last executing test programs: 12.268983487s ago: executing program 3 (id=518): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) unshare$auto(0x40000080) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/bonding/all_slaves_active\x00', 0xb02, 0x0) pwritev$auto(0x3, &(0x7f0000001000)={0x0, 0x8}, 0x5, 0x3, 0x9) read$auto(0x3, 0x0, 0xf34) write$auto(0x3, 0x0, 0xffd8) bpf$auto(0x0, &(0x7f0000000280)=@link_update={0xa, @new_map_fd=0x5, 0x4007, @old_prog_fd=0x13b}, 0xa3) fallocate$auto(0x8000000000000003, 0x0, 0xd, 0xcbd5d) r0 = socket(0x12, 0x4, 0x440a) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20b42, 0x0) ioctl$auto_SNDCTL_DSP_SETFMT(r1, 0xc0045005, &(0x7f0000000040)) socket(0x25, 0x5, 0x0) sendfile$auto(0x6, 0x3, 0x0, 0xfdef) openat$auto_rfkill_fops_core(0xffffffffffffff9c, 0x0, 0x400, 0x0) io_setup$auto(0x80002, 0x0) r2 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, 0x0, 0x20400, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_FORWARD2(r2, 0x40084149, &(0x7f0000001080)=0x7) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, r2, 0x8000) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000000900), r3) sendmsg$auto_OVS_VPORT_CMD_SET(r3, &(0x7f0000002680)={0x0, 0x0, &(0x7f0000002640)={&(0x7f0000001240)={0x20, r4, 0x1, 0x70bd2b, 0x25dfdbfd, {}, [@OVS_VPORT_ATTR_UPCALL_STATS={0x4}, @OVS_VPORT_ATTR_PORT_NO={0x8, 0x1, 0xa6fa}]}, 0x20}, 0x1, 0x0, 0x0, 0x4810}, 0x4) socket(0x11, 0x80003, 0x300) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NFC_CMD_STOP_POLL(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000011c0)={&(0x7f0000001240)=ANY=[@ANYBLOB="44000000b005340aebe5fa82cc2cfe070efe7393c78775a7fbd06451a308b2d75dbbc9314b37f854d5b05ee476d92d1c76c634d55ec71ff7edaeb9bf870880443128469ecac1b937af2434186513ea1de2def6266f268232ae88a517c5deaaa2de423a78b504169c1bebb902000000604ce722008ad319166a88d492ae3a921f7fc0d05390e545cdac589a1717", @ANYRES16=0x0], 0x44}, 0x1, 0x0, 0x0, 0x20008050}, 0x4048041) sendmmsg$auto(r0, &(0x7f0000000240)={{&(0x7f0000000080)="a2c782f68bb0d392f32a48f96e28abb3769ede6d7f131365c9bf1e4f0e9122feeeccb2d150681f9006a5", 0x129ce85, &(0x7f0000000140)={&(0x7f0000000100)="8519ce563e075ecdc41e529a3f293e7509fb68e67469a3a26ae0f8e6f686b0f704140a1586c340da3291a44b173edc74ff7de16b4793848fcdd3", 0x1000}, 0x2, &(0x7f0000000180)="994aba0aaa2ae312110d22e3d2c51e9cdaac21bcd81ef637609c28c57e0c0281140cff4c8467ed0c869b5de11f7dd39e5db8fda8922554e9870c8b3f995a092823a8a83b9800b6ec9c98ec41095602fe8adde2e3bd14f170099f1ebfc269fd77080d991bcb7a727be081ab4ad1084db8bda7ac480f1c4f7377", 0x80000001, 0x4}, 0x8}, 0x809, 0xff) 9.644800214s ago: executing program 3 (id=523): close_range$auto(0x0, 0xffffffffffffefff, 0x4000000000002) fanotify_init$auto(0x5, 0x2) open(&(0x7f0000000000)='./file0\x00', 0x7ffd, 0x10c) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x130000, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x7, 0x8) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x20000, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xd, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x5, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) socket(0x1e, 0x1, 0x0) setsockopt$auto(0x3, 0x6, 0x100000000, 0xfffffffffffffffc, 0xa) getpid() mlockall$auto(0x5) rt_sigprocmask$auto(0x26, &(0x7f0000000040)={0x80000000}, &(0x7f0000000080)={0x9}, 0x8) setsockopt$auto(0x3, 0x6a, 0x7, 0xffffffffffffffff, 0x3) mmap$auto(0xfffffffffffffffc, 0x400005, 0xe3, 0x18, 0x2, 0x1) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) unshare$auto(0x40000080) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) socket(0x11, 0xa, 0x300) sendmmsg$auto(0x4, 0x0, 0x9a6, 0xa) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xa00) mincore$auto(0x1000, 0x80000000000000f0, 0x0) 8.834458238s ago: executing program 1 (id=528): r0 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x7fffffffefff}, 0x7) write$auto_sg_fops_sg(r0, &(0x7f0000001380)="4a0200000000000000899edb615550fd8c7c924d87f0030047eb02eff5d2adc245a4e1eded0e91b86c61b6b42ed6", 0x2e) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) syz_clone(0x40100100, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/bus/pci/resource_alignment\x00', 0x8ea182, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000000)="42bf46", 0x3) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/mm/transparent_hugepage/hugepages-512kB/enabled\x00', 0x129302, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) init_module$auto(0x0, 0xfffff, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x8000000000000000, 0x15) madvise$auto(0x0, 0x2000000080000001, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x80002, 0x0) write$auto_ocfs2_control_fops_stack_user(r2, &(0x7f0000000280)="16c8ae39519bbe7a253b302a6c81a04860426be36aeb99776aa7d3b33c38351cc5e8272e595bab60ffdb32d15924bc60d45976da67d6b4f371ca226225857acb4e5b4f09456946b869fc1b01bb0602285368c084334b0678e13ed49d8d52533df3fe6b48d1c99f83c613ff7be83f42fdccf2bdd1628aebde9d3429813ef8aada", 0x80) capset$auto(0x0, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x80, 0x0) r3 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyz0\x00', 0x23a002, 0x0) ioctl$auto_TIOCSWINSZ(r3, 0x5414, &(0x7f0000000300)="bb894ad3e1a8d99bba6b8c6702cc3a43936353485d5fa75a669fe02be138b8c275c3c31a80d31aaf31cf013ce092ed53d80f1be6d1b5f0dfeb7c5fe2060bd1ec868f231e2492a244005937f853994cf74fe2f51adb5e92c2e1198b16c46274e57b8e0ce097bf921dbbf4100f9d20c1024d7d358d7cd6853be8cf851abcbede392f0c8df36b93e9feb1fac8d81e851b316aaf9bc259b0a89d82dbdaa0898916a6d0d8f7483d6298675d40f98ec565d2adbd9b5b8fc3be9fa7d458891e283e18920091d17aff9439aca634de766705") move_mount$auto(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x91e4) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) 6.683496093s ago: executing program 0 (id=530): readv$auto(0x3, 0x0, 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_ima_measure_policy_ops_ima_fs(0xffffffffffffff9c, 0x0, 0x2dc08f24db163610, 0x0) mmap$auto(0x1, 0x20009, 0xdf, 0xf98, 0x401, 0x8000) syz_clone(0x40100100, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = prctl$auto(0x3e, 0xb, 0x0, 0x40, 0x1) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x129302, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0x1a1983, 0x0) open(&(0x7f0000000100)='.\x00', 0x0, 0x408) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x2021009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r2, 0x0, 0x20) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3) bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_map_fd=0x5, 0x4007, @old_prog_fd=0x13b}, 0xa3) ioctl$auto(0x3, 0xc0485619, r0) write$auto(r1, 0x0, 0x800f) getrandom$auto(0x0, 0x6000000, 0x3) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) write$auto(r4, 0x0, 0xfffffdef) write$auto(0x3, 0x0, 0xfffffdef) madvise$auto(0x0, 0x20499d, 0x9) socket$nl_generic(0x10, 0x3, 0x10) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) ioctl$auto_SNDCTL_DSP_RESET(0xffffffffffffffff, 0x5000, 0x0) 6.583781757s ago: executing program 3 (id=531): unshare$auto(0x40000080) write$auto(0xffffffffffffffff, &(0x7f0000000400)='/de\xef\xe7auDio1\x00\f\'\x8b\xd9\xfeN\xcd#)\x8c\x89>-o\xd7\x8f$\xac\xfc\xa2\xccm\x0e \xfb\xe5\xe9\x92\xaa\xef\x84$\x84Ia>6pV;{\'\xaa\xbeS\x14\xb6\xd2\xf6\xb7\xcd\xf6P\x05X\x1dK\x18\x99\x02\xb3\x0fY0\x80\x99\xe3\x0e\xa2D\xc0\xecE\x86\xd9J\x9c\xa8\x98\x02\xdb\xf1\x81TMpS\xc5\xab\xa1\x1bG\v>\x03\xf7\xe1\xaf\xe3\x04\xc3 ffF\x0f\xa6}\xa3\xa8\xd1\xe2\xd0QG\xa6\xa6\x8e7\x80\xd9\xd0\xdf\xad\xb1\x15\xca\xbb\xd5j\x94\xc6<\x18\x15\xcc\x8d\x14\xd8\xb8L\x03\xdd~\xe7%\xcb\xdd\xda!\xd45Z\xd0\xfc\x1b\xf0\xe1\xd6:\xd7\xe9N\xc1W\xe3\xae\xe9\xb27>k\xf8\xdf\xe1\xf9\xcc\xcb\v\x01D\xc3\xa9T\xb9UY\xaf\xa4\xe4\xfec\xa3\x9bI@\xb7w\xf8\x14\xc0\xd5\xd5\x95', 0x8) socket(0x10, 0x2, 0x0) socket(0x2, 0x801, 0x100) mmap$auto(0x0, 0xdf33, 0xe2, 0xeb1, 0x405, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x1ff, 0xdf, 0x200000810, 0xffffffffffffffff, 0x8000) madvise$auto(0x0, 0x200007, 0x19) madvise$auto(0x0, 0x2003f0, 0x15) write$auto(0x3, 0x0, 0x100082) io_uring_setup$auto(0x6, 0x0) madvise$auto(0x0, 0x200007, 0x19) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x29a02, 0x0) socket(0xa, 0x3, 0x3a) r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000001080)='/dev/v4l-touch5\x00', 0x2040, 0x0) read$auto_v4l2_fops_v4l2_dev(r0, &(0x7f00000010c0)=""/22, 0x16) r1 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, 0x0, 0x0, 0x0) read$auto_proc_single_file_operations_base(r1, 0x0, 0x0) sendmsg$auto_TIPC_NL_PUBL_GET(0xffffffffffffffff, 0x0, 0x40001) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r2 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r3 = mq_open$auto(&(0x7f0000000280)='\\*)A\x00', 0x7e, 0x9, 0x0) ppoll$auto(&(0x7f0000000000)={r3, 0x81, 0x9}, 0x9, &(0x7f0000000040)={0x1}, &(0x7f00000000c0), 0x8) mq_timedsend$auto(r3, 0x0, 0x2000, 0x2, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_GPARAMS(r3, 0x40485404, &(0x7f0000000100)={{0x521, 0x9, 0x7, 0x9, 0xffffffff}, 0x6, 0x3, "c5a22f1570cdb0fe850e4cfaaf82a9c429d59c884998450cc5a6b0e78c6fd6e0"}) msync$auto(0x1ffff002, 0x180000000000000, 0x0) getsockopt$auto_SO_PASSCRED(r2, 0x40, 0x10, &(0x7f0000000000)='#!@\\$\x00', &(0x7f0000000040)=0x6) msgsnd$auto(0x0, &(0x7f0000000080)={0x1, 0x6}, 0x8, 0x7) 6.041177888s ago: executing program 2 (id=532): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) unshare$auto(0x40000080) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/bonding/all_slaves_active\x00', 0xb02, 0x0) pwritev$auto(0x3, &(0x7f0000001000)={0x0, 0x8}, 0x5, 0x3, 0x9) read$auto(0x3, 0x0, 0xf34) write$auto(0x3, 0x0, 0xffd8) bpf$auto(0x0, &(0x7f0000000280)=@link_update={0xa, @new_map_fd=0x5, 0x4007, @old_prog_fd=0x13b}, 0xa3) fallocate$auto(0x8000000000000003, 0x0, 0xd, 0xcbd5d) r0 = socket(0x12, 0x4, 0x440a) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20b42, 0x0) ioctl$auto_SNDCTL_DSP_SETFMT(r1, 0xc0045005, &(0x7f0000000040)) socket(0x25, 0x5, 0x0) sendfile$auto(0x6, 0x3, 0x0, 0xfdef) openat$auto_rfkill_fops_core(0xffffffffffffff9c, 0x0, 0x400, 0x0) io_setup$auto(0x80002, 0x0) r2 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, 0x0, 0x20400, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_FORWARD2(r2, 0x40084149, &(0x7f0000001080)=0x7) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, r2, 0x8000) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000000900), r3) sendmsg$auto_OVS_VPORT_CMD_SET(r3, &(0x7f0000002680)={0x0, 0x0, &(0x7f0000002640)={&(0x7f0000001240)={0x20, r4, 0x1, 0x70bd2b, 0x25dfdbfd, {}, [@OVS_VPORT_ATTR_UPCALL_STATS={0x4}, @OVS_VPORT_ATTR_PORT_NO={0x8, 0x1, 0xa6fa}]}, 0x20}, 0x1, 0x0, 0x0, 0x4810}, 0x4) socket(0x11, 0x80003, 0x300) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NFC_CMD_STOP_POLL(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000011c0)={&(0x7f0000001240)=ANY=[@ANYBLOB="44000000b005340aebe5fa82cc2cfe070efe7393c78775a7fbd06451a308b2d75dbbc9314b37f854d5b05ee476d92d1c76c634d55ec71ff7edaeb9bf870880443128469ecac1b937af2434186513ea1de2def6266f268232ae88a517c5deaaa2de423a78b504169c1bebb902000000604ce722008ad319166a88d492ae3a921f7fc0d05390e545cdac589a1717", @ANYRES16=0x0], 0x44}, 0x1, 0x0, 0x0, 0x20008050}, 0x4048041) sendmmsg$auto(r0, &(0x7f0000000240)={{&(0x7f0000000080)="a2c782f68bb0d392f32a48f96e28abb3769ede6d7f131365c9bf1e4f0e9122feeeccb2d150681f9006a5", 0x129ce85, &(0x7f0000000140)={&(0x7f0000000100)="8519ce563e075ecdc41e529a3f293e7509fb68e67469a3a26ae0f8e6f686b0f704140a1586c340da3291a44b173edc74ff7de16b4793848fcdd3", 0x1000}, 0x2, &(0x7f0000000180)="994aba0aaa2ae312110d22e3d2c51e9cdaac21bcd81ef637609c28c57e0c0281140cff4c8467ed0c869b5de11f7dd39e5db8fda8922554e9870c8b3f995a092823a8a83b9800b6ec9c98ec41095602fe8adde2e3bd14f170099f1ebfc269fd77080d991bcb7a727be081ab4ad1084db8bda7ac480f1c4f7377", 0x80000001, 0x4}, 0x8}, 0x809, 0xff) 5.353848352s ago: executing program 0 (id=533): readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_ima_measure_policy_ops_ima_fs(0xffffffffffffff9c, 0x0, 0x2dc08f24db163610, 0x0) mmap$auto(0x1, 0x20009, 0xdf, 0xf98, 0x401, 0x8000) syz_clone(0x40100100, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = prctl$auto(0x3e, 0xb, 0x0, 0x40, 0x1) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x129302, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0x1a1983, 0x0) open(0x0, 0x0, 0x408) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x2021009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r2, 0x0, 0x20) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3) bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_map_fd=0x5, 0x4007, @old_prog_fd=0x13b}, 0xa3) ioctl$auto(0x3, 0xc0485619, r0) write$auto(r1, 0x0, 0x800f) getrandom$auto(0x0, 0x6000000, 0x3) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) write$auto(r4, 0x0, 0xfffffdef) write$auto(0x3, 0x0, 0xfffffdef) madvise$auto(0x0, 0x20499d, 0x9) socket$nl_generic(0x10, 0x3, 0x10) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) ioctl$auto_SNDCTL_DSP_RESET(0xffffffffffffffff, 0x5000, 0x0) 5.188154937s ago: executing program 1 (id=534): mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8002) mmap$auto(0x8000000003, 0x4, 0x1, 0x19, 0xffffffffffffffff, 0x10000007ffd) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000380)={0x8, 0x1, 0x100000000, 0x8, 0x4, 0x940, 0x1ffde, 0x3, 0x2000000000000006, 0x2, 0x5, 0x5, 0x6, 0x8, 0xae, 0xa, 0x2, 0x7, 0x5, 0x7, 0x0, 0x1, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x4, 0xfff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x583, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x2000000000], "766f8304325c2705002a4b1f7b2b117f2b975165a97a350ab2166e47258cda20078cfd66048529b3c0bdf85410394fd066844a9077f7e1d41ed02e55e8b91e020057a479ccaae205a3c958183132878a69ee2d150550f4aced3aca24c7a276321b13099548022d52b90c5d1446d20e69c628f852d80f2b5f0a1757b864fee2524dfc41324c3a0876a83b1249fab74a8617babc77bc4d2ad2c40a01ca93ce4a2acce90aeeda6492dbdf94c0d2ba5e30851a67597dbb3e7060f18fbca1e38e2334a26a4ac4be833e0c8dd881405249fcc5dc4d372f5b0dff6ff740731b30ab80daeb8ff4dd5b750655051a1e9ef6a5ff36c457d082946d9a4575fb12f367e10a4f17a6140e4acc6fa6da20ece820d3ef4b0e7f7dfffa674543e9682f4feaa6cd36cec3288118fdef3db56c67971924bc01a4bcf879fc0df1fc1d9901beed95014030be18faf3c32e9a6e7787e0bb3d6c2411267b018b523f7769b4e08185255efa231c031221c0a0b54e5788ac52191d37651f8715414d67d4863089f72944d72b860b882586da3c73fa6fc9591184021a493ed734f9f63460cbac0619f54aa25354991021f09cbd1daf6576fcf0d84b7e28daa157ffacd5a44714e7bdb0bd73304d1d7d090c3a0555f14393b0acd726634100690f40f9599a4f68eae9017f53d81c9ca10d7e13e52347656aeb57fc1176c553af14042fef42debbf010722afb2111436f4f9fb230b1e7936b6d54085e"}, 0x81, 0x80) mmap$auto(0x0, 0x20009, 0xdf, 0xeb4, 0xffffffffffffffff, 0x8000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000180)='/dev/v4l-subdev0\x00', 0x82, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x90080, 0x0) capget$auto(0x0, 0xfffffffffffffffe) unshare$auto(0x40000080) r1 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$auto_IMADDTIMER(r1, 0x80044940, &(0x7f0000000140)=0x8) bpf$auto(0x8, &(0x7f00000001c0)=@bpf_attr_0={0x7, 0xb5, 0x10, 0x4, 0x53400000, 0xffffffffffffffff, 0x9, "2af051b26b658a20d8dc6b36c83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0x7, 0x7, 0x6}, 0x10) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/038/001\x00', 0x42a8a0, 0x0) r2 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/bus/usb/036/001\x00', 0x800, 0x0) ioctl$auto_USBDEVFS_SUBMITURB32(r2, 