attributes in process `syz.2.246'. [ 232.030542][ T7446] zswap: compressor not available [ 232.400427][ T7463] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 232.426883][ T7463] CIFS mount error: No usable UNC path provided in device string! [ 232.426883][ T7463] [ 232.437364][ T7463] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 233.152755][ T7451] FAULT_INJECTION: forcing a failure. [ 233.152755][ T7451] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 233.315997][ T7451] CPU: 0 UID: 0 PID: 7451 Comm: syz.1.239 Tainted: G U 6.15.0-syzkaller-12141-gec7714e49479 #0 PREEMPT(full) [ 233.316035][ T7451] Tainted: [U]=USER [ 233.316042][ T7451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 233.316056][ T7451] Call Trace: [ 233.316063][ T7451] [ 233.316071][ T7451] dump_stack_lvl+0x16c/0x1f0 [ 233.316109][ T7451] should_fail_ex+0x512/0x640 [ 233.316149][ T7451] should_fail_alloc_page+0xe7/0x130 [ 233.316175][ T7451] prepare_alloc_pages+0x3c2/0x610 [ 233.316203][ T7451] ? rcu_is_watching+0x12/0xc0 [ 233.316230][ T7451] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 233.316271][ T7451] ? stack_trace_save+0x8e/0xc0 [ 233.316296][ T7451] ? __pfx_stack_trace_save+0x10/0x10 [ 233.316320][ T7451] ? stack_depot_save_flags+0x28/0xa40 [ 233.316367][ T7451] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 233.316405][ T7451] ? __lock_acquire+0x622/0x1c90 [ 233.316441][ T7451] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 233.316473][ T7451] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 233.316511][ T7451] ? policy_nodemask+0xea/0x4e0 [ 233.316536][ T7451] alloc_pages_mpol+0x1fb/0x550 [ 233.316559][ T7451] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 233.316590][ T7451] alloc_pages_noprof+0x131/0x390 [ 233.316614][ T7451] alloc_pages_exact_noprof+0x37/0xe0 [ 233.316643][ T7451] ? __asan_memset+0x23/0x50 [ 233.316674][ T7451] snd_pcm_attach_substream+0x4bb/0xd60 [ 233.316712][ T7451] snd_pcm_open_substream+0x8d/0x17f0 [ 233.316752][ T7451] ? __pfx_snd_pcm_open_substream+0x10/0x10 [ 233.316809][ T7451] snd_pcm_oss_open+0x735/0x1400 [ 233.316845][ T7451] ? __pfx_snd_pcm_oss_open+0x10/0x10 [ 233.316871][ T7451] ? __lock_acquire+0xb8a/0x1c90 [ 233.316902][ T7451] ? __pfx_default_wake_function+0x10/0x10 [ 233.316929][ T7451] ? __lock_acquire+0xb8a/0x1c90 [ 233.316966][ T7451] ? do_raw_spin_lock+0x12c/0x2b0 [ 233.317005][ T7451] ? soundcore_open+0x35a/0x580 [ 233.317042][ T7451] ? __pfx_snd_pcm_oss_open+0x10/0x10 [ 233.317068][ T7451] soundcore_open+0x409/0x580 [ 233.317105][ T7451] ? __pfx_soundcore_open+0x10/0x10 [ 233.317140][ T7451] chrdev_open+0x234/0x6a0 [ 233.317161][ T7451] ? __pfx_apparmor_file_open+0x10/0x10 [ 233.317193][ T7451] ? __pfx_chrdev_open+0x10/0x10 [ 233.317217][ T7451] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 233.317255][ T7451] do_dentry_open+0x741/0x1c10 [ 233.317293][ T7451] ? __pfx_chrdev_open+0x10/0x10 [ 233.317320][ T7451] vfs_open+0x82/0x3f0 [ 233.317350][ T7451] path_openat+0x1de4/0x2cb0 [ 233.317395][ T7451] ? __pfx_path_openat+0x10/0x10 [ 233.317432][ T7451] ? __lock_acquire+0xb8a/0x1c90 [ 233.317468][ T7451] do_filp_open+0x20b/0x470 [ 233.317505][ T7451] ? __pfx_do_filp_open+0x10/0x10 [ 233.317562][ T7451] ? alloc_fd+0x471/0x7d0 [ 233.317603][ T7451] do_sys_openat2+0x11b/0x1d0 [ 233.317630][ T7451] ? __pfx_do_sys_openat2+0x10/0x10 [ 233.317659][ T7451] ? __sys_sendmsg+0x18c/0x220 [ 233.317700][ T7451] __x64_sys_openat+0x174/0x210 [ 233.317741][ T7451] ? __pfx___x64_sys_openat+0x10/0x10 [ 233.317782][ T7451] do_syscall_64+0xcd/0x490 [ 233.317819][ T7451] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 233.317842][ T7451] RIP: 0033:0x7f44be98e929 [ 233.317861][ T7451] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 233.317883][ T7451] RSP: 002b:00007f44bf8a2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 233.317905][ T7451] RAX: ffffffffffffffda RBX: 00007f44bebb5fa0 RCX: 00007f44be98e929 [ 233.317921][ T7451] RDX: 0000000000020b42 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 233.317936][ T7451] RBP: 00007f44bea10b39 R08: 0000000000000000 R09: 0000000000000000 [ 233.317950][ T7451] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 233.317964][ T7451] R13: 0000000000000000 R14: 00007f44bebb5fa0 R15: 00007fff51a22b88 [ 233.317993][ T7451] [ 237.655574][ T7526] netlink: 13832 bytes leftover after parsing attributes in process `syz.0.250'. [ 238.549861][ T7538] netlink: 48 bytes leftover after parsing attributes in process `syz.0.252'. [ 239.027225][ T31] audit: type=1806 audit(6044095584.038:2): xattr="." res=0 [ 240.388805][ T7554] netlink: 13832 bytes leftover after parsing attributes in process `syz.3.255'. [ 241.652409][ T7571] Invalid ELF header magic: != ELF [ 243.577643][ T7599] FAULT_INJECTION: forcing a failure. [ 243.577643][ T7599] name failslab, interval 1, probability 0, space 0, times 0 [ 243.708471][ T7599] CPU: 1 UID: 0 PID: 7599 Comm: syz.0.262 Tainted: G U 6.15.0-syzkaller-12141-gec7714e49479 #0 PREEMPT(full) [ 243.708523][ T7599] Tainted: [U]=USER [ 243.708534][ T7599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 243.708560][ T7599] Call Trace: [ 243.708574][ T7599] [ 243.708586][ T7599] dump_stack_lvl+0x16c/0x1f0 [ 243.708637][ T7599] should_fail_ex+0x512/0x640 [ 243.708687][ T7599] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 243.708747][ T7599] should_failslab+0xc2/0x120 [ 243.708779][ T7599] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 243.708835][ T7599] ? __devinet_sysctl_register+0xbc/0x360 [ 243.708880][ T7599] kmemdup_noprof+0x29/0x60 [ 243.708932][ T7599] __devinet_sysctl_register+0xbc/0x360 [ 243.708975][ T7599] ? __pfx___devinet_sysctl_register+0x10/0x10 [ 243.709016][ T7599] ? devinet_init_net+0xeb/0x910 [ 243.709052][ T7599] ? __asan_memcpy+0x3c/0x60 [ 243.709100][ T7599] devinet_init_net+0x315/0x910 [ 243.709137][ T7599] ? __pfx_devinet_init_net+0x10/0x10 [ 243.709172][ T7599] ops_init+0x1e2/0x5f0 [ 243.709227][ T7599] setup_net+0x1ff/0x510 [ 243.709273][ T7599] ? lockdep_init_map_type+0x5c/0x280 [ 243.709319][ T7599] ? __pfx_setup_net+0x10/0x10 [ 243.709371][ T7599] ? debug_mutex_init+0x37/0x70 [ 243.709406][ T7599] copy_net_ns+0x2a6/0x5f0 [ 243.709455][ T7599] create_new_namespaces+0x3ea/0xa90 [ 243.709503][ T7599] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 243.709541][ T7599] ksys_unshare+0x45b/0xa40 [ 243.709585][ T7599] ? __pfx_ksys_unshare+0x10/0x10 [ 243.709628][ T7599] ? xfd_validate_state+0x61/0x180 [ 243.709683][ T7599] __x64_sys_unshare+0x31/0x40 [ 243.709727][ T7599] do_syscall_64+0xcd/0x490 [ 243.709777][ T7599] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 243.709809][ T7599] RIP: 0033:0x7fd01a58e929 [ 243.709835][ T7599] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 243.709868][ T7599] RSP: 002b:00007fd01b31f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 243.709898][ T7599] RAX: ffffffffffffffda RBX: 00007fd01a7b6080 RCX: 00007fd01a58e929 [ 243.709919][ T7599] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 243.709938][ T7599] RBP: 00007fd01a610b39 R08: 0000000000000000 R09: 0000000000000000 [ 243.709956][ T7599] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 243.709974][ T7599] R13: 0000000000000000 R14: 00007fd01a7b6080 R15: 00007fff412555c8 [ 243.710017][ T7599] [ 243.995149][ T7607] netlink: 13832 bytes leftover after parsing attributes in process `syz.1.261'. [ 244.274275][ T7614] netlink: 13832 bytes leftover after parsing attributes in process `syz.3.263'. [ 246.608339][ T7639] netlink: 48 bytes leftover after parsing attributes in process `syz.3.266'. [ 247.350629][ T7645] netlink: 13832 bytes leftover after parsing attributes in process `syz.0.274'. [ 248.372801][ T7651] Invalid ELF header magic: != ELF [ 250.096945][ T7676] netlink: 13832 bytes leftover after parsing attributes in process `syz.2.272'. [ 250.197063][ T7685] netlink: 13832 bytes leftover after parsing attributes in process `syz.1.275'. [ 251.178661][ T7698] FAULT_INJECTION: forcing a failure. [ 251.178661][ T7698] name failslab, interval 1, probability 0, space 0, times 0 [ 251.325849][ T7698] CPU: 0 UID: 0 PID: 7698 Comm: syz.2.276 Tainted: G U 6.15.0-syzkaller-12141-gec7714e49479 #0 PREEMPT(full) [ 251.325903][ T7698] Tainted: [U]=USER [ 251.325916][ T7698] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 251.325936][ T7698] Call Trace: [ 251.325947][ T7698] [ 251.325959][ T7698] dump_stack_lvl+0x16c/0x1f0 [ 251.326013][ T7698] should_fail_ex+0x512/0x640 [ 251.326064][ T7698] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 251.326125][ T7698] should_failslab+0xc2/0x120 [ 251.326158][ T7698] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 251.326217][ T7698] ? devinet_init_net+0xc3/0x910 [ 251.326271][ T7698] kmemdup_noprof+0x29/0x60 [ 251.326323][ T7698] devinet_init_net+0xc3/0x910 [ 251.326361][ T7698] ? __pfx_devinet_init_net+0x10/0x10 [ 251.326398][ T7698] ops_init+0x1e2/0x5f0 [ 251.326452][ T7698] setup_net+0x1ff/0x510 [ 251.326499][ T7698] ? lockdep_init_map_type+0x5c/0x280 [ 251.326545][ T7698] ? __pfx_setup_net+0x10/0x10 [ 251.326597][ T7698] ? debug_mutex_init+0x37/0x70 [ 251.326632][ T7698] copy_net_ns+0x2a6/0x5f0 [ 251.326667][ T7698] create_new_namespaces+0x3ea/0xa90 [ 251.326712][ T7698] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 251.326752][ T7698] ksys_unshare+0x45b/0xa40 [ 251.326796][ T7698] ? __pfx_ksys_unshare+0x10/0x10 [ 251.326852][ T7698] ? xfd_validate_state+0x61/0x180 [ 251.326907][ T7698] __x64_sys_unshare+0x31/0x40 [ 251.326950][ T7698] do_syscall_64+0xcd/0x490 [ 251.327000][ T7698] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 251.327032][ T7698] RIP: 0033:0x7fa26b38e929 [ 251.327058][ T7698] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 251.327109][ T7698] RSP: 002b:00007fa26c132038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 251.327139][ T7698] RAX: ffffffffffffffda RBX: 00007fa26b5b6080 RCX: 00007fa26b38e929 [ 251.327161][ T7698] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 251.327180][ T7698] RBP: 00007fa26b410b39 R08: 0000000000000000 R09: 0000000000000000 [ 251.327200][ T7698] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 251.327218][ T7698] R13: 0000000000000000 R14: 00007fa26b5b6080 R15: 00007fff35d73078 [ 251.327261][ T7698] [ 251.553505][ C0] vkms_vblank_simulate: vblank timer overrun [ 252.051436][ T7716] netlink: 13832 bytes leftover after parsing attributes in process `syz.0.278'. [ 253.508194][ T7738] netlink: 504 bytes leftover after parsing attributes in process `syz.0.282'. [ 253.581617][ T7739] netlink: 13832 bytes leftover after parsing attributes in process `syz.3.280'. [ 253.624125][ T7738] netlink: 350 bytes leftover after parsing attributes in process `syz.0.282'. [ 253.997302][ T7740] zswap: compressor not available [ 254.143692][ T7740] Setting dangerous option i915.mitigations - tainting kernel [ 255.491832][ T7752] FAULT_INJECTION: forcing a failure. [ 255.491832][ T7752] name failslab, interval 1, probability 0, space 0, times 0 [ 255.594085][ T7752] CPU: 0 UID: 0 PID: 7752 Comm: syz.2.284 Tainted: G U 6.15.0-syzkaller-12141-gec7714e49479 #0 PREEMPT(full) [ 255.594139][ T7752] Tainted: [U]=USER [ 255.594150][ T7752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 255.594168][ T7752] Call Trace: [ 255.594179][ T7752] [ 255.594190][ T7752] dump_stack_lvl+0x16c/0x1f0 [ 255.594242][ T7752] should_fail_ex+0x512/0x640 [ 255.594295][ T7752] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 255.594353][ T7752] should_failslab+0xc2/0x120 [ 255.594387][ T7752] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 255.594450][ T7752] ? alloc_inode+0xc3/0x240 [ 255.594492][ T7752] alloc_inode+0xc3/0x240 [ 255.594528][ T7752] path_from_stashed+0x2be/0xb00 [ 255.594581][ T7752] ? do_raw_spin_lock+0x12c/0x2b0 [ 255.594637][ T7752] ? __pfx_path_from_stashed+0x10/0x10 [ 255.594691][ T7752] ? do_raw_spin_unlock+0x172/0x230 [ 255.594753][ T7752] ns_get_path+0x5f/0x80 [ 255.594799][ T7752] proc_ns_get_link+0x121/0x260 [ 255.594847][ T7752] ? __pfx_proc_ns_get_link+0x10/0x10 [ 255.594899][ T7752] ? atime_needs_update+0x8b/0x710 [ 255.594939][ T7752] ? __pfx_proc_ns_get_link+0x10/0x10 [ 255.594985][ T7752] step_into+0x1a29/0x2270 [ 255.595040][ T7752] ? __pfx_step_into+0x10/0x10 [ 255.595084][ T7752] ? find_held_lock+0x2b/0x80 [ 255.595130][ T7752] path_openat+0x6db/0x2cb0 [ 255.595193][ T7752] ? __pfx_path_openat+0x10/0x10 [ 255.595247][ T7752] ? __lock_acquire+0xb8a/0x1c90 [ 255.595297][ T7752] do_filp_open+0x20b/0x470 [ 255.595349][ T7752] ? __pfx_do_filp_open+0x10/0x10 [ 255.595431][ T7752] ? alloc_fd+0x471/0x7d0 [ 255.595499][ T7752] do_sys_openat2+0x11b/0x1d0 [ 255.595538][ T7752] ? __pfx_do_sys_openat2+0x10/0x10 [ 255.595575][ T7752] ? find_held_lock+0x2b/0x80 [ 255.595608][ T7752] ? handle_mm_fault+0x2ab/0xd10 [ 255.595665][ T7752] __x64_sys_openat+0x174/0x210 [ 255.595705][ T7752] ? __pfx___x64_sys_openat+0x10/0x10 [ 255.595746][ T7752] ? do_user_addr_fault+0x843/0x1370 [ 255.595804][ T7752] do_syscall_64+0xcd/0x490 [ 255.595858][ T7752] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 255.595894][ T7752] RIP: 0033:0x7fa26b38d290 [ 255.595922][ T7752] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 255.595954][ T7752] RSP: 002b:00007fa26c131f10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 255.595985][ T7752] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fa26b38d290 [ 255.596007][ T7752] RDX: 0000000000000002 RSI: 00007fa26c131fa0 