last executing test programs: 2m4.433353544s ago: executing program 0 (id=268): set_mempolicy$auto(0x2, 0x0, 0xffffffff) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r0 = socket(0x2b, 0x1, 0x1) getsockopt$auto(r0, 0x1, 0x1a, 0x0, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0xf651, r1, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r2 = socket(0x9, 0x2, 0x7d) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'syzkaller1\x00'}) close_range$auto(0x0, 0xffffffffffffffff, 0x2) r4 = socket(0xa, 0x2, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptysd\x00', 0x404000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) r5 = socket(0x18, 0x5, 0x1) connect$auto(r5, &(0x7f0000000000)=@in={0x2, 0x100}, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x40047459, 0x0) madvise$auto(0x0, 0x2, 0x2) setresgid$auto(0x0, 0xee01, 0xffffffffffffffff) r6 = getegid() mmap$auto(0x400, 0x9, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8002) semctl$auto(0x7, 0x2, 0x13, 0x1) close_range$auto(r4, 0xfffffffffffff000, 0x2) r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) openat$auto_ipsec_dbg_fops_ipsec(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/netdevsim/netdevsim0/ports/3/ipsec\x00', 0xc2040, 0x0) r8 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r7, 0x4b72, r8) setregid$auto(r6, r6) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp\x00', 0x2c01, 0x0) 2m3.73571297s ago: executing program 0 (id=271): r0 = open(0x0, 0xd02, 0xc3) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) mbind$auto(0x0, 0x800605, 0x8003, &(0x7f0000000100)=0xffff, 0x3, 0x3) (async) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) (async) r1 = socket(0x2, 0x2, 0x0) (async) sendmsg$auto_NL80211_CMD_START_AP(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000140)={&(0x7f0000000340)={0x668, 0x0, 0x20, 0x70bd27, 0x25dfdbff, {}, [@NL80211_ATTR_FRAME={0x639, 0x33, "afa6e0335f4a2c0c9b03ed037529ed1f8c19df0534c0c618363857d371dfe3575f074ed09281c32a0f2392027bee6d0506bdc9f52f16c9cddce2ee2bf411b5c37071c69297cbc252870e10ae089076ebd6ce5e42336573f7457224fb6e4d5cbc4b2847351ae8b9723b261b5876aa693b1f99786a8aff10d220aadda3c7f68a53903dbf2891b524fb9d9f1935f6873af22229e32a71276fac61cfbb99a0e9896735a111f46a73d9141b874444d253c3bcc98c2eddc451cb222af5ff8bdf0222e89524e44e1550d57f65061818b2e64ed23cbadd4cd35c4e675a6c76c93487649d5e120e876eef7d33bda62ec8ff4194ac957e81ef9aea0f96d44b4d7d28d0a90f3f3f1ab2302188a33eba4baeb8a36328ff04c2f77de5f5c1a202b358ced0d7ea41158c3745dc867e377ecadeccfcd5b8b519bef4dabe08dc5d923fb1a0bcfb63eb4c8e2143c4d2132e5e9c82712afab78723dc43d092eeb8a1bf619dd7d7c27b9785b953d4506d0d5207f3e8b76284b7749045ca2b5f062013c53f35be3e4489a1b8e3232314c86fbe18a58751f0b58219c53c1907daa47745badd8947431a66134913519262c65969aae0a78e040810ad130354b65c729754e9af226114904d39c5b24eaf02702067fdae7ae01c7fb58aa834b3d815caabb1761ba0d83cf8d53502a268b63fc3501fb67ded5c1b1482367ee4f5214303dc652abe046ce1abf20a3f49e1036026d77c132d332e98878ea17bd994e882becd6fc52d9fd91260ef25c204390f2c88c9e8cccd2d3f51bb9a93f0765f02dd8422bd3715b1205811f72ef91397fd5ab58f60cd10542ef3fa257e6cb0c311287b1af50dac0fb5614eaa5e67563c8efd9e89bb8fc2d7c6c4f64e95768bed149a69a345aadb64c89bb9e4bec361d74bef891543a5c8ba242c434b476bad123aece2a552ad43999907b425f4df57d3e4ca2c2b865568e619be2ef134718b47b6055a0bcc8ea64ff4ebc05339f5481e3c6fceadbd6f4126ccca4fb0e6b2303c4ec0d591cb45a076706a700ff34ad1c569fd11674bcbab1228132f1bfe192d138f25ec2520da501ed6e583492447734f69fa581e64a96f90582f9d757e391c0d33ce8250cc7c9e0d3651801cb285c9eee5bd0224d388dddf8527e49ca9030fd7955e93e3365f9602b4a4ef1aaca177e44e7f1142c8ec0015f2b505a775afe9ae820df18adaad4b3924d8033965991fe1e59acbbad440bc64b3198a4eae215fd32283be418b6ee791a89eaf386422aed1ca9a18a0220f88a7609d536ffd7db73c9654cbe7a7835668771f8f2f98d58cf1d60cff1004ee2fb4c394bf3b48d0232866d382ceeae8f340bddb3ac677edc560982312ac13bf765db179a235e47ec0747d428fe273fda500641154f168cad55351172f93a970ccf26626ec89d52f64d89f0d7456212854f35542794264126abf75567f56cf0081de22def6305d279b2aabdb91ac0813ccd0a4e87dd63b3188cc10a3eee94e7af67e2ab5070bc5e639a204af69b49aef29b61c7efd1a9f4b6bc51659aeb399b34cf21dc827259991979828515c776d86f06cf69ea710e6be91ec0ea9e46e9d08e07ad2ab67a4b43e2d0763a4673a8002df95761309b011b25a6effab4da60e599c27e263394328da81b0af4ebcd6d838c1a9ff729482681115b4964be42bb4b8d8855c71450e9c48999e195227f41eb0fde516123e1da39f0db125045c3e5dadbfba05b329cf3d02dbd9fa01c75856ee233ef96b5e61f845560c640758d3883bb7ca2da85c9c5c15dc0f4033bc8140ec0965f91a4be0692c0348a3cc38fbac8a0e6db18433aeb3f05921c5cf614be4754f76c9e3323026a646d89a7a894e1b493a999af49864886b6ed68ce635ba2eeff167e99ac5fa5696aca29f1517b47f460151ca4b9afb34cc5ffbeb037ece8de9d223d8a1124b6c0ce000928070c021dc17499c9313264903ccc5ba90f9b0eb3c1617cb53c8192a7e2d12c566c83ac35ee265bd5bafb2b3208af0cc938e8306a45b50ccd17ee5e59fbfcf30c09185c2d84db35e05190a3251c097c288d5bfd800f2fc5e60aaaaa7bb297e39e40dfc35da14b1ffa060ed3f02722f35e345e7ad453e6758b5ec8ef2ebd3a57413a1ea68df9684dc4dda5bdeaf81ec602fee0057dfa42fe9bcd7f571e906b31c4044c07070a0cdfab85594b18c54691b269a23e39fcbcb48eb4aab9b7950f145d87c750a5bd301ef6c1816aee61ac31b"}, @NL80211_ATTR_ACL_POLICY={0x8, 0xa5, 0x8}, @NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST={0x6, 0xf7, {0xe, 0x9}}, @NL80211_ATTR_WIPHY_TX_POWER_LEVEL={0x8, 0x62, 0x7}]}, 0x668}, 0x1, 0x0, 0x0, 0x48010}, 0x20000800) (async) socket(0xa, 0x5, 0x0) (async) getsockopt$auto(0xffffffffffffffff, 0x6, 0x7, 0x0, &(0x7f00000001c0)=0x7140) (async) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) socket(0x1e, 0x1, 0x0) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event0\x00', 0x2000, 0x0) (async) fcntl$auto_F_ADD_SEALS(r1, 0x409, 0x4ce1) select$auto(0x11, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd5, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) (async) r2 = socket(0x2b, 0x1, 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r3, 0xc0045002, 0x0) (async) ioctl$auto_SNDCTL_DSP_STEREO(r3, 0xc0045003, 0x0) (async) write$auto(0x3, 0x0, 0x704) (async) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) (async) getsockopt$auto(r2, 0x40000000029, 0x1, 0xfffffffffffffffe, 0x0) (async) getdents64$auto(0x2, 0xfffffffffffffffe, 0x1) (async) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x20000, 0x0) 2m2.676269755s ago: executing program 0 (id=275): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x9, 0x8, 0x1000000eb1, 0xffffffffffffffff, 0x8000) io_uring_setup$auto(0x6, 0x0) select$auto(0x3, 0x0, &(0x7f0000000100)={[0x8, 0xb, 0x0, 0x9, 0xfffffffffffffffc, 0x83, 0x6, 0x2, 0x9, 0xffff, 0x4000000000000002, 0xd, 0x3, 0xfffffffffffffffe, 0x7, 0x1000000006]}, 0x0, 0x0) syslog$auto(0x2, &(0x7f0000000000)='-#:\x00[\xda\xe2\xc3L\xd30{Q\xecvP\x93\x87\x1e\xdd\x95\x1b\x19qI\vv\xacO*X0V\x93\x85\xff\xb2\xdd\xd8\xd5Kh\xfa\xa3\xc7\x9b}\xec\x1e\xdc\x80\x1fR\xc30\x9a\xae\\\'\x14\x98\x98\xc3iDv\x97\xdfTMt\xe5?\xd0\xcc\xb8\xfa\a\x7f\x7f\x00\x00\x00\x00\x00\x00\x00n_\xb1\x1c\x7f\xb0y\xec\xe2\xcc\x1a/\xfa{d\xe4BN\x9c\xb9\x87.\xfe\xe7&1j\xe6]\xc3\x9anE6\x81\xe4\xec\xfa\xefE\xf7\x17h\xf4pumR\xd55Dd(\x0f(b\x1aD\xf4\x03\xc3\\\xdf\x8f\xa8\x82\xab\x102\xd1\xaf\xcaT\x86\x171\x11Q4\x94\x9d\xf5\x9c\xe3\xaa\xf3\xd26i\xf9\xb2\xd9T\xc9\xfd\xba\x91^\x19\x95\xde\xbc \xa8\x98\xc3\xed\xe9,{\xd4\xa1\xe4p\xcf\b\f\xb4\xbe_\xf2\xbe\xef\v\xf1d\xdd\x0e\xfc\xc3\xeaqt\x94\xe7\xce\xf1\xc5\x94~\xf6Cx\x0e\x98\xc7gE>*\x9c%\xa0\\\x14\t\tv.\x1c\x1a\xf1\xba\xc0>\xf4Hc\xc3\xfa\x033\x8f\xb9(\n/\xcdo\xc2', 0xcf) close_range$auto(0x2, 0x8, 0x0) r0 = clone$auto(0x1002, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x9) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x3, 0x66) madvise$auto(0x0, 0x2003f0, 0x15) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x6, 0x4, 0xfffffff7) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000240), 0x40, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mlock$auto(0x1000, 0x6) mlockall$auto(0x800000000000005) r2 = mq_open$auto(&(0x7f00000000c0)='\x12\xe6D\b\x9e\x00\x80\x8d\f\xb9w-\xbd!\x9eb\xed\xfb\x0f\xe5\x9dZ\xc2\xd1\x01wBV\x91\x8f_\xc0.\x84\xfe\x84\xd1se\x01\x06\x00\xb3\x13_Y&\xa9\x88\xe4\xa2\xb0V\x85\x92<\xb6\xdcT \\\xf2\v\xb1\xe2\xd8\xfa\xd8V\xe5\x00\xfa\xe9!\xc5<\xce\x18=\x06\xdagq\xb5\r\t\xb2\xde\x99\xd50\xbb\x192\x1c4\x86\xc0\xc1-\xd5\x10\xc3\xfc*[8\x89h\xc5\xba\xff\xc8u50x0}) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop1\x00', 0x80600, 0x0) ioctl$auto_BLKIOMIN(r3, 0x1278, 0x0) (async) sendmsg$auto_ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000080)={&(0x7f00000000c0)={0x28, r1, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@ETHTOOL_A_COALESCE_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}]}, @ETHTOOL_A_COALESCE_TX_MAX_FRAMES={0x8, 0x7, 0x200}]}, 0x28}, 0x1, 0x0, 0x0, 0x44805}, 0x20004000) 1m58.383777111s ago: executing program 0 (id=293): unshare$auto(0x40000080) (async) mmap$auto(0x0, 0x8000000003, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) (async) r0 = socket(0xa, 0x1, 0x100) (async) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/net/bond0/bonding/primary_reselect\x00', 0x1e2142, 0x0) (async) r2 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0) (async) select$auto(0x800, 0x0, 0x0, &(0x7f0000000580)={[0xe83, 0x8, 0xfffffffffffffc01, 0x0, 0xfff9, 0x9, 0x14, 0x7fffffff, 0x8, 0x3fe, 0x4, 0x3, 0x5, 0x2, 0x5]}, 0x0) r3 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/self/net/dev_snmp6/veth0_macvtap\x00', 0x8000, 0x0) read$auto(r3, &(0x7f0000000000)='/proc/driver/rtc\x00', 0x6) (async) sendmmsg$auto(r2, &(0x7f00000003c0)={{0x0, 0x8f, 0x0, 0x5, &(0x7f0000000380), 0x100, 0x8}, 0x1a}, 0x3, 0x6) write$auto(r2, &(0x7f0000000200)='/de\xef\xe7audio1\x00', 0xa3d9) (async) sendfile$auto(r1, r1, 0x0, 0x7fff) unshare$auto(0xa4) (async) setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b) (async) r4 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x20b42, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r4, 0xc0045002, 0x0) (async) r5 = socket(0x0, 0x3, 0x3c) (async) unshare$auto(0x40000080) r6 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0) (async) r7 = syz_genetlink_get_family_id$auto_nlctrl(0x0, 0xffffffffffffffff) sendmsg$auto_CTRL_CMD_GETPOLICY(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB='q\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="4cb245184f86db27df250a000a"], 0xf8}}, 0x10004010) sendmsg$auto_CTRL_CMD_GETPOLICY(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x64f4040a6ccda016}, 0xc, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fffffffd", @ANYRES16=r7, @ANYBLOB="00012cbd7000fcdbdf250a00000005000200000000000600010061c5000008000a000c000000060001005d00000008000a001803000006000100b438000008000a000100010008000a000200000008000a0006000000"], 0x5c}, 0x1, 0x0, 0x0, 0x220088c0}, 0x40) (async) close_range$auto(0x2, 0x8, 0x0) (async) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0xda) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x2008000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) (async) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async) madvise$auto(0x0, 0xffffffffffff0005, 0x19) (async) mlockall$auto(0x7) (async) ioctl$auto_SNDCTL_SEQ_GETINCOUNT(r6, 0x80045105, &(0x7f0000000300)="48c9c499a9a55fc2a836723fb70537445460c9f0892a287c9eb350e6b7502695a40747d57c6d503a9321dfb65dfcdd31e011f135fea8b10f802afe673cf64aa66c9f61a38fcb31374ce2e32ab0609681ba696929e2d96bb3682b03969701b37156ff8b4721ea5f896578a106c1f2650052e1d1590d649f180185beeb9d020a557604128a5fd3fffe") 1m43.122740839s ago: executing program 32 (id=293): unshare$auto(0x40000080) (async) mmap$auto(0x0, 0x8000000003, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) (async) r0 = socket(0xa, 0x1, 0x100) (async) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/net/bond0/bonding/primary_reselect\x00', 0x1e2142, 0x0) (async) r2 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0) (async) select$auto(0x800, 0x0, 0x0, &(0x7f0000000580)={[0xe83, 0x8, 0xfffffffffffffc01, 0x0, 0xfff9, 0x9, 0x14, 0x7fffffff, 0x8, 0x3fe, 0x4, 0x3, 0x5, 0x2, 0x5]}, 0x0) r3 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/self/net/dev_snmp6/veth0_macvtap\x00', 0x8000, 0x0) read$auto(r3, &(0x7f0000000000)='/proc/driver/rtc\x00', 0x6) (async) sendmmsg$auto(r2, &(0x7f00000003c0)={{0x0, 0x8f, 0x0, 0x5, &(0x7f0000000380), 0x100, 0x8}, 0x1a}, 0x3, 0x6) write$auto(r2, &(0x7f0000000200)='/de\xef\xe7audio1\x00', 0xa3d9) (async) sendfile$auto(r1, r1, 0x0, 0x7fff) unshare$auto(0xa4) (async) setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b) (async) r4 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x20b42, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r4, 0xc0045002, 0x0) (async) r5 = socket(0x0, 0x3, 0x3c) (async) unshare$auto(0x40000080) r6 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0) (async) r7 = syz_genetlink_get_family_id$auto_nlctrl(0x0, 0xffffffffffffffff) sendmsg$auto_CTRL_CMD_GETPOLICY(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB='q\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="4cb245184f86db27df250a000a"], 0xf8}}, 0x10004010) sendmsg$auto_CTRL_CMD_GETPOLICY(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x64f4040a6ccda016}, 0xc, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="fffffffd", @ANYRES16=r7, @ANYBLOB="00012cbd7000fcdbdf250a00000005000200000000000600010061c5000008000a000c000000060001005d00000008000a001803000006000100b438000008000a000100010008000a000200000008000a0006000000"], 0x5c}, 0x1, 0x0, 0x0, 0x220088c0}, 0x40) (async) close_range$auto(0x2, 0x8, 0x0) (async) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0xda) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x2008000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) (async) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async) madvise$auto(0x0, 0xffffffffffff0005, 0x19) (async) mlockall$auto(0x7) (async) ioctl$auto_SNDCTL_SEQ_GETINCOUNT(r6, 0x80045105, &(0x7f0000000300)="48c9c499a9a55fc2a836723fb70537445460c9f0892a287c9eb350e6b7502695a40747d57c6d503a9321dfb65dfcdd31e011f135fea8b10f802afe673cf64aa66c9f61a38fcb31374ce2e32ab0609681ba696929e2d96bb3682b03969701b37156ff8b4721ea5f896578a106c1f2650052e1d1590d649f180185beeb9d020a557604128a5fd3fffe") 9.246706418s ago: executing program 1 (id=539): unshare$auto(0x40000080) close_range$auto(0x2, 0xfffffffffffff000, 0x2) r0 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aab4) flock$auto(r0, 0x1) r1 = open(&(0x7f0000000040)='./file0\x00', 0x4242, 0x40) flock$auto(r1, 0x2) r2 = openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/psaux\x00', 0x2, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/scsi/device_info\x00', 0x48041, 0x0) write$auto_proc_reg_file_ops_compat_inode(r3, &(0x7f00000000c0)="22edd92f26639ec0023a8686bd579dcf16f50e9bfa20abfa3a30", 0x1a) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x200007, 0x19) write$auto_mousedev_fops_mousedev(r2, 0x0, 0x0) 7.752152361s ago: executing program 1 (id=544): open_by_handle_at$auto(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x1b}, 0x403) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000100)='/dev/binderfs/binder0\x00', 0x800, 0x0) socket(0xa, 0x1, 0x100) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) socket(0x1e, 0x1, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D2\x00', 0x101, 0x0) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x42, 0x0) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/oss\x00', 0x88400, 0x0) read$auto_proc_reg_file_ops_compat_inode(r2, &(0x7f0000000180)=""/210, 0xd2) socket(0x2c, 0x3, 0x9) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event2\x00', 0xe00, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x2, 0xc, 0x3, 0x15f4da0a, 0x3, 0x3, 0x63, 0x80000001, 0x7, 0xffffffffffffffff, 0x9, 0x2000000001, 0xfffffffffffffffe]}, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x3, 0xd, 0x1, 0x948b, 0x1, 0x15f4da0a, 0x1, 0xffffffffd09d8d67, 0x62, 0x80000023, 0x7, 0x6d3e, 0x9, 0x2, 0x2]}, 0x0) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_BLKBSZSET(0xffffffffffffffff, 0x40081271, &(0x7f0000000100)=0x10000) unshare$auto(0x40000080) socket(0xa, 0x1, 0x100) setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b) r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x20b42, 0x0) r4 = bpf$auto_BPF_ENABLE_STATS(0x20, &(0x7f0000000340)=@bpf_attr_11={0xe12, 0x4, 0x30, 0x3ff, 0x4003, 0x0, 0x400, r1}, 0x71a1) read$auto_stat_fops_per_vm_kvm_main(r4, &(0x7f0000000400)=""/178, 0xb2) ioctl$auto_SNDCTL_DSP_SPEED(r3, 0xc0045002, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, 0x0) syz_clone(0x82247080, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x6, 0x4, 0x0, 0x40eb5, 0x401, 0xb7) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) mmap$auto(0x0, 0x2000d, 0x3, 0xeb1, 0x404, 0x8000) 6.89899876s ago: executing program 2 (id=548): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1e, 0x5, 0x3, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) r0 = socket(0x2, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x1, 0x106) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x0) getsockopt$auto(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x88000, 0x0) syz_open_procfs$namespace(0x0, 0x0) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, 0x0, 0x8000) r1 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x0, 0x0) ioctl$auto_MON_IOCX_MFETCH(r1, 0xc0109207, 0x0) ioctl$auto_MON_IOCX_MFETCH(r1, 0xc0109207, &(0x7f0000000100)={0x0, 0x40001, 0x1}) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x20000, 0x0) ioctl$auto_SG_SET_KEEP_ORPHAN(0xffffffffffffffff, 0x2287, &(0x7f0000000380)) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) sysfs$auto(0xfffffffe, 0x60000, 0x0) keyctl$auto(0x1d, 0xffffffffffffffff, 0x5, 0xffffffffffffffff, 0x8) setsockopt$auto_SO_LINGER(r1, 0x8000, 0xd, &(0x7f0000000000)='-+\x00', 0x5) r2 = socket(0x2, 0x1, 0x0) sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) sendmmsg$auto(r0, 0x0, 0x5, 0x20000000) close_range$auto(0x2, 0x8, 0x0) 6.295525174s ago: executing program 1 (id=549): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio1\x00', 0x20b42, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/graphics/fbcon/cursor_blink\x00', 0x0, 