0x802c550a, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r4 = open(0x0, 0x261c2, 0x84) socket(0x2b, 0x1, 0x1) ioctl$auto_SNAPSHOT_UNFREEZE(r4, 0x3302, 0x0) write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x10, 0x5, 0x1, 0x948b, 0x63c, 0x15f4da0a, 0x200, 0x3, 0x4, 0x4080000016, 0x1, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) read$auto(r0, 0x0, 0x6) close_range$auto(0x0, r0, 0x4000000000002) memfd_create$auto(0x0, 0x150) r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tty12\x00', 0x800, 0x0) r6 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r5, 0x541c, r6) 4.128766824s ago: executing program 2 (id=535): syz_clone3(&(0x7f00000001c0)={0x2000000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58) mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x1cb842, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) read$auto(0xffffffffffffffff, 0x0, 0x20) recvmmsg$auto(0x4, 0x0, 0x7, 0xe, 0x0) openat$auto_page_owner_stack_operations_page_owner(0xffffffffffffff9c, &(0x7f0000001540), 0x2, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) write$auto(r0, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) 4.121375773s ago: executing program 1 (id=536): statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x1ff, 0x7, 0x1f, 0x390, 0x1ffde, 0x7, 0x3, 0x9, 0x9, 0x3, 0x4, 0x1, 0xb4, 0x9, 0x8, 0x10003, 0x80, 0x4, 0x0, 0xa, 0x22000, 0x200, 0x0, 0x84, 0x0, 0x0, 0x0, 0x0, 0xfffffd66, [0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x9]}, 0x1fe, 0xd) socket(0x10, 0x2, 0x0) r0 = socket(0x1d, 0x3, 0x1) fcntl$auto_F_GETOWNER_UIDS(r0, 0x11, 0xffffffffffffffff) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x7, 0x8) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x20000, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xd, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) socket(0x1e, 0x1, 0x0) setsockopt$auto(0x3, 0x6, 0x100000000, 0xfffffffffffffffc, 0xa) getpid() mlockall$auto(0x5) rt_sigprocmask$auto(0x26, &(0x7f0000000040)={0x80000000}, &(0x7f0000000080)={0x9}, 0x8) setsockopt$auto(0x3, 0x6a, 0x7, 0xffffffffffffffff, 0x3) mmap$auto(0xfffffffffffffffc, 0x400005, 0xe3, 0x18, 0x2, 0x1) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) unshare$auto(0x40000080) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) socket(0x11, 0xa, 0x300) sendmmsg$auto(0x4, 0x0, 0x9a6, 0xa) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xa00) 3.806954983s ago: executing program 2 (id=537): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xffffffffffffffff, 0x4000000000002) fanotify_init$auto(0x3, 0xffedfffd) sysfs$auto(0x2, 0x1e, 0x0) r0 = fsopen$auto(0x0, 0x1) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) r1 = socket(0x21, 0x2, 0xa) sendmsg$auto_MACSEC_CMD_ADD_TXSA(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x4000005) r2 = socket(0x21, 0x6, 0x800004) sendmsg$auto_MACSEC_CMD_ADD_TXSA(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x2}, 0x1, 0x0, 0x0, 0xc004}, 0x0) socket(0x840000000002, 0x3, 0xff) setsockopt$auto(0x3, 0x1, 0x1800, 0x0, 0x9) connect$auto(0x3, 0x0, 0x55) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) read$auto(r0, &(0x7f0000000200)='\xd6\x8a\xea\xcd7sE\x87rD>i\xf7\xf6\x9c\n:\x17\xaf\xeb\xcakw\x98v\x1e\x86!p\x92\xb4E\x98\xdd>J\xec\xa4\xd3\x7fo\xb4\xf2h\xcf\xa9\xaa\x15v\xe7\xc8X:\xbf,\xc4?\x9b;[\x02C\xde\xf1\x9e\xaeX[\xa7n{j\x12\xd3\xf1\x10\x00\xe9\xca\xaf\xdbI1U>*\x01\x8a\xea|\xcd\xb23\xaa\xde\xb4\xe4\xa3\xff\xd3L\xbd\xf2\x0e\x97^3', 0xd) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0xfffffff8, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/maps\x00', 0x40302, 0x0) mmap$auto(0x3, 0x80000001, 0x2, 0x12, 0xffffffffffffffff, 0x1) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/mptcp/pm_type\x00', 0xe0002, 0x0) sendfile$auto(0x1, r3, 0x0, 0xc01) bpf$auto_BPF_LINK_GET_NEXT_ID(0x1f, &(0x7f00000003c0)=@enable_stats={0x4}, 0x7) symlink$auto(&(0x7f0000000480)='./file0/file0\x00', &(0x7f0000000180)='./file0/file0\x00') mmap$auto(0x0, 0x88b, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:09/path\x00', 0x80000, 0x0) read$auto(r4, 0x0, 0x20) mmap$auto(0x0, 0x2000a, 0x0, 0xeb1, 0x401, 0x8000) getpid() ioctl$auto_UBI_IOCDET(0xffffffffffffffff, 0x40046f41, 0x0) unshare$auto(0x40000080) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) 3.720541794s ago: executing program 0 (id=538): adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x401, 0xfffffffffffffffd, 0xd4, 0x4, 0x28c, 0x0, 0x3, 0x368e, 0x9, {0xfffffffe, 0x10000}, 0x5, 0x6, 0xfffffffffff7fffd, 0x1007ffd, 0x0, 0xfe, 0x81, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x804}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x20282, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0xa901, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/vlan/config\x00', 0x41900, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x84280, 0x0) writev$auto(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x7}, 0x3) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7fffe000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/platform/snd_aloop.0/sound/card1/id\x00', 0x48a22, 0x0) r2 = socket(0x10, 0x3, 0x6) r3 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$auto_NETDEV_CMD_PAGE_POOL_GET(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01002dbd7000ffdbdf25050000000c00010007000000000000000c00010004000000000000000c00010040000000000000000c00010004000000020000000c0001000000000200000000"], 0x50}, 0x1, 0x0, 0x0, 0x4048081}, 0x0) write$auto(r1, 0x0, 0x3) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop6\x00', 0x0, 0x0) ioctl$auto_SG_GET_RESERVED_SIZE(r4, 0x4c03, 0xfffffffffffffffd) bind$auto(0x3, 0x0, 0x6a) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) setrlimit$auto(0x9, 0x0) io_setup$auto(0x2, 0x0) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000080)) mmap$auto(0x8, 0x20009, 0xf, 0x800000000000ebf, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x163340, 0x6a) socket(0x2, 0x80802, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x4, @multicast2}, 0x55) getpid() 3.649188164s ago: executing program 3 (id=539): syz_clone3(&(0x7f00000001c0)={0x2000000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58) mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x1cb842, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/kernel/slab/kmalloc-64/failslab\x00', 0x22000, 0x0) read$auto(r0, 0x0, 0x20) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) recvmmsg$auto(0x4, 0x0, 0x7, 0xe, 0x0) openat$auto_page_owner_stack_operations_page_owner(0xffffffffffffff9c, &(0x7f0000001540), 0x2, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) write$auto(r1, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) write$auto(r1, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r1, 0x8000) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x9, 0xc00000072, 0x8b72, 0x1000000002, 0x8000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000280)='/proc/thread-self/net/ip_vs_conn\x00', 0xf00, 0x0) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) ioctl$auto_TIOCSBRK2(0xffffffffffffffff, 0x5427, 0x0) ioctl$auto_KVM_GET_MSRS(r2, 0xc008ae88, &(0x7f0000000940)={0x2, 0x0, [{0x491, 0x400, 0x2000009}]}) setsockopt$auto(0xffffffffffffffff, 0x29, 0xb, 0x0, 0xca6) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0) r3 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="01002bbd7000fcdbdf2504"], 0x1c}}, 0x4044820) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) 2.723006177s ago: executing program 0 (id=540): socket$nl_generic(0x10, 0x3, 0x10) open(&(0x7f0000000040)='./file0\x00', 0x149443, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f00000003c0)=""/192, 0xc0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp1\x00', 0x20b42, 0x0) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/asound/card1/pcm0p/sub0/hw_params\x00', 0x1c1282, 0x0) read$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000280)=""/65, 0x41) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x40000008000) sendmsg$auto_TIPC_NL_NET_SET(0xffffffffffffffff, 0x0, 0x2) mmap$auto(0x0, 0x2020009, 0x10, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x23, 0x8, 0x2008, 0x0, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) syz_clone3(&(0x7f0000000400)={0x9840100, 0x0, 0x0, 0x0, {0x31}, 0x0, 0x0, 0x0, 0x0}, 0x58) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000980)='/proc/self/pagemap\x00', 0x2, 0x0) mmap$auto(0x0, 0x10000, 0x8000, 0xeb1, 0xfffffffffffffffa, 0x8000) ppoll$auto(0x0, 0x9, 0x0, 0x0, 0x8) madvise$auto(0x0, 0x200007, 0x19) syz_clone3(0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) futex_wait$auto(0x0, 0x0, 0x7f, 0x2, 0x0, 0x1) futex_wake$auto(0x0, 0x7, 0xfffffffb, 0x2) sysfs$auto(0x2, 0x23, 0x0) r1 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r1, 0x0, 0x4) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) 2.629671595s ago: executing program 1 (id=541): socket(0x18, 0x2, 0x2) mmap$auto(0x0, 0x400008, 0xdf, 0xf1, 0x2, 0x8000) r0 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) poll$auto(&(0x7f0000000180)={r0, 0xfff7, 0x9816}, 0x7f, 0x9) ioctl$auto_VHOST_SET_OWNER(r1, 0xaf01, 0x0) ioctl$auto(0x3, 0x10, r1) capset$auto(0x0, 0x0) ioctl$auto_VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, 0x0) ioctl$auto_VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) write$auto(0x3, 0x0, 0x5c8) lseek$auto(0xffffffffffffffff, 0x0, 0x2000004) mlockall$auto(0x7) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/cifs/traceSMB\x00', 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) read$auto(0x3, 0x0, 0x1f40) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x103002, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0xc00000, 0xa00006, 0x2, 0x40eb1, 0x602, 0x300000000000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) r3 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f00000001c0), 0x80100, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r3, 0x40146f2c, 0x0) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/pcmC1D1p\x00', 0x200000, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_HW_REFINE_OLD(r1, 0xc1004110, &(0x7f0000000340)={0x80000001, [0x1, 0x2, 0xff], [{0x5, 0x7, 0x0, 0x0, 0x1, 0x1}, {0x79c, 0xb, 0x0, 0x1, 0x1, 0x1}, {0x4, 0x9, 0x1, 0x1}, {0x5, 0xd9, 0x1, 0x0, 0x0, 0x1}, {0x5, 0x2, 0x1}, {0xffffffff, 0x74, 0x1, 0x0, 0x1, 0x1}, {0x45b5, 0x7, 0x0, 0x1, 0x1}, {0x8, 0x5, 0x1, 0x0, 0x1}, {0x3, 0xb52c, 0x0, 0x1, 0x1}, {0x2000201, 0x4d, 0x0, 0x0, 0x1, 0x1}, {0x8, 0x7, 0x0, 0x0, 0x0, 0x1}, {0x741, 0x80000000, 0x1, 0x1, 0x1}], 0xfffffff8, 0x800002, 0x441, 0x8, 0xe3, 0x83, 0x6, "f4b11cdd3c2e5e72bfb4e00bfd1219a1c8a687fa3e02b3d67ed272092514cd28813722f3e05b997b7a3c9f6ea12730993700"}) accept$auto(0x3, 0xffffffffffffffff, 0xffffffffffffffff) openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x80000, 0x0) 2.488094296s ago: executing program 3 (id=542): readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_ima_measure_policy_ops_ima_fs(0xffffffffffffff9c, 0x0, 0x2dc08f24db163610, 0x0) mmap$auto(0x1, 0x20009, 0xdf, 0xf98, 0x401, 0x8000) syz_clone(0x40100100, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = prctl$auto(0x3e, 0xb, 0x0, 0x40, 0x1) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x129302, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0x1a1983, 0x0) open(0x0, 0x0, 0x408) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x2021009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r2, 0x0, 0x20) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3) bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_map_fd=0x5, 0x4007, @old_prog_fd=0x13b}, 0xa3) ioctl$auto(0x3, 0xc0485619, r0) write$auto(r1, 0x0, 0x800f) getrandom$auto(0x0, 0x6000000, 0x3) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) write$auto(r4, 0x0, 0xfffffdef) write$auto(0x3, 0x0, 0xfffffdef) madvise$auto(0x0, 0x20499d, 0x9) socket$nl_generic(0x10, 0x3, 0x10) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) ioctl$auto_SNDCTL_DSP_RESET(0xffffffffffffffff, 0x5000, 0x0) 2.399012163s ago: executing program 2 (id=543): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio1\x00', 0x20b42, 0x0) mmap$auto(0x0, 0x9, 0x9, 0xeb3, 0xfffefffffffffffa, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/graphics/fbcon/cursor_blink\x00', 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000840)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_DEL_PMK(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000100)=ANY=[@ANYRES32=r0, @ANYRES16=r3, @ANYBLOB="01002cbd7000fbdbdf257c00000008000300d2ca1d75cf2a037aa67b0dd7bdc9a7bce720a4d792f14c9f387f2196e103613594f4d92751dbb31577c9b812b7fa51bd51d4f27a55234bced4a94a365ec75921492413f7feec9b8c56216fea49deb8a22a048c405a00112278fabe8cab6a2ee9da0c64bcfa49fcdc088f6dbee9ed1793bd1f02c81139ef6820eaefe722e9545123e078cef8c591586b96387caedf054c2b9757aad1a4b900fcc499d39e72dcfeddea", @ANYRES32=r4, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x8081}, 0x80) r5 = open(&(0x7f0000000000)='./file0\x00', 0x149443, 0x14) r6 = fcntl$auto(r5, 0x409, 0x40003f) ioctl$auto_KVM_CREATE_VM(r6, 0xae01, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000001100)=""/192, 0xc0) write$auto(0x3, 0x0, 0x100082) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) setsockopt$auto(0xffffffffffffffff, 0x8, 0xc, 0x0, 0x567) unshare$auto(0x40000080) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, 0x0, 0x8080) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x7, 0x4008) acct$auto(0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) migrate_pages$auto(0x0, 0x8, 0x0, &(0x7f00000001c0)=0x3) r7 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80502, 0x0) ioctl$auto_SNDCTL_DSP_CHANNELS(r7, 0xc0045006, &(0x7f00000001c0)) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) move_pages$auto(0x0, 0x1002, 0x0, &(0x7f0000001140), 0x0, 0x2) r8 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) ioctl$auto_TUNSETIFF(r8, 0x400454ca, &(0x7f0000000080)=0x4) mmap$auto(0x0, 0x20006, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 2.174573992s ago: executing program 1 (id=544): r0 = fanotify_init$auto(0x1f53, 0x2000000000002) r1 = openat$auto_urandom_fops_random(0xffffffffffffff9c, &(0x7f0000000000), 0x20, 0x0) fcntl$auto(r1, 0x403, 0xffffffffffffffff) ioctl$auto_NS_GET_USERNS(r0, 0xb701, 0x0) clock_nanosleep$auto(0x9, 0x0, &(0x7f0000000000)={0x0, 0x200}, 0x0) mmap$auto(0x0, 0x2, 0xdb, 0xeb1, 0x401, 0x8000) r2 = socket(0x2b, 0x1, 0x1) setsockopt$auto(r2, 0x0, 0x33, 0x0, 0x2) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/dummy_udc.2/udc/dummy_udc.2/is_otg\x00', 0x80040, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f00000000c0)=""/17, 0x11) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-touch0\x00', 0xe0800, 0x0) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r5 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) ioctl$auto_TIOCEXCL2(r5, 0x540c, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0x10001, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r4, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x1000, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xd4, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) mlock$auto(0x8, 0x5fe) select$auto(0xe, 0x0, 0x0, &(0x7f0000000200)={[0x8, 0xffffffffffffff49, 0x5, 0x1823, 0x800000000004, 0x1, 0x5, 0x19, 0x10, 0x5, 0x2dde, 0x8, 0xfffffffffffffffa, 0xab, 0x0, 0x1]}, &(0x7f0000000040)={0x0, 