RDI: 00000000ffffff9c [ 255.596027][ T7752] RBP: 00007fa26c131fa0 R08: 0000000000000000 R09: 0000000000000000 [ 255.596048][ T7752] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 255.596067][ T7752] R13: 0000000000000000 R14: 00007fa26b5b6080 R15: 00007fff35d73078 [ 255.596110][ T7752] [ 255.899038][ T7764] netlink: 13832 bytes leftover after parsing attributes in process `syz.1.285'. [ 257.978954][ T7785] Invalid ELF header magic: != ELF [ 258.120685][ T7799] netlink: 13832 bytes leftover after parsing attributes in process `syz.0.291'. [ 259.620271][ T7819] netlink: 'syz.3.293': attribute type 2 has an invalid length. [ 261.551763][ T7821] zswap: compressor not available [ 262.546683][ T7848] netlink: 13832 bytes leftover after parsing attributes in process `syz.2.296'. [ 262.646790][ T7847] netlink: 13832 bytes leftover after parsing attributes in process `syz.1.305'. [ 265.124278][ T7868] can: request_module (can-proto-0) failed. [ 265.620342][ T7883] netlink: 13832 bytes leftover after parsing attributes in process `syz.2.303'. [ 266.408489][ T1308] ieee802154 phy0 wpan0: encryption failed: -22 [ 266.415255][ T1308] ieee802154 phy1 wpan1: encryption failed: -22 [ 266.839273][ T7902] netlink: 13832 bytes leftover after parsing attributes in process `syz.0.304'. [ 269.310477][ T7932] netlink: 13832 bytes leftover after parsing attributes in process `syz.2.310'. [ 269.428798][ T7928] bridge0: port 3(vlan1) entered blocking state [ 269.437287][ T7928] bridge0: port 3(vlan1) entered disabled state [ 269.444285][ T7928] vlan1: entered allmulticast mode [ 269.450125][ T7928] veth0_vlan: entered allmulticast mode [ 269.481960][ T7928] vlan1: entered promiscuous mode [ 269.498079][ T7928] bridge0: port 3(vlan1) entered blocking state [ 269.504638][ T7928] bridge0: port 3(vlan1) entered forwarding state [ 270.244943][ T7945] Invalid ELF header magic: != ELF [ 270.643791][ T7949] netlink: 48 bytes leftover after parsing attributes in process `syz.1.313'. [ 273.801092][ T7990] nbd: socks must be embedded in a SOCK_ITEM attr [ 275.841400][ T8028] netlink: 13832 bytes leftover after parsing attributes in process `syz.1.324'. [ 276.591329][ T8030] netlink: 13832 bytes leftover after parsing attributes in process `syz.2.323'. [ 280.714259][ T8084] netlink: 8 bytes leftover after parsing attributes in process `syz.2.344'. [ 280.865950][ T8082] bridge0: port 3(vlan1) entered blocking state [ 280.891757][ T8082] bridge0: port 3(vlan1) entered disabled state [ 280.899507][ T8082] vlan1: entered allmulticast mode [ 280.911976][ T8082] vlan1: entered promiscuous mode [ 280.918660][ T8082] bridge0: port 3(vlan1) entered blocking state [ 280.925155][ T8082] bridge0: port 3(vlan1) entered forwarding state [ 281.233994][ T8092] netlink: 13832 bytes leftover after parsing attributes in process `syz.0.337'. [ 283.292327][ T8109] netlink: 48 bytes leftover after parsing attributes in process `syz.1.340'. [ 284.041490][ T8117] netlink: 13832 bytes leftover after parsing attributes in process `syz.3.341'. [ 284.387717][ T8120] Invalid ELF header magic: != ELF [ 286.870624][ T8140] netlink: 13832 bytes leftover after parsing attributes in process `syz.2.343'. [ 287.248354][ T8151] can: request_module (can-proto-0) failed. [ 287.789129][ T8166] netlink: 13832 bytes leftover after parsing attributes in process `syz.1.350'. [ 289.517073][ T8188] random: crng reseeded on system resumption [ 290.194483][ T8197] Invalid ELF header magic: != ELF [ 290.578038][ T8205] netlink: 13832 bytes leftover after parsing attributes in process `syz.3.357'. [ 292.306691][ T8225] can: request_module (can-proto-0) failed. [ 294.403822][ T8267] netlink: 13832 bytes leftover after parsing attributes in process `syz.3.368'. [ 296.515400][ T8302] netlink: 13832 bytes leftover after parsing attributes in process `syz.1.379'. [ 296.792756][ T8309] netlink: 13832 bytes leftover after parsing attributes in process `syz.0.374'. [ 297.810802][ T8315] can: request_module (can-proto-0) failed. [ 298.754769][ T8333] netlink: 13832 bytes leftover after parsing attributes in process `syz.3.377'. [ 300.103281][ T8355] random: crng reseeded on system resumption [ 301.207733][ T8358] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 301.512336][ T8374] netlink: 13832 bytes leftover after parsing attributes in process `syz.3.385'. [ 303.019591][ T8389] Invalid ELF header magic: != ELF [ 303.484949][ T8407] [ 303.487379][ T8407] ====================================================== [ 303.494449][ T8407] WARNING: possible circular locking dependency detected [ 303.501514][ T8407] 6.15.0-syzkaller-12141-gec7714e49479 #0 Tainted: G U [ 303.509901][ T8407] ------------------------------------------------------ [ 303.517222][ T8407] syz.2.396/8407 is trying to acquire lock: [ 303.523168][ T8407] ffff888025d82338 (&q->elevator_lock){+.+.}-{4:4}, at: elevator_change+0x103/0x400 [ 303.532764][ T8407] [ 303.532764][ T8407] but task is already holding lock: [ 303.540171][ T8407] ffff888025d81e00 (&q->q_usage_counter(io)#22){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 303.551507][ T8407] [ 303.551507][ T8407] which lock already depends on the new lock. [ 303.551507][ T8407] [ 303.561948][ T8407] [ 303.561948][ T8407] the existing dependency chain (in reverse order) is: [ 303.571011][ T8407] [ 303.571011][ T8407] -> #3 (&q->q_usage_counter(io)#22){++++}-{0:0}: [ 303.579707][ T8407] blk_alloc_queue+0x619/0x760 [ 303.585084][ T8407] blk_mq_alloc_queue+0x175/0x290 [ 303.590721][ T8407] __blk_mq_alloc_disk+0x29/0x120 [ 303.596341][ T8407] loop_add+0x49e/0xb70 [ 303.601083][ T8407] loop_init+0x164/0x270 [ 303.605895][ T8407] do_one_initcall+0x120/0x6e0 [ 303.611236][ T8407] kernel_init_freeable+0x5c2/0x900 [ 303.617010][ T8407] kernel_init+0x1c/0x2b0 [ 303.621906][ T8407] ret_from_fork+0x5d7/0x6f0 [ 303.627083][ T8407] ret_from_fork_asm+0x1a/0x30 [ 303.632422][ T8407] [ 303.632422][ T8407] -> #2 (fs_reclaim){+.+.}-{0:0}: [ 303.639715][ T8407] fs_reclaim_acquire+0x102/0x150 [ 303.645327][ T8407] prepare_alloc_pages+0x162/0x610 [ 303.651024][ T8407] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 303.657512][ T8407] __alloc_pages_noprof+0xb/0x1b0 [ 303.663137][ T8407] pcpu_populate_chunk+0x110/0xb00 [ 303.668827][ T8407] pcpu_alloc_noprof+0x86a/0x1470 [ 303.674433][ T8407] xt_percpu_counter_alloc+0x13e/0x1b0 [ 303.680495][ T8407] find_check_entry.constprop.0+0xbc/0x9b0 [ 303.686881][ T8407] translate_table+0xc98/0x1720 [ 303.692313][ T8407] ipt_register_table+0x102/0x430 [ 303.697927][ T8407] iptable_nat_table_init+0x4b/0x250 [ 303.703805][ T8407] xt_find_table_lock+0x2e1/0x520 [ 303.709447][ T8407] xt_request_find_table_lock+0x28/0xf0 [ 303.715575][ T8407] get_info+0x190/0x610 [ 303.720310][ T8407] do_ipt_get_ctl+0x169/0xa10 [ 303.725564][ T8407] nf_getsockopt+0x7c/0xe0 [ 303.730549][ T8407] ip_getsockopt+0x18c/0x1e0 [ 303.735720][ T8407] tcp_getsockopt+0x9e/0x100 [ 303.740905][ T8407] do_sock_getsockopt+0x3fc/0x800 [ 303.746509][ T8407] __sys_getsockopt+0x123/0x1b0 [ 303.751938][ T8407] __x64_sys_getsockopt+0xbd/0x160 [ 303.757620][ T8407] do_syscall_64+0xcd/0x490 [ 303.762684][ T8407] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 303.769125][ T8407] [ 303.769125][ T8407] -> #1 (pcpu_alloc_mutex){+.+.}-{4:4}: [ 303.776912][ T8407] __mutex_lock+0x199/0xb90 [ 303.781997][ T8407] pcpu_alloc_noprof+0xb4c/0x1470 [ 303.787843][ T8407] sbitmap_init_node+0x2fd/0x770 [ 303.793331][ T8407] sbitmap_queue_init_node+0x41/0x560 [ 303.799261][ T8407] blk_mq_init_tags+0x12d/0x2b0 [ 303.804657][ T8407] blk_mq_alloc_map_and_rqs+0x237/0xf60 [ 303.810764][ T8407] blk_mq_init_sched+0x30c/0x610 [ 303.816251][ T8407] elevator_switch+0x1e1/0x7f0 [ 303.821566][ T8407] elevator_change+0x2ac/0x400 [ 303.826880][ T8407] elevator_set_default+0x292/0x320 [ 303.832633][ T8407] blk_register_queue+0x393/0x4f0 [ 303.838210][ T8407] __add_disk+0x74a/0xf00 [ 303.843104][ T8407] add_disk_fwnode+0x13f/0x5d0 [ 303.848432][ T8407] nbd_dev_add+0x791/0xbc0 [ 303.853416][ T8407] nbd_init+0x181/0x320 [ 303.858120][ T8407] do_one_initcall+0x120/0x6e0 [ 303.863432][ T8407] kernel_init_freeable+0x5c2/0x900 [ 303.869182][ T8407] kernel_init+0x1c/0x2b0 [ 303.874085][ T8407] ret_from_fork+0x5d7/0x6f0 [ 303.879262][ T8407] ret_from_fork_asm+0x1a/0x30 [ 303.884585][ T8407] [ 303.884585][ T8407] -> #0 (&q->elevator_lock){+.+.}-{4:4}: [ 303.892453][ T8407] __lock_acquire+0x126f/0x1c90 [ 303.897876][ T8407] lock_acquire+0x179/0x350 [ 303.902960][ T8407] __mutex_lock+0x199/0xb90 [ 303.908041][ T8407] elevator_change+0x103/0x400 [ 303.913373][ T8407] elv_iosched_store+0x2eb/0x3a0 [ 303.918874][ T8407] queue_attr_store+0x279/0x320 [ 303.924272][ T8407] sysfs_kf_write+0xef/0x150 [ 303.929418][ T8407] kernfs_fop_write_iter+0x354/0x510 [ 303.935256][ T8407] vfs_write+0x6c4/0x1150 [ 303.940146][ T8407] ksys_write+0x12a/0x250 [ 303.945060][ T8407] do_syscall_64+0xcd/0x490 [ 303.950135][ T8407] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 303.956593][ T8407] [ 303.956593][ T8407] other info that might help us debug this: [ 303.956593][ T8407] [ 303.966842][ T8407] Chain exists of: [ 303.966842][ T8407] &q->elevator_lock --> fs_reclaim --> &q->q_usage_counter(io)#22 [ 303.966842][ T8407] [ 303.980637][ T8407] Possible unsafe locking scenario: [ 303.980637][ T8407] [ 303.988118][ T8407] CPU0 CPU1 [ 303.993505][ T8407] ---- ---- [ 303.998887][ T8407] lock(&q->q_usage_counter(io)#22); [ 304.004309][ T8407] lock(fs_reclaim); [ 304.010834][ T8407] lock(&q->q_usage_counter(io)#22); [ 304.018763][ T8407] lock(&q->elevator_lock); [ 304.023381][ T8407] [ 304.023381][ T8407] *** DEADLOCK *** [ 304.023381][ T8407] [ 304.031551][ T8407] 7 locks held by syz.2.396/8407: [ 304.036593][ T8407] #0: ffff8880351cdeb8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2a2/0x370 [ 304.045731][ T8407] #1: ffff88807d9a2428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 304.054909][ T8407] #2: ffff88805b541088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 [ 304.064736][ T8407] #3: ffff888142baf788 (kn->active#110){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 [ 304.074902][ T8407] #4: ffff888025e35368 (&set->update_nr_hwq_lock){.