0x0) r0 = open(0x0, 0x149443, 0x14) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) write$auto(0x3, 0x0, 0x100082) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_iommufd_fops_main(0xffffffffffffff9c, &(0x7f0000000400), 0x80001, 0x0) lsm_list_modules$auto(0x0, &(0x7f0000000100)=0xbefc, 0x0) ioctl$auto(r1, 0x3b84, 0x38) io_uring_setup$auto(0x6, 0x0) migrate_pages$auto(0x0, 0x8, 0x0, &(0x7f00000001c0)=0x7b) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80502, 0x0) ioctl$auto_SNDCTL_DSP_CHANNELS(r2, 0xc0045006, &(0x7f00000001c0)) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) 5.959620056s ago: executing program 3 (id=550): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) r0 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) ioctl$auto(0x4000000000000c8, 0x800454cf, 0x3) r1 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x109001, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r1, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, 0x6) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) fstatfs$auto(0x3, 0x0) ioctl$auto_IOCTL_VMCI_DATAGRAM_SEND(r1, 0x7ab, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_wireguard(&(0x7f0000000080), r2) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f00000001c0), r2) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x14, r5, 0x1, 0x70bd25, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x41}, 0x4004040) sendmsg$auto_WG_CMD_GET_DEVICE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x14, r3, 0x703, 0x70bd27, 0x25dfd9fc}, 0x14}, 0x1, 0x0, 0x0, 0x880}, 0x4) ioctl$auto_VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000000)=0x200000000) read$auto(r0, 0x0, 0x3ff) close_range$auto(0x2, r0, 0x0) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/mouse0\x00', 0x181502, 0x0) prctl$auto(0x25, 0x2, 0x7fffffffefff, 0x8, 0x800000000000) fcntl$auto(0x3, 0x4, 0xa553) syz_genetlink_get_family_id$auto_ovs_flow(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x4000000401, 0x8000) socket(0x2, 0x80002, 0x73) 5.811987178s ago: executing program 2 (id=551): mmap$auto(0x0, 0x400008, 0x7fff, 0x9b72, 0x0, 0x100000000008000) r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/001/001\x00', 0x29202, 0x0) mmap$auto(0x2000, 0x80009, 0xb, 0x8000000008011, r0, 0x0) mremap$auto(0x4000, 0xfee0, 0x3fd6, 0x3, 0x18000) sendmsg$auto_SMC_PNETID_GET(0xffffffffffffffff, &(0x7f0000002c40)={0x0, 0x0, &(0x7f0000002c00)={&(0x7f0000002bc0)={0x14, 0x0, 0x1, 0x70bd27, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x20044000}, 0x8040) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) epoll_ctl$auto(0xffffffffffffffff, 0x4, r0, &(0x7f0000000040)={0x9, 0x83}) 5.277593905s ago: executing program 2 (id=552): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x20202, 0x0) openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000240), 0x8a002, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_fops_u64_ro_(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/zswap/written_back_pages\x00', 0x20000, 0x0) socket(0x2b, 0x1, 0x1) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) socket(0xa, 0x2, 0x88) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x1a1842, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x8f3b7a51b8162d21, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x181482, 0x0) socketpair$auto(0xffff7fff, 0x4, 0x80000001, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) ioctl$auto_TIOCSTI2(r0, 0x5412, 0x0) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x40242, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0) read$auto(r2, 0x0, 0x20) writev$auto(r1, &(0x7f0000000200)={0x0, 0x10}, 0x3) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/security/tomoyo/manager\x00', 0x40040, 0x0) 5.074488836s ago: executing program 3 (id=553): io_uring_setup$auto(0x4bf15e08, &(0x7f0000000000)={0x401, 0x8, 0xfe, 0x6fb3, 0x8a, 0x9, 0xffffffffffffffff, [0x100, 0x9, 0x7f], {0x2, 0x7, 0x3032, 0xe, 0xf, 0x5, 0x5, 0xfffffff9, 0xf08a2b3}, {0x0, 0xfc, 0x6, 0x0, 0x0, 0xf89, 0xd5, 0x837, 0x8}}) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0x0) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000326bd7000fedbdf250200000800130001"], 0x24}, 0x1, 0x0, 0x0, 0x4c894}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="180027"], 0x1ac}}, 0x40000) socket(0xa, 0x5, 0x0) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) clone$auto(0x10051c, 0x6, 0x0, 0xffffffffffffffff, 0x80000001) setsockopt$auto(0x3, 0x10000000084, 0xd, 0x0, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 5.008014255s ago: executing program 1 (id=554): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/pcm0p/oss\x00', 0xaa102, 0x0) write$auto(r0, 0x0, 0x7ef) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82040, 0x0) socket(0xa, 0x1, 0x100) ioperm$auto(0x8, 0x9, 0xfffffffc) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) socket(0x2, 0x6, 0x240000) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x12, 0x0, 0x0, &(0x7f0000000240)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x400000000000948f, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x3, 0x1, 0x9, 0x1]}, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x800001e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x51) setsockopt$auto(0x3, 0x10000000084, 0x1e, 0x0, 0x8) setsockopt$auto(0x3, 0x10000000084, 0x1e, 0x0, 0x8) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x4, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/kernel/kexec_load_disabled\x00', 0x202, 0x0) mmap$auto(0xc, 0x20009, 0x5, 0xeb1, 0x405, 0x8000) unshare$auto(0x40000080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) keyctl$auto(0xb, 0xfffffffd, 0x0, 0x0, 0x9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0004, 0x19) madvise$auto(0x0, 0x200007, 0x19) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x50b41, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) 4.406311149s ago: executing program 3 (id=556): symlink$auto(0x0, &(0x7f00000010c0)='./file0\x00') sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={0x0, 0x2c}, 0x1, 0x0, 0x0, 0x4040001}, 0x20008810) madvise$auto(0x0, 0xffffffffffff0001, 0x15) munmap$auto(0x2, 0x1a525c0f) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0xd4, 0x1, 0x6, 0x0, 0x1, 0x2, 0x2, {0x100000000, 0x10000}, 0x5, 0x6, 0xfffffffffffffffd, 0x1008000, 0x0, 0x80000004, 0x81, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x2000804}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x42, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/admmidi2\x00', 0x1, 0x0) madvise$auto(0x5, 0x1, 0x7fa4) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0xb03840, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/block/nbd3/queue/zoned\x00', 0x4000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f00000003c0)=""/20, 0x14) sendfile$auto(r1, 0xffffffffffffffff, 0x0, 0x1) madvise$auto(0x0, 0xffffffffffff0003, 0x19) mmap$auto(0x0, 0x20009, 0x725, 0xeb2, 0x8, 0x1008000) r3 = socket(0x10, 0x2, 0x4) sendmsg$auto_NFSD_CMD_THREADS_SET(r3, 0x0, 0x24008014) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x5, 0x2000000000002) r4 = socket(0x26, 0x80805, 0x0) socket(0xa, 0x3, 0xff) mmap$auto(0x0, 0x20004, 0x1ff, 0x12, r4, 0x8000) io_uring_setup$auto(0x52, 0x0) setsockopt$auto(0x3, 0x1, 0x41, 0x0, 0x88) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa}, 0x55) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) socket(0x18, 0xa, 0x1) close_range$auto(0x2, r0, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='x\f\x00L', @ANYRES16=0x0, @ANYBLOB="000026bd7000fedbdf250300000006000600810000000600070000800000060006000e0000000a00050000000000000000000a00010000000000000000000a000500aaaaaaaaaa400000080003003f00000008000200", @ANYRES32=0x0, @ANYBLOB="080004008000"], 0x68}, 0x1, 0x0, 0x0, 0x20040084}, 0x44098) socket(0x5, 0xc00, 0x9) 4.338012064s ago: executing program 2 (id=557): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = memfd_create$auto(0x0, 0x9) r1 = socket(0x10, 0x2, 0x6) r2 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL802154_CMD_SET_MAX_CSMA_BACKOFFS(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x30, r2, 0x1, 0x70bd28, 0x25dfdbfc, {}, [@NL802154_ATTR_COORDINATOR={0x1c, 0x1e, 0x0, 0x1, [@nested={0x18, 0x122, 0x0, 0x1, [@nested={0x8, 0x46, 0x0, 0x1, [@nested={0x4, 0xf7}]}, @nested={0xa, 0x10, 0x0, 0x1, [@generic='\x00\x00\x00*O{']}]}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x20008000}, 0x8044) sendmsg$auto_NL802154_CMD_SET_MAX_FRAME_RETRIES(r0, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000300)={&(0x7f00000000c0)={0x240, r2, 0x204, 0x70bd27, 0x25dfdbfb, {}, [@NL802154_ATTR_PEER={0x22a, 0x28, 0x0, 0x1, [@generic="447f25cf3a01100363025bd24b8716fec469893c99d121116034a520a3a5019ea5be286ccff3d8e9a72535480a4176b4808e4c417f97c4ebaa6e6300366b7f792b349861cff0406bbf2d8b3f8b41c4495a946491927d5328cb5ae353595c0236a2a7b8c4e6d204980543200d142e05314e27232d1c39ac60015c7bb8ec445ac8017c542b56cbe393752657aa4eb2aa0a218deabee98b5dfb77fbdd924fd62bdc3150c1a760945bc60acc48a00bb700ec304b165ef678c0528a665466a1c6f1c6689cea0a7081c69a7a1ef435874bbe05", @nested={0x1c, 0x6d, 0x0, 0x1, [@nested={0x4, 0x119}, @typed={0x14, 0xeb, 0x0, 0x0, @ipv6=@empty}]}, @generic="2cd9f2b58712e8e79400221d33ddf0c3d09f73c32246f11faba742aa27b1b1f41c1c72e9e4d7e534cb5b3fadfd927f30970dbd78e5355e9be6f26cabd233a813a6acee6d34e2d7a47c7d26b1accaa650b886d44f9279928042848f6211238067590e2ffd46132619447be597b6268a98c6871e3e32af3a65dd7b74cb65bba8e2499b1467c630d3f2209efaa6781410ba83d58f11d2d9ffef13658f8b42a1b1276e", @generic="8a6119baf00bf1ff07155398e81f861d299194c588cc1d921ad528f24b9691554919b657c5be244f552a6d45fa46d5956b1f430c9a3e4ad55efa0f96f8a3d6e6d05d48e2c970a5f946292c06471ee84949aed97c810e56d90dba3c63fff31dd8236ed00983aa16b4516f6d7ba0399edff0f5123e45e82ff740883e9fca0a83964ef60ff8bd2b7deeb08a0faa08b036c5c09e397a277c0e2af4"]}]}, 0x240}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) r3 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) ioctl$auto_VHOST_SET_BACKEND_FEATURES2(r3, 0x4008af25, &(0x7f0000000080)=0x9) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mremap$auto(0x4000, 0xb8, 0x13fd4, 0x3, 0xfffff000) io_uring_setup$auto(0x9, &(0x7f0000000080)={0x7fffffff, 0xd, 0xc000, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x9, 0x6, 0x1000000f, 0x29f, 0x100, 0x7f, 0x101, 0x6, 0x10000}, {0x5, 0x1, 0x21bb800, 0x5, 0x6f, 0x2, 0x1, 0x8, 0x100002000}}) 4.238499567s ago: executing program 4 (id=558): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80082, 0x0) ioctl$auto_PPPIOCSMRU(r0, 0xc004743e, 0x0) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/net/rxrpc/peers\x00', 0x1014a0, 0x0) read$auto_proc_reg_file_ops_compat_inode(r1, &(0x7f0000000000)=""/223, 0xdf) io_uring_setup$auto(0x6, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da07, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) syz_genetlink_get_family_id$auto_nl802154(0x0, r3) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f00000000c0)=""/17, 0x11) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x82002, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/module/libceph/parameters/supported_features\x00', 0x40000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f0000000180)=""/4096, 0x1000) 3.111578514s ago: executing program 3 (id=559): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = fanotify_init$auto(0x5, 0x0) fanotify_mark$auto(r1, 0x209, 0xa, r1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r2 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sg0\x00', 0x0, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) epoll_create$auto(0x2) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r3, 0x0, 0x20) read$auto_tap_fops_tap(0xffffffffffffffff, 0x0, 0x0) r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/fail-nth\x00', 0x200000, 0x0) writev$auto(r4, &(0x7f0000000200)={0x0, 0x7}, 0x3) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f00000000c0), 0xffffffffffffffff) socket(0x2a, 0x2, 0x0) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001480), 0xffffffffffffffff) r5 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x20b42, 0x0) ioctl$auto_SOUND_MIXER_READ_RECSRC2(r5, 0x80044dff, &(0x7f0000000140)) ioctl$auto_SG_SET_TIMEOUT2(r2, 0x2201, &(0x7f0000002680)) 2.92024178s ago: executing program 4 (id=560): prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0x2) syz_genetlink_get_family_id$auto_macsec(0x0, 0xffffffffffffffff) socket(0x3, 0x800, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000300)='/dev/admmidi2\x00', 0x640400, 0x0) prctl$auto(0xa, 0x20008001, 0x0, 0x6, 0x1a0b) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd7, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x100000000, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/sg0\x00', 0x476e03, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0xa, 0x3, 0x3a) setsockopt$auto(0x400000000000003, 0x29, 0xca, 0x0, 0x4) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x400, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/037/001\x00', 0x630001, 0x0) openat$auto_ftrace_set_event_notrace_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/tracing/set_event_notrace_pid\x00', 0x100242, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000004400)='/dev/dsp1\x00', 0x1, 0x0) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) r2 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sequencer2\x00', 0x41, 0x0) ioctl$auto_SNDCTL_SYNTH_MEMAVL(r2, 0xc004510e, &(0x7f00000001c0)="1f3501a0d1db71f9ca36be5d5d7102aea8b28090b2a05997ff0f8892765df861f53a32efff80546ae63df1417248f873fe326706e7afec04acacec12be67f56d9faa2394d34047accb359c95b0c494ea4f5b6a4708e755c31521d1433a954028aacdc42a08e480697fc88dfcecdde84b7fbc51e180e24fcf32b8638a555838df0246faf49628113533bef4de6e846c3389cc250f88f79f09") setsockopt$auto(0xffffffffffffffff, 0x104000000000010e, 0x4, 0x0, 0x16) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)=ANY=[@ANYRESDEC=r1, @ANYRES64=0x0, @ANYBLOB="01002d0000000006000200000000000500070010000000080009000101000008000a000200000014001f000000000000000000000000000000000114002000fc00"/79], 0x5c}, 0x1, 0x0, 0x0, 0x42000}, 0xfdf31875370e1716) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/bond0/bonding/arp_interval\x00', 0x20b42, 0x0) sendfile$auto(r3, r3, 0x0, 0x4f64a1d2) socket(0x2, 0x1, 0x106) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2000b, 0x0, 0xeb1, 0x401, 0x800000008000) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/event2\x00', 0x0, 0x0) 2.739349445s ago: executing program 2 (id=561): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) r0 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) ioctl$auto(0x4000000000000c8, 0x800454cf, 0x3) r1 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x109001, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r1, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, 0x6) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) fstatfs$auto(0x3, 0x0) ioctl$auto_IOCTL_VMCI_DATAGRAM_SEND(r1, 0x7ab, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_wireguard(&(0x7f0000000080), r2) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f00000001c0), r2) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x14, r5, 0x1, 0x70bd25, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x41}, 0x4004040) sendmsg$auto_WG_CMD_GET_DEVICE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x14, r3, 0x703, 0x70bd27, 0x25dfd9fc}, 0x14}, 0x1, 0x0, 0x0, 0x880}, 0x4) ioctl$auto_VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000000)=0x200000000) read$auto(r0, 0x0, 0x3ff) close_range$auto(0x2, r0, 0x0) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/mouse0\x00', 0x181502, 0x0) prctl$auto(0x25, 0x2, 0x7fffffffefff, 0x8, 0x800000000000) fcntl$auto(0x3, 0x4, 0xa553) syz_genetlink_get_family_id$auto_ovs_flow(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x4000000401, 0x8000) 2.24903958s ago: executing program 4 (id=562): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) r0 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x640, 0x0) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x401, 0xfffffffffffffffd, 0xd4, 0x4, 0x28c, 0x0, 0x3, 0x368e, 0x9, {0xfffffffe, 0x10000}, 0x5, 0x6, 0xfffffbfffff7fffd, 0x1007ffd, 0x0, 0xfe, 0x81, 0xffffffffffff628e, 0x4000a747, 0xdeb1, 0x804}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) openat$auto_proc_pid_attr_operations_base(0xffffffffffffff9c, 0x0, 0x8002, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/acpi/wakeup\x00', 0x48041, 0x0) write$auto(r2, 0x0, 0x0) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/psaux\x00', 0x2, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) getdents$auto(r3, 0x0, 0x4) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0xffffffffffffffff, 0x3, 0x62, 0x80000001, 0x4, 0x1ba, 0x9, 0x2, 0x80000000]}, 0x0) ioctl$auto_MON_IOCG_STATS(r0, 0x80089203, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@batch={0x9, 0x5, 0x9, 0x8, 0x9, 0xffffffffffffffff, 0x2, 0xfffffffffffffc00}, 0x60) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(0xffffffffffffffff, 0xc05c6104, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0xa901, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC2\x00', 0x181800, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_TLV_COMMAND(r5, 0xc008551c, &(0x7f0000000040)={0x4, 0x7fffffff}) bind$auto(r4, &(0x7f0000000040)=@nl=@unspec, 0x10) fcntl$auto(0x3, 0x8, 0x9ebfffffffffffff) close_range$auto(0x2, 0x8, 0x0) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/pm_trace_dev_match\x00', 0x20080, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r6, &(0x7f0000000280)=""/175, 0xaf) 1.266949834s ago: executing program 1 (id=563): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) r0 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) ioctl$auto(0x4000000000000c8, 0x800454cf, 0x3) r1 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x109001, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r1, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, 0x6) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) fstatfs$auto(0x3, 0x0) ioctl$auto_IOCTL_VMCI_DATAGRAM_SEND(r1, 0x7ab, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_wireguard(&(0x7f0000000080), r2) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f00000001c0), r2) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x14, r5, 0x1, 0x70bd25, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x41}, 0x4004040) sendmsg$auto_WG_CMD_GET_DEVICE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x14, r3, 0x703, 0x70bd27, 0x25dfd9fc}, 0x14}, 0x1, 0x0, 0x0, 0x880}, 0x4) ioctl$auto_VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000000)=0x200000000) read$auto(r0, 0x0, 0x3ff) close_range$auto(0x2, r0, 0x0) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/mouse0\x00', 0x181502, 0x0) prctl$auto(0x25, 0x2, 0x7fffffffefff, 0x8, 0x800000000000) fcntl$auto(0x3, 0x4, 0xa553) syz_genetlink_get_family_id$auto_ovs_flow(0x0, 0xffffffffffffffff) socket(0x2, 0x80002, 0x73) 1.214643603s ago: executing program 2 (id=564): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x9, 0x8, 0x1000000eb1, 0xffffffffffffffff, 0x8000) io_uring_setup$auto(0x6, 0x0) select$auto(0x3, 0x0, &(0x7f0000000100)={[0x8, 0xb, 0x0, 0x9, 0xfffffffffffffffc, 0x83, 0x6, 0x2, 0x9, 0xffff, 0x4000000000000002, 0xd, 0x3, 0xfffffffffffffffe, 0x7, 0x1000000006]}, 0x0, 0x0) syslog$auto(0x2, &(0x7f0000000000)='-#:\x00[\xda\xe2\xc3L\xd30{Q\xecvP\x93\x87\x1e\xdd\x95\x1b\x19qI\vv\xacO*X0V\x93\x85\xff\xb2\xdd\xd8\xd5Kh\xfa\xa3\xc7\x9b}\xec\x1e\xdc\x80\x1fR\xc30\x9a\xae\\\'\x14\x98\x98\xc3iDv\x97\xdfTMt\xe5?