0x7}) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000400)='/dev/cuse\x00', 0x1c1041, 0x0) mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) writev$auto(0x1, &(0x7f0000000100)={0x0, 0x400000000000fdef}, 0x1) 1.417589377s ago: executing program 2 (id=545): syz_clone3(&(0x7f00000001c0)={0x2000000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58) mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x1cb842, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/kernel/slab/kmalloc-64/failslab\x00', 0x22000, 0x0) read$auto(r0, 0x0, 0x20) recvmmsg$auto(0x4, 0x0, 0x7, 0xe, 0x0) openat$auto_page_owner_stack_operations_page_owner(0xffffffffffffff9c, &(0x7f0000001540), 0x2, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) write$auto(r1, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) 1.269149645s ago: executing program 0 (id=546): r0 = open(&(0x7f00000000c0)='./cgroup\x00', 0x0, 0x1) open(&(0x7f0000000340)='./file0\x00', 0x40000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xffffffffffffffff, 0x1) madvise$auto_MADV_HUGEPAGE(0x0, 0x80000001, 0xe) prctl$auto_PR_GET_TID_ADDRESS(0x28, 0x9, 0x0, 0x5, 0x8) madvise$auto_MADV_HUGEPAGE(0x0, 0x2, 0xe) socket(0x2c, 0x80000, 0x0) bpf$auto(0x4, &(0x7f0000000280)=@task_fd_query={0x0, 0xffffffffffffffff, 0x5, 0x5, 0xa, 0x1000009, r0, 0xfff, 0x3}, 0x6f6) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/pcrypt/pencrypt/serial_cpumask\x00', 0xa001, 0x0) write$auto(r1, &(0x7f0000000040)=',\x00^\xa2\x02\x00\x05\x00\x00\x00\xd8l\x00\x00\x00\x00\x00\x00\xb2s\x83\xbd\xc5_%\xc1\xa3\xd0\x95Hq\xf4zG\x01[{\x17\x05I\xe0\xb1d)\x06z8L\xe6&[\xa9X6\x7f\xec\x94\xdal\xa1\xbb\x86\x9c\xc2\xef\x02\r9%\x06\xc5\'b%m_\x96A\"\xdd\xe40\xa7\xc3\x9ah\xf3B\xc2\xec\xf8\r\f[\xe5\x9dK\xe1\x99\x86\xfc\xac\x9f\x8a', 0x1000) fcntl$auto(0x3, 0x400, 0x1) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x1) socket(0x2, 0x1, 0x106) r2 = openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000240), 0x183440, 0x0) r3 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000040), 0x80040, 0x0) ioctl$auto_USB_RAW_IOCTL_CONFIGURE(r3, 0x5509, 0x0) unshare$auto(0x40000080) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$auto_MACSEC_CMD_UPD_RXSA(r4, &(0x7f0000006200)={0x0, 0xfffffffffffffe47, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="230027bd7000fcdbdf2508ffe9000c000380050001800300000004000280080001"], 0x2c}, 0x1, 0x0, 0x0, 0x4008000}, 0x44044) openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000100)='/dev/midi2\x00', 0x38b003, 0x0) socket(0x28, 0x1, 0x0) select$auto(0x0, 0x0, 0x0, &(0x7f00000001c0)={[0x1fb, 0x7, 0x80000001, 0x1, 0x9, 0x4460, 0x15f4da0c, 0x8000000000000001, 0x3, 0x300000000000000, 0x80000003, 0x4, 0x0, 0x9, 0x6]}, 0x0) close_range$auto(0x2, 0x8, 0x0) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0xe, 0x4, 0x4, 0x9, 0x8, 0xc, r2, 0x4, 0x7ff}, 0xee) socket(0x2a, 0x2, 0xb) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xffffeffe, 0x2) pipe$auto(0x0) 861.924908ms ago: executing program 1 (id=547): readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_ima_measure_policy_ops_ima_fs(0xffffffffffffff9c, 0x0, 0x2dc08f24db163610, 0x0) mmap$auto(0x1, 0x20009, 0xdf, 0xf98, 0x401, 0x8000) syz_clone(0x40100100, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = prctl$auto(0x3e, 0xb, 0x0, 0x40, 0x1) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x129302, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0x1a1983, 0x0) open(&(0x7f0000000100)='.\x00', 0x0, 0x408) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x2021009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) read$auto(r2, 0x0, 0x20) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3) bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_map_fd=0x5, 0x4007, @old_prog_fd=0x13b}, 0xa3) ioctl$auto(0x3, 0xc0485619, r0) write$auto(r1, 0x0, 0x800f) getrandom$auto(0x0, 0x6000000, 0x3) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) write$auto(r4, 0x0, 0xfffffdef) write$auto(0x3, 0x0, 0xfffffdef) madvise$auto(0x0, 0x20499d, 0x9) socket$nl_generic(0x10, 0x3, 0x10) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) ioctl$auto_SNDCTL_DSP_RESET(0xffffffffffffffff, 0x5000, 0x0) 638.424257ms ago: executing program 2 (id=548): r0 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x1, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001340), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r1, &(0x7f0000001400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002bbd7000fcdbdf25040000000400100008000cf1edfba1d1e45aea61b8f7020700000002681af944a5465101930e1f4b991ef2f10f485ddf80e07251de39066555baed365ef307143959554d"], 0x20}, 0x1, 0x0, 0x0, 0x24040000}, 0x18800) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, r0, 0x8000) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) close_range$auto(r0, 0x8, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, 0x0, 0x24000810) brk$auto(0xffffffffffffff66) write$auto_tty_fops_tty_io(0xffffffffffffffff, &(0x7f0000000300)="352c8efa618c0bcf83a4ebdb278754e15f334a572cad539da201096bbbc2ce7db19c429be7137d848ef31b38b0b3c7da1c61fef8e0e24e400f96eb989b4f68220f90f3df243e352f17abbc44e0cfececd72dc611200c0fc4cb84d1fc175dc31b38e002c53627c31e0f3a31c079ae368fd33dfdfc97f40f7f", 0x78) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r3 = openat$auto_rfcomm_sock_debugfs_fops_(0xffffffffffffff9c, &(0x7f0000000340), 0xc200, 0x0) ioctl$auto_XFS_IOC_FREESP64(0xffffffffffffffff, 0x40305825, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/ram8/queue/discard_max_bytes\x00', 0x181842, 0x0) mmap$auto(0x0, 0x202000d, 0x80000000000806, 0x9000000ebe, 0xfffffffffffffffa, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) pidfd_send_signal$auto_PIDFD_SIGNAL_THREAD(r3, 0x3, &(0x7f00000003c0)={@siginfo_0_0={0x10000, 0x933, 0xbb5, @_kill={0x0, 0xee01}}}, 0x1) read$auto(0x3, 0x0, 0x1f40) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/pci0000:00/0000:00:01.1/ata2/host1/target1:0:0/1:0:0:0/iocounterbits\x00', 0x6101, 0x0) openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/set_event\x00', 0x40002, 0x0) read$auto(r4, 0x0, 0x20) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/midi2\x00', 0x2, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/tty/console/active\x00', 0x103280, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) r5 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/audio1\x00', 0x171002, 0x0) ioctl$auto_SNDCTL_DSP_RESET(r5, 0x5000, &(0x7f0000000180)="237c6623ecb6e6c34ea2499d4adb7b03053d2d25f9") r6 = openat$auto_fops_u8_(0xffffffffffffff9c, &(0x7f00000014c0)='/sys/kernel/debug/nfcsim/nfc0/dropframe\x00', 0x20000, 0x0) read$auto_fops_u8_(r6, 0x0, 0x0) 37.80496ms ago: executing program 3 (id=549): socket(0x26, 0xa, 0x4e9c) r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x80000000000000a, 0x1, 0x0) sysfs$auto(0x2, 0x3, 0x0) fsopen$auto(0x0, 0x1) fsopen$auto(0x0, 0x1) fsconfig$auto_JFFS2_COMPR_MODE_FORCELZO(r0, 0x5, &(0x7f00000001c0)='/proc/self/cmdline\x00\xb7\xa8\xdd\xd4\xdd\xf8\xfc\x85\xae4\xe8\\\x92\x9a67g\xf7\n\x8f\xc8\x9fF&\x13\xb5\xe8\x00\xac\x8aC\xd9\xfd\r\x95h5\xc4|\xc5\x0e\xd8n\x97cl\xd9pOT\xa0=\xf6\xd42\x932\xca9\xf6\xebL\xd5\x81H\xa1i,\xdb\xabvsE+B\xfd\xdc\xc6O\x99\xf8\x91\x1c\xe1\xb4\x8d\xb2L\xde\x11\x95$\x1eR\xc3\xa5q\xc7wp\xacb\xa5\xb7\xe0m\x85(a\xf2\x180\xc0>\x13\xfbRL\v\xf3\xd5\x9e\xa5\x13\x807b\xed\xc5\xb0\x98\x19W\xcb>#rm\xa6\xab\xc7\xdcO\xb0\xed0!\x19\xed\xe2\xd5t\x0e\xe6\xfcS\x9c@<9\x04\xf6Rc\x86T\\\xc7\xe8y\xdfox\xfb\xc9\x92^\xcd\xea\xd2\x83Zm\xc3a\xa2\xf2\xb0\xdc\x1a\x1d<\xa1\x8a@l\x10\xca\xfe\x89r\x9e\xba\xceB\xad\xe8J\xd8\x15`\x1f\xa4\x97T\x10\xe7\xb2A\\\xea\xac1', 0x0, 0x4) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/pcmC0D0p\x00', 0x2000, 0x0) openat$auto_fops_atomic_t_(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/fail_usercopy/times\x00', 0x220043, 0x0) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) seccomp$auto(0x3, 0x8, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) capset$auto(0x0, &(0x7f0000000100)={0x1ff, 0xfff, 0x1000}) openat$auto_msr_fops_msr(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cpu/1/msr\x00', 0xf82, 0x0) flock$auto(0xffffffffffffffff, 0x8) mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x3fd, 0x8000) close_range$auto(0x2, 0xa, 0x0) io_uring_setup$auto(0x3ff, 0x0) mmap$auto(0x0, 0x8, 0x329, 0x10011, 0x2, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) r1 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000180)='/dev/binderfs/binder0\x00', 0x0, 0x0) ioctl$auto_BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000000)="2f4ec64e6e5bcccc12f6532ed33d77f5c7b2f661e6e5be59699b83a214cdfe1199") 0s ago: executing program 0 (id=550): socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = io_uring_setup$auto(0x1, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000012c0)='/sys/devices/virtual/ptp/ptp0/n_vclocks\x00', 0x8502, 0x0) write$auto(r1, &(0x7f0000000100)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x14\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3C', 0x4) read$auto_tomoyo_self_operations_securityfs_if(r0, &(0x7f00000001c0)=""/4096, 0x1000) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22040, 0x75) socket(0x840000000002, 0x3, 0xff) connect$auto(0x3, &(0x7f0000000000), 0x55) getrandom$auto(0x0, 0x6000000, 0x3) setsockopt$auto(0x3, 0x0, 0x1, 0x0, 0x2) alarm$auto(0x2) mmap$auto(0x0, 0x22009, 0x4000000000df, 0xeb1, 0x401, 0x8400) socket(0xa, 0x1, 0x100) modify_ldt$auto(0x1, 0x0, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x40, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$auto_MACSEC_CMD_UPD_RXSA(r2, &(0x7f0000006200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000001c0)=ANY=[@ANYBLOB='~\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="230027bd7000fcdbdf250900000008000380040001800400028008000100", @ANYRES32=0x0, @ANYBLOB], 0x28}, 0x1, 0x0, 0x0, 0x4008000}, 0x0) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r4, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/loop10/queue/atomic_write_unit_min_bytes\x00', 0x60240, 0x0) read$auto(r5, 0x0, 0x100000001) write$auto(0x3, 0x0, 0xfffffffffffffff7) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x8800) openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.208' (ED25519) to the list of known hosts. [ 97.024103][ T975] cfg80211: failed to load regulatory.db [ 98.606719][ T5815] cgroup: Unknown subsys name 'net' [ 98.799612][ T5815] cgroup: Unknown subsys name 'cpuset' [ 98.808888][ T5815] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 100.719676][ T5815] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 103.148340][ T5833] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 103.183191][ T5842] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 103.189654][ T5838] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 103.192471][ T5842] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 103.199006][ T5838] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 103.213122][ T5838] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 103.221331][ T5838] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 103.230240][ T5838] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 103.230669][ T5842] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 103.238143][ T5838] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 103.253034][ T5844] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 103.278373][ T5843] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 103.288125][ T5843] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 103.295448][ T5139] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 103.311912][ T5843] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 103.322870][ T5845] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 103.335328][ T5843] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 103.343148][ T5843] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 103.360461][ T5843] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 103.368322][ T5843] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 103.847395][ T5830] chnl_net:caif_netlink_parms(): no params data found [ 103.963273][ T5835] chnl_net:caif_netlink_parms(): no params data found [ 104.103252][ T5831] chnl_net:caif_netlink_parms(): no params data found [ 104.228641][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.237082][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.244659][ T5830] bridge_slave_0: entered allmulticast mode [ 104.252200][ T5830] bridge_slave_0: entered promiscuous mode [ 104.299506][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.307170][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.314358][ T5830] bridge_slave_1: entered allmulticast mode [ 104.321777][ T5830] bridge_slave_1: entered promiscuous mode [ 104.380698][ T5835] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.388519][ T5835] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.397739][ T5835] bridge_slave_0: entered allmulticast mode [ 104.405325][ T5835] bridge_slave_0: entered promiscuous mode [ 104.413011][ T5832] chnl_net:caif_netlink_parms(): no params data found [ 104.456585][ T5835] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.463759][ T5835] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.471497][ T5835] bridge_slave_1: entered allmulticast mode [ 104.479895][ T5835] bridge_slave_1: entered promiscuous mode [ 104.522687][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.530106][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.537445][ T5831] bridge_slave_0: entered allmulticast mode [ 104.545156][ T5831] bridge_slave_0: entered promiscuous mode [ 104.556906][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 104.579353][ T5835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 104.588685][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.596184][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.603390][ T5831] bridge_slave_1: entered allmulticast mode [ 104.611684][ T5831] bridge_slave_1: entered promiscuous mode [ 104.621482][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 104.646909][ T5835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 104.766204][ T5835] team0: Port device team_slave_0 added [ 104.775230][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 104.786757][ T5835] team0: Port device team_slave_1 added [ 104.795265][ T5830] team0: Port device team_slave_0 added [ 104.809452][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 104.835596][ T5830] team0: Port device team_slave_1 added [ 104.931486][ T5831] team0: Port device team_slave_0 added [ 104.939266][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 104.946521][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.973126][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 104.999197][ T5832] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.006804][ T5832] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.014158][ T5832] bridge_slave_0: entered allmulticast mode [ 105.021830][ T5832] bridge_slave_0: entered promiscuous mode [ 105.031056][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.038332][ T5832] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.047007][ T5832] bridge_slave_1: entered allmulticast mode [ 105.054287][ T5832] bridge_slave_1: entered promiscuous mode [ 105.063227][ T5831] team0: Port device team_slave_1 added [ 105.086145][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 