+.+}-{4:4}, at: elv_iosched_store+0x337/0x3a0 [ 304.085590][ T8407] #5: ffff888025d81e00 (&q->q_usage_counter(io)#22){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 304.097326][ T8407] #6: ffff888025d81e38 (&q->q_usage_counter(queue)#22){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 304.109331][ T8407] [ 304.109331][ T8407] stack backtrace: [ 304.115243][ T8407] CPU: 0 UID: 0 PID: 8407 Comm: syz.2.396 Tainted: G U 6.15.0-syzkaller-12141-gec7714e49479 #0 PREEMPT(full) [ 304.115284][ T8407] Tainted: [U]=USER [ 304.115292][ T8407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 304.115308][ T8407] Call Trace: [ 304.115317][ T8407] [ 304.115328][ T8407] dump_stack_lvl+0x116/0x1f0 [ 304.115368][ T8407] print_circular_bug+0x275/0x350 [ 304.115404][ T8407] check_noncircular+0x14c/0x170 [ 304.115443][ T8407] __lock_acquire+0x126f/0x1c90 [ 304.115483][ T8407] lock_acquire+0x179/0x350 [ 304.115518][ T8407] ? elevator_change+0x103/0x400 [ 304.115552][ T8407] ? __pfx___might_resched+0x10/0x10 [ 304.115583][ T8407] __mutex_lock+0x199/0xb90 [ 304.115621][ T8407] ? elevator_change+0x103/0x400 [ 304.115655][ T8407] ? elevator_change+0x103/0x400 [ 304.115688][ T8407] ? __pfx___mutex_lock+0x10/0x10 [ 304.115730][ T8407] ? blk_mq_cancel_work_sync+0xd8/0x110 [ 304.115772][ T8407] ? __pfx_blk_mq_cancel_work_sync+0x10/0x10 [ 304.115818][ T8407] ? elevator_change+0x103/0x400 [ 304.115850][ T8407] elevator_change+0x103/0x400 [ 304.115885][ T8407] elv_iosched_store+0x2eb/0x3a0 [ 304.115921][ T8407] ? __pfx_elv_iosched_store+0x10/0x10 [ 304.115962][ T8407] ? __mutex_trylock_common+0xe9/0x250 [ 304.116004][ T8407] ? __pfx_elv_iosched_store+0x10/0x10 [ 304.116040][ T8407] queue_attr_store+0x279/0x320 [ 304.116065][ T8407] ? __pfx_queue_attr_store+0x10/0x10 [ 304.116088][ T8407] ? __lock_acquire+0x622/0x1c90 [ 304.116123][ T8407] ? cfv_probe+0xc/0x1630 [ 304.116157][ T8407] ? find_held_lock+0x2b/0x80 [ 304.116183][ T8407] ? sysfs_file_kobj+0xe4/0x290 [ 304.116217][ T8407] ? __pfx_queue_attr_store+0x10/0x10 [ 304.116241][ T8407] sysfs_kf_write+0xef/0x150 [ 304.116276][ T8407] kernfs_fop_write_iter+0x354/0x510 [ 304.116304][ T8407] ? __pfx_sysfs_kf_write+0x10/0x10 [ 304.116338][ T8407] vfs_write+0x6c4/0x1150 [ 304.116378][ T8407] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 304.116408][ T8407] ? __pfx___mutex_lock+0x10/0x10 [ 304.116446][ T8407] ? __pfx_vfs_write+0x10/0x10 [ 304.116495][ T8407] ksys_write+0x12a/0x250 [ 304.116533][ T8407] ? __pfx_ksys_write+0x10/0x10 [ 304.116577][ T8407] do_syscall_64+0xcd/0x490 [ 304.116617][ T8407] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 304.116644][ T8407] RIP: 0033:0x7fa26b38e929 [ 304.116664][ T8407] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 304.116690][ T8407] RSP: 002b:00007fa26c153038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 304.116714][ T8407] RAX: ffffffffffffffda RBX: 00007fa26b5b5fa0 RCX: 00007fa26b38e929 [ 304.116732][ T8407] RDX: 0000000000000004 RSI: 0000200000000080 RDI: 0000000000000003 [ 304.116748][ T8407] RBP: 00007fa26b410b39 R08: 0000000000000000 R09: 0000000000000000 [ 304.116764][ T8407] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 304.116779][ T8407] R13: 0000000000000000 R14: 00007fa26b5b5fa0 R15: 00007fff35d73078 [ 304.116804][ T8407]