\xd0\xcc\xb8\xfa\a\x7f\x7f\x00\x00\x00\x00\x00\x00\x00n_\xb1\x1c\x7f\xb0y\xec\xe2\xcc\x1a/\xfa{d\xe4BN\x9c\xb9\x87.\xfe\xe7&1j\xe6]\xc3\x9anE6\x81\xe4\xec\xfa\xefE\xf7\x17h\xf4pumR\xd55Dd(\x0f(b\x1aD\xf4\x03\xc3\\\xdf\x8f\xa8\x82\xab\x102\xd1\xaf\xcaT\x86\x171\x11Q4\x94\x9d\xf5\x9c\xe3\xaa\xf3\xd26i\xf9\xb2\xd9T\xc9\xfd\xba\x91^\x19\x95\xde\xbc \xa8\x98\xc3\xed\xe9,{\xd4\xa1\xe4p\xcf\b\f\xb4\xbe_\xf2\xbe\xef\v\xf1d\xdd\x0e\xfc\xc3\xeaqt\x94\xe7\xce\xf1\xc5\x94~\xf6Cx\x0e\x98\xc7gE>*\x9c%\xa0\\\x14\t\tv.\x1c\x1a\xf1\xba\xc0>\xf4Hc\xc3\xfa\x033\x8f\xb9(\n/\xcdo\xc2', 0xcf) close_range$auto(0x2, 0x8, 0x0) r0 = clone$auto(0x1002, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x9) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x3, 0x66) madvise$auto(0x0, 0x2003f0, 0x15) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x6, 0x4, 0xfffffff7) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000240), 0x40, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) mlock$auto(0x1000, 0x6) mlockall$auto(0x800000000000005) r2 = mq_open$auto(&(0x7f00000000c0)='\x12\xe6D\b\x9e\x00\x80\x8d\f\xb9w-\xbd!\x9eb\xed\xfb\x0f\xe5\x9dZ\xc2\xd1\x01wBV\x91\x8f_\xc0.\x84\xfe\x84\xd1se\x01\x06\x00\xb3\x13_Y&\xa9\x88\xe4\xa2\xb0V\x85\x92<\xb6\xdcT \\\xf2\v\xb1\xe2\xd8\xfa\xd8V\xe5\x00\xfa\xe9!\xc5<\xce\x18=\x06\xdagq\xb5\r\t\xb2\xde\x99\xd50\xbb\x192\x1c4\x86\xc0\xc1-\xd5\x10\xc3\xfc*[8\x89h\xc5\xba\xff\xc8u5f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) (async) ioctl$auto_SNDRV_RAWMIDI_IOCTL_INFO(r3, 0x810c5701, &(0x7f0000000480)={0x3, 0x1, 0x200, 0x10000, 0x2, "748987108c83c529e6e0e17d26156a70e2ae0200fe62d001c338115fef2fbd8b976aa4fbce454ad4063328e150b0abc105c79352189449ed57bb590643e87a9b", "c35d68b707f12e350124ce3c56384271520fe78cbd7cb2f5587ebbe76f0069619790130fd5b9b9cc3d10fce15d823e8e57d245b1bf025ba127790e258cecdc081b38425936a306e206bf69ccdc6b9978", "dee0c06ea301f4ecca5d8d48eca013e7a853234160c3d8d65d185c1bd6f8fbce", 0x1, 0x75a3, 0x200000, "096e8465a808029f90cbf3e37d2bafa231150560322e6642c9d0dd7f29c51d775c494d9b7d6dc7efc90faaed56664139afbbeb0bc6e486d0ae2b0b41"}) (async, rerun: 32) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x5, 0x9, 0xb, 0x3, 0x400000948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0xe, 0x8000001f, 0x7, 0x2, 0xc, 0x2, 0x40006]}, 0x0) (async, rerun: 32) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x8800) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) write$auto_tty_fops_tty_io(r3, &(0x7f0000000180)="d5ce1c3a15f70d861b0d74fbd3c78d3f47140804964080ec8c6cc0b5c2c5332396708e8895724d73fcf49fb6829543b3bb806bf4f1c6349ec3066bba80040d380a31ab5e116f6bf027649b7d3d856877f39b48c28f9aa97912380450", 0x5c) msync$auto(0x4b0b44e4, 0xffffffffffff75a2, 0xffffff01) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0) r4 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x40080, 0x0) write$auto_proc_mem_operations_base(r4, &(0x7f0000001680)="a7", 0x80000) (async) madvise$auto(0x0, 0x20200, 0x15) 180.833903ms ago: executing program 1 (id=568): r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_HWSIM_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000180)={0x94, 0x0, 0x0, 0x70bd27, 0x25dfdbfe, {}, [@HWSIM_ATTR_SIGNAL={0x8, 0x6, 0x2}, @HWSIM_ATTR_TX_INFO_FLAGS={0x39, 0x15, "890743a1d8a2063ecac22003b4bf6386d4b41b00cd5a1cd5a49ed0a66d17cc206d6636b9ddc8aa9c9dded9d3be32f51efe869a9328"}, @HWSIM_ATTR_ADDR_RECEIVER={0x3a, 0x1, "c0d006911cf619d430c6b42dc79ff6b7953087a9a52d4b8d4092092fc8930e78eb9df2ee8f26eb49e445aa5ac04c75ccd383abb225a5"}]}, 0x94}, 0x1, 0x0, 0x0, 0x40047}, 0x40001) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f00000001c0), 0x88e00, 0x0) r1 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000040), r0) sendmsg$auto_IPVS_CMD_SET_SERVICE(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000080)={&(0x7f0000000840)={0x244, r1, 0x329, 0x70bd2c, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x3}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x2}, @IPVS_CMD_ATTR_SERVICE={0x208, 0x1, 0x0, 0x1, [@typed={0x8, 0x6d, 0x0, 0x0, @u32}, @typed={0x8, 0x3, 0x0, 0x0, @uid}, @generic="da607bb295171b5b3b1692910f31c7b5127ce5f6801a846cfe097f1103d4820b2a39b2720f0a05d7fae94765aaa135735529d80dfe7df2a75ad87cb7d06e3808d74c98fe60a94f0b45dd96cc1b1c2fd286f91117b4703f2d80", @nested={0xcd, 0x73, 0x0, 0x1, [@generic="62aabf2871662e9d4c565ebce4218117b529989a7c66a2eaeb4c1c46792e63dc8163a39c6332c1eaed6986759ae0dc20df5b0144469a58a44b5ff9449bba541f23c4e1474b5547b6a4ea953cc747bb984320aa80b45f82b7ca05ec2e6cf40e309371ad297f9e0afa48bb0d19059cf02c094d4195a64046b1e349b184b1c2851a", @nested={0x4, 0x11c}, @typed={0x8, 0xb9, 0x0, 0x0, @pid}, @generic="9cb5bf6fd86a487cf82272a40a326ba371c1600e7446d5389cd25a3bed2c8b276fd3d31e57bbf537b621c9d21d", @typed={0xc, 0x3b, 0x0, 0x0, @u64=0x10}, @nested={0x4, 0xf}]}, @generic="5ab96fb2bc33a8479904c5933a65ae08aff96317b23b220f9b0897c432d9e5ab74421cae2bc1a44071b672207cbe18ca7d518141c76484d6acfc3da864a4a1eed7eca6e7e082da8cf6c0af8e303bea84872d102e8891293ebbd15ec74eb41f1917c8b0d2f20caade536d83fc53686158a9c906bc486f7135a5ac32222730d87d8ffa1938d892a84c1e134296fca187a97b70c72da7edd74c2fab2fb9248db49fcd1e203cb163cc6da44d04d300658d5148a1a0ff78803bc0f4709526f9800475596a9f922ff5f367ac5278"]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x80000001}]}, 0x244}, 0x1, 0x0, 0x0, 0x80}, 0x20008000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) r2 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000010c0)='/sys/devices/virtual/block/loop1/queue/wbt_lat_usec\x00', 0x2062, 0x0) write$auto(r3, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x9) ioctl$auto(r2, 0x400454ca, 0x38) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0x80900, 0x0) openat$auto_ftrace_system_enable_fops_trace_events(0xffffffffffffff9c, 0x0, 0x20a01, 0x0) ioctl$auto_BLKFLSBUF(r4, 0x1261, 0x0) openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vcsa\x00', 0x80, 0x0) mmap$auto(0xb2, 0x14, 0xffb, 0x8000000008015, 0xffffffffffffffff, 0x8001) write$auto(0x3, 0x0, 0xfffffdef) io_uring_setup$auto(0x3501, &(0x7f0000000080)={0x80, 0x1000, 0x8, 0x5, 0x3, 0xfffffff1, 0xffffffffffffffff, [0xbc, 0xffff, 0x40], {0x81, 0x9, 0x0, 0x80000000, 0x3, 0x101, 0xffff, 0x0, 0x6}, {0x7, 0xa, 0xf, 0x7fff, 0x3, 0x0, 0x0, 0xfffffffa, 0xc}}) ioctl$auto_BLKTRACETEARDOWN(r4, 0x1276, 0x0) mmap$auto(0x8000000000002001, 0x20009, 0xdf, 0x15, r5, 0x8000) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x11, 0x0, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r6 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tty48\x00', 0x880, 0x0) ioctl$auto(r6, 0x5609, 0xffffffffffffffff) madvise$auto(0x0, 0x20499d, 0x9) open_tree$auto(0xffffffffffffffff, 0x0, 0x74ee) 146.369621ms ago: executing program 3 (id=569): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x4, 0x2020009, 0x7, 0xeb1, r1, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x1, 0x106) socket(0x2, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) connect$auto(0xffffffffffffffff, &(0x7f0000000000)=@tipc=@id={0x1e, 0x3, 0x2, {0x4e20, 0x1}}, 0x10) unshare$auto(0x188c) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) r2 = socket(0x22, 0x2, 0x2) sendmsg$auto_TIPC_NL_PEER_REMOVE(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x40000}, 0x40) close_range$auto(0x2, 0x8, 0x0) shmget$auto(0x400, 0x200000000008, 0x568c12f2) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_seg6(&(0x7f0000001980), 0xffffffffffffffff) sendmsg$auto_SEG6_CMD_GET_TUNSRC(r3, &(0x7f0000001b80)={0x0, 0x0, &(0x7f0000001b40)={&(0x7f00000019c0)=ANY=[@ANYBLOB="06000000", @ANYRES16=r4, @ANYBLOB="030126bd7000ffdbdf2504000000"], 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x8000) socket(0xf, 0x2, 0x40008) timerfd_create$auto(0x9, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptysd\x00', 0x101802, 0x0) r6 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_TLV_READ(r6, 0xc008551a, &(0x7f0000000000)={0x2, 0x7f}) write$auto_tty_fops_tty_io(r5, &(0x7f0000000580)="7fd0a917413f68", 0x7) ioctl$auto_TIOCVHANGUP2(r5, 0x5437, 0x0) ioctl$auto(0x3, 0x40085400, 0x5) r7 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/timer_list\x00', 0x10b003, 0x0) pread64$auto(r7, &(0x7f0000000000)='/proc/scsi/sg/devices\x00', 0x100000004, 0x100) 0s ago: executing program 4 (id=570): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0xa, 0x3, 0x2f) prlimit64$auto(0xffffffffffffffff, 0x101, 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYBLOB="5e0027b4839f3015398d3b61", @ANYRES32, @ANYRES32=r0], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) r1 = socket(0x10, 0x2, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$auto_SMC_NETLINK_DISABLE_HS_LIMITATION(r2, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000840)={0x14, r3, 0x1, 0x70bd29, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x20000050}, 0x8000) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) kernel console output (not intermixed with test programs): P-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 110.825730][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 111.432545][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 111.987239][ T5979] mmap: syz.2.12 (5979) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 114.099356][ T6022] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 116.959055][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 117.012566][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 117.525254][ T0] NOHZ tick-stop error: local softirq work is pending, handler #2c2!!! [ 117.627685][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 117.818135][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 118.036581][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 118.107797][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 118.651768][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 121.076273][ T6108] netlink: 'syz.2.29': attribute type 10 has an invalid length. [ 121.185697][ T6108] netlink: 330 bytes leftover after parsing attributes in process `syz.2.29'. [ 121.238674][ T6113] process 'syz.3.32' launched './file0' with NULL argv: empty string added [ 121.327441][ T6113] netlink: 28 bytes leftover after parsing attributes in process `syz.3.32'. [ 121.379074][ T6094] syz.0.30 (6094) used greatest stack depth: 18136 bytes left [ 121.659655][ T6113] bond0: (slave bond_slave_1): Releasing backup interface [ 122.206057][ T6117] FAULT_INJECTION: forcing a failure. [ 122.206057][ T6117] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 122.219910][ T6117] CPU: 1 UID: 0 PID: 6117 Comm: syz.2.34 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 122.219947][ T6117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 122.219967][ T6117] Call Trace: [ 122.219980][ T6117] [ 122.219994][ T6117] dump_stack_lvl+0x16c/0x1f0 [ 122.220047][ T6117] should_fail_ex+0x512/0x640 [ 122.220104][ T6117] should_fail_alloc_page+0xe7/0x130 [ 122.220134][ T6117] prepare_alloc_pages+0x3c2/0x610 [ 122.220175][ T6117] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 122.220242][ T6117] ? __pfx_stack_trace_save+0x10/0x10 [ 122.220275][ T6117] ? stack_depot_save_flags+0x28/0xa40 [ 122.220327][ T6117] ? __alloc_frozen_pages_noprof+0x294/0x23f0 [ 122.220377][ T6117] ? kasan_save_stack+0x42/0x60 [ 122.220421][ T6117] ? kasan_save_stack+0x33/0x60 [ 122.220465][ T6117] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 122.220510][ T6117] ? __pmd_alloc+0xbf/0x930 [ 122.220543][ T6117] ? handle_mm_fault+0x589/0xd10 [ 122.220580][ T6117] ? populate_vma_page_range+0x278/0x3a0 [ 122.220615][ T6117] ? __mm_populate+0x1d8/0x380 [ 122.220647][ T6117] ? vm_mmap_pgoff+0x362/0x450 [ 122.220673][ T6117] ? ksys_mmap_pgoff+0x7d/0x5c0 [ 122.220704][ T6117] ? __x64_sys_mmap+0x125/0x190 [ 122.220743][ T6117] ? do_syscall_64+0xcd/0x490 [ 122.220770][ T6117] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.220817][ T6117] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 122.220865][ T6117] ? policy_nodemask+0xea/0x4e0 [ 122.220898][ T6117] alloc_pages_mpol+0x1fb/0x550 [ 122.220930][ T6117] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 122.220956][ T6117] ? css_rstat_updated+0x9d/0xd30 [ 122.220998][ T6117] alloc_pages_noprof+0x131/0x390 [ 122.221029][ T6117] pte_alloc_one+0x1c/0x3a0 [ 122.221078][ T6117] __pte_alloc+0x6d/0x3c0 [ 122.221114][ T6117] ? __pfx___pte_alloc+0x10/0x10 [ 122.221145][ T6117] ? _raw_spin_unlock+0x28/0x50 [ 122.221188][ T6117] ? __pmd_alloc+0x3fb/0x930 [ 122.221227][ T6117] __handle_mm_fault+0x4358/0x5490 [ 122.221280][ T6117] ? __pfx___handle_mm_fault+0x10/0x10 [ 122.221356][ T6117] handle_mm_fault+0x589/0xd10 [ 122.221404][ T6117] __get_user_pages+0x589/0x3b80 [ 122.221451][ T6117] ? __pfx_mt_find+0x10/0x10 [ 122.221484][ T6117] ? __pfx___get_user_pages+0x10/0x10 [ 122.221534][ T6117] populate_vma_page_range+0x278/0x3a0 [ 122.221576][ T6117] ? __pfx_populate_vma_page_range+0x10/0x10 [ 122.221612][ T6117] ? __pfx_find_vma_intersection+0x10/0x10 [ 122.221649][ T6117] ? do_mmap+0x69c/0x1210 [ 122.221687][ T6117] __mm_populate+0x1d8/0x380 [ 122.221726][ T6117] ? __pfx___mm_populate+0x10/0x10 [ 122.221766][ T6117] ? up_write+0x1b2/0x520 [ 122.221816][ T6117] vm_mmap_pgoff+0x362/0x450 [ 122.221852][ T6117] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 122.221893][ T6117] ? __x64_sys_futex+0x1e0/0x4c0 [ 122.221929][ T6117] ? __x64_sys_futex+0x1e9/0x4c0 [ 122.221973][ T6117] ksys_mmap_pgoff+0x7d/0x5c0 [ 122.222006][ T6117] ? xfd_validate_state+0x61/0x180 [ 122.222045][ T6117] ? __pfx_ksys_write+0x10/0x10 [ 122.222101][ T6117] __x64_sys_mmap+0x125/0x190 [ 122.222149][ T6117] do_syscall_64+0xcd/0x490 [ 122.222181][ T6117] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.222212][ T6117] RIP: 0033:0x7fd39a38e929 [ 122.222248][ T6117] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 122.222278][ T6117] RSP: 002b:00007fd39b220038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 122.222312][ T6117] RAX: ffffffffffffffda RBX: 00007fd39a5b5fa0 RCX: 00007fd39a38e929 [ 122.222333][ T6117] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 122.222351][ T6117] RBP: 00007fd39a410b39 R08: 0000000000000002 R09: 0000000000008000 [ 122.222371][ T6117] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 122.222388][ T6117] R13: 0000000000000000 R14: 00007fd39a5b5fa0 R15: 00007fff45be7f38 [ 122.222429][ T6117] [ 122.788475][ T6121] netlink: 12 bytes leftover after parsing attributes in process `syz.3.35'. [ 122.886248][ T6120] HfR: entered promiscuous mode [ 122.972683][ T6121] HfR: left promiscuous mode [ 123.487734][ T138] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.601914][ T138] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.755230][ T138] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.834915][ T5846] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 123.843429][ T5846] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 123.853875][ T5846] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 123.862299][ T5846] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 123.870572][ T5846] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 123.952968][ T138] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.543117][ T138] bridge_slave_1: left allmulticast mode [ 124.557070][ T138] bridge_slave_1: left promiscuous mode [ 124.582577][ T138] bridge0: port 2(bridge_slave_1) entered disabled state [ 124.616303][ T138] bridge_slave_0: left allmulticast mode [ 124.622008][ T138] bridge_slave_0: left promiscuous mode [ 124.637147][ T138] bridge0: port 1(bridge_slave_0) entered disabled state [ 125.635726][ T138] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 125.658073][ T138] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 125.677334][ T138] bond0 (unregistering): Released all slaves [ 125.946846][ T5845] Bluetooth: hci0: command tx timeout [ 126.687505][ T6182] FAULT_INJECTION: forcing a failure. [ 126.687505][ T6182] name failslab, interval 1, probability 0, space 0, times 1 [ 126.712456][ T6182] CPU: 1 UID: 0 PID: 6182 Comm: syz.1.43 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 126.712503][ T6182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 126.712521][ T6182] Call Trace: [ 126.712531][ T6182] [ 126.712542][ T6182] dump_stack_lvl+0x16c/0x1f0 [ 126.712597][ T6182] should_fail_ex+0x512/0x640 [ 126.712642][ T6182] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 126.712686][ T6182] should_failslab+0xc2/0x120 [ 126.712716][ T6182] __kmalloc_cache_noprof+0x6a/0x3e0 [ 126.712757][ T6182] ? drm_atomic_helper_connector_duplicate_state+0x70/0xd0 [ 126.712801][ T6182] drm_atomic_helper_connector_duplicate_state+0x70/0xd0 [ 