105.093138][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.124607][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 105.136884][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 105.143835][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.170347][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 105.183868][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 105.191957][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.218547][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 105.291639][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 105.299456][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.326220][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 105.337721][ T5836] Bluetooth: hci0: command tx timeout [ 105.337727][ T5843] Bluetooth: hci3: command tx timeout [ 105.340517][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 105.356824][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.382933][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 105.412816][ T5832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 105.422458][ T5843] Bluetooth: hci2: command tx timeout [ 105.424871][ T5843] Bluetooth: hci1: command tx timeout [ 105.436991][ T5832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 105.535379][ T5835] hsr_slave_0: entered promiscuous mode [ 105.541927][ T5835] hsr_slave_1: entered promiscuous mode [ 105.583825][ T5830] hsr_slave_0: entered promiscuous mode [ 105.590352][ T5830] hsr_slave_1: entered promiscuous mode [ 105.596759][ T5830] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 105.605895][ T5830] Cannot create hsr debugfs directory [ 105.632541][ T5832] team0: Port device team_slave_0 added [ 105.644299][ T5831] hsr_slave_0: entered promiscuous mode [ 105.653408][ T5831] hsr_slave_1: entered promiscuous mode [ 105.660301][ T5831] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 105.668085][ T5831] Cannot create hsr debugfs directory [ 105.697070][ T5832] team0: Port device team_slave_1 added [ 105.822456][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 105.829845][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.856195][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 105.888866][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 105.896131][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.923563][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 106.101002][ T5832] hsr_slave_0: entered promiscuous mode [ 106.109147][ T5832] hsr_slave_1: entered promiscuous mode [ 106.115893][ T5832] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 106.123476][ T5832] Cannot create hsr debugfs directory [ 106.349459][ T5835] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 106.389364][ T5835] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 106.416278][ T5835] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 106.443012][ T5835] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 106.511973][ T5830] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 106.535345][ T5830] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 106.547840][ T5830] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 106.572407][ T5830] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 106.624211][ T5831] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 106.647835][ T5831] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 106.687910][ T5831] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 106.717193][ T5831] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 106.804703][ T5832] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 106.815740][ T5832] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 106.830297][ T5832] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 106.843569][ T5832] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 106.960123][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.994309][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0 [ 107.054165][ T5830] 8021q: adding VLAN 0 to HW filter on device team0 [ 107.079234][ T5835] 8021q: adding VLAN 0 to HW filter on device team0 [ 107.099754][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.107117][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 107.127288][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.134518][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 107.158170][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.165460][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 107.199037][ T2998] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.206234][ T2998] bridge0: port 2(bridge_slave_1) entered forwarding state [ 107.264944][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0 [ 107.302224][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0 [ 107.348183][ T5832] 8021q: adding VLAN 0 to HW filter on device team0 [ 107.388385][ T2998] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.396105][ T2998] bridge0: port 1(bridge_slave_0) entered forwarding state [ 107.415185][ T5843] Bluetooth: hci3: command tx timeout [ 107.415372][ T5836] Bluetooth: hci0: command tx timeout [ 107.432072][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.439518][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 107.461116][ T5831] 8021q: adding VLAN 0 to HW filter on device team0 [ 107.494452][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.501675][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 107.510219][ T5836] Bluetooth: hci1: command tx timeout [ 107.510230][ T5843] Bluetooth: hci2: command tx timeout [ 107.570545][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.577728][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 107.752907][ T5831] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 107.983790][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 108.138842][ T5830] veth0_vlan: entered promiscuous mode [ 108.203953][ T5830] veth1_vlan: entered promiscuous mode [ 108.233793][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 108.358115][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 108.397871][ T5830] veth0_macvtap: entered promiscuous mode [ 108.413767][ T5830] veth1_macvtap: entered promiscuous mode [ 108.422358][ T5835] veth0_vlan: entered promiscuous mode [ 108.446091][ T5835] veth1_vlan: entered promiscuous mode [ 108.467637][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 108.500291][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 108.518172][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 108.543001][ T5830] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.552465][ T5830] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.562648][ T5830] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.572744][ T5830] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.638772][ T5835] veth0_macvtap: entered promiscuous mode [ 108.661388][ T5831] veth0_vlan: entered promiscuous mode [ 108.685054][ T5835] veth1_macvtap: entered promiscuous mode [ 108.740131][ T5831] veth1_vlan: entered promiscuous mode [ 108.771080][ T5832] veth0_vlan: entered promiscuous mode [ 108.793562][ T2998] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.801866][ T2998] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.809606][ T5832] veth1_vlan: entered promiscuous mode [ 108.820668][ T5835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 108.834201][ T5835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 108.847340][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 108.911146][ T5835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 108.922733][ T5835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 108.934291][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 108.972250][ T5835] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.974927][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.981449][ T5835] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.995696][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.003736][ T5835] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.013778][ T5835] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.026535][ T5831] veth0_macvtap: entered promiscuous mode [ 109.048453][ T5831] veth1_macvtap: entered promiscuous mode [ 109.117819][ T5830] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 109.139770][ T5832] veth0_macvtap: entered promiscuous mode [ 109.158639][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 109.173224][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 109.194736][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 109.205822][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 109.238700][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 109.250477][ T5832] veth1_macvtap: entered promiscuous mode [ 109.282116][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 109.293838][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 109.304231][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 109.315331][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 109.327821][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 109.340344][ T5894] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78408 [ 109.377565][ T5831] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.387450][ T5894] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 109.395544][ T5831] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.405796][ T5831] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.415152][ T5831] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.427311][ T5894] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 109.444725][ T5894] page_type: f5(slab) [ 109.454802][ T5894] raw: 00fff00000000040 ffff88801b491000 dead000000000122 0000000000000000 [ 109.471235][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 109.492194][ T5894] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 109.495108][ T5836] Bluetooth: hci0: command tx timeout [ 109.501172][ T5843] Bluetooth: hci3: command tx timeout [ 109.512954][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 109.522984][ T5894] head: 00fff00000000040 ffff88801b491000 dead000000000122 0000000000000000 [ 109.531882][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 109.542837][ T5894] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 109.553777][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 109.564196][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 109.576727][ T5843] Bluetooth: hci1: command tx timeout [ 109.576738][ T5836] Bluetooth: hci2: command tx timeout [ 109.587723][ T5894] head: 00fff00000000001 ffffea0001e10201 00000000ffffffff 00000000ffffffff [ 109.596964][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 109.607013][ T5894] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 109.617486][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 109.625939][ T5894] page dumped because: unmovable page [ 109.631373][ T5894] page_owner tracks the page as allocated [ 109.638929][ T5894] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5677, tgid 5677 (sed), ts 82312209890, free_ts 78507738649 [ 109.654133][ T2998] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.660607][ T5894] post_alloc_hook+0x181/0x1b0 [ 109.680066][ T5894] get_page_from_freelist+0x135c/0x3920 [ 109.686472][ T5894] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 109.692509][ T5894] alloc_pages_mpol+0x1fb/0x550 [ 109.698253][ T5894] new_slab+0x244/0x340 [ 109.702463][ T5894] ___slab_alloc+0xd9c/0x1940 [ 109.704487][ T2998] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.707903][ T5894] __slab_alloc.constprop.0+0x56/0xb0 [ 109.722076][ T5894] kmem_cache_alloc_noprof+0xef/0x3b0 [ 109.741795][ T5894] mas_alloc_nodes+0x18b/0x8b0 [ 109.764576][ T5894] mas_node_count_gfp+0x105/0x130 [ 109.769713][ T5894] mas_preallocate+0x53e/0xcd0 [ 109.783474][ T5894] __split_vma+0x33b/0x1030 [ 109.795756][ T5894] vms_gather_munmap_vmas+0x392/0x1310 [ 109.804669][ T5894] __mmap_region+0x314/0x27c0 [ 109.809421][ T5894] mmap_region+0x1ab/0x3f0 [ 109.813895][ T5894] do_mmap+0xd8e/0x11b0 [ 109.821928][ T5894] page last free pid 15 tgid 15 stack trace: [ 109.837986][ T5894] __free_frozen_pages+0x69d/0xff0 [ 109.847426][ T5894] tlb_remove_table_rcu+0x116/0x1a0 [ 109.854766][ T5894] rcu_core+0x79c/0x14e0 [ 109.859083][ T5894] handle_softirqs+0x219/0x8e0 [ 109.863887][ T5894] run_ksoftirqd+0x3a/0x60 [ 109.879160][ T5894] smpboot_thread_fn+0x3f7/0xae0 [ 109.887874][ T5894] kthread+0x3c5/0x780 [ 109.897947][ T5894] ret_from_fork+0x48/0x80 [ 109.924850][ T5894] ret_from_fork_asm+0x1a/0x30 [ 109.971355][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 109.994430][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 110.012249][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 110.037959][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 110.048369][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 110.065876][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 110.079658][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 110.156673][ T5832] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.169380][ T5832] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.188496][ T5832] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.207876][ T5832] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.245566][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.253494][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.348331][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.395432][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.484849][ T1139] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.492728][ T1139] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.609090][ T5895] mmap: syz.1.2 (5895) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 110.642316][ T1139] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.667178][ T1139] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.835434][ T37] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.884573][ T37] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.254999][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 111.340341][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 111.444561][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 111.575951][ T5843] Bluetooth: hci3: command tx timeout [ 111.575982][ T5836] Bluetooth: hci0: command tx timeout [ 111.668075][ T5836] Bluetooth: hci1: command tx timeout [ 111.668084][ T5843] Bluetooth: hci2: command tx timeout [ 111.885055][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 112.806219][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 112.814959][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 112.823605][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 112.832645][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 112.892709][ T5927] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 112.934761][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 114.935655][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 115.935203][ T5955] syz.0.11 uses obsolete (PF_INET,SOCK_PACKET) [ 119.848991][ T6000] netlink: 28 bytes leftover after parsing attributes in process `syz.3.22'. [ 120.066507][ T6000] bond0: (slave bond_slave_1): Releasing backup interface [ 120.236925][ T6000] Zero length message leads to an empty skb [ 120.416314][ T6006] FAULT_INJECTION: forcing a failure. [ 120.416314][ T6006] name fail_futex, interval 1, probability 0, space 0, times 1 [ 120.453139][ T6006] CPU: 1 UID: 0 PID: 6006 Comm: syz.3.22 Not tainted 6.15.0-rc6-syzkaller-00051-g405e6c37c89e #0 PREEMPT(full) [ 120.453172][ T6006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 120.453190][ T6006] Call Trace: [ 120.453197][ T6006] [ 120.453207][ T6006] dump_stack_lvl+0x16c/0x1f0 [ 120.453253][ T6006] should_fail_ex+0x512/0x640 [ 120.453289][ T6006] get_futex_key+0xabc/0x1000 [ 120.453315][ T6006] ? __pfx_get_futex_key+0x10/0x10 [ 120.453347][ T6006] futex_wake+0xe7/0x4e0 [ 120.453372][ T6006] ? rcu_is_watching+0x12/0xc0 [ 120.453396][ T6006] ? __pfx_futex_wake+0x10/0x10 [ 120.453436][ T6006] do_futex+0x1e3/0x350 [ 120.453460][ T6006] ? __pfx_do_futex+0x10/0x10 [ 120.453481][ T6006] ? __might_fault+0xe3/0x190 [ 120.453514][ T6006] mm_release+0x24e/0x300 [ 120.453539][ T6006] do_exit+0x898/0x2c30 [ 120.453568][ T6006] ? __pfx_futex_wake_mark+0x10/0x10 [ 120.453601][ T6006] ? __pfx_do_exit+0x10/0x10 [ 120.453630][ T6006] ? do_raw_spin_lock+0x12c/0x2b0 [ 120.453698][ T6006] ? find_held_lock+0x2b/0x80 [ 120.453741][ T6006] do_group_exit+0xd3/0x2a0 [ 120.453787][ T6006] get_signal+0x2673/0x26d0 [ 120.453829][ T6006] ? sctp_inet_connect+0x16e/0x200 [ 120.453864][ T6006] ? __local_bh_enable_ip+0xa4/0x120 [ 120.453904][ T6006] ? __pfx_get_signal+0x10/0x10 [ 120.453937][ T6006] ? do_futex+0x122/0x350 [ 120.453969][ T6006] ? __pfx_do_futex+0x10/0x10 [ 120.454026][ T6006] arch_do_signal_or_restart+0x8f/0x7a0 [ 120.454071][ T6006] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 120.454127][ T6006] ? rcu_is_watching+0x12/0xc0 [ 120.454163][ T6006] syscall_exit_to_user_mode+0x150/0x2a0 [ 120.454213][ T6006] do_syscall_64+0xda/0x230 [ 120.454251][ T6006] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.454286][ T6006] RIP: 0033:0x7f3de1b8e969 [ 120.454308][ T6006] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 120.454332][ T6006] RSP: 002b:00007f3de29a00e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 120.454353][ T6006] RAX: fffffffffffffe00 RBX: 00007f3de1db6168 RCX: 00007f3de1b8e969 [ 120.454367][ T6006] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f3de1db6168 [ 120.454387][ T6006] RBP: 00007f3de1db6160 R08: 0000000000000000 R09: 0000000000000000 [ 120.454404][ T6006] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3de1db616c [ 120.454421][ T6006] R13: 0000000000000000 R14: 00007ffe8f2619e0 R15: 00007ffe8f261ac8 [ 120.454456][ T6006] [ 121.109591][ T6007] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 121.136143][ T6007] CIFS mount error: No usable UNC path provided in device string! [ 121.136143][ T6007] [ 121.146451][ T6007] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 121.520439][ T6021] futex_wake_op: syz.2.23 tries to shift op by 64; fix this program [ 121.548686][ T5993] QAT: Device 0 not found [ 121.641165][ T6025] netlink: 28 bytes leftover after parsing attributes in process `syz.3.24'. [ 121.730142][ T6027] netlink: 4 bytes leftover after parsing attributes in process `syz.3.24'. [ 122.524131][ T6029] input: f¬ as /devices/virtual/input/input5 [ 123.522150][ T6042] capability: warning: `syz.2.26' uses 32-bit capabilities (legacy support in use) [ 124.419935][ T6052] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78408 [ 124.484127][ T6052] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 124.518927][ T6052] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 124.657642][ T6052] page_type: f5(slab) [ 124.728005][ T6052] raw: 00fff00000000040 ffff88801eebfb40 dead000000000122 0000000000000000 [ 124.796892][ T6055] could not allocate digest TFM handle binfmt_misc [ 124.803702][ T6052] raw: 0000000000000000 0000000000130013 00000000f5000000 0000000000000000 [ 124.909628][ T6052] head: 00fff00000000040 ffff88801eebfb40 dead000000000122 0000000000000000 [ 125.092158][ T6052] head: 0000000000000000 0000000000130013 00000000f5000000 0000000000000000 [ 125.107600][ T6067] process 'syz.0.31' launched ':,' with NULL argv: empty string added [ 125.157851][ T6067] FAULT_INJECTION: forcing a failure. [ 125.157851][ T6067] name failslab, interval 1, probability 0, space 0, times 1 [ 125.172141][ T6067] CPU: 0 UID: 0 PID: 6067 Comm: syz.0.31 Not tainted 6.15.0-rc6-syzkaller-00051-g405e6c37c89e #0 PREEMPT(full) [ 125.172186][ T6067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 125.172205][ T6067] Call Trace: [ 125.172216][ T6067] [ 125.172229][ T6067] dump_stack_lvl+0x16c/0x1f0 [ 125.172284][ T6067] should_fail_ex+0x512/0x640 [ 125.172335][ T6067] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 125.172389][ T6067] should_failslab+0xc2/0x120 [ 125.172433][ T6067] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 125.172471][ T6067] ? __pfx___might_resched+0x10/0x10 [ 125.172508][ T6067] ? __anon_vma_prepare+0xae/0x5e0 [ 125.172552][ T6067] __anon_vma_prepare+0xae/0x5e0 [ 125.172587][ T6067] ? __filemap_get_folio+0x333/0xc10 [ 125.172639][ T6067] __vmf_anon_prepare+0x11c/0x240 [ 125.172692][ T6067] hugetlb_fault+0x1f4e/0x2e90 [ 125.172733][ T6067] ? __pfx_hugetlb_fault+0x10/0x10 [ 125.172784][ T6067] ? find_vma+0xbf/0x140 [ 125.172829][ T6067] ? __pfx_find_vma+0x10/0x10 [ 125.172894][ T6067] handle_mm_fault+0x95d/0xad0 [ 125.172935][ T6067] do_user_addr_fault+0x7a6/0x1370 [ 125.172973][ T6067] ? rcu_is_watching+0x12/0xc0 [ 125.173008][ T6067] exc_page_fault+0x5c/0xc0 [ 125.173052][ T6067] asm_exc_page_fault+0x26/0x30 [ 125.173081][ T6067] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 125.173119][ T6067] Code: cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 e9 7f 09 04 00 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 125.173149][ T6067] RSP: 0018:ffffc900034f7c00 EFLAGS: 00050202 [ 125.173174][ T6067] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 00000000000001ff [ 125.173193][ T6067] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88807ce1ec00 [ 125.173213][ T6067] RBP: 00000000000001ff R08: 0000000000000001 R09: ffffed100f9c3dbf [ 125.173232][ T6067] R10: ffff88807ce1edfe R11: 0000000000000000 R12: 0000000000000000 [ 125.173252][ T6067] R13: ffff88807ce1ec00 R14: ffff88805f3cb430 R15: 0000000000000000 [ 125.173296][ T6067] _copy_from_user+0x98/0xd0 [ 125.173391][ T6067] memdup_user_nul+0x6c/0x120 [ 125.173442][ T6067] nsim_dev_health_break_write+0xbd/0x210 [ 125.173485][ T6067] ? __pfx_nsim_dev_health_break_write+0x10/0x10 [ 125.173541][ T6067] full_proxy_write+0x13f/0x200 [ 125.173587][ T6067] vfs_write+0x25c/0x1180 [ 125.173616][ T6067] ? __pfx_full_proxy_write+0x10/0x10 [ 125.173661][ T6067] ? __pfx___mutex_lock+0x10/0x10 [ 125.173711][ T6067] ? __pfx_vfs_write+0x10/0x10 [ 125.173757][ T6067] ? __fget_files+0x20e/0x3c0 [ 125.173802][ T6067] ksys_write+0x12a/0x240 [ 125.173835][ T6067] ? __pfx_ksys_write+0x10/0x10 [ 125.173866][ T6067] ? rcu_is_watching+0x12/0xc0 [ 125.173911][ T6067] do_syscall_64+0xcd/0x230 [ 125.173964][ T6067] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 125.173997][ T6067] RIP: 0033:0x7f234fb8e969 [ 125.174022][ T6067] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 125.174054][ T6067] RSP: 002b:00007f2350ade038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 125.174083][ T6067] RAX: ffffffffffffffda RBX: 00007f234fdb5fa0 RCX: 00007f234fb8e969 [ 125.174104][ T6067] RDX: 00000000000001ff RSI: 0000000000000000 RDI: 0000000000000006 [ 125.174124][ T6067] RBP: 00007f234fc10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 125.174144][ T6067] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 125.174164][ T6067] R13: 0000000000000000 R14: 00007f234fdb5fa0 R15: 00007ffea4834d58 [ 125.174209][ T6067] [ 125.302345][ T6052] head: 00fff00000000002 ffffea0001e10201 00000000ffffffff 00000000ffffffff [ 125.685182][ T6052] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 125.694040][ T6052] page dumped because: unmovable page [ 125.701123][ T6052] page_owner tracks the page as allocated [ 125.707834][ T6052] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5981, tgid 5979 (syz.1.16), ts 119160585242, free_ts 119147210254 [ 125.739723][ T6052] post_alloc_hook+0x181/0x1b0 [ 125.750320][ T6052] get_page_from_freelist+0x135c/0x3920 [ 125.904499][ T6052] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 125.962769][ T6052] alloc_pages_mpol+0x1fb/0x550 [ 126.042149][ T6052] new_slab+0x244/0x340 [ 126.046560][ T6052] ___slab_alloc+0xd9c/0x1940 [ 126.051329][ T6052] __slab_alloc.constprop.0+0x56/0xb0 [ 126.072395][ T6052] kmem_cache_alloc_node_noprof+0xf5/0x3b0 [ 126.078577][ T6052] kmalloc_reserve+0x18b/0x2c0 [ 126.083454][ T6052] __alloc_skb+0x166/0x380 [ 126.090349][ T6052] tipc_buf_acquire+0x26/0xe0 [ 126.095178][ T6052] tipc_msg_build+0x112/0x1150 [ 126.100015][ T6052] __tipc_sendmsg+0xa30/0x19a0 [ 126.104948][ T6052] tipc_sendmsg+0x4f/0x70 [ 126.109333][ T6052] ____sys_sendmsg+0xa98/0xc70 [ 126.114253][ T6052] ___sys_sendmsg+0x134/0x1d0 [ 126.119199][ T6052] page last free pid 1139 tgid 1139 stack trace: [ 126.147982][ T6052] __free_frozen_pages+0x69d/0xff0 [ 126.165760][ T6052] __folio_put+0x329/0x450 [ 126.170279][ T6052] kmem_cache_free_bulk.part.0+0x61c/0x7f0 [ 126.198729][ T6052] kvfree_rcu_bulk+0x1bb/0x1f0 [ 126.214899][ T6052] kfree_rcu_work+0x124/0x1a0 [ 126.235921][ T6052] process_one_work+0x9cc/0x1b70 [ 126.254731][ T6052] worker_thread+0x6c8/0xf10 [ 126.270435][ T6052] kthread+0x3c5/0x780 [ 126.284446][ T6052] ret_from_fork+0x48/0x80 [ 126.288919][ T6052] ret_from_fork_asm+0x1a/0x30 [ 126.388755][ T6074] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 127.163443][ T6087] netlink: 28 bytes leftover after parsing attributes in process `syz.2.35'. [ 127.196998][ T6087] ipvlan1: entered allmulticast mode [ 127.204567][ T6087] veth0_vlan: entered allmulticast mode [ 127.236356][ T6088] netlink: 330 bytes leftover after parsing attributes in process `syz.2.35'. [ 127.331345][ T6087] netlink: 20 bytes leftover after parsing attributes in process `syz.2.35'. [ 127.666984][ T6100] netlink: 86 bytes leftover after parsing attributes in process `syz.3.37'. [ 127.686247][ T6100] netlink: 28 bytes leftover after parsing attributes in process `syz.3.37'. [ 127.695352][ T6100] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 127.702795][ T6100] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 127.722738][ T6100] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 127.808938][ T6100] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 127.975747][ T6090] ubi0: attaching mtd0 [ 128.057330][ T6090] ubi0: scanning is finished [ 128.061971][ T6090] ubi0: empty MTD device detected [ 128.258599][ T6105] FAULT_INJECTION: forcing a failure. [ 128.258599][ T6105] name failslab, interval 1, probability 0, space 0, times 0 [ 128.271925][ T6105] CPU: 0 UID: 0 PID: 6105 Comm: syz.2.38 Not tainted 6.15.0-rc6-syzkaller-00051-g405e6c37c89e #0 PREEMPT(full) [ 128.271965][ T6105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 128.271982][ T6105] Call Trace: [ 128.271992][ T6105] [ 128.272004][ T6105] dump_stack_lvl+0x16c/0x1f0 [ 128.272056][ T6105] should_fail_ex+0x512/0x640 [ 128.272099][ T6105] ? fs_reclaim_acquire+0xae/0x150 [ 128.272150][ T6105] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 128.272196][ T6105] should_failslab+0xc2/0x120 [ 128.272232][ T6105] __kmalloc_noprof+0xd2/0x510 [ 128.272275][ T6105] tomoyo_realpath_from_path+0xc2/0x6e0 [ 128.272323][ T6105] ? tomoyo_profile+0x47/0x60 [ 128.272352][ T6105] tomoyo_path_number_perm+0x245/0x580 [ 128.272388][ T6105] ? tomoyo_path_number_perm+0x237/0x580 [ 128.272429][ T6105] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 128.272521][ T6105] ? d_alloc_parallel+0x979/0x12e0 [ 128.272568][ T6105] ? current_check_access_path+0x33c/0x460 [ 128.272611][ T6105] ? __pfx_current_check_access_path+0x10/0x10 [ 128.272665][ T6105] tomoyo_path_mknod+0x10c/0x190 [ 128.272694][ T6105] ? __pfx_tomoyo_path_mknod+0x10/0x10 [ 128.272727][ T6105] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 128.272775][ T6105] security_path_mknod+0x161/0x310 [ 128.272816][ T6105] lookup_open.isra.0+0xc17/0x1580 [ 128.272873][ T6105] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 128.272966][ T6105] ? __pfx_down_write+0x10/0x10 [ 128.272993][ T6105] ? mnt_get_write_access+0x20c/0x300 [ 128.273045][ T6105] path_openat+0x905/0x2d40 [ 128.273095][ T6105] ? __pfx_path_openat+0x10/0x10 [ 128.273156][ T6105] do_filp_open+0x20b/0x470 [ 128.273191][ T6105] ? __pfx_do_filp_open+0x10/0x10 [ 128.273284][ T6105] ? alloc_fd+0x471/0x7d0 [ 128.273327][ T6105] do_sys_openat2+0x11b/0x1d0 [ 128.273374][ T6105] ? __pfx_do_sys_openat2+0x10/0x10 [ 128.273440][ T6105] __x64_sys_openat+0x174/0x210 [ 128.273496][ T6105] ? __pfx___x64_sys_openat+0x10/0x10 [ 128.273547][ T6105] ? rcu_is_watching+0x12/0xc0 [ 128.273593][ T6105] do_syscall_64+0xcd/0x230 [ 128.273649][ T6105] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.273683][ T6105] RIP: 0033:0x7f7678f8e969 [ 128.273709][ T6105] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 128.273742][ T6105] RSP: 002b:00007f7679e43038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 128.273773][ T6105] RAX: ffffffffffffffda RBX: 00007f76791b6080 RCX: 00007f7678f8e969 [ 128.273807][ T6105] RDX: 0000000000060742 RSI: 0000000000000000 RDI: ffffffffffffff9c [ 128.273827][ T6105] RBP: 00007f7679010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 128.273846][ T6105] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 128.273865][ T6105] R13: 0000000000000000 R14: 00007f76791b6080 R15: 00007ffc4a06ba08 [ 128.273909][ T6105] [ 128.273921][ T6105] ERROR: Out of memory at tomoyo_realpath_from_path. [ 128.681686][ T6090] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 128.689659][ T6090] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 128.814528][ T6090] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 128.829750][ T6090] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 128.837537][ T6090] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 128.878617][ T6090] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 128.901393][ T6090] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 3185322261 [ 128.925186][ T6090] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 128.956256][ T6109] ubi0: background thread "ubi_bgt0d" started, PID 6109 [ 133.670077][ T6155] FAULT_INJECTION: forcing a failure. [ 133.670077][ T6155] name failslab, interval 1, probability 0, space 0, times 0 [ 133.704997][ T6155] CPU: 1 UID: 0 PID: 6155 Comm: syz.1.47 Not tainted 6.15.0-rc6-syzkaller-00051-g405e6c37c89e #0 PREEMPT(full) [ 133.705048][ T6155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 133.705067][ T6155] Call Trace: [ 133.705077][ T6155] [ 133.705088][ T6155] dump_stack_lvl+0x16c/0x1f0 [ 133.705139][ T6155] should_fail_ex+0x512/0x640 [ 133.705184][ T6155] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 133.705225][ T6155] should_failslab+0xc2/0x120 [ 133.705265][ T6155] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 133.705302][ T6155] ? __alloc_skb+0x2b2/0x380 [ 133.705341][ T6155] __alloc_skb+0x2b2/0x380 [ 133.705375][ T6155] ? __pfx___alloc_skb+0x10/0x10 [ 133.705411][ T6155] ? genl_rcv_msg+0x4bb/0x800 [ 133.705467][ T6155] netlink_ack+0x15d/0xb80 [ 133.705508][ T6155] ? __lock_acquire+0xaa4/0x1ba0 [ 133.705557][ T6155] netlink_rcv_skb+0x347/0x440 [ 133.705597][ T6155] ? __pfx_genl_rcv_msg+0x10/0x10 [ 133.705643][ T6155] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 