126.712839][ T6182] drm_atomic_get_connector_state+0x38b/0x740 [ 126.712892][ T6182] drm_atomic_add_affected_connectors+0x2e0/0x3f0 [ 126.712930][ T6182] ? __pfx_drm_atomic_add_affected_connectors+0x10/0x10 [ 126.712963][ T6182] ? ww_mutex_lock+0x37/0x160 [ 126.712990][ T6182] ? modeset_lock+0x114/0x6e0 [ 126.713041][ T6182] __drm_atomic_helper_set_config+0x5ef/0xea0 [ 126.713081][ T6182] ? __pfx___drm_atomic_helper_set_config+0x10/0x10 [ 126.713121][ T6182] ? drm_client_rotation+0x4da/0x6a0 [ 126.713158][ T6182] drm_client_modeset_commit_atomic+0x53d/0x7e0 [ 126.713205][ T6182] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 126.713280][ T6182] drm_client_modeset_commit_locked+0x14d/0x580 [ 126.713320][ T6182] drm_client_modeset_commit+0x4f/0x80 [ 126.713352][ T6182] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 126.713401][ T6182] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 126.713441][ T6182] drm_fbdev_client_restore+0x2c/0x40 [ 126.713486][ T6182] drm_client_dev_restore+0x1f3/0x2a0 [ 126.713525][ T6182] drm_release+0x2c4/0x360 [ 126.713558][ T6182] ? __pfx_drm_release+0x10/0x10 [ 126.713585][ T6182] __fput+0x402/0xb70 [ 126.713624][ T6182] task_work_run+0x150/0x240 [ 126.713669][ T6182] ? __pfx_task_work_run+0x10/0x10 [ 126.713711][ T6182] ? __pfx___do_sys_close_range+0x10/0x10 [ 126.713763][ T6182] exit_to_user_mode_loop+0xeb/0x110 [ 126.713808][ T6182] do_syscall_64+0x3f6/0x490 [ 126.713837][ T6182] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 126.713864][ T6182] RIP: 0033:0x7f00c698e929 [ 126.713887][ T6182] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 126.713914][ T6182] RSP: 002b:00007f00c78aa038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 126.713940][ T6182] RAX: 0000000000000000 RBX: 00007f00c6bb5fa0 RCX: 00007f00c698e929 [ 126.713957][ T6182] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 126.713972][ T6182] RBP: 00007f00c6a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 126.713988][ T6182] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 126.714003][ T6182] R13: 0000000000000000 R14: 00007f00c6bb5fa0 R15: 00007ffe9ec938b8 [ 126.714041][ T6182] [ 127.570366][ T6183] warning: `syz.3.44' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 128.034674][ T5845] Bluetooth: hci0: command tx timeout [ 128.327217][ T138] hsr_slave_0: left promiscuous mode [ 128.357032][ T138] hsr_slave_1: left promiscuous mode [ 128.373941][ T138] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 128.422297][ T138] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 128.490388][ T138] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 128.505493][ T138] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 128.564065][ T138] veth1_macvtap: left promiscuous mode [ 128.580395][ T138] veth0_macvtap: left promiscuous mode [ 128.591581][ T138] veth1_vlan: left promiscuous mode [ 128.600843][ T138] veth0_vlan: left promiscuous mode [ 129.672741][ T138] team0 (unregistering): Port device team_slave_1 removed [ 129.712903][ T138] team0 (unregistering): Port device team_slave_0 removed [ 130.105101][ T5845] Bluetooth: hci0: command tx timeout [ 130.471974][ T6143] chnl_net:caif_netlink_parms(): no params data found [ 131.089896][ T6143] bridge0: port 1(bridge_slave_0) entered blocking state [ 131.144751][ T6143] bridge0: port 1(bridge_slave_0) entered disabled state [ 131.152053][ T6143] bridge_slave_0: entered allmulticast mode [ 131.236882][ T6143] bridge_slave_0: entered promiscuous mode [ 131.249297][ T6143] bridge0: port 2(bridge_slave_1) entered blocking state [ 131.265132][ T6143] bridge0: port 2(bridge_slave_1) entered disabled state [ 131.272436][ T6143] bridge_slave_1: entered allmulticast mode [ 131.297166][ T6143] bridge_slave_1: entered promiscuous mode [ 131.502710][ T6143] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 131.560814][ T6143] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 131.776691][ T6143] team0: Port device team_slave_0 added [ 131.880463][ T6143] team0: Port device team_slave_1 added [ 132.144961][ T6143] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 132.184820][ T5845] Bluetooth: hci0: command tx timeout [ 132.268391][ T6143] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 132.359731][ T6143] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 132.374769][ T6143] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 132.384762][ T6143] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 132.460171][ T6143] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 132.901917][ T6250] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !PjE r҄y*"l-y– [ 133.001410][ T6143] hsr_slave_0: entered promiscuous mode [ 133.010991][ T6143] hsr_slave_1: entered promiscuous mode [ 133.715435][ T6264] ======================================================= [ 133.715435][ T6264] WARNING: The mand mount option has been deprecated and [ 133.715435][ T6264] and is ignored by this kernel. Remove the mand [ 133.715435][ T6264] option from the mount to silence this warning. [ 133.715435][ T6264] ======================================================= [ 135.668069][ T6143] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 135.964335][ T6143] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 136.016455][ T6143] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 136.200342][ T6143] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 136.248984][ T6299] block nbd7: not configured, cannot reconfigure [ 137.257335][ T6143] 8021q: adding VLAN 0 to HW filter on device bond0 [ 137.330259][ T6143] 8021q: adding VLAN 0 to HW filter on device team0 [ 137.363071][ T3943] bridge0: port 1(bridge_slave_0) entered blocking state [ 137.370323][ T3943] bridge0: port 1(bridge_slave_0) entered forwarding state [ 137.458843][ T3943] bridge0: port 2(bridge_slave_1) entered blocking state [ 137.465996][ T3943] bridge0: port 2(bridge_slave_1) entered forwarding state [ 137.950185][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 137.963413][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 138.394308][ T6344] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input7 [ 138.405428][ T6143] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 138.510744][ T6143] veth0_vlan: entered promiscuous mode [ 138.687215][ T6143] veth1_vlan: entered promiscuous mode [ 138.785342][ T6340] Invalid ELF header magic: != ELF [ 138.839193][ T6143] veth0_macvtap: entered promiscuous mode [ 138.872886][ T6143] veth1_macvtap: entered promiscuous mode [ 139.013475][ T6143] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 139.104003][ T6143] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 139.298099][ T6143] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 139.407821][ T6143] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 139.422105][ T6143] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 139.434753][ T6143] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 139.920660][ T1150] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 139.984048][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 140.078986][ T1150] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 140.091130][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 140.545090][ T6380] netlink: 4 bytes leftover after parsing attributes in process `syz.0.37'. [ 141.670525][ T6400] FAULT_INJECTION: forcing a failure. [ 141.670525][ T6400] name failslab, interval 1, probability 0, space 0, times 0 [ 141.785036][ T6400] CPU: 1 UID: 0 PID: 6400 Comm: syz.0.69 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 141.785093][ T6400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 141.785111][ T6400] Call Trace: [ 141.785121][ T6400] [ 141.785132][ T6400] dump_stack_lvl+0x16c/0x1f0 [ 141.785183][ T6400] should_fail_ex+0x512/0x640 [ 141.785226][ T6400] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 141.785268][ T6400] should_failslab+0xc2/0x120 [ 141.785297][ T6400] __kmalloc_cache_noprof+0x6a/0x3e0 [ 141.785333][ T6400] ? kasan_save_track+0x14/0x30 [ 141.785381][ T6400] ? snd_info_text_entry_open+0xfb/0x2a0 [ 141.785418][ T6400] snd_info_text_entry_open+0xfb/0x2a0 [ 141.785453][ T6400] ? __pfx_snd_info_text_entry_open+0x10/0x10 [ 141.785481][ T6400] ? trace_kmem_cache_alloc+0x28/0xc0 [ 141.785510][ T6400] ? __pfx_apparmor_file_open+0x10/0x10 [ 141.785544][ T6400] ? proc_reg_open+0x21d/0x610 [ 141.785584][ T6400] ? __pfx_snd_info_text_entry_open+0x10/0x10 [ 141.785613][ T6400] proc_reg_open+0x289/0x610 [ 141.785651][ T6400] do_dentry_open+0x744/0x1c10 [ 141.785690][ T6400] ? __pfx_proc_reg_open+0x10/0x10 [ 141.785732][ T6400] vfs_open+0x82/0x3f0 [ 141.785762][ T6400] path_openat+0x1de4/0x2cb0 [ 141.785809][ T6400] ? __pfx_path_openat+0x10/0x10 [ 141.785849][ T6400] ? __lock_acquire+0xb8a/0x1c90 [ 141.785890][ T6400] do_filp_open+0x20b/0x470 [ 141.785927][ T6400] ? __pfx_do_filp_open+0x10/0x10 [ 141.785985][ T6400] ? alloc_fd+0x471/0x7d0 [ 141.786036][ T6400] do_sys_openat2+0x11b/0x1d0 [ 141.786088][ T6400] ? __pfx_do_sys_openat2+0x10/0x10 [ 141.786137][ T6400] __x64_sys_openat+0x174/0x210 [ 141.786171][ T6400] ? __pfx___x64_sys_openat+0x10/0x10 [ 141.786224][ T6400] do_syscall_64+0xcd/0x490 [ 141.786255][ T6400] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 141.786285][ T6400] RIP: 0033:0x7f71cb98e929 [ 141.786308][ T6400] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 141.786334][ T6400] RSP: 002b:00007f71cc7b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 141.786362][ T6400] RAX: ffffffffffffffda RBX: 00007f71cbbb6080 RCX: 00007f71cb98e929 [ 141.786390][ T6400] RDX: 0000000000000000 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 141.786410][ T6400] RBP: 00007f71cba10b39 R08: 0000000000000000 R09: 0000000000000000 [ 141.786428][ T6400] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 141.786446][ T6400] R13: 0000000000000000 R14: 00007f71cbbb6080 R15: 00007ffeb2fa9ea8 [ 141.786484][ T6400] [ 142.861085][ T30] audit: type=1800 audit(6044454054.732:2): pid=6428 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.70" name="members" dev="configfs" ino=10401 res=0 errno=0 [ 142.937350][ T6427] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input8 [ 143.191548][ T6435] Console: switching to colour VGA+ 80x25 [ 144.051302][ T6468] netlink: 8 bytes leftover after parsing attributes in process `syz.2.75'. [ 145.926199][ T6500] netlink: 4 bytes leftover after parsing attributes in process `syz.1.78'. [ 147.483154][ T6521] syz.2.83: vmalloc error: size 1814528, failed to allocate pages, mode:0xcc2(GFP_KERNEL|__GFP_HIGHMEM), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 147.509128][ T6521] CPU: 1 UID: 0 PID: 6521 Comm: syz.2.83 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 147.509163][ T6521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 147.509179][ T6521] Call Trace: [ 147.509193][ T6521] [ 147.509202][ T6521] dump_stack_lvl+0x16c/0x1f0 [ 147.509249][ T6521] warn_alloc+0x248/0x3a0 [ 147.509294][ T6521] ? __pfx_warn_alloc+0x10/0x10 [ 147.509338][ T6521] ? alloc_pages_mpol+0x25a/0x550 [ 147.509366][ T6521] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 147.509406][ T6521] __vmalloc_node_range_noprof+0x11d4/0x14b0 [ 147.509454][ T6521] ? __snd_dma_alloc_pages+0x50/0x90 [ 147.509520][ T6521] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 147.509567][ T6521] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 147.509612][ T6521] ? __snd_dma_alloc_pages+0x50/0x90 [ 147.509649][ T6521] __vmalloc_node_noprof+0xad/0xf0 [ 147.509681][ T6521] ? __snd_dma_alloc_pages+0x50/0x90 [ 147.509717][ T6521] ? __pfx_snd_dma_vmalloc_alloc+0x10/0x10 [ 147.509761][ T6521] __snd_dma_alloc_pages+0x50/0x90 [ 147.509801][ T6521] snd_dma_alloc_dir_pages+0x151/0x240 [ 147.509842][ T6521] do_alloc_pages+0x115/0x280 [ 147.509883][ T6521] snd_pcm_lib_malloc_pages+0x3df/0x980 [ 147.509925][ T6521] snd_pcm_hw_params+0x15e1/0x1b40 [ 147.509970][ T6521] ? __pfx_snd_pcm_hw_params+0x10/0x10 [ 147.510008][ T6521] ? snd_pcm_hw_param_near.constprop.0+0x734/0x8e0 [ 147.510049][ T6521] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 147.510083][ T6521] ? __asan_memset+0x23/0x50 [ 147.510123][ T6521] snd_pcm_kernel_ioctl+0x147/0x2e0 [ 147.510164][ T6521] snd_pcm_oss_change_params_locked+0x1432/0x3a30 [ 147.510225][ T6521] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 147.510263][ T6521] ? snd_pcm_oss_sync+0x30c/0x840 [ 147.510321][ T6521] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 147.510358][ T6521] snd_pcm_oss_sync+0x32e/0x840 [ 147.510396][ T6521] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 147.510429][ T6521] snd_pcm_oss_release+0x28b/0x310 [ 147.510464][ T6521] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 147.510497][ T6521] __fput+0x402/0xb70 [ 147.510533][ T6521] task_work_run+0x150/0x240 [ 147.510576][ T6521] ? __pfx_task_work_run+0x10/0x10 [ 147.510619][ T6521] ? __pfx___do_sys_close_range+0x10/0x10 [ 147.510687][ T6521] exit_to_user_mode_loop+0xeb/0x110 [ 147.510743][ T6521] do_syscall_64+0x3f6/0x490 [ 147.510772][ T6521] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 147.510800][ T6521] RIP: 0033:0x7fd39a38e929 [ 147.510821][ T6521] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 147.510848][ T6521] RSP: 002b:00007fd39b220038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 147.510873][ T6521] RAX: 0000000000000000 RBX: 00007fd39a5b5fa0 RCX: 00007fd39a38e929 [ 147.510891][ T6521] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 147.510906][ T6521] RBP: 00007fd39a410b39 R08: 0000000000000000 R09: 0000000000000000 [ 147.510923][ T6521] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 147.510937][ T6521] R13: 0000000000000000 R14: 00007fd39a5b5fa0 R15: 00007fff45be7f38 [ 147.510974][ T6521] [ 147.510984][ T6521] Mem-Info: [ 147.879882][ T6521] active_anon:9669 inactive_anon:0 isolated_anon:0 [ 147.879882][ T6521] active_file:11135 inactive_file:40179 isolated_file:0 [ 147.879882][ T6521] unevictable:746 dirty:696 writeback:0 [ 147.879882][ T6521] slab_reclaimable:10157 slab_unreclaimable:93097 [ 147.879882][ T6521] mapped:24494 shmem:3817 pagetables:1151 [ 147.879882][ T6521] sec_pagetables:0 bounce:0 [ 147.879882][ T6521] kernel_misc_reclaimable:0 [ 147.879882][ T6521] free:1332435 free_pcp:12561 free_cma:0 [ 147.925260][ C1] vkms_vblank_simulate: vblank timer overrun [ 147.994655][ T6521] Node 0 active_anon:32576kB inactive_anon:0kB active_file:44540kB inactive_file:160512kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:101976kB dirty:2776kB writeback:0kB shmem:8132kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11620kB pagetables:4224kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 148.028124][ C1] vkms_vblank_simulate: vblank timer overrun [ 148.082658][ T6521] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1448kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:8kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:180kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 148.114134][ C1] vkms_vblank_simulate: vblank timer overrun [ 148.128695][ T6521] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 148.157565][ C1] vkms_vblank_simulate: vblank timer overrun [ 148.189485][ T6521] lowmem_reserve[]: 0 2481 2482 2482 2482 [ 148.237919][ T6521] Node 0 DMA32 free:1419836kB boost:0kB min:34092kB low:42612kB high:51132kB reserved_highatomic:0KB free_highatomic:0KB active_anon:23228kB inactive_anon:0kB active_file:44140kB inactive_file:157848kB unevictable:4236kB writepending:2868kB present:3129332kB managed:2540900kB mlocked:2700kB bounce:0kB free_pcp:39472kB local_pcp:23680kB free_cma:0kB [ 148.270582][ C1] vkms_vblank_simulate: vblank timer overrun [ 148.314048][ T6531] netlink: 'syz.3.84': attribute type 10 has an invalid length. [ 148.321815][ T6531] netlink: 230 bytes leftover after parsing attributes in process `syz.3.84'. [ 148.415263][ T6521] lowmem_reserve[]: 0 0 1 1 1 [ 148.420087][ T6521] Node 0 Normal free:24kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1564kB unevictable:0kB writepending:8kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 148.449085][ C1] vkms_vblank_simulate: vblank timer overrun [ 148.512654][ T6521] lowmem_reserve[]: 0 0 0 0 0 [ 148.543711][ T6521] Node 1 Normal free:3904536kB boost:0kB min:55788kB low:69732kB high:83676kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1448kB writepending:8kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:17596kB local_pcp:6784kB free_cma:0kB [ 148.574963][ C1] vkms_vblank_simulate: vblank timer overrun [ 148.643870][ T6521] lowmem_reserve[]: 0 0 0 0 0 [ 148.648946][ T6521] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 148.691471][ T6521] Node 0 DMA32: 1366*4kB (UME) 1201*8kB (UME) 782*16kB (UME) 682*32kB (UME) 438*64kB (UM) 207*128kB (M) 88*256kB (UM) 39*512kB (M) 11*1024kB (UM) 6*2048kB (UME) 305*4096kB (M) = 1419264kB [ 148.723328][ T6521] Node 0 Normal: 0*4kB 1*8kB (M) 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 24kB [ 148.805355][ T6521] Node 1 Normal: 184*4kB (UM) 47*8kB (UME) 38*16kB (UME) 91*32kB (UME) 32*64kB (UME) 6*128kB (UME) 1*256kB (M) 1*512kB (M) 1*1024kB (M) 0*2048kB 951*4096kB (ME) = 3904536kB [ 148.848279][ T6521] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 148.892194][ T6521] Node 0 hugepages_total=2 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 148.910877][ T6543] netlink: 330 bytes leftover after parsing attributes in process `syz.0.87'. [ 148.932751][ T6521] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 148.954415][ T6521] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 148.985055][ T6521] 52815 total pagecache pages [ 148.994661][ T6521] 0 pages in swap cache [ 149.003806][ T6521] Free swap = 124996kB [ 149.017426][ T6521] Total swap = 124996kB [ 149.057898][ T6521] 2097051 pages RAM [ 149.062479][ T6521] 0 pages HighMem/MovableOnly [ 149.075530][ T6521] 429784 pages reserved [ 149.079726][ T6521] 0 pages cma reserved [ 149.688377][ T6574] sd 0:0:1:0: PR command failed: 1026 [ 149.693850][ T6574] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 149.874781][ T6574] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 150.963840][ T6562] kexec: Could not allocate control_code_buffer [ 152.670004][ T6594] kAFS: Invalid Command on /proc/fs/afs/cells file [ 154.554971][ T6661] netlink: 4 bytes leftover after parsing attributes in process `syz.2.102'. [ 155.695203][ T6673] block nbd7: not configured, cannot reconfigure [ 156.450033][ T6697] snd_virmidi snd_virmidi.0: control 2:9:1:IA>/[ko[kd:255 is already present [ 162.901595][ T6806] can0 (unregistered): slcan off ttyS2. [ 163.322457][ T6813] can0: slcan on ttyS2. [ 163.498122][ T6814] can0 (unregistered): slcan off ttyS2. [ 163.577520][ T6825] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 163.628464][ T6825] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 163.711149][ T6825] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 163.783846][ T6825] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 163.809702][ T6825] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 163.831780][ T6825] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 163.863502][ T6825] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 163.899175][ T6825] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 163.957275][ T6825] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 163.973800][ T6825] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 163.987852][ T6825] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 164.005759][ T6825] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 165.146171][ T6864] netlink: 28 bytes leftover after parsing attributes in process `syz.2.139'. [ 165.265854][ T6875] nfs4: Unknown parameter '' [ 165.624726][ T5846] Bluetooth: hci1: command 0x0c1a tx timeout [ 165.785236][ T5846] Bluetooth: hci2: command 0x0c1a tx timeout [ 165.874640][ T5846] Bluetooth: hci3: command 0x0c1a tx timeout [ 166.042850][ T5846] Bluetooth: hci0: command 0x0c1a tx timeout [ 166.232129][ T6902] netlink: 28 bytes leftover after parsing attributes in process `syz.3.142'. [ 166.341124][ T6905] nfs4: Unknown parameter '' [ 167.115681][ T6922] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 167.123703][ T6922] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 167.704754][ T5846] Bluetooth: hci1: command 0x0c1a tx timeout [ 167.880347][ T5846] Bluetooth: hci2: command 0x0c1a tx timeout [ 167.954758][ T5846] Bluetooth: hci3: command 0x0c1a tx timeout [ 168.120863][ T5846] Bluetooth: hci0: command 0x0c1a tx timeout [ 168.512302][ T6945] netlink: 4 bytes leftover after parsing attributes in process `syz.1.150'. [ 169.784985][ T5846] Bluetooth: hci1: command 0x0c1a tx timeout [ 169.954957][ T5846] Bluetooth: hci2: command 0x0c1a tx timeout [ 170.024728][ T5846] Bluetooth: hci3: command 0x0c1a tx timeout [ 170.184917][ T5846] Bluetooth: hci0: command 0x0c1a tx timeout [ 171.661534][ T7002] FAULT_INJECTION: forcing a failure. [ 171.661534][ T7002] name failslab, interval 1, probability 0, space 0, times 0 [ 171.709687][ T7002] CPU: 0 UID: 0 PID: 7002 Comm: syz.3.159 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 171.709724][ T7002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 171.709738][ T7002] Call Trace: [ 171.709746][ T7002] [ 171.709755][ T7002] dump_stack_lvl+0x16c/0x1f0 [ 171.709802][ T7002] should_fail_ex+0x512/0x640 [ 171.709843][ T7002] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 171.709889][ T7002] should_failslab+0xc2/0x120 [ 171.709916][ T7002] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 171.709957][ T7002] ? ptlock_alloc+0x1f/0x70 [ 171.709992][ T7002] ptlock_alloc+0x1f/0x70 [ 171.710026][ T7002] pte_alloc_one+0x82/0x3a0 [ 171.710078][ T7002] __pte_alloc+0x6d/0x3c0 [ 171.710103][ T7002] ? __pfx___pte_alloc+0x10/0x10 [ 171.710131][ T7002] ? _raw_spin_unlock+0x28/0x50 [ 171.710170][ T7002] ? __pmd_alloc+0x3fb/0x930 [ 171.710202][ T7002] __handle_mm_fault+0x4358/0x5490 [ 171.710246][ T7002] ? __pfx___handle_mm_fault+0x10/0x10 [ 171.710314][ T7002] handle_mm_fault+0x589/0xd10 [ 171.710360][ T7002] __get_user_pages+0x589/0x3b80 [ 171.710403][ T7002] ? __pfx_mt_find+0x10/0x10 [ 171.710433][ T7002] ? __pfx___get_user_pages+0x10/0x10 [ 171.710482][ T7002] populate_vma_page_range+0x278/0x3a0 [ 171.710522][ T7002] ? __pfx_populate_vma_page_range+0x10/0x10 [ 171.710559][ T7002] ? __pfx_find_vma_intersection+0x10/0x10 [ 171.710597][ T7002] ? do_mmap+0x69c/0x1210 [ 171.710636][ T7002] __mm_populate+0x1d8/0x380 [ 171.710675][ T7002] ? __pfx___mm_populate+0x10/0x10 [ 171.710716][ T7002] ? up_write+0x1b2/0x520 [ 171.710777][ T7002] vm_mmap_pgoff+0x362/0x450 [ 171.710813][ T7002] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 171.710854][ T7002] ? __x64_sys_futex+0x1e0/0x4c0 [ 171.710889][ T7002] ? __x64_sys_futex+0x1e9/0x4c0 [ 171.710931][ T7002] ksys_mmap_pgoff+0x7d/0x5c0 [ 171.710981][ T7002] ? xfd_validate_state+0x61/0x180 [ 171.711018][ T7002] ? __pfx_ksys_write+0x10/0x10 [ 171.711080][ T7002] __x64_sys_mmap+0x125/0x190 [ 171.711129][ T7002] do_syscall_64+0xcd/0x490 [ 171.711163][ T7002] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 171.711194][ T7002] RIP: 0033:0x7f929df8e929 [ 171.711218][ T7002] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 171.711248][ T7002] RSP: 002b:00007f929ed35038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 171.711276][ T7002] RAX: ffffffffffffffda RBX: 00007f929e1b5fa0 RCX: 00007f929df8e929 [ 171.711295][ T7002] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 171.711312][ T7002] RBP: 00007f929e010b39 R08: 0000000000000002 R09: 0000000000008000 [ 171.711330][ T7002] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 171.711346][ T7002] R13: 0000000000000000 R14: 00007f929e1b5fa0 R15: 00007ffdfb0fdc58 [ 171.711386][ T7002] [ 171.713702][ T7002] FAULT_INJECTION: forcing a failure. [ 171.713702][ T7002] name failslab, interval 1, probability 0, space 0, times 0 [ 172.037256][ T7002] CPU: 0 UID: 0 PID: 7002 Comm: syz.3.159 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 172.037306][ T7002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 172.037322][ T7002] Call Trace: [ 172.037331][ T7002] [ 172.037341][ T7002] dump_stack_lvl+0x16c/0x1f0 [ 172.037389][ T7002] should_fail_ex+0x512/0x640 [ 172.037429][ T7002] ? __kvmalloc_node_noprof+0x124/0x620 [ 172.037472][ T7002] should_failslab+0xc2/0x120 [ 172.037500][ T7002] __kvmalloc_node_noprof+0x137/0x620 [ 172.037540][ T7002] ? __pfx___mutex_lock+0x10/0x10 [ 172.037566][ T7002] ? traverse.part.0.constprop.0+0x392/0x640 [ 172.037611][ T7002] ? traverse.part.0.constprop.0+0x392/0x640 [ 172.037645][ T7002] traverse.part.0.constprop.0+0x392/0x640 [ 172.037685][ T7002] ? aa_file_perm+0x4c7/0xfb0 [ 172.037730][ T7002] seq_read_iter+0x932/0x12c0 [ 172.037781][ T7002] kernfs_fop_read_iter+0x40f/0x5a0 [ 172.037809][ T7002] ? copy_iovec_from_user+0x131/0x170 [ 172.037859][ T7002] do_iter_readv_writev+0x735/0x950 [ 172.037899][ T7002] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 172.037947][ T7002] ? rw_verify_area+0xcf/0x680 [ 172.037986][ T7002] vfs_readv+0x4cb/0x8b0 [ 172.038030][ T7002] ? __pfx_vfs_readv+0x10/0x10 [ 172.038076][ T7002] ? find_held_lock+0x2b/0x80 [ 172.038128][ T7002] ? __fget_files+0x20e/0x3c0 [ 172.038177][ T7002] ? do_preadv+0x1a6/0x270 [ 172.038222][ T7002] do_preadv+0x1a6/0x270 [ 172.038258][ T7002] ? __pfx_do_preadv+0x10/0x10 [ 172.038304][ T7002] do_syscall_64+0xcd/0x490 [ 172.038348][ T7002] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 172.038377][ T7002] RIP: 0033:0x7f929df8e929 [ 172.038399][ T7002] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 172.038425][ T7002] RSP: 002b:00007f929ed35038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 172.038452][ T7002] RAX: ffffffffffffffda RBX: 00007f929e1b5fa0 RCX: 00007f929df8e929 [ 172.038470][ T7002] RDX: 0000000000000006 RSI: 0000200000000080 RDI: 0040000000000003 [ 172.038486][ T7002] RBP: 00007f929ed35090 R08: 0000000000000005 R09: 0000000000000000 [ 172.038502][ T7002] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001 [ 172.038517][ T7002] R13: 0000000000000000 R14: 00007f929e1b5fa0 R15: 00007ffdfb0fdc58 [ 172.038552][ T7002] [ 172.354040][ T7005] FAULT_INJECTION: forcing a failure. [ 172.354040][ T7005] name failslab, interval 1, probability 0, space 0, times 0 [ 172.371526][ T7005] CPU: 0 UID: 0 PID: 7005 Comm: syz.3.160 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 172.371567][ T7005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 172.371585][ T7005] Call Trace: [ 172.371596][ T7005] [ 172.371608][ T7005] dump_stack_lvl+0x16c/0x1f0 [ 172.371664][ T7005] should_fail_ex+0x512/0x640 [ 172.371710][ T7005] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 172.371760][ T7005] should_failslab+0xc2/0x120 [ 172.371790][ T7005] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 172.371839][ T7005] ? alloc_empty_file+0x55/0x1e0 [ 172.371873][ T7005] alloc_empty_file+0x55/0x1e0 [ 172.371898][ T7005] path_openat+0xda/0x2cb0 [ 172.371930][ T7005] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 172.371964][ T7005] ? __pfx_path_openat+0x10/0x10 [ 172.371999][ T7005] ? __lock_acquire+0xb8a/0x1c90 [ 172.372035][ T7005] do_filp_open+0x20b/0x470 [ 172.372070][ T7005] ? __pfx_do_filp_open+0x10/0x10 [ 172.372124][ T7005] ? alloc_fd+0x471/0x7d0 [ 172.372163][ T7005] do_sys_openat2+0x11b/0x1d0 [ 172.372201][ T7005] ? __pfx_do_sys_openat2+0x10/0x10 [ 172.372236][ T7005] __x64_sys_openat+0x174/0x210 [ 172.372260][ T7005] ? __pfx___x64_sys_openat+0x10/0x10 [ 172.372303][ T7005] do_syscall_64+0xcd/0x490 [ 172.372327][ T7005] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 172.372348][ T7005] RIP: 0033:0x7f929df8e929 [ 172.372365][ T7005] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 172.372386][ T7005] RSP: 002b:00007f929ed35038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 172.372405][ T7005] RAX: ffffffffffffffda RBX: 00007f929e1b5fa0 RCX: 00007f929df8e929 [ 172.372420][ T7005] RDX: 0000000000000002 RSI: 0000200000000300 RDI: ffffffffffffff9c [ 172.372433][ T7005] RBP: 00007f929e010b39 R08: 0000000000000000 R09: 0000000000000000 [ 172.372446][ T7005] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 172.372459][ T7005] R13: 0000000000000000 R14: 00007f929e1b5fa0 R15: 00007ffdfb0fdc58 [ 172.372486][ T7005] [ 172.659680][ T7007] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 172.868717][ T7009] binder: 7008:7009 unknown command 0 [ 172.874135][ T7009] binder: 7008:7009 ioctl c0306201 2000000000c0 returned -22 [ 173.367966][ T7022] FAULT_INJECTION: forcing a failure. [ 173.367966][ T7022] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 173.407810][ T7022] CPU: 0 UID: 0 PID: 7022 Comm: syz.0.164 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 173.407847][ T7022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 173.407863][ T7022] Call Trace: [ 173.407872][ T7022] [ 173.407883][ T7022] dump_stack_lvl+0x16c/0x1f0 [ 173.407933][ T7022] should_fail_ex+0x512/0x640 [ 173.407980][ T7022] should_fail_alloc_page+0xe7/0x130 [ 173.408011][ T7022] prepare_alloc_pages+0x3c2/0x610 [ 173.408045][ T7022] ? rcu_is_watching+0x12/0xc0 [ 173.408076][ T7022] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 173.408119][ T7022] ? psi_task_switch+0x201/0x8e0 [ 173.408160][ T7022] ? __lock_acquire+0x622/0x1c90 [ 173.408200][ T7022] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 173.408247][ T7022] ? __lock_acquire+0x622/0x1c90 [ 173.408298][ T7022] ? __lock_acquire+0x622/0x1c90 [ 173.408337][ T7022] ? __lock_acquire+0x622/0x1c90 [ 173.408378][ T7022] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 173.408422][ T7022] ? policy_nodemask+0xea/0x4e0 [ 173.408453][ T7022] alloc_pages_mpol+0x1fb/0x550 [ 173.408480][ T7022] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 173.408516][ T7022] folio_alloc_mpol_noprof+0x36/0x2f0 [ 173.408569][ T7022] vma_alloc_folio_noprof+0xed/0x1e0 [ 173.408603][ T7022] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 173.408634][ T7022] ? find_held_lock+0x2b/0x80 [ 173.408663][ T7022] ? __handle_mm_fault+0x1092/0x5490 [ 173.408709][ T7022] __handle_mm_fault+0x2f21/0x5490 [ 173.408758][ T7022] ? __pfx___handle_mm_fault+0x10/0x10 [ 173.408799][ T7022] ? __pte_offset_map_lock+0x174/0x310 [ 173.408831][ T7022] ? find_held_lock+0x2b/0x80 [ 173.408857][ T7022] ? find_held_lock+0x2b/0x80 [ 173.408895][ T7022] ? follow_page_pte+0x3af/0x14c0 [ 173.408938][ T7022] handle_mm_fault+0x589/0xd10 [ 173.408986][ T7022] __get_user_pages+0x589/0x3b80 [ 173.409032][ T7022] ? __pfx_mt_find+0x10/0x10 [ 173.409064][ T7022] ? __pfx___get_user_pages+0x10/0x10 [ 173.409114][ T7022] populate_vma_page_range+0x278/0x3a0 [ 173.409153][ T7022] ? __pfx_populate_vma_page_range+0x10/0x10 [ 173.409188][ T7022] ? __pfx_find_vma_intersection+0x10/0x10 [ 173.409223][ T7022] ? do_mmap+0x69c/0x1210 [ 173.409270][ T7022] __mm_populate+0x1d8/0x380 [ 173.409307][ T7022] ? __pfx___mm_populate+0x10/0x10 [ 173.409364][ T7022] ? up_write+0x1b2/0x520 [ 173.409413][ T7022] vm_mmap_pgoff+0x362/0x450 [ 173.409449][ T7022] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 173.409490][ T7022] ? __x64_sys_futex+0x1e0/0x4c0 [ 173.409538][ T7022] ? __x64_sys_futex+0x1e9/0x4c0 [ 173.409598][ T7022] ksys_mmap_pgoff+0x7d/0x5c0 [ 173.409629][ T7022] ? xfd_validate_state+0x61/0x180 [ 173.409668][ T7022] ? __pfx_do_writev+0x10/0x10 [ 173.409715][ T7022] __x64_sys_mmap+0x125/0x190 [ 173.409764][ T7022] do_syscall_64+0xcd/0x490 [ 173.409796][ T7022] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 173.409827][ T7022] RIP: 0033:0x7f71cb98e929 [ 173.409852][ T7022] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 173.409882][ T7022] RSP: 002b:00007f71cc7b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 173.409912][ T7022] RAX: ffffffffffffffda RBX: 00007f71cbbb6080 RCX: 00007f71cb98e929 [ 173.409932][ T7022] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 173.409950][ T7022] RBP: 00007f71cba10b39 R08: 0000000000000002 R09: 0000000000008000 [ 173.409967][ T7022] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 173.409985][ T7022] R13: 0000000000000000 R14: 00007f71cbbb6080 R15: 00007ffeb2fa9ea8 [ 173.410026][ T7022] [ 173.780323][ T7025] program syz.1.165 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 173.790648][ T7025] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 174.450063][ T7036] can: request_module (can-proto-0) failed. [ 175.342215][ T7057] FAULT_INJECTION: forcing a failure. [ 175.342215][ T7057] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 175.368809][ T7049] random: crng reseeded on system resumption [ 175.391581][ T7057] CPU: 1 UID: 0 PID: 7057 Comm: syz.3.170 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 175.391618][ T7057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 175.391635][ T7057] Call Trace: [ 175.391644][ T7057] [ 175.391655][ T7057] dump_stack_lvl+0x16c/0x1f0 [ 175.391706][ T7057] should_fail_ex+0x512/0x640 [ 175.391756][ T7057] should_fail_alloc_page+0xe7/0x130 [ 175.391804][ T7057] prepare_alloc_pages+0x3c2/0x610 [ 175.391848][ T7057] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 175.391896][ T7057] ? __pfx_stack_trace_save+0x10/0x10 [ 175.391928][ T7057] ? stack_depot_save_flags+0x28/0xa40 [ 175.391976][ T7057] ? __alloc_frozen_pages_noprof+0x294/0x23f0 [ 175.392022][ T7057] ? kasan_save_stack+0x42/0x60 [ 175.392062][ T7057] ? kasan_save_stack+0x33/0x60 [ 175.392104][ T7057] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 175.392144][ T7057] ? __pmd_alloc+0xbf/0x930 [ 175.392175][ T7057] ? handle_mm_fault+0x589/0xd10 [ 175.392221][ T7057] ? populate_vma_page_range+0x278/0x3a0 [ 175.392253][ T7057] ? __mm_populate+0x1d8/0x380 [ 175.392282][ T7057] ? vm_mmap_pgoff+0x362/0x450 [ 175.392306][ T7057] ? ksys_mmap_pgoff+0x7d/0x5c0 [ 175.392333][ T7057] ? __x64_sys_mmap+0x125/0x190 [ 175.392368][ T7057] ? do_syscall_64+0xcd/0x490 [ 175.392391][ T7057] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 175.392434][ T7057] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 175.392478][ T7057] ? policy_nodemask+0xea/0x4e0 [ 175.392507][ T7057] alloc_pages_mpol+0x1fb/0x550 [ 175.392534][ T7057] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 175.392557][ T7057] ? css_rstat_updated+0x9d/0xd30 [ 175.392595][ T7057] alloc_pages_noprof+0x131/0x390 [ 175.392623][ T7057] pte_alloc_one+0x1c/0x3a0 [ 175.392665][ T7057] __pte_alloc+0x6d/0x3c0 [ 175.392690][ T7057] ? __pfx___pte_alloc+0x10/0x10 [ 175.392717][ T7057] ? _raw_spin_unlock+0x28/0x50 [ 175.392755][ T7057] ? __pmd_alloc+0x3fb/0x930 [ 175.392797][ T7057] __handle_mm_fault+0x4358/0x5490 [ 175.392845][ T7057] ? __pfx___handle_mm_fault+0x10/0x10 [ 175.392914][ T7057] handle_mm_fault+0x589/0xd10 [ 175.392957][ T7057] __get_user_pages+0x589/0x3b80 [ 175.392998][ T7057] ? __pfx_mt_find+0x10/0x10 [ 175.393045][ T7057] ? __pfx___get_user_pages+0x10/0x10 [ 175.393093][ T7057] populate_vma_page_range+0x278/0x3a0 [ 175.393130][ T7057] ? __pfx_populate_vma_page_range+0x10/0x10 [ 175.393165][ T7057] ? __pfx_find_vma_intersection+0x10/0x10 [ 175.393200][ T7057] ? do_mmap+0x69c/0x1210 [ 175.393237][ T7057] __mm_populate+0x1d8/0x380 [ 175.393273][ T7057] ? __pfx___mm_populate+0x10/0x10 [ 175.393309][ T7057] ? up_write+0x1b2/0x520 [ 175.393356][ T7057] vm_mmap_pgoff+0x362/0x450 [ 175.393389][ T7057] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 175.393428][ T7057] ? __x64_sys_futex+0x1e0/0x4c0 [ 175.393462][ T7057] ? __x64_sys_futex+0x1e9/0x4c0 [ 175.393510][ T7057] ksys_mmap_pgoff+0x7d/0x5c0 [ 175.393541][ T7057] ? xfd_validate_state+0x61/0x180 [ 175.393577][ T7057] ? __pfx_ksys_write+0x10/0x10 [ 175.393626][ T7057] __x64_sys_mmap+0x125/0x190 [ 175.393671][ T7057] do_syscall_64+0xcd/0x490 [ 175.393700][ T7057] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 175.393729][ T7057] RIP: 0033:0x7f929df8e929 [ 175.393753][ T7057] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 175.393813][ T7057] RSP: 002b:00007f929ed35038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 175.393841][ T7057] RAX: ffffffffffffffda RBX: 00007f929e1b5fa0 RCX: 00007f929df8e929 [ 175.393877][ T7057] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 175.393896][ T7057] RBP: 00007f929e010b39 R08: 0000000000000002 R09: 0000000000008000 [ 175.393915][ T7057] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 175.393932][ T7057] R13: 0000000000000000 R14: 00007f929e1b5fa0 R15: 00007ffdfb0fdc58 [ 175.393973][ T7057] [ 176.291629][ T7063] syz.2.171 uses obsolete (PF_INET,SOCK_PACKET) [ 176.332637][ T7072] netlink: 4 bytes leftover after parsing attributes in process `syz.0.173'. [ 177.250963][ T7086] zswap: compressor not available [ 177.456902][ T7105] sg_write: process 135 (syz.0.180) changed security contexts after opening file descriptor, this is not allowed. [ 180.116731][ T7157] FAULT_INJECTION: forcing a failure. [ 180.116731][ T7157] name failslab, interval 1, probability 0, space 0, times 0 [ 180.184742][ T7157] CPU: 1 UID: 0 PID: 7157 Comm: syz.3.189 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 180.184781][ T7157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 180.184798][ T7157] Call Trace: [ 180.184806][ T7157] [ 180.184820][ T7157] dump_stack_lvl+0x16c/0x1f0 [ 180.184872][ T7157] should_fail_ex+0x512/0x640 [ 180.184914][ T7157] ? fs_reclaim_acquire+0xae/0x150 [ 180.184950][ T7157] ? tomoyo_open_control+0x51f/0xa30 [ 180.184995][ T7157] should_failslab+0xc2/0x120 [ 180.185022][ T7157] __kmalloc_noprof+0xd2/0x510 [ 180.185073][ T7157] tomoyo_open_control+0x51f/0xa30 [ 180.185126][ T7157] do_dentry_open+0x744/0x1c10 [ 180.185169][ T7157] ? __pfx_tomoyo_open+0x10/0x10 [ 180.185218][ T7157] vfs_open+0x82/0x3f0 [ 180.185254][ T7157] path_openat+0x1de4/0x2cb0 [ 180.185326][ T7157] ? __pfx_path_openat+0x10/0x10 [ 180.185375][ T7157] ? __lock_acquire+0xb8a/0x1c90 [ 180.185464][ T7157] do_filp_open+0x20b/0x470 [ 180.185514][ T7157] ? __pfx_do_filp_open+0x10/0x10 [ 180.185590][ T7157] ? alloc_fd+0x471/0x7d0 [ 180.185645][ T7157] do_sys_openat2+0x11b/0x1d0 [ 180.185681][ T7157] ? __pfx_do_sys_openat2+0x10/0x10 [ 180.185736][ T7157] __x64_sys_openat+0x174/0x210 [ 180.185772][ T7157] ? __pfx___x64_sys_openat+0x10/0x10 [ 180.185827][ T7157] do_syscall_64+0xcd/0x490 [ 180.185861][ T7157] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 180.185894][ T7157] RIP: 0033:0x7f929df8e929 [ 180.185920][ T7157] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 180.185950][ T7157] RSP: 002b:00007f929ed35038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 180.185981][ T7157] RAX: ffffffffffffffda RBX: 00007f929e1b5fa0 RCX: 00007f929df8e929 [ 180.186002][ T7157] RDX: 0000000000040040 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 180.186022][ T7157] RBP: 00007f929e010b39 R08: 0000000000000000 R09: 0000000000000000 [ 180.186041][ T7157] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 180.186059][ T7157] R13: 0000000000000000 R14: 00007f929e1b5fa0 R15: 00007ffdfb0fdc58 [ 180.186100][ T7157] [ 180.467720][ T7169] netlink: zone id is out of range [ 180.472923][ T7169] netlink: zone id is out of range [ 180.478086][ T7169] netlink: zone id is out of range [ 180.483220][ T7169] netlink: zone id is out of range [ 180.488421][ T7169] netlink: zone id is out of range [ 180.493568][ T7169] netlink: zone id is out of range [ 180.502522][ T7169] netlink: zone id is out of range [ 180.507730][ T7169] netlink: zone id is out of range [ 180.512883][ T7169] netlink: zone id is out of range [ 180.518138][ T7169] netlink: zone id is out of range [ 181.798773][ T7183] FAULT_INJECTION: forcing a failure. [ 181.798773][ T7183] name failslab, interval 1, probability 0, space 0, times 0 [ 181.824709][ T7183] CPU: 1 UID: 0 PID: 7183 Comm: syz.0.195 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 181.824742][ T7183] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 181.824775][ T7183] Call Trace: [ 181.824785][ T7183] [ 181.824795][ T7183] dump_stack_lvl+0x16c/0x1f0 [ 181.824845][ T7183] should_fail_ex+0x512/0x640 [ 181.824887][ T7183] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 181.824933][ T7183] should_failslab+0xc2/0x120 [ 181.824960][ T7183] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 181.824999][ T7183] ? __proc_create+0xc3/0x8c0 [ 181.825043][ T7183] ? __proc_create+0x2ce/0x8c0 [ 181.825092][ T7183] __proc_create+0x2ce/0x8c0 [ 181.825139][ T7183] ? __pfx___proc_create+0x10/0x10 [ 181.825187][ T7183] ? do_raw_spin_unlock+0x172/0x230 [ 181.825232][ T7183] ? _raw_spin_unlock+0x28/0x50 [ 181.825290][ T7183] proc_create_reg+0x7d/0x180 [ 181.825346][ T7183] proc_create_net_data+0x8e/0x1b0 [ 181.825396][ T7183] ? __pfx_proc_create_net_data+0x10/0x10 [ 181.825447][ T7183] ? __asan_memcpy+0x3c/0x60 [ 181.825488][ T7183] ? __pfx_unix_net_init+0x10/0x10 [ 181.825525][ T7183] ? __pfx_unix_net_init+0x10/0x10 [ 181.825560][ T7183] unix_net_init+0xb7/0x350 [ 181.825600][ T7183] ? __pfx_unix_net_init+0x10/0x10 [ 181.825635][ T7183] ops_init+0x1df/0x5f0 [ 181.825670][ T7183] setup_net+0x1ff/0x510 [ 181.825699][ T7183] ? lockdep_init_map_type+0x5c/0x280 [ 181.825740][ T7183] ? __pfx_setup_net+0x10/0x10 [ 181.825774][ T7183] ? debug_mutex_init+0x37/0x70 [ 181.825807][ T7183] copy_net_ns+0x2a6/0x5f0 [ 181.825847][ T7183] create_new_namespaces+0x3ea/0xa90 [ 181.825889][ T7183] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 181.825927][ T7183] ksys_unshare+0x45b/0xa40 [ 181.825967][ T7183] ? __pfx_ksys_unshare+0x10/0x10 [ 181.826007][ T7183] ? xfd_validate_state+0x61/0x180 [ 181.826057][ T7183] __x64_sys_unshare+0x31/0x40 [ 181.826114][ T7183] do_syscall_64+0xcd/0x490 [ 181.826146][ T7183] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 181.826177][ T7183] RIP: 0033:0x7f71cb98e929 [ 181.826201][ T7183] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 181.826230][ T7183] RSP: 002b:00007f71cc7d8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 181.826258][ T7183] RAX: ffffffffffffffda RBX: 00007f71cbbb5fa0 RCX: 00007f71cb98e929 [ 181.826278][ T7183] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 181.826308][ T7183] RBP: 00007f71cba10b39 R08: 0000000000000000 R09: 0000000000000000 [ 181.826334][ T7183] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 181.826352][ T7183] R13: 0000000000000000 R14: 00007f71cbbb5fa0 R15: 00007ffeb2fa9ea8 [ 181.826410][ T7183] [ 182.296850][ T7191] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 182.324316][ T7191] CIFS mount error: No usable UNC path provided in device string! [ 182.324316][ T7191] [ 182.335376][ T7191] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 183.051195][ T7199] i2c i2c-0: delete_device: Can't find device in list [ 183.092848][ T7199] netlink: 338 bytes leftover after parsing attributes in process `syz.3.198'. [ 183.107047][ T7199] netlink: 338 bytes leftover after parsing attributes in process `syz.3.198'. [ 183.278273][ T7203] ptrace attach of "./syz-executor exec"[5847] was attempted by ""[7203] [ 183.489663][ T7207] netlink: 21 bytes leftover after parsing attributes in process `syz.2.199'. [ 184.985627][ T7231] random: crng reseeded on system resumption [ 186.265996][ T7247] zswap: compressor 000 not available [ 186.390509][ T7231] kexec: Could not allocate control_code_buffer [ 186.502968][ T7254] ptrace attach of "./syz-executor exec"[5841] was attempted by "./syz-executor exec"[7254] [ 186.524609][ T30] audit: type=1800 audit(6044454098.399:3): pid=7260 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.208" name="dbroot" dev="configfs" ino=13762 res=0 errno=0 [ 187.066534][ T7271] FAULT_INJECTION: forcing a failure. [ 187.066534][ T7271] name failslab, interval 1, probability 0, space 0, times 0 [ 187.079883][ T7271] CPU: 1 UID: 0 PID: 7271 Comm: syz.0.211 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 187.079922][ T7271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 187.079942][ T7271] Call Trace: [ 187.079952][ T7271] [ 187.079964][ T7271] dump_stack_lvl+0x16c/0x1f0 [ 187.080021][ T7271] should_fail_ex+0x512/0x640 [ 187.080065][ T7271] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 187.080115][ T7271] should_failslab+0xc2/0x120 [ 187.080154][ T7271] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 187.080204][ T7271] ? __kernfs_new_node+0xd2/0x8e0 [ 187.080254][ T7271] __kernfs_new_node+0xd2/0x8e0 [ 187.080303][ T7271] ? __pfx___kernfs_new_node+0x10/0x10 [ 187.080357][ T7271] ? find_held_lock+0x2b/0x80 [ 187.080387][ T7271] ? kernfs_root+0xee/0x2a0 [ 187.080438][ T7271] kernfs_new_node+0x13c/0x1e0 [ 187.080496][ T7271] __kernfs_create_file+0x53/0x350 [ 187.080536][ T7271] sysfs_add_file_mode_ns+0x207/0x3c0 [ 187.080589][ T7271] sysfs_merge_group+0x1aa/0x340 [ 187.080637][ T7271] ? __pfx_sysfs_merge_group+0x10/0x10 [ 187.080688][ T7271] ? __pfx_dev_add_physical_location+0x10/0x10 [ 187.080722][ T7271] ? bus_to_subsys+0x131/0x160 [ 187.080768][ T7271] dpm_sysfs_add+0x237/0x280 [ 187.080803][ T7271] device_add+0x9a6/0x1a70 [ 187.080842][ T7271] ? __pfx_device_add+0x10/0x10 [ 187.080875][ T7271] ? lockdep_init_map_type+0x5c/0x280 [ 187.080917][ T7271] ? __init_waitqueue_head+0xca/0x150 [ 187.080979][ T7271] rfkill_register+0x1ad/0xb40 [ 187.081024][ T7271] nfc_register_device+0x11f/0x3c0 [ 187.081062][ T7271] nci_register_device+0x7f1/0xb80 [ 187.081109][ T7271] ? __pfx_nci_register_device+0x10/0x10 [ 187.081171][ T7271] ? lockdep_init_map_type+0x5c/0x280 [ 187.081221][ T7271] virtual_ncidev_open+0x141/0x220 [ 187.081262][ T7271] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 187.081302][ T7271] misc_open+0x35d/0x420 [ 187.081343][ T7271] ? __pfx_misc_open+0x10/0x10 [ 187.081383][ T7271] chrdev_open+0x231/0x6a0 [ 187.081431][ T7271] ? __pfx_apparmor_file_open+0x10/0x10 [ 187.081473][ T7271] ? __pfx_chrdev_open+0x10/0x10 [ 187.081528][ T7271] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 187.081579][ T7271] do_dentry_open+0x744/0x1c10 [ 187.081637][ T7271] ? __pfx_chrdev_open+0x10/0x10 [ 187.081692][ T7271] vfs_open+0x82/0x3f0 [ 187.081729][ T7271] path_openat+0x1de4/0x2cb0 [ 187.081784][ T7271] ? __pfx_path_openat+0x10/0x10 [ 187.081829][ T7271] ? __lock_acquire+0xb8a/0x1c90 [ 187.081871][ T7271] do_filp_open+0x20b/0x470 [ 187.081916][ T7271] ? __pfx_do_filp_open+0x10/0x10 [ 187.081987][ T7271] ? alloc_fd+0x471/0x7d0 [ 187.082038][ T7271] do_sys_openat2+0x11b/0x1d0 [ 187.082071][ T7271] ? __pfx_do_sys_openat2+0x10/0x10 [ 187.082120][ T7271] __x64_sys_openat+0x174/0x210 [ 187.082161][ T7271] ? __pfx___x64_sys_openat+0x10/0x10 [ 187.082212][ T7271] do_syscall_64+0xcd/0x490 [ 187.082244][ T7271] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 187.082274][ T7271] RIP: 0033:0x7f71cb98e929 [ 187.082298][ T7271] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 187.082328][ T7271] RSP: 002b:00007f71cc7d8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 187.082356][ T7271] RAX: ffffffffffffffda RBX: 00007f71cbbb5fa0 RCX: 00007f71cb98e929 [ 187.082374][ T7271] RDX: 0000000000000002 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 187.082391][ T7271] RBP: 00007f71cba10b39 R08: 0000000000000000 R09: 0000000000000000 [ 187.082408][ T7271] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 187.082424][ T7271] R13: 0000000000000000 R14: 00007f71cbbb5fa0 R15: 00007ffeb2fa9ea8 [ 187.082462][ T7271] [ 188.270361][ T7307] FAULT_INJECTION: forcing a failure. [ 188.270361][ T7307] name failslab, interval 1, probability 0, space 0, times 0 [ 188.376484][ T7307] CPU: 0 UID: 0 PID: 7307 Comm: syz.2.218 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 188.376542][ T7307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 188.376566][ T7307] Call Trace: [ 188.376576][ T7307] [ 188.376587][ T7307] dump_stack_lvl+0x16c/0x1f0 [ 188.376641][ T7307] should_fail_ex+0x512/0x640 [ 188.376686][ T7307] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 188.376739][ T7307] should_failslab+0xc2/0x120 [ 188.376769][ T7307] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 188.376819][ T7307] ? __pfx__proc_mkdir+0x10/0x10 [ 188.376844][ T7307] ? nf_lwtunnel_net_init+0x38/0xf0 [ 188.376882][ T7307] ? __pfx_nf_lwtunnel_net_init+0x10/0x10 [ 188.376920][ T7307] kmemdup_noprof+0x29/0x60 [ 188.376965][ T7307] nf_lwtunnel_net_init+0x38/0xf0 [ 188.377003][ T7307] ops_init+0x1df/0x5f0 [ 188.377049][ T7307] setup_net+0x1ff/0x510 [ 188.377080][ T7307] ? lockdep_init_map_type+0x5c/0x280 [ 188.377123][ T7307] ? __pfx_setup_net+0x10/0x10 [ 188.377158][ T7307] ? debug_mutex_init+0x37/0x70 [ 188.377192][ T7307] copy_net_ns+0x2a6/0x5f0 [ 188.377232][ T7307] create_new_namespaces+0x3ea/0xa90 [ 188.377276][ T7307] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 188.377323][ T7307] ksys_unshare+0x45b/0xa40 [ 188.377361][ T7307] ? __pfx_ksys_unshare+0x10/0x10 [ 188.377401][ T7307] ? xfd_validate_state+0x61/0x180 [ 188.377450][ T7307] __x64_sys_unshare+0x31/0x40 [ 188.377488][ T7307] do_syscall_64+0xcd/0x490 [ 188.377518][ T7307] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 188.377546][ T7307] RIP: 0033:0x7fd39a38e929 [ 188.377569][ T7307] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 188.377596][ T7307] RSP: 002b:00007fd39b220038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 188.377623][ T7307] RAX: ffffffffffffffda RBX: 00007fd39a5b5fa0 RCX: 00007fd39a38e929 [ 188.377642][ T7307] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 188.377659][ T7307] RBP: 00007fd39a410b39 R08: 0000000000000000 R09: 0000000000000000 [ 188.377676][ T7307] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 188.377693][ T7307] R13: 0000000000000000 R14: 00007fd39a5b5fa0 R15: 00007fff45be7f38 [ 188.377731][ T7307] [ 188.615830][ T7312] FAULT_INJECTION: forcing a failure. [ 188.615830][ T7312] name fail_futex, interval 1, probability 0, space 0, times 1 [ 188.633630][ T7312] CPU: 1 UID: 0 PID: 7312 Comm: syz.1.219 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 188.633665][ T7312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 188.633682][ T7312] Call Trace: [ 188.633691][ T7312] [ 188.633701][ T7312] dump_stack_lvl+0x16c/0x1f0 [ 188.633750][ T7312] should_fail_ex+0x512/0x640 [ 188.633799][ T7312] get_futex_key+0x1d0/0x1540 [ 188.633837][ T7312] ? __pfx_get_futex_key+0x10/0x10 [ 188.633872][ T7312] ? do_raw_spin_lock+0x12c/0x2b0 [ 188.633922][ T7312] futex_wake+0xea/0x530 [ 188.633959][ T7312] ? find_held_lock+0x2b/0x80 [ 188.633988][ T7312] ? __pfx_futex_wake+0x10/0x10 [ 188.634030][ T7312] ? rcu_is_watching+0x12/0xc0 [ 188.634058][ T7312] ? lockdep_hardirqs_on+0x7c/0x110 [ 188.634121][ T7312] ? posix_timer_unhash_and_free+0x35e/0x3f0 [ 188.634172][ T7312] do_futex+0x1e3/0x350 [ 188.634208][ T7312] ? __pfx_do_futex+0x10/0x10 [ 188.634254][ T7312] __x64_sys_futex+0x1e0/0x4c0 [ 188.634291][ T7312] ? __pfx___x64_sys_timer_create+0x10/0x10 [ 188.634330][ T7312] ? fput+0x70/0xf0 [ 188.634357][ T7312] ? __pfx___x64_sys_futex+0x10/0x10 [ 188.634393][ T7312] ? xfd_validate_state+0x61/0x180 [ 188.634429][ T7312] ? __pfx_ksys_write+0x10/0x10 [ 188.634481][ T7312] do_syscall_64+0xcd/0x490 [ 188.634510][ T7312] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 188.634543][ T7312] RIP: 0033:0x7f00c698e929 [ 188.634565][ T7312] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 188.634595][ T7312] RSP: 002b:00007f00c78890e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 188.634622][ T7312] RAX: ffffffffffffffda RBX: 00007f00c6bb6088 RCX: 00007f00c698e929 [ 188.634640][ T7312] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f00c6bb608c [ 188.634658][ T7312] RBP: 00007f00c6bb6080 R08: 00007f00c78ab000 R09: 0000000000000000 [ 188.634675][ T7312] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007f00c6bb608c [ 188.634693][ T7312] R13: 0000000000000000 R14: 00007ffe9ec937d0 R15: 00007ffe9ec938b8 [ 188.634730][ T7312] [ 190.763291][ T7352] net_ratelimit: 332 callbacks suppressed [ 190.763314][ T7352] openvswitch: netlink: nsh attribute has 4 unknown bytes. [ 192.100960][ T7379] ubi0: attaching mtd0 [ 192.154194][ T7379] ubi0: scanning is finished [ 192.247869][ T7379] ubi0 error: ubi_read_volume_table: LEB size too small for a volume record [ 192.509694][ T7381] Invalid ELF header magic: != ELF [ 192.573835][ T7379] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 192.929312][ T7379] Invalid ELF header magic: != ELF [ 194.977250][ T7422] FAULT_INJECTION: forcing a failure. [ 194.977250][ T7422] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 195.068066][ T7422] CPU: 0 UID: 0 PID: 7422 Comm: syz.3.242 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 195.068107][ T7422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 195.068124][ T7422] Call Trace: [ 195.068134][ T7422] [ 195.068146][ T7422] dump_stack_lvl+0x16c/0x1f0 [ 195.068200][ T7422] should_fail_ex+0x512/0x640 [ 195.068251][ T7422] should_fail_alloc_page+0xe7/0x130 [ 195.068283][ T7422] prepare_alloc_pages+0x3c2/0x610 [ 195.068326][ T7422] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 195.068374][ T7422] ? __pfx_stack_trace_save+0x10/0x10 [ 195.068406][ T7422] ? stack_depot_save_flags+0x28/0xa40 [ 195.068471][ T7422] ? kasan_save_stack+0x42/0x60 [ 195.068509][ T7422] ? kasan_save_stack+0x33/0x60 [ 195.068549][ T7422] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 195.068597][ T7422] ? __pmd_alloc+0xbf/0x930 [ 195.068627][ T7422] ? handle_mm_fault+0x589/0xd10 [ 195.068661][ T7422] ? populate_vma_page_range+0x278/0x3a0 [ 195.068694][ T7422] ? __mm_populate+0x1d8/0x380 [ 195.068723][ T7422] ? vm_mmap_pgoff+0x362/0x450 [ 195.068746][ T7422] ? ksys_mmap_pgoff+0x7d/0x5c0 [ 195.068773][ T7422] ? __x64_sys_mmap+0x125/0x190 [ 195.068808][ T7422] ? do_syscall_64+0xcd/0x490 [ 195.068832][ T7422] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 195.068876][ T7422] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 195.068919][ T7422] ? policy_nodemask+0xea/0x4e0 [ 195.068948][ T7422] alloc_pages_mpol+0x1fb/0x550 [ 195.068976][ T7422] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 195.068998][ T7422] ? css_rstat_updated+0x9d/0xd30 [ 195.069037][ T7422] alloc_pages_noprof+0x131/0x390 [ 195.069064][ T7422] pte_alloc_one+0x1c/0x3a0 [ 195.069108][ T7422] __pte_alloc+0x6d/0x3c0 [ 195.069133][ T7422] ? __pfx___pte_alloc+0x10/0x10 [ 195.069160][ T7422] ? _raw_spin_unlock+0x28/0x50 [ 195.069195][ T7422] ? __pmd_alloc+0x3fb/0x930 [ 195.069230][ T7422] __handle_mm_fault+0x4358/0x5490 [ 195.069277][ T7422] ? __pfx___handle_mm_fault+0x10/0x10 [ 195.069361][ T7422] handle_mm_fault+0x589/0xd10 [ 195.069408][ T7422] __get_user_pages+0x589/0x3b80 [ 195.069451][ T7422] ? __pfx_mt_find+0x10/0x10 [ 195.069481][ T7422] ? __pfx___get_user_pages+0x10/0x10 [ 195.069529][ T7422] populate_vma_page_range+0x278/0x3a0 [ 195.069571][ T7422] ? __pfx_populate_vma_page_range+0x10/0x10 [ 195.069607][ T7422] ? __pfx_find_vma_intersection+0x10/0x10 [ 195.069643][ T7422] ? do_mmap+0x69c/0x1210 [ 195.069678][ T7422] __mm_populate+0x1d8/0x380 [ 195.069715][ T7422] ? __pfx___mm_populate+0x10/0x10 [ 195.069753][ T7422] ? up_write+0x1b2/0x520 [ 195.069801][ T7422] vm_mmap_pgoff+0x362/0x450 [ 195.069834][ T7422] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 195.069872][ T7422] ? __x64_sys_futex+0x1e0/0x4c0 [ 195.069907][ T7422] ? __x64_sys_futex+0x1e9/0x4c0 [ 195.069946][ T7422] ksys_mmap_pgoff+0x7d/0x5c0 [ 195.069976][ T7422] ? xfd_validate_state+0x61/0x180 [ 195.070012][ T7422] ? __pfx_ksys_write+0x10/0x10 [ 195.070058][ T7422] __x64_sys_mmap+0x125/0x190 [ 195.070102][ T7422] do_syscall_64+0xcd/0x490 [ 195.070133][ T7422] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 195.070164][ T7422] RIP: 0033:0x7f929df8e929 [ 195.070187][ T7422] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 195.070215][ T7422] RSP: 002b:00007f929ed35038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 195.070243][ T7422] RAX: ffffffffffffffda RBX: 00007f929e1b5fa0 RCX: 00007f929df8e929 [ 195.070261][ T7422] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 195.070278][ T7422] RBP: 00007f929e010b39 R08: 0000000000000002 R09: 0000000000008000 [ 195.070295][ T7422] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 195.070311][ T7422] R13: 0000000000000000 R14: 00007f929e1b5fa0 R15: 00007ffdfb0fdc58 [ 195.070349][ T7422] [ 195.442667][ C0] vkms_vblank_simulate: vblank timer overrun [ 196.037408][ T7422] nbd: socks must be embedded in a SOCK_ITEM attr [ 196.523926][ T7429] random: crng reseeded on system resumption                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         syzkaller syzkaller login: [ 250.105295][ T8306] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input13 [ 251.466002][ T30] audit: type=1806 audit(6044454163.349:5): xattr="" res=-22 [ 253.078374][ T8340] FAULT_INJECTION: forcing a failure. [ 253.078374][ T8340] name failslab, interval 1, probability 0, space 0, times 0 [ 253.133186][ T8340] CPU: 0 UID: 0 PID: 8340 Comm: syz.3.411 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 253.133223][ T8340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 253.133252][ T8340] Call Trace: [ 253.133265][ T8340] [ 253.133276][ T8340] dump_stack_lvl+0x16c/0x1f0 [ 253.133327][ T8340] should_fail_ex+0x512/0x640 [ 253.133369][ T8340] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 253.133416][ T8340] should_failslab+0xc2/0x120 [ 253.133444][ T8340] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 253.133487][ T8340] ? ptlock_alloc+0x1f/0x70 [ 253.133529][ T8340] ptlock_alloc+0x1f/0x70 [ 253.133564][ T8340] pte_alloc_one+0x82/0x3a0 [ 253.133610][ T8340] __pte_alloc+0x6d/0x3c0 [ 253.133656][ T8340] ? __pfx___pte_alloc+0x10/0x10 [ 253.133687][ T8340] ? _raw_spin_unlock+0x28/0x50 [ 253.133728][ T8340] ? __pmd_alloc+0x3fb/0x930 [ 253.133765][ T8340] __handle_mm_fault+0x4358/0x5490 [ 253.133817][ T8340] ? __pfx___handle_mm_fault+0x10/0x10 [ 253.133892][ T8340] handle_mm_fault+0x589/0xd10 [ 253.133951][ T8340] __get_user_pages+0x589/0x3b80 [ 253.133994][ T8340] ? __pfx_mt_find+0x10/0x10 [ 253.134023][ T8340] ? __pfx___get_user_pages+0x10/0x10 [ 253.134069][ T8340] populate_vma_page_range+0x278/0x3a0 [ 253.134106][ T8340] ? __pfx_populate_vma_page_range+0x10/0x10 [ 253.134157][ T8340] ? __pfx_find_vma_intersection+0x10/0x10 [ 253.134200][ T8340] ? do_mmap+0x69c/0x1210 [ 253.134236][ T8340] __mm_populate+0x1d8/0x380 [ 253.134274][ T8340] ? __pfx___mm_populate+0x10/0x10 [ 253.134313][ T8340] ? up_write+0x1b2/0x520 [ 253.134361][ T8340] vm_mmap_pgoff+0x362/0x450 [ 253.134397][ T8340] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 253.134436][ T8340] ? __x64_sys_futex+0x1e0/0x4c0 [ 253.134470][ T8340] ? __x64_sys_futex+0x1e9/0x4c0 [ 253.134516][ T8340] ksys_mmap_pgoff+0x7d/0x5c0 [ 253.134548][ T8340] ? xfd_validate_state+0x61/0x180 [ 253.134586][ T8340] ? __pfx_ksys_write+0x10/0x10 [ 253.134635][ T8340] __x64_sys_mmap+0x125/0x190 [ 253.134682][ T8340] do_syscall_64+0xcd/0x490 [ 253.134714][ T8340] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 253.134745][ T8340] RIP: 0033:0x7f929df8e929 [ 253.134770][ T8340] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 253.134801][ T8340] RSP: 002b:00007f929ed35038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 253.134832][ T8340] RAX: ffffffffffffffda RBX: 00007f929e1b5fa0 RCX: 00007f929df8e929 [ 253.134851][ T8340] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 253.134869][ T8340] RBP: 00007f929e010b39 R08: 0000000000000002 R09: 0000000000008000 [ 253.134887][ T8340] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 253.134904][ T8340] R13: 0000000000000000 R14: 00007f929e1b5fa0 R15: 00007ffdfb0fdc58 [ 253.134938][ T8340] [ 257.244269][ T8352] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input14 [ 258.408095][ T8384] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input15 [ 260.730897][ T8418] zswap: compressor not available [ 260.755033][ T8412] syz.2.424 (8412): /proc/8409/oom_adj is deprecated, please use /proc/8409/oom_score_adj instead. [ 260.848318][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 260.861083][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 261.550686][ T8428] netlink: 28 bytes leftover after parsing attributes in process `syz.2.427'. [ 264.320093][ T5840] Bluetooth: hci1: unexpected subevent 0x01 length: 5 < 18 [ 264.502315][ T8441] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 264.515838][ T8441] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 264.548791][ T8441] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 264.569621][ T8441] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 264.622560][ T8441] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 264.670768][ T8441] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 264.741762][ T8441] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 265.308301][ T5840] Bluetooth: hci1: command 0x0c1a tx timeout [ 265.838414][ T8474] ovs_: entered promiscuous mode [ 266.585157][ T5840] Bluetooth: hci0: command 0x0c1a tx timeout [ 266.593063][ T5840] Bluetooth: hci3: command 0x0c1a tx timeout [ 266.593170][ T5840] Bluetooth: hci2: command 0x0c1a tx timeout [ 266.664674][ T5846] Bluetooth: hci4: command 0x0c1a tx timeout [ 267.357029][ T8484] input: jJǸ;9%vlQ J86 as /devices/virtual/input/input16 [ 267.541577][ T8488] netlink: 28 bytes leftover after parsing attributes in process `syz.4.437'. [ 268.360952][ T8498] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input17 [ 268.744789][ T5846] Bluetooth: hci4: command 0x0c1a tx timeout [ 268.804872][ T8500] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input18 [ 270.227504][ T8510] netlink: 28 bytes leftover after parsing attributes in process `syz.3.440'. [ 270.825007][ T5846] Bluetooth: hci4: command 0x0c1a tx timeout [ 271.412817][ T8525] netlink: 28 bytes leftover after parsing attributes in process `syz.4.443'. [ 271.585921][ T8525] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 271.599221][ T8525] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 271.631853][ T8525] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 271.649338][ T8525] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 279.686208][ T8612] FAULT_INJECTION: forcing a failure. [ 279.686208][ T8612] name failslab, interval 1, probability 0, space 0, times 0 [ 279.739771][ T8612] CPU: 1 UID: 0 PID: 8612 Comm: syz.4.463 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 279.739811][ T8612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 279.739828][ T8612] Call Trace: [ 279.739836][ T8612] [ 279.739846][ T8612] dump_stack_lvl+0x16c/0x1f0 [ 279.739894][ T8612] should_fail_ex+0x512/0x640 [ 279.739941][ T8612] ? fs_reclaim_acquire+0xae/0x150 [ 279.739974][ T8612] ? tomoyo_open_control+0x51f/0xa30 [ 279.740011][ T8612] should_failslab+0xc2/0x120 [ 279.740036][ T8612] __kmalloc_noprof+0xd2/0x510 [ 279.740082][ T8612] tomoyo_open_control+0x51f/0xa30 [ 279.740126][ T8612] do_dentry_open+0x744/0x1c10 [ 279.740165][ T8612] ? __pfx_tomoyo_open+0x10/0x10 [ 279.740206][ T8612] vfs_open+0x82/0x3f0 [ 279.740236][ T8612] path_openat+0x1de4/0x2cb0 [ 279.740281][ T8612] ? __pfx_path_openat+0x10/0x10 [ 279.740320][ T8612] ? __lock_acquire+0xb8a/0x1c90 [ 279.740357][ T8612] do_filp_open+0x20b/0x470 [ 279.740394][ T8612] ? __pfx_do_filp_open+0x10/0x10 [ 279.740452][ T8612] ? alloc_fd+0x471/0x7d0 [ 279.740494][ T8612] do_sys_openat2+0x11b/0x1d0 [ 279.740521][ T8612] ? __pfx_do_sys_openat2+0x10/0x10 [ 279.740561][ T8612] __x64_sys_openat+0x174/0x210 [ 279.740589][ T8612] ? __pfx___x64_sys_openat+0x10/0x10 [ 279.740631][ T8612] do_syscall_64+0xcd/0x490 [ 279.740656][ T8612] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 279.740681][ T8612] RIP: 0033:0x7f2240b8e929 [ 279.740701][ T8612] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 279.740725][ T8612] RSP: 002b:00007f2241989038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 279.740749][ T8612] RAX: ffffffffffffffda RBX: 00007f2240db5fa0 RCX: 00007f2240b8e929 [ 279.740766][ T8612] RDX: 0000000000040040 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 279.740782][ T8612] RBP: 00007f2240c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 279.740797][ T8612] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 279.740811][ T8612] R13: 0000000000000000 R14: 00007f2240db5fa0 R15: 00007ffd1cb65608 [ 279.740842][ T8612] [ 281.831412][ T8627] FAULT_INJECTION: forcing a failure. [ 281.831412][ T8627] name failslab, interval 1, probability 0, space 0, times 0 [ 281.865174][ T8627] CPU: 1 UID: 0 PID: 8627 Comm: syz.2.466 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 281.865216][ T8627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 281.865253][ T8627] Call Trace: [ 281.865263][ T8627] [ 281.865275][ T8627] dump_stack_lvl+0x16c/0x1f0 [ 281.865334][ T8627] should_fail_ex+0x512/0x640 [ 281.865384][ T8627] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 281.865432][ T8627] should_failslab+0xc2/0x120 [ 281.865464][ T8627] __kmalloc_cache_noprof+0x6a/0x3e0 [ 281.865505][ T8627] ? lockdep_init_map_type+0x5c/0x280 [ 281.865552][ T8627] ? fqdir_init+0x4f/0x1f0 [ 281.865591][ T8627] ? lockdep_init_map_type+0x5c/0x280 [ 281.865641][ T8627] fqdir_init+0x4f/0x1f0 [ 281.865685][ T8627] lowpan_frags_init_net+0x2d/0x3a0 [ 281.865734][ T8627] ? __pfx_lowpan_frags_init_net+0x10/0x10 [ 281.865768][ T8627] ops_init+0x1df/0x5f0 [ 281.865807][ T8627] setup_net+0x1ff/0x510 [ 281.865846][ T8627] ? lockdep_init_map_type+0x5c/0x280 [ 281.865893][ T8627] ? __pfx_setup_net+0x10/0x10 [ 281.865932][ T8627] ? debug_mutex_init+0x37/0x70 [ 281.865967][ T8627] copy_net_ns+0x2a6/0x5f0 [ 281.866007][ T8627] create_new_namespaces+0x3ea/0xa90 [ 281.866049][ T8627] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 281.866087][ T8627] ksys_unshare+0x45b/0xa40 [ 281.866128][ T8627] ? __pfx_ksys_unshare+0x10/0x10 [ 281.866171][ T8627] ? xfd_validate_state+0x61/0x180 [ 281.866223][ T8627] __x64_sys_unshare+0x31/0x40 [ 281.866263][ T8627] do_syscall_64+0xcd/0x490 [ 281.866295][ T8627] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 281.866326][ T8627] RIP: 0033:0x7fd39a38e929 [ 281.866351][ T8627] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 281.866383][ T8627] RSP: 002b:00007fd39b1ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 281.866412][ T8627] RAX: ffffffffffffffda RBX: 00007fd39a5b6080 RCX: 00007fd39a38e929 [ 281.866433][ T8627] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 281.866451][ T8627] RBP: 00007fd39a410b39 R08: 0000000000000000 R09: 0000000000000000 [ 281.866469][ T8627] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 281.866487][ T8627] R13: 0000000000000000 R14: 00007fd39a5b6080 R15: 00007fff45be7f38 [ 281.866527][ T8627] [ 283.626186][ T8637] FAULT_INJECTION: forcing a failure. [ 283.626186][ T8637] name failslab, interval 1, probability 0, space 0, times 0 [ 283.641501][ T8637] CPU: 1 UID: 0 PID: 8637 Comm: syz.2.469 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 283.641536][ T8637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 283.641551][ T8637] Call Trace: [ 283.641559][ T8637] [ 283.641571][ T8637] dump_stack_lvl+0x16c/0x1f0 [ 283.641632][ T8637] should_fail_ex+0x512/0x640 [ 283.641666][ T8637] ? fs_reclaim_acquire+0xae/0x150 [ 283.641695][ T8637] should_failslab+0xc2/0x120 [ 283.641715][ T8637] __kmalloc_cache_noprof+0x6a/0x3e0 [ 283.641744][ T8637] ? do_raw_spin_lock+0x12c/0x2b0 [ 283.641777][ T8637] ? tomoyo_open_control+0x56/0xa30 [ 283.641823][ T8637] tomoyo_open_control+0x56/0xa30 [ 283.641863][ T8637] do_dentry_open+0x744/0x1c10 [ 283.641898][ T8637] ? __pfx_tomoyo_open+0x10/0x10 [ 283.641934][ T8637] vfs_open+0x82/0x3f0 [ 283.641961][ T8637] path_openat+0x1de4/0x2cb0 [ 283.642002][ T8637] ? __pfx_path_openat+0x10/0x10 [ 283.642035][ T8637] ? __lock_acquire+0xb8a/0x1c90 [ 283.642066][ T8637] do_filp_open+0x20b/0x470 [ 283.642098][ T8637] ? __pfx_do_filp_open+0x10/0x10 [ 283.642149][ T8637] ? alloc_fd+0x471/0x7d0 [ 283.642186][ T8637] do_sys_openat2+0x11b/0x1d0 [ 283.642228][ T8637] ? __pfx_do_sys_openat2+0x10/0x10 [ 283.642265][ T8637] __x64_sys_openat+0x174/0x210 [ 283.642292][ T8637] ? __pfx___x64_sys_openat+0x10/0x10 [ 283.642330][ T8637] do_syscall_64+0xcd/0x490 [ 283.642354][ T8637] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 283.642378][ T8637] RIP: 0033:0x7fd39a38e929 [ 283.642395][ T8637] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 283.642418][ T8637] RSP: 002b:00007fd39b220038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 283.642440][ T8637] RAX: ffffffffffffffda RBX: 00007fd39a5b5fa0 RCX: 00007fd39a38e929 [ 283.642456][ T8637] RDX: 0000000000040040 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 283.642471][ T8637] RBP: 00007fd39a410b39 R08: 0000000000000000 R09: 0000000000000000 [ 283.642485][ T8637] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 283.642499][ T8637] R13: 0000000000000000 R14: 00007fd39a5b5fa0 R15: 00007fff45be7f38 [ 283.642527][ T8637] [ 284.426205][ T8643] zram0: detected capacity change from 0 to 8 [ 284.510261][ T8653] QAT: failed to copy from user. [ 286.403030][ T8670] scsi_strcpy_devinfo: vendor string '/&c~n] | [ 286.403030][ T8670] M' is too long [ 286.433757][ T8667] FAULT_INJECTION: forcing a failure. [ 286.433757][ T8667] name fail_futex, interval 1, probability 0, space 0, times 0 [ 286.446967][ T8670] scsi_strcpy_devinfo: model string 'Dd5 K2b [ 286.446967][ T8670] W ' is too long [ 286.462147][ T8667] CPU: 1 UID: 0 PID: 8667 Comm: syz.3.476 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 286.462186][ T8667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 286.462204][ T8667] Call Trace: [ 286.462214][ T8667] [ 286.462224][ T8667] dump_stack_lvl+0x16c/0x1f0 [ 286.462290][ T8667] should_fail_ex+0x512/0x640 [ 286.462347][ T8667] get_futex_key+0x1d0/0x1540 [ 286.462385][ T8667] ? __pfx_get_futex_key+0x10/0x10 [ 286.462431][ T8667] futex_wake+0xea/0x530 [ 286.462472][ T8667] ? rcu_is_watching+0x12/0xc0 [ 286.462502][ T8667] ? __pfx_futex_wake+0x10/0x10 [ 286.462546][ T8667] ? kmem_cache_free+0x2d1/0x4d0 [ 286.462584][ T8667] ? fd_install+0x225/0x750 [ 286.462620][ T8667] ? putname+0x154/0x1a0 [ 286.462653][ T8667] do_futex+0x1e3/0x350 [ 286.462689][ T8667] ? __pfx_do_futex+0x10/0x10 [ 286.462732][ T8667] __x64_sys_futex+0x1e0/0x4c0 [ 286.462770][ T8667] ? __x64_sys_openat+0x174/0x210 [ 286.462802][ T8667] ? __pfx___x64_sys_futex+0x10/0x10 [ 286.462851][ T8667] do_syscall_64+0xcd/0x490 [ 286.462880][ T8667] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 286.462908][ T8667] RIP: 0033:0x7f929df8e929 [ 286.462930][ T8667] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 286.462957][ T8667] RSP: 002b:00007f929ed350e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 286.462983][ T8667] RAX: ffffffffffffffda RBX: 00007f929e1b5fa8 RCX: 00007f929df8e929 [ 286.463001][ T8667] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f929e1b5fac [ 286.463018][ T8667] RBP: 00007f929e1b5fa0 R08: 00007f929ed36000 R09: 0000000000000000 [ 286.463035][ T8667] R10: 000000000000000f R11: 0000000000000246 R12: 00007f929e1b5fac [ 286.463051][ T8667] R13: 0000000000000000 R14: 00007ffdfb0fdb70 R15: 00007ffdfb0fdc58 [ 286.463087][ T8667] [ 287.969752][ T8699] netlink: 'syz.2.481': attribute type 11 has an invalid length. [ 288.004641][ T8699] netlink: 'syz.2.481': attribute type 11 has an invalid length. [ 288.054825][ T8699] netlink: 'syz.2.481': attribute type 11 has an invalid length. [ 288.794002][ T8701] page: refcount:4 mapcount:3 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 288.838785][ T8701] flags: 0xfff18000000214(referenced|dirty|workingset|node=0|zone=1|lastcpupid=0x7ff) [ 288.904669][ T8701] raw: 00fff18000000214 0000000000000000 dead000000000122 0000000000000000 [ 288.913380][ T8701] raw: 0000000000000000 0000000000000000 0000000400000002 0000000000000000 [ 289.194554][ T8701] page dumped because: unmovable page [ 289.367476][ T8701] page_owner tracks the page as allocated [ 289.373454][ T8701] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 5835, tgid 5835 (syz-executor), ts 100972830797, free_ts 100971954819 [ 289.394307][ T8701] post_alloc_hook+0x1c0/0x230 [ 289.476608][ T8701] get_page_from_freelist+0x1321/0x3890 [ 289.482578][ T8701] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 289.561758][ T8701] alloc_pages_mpol+0x1fb/0x550 [ 289.664622][ T8701] alloc_pages_noprof+0x131/0x390 [ 289.682849][ T8701] __vmalloc_node_range_noprof+0x72f/0x14b0 [ 289.703498][ T8701] vmalloc_user_noprof+0x9e/0xe0 [ 289.733505][ T8701] kcov_ioctl+0x4c/0x730 [ 289.741253][ T8701] __x64_sys_ioctl+0x18e/0x210 [ 289.748158][ T8701] do_syscall_64+0xcd/0x490 [ 290.028789][ T8701] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 290.117191][ T8701] page last free pid 5835 tgid 5835 stack trace: [ 290.179796][ T8701] __free_frozen_pages+0x7fe/0x1180 [ 290.240014][ T8701] kasan_populate_vmalloc+0x18c/0x1f0 [ 290.294092][ T8701] alloc_vmap_area+0x959/0x29c0 [ 290.343300][ T8701] __get_vm_area_node+0x1ca/0x330 [ 290.463707][ T8701] __vmalloc_node_range_noprof+0x271/0x14b0 [ 290.530392][ T8701] vmalloc_user_noprof+0x9e/0xe0 [ 290.564748][ T8701] kcov_ioctl+0x4c/0x730 [ 290.604966][ T8701] __x64_sys_ioctl+0x18e/0x210 [ 290.688865][ T8701] do_syscall_64+0xcd/0x490 [ 290.704782][ T8701] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 292.095584][ T8725] FAULT_INJECTION: forcing a failure. [ 292.095584][ T8725] name failslab, interval 1, probability 0, space 0, times 0 [ 292.155857][ T8725] CPU: 0 UID: 0 PID: 8725 Comm: syz.2.485 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 292.155894][ T8725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 292.155910][ T8725] Call Trace: [ 292.155920][ T8725] [ 292.155930][ T8725] dump_stack_lvl+0x16c/0x1f0 [ 292.155981][ T8725] should_fail_ex+0x512/0x640 [ 292.156044][ T8725] ? fs_reclaim_acquire+0xae/0x150 [ 292.156081][ T8725] ? tomoyo_open_control+0x51f/0xa30 [ 292.156147][ T8725] should_failslab+0xc2/0x120 [ 292.156186][ T8725] __kmalloc_noprof+0xd2/0x510 [ 292.156245][ T8725] tomoyo_open_control+0x51f/0xa30 [ 292.156306][ T8725] do_dentry_open+0x744/0x1c10 [ 292.156355][ T8725] ? __pfx_tomoyo_open+0x10/0x10 [ 292.156411][ T8725] vfs_open+0x82/0x3f0 [ 292.156451][ T8725] path_openat+0x1de4/0x2cb0 [ 292.156511][ T8725] ? __pfx_path_openat+0x10/0x10 [ 292.156560][ T8725] ? __lock_acquire+0xb8a/0x1c90 [ 292.156608][ T8725] do_filp_open+0x20b/0x470 [ 292.156654][ T8725] ? __pfx_do_filp_open+0x10/0x10 [ 292.156731][ T8725] ? alloc_fd+0x471/0x7d0 [ 292.156786][ T8725] do_sys_openat2+0x11b/0x1d0 [ 292.156822][ T8725] ? __pfx_do_sys_openat2+0x10/0x10 [ 292.156875][ T8725] __x64_sys_openat+0x174/0x210 [ 292.156928][ T8725] ? __pfx___x64_sys_openat+0x10/0x10 [ 292.156983][ T8725] do_syscall_64+0xcd/0x490 [ 292.157017][ T8725] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 292.157049][ T8725] RIP: 0033:0x7fd39a38e929 [ 292.157075][ T8725] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 292.157107][ T8725] RSP: 002b:00007fd39b220038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 292.157137][ T8725] RAX: ffffffffffffffda RBX: 00007fd39a5b5fa0 RCX: 00007fd39a38e929 [ 292.157157][ T8725] RDX: 0000000000040040 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 292.157183][ T8725] RBP: 00007fd39a410b39 R08: 0000000000000000 R09: 0000000000000000 [ 292.157203][ T8725] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 292.157222][ T8725] R13: 0000000000000000 R14: 00007fd39a5b5fa0 R15: 00007fff45be7f38 [ 292.157264][ T8725] [ 293.783404][ T8733] ubi0: attaching mtd0 [ 293.801142][ T8733] ubi0: scanning is finished [ 293.837825][ T8733] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 294.193675][ T8733] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 294.822519][ T8754] netlink: 12 bytes leftover after parsing attributes in process `syz.1.493'. [ 294.834693][ T8754] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 295.324719][ T8762] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 0 out of range (51000000..2150000000) [ 298.311179][ T8790] mkiss: ax0: crc mode is auto. [ 299.220500][ T8783] netlink: 330 bytes leftover after parsing attributes in process `syz.2.501'. [ 299.972097][ T8783] : renamed from hsr0 (while UP) [ 303.875166][ T8847] netlink: 'syz.4.510': attribute type 2 has an invalid length. [ 307.104395][ T8862] CIFS mount error: No usable UNC path provided in device string! [ 307.104395][ T8862] [ 307.115389][ T8862] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 308.171450][ T8875] FAULT_INJECTION: forcing a failure. [ 308.171450][ T8875] name failslab, interval 1, probability 0, space 0, times 0 [ 308.195781][ T8875] CPU: 1 UID: 0 PID: 8875 Comm: syz.4.516 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 308.195822][ T8875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 308.195842][ T8875] Call Trace: [ 308.195851][ T8875] [ 308.195863][ T8875] dump_stack_lvl+0x16c/0x1f0 [ 308.195918][ T8875] should_fail_ex+0x512/0x640 [ 308.195966][ T8875] ? fs_reclaim_acquire+0xae/0x150 [ 308.196004][ T8875] ? tomoyo_open_control+0x51f/0xa30 [ 308.196052][ T8875] should_failslab+0xc2/0x120 [ 308.196082][ T8875] __kmalloc_noprof+0xd2/0x510 [ 308.196155][ T8875] tomoyo_open_control+0x51f/0xa30 [ 308.196213][ T8875] do_dentry_open+0x744/0x1c10 [ 308.196261][ T8875] ? __pfx_tomoyo_open+0x10/0x10 [ 308.196316][ T8875] vfs_open+0x82/0x3f0 [ 308.196356][ T8875] path_openat+0x1de4/0x2cb0 [ 308.196416][ T8875] ? __pfx_path_openat+0x10/0x10 [ 308.196465][ T8875] ? __lock_acquire+0xb8a/0x1c90 [ 308.196512][ T8875] do_filp_open+0x20b/0x470 [ 308.196560][ T8875] ? __pfx_do_filp_open+0x10/0x10 [ 308.196636][ T8875] ? alloc_fd+0x471/0x7d0 [ 308.196704][ T8875] do_sys_openat2+0x11b/0x1d0 [ 308.196740][ T8875] ? __pfx_do_sys_openat2+0x10/0x10 [ 308.196794][ T8875] __x64_sys_openat+0x174/0x210 [ 308.196832][ T8875] ? __pfx___x64_sys_openat+0x10/0x10 [ 308.196889][ T8875] do_syscall_64+0xcd/0x490 [ 308.196924][ T8875] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 308.196957][ T8875] RIP: 0033:0x7f2240b8e929 [ 308.196983][ T8875] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 308.197015][ T8875] RSP: 002b:00007f2241989038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 308.197045][ T8875] RAX: ffffffffffffffda RBX: 00007f2240db5fa0 RCX: 00007f2240b8e929 [ 308.197065][ T8875] RDX: 0000000000040040 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 308.197085][ T8875] RBP: 00007f2240c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 308.197103][ T8875] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 308.197121][ T8875] R13: 0000000000000000 R14: 00007f2240db5fa0 R15: 00007ffd1cb65608 [ 308.197160][ T8875] [ 309.341128][ T8893] netlink: 28 bytes leftover after parsing attributes in process `syz.3.520'. [ 310.371805][ T8900] netlink: 330 bytes leftover after parsing attributes in process `syz.2.521'. [ 314.497026][ T8960] program syz.1.531 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 314.506829][ T8960] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 315.604385][ T8970] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input20 [ 316.038570][ T8979] ubi0: attaching mtd0 [ 316.170132][ T8979] ubi0: scanning is finished [ 316.175243][ T8979] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 316.437663][ T8979] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 318.274223][ T9013] netlink: 28 bytes leftover after parsing attributes in process `syz.3.540'. [ 320.086896][ T9022] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 322.007617][ T9050] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 322.013922][ T9050] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 322.024868][ T9050] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 322.031319][ T9050] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 322.043725][ T9050] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 322.183791][ T9069] FAULT_INJECTION: forcing a failure. [ 322.183791][ T9069] name failslab, interval 1, probability 0, space 0, times 0 [ 322.225624][ T9069] CPU: 1 UID: 0 PID: 9069 Comm: syz.2.552 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 322.225674][ T9069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 322.225692][ T9069] Call Trace: [ 322.225702][ T9069] [ 322.225714][ T9069] dump_stack_lvl+0x16c/0x1f0 [ 322.225768][ T9069] should_fail_ex+0x512/0x640 [ 322.225813][ T9069] ? fs_reclaim_acquire+0xae/0x150 [ 322.225852][ T9069] ? tomoyo_open_control+0x51f/0xa30 [ 322.225898][ T9069] should_failslab+0xc2/0x120 [ 322.225927][ T9069] __kmalloc_noprof+0xd2/0x510 [ 322.225982][ T9069] tomoyo_open_control+0x51f/0xa30 [ 322.226037][ T9069] do_dentry_open+0x744/0x1c10 [ 322.226082][ T9069] ? __pfx_tomoyo_open+0x10/0x10 [ 322.226150][ T9069] vfs_open+0x82/0x3f0 [ 322.226188][ T9069] path_openat+0x1de4/0x2cb0 [ 322.226246][ T9069] ? __pfx_path_openat+0x10/0x10 [ 322.226294][ T9069] ? __lock_acquire+0xb8a/0x1c90 [ 322.226341][ T9069] do_filp_open+0x20b/0x470 [ 322.226387][ T9069] ? __pfx_do_filp_open+0x10/0x10 [ 322.226461][ T9069] ? alloc_fd+0x471/0x7d0 [ 322.226515][ T9069] do_sys_openat2+0x11b/0x1d0 [ 322.226550][ T9069] ? __pfx_do_sys_openat2+0x10/0x10 [ 322.226601][ T9069] __x64_sys_openat+0x174/0x210 [ 322.226643][ T9069] ? __pfx___x64_sys_openat+0x10/0x10 [ 322.226695][ T9069] do_syscall_64+0xcd/0x490 [ 322.226729][ T9069] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 322.226760][ T9069] RIP: 0033:0x7fd39a38e929 [ 322.226785][ T9069] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 322.226816][ T9069] RSP: 002b:00007fd39b220038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 322.226844][ T9069] RAX: ffffffffffffffda RBX: 00007fd39a5b5fa0 RCX: 00007fd39a38e929 [ 322.226865][ T9069] RDX: 0000000000040040 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 322.226884][ T9069] RBP: 00007fd39a410b39 R08: 0000000000000000 R09: 0000000000000000 [ 322.226904][ T9069] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 322.226922][ T9069] R13: 0000000000000000 R14: 00007fd39a5b5fa0 R15: 00007fff45be7f38 [ 322.226962][ T9069] [ 322.446325][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.452687][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 322.759084][ T9072] netlink: 342 bytes leftover after parsing attributes in process `syz.3.553'. [ 323.144686][ T5846] Bluetooth: hci1: command 0x0c1a tx timeout [ 324.024616][ T5846] Bluetooth: hci2: command 0x0c1a tx timeout [ 324.108486][ T5846] Bluetooth: hci4: command 0x0c1a tx timeout [ 324.115580][ T5840] Bluetooth: hci0: command 0x0c1a tx timeout [ 324.115858][ T5845] Bluetooth: hci3: command 0x0c1a tx timeout [ 327.505686][ T9150] [ 327.508159][ T9150] ====================================================== [ 327.515199][ T9150] WARNING: possible circular locking dependency detected [ 327.522269][ T9150] 6.16.0-rc1-syzkaller #0 Not tainted [ 327.527683][ T9150] ------------------------------------------------------ [ 327.534735][ T9150] syz.1.568/9150 is trying to acquire lock: [ 327.540654][ T9150] ffffffff8e52ea68 (pcpu_alloc_mutex){+.+.}-{4:4}, at: pcpu_alloc_noprof+0xb4c/0x1470 [ 327.550322][ T9150] [ 327.550322][ T9150] but task is already holding lock: [ 327.557705][ T9150] ffff8881427c27c8 (&q->q_usage_counter(io)#18){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 327.568999][ T9150] [ 327.568999][ T9150] which lock already depends on the new lock. [ 327.568999][ T9150] [ 327.579428][ T9150] [ 327.579428][ T9150] the existing dependency chain (in reverse order) is: [ 327.588544][ T9150] [ 327.588544][ T9150] -> #2 (&q->q_usage_counter(io)#18){++++}-{0:0}: [ 327.597195][ T9150] blk_alloc_queue+0x619/0x760 [ 327.602529][ T9150] blk_mq_alloc_queue+0x175/0x290 [ 327.608106][ T9150] __blk_mq_alloc_disk+0x29/0x120 [ 327.613707][ T9150] loop_add+0x49e/0xb70 [ 327.618412][ T9150] loop_init+0x164/0x270 [ 327.623204][ T9150] do_one_initcall+0x120/0x6e0 [ 327.628512][ T9150] kernel_init_freeable+0x5c2/0x900 [ 327.634277][ T9150] kernel_init+0x1c/0x2b0 [ 327.639155][ T9150] ret_from_fork+0x5d4/0x6f0 [ 327.644291][ T9150] ret_from_fork_asm+0x1a/0x30 [ 327.649595][ T9150] [ 327.649595][ T9150] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 327.656843][ T9150] fs_reclaim_acquire+0x102/0x150 [ 327.662420][ T9150] prepare_alloc_pages+0x162/0x610 [ 327.668075][ T9150] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 327.674520][ T9150] __alloc_pages_noprof+0xb/0x1b0 [ 327.680088][ T9150] pcpu_populate_chunk+0x110/0xb00 [ 327.685740][ T9150] pcpu_alloc_noprof+0x86a/0x1470 [ 327.691303][ T9150] __percpu_counter_init_many+0x42/0x3b0 [ 327.697476][ T9150] nfsd_net_init+0xa8/0x3d0 [ 327.702517][ T9150] ops_init+0x1df/0x5f0 [ 327.707232][ T9150] setup_net+0x1ff/0x510 [ 327.712027][ T9150] copy_net_ns+0x2a6/0x5f0 [ 327.716991][ T9150] create_new_namespaces+0x3ea/0xa90 [ 327.722822][ T9150] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 327.728993][ T9150] ksys_unshare+0x45b/0xa40 [ 327.734039][ T9150] __x64_sys_unshare+0x31/0x40 [ 327.739344][ T9150] do_syscall_64+0xcd/0x490 [ 327.744380][ T9150] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 327.750811][ T9150] [ 327.750811][ T9150] -> #0 (pcpu_alloc_mutex){+.+.}-{4:4}: [ 327.758578][ T9150] __lock_acquire+0x126f/0x1c90 [ 327.763981][ T9150] lock_acquire+0x179/0x350 [ 327.769029][ T9150] __mutex_lock+0x199/0xb90 [ 327.774068][ T9150] pcpu_alloc_noprof+0xb4c/0x1470 [ 327.779640][ T9150] blk_stat_alloc_callback+0xc8/0x280 [ 327.785557][ T9150] wbt_init+0xac/0x540 [ 327.790171][ T9150] queue_wb_lat_store+0x354/0x3d0 [ 327.795770][ T9150] queue_attr_store+0x279/0x320 [ 327.801180][ T9150] sysfs_kf_write+0xf2/0x150 [ 327.806326][ T9150] kernfs_fop_write_iter+0x351/0x510 [ 327.812156][ T9150] vfs_write+0x6c4/0x1150 [ 327.817043][ T9150] ksys_write+0x12a/0x250 [ 327.821930][ T9150] do_syscall_64+0xcd/0x490 [ 327.826968][ T9150] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 327.833406][ T9150] [ 327.833406][ T9150] other info that might help us debug this: [ 327.833406][ T9150] [ 327.843638][ T9150] Chain exists of: [ 327.843638][ T9150] pcpu_alloc_mutex --> fs_reclaim --> &q->q_usage_counter(io)#18 [ 327.843638][ T9150] [ 327.857322][ T9150] Possible unsafe locking scenario: [ 327.857322][ T9150] [ 327.864788][ T9150] CPU0 CPU1 [ 327.870160][ T9150] ---- ---- [ 327.875532][ T9150] lock(&q->q_usage_counter(io)#18); [ 327.880925][ T9150] lock(fs_reclaim); [ 327.887459][ T9150] lock(&q->q_usage_counter(io)#18); [ 327.895389][ T9150] lock(pcpu_alloc_mutex); [ 327.899909][ T9150] [ 327.899909][ T9150] *** DEADLOCK *** [ 327.899909][ T9150] [ 327.908053][ T9150] 6 locks held by syz.1.568/9150: [ 327.913079][ T9150] #0: ffff888030a650b8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2a2/0x370 [ 327.922174][ T9150] #1: ffff888031264428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 327.931195][ T9150] #2: ffff88805d6ed488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 [ 327.940972][ T9150] #3: ffff888142b36c38 (kn->active#160){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 [ 327.951110][ T9150] #4: ffff8881427c27c8 (&q->q_usage_counter(io)#18){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 327.962829][ T9150] #5: ffff8881427c2800 (&q->q_usage_counter(queue)#21){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 327.974811][ T9150] [ 327.974811][ T9150] stack backtrace: [ 327.980712][ T9150] CPU: 0 UID: 0 PID: 9150 Comm: syz.1.568 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 327.980742][ T9150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 327.980757][ T9150] Call Trace: [ 327.980765][ T9150] [ 327.980774][ T9150] dump_stack_lvl+0x116/0x1f0 [ 327.980816][ T9150] print_circular_bug+0x275/0x350 [ 327.980848][ T9150] check_noncircular+0x14c/0x170 [ 327.980882][ T9150] __lock_acquire+0x126f/0x1c90 [ 327.980918][ T9150] lock_acquire+0x179/0x350 [ 327.980948][ T9150] ? pcpu_alloc_noprof+0xb4c/0x1470 [ 327.980983][ T9150] ? __pfx___might_resched+0x10/0x10 [ 327.981006][ T9150] ? ksys_write+0x12a/0x250 [ 327.981040][ T9150] ? do_syscall_64+0xcd/0x490 [ 327.981061][ T9150] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 327.981087][ T9150] __mutex_lock+0x199/0xb90 [ 327.981108][ T9150] ? pcpu_alloc_noprof+0xb4c/0x1470 [ 327.981142][ T9150] ? pcpu_alloc_noprof+0xb4c/0x1470 [ 327.981176][ T9150] ? __pfx___mutex_lock+0x10/0x10 [ 327.981211][ T9150] ? pcpu_alloc_noprof+0xb4c/0x1470 [ 327.981243][ T9150] pcpu_alloc_noprof+0xb4c/0x1470 [ 327.981282][ T9150] ? __pfx_wbt_data_dir+0x10/0x10 [ 327.981317][ T9150] ? __pfx_wb_timer_fn+0x10/0x10 [ 327.981340][ T9150] blk_stat_alloc_callback+0xc8/0x280 [ 327.981365][ T9150] ? kasan_save_track+0x14/0x30 [ 327.981401][ T9150] wbt_init+0xac/0x540 [ 327.981427][ T9150] queue_wb_lat_store+0x354/0x3d0 [ 327.981467][ T9150] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 327.981507][ T9150] ? __mutex_trylock_common+0xe9/0x250 [ 327.981540][ T9150] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 327.981578][ T9150] queue_attr_store+0x279/0x320 [ 327.981617][ T9150] ? __pfx_queue_attr_store+0x10/0x10 [ 327.981653][ T9150] ? __lock_acquire+0x622/0x1c90 [ 327.981691][ T9150] ? find_held_lock+0x2b/0x80 [ 327.981713][ T9150] ? sysfs_file_kobj+0xe4/0x290 [ 327.981743][ T9150] ? __pfx_queue_attr_store+0x10/0x10 [ 327.981782][ T9150] sysfs_kf_write+0xf2/0x150 [ 327.981810][ T9150] kernfs_fop_write_iter+0x351/0x510 [ 327.981834][ T9150] ? __pfx_sysfs_kf_write+0x10/0x10 [ 327.981864][ T9150] vfs_write+0x6c4/0x1150 [ 327.981897][ T9150] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 327.981923][ T9150] ? __pfx___mutex_lock+0x10/0x10 [ 327.981945][ T9150] ? __pfx_vfs_write+0x10/0x10 [ 327.981988][ T9150] ksys_write+0x12a/0x250 [ 327.982021][ T9150] ? __pfx_ksys_write+0x10/0x10 [ 327.982064][ T9150] do_syscall_64+0xcd/0x490 [ 327.982087][ T9150] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 327.982110][ T9150] RIP: 0033:0x7f00c698e929 [ 327.982130][ T9150] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 327.982154][ T9150] RSP: 002b:00007f00c7868038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 327.982177][ T9150] RAX: ffffffffffffffda RBX: 00007f00c6bb6160 RCX: 00007f00c698e929 [ 327.982194][ T9150] RDX: 0000000000000009 RSI: 00002000000001c0 RDI: 0000000000000006 [ 327.982213][ T9150] RBP: 00007f00c6a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 327.982229][ T9150] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 327.982243][ T9150] R13: 0000000000000000 R14: 00007f00c6bb6160 R15: 00007ffe9ec938b8 [ 327.982266][ T9150]