133.705699][ T6155] ? __pfx_down_read+0x10/0x10 [ 133.705729][ T6155] ? netlink_deliver_tap+0x1ae/0xd30 [ 133.705773][ T6155] genl_rcv+0x28/0x40 [ 133.705816][ T6155] netlink_unicast+0x53a/0x7f0 [ 133.705862][ T6155] ? __pfx_netlink_unicast+0x10/0x10 [ 133.705910][ T6155] netlink_sendmsg+0x8d1/0xdd0 [ 133.705957][ T6155] ? __pfx_netlink_sendmsg+0x10/0x10 [ 133.706012][ T6155] __sys_sendto+0x498/0x510 [ 133.706052][ T6155] ? __pfx___sys_sendto+0x10/0x10 [ 133.706097][ T6155] ? fd_install+0x225/0x750 [ 133.706140][ T6155] ? xfd_validate_state+0x5d/0x180 [ 133.706172][ T6155] ? rcu_is_watching+0x12/0xc0 [ 133.706206][ T6155] __x64_sys_sendto+0xe0/0x1c0 [ 133.706237][ T6155] ? do_syscall_64+0x91/0x230 [ 133.706282][ T6155] ? lockdep_hardirqs_on+0x7c/0x110 [ 133.706325][ T6155] do_syscall_64+0xcd/0x230 [ 133.706374][ T6155] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.706404][ T6155] RIP: 0033:0x7f6c26f907fc [ 133.706428][ T6155] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b [ 133.706458][ T6155] RSP: 002b:00007f6c27e5cec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 133.706486][ T6155] RAX: ffffffffffffffda RBX: 00007f6c27e5cfc0 RCX: 00007f6c26f907fc [ 133.706507][ T6155] RDX: 0000000000000028 RSI: 00007f6c27e5d010 RDI: 0000000000000009 [ 133.706525][ T6155] RBP: 0000000000000000 R08: 00007f6c27e5cf14 R09: 000000000000000c [ 133.706544][ T6155] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000009 [ 133.706560][ T6155] R13: 00007f6c27e5cf68 R14: 00007f6c27e5d010 R15: 0000000000000000 [ 133.706598][ T6155] [ 134.070808][ T6164] random: crng reseeded on system resumption [ 135.490593][ T6181] netlink: 'syz.0.50': attribute type 11 has an invalid length. [ 135.539899][ T6181] netlink: 'syz.0.50': attribute type 11 has an invalid length. [ 135.549317][ T6181] netlink: 'syz.0.50': attribute type 11 has an invalid length. [ 137.981818][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 137.991192][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 142.385017][ T6257] FAULT_INJECTION: forcing a failure. [ 142.385017][ T6257] name failslab, interval 1, probability 0, space 0, times 0 [ 142.398994][ T6257] CPU: 1 UID: 0 PID: 6257 Comm: syz.2.64 Not tainted 6.15.0-rc6-syzkaller-00051-g405e6c37c89e #0 PREEMPT(full) [ 142.399037][ T6257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 142.399056][ T6257] Call Trace: [ 142.399066][ T6257] [ 142.399078][ T6257] dump_stack_lvl+0x16c/0x1f0 [ 142.399133][ T6257] should_fail_ex+0x512/0x640 [ 142.399181][ T6257] ? __kvmalloc_node_noprof+0x122/0x600 [ 142.399221][ T6257] should_failslab+0xc2/0x120 [ 142.399262][ T6257] __kvmalloc_node_noprof+0x135/0x600 [ 142.399299][ T6257] ? sbitmap_init_node+0x1ca/0x770 [ 142.399341][ T6257] ? sbitmap_init_node+0x1ca/0x770 [ 142.399373][ T6257] sbitmap_init_node+0x1ca/0x770 [ 142.399415][ T6257] sbitmap_queue_init_node+0x41/0x560 [ 142.399467][ T6257] blk_mq_init_tags+0x12d/0x2b0 [ 142.399502][ T6257] blk_mq_alloc_map_and_rqs+0x237/0xf10 [ 142.399555][ T6257] ? blk_mq_map_queues+0x211/0x410 [ 142.399601][ T6257] __blk_mq_alloc_map_and_rqs+0x128/0x1f0 [ 142.399655][ T6257] blk_mq_alloc_tag_set+0x75e/0x1250 [ 142.399717][ T6257] loop_add+0x3b7/0xb70 [ 142.399763][ T6257] ? do_vfs_ioctl+0x512/0x1990 [ 142.399807][ T6257] ? __pfx_loop_add+0x10/0x10 [ 142.399849][ T6257] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 142.399921][ T6257] ? find_held_lock+0x2b/0x80 [ 142.399959][ T6257] loop_control_ioctl+0x13c/0x630 [ 142.400009][ T6257] ? __pfx_loop_control_ioctl+0x10/0x10 [ 142.400063][ T6257] ? __pfx_loop_control_ioctl+0x10/0x10 [ 142.400112][ T6257] __x64_sys_ioctl+0x193/0x200 [ 142.400160][ T6257] do_syscall_64+0xcd/0x230 [ 142.400214][ T6257] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 142.400248][ T6257] RIP: 0033:0x7f7678f8e969 [ 142.400274][ T6257] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 142.400305][ T6257] RSP: 002b:00007f7679e64038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 142.400335][ T6257] RAX: ffffffffffffffda RBX: 00007f76791b5fa0 RCX: 00007f7678f8e969 [ 142.400356][ T6257] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000008 [ 142.400376][ T6257] RBP: 00007f7679010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 142.400395][ T6257] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 142.400413][ T6257] R13: 0000000000000000 R14: 00007f76791b5fa0 R15: 00007ffc4a06ba08 [ 142.400462][ T6257] [ 142.400627][ T6257] blk-mq: reduced tag depth (128 -> 64) [ 143.465096][ T6255] netlink: 342 bytes leftover after parsing attributes in process `syz.3.63'. [ 144.601677][ T5836] Bluetooth: hci1: Unable to find connection for big 0xd2 [ 146.936353][ T6313] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 147.174162][ T6312] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 148.346326][ T6332] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 148.357257][ T6332] FAULT_INJECTION: forcing a failure. [ 148.357257][ T6332] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 148.371923][ T6332] CPU: 0 UID: 0 PID: 6332 Comm: syz.3.84 Not tainted 6.15.0-rc6-syzkaller-00051-g405e6c37c89e #0 PREEMPT(full) [ 148.371969][ T6332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 148.371988][ T6332] Call Trace: [ 148.371999][ T6332] [ 148.372011][ T6332] dump_stack_lvl+0x16c/0x1f0 [ 148.372075][ T6332] should_fail_ex+0x512/0x640 [ 148.372130][ T6332] _copy_from_iter+0x2a4/0x15b0 [ 148.372189][ T6332] ? __alloc_skb+0x200/0x380 [ 148.372225][ T6332] ? __pfx__copy_from_iter+0x10/0x10 [ 148.372280][ T6332] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 148.372335][ T6332] netlink_sendmsg+0x829/0xdd0 [ 148.372396][ T6332] ? __pfx_netlink_sendmsg+0x10/0x10 [ 148.372455][ T6332] __sys_sendto+0x498/0x510 [ 148.372490][ T6332] ? __pfx___sys_sendto+0x10/0x10 [ 148.372538][ T6332] ? count_memcg_events_mm.constprop.0+0x138/0x340 [ 148.372615][ T6332] __x64_sys_sendto+0xe0/0x1c0 [ 148.372647][ T6332] ? do_syscall_64+0x91/0x230 [ 148.372693][ T6332] ? lockdep_hardirqs_on+0x7c/0x110 [ 148.372739][ T6332] do_syscall_64+0xcd/0x230 [ 148.372789][ T6332] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 148.372821][ T6332] RIP: 0033:0x7f3de1b907fc [ 148.372845][ T6332] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b [ 148.372876][ T6332] RSP: 002b:00007f3de299eec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 148.372905][ T6332] RAX: ffffffffffffffda RBX: 00007f3de299efc0 RCX: 00007f3de1b907fc [ 148.372927][ T6332] RDX: 0000000000000020 RSI: 00007f3de299f010 RDI: 0000000000000004 [ 148.372946][ T6332] RBP: 0000000000000000 R08: 00007f3de299ef14 R09: 000000000000000c [ 148.372976][ T6332] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000004 [ 148.372993][ T6332] R13: 00007f3de299ef68 R14: 00007f3de299f010 R15: 0000000000000000 [ 148.373032][ T6332] [ 148.806584][ T5836] Bluetooth: hci1: unexpected event 0x3e length: 1020 > 260 [ 148.806628][ T5836] Bluetooth: hci1: unexpected subevent 0x01 length: 1019 > 18 [ 149.873414][ T6342] netlink: 342 bytes leftover after parsing attributes in process `syz.1.77'. [ 150.337363][ T6349] netlink: 28 bytes leftover after parsing attributes in process `syz.3.79'. [ 150.570022][ T6349] team0: Port device team_slave_0 removed [ 150.808290][ T5843] Bluetooth: hci0: Unable to find connection for big 0xd2 [ 151.084214][ T6358] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 152.234995][ T6380] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input6 [ 152.257087][ T6365] netlink: 8 bytes leftover after parsing attributes in process `syz.0.91'. [ 152.716695][ T6381] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input7 [ 153.632550][ T6395] netlink: 28 bytes leftover after parsing attributes in process `syz.2.87'. [ 154.917301][ T6412] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 154.947135][ T6412] FAULT_INJECTION: forcing a failure. [ 154.947135][ T6412] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 155.008038][ T5843] Bluetooth: hci3: Unable to find connection for big 0xd2 [ 155.067983][ T5843] Bluetooth: hci0: unexpected event 0x3e length: 1020 > 260 [ 155.068028][ T5843] Bluetooth: hci0: unexpected subevent 0x01 length: 1019 > 18 [ 155.078804][ T6412] CPU: 1 UID: 0 PID: 6412 Comm: syz.1.90 Not tainted 6.15.0-rc6-syzkaller-00051-g405e6c37c89e #0 PREEMPT(full) [ 155.078849][ T6412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 155.078871][ T6412] Call Trace: [ 155.078883][ T6412] [ 155.078894][ T6412] dump_stack_lvl+0x16c/0x1f0 [ 155.078949][ T6412] should_fail_ex+0x512/0x640 [ 155.079007][ T6412] _copy_from_iter+0x2a4/0x15b0 [ 155.079065][ T6412] ? __alloc_skb+0x200/0x380 [ 155.079105][ T6412] ? __pfx__copy_from_iter+0x10/0x10 [ 155.079162][ T6412] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 155.079222][ T6412] netlink_sendmsg+0x829/0xdd0 [ 155.079275][ T6412] ? __pfx_netlink_sendmsg+0x10/0x10 [ 155.079336][ T6412] __sys_sendto+0x498/0x510 [ 155.079372][ T6412] ? __pfx___sys_sendto+0x10/0x10 [ 155.079431][ T6412] ? count_memcg_events_mm.constprop.0+0x138/0x340 [ 155.079513][ T6412] __x64_sys_sendto+0xe0/0x1c0 [ 155.079548][ T6412] ? do_syscall_64+0x91/0x230 [ 155.079599][ T6412] ? lockdep_hardirqs_on+0x7c/0x110 [ 155.079648][ T6412] do_syscall_64+0xcd/0x230 [ 155.079706][ T6412] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.079741][ T6412] RIP: 0033:0x7f6c26f907fc [ 155.079767][ T6412] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b [ 155.079800][ T6412] RSP: 002b:00007f6c27e1aec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 155.079831][ T6412] RAX: ffffffffffffffda RBX: 00007f6c27e1afc0 RCX: 00007f6c26f907fc [ 155.079854][ T6412] RDX: 0000000000000020 RSI: 00007f6c27e1b010 RDI: 0000000000000004 [ 155.079874][ T6412] RBP: 0000000000000000 R08: 00007f6c27e1af14 R09: 000000000000000c [ 155.079895][ T6412] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000004 [ 155.079914][ T6412] R13: 00007f6c27e1af68 R14: 00007f6c27e1b010 R15: 0000000000000000 [ 155.079957][ T6412] [ 155.357862][ T6406] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 156.152805][ T6430] bond0: option all_slaves_active: invalid value () [ 156.407705][ T6430] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 157.007636][ T6438] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input8 [ 157.388522][ T6443] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input9 [ 158.296457][ T5843] Bluetooth: hci2: Unable to find connection for big 0xd2 [ 158.319574][ T6463] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 159.874766][ T5843] Bluetooth: hci3: Unable to find connection for big 0xd2 [ 160.114128][ T6485] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 160.583579][ T6498] Invalid ELF header magic: != ELF [ 160.625676][ T5843] Bluetooth: hci1: Unable to find connection for big 0xd2 [ 160.718319][ T6502] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 161.067609][ T6506] netlink: 28 bytes leftover after parsing attributes in process `syz.0.106'. [ 161.168833][ T6494] netlink: 342 bytes leftover after parsing attributes in process `syz.2.105'. [ 161.202206][ T6506] team0: Port device team_slave_0 removed [ 161.454520][ T6500] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 161.454520][ T6500] The task syz.1.113 (6500) triggered the difference, watch for misbehavior. [ 162.095286][ T6531] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 162.466650][ T6533] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 163.859480][ T6547] FAULT_INJECTION: forcing a failure. [ 163.859480][ T6547] name failslab, interval 1, probability 0, space 0, times 0 [ 163.877804][ T6547] CPU: 1 UID: 0 PID: 6547 Comm: syz.3.116 Not tainted 6.15.0-rc6-syzkaller-00051-g405e6c37c89e #0 PREEMPT(full) [ 163.877851][ T6547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 163.877870][ T6547] Call Trace: [ 163.877881][ T6547] [ 163.877892][ T6547] dump_stack_lvl+0x16c/0x1f0 [ 163.877944][ T6547] should_fail_ex+0x512/0x640 [ 163.877992][ T6547] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 163.878032][ T6547] should_failslab+0xc2/0x120 [ 163.878072][ T6547] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 163.878109][ T6547] ? seq_open+0x55/0x170 [ 163.878154][ T6547] seq_open+0x55/0x170 [ 163.878192][ T6547] ftrace_event_set_pid_open+0x13a/0x270 [ 163.878241][ T6547] do_dentry_open+0x741/0x1c10 [ 163.878276][ T6547] ? __pfx_ftrace_event_set_pid_open+0x10/0x10 [ 163.878329][ T6547] vfs_open+0x82/0x3f0 [ 163.878377][ T6547] path_openat+0x1e5e/0x2d40 [ 163.878425][ T6547] ? __pfx_path_openat+0x10/0x10 [ 163.878468][ T6547] do_filp_open+0x20b/0x470 [ 163.878501][ T6547] ? __pfx_do_filp_open+0x10/0x10 [ 163.878560][ T6547] ? alloc_fd+0x471/0x7d0 [ 163.878602][ T6547] do_sys_openat2+0x11b/0x1d0 [ 163.878646][ T6547] ? __pfx_do_sys_openat2+0x10/0x10 [ 163.878703][ T6547] __x64_sys_openat+0x174/0x210 [ 163.878748][ T6547] ? __pfx___x64_sys_openat+0x10/0x10 [ 163.878804][ T6547] ? rcu_is_watching+0x12/0xc0 [ 163.878847][ T6547] do_syscall_64+0xcd/0x230 [ 163.878900][ T6547] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 163.878932][ T6547] RIP: 0033:0x7f3de1b8e969 [ 163.878957][ T6547] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 163.878988][ T6547] RSP: 002b:00007f3de29e2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 163.879017][ T6547] RAX: ffffffffffffffda RBX: 00007f3de1db5fa0 RCX: 00007f3de1b8e969 [ 163.879038][ T6547] RDX: 0000000000002002 RSI: 0000200000002640 RDI: ffffffffffffff9c [ 163.879058][ T6547] RBP: 00007f3de1c10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 163.879078][ T6547] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 163.879097][ T6547] R13: 0000000000000000 R14: 00007f3de1db5fa0 R15: 00007ffe8f261ac8 [ 163.879138][ T6547] [ 165.650050][ T6564] netlink: 342 bytes leftover after parsing attributes in process `syz.0.120'. [ 166.377390][ T6580] FAULT_INJECTION: forcing a failure. [ 166.377390][ T6580] name failslab, interval 1, probability 0, space 0, times 0 [ 166.403537][ T6580] CPU: 0 UID: 0 PID: 6580 Comm: syz.0.124 Not tainted 6.15.0-rc6-syzkaller-00051-g405e6c37c89e #0 PREEMPT(full) [ 166.403583][ T6580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 166.403614][ T6580] Call Trace: [ 166.403624][ T6580] [ 166.403636][ T6580] dump_stack_lvl+0x16c/0x1f0 [ 166.403688][ T6580] should_fail_ex+0x512/0x640 [ 166.403734][ T6580] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 166.403772][ T6580] should_failslab+0xc2/0x120 [ 166.403822][ T6580] __kmalloc_cache_noprof+0x6a/0x3e0 [ 166.403855][ T6580] ? devlink_fmsg_nest_common.part.0+0x48/0x1e0 [ 166.403905][ T6580] devlink_fmsg_nest_common.part.0+0x48/0x1e0 [ 166.403951][ T6580] devlink_fmsg_u64_pair_put+0x270/0x2f0 [ 166.403995][ T6580] ? __pfx_devlink_fmsg_u64_pair_put+0x10/0x10 [ 166.404042][ T6580] ? devlink_fmsg_nest_common.part.0+0xcd/0x1e0 [ 166.404092][ T6580] nsim_dev_dummy_fmsg_put+0x61/0x1e0 [ 166.404132][ T6580] devlink_health_do_dump+0x243/0x620 [ 166.404182][ T6580] devlink_health_report+0x3c9/0x9c0 [ 166.404234][ T6580] ? __pfx_devlink_health_report+0x10/0x10 [ 166.404281][ T6580] ? _copy_from_user+0x59/0xd0 [ 166.404338][ T6580] nsim_dev_health_break_write+0x166/0x210 [ 166.404376][ T6580] ? __pfx_nsim_dev_health_break_write+0x10/0x10 [ 166.404430][ T6580] full_proxy_write+0x13f/0x200 [ 166.404473][ T6580] vfs_write+0x25c/0x1180 [ 166.404519][ T6580] ? __pfx_full_proxy_write+0x10/0x10 [ 166.404565][ T6580] ? __pfx___mutex_lock+0x10/0x10 [ 166.404614][ T6580] ? __pfx_vfs_write+0x10/0x10 [ 166.404661][ T6580] ? __fget_files+0x20e/0x3c0 [ 166.404705][ T6580] ksys_write+0x12a/0x240 [ 166.404737][ T6580] ? __pfx_ksys_write+0x10/0x10 [ 166.404768][ T6580] ? rcu_is_watching+0x12/0xc0 [ 166.404820][ T6580] do_syscall_64+0xcd/0x230 [ 166.404875][ T6580] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.404909][ T6580] RIP: 0033:0x7f234fb8e969 [ 166.404934][ T6580] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 166.404965][ T6580] RSP: 002b:00007f2350ade038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 166.404996][ T6580] RAX: ffffffffffffffda RBX: 00007f234fdb5fa0 RCX: 00007f234fb8e969 [ 166.405017][ T6580] RDX: 00000000000001ff RSI: 0000000000000000 RDI: 0000000000000005 [ 166.405036][ T6580] RBP: 00007f234fc10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 166.405055][ T6580] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 166.405074][ T6580] R13: 0000000000000000 R14: 00007f234fdb5fa0 R15: 00007ffea4834d58 [ 166.405123][ T6580] [ 166.670988][ T5843] Bluetooth: hci1: Unable to find connection for big 0xd2 [ 166.742919][ T6587] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 168.499810][ T6613] FAULT_INJECTION: forcing a failure. [ 168.499810][ T6613] name failslab, interval 1, probability 0, space 0, times 0 [ 168.568313][ T6613] CPU: 1 UID: 0 PID: 6613 Comm: syz.2.129 Not tainted 6.15.0-rc6-syzkaller-00051-g405e6c37c89e #0 PREEMPT(full) [ 168.568361][ T6613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 168.568381][ T6613] Call Trace: [ 168.568391][ T6613] [ 168.568403][ T6613] dump_stack_lvl+0x16c/0x1f0 [ 168.568469][ T6613] should_fail_ex+0x512/0x640 [ 168.568514][ T6613] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 168.568550][ T6613] should_failslab+0xc2/0x120 [ 168.568588][ T6613] __kmalloc_cache_noprof+0x6a/0x3e0 [ 168.568620][ T6613] ? ring_buffer_read_prepare+0x101/0x320 [ 168.568653][ T6613] ? kasan_save_track+0x14/0x30 [ 168.568692][ T6613] ring_buffer_read_prepare+0x101/0x320 [ 168.568730][ T6613] tracing_open+0x925/0xf90 [ 168.568767][ T6613] do_dentry_open+0x741/0x1c10 [ 168.568801][ T6613] ? __pfx_tracing_open+0x10/0x10 [ 168.568840][ T6613] vfs_open+0x82/0x3f0 [ 168.568887][ T6613] path_openat+0x1e5e/0x2d40 [ 168.568937][ T6613] ? __pfx_path_openat+0x10/0x10 [ 168.568982][ T6613] do_filp_open+0x20b/0x470 [ 168.569014][ T6613] ? __pfx_do_filp_open+0x10/0x10 [ 168.569080][ T6613] ? alloc_fd+0x471/0x7d0 [ 168.569123][ T6613] do_sys_openat2+0x11b/0x1d0 [ 168.569167][ T6613] ? __pfx_do_sys_openat2+0x10/0x10 [ 168.569229][ T6613] __x64_sys_openat+0x174/0x210 [ 168.569277][ T6613] ? __pfx___x64_sys_openat+0x10/0x10 [ 168.569319][ T6613] ? rcu_is_watching+0x12/0xc0 [ 168.569354][ T6613] do_syscall_64+0xcd/0x230 [ 168.569403][ T6613] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.569444][ T6613] RIP: 0033:0x7f7678f8e969 [ 168.569467][ T6613] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 168.569497][ T6613] RSP: 002b:00007f7679e64038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 168.569525][ T6613] RAX: ffffffffffffffda RBX: 00007f76791b5fa0 RCX: 00007f7678f8e969 [ 168.569546][ T6613] RDX: 0000000000000600 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 168.569565][ T6613] RBP: 00007f7679010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 168.569584][ T6613] R10: 000000000000ffeb R11: 0000000000000246 R12: 0000000000000000 [ 168.569602][ T6613] R13: 0000000000000000 R14: 00007f76791b5fa0 R15: 00007ffc4a06ba08 [ 168.569642][ T6613] [ 168.797841][ C1] vkms_vblank_simulate: vblank timer overrun [ 169.605482][ T6626] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 170.499409][ T6630] netlink: 342 bytes leftover after parsing attributes in process `syz.3.133'. [ 173.958976][ T6654] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 174.541890][ T6661] netlink: 28 bytes leftover after parsing attributes in process `syz.1.138'. [ 174.598144][ T6662] ubi: mtd0 is already attached to ubi0 [ 174.664718][ T6662] Invalid ELF header magic: != ELF [ 174.674505][ T6661] team0: Port device team_slave_0 removed [ 174.840548][ T6662] Invalid ELF header magic: != ELF [ 175.649639][ T6677] could not allocate digest TFM handle  [ 175.689771][ T6685] ptp ptp0: new virtual clock ptp1 [ 175.728461][ T6685] ptp ptp0: guarantee physical clock free running [ 177.548956][ T6703] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 178.054164][ T6721] tipc: Started in network mode [ 178.059828][ T6721] tipc: Node identity ee00, cluster identity 4711 [ 178.067023][ T6721] tipc: Node number set to 60928 [ 179.661523][ T6746] netlink: 28 bytes leftover after parsing attributes in process `syz.1.156'. [ 179.676915][ T6746] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 180.890554][ T6749] kAFS: No cell specified [ 181.456217][ T6763] CIFS mount error: No usable UNC path provided in device string! [ 181.456217][ T6763] [ 181.466648][ T6763] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 182.445896][ T6784] netlink: 330 bytes leftover after parsing attributes in process `syz.3.163'. [ 184.912785][ T6795] FAULT_INJECTION: forcing a failure. [ 184.912785][ T6795] name failslab, interval 1, probability 0, space 0, times 0 [ 184.937443][ T6795] CPU: 0 UID: 0 PID: 6795 Comm: syz.3.166 Not tainted 6.15.0-rc6-syzkaller-00051-g405e6c37c89e #0 PREEMPT(full) [ 184.937490][ T6795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 184.937509][ T6795] Call Trace: [ 184.937520][ T6795] [ 184.937534][ T6795] dump_stack_lvl+0x16c/0x1f0 [ 184.937599][ T6795] should_fail_ex+0x512/0x640 [ 184.937656][ T6795] should_failslab+0xc2/0x120 [ 184.937700][ T6795] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 184.937743][ T6795] ? skb_clone+0x190/0x3f0 [ 184.937789][ T6795] skb_clone+0x190/0x3f0 [ 184.937831][ T6795] netlink_deliver_tap+0xabd/0xd30 [ 184.937884][ T6795] netlink_unicast+0x6b2/0x7f0 [ 184.937934][ T6795] ? __pfx_netlink_unicast+0x10/0x10 [ 184.937975][ T6795] ? genl_rcv_msg+0x4bb/0x800 [ 184.938037][ T6795] netlink_ack+0x696/0xb80 [ 184.938095][ T6795] netlink_rcv_skb+0x347/0x440 [ 184.938139][ T6795] ? __pfx_genl_rcv_msg+0x10/0x10 [ 184.938192][ T6795] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 184.938260][ T6795] ? __pfx_down_read+0x10/0x10 [ 184.938294][ T6795] ? netlink_deliver_tap+0x1ae/0xd30 [ 184.938344][ T6795] genl_rcv+0x28/0x40 [ 184.938389][ T6795] netlink_unicast+0x53a/0x7f0 [ 184.938438][ T6795] ? __pfx_netlink_unicast+0x10/0x10 [ 184.938496][ T6795] netlink_sendmsg+0x8d1/0xdd0 [ 184.938548][ T6795] ? __pfx_netlink_sendmsg+0x10/0x10 [ 184.938620][ T6795] __sys_sendto+0x498/0x510 [ 184.938658][ T6795] ? __pfx___sys_sendto+0x10/0x10 [ 184.938711][ T6795] ? count_memcg_events_mm.constprop.0+0x138/0x340 [ 184.938791][ T6795] __x64_sys_sendto+0xe0/0x1c0 [ 184.938825][ T6795] ? do_syscall_64+0x91/0x230 [ 184.938874][ T6795] ? lockdep_hardirqs_on+0x7c/0x110 [ 184.938921][ T6795] do_syscall_64+0xcd/0x230 [ 184.938975][ T6795] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 184.939009][ T6795] RIP: 0033:0x7f3de1b907fc [ 184.939035][ T6795] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b [ 184.939068][ T6795] RSP: 002b:00007f3de29e0ec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 184.939099][ T6795] RAX: ffffffffffffffda RBX: 00007f3de29e0fc0 RCX: 00007f3de1b907fc [ 184.939122][ T6795] RDX: 0000000000000024 RSI: 00007f3de29e1010 RDI: 0000000000000009 [ 184.939142][ T6795] RBP: 0000000000000000 R08: 00007f3de29e0f14 R09: 000000000000000c [ 184.939163][ T6795] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000009 [ 184.939183][ T6795] R13: 00007f3de29e0f68 R14: 00007f3de29e1010 R15: 0000000000000000 [ 184.939238][ T6795] [ 185.192215][ T6811] tipc: Started in network mode [ 185.228546][ T6811] tipc: Node identity ee00, cluster identity 4711 [ 185.248228][ T6811] tipc: Node number set to 60928 [ 185.899235][ T6819] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 186.188085][ T6824] random: crng reseeded on system resumption [ 186.566769][ T6831] netlink: 330 bytes leftover after parsing attributes in process `syz.2.173'. [ 188.247226][ T6857] syz.0.178 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 188.658861][ T6858] netlink: 8 bytes leftover after parsing attributes in process `syz.0.178'. [ 189.696107][ T6878] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input11 [ 190.048016][ T6884] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input12 [ 191.596626][ T6905] netlink: 8 bytes leftover after parsing attributes in process `syz.1.186'. [ 194.071184][ T6935] netlink: 8 bytes leftover after parsing attributes in process `syz.3.193'. [ 194.623193][ T5843] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 195.376654][ T5843] Bluetooth: hci1: Unable to find connection for big 0xd2 [ 195.425588][ T6953] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 198.666387][ T7001] bond0: option all_slaves_active: invalid value () [ 199.082477][ T7009] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 199.439344][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.447523][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 202.028188][ T7049] bond0: option all_slaves_active: invalid value () [ 202.283795][ T7052] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 202.948389][ T7072] bond0: option all_slaves_active: invalid value () [ 203.278668][ T7069] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 204.022026][ T7092] ubi: mtd0 is already attached to ubi0 [ 205.838274][ T7105] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 206.008490][ T7119] netlink: 28 bytes leftover after parsing attributes in process `syz.1.227'. [ 206.674944][ T7119] syz.1.227 (7119) used greatest stack depth: 21272 bytes left [ 210.095676][ T7190] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input15 [ 211.558455][ T7224] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 212.749206][ T7240] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 214.028498][ T5874] smpboot: CPU 1 is now offline [ 214.064007][ T5843] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 216.707702][ T7286] bond0: option all_slaves_active: invalid value () [ 216.981386][ T7290] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 217.005525][ T7291] ptrace attach of "./syz-executor exec"[5835] was attempted by "./syz-executor exec"[7291] [ 222.443800][ T5843] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 224.248267][ T7388] svc: failed to register nfsdv3 RPC service (errno 101). [ 224.269437][ T7388] svc: failed to register nfsaclv3 RPC service (errno 101). [ 225.847698][ T5845] Bluetooth: hci2: command 0x0406 tx timeout [ 225.855952][ T5844] Bluetooth: hci3: command 0x0406 tx timeout [ 225.861987][ T5844] Bluetooth: hci0: command 0x0406 tx timeout [ 227.127347][ T56] Bluetooth: hci1: command 0x0406 tx timeout [ 229.143166][ T7454] netlink: 186 bytes leftover after parsing attributes in process `syz.1.293'. [ 229.195480][ T7457] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 230.885910][ T7483] ima: policy update failed [ 230.924529][ T30] audit: type=1802 audit(6042142932.662:2): pid=7483 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.307" res=0 errno=0 [ 230.958573][ T7483] netlink: 25 bytes leftover after parsing attributes in process `syz.3.307'. [ 233.223064][ T5833] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 236.972622][ T7556] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input16 [ 238.839529][ T7575] Invalid ELF header magic: != ELF syzkaller syzkaller login: [ 241.937692][ T5833] Bluetooth: hci2: unexpected event 0x02 length: 726 > 260 [ 242.678902][ T7617] syz.2.323 (7617): attempted to duplicate a private mapping with mremap. This is not supported. [ 242.896646][ T7628] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input18 [ 243.403217][ T7631] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input19 [ 248.774037][ T7713] netlink: 28 bytes leftover after parsing attributes in process `syz.2.342'. [ 248.941366][ T7713] bridge_slave_1: left allmulticast mode [ 248.988337][ T7713] bridge_slave_1: left promiscuous mode [ 249.063822][ T7713] bridge0: port 2(bridge_slave_1) entered disabled state [ 249.179490][ T7713] bridge_slave_0: left allmulticast mode [ 249.197786][ T7713] bridge_slave_0: left promiscuous mode [ 249.220503][ T7713] bridge0: port 1(bridge_slave_0) entered disabled state [ 250.498865][ T7726] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 251.353338][ T7734] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input20 [ 251.876518][ T7736] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input21 [ 256.016834][ T7800] bond0: option all_slaves_active: invalid value () [ 256.375419][ T7803] Invalid ELF header magic: != ELF [ 256.561637][ T7813] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 256.639428][ T7800] bond0: option all_slaves_active: invalid value () [ 259.436135][ T7817] FAULT_INJECTION: forcing a failure. [ 259.436135][ T7817] name failslab, interval 1, probability 0, space 0, times 0 [ 259.543863][ T7817] CPU: 0 UID: 0 PID: 7817 Comm: syz.0.363 Not tainted 6.15.0-rc6-syzkaller-00051-g405e6c37c89e #0 PREEMPT(full) [ 259.543895][ T7817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 259.543909][ T7817] Call Trace: [ 259.543916][ T7817] [ 259.543928][ T7817] dump_stack_lvl+0x16c/0x1f0 [ 259.543967][ T7817] should_fail_ex+0x512/0x640 [ 259.544001][ T7817] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 259.544031][ T7817] should_failslab+0xc2/0x120 [ 259.544060][ T7817] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 259.544087][ T7817] ? __pmd_alloc+0xc3/0x870 [ 259.544127][ T7817] __pmd_alloc+0xc3/0x870 [ 259.544164][ T7817] copy_page_range+0x420c/0x5f80 [ 259.544201][ T7817] ? __lock_acquire+0xaa4/0x1ba0 [ 259.544277][ T7817] ? __pfx_copy_page_range+0x10/0x10 [ 259.544325][ T7817] ? __pfx___might_resched+0x10/0x10 [ 259.544350][ T7817] ? __pfx_mas_store+0x10/0x10 [ 259.544369][ T7817] ? __vma_enter_locked+0x163/0x3f0 [ 259.544400][ T7817] ? copy_process+0x85dd/0x91a0 [ 259.544429][ T7817] ? down_write+0x14d/0x200 [ 259.544452][ T7817] ? up_write+0x1b2/0x520 [ 259.544488][ T7817] copy_process+0x862b/0x91a0 [ 259.544538][ T7817] ? __pfx_copy_process+0x10/0x10 [ 259.544570][ T7817] ? try_to_wake_up+0xa2f/0x1680 [ 259.544597][ T7817] ? plist_check_head+0xa3/0x150 [ 259.544622][ T7817] ? find_held_lock+0x2b/0x80 [ 259.544648][ T7817] ? wake_up_q+0xb0/0x160 [ 259.544666][ T7817] ? do_raw_spin_unlock+0x172/0x230 [ 259.544706][ T7817] kernel_clone+0xfc/0x960 [ 259.544735][ T7817] ? __pfx_futex_wake+0x10/0x10 [ 259.544764][ T7817] ? __pfx_kernel_clone+0x10/0x10 [ 259.544811][ T7817] __do_sys_clone+0xce/0x120 [ 259.544840][ T7817] ? __pfx___do_sys_clone+0x10/0x10 [ 259.544869][ T7817] ? ksys_unshare+0x687/0xa40 [ 259.544914][ T7817] ? rcu_is_watching+0x12/0xc0 [ 259.544944][ T7817] do_syscall_64+0xcd/0x230 [ 259.544980][ T7817] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 259.545002][ T7817] RIP: 0033:0x7f234fb8e969 [ 259.545020][ T7817] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 259.545042][ T7817] RSP: 002b:00007f2350addfe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 259.545062][ T7817] RAX: ffffffffffffffda RBX: 00007f234fdb5fa0 RCX: 00007f234fb8e969 [ 259.545077][ T7817] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000002360411 [ 259.545090][ T7817] RBP: 00007f234fc10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 259.545103][ T7817] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 259.545116][ T7817] R13: 0000000000000000 R14: 00007f234fdb5fa0 R15: 00007ffea4834d58 [ 259.545145][ T7817] [ 259.806112][ C0] vkms_vblank_simulate: vblank timer overrun [ 260.418552][ T7846] netlink: 28 bytes leftover after parsing attributes in process `syz.0.368'. [ 260.602451][ T7852] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input22 [ 260.900301][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 260.906679][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 261.173367][ T7854] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input23 [ 262.052920][ T7862] FAULT_INJECTION: forcing a failure. [ 262.052920][ T7862] name failslab, interval 1, probability 0, space 0, times 0 [ 262.141760][ T7862] CPU: 0 UID: 0 PID: 7862 Comm: syz.3.370 Not tainted 6.15.0-rc6-syzkaller-00051-g405e6c37c89e #0 PREEMPT(full) [ 262.141793][ T7862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 262.141808][ T7862] Call Trace: [ 262.141815][ T7862] [ 262.141824][ T7862] dump_stack_lvl+0x16c/0x1f0 [ 262.141863][ T7862] should_fail_ex+0x512/0x640 [ 262.141898][ T7862] ? __kvmalloc_node_noprof+0x122/0x600 [ 262.141927][ T7862] should_failslab+0xc2/0x120 [ 262.141957][ T7862] __kvmalloc_node_noprof+0x135/0x600 [ 262.141984][ T7862] ? __do_sys_setgroups+0x111/0x4e0 [ 262.142023][ T7862] ? __do_sys_setgroups+0x111/0x4e0 [ 262.142056][ T7862] __do_sys_setgroups+0x111/0x4e0 [ 262.142090][ T7862] ? rcu_is_watching+0x12/0xc0 [ 262.142122][ T7862] do_syscall_64+0xcd/0x230 [ 262.142161][ T7862] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 262.142185][ T7862] RIP: 0033:0x7f3de1b8e969 [ 262.142203][ T7862] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 262.142225][ T7862] RSP: 002b:00007f3de29c1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000074 [ 262.142258][ T7862] RAX: ffffffffffffffda RBX: 00007f3de1db6080 RCX: 00007f3de1b8e969 [ 262.142272][ T7862] RDX: 0000000000000000 RSI: 0000200000000540 RDI: 0000000000000007 [ 262.142285][ T7862] RBP: 00007f3de1c10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 262.142299][ T7862] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 262.142312][ T7862] R13: 0000000000000000 R14: 00007f3de1db6080 R15: 00007ffe8f261ac8 [ 262.142339][ T7862] [ 262.480684][ T30] audit: type=1800 audit(6042142964.202:3): pid=7863 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.370" name="dbroot" dev="configfs" ino=16289 res=0 errno=0 [ 265.170289][ T7900] netlink: 8 bytes leftover after parsing attributes in process `syz.0.378'. [ 266.989827][ T7924] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 269.554296][ T7963] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 271.170257][ T7986] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input24 [ 271.634396][ T7987] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input25 [ 271.894707][ T7993] netlink: 28 bytes leftover after parsing attributes in process `syz.3.395'. [ 272.970649][ T8008] netlink: 146 bytes leftover after parsing attributes in process `syz.0.406'. [ 273.116191][ T8013] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !PjE ùrõ£Ò„yù*›"¤l-ý¤ôy–ú„ [ 274.257806][ T8032] mkiss: ax0: crc mode is auto. [ 276.024743][ T8056] netlink: 346 bytes leftover after parsing attributes in process `syz.0.407'. [ 276.137635][ T8064] ptrace attach of "./syz-executor exec"[5835] was attempted by "./syz-executor exec"[8064] [ 277.722046][ T8073] netlink: 146 bytes leftover after parsing attributes in process `syz.3.411'. [ 277.925321][ T8080] debugfs: Directory '!PjE ùrõ£Ò„yù*›"¤l-ý¤ôy–ú„L̓÷ÓÄ]' with parent 'ieee80211' already present! [ 280.102091][ T8111] netlink: 346 bytes leftover after parsing attributes in process `syz.3.417'. [ 281.035105][ T5833] Bluetooth: hci0: unexpected subevent 0x19 length: 252 > 28 [ 281.042968][ T5833] Bluetooth: hci0: Unable to find connection with handle 0xc3d2 [ 284.236180][ T8144] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 284.287899][ T8144] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 284.370665][ T8144] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 284.437867][ T8144] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 284.478136][ T8144] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 284.549954][ T8144] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 284.641309][ T8144] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 284.670102][ T8144] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 284.715401][ T8144] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 284.809130][ T5833] Bluetooth: hci0: command 0x0406 tx timeout [ 284.837156][ T8144] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 284.868763][ T8144] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 284.919928][ T8144] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 286.488260][ T5833] Bluetooth: hci1: command 0x0406 tx timeout [ 286.667654][ T5833] Bluetooth: hci3: command 0x0406 tx timeout [ 286.888240][ T5833] Bluetooth: hci2: command 0x0406 tx timeout [ 286.894307][ T56] Bluetooth: hci0: command 0x0406 tx timeout [ 287.318939][ T8205] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input26 [ 287.545872][ T8213] random: crng reseeded on system resumption [ 287.696114][ T8214] netlink: 28 bytes leftover after parsing attributes in process `syz.2.433'. [ 288.020253][ T8219] smpboot: Booting Node 0 Processor 1 APIC 0x1 [ 288.580044][ T5833] Bluetooth: hci1: command 0x0406 tx timeout [ 288.728007][ T5833] Bluetooth: hci3: command 0x0406 tx timeout [ 288.973200][ T5833] Bluetooth: hci2: command 0x0406 tx timeout [ 288.979443][ T56] Bluetooth: hci0: command 0x0406 tx timeout [ 289.573131][ T8239] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input27 [ 289.783347][ T8240] netlink: 8 bytes leftover after parsing attributes in process `syz.0.437'. [ 290.647643][ T5833] Bluetooth: hci1: command 0x0406 tx timeout [ 290.817841][ T5833] Bluetooth: hci3: command 0x0406 tx timeout [ 291.047751][ T5833] Bluetooth: hci2: command 0x0406 tx timeout [ 293.057821][ T8285] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input28 [ 293.490347][ T8287] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input29 [ 293.529835][ T8293] netlink: 8 bytes leftover after parsing attributes in process `syz.1.446'. [ 296.719270][ T8334] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 297.304607][ T8334] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 298.474507][ T8361] Invalid ELF header magic: != ELF [ 299.614357][ T8382] bond0: option all_slaves_active: invalid value () [ 299.845417][ T8382] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 302.183649][ T8414] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 302.275194][ T8412] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input30 [ 303.059090][ T8418] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 305.162380][ T8460] netlink: 8 bytes leftover after parsing attributes in process `syz.2.476'. [ 306.819978][ T8478] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 308.129769][ T8507] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 310.201894][ T8540] netlink: 8 bytes leftover after parsing attributes in process `syz.1.489'. [ 312.109909][ T8570] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 313.677437][ T8585] ubi: mtd0 is already attached to ubi0 [ 317.949649][ T8645] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 321.277867][ T8694] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 322.137170][ T8708] bond0: option all_slaves_active: invalid value () [ 322.333533][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.340121][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 322.466269][ T8714] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 324.214203][ T8726] netlink: 330 bytes leftover after parsing attributes in process `syz.0.521'. [ 324.359499][ T8726] : renamed from bond_slave_1 (while UP) [ 324.386925][ T8728] netlink: 4 bytes leftover after parsing attributes in process `syz.2.522'. [ 324.991668][ T8730] Invalid ELF header magic: != ELF [ 325.074048][ T8739] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88807840bc00 pfn:0x78408 [ 325.148920][ T8739] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 325.156134][ T8739] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 325.265734][ T8739] raw: ffff88807840bc00 0000000000000000 00000001ffffffff 0000000000000000 [ 325.360234][ T8739] page dumped because: unmovable page [ 325.374460][ T8739] page_owner tracks the page as allocated [ 325.416630][ T8739] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xcc0(GFP_KERNEL), pid 8587, tgid 8578 (syz.1.499), ts 314266519785, free_ts 312675758015 [ 325.502966][ T8739] post_alloc_hook+0x181/0x1b0 [ 325.617583][ T8739] get_page_from_freelist+0x135c/0x3920 [ 325.658426][ T8739] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 325.669485][ T8739] alloc_pages_mpol+0x1fb/0x550 [ 325.674420][ T8739] alloc_pages_noprof+0x131/0x390 [ 325.769235][ T8739] get_free_pages_noprof+0xc/0x40 [ 325.857850][ T8739] kasan_populate_vmalloc_pte+0x2d/0x160 [ 325.946007][ T8739] __apply_to_page_range+0x617/0xd60 [ 325.999118][ T8739] pcpu_get_vm_areas+0x3842/0x5790 [ 326.035861][ T8739] pcpu_create_chunk+0x254/0x730 [ 326.059056][ T8739] pcpu_alloc_noprof+0x11e1/0x1470 [ 326.064217][ T8739] bpf_map_alloc_percpu+0x9a/0x4b0 [ 326.181245][ T8750] Invalid ELF header magic: != ELF [ 326.264195][ T8739] htab_map_alloc+0x10be/0x1540 [ 326.303101][ T8739] map_create+0x592/0x1db0 [ 326.336620][ T8739] __sys_bpf+0x47cc/0x4d80 [ 326.437762][ T8739] __x64_sys_bpf+0x78/0xc0 [ 326.442259][ T8739] page last free pid 5872 tgid 5872 stack trace: [ 326.696773][ T8739] __free_frozen_pages+0x69d/0xff0 [ 326.723760][ T8739] pcpu_free_pages.constprop.0+0x126/0x210 [ 326.740764][ T8739] pcpu_balance_workfn+0x26b/0xe00 [ 326.765002][ T8739] process_one_work+0x9cc/0x1b70 [ 326.803990][ T8739] worker_thread+0x6c8/0xf10 [ 326.908293][ T8739] kthread+0x3c5/0x780 [ 326.930307][ T8739] ret_from_fork+0x48/0x80 [ 326.934776][ T8739] ret_from_fork_asm+0x1a/0x30 [ 330.857791][ T8815] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input31 [ 331.473316][ T8824] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 334.177142][ T8873] ptp ptp0: delete virtual clock ptp1 [ 334.215627][ T8873] [ 334.218017][ T8873] ============================================ [ 334.224192][ T8873] WARNING: possible recursive locking detected [ 334.230366][ T8873] 6.15.0-rc6-syzkaller-00051-g405e6c37c89e #0 Not tainted [ 334.237488][ T8873] -------------------------------------------- [ 334.243643][ T8873] syz.0.550/8873 is trying to acquire lock: [ 334.249541][ T8873] ffff88802a6c4868 (&ptp->n_vclocks_mux){+.+.}-{4:4}, at: ptp_clock_unregister+0x21/0x250 [ 334.259494][ T8873] [ 334.259494][ T8873] but task is already holding lock: [ 334.266865][ T8873] ffff88814c752868 (&ptp->n_vclocks_mux){+.+.}-{4:4}, at: n_vclocks_store+0xf1/0x6d0 [ 334.276391][ T8873] [ 334.276391][ T8873] other info that might help us debug this: [ 334.284464][ T8873] Possible unsafe locking scenario: [ 334.284464][ T8873] [ 334.291924][ T8873] CPU0 [ 334.295212][ T8873] ---- [ 334.298516][ T8873] lock(&ptp->n_vclocks_mux); [ 334.303301][ T8873] lock(&ptp->n_vclocks_mux); [ 334.308085][ T8873] [ 334.308085][ T8873] *** DEADLOCK *** [ 334.308085][ T8873] [ 334.316240][ T8873] May be due to missing lock nesting notation [ 334.316240][ T8873] [ 334.324566][ T8873] 5 locks held by syz.0.550/8873: [ 334.329602][ T8873] #0: ffff8880290f0b78 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2a2/0x370 [ 334.338701][ T8873] #1: ffff888035f5e420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x240 [ 334.347725][ T8873] #2: ffff888059fa1488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 [ 334.357536][ T8873] #3: ffff88814c93c878 (kn->active#100){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 [ 334.367702][ T8873] #4: ffff88814c752868 (&ptp->n_vclocks_mux){+.+.}-{4:4}, at: n_vclocks_store+0xf1/0x6d0 [ 334.377689][ T8873] [ 334.377689][ T8873] stack backtrace: [ 334.383598][ T8873] CPU: 1 UID: 0 PID: 8873 Comm: syz.0.550 Not tainted 6.15.0-rc6-syzkaller-00051-g405e6c37c89e #0 PREEMPT(full) [ 334.383634][ T8873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 334.383661][ T8873] Call Trace: [ 334.383671][ T8873] [ 334.383683][ T8873] dump_stack_lvl+0x116/0x1f0 [ 334.383726][ T8873] print_deadlock_bug+0x1e9/0x240 [ 334.383761][ T8873] __lock_acquire+0xff7/0x1ba0 [ 334.383802][ T8873] lock_acquire+0x179/0x350 [ 334.383836][ T8873] ? ptp_clock_unregister+0x21/0x250 [ 334.383866][ T8873] ? __pfx___might_resched+0x10/0x10 [ 334.383895][ T8873] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 334.383939][ T8873] __mutex_lock+0x199/0xb90 [ 334.383977][ T8873] ? ptp_clock_unregister+0x21/0x250 [ 334.384006][ T8873] ? ptp_clock_unregister+0x21/0x250 [ 334.384035][ T8873] ? __pfx___mutex_lock+0x10/0x10 [ 334.384073][ T8873] ? synchronize_rcu_expedited+0x3b9/0x460 [ 334.384116][ T8873] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 334.384156][ T8873] ? ptp_clock_unregister+0x21/0x250 [ 334.384183][ T8873] ptp_clock_unregister+0x21/0x250 [ 334.384237][ T8873] ptp_vclock_unregister+0x11a/0x160 [ 334.384274][ T8873] unregister_vclock+0x108/0x1a0 [ 334.384306][ T8873] ? __pfx_unregister_vclock+0x10/0x10 [ 334.384338][ T8873] device_for_each_child_reverse+0x136/0x1a0 [ 334.384385][ T8873] ? __pfx_device_for_each_child_reverse+0x10/0x10 [ 334.384430][ T8873] ? __pfx_kstrtouint+0x10/0x10 [ 334.384467][ T8873] n_vclocks_store+0x4b6/0x6d0 [ 334.384499][ T8873] ? __pfx_n_vclocks_store+0x10/0x10 [ 334.384532][ T8873] ? find_held_lock+0x2b/0x80 [ 334.384559][ T8873] ? __pfx_n_vclocks_store+0x10/0x10 [ 334.384590][ T8873] dev_attr_store+0x58/0x80 [ 334.384623][ T8873] ? __pfx_dev_attr_store+0x10/0x10 [ 334.384658][ T8873] sysfs_kf_write+0xf2/0x150 [ 334.384698][ T8873] kernfs_fop_write_iter+0x351/0x510 [ 334.384732][ T8873] ? __pfx_sysfs_kf_write+0x10/0x10 [ 334.384772][ T8873] vfs_write+0x5bd/0x1180 [ 334.384798][ T8873] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 334.384834][ T8873] ? __pfx___mutex_lock+0x10/0x10 [ 334.384873][ T8873] ? __pfx_vfs_write+0x10/0x10 [ 334.384909][ T8873] ksys_write+0x12a/0x240 [ 334.384933][ T8873] ? __pfx_ksys_write+0x10/0x10 [ 334.384958][ T8873] ? rcu_is_watching+0x12/0xc0 [ 334.384986][ T8873] do_syscall_64+0xcd/0x230 [ 334.385027][ T8873] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 334.385054][ T8873] RIP: 0033:0x7f234fb8e969 [ 334.385076][ T8873] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 334.385103][ T8873] RSP: 002b:00007f2350ade038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 334.385128][ T8873] RAX: ffffffffffffffda RBX: 00007f234fdb5fa0 RCX: 00007f234fb8e969 [ 334.385145][ T8873] RDX: 0000000000000004 RSI: 0000200000000100 RDI: 0000000000000005 [ 334.385162][ T8873] RBP: 00007f234fc10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 334.385178][ T8873] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 334.385202][ T8873] R13: 0000000000000000 R14: 00007f234fdb5fa0 R15: 00007ffea4834d58 [ 334.385226][ T8873] [ 334.905111][ T8873] ptp ptp0: only physical clock in use now